Page 1 Dell Configuration Guide for the S4820T System 9.7(0.0)
Page 2 WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2015 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Dell and the Dell logo are trademarks of Dell Inc.
Page 3: Table Of Contents
Contents 1 About this Guide....................36 ..............................36 Audience ............................36 Conventions ..........................36 Related Documents 2 Configuration Fundamentals................37 ......................37 Accessing the Command Line ............................37 CLI Modes ........................39 Navigating CLI Modes ..........................42 The do Command ...........................43 Undoing Commands ............................
Page 4 ..........58 Enabling Software Features on Devices Using a Command Option ........................59 View Command History ......................60 Upgrading Dell Networking OS ......................60 Using HTTP for File Transfers ..................60 Using Hashes to Validate Software Images 4 Management....................... 62 ....................... 62 Configuring Privilege Levels ....................62...
Page 5 .....................81 Recovering from a Forgotten Password ................82 Recovering from a Forgotten Enable Password ......................83 Recovering from a Failed Start ....................83 Restoring the Factory Default Settings ....................83 Important Points to Remember ............... 84 Restoring Factory Default Environment Variables 5 802.1ag......................... 86 ............................
Page 6 8 Access Control Lists (ACLs)................120 ......................121 IP Access Control Lists (ACLs) ...........................121 CAM Usage ................122 Implementing ACLs on Dell Networking OS ........................124 IP Fragment Handling ....................... 124 IP Fragments ACL Examples ....................... 125 Layer 4 ACL Rules Examples ......................
Page 7 ......................142 Important Points to Remember ..................142 Configuration Task List for Route Maps ......................144 Configuring Match Routes ......................146 Configuring Set Conditions ..............147 Configure a Route Map for Route Redistribution ................147 Configure a Route Map for Route Tagging ..........................148 Continue Clause ........................
Page 8 ............................194 AS Path ............................194 Next Hop ..........................195 Multiprotocol BGP ..................195 Implement BGP with Dell Networking OS ................... 195 Additional Path (Add-Path) Support ..............195 Advertise IGP Cost as MED for Redistributed Routes ..............196 Ignore Router-ID for Some Best-Path Calculations .......................
Page 9 ....................232 Configuring BGP Confederations ....................232 Enabling Route Flap Dampening .........................235 Changing BGP Timers ................235 Enabling BGP Neighbor Soft-Reconfiguration ........................237 Route Map Continue ......................237 Enabling MBGP Configurations .....................238 BGP Regular Expression Optimization ..........................238 Debugging BGP ......................239 Storing Last and Bad PDUs ..........................
Page 10 ....................272 Important Points to Remember ....................273 Applying a DCB Map on a Port ..................273 Configuring PFC without a DCB Map ..................... 274 Configuring Lossless Queues .................. 275 Data Center Bridging: Default Configuration ..................276 Configuring PFC and ETS in a DCB Map ......................276 PFC Configuration Notes .....................
Page 11 14 Dynamic Host Configuration Protocol (DHCP)........315 ....................315 DHCP Packet Format and Options .....................317 Assign an IP Address using DHCP ......................318 Implementation Information ..................319 Configure the System to be a DHCP Server ............319 Configuring the Server for Automatic Address Allocation .....................
Page 12 16 FCoE Transit....................341 ......................341 Fibre Channel over Ethernet ..............341 Ensure Robustness in a Converged Ethernet Network ....................343 FIP Snooping on Ethernet Bridges ......................345 FIP Snooping in a Switch Stack ...........................345 Using FIP Snooping ......................345 FIP Snooping Prerequisites ....................
Page 13 Component Redundancy ........................377 RPM Redundancy ................379 Automatic and Manual Stack Unit Failover ..........380 Support for RPM Redundancy by Dell Networking OS Version .............380 Synchronization between Management and Standby Units ....................380 Configuring RPM Redundancy ......................382 Online Insertion and Removal ...................
Page 14 ....................394 Viewing IGMP Enabled Interfaces ....................... 394 Selecting an IGMP Version ........................395 Viewing IGMP Groups ..........................395 Adjusting Timers ..................395 Adjusting Query and Response Timers ....................396 Enabling IGMP Immediate-Leave ..........................396 IGMP Snooping ................396 IGMP Snooping Implementation Information .......................397 Configuring IGMP Snooping ..................
Page 15 ..........................416 Configuring EIS ........................416 Management Interfaces ..................416 Configuring Management Interfaces ............... 418 Configuring Management Interfaces on the S-Series ..........................419 VLAN Interfaces ......................... 420 Loopback Interfaces ...........................420 Null Interfaces ........................420 Port Channel Interfaces ..................421 Port Channel Definition and Standards .........................
Page 16 ..................444 Configure the MTU Size on an Interface ............................445 Port-Pipes ..................445 Auto-Negotiation on Ethernet Interfaces ............ 446 Setting the Speed and Duplex Mode of Ethernet Interfaces ....................447 Set Auto-Negotiation Options ..................... 448 View Advanced Interface Information ................... 449 Configuring the Interface Sampling Size ..........................450 Dynamic Counters...
Page 17 ..........................477 IPv6 Headers ........................478 IPv6 Header Fields ......................479 Extension Header Fields ...........................480 Addressing ..................482 Implementing IPv6 with Dell Networking OS ..............................484 ICMPv6 ......................... 484 Path MTU Discovery ........................485 IPv6 Neighbor Discovery .................486 IPv6 Neighbor Discovery of MTU Packets ..................486 Configuration Task List for IPv6 RDNSS ................
Page 18 ................500 Information Monitored in iSCSI Traffic Flows ..........501 Detection and Auto-Configuration for Dell EqualLogic Arrays ..........502 Configuring Detection and Ports for Dell Compellent Arrays ........502 Synchronizing iSCSI Sessions Learned on VLT-Lags with VLT-Peer ..................502 Enable and Disable iSCSI Optimization ....................
Page 19 ........................531 Sample Configurations 28 Link Aggregation Control Protocol (LACP)..........534 ..................534 Introduction to Dynamic LAGs and LACP ....................534 Important Points to Remember ..........................535 LACP Modes ....................535 Configuring LACP Commands ........................ 536 LACP Configuration Tasks ..........................536 Creating a LAG ................537 Configuring the LAG Interfaces as Dynamic ....................
Page 20 30 Link Layer Discovery Protocol (LLDP)............564 .........................564 802.1AB (LLDP) Overview ........................564 Protocol Data Units ............................565 Optional TLVs ........................565 Management TLVs ...................... 567 TIA-1057 (LLDP-MED) Overview .....................568 TIA Organizationally Specific TLVs ..........................572 Configure LLDP .......................572 Related Configuration Tasks ....................573 Important Points to Remember ........................573 LLDP Compatibility...
Page 21 Adding and Removing Interfaces ..................617 Creating Multiple Spanning Tree Instances .....................619 Influencing MSTP Root Selection ..............619 Interoperate with Non-Dell Networking OS Bridges ..................620 Changing the Region Name or Revision ......................620 Modifying Global Parameters ....................622 Modifying the Interface Parameters ........................622...
Page 22 ................655 Designated and Backup Designated Routers ....................655 Link-State Advertisements (LSAs) ......................657 Router Priority and Cost ......................657 OSPF with Dell Networking OS .......................... 658 Graceful Restart ..................659 Fast Convergence (OSPFv2, IPv4 Only) ....................659 Multi-Process OSPFv2 (IPv4 only) ..................660...
Page 23 OSPFv3 Authentication Using IPsec ......................692 Troubleshooting OSPFv3 37 Policy-based Routing (PBR)................. 694 ............................694 Overview .............696 Implementing Policy-based Routing with Dell Networking OS ................696 Configuration Task List for Policy-based Routing ......................699 PBR Exceptions (Permit) ........................702 Sample Configuration Create the Redirect-List GOLDAssign Redirect-List GOLD to Interface 2/11View ........................703...
Page 24 Configuring the Encapsulated Remote Port Mirroring ............730 Changes to Default BehaviorConfiguration steps for ERPM ................732 ERPM Behavior on a typical Dell Networking OS ..........732 Decapsulation of ERPM packets at the Destination IP/ Analyzer 41 Private VLANs (PVLAN).................. 734 ........................734 Private VLAN Concepts ....................735...
Page 25 ......................752 PVST+ Sample Configurations 43 Quality of Service (QoS)................754 ......................756 Implementation Information .......................756 Port-Based QoS Configurations ................757 Setting dot1p Priorities for Incoming Traffic ................757 Honoring dot1p Priorities on Ingress Traffic ..................758 Configuring Port-Based Rate Policing ..................
Page 26 ......................800 Implementation Information ..........................800 Fault Recovery .......................801 Setting the rmon Alarm ......................802 Configuring an RMON Event ................... 803 Configuring RMON Collection Statistics ................803 Configuring the RMON Collection History 46 Rapid Spanning Tree Protocol (RSTP)............805 ..........................805 Protocol Overview ....................805 Configuring Rapid Spanning Tree ......................
Page 27 ..................... 860 Enable VLAN-Stacking for a VLAN ..........860 Configuring the Protocol Type Value for the Outer VLAN Tag ............860 Configuring Dell Networking OS Options for Trunk Ports ......................861 Debugging VLAN Stacking .................862 VLAN Stacking in Multi-Vendor Networks ..................
Page 28 ......................873 Setting Rate-Limit BPDUs ..................874 Debugging Layer 2 Protocol Tunneling ......................874 Provider Backbone Bridging 50 sFlow.........................875 ............................875 Overview ......................875 Implementation Information ....................876 Important Points to Remember ........................876 Enabling Extended sFlow .................877 Enabling and Disabling sFlow on an Interface ..................877 Enabling sFlow Max-Header Size Extended ........................878...
Page 29 ............898 Copying the Startup-Config Files to the Server via TFTP ...............898 Copy a Binary File to the Startup-Configuration ................ 899 Additional MIB Objects to View Copy Statistics .....................899 Obtaining a Value for MIB Objects ............900 MIB Support to Display the Available Memory Size on Flash ..................900 Viewing the Available Flash Memory Size ........
Page 30 ..................929 Resetting a Unit on an S-Series Stack ......................929 Verify a Stack Configuration ..................930 Displaying the Status of Stacking Ports ................931 Remove Units or Front End Ports from a Stack ..................931 Removing a Unit from an S-Series Stack ....................
Page 31 ..............956 Configuring a Source IP Address for NTP Packets ....................956 Configuring NTP Authentication ....................960 Dell Networking OS Time and Date ......................960 Configuration Task List ............960 Setting the Time and Date for the Switch Software Clock ......................... 960 Setting the Timezone ......................961...
Page 32 ........................985 Configuring Native VLANs ..................986 Enabling Null VLAN as the Default VLAN 60 Virtual Link Trunking (VLT)................987 ............................987 Overview ........................ 988 VLT on Core Switches ..........................988 Enhanced VLT ..........................989 VLT Terminology ....................... 990 Configure Virtual Link Trunking ....................
Page 33 ..........1028 Interoperation of VLT Nodes in a PVLAN with ARP Requests ..1028 Scenarios for VLAN Membership and MAC Synchronization With VLT Nodes in PVLAN ................. 1030 Configuring a VLT VLAN or LAG in a PVLAN ..................1030 Creating a VLT LAG or a VLT VLAN ..............
Page 34 ..........................1068 VRRP Benefits ........................1068 VRRP Implementation ........................1069 VRRP Configuration ......................1069 Configuration Task List ....................1079 Setting VRRP Initialization Delay ....................1080 VRRP for IPv6 Configuration ........................1084 Sample Configurations ....................1084 VRRP for an IPv4 Configuration ....................1089 VRRP in a VRF Configuration 64 S-Series Debugging and Diagnostics............1095 .........................
Page 35 ......................1118 General IPv6 Protocols ....................1118 Border Gateway Protocol (BGP) ....................1119 Open Shortest Path First (OSPF) ............... 1120 Intermediate System to Intermediate System (IS-IS) ..................1120 Routing Information Protocol (RIP) ............................. 1121 Multicast ....................... 1121 Network Management ............................1128 MIB Location...
Page 36: About This Guide
The S4820T platform is available with Dell Networking OS version 8.3.19.0 and beyond.The S4820T platform is available with Dell Networking OS version 8.3.19.0 and beyond. S4820T stacking is supported with Dell Networking OS version 8.3.19.0 and beyond.
Page 37: Configuration Fundamentals
In Dell Networking OS, after you enable a command, it is entered into the running configuration file. You can view the current configuration for the whole system or for a particular CLI mode. To save the current configuration, copy the running configuration to another location.
Page 38 The Dell Networking OS CLI is divided into three major mode levels: • EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information.
Page 39: Navigating Cli Modes
Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode. Move linearly through the command modes, except for the end command which takes you directly to EXEC Privilege mode and the exit command which moves you up one command mode level.
Page 40 From every mode except EXEC and EXEC Privilege, enter the exit command. NOTE: Access all of the following modes from CONFIGURATION mode. AS-PATH ACL Dell(config-as-path)# ip as-path access-list Gigabit Ethernet Interface interface (INTERFACE modes) Dell(conf-if-gi-1/1)# 10 Gigabit Ethernet Interface interface (INTERFACE modes)
Page 41 Per-VLAN SPANNING TREE Plus Dell(config-pvst)# protocol spanning-tree pvst PREFIX-LIST Dell(conf-nprefixl)# ip prefix-list RAPID SPANNING TREE Dell(config-rstp)# protocol spanning-tree rstp REDIRECT Dell(conf-redirect-list)# ip redirect-list ROUTE-MAP Dell(config-route-map)# route-map ROUTER BGP Dell(conf-router_bgp)# router bgp BGP ADDRESS-FAMILY Dell(conf-router_bgp_af)# address-family {ipv4 (for IPv4) multicast | ipv6 unicast}...
Page 42: The Do Command
CLI Command Mode Prompt Access Command LLDP MANAGEMENT INTERFACE Dell(conf-lldp-mgmtIf)# management-interface (LLDP Mode) LINE line console orline vty Dell(config-line-console) or Dell(config-line-vty) MONITOR SESSION Dell(conf-mon-sess- monitor session sessionID)# OPENFLOW INSTANCE Dell(conf-of-instance-of- openflow of-instance id)# PORT-CHANNEL FAILOVER- Dell(conf-po-failover- port-channel failover- GROUP grp)#...
Page 43: Undoing Commands
For example, to delete an IP address configured on an interface, use the no ip address ip-address command. NOTE: Use the help or ? command as described in Obtaining Help. Example of Viewing Disabled Commands Dell(conf)#interface tengigabitethernet 4/17 Dell(conf-if-te-4/17)#ip address 192.168.10.1/24 Dell(conf-if-te-4/17)#show config interface TenGigabitEthernet 4/17 ip address 192.168.10.1/24 no shutdown...
Page 44: Obtaining Help
Enter ? after a partial keyword lists all of the keywords that begin with the specified letters. Dell(conf)#cl? class-map clock Dell(conf)#cl • Enter [space]? after a keyword lists all of the keywords that can follow the specified keyword. Dell(conf)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone Dell(conf)#clock Entering and Editing Commands Notes for entering commands.
Page 45: Command History
Deletes all characters from the cursor to the end of the word. Command History Dell Networking OS maintains a history of previously-entered commands for each mode. For example: • When you are in EXEC mode, the UP and DOWN arrow keys display the previously-entered EXEC mode commands.
Page 46 Dell(conf)#do show system brief | grep 0 not present NOTE: Dell Networking OS accepts a space or no space before and after the pipe. To filter a phrase with spaces, underscores, or ranges, enclose the phrase with double quotation marks.
Page 47: Multiple Users In Configuration Mode
Multiple Users in Configuration Mode Dell Networking OS notifies all users when there are multiple users logged in to CONFIGURATION mode. A warning message indicates the username, type of connection (console or VTY), and in the case of a VTY connection, the IP address of the terminal on which the connection was established.
Page 48: Getting Started
When you power up the chassis, the system performs a power-on self test (POST) during which the line card status light emitting diodes (LEDs) blink green. The system then loads the Dell Networking Operating System (OS). Boot messages scroll up the terminal window during this process. No user interaction is required if the boot process proceeds without interruption.
Page 49: Accessing The Cli Interface And Running Scripts Using Ssh
SSH for secure, protected communication with the device. You can open an SSH session and run commands or script files. This method of connectivity is supported with S4810, S4048–ON, S3048–ON, S4820T, and Z9000 switches and provides a reliable, safe communication mechanism. Getting Started...
Page 50: Entering Cli Commands Using An Ssh Connection
Entering CLI commands Using an SSH Connection You can run CLI commands by entering any one of the following syntax to connect to a switch using the preconfigured user credentials using SSH: ssh username@hostname echo | ssh admin@hostname The SSH server transmits the terminal commands to the CLI shell and the results are displayed on the screen non-interactively.
Page 51: Default Configuration
A version of Dell Networking OS is pre-loaded onto the chassis; however, the system is not configured when you power up for the first time (except for the default hostname, which is Dell). You must configure the system using the CLI.
Page 52: Configure A Management Route
0 is for inputting the password in clear text. 7 is for inputting a password that is already encrypted using a Type 7 hash. Obtaining the encrypted password from the configuration of another Dell Networking system. Configuring the Enable Password Access EXEC Privilege mode using the enable command.
Page 53: Configuration File Management
To copy a local file to a remote system, combine the file-origin syntax for a local file location with the file-destination syntax for a remote file location. • To copy a remote file to Dell Networking system, combine the file-origin syntax for a remote file location with the file-destination syntax for a local file location. Table 3. Forming a...
Page 54: Mounting An Nfs File System
27952672 bytes successfully copied Example of Importing a File to the Local System core1#$//copy ftp://myusername:[email protected]//Dell/ Dell-EF-8.2.1.0.bin flash:// Destination file name [Dell-EF-8.2.1.0.bin.bin]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 26292881 bytes successfully copied Mounting an NFS File System This feature enables you to quickly access data on an NFS mounted file system. You can perform file operations on an NFS mounted file system using supported file commands.
Page 55 • When copying to a server, you can only use a hostname if a domain name server (DNS) server is configured. Example of Copying a File to current File System Dell#copy tftp://10.16.127.35/mashutosh/dv-maa-s4810-test nfsmount:// Destination file name [dv-maa-s4810-test]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!.! 44250499 bytes successfully copied Dell# Dell#copy ftp://10.16.127.35 nfsmount:...
Page 56: Save The Running-Configuration
Configure the Overload Bit for a Startup Scenario For information about setting the router overload bit for a specific period of time after a switch reload is implemented, refer to the Intermediate System to Intermediate System (IS-IS) section in the Dell Networking OS Command Line Reference Guide.
Page 57 “Startup-config last updated,” you have made changes that have not been saved and are preserved after a system reboot. Example of the show running-config Command Dell#show running-config Current Configuration ... ! Version 9.4(0.0) ! Last configuration change at Tue Mar 11 21:33:56 2014 by admin...
Page 58: Managing The File System
Dell# Managing the File System The Dell Networking system can use the internal Flash, external Flash, or remote devices to store files. The system stores files on the internal Flash by default but can be configured to store files elsewhere.
Page 59: View Command History
NOTE: The MXL and Z9000 platforms currently do not support VRF. These platforms support only the management and default VRFs, which are available by default. As a result, the feature vrf command is not available for these platforms. To display the state of Dell Networking OS features: Dell#show feature Example of show feature output...
Page 60: Upgrading Dell Networking Os
The published hash for that file is displayed next to the software image file on the iSupport page. Go on to the Dell Networking system and copy the software image to the flash drive, using the copy command. Run the verify {md5 | sha256} [ flash://]img-file [hash-value] command. For example, verify sha256 flash://FTOS-SE-9.5.0.0.bin...
Page 61 • hash-value: (Optional). Specify the relevant hash published on i-Support. • img-file: Enter the name of the Dell Networking software image file to validate Examples: Without Entering the Hash Value for Verification Dell# verify md5 flash://FTOS-SE-9.5.0.0.bin MD5 hash for FTOS-SE-9.5.0.0.bin: 275ceb73a4f3118e1d6bcf7d75753459 SHA256 Dell# verify sha256 flash://FTOS-SE-9.5.0.0.bin...
Page 62: Management
Management This chapter describes the different protocols or services used to manage the Dell Networking system. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 privilege levels, of which three are pre-defined. The default privilege level is 1.
Page 63: Moving A Command From Exec Privilege Mode To Exec Mode
Moving a Command from EXEC Privilege Mode to EXEC Mode To move a command from EXEC Privilege to EXEC mode for a privilege level, use the privilege exec command from CONFIGURATION mode. In the command, specify the privilege level of the user or terminal line and specify all keywords in the command to which you want to allow access.
Page 64 CONFIGURATION mode privilege {configure |interface | line | route-map | router} level level {command ||...|| command} Example of EXEC Privilege Commands Dell(conf)#do show run priv privilege exec level 3 capture privilege exec level 3 configure privilege exec level 4 resequence...
Page 65: Applying A Privilege Level To A Username
NOTE: When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configuring Logging The Dell Networking OS tracks changes in the system using event and error messages. By default, Dell Networking OS logs these messages on: •...
Page 66: Audit And Security Logs
no logging on • Disable logging to the logging buffer. CONFIGURATION mode no logging buffer • Disable logging to terminal lines. CONFIGURATION mode no logging monitor • Disable console logging. CONFIGURATION mode no logging console Audit and Security Logs This section describes how to configure, display, and clear audit and security logs. The following is the configuration task list for audit and security logs: •...
Page 67 For information about the logging extended command, see Enabling Audit and Security Logs Dell#show logging auditlog May 12 12:20:25: Dell#: %CLI-6-logging extended by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.98)
Page 68: Configuring Logging Format
• 1 – Displays syslog message format as described in RFC 5424, The SYSLOG Protocol Example of Configuring the Logging Message Format Dell(conf)#logging version ? <0-1> Select syslog version (default = 0) Dell(conf)#logging version 1 Display the Logging Buffer and the Logging Configuration To display the current contents of the logging buffer and the logging settings for the system, use the show logging command in EXEC privilege mode.
Page 69: Setting Up A Secure Connection To A Syslog Server
To configure a secure connection from the switch to the syslog server: On the switch, enable the SSH server Dell(conf)#ip ssh server enable On the syslog server, create a reverse SSH tunnel from the syslog server to FTOS switch, using following syntax: ssh -R ::...
Page 70: Log Messages In The Internal Buffer
Configure logging to a local host. locahost is “127.0.0.1” or “::1”. If you do not, the system displays an error when you attempt to enable role-based only AAA authorization. Dell(conf)# logging localhost tcp port Dell(conf)#logging 127.0.0.1 tcp 5140 Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer.
Page 71: Sending System Messages To A Syslog Server
Sending System Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over UDP. •...
Page 72: Display The Logging Buffer And The Logging Configuration
Specify the size of the logging buffer. CONFIGURATION mode logging buffered size NOTE: When you decrease the buffer size, Dell Networking OS deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. •...
Page 73: Configuring A Unix Logging Facility Level
%CHMGR-5-CHECKIN: Checkin from line card 5 (type EX1YB, 1 ports) %TSM-6-PORT_CONFIG: Port link status for LC 5 => portpipe 0: OK portpipe 1: N/A %CHMGR-5-LINECARDUP: Line card 5 is up %CHMGR-5-CHECKIN: Checkin from line card 12 (type S12YC12, 12 ports) %TSM-6-PORT_CONFIG: Port link status for LC 12 =>...
Page 74: Synchronizing Log Messages
Dell# Synchronizing Log Messages You can configure Dell Networking OS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.
Page 75: File Transfer Services
File Transfer Services With Dell Networking OS, you can configure the system to transfer files over the network using the file transfer protocol (FTP). One FTP application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local area network (VLAN) interfaces.
Page 76: Configuring Ftp Server Parameters
Example of Viewing FTP Configuration Dell#show running ftp ftp-server enable ftp-server username nairobi password 0 zanzibar Dell# Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To specify the system logging settings, use the following commands.
Page 77: Terminal Lines
0 access-class myvtyacl Dell Networking OS Behavior: Prior to Dell Networking OS version 7.4.2.0, in order to deny access on a VTY line, apply an ACL and accounting, authentication, and authorization (AAA) to the line. Then users are denied access only after they enter a username and password.
Page 78: Configuring Login Authentication For Terminal Lines
A combination of authentication methods is called a method list. If the user fails the first authentication method, Dell Networking OS prompts the next method until all methods are exhausted, at which point the connection is terminated. The available authentication methods are: Prompt for the enable password.
Page 79: Setting Time Out Of Exec Privilege Mode
Telnet to a device with an IPv4 or IPv6 address. EXEC Privilege telnet [ip-address] If you do not enter an IP address, Dell Networking OS enters a Telnet dialog that prompts you for one. Enter an IPv4 address in dotted decimal format (A.B.C.D). Management...
Page 80: Lock Configuration Mode
Dell# Lock CONFIGURATION Mode Dell Networking OS allows multiple users to make configurations at the same time. You can lock CONFIGURATION mode so that only one user can be in CONFIGURATION mode at any time (Message You can set two types of lockst: auto and manual.
Page 81: Recovering From A Forgotten Password
If another user attempts to enter CONFIGURATION mode while a lock is in place, the following appears on their terminal (message 1): % Error: User "" on line console0 is in exclusive configuration mode. If any user is already in CONFIGURATION mode when while a lock is in place, the following appears on their terminal (message 2): % Error: Can't lock configuration mode exclusively since the following users are currently configuring the system: User "admin"...
Page 82: Recovering From A Forgotten Enable Password
LINE mode no authentication login no password Save the running-config. EXEC Privilege mode copy running-config startup-config 10. Set the system parameters to use the startup configuration file when the system reloads. uBoot mode setenv stconfigignore false 11. Save the running-config. EXEC Privilege mode copy running-config startup-config Recovering from a Forgotten Enable Password...
Page 83: Recovering From A Failed Start
Recovering from a Failed Start A system that does not start correctly might be attempting to boot from a corrupted Dell Networking OS image or from a mis-specified location. In this case, you can restart the system and interrupt the boot process to point the system to another boot location.
Page 84: Restoring Factory Default Environment Variables
After the restore is complete, the units power cycle immediately. The following example illustrates the restore factory-defaults command to restore the factory default settings. Dell#restore factory-defaults stack-unit 0 nvram *********************************************************************** Warning - Restoring factory defaults will delete the existing persistent settings (stacking, fanout, etc.) After restoration the unit(s) will be powercycled immediately.
Page 85 Hit any key to abort the boot process. You enter uBoot immediately, the => prompt indicates success. (during bootup) press any key Assign the new location to the Dell Networking OS image it uses when the system reloads. uBoot mode => setenv primary_boot f10boot Boot variable (f10boot) can take the following values: •...
Page 86: 802.1Ag
802.1ag Ethernet operations, administration, and maintenance (OAM) are a set of tools used to install, monitor, troubleshoot, and manage Ethernet infrastructure deployments. Ethernet OAM consists of three main areas: • Service layer OAM — IEEE 802.1ag connectivity fault management (CFM) •...
Page 87: Maintenance Domains
In addition to providing end-to-end OAM in native Layer 2 Ethernet Service Provider/Metro networks, you can also use CFM to manage and troubleshoot any Layer 2 network including enterprise, datacenter, and cluster networks. Maintenance Domains Connectivity fault management (CFM) divides a network into hierarchical maintenance domains, as shown in the following illustration.
Page 88: Maintenance End Points
There are two types of MEPs defined in 802.1ag for an 802.1 bridge: • Up-MEP — monitors the forwarding path internal to a bridge on the customer or provider edge. On Dell Networking systems, the internal forwarding path is effectively the switch fabric and forwarding engine. •...
Page 89: Implementation Information
Implementation Information Because the S-Series has a single MAC address for all physical/LAG interfaces, only one MEP is allowed per MA (per VLAN or per MD level). Configuring the CFM To configure the CFM, follow these steps: Configure the ecfmacl CAM region using the cam-acl command. Enable Ethernet CFM.
Page 90: Creating A Maintenance Association
The range is from 0 to 7. Display maintenance domain information. EXEC Privilege mode show ethernet cfm domain [name | brief] Example of Viewing Configured Maintenance Domains Dell# show ethernet cfm domain Domain Name: customer Level: 7 Total Service: 1 Services...
Page 91: Creating A Maintenance Intermediate Point
• Up-MEP — monitors the forwarding path internal to a bridge on the customer or provider edge. On Dell Networking systems, the internal forwarding path is effectively the switch fabric and forwarding engine. • Down-MEP — monitors the forwarding path external another bridge.
Page 92: Displaying The Mp Databases
| expired | waiting] • Display the MIP Database. EXEC Privilege mode show ethernet cfm mipdb Example of Displaying the MEP Database Dell#show ethernet cfm maintenance-points remote detail MAC Address: 00:01:e8:58:68:78 Domain Name: cfm0 MA Name: test0 Level: 7 VLAN: 10...
Page 93: Continuity Check Messages
Continuity Check Messages Continuity check messages (CCM) are periodic hellos. Continuity check messages: • discover MEPs and MIPs within a maintenance domain • detect loss of connectivity between MEPs • detect misconfiguration, such as VLAN ID mismatch between MEPs • to detect unauthorized MEPs in a maintenance domain CCMs are multicast Ethernet frames sent at regular intervals from each MEP.
Page 94: Enabling Ccm
Enabling CCM To enable CCM, use the following commands. Enable CCM. ECFM DOMAIN mode no ccm disable The default is Disabled. Configure the transmit interval (mandatory). The interval specified applies to all MEPs in the domain. ECFM DOMAIN mode ccm transmit-interval seconds The default is 10 seconds.
Page 95: Sending Linktrace Messages And Responses
Sending Linktrace Messages and Responses Linktrace message and response (LTM, LTR), also called Layer 2 Traceroute, is an administratively sent multicast frames transmitted by MEPs to track, hop-by-hop, the path to another MEP or MIP within the maintenance domain. All MEPs and MIPs in the same domain respond to an LTM with a unicast LTR. Intermediate MIPs forward the LTM toward the target MEP.
Page 96: Enabling Cfm Snmp Traps
Delete all Link Trace Cache entries. EXEC Privilege mode clear ethernet cfm traceroute-cache Example of Viewing the Link Trace Cache Dell#show ethernet cfm traceroute-cache Traceroute to 00:01:e8:52:4a:f8 on Domain Customer2, Level 7, MA name Test2 with VLAN 2 ------------------------------------------------------------------------------ Hops Host...
Page 97 To enable CFM SNMP traps, use the following command. • Enable SNMP trap messages for Ethernet CFM. CONFIGURATION mode snmp-server enable traps ecfm Example of Viewing CFM SNMP Trap Information Dell#show ethernet cfm maintenance-points local mep -------------------------------------------------------------------- MPID Domain Name Level Type...
Page 98: Displaying Ethernet Cfm Statistics
Received: 0 Rcvd Out Of Order: 0 Received Bad MSDU: 0 Transmitted: Example of viewing CFM statistics by port. Dell#show ethernet cfm port-statistics interface TenGigabitEthernet 1/5 Port statistics for port: Te 1/5 ================================== RX Statistics ============= Total CFM Pkts 75394 CCM Pkts 75394...
Page 99 (typically RADIUS) using a mandatory intermediary network access device, in this case, a Dell Networking switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure. The network access device uses EAP-over-Ethernet (EAPOL) to communicate with the end-user device and EAP-over- RADIUS to communicate with the server.
Page 100: 802.1X
It translates and forwards requests and responses between the authentication server and the supplicant. The authenticator also changes the status of the port based on the results of the authentication process. The Dell Networking switch is the authenticator. •...
Page 101 The supplicant responds with its identity in an EAP Response Identity frame. The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame and forwards the frame to the authentication server. The authentication server replies with an Access-Challenge frame. The Access-Challenge frame requests that the supplicant prove that it is who it claims to be, using a specified method (an EAP- Method).
Page 102: Eap Over Radius
The Type value for EAP messages is 79. Figure 9. EAP Over RADIUS RADIUS Attributes for 802.1 Support Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages: Attribute 31 Calling-station-id: relays the supplicant MAC address to the authentication server.
Page 103: Important Points To Remember
Important Points to Remember • Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. • If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured.
Page 104 Verify that 802.1X is enabled globally and at the interface level using the show running-config | find dot1x command from EXEC Privilege mode. In the following example, the bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication [output omitted]...
Page 105: Configuring Request Identity Re-Transmissions
Configuring Request Identity Re-Transmissions If the authenticator sends a Request Identity frame, but the supplicant does not respond, the authenticator waits 30 seconds and then re-transmits the frame. The amount of time that the authenticator waits before re-transmitting and the maximum number of times that the authenticator re-transmits are configurable.
Page 106: Forcibly Authorizing Or Unauthorizing A Port
Example of Configuring and Verifying Port Authentication The following example shows configuration information for a port for which the authenticator re- transmits an EAP Request Identity frame: • after 90 seconds and a maximum of 10 times for an unresponsive supplicant •...
Page 107: Re-Authenticating A Port
Example of Placing a Port in Force-Authorized State and Viewing the Configuration The example shows configuration information for a port that has been force-authorized. The bold line shows the new port-control state. Dell(conf-if-Te-1/1)#dot1x port-control force-authorized Dell(conf-if-Te-1/1)#show dot1x interface TenGigabitEthernet 1/1 802.1x information on Te 1/1: ----------------------------- Dot1x Status:...
Page 108: Configuring Timeouts
The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period. Dell(conf-if-Te-1/1)#dot1x reauthentication interval 7200 Dell(conf-if-Te-1/1)#dot1x reauth-max 10 Dell(conf-if-Te-1/1)#do show dot1x interface TenGigabitEthernet 1/1 802.1x information on Te 1/1: ----------------------------- Dot1x Status: Enable Port Control:...
Page 109: Configuring Dynamic Vlan Assignment With Port Authentication
The RADIUS server authenticates the request and returns a RADIUS ACCEPT message with the VLAN assignment using Tunnel-Private-Group-ID The illustration shows the configuration on the Dell Networking system before connecting the end user device in black and blue text, and after connecting the device in red text. The blue text corresponds to the preceding numbered steps on dynamic VLAN assignment with 802.1X.
Page 110: Guest And Authentication-Fail Vlans
Authentication). Guest and Authentication-Fail VLANs Typically, the authenticator (the Dell system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is configured or the VLAN that the authentication server indicates in the authentication data.
Page 111: Configuring A Guest Vlan
INTERFACE mode. View your configuration using the show config command from INTERFACE mode or using the show dot1x interface command from EXEC Privilege mode. Example of Viewing Guest VLAN Configuration Dell(conf-if-Te-2/1)#dot1x guest-vlan 200 Dell(conf-if-Te 2/1))#show config interface TenGigabitEthernet 2/1 switchport...
Page 112 TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-2/1)# Dell(conf-if-Te-2/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-2/1)#show config interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no shutdown Dell(conf-if-Te-2/1)# Example of Viewing Configured Authentication...
Page 113: Access Control List (Acl) Vlan Groups And Content Addressable Memory (Cam)
VLANs and when Layer 2 or Layer 3 ACLs are applied on a set of ports. In releases of Dell Networking OS that do not support the CAM optimization functionality, when an ACL is applied on a VLAN, the ACL rules are configured with the rule-specific parameters and the VLAN as additional attributes in the ACL region.
Page 114: Guidelines For Configuring Acl Vlan Groups
• The description of the ACL group is added or removed. Guidelines for Configuring ACL VLAN groups ACL VLAN groups are supported on the S4820T platform. Keep the following points in mind when you configure ACL VLAN groups: • The interfaces, to which the ACL VLAN group is applied, function as restricted interfaces. The ACL VLAN group name is used to identify the group of VLANs that is used to perform hierarchical filtering.
Page 115: Configuring Acl Vlan Groups And Configuring Fp Blocks For Vlan Parameters
• • Port ACL optimization is applicable only for ACLs that are applied without the VLAN range. • You cannot view the statistical details of ACL rules per VLAN and per interface if you enable the ACL VLAN group capability. You can view the counters per ACL only using the show ip accounting access list command.
Page 116: Configuring Fp Blocks For Vlan Parameters
Display all the ACL VLAN groups or display a specific ACL VLAN group, identified by name. CONFIGURATION (conf-acl-vl-grp) mode show acl-vlan-group {group name | detail} Dell#show acl-vlan-group detail Group Name : TestGroupSeventeenTwenty Egress IP Acl : SpecialAccessOnlyExpertsAllowed Vlan Members :...
Page 117: Viewing Cam Usage
| OUT-L2 ACL Viewing CAM Usage This functionality is supported on the S4820T platform. View the amount of CAM space available, used, and remaining in each partition (including IPv4Flow and Layer 2 ACL sub- partitions) using the show cam-usage command in EXEC Privilege mode Display Layer 2, Layer 3, ACL, or all CAM usage statistics.
Page 118: Allocating Fp Blocks For Vlan Processes
16384 Allocating FP Blocks for VLAN Processes This functionality is supported on the S4820T platform. The VLAN ContentAware Processor (VCAP) application is a preingress CAP that modifies the VLAN settings before packets are forwarded. To support the ACL CAM optimization functionality, the CAM carving feature is enhanced.
Page 119 • To allocate the number of FP blocks for ACL VLAN optimization feature, use the cam-acl-vlan vlanaclopt <0-2> command. To reset the number of FP blocks to the default, use the no version of these commands. By default, zero groups are allocated for the ACL in VCAP. ACL VLAN groups or CAM optimization is not enabled by default, and you need to allocate the slices for CAM optimization.
Page 120: Access Control Lists (Acls)
Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC ACLS, refer to Layer An ACL is essentially a filter containing some criteria to match (examine IP, transmission control protocol...
Page 121: Ip Access Control Lists (Acls)
When creating an access list, the sequence of the filters is important. You have a choice of assigning sequence numbers to the filters as you enter them, or the Dell Networking Operating System (OS) assigns numbers in the order the filters are created. The sequence numbers are listed in the display output of the show config and show ip accounting access-list commands.
Page 122: Implementing Acls On Dell Networking Os
Implementing ACLs on Dell Networking OS You can assign one IP ACL per interface with Dell Networking OS. If you do not assign an IP ACL to an interface, it is not used by the software in any other capacity.
Page 123 ACL Optimization If an access list contains duplicate entries, Dell Networking OS deletes one entry to conserve CAM space. Standard and extended ACLs take up the same amount of CAM space. A single ACL rule uses two CAM entries whether it is identified as a standard or extended ACL.
Page 124: Ip Fragment Handling
Implementing the required rules uses a significant number of CAM entries per TCP/UDP entry. • For IP ACL, Dell Networking OS always applies implicit deny. You do not have to configure it. • For IP ACL, Dell Networking OS applies implicit permit for second and subsequent fragment just prior to the implicit deny.
Page 125: Layer 4 Acl Rules Examples
In this first example, TCP packets from host 10.1.1.1 with TCP destination port equal to 24 are permitted. All others are denied. Dell(conf)#ip access-list extended ABC Dell(conf-ext-nacl)#permit tcp host 10.1.1.1 any eq 24 Dell(conf-ext-nacl)#deny ip any any fragment Dell(conf-ext-nacl) Example of Permitting Only First Fragments and Non-Fragmented Packets from a Specified Host In the following example, the TCP packets that are first fragments or non-fragmented from host 10.1.1.1...
Page 126: Configure A Standard Ip Acl
To configure an ACL, use commands in IP ACCESS LIST mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL.
Page 127: Configuring A Standard Ip Acl Filter
If you are creating a standard ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The software assigns filters in multiples of 5.
Page 128: Configure An Extended Ip Acl
To delete a filter, enter the show config command in IP ACCESS LIST mode and locate the sequence number of the filter you want to delete. Then use the no seq sequence-number command in IP ACCESS LIST mode. Configure an Extended IP ACL Extended IP ACLs filter on source and destination IP addresses, IP host addresses, TCP addresses, TCP host addresses, UDP addresses, and UDP host addresses.
Page 129: Configuring Filters Without A Sequence Number
Configuring Filters Without a Sequence Number If you are creating an extended ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. Dell Networking OS assigns filters in multiples of five.
Page 130: Configure Layer 2 And Layer 3 Acls
When Dell Networking OS routes the packets, only the L3 ACL governs them because they are not filtered against an L2 ACL. • When Dell Networking OS switches the packets, first the L3 ACL filters them, then the L2 ACL filters them. •...
Page 131: Assign An Ip Acl To An Interface
For information about MAC ACLs, refer to Layer Assign an IP ACL to an Interface To pass traffic through a configured IP ACL, assign that ACL to a physical interface, a port channel interface, or a VLAN. The IP ACL is applied to all traffic entering a physical or port channel interface and the traffic is either forwarded or dropped depending on the criteria and actions specified in the ACL.
Page 132: Counting Acl Hits
To specify ingress, use the in keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To view the access-list, use the show command. Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te1/1)#ip access-group abcd in Dell(conf-if-te1/1)#show config tengigabitethernet 1/1 no ip address...
Page 133: Configure Egress Acls
10 deny icmp any any seq 15 permit 1.1.1.2 Dell(conf)#interface tengigabitethernet 1/1/1 Dell(conf-if-te1/1/1)#ip access-group abcd in Dell(conf-if-te1/1/1)#show config tengogabitethernet 1/1/1 no ip address ip access-group abcd in no shutdown Dell(conf-if-te1/1/1)#end Dell#configure terminal Dell(conf)#ip access-list extended abcd Dell(config-ext-nacl)#permit tcp any any Dell(config-ext-nacl)#deny icmp any any Dell(config-ext-nacl)#permit 1.1.1.2...
Page 134: Applying Egress Layer 3 Acls (Control-Plane)
Dell(config-ext-nacl)#deny icmp any any Dell(config-ext-nacl)#permit 1.1.1.2 Dell(config-ext-nacl)#end Dell#show ip accounting access-list Extended Ingress IP access list abcd on tengigabitethernet 0/0 seq 5 permit tcp any any seq 10 deny icmp any any seq 15 permit 1.1.1.2 Dell#configure terminal Dell(conf)#interface te 1/2...
Page 135: Ip Prefix Lists
The following list includes the configuration tasks for prefix lists, as described in the following sections. • Configuring a prefix list • Use a prefix list for route redistribution For a complete listing of all commands related to prefix lists, refer to the Dell Networking OS Command Line Interface Reference Guide. Access Control Lists (ACLs)
Page 136 To delete a filter, use the no seq sequence-number command in PREFIX LIST mode. If you are creating a standard prefix list with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The Dell Networking OS assigns filters in multiples of five.
Page 137 (0 to 32). Example of Creating a Filter with Dell Networking OS-Assigned Sequence Numbers The example shows a prefix list in which the sequence numbers were assigned by the software. The filters were assigned sequence numbers based on the order in which they were configured (for example, the first filter was given the lowest sequence number).
Page 138 10 permit 0.0.0.0/0 le 32 (hit count: 0) The following example shows the show ip prefix-list summary command. Dell> Dell>show ip prefix summary Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10...
Page 139: Acl Resequencing
Example of Viewing Configured Prefix Lists (ROUTER OSPF mode) To view the configuration, use the show config command in ROUTER OSPF mode, or the show running-config ospf command in EXEC mode. Dell(conf-router_ospf)#show config router ospf 34 network 10.2.1.1 255.255.255.255 area 0.0.0.1...
Page 140: Resequencing An Acl Or Prefix List
10 this remark corresponds to permit ip any host 1.1.1.2 seq 10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.4 Dell# end Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl Access Control Lists (ACLs)
Page 141: Route Maps
Implementation Information The Dell Networking OS implementation of route maps allows route maps with the no match or no set commands. When there is no match command, all traffic matches the route map and the set command applies.
Page 142: Important Points To Remember
The default action is permit and the default sequence number starts at 10. When you use the keyword deny in configuring a route map, routes that meet the match filters are not redistributed. To view the configuration, use the show config command in ROUTE-MAP mode. Dell(config-route-map)#show config Access Control Lists (ACLs)
Page 143 You can create multiple instances of this route map by using the sequence number option to place the route maps in the correct order. Dell Networking OS processes the route maps with the lowest sequence number first. When a configured route map is applied to a command, such as redistribute, traffic passes through all instances of that route map until a match is found.
Page 144: Configuring Match Routes
In the following example, instance 10 permits the route having a tag value of 1000 and instances 20 and 30 deny the route having a tag value of 1000. In this scenario, Dell Networking OS scans all the instances of the route-map for any permit statement. If there is a match anywhere, the route is permitted.
Page 145 • Match routes whose next hop is a specific interface. CONFIG-ROUTE-MAP mode match interface interface The parameters are: – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. –...
Page 146: Configuring Set Conditions
• Match routes with a specific tag. CONFIG-ROUTE-MAP mode match tag tag-value To create route map instances, use these commands. There is no limit to the number of match commands per route map, but the convention is to keep the number of match filters in a route map low. Set commands do not require a corresponding match command.
Page 147: Configure A Route Map For Route Redistribution
Route maps on their own cannot affect traffic and must be included in different commands to affect routing traffic. Route redistribution occurs when Dell Networking OS learns the advertising routes from static or directly connected routes or another routing protocol. Different protocols assign different values to redistributed routes to identify either the routes and their origins.
Page 148: Continue Clause
30! Logging of ACL Processes This functionality is supported on the S4820T platform. To assist in the administration and management of traffic that traverses the device after being validated by the configured ACLs, you can enable the generation of logs for access control list (ACL) processes.
Page 149: Guidelines For Configuring Acl Logging
You can enable logging separately for each of these FP entries, which relate to each of the ACL entries configured in an ACL. Dell Networking OS saves a table that maps each ACL entry that matches the ACL name on the received packet, sequence number of the rule, and the interface index in the database.
Page 150: Configuring Acl Logging
251 indices available for ACL logging. Configuring ACL Logging This functionality is supported on the S4820T platform. To configure the maximum number of ACL log messages to be generated and the frequency at which these messages must be generated, perform the following steps: NOTE: This example describes the configuration of ACL logging for standard IP access lists.
Page 151: Flow-Based Monitoring Support For Acls
Flow-Based Monitoring Support for ACLs Flow-based monitoring is supported on the S4820T platform. Flow-based monitoring conserves bandwidth by monitoring only the specified traffic instead of all traffic on the interface. It is available for Layer 2 and Layer 3 ingress traffic. You can specify traffic using standard or extended access-lists.
Page 152: Enabling Flow-Based Monitoring
5 permit ipv6 22::/24 33::/24 monitor Enabling Flow-Based Monitoring Flow-based monitoring is supported on the S4820T platform. Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface. This feature is particularly useful when looking for malicious traffic. It is available for Layer 2 and Layer 3 ingress and egress traffic.
Page 153 MONITOR SESSION mode flow-based enable Define access-list rules that include the keyword monitor. Dell Networking OS only considers port monitoring traffic that matches rules with the keyword monitor. CONFIGURATION mode ip access-list For more information, see Access Control Lists (ACLs).
Page 154: Bidirectional Forwarding Detection (Bfd)
BFD also carries less overhead than routing protocol hello mechanisms. Control packets can be encapsulated in any form that is convenient, and, on Dell Networking routers, BFD agents maintain sessions that reside on the line card, which frees resources on the route processor module (RPM). Only session state changes are reported to the BFD Manager (on the RPM), which in turn notifies the routing protocols that are registered with it.
Page 155: Bfd Packet Format
NOTE: A session state change from Up to Down is the only state change that triggers a link state change in the routing protocol client. BFD Packet Format Control packets are encapsulated in user datagram protocol (UDP) packets. The following illustration shows the complete encapsulation of a BFD control packet inside an IPv4 packet.
Page 156 Required Min Echo The minimum rate at which the local system would like to receive echo packets. NOTE: Dell Networking OS does not currently support the echo function. Authentication An optional method for authenticating control packets.
Page 157: Bfd Sessions
Demand mode initiator. Either system (but not both) can request Demand mode at any time. NOTE: Dell Networking OS supports Asynchronous mode only. A session can have four states: Administratively Down, Down, Init, and Up.
Page 158: Session State Changes
handshake. Now the discriminator values have been exchanged and the transmit intervals have been negotiated. The passive system receives the control packet and changes its state to Up. Both systems agree that a session has been established. However, because both members must send a control packet — that requires a response —...
Page 159: Important Points To Remember
Important Points to Remember • On the S4820T platform, Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and receive intervals with a multiplier of 4.
Page 160: Configure Bfd For Physical Ports
• Configure BFD for OSPFv3 • Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness • Troubleshooting BFD Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do not enable the routing protocol.
Page 161 Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 15. Establishing a BFD Session on Physical Ports Enter interface mode.
Page 162 2.2.2.2 on interface Te 4/24 (diag: 0) Viewing Physical Port Session Parameters BFD sessions are configured with default intervals and a default role (active). Dell Networking recommends maintaining the default values. To view session parameters, use the show bfd neighbors detail command.
Page 163: Configure Bfd For Static Routes
Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 7 Disabling and Re-Enabling BFD BFD is enabled on all interfaces by default, though sessions are not created unless explicitly configured. If you disable BFD, all of the sessions on that interface are placed in an Administratively Down state ( the first message example), and the remote systems are notified of the session state change (the second message example).
Page 164 Establishing Sessions for Static Routes Sessions are established for all neighbors that are the next hop of a static route. Figure 16. Establishing Sessions for Static Routes To establish a BFD session, use the following command. • Establish BFD sessions for all neighbors that are the next hop of a static route. CONFIGURATION mode ip route bfd Example of the show bfd neighbors Command to Verify Static Routes...
Page 165: Configure Bfd For Ospf
• Change parameters for all static route sessions. CONFIGURATION mode ip route bfd interval milliseconds min_rx milliseconds multiplier value role [active | passive] To view session parameters, use the show bfd neighbors detail command, as shown in the examples in Displaying BFD for BGP Information Disabling BFD for Static Routes If you disable BFD, all static route BFD sessions are torn down.
Page 166 Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state.
Page 167 INTERFACE mode ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors - Active session role Ad Dn - Admin Down - CLI - ISIS...
Page 168: Configure Bfd For Ospfv3
• Disable BFD sessions with all OSPF neighbors. ROUTER-OSPF mode no bfd all-neighbors • Disable BFD sessions with all OSPF neighbors on an interface. INTERFACE mode ip ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv3 provides support for IPV6. Configuring BFD for OSPFv3 is a two-step process: Enable BFD globally.
Page 169: Configure Bfd For Is-Is
• Change parameters for all OSPFv3 sessions. ROUTER-OSPFv3 mode bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] • Change parameters for OSPFv3 sessions on a single interface. INTERFACE mode ipv6 ospf bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] Disabling BFD for OSPFv3 If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a...
Page 170 Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 18. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS neighbors on a single interface, use the following commands.
Page 171 The bold line shows that IS-IS BFD sessions are enabled. R2(conf-router_isis)#bfd all-neighbors R2(conf-router_isis)#do show bfd neighbors - Active session role Ad Dn - Admin Down - CLI - ISIS - OSPF - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.2.2 2.2.2.1 Te 2/1...
Page 172: Configure Bfd For Bgp
INTERFACE mose isis bfd all-neighbors disable Configure BFD for BGP In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, port-channel, and VLAN interfaces.
Page 173 Figure 19. Establishing Sessions with BGP Neighbors The sample configuration shows alternative ways to establish a BFD session with a BGP neighbor: • By establishing BFD sessions with all neighbors discovered by BGP (the bfd all-neighbors command). • By establishing a BFD session with a specified BGP neighbor (the neighbor {ip-address | peer- group-name} bfd command) BFD packets originating from a router are assigned to the highest priority egress queue to minimize transmission delays.
Page 174 typical response is to terminate the peering session for the routing protocol and reconverge by bypassing the failed neighboring router. A log message is generated whenever BFD detects a failure condition. Enable BFD globally. CONFIGURATION mode bfd enable Specify the AS number and enter ROUTER BGP configuration mode. CONFIGURATION mode router bgp as-number Add a BGP neighbor or peer group in a remote AS.
Page 175 ROUTER BGP mode neighbor {ip-address | peer-group-name} bfd disable • Remove the disabled state of a BFD for BGP session with a specified neighbor. ROUTER BGP mode no neighbor {ip-address | peer-group-name} bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members of a peer group (the neighbor peer-group-name bfd command in ROUTER BGP configuration mode).
Page 176 Examples of the BFD show Commands The following example shows verifying a BGP configuration. R2# show running-config bgp router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor 3.3.3.2 no shutdown bfd all-neighbors The following example shows viewing all BFD neighbors.
Page 177 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 5 Session Discriminator: 10 Neighbor Discriminator: 11 Local Addr: 2.2.2.3 Local MAC Addr: 00:01:e8:66:da:34 Remote Addr: 2.2.2.2 Remote MAC Addr: 00:01:e8:8a:da:7b Int: TenGigabitEthernet 6/2 State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3...
Page 178 Down Admin Down The following example shows viewing BFD summary information. The bold line shows the message displayed when you enable BFD for BGP connections. R2# show ip bgp summary BGP router identifier 10.0.0.1, local AS number 2 BGP table version is 0, main routing table version 0 BFD is enabled, Interval 100 Min_rx 100 Multiplier 3 Role Active 3 neighbor(s) using 24168 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down...
Page 179: Configure Bfd For Vrrp
Connections established 1; dropped 0 Last reset never Local host: 2.2.2.3, Local port: 63805 Foreign host: 2.2.2.2, Foreign port: 179 E1200i_ExaScale# R2# show ip bgp neighbors 2.2.2.3 BGP neighbor is 2.2.2.3, remote AS 1, external link Member of peer-group pg1 for session parameters BGP version 4, remote router ID 12.0.0.4 BGP state ESTABLISHED, in this state for 00:05:33 Neighbor is using BGP neighbor mode BFD configuration...
Page 180 Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once, or a session can be established with a particular neighbor. Figure 20. Establishing Sessions with All VRRP Neighbors To establish sessions with all VRRP neighbors, use the following command. •...
Page 181 The bold line shows that VRRP BFD sessions are enabled. Dell(conf-if-te-4/25)#vrrp bfd all-neighbors Dell(conf-if-te-4/25)#do show bfd neighbor - Active session role Ad Dn - Admin Down - CLI - ISIS - OSPF - Static Route (RTM) - VRRP LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.5.1...
Page 182: Configuring Protocol Liveness
vrrp bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] • Change parameters for a particular VRRP session. INTERFACE mode vrrp bfd neighbor ip-address interval milliseconds min_rx milliseconds multiplier value role [active | passive] To view session parameters, use the show bfd neighbors detail command, as shown in the example in Verifying BFD Sessions with BGP Neighbors Using the show bfd neighbors command example in Displaying BFD for BGP...
Page 183 debug bfd detail • Examine the control packets in hexadecimal format. CONFIGURATION debug bfd packet Examples of Output from the debug bfd Commands The following example shows a three-way handshake using the debug bfd detail command. R1(conf-if-te-4/24)#00:54:38: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.2 on interface Te 4/24 (diag: 0) 00:54:38 : Sent packet for session with neighbor 2.2.2.2 on Te 4/24 TX packet dump:...
Page 184: Border Gateway Protocol Ipv4 (Bgpv4)
Border Gateway Protocol IPv4 (BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS).
Page 185 Figure 21. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol — a computer network in which BGP maintains the path that updated information takes as it diffuses through the network. Updates traveling through the network and returning to the same node are easily detected and discarded.
Page 186: Sessions And Peers
Figure 22. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers.
Page 187: Establish A Session
Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies. In order to make decisions in its operations with other BGP peers, a BGP process uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established.
Page 188: Bgp Attributes
Route reflection divides iBGP peers into two groups: client peers and nonclient peers. A route reflector and its client peers form a route reflection cluster. Because BGP speakers announce only the best route for a given prefix, route reflector rules are applied after the router makes its best path decision. •...
Page 189: Best Path Selection Criteria
In non-deterministic mode (the bgp non-deterministic-med command is applied), paths are compared in the order in which they arrive. This method can lead to Dell Networking OS choosing different best paths from a set of paths, depending on the order in which they were received from the neighbors because MED may or may not get compared between the adjacent paths.
Page 190 Figure 24. BGP Best Path Selection Best Path Selection Details Prefer the path with the largest WEIGHT attribute. Prefer the path with the largest LOCAL_PREF attribute. Prefer the path that was locally Originated via a network command, redistribute command or aggregate-address command. Routes originated with the Originated via a network or redistribute commands are preferred over routes originated with the aggregate-address command.
Page 191: Weight
Prefer the path with the lowest IGP metric to the BGP if next-hop is selected when synchronization is disabled and only an internal path remains. Dell Networking OS deems the paths as equal and does not perform steps 9 through 11, if the following criteria is met: the IBGP multipath or EBGP multipath are configured (the maximum-path command).
Page 192: Multi-Exit Discriminators (Meds)
and AS300. This is advertised to all routers within AS100, causing all BGP speakers to prefer the path through Router B. Figure 25. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path.
Page 193: Origin
BGP. In Dell Networking OS, these origin codes appear as shown in the following example. The question mark (?) indicates an origin code of INCOMPLETE (shown in bold). The lower case letter (i) indicates an origin code of IGP (shown in bold).
Page 194: As Path
NOTE: Any update that contains the AS path number 0 is valid. The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold). Example of Viewing AS Paths Dell#show ip bgp paths Total 30655 Paths Address Hash Refcount Metric Path...
Page 195: Multiprotocol Bgp
For some peers you can set the internal/IGP cost as the MED while setting others to a constant pre-defined metric as MED value. Dell Networking OS supports configuring the set metric-type internal command in a route-map to advertise the IGP cost as the MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost.
Page 196: Ignore Router-Id For Some Best-Path Calculations
MED: 100 Ignore Router-ID for Some Best-Path Calculations Dell Networking OS allows you to avoid unnecessary BGP best-path transitions between external paths under certain conditions. The bgp bestpath router-id ignore command reduces network disruption caused by routing and forwarding plane changes and allows for faster convergence.
Page 197: As4 Number Representation
If 4-Byte AS numbers are not implemented, only ASPLAIN representation is supported. ASPLAIN is the method Dell Networking OS has used for all previous Dell Networking OS versions. ASPLAIN remains the default method with Dell Networking OS. With the ASPLAIN notation, a 32-bit binary AS number is translated into a decimal value.
Page 198: As Number Migration
100 bgp asnotation asdot+ bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do show ip bgp BGP table version is 31571, local router ID is 172.30.1.57 AS-PLAIN Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057...
Page 199 Figure 27. Before and After AS Number Migration with Local-AS Enabled When you complete your migration, and you have reconfigured your network with the new information, disable this feature. If you use the “no prepend” option, the Local-AS does not prepend to the updates received from the eBGP peer.
Page 200: Bgp4 Management Information Base (Mib)
(SNMP) objects and notifications (traps) defined in draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell website. NOTE: For the Force10-BGP4-V2-MIB and other MIB documentation, refer to the Dell iSupport web page. Important Points to Remember •...
Page 201: Configuration Information
ROUTER BGP mode to configure a BGP neighbor. By default, BGP is disabled. By default, Dell Networking OS compares the MED attribute on different paths from within the same AS (the bgp always-compare-med command is not enabled). Border Gateway Protocol IPv4 (BGPv4)
Page 202: Enabling Bgp
Disabled Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor or peer.
Page 203 Assign an AS number and enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number • as-number: from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte) or 0.1 to 65535.65535 (Dotted format). Only one AS is supported per system. NOTE: If you enter a 4-Byte AS number, 4-Byte AS support is enabled automatically.
Page 204 Active For the router’s identifier, Dell Networking OS uses the highest IP address of the Loopback interfaces configured. Because Loopback interfaces are virtual, they cannot go down, thus preventing changes in the router ID. If you do not configure Loopback interfaces, the highest IP address of any interface is used as the router ID.
Page 205 The third line of the show ip bgp neighbors output contains the BGP State. If anything other than ESTABLISHED is listed, the neighbor is not exchanging information and routes. For more information about using the show ip bgp neighbors command, refer to the Dell Networking OS Command Line Interface Reference Guide.
Page 206: Configuring As4 Number Representations
Term Description ASPLAIN the method Dell Networking OS used for all previous Dell Networking OS versions. It remains the default method with Dell Networking OS. With the ASPLAIN notation, a 32–bit binary AS number is translated into a decimal value.
Page 207 NOTE: ASPLAIN is the default method Dell Networking OS uses and does not appear in the configuration display. • Enable ASDOT AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot • Enable ASDOT+ AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot+ Examples of the bgp asnotation Commands The following example shows the bgp asnotation asplain command output.
Page 208: Configuring Peer Groups
Configuring Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. An advantage of peer groups is that members of a peer group inherit the configuration properties of the group and share same update policy. A maximum of 256 peer groups are allowed on the system.
Page 209 10.14.8.60 remote-as 18505 neighbor 10.14.8.60 no shutdown Dell(conf-router_bgp)# To enable a peer group, use the neighbor peer-group-name no shutdown command in CONFIGURATION ROUTER BGP mode (shown in bold). Dell(conf-router_bgp)#neighbor zanzibar no shutdown Dell(conf-router_bgp)#show config router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes...
Page 210: Configuring Bgp Fast Fall-Over
ESTABLISHED state move to the IDLE state. To view the status of peer groups, use the show ip bgp peer-group command in EXEC Privilege mode, as shown in the following example. Dell>show ip bgp peer-group Peer-group zanzibar, remote AS 65535 BGP version 4...
Page 211 To verify that you enabled fast fall-over on a particular BGP neighbor, use the show ip bgp neighbors command. Because fast fall-over is disabled by default, it appears only if it has been enabled (shown in bold). Dell#sh ip bgp neighbors BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.30.5...
Page 212: Configuring Passive Peering
When a BGP neighbor connection with authentication configured is rejected by a passive peer-group, Dell Networking OS does not allow another passive peer-group on the same subnet to connect with the BGP neighbor. To work around this, change the BGP configuration or change the order of the peer group configuration.
Page 213: Maintaining Existing As Numbers During An As Migration
CONFIG-ROUTER-BGP mode neighbor peer-group-name subnet subnet-number mask The peer group responds to OPEN messages sent on this subnet. Enable the peer group. CONFIG-ROUTER-BGP mode neighbor peer-group-name no shutdown Create and specify a remote peer for BGP neighbor. CONFIG-ROUTER-BGP mode neighbor peer-group-name remote-as as-number Only after the peer group responds to an OPEN message sent on the subnet does its BGP state change to ESTABLISHED.
Page 214: Allowing An As Number To Appear In Its Own As Path
network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 local-as 6500 neighbor 100.10.92.9 no shutdown neighbor 192.168.10.1 remote-as 65123 neighbor 192.168.10.1 update-source Loopback 0 neighbor 192.168.10.1 no shutdown neighbor 192.168.12.2 remote-as 65123...
Page 215: Enabling Graceful Restart
Speeds convergence by advertising a special update packet known as an end-of-RIB marker. This marker indicates the peer has been updated with all routes in the local RIB. If you configure your system to do so, Dell Networking OS can perform the following actions during a hot failover: •...
Page 216: Enabling Neighbor Graceful Restart
BGP graceful restart is active only when the neighbor becomes established. Otherwise, it is disabled. Graceful-restart applies to all neighbors with established adjacency. With the graceful restart feature, Dell Networking OS enables the receiving/restarting mode by default. In Receiver-Only mode, graceful restart saves the advertised routes of peers that support this capability when they restart.
Page 217 Example of the show ip bgp paths Command To view all BGP path attributes in the BGP database, use the show ip bgp paths command in EXEC Privilege mode. Dell#show ip bgp paths Total 30655 Paths Address Hash Refcount Metric Path...
Page 218: Regular Expressions As Filters
For an AS-path access list, as shown in the previous commands, if the AS path matches the regular expression in the access list, the route matches the access list. The following lists the regular expressions accepted in Dell Networking OS. Regular Expression Definition ^ (caret) Matches the beginning of the input string.
Page 219: Redistributing Routes
Dell(conf-router_bgp)#show conf router bgp 99 neighbor AAA peer-group neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 shutdown Dell(conf-router_bgp)#neigh 10.155.15.2 filter-list 1 in Dell(conf-router_bgp)#ex Dell(conf)#ip as-path access-list Eagle Dell(config-as-path)#deny 32$ Dell(config-as-path)#ex Dell(conf)#router bgp 99 Dell(conf-router_bgp)#neighbor AAA filter-list Eagle in...
Page 220: Enabling Additional Paths
One attribute you can manipulate is the COMMUNITY attribute. This attribute is an optional attribute that is defined for a group of destinations. In Dell Networking OS, you can assign a COMMUNITY attribute to BGP routers by using an IP community list. After you create an IP community list, you can apply routing decisions to all routers meeting the criteria in the IP community list.
Page 221 All routes with the NO_EXPORT (0xFFFFFF01) community attribute must not be advertised outside a BGP confederation boundary, but are sent to CONFED-EBGP and IBGP peers. Dell Networking OS also supports BGP Extended Communities as described in RFC 4360 — BGP Extended Communities Attribute.
Page 222: Configuring An Ip Extended Community List
To view the configuration, use the show config command in CONFIGURATION COMMUNITY-LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip {community-lists | extcommunity-list} command in EXEC Privilege mode. Dell#show ip community-lists ip community-list standard 1 deny 701:20 deny 702:20...
Page 223: Filtering Routes With Community Lists
In addition to permitting or denying routes based on the values of the COMMUNITY attributes, you can manipulate the COMMUNITY attribute value and send the COMMUNITY attribute with the route information. By default, Dell Networking OS does not send the COMMUNITY attribute. To send the COMMUNITY attribute to BGP neighbors, use the following command. •...
Page 224 To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. If you want to remove or add a specific COMMUNITY number from a BGP path, you must create a route map with one or both of the following statements in the route map. Then apply that route map to a BGP neighbor or peer group.
Page 225: Changing Med Attributes
209 7170 1455 i --More-- Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS. To change how the MED attribute is used, enter any or all of the following commands.
Page 226: Changing The Next_Hop Attribute
CONFIG-ROUTER-BGP mode bgp default local-preference value – value: the range is from 0 to 4294967295. The default is 100. To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode. A more flexible method for manipulating the LOCAL_PREF attribute value is to use a route map.
Page 227: Changing The Weight Attribute
AS-Path ACLs filter routes based on the ASN. Route maps can filter and set conditions, change attributes, and assign update policies. NOTE: Dell Networking OS supports up to 255 characters in a set community statement inside a route map.
Page 228 For inbound and outbound updates the order of preference is: • prefix lists (using the neighbor distribute-list command) • AS-PATH ACLs (using the neighbor filter-list command) • route maps (using the neighbor route-map command) Prior to filtering BGP routes, create the prefix list, AS-PATH ACL, or route map. For configuration information about prefix lists, AS-PATH ACLs, and route maps, refer to Access Control Lists...
Page 229: Filtering Bgp Routes Using Route Maps
• If the prefix list contains no filters, all routes are permitted. • If none of the routes match any of the filters in the prefix list, the route is denied. This action is called an implicit deny. (If you want to forward all routes that do not match the prefix list criteria, you must configure a prefix list filter to permit all routes.
Page 230: Filtering Bgp Routes Using As-Path Information
BGP route reflectors are intended for ASs with a large mesh; they reduce the amount of BGP control traffic. NOTE: Dell Networking recommends not using multipath and add path simultaneously in a route reflector. With route reflection configured properly, IBGP routers are not fully meshed within a cluster but all receive routing information.
Page 231: Aggregating Routes
BGP mode or the show running-config bgp in EXEC Privilege mode. Aggregating Routes Dell Networking OS provides multiple ways to aggregate routes in the BGP routing table. At least one specific route of the aggregate must be in the routing table for the configured aggregate to become active.
Page 232: Configuring Bgp Confederations
When that penalty value reaches a configured limit, the route is not advertised, even if the route is up. In Dell Networking OS, that penalty value is 1024. As time passes and the route does not flap, the penalty value decrements or is decayed. However, if the route flaps again, it is assigned another penalty.
Page 233 • history entry — an entry that stores information on a downed route • dampened path — a path that is no longer advertised • penalized path — a path that is assigned a penalty To configure route flap dampening parameters, set dampening parameters using a route map, clear information on route dampening and return suppressed routes to active state, view statistics on route flapping, or change the path selection from the default mode (deterministic) to non-deterministic, use the following commands.
Page 234 – regexp regular-expression: enter a regular express to match on. By default, the path selection in Dell Networking OS is deterministic, that is, paths are compared irrespective of the order of their arrival. You can change the path selection method to non- deterministic, that is, paths are compared in the order in which they arrived (starting with the most recent).
Page 235: Changing Bgp Timers
10.114.8.33 18508 117265 25069 780266 20 00:38:50 102759 Dell> To view which routes are dampened (non-active), use the show ip bgp dampened-routes command in EXEC Privilege mode. Changing BGP Timers To configure BGP timers, use either or both of the following commands.
Page 236 When inbound soft reconfiguration is done later, the stored information is used to generate a new set of inbound updates. Dell>router bgp 100 neighbor 10.108.1.1 remote-as 200 neighbor 10.108.1.1 soft-reconfiguration inbound...
Page 237: Route Map Continue
The routes associated with multicast routing are used by the protocol independent multicast (PIM) to build data distribution trees. Dell Networking OS MBGP is implemented per RFC 1858. You can enable the MBGP feature per router and/or per peer/peer-group.
Page 238: Bgp Regular Expression Optimization
Most Dell Networking OS BGP IPv4 unicast commands are extended to support the IPv4 multicast RIB using extra options to the command. For a detailed description of the MBGP commands, refer to the Dell Networking OS Command Line Interface Reference Guide.
Page 239: Storing Last And Bad Pdus
Storing Last and Bad PDUs Dell Networking OS stores the last notification sent/received and the last bad protocol data unit (PDU) received on a per peer basis. The last bad PDU is the one that causes a notification to be issued.
Page 240: Capturing Pdus
To change the maximum buffer size, use the capture bgp-pdu max-buffer-size command. To view the captured PDUs, use the show capture bgp-pdu neighbor command. Dell#show capture bgp-pdu neighbor 20.20.20.2 Incoming packet capture enabled for BGP neighbor 20.20.20.2 Available buffer size 40958758, 26 packet(s) captured using 680 bytes...
Page 241: Pdu Counters
243295 313511 0 00:12:46 207896 PDU Counters Dell Networking OS supports additional counters for various types of PDUs sent and received from neighbors. These are seen in the output of the show ip bgp neighbor command. Sample Configurations The following example configurations show how to enable BGP and set up some peer groups. These examples are not comprehensive directions.
Page 242 The following illustration shows the configurations described on the following examples. These configurations show how to create BGP areas using physical and virtual links. They include setting up the interfaces and peers groups with each other. Figure 28. Sample Configurations Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0...
Page 243 R1(conf-if-te-1/31)#show config interface TengigabitEthernet 1/31 ip address 10.0.3.31/24 no shutdown R1(conf-if-te-1/31)#router bgp 99 R1(conf-router_bgp)#network 192.168.128.0/24 R1(conf-router_bgp)#neighbor 192.168.128.2 remote 99 R1(conf-router_bgp)#neighbor 192.168.128.2 no shut R1(conf-router_bgp)#neighbor 192.168.128.2 update-source loop 0 R1(conf-router_bgp)#neighbor 192.168.128.3 remote 100 R1(conf-router_bgp)#neighbor 192.168.128.3 no shut R1(conf-router_bgp)#neighbor 192.168.128.3 update-source loop 0 R1(conf-router_bgp)#show config router bgp 99 network 192.168.128.0/24...
Page 244 Example of Enabling BGP (Router 3) R3# conf R3(conf)# R3(conf)#int loop 0 R3(conf-if-lo-0)#ip address 192.168.128.3/24 R3(conf-if-lo-0)#no shutdown R3(conf-if-lo-0)#show config interface Loopback 0 ip address 192.168.128.3/24 no shutdown R3(conf-if-lo-0)#int te 3/11 R3(conf-if-te-3/11)#ip address 10.0.3.33/24 R3(conf-if-te-3/11)#no shutdown R3(conf-if-te-3/11)#show config interface TengigabitEthernet 3/11 ip address 10.0.3.33/24 no shutdown R3(conf-if-lo-0)#int te 3/21...
Page 245 neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 peer-group BBB neighbor 192.168.128.3 update-source Loopback 0 neighbor 192.168.128.3 no shutdown R1#show ip bgp summary BGP router identifier 192.168.128.1, local AS number 99 BGP table version is 1, main routing table version 1 1 network entrie(s) using 132 bytes of memory 3 paths using 204 bytes of memory BGP-RIB over all using 207 bytes of memory...
Page 246 R2(conf-router_bgp)# neighbor 192.168.128.3 no shut R2(conf-router_bgp)#show conf router bgp 99 network 192.168.128.0/24 neighbor AAA peer-group neighbor AAA no shutdown neighbor BBB peer-group neighbor BBB no shutdown neighbor 192.168.128.1 remote-as 99 neighbor 192.168.128.1 peer-group CCC neighbor 192.168.128.1 update-source Loopback 0 neighbor 192.168.128.1 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 peer-group BBB neighbor 192.168.128.3 update-source Loopback 0...
Page 247 Received 93 messages, 0 in queue 5 opens, 0 notifications, 5 updates 83 keepalives, 0 route refresh requests Sent 99 messages, 0 in queue 5 opens, 4 notifications, 5 updates 85 keepalives, 0 route refresh requestsCapabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2)
Page 248: Content Addressable Memory (Cam)
Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 and Layer 3 forwarding information, access-lists (ACLs), flows, and routing policies. CAM Allocation...
Page 249 CAM Allocation Setting vrfv4Acl Openflow fedgovacl The following additional CAM allocation settings are supported on the S6000, S4810, S4820T, or S6000– ON platforms. Table 13. Additional Default CAM Allocation Settings Additional CAM Allocation Setting FCoE ACL (fcoeacl) ISCSI Opt ACL (iscsioptacl) The ipv6acl and vman-dual-qos allocations must be entered as a factor of 2 (2, 4, 6, 8, 10).
Page 250: Test Cam Usage
CAM space required. The Status column in the command output indicates whether or not the policy can be enabled. Example of the test cam-usage Command Dell#test cam-usage service-policy input test-cam-usage stack-unit 7 po 0 Stack-Unit | Portpipe | CAM Partition | Available CAM | Estimated CAM per Port | Status...
Page 251: View Cam-Acl Settings
NOTE: If you select the CAM profile from CONFIGURATION mode, the output of this command does not reflect any changes until you save the running-configuration and reload the chassis. Example of show running-config cam-profile Command Dell#show running-config cam-profile cam-profile default microcode default Dell# View CAM-ACL Settings Thisshow cam-acl command shows the cam-acl setting that will be loaded after the next reload.
Page 252 The default values for the show cam-acl command are: Dell#show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes) 1 block = 128 entries...
Page 253: View Cam Usage
View CAM Usage View the amount of CAM space available, used, and remaining in each ACL partition using the show cam-usage command from EXEC Privilege mode. Example of the show cam-usage Command Dell#show cam-usage Stackunit|Portpipe| CAM Partition | Total CAM Used CAM...
Page 254: Troubleshoot Cam Profiling
If three resets do not bring up the card, or if the system is running an Dell Networking OS version prior to version 6.3.1.1, the system presents an error message. In this case, manually adjust the CAM configuration on the card to match the system configuration.
Page 255: Control Plane Policing (Copp)
Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level. CoPP increases security on the system by protecting the routing processor from unnecessary or DoS traffic, giving priority to important control plane and management traffic.
Page 256: Configure Control Plane Policing
Figure 30. CoPP Implemented Versus CoPP Not Implemented Configure Control Plane Policing The system can process a maximum of 4200 packets per second (PPS). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though per protocol CoPP is applied.
Page 257: Configuring Copp For Protocols
queue rate limit value. You must complete queue bandwidth tuning carefully because the system cannot open up to handle any rate, including traffic coming at the line rate. CoPP policies are assigned on a per-protocol or a per-queue basis, and are assigned in CONTROL- PLANE mode to each port-pipe.
Page 258 Dell(conf-ipv6-acl-cpuqos)#exit Dell(conf)#ipv6 access-list ipv6-vrrp cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit vrrp Dell(conf-ipv6-acl-cpuqos)#exit The following example shows creating the QoS input policy. Dell(conf)#qos-policy-in rate_limit_200k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 200 40 peak 500 40 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_400k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 400 50 peak 600 50 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_500k cpu-qos...
Page 259: Configuring Copp For Cpu Queues
Examples of Configuring CoPP for CPU Queues The following example shows creating the QoS policy. Dell#conf Dell(conf)#qos-policy-input cpuq_1 Dell(conf-qos-policy-in)#rate-police 3000 40 peak 500 40 Dell(conf-qos-policy-in)#exit Dell(conf)#qos-policy-input cpuq_2 Dell(conf-qos-policy-in)#rate-police 5000 80 peak 600 50 Dell(conf-qos-policy-in)#exit Control Plane Policing (CoPP)
Page 260: Copp For Ospfv3 Packets
However there are about 20 well known protocol streams that have to share these 4 CMIC queues. Before 9.4.(0.0)Dell Networking OS used only 8 queues most of the queues are shared to multiple protocols. So, increasing the number of CMIC queues will reduce the contention among the protocols for the queue bandwidth.
Page 261 points, and the queue (0 – 3) taken by the CPU bound data streams are uniform. In back-plane ports, queue 0 – 3 will carry both the front-end bound data streams as well as the CPU bound data streams which is acceptable but the well-known protocol streams must not be mixed with the data streams on queues 0 –...
Page 262 NDP Packets Neighbor discovery protocol has 4 types of packets NS, NA, RA, RS. These packets need to be taken to CPU for neighbor discovery. • Unicast NDP packets: – Packets hitting the L3 host/route table and discovered as local terminated packets/CPU bound traffic.
Page 263: Configuring Copp For Ospfv3
You can create an IPv6 ACL for control-plane traffic policing for OSPFv3, in addition to the CoPP support for VRRPv3, BGPv6, and ICMPv6. This functionality is supported on the S4810, S4820T, S6000, MXL, and Z9000 platforms. You can use the ipv6 access-list name cpu-qos permit ospfv3 or the ipv6 access-list name cpu-qos ospfv3 command to allow CoPP traffic for OSPFv3.
Page 264: Show Commands
Create a QoS input policy for the router and assign the policing. CONFIGURATION mode Dell(conf)#qos-policy-input ospfv3_rate cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 1500 16 peak 1500 16 Create a QoS class map to differentiate the control-plane traffic and assign to the ACL. CONFIGURATION mode...
Page 265 Dell# Example of Viewing Queue Mapping To view the queue mapping for each configured protocol, use the show ip protocol-queue- mapping command. Dell#show ip protocol-queue-mapping Protocol Src-Port Dst-Port TcpFlag Queue EgPort Rate (kbps) -------- -------- -------- ------- ----- ------ -----------...
Page 266: Data Center Bridging (Dcb)
DCB-enabled network is required in a data center. The Dell Networking switches that support a unified fabric and consolidate multiple network infrastructures use a single input/output (I/O) device called a converged network adapter (CNA).
Page 267: Priority-Based Flow Control
• Data Center Bridging Exchange (DCBx) protocol NOTE: Dell Networking OS supports only the PFC, ETS, and DCBx features in data center bridging. Priority-Based Flow Control In a data center network, priority-based flow control (PFC) manages large bursts of one traffic type in multiprotocol links so that it does not affect other traffic types and no frames are lost due to congestion.
Page 268: Enhanced Transmission Selection
FCoE converged traffic with priority 3. • iSCSI storage traffic with priority 4. In the Dell Networking OS, PFC is implemented as follows: • PFC supports buffering to receive data that continues to arrive on an interface while the remote system reacts to the PFC operation.
Page 269: Data Center Bridging Exchange Protocol (Dcbx)
Percentage of available bandwidth allocated to a priority group. Group transmission selection algorithm (TSA) Type of queue scheduling a priority group uses. In Dell Networking OS, ETS is implemented as follows: • ETS supports groups of 802.1p priorities that have: – PFC enabled or disabled –...
Page 270: Data Center Bridging In A Traffic Flow
• Discovery of DCB capabilities on peer-device connections. • Determination of possible mismatch in DCB configuration on a peer link. • Configuration of a peer device over a DCB link. DCBx requires the link layer discovery protocol (LLDP) to provide the path to exchange DCB parameters with peer devices.
Page 271: Qos Dot1P Traffic Classification And Queue Assignment
NOTE: To save the pfc buffering configuration changes, save the configuration and reboot the system. NOTE: Dell Networking OS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces. For more information, refer to Ethernet Pause Frames.
Page 272: Dcb Maps And Its Attributes
dot1p Value in the Egress Queue Assignment Incoming Frame DCB Maps and its Attributes This topic contains the following sections that describe how to configure a DCB map, apply the configured DCB map to a port, configure PFC without a DCB map, and configure lossless queues. DCB Map: Configuration Procedure A DCB map consists of PFC and ETS parameters.
Page 273: Applying A Dcb Map On A Port
INTERFACE dcb-map name configure it with the PFC and ETS settings in the map; for example: Dell# interface tengigabitEthernet 1/1 Dell(config-if-te-1/1)# dcb-map SAN_A_dcb_map1 Repeat Steps 1 and 2 to apply a DCB map to more than one port. You cannot apply a DCB map on an interface...
Page 274: Configuring Lossless Queues
Step Task Command Command Mode Enter interface configuration mode on an CONFIGURATION interface Ethernet port. {tengigabitEthernet slot/ port | fortygigabitEthernet slot/port} Enable PFC on specified priorities. Range: INTERFACE pfc priority 0-7. Default: None. priority-range Maximum number of lossless queues supported on an Ethernet port: 2. Separate priority values with a comma.
Page 275: Data Center Bridging: Default Configuration
DCB is enabled. PFC and ETS are globally enabled by default. The default dot1p priority-queue assignments are applied as follows: Dell(conf)#do show qos dot1p-queue-mapping Dot1p Priority : 0 Queue : 2 Dell(conf)# NOTE: In Egress queue assignment (8 queues in S6000 and Z9500, 4 against in S5000 and S4810.
Page 276: Configuring Pfc And Ets In A Dcb Map
Configuring PFC and ETS in a DCB Map switch supports the use of a DCB map in which you configure priority-based flow control (PFC) and enhanced transmission selection (ETS) settings. To configure PFC and ETS parameters, you must apply a DCB map on interface.
Page 277: Pfc Prerequisites And Restrictions
In a switch stack, configure all stacked ports with the same PFC configuration. • Dell Networking OS allows you to change the default dot1p priority-queue assignments only if the change satisfies the following requirements in DCB maps already applied to S6000 interfaces: •...
Page 278: Ets Prerequisites And Restrictions
priority group, use the bandwidth percentage parameter. The sum of the bandwidth allocated to all priority groups in a DCB map must be 100% of the bandwidth on the link. You must allocate at least 1% of the total bandwidth to each priority group. •...
Page 279: Configuring Priority-Based Flow Control
2 maps to dot1p priority 4; priority group 4 maps to dot1p priorities 5, 6, and 7. Dell Networking OS Behavior: As soon as you apply a DCB policy with PFC enabled on an interface, DCBx starts exchanging information with PFC-enabled peers. The IEEE802.1Qbb, CEE, and CIN versions of PFC Type, Length, Value (TLV) are supported.
Page 280: Configuring Lossless Queues
The default: No lossless queues are configured. NOTE: Dell Networking OS Behavior: By default, no lossless queues are configured on a port. A limit of two lossless queues is supported on a port. If the amount of priority traffic that you configure to be paused exceeds the two lossless queues, an error message displays.
Page 281: Ets Prerequisites And Restrictions
ETS Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure ETS bandwidth allocation or queue scheduling. • Configuring ETS bandwidth allocation or a queue scheduler for dot1p priorities in a priority group is applicable if the DCBx version used on a port is CIN (refer to Configuring DCBx).
Page 282: Ets Operation With Dcbx
2 maps to dot1p priority 4; priority group 4 maps to dot1p priorities 5, 6, and 7. Dell Networking OS Behavior: A priority group consists of 802.1p priority values that are grouped for similar bandwidth allocation and scheduling, and that share latency and loss requirements. All 802.1p priorities mapped to the same queue must be in the same priority group.
Page 283: Configuring Bandwidth Allocation For Dcbx Cin
CIN supports only the dot1p priority-queue assignment in a priority group. To configure a dot1p priority flow in a priority group to operate with link strict priority, you configure: The dot1p priority for strict-priority scheduling (strict-priority command). The priority group for strict-priority scheduling (scheduler strict command.
Page 284: Configure A Dcbx Operation
NOTE: Use only 40G ports as stacking ports when you enable DCB. S4820T does not support DCB when you use 10GBaseT ports as stacking ports. • Apply the specified DCB policy on all ports of the switch stack or a single stacked switch.
Page 285 A port that receives an internally propagated configuration overwrites its local configuration with the new parameter values. When an auto-upstream port (besides the configuration source) receives and overwrites its configuration with internally propagated information, one of the following actions is taken: •...
Page 286: Dcb Configuration Exchange
On a DCBx port in a manual role, all PFC, application priority, ETS recommend, and ETS configuration TLVs are enabled. When making a configuration change to a DCBx port in a Manual role, Dell Networking recommends shutting down the interface using the shutdown command, change the configuration, then re-activate the interface using the no shutdown command.
Page 287: Configuration Source Election
Configuration Source Election When an auto-upstream or auto-downstream port receives a DCB configuration from a peer, the port first checks to see if there is an active configuration source on the switch. • If a configuration source already exists, the received peer configuration is checked against the local port configuration.
Page 288: Behavior Of Tagged Packets
• The switch reboots. • The link is reset (goes down and up). • User-configured CLI commands require the version negotiation to restart. • The peer times out. • Multiple peers are detected on the link. If you configure a DCBx port to operate with a specific version (the DCBx version {cee | cin | ieee-v2.5} command in the Configuring DCBx), DCBx operations are performed according to the...
Page 289: Dcbx Example
(ToR) switches through 40GbE uplinks. The ToR switches are part of a Fibre Channel storage network. The internal ports (ports 1-32) connected to the 10GbE backplane are configured as auto-downstream ports. On the S4820T, PFC and ETS use DCBx to exchange link-level configuration with DCBx peer devices. Data Center Bridging (DCB)
Page 290: Dcbx Prerequisites And Restrictions
Figure 33. DCBx Sample Topology DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port: • For DCBx, on a port interface, enable LLDP in both Send (TX) and Receive (RX) mode (the protocol lldp mode command;...
Page 291 [no] protocol lldp Configure the DCBx version used on the interface, where: auto configures the port to operate using the DCBx version received from a peer. PROTOCOL LLDP mode [no] DCBx version {auto | cee | cin | ieee-v2.5} • cee: configures the port to use CEE (Intel 1.01).
Page 292 • fcoe: enables the advertisement of FCoE in Application Priority TLVs. • iscsi: enables the advertisement of iSCSI in Application Priority TLVs. The default is Application Priority TLVs are enabled to advertise FCoE and iSCSI. NOTE: To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-appln-tlv iscsi.
Page 293 NOTE: You can configure the transmission of more than one TLV type at a time. You can only enable ETS recommend TLVs (ets-reco) if you enable ETS configuration TLVs (ets-conf). To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-tlv pfc ets-reco.
Page 294: Verifying The Dcb Configuration
in a DCBx TLV from a remote peer but received a different, conflicting DCBx version. DSM_DCBx_PFC_PARAMETERS_MATCH and DSM_DCBx_PFC_PARAMETERS_MISMATCH: A local DCBx port received a compatible (match) or incompatible (mismatch) PFC configuration from a peer. DSM_DCBx_ETS_PARAMETERS_MATCH and DSM_DCBx_ETS_PARAMETERS_MISMATCH: A local DCBx port received a compatible (match) or incompatible (mismatch) ETS configuration from a peer.
Page 295 The following example shows the show qos priority-groups command. Dell#show qos priority-groups priority-group ipc priority-list 4 set-pgid 2 The following example shows the output of the show qos dcb-map test command. Dell#show qos dcb-map test ----------------------- State :Complete PfcMode:ON --------------------...
Page 296 PG:1 TSA:ETS BW:50 PFC:ON Priorities:3 4 The following example shows the show interfaces pfc summary command. Dell# show interfaces tengigabitethernet 1/4 pfc summary Interface TenGigabitEthernet 1/4 Admin mode is on Admin is enabled Remote is enabled, Priority list is 4...
Page 297 Fields Description is on, PFC advertisements are enabled to be sent and received from peers; received PFC configuration takes effect. The admin operational status for a DCBx exchange of PFC configuration is enabled or disabled. Remote is enabled; Priority list Remote Willing Operational status (enabled or disabled) of peer Status is enabled device for DCBx exchange of PFC configuration...
Page 298 Priority Received PFC Frames Transmitted PFC Frames -------- ------------------- ---------------------- The following example shows the show interface ets summary command. Dell(conf-qos-policy-out-ets)#do sho int te 1/3 ets su Interface TenGigabitEthernet 1/3 Max Supported TC Groups is 4 Number of Traffic Classes is 8...
Page 299 0 Input Conf TLV Pkts, 1955 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 0 Input Reco TLV Pkts, 1955 Output Reco TLV Pkts, 0 Error Reco TLV Pkts Dell(conf)# show interfaces tengigabitethernet 1/1 ets detail Interface TenGigabitEthernet 1/1...
Page 300 0T LIVnput Traffic Class TLV Pkts, 0 Output Traffic Class TLV Pkts, 0 Error Traffic Class Pkts The following example shows the show interface ets detail command. Dell(conf)# show interfaces tengigabitethernet 1/1 ets detail Interface TenGigabitEthernet 1/1 Max Supported TC Groups is 4 Number of Traffic Classes is 8...
Page 301 Priority# Bandwidth Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled 0 Input Conf TLV Pkts, 0 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 0 Input Traffic Class TLV Pkts, 0 Output Traffic Class TLV Pkts, 0 Error Traffic Class TLV Pkts The following table describes the show interface ets detail command fields.
Page 302 Number of ETS Error Configuration TLVs received. The following example shows the show stack-unit all stack-ports all pfc details command. Dell(conf)# show stack-unit all stack-ports all pfc details stack unit 0 stack-port all Admin mode is On Admin is enabled, Priority list is 4-5...
Page 303 Bandwidth ------------------------------------------------ 0,1,2,3,4,5,6,7 100% The following example shows the show interface DCBx detail command (IEEE). Dell(conf-if-te-1/17-lldp)#do sho int te 2/12 dc d E-ETS Configuration TLV enabled e-ETS Configuration TLV disabled R-ETS Recommendation TLV enabled r-ETS Recommendation TLV disabled P-PFC Configuration TLV enabled...
Page 304 I-Application priority for iSCSI enabled i-Application Priority for iSCSI disabled ----------------------------------------------------------------------- Interface TenGigabitEthernet 1/14 Remote Mac Address 00:01:e8:8a:df:a0 Port Role is Auto-Upstream DCBx Operational Status is Enabled Is Configuration Source? FALSE Local DCBx Compatibility mode is CEE Local DCBx Configured mode is CEE Peer Operating version is CEE Local DCBx TLVs Transmitted: ErPFi Local DCBx Status...
Page 305: Using Pfc And Ets To Manage Data Center Traffic
Field Description Local DCBx Configured mode DCBx version configured on the port: CEE, CIN, IEEE v2.5, or Auto (port auto-configures to use the DCBx version received from a peer). Peer Operating version DCBx version that the peer uses to exchange DCB parameters.
Page 306 Figure 34. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment.
Page 307: Pfc And Ets Configuration Command Examples
PFC and ETS Configuration Command Examples The following examples show PFC and ETS configuration commands to manage your data center traffic. Example of Configuring QoS Priority-Queue Assignment to Honor Dot1p Priorities Dell(conf)# service-class dynamic dot1p Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)# service-class dynamic dot1p...
Page 308: Priority-Based Flow Control Using Dynamic Buffer Method
Priority-Based Flow Control Using Dynamic Buffer Method Priority-based flow control using dynamic buffer spaces is supported on the S4820T platform. In a data center network, priority-based flow control (PFC) manages large bursts of one traffic type in multiprotocol links so that it does not affect other traffic types and no frames are lost due to congestion.
Page 309: Buffer Sizes For Lossless Or Pfc Packets
PFC queues. Configuring the Dynamic Buffer Method Priority-based flow control using dynamic buffer spaces is supported on the S4820T platform. To configure the dynamic buffer capability, perform the following steps: Enable the DCB application. By default, DCB is enabled and link-level flow control is disabled on all interfaces.
Page 310 7 Assign the DCB policy to the DCB buffer threshold profile on stack ports. CONFIGURATION mode Dell(conf)# dcb-policy buffer-threshold stack-unit all stack-ports all dcb- policy-name Assign the DCB policy to the DCB buffer threshold profile on interfaces. This setting takes precedence over the default buffer-threshold setting.
Page 311: Sample Configurations
Sample Configurations Figure 35. Configure DCB end to end on this setup Sample configuration for RoCE traffic MXL Fab B1 and B2 Switches (RoCE Traffic Only) dcb enable iscsi enable interface TenGigabitEthernet 0/1 Data Center Bridging (DCB)
Page 312 Description Link to RoCE Adapter in Blade Server no ip address mtu 12000 portmode hybrid switchport no spanning-tree protocol lldp dcbx port-role auto-downstream no shutdown interface fortyGigE 0/33 Description “To S4810s” no ip address mtu 12000 port-channel-protocol LACP port-channel 1 mode active protocol lldp no advertise dcbx-tlv ets-reco dcbx port-role auto-upstream...
Page 313 vlt domain 2 peer-link port-channel 128 back-up destination interface Port-channel 128 no ip address mtu 12000 channel-member fortyGigE 0/56 no shutdown interface fortyGigE 0/56 no ip address mtu 12000 dcb-map Converged protocol lldp no shutdown S4810 2 vlt domain 2 peer-link port-channel 128 back-up destination ...
Page 314 Description SOFS-RDMA no ip address mtu 12000 portmode hybrid switchport no spanning-tree dcb-map RoCE protocol lldp no shutdown interface TenGigabitEthernet 0/22 Description SOFS- iSCSI no ip address mtu 12000 portmode hybrid switchport spanning-tree rstp edge-port spanning-tree 0 portfast dcb-map iSCSI protocol lldp no shutdown Data Center Bridging (DCB)
Page 315: Dynamic Host Configuration Protocol (Dhcp)
Dynamic Host Configuration Protocol (DHCP) DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually configuring hosts, which can be a tedious and error- prone process when hosts often join, leave, and change locations on the network and it reclaims IP addresses that are no longer in use to prevent address exhaustion.
Page 316 Option Number and Description Subnet Mask Option 1 Specifies the client’s subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client’s default gateway. Domain Name Option 6 Server Specifies the domain name servers (DNSs) that are available to the client. Domain Name Option 15 Specifies the domain name that clients should use when resolving hostnames via...
Page 317: Assign An Ip Address Using Dhcp
Option Number and Description Identifiers a user-defined string used by the Relay Agent to forward DHCP client packets to a specific server. L2 DHCP Option 82 Snooping Specifies IP addresses for DHCP messages received from the client that are to be monitored to build a DHCP snooping database.
Page 318: Implementation Information
(VLAN) and then attempt to apply an access list to the VLAN, Dell Networking OS displays the first line in the following message. If you first apply an ACL to a VLAN and then attempt enable IP source address validation on one of its member ports, Dell Networking OS displays the second line in the following message.
Page 319: Configure The System To Be A Dhcp Server
Configure the System to be a DHCP Server A DHCP server is a network device that has been programmed to provide network configuration parameters to clients upon request. Servers typically serve many clients, making host management much more organized and efficient. The following table lists the key responsibilities of DHCP servers.
Page 320 DHCP mode show config After an IP address is leased to a client, only that client may release the address. Dell Networking OS performs a IP + MAC source address validation to ensure that no client can release another clients address.
Page 321: Specifying A Default Gateway
DHCP default-router address Configure a Method of Hostname Resolution Dell systems are capable of providing DHCP clients with parameters for two methods of hostname resolution—using DNS or NetBIOS WINS. Using DNS for Address Resolution A domain is a group of networks. DHCP clients query DNS IP servers when they need to correlate host names to IP addresses.
Page 322: Debugging The Dhcp Server
NOTE: Dell Networking OS does not prevent you from using a network IP as a host IP; be sure to not use a network IP as a host IP.
Page 323 BROADCAST flag in the DHCP Client PDUs. NOTE: DHCP Relay is not available on Layer 2 interfaces and VLANs on the Z-Series and S4820T platforms. DHCP relay agent is supported on Layer 2 interfaces and VLANs on the S3048–ON, S4810 and S4048–ON platforms.
Page 324: Configure The System To Be A Dhcp Client
The switch can obtain a dynamically assigned IP address from a DHCP server. A start-up configuration is not received. Use bare metal provisioning (BMP) to receive configuration parameters (Dell Networking OS version and a configuration file). BMP is enabled as a factory-default setting on a switch.
Page 325: Dhcp Client Operation With Other Features
DHCP Client Operation with Other Features The DHCP client operates with other Dell Networking OS features, as the following describes. Stacking The DHCP client daemon runs only on the master unit and handles all DHCP packet transactions. It periodically synchronizes the lease file with the standby unit.
Page 326: Dhcp Client On A Management Interface
DHCP Client on a Management Interface These conditions apply when you enable a management interface to operate as a DHCP client. • The management default route is added with the gateway as the router IP address received in the DHCP ACK packet. It is required to send and receive traffic to and from other subnets on the external network.
Page 327: Option 82
• Dynamic ARP Inspection • Source Address Validation Option 82 RFC 3046 (the relay agent information option, or Option 82) is used for class-based IP address assignment. The code for the relay agent information option is 82, and is comprised of two sub-options, circuit ID and remote ID.
Page 328 OS version 8.2.1.0 extends DHCP snooping to Layer 2 and you do not have to enable relay agent to snoop on Layer 2 interfaces. Dell Networking OS Behavior: Binding table entries are deleted when a lease expires or when the relay agent encounters a DHCPRELEASE. Line cards maintain a list of snooped VLANs. When the binding table is exhausted, DHCP packets are dropped on snooped VLANs, while these packets are forwarded across non-snooped VLANs.
Page 329 Delete all of the entries in the binding table. EXEC Privilege mode clear ipv6 dhcp snooping binding Dell# clear ipv6 dhcp snooping? binding Clear the snooping binding database Displaying the Contents of the Binding Table To display the contents of the binding table, use the following command.
Page 330 Example of the show ipv6 dhcp snooping binding Command View the DHCP snooping statistics with the show ipv6 dhcp snooping command. Dell#show ipv6 dhcp snooping binding Codes : S - Static D – Dynamic IPv6 Address...
Page 331: Drop Dhcp Packets On Snooped Vlans Only
To view the number of entries in the table, use the show ip dhcp snooping binding command. This output displays the snooping binding table created using the ACK packets from the trusted port. Dell#show ip dhcp snooping binding Codes : S - Static D - Dynamic...
Page 332: Configuring Dynamic Arp Inspection
Validate ARP frames against the DHCP snooping binding table. INTERFACE VLAN mode arp inspection Examples of Viewing the ARP Database and Packets To view entries in the ARP database, use the show arp inspection database command. Dell#show arp inspection database Protocol Address Age(min) Hardware Address Interface VLAN...
Page 333: Source Address Validation
Layer 3 only. However, Dell Networking OS version 8.2.1.1 extends DAI to Layer 2. Source Address Validation Using the DHCP binding table, Dell Networking OS can perform three types of source address validation (SAV). Table 21. Three Types of Source Address Validation...
Page 334: Enabling Ip Source Address Validation
DHCP MAC source address validation (SAV) validates a DHCP packet’s source hardware address against the client hardware address field (CHADDR) in the payload. Dell Networking OS ensures that the packet’s source MAC address is checked against the CHADDR field in the DHCP header only for packets from snooped VLANs.
Page 335: Viewing The Number Of Sav Dropped Packets
INTERFACE mode ip dhcp source-address-validation ipmac vlan vlan-id Dell Networking OS creates an ACL entry for each IP+MAC address pair and optionally with its VLAN ID in the binding table and applies it to the interface. To display the IP+MAC ACL for an interface for the entire system, use the show ip dhcp snooping source-address-validation [interface] command in EXEC Privilege mode.
Page 336: Clearing The Number Of Sav Dropped Packets
To clear the number of SAV dropped packets, use the clear ip dhcp snooping source-address- validation discard-counters command. Dell>clear ip dhcp snooping source-address-validation discard-counters To clear the number of SAV dropped packets on a particular interface, use the clear ip dhcp snooping source-address-validation discard-counters interface interface command.
Page 337: Equal Cost Multi-Path (Ecmp)
0 lag checksum 0 nh-ecmp checksum 0 Dell Networking OS Behavior: In the Dell Networking OS versions prior to 8.2.1.2, the ExaScale default hash-algorithm is 0. Beginning with Dell Networking OS version 8.2.1.2, the default hash-algorithm is 24.
Page 338: Configuring The Hash Algorithm Seed
This behavior means that for a given flow, even though the prefixes are sorted, two unrelated chassis can select different hops. Dell Networking OS provides a command line interface (CLI)-based solution for modifying the hash seed to ensure that on each configured system, the ECMP selection is same. When configured, the same seed is set for ECMP, LAG, and NH, and is used for incoming traffic only.
Page 339: Managing Ecmp Group Paths
This is different from the ecmp-group index 2 that is created by configuring routes and is automatically generated. These two ecmp-groups are not related in any way. Example of Viewing Link Bundle Monitoring Dell# show link-bundle-distribution ecmp-group 1 Link-bundle trigger threshold - 60 ECMP bundle - 1 Utilization[In Percent] - 44 Alarm State - Active Interface...
Page 340: Modifying The Ecmp Group Threshold
You can configure ecmp-group with id 2 for link bundle monitoring. This ecmp-group is different from the ecmp-group index 2 that is created by configuring routes and is automatically generated. These two ecmp-groups are not related in any way. Dell(conf-ecmp-group-5)#show config ecmp-group 5 interface tengigabitethernet 1/2...
Page 341: Fcoe Transit
The Fibre Channel over Ethernet (FCoE) Transit feature is supported on Ethernet interfaces. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces or in a S4820T switch stack. Fibre Channel over Ethernet FCoE provides a converged Ethernet network that allows the combination of storage-area network (SAN) and LAN traffic on a Layer 2 link by encapsulating Fibre Channel data into Ethernet frames.
Page 342 requirement for point-to-point connections by creating a unique virtual link for each connection between an FCoE end-device and an FCF via a transit switch. FIP provides functionality for discovering and logging into an FCF. After discovering and logging in, FIP allows FCoE traffic to be sent and received between FCoE end-devices (ENodes) and the FCF.
Page 343: Fip Snooping On Ethernet Bridges
Figure 39. FIP Discovery and Login Between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF.
Page 344 The top-of-rack (ToR) switch operates as an FCF for FCoE traffic. Converged LAN and SAN traffic is transmitted between the ToR switch and an S4820T switch. The switch operates as a lossless FIP snooping bridge to transparently forward FCoE frames between the ENode servers and the FCF switch.
Page 345: Fip Snooping In A Switch Stack
Example. Statistical information is available for FIP Snooping-related information. For available commands, refer to the FCoE Transit chapter in the Dell Networking OS Command Line Reference Guide. FIP Snooping Prerequisites Before you enable FCoE transit and configure FIP snooping on a switch, ensure that certain conditions are met.
Page 346: Important Points To Remember
You must apply the CAM-ACL space for the FCoE region before enabling the FIP-Snooping feature. If you do not apply CAM-ACL space, the following error message is displayed: Dell(conf)#feature fip-snooping % Error: Cannot enable fip snooping. CAM Region not allocated for Fcoe.
Page 347: Enabling The Fcoe Transit Feature
fedgovacl nlbclusteracl: st-sjc-s5000-29# Enabling the FCoE Transit Feature The following sections describe how to enable FCoE transit. NOTE: FCoE transit is disabled by default. To enable this feature, you must follow the Configure FIP Snooping. As soon as you enable the FCoE transit feature on a switch-bridge, existing VLAN-specific and FIP snooping configurations are applied.
Page 348: Configure A Port For A Bridge-To-Fcf Link
FCoE traffic is allowed on the port only after the switch learns the FC-MAP value associated with the specified FCF MAC address and verifies that it matches the configured FC-MAP value for the FCoE VLAN. Configure a Port for a Bridge-to-FCF Link If a port is directly connected to an FCF, configure the port mode as FCF.
Page 349: Configuring Fip Snooping
Configuring FIP Snooping You can enable FIP snooping globally on all FCoE VLANs on a switch or on an individual FCoE VLAN. By default, FIP snooping is disabled. To enable FCoE transit on the switch and configure the FCoE transit parameters on ports, follow these steps.
Page 350 Displays information on the FCoE VLANs on which show fip-snooping vlan FIP snooping is enabled. Examples of the show fip-snooping Commands The following example shows the show fip-snooping sessions command. Dell#show fip-snooping sessions Enode MAC Enode Intf FCF MAC FCF Intf...
Page 351 Worldwide port name of the CNA port. Port WWNN Worldwide node name of the CNA port. The following example shows the show fip-snooping config command. Dell# show fip-snooping config FIP Snooping Feature enabled Status: Enabled FIP Snooping Global enabled Status: Enabled Global FC-MAP Value: 0X0EFC00...
Page 352 Fibre Channel session ID assigned by the FCF. The following example shows the show fip-snooping statistics interface vlan command (VLAN and port). Dell# show fip-snooping statistics interface vlan 100 Number of Vlan Requests Number of Vlan Notifications Number of Multicast Discovery Solicits...
Page 353 Dell# show fip-snooping statistics int tengigabitethernet 1/11 Number of Vlan Requests Number of Vlan Notifications Number of Multicast Discovery Solicits Number of Unicast Discovery Solicits Number of FLOGI Number of FDISC Number of FLOGO Number of Enode Keep Alive :4416...
Page 354 Number of session failures due to hardware Config configuration that occurred on the interface. The following example shows the show fip-snooping system command. Dell# show fip-snooping system Global Mode : Enabled FCOE VLAN List (Operational) : 1, 100 FCoE Transit...
Page 355: Fcoe Transit Configuration Example
FCFs Enodes Sessions : 17 The following example shows the show fip-snooping vlan command. Dell# show fip-snooping vlan * = Default VLAN VLAN FC-MAP FCFs Enodes Sessions ---- ------ ---- ------ -------- 0X0EFC00 FCoE Transit Configuration Example The following illustration shows a switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch).
Page 356 Example of Enabling the FIP Snooping Feature on the Switch (FIP Snooping Bridge) Dell(conf)# feature fip-snooping Example of Enabling FIP Snooping on the FCoE VLAN Dell(conf)# interface vlan 10 Dell(conf-if-vl-10)# fip-snooping enable Example of Enabling an FC-MAP Value on a VLAN...
Page 357: Enabling Fips Cryptography
Enabling FIPS Cryptography This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms. This feature provides cryptographic algorithms conforming to various FIPS standards published by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of Commerce.
Page 358: Enabling Fips Mode
FIPS mode, generates new host-keys, and re-enables the SSH server (assuming it was enabled before enabling FIPS). For more information, refer to the SSH Server and SCP Commands section in the Security chapter of the Dell Networking OS Command Line Reference Guide. Enabling FIPS Cryptography...
Page 359: Monitoring Fips Mode Status
: S4810 - 52-port GE/TE/FG (SE) Master priority : 0 Hardware Rev : 3.0 Num Ports : 64 Up Time : 7 hr, 3 min Dell Networking OS Version : 4810-8-3-7-1061 Jumbo Capable : yes POE Capable : no FIPS Mode : enabled...
Page 360 • New 1024–bit RSA and RSA1 host key-pairs are created. To disable FIPS mode, use the following command. • To disable FIPS mode from a console port. CONFIGURATION mode no fips mode enable The following Warning message displays: WARNING: Disabling FIPS mode will close all SSH/Telnet connections, restart those servers, and destroy all configured host keys.
Page 361: Force10 Resilient Ring Protocol (Frrp)
Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimizations, STP can take up to 50 seconds to converge (depending on the size of network and node of failure) may require 4 to 5 seconds to reconverge.
Page 362: Ring Status
The Member VLAN is the VLAN used to transmit data as described earlier. The Control VLAN is used to perform the health checks on the ring. The Control VLAN can always pass through all ports in the ring, including the secondary port of the Master node. Ring Status The ring failure notification and the ring status checks provide two ways to ensure the ring remains up and active in the event of a switch or port failure.
Page 363: Multiple Frrp Rings
Multiple FRRP Rings Up to 255 rings are allowed per system and multiple rings can be run on one system. More than the recommended number of rings may cause interface instability. You can configure multiple rings with a single switch connection; a single ring can have multiple FRRP groups; multiple rings can be connected with a common link.
Page 364 Concept Explanation Control VLAN Each ring has a unique Control VLAN through which tagged ring health frames (RHF) are sent. Control VLANs are used only for sending RHF, and cannot be used for any other purpose. Member VLAN Each ring maintains a list of member VLANs. Member VLANs must be consistent across the entire ring.
Page 365: Implementing Frrp
• FRRP is media and speed independent. • FRRP is a Dell proprietary protocol that does not interoperate with any other vendor. • You must disable the spanning tree protocol (STP) on both the Primary and Secondary interfaces before you can enable FRRP.
Page 366: Configuring The Control Vlan
Configuring the Control VLAN Control and member VLANS are configured normally for Layer 2. Their status as control or member is determined at the FRRP group commands. For more information about configuring VLANS in Layer 2 mode, refer to Layer Be sure to follow these guidelines: •...
Page 367: Configuring And Adding The Member Vlans
VLAN ID: The VLAN identification of the control VLAN. Configure the Master node. CONFIG-FRRP mode. mode master Identify the Member VLANs for this FRRP group. CONFIG-FRRP mode. member-vlan vlan-id {range} VLAN-ID, Range: VLAN IDs for the ring’s member VLANS. Enable FRRP. CONFIG-FRRP mode.
Page 368: Setting The Frrp Timers
interface primary interface slot/port secondary interface slot/port control- vlan vlan id Interface: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Slot/Port, Range: Slot and Port ID for the interface.
Page 369: Viewing The Frrp Configuration
EXEC PRIVELEGED mode. clear frrp Viewing the FRRP Configuration To view the configuration for the FRRP group, use the following command. • Show the configuration for this FRRP group. CONFIG-FRRP mode. show configuration Viewing the FRRP Information To view general FRRP information, use one of the following commands. •...
Page 370 switchport no shutdown interface TenGigabitEthernet 1/34 no ip address switchport no shutdown interface Vlan 101 no ip address tagged TenGigabitEthernet 1/24,34 no shutdown interface Vlan 201 no ip address tagged TenGigabitEthernet 1/24,34 no shutdown protocol frrp 101 interface primary TenGigabitEthernet 1/24 secondary TenGigabitEthernet 1/34 control-vlan 101 member-vlan 201 mode master...
Page 371 no shutdown interface Vlan 101 no ip address tagged TenGigabitEthernet 3/14,21 no shutdown interface Vlan 201 no ip address tagged TenGigabitEthernet 3/14,21 no shutdown protocol frrp 101 interface primary TenGigabitEthernet 3/21 secondary TenGigabitEthernet 3/14 control-vlan 101 member-vlan 201 mode transit no disable Force10 Resilient Ring Protocol (FRRP)
Page 372: Garp Vlan Registration Protocol (Gvrp)
GARP VLAN Registration Protocol (GVRP) GARP VLAN registration protocol (GVRP) is supported on Dell Networking OS. Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GVRP, defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches.
Page 373: Configure Gvrp
GVRP information exchanged. In the following example, that type of port is referred to as a VLAN trunk port, but it is not necessary to specifically identify to the Dell Networking OS that the port is a trunk port.
Page 374: Enabling Gvrp Globally
To configure GVRP globally, use the following command. • Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp Dell(config-gvrp)#no disable Dell(config-gvrp)#show config protocol gvrp no disable Dell(config-gvrp)# To inspect the global configuration, use the show gvrp brief command.
Page 375: Configure A Garp Timer
The device then restarts the LeaveAll timer to begin a new cycle. The LeaveAll timer must be greater than or equal to 5x of the Leave timer. The Dell Networking OS default is 10000ms. Example of the garp timer Command...
Page 376: Rpm Redundancy
LeaveAll Timer 5000 Dell(conf)# Dell Networking OS displays this message if an attempt is made to configure an invalid GARP timer: Dell(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer. RPM Redundancy The current version of Dell Networking OS supports 1+1 hitless route processor module (RPM) redundancy.
Page 377: High Availability (Ha)
Dell Networking systems eliminate single points of failure by providing dedicated or load-balanced redundancy for each component. RPM Redundancy The current version of Dell Networking OS supports 1+1 hitless route processor module (RPM) redundancy. The primary RPM performs all routing, switching, and control operations while the standby RPM monitors the primary RPM.
Page 378 CONFIGURATION mode. Version Compatibility Between RPMs In general, the two RPMs should have the same Dell Networking OS version. However, Dell Networking OS tolerates some degree of difference between the two versions, as described in the following table. To...
Page 379: Automatic And Manual Stack Unit Failover
Automatic and Manual Stack Unit Failover Stack unit failover is the process of the standby unit becoming a management unit. Dell Networking OS fails over to the standby stack unit when: Communication is lost between the standby and primary stack unit.
Page 380: Support For Rpm Redundancy By Dell Networking Os Version
Dell# Support for RPM Redundancy by Dell Networking OS Version Dell Networking OS supports increasing levels of RPM redundancy (warm and hot) as described in the table below. Table 31. Support for RPM Redundancy by Dell Networking OS Version...
Page 381 Specifying an Auto-Failover Limit When a non-recoverable fatal error is detected, an automatic failover occurs. However, Dell Networking OS is configured to auto-failover only three times within any 60 minute period. You may specify a different auto-failover count. To re-enable the auto-failover-limit with its default parameters, use the redundancy auto-failover- limit command without parameters.
Page 382: Online Insertion And Removal
Linecard Online Insertion and Removal Dell Networking OS detects the line card type when you insert a line card into a online chassis. Dell Networking OS writes the line card type to the running-config and maintains this information as a logical configuration if you remove the card (or the card fails).
Page 383: Hitless Behavior
Hitless Behavior Hitless behavior is supported only on the S4820T platform. Hitless is a protocol-based system behavior that makes a stack unit failover on the local system transparent to remote systems. The system synchronizes protocol information on the Management and...
Page 384: Graceful Restart
If any health checks on the stack unit fail, the Dell Networking OS fails over to standby stack unit. If any health checks on a line card fail, Dell Networking OS resets the card to bring it back to the correct state.
Page 385: Failure And Event Logging
(logs) on the internal flash. • NV Trace Log — contains line card bootup trace messages that Dell Networking OS never overwrites and is stored in internal flash under the directory NVTRACE_LOG_DIR. •...
Page 386: Process Restartability
RPM before executing the failover procedure as a last resort. Currently, if a software exception occurs, Dell Networking OS executes a failover procedure. In a single- RPM system, the system generates a coredump and reboots; in a dual-RPM system, the system generates a coredump and fails over to the standby RPM.
Page 387 forward. This means that the next time the crashed process does NOT restart but failover to the standby RPM if it is on a dual RPM environment and rebooted if it is on a single RPM. High Availability (HA)
Page 388: Internet Group Management Protocol (Igmp)
3376, respectively. • Dell Networking OS does not support IGMP version 3 and versions 1 or 2 on the same subnet. • IGMP on Dell Networking OS supports 95 interfaces on S4810 and S4820 and an unlimited number of groups on all other platforms.
Page 389 Figure 43. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. Responding to an IGMP Query The following describes how a host can join a multicast group.
Page 390: Igmp Version 3
response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are differences. •...
Page 391 Figure 45. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. The first unsolicited report from the host indicates that it wants to receive traffic for group 224.1.1.1. The host’s second report indicates that it is only interested in traffic from group 224.1.1.1, source 10.11.1.1.
Page 392 Figure 46. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 are no longer necessary.
Page 393: Configure Igmp
Figure 47. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. Enable multicast routing using the ip multicast-routing command. Enable a multicast routing protocol. Related Configuration Tasks • Viewing IGMP Enabled Interfaces • Selecting an IGMP Version •...
Page 394: Viewing Igmp Enabled Interfaces
Dell# Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version 3.
Page 395: Viewing Igmp Groups
View both learned and statically configured IGMP groups. EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell# show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface...
Page 396: Enabling Igmp Immediate-Leave
IGMP control packets. IGMP Snooping Implementation Information • IGMP snooping on Dell Networking OS uses IP multicast addresses not MAC addresses. • IGMP snooping is supported on all stack members.
Page 397: Configuring Igmp Snooping
If IGMP snooping is enabled on a PIM-enabled VLAN interface, data packets using the router as an Layer 2 hop may be dropped. To avoid this scenario, Dell Networking recommends that users enable IGMP snooping on server-facing end-point VLANs only.
Page 398: Disabling Multicast Flooding
Dell(conf-if-vl-100)# Disabling Multicast Flooding If the switch receives a multicast packet that has an IP address of a group it has not learned (unregistered frame), the switch floods that packet out of all ports on the VLAN.
Page 399: Fast Convergence After Mstp Topology Changes
The following describes the fast convergence feature. When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, Dell Networking OS sends a general query out of all ports except the multicast router ports. The host sends a response to the general query and the forwarding database is updated without having to wait for the query interval to expire.
Page 400: Protocol Separation
• Received in the management port with destination IP not equal to management IP address or management subnet broadcast address is dropped. Traffic (switch initiated management traffic or responses to switch-destined traffic with management port IP address as the source IP address) for user-specified management protocols must exit out of the management port.
Page 401: Enabling And Disabling Management Egress Interface Selection
Application Name Port Number Client Server 443 for secure httpd 8008 HTTP server port for confd application 8888 secure HTTP server port for confd application If you configure a source interface is for any EIS management application, EIS might not coexist with that interface and the behavior is undefined in such a case.
Page 402: Handling Of Management Route Configuration
• If SSH request is received on the management port destined to the management port IP address, the response to the request is sent out of the management port by performing a route lookup in the EIS routing table • If the SSH request is received on the front-end port destined for the front-end IP address, the response traffic is sent by doing a route lookup in the default routing table only.
Page 403: Handling Of Switch-Initiated Traffic
Handling of Switch-Initiated Traffic When the control processor (CP) initiates a control packet, the following processing occurs: • TCP/UDP port number is extracted from the sockaddr structure in the in_selectsrc call which is called as part of the connect system call or in the ip_output function. If the destination TCP/UDP port number belongs to a configured management application, then sin_port of destination sockaddr structure is set to Management EIS ID 2 so that route lookup can be done in the management EIS routing table.
Page 404: Handling Of Transit Traffic (Traffic Separation)
The fallback route between the management and data networks is used in such a case. At any given time, end users can access Dell Networking OS applications using either ip1 or ip2. Return traffic for such end-user-originated sessions destined to management port ip1 is handled using the EIS route lookup.
Page 405 Table 33. Mapping of Management Applications and Traffic Type Traffic type / Switch initiated traffic Switch-destined traffic Transit Traffic Application type Management is the If source TCP/UDP port matches a Traffic from Management preferred egress port management application and source management port Application selected based on route...
Page 406: Behavior Of Various Applications For Switch-Initiated Traffic
resolved, and so on), and if the destination is reachable through a data port, then the management application traffic is sent out through the front-end data port. This fallback mechanism is required. Non-Management Applications (Applications that are not configured as management applications as defined by this feature): Non-management application traffic exits out of either front-end data port or management port based on routing table.
Page 407: Behavior Of Various Applications For Switch-Destined Traffic
Behavior of Various Applications for Switch-Destined Traffic This section describes the different system behaviors that occur when traffic is terminated on the switch. Traffic has not originated from the switch and is not transiting the switch. Switch-destined traffic is applicable only for applications which act as server for the TCP session and also for ICMP-based applications like ping and traceroute.
Page 408: Designating A Multicast Router Interface
To designate an interface as a multicast router interface, use the following command. Dell Networking OS also has the capability of listening in on the incoming IGMP general queries and designate those interfaces as the multicast router interface when the frames have a non-zero IP source address.
Page 409: Interfaces
Interfaces This chapter describes interface types, both physical and logical, and how to configure them with Dell Networking Operating System (OS). • 10 Gigabit Ethernet / 40 Gigabit Ethernet interfaces are supported on the S4820T platform. Basic Interface Configuration •...
Page 410: Interface Types
NOTE: To end output from the system, such as the output from the show interfaces command, enter CTRL+C and Dell Networking OS returns to the command prompt. NOTE: The CLI output may be incorrectly displayed as 0 (zero) for the Rx/Tx power values. To obtain the correct power information, perform a simple network management protocol (SNMP) query.
Page 411 EXEC Privilege mode. In the following example, TenGigabitEthernet interface 1/6 is in Layer 3 mode because an IP address has been assigned to it and the interface’s status is operationally up. Dell#show ip interface brief Interface IP-Address...
Page 412: Enabling A Physical Interface
INTERFACE mode, use the exit command or end command. You cannot delete a physical interface. Physical Interfaces The Management Ethernet interface is a single RJ-45 Fast Ethernet port on each unit of the S4820T The interface provides dedicated management access to the system.
Page 413: Configuration Task List For Physical Interfaces
• Clearing Interface Counters Overview of Layer Modes On all systems running Dell Networking OS, you can place physical interfaces, port channels, and VLANs in Layer 2 mode or Layer 3 mode. By default, VLANs are in Layer 2 mode.
Page 414: Configuring Layer 2 (Interface) Mode
Example of a Basic Layer 2 Interface Configuration Dell(conf-if)#show config interface Port-channel 1 no ip address switchport no shutdown Dell(conf-if)# Configuring Layer 2 (Interface) Mode To configure an interface in Layer 2 mode, use the following commands. • Enable the interface.
Page 415: Configuring Layer 3 (Interface) Mode
Information. To view IP information on an interface in Layer 3 mode, use the show ip interface command in EXEC Privilege mode. Dell>show ip int vlan 58 Vlan 58 is up, line protocol is up Internet address is 1.1.49.1/24 Broadcast address is 1.1.49.255...
Page 416: Important Points To Remember
The dedicated Management interface provides management access to the system. You can configure this interface with Dell Networking OS, but the configuration options on this interface are limited. You cannot configure Gateway addresses and IP addresses if it appears in the main routing table of Dell Networking OS.
Page 417 – across a platform must be in the same subnet. – must not match the virtual IP address and must not be in the same subnet as the virtual IP. Dell#show interfaces managementethernet 1/1 ManagementEthernet 1/1 is up, line protocol is up...
Page 418: Configuring Management Interfaces On The S-Series
To display the routing table, use the show ip route command in EXEC Privilege mode. Dell#show int TenGigabitEthernet 1/1 TenGigabitEthernet 1/1 is up, line protocol is up Description: This is the Managment Interface...
Page 419: Vlan Interfaces
NOTE: You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN. Dell Networking OS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP addresses to VLANs and use them in routing protocols in the same manner that physical interfaces are used. For more information about configuring different routing protocols, refer to the chapters on the specific protocol.
Page 420: Loopback Interfaces
ip ospf authentication-key force10 ip ospf cost 1 ip ospf dead-interval 60 ip ospf hello-interval 15 no shutdown Loopback Interfaces A Loopback interface is a virtual interface in which the software emulates an interface. Packets routed to it are processed locally. Because this interface is not a physical interface, you can configure routing protocols on this interface to provide protocol stability.
Page 421: Port Channel Definition And Standards
There are 128 port-channels with 16 members per channel. As soon as you configure a port channel, Dell Networking OS treats it like a physical interface. For example, IEEE 802.1Q tagging is maintained while the physical interface is in the port channel.
Page 422: 10/100/1000 Mbps Interfaces In Port Channels
Dell Networking OS determines if the first interface specified (TenGig 1/1) is up. After it is up, the common speed of the port channel is 1000 Mb/s. Dell Networking OS disables those interfaces configured with speed 10000 Mb/s or whose speed is 10000 Mb/s as a result of auto- negotiation.
Page 423: Creating A Port Channel
NOTE: Port channels can contain a mix of Gigabit Ethernet and 10/100/1000 Ethernet interfaces, but Dell Networking OS disables the interfaces that are not the same speed of the first channel member in the port channel (refer to 10/100/1000 Mbps Interfaces in Port Channels).
Page 424 Time since last interface status change: 04:31:57 Dell> When more than one interface is added to a Layer 2-port channel, Dell Networking OS selects one of the active interfaces in the port channel to be the primary port. The primary port replies to flooding and...
Page 425: Reassigning An Interface To A New Port Channel
Each time you add or remove a channel member from a port channel, Dell Networking OS recalculates the hash algorithm for the port channel.
Page 426: Configuring The Minimum Oper Up Links In A Port Channel
EXEC mode Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#switchport Dell(conf-if-te-1/1)# vlan tagged 2-5,100,4010 Dell#show interfaces switchport te 1/1 Codes: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged G - GVRP tagged, M - Trunk, H - VSN tagged...
Page 427: Assigning An Ip Address To A Port Channel
Dell Networking OS allows you to modify the hashing algorithms used for flows and for fragments. The load-balance and hash-algorithm commands are available for modifying the distribution algorithms.
Page 428: Load-Balancing Method
For LAG hashing on the source IP, destination IP, source transmission control protocol (TCP)/user datagram protocol (UDP) port, and destination TCP/UDP port are used for hash computation by default. For packets without a Layer 3 header, Dell Networking OS automatically uses load-balance mac source-dest-mac.
Page 429 [ecmp{crc16|crc16cc|crc32LSB|crc32MSB|crc-upper|dest-ip|lsb| xor1|xor2|xor4|xor8|xor16}] Example of the hash-algorithm Command Dell(conf)#hash-algorithm ecmp xor 26 lag crc 26 nh-ecmp checksum 26 Dell(conf)# The hash-algorithm command is specific to ECMP group. The default ECMP hash configuration is crc- lower. This command takes the lower 32 bits of the hash key to compute the egress port. Other options for ECMP hash-algorithms are: •...
Page 430: Bulk Configuration
Overlap Port Ranges • Commas • Add Ranges Create a Single-Range The following is an example of a single range. Example of the interface range Command (Single Range) Dell(config)# interface range tengigabitethernet 1/1 - 23 Dell(config-if-range-te-1/1-23)# no shutdown Dell(config-if-range-te-1/1-23)# Interfaces...
Page 431 The following is an example showing how duplicate entries are omitted from the interface-range prompt. Example of the Interface-Range Prompt for Duplicate Interfaces Dell(conf)#interface range vlan 1 , vlan 1 , vlan 3 , vlan 3 Dell(conf-if-range-vl-1,vl-3)# Dell(conf)#interface range tengigabitethernet 2/1 - 23 , tengigabitethernet 2/1...
Page 432: Defining Interface Range Macros
The following example shows how to use commas to add VLAN and port-channel interfaces to the range. Example of Adding VLAN and Port-Channel Interface Ranges Dell(config-if-range-te-1/1-2)# interface range Vlan 2 – 100 , Port 1 – 25 Dell(config-if-range-te-1/1-2-so-5/1-vl-2-100-po-1-25)# no shutdown Defining Interface Range Macros You can define an interface-range macro to automatically select a range of interfaces for configuration.
Page 433: Monitoring And Maintaining Interfaces
— Page down • q — Quit Dell#monitor interface Te 3/1 Dell uptime is 1 day(s), 4 hour(s), 31 minute(s) Monitor time: 00:00:00 Refresh Intvl.: 2s Interface: Te 3/1, Disabled, Link is Down, Linespeed is 1000 Mbit Traffic statistics: Current...
Page 434: Maintenance Using Tdr
Dell# Maintenance Using TDR The time domain reflectometer (TDR) is supported on all Dell Networking switch/routers. TDR is an assistance tool to resolve link issues that helps detect obvious open or short conditions within any of the four copper pairs. TDR sends a signal onto the physical cable and examines the reflection of the signal that returns.
Page 435: Converting A Qsfp Or Qsfp+ Port To An Sfp Or Sfp+ Port
Similarly, you can enable the fan-out mode to configure the QSFP port on a device to act as an SFP or SFP+ port. As the QSA enables a QSFP or QSFP+ port to be used as an SFP or SFP+ port, Dell Networking OS does not immediately detect the QSA after you insert it into a QSFP port cage.
Page 436: Important Points To Remember
When you remove the QSA module alone from a 40 Gigabit port, without connecting any SFP or SFP + cables; Dell Networking OS does not generate any event. However, when you remove a QSA module that has SFP or SFP+ optical cables plugged in, Dell Networking OS generates a SFP or SFP+ Removed event.
Page 437 NOTE: In the following show interfaces tengigbitethernet commands, the ports 1,2, and 3 are inactive and no physical SFP or SFP+ connection actually exists on these ports. However, Dell Networking OS still perceives these ports as valid and the output shows that pluggable media (optical cables) is inserted into these ports.
Page 438 5,6, and 7 are inactive and no physical SFP or SFP+ connection actually exists on these ports. However, Dell Networking OS still perceives these ports as valid and the output shows that pluggable media (optical cables) is inserted into these ports. This is a software limitation for this release.
Page 439 = 0.000V QSFP 0 Bias High Alarm threshold = 0.000mA $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Dell#show interfaces tengigabitethernet 0/0 tengigabitethernet 0/0 is up, line protocol is up Hardware is DellEth, address is 90:b1:1c:f4:9a:fa Current address is 90:b1:1c:f4:9a:fa Pluggable media present, SFP+ type is 10GBASE-SX...
Page 440: Link Dampening
NOTE: In the following show inventory media command output, the port numbers 1, 2, 3, 5, 6, and 7 ports are actually inactive. However, Dell Networking OS still shows that optical cables are inserted into these ports. This is a software limitation for this release.
Page 441: Important Points To Remember
Te 1/2Down4850306002000120 To view a dampening summary for the entire system, use the show interfaces dampening summary command from EXEC Privilege mode. Dell# show interfaces dampening summary 20 interfaces are configured with dampening. 3 interfaces are currently suppressed. Following interfaces are currently suppressed:...
Page 442: Link Bundle Monitoring
The link MTU is the frame size of a packet, and the IP MTU size is used for IP fragmentation. If the system determines that the IP packet must be fragmented as it leaves the interface, Dell Networking OS divides the packet into fragments no bigger than the size set in the ip mtu command.
Page 443: Using Ethernet Pause Frames For Flow Control
Using Ethernet Pause Frames for Flow Control Ethernet pause frames and threshold settings are supported on the Dell Networking OS. Ethernet Pause Frames allow for a temporary stop in data transmission. A situation may arise where a sending device may transmit data faster than a destination device can accept it.
Page 444: Enabling Pause Frames
1400-byte IP MTU + 22-byte VLAN Tag = 1422-byte link MTU The MTU range is from 592 to 12000, with a default of 1500. IP MTU automatically configures. The following table lists the various Layer 2 overheads found in Dell Networking OS and the number of bytes.
Page 445: Port-Pipes
1518 bytes and its IP MTU cannot be higher than 1500 bytes. Port-Pipes A port pipe is a Dell Networking-specific term for the hardware path that packets follow through a system. Port pipes travel through a collection of circuits (ASICs) built into line cards and RPMs on which various processing events for the packets occur.
Page 446: Setting The Speed And Duplex Mode Of Ethernet Interfaces
NOTE: As a best practice, Dell Networking recommends keeping auto-negotiation enabled. Only disable auto-negotiation on switch ports that attach to devices not capable of supporting negotiation or where connectivity issues arise from interoperability issues. For 10/100/1000 Ethernet interfaces, the negotiation auto command is tied to the speed command.
Page 447: Set Auto-Negotiation Options
If both are configured the same (that is, both as forced-master or both as forced-slave), the show interface command flaps between an auto-neg-error and forced-master/slave states. Example of the negotiation auto Command Dell(conf)# int tengigabitethernet 1/1 Dell(conf-if-te-1/1)#neg auto Dell(conf-if-te-1/1)# ? Exit from configuration mode...
Page 448: View Advanced Interface Information
Dell(conf-if-gi-1/1)# For details about the speed, duplex, and negotiation auto commands, refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide. Adjusting the Keepalive Timer To change the time interval between keepalive messages on the interfaces, use the keepalive command.
Page 449: Configuring The Interface Sampling Size
In EXEC mode, the show interfaces switchport command displays only interfaces in Layer 2 mode and their relevant configuration information. The show interfaces switchport command displays the interface, whether it supports IEEE 802.1Q tagging or not, and the VLANs to which the interface belongs. Dell#show interfaces switchport Name: TenGigabitEthernet 3/1 802.1QTagged: True Vlan membership:...
Page 450: Dynamic Counters
Dynamic Counters By default, counting is enabled for IPFLOW, IPACL, L2ACL, L2FIB. For the remaining applications, Dell Networking OS automatically turns on counting when you enable the application, and is turned off when you disable the application. NOTE: If you enable more than four counter-dependent applications on a port pipe, there is an impact on line rate performance.
Page 451: Clearing Interface Counters
– (OPTIONAL) To clear unknown source address (SA) drop counters when you configure the MAC learning limit on the interface, enter the keywords learning-limit. Example of the clear counters Command When you enter this command, confirm that you want Dell Networking OS to clear the interface counters for that interface. Dell#clear counters te 1/1...
Page 452: Compressing Configuration Files
2.1.1.1/16 switchport shut shut shut shut shut shut Dell# show running-config Dell# show running-config compressed interface TenGigabitEthernet 1/1 interface TenGigabitEthernet 1/1 no ip address no ip address switchport switchport shutdown Interfaces...
Page 453 shutdown Interface group TenGigabitEthernet 1/2 – 4 , TenGigabitEthernet 1/10 interface TenGigabitEthernet 1/2 no ip address no ip address shutdown shutdown interface TenGigabitEthernet 1/34 interface TenGigabitEthernet 1/3 ip address 2.1.1.1/16 no ip address shutdown shutdown interface group Vlan 2 , Vlan 100 interface TenGigabitEthernet 1/4 no ip address no ip address...
Page 454 Copy one file, after optimizing and reducing the size of the configuration file, to another location. Dell Networking OS supports IPv4 and IPv6 addressing for FTP, TFTP, and SCP (in the hostip field).
Page 455: Internet Protocol Security (Ipsec)
Internet Protocol Security (IPSec) Internet protocol security (IPSec) is available on Dell Networking OS. IPSec is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all packets in a communication session. Use IPSec between hosts, between gateways, or between hosts and gateways.
Page 456: Configuring Ipsec
Configuring IPSec The following sample configuration shows how to configure FTP and telnet for IPSec. Define the transform set. CONFIGURATION mode crypto ipsec transform-set myXform-seta esp-authentication md5 esp- encryption des Define the crypto policy. CONFIGURATION mode crypto ipsec policy myCryptoPolicy 10 ipsec-manual transform-set myXform-set session-key inbound esp 256 auth ...
Page 457: Ipv4 Routing
For more information about IP addressing, refer to RFC 791, Internet Protocol. Implementation Information In Dell Networking OS, you can configure any IP address as a static route except IP addresses already assigned to interfaces. NOTE: Dell Networking OS supports 31-bit subnet masks (/31, or 255.255.255.254) as defined by RFC 3021.
Page 458: Assigning Ip Addresses To An Interface
[VLAN] or port channel) interfaces to enable IP communication between the system and hosts connected to that interface. In Dell Networking OS, you can assign one primary address and up to 255 secondary IP addresses to each interface. Enter the keyword interface then the type of interface and slot/port information.
Page 459: Configuring Static Routes
– tag tag-value: the range is from 1 to 4294967295. (optional) Example of the show ip route static Command To view the configured routes, use the show ip route static command. Dell#show ip route static Destination Gateway Dist/Metric Last Change...
Page 460 Direct, Lo 0 --More-- Dell Networking OS installs a next hop that is on the directly connected subnet of current IP address on the interface (for example, if interface TenGigabitEthernet 1/1 is on 172.31.5.0 subnet, Dell Networking OS installs the static route).
Page 461: Configure Static Routes For The Management Interface
2.2.2.0 and if 172.31.5.43 recursively resolves to 2.2.2.0, Dell Networking OS installs the static route. • When the interface goes down, Dell Networking OS withdraws the route. • When the interface comes up, Dell Networking OS re-installs the route.
Page 462: Using The Configured Source Ip Address In Icmp Messages
Using the Configured Source IP Address in ICMP Messages This feature is supported on the S4820T platform. ICMP error or unreachable messages are now sent with the configured IP address of the source interface instead of the front-end port IP address as the source IP address. Enable the generation of ICMP unreachable messages through the ip unreachable command in Interface mode.
Page 463: Configuring The Duration To Establish A Tcp Connection
Dell>show ip tcp reduced-syn-ack-wait Enabling Directed Broadcast By default, Dell Networking OS drops directed broadcast packets destined for an interface. This default setting provides some protection against denial of service (DoS) attacks. To enable Dell Networking OS to receive directed broadcasts, use the following command.
Page 464: Resolution Of Host Names
The order you entered the servers determines the order of their use. Example of the show hosts Command To view current bindings, use the show hosts command. Dell>show host Default domain is force10networks.com Name/address lookup uses domain service Name servers are not set...
Page 465: Specifying The Local System Domain And A List Of Domains
Specifying the Local System Domain and a List of Domains If you enter a partial domain, Dell Networking OS can search different domains to finish or fully qualify that partial domain. A fully qualified domain name (FQDN) is any name that is terminated with a period/dot. Dell Networking OS searches the host table first to resolve the partial domain.
Page 466: Arp
For more information about ARP, refer to RFC 826, An Ethernet Address Resolution Protocol. In Dell Networking OS, Proxy ARP enables hosts with knowledge of the network to accept and forward packets from hosts that contain no knowledge of the network. Proxy ARP makes it possible for hosts to be ignorant of the network, including subnetting.
Page 467: Configuring Static Arp Entries
These entries do not age and can only be removed manually. To remove a static ARP entry, use the no arp ip-address command. To view the static entries in the ARP cache, use the show arp static command in EXEC privilege mode. Dell#show arp Protocol Address Age(min) Hardware Address...
Page 468: Arp Learning Via Gratuitous Arp
Gratuitous ARP can mean an ARP request or reply. In the context of ARP learning via gratuitous ARP on Dell Networking OS, the gratuitous ARP is a request. A gratuitous ARP request is an ARP request that is not needed according to the ARP specification, but one that hosts may send to: •...
Page 469: Arp Learning Via Arp Request
Configuring ARP Retries In Dell Networking OS versions prior to 8.3.1.0, the number of ARP retries is set to five and is not configurable. After five retries, Dell Networking OS backs off for 20 seconds before it sends a new request.
Page 470: Icmp
The following lists the configuration tasks for ICMP. • Enabling ICMP Unreachable Messages For a complete listing of all commands related to ICMP, refer to the Dell Networking OS Command Line Reference Guide. Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are disabled.
Page 471: Udp Helper
IP address of packets to match those addresses. Configure UDP Helper Configuring Dell Networking OS to direct UDP broadcast is a two-step process: Enable UDP helper and specify the UDP ports for which traffic is forwarded. Refer to Enabling UDP Helper.
Page 472: Configuring A Broadcast Address
When you enable UDP helper and the destination IP address of an incoming packet is a broadcast address, Dell Networking OS suppresses the destination address of the packet. The following sections describe various configurations that employ UDP helper to direct broadcasts.
Page 473: Udp Helper With Broadcast-All Addresses
UDP Helper with Broadcast-All Addresses When the destination IP address of an incoming packet is the IP broadcast address, Dell Networking OS rewrites the address to match the configured broadcast address. In the following illustration: Packet 1 is dropped at ingress if you did not configure UDP helper address.
Page 474: Udp Helper With Configured Broadcast Addresses
Packet 2 is sent from the host on VLAN 101. It has a broadcast MAC address and a destination IP address of 1.1.1.255. In this case, it is flooded on VLAN 101 in its original condition as the forwarding process is Layer 2.
Page 475: Udp Helper With No Configured Broadcast Addresses
To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug ip udp-helper 01:20:22: Pkt rcvd on Te 5/1 with IP DA (0xffffffff) will be sent on Te 5/2 Te 5/3 Vlan 3 01:44:54: Pkt rcvd on Te 7/1 is handed over for DHCP processing.
Page 476: Ipv6 Routing
IPv6 will eventually replace IPv4 usage to allow for the constant expansion. This chapter provides a brief description of the differences between IPv4 and IPv6, and the Dell Networking support of IPv6. This chapter is not intended to be a comprehensive description of IPv6.
Page 477: Ipv6 Headers
(DHCP) servers via stateful auto-configuration. NOTE: Dell Networking OS provides the flexibility to add prefixes on Router Advertisements (RA) to advertise responses to Router Solicitations (RS). By default, RA response messages are sent when an RS message is received.
Page 478: Ipv6 Header Fields
IPv6 Header Fields The 40 bytes of the IPv6 header are ordered, as shown in the following illustration. Figure 53. IPv6 Header Fields Version (4 bits) The Version field always contains the number 6, referring to the packet’s IP version. Traffic Class (8 bits) The Traffic Class field deals with any data that needs special handling.
Page 479: Extension Header Fields
The following lists the Next Header field values. Value Description Hop-by-Hop option header IPv4 Exterior Gateway Protocol (EGP) IPv6 Routing header Fragmentation header Encrypted Security Authentication header No Next Header Destinations option header NOTE: This table is not a comprehensive list of Next Header field values. For a complete and current listing, refer to the Internet Assigned Numbers Authority (IANA) web page at .
Page 480: Addressing
However, if the Destination Address is a Hop-by-Hop options header, the Extension header is examined by every forwarding router along the packet’s route. The Hop-by-Hop options header must immediately follow the IPv6 header, and is noted by the value 0 (zero) in the Next Header field. Extension headers are processed in the order in which they appear in the packet header.
Page 481 of double colons is supported in a single address. Any number of consecutive 0000 groups may be reduced to two colons, as long as there is only one double colon used in an address. Leading and/or trailing zeros in a group can also be omitted (as in ::1 for localhost, 1:: for network addresses and :: for unspecified addresses).
Page 482: Implementing Ipv6 With Dell Networking Os
Implementing IPv6 with Dell Networking OS Dell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your system. The following table lists the Dell Networking OS version in which an IPv6 feature became available for each platform.
Page 483 Documentation and Functionality Release Introduction Chapter Location S4820T IS-IS for IPv6 8.3.19 Intermediate System to Intermediate System IPv6 IS-IS in the Dell Networking OS Command Line Reference Guide. IS-IS for IPv6 support for 8.3.19 Intermediate System to redistribution Intermediate System...
Page 484: Icmpv6
ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting. The Dell Networking OS implementation of ICMPv6 is based on RFC 4443.
Page 485: Ipv6 Neighbor Discovery
IPv6 device to determine the relationship of the neighboring node. NOTE: To avoid problems with network discovery, Dell Networking recommends configuring the static route last or assigning an IPv6 address to the interface and assigning an address to the peer (the forwarding router’s address) less than 10 seconds apart.
Page 486: Ipv6 Neighbor Discovery Of Mtu Packets
Figure 55. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers. It does not set the actual MTU rate. For example, if you set ipv6 nd mtu to 1280, the interface still passes 1500-byte packets, if that is what is set with the mtu command.
Page 487: Debugging Ipv6 Rdnss Information Sent To The Host
Dell(conf-if-te-1/1)#do debug ipv6 nd tengigabitethernet 1/1 ICMPv6 Neighbor Discovery packet debugging is on for tengigabitethernet 1/1 Dell(conf-if-te-1/1)#00:13:02 : : cp-ICMPV6-ND: Sending RA on Te 1/1 current hop limit=64, flags: M-, O-, router lifetime=1800 sec, reachable time=0 ms, retransmit time=0 ms...
Page 488: Displaying Ipv6 Rdnss Information
Secure Shell (SSH) Over an IPv6 Transport Dell Networking OS supports both inbound and outbound SSH sessions using IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface.
Page 489: Configuration Tasks For Ipv6
For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide. Configuration Tasks for IPv6 The following are configuration tasks for the IPv6 protocol. • Adjusting Your CAM-Profile • Assigning an IPv6 Address to an Interface •...
Page 490: Assigning An Ipv6 Address To An Interface
Assigning an IPv6 Address to an Interface Essentially, IPv6 is enabled in Dell Networking OS simply by assigning IPv6 addresses to individual router interfaces. You can use IPv6 and IPv4 together on a system, but be sure to differentiate that usage carefully.
Page 491: Configuring Telnet With Ipv6
– For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. Configuring Telnet with IPv6 The Telnet client and server in Dell Networking OS supports IPv6 connections. You can establish a Telnet session directly to the router using an IPv6 Telnet client, or you can initiate an IPv6 Telnet connection from the router.
Page 492: Showing An Ipv6 Interface
– For a port channel interface, enter the keywords port-channel then a number. – For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. Example of the show ipv6 interface Command Dell#show ipv6 int ManagementEthernet 1/1 ManagementEthernet 1/1 is up, line protocol is up IPV6 is enabled...
Page 493: Showing Ipv6 Routes
– To display information about an IPv6 Prefix lists, enter list and the prefix-list name. Examples of the show ipv6 route Commands The following example shows the show ipv6 route summary command. Dell#show ipv6 route summary Route Source Active Routes Non-active Routes connected 5 0...
Page 494: Showing The Running-Configuration For An Interface
– For the Management interface on the stack-unit, enter the keyword ManagementEthernet then the slot/port information. The slot range is from 0 to 1. The port range is 0. Example of the show running-config interface Command Dell#show run int Te 2/2 interface TenGigabitEthernet 2/2 no ip address...
Page 495: Configuring Ipv6 Ra Guard
– *: all routes. – ipv6 address: the format is x:x:x:x::x. – mask: the prefix length is from 0 to 128. NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing. Configuring IPv6 RA Guard The IPv6 Router Advertisement (RA) guard allows you to block or reject the unwanted router advertisement guard messages that arrive at the network device platform.
Page 496 The retransmission time range is from 100 to 4,294,967,295 milliseconds. 15. Display the configurations applied on the RA guard policy mode. POLICY LIST CONFIGURATION mode show config Example of the show config Command Dell(conf-ra_guard_policy_list)#show config ipv6 nd ra-guard policy test device-role router hop-limit maximum 251 mtu 1350...
Page 497: Configuring Ipv6 Ra Guard On An Interface
[interface_type slot/port | count value] The count range is from 1 to 65534. The default is infinity. For a complete listing of all commands related to IPv6 RA Guard, refer to Dell Networking OS Command Line Reference Guide.
Page 498: Iscsi Optimization
Dell’s iSCSI storage arrays and triggers a self-configuration of several key network configurations that enables optimization of the network for better storage traffic throughput. iSCSI is disabled by default on the S4820T platform and is not supported on the Z9000 platform.
Page 499 • If you configure flow-control, iSCSI uses the current configuration. If you do not configure flow- control, iSCSI auto-configures flow control settings so that receive-only is enabled and transmit-only is disabled. . • iSCSI monitoring sessions — the switch monitors and tracks active iSCSI sessions in connections on the switch, including port information and iSCSI session information.
Page 500: Monitoring Iscsi Traffic Flows
4, use the CoS dot1p- priority command (refer to QoS dot1p Traffic Classification and Queue Assignment). Dell Networking recommends setting the CoS dot1p priority-queue to 0 (zero). You can configure whether iSCSI frames are re-marked to contain the configured VLAN priority tag or IP DSCP when forwarded through the switch.
Page 501: Detection And Auto-Configuration For Dell Equallogic Arrays
Dell EqualLogic storage arrays and automatically reconfigure the switch to enhance storage traffic flows. The switch uses the link layer discovery protocol (LLDP) to discover Dell EqualLogic devices on the network. LLDP is enabled by default. For more information about LLDP, refer to...
Page 502: Configuring Detection And Ports For Dell Compellent Arrays
Configuring Detection and Ports for Dell Compellent Arrays To configure a port connected to a Dell Compellent storage array, use the following command. • Configure a port connected to a Dell Compellent storage array. INTERFACE Configuration mode iscsi profile-compellent The command configures a port for the best iSCSI traffic conditions.
Page 503: Default Iscsi Optimization Values
Table 35. iSCSI Optimization Defaults Parameter Default Value iSCSI Optimization global setting Disabled on the S4810 and S4820T. iSCSI CoS mode (802.1p priority queue mapping) dot1p priority 4 without the remark setting when you enable iSCSI. If you do not enable iSCSI, this feature is disabled.
Page 504: Iscsi Optimization Prerequisites
Parameter Default Value but can be removed as any other configured target. iSCSI session monitoring Disabled. The CAM allocation for iSCSI is set to zero (0). iSCSI Optimization Prerequisites The following are iSCSI optimization prerequisites. • iSCSI optimization requires LLDP on the switch. LLDP is enabled by default (refer to Link Layer Discovery Protocol (LLDP)).
Page 505 EXEC Privilege mode write memory Reload the switch. EXEC Privilege mode reload After the switch is reloaded, DCB/ DCBx and iSCSI monitoring are enabled. (Optional) Configure the iSCSI target ports and optionally the IP addresses on which iSCSI communication is monitored. CONFIGURATION mode [no] iscsi target port tcp-port-1 [tcp-port-2...tcp-port-16] [ip-address address]...
Page 506: Displaying Iscsi Optimization Information
ID. show iscsi sessions detailed [session isid] • Display all globally configured non-default iSCSI settings in the current Dell Networking OS session. show run iscsi Examples of the show iscsi Commands The following example shows the show iscsi command.
Page 507 Session 0: -------------------------------------------------------------------------------- ---- Target: iqn.2001-05.com.equallogic:0-8a0906-0f60c2002-0360018428d48c94-iom011 iqn.1991-05.com.microsoft:win-x9l8v27yajg ISID: 400001370000 The following example shows the show iscsi session detailed command. VLT PEER1 Dell# show iscsi session detailed Session 0: ------------------------------------------------------------ Target:iqn.2010-11.com.ixia:ixload:iscsi-TG1 Initiator:iqn.2010-11.com.ixia.ixload:initiator-iscsi-2c Up Time:00:00:01:28(DD:HH:MM:SS) Time for aging out:00:00:09:34(DD:HH:MM:SS) ISID:806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCPPort ID 10.10.0.44 33345 10.10.0.101 3260 0...
Page 508: Intermediate System To Intermediate System
IS-IS is supported on the S4820T with Dell Networking OS 8.3(19.0). • • The IS-IS protocol is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. • The IS-IS protocol standards are listed in the Standards Compliance chapter.
Page 509: Multi-Topology Is-Is
The NET length is variable, with a maximum of 20 bytes and a minimum of 8 bytes. It is composed of the following: • area address — within your routing domain or area, each area must have a unique area value. The first byte is called the authority and format indicator (AFI).
Page 510: Transition Mode
Transition Mode All routers in the area or domain must use the same type of IPv6 support, either single-topology or multi- topology. A router operating in multi-topology mode does not recognize the ability of the single- topology mode router to support IPv6 traffic, which leads to holes in the IPv6 topology. While in Transition mode, both types of TLVs (single-topology and multi-topology) are sent in LSPs for all configured IPv6 addresses, but the router continues to operate in single-topology mode (that is, the topological restrictions of the single-topology mode remain in effect).
Page 511: Timers
By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address easier. Dell Networking OS does not support ISO CLNS routing; however, the ISO NET format is supported for addressing.
Page 512: Configuration Information
• Accepts external IPv6 information and advertises this information in the PDUs. The following table lists the default IS-IS values. Table 36. IS-IS Default Values IS-IS Parameter Default Value Complete sequence number PDU (CSNP) interval 10 seconds IS-to-IS hello PDU interval 10 seconds IS-IS interface metric Metric style...
Page 513 Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information with neighbors, enable IS-IS on an interface, instead of on a network as with other routing protocols.
Page 514 ROUTER ISIS mode. To view the IS-IS configuration, enter the show isis protocol command in EXEC Privilege mode or the show config command in ROUTER ISIS mode. Dell#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001...
Page 515 IS-IS: LSP authentication failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: •...
Page 516 ROUTER ISIS AF IPV6 mode isis ipv6 metric metric-value [level-1 | level-2 | level-1-2] To configure wide or wide transition metric style, the cost can be between 0 and 16,777,215. Configuring IS-IS Graceful Restart To enable IS-IS graceful restart globally, use the following commands. Additionally, you can implement optional commands to enable the graceful restart settings.
Page 517 Dell# To view all interfaces configured with IS-IS routing along with the defaults, use the show isis interface command in EXEC Privilege mode. Dell#show isis interface TenGigabitEthernet 1/34 TenGigabitEthernet 1/34 is up, line protocol is up MTU 1497, Encapsulation SAP...
Page 518 Next IS-IS LAN Level-2 Hello in 6 seconds LSP Interval: 33 Restart Capable Neighbors: 2, In Start: 0, In Restart: 0 Dell# Changing LSP Attributes IS-IS routers flood link state PDUs (LSPs) to exchange routing information. LSP attributes include the generation interval, maximum transmission unit (MTU) or size, and the refresh interval.
Page 519 16,777,215. Dell Networking OS supports five different metric styles: narrow, wide, transition, narrow transition, and wide transition. By default, Dell Networking OS generates and receives narrow metric values. Matrixes or costs higher than 63 are not supported. To accept or generate routes with a higher metric, you must change the metric style of the IS-IS process.
Page 520 To view which metric types are generated and received, use the show isis protocol command in EXEC Privilege mode. The IS-IS matrixes settings are in bold. Example of Viewing IS-IS Metric Types Dell#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001...
Page 521: Configuring The Distance Of A Route
The default is Level 1-2 router. When the IS-type is Level 1-2, the software maintains two Link State databases, one for each level. To view the Link State databases, use the show isis database command. Dell#show isis database IS-IS Level-1 Link State Database LSPID...
Page 522 Prefix lists are applied to incoming or outgoing routes and routes must meet the conditions of the prefix lists or Dell Networking OS does not install the route in the routing table. The prefix lists are globally applied on all interfaces running IS-IS.
Page 523 – For a port channel interface, enter the keywords port-channel then a number. – For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. • Apply a configured prefix list to all outgoing IPv4 IS-IS routes. ROUTER ISIS mode distribute-list prefix-list-name out [bgp as-number | connected | ospf process-id | rip | static]...
Page 524: Redistributing Ipv4 Routes
– static: for user-configured routes. – bgp: for BGP routes only. • Deny RTM download for pre-existing redistributed IPv6 routes. ROUTER ISIS-AF IPV6 mode distribute-list redistributed-override in Redistributing IPv4 Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the IS-IS process.
Page 525: Redistributing Ipv6 Routes
Redistributing IPv6 Routes To add routes from other routing instances or protocols, use the following commands. NOTE: These commands apply to IPv6 IS-IS only. To apply prefix lists to IPv4 routes, use the ROUTER ISIS mode previously shown. • Include BGP, directly connected, RIP, or user-configured (static) routes in IS-IS. ROUTER ISIS mode redistribute {bgp as-number | connected | rip | static} [level-1 level-1-2 | level-2] [metric metric-value] [metric-type {external | internal}] [route-map...
Page 526: Setting The Overload Bit
Another use for the overload bit is to prevent other routers from using this router as an intermediate hop in their shortest path first (SPF) calculations. For example, if the IS-IS routing database is out of memory and cannot accept new LSPs, Dell Networking OS sets the overload bit and IS-IS traffic continues to transit the system.
Page 527: Debugging Is-Is
0x2E7F 1099 0/0/0 Force10.00-00 0x00000004 0xCDA9 1093 0/0/0 Dell# Debugging IS-IS To debug IS-IS processes, use the following commands. • View all IS-IS information. EXEC Privilege mode debug isis • View information on all adjacency-related activity (for example, hello packets that are sent and received).
Page 528: Is-Is Metric Styles
– interface: Enter the type of interface and slot/port information to view IS-IS information on that interface only. Dell Networking OS displays debug messages on the console. To view which debugging commands are enabled, use the show debugging command in EXEC Privilege mode.
Page 529: Maximum Values In The Routing Table
Maximum Values in the Routing Table IS-IS metric styles support different cost ranges for the route. The cost range for the narrow metric style is 0 to 1023, while all other metric styles support a range of 0 to 0xFE000000. Change the IS-IS Metric Style in One Level Only By default, the IS-IS metric style is narrow.
Page 530: Leaks From One Level To Another
Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value narrow transition narrow original value narrow transition wide transition original value narrow transition transition original value wide transition wide original value wide transition narrow default value (10) if the original value is greater than 63.
Page 531: Sample Configurations
The following example shows the response from the router: Dell#clear isis * % ISIS not enabled. Dell#clear isis 9999 * You can configure IPv6 IS-IS routes in one of the following three different methods: • Congruent Topology — You must configure both IPv4 and IPv6 addresses on the interface. Enable the ip router isis and ipv6 router isis commands on the interface.
Page 532 Dell(conf-if-te-3/17)#show config interface TenGigabitEthernet 3/17 ip address 24.3.1.1/24 ipv6 address 24:3::1/76 ip router isis ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell (conf-router_isis)#show config router isis metric-style wide level-1 metric-style wide level-2 net 34.0000.0000.AAAA.00 Dell (conf-router_isis)# Intermediate System to Intermediate System...
Page 533 Dell (conf-if-te-3/17)#show config interface TenGigabitEthernet 3/17 ipv6 address 24:3::1/76 ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell (conf-router_isis)#show config router isis net 34.0000.0000.AAAA.00 address-family ipv6 unicast multi-topology exit-address-family Dell (conf-router_isis)# Dell (conf-if-te-3/17)#show config interface TenGigabitEthernet 3/17 ipv6 address 24:3::1/76 ipv6 router isis...
Page 534: Link Aggregation Control Protocol (Lacp)
Link aggregation control protocol (LACP) is supported on Dell Networking OS. Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel by Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic.
Page 535: Lacp Modes
You can configure a maximum of 128 port-channels with up to 16 members per channel. LACP Modes Dell Networking OS provides three modes for configuration of LACP — Off, Active, and Passive. • Off — In this state, an interface is not capable of being part of a dynamic LAG. LACP does not run on any port that is configured to be in this state.
Page 536: Lacp Configuration Tasks
Create a dynamic port channel (LAG). CONFIGURATION mode switchport Example of Configuring a LAG Interface Dell(conf)#interface port-channel 32 Dell(conf-if-po-32)#no shutdown Dell(conf-if-po-32)#switchport The LAG is in the default VLAN. To place the LAG into a non-default VLAN, use the tagged command on the LAG.
Page 537: Configuring The Lag Interfaces As Dynamic
Configure the dynamic LAG interfaces. CONFIGURATION mode port-channel-protocol lacp Example of the port-channel-protocol lacp Command Dell(conf)#interface Gigabitethernet 3/15 Dell(conf-if-gi-3/15)#no shutdown Dell(conf-if-gi-3/15)#port-channel-protocol lacp Dell(conf-if-gi-3/15-lacp)#port-channel 32 mode active Dell(conf)#interface Gigabitethernet 3/16 Dell(conf-if-gi-3/16)#no shutdown Dell(conf-if-gi-3/16)#port-channel-protocol lacp Dell(conf-if-gi-3/16-lacp)#port-channel 32 mode active Dell(conf)#interface Gigabitethernet 4/15 Dell(conf-if-gi-4/15)#no shutdown...
Page 538: Monitoring And Debugging Lacp
Dell(conf-if-po-32)#switchport Dell(conf-if-po-32)#lacp long-timeout Dell(conf-if-po-32)#end Dell# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.a12b Partner System ID: Priority 32768, Address 0001.e801.45a5 Actor Admin Key 1, Oper Key 1, Partner Oper Key 1...
Page 539: Configuring Shared Lag State Tracking
Figure 59. Shared LAG State Tracking To avoid packet loss, redirect traffic through the next lowest-cost link (R3 to R4). Dell Networking OS has the ability to bring LAG 2 down if LAG 1 fails, so that traffic can be redirected. This redirection is what is meant by shared LAG state tracking.
Page 540: Important Points About Shared Lag State Tracking
2d1h45m: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Po 2 To view the status of a failover group member, use the show interface port-channel command. Dell#show interface port-channel 2 Port-channel 2 is up, line protocol is down (Failover-group 1 is down)
Page 541: Lacp Basic Configuration Example
• If a LAG that is part of a failover group is deleted, the failover group is deleted. • If a LAG moves to the Down state due to this feature, its members may still be in the Up state. LACP Basic Configuration Example The screenshots in this section are based on the following example topology.
Page 542 ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 00:02:11 Queueing strategy: fifo Input statistics: 132 packets, 163668 bytes 0 Vlans 0 64-byte pkts, 12 over 64-byte pkts, 120 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 132 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded...
Page 543 Figure 63. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP)
Page 544 Figure 64. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int gig 2/31 Alpha(conf-if-gi-2/31)#no ip address Alpha(conf-if-gi-2/31)#no switchport Alpha(conf-if-gi-2/31)#shutdown Alpha(conf-if-gi-2/31)#port-channel-protocol lacp Alpha(conf-if-gi-2/31-lacp)#port-channel 10 mode active Alpha(conf-if-gi-2/31-lacp)#no shut Alpha(conf-if-gi-2/31)#show config interface GigabitEthernet 2/31 no ip address port-channel-protocol LACP port-channel 10 mode active...
Page 545 interface GigabitEthernet 2/31 no ip address Summary of the LAG Configuration on Bravo Bravo(conf-if-gi-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config interface Port-channel 10 no ip address switchport no shutdown Bravo(conf-if-po-10)#exit Bravo(conf)#int gig 3/21 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-gi-3/21)#port-channel-protocol lacp...
Page 546 Figure 65. Inspecting a LAG Port on BRAVO Using the show interface Command Link Aggregation Control Protocol (LACP)
Page 547 Figure 66. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP)
Page 548 Figure 67. Inspecting the LAG Status Using the show lacp command The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but is general enough to allow any type of network layer datagram to be sent over a PPP connection.
Page 549: Layer 2
Layer 2 Layer 2 features are supported on Dell Networking OS. Manage the MAC Address Table Dell Networking OS provides the following management activities for the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries •...
Page 550: Configuring A Static Mac Address
Setting Station Move Violation Actions • Recovering from Learning Limit and Station Move Violations Dell Networking OS Behavior: When configuring the MAC learning limit on a port or VLAN, the configuration is accepted (becomes part of running-config and show mac learning-limit Layer 2...
Page 551: Setting The Mac Learning Limit
Entries created before this option is set are not affected. Dell Networking OS Behavior: If you do not configure the dynamic option, the systems do not detect station moves in which a MAC address learned off of a MAC-limited port is learned on another port on same line card.
Page 552: Mac Learning-Limit Mac-Address-Sticky
EXEC Privilege mode show mac learning-limit Dell Networking OS Behavior: The systems do not generate a station-move violation log entry for physical interfaces or port-channels when you configure mac learning-limit or when you configure mac learning-limit station-move-violation log. Dell Networking OS detects a station-move...
Page 553: Learning Limit Violation Actions
switchport mac learning-limit 1 dynamic no-station-move mac learning-limit station-move-violation log no shutdown Learning Limit Violation Actions To configure the system to take an action when the MAC learning limit is reached on an interface and a new address is received using one the following options with the mac learning-limit command, use the following commands.
Page 554: Recovering From Learning Limit And Station Move Violations
Recovering from Learning Limit and Station Move Violations After a learning-limit or station-move violation shuts down an interface, you must manually reset it. To reset the learning limit, use the following commands. NOTE: Alternatively, you can reset the interface by shutting it down using the shutdown command and then re-enabling it using the no shutdown command.
Page 555: Configure Redundant Pairs
Down state until the primary fails, at which point it transitions to Up state. If the primary interface fails, and later comes up, it becomes the backup interface for the redundant pair. Dell Networking OS supports Gigabit, 10 Gigabit, and 40-Gigabit interfaces as backup interfaces.
Page 556 Up state. If the primary interface fails and later comes back up, it remains as the backup interface for the redundant pair. Dell Networking OS supports only Gigabit, 10 Gigabit, and 40-Gigabit ports and port channels as primary/ backup interfaces in redundant pairs. (A port channel is also referred to as a link aggregation group (LAG).
Page 557: Important Points About Configuring Redundant Pairs
TenGigabitEthernet 3/42 no shutdown interface TenGigabitEthernet 3/42 no ip address switchport no shutdown Dell(conf-if-range-te-3/41-42)# Dell(conf-if-range-te-3/41-42)#do show ip int brief | find 3/41 TenGigabitEthernet 3/41 unassigned YES Manual up TenGigabitEthernet 3/42 unassigned NO Manual up down [output omitted]...
Page 558: Far-End Failure Detection
Dell(conf-if-te-3/41)#do show ip int brief | find 3/41 TenGigabitEthernet 3/41 unassigned NO Manual administratively down down TenGigabitEthernet 3/42 unassigned YES Manual up [output omitted] Example of Configuring Redundant Pairs on a Port-Channel (S4820T) Dell#show interfaces port-channel brief Codes: L - LACP Port-channel Mode Status Uptime Ports 00:08:33...
Page 559: Fefd State Changes
Figure 71. Configuring Far-End Failure Detection The report consists of several packets in SNAP format that are sent to the nearest known MAC address. In the event of a far-end failure, the device stops receiving frames and, after the specified time interval, assumes that the far-end is not available.
Page 560: Configuring Fefd
You can enable FEFD globally or on a per-interface basis. Interface FEFD configurations override global FEFD configurations. • Dell Networking OS supports FEFD on physical Ethernet interfaces only, excluding the management interface. Configuring FEFD You can configure FEFD for all interfaces from CONFIGURATION mode, or on individual interfaces from INTERFACE mode.
Page 561: Enabling Fefd On An Interface
Te 1/3 Normal 3 Admin Shutdown Te 1/4 Normal 3 Admin Shutdown Dell#show run fefd fefd-global mode normal fefd-global interval 3 Enabling FEFD on an Interface To enable, change, or disable FEFD on an interface, use the following commands. •...
Page 562: Debugging Fefd
2w1d22h: %RPM0-P:CP %IFMGR-5-ASTATE_DN: Changed interface Admin state to down: Te 1/1 Dell(conf-if-te-1/1)#2w1d22h : FEFD state on Te 1/1 changed from ANY to Unknown 2w1d22h: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 1/1 2w1d22h: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 4/1...
Page 563 Sender state -- Bi-directional Sender info -- Mgmt Mac(00:01:e8:14:89:25), Slot-Port(Te 1/1) Peer info -- Mgmt Mac (00:01:e8:14:89:25), Slot-Port(Te 4/1) Sender hold time -- 3 (second) 2w1d22h : FEFD packet received on interface Te 4/1 Sender state -- Bi-directional Sender info -- Mgmt Mac(00:01:e8:14:89:25), Slot-Port(Te 1/1) Peer info -- Mgmt Mac (00:01:e8:14:89:25), Slot-Port(Te 4/1) Sender hold time -- 3 (second) An RPM Failover...
Page 564: Link Layer Discovery Protocol (Lldp)
Link Layer Discovery Protocol (LLDP) The link layer discovery protocol (LLDP) is supported on Dell Networking OS. 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
Page 565: Optional Tlvs
Organizationally Specific TLVs. Figure 73. LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs: management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Management TLVs A management TLV is an optional TLVs sub-type. This kind of TLV contains essential management information about the sender.
Page 566 Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs.
Page 567: Tia-1057 (Lldp-Med) Overview
• LLDP-MED Network Connectivity Device — any device that provides access to an IEEE 802 LAN to an LLDP-MED endpoint device and supports IEEE 802.1AB (LLDP) and TIA-1057 (LLDP-MED). The Dell Networking system is an LLDP-MED network connectivity device. Link Layer Discovery Protocol (LLDP)
Page 568: Tia Organizationally Specific Tlvs
LLDP-MED is designed for, but not limited to, VoIP endpoints. TIA Organizationally Specific TLVs The Dell Networking system is an LLDP-MED Network Connectivity Device (Device Type 4). Network connectivity devices are responsible for: • transmitting an LLDP-MED capability TLV to endpoint devices •...
Page 569 LLDP-MED capability (as shown in the following table). • The possible values of the LLDP-MED device type are shown in the following. The Dell Networking system is a network connectivity device, which is Type 4. When you enable LLDP-MED in Dell Networking OS (using the advertise med command), the system begins transmitting this TLV.
Page 570 An integer represents the application type (the Type integer shown in the following table), which indicates a device function for which a unique network policy is defined. An individual LLDP-MED network policy TLV is generated for each application type that you specify with the Dell Networking OS CLI (Advertising TLVs).
Page 571 NOTE: As shown in the following table, signaling is a series of control packets that are exchanged between an endpoint device and a network connectivity device to establish and maintain a connection. These signal packets might require a different network policy than the media packets for which a connection is made.
Page 572: Configure Lldp
• Power Type — there are two possible power types: power source entity (PSE) or power device (PD). The Dell Networking system is a PSE, which corresponds to a value of 0, based on the TIA-1057 specification. •...
Page 573: Important Points To Remember
Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the maximum, the system does not configure more than 8000.
Page 574: Enabling Lldp
Enabling LLDP LLDP is enabled by default. Enable and disable LLDP globally or per interface. If you enable LLDP globally, all UP interfaces send periodic LLDPDUs. To enable LLDP, use the following command. Enter Protocol LLDP mode. CONFIGURATION or INTERFACE mode protocol lldp Enable LLDP.
Page 575: Viewing The Lldp Configuration
To view the LLDP configuration, use the following command. • Display the LLDP configuration. CONFIGURATION or INTERFACE mode show config Examples of Viewing LLDP Configurations Dell(conf)#protocol lldp Dell(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description...
Page 576: Viewing Information Advertised By Adjacent Lldp Agents
• Display all of the information that neighbors are advertising. show lldp neighbors detail Example of Viewing Brief Information Advertised by Neighbors Dell(conf-if-te-1/3-lldp)#end Dell (conf-if-te-1/3)#do show lldp neighbors Loc PortID Rem Host Name Rem Port Id Rem Chassis Id --------------------------------------------------------------------...
Page 577: Configuring Lldpdu Intervals
Information valid for next 120 seconds Time since last information change of this neighbor: 01:50:16 Remote MTU: 1554 Remote System Desc: Dell Networks Real Time Operating System Software Dell Operating System Version: 1.0. Dell Application Software Version: 9.4.0.0. Copyright (c) 1999-2014...
Page 578: Configuring Transmit And Receive Mode
Configuring Transmit and Receive Mode After you enable LLDP, Dell Networking systems transmit and receive LLDPDUs by default. To configure the system to transmit or receive only and return to the default, use the following commands. • Transmit only. CONFIGURATION mode or INTERFACE mode mode tx •...
Page 579: Configuring A Time To Live
Configuring a Time to Live The information received from a neighbor expires after a specific amount of time (measured in seconds) called a time to live (TTL). The TTL is the product of the LLDPDU transmit interval (hello) and an integer called a multiplier. The default multiplier is 4, which results in a default TTL of 120 seconds.
Page 580: Relevant Management Objects
Figure 79. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs • the LLDP configuration on the local agent •...
Page 581 MIB Object LLDP Variable LLDP MIB Object Description Category msgTxInterval lldpMessageTxInterval Transmit Interval value. rxInfoTTL lldpRxInfoTTL Time to live for received TLVs. txInfoTTL lldpTxInfoTTL Time to live for transmitted TLVs. Basic TLV mibBasicTLVsTxEnable lldpPortConfigTLVsTxEnabl Indicates which Selection management TLVs are enabled for system ports.
Page 582 Table 49. LLDP System MIB Objects TLV Type TLV Name TLV Variable System LLDP MIB Object Chassis ID chassis ID subtype Local lldpLocChassisIdSub type Remote lldpRemChassisIdSu btype chassid ID Local lldpLocChassisId Remote lldpRemChassisId Port ID port subtype Local lldpLocPortIdSubtyp Remote lldpRemPortIdSubty port ID Local...
Page 583 TLV Type TLV Name TLV Variable System LLDP MIB Object interface numbering Local lldpLocManAddrIfSu subtype btype Remote lldpRemManAddrIfS ubtype interface number Local lldpLocManAddrIfId Remote lldpRemManAddrIfId Local lldpLocManAddrOID Remote lldpRemManAddrOI Table 50. LLDP 802.1 Organizationally specific TLV MIB Objects TLV Type TLV Name TLV Variable System...
Page 584 Table 51. LLDP-MED System MIB Objects TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object lldpXMedPortCapSu LLDP-MED LLDP-MED Local pported Capabilities Capabilities lldpXMedPortConfig TLVsTx Enable lldpXMedRemCapSu Remote pported lldpXMedRemConfig TLVsTxEnable LLDP-MED Class Local lldpXMedLocDevice Type Class Remote lldpXMedRemDevice Class Network Policy Application Type Local...
Page 585 TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object Location Identifier Location Data Local lldpXMedLocLocatio Format nSubtype Remote lldpXMedRemLocati onSubtype Location ID Data Local lldpXMedLocLocatio nInfo Remote lldpXMedRemLocati onInfo Extended Power via Power Device Type Local lldpXMedLocXPoED eviceType Remote lldpXMedRemXPoED eviceType lldpXMedLocXPoEPS...
Page 586: Microsoft Network Load Balancing
Microsoft Network Load Balancing This functionality is supported on Dell Networking OS. Network Load Balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems. NLB uses a distributed methodology or pattern to equally split and balance the network traffic load across a set of servers that are part of the cluster or group.
Page 587: Nlb Multicast Mode Scenario
If the active server sends a reply, the Dell switch learns the active server’s MAC address. If all servers reply, the switch registers only the last received ARP reply, and the switch learns one server’s actual MAC address;...
Page 588: Enable And Disable Vlan Flooding
Configuring a Switch for NLB This functionality is supported on the S4820T platform. To enable a switch for unicast NLB mode of functioning, perform the following steps: Enter the ip vlan-flooding command to specify that all Layer 3 unicast routed data traffic, going through a VLAN member port, needs to be flooded across all the member ports of that VLAN.
Page 589: Multicast Source Discovery Protocol (Msdp)
Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as border gateway protocol (BGP).
Page 590 Figure 80. Multicast Source Discovery Protocol (MSDP) RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected.
Page 591: Anycast Rp
New sources register with the backup RP. Receivers join toward the new RP and connectivity is maintained. Implementation Information The Dell Networking OS implementation of MSDP is in accordance with RFC 3618 and Anycast RP is in accordance with RFC 3446. Configure Multicast Source Discovery Protocol Configuring MSDP is a four-step process.
Page 592 • Accept Source-Active Messages that Fail the RFP Check • Specifying Source-Active Messages • Limiting the Source-Active Cache • Preventing MSDP from Caching a Local Source • Preventing MSDP from Caching a Remote Source • Preventing MSDP from Advertising a Local Source •...
Page 593 Figure 83. Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol (MSDP)
Page 594 Figure 84. Configuring PIM in Multiple Routing Domains Multicast Source Discovery Protocol (MSDP)
Page 595: Enable Msdp
Figure 85. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. Enable MSDP. CONFIGURATION mode ip multicast-msdp Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Multicast Source Discovery Protocol (MSDP)
Page 596: Manage The Source-Active Cache
Examples of Configuring and Viewing MSDP R3_E600(conf)#ip multicast-msdp R3_E600(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3_E600(conf)#do show ip msdp summary Peer Addr Local Addr State Source Up/Down Description To view details about a peer, use the show ip msdp peer command in EXEC privilege mode. Multicast sources in remote domains are stored on the RP in the source-active cache (SA cache).
Page 597: Limiting The Source-Active Cache
If the total number of active sources is already larger than the limit when limiting is applied, the sources that are already in Dell Networking OS are not discarded. To enforce the limit in such a situation, use the clear ip msdp sa-cache command to clear all existing entries.
Page 598 Figure 86. MSDP Default Peer, Scenario 1 Multicast Source Discovery Protocol (MSDP)
Page 599 Figure 87. MSDP Default Peer, Scenario 2 Multicast Source Discovery Protocol (MSDP)
Page 600 Figure 88. MSDP Default Peer, Scenario 3 Multicast Source Discovery Protocol (MSDP)
Page 601: Specifying Source-Active Messages
RPs that the ACL denies are subject to the normal RPF check. Example of the ip msdp default-peer Command and Viewing Denied Sources Dell(conf)#ip msdp peer 10.0.50.2 connect-source Vlan 50 Dell(conf)#ip msdp default-peer 10.0.50.2 list fifty Multicast Source Discovery Protocol (MSDP)
Page 602: Limiting The Source-Active Messages From A Peer
Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50 Dell#ip msdp sa-cache MSDP Source-Active Cache - 3 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpTime 229.0.50.2 24.0.50.2 200.0.0.50 10.0.50.2 00:13:49 229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 00:13:49 229.0.50.4 24.0.50.4 200.0.0.50 10.0.50.2 00:13:49 Dell#ip msdp sa-cache rejected-sa...
Page 603: Preventing Msdp From Caching A Remote Source
Example of Verifying the System is not Caching Local Sources When you apply this filter, the SA cache is not affected immediately. When sources that are denied by the ACL time out, they are not refreshed. Until they time out, they continue to reside in the cache. To apply the redistribute filter to entries already present in the SA cache, first clear the SA cache.
Page 604: Preventing Msdp From Advertising A Local Source
R3_E600(conf)#do show ip msdp sa-cache R3_E600(conf)# R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 0.0.0.0(639) Connect Source: Lo 0 State: Listening Up/Down Time: 00:01:19 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA Filtering: Input (S,G) filter: myremotefilter Output (S,G) filter: none...
Page 605: Logging Changes In Peership States
Logging Changes in Peership States To log changes in peership states, use the following command. • Log peership state changes. CONFIGURATION mode ip msdp log-adjacency-changes Terminating a Peership MSDP uses TCP as its transport protocol. In a peering relationship, the peer with the lower IP address initiates the TCP session, while the peer with the higher IP address listens on port 639.
Page 606: Debugging Msdp
Example of the clear ip msdp peer Command and Verifying Statistics are Cleared R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.3(639) Connect Source: Lo 0 State: Established Up/Down Time: 00:04:26 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 5/0 SAs learned from this peer: 0 SA Filtering:...
Page 607 technique is less effective as traffic increases because preemptive load balancing requires prior knowledge of traffic distributions. • lack of scalable register decasulation: With only a single RP per group, all joins are sent to that RP regardless of the topological distance between the RP, sources, and receivers, and data is transmitted to the RP until the SPT switch threshold is reached.
Page 608: Configuring Anycast Rp
Configuring Anycast RP To configure anycast RP, use the following commands. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address. CONFIGURATION mode interface loopback Make this address the RP for the group.
Page 609 CONFIGURATION mode ip msdp originator-id Examples of R1, R2, and R3 Configuration for MSDP with Anycast RP The following example shows an R1 configuration for MSDP with Anycast RP. ip multicast-routing interface TenGigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown interface TenGigabitEthernet 1/2 ip address 10.11.2.1/24...
Page 610 no shutdown interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown interface Loopback 1 ip address 192.168.0.22/32 no shutdown router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.22/32 area 0 redistribute static redistribute connected redistribute bgp 100 router bgp 100 redistribute ospf 1...
Page 611: Msdp Sample Configurations
neighbor 192.168.0.22 remote-as 100 neighbor 192.168.0.22 ebgp-multihop 255 neighbor 192.168.0.22 update-source Loopback 0 neighbor 192.168.0.22 no shutdown ip multicast-msdp ip msdp peer 192.168.0.11 connect-source Loopback 0 ip msdp peer 192.168.0.22 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.22 ip route 192.168.0.1/32 10.11.0.23 ip route 192.168.0.22/32 10.11.0.23 ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 ip multicast-routing...
Page 612 MSDP Sample Configuration: R1 Running-Config MSDP Sample Configuration: R2 Running-Config MSDP Sample Configuration: R3 Running-Config MSDP Sample Configuration: R4 Running-Config ip multicast-routing interface TenGigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown interface TenGigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown interface TenGigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24...
Page 613 network 192.168.0.2/32 area 0 redistribute static redistribute connected redistribute bgp 100 router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200 neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.3 update-source Loopback 0 neighbor 192.168.0.3 no shutdown ip route 192.168.0.3/32 10.11.0.32 ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4 ip multicast-routing interface TenGigabitEthernet 3/21 ip pim sparse-mode...
Page 614 interface TenGigabitEthernet 4/22 ip address 10.10.42.1/24 no shutdown interface TenGigabitEthernet 4/31 ip pim sparse-mode ip address 10.11.6.43/24 no shutdown interface Loopback 0 ip address 192.168.0.4/32 no shutdown router ospf 1 network 10.11.5.0/24 area 0 network 10.11.6.0/24 area 0 network 192.168.0.4/32 area 0 ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 Multicast Source Discovery Protocol (MSDP)
Page 615: Multiple Spanning Tree Protocol (Mstp)
Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) is supported on Dell Networking OS. Protocol Overview MSTP — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves on per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances.
Page 616: Spanning Tree Variations
Spanning Tree Variations The Dell Networking OS supports four variations of spanning tree, as shown in the following table. Table 52. Spanning Tree Variations Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w...
Page 617: Enable Multiple Spanning Tree Globally
Enable MSTP. PROTOCOL MSTP mode no disable Example of Verifying MSTP is Enabled To verify that MSTP is enabled, use the show config command in PROTOCOL MSTP mode. Dell(conf)#protocol spanning-tree mstp Dell(config-mstp)#show config protocol spanning-tree mstp no disable Dell# Adding and Removing Interfaces To add and remove interfaces, use the following commands.
Page 618 All bridges in the MSTP region must have the same VLAN-to-instance mapping. To view which instance a VLAN is mapped to, use the show spanning-tree mst vlan command from EXEC Privilege mode. Dell(conf-mstp)#name my-mstp-region Dell(conf-mstp)#exit Dell(conf)#do show spanning-tree mst config MST region name: my-mstp-region Revision: 0 MSTI VID 1 100...
Page 619: Influencing Mstp Root Selection
Dell Networking OS supports only one MSTP region. A region is a combination of three unique qualities: • Name is a mnemonic string you assign to the region. The default region name on Dell Networking OS is null. • Revision is a 2-byte number. The default revision number on Dell Networking OS is 0.
Page 620: Changing The Region Name Or Revision
Dell Networking OS equipment that participates in MSTP, ensure these values match on all the equipment. NOTE: Some non-Dell Networking OS equipment may implement a non-null default region name. SFTOS, for example, uses the Bridge ID, while others may use a MAC address.
Page 621 The default is 15 seconds. Change the hello-time parameter. PROTOCOL MSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds.
Page 622: Modifying The Interface Parameters
Modifying the Interface Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port. • Port cost is a value that is based on the interface type. The greater the port cost, the less likely the port is selected to be a forwarding port.
Page 623: Flush Mac Addresses After A Topology Change
Dell(conf-if-te-3/11)# Flush MAC Addresses after a Topology Change Dell Networking OS has an optimized MAC address flush mechanism for RSTP, MSTP, and PVST+ that flushes addresses only when necessary, which allows for faster convergence during topology changes. However, you may activate the flushing mechanism defined by 802.1Q-2003 using the tc-flush- standard command, which flushes MAC addresses after every topology change notification.
Page 624: Mstp Sample Configurations
EXEC Privilege mode. MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from Dell Networking OS systems. Figure 92. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps: Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs.
Page 625 (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown Router 2 Running-Configuration This example uses the following steps: Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs.
Page 626 Router 3 Running-Configuration This example uses the following steps: Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. Assign Layer-2 interfaces to the MSTP topology. Create VLANs mapped to MSTP instances tag interfaces to the VLANs. (Step 1) protocol spanning-tree mstp no disable...
Page 627: Debugging And Verifying Mstp Configurations
(Step 2) interface 1/0/31 no shutdown spanning-tree port mode enable switchport protected 0 exit interface 1/0/32 no shutdown spanning-tree port mode enable switchport protected 0 exit (Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit interface vlan 300...
Page 628 – Are there “extra” MSTP instances in the Sending or Received logs? This may mean that an additional MSTP instance was configured on one router but not the others. The following example shows the show run spanning-tree mstp command. Dell#show run spanning-tree mstp protocol spanning-tree mstp name Tahiti...
Page 629 The following example shows viewing the debug log of an unsuccessful MSTP configuration. 4w0d4h : MSTP: Received BPDU on Te 2/21 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x78Different Region (Indicates MSTP routers are in different regions and are not communicating with each other.) CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 0 Regional Bridge Id: 32768:0001.e806.953e, CIST Port Id: 128:470 Msg Age: 0, Max Age: 20, Hello: 2, Fwd Delay: 15, Ver1 Len: 0, Ver...
Page 630: Multicast Features
Because protocol control traffic in Dell Networking OS is redirected using the MAC address, and multicast control traffic and multicast data traffic might map to the same MAC address, Dell Networking OS might forward data traffic with certain MAC addresses to the CPU in addition to control traffic.
Page 631: Multicast Policies
Limiting the Number of Multicast Routes When the total number of multicast routes on a system limit is reached, Dell Networking OS does not process any IGMP or multicast listener discovery protocol (MLD) joins to PIM — though it still processes leave messages —...
Page 632 Dell Networking OS Behavior: Do not enter the ip igmp access-group command before creating the access-list. If you do, after entering your first deny rule, Dell Networking OS clears multicast routing table and re-learns all groups, even those not covered by the rules in the access-list, because there is an implicit deny all rule at the end of all access-lists.
Page 633 Figure 93. Preventing a Host from Joining a Group Table 54. Preventing a Host from Joining a Group — Description Location Description • Interface TenGigabitEthernet 1/21 1/21 • ip pim sparse-mode • ip address 10.11.12.1/24 • no shutdown • Interface TenGigabitEthernet 1/31 1/31 •...
Page 634 Location Description • no shutdown • Interface TenGigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown • Interface TenGigabitEthernet 2/11 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown • Interface TenGigabitEthernet 2/31 2/31 •...
Page 635 Preventing a PIM Router from Forming an Adjacency To prevent a router from participating in PIM (for example, to configure stub multicast routing), use the following command. • Prevent a router from participating in protocol independent multicast (PIM). INTERFACE mode ip pim neighbor-filter Preventing a Source from Registering with the RP To prevent the PIM source DR from sending register packets to RP for the specified multicast source and...
Page 636 Figure 94. Preventing a Source from Transmitting to a Group Table 55. Preventing a Source from Transmitting to a Group — Description Location Description • Interface TenGigabitEthernet 1/21 1/21 • ip pim sparse-mode • ip address 10.11.12.1/24 • no shutdown 1/31 •...
Page 637 Location Description • no shutdown • Interface TenGigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown • Interface TenGigabitEthernet 2/11 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown • Interface TenGigabitEthernet 2/31 2/31 •...
Page 638 To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the source.
Page 639: Object Tracking
Object Tracking IPv4/IPv6 object tracking is available on Dell Networking OS. Object tracking allows the Dell Networking Operating System (OS) client processes, such as virtual router redundancy protocol (VRRP), to monitor tracked objects (for example, interface or link status) and take appropriate action when the state of an object changes.
Page 640: Track Layer 2 Interfaces
Figure 95. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object. Optionally, you can also specify: • UP and DOWN thresholds used to report changes in a route metric. •...
Page 641: Track Ipv4 And Ipv6 Routes
Track IPv4 and IPv6 Routes You can create an object that tracks an IPv4 or IPv6 route entry in the routing table. Specify a tracked route by its IPv4/IPv6 address and prefix-length, and optionally, by a virtual routing and forwarding (VRF) instance name if the route to be tracked is part of a VRF. The next-hop address is not part of the definition of the tracked object.
Page 642: Set Tracking Delays
Track Layer 3 Interfaces • Track an IPv4/IPv6 Route For a complete listing of all commands related to object tracking, refer to the Dell Networking OS Command Line Interface Reference Guide. Tracking a Layer 2 Interface You can create an object that tracks the line-protocol state of a Layer 2 interface and monitors its operational status (UP or DOWN).
Page 643 The text string can be up to 80 characters. (Optional) Display the tracking configuration and the tracked object’s status. EXEC Privilege mode show track object-id Example of Configuring Object Tracking Dell(conf)#track 100 interface tengigabitethernet 7/1 line-protocol Dell(conf-track-100)#delay up 20 Dell(conf-track-100)#description San Jose data center Dell(conf-track-100)#end Dell#show track 100...
Page 644: Tracking A Layer 3 Interface
Tracking a Layer 3 Interface You can create an object that tracks the routing status of an IPv4 or IPv6 Layer 3 interface. You can track the routing status of any of the following Layer 3 interfaces: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information.
Page 645: Track An Ipv4/Ipv6 Route
EXEC Privilege mode show track object-id Example of Configuring Object Tracking (IPv4 Interface) Example of Configuring Object Tracking (IPv6 Interface) Dell(conf)#track 101 interface tengigabitethernet 7/2 ip routing Dell(conf-track-101)#delay up 20 Dell(conf-track-101)#description NYC metro Dell(conf-track-101)#end Dell#show track 101 Track 101 Interface TenGigabitEthernet 7/2 ip routing...
Page 646 – For OSPF, you can set the resolution in the range from 1 to 1592, where the default is 1. – The resolution value used to map static routes is not configurable. By default, Dell Networking OS assigns a metric of 0 to static routes.
Page 647 IP route 10.0.0.0/8 reachability Reachability is Down (route not in route table) 2 changes, last change 00:02:49 Tracked by: Dell#configure Dell(conf)#track 4 ip route 3.1.1.0/24 reachability vrf vrf1 Dell(conf)#track 105 ipv6 route 1234::/64 reachability Dell(conf-track-105)#delay down 5 Dell(conf-track-105)#description Headquarters Dell(conf-track-105)#end...
Page 648 EXEC Privilege mode show track object-id Example of the track ip route metric threshold Command Example of the track ipv6 route metric threshold Command Dell(conf)#track 6 ip route 2.1.1.0/24 metric threshold Dell(conf-track-6)#delay down 20 Dell(conf-track-6)#delay up 20 Dell(conf-track-6)#description track ip route metric...
Page 649: Displaying Tracked Objects
Dell(conf-track-6)#threshold metric down 40 Dell(conf-track-6)#threshold metric up 40 Dell(conf-track-6)#exit Dell(conf)#track 10 ip route 3.1.1.0/24 metric threshold vrf vrf1 Dell(conf)#track 8 ipv6 route 2::/64 metric threshold Dell(conf-track-8)#threshold metric up 30 Dell(conf-track-8)#threshold metric down 40 Displaying Tracked Objects To display the currently configured objects used to track Layer 2 and Layer 3 interfaces, and IPv4 and IPv6 routes, use the following show commands.
Page 650 Dell#show track resolution IP Route Resolution ISIS OSPF IPv6 Route Resolution ISIS Dell#show track vrf red Track 5 IP route 192.168.0.0/24 reachability, Vrf: red Reachability is Up (CONNECTED) 3 changes, last change 00:02:39 First-hop interface is GigabitEthernet 13/4 Dell#show running-config track track 1 ip route 23.0.0.0/8 reachability...
Page 651: Open Shortest Path First (Ospfv2 And Ospfv3)
Open Shortest Path First (OSPFv2 and OSPFv3) Open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) are supported on Dell Networking OS. This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking Operating System (OS).
Page 652: Area Types
Areas allow you to further organize your routers within in the AS. One or more areas are required within the AS. Areas are valuable in that they allow sub-networks to "hide" within the AS, thus minimizing the size of the routing tables on all routers. An area within the AS may not see the details of another area’s topology.
Page 653: Networks And Neighbors
AS information from the backbone or other areas. However, a virtual link can traverse it. • Totally stubby areas are referred to as no summary areas in the Dell Networking OS. Networks and Neighbors As a link-state protocol, OSPF sends routing information to other OSPF routers concerning the state of the links between them.
Page 654 Figure 97. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example. Area Border Router (ABR) Within an AS, an area border router (ABR) connects one or more areas to the backbone.
Page 655: Designated And Backup Designated Routers
These router designations are not the same ad the router IDs described earlier. The DRs and BDRs are configurable in Dell Networking OS. If you do not define DR or BDR in Dell Networking OS, the system assigns them. OSPF looks at the priority of the routers on the segment to determine which routers are the DR and BDR.
Page 656 available. An ABR floods the information for the router (for example, the ASBR where the Type 5 advertisement originated. The link-state ID for Type 4 LSAs is the router ID of the described ASBR). • Type 5: LSA — These LSAs contain information imported into OSPF from other routing processes. They are flooded to all areas, except stub areas.
Page 657: Router Priority And Cost
Figure 98. Priority and Cost Examples OSPF with Dell Networking OS Dell Networking OS supports up to 10,000 OSPF routes for OSPFv2. Within that 10,000 routes, you can designate up to 8,000 routes as external and up to 2,000 as inter/intra area routes.
Page 658: Graceful Restart
Dell Networking OS supports stub areas, totally stub (no summary) and not so stubby areas (NSSAs) and supports the following LSAs, as described earlier. • Router (type 1) • Network (type 2) • Network Summary (type 3) • AS Boundary (type 4) •...
Page 659: Fast Convergence (Ospfv2, Ipv4 Only)
Fast convergence allows you to define the speeds at which LSAs are originated and accepted, and reduce OSPFv2 end-to-end convergence time. Dell Networking OS allows you to accept and originate LSAa as soon as they are available to speed up route information propagation.
Page 660: Rfc-2328 Compliant Ospf Flooding
Enabling RFC-2328 Compliant OSPF Flooding To enable OSPF flooding, use the following command. When you enable this command, it configures Dell Networking OS to flood LSAs on all interfaces. • Enable RFC 2328 flooding.
Page 661: Ospf Ack Packing
In Dell Networking OS, the OSPF dead interval value is, by default, set to 40 seconds, and is independent of the OSPF hello interval. Configuring a hello interval does not change the dead interval in Dell Networking OS.
Page 662: Configuration Information
Enable OSPF globally. Assign network area and neighbors. Add interfaces or configure other attributes. For a complete list of the OSPF commands, refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Open Shortest Path First (OSPFv2 and OSPFv3)
Page 663 In CONFIGURATION ROUTER OSPF mode, assign the router ID. The router ID is not required to be the router’s IP address. However, Dell Networking recommends using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described.
Page 664 EXEC mode show ip ospf process-id Example of Viewing the Current OSPFv2 Status Dell#show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.10 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs...
Page 665 The first bold lines assign an IP address to a Layer 3 interface, and theno shutdown command ensures that the interface is UP. The second bold line assigns the IP address of an interface to an area. Example of Enabling OSPFv2 and Assigning an Area to an Interface Dell#(conf)#int te 4/14 Dell(conf-if-te-4/14)#ip address 10.10.10.10/24 Dell(conf-if-te-4/14)#no shutdown Dell(conf-if-te-4/14)#ex...
Page 666 Dell(conf-router_ospf-1)#network 20.20.20.20/24 area 2 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To view the configuration, use the show config command in CONFIGURATION ROUTER OSPF mode. OSPF, by default, sends hello packets out to all physical interfaces assigned an IP address that is a subset of a network on which OSPF is enabled.
Page 667 Example of the show ip ospf database database-summary Command To view which LSAs are transmitted, use the show ip ospf database process-id database- summary command in EXEC Privilege mode. Dell#show ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area ID Router Network S-Net S-ASBR Type-7 Subtotal 2.2.2.2...
Page 668 When you configure a passive interface, the show ip ospf process-id interface command adds the words passive interface to indicate that the hello packets are not transmitted on that interface (shown in bold). Dell#show ip ospf 34 int TenGigabitEthernet 1/1 is up, line protocol is down Internet Address 10.1.2.100/24, Area 1.1.1.1 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 10...
Page 669 NOTE: A higher convergence level can result in occasional loss of OSPF adjacency. Generally, convergence level 1 meets most convergence requirements. Only select higher convergence levels following consultation with Dell Technical Support. Examples of the fast-converge Command In the examples below, Convergence Level shows the fast-converge parameter setting and Min LSA origination shows the LSA parameters (shown in bold).
Page 670 Dell# Changing OSPFv2 Parameters on Interfaces In Dell Networking OS, you can modify the OSPF settings on the interfaces. Some interface parameter values must be consistent across all interfaces to avoid routing errors. For example, set the same time interval for the hello packets on all routers in the OSPF network to prevent misconfiguration of OSPF neighbors.
Page 671 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 Dell(conf-if)#end Dell#show ip ospf 34 interface TenGigabitEthernet 1/1 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 45 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 10.1.2.100...
Page 672 Graceful restart is enabled for the global OSPF process. For more information, refer to Graceful Restart. The Dell Networking implementation of OSPFv2 graceful restart enables you to specify: • grace period — the length of time the graceful restart process can last before OSPF terminates it. •...
Page 673 After you enable restart mode the router advertises the neighbor as fully adjacent during a restart. For more information about OSPF graceful restart, refer to the Dell Networking OS Command Line Reference Guide. Example of the show run ospf Command When you configure a graceful restart on an OSPFv2 router, the show run ospf command displays information similar to the following.
Page 674 10.0.2.0/24 area 0 Dell# Creating Filter Routes To filter routes, use prefix lists. OSPF applies prefix lists to incoming or outgoing routes. Incoming routes must meet the conditions of the prefix lists. If they do not, OSPF does not add the route to the routing table.
Page 675 Dell(conf-router_ospf)# Troubleshooting OSPFv2 Dell Networking OS has several tools to make troubleshooting easier. Be sure to check the following, as these questions represent typical issues that interrupt an OSPFv2 process. NOTE: The following is not a comprehensive list, just some examples of typical troubleshooting checks.
Page 676 – packet: view OSPF packet information. – spf: view SPF information. – database-timers rate-limit: view the LSAs currently in the queue. Example of Viewing OSPF Configuration Dell#show run ospf router ospf 3 router ospf 4 router-id 4.4.4.4 network 4.4.4.0/28 area 1...
Page 677: Sample Configurations For Ospfv2
2 virtual-link 90.90.90.90 retransmit-interval 300 ipv6 router ospf 999 default-information originate always router-id 10.10.10.10 Dell# Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations.
Page 678: Ospf Area 0 - Te 3/1 And 3/2
no shutdown interface Loopback 10 ip address 192.168.100.100/24 no shutdown OSPF Area 0 — Te 3/1 and 3/2 router ospf 33333 network 192.168.100.0/24 area 0 network 10.0.13.0/24 area 0 network 10.0.23.0/24 area 0 interface Loopback 30 ip address 192.168.100.100/24 no shutdown interface TenGigabitEthernet 3/1 ip address 10.1.13.3/24 no shutdown...
Page 679: Enabling Ipv6 Unicast Routing
command to create the OSPF process, then the network area command to enable OSPF on an interface. NOTE: The OSPFv2 network area command enables OSPF on multiple interfaces with the single command. Use the OSPFv3 ipv6 ospf area command on each interface that runs OSPFv3. All IPv6 addresses on an interface are included in the OSPFv3 process that is created on the interface.
Page 680: Assigning Ospfv3 Process Id And Router Id Globally
• Assign the OSPFv3 process and an OSPFv3 area to this interface. CONF-INT-type slot/port mode ipv6 ospf process-id area area-id – process-id: the process ID number assigned. – area-id: the area ID for this interface. Assigning OSPFv3 Process ID and Router ID Globally To assign, disable, or reset OSPFv3 globally, use the following commands.
Page 681: Configuring Stub Areas
– number: the IPv4 address. The format is A.B.C.D. NOTE: Enter the router-id for an OSPFv3 router as an IPv4 IP address. • Disable OSPF. CONFIGURATION mode no ipv6 router ospf process-id vrf {vrf-name} • Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf [vrf vrf-name] process Configuring Stub Areas To configure IPv6 stub areas, use the following command.
Page 682: Redistributing Routes
– tag tag-value: The range is from 0 to 4294967295. Configuring a Default Route To generate a default external route into the OSPFv3 routing domain, configure Dell Networking OS. To specify the information for the default route, use the following command.
Page 683 OSPFv3 restarting expects its OSPFv3 neighbors to help when it restarts by not advertising the broken link. When you enable the helper-reject role on an interface using the ipv6 ospf graceful-restart helper-reject command, you reconfigure OSPFv3 graceful restart to function in a restarting-only role. OSPFv3 does not participate in the graceful restart of a neighbor.
Page 684 30.1.1.0/24 area 0 ipv6 router ospf 1 log-adjacency-changes graceful-restart grace-period 180 The following example shows the show ipv6 ospf database database-summary command. Dell#show ipv6 ospf database database-summary OSPFv3 Router with ID (200.1.1.1) (Process ID 1) Process 1 database summary Type Count/Status...
Page 685: Ospfv3 Authentication Using Ipsec
ESP header between the next layer protocol header and encapsulated IP header in Tunnel mode. However, Tunnel mode is not supported in Dell Networking OS. For detailed information about the IP ESP protocol, refer to RFC 4303.
Page 686 OSPFv3 Authentication Using IPsec: Configuration Notes OSPFv3 authentication using IPsec is implemented according to the specifications in RFC 4552. • To use IPsec, configure an authentication (using AH) or encryption (using ESP) security policy on an interface or in an OSPFv3 area. Each security policy consists of a security policy index (SPI) and the key used to validate OSPFv3 packets.
Page 687 Configuring IPsec Authentication on an Interface To configure, remove, or display IPsec authentication on an interface, use the following commands. Prerequisite: Before you enable IPsec authentication on an OSPFv3 interface, first enable IPv6 unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area (refer to Configuration Task List for OSPFv3 (OSPF for IPv6)).
Page 688 INTERFACE mode ipv6 ospf encryption {null | ipsec spi number esp encryption-algorithm [key- encryption-type] key authentication-algorithm [key-authentication-type] key} – null: causes an encryption policy configured for the area to not be inherited on the interface. – ipsec spi number: is the security policy index (SPI) value. The range is from 256 to 4294967295.
Page 689 CONF-IPV6-ROUTER-OSPF mode area-id authentication ipsec spi number {MD5 | SHA1} [key-encryption-type] – area area-id: specifies the area for which OSPFv3 traffic is to be authenticated. For area-id, enter a number or an IPv6 prefix. – spi number: is the SPI value. The range is from 256 to 4294967295. –...
Page 690 In the first example, the keys are not encrypted (shown in bold). In the second and third examples, the keys are encrypted (shown in bold). The following example shows the show crypto ipsec policy command. Dell#show crypto ipsec policy Open Shortest Path First (OSPFv2 and OSPFv3)
Page 691 Outbound ESP Cipher Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a Transform set : esp-128-aes esp-sha1-hmac The following example shows the show crypto ipsec sa ipv6 command. Dell#show crypto ipsec sa ipv6 Interface: TenGigabitEthernet 1/1 Link Local address: fe80::201:e8ff:fe40:4d10 IPSecv6 policy name: OSPFv3-1-500 inbound ah sas...
Page 692: Troubleshooting Ospfv3
STATUS : ACTIVE Troubleshooting OSPFv3 Dell Networking OS has several tools to make troubleshooting easier. Consider the following information as these are typical issues that interrupt the OSPFv3 process. NOTE: The following troubleshooting section is not meant to be a comprehensive list, only examples of typical troubleshooting checks.
Page 693 show ipv6 route [vrf vrf-name] summary • View the summary information for the OSPFv3 database. EXEC Privilege mode show ipv6 ospf [vrf vrf-name] database • View the configuration of OSPFv3 neighbors. EXEC Privilege mode show ipv6 ospf [vrf vrf-name] neighbor •...
Page 694: Policy-Based Routing (Pbr)
Policy-based Routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. This chapter covers the following topics: • Overview • Implementing Policy-based Routing with Dell Networking OS • Configuration Task List for Policy-based Routing • Sample Configuration Overview When a router receives a packet it normally decides where to forward it based on the destination address in the packet, which is used to look up an entry in a routing table.
Page 695 If the specified next-hops are not reachable, then the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists. • Redirect-Lists are applied at Ingress. PBR with Redirect-to-Tunnel Option: The user can provide a tunnel id for a redirect rule.
Page 696: Implementing Policy-Based Routing With Dell Networking Os
Tunnel Interface which is available by sending ICMP pings to verify reach ability and/or check the Tunnel Interface UP or DOWN status, and then route traffic out to that next-hop and/or Tunnel Interface Implementing Policy-based Routing with Dell Networking OS •...
Page 697 Format: 16 characters Delete the redirect list with the no ip redirect-list command. The following example creates a redirect list by the name of “xyz.” Dell(conf)#ip redirect-list ? WORD Redirect-list name (max 16 chars) Dell(conf)#ip redirect-list xyz Create a Rule for a Redirect-list Use the following command in CONFIGURATION REDIRECT-LIST mode to set the rules for the redirect list.
Page 698 Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 ? Mask A.B.C.D or /nn Mask in dotted decimal or in slash format Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 /32 ? Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 /32 Dell(conf-redirect-list)#do show ip redirect-list IP redirect-list xyz: Defined as: seq 5 redirect 3.3.3.3 ip host 222.1.1.1 host 77.1.1.1...
Page 699: Pbr Exceptions (Permit)
Dell Networking OS assigns the first available sequence number to a rule configured without a sequence number and inserts the rule into the PBR CAM region next to the existing entries. Since the order of rules is important, ensure that you configure any necessary sequence numbers.
Page 700 Dell(conf-if-te-1/2)# In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect List Configuration Policy-based Routing (PBR)
Page 701 List the redirect list configuration using the show ip redirect-list redirect-list-name command. The non- contiguous mask is displayed in dotted format (x.x.x.x). The contiguous mask is displayed in /x format. Some sample outputs are shown below: Dell#show ip redirect-list explicit_tunnel IP redirect-list explicit_tunnel: Defined as: seq 5 redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24, Track 1 [up],...
Page 702: Sample Configuration
Showing CAM PBR Configuration Example : Dell#show cam pbr stack-unit 1 port-set 0 TCP Flag: Bit 5 - URG, Bit 4 - ACK, Bit 3 - PSH, Bit 2 - RST, Bit 1 - SYN, Bit...
Page 703: Redirect-List Gold
Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/24 any EDGE_ROUTER(conf-redirect-list)# seq 15 permit ip any any EDGE_ROUTER(conf-redirect-list)#show config ip redirect-list GOLD description Route GOLD traffic to ISP_GOLD. seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any seq 10 redirect 10.99.99.254 ip 192.168.2.0/24 any seq 15 permit ip any any...
Page 704 222.22.2.0/24 Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 tcp any any Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp 155.55.0.0/16 host 144.144.144.144 Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp any host 144.144.144.144 Dell(conf-redirect-list)#redirect 43.1.1.2 track 4 ip host 7.7.7.7 host 144.144.144.144 Dell(conf-redirect-list)#end Verify the Status of the Track Objects (Up/Down):...
Page 705 Dell(conf-if-tu-2)#no shutdown Dell(conf-if-tu-2)#end Dell# Create Track Objects to track the Tunnel Interfaces: Dell#configure terminal Dell(conf)#track 1 interface tunnel 1 ip routing Dell(conf-track-1)#exit Dell(conf)#track 2 interface tunnel 2 ipv6 routing Dell(conf-track-2)#end Verify the Status of the Track Objects (Up/Down): Dell#show track brief...
Page 706 Create a Redirect-list with Track Objects pertaining to Tunnel Interfaces: Dell#configure terminal Dell(conf)#ip redirect-list explicit_tunnel Dell(conf-redirect-list)#redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24 Dell(conf-redirect-list)#redirect tunnel 1 track 1 tcp any any Dell(conf-redirect-list)#redirect tunnel 1 track 1 udp 155.55.0.0/16 host 144.144.144.144 Dell(conf-redirect-list)#redirect tunnel 2 track 2 tcp 155.55.2.0/24 222.22.2.0/24...
Page 707: Pim Sparse-Mode (Pim-Sm)
The SPT-Threshold is zero, which means that the last-hop designated router (DR) joins the shortest path tree (SPT) to the source after receiving the first multicast packet. • Dell Networking OS reduces the number of control messages sent between multicast routers by bundling Join and Prune requests in the same message. •...
Page 708: Refuse Multicast Traffic
Prune message. Dell Networking OS Behavior: When the router creates an SPT to the source, there are then two paths between the receiver and the source, the SPT and the RPT. Until the router can prune itself from the RPT, the receiver receives duplicate multicast packets which may cause disruption.
Page 709: Configuring Pim-Sm
Enable PIM-Sparse mode. INTERFACE mode ip pim sparse-mode Examples of Viewing PIM-SM Information To display which interfaces are enabled with PIM-SM, use the show ip pim interface command from EXEC Privilege mode. Dell#show ip pim interface Address Interface Ver/ Query Mode Count...
Page 710: Configuring S,G Expiry Timers
NOTE: You can influence the selection of the Rendezvous Point by enabling PIM-Sparse mode on a Loopback interface and assigning a low IP address. To display PIM neighbors for each interface, use the show ip pim neighbor command EXEC Privilege mode. Dell#show ip pim neighbor Neighbor Interface Uptime/Expires Address Prio/Mode 127.87.5.5...
Page 711: Configuring A Static Rendezvous Point
10 permit ip any 232.1.1.0/24 seq 15 permit ip 100.1.0.0/16 any Dell(config-ext-nacl)#exit Dell(conf)#ip pim sparse-mode sg-expiry-timer 1800 sg-list SGtimer To display the expiry time configuration, use the show running-configuration [acl | pim] command from EXEC Privilege mode. Configuring a Static Rendezvous Point The rendezvous point (RP) is a PIM-enabled interface on a router that acts as the root a group-specific tree;...
Page 712: Overriding Bootstrap Router Updates
226.1.1.1 165.87.50.5 To display the assigned RP for a group range (group-to-RP mapping), use the show ip pim rp mapping command in EXEC privilege mode. Dell#show ip pim rp mapping PIM Group-to-RP Mappings Group(s): 224.0.0.0/4, Static RP: 165.87.50.5, v2 Configuring a Designated Router Multiple PIM-SM routers might be connected to a single local area network (LAN) segment.
Page 713: Creating Multicast Boundaries And Domains
Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM multicast border routers (PMBRs). PMBRs connect each PIM domain to the rest of the Internet. Create multicast boundaries and domains by filtering inbound and outbound bootstrap router (BSR) messages per interface.
Page 714: Pim Source-Specific Mode (Pim-Ssm)
SPT. PIM-SSM uses IGMPv3. Because receivers subscribe to a source and group, the RP and shared tree is unnecessary; only SPTs are used. On Dell Networking systems, it is possible to use PIM-SM with IGMPv3 to achieve the same result, but PIM-SSM eliminates the unnecessary protocol overhead.
Page 715: Configure Pim-Smm
Then, specify the multicast source. • When an SSM map is in place and Dell Networking OS cannot find any matching access lists for a group, it continues to create (*,G) entries because there is an implicit deny for unspecified groups in the ACL.
Page 716: Configuring Pim-Ssm With Igmpv2
When an extended ACL is associated with this command, Dell Networking OS displays an error message. If you apply an extended ACL before you create it, Dell Networking OS accepts the configuration, but when the ACL is later defined, Dell Networking OS ignores the ACL and the stated mapping has no effect.
Page 717 Router mode INCLUDE Last reporter 165.87.34.100 Group source list Source address Expires 165.87.32.21 Never R1(conf)#do show run pim ip pim rp-address 10.11.12.2 group-address 224.0.0.0/4 ip pim ssm-range ssm R1(conf)#do show run acl ip access-list standard map seq 5 permit host 239.0.0.2 ip access-list standard ssm seq 5 permit host 239.0.0.2 R1(conf)#ip igmp ssm-map map 10.11.5.2...
Page 718: Port Monitoring
In general, a monitoring port should have no ip address and no shutdown as the only configuration; Dell Networking OS permits a limited set of commands for monitoring ports. You can display these commands using the ? command. A monitoring port also may not be a member of a VLAN.
Page 719: Port Monitoring
Port Monitoring The S4820T supports multiple source-destination statements in a single monitor session. The maximum number of source ports that can be supported in a session is 128. The maximum number of destination ports that can be supported is 4 per port pipe.
Page 720: Configuring Port Monitoring
Figure 100. Port Monitoring Configurations on the S-Series Dell Networking OS Behavior: All monitored frames are tagged if the configured monitoring direction is egress (TX), regardless of whether the monitored port (MD) is a Layer 2 or Layer 3 port. If the MD port is a Layer 2 port, the frames are tagged with the VLAN ID of the VLAN to which the MD belongs.
Page 721 To display information on currently configured port-monitoring sessions, use the show monitor session command from EXEC Privilege mode. Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#$source ten 1/1 dest ten 1/2 dir rx Dell(conf-mon-sess-0)#show c monitor session 0 source TenGigabitEthernet 1/1 destination TenGigabitEthernet 1/2 direction rx...
Page 722: Enabling Flow-Based Monitoring
Enable flow-based monitoring for a monitoring session. MONITOR SESSION mode flow-based enable Define in access-list rules that include the keyword monitor. For port monitoring, Dell Networking OS only considers traffic matching rules with the keyword monitor. CONFIGURATION mode ip access-list...
Page 723: Remote Port Mirroring
Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#flow-based enable Dell(conf)#ip access-list ext testflow Dell(config-ext-nacl)#seq 5 permit icmp any any count bytes monitor Dell(config-ext-nacl)#seq 10 permit ip 102.1.1.0/24 any count bytes monitor Dell(config-ext-nacl)#seq 15 deny udp any any count bytes Dell(config-ext-nacl)#seq 20 deny tcp any any count bytes...
Page 724: Configuring Remote Port Mirroring
source session uses a separate reserved VLAN to transmit mirrored packets (mirrored source-session traffic is shown with an orange or green circle with a blue border). The reserved VLANs transport the mirrored traffic in sessions (blue pipes) to the destination analyzers in the local network.
Page 725 • Mirrored traffic is transported across the network using 802.1Q-in-802.1Q tunneling. The source address, destination address and original VLAN ID of the mirrored packet are preserved with the tagged VLAN header. Untagged source packets are tagged with the reserve VLAN ID. •...
Page 726: Displaying Remote-Port Mirroring Configurations
Port-channel 10 destination remote-vlan 300 direction rx no disable To display the currently configured source and destination sessions for remote port mirroring on a switch, enter the show monitor session command in EXEC Privilege mode. Dell(conf)#do show monitor session SessID Source Destination...
Page 727 Configuring the sample Source Remote Port Mirroring Dell(conf)#interface vlan 10 Dell(conf-if-vl-10)#mode remote-port-mirroring Dell(conf-if-vl-10)#tagged te 1/4 Dell(conf-if-vl-10)#exit Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source te 1/5 destination remote-vlan 10 dir rx Dell(conf-mon-sess-1)#no disable Dell(conf-mon-sess-1)#exit Dell(conf)#inte vlan 100 Dell(conf-if-vl-100)#tagged te 1/7 Dell(conf-if-vl-100)#exit Dell(conf)#interface vlan 20...
Page 728 Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 1/30 Dell(conf-if-vl-30)#exit Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#channel-member te 1/28-29 Dell(conf-if-po-10)#no shutdown Dell(conf-if-po-10)#exit Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source port-channel 10 dest remote-vlan 30 dir both Dell(conf-mon-sess-3)#no disable Dell(conf-mon-sess-3)# Dell(conf-mon-sess-3)#exit Dell(conf)#end Dell# Dell#show monitor session SessID Source...
Page 729 Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source remote-vlan 10 dest te 1/4 Dell(conf-mon-sess-1)#exit Dell(conf)#monitor session 2 type rpm Dell(conf-mon-sess-2)#source remote-vlan 20 destination te 1/5 Dell(conf-mon-sess-2)#tagged destination te 0/4 Dell(conf-mon-sess-2)#exit Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source remote-vlan 30 destination te 1/6 Dell(conf-mon-sess-3)#tagged destination te 1/6...
Page 730: Configuring The Encapsulated Remote Port Mirroring
Important: The steps to be followed for the ERPM Encapsulation : • Dell Networking OS supports ERPM Source session only. The Encapsulated packets terminate at the destination ip or at the analyzer. • Make sure that the destination ip is reachable via the configured ip route (static or dynamic) •...
Page 731 Sample example for monitoring the VLANs as source, an access list with monitor keyword in its rules needs to be attached to the vlan interface. Dell(conf)#mac access-list standard flow Dell(config-std-macl)#seq 5 permit 00:00:0a:00:00:0b count monitor Dell#show running-config interface vlan 11 interface Vlan 11...
Page 732: Erpm Behavior On A Typical Dell Networking Os
ERPM Behavior on a typical Dell Networking OS The Dell Networking OS is designed to support only the Encapsulation of the data received / transmitted at the specified source port (Port A). An ERPM destination session / decapsulation of the ERPM packets at the destination Switch are not supported.
Page 733 – This script erpm.zip is available for download at the following location: http:// en.community.dell.com/techcenter/networking/m/force10_networking_scripts/ 20438882.aspx – Unzip the erpm.zip and copy the erpm.py file to the Linux server.
Page 734: Private Vlans (Pvlan)
Dell Networking OS Command Line Reference Guide. Private VLANs extend the Dell Networking OS security suite by providing Layer 2 isolation between ports within the same virtual local area network (VLAN). A PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair.
Page 735: Using The Private Vlan Commands
– A switch can have one or more primary VLANs, and it can have none. – A primary VLAN has one or more secondary VLANs. – A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch.
Page 736: Configuration Task List
VLANs are operationally up, Layer 3 traffic is still transmitted across secondary VLANs. NOTE: The outputs of the show arp and show vlan commands provide PVLAN data. For more information, refer to the Dell Networking OS Command Line Reference Guide. Configuration Task List The following sections contain the procedures that configure a private VLAN.
Page 737: Creating A Primary Vlan
“regular” ports (ports not configured as PVLAN ports) to PVLANs. The following example shows the switchport mode private-vlan command on a port and on a port channel. Dell#conf Dell(conf)#interface TenGigabitEthernet 2/1 Dell(conf-if-te-2/1)#switchport mode private-vlan promiscuous Dell(conf)#interface TenGigabitEthernet 2/2 Dell(conf-if-te-2/2)#switchport mode private-vlan host Dell(conf)#interface TenGigabitEthernet 2/3 Dell(conf-if-te-2/3)#switchport mode private-vlan trunk...
Page 738: Creating A Community Vlan
Map secondary VLANs to the selected primary VLAN. INTERFACE VLAN mode private-vlan mapping secondary-vlan vlan-list The list of secondary VLANs can be: • Specified in comma-delimited (VLAN-ID,VLAN-ID) or hyphenated-range format (VLAN-ID- VLAN-ID). • Specified with this command even before they have been created. •...
Page 739: Creating An Isolated Vlan
PVLAN member VLANs (primary, community, and isolated VLANs). Dell#conf Dell(conf)# interface vlan 10 Dell(conf-vlan-10)# private-vlan mode primary Dell(conf-vlan-10)# private-vlan mapping secondary-vlan 100-101 Dell(conf-vlan-10)# untagged Te 2/1 Dell(conf-vlan-10)# tagged Te 2/3 Dell(conf)# interface vlan 101 Dell(conf-vlan-101)# private-vlan mode community...
Page 740: Private Vlan Configuration Example
Dell(conf-vlan-100)# private-vlan mode isolated Dell(conf-vlan-100)# untagged Te 2/2 Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 102. Sample Private VLAN Topology The following configuration is based on the example diagram for the Z9500: • Te 1/1 and Te 1/23 are configured as promiscuous ports, assigned to the primary VLAN, VLAN 4000.
Page 741: Inspecting The Private Vlan Configuration
Display the type and status of the configured PVLAN interfaces. show interfaces private-vlan [interface interface] This command is specific to the PVLAN feature. For more information, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide. •...
Page 742 The following examples show the results of using this command without the command options on the C300 and S50V switches in the topology diagram previously shown. • Display the primary-secondary VLAN mapping. The following example shows the output from the S50V.
Page 743 interface TenGigabitEthernet 1/5 no ip address switchport switchport mode private-vlan host no shutdown interface TenGigabitEthernet 1/6 no ip address switchport switchport mode private-vlan host no shutdown interface TenGigabitEthernet 1/25 no ip address switchport switchport mode private-vlan trunk no shutdown interface Vlan 4000 private-vlan mode primary private-vlan mapping secondary-vlan 4001-4003 no ip address...
Page 744: Per-Vlan Spanning Tree Plus (Pvst+)
For more information about spanning tree, refer to the Spanning Tree Protocol (STP) chapter. Figure 103. Per-VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Per-VLAN Spanning Tree Plus (PVST+)
Page 745: Implementation Information
The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs (as shown in the following table). Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multivendor network, verify that the costs are values you intended.
Page 746: Disabling Pvst
protocol spanning-tree pvst Enable PVST+. PROTOCOL PVST mode no disable Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands. • Disable PVST+ globally. PROTOCOL PVST mode disable • Disable PVST+ on an interface, or remove a PVST+ parameter configuration. INTERFACE mode no spanning-tree pvst Example of Viewing PVST+ Configuration...
Page 747 Figure 104. Load Balancing with PVST+ The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root, assign bridges a low non-default value for bridge priority.
Page 748: Modifying Global Pvst+ Parameters
The default is 15 seconds. • Change the hello-time parameter. PROTOCOL PVST mode vlan hello-time NOTE: With large configurations (especially those configurations with more ports), Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. •...
Page 749: Modifying Interface Pvst+ Parameters
NOTE: The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs. Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multi-vendor network, verify that the costs are values you intended.
Page 750: Configuring An Edgeport
[bpduguard | shutdown-on-violation] The EdgePort status of each interface is given in the output of the show spanning-tree pvst command, as previously shown. Dell Networking OS Behavior: Regarding the bpduguard shutdown-on-violation command behavior: • If the interface to be shut down is a port channel, all the member ports are disabled in the hardware.
Page 751: Pvst+ In Multi-Vendor Networks
PVST+ to avoid potential misconfigurations. If you enable PVST+ on the Dell Networking switch in this network, P1 and P2 receive BPDUs from each other. Ordinarily, the Bridge ID in the frame matches the Root ID, a loop is detected, and the rules of convergence require that P2 move to blocking state because it has the lowest port ID.
Page 752: Pvst+ Sample Configurations
Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32773 (priority 32768 sys-id-ext 5), Address 0001.e832.73f7...
Page 753 no ip address tagged TenGigabitEthernet 2/12,32 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 2/12,32 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 2/12,32 no shutdown protocol spanning-tree pvst no disable vlan 200 bridge-priority 4096 Example of PVST+ Configuration (R3) interface TenGigabitEthernet 3/12 no ip address switchport...
Page 754: Quality Of Service (Qos)
Quality of service (QoS) is supported on Dell Networking OS. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 58. Dell Networking Operating System (OS) Support for Port-Based, Policy-Based Features Feature Direction Port-Based QoS Configurations...
Page 755 Feature Direction Configure a Scheduler to Queue Egress Specify WRED Drop Precedence Egress Create Policy Maps Ingress + Egress Create Input Policy Maps Ingress Honor DSCP Values on Ingress Packets Ingress Honoring dot1p Values on Ingress Packets Ingress Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress...
Page 756: Implementation Information
Figure 106. Dell Networking QoS Architecture Implementation Information The Dell Networking QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication. It also implements these Internet Engineering Task Force (IETF) documents: • RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 Headers •...
Page 757: Setting Dot1P Priorities For Incoming Traffic
Setting dot1p Priorities for Incoming Traffic Dell Networking OS places traffic marked with a priority in a queue based on the following table. If you set a dot1p priority for a port-channel, all port-channel members are configured with the same value.
Page 758: Configuring Port-Based Rate Policing
Dell(conf-if-te-1/1)#end Configuring Port-Based Rate Shaping Dell Networking OS Behavior: Rate shaping is effectively rate limiting because of its smaller buffer size. Rate shaping on tagged ports is slightly greater than the configured rate and rate shaping on untagged ports is slightly less than configured rate.
Page 759: Policy-Based Qos Configurations
QoS Policy mode rate-shape Example of rate shape Command Dell#configure terminal Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#rate shape 500 50 Dell(conf-if-te-1/1)#end Policy-Based QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 107. Constructing Policy-Based QoS Configurations...
Page 760: Classify Traffic
Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps, Layer 2 and Layer 3, Dell Networking OS matches packets against match criteria in the order that you configure them.
Page 761 CLASS MAP mode match mac After you create a class-map, Dell Networking OS places you in CLASS MAP mode. Match-any class maps allow up to five access-lists. Match-all class-maps allow only one. You can match against only one VLAN ID.
Page 762 To display all class-maps or a specific class map, use the following command. Dell Networking OS Behavior: An explicit “deny any" rule in a Layer 3 ACL used in a (match any or match all) class-map creates a "default to Queue 0" entry in the CAM, which causes unintended traffic classification.
Page 763: Create A Qos Policy
10 deny ip any any ip access-list extended AF2 seq 5 permit ip host 23.64.0.5 any seq 10 deny ip any any Dell# show cam layer3-qos interface tengigabitethernet 2/4 Port Dscp Proto Tcp Dst SrcIp DstIp DSCP Queue Index...
Page 764 NOTE: To avoid issues misconfiguration causes, Dell Networking recommends configuring either DCBX or Egress QoS features, but not both simultaneously. If you enable both DCBX and Egress QoS at the same time, the DCBX configuration is applied and unexpected behavior occurs on the Egress QoS.
Page 765: Create Policy Maps
Configuring Policy-Based Rate Shaping To configure policy-based rate shaping, use the following command. • Configure rate shape egress traffic. QOS-POLICY-OUT mode rate-shape Allocating Bandwidth to Queue Schedule packets for egress based on Deficit Round Robin (DRR). These strategies both offer a guaranteed data rate.
Page 766 qos-polcy Honoring DSCP Values on Ingress Packets Dell Networking OS provides the ability to honor DSCP values on ingress packets using Trust DSCP feature. The following table lists the standard DSCP definitions and indicates to which queues Dell Networking OS maps DSCP values.
Page 767 Honoring dot1p Values on Ingress Packets Dell Networking OS honors dot1p values on ingress packets with the Trust dot1p feature. The following table specifies the queue to which the classified traffic is sent based on the dot1p value. Table 62. Default dot1p to Queue Mapping...
Page 768 • If you apply a service policy that contains an ACL to more than one interface, Dell Networking OS uses ACL optimization to conserve CAM space. The ACL optimization behavior detects when an ACL exists in the CAM rather than writing it to the CAM multiple times.
Page 769: Dscp Color Maps
INTERFACE mode service-queue Specifying an Aggregate QoS Policy To specify an aggregate QoS policy, use the following command. • Specify an aggregate QoS policy. POLICY-MAP-OUT mode policy-aggregate Applying an Output Policy Map to an Interface To apply an output policy map to an interface, use the following command. •...
Page 770 1/11. Create the DSCP color map profile, bat-enclave-map, with a yellow drop precedence , and set the DSCP values to 9,10,11,13,15,16 Dell(conf)# qos dscp-color-map bat-enclave-map Dell(conf-dscp-color-map)# dscp yellow 9,10,11,13,15,16 Dell (conf-dscp-color-map)# exit Assign the color map, bat-enclave-map to interface te 1/11 .
Page 771: Enabling Qos Rate Adjustment
20,30 Enabling QoS Rate Adjustment By default while rate limiting, policing, and shaping, Dell Networking OS does not include the Preamble, SFD, or the IFG fields. These fields are overhead; only the fields from MAC destination address to the CRC are used for forwarding and are included in these rate metering calculations.
Page 772: Enabling Strict-Priority Queueing
The default is disabled. The range is from 1 to 31. Enabling Strict-Priority Queueing Strict-priority means that Dell Networking OS de-queues all packets from the assigned queue before servicing any other queues. • The strict-priority supersedes bandwidth-percentage configuration.
Page 773: Creating Wred Profiles
Figure 108. Packet Drop Rate for WRED You can create a custom WRED profile or use one of the five pre-defined profiles. Table 64. Pre-Defined WRED Profiles Default Profile Name Minimum Threshold Maximum Threshold Maximum Drop Rate wred_drop wred_teng_y 4671 wred_teng_g 4671 wred_fortyg_y...
Page 774: Applying A Wred Profile To Traffic
Dell Networking OS assigns a color (also called drop precedence) — red, yellow, or green — to each packet based on it DSCP value before queuing it. DSCP is a 6–bit field. Dell Networking uses the first three bits (LSB) of this field (DP) to determine the drop precedence.
Page 775: Pre-Calculating Available Qos Cam Space
Pre-Calculating Available QoS CAM Space Before Dell Networking OS version 7.3.1, there was no way to measure the number of CAM entries a policy-map would consume (the number of CAM entries that a rule uses is not predictable; from 1 to 16 entries might be used per rule depending upon its complexity).
Page 776: Configuring Weights And Ecn For Wred
Example of the test cam-usage Command Dell# test cam-usage service-policy input pmap_l2 port-set 0 Port-pipe | CAM Partition | Available CAM | Estimated CAM | Status ===================================================================== L2ACL Allowed(2) Configuring Weights and ECN for WRED The WRED congestion avoidance functionality drops packets to prevent buffering resources from being consumed.
Page 777: Global Service Pools With Wred And Ecn Settings
S4820T platform support four global service-pools in the egress direction. Two service pools are used– one for loss-based queues and the other for lossless (priority-based flow control (PFC)) queues.
Page 778: Configuring Wred And Ecn Attributes
Dell(conf-wred) #threshold min 300 max 400 max-drop-rate 80 Create a global buffer pool that is a shared buffer pool accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed. S4820T platform supports four global service-pools in the egress direction.
Page 779: Guidelines For Configuring Ecn For Classifying And Color-Marking Packets
• Because this functionality forcibly marks all the packets matching the specific match criteria as ‘yellow’, Dell Networking OS does not support Policer based coloring and this feature concurrently. • If single rate two color policer is configured along with this feature, then by default all packets less than PIR would be considered as “Green”...
Page 780: Sample Configuration To Mark Non-Ecn Packets As "Yellow" With Multiple Traffic Class
Consider the example where there are no different traffic classes that is all the packets are egressing on the default ‘queue0’. Dell Networking OS can be configured as below to mark the non-ecn packets as yellow packets. ip access-list standard ecn_0...
Page 781 This way the entire 8-bit ToS field of the IPv4 header shall be used to classify traffic. The Dell Networking OS Release 9.3(0.0) supports the following QOS actions in the ingress policy based QOS: Rate Policing...
Page 782: Sample Configuration To Mark Non-Ecn Packets As "Yellow" With Single Traffic Class
‘yellow’ alone will be provided. By default Dell Networking OS drops all the ‘RED’ or ‘violate’ packets. The following combination of marking actions to be specified match sequence of the class-map command: •...
Page 783: Applying Layer 2 Match Criteria On A Layer 3 Interface
match ip access-group dscp_40_non_ecn set-color yellow match ip access-group dscp_40 class-map match-any class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50 policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets: ip access-list standard dscp_50_ecn seq 5 permit any dscp 50 ecn 1 seq 10 permit any dscp 50 ecn 2...
Page 784: Applying Dscp And Vlan Match Criteria On A Service Queue
Apply the Layer 2 policy on a Layer 3 interface. INTERFACE mode Dell(conf-if-fo-1/4)# service-policy input l2p layer2 Applying DSCP and VLAN Match Criteria on a Service Queue You can configure Layer 3 class maps which contain both a Layer 3 Differentiated Services Code Point (DSCP) and IP VLAN IDs as match criteria to filter incoming packets on a service queue on the switch.
Page 785 Create an input policy map. CONFIGURATION mode Dell(conf)#policy-map-input pp_policmap Create a service queue to associate the class map and QoS policy map. POLICY-MAP mode Dell(conf-policy-map-in)#service-queue 0 class-map pp_classmap qos-policy pp_qospolicy Quality of Service (QoS)
Page 786: Routing Information Protocol (Rip)
Routing Information Protocol (RIP) Routing information protocol (RIP) is supported on Dell Networking OS. RIP is based on a distance-vector algorithm; it tracks distances or hop counts to nearby routers when establishing network connections. RIP protocol standards are listed in the Standards Compliance chapter.
Page 787: Implementation Information
Implementation Information Dell Networking OS supports both versions of RIP and allows you to configure one version globally and the other version on interfaces or both versions on the interfaces. The following table lists the defaults for RIP in Dell Networking OS.
Page 788 After designating networks with which the system is to exchange RIP information, ensure that all devices on that network are configured to exchange RIP information. The Dell Networking OS default is to send RIPv1 and to receive RIPv1 and RIPv2. To change the RIP version globally, use the version command in ROUTER RIP mode.
Page 789 [120/1] via 29.10.10.12, 00:00:27, Fa 1/4 192.161.1.0/24 auto-summary 192.162.3.0/24 [120/1] via 29.10.10.12, 00:01:22, Fa 1/4 192.162.3.0/24 auto-summary Dell#show ip rip database Total number of routes in RIP database: 978 160.160.0.0/16 [120/1] via 29.10.10.12, 00:00:26, Fa 1/49 160.160.0.0/16 auto-summary 2.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 1/49 2.0.0.0/8...
Page 790 A prefix list is applied to incoming or outgoing routes. Those routes must meet the conditions of the prefix list; if not, Dell Networking OS drops the route. Prefix lists are globally applied on all interfaces running RIP. Configure the prefix list in PREFIX LIST mode prior to assigning it to the RIP process.
Page 791 Setting the Send and Receive Version To change the RIP version globally or on an interface in Dell Networking OS, use the following command. To specify the RIP version, use the version command in ROUTER RIP mode. To set an interface to receive only one or the other version, use the ip rip send version or the ip rip receive version commands in INTERFACE mode.
Page 792 Dell(conf-if)#ip rip receive version 2 The following example of the show ip protocols command confirms that both versions are sent out that interface. This interface no longer sends and receives the same RIP versions as Dell Networking OS does globally (shown in bold).
Page 793 Default routes are not enabled in RIP unless specified. Use the default-information originate command in ROUTER RIP mode to generate a default route into RIP. In Dell Networking OS, default routes received in RIP updates from other routes are advertised if you configure the default- information originate command.
Page 794: Rip Configuration Example
Enable debugging of RIP. Example of the debug ip rip Command The following example shows the confirmation when you enable the debug function. Dell#debug ip rip RIP protocol debug is ON Dell# To disable RIP, use the no debug ip rip command.
Page 795 • RIP Configuration on Core 3 • Core 3 RIP Output • RIP Configuration Summary Figure 109. RIP Topology Example RIP Configuration on Core2 The following example shows how to configure RIPv2 on a host named Core2. Example of Configuring RIPv2 on Core 2 Core2(conf-if-te-2/3)# Core2(conf-if-te-2/3)#router rip Core2(conf-router_rip)#ver 2...
Page 796 10.0.0.0/8 auto-summary 192.168.1.0/24 [120/1] via 10.11.20.1, 00:00:03, TenGigabitEthernet 2/3 192.168.1.0/24 auto-summary 192.168.2.0/24 [120/1] via 10.11.20.1, 00:00:03, TenGigabitEthernet 2/3 192.168.2.0/24 auto-summary Core2# The following example shows the show ip route command to show the RIP setup on Core 2. Core2#show ip route Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1,...
Page 797 Gateway Distance Last Update 10.11.20.1 00:00:12 Distance: (default is 120) Core2# RIP Configuration on Core3 The following example shows how to configure RIPv2 on a host named Core3. Example of Configuring RIPv2 on Core3 Core3(conf-if-te-3/21)#router rip Core3(conf-router_rip)#version 2 Core3(conf-router_rip)#network 192.168.1.0 Core3(conf-router_rip)#network 192.168.2.0 Core3(conf-router_rip)#network 10.11.30.0 Core3(conf-router_rip)#network 10.11.20.0...
Page 798 O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, >...
Page 799 ip address 10.11.20.2/24 no shutdown interface TenGigabitEthernet 2/4 ip address 10.200.10.1/24 no shutdown interface TenGigabitEthernet 2/5 ip address 10.250.10.1/24 no shutdown router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 The following example shows viewing the RIP configuration on Core 3. interface TenGigabitEthernet 3/1 ip address 10.11.30.1/24 no shutdown...
Page 800: Remote Monitoring (Rmon)
Remote Monitoring (RMON) Remote monitoring (RMON) is supported on Dell Networking OS. RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces.
Page 801: Setting The Rmon Alarm
The sampling process continues after the chassis returns to operation. • Platform Adaptation — RMON supports all Dell Networking chassis and all Dell Networking Ethernet interfaces. Setting the rmon Alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode.
Page 802: Configuring An Rmon Event
This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”. Dell(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 Remote Monitoring (RMON)
Page 803: Configuring Rmon Collection Statistics
The following command example enables the RMON statistics collection on the interface, with an ID value of 20 and an owner of john. Dell(conf-if-mgmt)#rmon collection statistics controlEntry 20 owner john Configuring the RMON Collection History To enable the RMON MIB history group of statistics collection on an interface, use the rmon collection history command in INTERFACE CONFIGURATION mode.
Page 804 The following command example enables an RMON MIB collection history group of statistics with an ID number of 20 and an owner of john, both the sampling interval and the number of buckets use their respective defaults. Dell(conf-if-mgmt)#rmon collection history controlEntry 20 owner john Remote Monitoring (RMON)
Page 805: Rapid Spanning Tree Protocol (Rstp)
(STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP). The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 67. Spanning Tree Variations Dell Networking OS Supports...
Page 806: Important Points To Remember
Adding a group of ports to a range of VLANs sends multiple messages to the rapid spanning tree protocol (RSTP) task, avoid using the range command. When using the range command, Dell Networking recommends limiting the range to five ports and 40 VLANs.
Page 807: Enabling Rapid Spanning Tree Protocol Globally
To disable RSTP globally for all Layer 2 interfaces, enter the disable command from PROTOCOL SPANNING TREE RSTP mode. To verify that RSTP is enabled, use the show config command from PROTOCOL SPANNING TREE RSTP mode. The bold line indicates that RSTP is enabled. Dell(conf-rstp)#show config protocol spanning-tree rstp no disable Dell(conf-rstp)#...
Page 808 If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.cbb4...
Page 809: Adding And Removing Interfaces
BPDU : sent 121, received 2 The port is not in the Edge port mode Port 379 (TenGigabitEthernet 2/3) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.379 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port id is 128.379, designated path cost 0 Number of transitions to forwarding state 1 BPDU : sent 121, received 5...
Page 810: Modifying Global Parameters
Max-age — the length of time the bridge maintains configuration information before it refreshes that information by recomputing the RST topology. NOTE: Dell Networking recommends that only experienced network administrators change the Rapid Spanning Tree group parameters. Poorly planned modification of the RSTP parameters can negatively affect network performance.
Page 811: Enabling Snmp Traps For Root Elections And Topology Changes
NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. • Change the max-age parameter. PROTOCOL SPANNING TREE RSTP mode max-age seconds The range is from 6 to 40.
Page 812: Enabling Snmp Traps For Root Elections And Topology Changes
PortFast mode in Spanning Tree. CAUTION: Configure EdgePort only on links connecting to an end station. If you enable EdgePort on an interface connected to a network, it can cause loops. Dell Networking OS Behavior: Regarding bpduguard shutdown-on-violation behavior: Rapid Spanning Tree Protocol (RSTP)
Page 813: Configuring Fast Hellos For Link State Detection
To verify that EdgePort is enabled on a port, use the show spanning-tree rstp command from EXEC privilege mode or the show config command from INTERFACE mode. NOTE: Dell Networking recommends using the show config command from INTERFACE mode. In the following example, the bold line indicates that the interface is in EdgePort mode.
Page 814 The range is from 50 to 950 milliseconds. Example of Verifying Hello-Time Interval Dell(conf-rstp)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e811.2233 Root Bridge hello time 50 ms, max age 20, forward delay 15 Bridge ID Priority 0, Address 0001.e811.2233...
Page 815: Software-Defined Networking (Sdn)
Software-Defined Networking (SDN) Dell Networking operating software supports Software-Defined Networking (SDN). For more information, refer to the SDN Deployment Guide. Software-Defined Networking (SDN)
Page 816: Security
Security features are supported on Dell Networking OS. This chapter describes several ways to provide security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide.
Page 817 – tacacs+: designate the security service. Currently, Dell Networking OS supports only TACACS+. Suppressing AAA Accounting for Null Username Sessions When you activate AAA accounting, the Dell Networking OS software issues accounting records for all users on the system, including users whose username string is NULL because of protocol translation.
Page 818: Aaa Authentication
With AAA, you can specify the security protocol or mechanism for different login methods and different users. In Dell Networking OS, AAA uses a list of authentication methods, called method lists, to define the types of authentication and the sequence in which they are applied. You can define a method list or use the default method list.
Page 819: Configuration Task List For Aaa Authentication
If the first method list does not respond or returns an error, Dell Networking OS applies the next method list until the user either passes or fails the authentication. If the user fails a method list, Dell Networking OS does not apply the next method list.
Page 820 To view the configuration, use the show config command in LINE mode or the show running- config in EXEC Privilege mode. NOTE: Dell Networking recommends using the none method only as a backup. This method does not authenticate users. The none and enable methods do not work with secure shell (SSH).
Page 821: Obscuring Passwords And Keys
Dell(config-line-vty)# enable authentication mymethodlist Server-Side Configuration • TACACS+ — When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then sends a second packet with just the password. The TACACS server must have an entry for username $enable$.
Page 822: Aaa Authorization
Every command in Dell Networking OS is assigned a privilege level of 0, 1, or 15. You can configure up to 16 privilege levels in Dell Networking OS. Dell Networking OS is pre-configured with three privilege levels and you can configure 13 more.
Page 823 Security chapter in the Dell Networking OS Command Reference Guide. Configuring a Username and Password In Dell Networking OS, you can assign a specific username to limit user access to the system. To configure a username and password, use the following command.
Page 824 In custom-configured privilege levels, the enable command is always available. No matter what privilege level you entered Dell Networking OS, you can enter the enable 15 command to access and configure all CLIs. Configuring Custom Privilege Levels In addition to assigning privilege levels to the user, you can configure the privilege levels of commands so that they are visible in different privilege levels.
Page 825 0 to 15. Levels 0, 1, and 15 are pre-configured. Levels 2 to 14 are available for custom configuration. • command: an Dell Networking OS CLI keyword (up to five keywords allowed). • reset: return the command to its default privilege mode.
Page 826 • Set a user’s security level. EXEC Privilege mode enable or enable privilege-level If you do not enter a privilege level, Dell Networking OS sets it to 15 by default. • Move to a lower privilege level. EXEC Privilege mode disable level-number –...
Page 827 The Z9000 system boots up with factory default configuration. The default Dell> system prompt displays when the system boots. Copy the startup-config into the running-config. To display the content of the startup-config, remove the previous authentication configuration and set the new authentication parameters.
Page 828: Radius
This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and a RADIUS client (the Dell Networking system). The system sends user information to the RADIUS server and requests authentication of the user and password. The RADIUS server returns one of the following responses: •...
Page 829: Configuration Task List For Radius
Monitoring RADIUS (optional) For a complete listing of all Dell Networking OS commands related to RADIUS, refer to the Security chapter in the Dell Networking OS Command Reference Guide. NOTE: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of authentication.
Page 830 • Create a method list with RADIUS and TACACS+ as authorization methods. CONFIGURATION mode aaa authorization exec {method-list-name | default} radius tacacs+ Typical order of methods: RADIUS, TACACS+, Local, None. If RADIUS denies authorization, the session ends (RADIUS must not be the last method specified). Applying the Method List to Terminal Lines To enable RADIUS AAA login authentication for a method list, apply it to a terminal line.
Page 831 To specify multiple RADIUS server hosts, configure the radius-server host command multiple times. If you configure multiple RADIUS server hosts, Dell Networking OS attempts to connect with them in the order in which they were configured. When Dell Networking OS attempts to authenticate a user, the software connects with the RADIUS server hosts one at a time, until a RADIUS server host responds with an accept or reject response.
Page 832: Tacacs
TACACS+ Remote Authentication • Specifying a TACACS+ Server Host For a complete listing of all commands related to TACACS+, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Choosing TACACS+ as the Authentication Method One of the login authentication methods available is TACACS+ and the user’s name and password are sent for authentication to the TACACS hosts specified.
Page 833 For example, if the TACACS+ server is reachable, but the server key is invalid, Dell Networking OS proceeds to the next authentication method. In the following example, the TACACS+ is incorrect, but the user is still authenticated by the secondary method.
Page 834: Tacacs+ Remote Authentication
Example of Connecting with a TACACS+ Server Host To specify multiple TACACS+ server hosts, configure the tacacs-server host command multiple times. If you configure multiple TACACS+ server hosts, Dell Networking OS attempts to connect with them in the order in which they were configured.
Page 835: Command Authorization
Secure shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. Dell Networking OS is compatible with SSH versions 1.5 and 2, in both the client and server modes. SSH sessions are encrypted and use authentication. SSH is enabled by default.
Page 836: Using Scp With Ssh To Copy A Software Image
Specifying an SSH Version The following example uses the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh command to confirm the setting. Dell(conf)#ip ssh server version 2 Dell(conf)#do show ip ssh SSH server : enabled.
Page 837: Configuring When To Re-Generate An Ssh Key
The default is 1024 megabytes. Examples The following example configures the time-based rekey threshold for an SSH session to 30 minutes. Dell(conf)#ip ssh rekey time 30 The following example configures the volume-based rekey threshold for an SSH session to 4096 megabytes.
Page 838: Configuring The Hmac Algorithm For The Ssh Server
Example of Configuring a HMAC Algorithm The following example shows you how to configure a HMAC algorithm list. Dell(conf)# ip ssh server mac hmac-sha1-96 Configuring the SSH Server Cipher List To configure the cipher list supported by the SSH server, use the ip ssh server cipher cipher-list command in CONFIGURATION mode.
Page 839: Secure Shell Authentication
Secure Shell (SSH) is enabled by default using the SSH Password Authentication method. Enabling SSH Authentication by Password Authenticate an SSH client by prompting for a password when attempting to connect to the Dell Networking system. This setup is the simplest method of authentication and uses SSH version 1.
Page 840 Create a list of IP addresses and usernames that are permitted to SSH in a file called rhosts. Refer to the second example. Copy the file shosts and rhosts to the Dell Networking system. Disable password authentication and RSA authentication, if configured...
Page 841 • SSH from the chassis to the SSH client. ssh ip_address Example of Client-Based SSH Authentication Dell#ssh 10.16.127.201 ? Encryption cipher to use (for v2 clients only) User name option HMAC algorithm to use (for v2 clients only) SSH server port option (default 22)
Page 842: Troubleshooting Ssh
Dell(conf)#ip telnet server enable Dell(conf)#no ip telnet server enable VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in Dell Networking OS. These depend on which authentication scheme you use — line, local, or remote. Table 69. VTY Access...
Page 843: Vty Line Local Authentication And Authorization
Dell Networking OS can assign different access classes to different users by username. Until users attempt to log in, Dell Networking OS does not know if they will be assigned a VTY line. This means that incoming users always see a login prompt even if you have excluded them from the VTY line with a deny- all access class.
Page 844: Vty Mac-Sa Filter Support
(same applies for radius and line authentication) VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security policy based on the source MAC address.
Page 845: Overview Of Rbac
Each user can be assigned only a single role. Many users can have the same role. The Dell Networking OS supports the constrained RBAC model. With a constrained RBAC model, you can inherit permissions when you create a new user role, restrict or add commands a user can enter and the actions the user can perform.
Page 846 When you enable role-based only AAA authorization using the aaa authorization role-only command in Configuration mode, the Dell Networking OS checks to ensure that you do not lock yourself out and that the user authentication is available for all terminal lines.
Page 847: User Roles
To enable role-based only AAA authorization: Dell(conf)#aaa authorization role-only System-Defined RBAC User Roles By default, the Dell Networking OS provides 4 system defined user roles. You can create up to 8 additional user roles. NOTE: You cannot delete any system defined roles.
Page 848 (secadmin) permissions. Create a new user role, myrole and inherit security administrator permissions. Dell(conf)#userrole myrole inherit secadmin Verify that the user role, myrole, has inherited the security administrator permissions. The output highlighted in bold indicates that the user role has successfully inherited the security administrator permissions.
Page 849 Note that the netadmin role is not listed in the Role access: secadmin,sysadmin, which means the netadmin cannot access the show users command. Dell(conf)#role exec deleterole netadmin show users Dell#show role mode exec show users Role access: secadmin,sysadmin...
Page 850 However, the secadmin can only access 10-Gigabit Ethernet interfaces. Dell(conf)#role configure addrole secadmin ? LINE Initial keywords of the command to modify Dell(conf)#role configure addrole secadmin interface tengigabitethernet Dell(conf)#show role mode configure interface Role access: netadmin, secadmin, sysadmin Example: Verify that the Security Administrator Can Access Interface Mode The following example shows that the secadmin role can now access Interface mode (highlighted in bold).
Page 851: Aaa Authentication And Authorization For Roles
Example The following example creates a user name that is authenticated based on a user role. Dell (conf) #username john password 0 password role secadmin The following example deletes a user role. NOTE: If you already have a user ID that exists with a privilege level, you can add the user role to...
Page 852 When role-based only AAA authorization is enabled, the enable, line, and none methods are not available. Each of these three methods allows users to be verified with either a password that is not specific to their user ID or with no password at all. Because of the lack of security these methods are not available for role only mode.
Page 853 For RBAC and privilege levels, the Dell Networking OS RADIUS and TACACS+ implementation supports two vendor-specific options: privilege level and roles. The Dell Networking vendor-ID is 6027 and the supported option has attribute of type string, which is titled “Force10-avpair”. The value is a string in the...
Page 854: Role Accounting
The following example configures an AV pair which allows a user to login from a network access server with a privilege level of 15, to have access to EXEC commands. The format to create a Dell Network OS AV pair for privilege level is shell:priv-lvl= where number is a value between 0 and 15.
Page 855: Display Information About User Roles
The following example applies the accounting default method to the user role secadmin (security administrator). Dell(conf-vty-0)# accounting commands role secadmin default Displaying Active Accounting Sessions for Roles To display active accounting sessions for each user role, use the show accounting command in EXEC mode.
Page 856 Line Configuration mode route-map Route map configuration mode router Router configuration mode Dell#show role mode configure username Role access: sysadmin Dell##show role mode configure password-attributes Role access: secadmin,sysadmin Dell#show role mode configure interface Role access: netadmin, sysadmin Dell#show role mode configure line...
Page 857: Service Provider Bridging
Service Provider Bridging Service provider bridging is supported on Dell Networking OS. VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges, which is an amendment to IEEE 802.1Q — Virtual Bridged Local Area Networks. It enables service providers to use 802.1Q architecture to offer separate VLANs to customers with no coordination between customers, and minimal coordination between customers and the provider.
Page 858: Important Points To Remember
Dell Networking cautions against using the same MAC address on different customer VLANs, on the same VLAN-Stack VLAN. • You cannot ping across the trunk port link if one or both of the systems is an S4820T. • This limitation becomes relevant if you enable the port as a multi-purpose port (carrying single- tagged and double-tagged traffic).
Page 859: Configure Vlan Stacking
Enabling VLAN-Stacking for a VLAN. Related Configuration Tasks • Configuring the Protocol Type Value for the Outer VLAN Tag • Configuring Dell Networking OS Options for Trunk Ports • Debugging VLAN Stacking • VLAN Stacking in Multi-Vendor Networks Creating Access and Trunk Ports To create access and trunk ports, use the following commands.
Page 860: Enable Vlan-Stacking For A Vlan
The default is 9100. To display the S-Tag TPID for a VLAN, use the show running-config command from EXEC privilege mode. Dell Networking OS displays the S-Tag TPID only if it is a non-default value. Configuring Dell Networking OS Options for Trunk Ports 802.1ad trunk ports may also be tagged members of a VLAN so that it can carry single and double-tagged...
Page 861: Debugging Vlan Stacking
In the following example, TenGigabitEthernet 1/1 is a trunk port that is configured as a hybrid port and then added to VLAN 100 as untagged VLAN 101 as tagged, and VLAN 103, which is a stacking VLAN. Dell(conf)#interface tenigabitethernet 1/1 Dell(conf-if-te-1/1)#portmode hybrid...
Page 862: Vlan Stacking In Multi-Vendor Networks
While 802.1Q requires that the inner tag TPID is 0x8100, it does not require a specific value for the outer tag TPID. Systems may use any 2-byte value; Dell Networking OS uses 0x9100 (shown in the following) while non-Dell Networking systems might use a different value.
Page 863 untagged traffic and maps each to the appropriate VLAN, as shown by the packet originating from Building A. Therefore, a mismatched TPID results in the port not differentiating between tagged and untagged traffic. Figure 112. Single and Double-Tag TPID Match Service Provider Bridging...
Page 864 Figure 113. Single and Double-Tag First-byte TPID Match Service Provider Bridging...
Page 865 Figure 114. Single and Double-Tag TPID Mismatch The following table details the outcome of matched and mismatched TPIDs in a VLAN-stacking network with the S-Series. Table 70. Behaviors for Mismatched TPID Network Incoming System TPID Match Type Pre-Version Version Position Packet TPID 8.2.1.0 8.2.1.0+...
Page 866: Vlan Stacking Packet Drop Precedence
Network Incoming System TPID Match Type Pre-Version Version Position Packet TPID 8.2.1.0 8.2.1.0+ 0x8100 single-tag switch to VLAN switch to VLAN match 0x81XY single-tag first- switch to VLAN switch to byte match default VLAN Core untagged 0xUVWX — switch to switch to default VLAN default VLAN...
Page 867: Honoring The Incoming Dei Value
By default, packets are colored green, and DEI is marked 0 on egress. Honoring the Incoming DEI Value To honor the incoming DEI value, you must explicitly map the DEI bit to an Dell Networking OS drop precedence. Precedence can have one of three colors.
Page 868: Dynamic Mode Cos For Vlan Stacking
1:8 expansion in these content addressable memory (CAM) tables. Dell Networking OS Behavior: For Option A shown in the previous illustration, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS...
Page 869: Mapping C-Tag To S-Tag Dot1P Values
configuration, the queue selected by Dynamic Mode CoS takes precedence. However, rate policing for the queue is determined by QoS configuration. For example, the following access-port configuration maps all traffic to Queue 0: vlan-stack dot1p-mapping c-tag-dot1p 0-7 sp-tag-dot1p 1 However, if the following QoS configuration also exists on the interface, traffic is queued to Queue 0 but is policed at 40Mbps (qos-policy-input for queue 3) because class-map "a"...
Page 870: Layer 2 Protocol Tunneling
cam-acl l2acl number ipv4acl number ipv6acl number ipv4qos number l2qos number l2pt number ipmacacl number ecfmacl number {vman-qos | vman-qos-dual- fp} number • vman-qos: mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p. This method requires half as many CAM entries as vman-qos-dual-fp. •...
Page 871 MAC address rewritten to the original MAC address and forwarded to the opposing network region (shown in the following illustration). Dell Networking OS Behavior: In Dell Networking OS versions prior to 8.2.1.0, the MAC address that Dell Networking systems use to overwrite the Bridge Group Address on ingress was non-configurable. The value of the L2PT MAC address was the Dell Networking-unique MAC address, 01-01-e8-00-00-00.
Page 872: Implementation Information
Dell Networking OS could recognize the significance of the destination MAC address and rewrite it to the original Bridge Group Address. In Dell Networking OS version 8.2.1.0 and later, the L2PT MAC address is user-configurable, so you can specify an address that non-Dell Networking systems can recognize and rewrite the address at egress edge.
Page 873: Enabling Layer 2 Protocol Tunneling
Specifying a Destination MAC Address for BPDUs By default, Dell Networking OS uses a Dell Networking-unique MAC address for tunneling BPDUs. You can configure another value. To specify a destination MAC address for BPDUs, use the following command.
Page 874: Debugging Layer 2 Protocol Tunneling
Set a maximum rate at which the RPM processes BPDUs for L2PT. VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting. The range is from 64 to 320 kbps. Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command. •...
Page 875: Sflow
Implementation Information Dell Networking sFlow is designed so that the hardware sampling rate is per line card port-pipe and is decided based on all the ports in that port-pipe. If you do not enable sFlow on any port specifically, the global sampling rate is downloaded to that port and is to calculate the port-pipe’s lowest sampling rate.
Page 876: Important Points To Remember
Configuration and EIS modes respectively. • Dell Networking OS exports all sFlow packets to the collector. A small sampling rate can equate to many exported packets. A backoff mechanism is automatically applied to reduce this amount. Some sampled packets may be dropped when the exported packet rate is high and the backoff mechanism is about to or is starting to take effect.
Page 877: Enabling And Disabling Sflow On An Interface
Te 1/1: configured rate 16384, actual rate 16384 Dell# If you did not enable any extended information, the show output displays the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 20...
Page 878: Sflow Show Commands
Show Commands Dell Networking OS includes the following sFlow display commands. • Displaying Show sFlow Globally • Displaying Show sFlow on an Interface • Displaying Show sFlow on a Line Card...
Page 879: Displaying Show Sflow Global
Display sFlow configuration information and statistics on a specific interface. EXEC mode show sflow interface interface-name Examples of the sFlow show Commands The following example shows the show sflow interface command. Dell#show sflow interface tengigabitethernet 1/1 Te 1/1 sFlow type :Ingress Configured sampling rate...
Page 880: Displaying Show Sflow On A Stack-Unit
• Display sFlow configuration information and statistics on the specified interface. EXEC mode show sflow stack—unit slot-number Example of Viewing sFlow Configuration (Line Card) Dell#show sflow stack-unit 1 stack-unit 1 Samples rcvd from h/w :165 Samples dropped for sub-sampling :69...
Page 881: Back-Off Mechanism
Confirm that extended information packing is enabled. show sflow Examples of Verifying Extended sFlow The bold line shows that extended sFlow settings are enabled on all three types. Dell#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: 32768...
Page 882: Important Points To Remember
• To export extended-gateway data, BGP must learn the IP destination address. • If the IP destination address is not learned via BGP the Dell Networking system does not export extended-gateway data. • If the IP source address is learned via IGP, srcAS and srcPeerAS are zero.
Page 883 IP SA IP DA srcAS and dstAS and Description srcPeerAS dstPeerAS Exported Exported version 7.8.1.0, extended gateway data is not exported because IP DA is not learned via BGP. Version 7.8.1.0 allows extended gateway information in cases where the source and destination IP addresses are learned by different...
Page 884: Simple Network Management Protocol (Snmp)
The following describes SNMP implementation information. • Dell Networking OS supports SNMP version 1 as defined by RFC 1155, 1157, and 1212, SNMP version 2c as defined by RFC 1901, and SNMP version 3 as defined by RFC 2571. •...
Page 885 AES-CFB 128 encryption algorithm needs to be used. Dell(conf)#snmp-server user snmpguy snmpmon 3 auth sha AArt61wq priv aes128 jntRR59a In this example, for a specified user and a group, the AES128-CFB algorithm, the authentication password to enable the server to receive packets from the host, and the privacy password to encode the message contents are configured.
Page 886: Configuration Task List For Snmp
NOTE: The configurations in this chapter use a UNIX environment with net-snmp version 5.4. This environment is only one of many RFC-compliant SNMP utilities you can use to manage your Dell Networking system using SNMP. Also, these configurations use SNMP version 2c.
Page 887: Creating A Community
Dell Networking OS enables SNMP automatically when you create an SNMP community and displays the following message. You must specify whether members of the community may only retrieve values (read), or retrieve and alter values (read-write).
Page 888: Reading Managed Object Values
You may only retrieve (read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address. These values display for ipAddressTable objects using the snmpwalk command.
Page 889: Writing Managed Object Values
> snmpwalk -v 2c -c mycommunity 10.11.131.161 .1.3.6.1.2.1.1 SNMPv2-MIB::sysDescr.0 = STRING: Dell Real Time Operating System Software Dell Operating System Version: 1.0 Dell Application Software Version: E_MAIN4.9.4.0.0 Copyright (c) 1999-2014 by Dell Build Time: Mon May 12 14:02:22 PDT 2008 SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.6027.1.3.1...
Page 890: Configuring Contact And Location Information Using Snmp
You may use up to 55 characters. The default is None. • (From a Dell Networking system) Identify the physical location of the system (for example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1). CONFIGURATION mode snmp-server location text You may use up to 55 characters.
Page 891: Subscribing To Managed Object Value Updates Using Snmp
Subscribing to Managed Object Value Updates using SNMP By default, the Dell Networking system displays some unsolicited SNMP messages (traps) upon certain events and conditions. You can also configure the system to send the traps to a management station. Traps cannot be saved on the system.
Page 892: Enabling A Subset Of Snmp Traps
PORT_LINKUP:changed interface state to up:%d Enabling a Subset of SNMP Traps You can enable a subset of Dell Networking enterprise-specific SNMP traps using one of the following listed command options. To enable a subset of Dell Networking enterprise-specific SNMP traps, use the following command.
Page 893 envmon fan FAN_TRAY_BAD: Major alarm: fantray %d is missing or down FAN_TRAY_OK: Major alarm cleared: fan tray %d present FAN_BAD: Minor alarm: some fans in fan tray %d are down FAN_OK: Minor alarm cleared: all fans in fan tray %d are good Enable VLT traps.
Page 894: Copy Configuration Files Using Snmp
• copy the running-config file to the startup-config file • copy configuration files from the Dell Networking system to a server • copy configuration files from a server to the Dell Networking system You can perform all of these tasks using IPv4 or IPv6 addresses. The examples in this section use IPv4 addresses;...
Page 895 MIB Object Object Values Description 1 = Dell Networking OS copyDestFileType Specifies the type of file file 1.3.6.1.4.1.6027.3.5.1.1.1. to copy to. • 2 = running-config copySourceFileType is running-config or 3 = startup-config startup-config, the default copyDestFileLocatio n is flash. •...
Page 896: Copying A Configuration File
CONFIGURATION mode snmp-server community community-name rw Copy the f10-copy-config.mib MIB from the Dell iSupport web page to the server to which you are copying the configuration file. On the server, use the snmpset command as shown in the following example.
Page 897: Copying The Startup-Config Files To The Running-Config
• Copy the running-config to the startup-config from the UNIX machine. snmpset -v 2c -c public force10system-ip-address copySrcFileType.index i 2 copyDestFileType.index i 3 Examples of Copying Configuration Files The following examples show the command syntax using MIB object names and the same command using the object OIDs.
Page 898: Copying The Startup-Config Files To The Server Via Tftp
/home/myfilename copyServerAddress.4 a 11.11.11.11 Copy a Binary File to the Startup-Configuration To copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP, use the following command. • Copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP.
Page 899: Additional Mib Objects To View Copy Statistics
172.16.1.56 copyUserName.10 s mylogin copyUserPassword. 10 s mypass Additional MIB Objects to View Copy Statistics Dell Networking provides more MIB objects to view copy statistics, as shown in the following table. Table 74. Additional MIB Objects for Copying Configuration Files via SNMP MIB Object...
Page 900: Mib Support To Display The Available Memory Size On Flash
MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory. The following table lists the MIB object that contains the available memory size on flash memory.
Page 901: Mib Support To Display The Software Core Files Generated By The System
MIB Support to Display the Software Core Files Generated by the System Dell Networking provides MIB objects to display the software core files generated by the system. The chSysSwCoresTable contains the list of software core files generated by the system. The following table lists the related MIB objects.
Page 902: Manage Vlans Using Snmp
1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17.7.1.4.3.1.1.1107787786 = STRING: "My VLAN" [Dell system output] Dell#show int vlan 10 Vlan 10 is down, line protocol is down Vlan alias name is: My VLAN Address is 00:01:e8:cc:cc:ce, Current address is 00:01:e8:cc:cc:ce Interface index is 1107787786...
Page 903: Displaying The Ports In A Vlan
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 The table that the Dell Networking system sends in response to the snmpget request is a table that contains hexadecimal (hex) pairs, each pair representing a group of eight ports.
Page 904: Add Tagged And Untagged Ports To A Vlan
NUM Status Description Q Ports Inactive U Te 0/2 [Unix system output] > snmpget -v2c -c mycommunity 10.11.131.185 . 1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 SNMPv2-SMI::mib-2.17.7.1.4.3.1.2.1107787786 = Hex-STRING: 40 00 00 00 00 00 00 00 00 00 00 The value 40 is in the first set of 7 hex pairs, indicating that these ports are in Stack Unit 0. The hex value 40 is 0100 0000 in binary.
Page 905: Managing Overload On Startup
To set time to wait till bgp session are up set 1.3.6.1.4.1.6027.3.18.1.3 1.3.6.1.4.1.6027.3.18.1.6 Enabling and Disabling a Port using SNMP To enable and disable a port using SNMP, use the following commands. Create an SNMP community on the Dell system. Simple Network Management Protocol (SNMP)
Page 906: Fetch Dynamic Mac Entries Using Snmp
Choose integer 1 to change the admin status to Up, or 2 to change the admin status to Down. Fetch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs.
Page 907 Example of Fetching MAC Addresses Learned on a Port-Channel Using SNMP Use dot3aCurAggFdbTable to fetch the learned MAC address of a port-channel. The instance number is the decimal conversion of the MAC address concatenated with the port-channel number. --------------MAC Addresses on Force10 System------------------- Dell(conf)#do show mac-address-table VlanId Mac Address Type...
Page 908: Deriving Interface Indices
The interface index is a binary number with bits that indicate the slot number, port number, interface type, and card type of the interface. Dell Networking OS converts this binary index number to decimal, and displays it in the output of the show interface command.
Page 909: Monitor Port-Channels
Dell#show interface Tengigabitethernet 1/21 TenGigabitEthernet 1/21 is up, line protocol is up Monitor Port-Channels To check the status of a Layer 2 port-channel, use f10LinkAggMib (.1.3.6.1.4.1.6027.3.2). In the following example, Po 1 is a switchport and Po 2 is in Layer 3 mode.
Page 910: Troubleshooting Snmp Operation
SNMPv2-SMI::enterprises.6027.3.1.1.4.1.2 = STRING: "OSTATE_UP: Changed interface state to up: Po 1" Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an SNMP agent on a Dell Networking router, take into account the following behavior. • When you query an IPv4 icmpMsgStatsInPkts object in the ICMP table by using the snmpwalk command, the output for echo replies may be incorrectly displayed.
Page 911: Stacking
Stacking Stacking is supported on the S4820T platform with the Dell Networking OS version 8.3.19.0 and newer. NOTE: The S4820T commands accept Unit ID numbers 0-11, though The S4820T supports stacking up to six units with Dell Networking OS version 8.3.19.0.
Page 912: Stack Master Election
Stack. It is possible to reset individual units to force them to give up the management role or reload the whole stack from the CLI to ensure a fully synchronized bootup. Example of Viewing Stack Members Dell#show system brief Stack MAC : 00:01:e8:8c:53:32 Reload Type : normal-reload [Next boot : normal-reload]...
Page 913: Virtual Ip
The virtual IP address is used to log in to the current master unit of the stack. Both IPv4 and IPv6 addresses are supported as virtual IPs. Use the following command to configure a virtual IP: Dell(conf)#virtual-ip {ip-address | ipv6–address | dhcp} Failover Roles If the stack master fails (for example, is powered off), it is removed from the stack topology.
Page 914 3w1d14h: %STKUNIT1-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 2 present 3w1d14h: %STKUNIT1-M:CP %CHMGR-5-CHECKIN: Checkin from Stack unit 2 (type S4820T , 52 ports) 3w1d14h: %S4820T %CHMGR-0-PS_UP: Power supply 0 in unit 2 is up 3w1d14h: %STKUNIT1-M:CP %CHMGR-5-STACKUNITUP: Stack unit 2 is up Stack#show system brief...
Page 915: Stacking Lag
Stacking LAG When multiple links are used between stack units, Dell Networking OS automatically bundles them in a stacking LAG to provide aggregated throughput and redundancy. The stacking LAG is established automatically and transparently by Dell Networking OS (without user configuration) after peering is detected and behaves as follows: •...
Page 916: Management Access On S-Series Stacks
Dell Networking OS elects a new standby unit. Dell Networking OS resets the failed master unit: after online, it becomes a member unit; the remaining members remain online. Example of S-Series Stack Manager Redundancy...
Page 917: Important Points To Remember
• Stacking on the device is accomplished through front-end user ports on the chassis. • All stack units must have the same version of Dell Networking OS. S-Series Stacking Installation Tasks The following are the S-Series stacking installation tasks. •...
Page 918: Create An S-Series Stack
• If the new unit is running an Dell Networking OS version prior to 8.3.10.x , the unit is put into a card problem state, Dell Networking OS is not upgraded, and a syslog message is raised. The unit must be upgraded to Dell Networking OS version 8.3.12.0 before you can proceed.
Page 919 Reload the switch. EXEC Privilege mode reload Dell Networking OS automatically assigns a number to the new unit and adds it as member switch in the stack. The new unit synchronizes its running and startup configurations with the stack. After the units are reloaded, the system reboots. The units come up in a stack after the reboot completes.
Page 920 Stacking. To create a new stack, use the following commands. Power up all units in the stack. Verify that each unit has the same Dell Networking OS version prior to stacking them together. EXEC Privilege mode show version Manually configure unit numbers for each unit, so that the stacking is deterministic upon boot up.
Page 921 When the stack-group configuration is complete, the system prints a syslog for reload. Dell#configure Dell(conf)#stack-unit 4 stack-group 13 Dell(conf)#02:39:12: %STKUNIT4-M:CP %IFMGR-6-STACK_PORTS_ADDED: Ports Fo 4/52 have been configured as stacking ports. Please save and reload for config to take effect Dell(conf)#stack-unit 4 stack-group 14...
Page 922: Add Units To An Existing S-Series Stack
If you are adding units to an existing stack, you can either: • allow Dell Networking OS to automatically assign the new unit a position in the stack, or • manually determine each units position in the stack by configuring each unit to correspond with the stack before connecting it.
Page 923 Connect the new unit to the stack using stacking cables. Example of Adding a Stack Unit with a Conflicting Stack Number (Before and After) The following example shows adding a stack unit with a conflicting stack number (before). Dell#show system brief Stack MAC : 00:01:e8:8a:df:e6 Reload Type : normal-reload...
Page 924 EXEC Privilege mode reload Dell Networking OS automatically assigns a number to the new unit and adds it as member switch in the stack. The new unit synchronizes its running and startup configurations with the stack. If a standalone switch already has stack groups configured.
Page 925: Split An S-Series Stack
Each unit in the stack has a stack number that is either assigned by you or Dell Networking OS. Units are numbered from 0 to 11, however, you can only stack six S4820T units. Stack numbers are stored in NVRAM and are preserved upon reload.
Page 926: Creating A Virtual Stack Unit On An S-Series Stack
[status | topology] Refer to the following example. Examples of the show system Commands Display information about an S4820T stack using the show system command. The following is an example of the show system command to view the stack details. Dell#show system...
Page 927 Master priority : 0 Hardware Rev : 3.0 Num Ports : 64 Up Time : 57 min, 0 sec Dell Networking OS Version : 8-3-7-13 Jumbo Capable : yes POE Capable : no Burned In MAC : 00:01:e8:8a:df:e6 No Of MACs : 3...
Page 928: Influencing Management Unit Selection On An S-Series Stack
Influencing Management Unit Selection on an S-Series Stack Stack priority is the system variable that Dell Networking OS uses to determine which units in the stack are the master and standby management units. If multiple units tie for highest priority, the unit with the highest MAC address prevails.
Page 929: Managing Redundancy On An S-Series Stack
Managing Redundancy on an S-Series Stack Use the following commands to manage the redundancy on an S-Series stack. • Reset the current management unit and make the standby unit the new master unit. EXEC Privilege mode redundancy force-failover stack-unit A new standby is elected. When the former stack master comes back online, it becomes a member unit.
Page 930: Displaying The Status Of Stacking Ports
3/52 5/56 4/52 6/48 4/56 4/48 Dell# The following example shows the parameters for the management unit in the stack. Dell#show system stack-unit 1 -- Unit 1 -- Unit Type : Management Unit Status : online Next Boot : online...
Page 931: Remove Units Or Front End Ports From A Stack
-- Power Supplies -- Unit Bay Status Type FanStatus --------------------------------------------- Unit Bay Status Type FanStatus --------------------------------------------- absent absent -- Fan Status -- Unit Bay TrayStatus Fan0 Speed Fan1 Speed -------------------------------------------- 7200 7200 7200 7440 Speed in RP The following example shows three switches stacked together in a daisy chain topology. stack-2#show system stack-ports Topology: Daisy chain Interface Connection Link...
Page 932: Removing Front End Port Stacking
10 seconds. Dell Networking OS displays console messages for the local and remote members of a flapping link, and on the primary (master) and standby management units as KERN-2-INT messages if the flapping port belongs to either of these units.
Page 933: Recover From A Card Problem State On An S-Series Stack
Error: Please check the stack cable/module and power-cycle the stack. Recover from a Card Problem State on an S-Series Stack If a unit added to a stack has a different Dell Networking OS version, the unit does not come online and Dell Networking OS cites a card problem error.
Page 934: Recover From A Card Mismatch State On An S-Series Stack
stack-1# Recover from a Card Mismatch State on an S-Series Stack A card mismatch occurs if the stack has a provision for the lowest available stack number which does not match the model of a newly added unit. To recover, disconnect the new unit. Then, either: •...
Page 935 -- Stack Info -- Unit UnitType Status ReqTyp CurTyp Version Ports ------------------------------------------------------------ Member type mismatch S25N S50V 7.8.1.0 Management online S50N S50N 7.8.1.0 Standby online S50V S50V 7.8.1.0 Member not present Member not present Member not present Member not present Member not present Stacking...
Page 936: Storm Control
Dell Networking Operating System (OS) Behavior: Dell Networking OS supports broadcast control (the storm-control broadcast command) for Layer 2 and Layer 3 traffic. Dell Networking OS Behavior: The minimum number of packets per second (PPS) that storm control can limit on the device is two.
Page 937: Spanning Tree Protocol (Stp)
CPU utilization and memory consumption. Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 79. Dell Networking OS Supported Spanning Tree Protocols...
Page 938: Important Points To Remember
STP is disabled by default. • The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus (PVST+). You may only enable one flavor of spanning tree at any one time.
Page 939: Enabling Spanning Tree Protocol Globally
INTERFACE mode no shutdown Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 no ip address switchport no shutdown...
Page 940 To disable STP globally for all Layer 2 interfaces, use the disable command from PROTOCOL SPANNING TREE mode. To verify that STP is enabled, use the show config command from PROTOCOL SPANNING TREE mode. Dell(conf)#protocol spanning-tree 0 Dell(config-span)#show config protocol spanning-tree 0...
Page 941: Adding An Interface To The Spanning Tree Group
The port is not in the portfast mode To confirm that a port is participating in Spanning Tree, use the show spanning-tree 0 brief command from EXEC privilege mode. Dell#show spanning-tree 0 brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e80d.2462...
Page 942: Modifying Global Parameters
You can modify the spanning tree parameters. The root bridge sets the values for forward-delay, hello- time, and max-age and overwrites the values set on other bridges participating in STP. NOTE: Dell Networking recommends that only experienced network administrators change the spanning tree parameters. Poorly planned modification of the spanning tree parameters can negatively affect network performance.
Page 943: Modifying Interface Stp Parameters
PROTOCOL SPANNING TREE mode max-age seconds The range is from 6 to 40. The default is 20 seconds. To view the current values for global parameters, use the show spanning-tree 0 command from EXEC privilege mode. Refer to the second example in Enabling Spanning Tree Protocol Globally.
Page 944: Prevent Network Disruptions With Bpdu Guard
The following example shows a scenario in which an edgeport might unintentionally receive a BPDU. The port on the Dell Networking system is configured with Portfast. If the switch is connected to the hub, the BPDUs that the switch generates might trigger an undesirable topology change. If you enable BPDU Guard, when the edge port receives the BPDU, the BPDU is dropped, the port is blocked, and a console message is generated.
Page 945 – Disable spanning tree on the interface (the no spanning-tree command in INTERFACE mode). – Disabling global spanning tree (the no spanning-tree in CONFIGURATION mode). Figure 123. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering both block BPDUs, but are two separate features. BPDU guard: •...
Page 946: Selecting Stp Root
Te 1/6 Root 128.263 128 20000 FWD 20000 P2P Te 1/7 ErrDis 128.264 128 20000 EDS 20000 P2P Dell(conf-if-te-1/7)#do show ip interface brief tengigabitEthernet 1/7 Interface IP-Address OK Method Status Protocol TenGigabitEthernet 1/7 unassigned YES Manual up Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it becomes the root bridge.
Page 947: Stp Root Guard
Root Bridge hello time 2, max age 20, forward delay 15 Dell# STP Root Guard Use the STP root guard feature in a Layer 2 network to avoid bridging loops. In STP, the switch in the network with the lowest priority (as determined by STP or set with the bridge-priority command) is selected as the root bridge.
Page 948: Configuring Root Guard
Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port.
Page 949: Enabling Snmp Traps For Root Elections And Topology Changes
• Configure all spanning tree types to be hitless. CONFIGURATION mode redundancy protocol xstp Example of Configuring all Spanning Tree Types to be Hitless Dell(conf)#redundancy protocol xstp Dell#show running-config redundancy redundancy protocol xstp Dell# Spanning Tree Protocol (STP)
Page 950: Stp Loop Guard
STP Loop Guard The STP loop guard feature provides protection against Layer 2 forwarding loops (STP loops) caused by a hardware failure, such as a cable failure or an interface fault. When a cable or interface fails, a participating STP link may become unidirectional (STP requires links to be bidirectional) and an STP port does not receive BPDUs.
Page 951: Configuring Loop Guard
Configuring Loop Guard Enable STP loop guard on a per-port or per-port channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface.
Page 952: Displaying Stp Guard Configuration
BPDU guard is enabled on a port that is shut down (Error Disabled state) after receiving a BPDU. • Verify the STP guard configured on port or port-channel interfaces. show spanning-tree 0 guard [interface interface] Example of Viewing STP Guard Configuration Dell#show spanning-tree 0 guard Interface Name Instance Sts Guard type...
Page 953: System Time And Date
System time and date settings and the network time protocol (NTP) are supported on Dell Networking You can set system times and dates and maintained through the NTP. They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings.
Page 954: Protocol Overview
(secondary servers) in the hierarchy assigned as one greater than the preceding level. Dell Networking OS synchronizes with a time-serving host to get the correct time. You can set Dell Networking OS to poll specific NTP time-serving hosts for the current time. From those time-serving hosts, the system chooses one NTP host with which to synchronize and serve as a client to the NTP host.
Page 955: Configure The Network Time Protocol
Enabling NTP NTP is disabled by default. To enable NTP, specify an NTP server to which the Dell Networking system synchronizes. To specify multiple servers, enter the command multiple times. You may specify an unlimited number of servers at the expense of CPU resources.
Page 956: Disabling Ntp On An Interface
2w1d11h : NTP: Maximum Slew:-0.000470, Remainder = -0.496884 Disabling NTP on an Interface By default, NTP is enabled on all active interfaces. If you disable NTP on an interface, Dell Networking OS drops any NTP packets sent to that interface.
Page 957 Dell Networking OS Behavior: Dell Networking OS uses an encryption algorithm to store the authentication key that is different from previous Dell Networking OS versions; Dell Networking OS uses data encryption standard (DES) encryption to store the key in the startup-config when you enter the ntp authentication-key command.
Page 958 ntp master To configure the switch as NTP Server use the ntp master command. stratum number identifies the NTP Server's hierarchy. Examples of Configuring and Viewing an NTP Configuration The following example shows configuring an NTP server. R6_E300(conf)#1w6d23h : NTP: xmit packet to 192.168.1.1: leap 0, mode 3, version 3, stratum 2, ppoll 1024 rtdel 0219 (8.193970), rtdsp AF928 (10973.266602), refid C0A80101 (192.168.1.1)
Page 959 To view the NTP configuration, use the show running-config ntp command in EXEC privilege mode. The following example shows an encrypted authentication key (in bold). All keys are encrypted. Dell#show running ntp ntp authenticate ntp authentication-key 345 md5 5A60910F3D211F02 ntp server 11.1.1.1 version 3...
Page 960: Dell Networking Os Time And Date
Dell Networking OS Time and Date You can set the time and date using the Dell Networking OS CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings. • Setting the Time and Date for the Switch Software Clock •...
Page 961: Set Daylight Saving Time
Dell# Set Daylight Saving Time Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year. Setting Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis.
Page 962: Setting Recurring Daylight Saving Time
00:00:00 pacific Sat Nov 7 2009" Setting Recurring Daylight Saving Time Set a date (and time zone) on which to convert the switch to daylight saving time on a specific day every year. If you have already set daylight saving for a one-time setting, you can set that date and time as the recurring setting with the clock summer-time time-zone recurring command.
Page 963 Examples of the clock summer-time recurring Command The following example shows the clock summer-time recurring command. Dell(conf)#clock summer-time pacific recurring Mar 14 2009 00:00 Nov 7 2009 00:00 ? Dell(conf)#02:02:13: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Summertime configuration changed from "none" to "Summer time starts 00:00:00 Pacific Sat Mar 14 2009;Summer time ends 00:00:00 pacific Sat Nov 7 2009"...
Page 964: Tunneling
IPv6IP mode, the logical address must be an IPv6 address. The following sample configuration shows a tunnel configured in IPv6 mode (carries IPv6 and IPv4 traffic). Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#tunnel source 30.1.1.1 Dell(conf-if-tu-1)#tunnel destination 50.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip Dell(conf-if-tu-1)#ip address 1.1.1.1/24...
Page 965: Configuring Tunnel Keepalive Settings
Dell(conf-if-tu-1)#ipv6 address 1abd::1/64 Dell(conf-if-tu-1)#ip address 1.1.1.1/24 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel destination 40.1.1.2 Dell(conf-if-tu-1)#tunnel mode ipip Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#tunnel keepalive 1.1.1.2 attempts 4 interval 6 Dell(conf-if-tu-1)#show config interface Tunnel 1 ip address 1.1.1.1/24 ipv6 address 1abd::1/64 tunnel destination 40.1.1.2 tunnel source 40.1.1.1 tunnel keepalive 1.1.1.2 attempts 4 interval 6...
Page 966: Configuring A Tunnel Interface
The following sample configuration shows how to use the tunnel interface configuration commands. Dell(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 ip address 20.1.1.1/24 ipv6 address 20:1::1/64 no shutdown Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#ip unnumbered tengigabitethernet 1/1 Dell(conf-if-tu-1)#ipv6 unnumbered tengigabitethernet 1/1 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#show config interface Tunnel 1...
Page 967: Configuring Tunnel Source Anylocal Decapsulation
The following sample configuration shows how to use the tunnel source anylocal command. Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#ipv6 address 1abd::1/64 Dell(conf-if-tu-1)#ip address 1.1.1.1/24 Dell(conf-if-tu-1)#tunnel source anylocal Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any Dell(conf-if-tu-1)#tunnel allow-remote 40.1.1.2 Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#show config interface Tunnel 1 ip address 1.1.1.1/24...
Page 968: Uplink Failure Detection (Ufd)
Uplink Failure Detection (UFD) Uplink failure detection (UFD) is supported on Dell Networking OS. Feature Description UFD provides detection of the loss of upstream connectivity and, if used with network interface controller (NIC) teaming, automatic recovery from a failed link.
Page 969: How Uplink Failure Detection Works
Figure 127. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group. An interface in an uplink-state group can be a physical interface or a port-channel (LAG) aggregation of physical interfaces.
Page 970: Ufd And Nic Teaming
Figure 128. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a Link-Down state. You can configure this number and is calculated by the ratio of the upstream port bandwidth to the downstream port bandwidth in the same uplink-state group.
Page 971: Configuring Uplink Failure Detection
– An uplink-state group is considered to be operationally down if it has no upstream interfaces in the Link-Up state. No uplink-state tracking is performed when a group is disabled or in an Operationally Down state. • You can assign physical port or port-channel interfaces to an uplink-state group. –...
Page 972 Where port-range and port-channel-range specify a range of ports separated by a dash (-) and/or individual ports/port channels in any order; for example: upstream tengigabitethernet 1/1-2,5,9,11-12 downstream port-channel 1-3,5 • A comma is required to separate each port and port-range entry. To delete an interface from the group, use the no {upstream | downstream} interface command.
Page 973: Clearing A Ufd-Disabled Interface
Clearing a UFD-Disabled Interface You can manually bring up a downstream interface in an uplink-state group that UFD disabled and is in a UFD-Disabled Error state. To re-enable one or more disabled downstream interfaces and clear the UFD-Disabled Error state, use the following command.
Page 974: Displaying Uplink Failure Detection
down: Te 1/7 02:37:29: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 02:37:29 : UFD: Group:3, UplinkState: DOWN 02:37:29: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed uplink state group state to down: Group 3 02:37:29: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Downstream interface set to UFD error-disabled: Fo 3/60 02:37:29: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Fo 3/60 02:38:31 : UFD: Group:3, UplinkState: UP...
Page 975 Status: Enabled, Up Uplink State Group: 7 Status: Enabled, Up Uplink State Group: 16 Status: Disabled, Up Dell# show uplink-state-group 16 Uplink State Group: 16 Status: Disabled, Up Dell#show uplink-state-group detail (Up): Interface up (Dwn): Interface down (Dis): Interface disabled...
Page 976: Sample Configuration: Uplink Failure Detection
Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 00:01:23 The following example shows viewing the UFD configuration. Dell#show running-config uplink-state-group no enable uplink state track 1 downstream TenGigabitEthernet 1/2, 4, 6, 11-19 upstream TengigabitEthernet 1/8, 12...
Page 977 Dell(conf)# uplink-state-group 3 00:08:11: %STKUNIT0-M:CP %IFMGR-5-ASTATE_UP: Changed uplink state group Admin state to up: Group 3 Dell(conf-uplink-state-group-3)# downstream tengigabitethernet 1/1-2,5,9,11-12 Dell(conf-uplink-state-group-3)# downstream disable links 2 Dell(conf-uplink-state-group-3)# upstream tengigabitethernet 1/3-4 00:10:00: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Downstream interface set to UFD error-disabled: Te 1/1...
Page 978: Upgrade Procedures
Upgrade Procedures To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes.
Page 979: Virtual Lans (Vlans)
Interfaces chapter. • VLAN Stacking in the Service Provider Bridging chapter. For a complete listing of all commands related to Dell Networking OS VLANs, refer to these Dell Networking OS Command Reference Guide chapters: • Interfaces • 802.1X • GARP VLAN Registration Protocol (GVRP) •...
Page 980: Port-Based Vlans
T Te 1/1 Port-Based VLANs Port-based VLANs are a broadcast domain defined by different ports or interfaces. In Dell Networking OS, a port-based VLAN can contain interfaces from different line cards within the chassis. Dell Networking OS supports 4094 port-based VLANs.
Page 981: Vlans And Port Tagging
Layer 2 mode, the interface is automatically placed in the Default VLAN. Dell Networking OS supports IEEE 802.1Q tagging at the interface level to filter traffic. When you enable tagging, a tag header is added to the frame after the destination and source MAC addresses. That information is preserved as the frame moves through the network.
Page 982: Assigning Interfaces To A Vlan
VLAN 2. The Q column in the show vlan command example notes whether the interface is tagged (T) or untagged (U). For more information about this command, refer to the Layer 2 chapter of the Dell Networking OS Command Reference Guide.
Page 983 Inactive Active Po1(So 0/0-1) Te 1/1 Active Po1(So 0/0-1) Te 1/2 Dell#config Dell(conf)#interface vlan 4 Dell(conf-if-vlan)#tagged po 1 Dell(conf-if-vlan)#show conf interface Vlan 4 no ip address tagged Port-channel 1 Dell(conf-if-vlan)#end Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs...
Page 984: Moving Untagged Interfaces
Active Po1(So 0/0-1) Te 1/3 Active Po1(So 0/0-1) Te 1/1 Inactive Dell#conf Dell(conf)#interface vlan 4 Dell(conf-if-vlan)#untagged tengigabitethernet 1/2 Dell(conf-if-vlan)#show config interface Vlan 4 no ip address untagged TenGigabitEthernet 1/2 Dell(conf-if-vlan)#end Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs...
Page 985: Assigning An Ip Address To A Vlan
NOTE: You cannot assign an IP address to the Default VLAN (VLAN 1). To assign another VLAN ID to the Default VLAN, use the default vlan-id vlan-id command. In Dell Networking OS, you can place VLANs and other logical interfaces in Layer 3 mode to receive and send routed traffic. For more information, refer to Bulk Configuration.
Page 986: Enabling Null Vlan As The Default Vlan
This presents a vulnerability because both interfaces are initially placed in the native VLAN, VLAN 1, and for that period customers are able to access each other's networks. Dell Networking OS has a Null VLAN to eliminate this vulnerability. When you enable the Null VLAN, all ports are placed into it by default, so even if you activate the physical ports of multiple customers, no traffic is allowed to traverse the links until each port is place in another VLAN.
Page 987: Virtual Link Trunking (Vlt)
The following example shows VLT deployed on S4820T switches. The S4820T switches appear as a single virtual switch from the point of view of the switch or server supporting link aggregation control protocol (LACP).
Page 988: Vlt On Core Switches
The aggregation layer is mostly in the L2/L3 switching/routing layer. For better resiliency in the aggregation, Dell Networking recommends running the internal gateway protocol (IGP) on the VLTi VLAN to synchronize the L3 routing table across the two nodes on a VLT system.
Page 989: Vlt Terminology
Figure 131. Enhanced VLT VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) — The combined port channel between an attached device and the VLT peer switches. • VLT backup link — The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, periodic keep alive messages between the VLT peer switches.
Page 990: Configure Virtual Link Trunking
VLT requires that you enable the feature and then configure the same VLT domain, backup link, and VLT interconnect on both peer switches. Important Points to Remember • You cannot enable S4820T stacking simultaneously with VLT. If you enable both at the same time, unexpected behavior occurs. Refer to VLT and Stacking.
Page 991: Configuration Notes
VLT assigns the primary chassis role according to the lowest MAC address. You can configure the primary role. – In a VLT domain, the peer switches must run the same Dell Networking OS software version. – Separately configure each VLT peer switch with the same VLT domain ID and the VLT version. If the system detects mismatches between VLT peer switches in the VLT domain ID or VLT version, the VLT Interconnect (VLTi) does not activate.
Page 992 – Port-channel link aggregation (LAG) across the ports in the VLT interconnect is required; individual ports are not supported. Dell Networking strongly recommends configuring a static LAG for VLTi. – The VLT interconnect synchronizes L2 and L3 control-plane information across the two chassis.
Page 993 – VLT allows multiple active parallel paths from access switches to VLT chassis. – VLT supports port-channel links with LACP between access switches and VLT peer switches. Dell Networking recommends using static port channels on VLTi.
Page 994 – Enable Layer 3 VLAN connectivity VLT peers by configuring a VLAN network interface for the same VLAN on both switches. – Dell Networking does not recommend enabling peer-routing if the CAM is full. To enable peer- routing, a minimum of two local DA spaces for wild card functionality are required.
Page 995: Primary And Secondary Vlt Peers
Primary and Secondary VLT Peers To prevent issues when connectivity between peers is lost, you can designate Primary and Secondary roles for VLT peers . You can elect or configure the Primary Peer. By default, the peer with the lowest MAC address is selected as the Primary Peer.
Page 996: Vlt And Stacking
VLT and Stacking You cannot enable stacking on S4820T units with VLT. If you enable stacking on a unit on which you want to enable VLT, you must first remove the unit from the existing stack. For information about how to remove a unit from a stack, refer to...
Page 997: Pim-Sparse Mode Support On Vlt
This delay in bringing up the VLT ports also applies when the VLTi link recovers from a failure that caused the VLT ports on the secondary VLT peer node to be disabled. PIM-Sparse Mode Support on VLT The designated router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports.
Page 998: Vlt Routing
VLT VLANs, you must configure VLTi as the static multicast router port on both VLT peer switches. This ensures that for first hop routers, the packets from the source are redirected to the designated router (DR) if they are incorrectly hashed. In addition to being first-hop or last -hop routers, the peer node can also act as an intermediate router.
Page 999 time needed for peer recovery provides resiliency. You can enable VLT unicast across multiple configurations using VLT links. You can enable ECMP on VLT nodes using VLT unicast. VLT unicast routing is supported on both IPv6/IPv4. To enable VLT unicast routing, both VLT peers must be in L3 mode.
Page 1000 • VLT resiliency — After a VLT link or peer failure, if the traffic hashes to the VLT peer, the traffic continues to be routed using multicast until the PIM protocol detects the failure and adjusts the multicast distribution tree. •...

Dell S4820T Configuration Manual

1 About this Guide

2 Configuration Fundamentals

3 Getting Started

4 Management

802.1Ag

802.1X

7 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM)

8 Access Control Lists (Acls)

9 Bidirectional Forwarding Detection (BFD)

10 Border Gateway Protocol Ipv4 (Bgpv4)

11 Content Addressable Memory (CAM)

12 Control Plane Policing (Copp)

13 Data Center Bridging (DCB)

Quick Links

Troubleshooting

Related Manuals for Dell S4820T

Summary of Contents for Dell S4820T