Page 1 Dell Networking Configuration Guide for the C9000 Series Version 9.10(0.0)
Page 2 WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2015 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Dell ™...
Page 3: Table Of Contents
Contents 1 About this Guide........................37 Audience.............................37 Conventions..........................37 Related Documents......................... 38 2 Configuration Fundamentals....................39 Accessing the Command Line....................39 CLI Modes..........................40 Navigating CLI Modes......................42 The do Command........................45 Undoing Commands....................... 46 Obtaining Help..........................46 Entering and Editing Commands..................47 Command History........................48 Filtering show Command Outputs..................48 Multiple Users in Configuration Mode.................50 3 Getting Started........................
Page 4 Upgrading the Dell Networking OS..................62 4 Switch Management......................63 Configuring Privilege Levels....................63 Creating a Custom Privilege Level.................. 63 Removing a Command from EXEC Mode..............63 Moving a Command from EXEC Privilege Mode to EXEC Mode......64 Allowing Access to CONFIGURATION Mode Commands........64 Allowing Access to the Following Modes..............
Page 5 Using Telnet to Access Another Network Device............. 85 Lock CONFIGURATION Mode....................86 Viewing the Configuration Lock Status................. 86 Recovering from a Forgotten Password ................87 Ignoring the Startup Configuration and Booting from the Factory-Default Configuration..........................88 Recovering from a Failed Start....................88 Restoring Factory-Default Settings..................
Page 6 Configuring Multi-Supplicant AuthenticationRestricting Multi-Supplicant Authentication........................121 MAC Authentication Bypass....................122 MAB in Single-host and Multi-Host Mode..............123 MAB in Multi-Supplicant Authentication Mode............123 Configuring MAC Authentication Bypass..............124 Dynamic CoS with 802.1X....................125 6 Access Control Lists (ACLs)....................127 IP Access Control Lists (ACLs)..................... 128 CAM Usage.........................128 User-Configurable CAM Allocation................130 Allocating CAM for Ingress ACLs on the Port Extender...........
Page 7 Configuring Match Routes....................157 Configuring Set Conditions.................... 159 Configure a Route Map for Route Redistribution............160 Configure a Route Map for Route Tagging..............160 Continue Clause........................161 Configuring a UDF ACL......................161 Hot-Lock Behavior.........................163 7 Bidirectional Forwarding Detection (BFD)...............164 How BFD Works........................164 BFD Packet Format......................166 BFD Sessions........................168 BFD Three-Way Handshake...................
Page 8 Ignore Router-ID for Some Best-Path Calculations..........203 Four-Byte AS Numbers....................203 AS4 Number Representation..................204 AS Number Migration......................206 BGP4 Management Information Base (MIB).............. 208 Important Points to Remember..................208 Configuration Information....................209 BGP Configuration.........................209 Enabling BGP........................210 Configuring AS4 Number Representations..............214 Configuring Peer Groups....................216 Configuring BGP Fast Fail-Over..................
Page 9 Storing Last and Bad PDUs.....................247 Capturing PDUs........................ 248 PDU Counters........................250 Sample Configurations......................250 9 Content Addressable Memory (CAM)................260 CAM Allocation........................260 Test CAM Usage........................262 View CAM-ACL Settings....................... 262 View CAM Usage........................263 Return to the Default CAM Configuration................264 CAM Optimization......................... 265 Applications for CAM Profiling....................
Page 10 QoS dot1p Traffic Classification and Queue Assignment..........296 SNMP Support for PFC and Buffer Statistics Tracking............297 DCB Maps and its Attributes....................298 DCB Map: Configuration Procedure................298 Important Points to Remember..................299 Applying a DCB Map on a Port..................299 Configuring PFC without a DCB Map................300 Configuring Lossless Queues..................
Page 11 Configuring the Dynamic Buffer Method................. 338 12 Debugging and Diagnostics.....................340 Offline Diagnostics........................ 340 Running Port Extender Offline Diagnostics on the Switch........341 Running Offline Diagnostics on a Standalone Switch..........348 TRACE Logs..........................371 Auto Save on Reload, Crash, or Rollover..............371 Uploading Trace Logs...................... 371 Last Restart Reason........................372 show hardware Commands....................372 Environmental Monitoring....................375...
Page 12 Configure the System to be a DHCP Client..............401 DHCP Client on a Management Interface..............401 DHCP Client Operation with Other Features.............402 Configure Secure DHCP...................... 403 Option 82...........................403 DHCP Snooping....................... 404 Drop DHCP Packets on Snooped VLANs Only............406 Dynamic ARP Inspection....................407 Configuring Dynamic ARP Inspection.................408 Source Address Validation....................
Page 13 Impact on Other Software Features................429 FIP Snooping Restrictions....................429 Configuring FIP Snooping....................430 Displaying FIP Snooping Information.................431 FCoE Transit Configuration Example.................437 16 FIPS Cryptography......................439 Configuration Tasks.......................439 Preparing the System......................440 Enabling FIPS Mode.......................440 Generating Host-Keys......................441 Monitoring FIPS Mode Status....................441 Disabling FIPS Mode......................442 17 Flex Hash and Optimized Boot-Up.................
Page 14 Configuration Checks......................461 Sample Configuration and Topology.................461 19 GARP VLAN Registration Protocol (GVRP)..............463 Important Points to Remember..................463 Configure GVRP........................464 Related Configuration Tasks..................465 Enabling GVRP Globally......................465 Enabling GVRP on a Layer 2 Interface................465 Configure GVRP Registration....................466 Configure a GARP Timer...................... 466 20 High Availability (HA)......................
Page 15 Viewing IGMP Enabled Interfaces..................483 Selecting an IGMP Version....................484 Viewing IGMP Groups......................484 Enabling IGMP Immediate-Leave..................485 IGMP Snooping........................485 IGMP Snooping Implementation Information............485 Configuring IGMP Snooping..................486 Removing a Group-Port Association................486 Disabling Multicast Flooding..................487 Specifying a Port as Connected to a Multicast Router..........487 Configuring the Switch as Querier................
Page 16 Monitoring HiGig Link Bundles................... 529 Guidelines for Monitoring HiGig Link-Bundles ............530 Enabling HiGig Link-Bundle Monitoring..............531 Non Dell-Qualified Transceivers..................531 Splitting QSFP Ports to SFP+ Ports..................532 Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port........533 Configuring wavelength for 10–Gigabit SFP+ optics............ 534 Link Dampening........................535...
Page 17 Configuration Tasks for ICMP..................559 Enabling ICMP Unreachable Messages............... 560 25 IPv6 Routing........................561 Protocol Overview......................... 561 Extended Address Space....................562 Stateless Autoconfiguration...................562 IPv6 Headers........................563 IPv6 Header Fields......................563 Extension Header Fields....................565 IPv6 Addressing........................ 566 IPv6 Implementation on the Dell Networking OS............567 Version 9.10(0.0)
Page 18 Configuring the LPM Table for IPv6 Extended Prefixes..........569 ICMPv6............................. 570 Path MTU Discovery......................570 IPv6 Neighbor Discovery.......................571 IPv6 Neighbor Discovery of MTU Packets..............572 Configuring the IPv6 Recursive DNS Server............... 572 Secure Shell (SSH) Over an IPv6 Transport...............574 Configuration Tasks for IPv6....................575 Adjusting Your CAM Profile....................
Page 19 Monitoring iSCSI Traffic Flows.................... 618 Information Monitored in iSCSI Traffic Flows..............619 Detection and Auto-Configuration for Dell EqualLogic Arrays........620 Configuring Detection and Ports for Dell Compellent Arrays........620 Application of Quality of Service to iSCSI Traffic Flows..........621 28 Link Aggregation Control Protocol (LACP)..............622 Introduction to Dynamic LAGs and LACP................
Page 20 mac learning-limit mac-address-sticky..............641 mac learning-limit station-move.................. 641 mac learning-limit no-station-move................641 Learning Limit Violation Actions................... 642 Setting Station Move Violation Actions............... 642 Recovering from Learning Limit and Station Move Violations....... 643 Disabling MAC Address Learning on the System............643 NIC Teaming...........................644 Configure Redundant Pairs....................645 Important Points about Configuring Redundant Pairs..........647...
Page 21 Enable Multiple Spanning Tree Globally................705 Adding and Removing Interfaces..................706 Creating Multiple Spanning Tree Instances..............706 Influencing MSTP Root Selection..................707 Interoperate with Non-Dell Bridges.................. 708 Changing the Region Name or Revision................709 Modifying Global Parameters....................709 Modifying the Interface Parameters..................711 Configuring an EdgePort......................
Page 22 Flush MAC Addresses after a Topology Change..............713 MSTP Sample Configurations....................713 Router 1 Running-ConfigurationRouter 2 Running-ConfigurationRouter 3 Running-ConfigurationExample Running-Configuration........714 Debugging and Verifying MSTP Configurations...............717 33 Multicast Features......................719 Enabling IP Multicast......................719 Implementation Information....................719 First Packet Forwarding for Lossless Multicast..............720 Multicast Policies........................720 IPv4 Multicast Policies.....................
Page 23 RFC-2328 Compliant OSPF Flooding................750 OSPF ACK Packing......................751 Setting OSPF Adjacency with Cisco Routers.............. 751 Configuration Information....................752 Configuration Task List for OSPFv2 (OSPF for IPv4)..........752 Sample Configurations for OSPFv2..................766 Basic OSPFv2 Router Topology..................766 OSPF Area 0 — Te 1/1 and 1/2..................766 OSPF Area 0 —...
Page 24 Use PIM-SSM with IGMP Version 2 Hosts................ 802 Configuring PIM-SSM with IGMPv2................802 39 Policy-based Routing (PBR).....................804 Overview..........................804 Implementing Policy-based Routing with Dell Networking OS........806 Configuration Task List for Policy-based Routing............806 PBR Exceptions (Permit)....................810 Sample Configuration......................813 Create the Redirect-List GOLDAssign Redirect-List GOLD to Interface 2/11View Redirect-List GOLD..................
Page 25 Upgrading a Port Extender....................829 Auto-Upgrade of the OS Image..................829 Manually Upgrading the OS Image................829 De-provisioning a Port Extender..................831 Troubleshooting a Port Extender..................831 Dual Homing........................... 832 Configuration Terminal Batch Mode................833 Setting up Dual Homing....................833 Upgrading to OS 9.10(0.0)..................... 838 Supported Features.......................
Page 26 43 Power over Ethernet (PoE)....................872 Configuring PoE or PoE+..................... 873 Enabling PoE or PoE+ on a Port................... 873 Configuration Tasks for PoE or PoE+................873 Manage Ports using Power Priority and the Power Budget..........874 Determining the Power Priority for a Port..............874 Determining the Affect of a Port on the Power Budget..........
Page 27 Setting dot1p Priorities for Incoming Traffic.............. 907 Honoring dot1p Priorities on Ingress Traffic..............908 Configuring Port-Based Rate Policing................ 909 Configuring Port-Based Rate Shaping................ 909 Policy-Based QoS Configurations..................910 Classify Traffic........................910 Create a QoS Policy......................915 Create Policy Maps......................919 DSCP Color Maps........................922 Creating a DSCP Color Map..................
Page 28 Implementation Information....................953 Fault Recovery........................953 Setting the RMON Alarm....................954 Configuring an RMON Event..................955 Configuring RMON Collection Statistics..............956 Configuring the RMON Collection History..............956 48 Rapid Spanning Tree Protocol (RSTP)................958 Protocol Overview.........................958 Configuring Rapid Spanning Tree..................958 Related Configuration Tasks..................958 Important Points to Remember..................
Page 29 TACACS+ Remote Authentication and Authorization..........998 Command Authorization..................... 1000 Protection from TCP Tiny and Overlapping Fragment Attacks......... 1000 Enabling SCP and SSH......................1000 Using SCP with SSH to Copy a Software Image............1001 Removing the RSA Host Keys and Zeroizing Storage ........... 1002 Configuring When to Re-generate an SSH Key .............
Page 30 Provider Backbone Bridging....................1031 51 sFlow...........................1033 Overview..........................1033 Implementation Information..................... 1034 Important Points to Remember.................. 1034 Enabling and Disabling sFlow....................1034 Enabling and Disabling sFlow on an Interface...............1035 sFlow Show Commands.....................1035 Displaying Show sFlow Global..................1035 Displaying Show sFlow on an Interface..............1036 Displaying Show sFlow on a Line Card..............
Page 31 Copy a Binary File to the Startup-Configuration............ 1060 Additional MIB Objects to View Copy Statistics............1061 Obtaining a Value for MIB Objects................1061 Manage VLANs using SNMP....................1062 Creating a VLAN......................1062 Assigning a VLAN Alias....................1063 Displaying the Ports in a VLAN..................1063 Add Tagged and Untagged Ports to a VLAN............
Page 32 Configuring SupportAssist Using a Configuration Wizard.......... 1093 Configuring SupportAssist Manually................1093 Configuring SupportAssist Activity................... 1095 Configuring SupportAssist Company................1097 Configuring SupportAssist Person................... 1098 Configuring SupportAssist Server..................1099 Viewing SupportAssist Configuration................1099 56 System Time and Date.....................1102 Network Time Protocol.......................1102 Protocol Overview......................1103 Configure the Network Time Protocol..............1104 Enabling NTP........................
Page 33 UFD and NIC Teaming......................1124 Important Points to Remember..................1125 Configuring Uplink Failure Detection................1125 Clearing a UFD-Disabled Interface................... 1127 Displaying Uplink Failure Detection..................1128 Sample Configuration: Uplink Failure Detection............1131 60 Virtual LANs (VLANs)......................1133 Default VLAN......................... 1134 Port-Based VLANs........................ 1134 VLANs and Port Tagging..................... 1135 Configuration Task List......................1135 Enabling Null VLAN as the Default VLAN..............1136 Assigning an IP Address to a VLAN................
Page 34 Configuring Management VRF..................1157 Configuring a Static Route.................... 1157 Route Leaking VRFs......................1158 Sample VRF Configuration....................1159 Dynamic Route Leaking...................... 1160 Configuring Route Leaking with Filtering..............1160 Configuring Route Leaking without Filtering Criteria..........1162 63 Virtual Link Trunking (VLT).....................1165 Overview..........................1165 VLT on Core Switches....................1166 VLT Terminology........................1167 Important Points to Remember..................1167 Configuration Notes......................
Page 35 eVLT Configuration Step Examples................1193 PIM-Sparse Mode Configuration Example..............1195 Verifying a VLT Configuration....................1196 Additional VLT Sample Configurations................1200 Configuring Virtual Link Trunking (VLT Peer 1)Configuring Virtual Link Trunking (VLT Peer 2)Verifying a Port-Channel Connection to a VLT Domain (From an Attached Access Switch)................1200 Troubleshooting VLT......................1202 Reconfiguring Stacked Switches as VLT.................
Page 36 Intermediate System to Intermediate System (IS-IS)..........1245 Network Management....................1245 Multicast........................... 1249 Open Shortest Path First (OSPF)................. 1250 Routing Information Protocol (RIP)................1251 MIB Location..........................1251 Version 9.10(0.0)
Page 37: About This Guide
This Configuration guide provides information about how to use and configure the software features supported in the Dell Networking operating system (OS) on a C9010 switch and C1048P port extender. You can configure each feature by entering commands from the C9010 console.
Page 38: Related Documents
Related Documents For more information about the Dell Networking C9000 Series, refer to the following documents: • Dell Networking C9010 Getting Started Guide • Dell Networking C9010 Installation Guide • Dell Networking C1048P Getting Started Guide • Dell Networking C1048P Installation Guide •...
Page 39: Configuration Fundamentals
Differences are noted in each CLI description and related documentation. In Dell Networking OS, after a command is enabled, it is entered into the running configuration file. You can view the current configuration for the whole system or for a particular CLI mode. To save the current configuration copy the running configuration to another location.
Page 40: Cli Modes
Security chapter. The Dell Networking OS CLI is divided into three major mode levels: • EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information.
Page 41 DHCP DHCP POOL ECMP-GROUP EXTENDED COMMUNITY FRRP INTERFACE GIGABIT ETHERNET 10 GIGABIT ETHERNET 40 GIGABIT ETHERNET INTERFACE RANGE LOOPBACK MANAGEMENT ETHERNET NULL PORT-CHANNEL TUNNEL VLAN VRRP IPv6 IP COMMUNITY-LIST IP ACCESS-LIST STANDARD ACCESS-LIST EXTENDED ACCESS-LIST MAC ACCESS-LIST LINE AUXILLIARY CONSOLE VIRTUAL TERMINAL LLDP LLDP MANAGEMENT INTERFACE...
Page 42: Navigating Cli Modes
Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode. Move linearly through the command modes, except for the following: •...
Page 43 CLI Command Mode Prompt Access Command PE 1-Gigabit Ethernet interface (on interface (INTERFACE modes) Dell(conf-if-pegi-0/0/0)# a port extender) Port-channel Interface interface (INTERFACE modes) Dell(conf-if-po-0)# Tunnel Interface interface (INTERFACE modes) Dell(conf-if-tu-0)# VLAN Interface interface (INTERFACE modes) Dell(conf-if-vl-0)# STANDARD ACCESS-LIST ip access-list standard (IP...
Page 44 0 TRACE-LIST Dell(conf-trace-acl)# ip trace-list CLASS-MAP Dell(config-class-map)# class-map CONTROL-PLANE Dell(conf-control-cpuqos)# control-plane-cpuqos DCB POLICY Dell(conf-dcb-in)# (for input dcb-input for input policy policy) dcb-output for output policy Dell(conf-dcb-out)# (for output policy) DHCP Dell(config-dhcp)# ip dhcp server DHCP POOL pool (DHCP Mode)
Page 45: The Do Command
Dell Real Time Operating System Software Dell Operating System Version: Dell Application Software Version: E9.9(0.0) Copyright (c) 1999-2015 by Dell Inc. All Rights Reserved. Build Time: Mon Jun 1 15:00:00 2015 Build Path: /build/build03/SW/SRC Dell Networking OS uptime is 15 hour(s), 13 minute(s) System image file is "system://A"...
Page 46: Undoing Commands
3 24-port TE/GE (VG) 4 6-port TE/FG (VG) 2 4-port TE/GE (VG) 208 Ten GigabitEthernet/IEEE 802.3 in10 Forty GigabitEthernet/IEEE 802.3 interface(s) Dell# Dell(conf)#do show running-config interface tengigabitethernet 0/0 interface TenGigabitEthernet 0/0 no ip address shutdown Dell(conf)# Undoing Commands When you enter a command, the command line is added to the running configuration file (running-config).
Page 47: Entering And Editing Commands
Enter ? after a partial keyword lists all of the keywords that begin with the specified letters. Dell(conf)#cl? class-map clock Dell(conf)#cl • Enter [space]? after a keyword lists all of the keywords that can follow the specified keyword. Dell(conf)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone Dell(conf)#clock Entering and Editing Commands Notes for entering commands.
Page 48: Command History
Deletes all characters from the cursor to the end of the word. Command History The Dell Networking OS maintains a history of previously-entered commands for each mode. For example: • When you are in EXEC mode, the UP and DOWN arrow keys display the previously-entered EXEC mode commands.
Page 49 NOTE: Dell Networking OS accepts a space or no space before and after the pipe. To filter a phrase with spaces, underscores, or ranges, enclose the phrase with double quotation marks. The except keyword displays text that does not match the specified text. The following example shows this command used in combination with the show processes command.
Page 50: Multiple Users In Configuration Mode
% Warning: User "" on line vty0 "10.11.130.2" is in configuration mode If either of these messages appears, Dell Networking recommends coordinating with the users listed in the message so that you do not unintentionally overwrite each other’s configuration changes.
Page 51: Getting Started
This chapter describes how you start configuring your operating software. When you power up the chassis, the system performs a power-on self test (POST) and loads the Dell Networking operating software. Boot messages scroll up the terminal window during this process. No user interaction is required if the boot process proceeds without interruption.
Page 52: Serial Console
Serial Console The RJ-45 network management port is located on the left side of the RPM as you face the chassis. Use a supported RJ-45 cable for a network connection. Figure 1. RJ-45 Console Port RJ-45 Console Port Accessing the Console Port To access the console port, follow these steps: For the console port pinout, refer to Accessing the RJ-45 Console Port with a DB-9...
Page 53: Mounting An Nfs File System
Table 2. Pin Assignments Between the Console and a DTE Terminal Server Console Port RJ-45 to RJ-45 RJ-45 to RJ-45 RJ-45 to DB-9 Terminal Server Rollover Cable Rollover Cable Adapter Device Signal RJ-45 Pinout RJ-45 Pinout DB-9 Pin Signal Mounting an NFS File System This feature enables you to quickly access data on an NFS mounted file system.
Page 54: Important Points To Remember
• The usbflash command is supported on the device. Refer to your system’s Release Notes for a list of approved USB vendors. Example of Copying a File to current File System Dell#copy tftp://10.16.127.35/username/dv-maa-C9010-test nfsmount:// Destination file name [dv-maa-sC9010-test]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!.!
Page 55: Default Configuration
Default Configuration Although a version of the Dell Networking OS is pre-loaded on the switch, the system is not configured when you power up the first time (except for the default hostname, which is Dell). You must configure the system using the CLI.
Page 56: Configure The Management Port Ip Address
Configure a username and password. Configure a Username and Password Configure the Management Port IP Address To access the system remotely, assign IP addresses to the management ports. NOTE: Assign an IP address to the management port. Enter INTERFACE mode for the Management port for RPM 0 (RPM 0 is in slot 10). CONFIGURATION mode interface ManagementEthernet 0/0 For RPM 1 (RPM1 in slot 11), configure its Management port:...
Page 57: Configuring The Enable Password
• 7 is for inputting a password that is already encrypted using a Type 7 hash. Obtaining the encrypted password from the configuration of another Dell Networking system. Configuring the Enable Password Access EXEC Privilege mode using the enable command. EXEC Privilege mode is unrestricted by default.
Page 58: File Storage
File Storage The Dell Networking OS can use the internal Flash, external Flash, or remote devices to store files. The system stores files on the internal Flash by default, but can be configured to store files elsewhere. To view file system information, use the following command.
Page 59: Save The Running-Configuration
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 26292881 bytes successfully copied Save the Running-Configuration The running-configuration contains the current system configuration. Dell Networking recommends coping your running-configuration to the startup-configuration. The system uses the startup-configuration during boot-up to configure the system. The startup-configuration is stored in the internal flash on the system by default, but it can be saved on a USB flash device or a remote server.
Page 60: Configure The Overload Bit For A Startup Scenario
Scenario For information about setting the router overload bit for a specific period of time after a switch reload is implemented, refer to the Intermediate System to Intermediate System (IS-IS) section in the Dell Networking OS Command Line Reference Guide.
Page 61: Changes In Configuration Files
Example of the dir Command The output of the dir command also shows the read/write privileges, size (in bytes), and date of modification for each file. Dell# dir Directory of flash: drwx 4096 Jan 01 1980 00:00:00 +00:00 .
Page 62: Viewing Command History
[12/5 10:57:12]: CMD-(CLI):line vty 0 9 Upgrading the Dell Networking OS To upgrade the Dell Networking operating system on the switch, refer to the Release Notes for the software version you want to load. For information about how to verify newly copied or currently running software images, see: •...
Page 63: Switch Management
Switch Management This chapter describes the switch management tasks supported on the switch. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 privilege levels, of which three are pre-defined. The default privilege level is 1. Level Description Level 0...
Page 64: Moving A Command From Exec Privilege Mode To Exec Mode
Moving a Command from EXEC Privilege Mode to EXEC Mode To move a command from EXEC Privilege to EXEC mode for a privilege level, use the privilege exec command from CONFIGURATION mode. In the command, specify the privilege level of the user or terminal line and specify all keywords in the command to which you want to allow access.
Page 65 VTY 0 allows access to CONFIGURATION mode with the banner command allows access to INTERFACE and LINE modes are allowed with no commands. Dell(conf)#do show run priv privilege exec level 3 capture privilege exec level 3 configure...
Page 66: Applying A Privilege Level To A Username
When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configuring Logging The Dell Networking operating system tracks changes in the system using event and error messages. By default, the operating system logs these messages on: Switch Management...
Page 67: Audit And Security Logs
• the internal buffer • console and terminal lines • any configured syslog servers To disable logging, use the following commands. • Disable all logging except on the console. CONFIGURATION mode no logging on • Disable logging to the logging buffer. CONFIGURATION mode no logging buffer •...
Page 68 Dell#show logging auditlog May 12 12:20:25: Dell#: %CLI-6-logging extended by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.98) Switch Management...
Page 69: Configuring Logging Format
Example of the clear logging auditlog Command Dell# clear logging auditlog Configuring Logging Format To display syslog messages in a RFC 3164 or RFC 5424 format, use the logging version [0 | 1} command in CONFIGURATION mode.
Page 70 To configure a secure connection from the switch to the syslog server: On the switch, enable the SSH server On the syslog server, create a reverse SSH tunnel from the syslog server to the switch, Dell(conf)#ip ssh server enable using following syntax: ssh -R ::...
Page 71: Track Login Activity
Dell(conf)#logging 127.0.0.1 tcp 5140 Track Login Activity Dell Networking OS enables you to track the login activity of users and view the successful and unsuccessful login events. When you log in using the console or VTY line, the system displays the last successful login details of the current user and the number of unsuccessful login attempts since your last successful login to the system, and whether the current user’s permissions have changed since the last login.
Page 72: Display Login Statistics
The following example enables login activity tracking and configures the system to store the login activity details for 12 days. Dell(config)#login statistics enable Dell(config)#login statistics time-period 12 Display Login Statistics To view the login statistics, use the show login statistics command.
Page 73 The following is sample output of the show login statistics unsuccessful-attempts time- period days command. Dell# show login statistics unsuccessful-attempts time-period 15 There were 0 unsuccessful login attempt(s) for user admin in last 15 day(s). The following is sample output of the show login statistics unsuccessful-attempts user login-id command.
Page 74: Limit Concurrent Login Sessions
Limit Concurrent Login Sessions Dell Networking OS enables you to limit the number of concurrent login sessions of users on VTY, auxiliary, and console lines. You can also clear any of your existing sessions when you reach the maximum permitted number of concurrent sessions.
Page 75: Log Messages In The Internal Buffer
Example of Enabling the System to Clear Existing Sessions The following example enables you to clear your existing login sessions. Dell(config)#login concurrent-session clear-line enable Example of Clearing Existing Sessions When you try to log in, the following message appears with all your existing concurrent sessions, providing an option to close any one of the existing sessions: $ telnet 10.11.178.14...
Page 76: Disabling System Logging
• Send System Messages to a Syslog Server • Change System Logging Settings • Display the Logging Buffer and the Logging Configuration • Configure a UNIX Logging Facility Level • Enable Timestamp on Syslog Messages • Synchronize Log Messages • Audit and Security Logs •...
Page 77: Configuring A Unix System As A Syslog Server
EXEC privilege mode. When RBAC is enabled, the security logs are filtered based on the user roles. Only the security administrator and system administrator can view the security logs. Example of the show logging Command Dell#show logging Syslog logging: enabled Console logging: level debugging...
Page 78: Changing System Logging Settings
Jan 21 02:56:54: %SYSTEM:CP %IFMGR-5-OSTATE_UP: Changed interface state to up: Te --More-- To view any changes made, use the show running-config logging command in EXEC privilege mode, as shown in the example for Configure a UNIX Logging Facility Level. Changing System Logging Settings You can change the default settings of the system logging by changing the severity level and the storage location.
Page 79: Configuring A Unix Logging Facility Level
(for syslog messages) • user (for user programs) • uucp (UNIX to UNIX copy protocol) Example of the show running-config logging Command To view non-default settings, use the show running-config logging command in EXEC mode. Dell#show running-config logging Switch Management...
Page 80: Synchronizing Log Messages
Dell# Synchronizing Log Messages You can configure the Dell Networking OS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.
Page 81: File Transfer Services
(VLAN) interfaces. For more information about FTP, refer to RFC 959, File Transfer Protocol. NOTE: To transmit large files, Dell Networking recommends configuring the switch as an FTP server. Configuration Task List for File Transfer Services The configuration tasks for file transfer services are: •...
Page 82: Configuring Ftp Server Parameters
Example of Viewing FTP Configuration Dell#show running ftp ftp-server enable ftp-server username nairobi password 0 zanzibar Dell# Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To specify the system logging settings, use the following commands.
Page 83: Terminal Lines
Denying and Permitting Access to a Terminal Line Dell Networking recommends applying only standard access control lists (ACLs) to deny and permit access to VTY lines. • Layer 3 ACLs deny all traffic that is not explicitly permitted, but in the case of VTY lines, an ACL with no rules does not deny traffic.
Page 84: Configuring Login Authentication For Terminal Lines
LINE mode password password Example of Terminal Line Authentication In the following example, VTY lines 0-2 use a single authentication method, line. Dell(conf)#aaa authentication login myvtymethodlist line Dell(conf)#line vty 0 2 Dell(config-line-vty)#login authentication myvtymethodlist Dell(config-line-vty)#password myvtypassword Dell(config-line-vty)#show config...
Page 85: Setting Time Out Of Exec Privilege Mode
Example of Setting the Time Out Period for EXEC Privilege Mode The following example shows how to set the time-out period and how to view the configuration using the show config command from LINE mode. Dell(conf)#line console 0 Dell(config-line-console)#exec-timeout 0 Dell(config-line-console)#show config...
Page 86: Lock Configuration Mode
Enter an IPv4 address in dotted decimal format (A.B.C.D). Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. Example of the telnet Command for Device Access Dell# telnet 10.11.80.203 Trying 10.11.80.203... Connected to 10.11.80.203. Exit character is '^]'.
Page 87: Recovering From A Forgotten Password
EXEC Privilege mode. If you clear a console session, the user is returned to EXEC mode. Example of Locking CONFIGURATION Mode for Single-User Access Dell(conf)#configuration mode exclusive auto BATMAN(conf)#exit 3d23h35m: %SYSTEM-P:CP %SYS-5-CONFIG_I: Configured from console by console Dell#config ! Locks configuration mode exclusively.
Page 88: Ignoring The Startup Configuration And Booting From The Factory-Default Configuration
Recovering from a Failed Start A switch that does not start correctly might be trying to boot from a corrupted Dell Networking OS image or from a mis-specified location. In this case, you can restart the system and interrupt the boot process to point the system to another boot location.
Page 89: Restoring Factory-Default Settings
After the restore is complete, a switch reloads immediately. The following example shows how the restore factory-defaults command restores a switch to its factory default settings. Dell# restore factory-defaults chassis nvram *********************************************************************** Warning - Restoring factory defaults will delete the existing persistent settings (stacking, fanout, etc.)
Page 90: Restoring Factory-Default Boot Environment Variables
Restoring Factory-Default Boot Environment Variables The Boot line determines the location of the image that is used to boot up the switch after restoring factory- default settings. Ideally, these locations contain valid images, which the switch uses to boot up. When you restore factory-default settings, you can either use a flash boot procedure or a network boot procedure to boot the switch.
Page 91: Using Hashes To Verify Software Images Before Installation
The validation calculates a hash value of the downloaded image file on system’s flash drive, and, optionally, compares it to a Dell Networking published hash for that file. The MD5 or SHA256 hash provides a method of validating that you have downloaded the original software.
Page 92 Download Dell Networking OS software image file from the iSupport page to the local (FTP or TFTP) server. The published hash for that file is displayed next to the software image file on the iSupport page. Go on to the Dell Networking system and copy the software image to the flash drive, using the copy command.
Page 93: Verifying System Images On C9010 Components
RPM1 line-card processor: linecard 11 • The rows linecard 0 through linecard 9 list the system images for each line card installed in chassis slots 0 to 9. Dell#show boot system all Current system image information in the system: =============================================== Type...
Page 94: Manually Resetting The System Image On A C9010 Component
You are prompted to enter boot variables by specifying a path (for example, using FTP or TFTP) or system filename for the Dell Networking OS image that you want to load. Enter the component’s boot parameters displayed in the show bootvar output.
Page 95: Logging In To The Virtual Console Of A C9010 Component
The following examples display boot variables and C9010 internal IP addresses for the RPM0 route processor, RPM0 line-card processor, and line card installed in slot 3. BOOT_USER# show bootvar RPM (RP0) ***** Welcome to Dell Networking OS Boot Interface ***** PRIMARY OPERATING SYSTEM BOOT PARAMETERS: Switch Management...
Page 96 : 127.10.10.10 username : f10agent password : imagereq BOOT_USER# show bootvar RPM (LP10) ***** Welcome to Dell Networking OS Boot Interface ***** PRIMARY OPERATING SYSTEM BOOT PARAMETERS: ======================================== boot device : ftp file name : force10/rd/tgtimg/runtime/LP.bin Management Etherenet IP address : 127.10.10.113...
Page 97 (typically RADIUS) using a mandatory intermediary network access device, in this case, a Dell Networking switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure. The network access device uses EAP-over-Ethernet (EAPOL) to communicate with the end-user device and EAP-over-RADIUS to communicate with the server.
Page 98 The following figures show how the EAP frames are encapsulated in Ethernet and RADIUS frames. Figure 2. EAP Frames Encapsulated in Ethernet and RADUIS Figure 3. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant.
Page 99: 802.1X
The authenticator also changes the status of the port based on the results of the authentication process. The Dell Networking switch is the authenticator. • The authentication-server selects the authentication method, verifies the information the supplicant provides, and grants it network access privileges.
Page 100 The authentication server replies with an Access-Challenge frame. The Access-Challenge frame requests that the supplicant prove that it is who it claims to be, using a specified method (an EAP-Method). The challenge is translated and forwarded to the supplicant by the authenticator. The supplicant can negotiate the authentication method, but if it is acceptable, the supplicant provides the Requested Challenge information in an EAP response, which is translated and forwarded to the authentication server as another Access-Request frame.
Page 101: Eap Over Radius
The Type value for EAP messages is 79. Figure 5. EAP Over RADIUS RADIUS Attributes for 802.1 Support Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages: Attribute 31 Calling-station-id: relays the supplicant MAC address to the authentication server.
Page 102: Important Points To Remember
• Configuring MAC addresses for a dot1x Profile • Configuring static MAB and MAB profile • Enabling Critical-VLAN • Configuring Request Identity Re-Transmissions • Forcibly Authorizing or Unauthorizing a Port • Configuring a Quiet Period after a Failed Authentication • Re-Authenticating a Port •...
Page 103: Enabling 802.1X
Enabling 802.1X Enable 802.1X globally. Figure 6. 802.1X Enabled Enable 802.1X globally. CONFIGURATION mode dot1x authentication Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] Enable 802.1X on the supplicant interface only. 802.1X...
Page 104 Verify that 802.1X is enabled globally and at the interface level using the show running-config | find dot1x command from EXEC Privilege mode. The bold text show that 802.1x has been enabled. By default, ports are not authorized. Dell#show running-config | find dot1x dot1x authentication [output omitted]...
Page 105: Configuring Dot1X Profile
SINGLE_HOST Auth PAE State: Initialize Backend State: Initialize Dell#show int peGigE 255/0/2 peGigE 255/0/2 is up, line protocol is down(802.1x authorization failed) Hardware is DellEth, address is 34:17:eb:00:aa:12 Current address is 34:17:eb:00:aa:12 Pluggable media not present Interface index is 804258823...
Page 106: Configuring Mac Addresses For A Do1X Profile
Example of Configuring and Displaying a dot1x Profile Dell(conf)#dot1x profile test Dell(conf-dot1x-profile)# Dell#show dot1x profile 802.1x profile information ----------------------------- Dot1x Profile test Profile MACs 00:00:00:00:01:11 Configuring MAC addresses for a do1x Profile To configure a list of MAC addresses for a dot1x profile, use the mac command. You can configure 1 to 6 MAC addresses.
Page 107: Configuring Critical Vlan
Example of Static MAB and MAB Profile for an Interface Dell(conf-if-Te-2/1)#dot1x static-mab profile sample Dell(conf-if-Te 2/1))#show config interface TenGigabitEthernet 21 switchport dot1x static-mab profile sample no shutdown Dell(conf-if-Te 2/1))#show dot1x interface TenGigabitEthernet 2/1 802.1x information on Te 2/1: ----------------------------- Dot1x Status: Enable Port Control: Auto...
Page 108: Configuring Request Identity Re-Transmissions
Example of Configuring a Critical VLAN for an Interface Dell(conf-if-Te-2/1)#dot1x critical-vlan 300 Dell(conf-if-Te 2/1)#show config interface TenGigabitEthernet 2/1 switchport dot1x critical-vlan 300 no shutdown Dell#show dot1x interface tengigabitethernet 2/1 802.1x information on Te 2/1: ------------------------------------------------------ Dot1x Status: Enable Port Control: AUTO...
Page 109: Configuring A Quiet Period After A Failed Authentication
90 seconds and a maximum of 10 times for an unresponsive supplicant • re-transmits an EAP Request Identity frame The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions. Dell(conf-if-range-Te-0/0)#dot1x tx-period 90 Dell(conf-if-range-Te-0/0)#dot1x max-eap-req 10 Dell(conf-if-range-Te-0/0)#dot1x quiet-period 120 Dell#show dot1x interface TenGigabitEthernet 2/1 802.1X...
Page 110: Forcibly Authorizing Or Unauthorizing A Port
Example of Placing a Port in Force-Authorized State and Viewing the Configuration The example shows configuration information for a port that has been force-authorized. The bold line shows the new port-control state. Dell(conf-if-Te-0/0)#dot1x port-control force-authorized Dell(conf-if-Te-0/0)#show dot1x interface TenGigabitEthernet 0/0 802.1x information on Te 0/0: ----------------------------- Dot1x Status: Enable 802.1X...
Page 111: Re-Authenticating A Port
The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period. Dell(conf-if-Te-0/0)#dot1x reauthentication Dell(conf-if-Te-0/0)#dot1x reauthentication interval 7200 Dell(conf-if-Te-0/0)#dot1x reauth-max 10 Dell(conf-if-Te-0/0)#do show dot1x interface TenGigabitEthernet 0/0 802.1x information on Te 0/0: ----------------------------- Dot1x Status: Enable...
Page 112: Configuring Dynamic Vlan Assignment With Port Authentication
The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the standard dot1x procedure: The host sends a dot1x packet to the Dell Networking system The system forwards a RADIUS REQEST packet containing the host MAC address and ingress port...
Page 113: Guest And Authentication-Fail Vlans
Dynamic VLAN Assignment with Port Authentication). Guest and Authentication-Fail VLANs Typically, the authenticator (the Dell system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either 802.1X...
Page 114: Configuring A Guest Vlan
INTERFACE mode or using the show dot1x interface command from EXEC Privilege mode. Example of Viewing Configured Authentication The following examples shows you how to view the configured authentication using the show configuration command in Interface mode. Dell(conf-if-Te-2/1)#dot1x guest-vlan 200 Dell(conf-if-Te 2/1))#show config interface TenGigabitEthernet 21 switchport dot1x guest-vlan 200...
Page 115: Configuring An Authentication-Fail Vlan
INTERFACE mode. Configure the maximum number of authentication attempts by the authenticator using the keyword max-attempts with this command. Example of Configuring Maximum Authentication Attempts Dell(conf-if-Te-2/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-2/1)#show config interface TenGigabitEthernet 2/1 switchport...
Page 116: Configuring Timeouts
0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 203 Multicasts, 0 Broadcasts, 10760802177 Unicasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics: 2285 packets, 146240 bytes, 0 underruns 2285 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 1983 Multicasts, 0 Broadcasts, 302 Unicasts 0 throttles, 0 discarded, 0 collisions, 0 wreddrops...
Page 117: Multi-Host Authentication
The example shows configuration information for a port for which the authenticator terminates the authentication process for an unresponsive supplicant or server after 15 seconds. The bold lines show the new supplicant and server timeouts. Dell(conf-if-Te-0/0)#dot1x port-control force-authorized Dell(conf-if-Te-0/0)#do show dot1x interface TenGigabitEthernet 0/0 802.1x information on Te 0/0: ----------------------------- Dot1x Status:...
Page 118 frames. When a port is authorized, the authenticated supplicant MAC address is associated with the port, and traffic from any other source MACs is dropped. Figure 8. Single-Host Authentication Mode 802.1X...
Page 119 When multiple end users are connected to a single authenticator port, single-host mode authentication does not authenticate all end users, and all but one are denied access to the network. For these cases, the Dell Networking OS supports multi-host mode authentication.
Page 120: Authentication
Interface mode. To return to the default single-host authentication mode, enter the no dot1x host-mode command. To verify the currently configured authentication mode, enter the show dot1x interface command. Dell(conf-if-te-2/1)# dot1x host-mode multi-host Dell(conf-if-te-2/1)# do show dot1x interface tengigabitethernet 2/1 802.1x information on Te 2/1: ----------------------------- Dot1x Status:...
Page 121: Multi-Supplicant Authentication
Interface mode. To return to the default single-host authentication mode, enter the no dot1x host- mode command. To verify the currently configured authentication mode, enter the show dot1x interface command. Dell(conf-if-te-1/3)# dot1x host-mode multi-auth Dell(conf-if-te-1/3)# do show dot1x interface tengigabitethernet 0103 802.1x information on Te 0/0: ----------------------------- Dot1x Status: Enable 802.1X...
Page 122: Mac Authentication Bypass
Interface mode. By default, the maximum number of multi-supplicant devices is 128. Dell(conf-if-te-2/1)# dot1x max-supplicants 4 MAC Authentication Bypass MAC authentication bypass (MAB) enables you to provide MAC-based security by allowing only known MAC addresses within the network using a RADIUS server.
Page 123: Mab In Single-Host And Multi-Host Mode
their MAC address, and places them into a VLAN different from the VLAN in which unknown devices are placed. For an 802.1X-incapable device, 802.1X times out if the device does not respond to the Request Identity frame. If MAB is enabled, the port is then put into learning state and waits indefinitely until the device sends a packet.
Page 124: Configuring Mac Authentication Bypass
Verify the MAB and 802.1X configuration using the show dot1x interface command from EXEC Privilege mode. The bold text shows that MAB is enabled on the interface. Dell#show dot1x interface Te 0/0 802.1X information on Te 0/0: ---------------------------- Dot1x Status:...
Page 125: Dynamic Cos With 802.1X
Quality of Service (QoS) traffic management to control the level of service for a class in terms of bandwidth and delivery time. For incoming traffic, the Dell Networking OS allows you to set a static priority value on a per-port basis or dynamically set a priority on a per-port basis by leveraging 802.1X.
Page 126 If multi-supplicant authentication mode is enabled on a port, you can configure a CoS mapping table for specified MAC addresses in the RADIUS server. Dell Networking OS then maintains a per-MAC CoS table for each port, and marks the priority of all traffic originating from a configured MAC address with the corresponding table value.
Page 127: Access Control Lists (Acls)
Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. • Access control lists (ACLs), Ingress IP and MAC ACLs , and Egress IP and MAC ACLs are supported on the system. At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses.
Page 128: Ip Access Control Lists (Acls)
Destination UDP port number For more information about ACL options, refer to the Dell Networking OS Command Reference Guide. For extended ACL, TCP, and UDP filters, you can match criteria on specific or ranges of TCP or UDP ports. For extended ACL TCP filters, you can also match criteria on established TCP sessions.
Page 129 Test CAM Usage The test cam-usage command is supported on the C9000 series. This command applies to both IPv4 and IPv6 CAM profiles, but is best used when verifying QoS optimization for IPv6 ACLs.
Page 130: User-Configurable Cam Allocation
User-Configurable CAM Allocation User-configurable content-addressable memory (CAM) allows you to specify the amount of memory space that you want to allocate for ACLs. To allocate ACL CAM, use the cam-acl command in CONFIGURATION mode. For information about how to allocate CAM for ACL VLANs, see Allocating ACL VLAN CAM.
Page 131 1 block = 256 entries L2Acl Ipv4Acl Ipv6Acl Ipv4Qos L2Qos IpMacAcl Dell(conf)#cam-acl-pe ? default Reset PE CAM ACL entries to default setting l2acl Set L2-ACL entries Dell(conf)#cam-acl-pe l2acl 3 ipv4acl 2 ipv6acl 2 ipv4qos 2 l2qos 1 ipmacacl 2 Access Control Lists (ACLs)
Page 132: Allocating Cam For Egress Acls On The Port Extender
Examples of Allocating CAM for Egress ACLs on the Port Extender The following example displays the current CAM ACL settings for each egress region and configures the egress CAM settings. Dell# show cam-acl-egress-pe -- Port extender Egress Cam ACL -- Access Control Lists (ACLs)
Page 133: Implementing Acls
L2Acl Ipv4Acl Ipv6Acl Dell(conf)#cam-acl-egress-pe l2acl 2 ipv4acl 2 ipv6acl 0 The following example displays the running configuration for the configured CAM ACLs. Dell(conf)#do show running-config | grep cam-acl cam-acl l2acl 3 ipv4acl 4 ipv6acl 0 ipv4qos 2 l2qos 1 l2pt 0 ipmacacl 0 vman-qos 0...
Page 134: Ip Fragment Handling
By default, all ACL rules have an order of 254. Example of the Keyword to Determine ACL Sequence order Dell(conf)#ip access-list standard acl1 Dell(config-std-nacl)#permit 20.0.0.0/8 Dell(config-std-nacl)#exit Dell(conf)#ip access-list standard acl2 Dell(config-std-nacl)#permit 20.1.1.0/24 order 0...
Page 135: Ip Fragments Acl Examples
The following configuration permits all packets (both fragmented and non-fragmented) with destination IP 10.1.1.1. The second rule does not get hit at all. Dell(conf)#ip access-list extended ABC Dell(conf-ext-nacl)#permit ip any 10.1.1.1/32Dell(conf-ext-nacl)#deny ip any 10.1.1.1./32 fragments Dell(conf-ext-nacl) Example of Denying Second and Subsequent Fragments To deny the second/subsequent fragments, use the same rules in a different order.
Page 136: Configure A Standard Ip Acl
To configure an ACL, use commands in IP ACCESS LIST mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL.
Page 137: Configuring A Standard Ip Acl Filter
ACL-name interface interface command in EXEC Privilege mode. Examples of Using a Standard IP ACL The following example shows viewing the rules of a specific ACL on an interface. Dell#show ip accounting access-list ToOspf interface gig 1/6 Standard IP access list ToOspf seq 5 deny any seq 10 deny 10.2.0.0 /16...
Page 138: Configure An Extended Ip Acl
Dell(config-std-nacl)# To view all configured IP ACLs, use the show ip accounting access-list command in EXEC Privilege mode. Dell#show ip accounting access example interface gig 4/12 Extended IP access list example seq 10 deny tcp any any eq 111 seq 15 deny udp any any eq 111...
Page 139 In the example, filter 15 was configured before filter 5, but the show config command displays the filters in the correct order. Dell(config-ext-nacl)#seq 15 deny ip host 112.45.0.0 any log Dell(config-ext-nacl)#seq 5 permit tcp 12.1.3.45 0.0.255.255 any Access Control Lists (ACLs)
Page 140: Configuring Filters Without A Sequence Number
LIST mode displays the two filters with the sequence numbers 5 and 10. Example of Viewing Filter Sequence for a Specified Extended ACL Dell(config-ext-nacl)#deny tcp host 123.55.34.0 any Dell(config-ext-nacl)#permit udp 154.44.123.34 0.0.255.255 host 34.6.0.0 Dell(config-ext-nacl)#show config ip access-list extended nimule seq 5 deny tcp host 123.55.34.0 any...
Page 141: Configure Layer 2 And Layer 3 Acls
Configure Layer 2 and Layer 3 ACLs Both Layer 2 and Layer 3 ACLs may be configured on an interface in Layer 2 mode. If both L2 and L3 ACLs are applied to an interface, the following rules apply: • When the system routes the packets, only the L3 ACL governs them because they are not filtered against an L2 ACL.
Page 142: Guidelines For Configuring Acl Vlan Groups
Guidelines for Configuring ACL VLAN Groups Keep the following points in mind when you configure ACL VLAN groups: • The VLAN member interfaces, on which the ACL in an ACL VLAN group is applied, function as restricted interfaces. The ACL VLAN group name identifies the group of VLANs on which hierarchical filtering is performed.
Page 143: Allocating Acl Vlan Cam
ACL-VLAN-GROUP CONFIGURATION (conf-acl-vl-grp) mode member vlan vlan-range Verify the currently configured ACL VLAN groups on the switch. ACL-VLAN-GROUP CONFIGURATION (conf-acl-vl-grp) mode show acl-vlan-group {group-name | detail} Dell#show acl-vlan-group detail Group Name : TestGroupSeventeenTwenty Egress IP Acl : SpecialAccessOnlyExpertsAllowed Vlan Members :...
Page 144: Applying An Ip Acl To An Interface
vlan {vlanaclopt | vlaniscsi | vlanopenflow} command allows you to allocate filter processor (FP) blocks of memory for ACL VLAN services: iSCSI counters, Open Flow, and ACL VLAN optimization. You can configure CAM allocation for only two of these VLAN services at a time. You can allocate from 0 to 2 FP blocks for each VLAN service.
Page 145: Applying Ingress Acls On The Port Extender
To specify ingress, use the in keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To view the access-list, use the show command. Dell(conf)#interface pegigE 1/0/0 Dell(conf-if-pegi-1/0/0)#ip access-group abcd in Dell(conf-if-pegi-1/0/0)#show config pegig 1/0/0 no ip address...
Page 146: Applying Layer 3 Egress Acls On Control-Plane Traffic
To specify ingress, use the out keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To view the access-list, use the show command. Dell(conf)#interface gige 0/0 Dell(conf-if-gige0/0)#ip access-group abcd out Dell(conf-if-gige0/0)#show config gigethernet 0/0 no ip address...
Page 147: Counting Acl Hits
{source mask | any | host ip-address} {destination mask | any | host ip-address} count Dell Networking OS Behavior: Virtual router redundancy protocol (VRRP) hellos and internet group management protocol (IGMP) packets are not affected when you enable egress ACL filtering for CPU traffic.
Page 148: Implementation Information
Configuring a prefix list • Use a prefix list for route redistribution For a complete listing of all commands related to prefix lists, refer to the Dell Networking OS Command Line Reference Guide. Creating a Prefix List To create a prefix list, use the following commands.
Page 149 In the example, filter 20 was configured before filter 15 and 12, but the show config command displays the filters in the correct order. Dell(conf-nprefixl)#seq 20 permit 0.0.0.0/0 le 32 Dell(conf-nprefixl)#seq 12 deny 134.23.0.0 /16 Dell(conf-nprefixl)#seq 15 deny 120.23.14.0 /8 le 16 Dell(conf-nprefixl)#show config ip prefix-list juba seq 12 deny 134.23.0.0/16 seq 15 deny 120.0.0.0/8 le 16...
Page 150 [prefix-name] Examples of the show ip prefix-list Commands The following example shows the show ip prefix-list detail command. Dell>show ip prefix detail Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 seq 5 deny 1.102.0.0/16 le 32 (hit count: 0)
Page 151 Dell(conf-router_rip)#show config router rip distribute-list prefix juba out network 10.0.0.0 Dell(conf-router_rip)#router ospf 34 Applying a Filter to a Prefix List (OSPF) To apply a filter to routes in open shortest path first (OSPF), use the following commands. • Enter OSPF mode.
Page 152: Acl Resequencing
Dell(conf-router_ospf)#show config router ospf 34 network 10.2.1.1 255.255.255.255 area 0.0.0.1 distribute-list prefix awe in Dell(conf-router_ospf)# ACL Resequencing ACL resequencing allows you to re-number the rules and remarks in an access or prefix list. The placement of rules within the list is critical because packets are matched against rules in sequential order.
Page 153 10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.4 Dell# end Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1...
Page 154: Route Maps
Dell# end Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1 seq 4 permit ip any host 1.1.1.1 remark 6 this remark has no corresponding rule remark 8 this remark corresponds to permit ip any host 1.1.1.2...
Page 155: Configuration Task List For Route Maps
To view the configuration, use the show config command in ROUTE-MAP mode. The following example shows viewing a configured route-map. Dell(config-route-map)#show config route-map dilling permit 10 Dell(config-route-map)# You can create multiple instances of this route map by using the sequence number option to place the route maps in the correct order.
Page 156 Dell# To delete all instances of that route map, use the no route-map map-name command. To delete just one instance, add the sequence number to the command syntax. Dell(conf)#no route-map zakho 10 Dell(conf)#end Dell#show route-map route-map zakho, permit, sequence 20...
Page 157: Configuring Match Routes
Also, if there are different instances of the same route-map, then it’s sufficient if a permit match happens in any instance of that route-map. Example of the match Command to Match All Specified Values Dell(conf)#route-map force permit 10 Dell(config-route-map)#match tag 1000 Dell(config-route-map)#match metric 2000 In the following example, instance 10 permits the route having a tag value of 1000 and instances 20 and 30 deny the route having a tag value of 1000.
Page 158 • For a VLAN, enter the keyword vlan then a number from 1 to 4094. • Match destination routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode match ip address prefix-list-name • Match destination routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode match ipv6 address prefix-list-name •...
Page 159: Configuring Set Conditions
Configuring Set Conditions To configure a set condition, use the following commands. • Add an AS-PATH number to the beginning of the AS-PATH. CONFIG-ROUTE-MAP mode set as-path prepend as-number [... as-number] • Generate a tag to be added to redistributed routes. CONFIG-ROUTE-MAP mode set automatic-tag •...
Page 160: Configure A Route Map For Route Redistribution
To create route map instances, use these commands. There is no limit to the number of set commands per route map, but the convention is to keep the number of set filters in a route map low. Set commands do not require a corresponding match command.
Page 161: Continue Clause
[nlbclusteracl number] ipv4pbr number }openflow number | fcoe number} [ipv4udfenable] [iscsioptacl number] [vrfv4acl number] Dell(conf)#cam-acl l2acl 1 ipv4acl 8 ipv6acl 2 ipv4qos 0 l2qos 2 l2pt 0 ipmacacl 0 vman-qos 0 ecfmacl 0 ipv4udfenable View the currently configured CAM allocation.
Page 162 Configure a UDF ID to parse packet headers using the specified number of offset and required bytes. CONFIGURATION-UDF TCAM mode key description udf-id id packetbase PacketBase offset bytes length bytes Dell(conf-udf-tcam)#key innerL3header udf-id 6 packetbase innerL3Header offset 0 length 2 View the UDF TCAM configuration.
Page 163: Hot-Lock Behavior
5 permit ip any any udf-pkt-format ipnip udf-qualifier-value ipnip_val1 Dell(config-ext-nacl)# Hot-Lock Behavior Dell Networking OS hot-lock features allow you to append and delete their corresponding content addressable memory (CAM) entries dynamically without disrupting traffic. Existing entries are simply shuffled to accommodate new entries.
Page 164: Bidirectional Forwarding Detection (Bfd)
BFD also carries less overhead than routing protocol hello mechanisms. Control packets can be encapsulated in any form that is convenient, and, on Dell Networking routers, BFD agents maintain sessions that reside on the line card, which frees resources on the Route Processor. Only session state changes are reported to the BFD Manager (on the Route Processor), which in turn notifies the routing protocols that are registered with it.
Page 165 NOTE: The Dell Networking OS does not support multi-hop BFD sessions. If a system does not receive a control packet within an agreed-upon amount of time, the BFD agent changes the session state to Down. It then notifies the BFD manager of the change and sends a control packet to the neighbor that indicates the state change (though it might not be received if the link or receiving interface is faulty).
Page 166: Bfd Packet Format
BFD Packet Format Control packets are encapsulated in user datagram protocol (UDP) packets. The following illustration shows the complete encapsulation of a BFD control packet inside an IPv4 packet. Figure 10. BFD in IPv4 Packet Format Field Description Diagnostic Code The reason that the last session failed.
Page 167 Required Min Echo The minimum rate at which the local system would like to receive echo packets. NOTE: The Dell Networking OS does not currently support the echo function. Authentication An optional method for authenticating control packets. Type,...
Page 168: Bfd Sessions
Demand mode initiator. Either system (but not both) can request Demand mode at any time. NOTE: The Dell Networking OS supports Asynchronous mode only. A session can have four states: Administratively Down, Down, Init, and Up. Administratively The local system does not participate in a particular session.
Page 169 When the passive system receives any of these control packets, it changes its session state to Init and sends a response that indicates its state change. The response includes its session ID in the My Discriminator field and the session ID of the remote system in the Your Discriminator field. The active system receives the response from the passive system and changes its session state to Up.
Page 170: Session State Changes
Session State Changes The following illustration shows how the session state on a system changes based on the status notification it receives from the remote system. For example, if a session on a system is down and it receives a Down status notification from the remote system, the session state on the local system changes to Init.
Page 171: Configure Bfd
Configure BFD This section contains the following procedures. • Configure BFD for Static Routes • Configure BFD for OSPF • Configure BFD for OSPFv3 • Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness Configure BFD for Static Routes Configuring BFD for static routes is supported on the switch.
Page 172 Establishing Sessions for Static Routes Sessions are established for all neighbors that are the next hop of a static route. Figure 13. Establishing Sessions for Static Routes To establish a BFD session, use the following command. • Establish BFD sessions for all neighbors that are the next hop of a static route. CONFIGURATION mode ip route bfd Example of the show bfd neighbors Command to Verify Static Routes...
Page 173: Configure Bfd For Ospf
To change parameters for static route sessions, use the following command . • Change parameters for all static route sessions. CONFIGURATION mode ip route bfd interval milliseconds min_rx milliseconds multiplier value role [active | passive] To view session parameters, use the show bfd neighbors detail command, as shown in the examples in Displaying BFD for BGP Information.
Page 174 Related Configuration Tasks • Changing OSPF Session Parameters • Disabling BFD for OSPF Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state.
Page 175 To establish BFD with all OSPF neighbors or with OSPF neighbors on a single interface, use the following commands. • Establish sessions with all OSPF neighbors. ROUTER-OSPF mode bfd all-neighbors • Establish sessions with OSPF neighbors on a single interface. INTERFACE mode ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors...
Page 176: Configure Bfd For Ospfv3
Disabling BFD for OSPFv3 If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a Down state. If you disable BFD on an interface, sessions on the interface are torn down and sessions on the remote system are placed in a Down state.
Page 177: Configure Bfd For Is-Is
bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] • Change parameters for OSPFv3 sessions on a single interface. INTERFACE mode ipv6 ospf bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] Disabling BFD for OSPFv3 If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a Down state.
Page 178 on the line card notifies the BFD manager, which in turn notifies the IS-IS protocol that a link state change occurred. Configuring BFD for IS-IS is a two-step process: Enable BFD globally. Establish sessions for all or particular IS-IS neighbors. Related Configuration Tasks •...
Page 179 To establish BFD with all IS-IS neighbors or with IS-IS neighbors on a single interface, use the following commands. • Establish sessions with all IS-IS neighbors. ROUTER-ISIS mode bfd all-neighbors • Establish sessions with IS-IS neighbors on a single interface. INTERFACE mode isis bfd all-neighbors Example of Verifying Sessions with IS-IS Neighbors...
Page 180: Configure Bfd For Bgp
Disabling BFD for IS-IS If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a Down state. If you disable BFD on an interface, sessions on the interface are torn down and sessions on the remote system are placed in a Down state.
Page 181 For example, the following illustration shows a sample BFD configuration on Router 1 and Router 2 that use eBGP in a transit network to interconnect AS1 and AS2. The eBGP routers exchange information with each other as well as with iBGP routers to maintain connectivity and accessibility within each autonomous system. Figure 16.
Page 182 session (other routing protocols) about the failure. It then depends on the individual routing protocols that uses the BGP link to determine the appropriate response to the failure condition. The typical response is to terminate the peering session for the routing protocol and reconverge by bypassing the failed neighboring router.
Page 183 • Disable a BFD for BGP session with a specified neighbor. ROUTER BGP mode neighbor {ip-address | peer-group-name} bfd disable • Remove the disabled state of a BFD for BGP session with a specified neighbor. ROUTER BGP mode no neighbor {ip-address | peer-group-name} bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members of a peer group (the neighbor peer-group-name bfd command in ROUTER BGP configuration mode).
Page 184 EXEC Privilege mode show ip bgp neighbors [ip-address] Examples of the BFD show Commands The following example shows verifying a BGP configuration. R2# show running-config bgp router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor 3.3.3.2 no shutdown...
Page 185 Statistics: Number of packets received from neighbor: 4762 Number of packets sent to neighbor: 4490 Number of state changes: 2 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 5 Session Discriminator: 10 Neighbor Discriminator: 11 Local Addr: 2.2.2.3 Local MAC Addr: 00:01:e8:66:da:34...
Page 186 De-registration : 0 Init Down Admin Down The following example shows viewing BFD summary information. The bold line shows the message displayed when you enable BFD for BGP connections. R2# show ip bgp summary BGP router identifier 10.0.0.1, local AS number 2 BGP table version is 0, main routing table version 0 BFD is enabled, Interval 200 Min_rx 200 Multiplier 3 Role Active 3 neighbor(s) using 24168 bytes of memory...
Page 187: Configure Bfd For Vrrp
Prefixes accepted 0 (consume 0 bytes), withdrawn 0 by peer, martian prefixes ignored 0 Prefixes advertised 0, denied 0, withdrawn 0 from peer Connections established 1; dropped 0 Last reset never Local host: 2.2.2.3, Local port: 63805 Foreign host: 2.2.2.2, Foreign port: 179 E1200i_ExaScale# R2# show ip bgp neighbors 2.2.2.3 BGP neighbor is 2.2.2.3, remote AS 1, external link...
Page 188 Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once, or a session can be established with a particular neighbor. Figure 17. Establishing Sessions with All VRRP Neighbors To establish sessions with all VRRP neighbors, use the following command. •...
Page 189 Examples of Viewing VRRP Sessions To view the established sessions, use the show bfd neighbors command. The following example shows viewing sessions with VRRP neighbors. The bold line shows that VRRP BFD sessions are enabled. R1(conf-if-te-4/25)#vrrp bfd all-neighbors R1(conf-if-te-4/25)#do show bfd neighbor - Active session role Ad Dn - Admin Down - CLI...
Page 190: Configuring Protocol Liveness
To view session parameters, use the show bfd neighbors detail command, as shown in the example in Verifying BFD Sessions with BGP Neighbors Using the show bfd neighbors command example in Displaying BFD for BGP Information. Disabling BFD for VRRP If you disable any or all VRRP sessions, the sessions are torn down.
Page 191: Border Gateway Protocol Ipv4 (Bgpv4)
Border Gateway Protocol IPv4 (BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking OS. BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS).
Page 192 • multihomed AS — is one that maintains connections to more than one other AS. This group allows the AS to remain connected to the Internet in the event of a complete failure of one of their connections. However, this type of AS does not allow traffic from one AS to pass through on its way to another AS. A simple example of this group is seen in the following illustration.
Page 193 in “full mesh.” As seen in the illustration below, four routers connected in a full mesh have three peers each, six routers have five peers each, and eight routers in full mesh have seven peers each. Figure 19. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially.
Page 194: Sessions And Peers
Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor. Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies.
Page 195: Route Reflectors
proper peers. If the peers are members of a peer group however, the information can be sent to one place and then passed onto the peers within the group. Route Reflectors Route reflectors reorganize the iBGP core into a hierarchy and allow some route advertisement rules. NOTE: Do not use route reflectors (RRs) in the forwarding path.
Page 196: Communities
Communities BGP communities are sets of routes with one or more common attributes. Communities are a way to assign common attributes to multiple routes at the same time. BGP Attributes Routes learned using BGP have associated properties that are used to determine the best route to a destination when multiple paths exist to a particular destination.
Page 197 The following illustration shows that the decisions BGP goes through to select the best path. The list following the illustration details the path selection criteria. Figure 21. BGP Best Path Selection Best Path Selection Details Prefer the path with the largest WEIGHT attribute. Prefer the path with the largest LOCAL_PREF attribute.
Page 198: Weight
This comparison is only done if the first (neighboring) AS is the same in the two paths; the MEDs are compared only if the first AS in the AS_SEQUENCE is the same for both paths. If you entered the bgp always-compare-med command, MEDs are compared for all paths. Paths with no MED are treated as “worst”...
Page 199: Local Preference
Local Preference Local preference (LOCAL_PREF) represents the degree of preference within the entire AS. The higher the number, the greater the preference for the route. Local preference (LOCAL_PREF) is one of the criteria used to determine the best path, so keep in mind that other criteria may impact selection, as shown in the illustration in Best Path Selection Criteria.
Page 200: Origin
One AS assigns the MED a value and the other AS uses that value to decide the preferred path. For this example, assume the MED is the only attribute applied. In the following illustration, AS100 and AS200 connect in two places. Each connection is a BGP session. AS200 sets the MED for its T1 exit point to 100 and the MED for its OC3 exit point to 50.
Page 201: As Path
In the Dell Networking OS, these origin codes appear as shown in the following example. The question mark (?) indicates an origin code of INCOMPLETE (shown in bold). The lower case letter (i) indicates an origin code of IGP (shown in bold).
Page 202: Multiprotocol Bgp
The system allows you to set the next hop attribute in the CLI. Setting the next hop attribute lets you determine a router as the next hop for a BGP neighbor. Multiprotocol BGP Multiprotocol extensions for BGP (MBGP) is defined in IETF RFC 2858. MBGP allows different types of address families to be distributed in parallel.
Page 203: Ignore Router-Id For Some Best-Path Calculations
When configuring this functionality: • If the redistribute command does not have metric configured and the BGP peer outbound route- map does have metric-type internal configured, BGP advertises the IGP cost as MED. • If the redistribute command has metric configured (route-map set metric or redistribute route-type metric) and the BGP peer outbound route-map has metric-type internal configured, BGP advertises the metric configured in the redistribute command as MED.
Page 204: As4 Number Representation
When you apply or change an ASN notation, the type selected is reflected immediately in the running- configuration and the show commands (refer to the following two examples). Example of Dynamic Changes in the Running Configuration When Using the bgp asnotation Command ASDOT Dell(conf-router_bgp)#bgp asnotation asdot Dell(conf-router_bgp)#show conf Border Gateway Protocol IPv4 (BGPv4)
Page 205 100 bgp asnotation asdot bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do show ip bgp BGP table version is 24901, local router ID is 172.30.1.57 ASDOT+ Dell(conf-router_bgp)#bgp asnotation asdot+ Dell(conf-router_bgp)#show conf router bgp 100 bgp asnotation asdot+ bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057...
Page 206: As Number Migration
AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated throughout the network while the migration is in progress. When migrating one AS to another, perhaps combining ASs, an eBGP network may lose its routing to an iBGP if the ASN changes.
Page 207 C’s configuration. Local-AS allows this behavior to happen by allowing Router B to appear as if it still belongs to Router B’s old network (AS 200) as far as communicating with Router C is concerned. Figure 24. Before and After AS Number Migration with Local-AS Enabled When you complete your migration, and you have reconfigured your network with the new information, disable this feature.
Page 208: Bgp4 Management Information Base (Mib)
(SNMP) objects and notifications (traps) defined in draft-ietf-idr- bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell website. NOTE: For the Force10-BGP4-V2-MIB and other MIB documentation, refer to the Dell iSupport web page. Important Points to Remember •...
Page 209: Configuration Information
To avoid SNMP timeouts with a large-scale configuration (large number of BGP neighbors and a large BGP Loc-RIB), Dell Networking recommends setting the timeout and retry count values to a relatively higher number. For example, t = 60 or r = 5.
Page 210: Enabling Bgp
Disabled Enabling BGP By default, BGP is not enabled on the system. The Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor or peer.
Page 211 interface directly connected to the router. First, the BGP process determines if all internal BGP peers are reachable, then it determines which peers outside the AS are reachable. NOTE: Sample Configurations for enabling BGP routers are found at the end of this chapter. Assign an AS number and enter ROUTER BGP mode.
Page 212 Enable the BGP neighbor. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} no shutdown Examples of the show ip bgp summary Command (2-Byte and 4–Byte AS number) NOTE: When you change the configuration of a BGP neighbor, always reset it by entering the clear ip bgp command in EXEC Privilege mode.
Page 213 The third line of the show ip bgp neighbors output contains the BGP State. If anything other than ESTABLISHED is listed, the neighbor is not exchanging information and routes. For more information about using the show ip bgp neighbors command, refer to the Dell Nettworking OS Command Line Interface Reference Guide.
Page 214: Configuring As4 Number Representations
The following example shows verifying the BGP configuration. R2#show running-config bgp router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 no shutdown...
Page 215 Enable ASDOT+ AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot+ Examples of the bgp asnotation Commands The following example shows the bgp asnotation asplain command. Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in...
Page 216: Configuring Peer Groups
Configuring Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. An advantage of peer groups is that members of a peer group inherit the configuration properties of the group and share same update policy. A maximum of 256 peer groups are allowed on the system.
Page 217 10.14.8.60 remote-as 18505 neighbor 10.14.8.60 no shutdown Dell(conf-router_bgp)# To enable a peer group, use the neighbor peer-group-name no shutdown command in CONFIGURATION ROUTER BGP mode (shown in bold). Dell(conf-router_bgp)#neighbor zanzibar no shutdown Dell(conf-router_bgp)#show config router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes...
Page 218: Configuring Bgp Fast Fail-Over
IDLE state. To view the status of peer groups, use the show ip bgp peer-group command in EXEC Privilege mode, as shown in the following example. Dell>show ip bgp peer-group Peer-group zanzibar, remote AS 65535 BGP version 4...
Page 219 To verify fast fail-over is enabled on a particular BGP neighbor, use the show ip bgp neighbors command. Because fast fail-over is disabled by default, it appears only if it has been enabled (shown in bold). Dell#sh ip bgp neighbors BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.30.5...
Page 220: Configuring Passive Peering
Foreign host: 100.100.100.100, Foreign port: 179 Dell# To verify that fast fail-over is enabled on a peer-group, use the show ip bgp peer-group command (shown in bold). Dell#sh ip bgp peer-group Peer-group test fail-over enabled BGP version 4 Minimum time between advertisement runs is 5 seconds...
Page 221: Maintaining Existing As Numbers During An As Migration
neighbor peer-group-name subnet subnet-number mask The peer group responds to OPEN messages sent on this subnet. Enable the peer group. CONFIG-ROUTER-BGP mode neighbor peer-group-name no shutdown Create and specify a remote peer for BGP neighbor. CONFIG-ROUTER-BGP mode neighbor peer-group-name remote-as as-number Only after the peer group responds to an OPEN message sent on the subnet does its BGP state change to ESTABLISHED.
Page 222: Allowing An As Number To Appear In Its Own As Path
network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 local-as 6500 neighbor 100.10.92.9 no shutdown neighbor 192.168.10.1 remote-as 65123 neighbor 192.168.10.1 update-source Loopback 0 neighbor 192.168.10.1 no shutdown...
Page 223: Enabling Neighbor Graceful Restart
This option provides support for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, refer to the Dell Networking OS Command Line Interface Reference Guide. •...
Page 224: Filtering On An As-Path Attribute
Filtering on an AS-Path Attribute You can use the BGP attribute, AS_PATH, to manipulate routing policies. The AS_PATH attribute contains a sequence of AS numbers representing the route’s path. As the route traverses an AS, the ASN is prepended to the route. You can manipulate routes based on their AS_PATH to affect interdomain routing.
Page 225: Regular Expressions As Filters
For an AS-path access list, as shown in the previous commands, if the AS path matches the regular expression in the access list, the route matches the access list. The following lists the regular expressions accepted in the Dell Networking OS. Regular...
Page 226 Dell(conf-router_bgp)#show conf router bgp 99 neighbor AAA peer-group neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 shutdown Dell(conf-router_bgp)#neigh 10.155.15.2 filter-list 1 in Dell(conf-router_bgp)#ex Dell(conf)#ip as-path access-list Eagle Dell(config-as-path)#deny 32$ Dell(config-as-path)#ex Dell(conf)#router bgp 99 Dell(conf-router_bgp)#neighbor AAA filter-list Eagle in...
Page 227: Redistributing Routes
• map-name: name of a configured route map. Enabling Additional Paths The add-path feature is disabled by default. NOTE: Dell Networking recommends not using multipath and add path simultaneously in a route reflector. Border Gateway Protocol IPv4 (BGPv4)
Page 228: Configuring Ip Community Lists
Configuring IP Community Lists Mmultiple methods of manipulating routing attributes are supported in the Dell Networking OS. One attribute you can manipulate is the COMMUNITY attribute. This attribute is an optional attribute that is defined for a group of destinations. You can assign a COMMUNITY attribute to BGP routers by using an IP community list.
Page 229: Configuring An Ip Extended Community List
To view the configuration, use the show config command in CONFIGURATION COMMUNITY-LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip {community-lists | extcommunity- list} command in EXEC Privilege mode. Dell#show ip community-lists ip community-list standard 1 deny 701:20 deny 702:20...
Page 230: Filtering Routes With Community Lists
To view the configuration, use the show config command in CONFIGURATION COMMUNITY-LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip {community-lists | extcommunity- list} command in EXEC Privilege mode. Dell#show ip community-lists ip community-list standard 1 deny 701:20 deny 702:20...
Page 231: Manipulating The Community Attribute
Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number AS-number: 0 to 65535 (2-Byte) or 1 to 4294967295 (4-Byte) or 0.1 to 65535.65535 (Dotted format) Apply the route map to the neighbor or peer group’s incoming or outgoing routes. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode.
Page 232 To view BGP routes matching a certain community number or a pre-defined BGP community, use the show ip bgp community command in EXEC Privilege mode. Dell>show ip bgp community BGP table version is 3762622, local router ID is 10.114.8.48 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal...
Page 233: Changing Med Attributes
To view the nondefault values, use the show config command in CONFIGURATION ROUTER BGP mode. Changing the LOCAL_PREFERENCE Attribute In the Dell Networking OS, you can change the value of the LOCAL_PREFERENCE attribute. To change the default values of this attribute for all routes received by the router, use the following command.
Page 234: Changing The Next_Hop Attribute
Return to CONFIGURATION mode. CONFIG-ROUTE-MAP mode exit Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number Apply the route map to the neighbor or peer group’s incoming or outgoing routes. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode.
Page 235: Enabling Multipath
By default, the system supports one path to a destination. You can enable multipath to allow up to 16 parallel paths to a destination. NOTE: Dell Networking recommends not using multipath and add path simultaneously in a route reflector. To allow more than one path, use the following command.
Page 236 To filter routes using prefix lists, use the following commands. Create a prefix list and assign it a name. CONFIGURATION mode ip prefix-list prefix-name Create multiple prefix list filters with a deny or permit action. CONFIG-PREFIX LIST mode seq sequence-number {deny | permit} {any | ip-prefix [ge | le] } •...
Page 237: Filtering Bgp Routes Using Route Maps
Filtering BGP Routes Using Route Maps To filter routes using a route map, use these commands. Create a route map and assign it a name. CONFIGURATION mode route-map map-name [permit | deny] [sequence-number] Create multiple route map filters with a match or set action. CONFIG-ROUTE-MAP mode {match | set} For information about configuring route maps, refer to...
Page 238: Configuring Bgp Route Reflectors
BGP route reflectors are intended for ASs with a large mesh; they reduce the amount of BGP control traffic. NOTE: Dell Networking recommends not using multipath and add path simultaneously in a route reflector. With route reflection configured properly, IBGP routers are not fully meshed within a cluster but all receive routing information.
Page 239: Aggregating Routes
In the show ip bgp command, aggregates contain an ‘a’ in the first column (shown in bold) and routes suppressed by the aggregate contain an ‘s’ in the first column. Dell#show ip bgp BGP table version is 0, local router ID is 10.101.15.13 Status codes: s suppressed, d damped, h history, * valid, >...
Page 240: Enabling Route Flap Dampening
sub-AS, the IBGP neighbors are fully meshed and the MED, NEXT_HOP, and LOCAL_PREF attributes are maintained between confederations. To configure BGP confederations, use the following commands. • Specifies the confederation ID. CONFIG-ROUTER-BGP mode bgp confederation identifier as-number • as-number: from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte). •...
Page 241 flapping, or change the path selection from the default mode (deterministic) to non-deterministic, use the following commands. • Enable route dampening. CONFIG-ROUTER-BGP mode bgp dampening [half-life | reuse | suppress max-suppress-time] [route-map map- name] Enter the following optional parameters to configure route dampening parameters: •...
Page 242 Value to start suppressing a route (default = 2000) Dell(conf-router_bgp)#bgp dampening 2 2000 3000 ? <1-255> Maximum duration to suppress a stable route (default = 60) Dell(conf-router_bgp)#bgp dampening 2 2000 3000 10 ? route-map Route-map to specify criteria for dampening ...
Page 243: Changing Bgp Timers
Changing BGP Timers To configure BGP timers, use either or both of the following commands. Timer values configured with the neighbor timers command override the timer values configured with the timers bgp command. When two neighbors, configured with different keepalive and holdtime values, negotiate for new values, the resulting values are as follows: •...
Page 244 When inbound soft reconfiguration is done later, the stored information is used to generate a new set of inbound updates. Dell>router bgp 100 neighbor 10.108.1.1 remote-as 200 neighbor 10.108.1.1 soft-reconfiguration inbound...
Page 245: Route Map Continue
(PIM) to build data distribution trees. MBGP for IPv4 multicast is supported on the switch. In the Dell Networking OS, MBGP is implemented per RFC 1858. You can enable the MBGP feature per router and/or per peer/peer-group.
Page 246: Bgp Regular Expression Optimization
If the peer has not been activated in any AFI/SAFI, the peer remains in Idle state. Most BGP IPv4 unicast commands are extended to support the IPv4 multicast RIB using extra options to the command. For a detailed description of the MBGP commands, refer to the Dell Networking OS Command Line Interface Reference Guide.
Page 247: Storing Last And Bad Pdus
In the following example, the last seven lines shown in bold are the last PDUs. Example of the show ip bgp neighbor Command to View Last and Bad PDUs Dell(conf-router_bgp)#do show ip bgp neighbors 1.1.1.2 BGP neighbor is 1.1.1.2, remote AS 2, external link BGP version 4, remote router ID 2.4.0.1...
Page 248: Capturing Pdus
3 opens, 1 notifications, 1394 updates 6 keepalives, 0 route refresh requests Sent 48 messages, 0 in queue 3 opens, 2 notifications, 0 updates 43 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2)
Page 249 With full internet feed (205K) captured, approximately 11.8MB is required to store all of the PDUs. The following example shows viewing space requirements for storing all PDUs. Dell(conf-router_bgp)#do show capture bgp-pdu neighbor 172.30.1.250 Incoming packet capture enabled for BGP neighbor 172.30.1.250 Available buffer size 29165743, 192991 packet(s) captured using 11794257 bytes [.
Page 250: Pdu Counters
PDU Counters Additional counters for various types of PDUs that are sent and received from neighbors are also supported. These are seen in the output of the show ip bgp neighbor command. Sample Configurations The following example configurations show how to enable BGP and set up some peer groups. These examples are not comprehensive directions.
Page 251 The following illustration shows the configurations described on the following examples. These configurations show how to create BGP areas using physical and virtual links. They include setting up the interfaces and peers groups with each other. Figure 25. Sample Configurations Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0...
Page 252 R1(conf-if-te-1/31)#ip address 10.0.3.31/24 R1(conf-if-te-1/31)#no shutdown R1(conf-if-te-1/31)#show config interface TenGigabitEthernet 1/31 ip address 10.0.3.31/24 no shutdown R1(conf-if-te-1/31)#router bgp 99 R1(conf-router_bgp)#network 192.168.128.0/24 R1(conf-router_bgp)#neighbor 192.168.128.2 remote 99 R1(conf-router_bgp)#neighbor 192.168.128.2 no shut R1(conf-router_bgp)#neighbor 192.168.128.2 update-source loop 0 R1(conf-router_bgp)#neighbor 192.168.128.3 remote 100 R1(conf-router_bgp)#neighbor 192.168.128.3 no shut R1(conf-router_bgp)#neighbor 192.168.128.3 update-source loop 0 R1(conf-router_bgp)#show config router bgp 99...
Page 253 R2(conf-if-te-2/31)#no shutdown R2(conf-if-te-2/31)#show config interface TenGigabitEthernet 2/31 ip address 10.0.2.2/24 no shutdown R2(conf-if-te-2/31)# R2(conf-if-te-2/31)#router bgp 99 R2(conf-router_bgp)#network 192.168.128.0/24 R2(conf-router_bgp)#neighbor 192.168.128.1 remote 99 R2(conf-router_bgp)#neighbor 192.168.128.1 no shut R2(conf-router_bgp)#neighbor 192.168.128.1 update-source loop 0 R2(conf-router_bgp)#neighbor 192.168.128.3 remote 100 R2(conf-router_bgp)#neighbor 192.168.128.3 no shut R2(conf-router_bgp)#neighbor 192.168.128.3 update loop 0 R2(conf-router_bgp)#show config router bgp 99 bgp router-id 192.168.128.2...
Page 254 R3(conf-if-lo-0)#int tengig 3/21 R3(conf-if-te-3/21)#ip address 10.0.2.3/24 R3(conf-if-te-3/21)#no shutdown R3(conf-if-te-3/21)#show config interface TenGigabitEthernet 3/21 ip address 10.0.2.3/24 no shutdown R3(conf-if-te-3/21)# R3(conf-if-te-3/21)#router bgp 100 R3(conf-router_bgp)#show config router bgp 100 R3(conf-router_bgp)#network 192.168.128.0/24 R3(conf-router_bgp)#neighbor 192.168.128.1 remote 99 R3(conf-router_bgp)#neighbor 192.168.128.1 no shut R3(conf-router_bgp)#neighbor 192.168.128.1 update-source loop 0 R3(conf-router_bgp)#neighbor 192.168.128.2 remote 99 R3(conf-router_bgp)#neighbor 192.168.128.2 no shut R3(conf-router_bgp)#neighbor 192.168.128.2 update loop 0...
Page 255 neighbor AAA no shutdown neighbor BBB peer-group neighbor BBB no shutdown neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 peer-group AAA neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 peer-group BBB neighbor 192.168.128.3 update-source Loopback 0 neighbor 192.168.128.3 no shutdown R1#show ip bgp summary BGP router identifier 192.168.128.1, local AS number 99...
Page 256 ffffffff ffffffff ffffffff ffffffff 00150306 00000000 Local host: 192.168.128.1, Local port: 179 Foreign host: 192.168.128.2, Foreign port: 65464 BGP neighbor is 192.168.128.3, remote AS 100, external link Member of peer-group BBB for session parameters BGP version 4, remote router ID 192.168.128.3 BGP state ESTABLISHED, in this state for 00:00:37 Last read 00:00:36, last write 00:00:36 Hold time is 180, keepalive interval is 60 seconds...
Page 257 R2#show ip bgp summary BGP router identifier 192.168.128.2, local AS number 99 BGP table version is 2, main routing table version 2 1 network entrie(s) using 132 bytes of memory 3 paths using 204 bytes of memory BGP-RIB over all using 207 bytes of memory 2 BGP path attribute entrie(s) using 128 bytes of memory 2 BGP AS-PATH entrie(s) using 90 bytes of memory 2 neighbor(s) using 9216 bytes of memory...
Page 258 BGP neighbor is 192.168.128.1, remote AS 99, external link Member of peer-group BBB for session parameters BGP version 4, remote router ID 192.168.128.1 BGP state ESTABLISHED, in this state for 00:00:21 Last read 00:00:09, last write 00:00:08 Hold time is 180, keepalive interval is 60 seconds Received 93 messages, 0 in queue 5 opens, 0 notifications, 5 updates 83 keepalives, 0 route refresh requests...
Page 259 BGP version 4, remote router ID 192.168.128.3 BGP state ESTABLISHED, in this state for 00:18:51 Last read 00:00:45, last write 00:00:44 Hold time is 180, keepalive interval is 60 seconds Received 138 messages, 0 in queue 7 opens, 2 notifications, 7 updates 122 keepalives, 0 route refresh requests Sent 140 messages, 0 in queue 7 opens, 4 notifications, 7 updates...
Page 260: Content Addressable Memory (Cam)
There are 16 FP blocks, but the system flow requires three blocks that cannot be reallocated. The following table displays the default CAM allocation settings. To display the default CAM allocation, enter the show cam-acl command. Dell#show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes)
Page 261 L2Acl Ipv4Acl Ipv6Acl Ipv4Qos L2Qos L2PT IpMacAcl VmanQos EcfmAcl Openflow -- linecard 1 -- Current Settings(in block sizes) 1 block = 256 entries L2Acl Ipv4Acl Ipv6Acl Ipv4Qos L2Qos L2PT IpMacAcl VmanQos EcfmAcl Openflow -- linecard 2 -- Current Settings(in block sizes) 1 block = 256 entries L2Acl Ipv4Acl...
Page 262: Test Cam Usage
CAM space required. The Status column in the command output indicates whether or not the policy can be enabled. Example of the test cam-usage Command Dell# test cam-usage service-policy input pcam linecard all linecard|Portpipe|CAMPartition|AvailableCAM|EstimatedCAMperPort|Status ---------------------------------------------------------------------...
Page 263: View Cam Usage
IpMacAcl VmanQos EcfmAcl Openflow -- linecard 0 -- Current Settings(in block sizes) 1 block = 256 entries L2Acl Ipv4Acl Ipv6Acl Ipv4Qos L2Qos L2PT IpMacAcl VmanQos EcfmAcl Openflow -- linecard 1 -- Current Settings(in block sizes) 1 block = 256 entries L2Acl Ipv4Acl Ipv6Acl...
Page 264: Return To The Default Cam Configuration
Enable CAM profile with extended ACL l2-ipv4-inacl Enable CAM profile with 32K L2 and 28K IPv4 ingress ACL unified-default Enable default unified CAM profile Dell(conf)#cam-profile default microcode ? default Enable default microcode lag-hash-align Enable microcode with LAG hash align...
Page 265: Cam Optimization
Unified Forwarding Table (UFT) Modes Unified Forwarding Table (UFT) consolidates the resources of several search tables (Layer 2, Layer 3 Hosts, and Layer 3 Route [Longest Prefix Match — LPM]) into a single flexible resource. Dell Networking OS supports Content Addressable Memory (CAM)
Page 266: Configuring Uft Modes
UFT modes to extract the forwarding tables, as required. By default, Dell Networking OS initializes the table sizes to UFT mode 2 profile, since it provides a reasonable shared memory for all the tables. The other supported UFT modes are scaled-l3–hosts (UFT mode 3) and scaled-l3–routes (UFT mode 4).
Page 267 Dell#show hardware forwarding-table mode Current Settings Next Boot Settings Mode Default scaled-l3-routes L2 MAC Entries 160K L3 Host Entries 144K L3 Route Entries 128K Dell# Content Addressable Memory (CAM)
Page 268: Control Plane Policing (Copp)
Control Plane Policing (CoPP) Control plane policing (CoPP) protects the switch’s routing, control, and line-card processors from undesired or malicious traffic and Denial of Service (DoS) attacks by filtering control-plane flows. CoPP uses a dedicated control-plane service policy that consists of ACLs and QoS policies, which provide filtering and rate-limiting capabilities for control-plane packets.
Page 269: Queue-Based Control Plane Policing
Queues 0 to 6 process packets destined to the Control Processor CPU. • Queues 7 to 13 process packets destined to the Route Processor CPU. • Queues 14 to 20 process packets destined to the line-card CPU. Dell#show mac protocol-queue-mapping Protocol Destination Mac EtherType Queue EgPort Rate (kbps)
Page 270 ARP Request, ICMPv6 NS, ICMPv6 RS, L3 Broadcast Mac 1000 ARP Request, ICMPv6 NS, ICMPv6 RS, L3 Broadcast Mac 1000 VLT IPM PDU, VLT Control 3200 1000 Logical BFD 2600 6000 PVST, GVRP, IGMP, PIM, MLD, MSDP, FCoE, Open Flow 2300 3000 STP, LACP, ECFM, L2PT, ISIS, ISISv6, IPv4/IPv6 BGP,...
Page 271: Copp Example
On the system, CoPP does not convert the input rate of control-plane traffic from kilobits per second (kbps) to packets per second (pps) as on other Dell Networking switches. On other switch, CoPP converts the input kilobit-per-second rate to a packet-per-second rate, assuming 64 bytes as the average packet size.
Page 272 The following illustration shows the difference between using CoPP and not using CoPP on a switch. Figure 27. CoPP Versus Non-CoPP Operation Control Plane Policing (CoPP)
Page 273: Configure Control Plane Policing
Configure Control Plane Policing You can create a CoPP service policy on a per-protocol and/or a per-queue basis that serves as the system- wide configuration for filtering and rate limiting control-plane traffic. Configuring CoPP for Protocols This section describes how to create a protocol-based CoPP service policy and apply it to control plane traffic.
Page 274: Examples Of Configuring Copp For Protocols
Dell(conf-ipv6-acl-cpuqos)#exit Dell(conf)#ipv6 access-list ipv6-vrrp cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit vrrp Dell(conf-ipv6-acl-cpuqos)#exit Example of Creating a QoS Rate-Limiting Input Policy Dell(conf)#qos-policy-in rate_limit_200k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 200 40 peak 500 40 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_400k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 400 50 peak 600 50 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_500k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 500 50 peak 1000 50...
Page 275: Configuring Copp For Cpu Queues
Dell(conf-class-map-cpuqos)#match ip access-group bgp Dell(conf-class-map-cpuqos)#exit Dell(conf)#class-map match-any class_lacp cpu-qos Dell(conf-class-map-cpuqos)#match mac access-group lacp Dell(conf-class-map-cpuqos)#exit Dell(conf)#class-map match-any class-ipv6-icmp cpu-qos Dell(conf-class-map-cpuqos)#match ipv6 access-group ipv6-icmp Dell(conf-class-map-cpuqos)#exit Example of Associating a QoS Class Map with a QoS Rate-Limit Policy Dell(conf)#policy-map-input egressFP_rate_policy cpu-qos Dell(conf-policy-map-in-cpuqos)#class-map class_ospf qos-policy rate_limit_500k...
Page 276: Examples Of Configuring Copp For Cpu Queues
Examples of Configuring CoPP for CPU Queues Example of Creating a QoS Policy to Configure the Rate Limit Dell#conf Dell(conf)#qos-policy-input cpuq_1 cpu-qos Dell(conf-qos-policy-in)#rate-police 3000 40 peak 500 40 Dell(conf-qos-policy-in)#exit Dell(conf)#qos-policy-input cpuq_2 cpu-qos Dell(conf-qos-policy-in)#rate-police 5000 80 peak 600 50 Dell(conf-qos-policy-in)#exit...
Page 277 7000 1000 7000 5000 1000 Dell#show cpu-queue rate queue-id 8 Service-Queue Rate (kbps) Burst (kb) -------------- ----------- ---------- 1000 Dell#show cpu-queue rate range 8 12 Service-Queue Rate (kbps) Burst (kb) -------------- ----------- ---------- 1000 1000 3200 1000 2600 6000 2300...
Page 278 Q1/Q8 CP/RP ICMPV6 VRRPV6 OSPFV3 2500 Viewing Per-Queue Protocol-Queue Mapping To view the protocol traffic assigned to a specified queue, use the show protocol-queue-mapping queue-id command. Dell#show protocol-queue-mapping queue-id 3 Protocol Queue EgPort CommitRate Peak Rate CommitBurst Peak (kbps) (kbps)
Page 279 L3 LOCAL TERMINATED 5000 5000 Dell# Viewing Complete Protocol-Queue Mapping To view the queues to which all protocol traffic is assigned, use the show protocol-queue-mapping command. Dell#show protocol-queue-mapping | no-more Protocol Queue EgPort CommitRate Peak Rate CommitBurst Peak (kbps) (kbps)
Page 280 2000 v6 RAGUARD 1000 1000 v6 ICMP NA Q2/Q9 CP/RP 1000 1000 v6 ICMP RA Q2/Q9 CP/RP 1000 1000 v6 ICMP NS Q1/Q8 CP/RP 1000 1000 v6 ICMP RS Q1/Q8 CP/RP 1000 1000 v6 ICMP 2000 2000 2500 2500 2000 2000 OSPF 2500...
Page 281: Troubleshooting Copp Operation
1000 OPENFLOW 1000 1000 FEFD 1000 1000 TRACEFLOW FCoE 2000 2000 L3 LOCAL TERMINATED 5000 5000 L3 UNKNOWN/UNRESOLVED ARP Q7 3000 3000 L2 DST HIT/BROADCAST Q1/Q8 CP/RP MULTICAST CATCH ALL ACL LOGGING 1000 1000 L3 HEADER ERROR/TTL0 IP OPTION/TTL1 VLAN L3 MTU FAIL Physical L3 MTU FAIL SOURCE MISS STATION MOVE...
Page 282: Viewing Cpu Traffic Statistics
(aggregated CoPP) or on a specified set of switch ports by entering the show hardware system- flow[cp-switch | linecard slot-id portset port-pipe] command. The number of hits for each system flow is also displayed. Dell#show hardware system-flow linecard2 port-set 0 ############## FP Entry for redirecting STP BPDU to CPU Port ################ EID 0x00000300: gid=0xa,...
Page 283 MASK=0x0000ffff ffffffff action={act=DropPrecedence, param0=1(0x1), param1=0(0), param2=0(0), param3=0(0)} action={act=Drop, param0=0(0), param1=0(0), param2=0(0), param3=0(0)} action={act=CosQCpuNew, param0=0(0), param1=0(0), param2=0(0), param3=0(0)} action={act=CopyToCpu, param0=1(0x1), param1=1(0x1), param2=0(0), param3=0(0)} policer= statistics={stat id 1 slice = 9 idx=0 entries=1}{Packets} ################ FP Entry for redirecting LLDP BPDU to RSM ################ EID 0x000002ff: gid=0xa, slice=9, slice_idx=0x2, part =0 prio=0x2ff, flags=0x10202, Installed, Enabled...
Page 284: Viewing Per-Protocol Copp Counters
CPU after protocol-based rate limiting is applied. Drop Counters displays the number of bytes of control-plane traffic that have been dropped as a result of protocol-based rate limiting. Dell# show control-traffic protocol linecard 2 portset 0 counters |no-more Protocol...
Page 285 L3 UNKNOWN/UNRESOLVED ARP iSCSI FCoE SFLOW HYPERPULL OPENFLOW L2 DST HIT/BROADCAST VLT TTL1/TRACEFLOW/TTL0/STATION MOVE/TTL1 /IP OPTION/L3 MTU FAIL/SOURCE MISS v6 ICMP NS Dell#show control-traffic protocol pe 0 stack-unit 0 portset 0 counters Protocol RxBytes TxBytes Drops ------- ------- ------- ----- STP/ARP/ICMP(v4/v6)/IGMP/MLD/NTP/FTP/TELNET/SSH...
Page 286 LACP ARP REQ ARP RESP GVRP FRRP ECFM ISIS L2PT v6 BGP v6 OSPF v6 VRRP v6 MULTICAST CATCH ALL IPv6 DHCP v6 RAGUARD v6 ICMP NA v6 ICMP RA v6 ICMP NS v6 ICMP RS v6 ICMP OSPF VRRP ICMP IGMP MSDP...
Page 287 DHCP RELAY DHCP TELNET VLT GARP VLT CTRL - CP CPU VLT CTRL - RP CPU VLT CTRL - CP & RP CPU VLT CTRL - HA VLT CTRL VLT IPM PDU VLT ARP RESP VLT TTL1 HYPERPULL OPENFLOW FEFD TRACEFLOW FCoE L3 LOCAL TERMINATED...
Page 288: Viewing Per-Queue Copp Counters
To clear the per-protocol counters of rate-limited control-plane traffic at the aggregated (switch) or line card and port set level, use the clear control-traffic protocol [cp—switch | linecard {0–2} portset {0–3}] counters command; for example: Dell#clear control-traffic protocol linecard 1 portset 2 counters Dell# Dell#clear control-traffic protocol cp-switch counters...
Page 289 To clear the per-queue counters of rate-limited traffic at the aggregated (switch) or individual queue level, use the clear control-traffic queue {all | queue-id queue-number} counters command; for example: Dell#show control-traffic queue queue-id 6 counters Queue-ID RxBytes TxBytes Drops --------...
Page 290: Data Center Bridging (Dcb)
Data Center Bridging (DCB) Topics: • Enabling Data Center Bridging • Ethernet Enhancements in Data Center Bridging • QoS dot1p Traffic Classification and Queue Assignment • SNMP Support for PFC and Buffer Statistics Tracking • DCB Maps and its Attributes •...
Page 291: Ethernet Enhancements In Data Center Bridging
0 backplane all dcb-map linecard all backplane all NOTE: Dell Networking OS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces. For more information, refer to Ethernet Pause Frames.
Page 292: Priority-Based Flow Control
Data Center Bridging Exchange (DCBx) protocol NOTE: Dell Networking OS supports only the PFC, ETS, and DCBx features in data center bridging. Priority-Based Flow Control In a data center network, priority-based flow control (PFC) manages large bursts of one traffic type in multiprotocol links so that it does not affect other traffic types and no frames are lost due to congestion.
Page 293 FCoE converged traffic with priority 3. • iSCSI storage traffic with priority 4. In the Dell Networking OS, PFC is implemented as follows: • PFC is supported on specified 802.1p priority traffic (dot1p 0 to 7) and is configured per interface.
Page 294: Enhanced Transmission Selection
Percentage of available bandwidth allocated to a priority group. Group transmission selection algorithm (TSA) Type of queue scheduling a priority group uses. In Dell Networking OS, ETS is implemented as follows: • ETS supports groups of 802.1p priorities that have: Data Center Bridging (DCB)
Page 295: Data Center Bridging Exchange Protocol (Dcbx)
• PFC enabled or disabled • No bandwidth limit or no ETS processing • ETS uses the DCB MIB IEEE 802.1azd2.5. Data Center Bridging Exchange Protocol (DCBx) By default, the data center bridging exchange (DCBx) protocol is disabled; ETS is also disabled. DCBx allows a switch to automatically discover DCB-enabled peers and exchange configuration information.
Page 296: Data Center Bridging In A Traffic Flow
Data Center Bridging in a Traffic Flow The following figure shows how DCB handles a traffic flow on an interface. Figure 30. DCB PFC and ETS Traffic Handling QoS dot1p Traffic Classification and Queue Assignment The following section describes QoS dot1P traffic classification and assignments. DCB supports PFC, ETS, and DCBx to handle converged Ethernet traffic that is assigned to an egress queue according to the following QoS methods: Honor dot1p...
Page 297: Snmp Support For Pfc And Buffer Statistics Tracking
NOTE: Dell Networking does not recommend mapping all ingress traffic to a single queue when using PFC and ETS. However, Dell Networking does recommend using Ingress traffic classification using the service-class dynamic dot1p command (honor dot1p) on all DCB-enabled interfaces. If you use L2...
Page 298: Dcb Maps And Its Attributes
• fpIngPgBuffSnapshotTable • fpStatsPerPgTable • pfcPerPrioTable fpEgrQBuffSnapsh This table fetches the BST statistics at Egress Port with respect to the buffer used. This otTable table displays the Snapshot of the Buffer cells used by Unicast and Multicast Data and Control Queues. fpIngPgBuffSnapsh This table fetches the BST statistics at the Ingress Port with respect to the Shared Cells otTable...
Page 299: Important Points To Remember
Leave a space between each priority group number. For example: priority-pgid 0 0 0 1 2 4 4 4 in which priority group 0 maps to dot1p priorities 0, 1, and 2; priority group 1 maps to dot1p priority 3; priority group 2 maps to dot1p priority 4;...
Page 300: Configuring Pfc Without A Dcb Map
INTERFACE dcb-map name port to configure it with the PFC and ETS settings in the map; for example: Dell# interface tengigabitEthernet 1/1 Dell(config-if-te-1/1)# dcb-map SAN_A_dcb_map1 Repeat Steps 1 and 2 to apply a DCB map to more than one port.
Page 301: Configuring Lossless Queues
Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface after you disable PFC mode in a DCB map and apply the map on the interface. The configuration of no-drop queues provides flexibility for ports on which PFC is not needed, but lossless traffic should egress from the interface. Lossless traffic egresses out the no-drop queues.
Page 302: Applying A Dcb Map On A Line Card
The PFC memory buffer supports up to 2 lossless queues per port on all PFC enabled ports. • PFC and ETS are globally enabled by default. The default dot1p priority-queue assignments are applied as follows: Dell(conf)#do show qos dot1p-queue-mapping Dot1p Priority : 0 Queue : 1 Data Center Bridging (DCB)
Page 303: Configuration Notes: Pfc And Ets In A Dcb Map
Dell(conf)# Dell(conf)#dcb enable pfc-queues ? <1-4> Number of PFC lossless queues(default=2) <1-4> Number of PFC lossless queues(default=2) NOTE: In Egress queue assignment (8 queues). PFC is not applied on specific dot1p priorities. ETS: Equal bandwidth is assigned to each port queue and each dot1p priority in a priority group.
Page 304: Ets Configuration Notes
0 backplane all name dcb-map linecard all backplane all name • Dell Networking OS allows you to change the default dot1p priority-queue assignments only if the change satisfies the following requirements in DCB maps already applied to the interfaces: •...
Page 305: Ets Prerequisites And Restrictions
• Dell Networking OS supports hierarchical scheduling on an interface. The control traffic on Dell Networking OS is redirected to control queues as higher priority traffic with strict priority scheduling. After the control queues drain out, the remaining data traffic is scheduled to queues according to the bandwidth and scheduler configuration in the DCB map.
Page 306: Configuring Priority-Based Flow Control
• If you configure more than one priority group as strict priority, the higher numbered priority queue is given preference when scheduling data traffic. Configuring Priority-Based Flow Control Priority-Based Flow Control (PFC) provides a flow control mechanism based on the 802.1p priorities in converged Ethernet traffic received on an interface and is enabled by default when you enable DCB.
Page 307: Configuring Lossless Queues
2 maps to dot1p priority 4; priority group 4 maps to dot1p priorities 5, 6, and 7. Dell Networking OS Behavior: As soon as you apply a DCB policy with PFC enabled on an interface, DCBx starts exchanging information with PFC-enabled peers. The IEEE802.1Qbb, CEE, and CIN versions of PFC Type, Length, Value (TLV) are supported.
Page 308: Configuring Enhanced Transmission Selection
It is the user responsibility to have symmetric PFC configurations on the interfaces involved in a particular PFC-enabled traffic-flow to obtain lossless behavior. Configuring Enhanced Transmission Selection ETS provides a way to optimize bandwidth allocation to outbound 802.1p classes of converged Ethernet traffic.
Page 309: Ets Operation With Dcbx
2 maps to dot1p priority 4; priority group 4 maps to dot1p priorities 5, 6, and 7. Dell Networking OS Behavior: A priority group consists of 802.1p priority values that are grouped for similar bandwidth allocation and scheduling, and that share latency and loss requirements. All 802.1p priorities mapped to the same queue must be in the same priority group.
Page 310: Configure A Dcbx Operation
priority scheduling (strict-priority command). The priority group for strict-priority scheduling (scheduler strict command. Configure a DCBx Operation DCB devices use data center bridging exchange protocol (DCBx) to exchange configuration information with directly connected peers using the link layer discovery protocol (LLDP) protocol. DCBx can detect the misconfiguration of a peer DCB device, and optionally, configure peer DCB devices with DCB feature settings to ensure consistent operation in a data center network.
Page 311 the configuration to other auto-upstream and auto-downstream ports. A port that receives an internally propagated configuration overwrites its local configuration with the new parameter values. When an auto-upstream port (besides the configuration source) receives and overwrites its configuration with internally propagated information, one of the following actions is taken: •...
Page 312: Dcb Configuration Exchange
On a DCBx port in a manual role, all PFC, application priority, ETS recommend, and ETS configuration TLVs are enabled. When making a configuration change to a DCBx port in a Manual role, Dell Networking recommends shutting down the interface using the shutdown command, change the configuration, then re-activate the interface using the no shutdown command.
Page 313: Configuration Source Election
Configuration Source Election When an auto-upstream or auto-downstream port receives a DCB configuration from a peer, the port first checks to see if there is an active configuration source on the switch. • If a configuration source already exists, the received peer configuration is checked against the local port configuration.
Page 314: Auto-Detection And Manual Configuration Of The Dcbx Version
Auto-Detection and Manual Configuration of the DCBx Version When operating in Auto-Detection mode (the DCBx version auto command), a DCBx port automatically detects the DCBx version on a peer port. Legacy CIN and CEE versions are supported in addition to the standard IEEE version 2.5 DCBx.
Page 315: Configuration Example For Dscp And Pfc Priorities
Table 18. o Queues Queue Assignment Internal- priority Queue Dot1p->Queue Mapping Configuration is retained at the default value. Default dot1p-queue mapping is, Dell#show qos dot1p-queue-mapping Dot1p Priority : 0 Queue :2 Interface Configurations on server connected ports. Enable DCB globally. Dell(conf)#dcb enable Apply PFC Priority configuration.
Page 316: Dcbx Example
DCBx Example The following figure shows how to use DCBx. The device is connected to third-party, top-of-rack (ToR) switches through 40GbE or 10GBE uplinks. The ToR switches are part of a Fibre Channel storage network. The ports connected to the server with CNA are configured as auto-downstream ports.
Page 317: Dcbx Prerequisites And Restrictions
DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port: • For DCBx, on a port interface, enable LLDP in both Send (TX) and Receive (RX) mode (the protocol lldp mode command; refer to the example in CONFIGURATION versus INTERFACE Configurations Link Layer Discovery Protocol (LLDP) chapter).
Page 318 • auto-upstream: configures the port to receive a peer configuration. The configuration source is elected from auto-upstream ports. • auto-downstream: configures the port to accept the internally propagated DCB configuration from a configuration source. • config-source: configures the port to serve as the configuration source on the switch. •...
Page 319 configure Enter LLDP Configuration mode to enable DCBx operation. CONFIGURATION mode [no] protocol lldp Configure the DCBx version used on all interfaces not already configured to exchange DCB information. PROTOCOL LLDP mode [no] DCBx version {auto | cee | cin | ieee-v2.5} •...
Page 320 [no] fcoe priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x8. Configure the iSCSI priority advertised for the iSCSI protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] iscsi priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x10.
Page 321: Verifying The Dcb Configuration
• mgmt: enables traces for DCBx management frames. • resource: enables traces for DCBx system resource frames. • sem: enables traces for the DCBx state machine. • tlv: enables traces for DCBx TLVs. Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 19.
Page 322 PG:1 TSA:ETS BW:50 PFC:ON Priorities:3 4 The following example shows the show interfaces pfc summary command. Dell# show interfaces tengigabitethernet 1/4 pfc summary Interface TenGigabitEthernet 1/4 Admin mode is on Admin is enabled Remote is enabled, Priority list is 4...
Page 323 Oper status is recommended PFC DCBx Oper status is Up State Machine Type is Feature TLV Tx Status is enabled PFC Link Delay 45556 pause quanta Application Priority TLV Parameters : -------------------------------------- FCOE TLV Tx Status is disabled ISCSI TLV Tx Status is disabled Local FCOE PriorityMap is 0x8 Local ISCSI PriorityMap is 0x10 Remote FCOE PriorityMap is 0x8...
Page 324 Number of PFC pause frames transmitted. PFC TLV Statistics: Pause Rx pkts Number of PFC pause frames received The following example shows the show interface pfc statistics command. Dell#show int tengigabitethernet 0/2 pfc statistics Interface TenGigabitEthernet 0/2 Interface Priority Rx XOFF Frames...
Page 325 0 Input Conf TLV Pkts, 1955 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 0 Input Reco TLV Pkts, 1955 Output Reco TLV Pkts, 0 Error Reco TLV Pkts Dell(conf)# show interfaces tengigabitethernet 1/1/1 ets detail Interface TenGigabitEthernet 1/1...
Page 326 0T LIVnput Traffic Class TLV Pkts, 0 Output Traffic Class TLV Pkts, 0 Error Traffic Class Pkts The following example shows the show interface ets detail command. Dell(conf)# show interfaces tengigabitethernet 1/1 ets detail Interface TenGigabitEthernet 1/1 Max Supported TC Groups is 4 Number of Traffic Classes is 8...
Page 327 0 Input Conf TLV Pkts, 0 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 0 Input Traffic Class TLV Pkts, 0 Output Traffic Class TLV Pkts, 0 Error Traffic Class TLV Pkts Dell#show interfaces fortyGige 0/36 ets detail Interface fortyGigE 0/36 Max Supported PG is 3 Number of Traffic Classes is 8...
Page 328 50 - - - - ETS - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Remote Parameters : ------------------- Remote is disabled...
Page 329 Number of ETS Error Configuration TLVs received. The following example shows the show linecard 2 port-set 0 backplane all pfc details command. Dell#show linecard 2 port-set 0 backplane all pfc details 2 port-set 0 backplane all Admin mode is On...
Page 330 PG-grp Priority# Bandwidth ------------------------------------------------ 0,1,2,4,5,6,7 50 % 50 % Dell# show interface tengigabit 2/12 dcbx details E-ETS Configuration TLV enabled e-ETS Configuration TLV disabled R-ETS Recommendation TLV enabled r-ETS Recommendation TLV disabled P-PFC Configuration TLV enabled p-PFC Configuration TLV disabled...
Page 331 ----------------- DCBx Operational Version is 0 DCBx Max Version Supported is 0 Sequence Number: 1 Acknowledgment Number: 1 Protocol State: In-Sync Peer DCBx Status: ---------------- DCBx Operational Version is 0 DCBx Max Version Supported is 0 Sequence Number: 1 Acknowledgment Number: 1 Total DCBx Frames transmitted 994 Total DCBx Frames received 646 Total DCBx Frame errors 0...
Page 332: Performing Pfc Using Dscp Bits Instead Of 802.1P Bits
DSCP and provide PFC treatment. Dell Networking OS Releases 9.3(0.0) and earlier provide CLI support to specify the priorities for which PFC is enabled on each port. This feature is applicable only for the tagged packets based on the incoming packet Dot1p and Dot1p based queue classification.
Page 333: Pfc And Ets Configuration Examples
PRIORITY to PG mapping (PRIO2PG) is on the ingress for each port. By default, all priorities are mapped to PG7. A priority for which PFC has to be generated is assigned to a PG other than PG7 (say PG6) and buffer watermark is set on PG6 so as to generate PFC.
Page 334 • One lossless queue is used. Figure 32. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment.
Page 335: Pfc And Ets Configuration Command Examples
The following examples show PFC and ETS configuration commands to manage your data center traffic. Priority Group Bandwidth Assignment Example of Configuring QoS Priority-Queue Assignment to Honor Dot1p Priorities Dell(conf)# service-class dynamic dot1p Dell(conf)# interface tengigabitethernet 1/1/1 Dell(conf-if-te-1/1/1)# service-class dynamic dot1p Example of configuring a DCB Map...
Page 336: Using Pfc And Ets To Manage Converged Ethernet Traffic
Using PFC and ETS to Manage Converged Ethernet Traffic Using PFC and ETS to manage converged ethernet traffic: dcb-map linecard all backplane all dcb-map-name Hierarchical Scheduling in ETS Output Policies ETS supports up to three levels of hierarchical scheduling. For example, you can apply ETS output policies with the following configurations: Priority group 1 Assigns traffic to one priority queue with 20% of the link bandwidth and strict-priority scheduling.
Page 337: Priority-Based Flow Control Using Dynamic Buffer Method
Priority-Based Flow Control Using Dynamic Buffer Method Priority-based flow control using dynamic buffer spaces is supported on the switch. In a data center network, priority-based flow control (PFC) manages large bursts of one traffic type in multiprotocol links so that it does not affect other traffic types and no frames are lost due to congestion. When PFC detects congestion on a queue for a specified priority, it sends a pause frame for the 802.1p priority traffic to the transmitting device.
Page 338: Configuring The Dynamic Buffer Method
The default behavior causes up to a maximum of 6.6 MB to be used for PFC-related traffic. The remaining approximate space of 1 MB can be used by lossy traffic. You can allocate all the remaining 1 MB to lossless PFC queues.
Page 339 CONFIGURATION mode dcb-buffer-threshold dcb-buffer-threshold DCB-BUFFER-THRESHOLD mode priority 0 buffer-size 52 pause-threshold 16 resume-offset 10 shared-threshold- weight 7 Assign the DCB policy to the DCB buffer threshold profile on the backplane. CONFIGURATION mode dcb-policy buffer-threshold linecard {linecard-number | all} port-set {port- pipe | all} backplane all dcb-policy-name Assign the DCB policy to the DCB buffer threshold profile on interfaces.
Page 340: Debugging And Diagnostics
Debugging and Diagnostics This chapter describes the debugging and diagnostics tasks you can perform on the switch. Topics: • Offline Diagnostics • TRACE Logs • Last Restart Reason • show hardware Commands • Environmental Monitoring • Troubleshooting Packet Loss • Accessing Application Core Dumps •...
Page 341: Running Port Extender Offline Diagnostics On The Switch
Dell#diag pe 0 stack-unit 0 A warning is displayed with a CLI prompt asking you to click Yes or No. Dell#diag pe 0 stack-unit 0 level0 ? Warning - PE-Unit 0 at PEID 0 will go offline to run the diagnostics.
Page 342 PE-0-20150312_045748.txt Diagnostic results are stored to a file in the flash using the filename format: flash://DEFAULT_DIAG_REPORT_DIR/TestReport-SU--PE-.txt Dell#00:20:26 : Diagnostic test results are stored on flash:// DEFAULT_DIAG_REPORT_DIR/TestReport-SU-0-PE-020150312_045748.txt Examples of Running Offline Diagnostics on the Port Extender The following example shows how to verify the offline/online status of the PE.
Page 343 8192 Jan 01 1980 00:00:00 +00:00 .. -rwx 97377 Jul 30 2015 07:52:04 +00:00 TestReport-SU-0- PE-10-20150730_075149.txt The following example shows retrieving the diagnostics report for PE Dell#show file TestReport-SU-2-PE-255-20150730_131431.txt Number of Bcm devices: 1 DELL DIAGNOSTICS-C1048P-PEID(-1)-STACK ID(2) PPID -- NA...
Page 344 009 - One Gig PHY Access Test ........PASS 010 - One Gig PHY Access Test ........PASS 011 - One Gig PHY Access Test ........PASS 012 - One Gig PHY Access Test ........PASS 013 - One Gig PHY Access Test ........PASS 014 - One Gig PHY Access Test ........
Page 345 041 - One Gig PHY Access Test ........PASS 042 - One Gig PHY Access Test ........PASS 043 - One Gig PHY Access Test ........PASS 044 - One Gig PHY Access Test ........PASS 045 - One Gig PHY Access Test ........PASS 046 - One Gig PHY Access Test ........
Page 346 Starting test: usbAccess ..-USB "/dev/rsd0c" is not plugged/mounted/formatted; test SKIPPED ERROR: USB Access Test is not done usbAccess ........... FAIL usbPowerEnable ..........PASS usbStatus ........... PASS LEVEL 1 DIAGNOSTIC flashRW ............. PASS Starting test: oneGPhyExtLink ..001 - One Gig PHY Link Test ........PASS 002 - One Gig PHY Link Test ........
Page 347 The following example shows how to run offline diagnostics for PE in Debug mode. NOTE: Dell Networking highly recommends reloading the system after running the offline diagnostics in Debug mode on the switch. Dell#diag pe 0 stack-unit 1 level0 verbose no-reboot...
Page 348: Running Offline Diagnostics On A Standalone Switch
A warning is displayed with a CLI prompt asking you to click Yes or No Dell#diag system Warning - diagnostic execution will cause multiple link flaps on the peer side - advisable to shut directly connected ports Proceed with Diags [confirm yes/no]: View the results of the diagnostic tests.
Page 349 Apr 26 22:26:17: %RPM0-P:CP %CHMGR-2-LINECARD_DOWN: linecard 4 down - linecard offline Error: linecard 11 is not present. Dell#Apr 26 22:26:17: %RPM0-P:CP %IFMGR-1-DEL_PORT: Removed port: Fo 4/0-20, Apr 26 22:26:17: %RPM0-P:CP %CHMGR-2-LINECARD_DOWN: linecard 5 down - linecard offline Apr 26 22:26:17: %RPM0-P:CP %IFMGR-1-DEL_PORT: Removed port: Te 5/0-7, Fo 5/8-20,...
Page 350 % Error: Invalid command - card is not present. % Error: Invalid command - card is not present. Dell#Apr 26 22:32:01: %C9000LC0640:4 %DIAGAGT-6-DA_DIAG_STARTED: Starting diags on linecard 4 2d3h3m : Approximate time to complete the Diags (all levels)... 10 Mins...
Page 351 4490649600 bytes total (3903815680 bytes free) The following example displays results of offline/online diagnostics on a standalone switch for a test log for a Linecard Processor 4. Dell#show file flash://TestReport-LP-4.txt Called with cpu = 3 slotID = 4 DELL...
Page 352 ERROR: Unit 0 hg port 30 is DOWN ERROR: Unit 0 hg port 31 is DOWN ERROR: Unit 0 hg port 32 is DOWN hgLinkStatusTest ..........FAIL Starting test: i2cTest ..ERROR: ioctl: "SFP0" op(1)=READ WITH STOP bus=9 address=0x50 offset=0 length=1 ERROR: ioctl: "SFP1"...
Page 353 ERROR: Unit 0 xe port 13 is DOWN ERROR: Unit 0 xe port 17 is DOWN ERROR: Unit 0 xe port 21 is DOWN xeLinkStatusTest ..........FAIL LEVEL 1 DIAGNOSTIC i2cTest ............. PASS opticPhyTest ..........PASS rtcTest ............. PASS sataSsdTest ..........PASS Starting test: ssdFlashFileSystemStressTest ../dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 1 - File System Check passed...
Page 354 Iteration 26 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 27 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 28 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 29 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 30 - File System Check passed...
Page 355 (0, 1) i2cTest (0, 1) opticEepromTest (0, 1) opticPresenceTest (0, 1) udfLinkStatus (0, 1) xeLinkStatusTest (0, 1) ipcTrafficTest (2, 1) Example of a Test Log for Control Processor Dell#show file flash://TestReport-CP-unit.txt DELL DIAGNOSTICS-C9000-CP00 CpuType -- RPM-CP PPID -- CN0CKKCP7793149U0047 PPID Rev...
Page 356 ERROR: ioctl: "lm7" op(1)=READ WITH STOP bus=24 address=0x49 offset=0 length=1 ERROR: ioctl: "lm8" op(1)=READ WITH STOP bus=25 address=0x4a offset=0 length=1 ERROR: ioctl: "lm9" op(1)=READ WITH STOP bus=26 address=0x4b offset=0 length=1 i2cTest ............. FAIL interruptStatusTest ......... PASS Starting test: lmPresenceTest ..LM Slot0 Not Present LM Slot1 Present LM Slot2 Not Present LM Slot3 Not Present...
Page 357 Starting test: showTemperature ..+Board First Thermal Monitor Sensor[0] is 38.0 C +Board First Thermal Monitor Sensor[1] is 33.0 C +Board First Thermal Monitor Sensor[2] is 31.0 C +Board First Thermal Monitor Sensor[3] is 38.0 C +Board First Thermal Monitor Sensor[4] is 34.0 C +Board Second Thermal Monitor Sensor[0] is 40.0 C +Board Second Thermal Monitor Sensor[1] is 45.0 C +Board Second Thermal Monitor Sensor[2] is 36.0 C...
Page 358 ERROR: Fan speed variation failed for tray[2] FAN TRAY[2] FAN 2 Controller Speed Test FAIL ERROR: Tray[2] fan[3] speed 56% is out of expected range [80-100%] ERROR: Fan speed variation failed for tray[2] FAN TRAY[2] FAN 3 Controller Speed Test FAIL fanCntrlSpeedTest ...........
Page 359 Iteration 18 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 19 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 20 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 21 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 22 - File System Check passed...
Page 360 (1, 1) udfLinkStatusTest (1, 1) usbTest (1, 1) ipcPingTrafficTest (2, 1) The following example shows the show diag linecard detail command. ell#show diag linecard 4 detail Diag status of linecard member 4: -------------------------------------------------------------------------- Board: C9010 Dell Networking ================================================= Debugging and Diagnostics...
Page 361 Duration of execution (Total) : 1 min 13 sec. Diagnostic test results located: flash:/TestReport-LP-4.txt Last notification received at Sun Apr 26, 2015 10:33:14 PM -------------------------------------------------------------------------- Called with cpu = 3 slotID = 4 DELL DIAGNOSTICS-C9000-CP00 CpuType -- LM PPID -- CN0CYFF2779314A60021...
Page 362 ERROR: optic:21 is not present opticEepromTest ..........FAIL opticPhyTest ..........PASS Starting test: opticPresenceTest ..ERROR: optic:1 is not present ERROR: optic:5 is not present ERROR: optic:9 is not present ERROR: optic:13 is not present ERROR: optic:17 is not present ERROR: optic:21 is not present opticPresenceTest ...........
Page 363 Iteration 3 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 4 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 5 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 6 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 7 - File System Check passed...
Page 364 Iteration 35 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 36 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 37 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 38 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 39 - File System Check passed...
Page 365 The following example shows the show diag in control processor command. Dell#show diag cp unit detail Diag status of CP unit: -------------------------------------------------------------------------- Board: C9010 Dell Networking ================================================= CP unit is currently offline. CP unit alllevels diag issued at Sun Apr 26, 2015 10:32:01 PM.
Page 366 ERROR: ioctl: "lm6" op(1)=READ WITH STOP bus=23 address=0x48 offset=0 length=1 ERROR: ioctl: "lm7" op(1)=READ WITH STOP bus=24 address=0x49 offset=0 length=1 ERROR: ioctl: "lm8" op(1)=READ WITH STOP bus=25 address=0x4a offset=0 length=1 ERROR: ioctl: "lm9" op(1)=READ WITH STOP bus=26 address=0x4b offset=0 length=1 i2cTest .............
Page 367 sataSsdTest ..........PASS Starting test: showTemperature ..+Board First Thermal Monitor Sensor[0] is 38.0 C +Board First Thermal Monitor Sensor[1] is 33.0 C +Board First Thermal Monitor Sensor[2] is 31.0 C +Board First Thermal Monitor Sensor[3] is 38.0 C +Board First Thermal Monitor Sensor[4] is 34.0 C +Board Second Thermal Monitor Sensor[0] is 40.0 C +Board Second Thermal Monitor Sensor[1] is 45.0 C +Board Second Thermal Monitor Sensor[2] is 36.0 C...
Page 368 ERROR: Tray[2] fan[2] speed 56% is out of expected range [80-100%] ERROR: Fan speed variation failed for tray[2] FAN TRAY[2] FAN 2 Controller Speed Test FAIL ERROR: Tray[2] fan[3] speed 56% is out of expected range [80-100%] ERROR: Fan speed variation failed for tray[2] FAN TRAY[2] FAN 3 Controller Speed Test FAIL fanCntrlSpeedTest ...........
Page 369 /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 18 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 19 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 20 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 21 - File System Check passed /dev/rwd0k: 3 files, 20398 free (10199 clusters)
Page 370 /dev/rwd0k: 3 files, 20398 free (10199 clusters) Iteration 50 - File System Check passed Completed 50 iterations No issues found in SD Flash (/dev/wd0k) SD Flash File System Stress Test is Passed ssdFlashFileSystemStressTest ........ PASS Starting test: udfLinkStatusTest ..Link Status for Port: 18 -> Peer Slot0 on unit: 0 is Link Status for Port: 25 ->...
Page 371: Trace Logs
Upload a trace-log file from a switch CPU. EXEC mode upload trace-log {cp | rp | linecard slot-id pe PEID stack-unit unit number sw- trace | hw-trace} Example of Uploading a PE Trace Log Dell#upload trace-log pe 0 stack-unit 0 hw-trace Debugging and Diagnostics...
Page 372: Last Restart Reason
Use the show hardware commands to troubleshoot error conditions by displaying information about a hardware subcomponent and details from hardware-based feature tables. NOTE: Use the show hardware commands only under the guidance of the Dell Networking Technical Assistance Center (TAC). •...
Page 373 • Display Hardware Buffer Configurations, Counters. show hardware {linecard <0-11> | pe <1-255> stack-unit <0-7>} buffer unit <0-0> port buffer-info • Display the modular packet buffers details per unit and the mode of allocation. show hardware linecard slot—id buffer unit unit-number} total-buffer •...
Page 374 HiGig port-channel number. NOTE: In the C9000 series CLI, NPUs are sometimes referred to as units. Besides the front-end I/O ports on line cards, the C9000 series uses six internal SFM units to transmit the data between line-card ports. Debugging and Diagnostics...
Page 375: Environmental Monitoring
To receive periodic power updates, enable the enable optic-info-update interval command. The output in the following example displays the environment status of the RPM. Example of the show interfaces transceiver Command Dell#show interfaces tengigabitethernet 10/1 transceiver SFP is present SFP+ 1 Serial Base ID fields...
Page 376: Display Power Supply Status
(for example, power supply 0) indicates the chassis bay in which it is installed; chassis bays are numbered 0 to 4, starting from the leftmost bay 0. unit 0 refers to the switch itself. Dell#00:20:34: %SYSTEM:CP %CHMGR-0-PS_DOWN: Major alarm: Power supply 0 in unit 0 is down...
Page 377: Display Fan Status
Display Fan Status To monitor the status of fan operation, use the show environment fan command. The command output displays the operational status of each fan, including tray status, and speed of each fan. Dell#show environment fan Status Unit TrayStatus...
Page 378 To display more diagnostic data when troubleshooting a transceiver, use the show interfaces tranceiver command. Additional information about QSFP temperature, voltage, and current alarm thresholds are displayed. Dell#show interfaces fortyGigE 2/168 transceiver QSFP 168 Serial ID Base Fields QSFP 168 Id...
Page 379: Recognize An Over-Temperature Condition
90% to 100%. Over-temperature alarms are logged. Use the show alarms command to display the currently logged alarms. To display the pre-configured sensor thresholds, use the show alarms threshold command. Dell#show alarm threshold Temperature Limits (deg C) --------------------------------------------------------------------------- Minor Off...
Page 380: Troubleshoot An Over-Temperature Condition
When the system experiences a high temperature on any temperature sensor that exceeds the Critical threshold, a shutdown log event is generated as show in the following examples: Dell#Jun 18 01:57:03: %RPM1-P:CP %CHMGR-2-TEMP_SHUTDOWN_WARN: WARNING! linecard 11 temperature is 110C; approaching shutdown threshold of 110C)
Page 381 : 4.0 Num Ports Up Time : 25 min, 39 sec Last Restart : normal power-cycle Dell Networking OS Version : 1-0(0-4058) Jumbo Capable : yes CP Boot Flash : 3.3.1.15 [booted] RP Boot Flash : 3.3.1.15 [booted] Boot Selector : 3.3.0.0g RP Boot Selector : 3.3.0.0g...
Page 382: Troubleshooting Packet Loss
When the system experiences a high temperature on any temperature sensor that exceeds the Critical threshold, a shutdown log event is generated; for example: Dell#Jun 18 01:57:03: %RPM1-P:CP %CHMGR-2-TEMP_SHUTDOWN_WARN: WARNING! linecard 11 temperature is 110C; approaching shutdown threshold of 110C)
Page 383: Displaying Drop Counters
Total Ingress Drops : 41694 Total IngMac Drops Total Mmu Drops Total EgMac Drops Total Egress Drops Dell#show hardware linecard 2 drops unit 0 UserPort PortNumber Ingress Drops IngMac Drops Total Mmu Drops EgMac Drops Egress Drops 41745 Debugging and Diagnostics...
Page 384: Displaying Dataplane Statistics
To display input and output statistics on the party bus, which carries inter-process communication traffic between CPUs use the show hardware party-bus port {{0-7}|all} statistics command. Dell#show hardware linecard 2 cpu data-plane statistics HANSKVILLE Mib Counters: TR 64 byte frames = 3...
Page 385 Under/oversized frames = 0 FLR frames = 0 RCDE frames = 0 RCSE frames = 0 Dell#show hardware party-bus port 0 statistics Party Bus Transmit Counters for port 0: Tx Octets = 350320163 Tx Drop Packets = 0 tx_q0_pkts = 597876...
Page 386: Displaying Line-Card Counters
The show hardware linecard {0–2} unit unit-num {counters | details | ipmc- replication | port-stats | register | table-dump} command displays internal receive and transmit statistics for a port-pipe unit on a specified line card, according to the command option you enter. Dell#show hardware linecard 0 unit 1 counters RUC.cpu0...
Page 387: Accessing Application Core Dumps
Accessing Application Core Dumps Core dumps for an application crash are enabled by default. On the system, core dumps are generated and stored in the local flash of the system’s Control Processor CPU. To access an application core-dump file, you must perform an FTP to the Control Processor CPU flash directory where the application core dump is stored in the following formats: •...
Page 388: Mini Core Dumps
Mini Core Dumps Dell Networking OS supports mini core dumps for kernel crashes. The mini core dump applies to Master units. Kernel mini core dumps are always enabled. The mini core dumps contain the stack space and some other very minimal information that can be used to debug a crash. These files are small files and are written into flash until space is exhausted.
Page 389: Enabling Tcp Dumps
timestamp is a text string in the format: yyyyddmmhhmmss (YearDayMonthHourMinuteSecond). To disable the full kernel and other core dumps, enter the no logging coredump command. The Kernel full core dump name in RPM’s uses the following formats: • Kernel full core dump generated from CP of the RPMs f10Ch_rpm<0/1>_cp_.kcore.gz •...
Page 390: Accessing Port Extender Core And Mini Core Dumps
Accessing Port Extender Core and Mini Core Dumps For port extenders (PE), the application core dump and the mini core dump of the port extenders are uploaded to the controller bridge’s flash inside directory /flash/CORE_DUMP_DIR. The format of a PE application core uploaded to CB are as follows: f10pe___Stk.acore.gz The format for a mini core dump uploaded to CB are as follows: f10pe_ StkUnit_.kcore.mini.txt...
Page 391: Dynamic Host Configuration Protocol (Dhcp)
Dynamic Host Configuration Protocol (DHCP) DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually configuring hosts, which can be a tedious and error-prone process when hosts often join, leave, and change locations on the network and it reclaims IP addresses that are no longer in use to prevent address exhaustion.
Page 392 specify the parameters that they require, and the server sends only those parameters. Some common options are shown in the following illustration. Figure 33. DHCP packet Format The following table lists common DHCP options. Option Number and Description Subnet Mask Option 1 Specifies the client’s subnet mask.
Page 393: Assign An Ip Address Using Dhcp
Option Number and Description Clients use this option to tell the server which parameters it requires. It is a series of octets where each octet is DHCP option code. Renewal Time Option 58 Specifies the amount of time after the IP address is granted that the client attempts to renew its lease with the original server.
Page 394: Implementation Information
Dell Networking implements DHCP based on RFC 2131 and RFC 3046. • IP source address validation is a sub-feature of DHCP Snooping; the Dell Networking OS uses access control lists (ACLs) internally to implement this feature and as such, you cannot apply ACLs to an interface which has IP source address validation.
Page 395: Configure The System To Be A Dhcp Server
subnet mask that you give to each pool. For example, if all pools were configured for a /24 mask, the total would be 40000/253 (approximately 158). If the subnet is increased, more pools can be configured. The maximum subnet that can be configured for a single pool is /17. The system displays an error message for configurations that exceed the allocated memory.
Page 396: Configuring The Server For Automatic Address Allocation
IP address ranges, lease length specifications, and configuration data that DHCP hosts need. Configuring the Dell system to be a DHCP server is a three-step process: Configuring the Server for Automatic Address Allocation Specifying a Default Gateway Enable the system to be a DHCP server (no disable command).
Page 397: Specifying A Default Gateway
Specify default gateway(s) for the clients on the subnet, in order of preference. DHCP Mode default-router address Configure a Method of Hostname Resolution Dell Networking systems are capable of providing DHCP clients with parameters for two methods of hostname resolution—using DNS or NetBIOS WINS. Dynamic Host Configuration Protocol (DHCP)
Page 398: Using Dns For Address Resolution
Specify the NetBIOS WINS name servers, in order of preference, that are available to Microsoft Dynamic Host Configuration Protocol (DHCP) clients. DHCP mode netbios-name-server address Specify the NetBIOS node type for a Microsoft DHCP client. Dell Networking recommends specifying clients as hybrid. DHCP mode netbios-node-type type...
Page 399: Debugging The Dhcp Server
pool name Specify the client IP address. DHCP host address Specify the client hardware address. DHCP hardware-address hardware-address type • hardware-address: the client MAC address. • type: the protocol of the hardware platform. The default protocol is Ethernet. Debugging the DHCP Server To debug the DHCP server, use the following command.
Page 400 You can configure an interface on the Dell Networking system to relay the DHCP messages to a specific DHCP server using the ip helper-address command from INTERFACE mode, as shown in the following illustration. Specify multiple DHCP servers by using the ip helper-address command multiple times.
Page 401: Configure The System To Be A Dhcp Client
To view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privilege mode. Example of the show ip interface Command R1_E600#show ip int gig 1/3 GigabitEthernet 1/3 is up, line protocol is down Internet address is 10.11.0.1/24 Broadcast address is 10.11.0.255 Address determined by user input IP MTU is 1500 bytes...
Page 402: Dhcp Client Operation With Other Features
• ip route for 0.0.0.0 takes precedence if it is present or added later. • Management routes added by a DHCP client display with Route Source as DHCP in the show ip management route and show ip management-route dynamic command output. •...
Page 403: Configure Secure Dhcp
DHCP Server A switch can operate as a DHCP client and a DHCP server. DHCP client interfaces cannot acquire a dynamic IP address from the DHCP server running on the switch. Acquire a dynamic IP address from another DHCP server. Virtual Router Redundancy Protocol (VRRP) Do not enable the DHCP client on an interface and set the priority to 255 or assign the same DHCP interface IP address to a VRRP virtual group.
Page 404: Dhcp Snooping
The server echoes the option back to the relay agent in its response, and the relay agent can use the information in the option to forward a reply out the interface on which the request was received rather than flooding it on the entire VLAN. The relay agent strips Option 82 from DHCP responses before forwarding them to the client.
Page 405: Enabling Dhcp Snooping
Restrictions for DHCP Snooping • DHCP Snooping is supported only for port extender interfaces connected to the VLT peers. • DHCP server must be connected to the VLT peers only using VLT Port-channel. • DHCP Snooping is supported only FOR SPANNED VLANs. •...
Page 406: Drop Dhcp Packets On Snooped Vlans Only
EXEC Privilege mode show ip dhcp snooping Example of the show ip dhcp snooping Command View the DHCP snooping statistics with the show ip dhcp snooping command. Dell#show ip dhcp snooping IP DHCP Snooping : Enabled. IP DHCP Snooping Mac Verification : Disabled.
Page 407: Dynamic Arp Inspection
To view the number of entries in the table, use the show ip dhcp snooping binding command. This output displays the snooping binding table created using the ACK packets from the trusted port. Dell#show ip dhcp snooping binding Codes : S - Static D - Dynamic...
Page 408: Configuring Dynamic Arp Inspection
Validate ARP frames against the DHCP snooping binding table. INTERFACE VLAN mode arp inspection Examples of Viewing the ARP Information To view entries in the ARP database, use the show arp inspection database command. Dell#show arp inspection database Protocol Address Age(min) Hardware Address Interface VLAN...
Page 409: Source Address Validation
DAI is supported on Layer 2 and Layer 3. Source Address Validation Using the DHCP binding table, Dell Networking OS can perform three types of source address validation (SAV). Table 26. Three Types of Source Address Validation Source Address Validation...
Page 410: Dhcp Mac Source Address Validation
impostering as a legitimate client, the source address appears on the wrong ingress port and the system drops the packet. If the IP address is fake, the address is not on the list of permissible addresses for the port and the packet is dropped. Similarly, if the IP address does not belong to the permissible VLAN, the packet is dropped.
Page 411: Viewing The Number Of Sav Dropped Packets
The following output of the show ip dhcp snooping source-address-validation discard- counters interface interface command displays the number of SAV dropped packets on a particular interface. Dell>show ip dhcp snooping source-address-validation discard-counters interface TenGigabitEthernet 0/1 deny access-list on TenGigabitEthernet 0/1...
Page 412: Clearing The Number Of Sav Dropped Packets
Dell>clear ip dhcp snooping source-address-validation discard-counters To clear the number of SAV dropped packets on a particular interface, use the clear ip dhcp snooping source-address-validation discard-counters interface interface command. Dell>clear ip dhcp snooping source-address-validation discard-counters interface TenGigE 0/1 Dynamic Host Configuration Protocol (DHCP)
Page 413: Equal Cost Multi-Path (Ecmp)
Equal Cost Multi-Path (ECMP) Equal cost multi-path (ECMP) supports multiple paths in next-hop packet forwarding to a destination device. ECMP for Flow-Based Affinity ECMP for flow-based affinity includes link bundle monitoring. Enabling Deterministic ECMP Next Hop Deterministic ECMP next hop arranges all ECMPs in order before writing them into the content addressable memory (CAM).
Page 414: Link Bundle Monitoring
The link bundle utilization is calculated as the total bandwidth of all links divided by the total bytes-per- second of all links, as shown in the following example. Example of Viewing Link Bundle Monitoring Dell# show link-bundle-distribution ecmp-group 1 Link-bundle trigger threshold - 60 ECMP bundle - 1 Utilization[In Percent] - 44 Alarm State - Active...
Page 415: Managing Ecmp Group Paths
Enable ECMP group path management. CONFIGURATION mode. ip ecmp-group path-fallback Example of the ip ecmp-group maximum-paths Command Dell(conf)#ip ecmp-group maximum-paths 3 User configuration has been changed. Save the configuration and reload to take effect Dell(conf)# Creating an ECMP Group Bundle Within each ECMP group, you can specify an interface.
Page 416: Modifying The Ecmp Group Threshold
You can configure ecmp-group with id 2 for link bundle monitoring. This ecmp-group is different from the ecmp-group index 2 that is created by configuring routes and is automatically generated. These two ecmp-groups are not related in any way. Dell(conf-ecmp-group-5)#show config ecmp-group 5 interface tengigabitethernet 0/2...
Page 417 The following network diagram depicts a scenario where a 10Gbps link connects the routers R2 and R4 and a 40Gbps link connects the routers R3 and R5: Figure 36. Sample BGP Link Bandwidth Configuration In this scenario, there is an additional 40Gbps link that is sometimes activated between the routers R2 and R5. When LB is configured on the routers R2 and R3 to communicate with their EBGP peers (routers R4 and R5 respectively), router R2 advertises path X to router R1 with LB indicating that a 10Gbps link is available for communication.
Page 418 neighbor 1.1.1.1 no shutdown neighbor 4.4.4.2 remote-as 2 neighbor 4.4.4.2 dmzlink-bw neighbor 4.4.4.2 no shutdown neighbor 5.5.5.2 remote-as 2 neighbor 5.5.5.2 dmzlink-bw neighbor 5.5.5.2 no shutdown interface tengigbitethernet 1/1 ip address 1.1.1.3/24 no shutdown interface fortyGigE 1/48 ip address 3.3.3.1/24 no shut router bgp 1 maximum-paths ebgp 2...
Page 419: Dynamic Re-Calculation Of Link Bankwidth
FIB about these paths (next-hops). NOTE: Dell Networking OS also supports a global configuration parameter to enable or disable Weighted ECMP for static routes on the system. The following example shows weighted ECMP configuration for Static Routes: Dell(conf)#ip route 1.1.1.0/24 4.4.4.2 weight 100...
Page 420: Ecmp Support In L3 Host And Lpm Tables
To verify ECMP support for IPv6 /128 route prefixes stored in the host table, use the show ipv6 cam command. The command output includes the ECMP field with IPv6 neighbor addresses. 1 indicates ECMP handling of destination routes. Dell# show ipv6 cam linecard 0 port-set 0 Neighbor Mac-Addr Port...
Page 421: Fcoe Transit
FCoE Transit The Fibre Channel over Ethernet (FCoE) Transit feature is supported on Ethernet interfaces. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces. Topics: •...
Page 422 To ensure similar Fibre Channel robustness and security with FCoE in an Ethernet cloud network, FIP establishes virtual point-to-point links between FCoE end-devices (server ENodes and target storage devices) and FCoE forwarders (FCFs) over transit FCoE-enabled bridges. Ethernet bridges commonly provide ACLs that can emulate a point-to-point link by providing the traffic enforcement required to create a Fibre Channel-level of robustness.
Page 423: Fip Snooping On Ethernet Bridges
FIP Function Description Logout On receiving a FLOGO packet, FSB deletes all existing sessions from the ENode to the FCF. Figure 37. FIP Discovery and Login Between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF.
Page 424 Dynamic ACL generation on the switch operating as a FIP snooping bridge function as follows: Port-based ACLs These ACLs are applied on all three port modes: on ports directly connected to an FCF, server-facing ENode ports, and bridge-to-bridge links. Port-based ACLs take precedence over global ACLs.
Page 425 between the ToR switch and an core switch. The switch operates as a lossless FIP snooping bridge to transparently forward FCoE frames between the ENode servers and the FCF switch. Figure 38. FIP Snooping on an Core Switch The following sections describe how to configure the FIP snooping feature on a switch that functions as a FIP snooping bridge so that it can perform the following functions: •...
Page 426: Fip Snooping In A Switch Stack
Example. Statisical information is available for FIP Snooping-related information. For available commands, refer to the FCoE Transit chapter in the Dell Networking OS Command Line Reference Guide. FIP Snooping Prerequisites Before you enable FCoE transit and configure FIP snooping on a switch, ensure that certain conditions are met.
Page 427: Important Points To Remember
You must apply the CAM-ACL space for the FCoE region before enabling the FIP-Snooping feature. If you do not apply CAM-ACL space the following error message is displayed: Dell(conf)#feature fip-snooping % Error: Cannot enable fip snooping. CAM Region not allocated for Fcoe.
Page 428: Enable Fip Snooping On Vlans
Enable FIP Snooping on VLANs You can enable FIP snooping globally on a switch on all VLANs or on a specified VLAN. When you enable FIP snooping on VLANs: • FIP frames are allowed to pass through the switch on the enabled VLANs and are processed to generate FIP snooping ACLs.
Page 429: Impact On Other Software Features
Impact on Other Software Features When you enable FIP snooping on a switch, other software features are impacted. The following table lists the impact of FIP snooping. Table 28. Impact of Enabling FIP Snooping Impact Description MAC address learning MAC address learning is not performed on FIP and FCoE frames, which are denied by ACLs dynamically created by FIP snooping on server-facing ports in ENode mode.
Page 430: Configuring Fip Snooping
Configuring FIP Snooping You can enable FIP snooping globally on all FCoE VLANs on a switch or on an individual FCoE VLAN. By default, FIP snooping is disabled. To enable FCoE transit on the switch and configure the FCoE transit parameters on ports, follow these steps. Configure FCoE.
Page 431: Displaying Fip Snooping Information
Displays information on the FCoE VLANs on which show fip-snooping vlan FIP snooping is enabled. Examples of the show fip-snooping Commands The following example shows the show fip-snooping sessions command. Dell#show fip-snooping sessions Enode MAC Enode Intf FCF MAC FCF Intf...
Page 432 Worldwide port name of the CNA port. Port WWNN Worldwide node name of the CNA port. The following example shows the show fip-snooping config command. Dell# show fip-snooping config FIP Snooping Feature enabled Status: Enabled FIP Snooping Global enabled Status: Enabled Global FC-MAP Value: 0X0EFC00...
Page 433 Fibre Channel session ID assigned by the FCF. The following example shows the show fip-snooping statistics interface vlan command (VLAN and port). Dell# show fip-snooping statistics interface vlan 100 Number of Vlan Requests Number of Vlan Notifications Number of Multicast Discovery Solicits...
Page 434 Number of FCF Discovery Timeouts Number of VN Port Session Timeouts Number of Session failures due to Hardware Config :0 Dell(conf)# Dell# show fip-snooping statistics int tengigabitethernet 0/11 Number of Vlan Requests Number of Vlan Notifications Number of Multicast Discovery Solicits...
Page 435 Table 33. show fip-snooping statistics Command Descriptions Field Description Number of VLAN Requests Number of FIP-snooped VLAN request frames received on the interface. Number of VLAN Notifications Number of FIP-snooped VLAN notification frames received on the interface. Number of Multicast Discovery Solicits Number of FIP-snooped multicast discovery solicit frames received on the interface.
Page 436 Number of Session failures due to Hardware Config Number of session failures due to hardware configuration that occurred on the interface. The following example shows the show fip-snooping system command. Dell# show fip-snooping system Global Mode : Enabled FCOE VLAN List (Operational) : 1, 100...
Page 437: Fcoe Transit Configuration Example
FCoE Transit Configuration Example The following illustration shows an core switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 39.
Page 438 Example of Enabling the FIP Snooping Feature on the Switch (FIP Snooping Bridge) Dell(conf)# feature fip-snooping Example of Enabling FIP Snooping on the FCoE VLAN Dell(conf)# interface vlan 10 Dell(conf-if-vl-10)# fip-snooping enable Example of Enabling an FC-MAP Value on a VLAN...
Page 439: Fips Cryptography
US Department of Commerce. FIPS mode is also validated for numerous platforms to meet the FIPS-140-2 standard for a software-based cryptographic module. This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms. NOTE: The Dell Networking OS uses an embedded FIPS 140-2-validated cryptography module (Certificate #1747) running on NetBSD 5.1 per FIPS 140-2 Implementation Guidance section G.5...
Page 440: Preparing The System
Preparing the System Before you enable FIPS mode, Dell Networking recommends making the following changes to your system. Disable the Telnet server (only use secure shell [SSH] to access the system). Disable the FTP server (only use secure copy [SCP] to transfer files to and from the system).
Page 441: Generating Host-Keys
FIPS mode, generates new host-keys, and re-enables the SSH server (assuming it was enabled before enabling FIPS). For more information, refer to the SSH Server and SCP Commands section in the Security chapter of the Dell Networking OS Command Line Reference Guide.
Page 442: Disabling Fips Mode
Disabling FIPS Mode The following describes disabling FIPS mode. When you disable FIPS mode, the following changes occur: • The SSH server disables. • All open SSH and Telnet sessions, as well as all SCP and FTP file transfers, close. •...
Page 443: Flex Hash And Optimized Boot-Up
Flex Hash and Optimized Boot-Up This chapter describes the Flex Hash and fast-boot enhancements. Topics: • Flex Hash Capability Overview • Configuring the Flex Hash Mechanism • LACP Fast Switchover • Configuring LACP Fast Switchover • LACP • RDMA Over Converged Ethernet (RoCE) Overview •...
Page 444: Configuring The Flex Hash Mechanism
L4 header to be used for hash calculation, and a meaningful description to associate the protocol number with the name. CONFIGURATION mode Dell(conf)# load-balance flexhash ipv4/ipv6 ip-proto offset1 [offset2 ] To delete the configured flex hash setting, use the no version of the command.
Page 445: Configuring Lacp Fast Switchover
If you configure the optimized booting-time capability and perform a reload of the system, the LACP application sends PDUs across all the active LACP links immediately. INTERFACE (conf-if-po-number) mode Dell(conf-if-po-number)#lacp fast- switchover...
Page 446 To provide lossless service for RRoCE, the QoS service policy must be configured in the ingress and egress directions on lite subinterfaces. A normal Layer 3 physical interface processes only untagged packets and makes routing decisions based on the default Layer 3 VLAN ID (4095). To enable routing of RRoCE packets, the VLAN ID is mapped to the default VLAN ID of 4095 using VLAN translation.
Page 447: Sample Configurations
Sample Configurations Figure 40. Configure DCB end-to-end on this setup Sample configuration for RoCE traffic MXL Fabric B1 and B2 Switches (RoCE Traffic Only) dcb enable Flex Hash and Optimized Boot-Up...
Page 448 iscsi enable interface TenGigabitEthernet 0/1 Description Link to RoCE Adapter no ip address mtu 12000 portmode hybrid switchport no spanning-tree protocol lldp dcbx port-role auto-downstream no shutdown interface fortyGigE 0/33 Description “To C9010s” no ip address mtu 12000 port-channel-protocol LACP port-channel 1 mode active protocol lldp no advertise dcbx-tlv ets-reco...
Page 449 Description VLTi to other switch C9010 1 vlt domain 2 peer-link port-channel 128 back-up destination interface Port-channel 128 no ip address mtu 12000 channel-member fortyGigE 1/4 no shutdown interface fortyGigE 1/4 no ip address mtu 12000 dcb-map Converged protocol lldp no shutdown C9010 2 vlt domain 2...
Page 450: Preserving 802.1Q Vlan Tag Value For Lite Subinterfaces
protocol lldp no shutdown interface TenGigabitEthernet 0/18 Description SOFS-RDMA no ip address mtu 12000 portmode hybrid switchport no spanning-tree dcb-map RoCE protocol lldp no shutdown interface TenGigabitEthernet 0/22 Description SOFS- iSCSI no ip address mtu 12000 portmode hybrid switchport spanning-tree rstp edge-port spanning-tree 0 portfast dcb-map iSCSI protocol lldp...
Page 451 associated with a physical/Port-channel interface. Normal VLANs and VLAN encapsulation can exist simultaneously and any non-unicast traffic received on a normal VLAN is not flooded using lite subinterfaces whose encapsulation VLAN ID matches with that of the normal VLAN ID. You can use the encapsulation dot1q vlan-id command in INTERFACE mode to configure lite subinterfaces.
Page 452: Force10 Resilient Ring Protocol (Frrp)
Force10 Resilient Ring Protocol (FRRP) Force10 resilient ring protocol (FRRP) provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimizations, STP can take up to 50 seconds to converge (depending on the size of network and node of failure) may require 4 to 5 seconds to reconverge.
Page 453: Ring Status
Each Transit node is also configured with a Primary port and a Secondary port on the ring, but the port distinction is ignored as long as the node is configured as a Transit node. If the ring is complete, the Master node logically blocks all data traffic in the transmit and receive directions on the Secondary port to prevent a loop.
Page 454: Multiple Frrp Rings
During the time between the Transit node detecting that its link is restored and the Master node detecting that the ring is restored, the Master node’s Secondary port is still forwarding traffic. This can create a temporary loop in the topology. To prevent this, the Transit node places all the ring ports transiting the newly restored port into a temporary blocked state.
Page 455: Implementing Frrp
• FRRP is media and speed independent. • FRRP is a Dell proprietary protocol that does not interoperate with any other vendor. • You must disable the spanning tree protocol (STP) on both the Primary and Secondary interfaces before you can enable FRRP.
Page 456: Frrp Configuration
Concept Explanation port transitions through this state during ring bring-up. All ports transition through this state when a port comes up. • Pre-Forwarding State — A transition state before moving to the Forward state. Control traffic is forwarded but data traffic is blocked. The Master node Secondary port transitions through this state during ring bring-up.
Page 457: Creating The Frrp Group
• Clearing the FRRP Counters • Viewing the FRRP Configuration • Viewing the FRRP Information Creating the FRRP Group Create the FRRP group on each switch in the ring. To create the FRRP group, use the command. • Create the FRRP group with this Ring ID. CONFIGURATION mode protocol frrp ring-id Ring ID: the range is from 1 to 255.
Page 458: Configuring And Adding The Member Vlans
• For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Slot/Port, Range: Slot and Port ID for the interface. Range is entered Slot/Port-Port. Assign the Primary and Secondary ports and the control VLAN for the ports on the ring.
Page 459: Setting The Frrp Timers
interface vlan vlan-id VLAN ID: the range is from 1 to 4094. Tag the specified interface or range of interfaces to this VLAN. CONFIG-INT-VLAN mode. tagged interface slot/port {range} Interface: • Slot/Port, range: Slot and Port ID for the interface. The range is entered Slot/Port-Port. •...
Page 460: Clearing The Frrp Counters
timer {hello-interval|dead-interval} milliseconds • Hello-Interval: the range is from 50 to 2000, in increments of 50 (default is 500). • Dead-Interval: the range is from 50 to 6000, in increments of 50 (default is 1500). Clearing the FRRP Counters To clear the FRRP counters, use one of the following commands. •...
Page 461: Troubleshooting Frrp
Troubleshooting FRRP To troubleshoot FRRP, use the following information. Configuration Checks • Each Control Ring must use a unique VLAN ID. • Only two interfaces on a switch can be Members of the same control VLAN. • There can be only one Master node for any FRRP group. •...
Page 462 Example of R2 TRANSIT interface TengigabitEthernet 2/14 no ip address switchport no shutdown interface TengigabitEthernet 2/31 no ip address switchport no shutdown interface Vlan 101 no ip address tagged TengigabitEthernet 2/14,31 no shutdown interface Vlan 201 no ip address tagged TengigabitEthernet 2/14,31 no shutdown protocol frrp 101 interface primary TengigabitEthernet 2/14 secondary TengigabitEthernet 2/31...
Page 463: Garp Vlan Registration Protocol (Gvrp)
Dynamic VLANs are aged out after the LeaveAll timer expires three times without receipt of a Join message. To display status, use the show gvrp statistics {interface interface | summary} command. Dell(conf)#protocol spanning-tree pvst Dell(conf-pvst)#no disable % Error: GVRP running. Cannot enable PVST.
Page 464: Configure Gvrp
Topics: • Configure GVRP • Enabling GVRP Globally • Enabling GVRP on a Layer 2 Interface • Configure GVRP Registration • Configure a GARP Timer Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. GVRP configuration is per interface on a switch-by-switch basis.
Page 465: Related Configuration Tasks
To configure GVRP globally, use the following command. • Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp Dell(config-gvrp)#no disable Dell(config-gvrp)#show config protocol gvrp no disable Dell(config-gvrp)# To inspect the global configuration, use the show gvrp brief command.
Page 466: Configure Gvrp Registration
VLAN 35 despite receiving a GVRP Leave message. Additionally, the interface is not dynamically added to VLAN 45 or VLAN 46, even if a GVRP Join message is received. Example of the gvrp registration Command Dell(conf-if-te-1/21)#gvrp registration fixed 34,35 Dell(conf-if-te-1/21)#gvrp registration forbidden 45,46 Dell(conf-if-te-1/21)#show conf...
Page 467 Leave Timer 1000 LeaveAll Timer 5000 Dell(conf)# The system displays this message if an attempt is made to configure an invalid GARP timer: Dell(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer. GARP VLAN Registration Protocol (GVRP)
Page 468: High Availability (Ha)
RPM after failover. Due to this, the line protocol might go down. NOTE: Dell Networking OS supports high availability (HA) on virtual link trunking (VLT). For information on HA support on VLT, see the VLT Chapter.
Page 469: High Availability In A Pe Stack
C9010, see the C9010 Getting Started Guide or C9010 Installation Guide. RPM Online Insertion Dell Networking systems can function with only one RPM. If you insert a second RPM, it comes online as the standby RPM. To display the status of installed RPMs, enter the show rpm all command.
Page 470: Pre-Configuring A Slot For A Line-Card Type
6-Port 40 Gigabit Ethernet QSFP+ (card type: C9000LC0640) • 24-Port 1/10 Gigabit Ethernet SFP+ (card type: C9000LC2410G) • 24-Port 1/10 Gigabit Ethernet Base-T RJ-45 (card type: C9000LC2410T) Dell(conf)# linecard 3 provision C9000LC2410G Dell(conf)# end Dell# show linecard 3 Linecard 3 -- Status...
Page 471: Hitless Behavior
Current Type : C9000LC0640 - 6-port TE/FG Hardware Rev : 4.0 Num Ports : 24 Up Time : 0 sec Dell Networking OS Version : 1-0(0-4079) Jumbo Capable : yes POE Capable : Not supported Max Required Power : 125 Boot Flash : 3.3.1.15...
Page 472: Graceful Restart
• Intermediate system to intermediate system Software Resiliency During normal operations, the Dell Networking OS monitors the health of both hardware and software components in the background to identify potential failures, even before these failures manifest. System Health Monitoring The Dell Networking OS also monitors the overall health of the system.
Page 473: Core Dumps
Event messages provide system administrators diagnostics and auditing information. The Dell Networking OS sends event messages to the internal buffer, all terminal lines, the console, and optionally to a syslog server. For more information about event messages and configurable options, see Switch Management.
Page 474: Control-Plane Failover
You can perform a manual failover by entering the redundancy force-failover rpm command. To display the reason for the last control-plane failover on the chassis, enter the show redundancy command in EXEC Privilege mode. Dell# show redundancy RPM Status ------------------------------------------------...
Page 475: Rpm Synchronization
(incremental sync). The data that is synchronized consists of configuration data, operational data, state and status, and statistics depending on the version of the Dell Networking OS. You can manually synchronize the primary and standby RPMs at any time by entering the redundancy synchronize full command.
Page 476: Disabling Auto-Reboot
Disabling Auto-Reboot To disable auto-reboot, use the following command. • Prevent a failed stack unit from rebooting after a failover. CONFIGURATION mode redundancy disable-auto-reboot High Availability (HA)
Page 477: Internet Group Management Protocol (Igmp)
IGMP Implementation Information • The Dell Networking OS supports IGMP versions 1, 2, and 3 based on RFCs 1112, 2236, and 3376, respectively. • The system does not support IGMP version 3 and versions 1 or 2 on the same subnet.
Page 478: Igmp Protocol Overview
IGMP Protocol Overview IGMP has three versions. Version 3 obsoletes and is backwards-compatible with version 2; version 2 obsoletes version 1. IGMP Version 2 IGMP version 2 improves on version 1 by specifying IGMP Leave messages, which allows hosts to notify routers that they no longer care about traffic for a particular group.
Page 479: Igmp Version 3
Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. Responding to an IGMP Query The following describes how a host can join a multicast group.
Page 480 are sent to the all IGMP version 3-capable multicast routers address 244.0.0.22, as shown in the second illustration. Figure 43. IGMP Version 3 Packet Structure Figure 44. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports.
Page 481 cannot record the include request. There are no other interested hosts, so the request is recorded. At this point, the multicast routing protocol prunes the tree to all but the specified sources. The host’s third message indicates that it is only interested in traffic from sources 10.11.1.1 and 10.11.1.2. Because this request again prevents all other sources from reaching the subnet, the router sends another group-and-source query so that it can satisfy all other hosts.
Page 482 Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group- and-specific and general queries. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 are no longer necessary.
Page 483: Configure Igmp
View IGMP-enabled interfaces. EXEC Privilege mode show ip igmp interface Example of the show ip igmp interface Command Dell(conf-if-te-1/0)#show ip igmp interface tengigabitethernet 1/0 TenGigabitEthernet 1/0 Inbound IGMP access group is not set Internet address is 1.1.1.1/24 IGMP is up on the interface...
Page 484: Selecting An Igmp Version
Selecting an IGMP Version The Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version 3.
Page 485: Enabling Igmp Immediate-Leave
If IGMP snooping is enabled on a PIM-enabled VLAN interface, data packets using the router as an Layer 2 hop may be dropped. To avoid this scenario, Dell Networking recommends that users enable IGMP snooping on server-facing end-point VLANs only.
Page 486: Configuring Igmp Snooping
• Disabling Multicast Flooding • Configuring the Switch as Querier Example of ip igmp snooping enable Command Dell(conf)#ip igmp snooping enable Dell(conf)#do show running-config igmp ip igmp snooping enable Dell(conf)# Removing a Group-Port Association To configure or view the remove a group-port association feature, use the following commands.
Page 487: Disabling Multicast Flooding
Dell(conf-if-vl-100)# Disabling Multicast Flooding If the switch receives a multicast packet that has an IP address of a group it has not learned (unregistered frame), the switch floods that packet out of all ports on the VLAN.
Page 488: Fast Convergence After Mstp Topology Changes
• Configure the switch to be the querier for a VLAN by first assigning an IP address to the VLAN interface. INTERFACE VLAN mode ip igmp snooping querier IGMP snooping querier does not start if there is a statically configured multicast router interface in the VLAN.
Page 489: Designating A Multicast Router Interface
Designating a Multicast Router Interface To designate an interface as a multicast router interface, use the following command. The system also has the capability of listening in on the incoming IGMP general queries and designate those interfaces as the multicast router interface when the frames have a non-zero IP source address. All IGMP control packets and IP multicast data traffic originating from receivers is forwarded to multicast router interfaces.
Page 490: Interfaces
Interfaces This chapter describes interface types, both physical and logical, and how to configure them on the switch. • 1-Gigabit Ethernet, 10-Gigabit Ethernet and 40-Gigabit Ethernet interfaces are supported on the C9010 switch and 1-Gigabit Ethernet C1048P port extender. Basic Interface Configuration •...
Page 491 Monitoring and Maintaining Interfaces • Displaying Traffic Statistics on HiGig Ports • Link Bundle Monitoring • Monitoring HiGig Link Bundles • Non Dell-Qualified Transceivers • Splitting QSFP Ports to SFP+ Ports • Configuring wavelength for 10–Gigabit SFP+ optics • Link Dampening •...
Page 492: Port Numbering
Port Numbering On the C9010, linecard slots are numbered 0 to 9. The RPM slots are numbered 10 and 11. NOTE: If the C9010 operates with only one RPM, you can install the RPM in either slot 10 (the top RPM slot labeled R0) or slot 11 (the bottom RPM slot labeled R1).
Page 493 On the C9010, port interface numbers are written above the ports. The following examples show port numbering on C9010 line cards (40GbE QSFP+, 1/10GbE SFP+, and 1/10GbE RJ-45). Figure 48. 40GbE QSFP+ Port Numbering On the 6-Port 40GbE QSFP+ line card, ports are numbered from 0 to 5 and operate by default in 40GbE mode.
Page 494 On the 1/10GbE SFP+ line card, ports are numbered from 0 to 23 and operate in 1/10G mode. Figure 50. 1/10GbE RJ-45 Port Numbering On the 1/10GbE RJ-45 line card, ports are numbered from 0 to 23 and operate in 1/10G mode. Figure 51.
Page 495: Interface Types
Interface Types The following table describes different interface types. Table 35. Types of Interfaces Interface Type Modes Possible Default Mode Requires Creation Default State Physical L2, L3 Unset Shutdown (disabled) NOTE: For the port extender interface only L2 is supported. Management No Shutdown (enabled)
Page 496 (SNMP) query. Examples of Using the Show Commands The following example shows the configuration and status information for one interface. Dell#show interface tengigabitethernet 1/12 TenGigabitEthernet 1/12 is up, line protocol is up Hardware is DellEth, address is 34:17:eb:01:dc:27...
Page 497 The following example displays the port extender interface configuration: Dell(conf)#interface peGigE 0/0/1 Dell(conf-if-pegi-0/0/1)#show config interface peGigE 0/0/1 switchport no shutdown Dell(conf-if-pegi-0/0/1)# The following example displays the status of interfaces: Dell#sho interfaces status | no-more Port Description Status Speed Duplex Vlan Fo 0/0 Down 40000 Mbit Auto...
Page 498 Te 2/13 Down Auto Auto Te 2/14 Down Auto Auto Te 2/15 Down Auto Auto Te 2/16 Down Auto Auto Te 2/17 Down Auto Auto Te 2/18 Down Auto Auto Te 2/19 Down Auto Auto Te 2/20 Down Auto Auto Te 2/21 Down Auto...
Page 499 PeGi 255/1/10 1000 Mbit Full PeGi 255/1/11 1000 Mbit Full PeGi 255/1/12 1000 Mbit Full PeGi 255/1/13 1000 Mbit Full PeGi 255/1/14 1000 Mbit Full PeGi 255/1/15 1000 Mbit Full PeGi 255/1/16 1000 Mbit Full PeGi 255/1/17 1000 Mbit Full PeGi 255/1/18 1000 Mbit Full PeGi 255/1/19...
Page 500 PeGi 255/2/26 1000 Mbit Full PeGi 255/2/27 1000 Mbit Full PeGi 255/2/28 1000 Mbit Full PeGi 255/2/29 1000 Mbit Full PeGi 255/2/30 1000 Mbit Full PeGi 255/2/31 1000 Mbit Full PeGi 255/2/32 1000 Mbit Full PeGi 255/2/33 1000 Mbit Full PeGi 255/2/34 1000 Mbit Full PeGi 255/2/35...
Page 501 To view which interfaces are enabled for Layer 3 data transmission, use the show ip interfaces brief command in EXEC Privilege mode. In the following example, TengigabitEthernet interface 1/5 is in Layer 3 mode because an IP address has been assigned to it and the interface’s status is operationally up. Dell#show ip interface brief Interface IP-Address...
Page 502: Resetting An Interface To Its Factory Default State
You can reset any configurations applied on an interface to its factory default state. To reset the configuration, perform the following steps: View the configurations applied on an interface. INTERFACE mode show config Dell(conf)# interface range tengigabitethernet 1/1 - 2 Dell(conf-if-range-te-1/1-2)# show config interface TenGigabitEthernet 1/1 switchport no shutdown...
Page 503: Enabling A Physical Interface
Interfaces. Port Pipes A port pipe is a Dell Networking-specific term for the hardware packet-processing elements that handle network traffic to and from a set of front-end I/O ports. The physical, front-end I/O ports are referred to as a port set. The system has 10 switch cards and each card has only one port pipe and 48 ports in each.
Page 504: Setting The Speed And Duplex Mode Of Ethernet Interfaces
• For ports directly attached to the chassis you can have a maximum of 4 sessions per port pipe. Refer to Port Numbering Convention for the exact port location on switch line cards. Setting the Speed and Duplex Mode of Ethernet Interfaces To discover whether the remote and local interface requires manual speed synchronization, and to manually synchronize them if necessary, use the following command sequence.
Page 505: Configuration Task List For Physical Interfaces
• Clearing Interface Counters Overview of Layer Modes On the Dell Networking OS, you can place physical interfaces, port channels, and VLANs in Layer 2 mode or Layer 3 mode. By default, VLANs are in Layer 2 mode. Table 36. Layer Modes...
Page 506: Configuring Layer 2 (Data Link) Mode
To set Layer 2 data transmissions through an individual interface, use the following command. • Enable Layer 2 data transmissions through an individual interface. INTERFACE mode switchport Example of a Basic Layer 2 Interface Configuration Dell(conf-if)#show config interface Port-channel 1 no ip address switchport no shutdown Dell(conf-if)# Configuring Layer 2 (Interface) Mode To configure an interface in Layer 2 mode, use the following commands.
Page 507: Configuring Layer 3 (Interface) Mode
TengigabitEthernet 1/2 no ip address switchport no shutdown Dell(conf-if)#ip address 10.10.1.1 /24 % Error: Port is in Layer 2 mode Te 1/2. Dell(conf-if)# To determine the configuration of an interface, use the show config command in INTERFACE mode or the various show interface commands in EXEC mode.
Page 508: Egress Interface Selection (Eis)
Dell>show ip int vlan 58 Vlan 58 is up, line protocol is up Internet address is 1.1.49.1/24 Broadcast address is 1.1.49.255 Address determined by config file MTU is 1554 bytes Inbound access list is not set Proxy ARP is enabled...
Page 509: Management Interfaces
You can configure this interface using the CLI, but the configuration options on this interface are limited. You cannot configure Gateway addresses and IP addresses if it appears in the main routing table of Dell Networking OS. In addition, proxy ARP is not supported on this interface.
Page 510: Configuring A Management Interface On An Ethernet Port
IP address and must not be in the same subnet as the virtual IP. Viewing Two Global IPv6 Addresses Dell#show interfaces managementethernet 0/0 ManagementEthernet 0/0 is up, line protocol is up Hardware is DellEth, address is 00:01:e8:a0:bf:f3...
Page 511: Port Extender Interfaces
To display the configuration for a given port, use the show interface command in EXEC Privilege mode, as shown in the following example. To display the routing table, use the show ip route command in EXEC Privilege mode. Dell#show int fortyGigE 2/12 fortyGigE 2/12 is up, line protocol is up Hardware is DellEth, address is 74:86:7a:ff:6f:48...
Page 512: Vlan Interfaces
Dell(conf)#interface peGigE ? PE-ID/UNIT/PORT PE Gigabit Ethernet interface number Dell(conf)#interface peGigE 2/0/1 For more information on how to configure and use port extenders with C9000 Series switches, see Port Extenders (PEs) Port Extender (PE) Stacking. For information about how to install a PE and set up a PE stack, see the C1048P Getting Started Guide and C1048P Installation Guide.
Page 513: Loopback Interfaces
tagged TenGigabitEthernet 2/2-13 tagged TenGigabitEthernet 5/0 ip ospf authentication-key force10 ip ospf cost 1 ip ospf dead-interval 60 ip ospf hello-interval 15 no shutdown Loopback Interfaces A Loopback interface is a virtual interface in which the software emulates an interface. Packets routed to it are processed locally.
Page 514: Port Channel Interfaces
A LAG is “a group of links that appear to a MAC client as if they were a single link” according to IEEE 802.3ad. In the Dell Networking OS, a LAG is referred to as a port channel interface. A port channel provides redundancy by aggregating physical interfaces into one logical interface. If one physical interface goes down in the port channel, another physical interface carries the traffic.
Page 515: 10/40 Gbps Interfaces In Port Channels
Member ports of a LAG are added and programmed into the hardware in a predictable order based on the port ID, instead of in the order in which the ports come up. With this implementation, load balancing yields predictable results across line card resets and chassis reloads. A physical interface can belong to only one port channel at a time.
Page 516: Creating A Port Channel
Creating a Port Channel You can create up to 128 port channels with 16 port members per group on the switch. To configure a port channel, use the following commands. Create a port channel. CONFIGURATION mode interface port-channel id-number Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown After you enable the port channel, you can place it in Layer 2 or Layer 3 mode.
Page 517 Examples of the show interfaces port-channel Commands To view the port channel’s status and channel members in a tabular format, use the show interfaces port-channel brief command in EXEC Privilege mode, as shown in the following example. Dell#show int port brief LAG Mode Status Uptime Ports...
Page 518: Reassigning An Interface To A New Port Channel
TengigabitEthernet 1/6 Dell(conf-if-portch)#int te 1/6 Dell(conf-if)#ip address 10.56.4.4 /24 % Error: Port is part of a LAG Te 1/6. Dell(conf-if)# Reassigning an Interface to a New Port Channel An interface can be a member of only one port channel. If the interface is a member of a port channel, remove it from the first port channel and then add it to the second port channel.
Page 519: Configuring The Minimum Oper Up Links In A Port Channel
The following example shows moving the TengigabitEthernet 1/8 interface from port channel 4 to port channel 3. Dell(conf-if-portch)#show config interface Port-channel 4 no ip address channel-member TengigabitEthernet 1/8 no shutdown Dell(conf-if-portch)#no chann te 1/8 Dell(conf-if-portch)#int port 5 Dell(conf-if-portch)#channel te 1/8 Dell(conf-if-portch)#show conf interface Port-channel 5 no ip address channel-member TengigabitEthernet 1/8...
Page 520: Adding Or Removing A Port Channel From A Vlan
Adding or Removing a Port Channel from a VLAN As with other interfaces, you can add Layer 2 port channel interfaces to VLANs. To add a port channel to a VLAN, place the port channel in Layer 2 mode (by using the switchport command). To add or remove a VLAN port channel and to view VLAN port channel members, use the following commands.
Page 521: Deleting Or Disabling A Port Channel
• secondary: the IP address is the interface’s backup IP address. You can configure up to eight secondary IP addresses. Deleting or Disabling a Port Channel To delete or disable a port channel, use the following commands. • Delete a port channel. CONFIGURATION mode no interface portchannel channel-number •...
Page 522: Bulk Configuration
For more information about algorithm choices, refer to the command details in the IP Routing chapter of the Dell Networking OS Command Reference Guide. • Change to another algorithm. CONFIGURATION mode hash-algorithm ecmp {crc-upper} | {dest-ip} | {lsb} Example of the hash-algorithm Command...
Page 523: Bulk Configuration Examples
Exclude Duplicate Entries The following is an example showing how duplicate entries are omitted from the interface-range prompt. Dell(conf)#interface range vlan 1 , vlan 1 , vlan 3 , vlan 3 Dell(conf-if-range-vl-1,vl-3)# Dell(conf)#interface range tengigabitethernet 2/0 - 23 , tengigabitethernet 2/0 -...
Page 524: Defining Interface Range Macros
The following is an example showing how the interface-range prompt extends a port range from the smallest start port number to the largest end port number when port ranges overlap. Dell(conf)#inte ra te 2/1 - 11 , te 2/1 - 23 Dell(conf-if-range-te-2/1-23)# Commas The following is an example of how to use commas to add different interface types to the range.
Page 525: Define The Interface Range
The following example shows how to define an interface-range macro named “test” to select 10– GigabitEthernet interfaces 5/1 through 5/4. Dell(config)# define interface-range test tengigabitethernet 5/1 - 4 Choosing an Interface-Range Macro To use an interface-range macro, use the following command.
Page 526: Maintenance Using Tdr
Dell# Maintenance Using TDR The time domain reflectometer (TDR) is supported on all Dell Networking switch/routers. TDR is an assistance tool to resolve link issues that helps detect obvious open or short conditions within any of the four copper pairs. TDR sends a signal onto the physical cable and examines the reflection of the signal that returns.
Page 527: Displaying Traffic Statistics On Higig Ports
NOTE: TDR is an intrusive test. Do not run TDR on a link that is up and passing traffic. To test and display TDR results, use the following commands. To test for cable faults on the TenGigabitEthernet EXEC Privilege mode tdr-cable-test tengigabitethernet slot/port Between two ports, do not start the test on both ends of the cable.
Page 528: Link Bundle Monitoring
To view the links that are being monitored, use the show link-bundle-distribution command. Dell(conf-if-po-111)#do show link-bundle-distribution Link-bundle trigger threshold - 22 LAG bundle - 111 Utilization[In Percent] - 25 Alarm State - Active...
Page 529: Monitoring Higig Link Bundles
Monitoring HiGig Link Bundles You can monitor the HiGig link bundles that transmit data between internal backplane ports on line-card (leaf) and switch fabric module (SFM - spine) network processing units (NPUs) and generate a system log message or SNMP trap when traffic distribution in a link bundle is uneven. Each NPU is a Trident chip. On the switch, backplane port channels operate as HiGig link bundles to transmit data traffic between line- card and SFM NPUs.
Page 530: Guidelines For Monitoring Higig Link-Bundles
Guidelines for Monitoring HiGig Link-Bundles When configuring HiGig link-bundle monitoring on the backplane, follow these guidelines: • By default, the capability to monitor the traffic distribution in a HiGig link bundle on a line-card or SFM NPU is disabled. • Each line-card NPU uses two HiGig link bundle for its backplane links to connect each SFM (spine) NPU.
Page 531: Enabling Higig Link-Bundle Monitoring
Dell#show hg-link-bundle-distribution {sfm npu-id hg-port—channel hg-port— channel-id | slot slot npuUnit npu-id hg-port—channel 0} Non Dell-Qualified Transceivers The system supports Dell-qualified transceivers and only some of the non Dell-qualified transceivers. The system supports the following cables and adapters: • DAC cables •...
Page 532: Splitting Qsfp Ports To Sfp+ Ports
If you use any of the cables or adapters in the preceding list that is not Dell-qualified, the Dell Networking OS detects it and makes it operational. The system displays a syslog message similar to the following: Apr 29 05:09:16: %S4048-ON:1 %IFAGT-5-UNSUP_OPTICS: Non-qualified optics in slot 1...
Page 533: Converting A Qsfp Or Qsfp+ Port To An Sfp Or Sfp+ Port
Similarly, you can enable the fan-out mode to configure the QSFP port on a device to act as an SFP or SFP+ port. As the QSA enables a QSFP or QSFP+ port to be used as an SFP or SFP+ port, Dell Networking OS does not immediately detect the QSA after you insert it into a QSFP port cage.
Page 534: Configuring Wavelength For 10-Gigabit Sfp+ Optics
When you remove the QSA module alone from a 40 Gigabit port, without connecting any SFP or SFP+ cables; Dell Networking OS does not generate any event. However, when you remove a QSA module that has SFP or SFP+ optical cables plugged in, Dell Networking OS generates a SFP or SFP+ Removed event.
Page 535: Link Dampening
wavelength 1529.0 The wavelength range is from 1528.3 nm to 1568.77nm. • Verify configuration changes. INTERFACE mode show config Link Dampening Interface state changes occur when interfaces are administratively brought up or down or if an interface state changes. Every time an interface changes a state or flaps, routing protocols are notified of the status of the routes that are affected by the change in state.
Page 536 To clear dampening counters and accumulated penalties, use the following command. • Clear dampening counters. clear dampening Example of the clear dampening Command Dell# clear dampening interface Te 0/1 Dell# show interfaces dampening TengigabitEthernet0/0 Interface State Flaps Penalty Half-Life Reuse...
Page 537: Using Ethernet Pause Frames For Flow Control
Port Pipes A port pipe is a Dell Networking-specific term for the hardware packet-processing elements that handle network traffic to and from a set of front-end I/O ports. The physical, front-end I/O ports are referred to as a port set. The system has 10 switch cards and each card has only one port pipe and 48 ports in each.
Page 538: Threshold Settings
If a port is over-subscribed, Ethernet Pause Frame flow control does not ensure no-loss behavior. Restriction: Ethernet Pause Frame flow control is not supported if PFC is enabled on an interface. Control how the system responds to and generates 802.3x pause frames on Ethernet interfaces. The default is rx off tx off.
Page 539: Enabling Pause Frames
1400-byte IP MTU + 22-byte VLAN Tag = 1422-byte link MTU The MTU range is from 594 to 12000, with a default of 1554 IP MTU automatically configures. The following table lists the various Layer 2 overheads in the Dell Networking OS and the number of bytes. Interfaces...
Page 540: Auto-Negotiation On Ethernet Interfaces
NOTE: As a best practice, Dell Networking recommends keeping auto-negotiation enabled. Only disable auto-negotiation on switch ports that attach to devices not capable of supporting negotiation or where connectivity issues arise from interoperability issues.
Page 541: Set Auto-Negotiation Options
Dell(conf-if-te-0/1)# For details about the speed, duplex, and negotiation auto commands, refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide. View Advanced Interface Information The following options have been implemented for the show [ip | running-config] interfaces commands for (only) linecard interfaces.
Page 542: Configuring The Interface Sampling Size
In EXEC mode, the show interfaces switchport command displays only interfaces in Layer 2 mode and their relevant configuration information. The show interfaces switchport command displays the interface, whether it supports IEEE 802.1Q tagging or not, and the VLANs to which the interface belongs. Dell#show interfaces switchport Name: TengigabitEthernet 4/0 802.1QTagged: True...
Page 543: Dynamic Counters
Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 1d23h40m Dell(conf)#interface tengigabitethernet 10/0 Dell(conf-if-te-10/0)#rate-interval 100 Dell#show interfaces TenGigabitEthernet 10/0 is down, line protocol is down Hardware is Force10Eth, address is 00:01:e8:01:9e:d9...
Page 544: Clearing Interface Counters
Example of the clear counters Command When you enter this command, confirm that you want to clear the interface counters for the specified interface. Dell#clear counters te 0/0 Clear counters on TengigabitEthernet 0/0 [confirm] Dell# Interfaces...
Page 545: Internet Protocol Security (Ipsec)
Internet Protocol Security (IPSec) Internet protocol security (IPSec) is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all packets in a communication session. Use IPSec between hosts, between gateways, or between hosts and gateways. IPSec is compatible with Telnet and FTP protocols. It supports two operational modes: Transport and Tunnel. •...
Page 546: Configuring Ipsec
Configuring IPSec The following sample configuration shows how to configure FTP and telnet for IPSec. Define the transform set. CONFIGURATION mode crypto ipsec transform-set myXform-seta esp-authentication md5 esp-encryption Define the crypto policy. CONFIGURATION mode crypto ipsec policy myCryptoPolicy 10 ipsec-manual transform-set myXform-set session-key inbound esp 256 auth ...
Page 547: Ipv4 Routing
• ICMP IP Addresses The Dell Networking OS supports IP version 4 (as described in RFC 791), classful routing, and variable length subnet masks (VLSM). With VLSM, you can configure one network with different masks. Supernetting, which increases the number of subnets, is also supported.
Page 548: Implementation Information
• Configure Static Routes for the Management Interface (optional) For a complete listing of all commands related to IP addressing, refer to the Dell Networking OS Command Line Reference Guide. Assigning IP Addresses to an Interface Assign primary and secondary IP addresses to physical or logical (for example, [virtual local area network [VLAN] or port channel) interfaces to enable IP communication between the system and hosts connected to that interface.
Page 549: Configuring Static Routes
Example the show config Command To view the configuration, use the show config command in INTERFACE mode or use the show ip interface command in EXEC privilege mode, as shown in the second example. Dell(conf-if)#show conf interface TengigabitEthernet 0/0 ip address 10.11.1.1/24...
Page 550 • tag tag-value: the range is from 1 to 4294967295. (optional) Example of the show ip route static Command To view the configured routes, use the show ip route static command. Dell#show ip route static Destination Gateway Dist/Metric Last Change...
Page 551: Configure Static Routes For The Management Interface
{forwarding-router-address | ManagementEthernet slot/port} Example of the show ip management-route Command To view the configured static routes for the management port, use the show ip management-route command in EXEC privilege mode. Dell#show ip management-route Destination Gateway State Route Source...
Page 552: Enabling Dynamic Resolution Of Host Names
The order you entered the servers determines the order of their use. Example of the show hosts Command To view current bindings, use the show hosts command. Dell>show host Default domain is force10networks.com Name/address lookup uses domain service Name servers are not set...
Page 553: Configuring Dns With Traceroute
To keep the default setting for these parameters, press the ENTER key. Example of the traceroute Command The following text is example output of DNS using the traceroute command. Dell#traceroute www.force10networks.com Translating "www.force10networks.com"...domain server (10.11.0.1) [OK] Type Ctrl-C to abort.
Page 554: Arp
For more information about Proxy ARP, refer to RFC 925, Multi-LAN Address Resolution, and RFC 1027, Using ARP to Implement Transparent Subnet Gateways. Configuration Tasks for ARP For a complete listing of all ARP-related commands, refer to the Dell Networking OS Command Line Reference Guide. Configuration tasks for ARP include: •...
Page 555: Configuring Arp Inspection Trust
These entries do not age and can only be removed manually. To remove a static ARP entry, use the no arp ip-address command. To view the static entries in the ARP cache, use the show arp static command in EXEC privilege mode. Dell#show arp Protocol Address...
Page 556: Configuring Arp Timeout
Dell(conf)#int peGigE 0/0/0 Dell(conf-if-pegi-0/0/0)# arp-inpsection-trust Configuring ARP Timeout Use the arp backoff-timer command for setting the exponential timer for resending unresolved ARPs. • Set the exponential timer for resending unresolved ARPs. CONFIGURATION Mode arp backoff-time seconds / minutes Enter the number of seconds an ARP entry is black-holed. The range is from 1 to 3600. The default is 30 minutes.
Page 557: Arp Learning Via Gratuitous Arp
• no-refresh (OPTIONAL): enter the keywords no-refresh to delete the ARP entry from CAM. Or to specify which dynamic ARP entries you want to delete, use this option with interface or ip ip-address. • For a port channel interface, enter the keywords port-channel then a number. •...
Page 558: Arp Learning Via Arp Request
ARP Learning via ARP Request The system learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface. This is the case when a host is attempting to resolve the gateway address. If the target IP does not match the incoming interface, the packet is dropped.
Page 559: Configuring Arp Retries
Configuring ARP Retries The number of ARP retries is user-configurable. The default backoff interval remains at 20 seconds. To set and display ARP retries, use the following commands. • Set the number of ARP retries. CONFIGURATION mode arp retries number The default is 5.
Page 560: Enabling Icmp Unreachable Messages
For a complete listing of all commands related to ICMP, refer to the Dell Networking OS Command Line Reference Guide. Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are disabled. When enabled, ICMP unreachable messages are created and sent out all interfaces.
Page 561: Ipv6 Routing
IP addresses, IPv4 is reaching its maximum usage. IPv6 will eventually replace IPv4 usage to allow for the constant expansion. This chapter provides a brief description of the differences between IPv4 and IPv6, and the Dell Networking support of IPv6. This chapter is not intended to be a comprehensive description of IPv6.
Page 562: Extended Address Space
Extended Address Space The address format is extended from 32 bits to 128 bits. This not only provides room for all anticipated needs, it allows for the use of a hierarchical address space structure to optimize global addressing. Stateless Autoconfiguration When a booting device comes up in IPv6 and asks for its network prefix, the device can get the prefix (or prefixes) from an IPv6 router on its link.
Page 563: Ipv6 Headers
IPv6 Headers The IPv6 header has a fixed length of 40 bytes. This fixed length provides 16 bytes each for source and destination information and 8 bytes for general header information. The IPv6 header includes the following fields: • Version (4 bits) •...
Page 564 classes and priorities. Routers understand the priority settings and handle them appropriately during conditions of congestion. Flow Label (20 bits) The Flow Label field identifies packets requiring special treatment in order to manage real-time data traffic. The sending router can label sequences of IPv6 packets so that forwarding routers can process packets within the same flow without needing to reprocess each packet’s header separately.
Page 565: Extension Header Fields
Hop Limit (8 bits) The Hop Limit field shows the number of hops remaining for packet processing. In IPv4, this is known as the Time to Live (TTL) field and uses seconds rather than hops. Each time the packet moves through a forwarding router, this field decrements by 1. If a router receives a packet with a Hop Limit of 1, it decrements it to 0 (zero).
Page 566: Ipv6 Addressing
This field identifies the length of the Hop-by-Hop Options header in 8-byte units, but does not include the first 8 bytes. Consequently, if the header is less than 8 bytes, the value is 0 (zero). • Options (size varies) This field can contain one or more options. The first byte if the field identifies the Option type, and directs the router how to handle the option.
Page 567: Ipv6 Implementation On The Dell Networking Os
IPv6 Implementation on the Dell Networking OS The Dell Networking OS supports both IPv4 and IPv6 and both versions may be used simultaneously in your system. The following table lists the Dell Networking OS version in which an IPv6 feature became available for each platform.
Page 568 OSPF, IS-IS, and IPv6 BGP chapters in the Dell Networking OS Command Line Reference Guide. Multiprotocol BGP extensions for 8.3.11 IPv6 BGP in the Dell Networking OS IPv6 Command Line Reference Guide. IPv6 BGP MD5 Authentication 8.3.11 IPv6 BGP in the Dell Networking OS Command Line Reference Guide.
Page 569: Configuring The Lpm Table For Ipv6 Extended Prefixes
Secure Shell (SSH) Over an IPv6 Transport over IPv6 (inbound SSH) Layer 3 only IPv6 Access Control Lists 8.3.11 IPv6 Access Control Lists in the Dell Networking OS Command Line Reference Guide. IPv6 Multicast IPv6 PIM in the Dell Networking OS MLDv1/v2 Command Line Reference Guide.
Page 570: Icmpv6
ICMPv6 ICMP for IPv6 (ICMPv6) combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting. The implementation of ICMPv6 is based on RFC 4443. ICMPv6 uses two message types: •...
Page 571: Ipv6 Neighbor Discovery
IPv6 device to determine the relationship of the neighboring node. NOTE: To avoid problems with network discovery, Dell Networking recommends configuring the static route last or assigning an IPv6 address to the interface and assigning an address to the peer (the forwarding router’s address) less than 10 seconds apart.
Page 572: Ipv6 Neighbor Discovery Of Mtu Packets
a multicast address with the unicast address used as the last 24 bits. Other hosts on the link do not participate in the process, greatly increasing network bandwidth efficiency. Figure 56. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface.
Page 573 Dell(conf-if-te-0/1)#do debug ipv6 nd tengigabitethernet 0/1 ICMPv6 Neighbor Discovery packet debugging is on for tengigabitethernet 0/1 Dell(conf-if-te-0/1)#00:13:02 : : cp-ICMPV6-ND: Sending RA on Te 0/1 current hop limit=64, flags: M-, O-, router lifetime=1800 sec, reachable time=0 ms, retransmit time=0 ms...
Page 574: Secure Shell (Ssh) Over An Ipv6 Transport
Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide. IPv6 Routing...
Page 575: Configuration Tasks For Ipv6
Clearing IPv6 Routes Adjusting Your CAM Profile Although adjusting your CAM profile is not a mandatory step, if you plan to implement IPv6 ACLs, Dell Networking recommends that you adjust your CAM settings. The CAM space is allotted in FP blocks. The total space allocated must equal 13 FP blocks. There are 16 FP blocks, but the System Flow requires three blocks that cannot be reallocated.
Page 576: Assigning An Ipv6 Address To An Interface
• Provides information on FP groups allocated for the egress acl. CONFIGURATION mode show cam-acl-egress Allocate at least one group for L2ACL and IPv4 ACL. The total number of groups is 4. Assigning an IPv6 Address to an Interface Essentially, IPv6 is enabled on a switch simply by assigning IPv6 addresses to individual router interfaces. You can use IPv6 and IPv4 together on a system, but be sure to differentiate that usage carefully.
Page 577: Configuring Telnet With Ipv6
SNMP notifications from a device running a Dell Networking OS that supports IPv6. The SNMP-server commands for IPv6 have been extended to support IPv6. For more information regarding SNMP commands, refer to the SNMP and SYSLOG chapters in the Dell Networking OS Command Line Reference Guide.
Page 578: Displaying Ipv6 Information
For a port-channel interface, enter the keywords port-channel then the port-channel number. • For a VLAN interface, enter the keyword vlan then the VLAN ID. Example of the show ipv6 interface Command Dell#show ipv6 int man 1/0 ManagementEthernet 1/0 is up, line protocol is up IPv6 Routing...
Page 579: Displaying Ipv6 Routes
To display information about static IPv6 routes, enter static. • To display information about an IPv6 Prefix lists, enter list and the prefix-list name. Examples of the show ipv6 route command output are shown here. Dell#show ipv6 route summary IPv6 Routing...
Page 580: Displaying The Running Configuration For An Interface
For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Example of the show running-config interface Command Dell#show run int te 2/2 interface TenGigabitEthernet 2/2 no ip address ipv6 address 3:4:5:6::8/24 IPv6 Routing...
Page 581: Clearing Ipv6 Routes
Dell# Clearing IPv6 Routes To clear routes from the IPv6 routing table, use the following command. • Clear (refresh) all or a specific route from the IPv6 routing table. EXEC mode clear ipv6 route {* | ipv6 address prefix-length} •...
Page 582: Intermediate System To Intermediate System
Intermediate System to Intermediate System The intermediate system to intermediate system (IS-IS) protocol that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. The IS-IS protocol standards are listed in the Standards Compliance chapter. Topics: •...
Page 583: Is-Is Addressing
This brief overview is not intended to provide a complete understanding of IS-IS; for that, consult the documents listed in Multi-Topology IS-IS. IS-IS Addressing IS-IS PDUs require ISO-style addressing called network entity title (NET). For those familiar with name-to-network service mapping point (NSAP) addresses, the composition of the NET is identical to an NSAP address, except the last byte is always 0.
Page 584: Transition Mode
You must implement a wide metric-style globally on the autonomous system (AS) to run multi-topology IS-IS for IPv6 because the Type, Length, Value (TLVs) used to advertise IPv6 information in link-state packets (LSPs) are defined to use only extended metrics. The multi-topology ID is shown in the first octet of the IS-IS packet.
Page 585: Graceful Restart
Graceful Restart Graceful restart is a protocol-based mechanism that preserves the forwarding table of the restarting router and its neighbors for a specified period to minimize the loss of packets. A graceful-restart router does not immediately assume that a neighbor is permanently down and so does not trigger a topology change. Normally, when an IS-IS router is restarted, temporary disruption of routing occurs due to events in both the restarting router and the neighbors of the restarting router.
Page 586: Configuration Information
By assigning a name to an IS-IS NET address, you can track IS-IS information on that address easier. The system does not support ISO CLNS routing; however, the ISO NET format is supported for addressing. To support IPv6, the Dell Networking implementation of IS-IS performs the following tasks: • Advertises IPv6 information in the PDUs.
Page 587: Configuration Tasks For Is-Is
NOTE: When using the IS-IS routing protocol to exchange IPv6 routing information and to determine destination reachability, you can route IPv6 along with IPv4 while using a single intra-domain routing protocol. The configuration commands allow you to enable and disable IPv6 routing and to configure or remove IPv6 prefixes on links.
Page 588 Specify the area address and system ID for an IS-IS routing process. The last byte must be 00. For more information about configuring a NET, see IS-IS Addressing. Enter the interface configuration mode. CONFIGURATION mode interface interface Enter the keyword interface then the type of interface and slot/port information: •...
Page 589 ROUTER ISIS mode. To view the IS-IS configuration, enter the show isis protocol command in EXEC Privilege mode or the show config command in ROUTER ISIS mode. Dell#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001...
Page 590 Configuring Multi-Topology IS-IS (MT IS-IS) To configure multi-topology IS-IS (MT IS-IS), use the following commands. Enable multi-topology IS-IS for IPv6. ROUTER ISIS AF IPV6 mode multi-topology [transition] Enter the keyword transition to allow an IS-IS IPv6 user to continue to use single-topology mode while upgrading to multi-topology mode.
Page 591 The range is from 1 to 120 minutes. The default is 5 minutes. • Enable the graceful restart maximum wait time before a restarting peer comes up. ROUTER-ISIS mode graceful-restart restart-wait seconds When implementing this command, be sure to set the t3 timer to adjacency on the restarting router. The range is from 1 to 120 minutes.
Page 592 To view all graceful restart-related configurations, use the show isis graceful-restart detail command in EXEC Privilege mode. Dell#show isis graceful-restart detail Configured Timer Value ====================== Graceful Restart : Enabled Interval/Blackout time : 1 min T3 Timer : Manual T3 Timeout Value...
Page 593 Example of Viewing IS-IS Configuration (ROUTER ISIS Mode) To view the configuration, use the show config command in ROUTER ISIS mode or the show running- config isis command in EXEC Privilege mode. Dell#show running-config isis router isis lsp-refresh-interval 902 net 47.0005.0001.000C.000A.4321.00 net 51.0005.0001.000C.000A.4321.00...
Page 594 Configuring the IS-IS Metric Style All IS-IS links or interfaces are associated with a cost that is used in the shortest path first (SPF) calculations. The possible cost varies depending on the metric style supported. If you configure narrow, transition, or narrow transition metric style, the cost can be a number between 0 and 63.
Page 595 Example of Viewing IS-IS Metric Types Dell#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223.2425.2627.2829.3031.3233 47.0004.004d.0001 Interfaces supported by IS-IS: Vlan 2 GigabitEthernet 4/22 Loopback 0 Redistributing: Distance: 115...
Page 596: Configuring The Distance Of A Route
The default is Level 1-2 router. When the IS-type is Level 1-2, the software maintains two Link State databases, one for each level. To view the Link State databases, use the show isis database command. Dell#show isis database IS-IS Level-1 Link State Database...
Page 597 1113 0/0/0 Force10.00-00 0x00000004 0xCDA9 1107 0/0/0 Dell# Controlling Routing Updates To control the source of IS-IS route information, use the following command. • Disable a specific interface from sending or receiving IS-IS routing information. ROUTER ISIS mode passive-interface interface •...
Page 598 • For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. • For the Loopback interface on the RPM, enter the keyword loopback then a number from 0 to 16383. • For a port channel, enter the keywords port-channel then a number. •...
Page 599: Redistributing Ipv4 Routes
ROUTER ISIS-AF IPV6 mode distribute-list prefix-list-name out [bgp as-number | connected | ospf process- id | rip | static] You can configure one of the optional parameters: • connected: for directly connected routes. • ospf process-id: for OSPF routes only. •...
Page 600: Redistributing Ipv6 Routes
• process-id the range is from 1 to 65535. • level-1, level-1-2, or level-2: assign all redistributed routes to a level. The default is level-2. • metric value the range is from 0 to 16777215. The default is 0. • match external the range is from 1 or 2.
Page 601: Configuring Authentication Passwords
ROUTER ISIS mode domain-password [encryption-type | hmac-md5] password Dell supports both DES and HMAC-MD5 authentication methods. This password is inserted in Level 2 LSPs, Complete SNPs, and Partial SNPs. To view the passwords, use the show config command in ROUTER ISIS mode or the show running- config isis command in EXEC Privilege mode.
Page 602: Debugging Is-Is
When the bit is set, a 1 is placed in the OL column in the show isis database command output. The overload bit is set in both the Level-1 and Level-2 database because the IS type for the router is Level-1-2. Dell#show isis database IS-IS Level-1 Link State Database...
Page 603: Is-Is Metric Styles
The following sections provide additional information about the IS-IS metric styles. • Configuring the IS-IS Metric Style • Configure Metric Values Dell supports the following IS-IS metric styles: • narrow (supports only type, length, and value [TLV] up to 63) • wide (supports TLV up to 16777215) •...
Page 604: Maximum Values In The Routing Table
Metric Style Correct Value Range for the isis metric Command wide 0 to 16777215 narrow 0 to 63 wide transition 0 to 16777215 narrow transition 0 to 63 transition 0 to 63 Maximum Values in the Routing Table IS-IS metric styles support different cost ranges for the route. The cost range for the narrow metric style is 0 to 1023, while all other metric styles support a range of 0 to 0xFE000000.
Page 605 Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value narrow wide original value narrow transition original value narrow narrow transition original value narrow wide transition original value transition wide original value transition narrow original value transition narrow original value transition wide transition original value...
Page 606: Leaks From One Level To Another
Beginning Metric Next Metric Style Resulting Metric Next Metric Style Final Metric Value Style Value wide transition truncated value narrow default value (10). A message is sent to the logging buffer wide transition transition truncated value narrow transition default value (10). A message is sent to the logging buffer Leaks from One Level to Another...
Page 607: Sample Configurations
Dell#clear isis * % ISIS not enabled. Dell#clear isis 9999 * You can configure IPv6 IS-IS routes in one of the following three different methods: • Congruent Topology — You must configure both IPv4 and IPv6 addresses on the interface. Enable the ip router isis and ipv6 router isis commands on the interface.
Page 608 IS-IS Sample Configuration — Congruent Topology IS-IS Sample Configuration — Multi-topology IS-IS Sample Configuration — Multi-topology Transition The following is a sample configuration for enabling IPv6 IS-IS. Dell(conf-if-te-3/17)#show config interface TenGigabitEthernet 3/17 ip address 24.3.1.1/24 ipv6 address 24:3::1/76 ip router isis...
Page 609 Dell(conf-router_isis)#show config router isis net 34.0000.0000.AAAA.00 address-family ipv6 unicast multi-topology exit-address-family Dell (conf-router_isis)# Dell(conf-if-te-3/17)#show config interface TenGigabitEthernet 3/17 ipv6 address 24:3::1/76 ipv6 router isis no shutdown Dell(conf-if-te-3/17)# Dell(conf-router_isis)#show config router isis net 34.0000.0000.AAAA.00 address-family ipv6 unicast multi-topology transition exit-address-family Dell(conf-router_isis)#...
Page 610: Iscsi Optimization
TCP/IP-based protocol for establishing and managing connections between IP-based storage devices and initiators in a storage area network (SAN). iSCSI optimization enables the network switch to auto-detect Dell’s iSCSI storage arrays and triggers a self- configuration of several key network configurations that enables optimization of the network for better storage traffic throughput.
Page 611 Ethernet network using the data center bridging exchange protocol (DCBx) through stacked and/or non- stacked Ethernet switches. iSCSI session monitoring over virtual link trunking (VLT) synchronizes the iSCSI session information between the VLT peers, allowing session information to be available in both the VLT peers. You can enable or disable iSCSI when you configure VLT.
Page 612 ensure that iSCSI traffic in these sessions receives priority treatment when forwarded on stacked switch hardware. Figure 59. iSCSI Optimization Example iSCSI Optimization...
Page 613: Default Iscsi Optimization Values
Default iSCSI Optimization Values The following table lists the default values for the iSCSI optimization feature. Table 44. iSCSI Optimization Defaults Parameter Default Value iSCSI Optimization global setting iSCSI CoS mode (802.1p priority queue mapping) iSCSI CoS Packet classification When you enable iSCSI, iSCSI packets are queued based on dot1p, instead of DSCP values.
Page 614 cam-acl l2acl 3 ipv4acl 4 ipv6acl 0 ipv4qos 2 l2qos 1 l2pt 0 ipmacacl 0 vman- qos 0 ecfmacl 0 iscsioptacl 2 NOTE: Content addressable memory (CAM) allocation is optional. If CAM is not allocated, the following features are disabled: •...
Page 615 (Optional) Set the QoS policy that is applied to the iSCSI flows. CONFIGURATION mode [no] iscsi cos {enable | disable | dot1p vlan-priority-value [remark] | dscp dscp-value [remark]} • enable: enables the application of preferential QoS treatment to iSCSI traffic so that iSCSI packets are scheduled in the switch with a dot1p priority 4 regardless of the VLAN priority tag in the packet.
Page 616: Displaying Iscsi Optimization Information
ID. show iscsi sessions detailed [session isid] • Display all globally configured non-default iSCSI settings in the current Dell Networking OS session. show run iscsi NOTE: The switch learns only the active iSCSI sessions which it observes; sessions flowing through an adjacent switch are not learned.
Page 617: Enable And Disable Iscsi Optimization
VLT PEER2 Session 0: ----------------------------------------------------------------------------- Target: iqn.2001-05.com.equallogic:0-8a0906-0f60c2002-0360018428d48c94-iom011 iqn.1991-05.com.microsoft:win-x9l8v27yajg ISID: 400001370000 The following example shows the show iscsi session detailed command. VLT PEER1 Dell# show iscsi session detailed Session 0: -------------------------------------------------------- Target:iqn.2010-11.com.ixia:ixload:iscsi-TG1 Initiator:iqn.2010-11.com.ixia.ixload:initiator-iscsi-2c Up Time:00:00:01:28(DD:HH:MM:SS) Time for aging out:00:00:09:34(DD:HH:MM:SS) ISID:806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCPPort ID 10.10.0.44 33345 10.10.0.101 3260 0...
Page 618: Synchronizing Iscsi Sessions Learned On Vlt-Lags With Vlt-Peer
The following message displays when you enable iSCSI on a switch and describes the configuration changes that are automatically performed: %SYSTEM:CP %IFMGR-5-IFM_ISCSI_ENABLE: iSCSI has been enabled causing flow control to be enabled on all interfaces. EQL detection and enabling iscsi profile- compellent on an interface may cause some automatic configurations to occur like jumbo frames on all ports and no storm control and spanning tree port- fast on the port of detection.
Page 619: Information Monitored In Iscsi Traffic Flows
If this number is exceeded, sessions are not detected by the switch; but it does not affect forwarding. Dell Networking recommends that you disable iSCSI session monitoring for EqualLogic and Compellent storage arrays or for installations with more than 256 simultaneous iSCSI sessions.
Page 620: Detection And Auto-Configuration For Dell Equallogic Arrays
Dell EqualLogic storage arrays and automatically reconfigure the switch to enhance storage traffic flows. The switch uses the link layer discovery protocol (LLDP) to discover Dell EqualLogic devices on the network. LLDP is enabled by default. For more information about LLDP, refer to Link Layer Discovery Protocol (LLDP).
Page 621: Application Of Quality Of Service To Iscsi Traffic Flows
4, use the CoS dot1p-priority command (refer to QoS dot1p Traffic Classification and Queue Assignment). Dell Networking recommends setting the CoS dot1p priority-queue to 0 (zero). You can configure whether iSCSI frames are re-marked to contain the configured VLAN priority tag or IP DSCP when forwarded through the switch.
Page 622: Link Aggregation Control Protocol (Lacp)
Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by the Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and LACP The Dell Networking OS uses LACP to create dynamic LAGs.
Page 623: Lacp Modes
• If a physical interface is a part of a dynamic LAG, it cannot be added as a member of a static LAG. The channel-member tengigabitethernet x/y command is rejected in the static LAG interface for that physical interface. • A dynamic LAG can be created with any type of configuration.
Page 624: Lacp Configuration Tasks
INTERFACE mode [no] port-channel-protocol lacp The default is LACP disabled. This command creates context. • Configure LACP mode. LACP mode [no] port-channel number mode [active | passive | off] • number: cannot statically contain any links. The default is LACP active. •...
Page 625: Configuring The Lag Interfaces As Dynamic
Configure the dynamic LAG interfaces. CONFIGURATION mode port-channel-protocol lacp Example of the port-channel-protocol lacp Command Dell(conf)#interface Tengigabitethernet 3/15 Dell(conf-if-te-3/15)#no shutdown Dell(conf-if-te-3/15)#port-channel-protocol lacp Dell(conf-if-te-3/15-lacp)#port-channel 32 mode active Dell(conf)#interface Tengigabitethernet 3/16 Dell(conf-if-te-3/16)#no shutdown Dell(conf-if-te-3/16)#port-channel-protocol lacp Dell(conf-if-te-3/16-lacp)#port-channel 32 mode active Dell(conf)#interface Tengigabitethernet 4/15 Dell(conf-if-te-4/15)#no shutdown...
Page 626: Monitoring And Debugging Lacp
To configure LACP long timeout, use the following command. • Set the LACP timeout value to 30 seconds. CONFIG-INT-PO mode lacp long-timeout Example of the lacp long-timeout and show lacp Commands Dell(conf)# interface port-channel 32 Dell(conf-if-po-32)#no shutdown Dell(conf-if-po-32)#switchport Dell(conf-if-po-32)#lacp long-timeout Dell(conf-if-po-32)#end Dell# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.a12b...
Page 627: Shared Lag State Tracking
Shared LAG State Tracking Shared LAG state tracking provides the flexibility to bring down a port channel (LAG) based on the operational state of another LAG. At any time, only two LAGs can be a part of a group such that the fate (status) of one LAG depends on the other LAG.
Page 628 group number port-channel number port-channel number Examples of Configuring and Viewing LAGs In the following example, LAGs 1 and 2 have been placed into to the same failover group. R2#config R2(conf)#port-channel failover-group R2(conf-po-failover-grp)#group 1 port-channel 1 port-channel 2 To view the failover group configuration, use the show running-configuration po-failover-group command.
Page 629: Important Points About Shared Lag State Tracking
Last clearing of "show interface" counters 00:01:28 Queueing strategy: fifo NOTE: The set of console messages shown above appear only if you configure shared LAG state tracking on that router (you can configure the feature on one or both sides of a link). For example, as previously shown, if you configured shared LAG state tracking on R2 only, no messages appear on R4 regarding the state of LAGs in a failover group.
Page 630: Configure A Lag On Alpha
Alpha#show int tengig 2/31 TengigabitEthernet 2/31 is up, line protocol is up Port is part of Port-channel 10 Hardware is Dell Force10Eth, address is 00:01:e8:06:95:c0 Current address is 00:01:e8:06:95:c0 Interface Index is 109101113 Port will not be disabled on partial SFM failure...
Page 631 Output 00.00 Mbits/sec,0 packets/sec, 0.00% of line-rate Time since last interface status change: 00:02:14 Figure 63. Inspecting the LAG Configuration Link Aggregation Control Protocol (LACP)
Page 632 Figure 64. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP)
Page 633 Figure 65. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int tengig 2/31 Alpha(conf-if-te-2/31)#no ip address Alpha(conf-if-te-2/31)#no switchport Alpha(conf-if-te-2/31)#shutdown Alpha(conf-if-te-2/31)#port-channel-protocol lacp Alpha(conf-if-te-2/31-lacp)#port-channel 10 mode active Alpha(conf-if-te-2/31-lacp)#no shut Alpha(conf-if-te-2/31)#show config interface TengigabitEthernet 2/31 no ip address port-channel-protocol LACP port-channel 10 mode active...
Page 634 interface TengigabitEthernet 2/31 no ip address Summary of the LAG Configuration on Bravo Bravo(conf-if-te-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config interface Port-channel 10 no ip address switchport no shutdown Bravo(conf-if-po-10)#exit Bravo(conf)#int tengig 3/21 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-te-3/21)#port-channel-protocol lacp...
Page 635 The following figure illustrates inspecting a LAG Port on BRAVO Using the show interface Command. Figure 66. Inspecting a LAG Port on BRAVO Using the show interface Command Link Aggregation Control Protocol (LACP)
Page 636 The following figure illustrates inspecting LAG 10 Using the show interfaces port-channel Command. Figure 67. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP)
Page 637 The following figure illustrates inspecting the LAG Status Using the show lacp command. Figure 68. Inspecting the LAG Status Using the show lacp command The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode.
Page 638: Layer 2
Layer 2 This chapter describes the Layer 2 features supported on the switch. Manage the MAC Address Table You can perform the following management tasks inr the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries •...
Page 639: Configuring A Static Mac Address
• Specify an aging time. CONFIGURATION mode mac-address-table aging-time seconds The range is from 10 to 1000000. Configuring a Static MAC Address A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. •...
Page 640: Setting The Mac Learning Limit
• Recovering from Learning Limit and Station Move Violations Dell Networking OS Behavior: When configuring the MAC learning limit on a port or VLAN, the configuration is accepted (becomes part of running-config and show mac learning-limit interface) before the system verifies that sufficient CAM space exists. If the CAM check fails, a message is displayed:...
Page 641: Mac Learning-Limit Mac-Address-Sticky
mac learning-limit mac-address-sticky Using sticky MAC addresses allows you to associate a specific port with MAC addresses from trusted devices. If you enable sticky MAC, the specified port retains any dynamically-learned addresses and prevents them from being transferred or learned on other ports. Up to 1000 sticky entries are supported on a port. If you configure mac-learning-limit and you enabled sticky MAC, all dynamically-learned addresses are converted to sticky MAC addresses for the selected port.
Page 642: Learning Limit Violation Actions
show mac learning-limit Learning Limit Violation Actions Learning limit violation actions are user-configurable. To configure the system to take an action when the MAC learning limit is reached on an interface and a new address is received using one the following options with the mac learning-limit command, use the following commands.
Page 643: Recovering From Learning Limit And Station Move Violations
Recovering from Learning Limit and Station Move Violations After a learning-limit or station-move violation shuts down an interface, you must manually reset it. To reset the learning limit, use the following commands. NOTE: Alternatively, you can reset the interface by shutting it down using the shutdown command and then re-enabling it using the no shutdown command.
Page 644: Nic Teaming
ARP table, the no mac-address-table station- move refresh-arp command should not be configured on the Dell Networking switch at the time that NIC teaming is being configured on the server.
Page 645: Configure Redundant Pairs
NOTE: If you have configured the no mac-address-table station-move refresh-arp command, traffic continues to be forwarded to the failed NIC until the ARP entry on the switch times out. Figure 70. Configuring the mac-address-table station-move refresh-arp Command Configure Redundant Pairs Networks that employ switches that do not support the spanning tree protocol (STP) —...
Page 646 Apply all other configurations to each interface in the redundant pair such that their configurations are identical, so that transition to the backup interface in the event of a failure is transparent to rest of the network. Figure 71. Configuring Redundant Layer 2 Pairs without Spanning Tree You configure a redundant pair by assigning a backup interface to a primary interface with the switchport backup interface command.
Page 647: Important Points About Configuring Redundant Pairs
TengigabitEthernet 3/42 no shutdown interface TengigabitEthernet 3/42 no ip address switchport no shutdown Dell(conf-if-range-te-3/41-42)# Dell(conf-if-range-te-3/41-42)#do show ip int brief | find 3/41 TengigabitEthernet 3/41 unassigned YES Manual up TengigabitEthernet 3/42 unassigned NO Manual up down [output omitted]...
Page 648 00:24:55: %SYSTEM-P:CP %IFMGR-5-ACTIVE: Changed Vlan interface state to active: Vl 00:24:55: %SYSTEM-P:CP %IFMGR-5-STATE_STBY_ACT: Changed interface state from standby to active: Te 3/42 Dell(conf-if-te-3/41)#do show ip int brief | find 3/41 TengigabitEthernet 3/41 unassigned NO Manual administratively down down TengigabitEthernet 3/42...
Page 649: Far-End Failure Detection
Far-End Failure Detection Far-end failure detection (FEFD) is a protocol that senses remote data link errors in a network. FEFD responds by sending a unidirectional report that triggers an echoed response after a specified time interval. You can enable FEFD globally or locally on an interface basis. Disabling the global FEFD configuration does not disable the interface configuration.
Page 650: Fefd State Changes
FEFD State Changes FEFD has two operational modes: Normal and Aggressive. When a far-end failure is detected on an FEFD-enabled interface: • If the interface is in normal FEFD mode, no user intervention is required to reset the interface; it automatically resets to an FEFD operational state.
Page 651: Configuring Fefd
{interval | mode} Example of the show fefd Command To display information about the state of each interface, use the show fefd command in EXEC privilege mode. Dell#show fefd FEFD is globally 'ON', interval is 3 seconds, mode is 'Normal'. INTERFACE MODE...
Page 652: Enabling Fefd On An Interface
Te 1/2 Normal 3 Admin Shutdown Te 1/3 Normal 3 Admin Shutdown Dell#show run fefd fefd-global mode normal fefd-global interval 3 Enabling FEFD on an Interface To enable, change, or disable FEFD on an interface, use the following commands. •...
Page 653: Debugging Fefd
2w1d22h: %SYSTEM-P:CP %IFMGR-5-ASTATE_DN: Changed interface Admin state to down: Te 1/0 Dell(conf-if-te-1/0)#2w1d22h : FEFD state on Te 1/0 changed from ANY to Unknown 2w1d22h: %SYSTEM-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 1/0 2w1d22h: %SYSTEM-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 4/0...
Page 654: Link Layer Discovery Protocol (Lldp)
Link Layer Discovery Protocol (LLDP) This chapter describes how to configure and use the link layer discovery protocol (LLDP). 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
Page 655: Optional Tlvs
IEEE 802.3, and TIA-1057 Organizationally Specific TLVs. Figure 74. LLDPDU Frame Optional TLVs The Dell Networking OS) upports these optional TLVs: management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Link Layer Discovery Protocol (LLDP)
Page 656: Management Tlvs
Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs.
Page 657 Indicates whether the link is capable of being aggregated, whether it is currently in a LAG, and the port identification of the LAG. The Dell Networking OS does not currently support this TLV. Maximum Frame Size Indicates the maximum frame size capability of the MAC and PHY.
Page 658: Tia-1057 (Lldp-Med) Overview
• LLDP-MED Network Connectivity Device — any device that provides access to an IEEE 802 LAN to an LLDP-MED endpoint device and supports IEEE 802.1AB (LLDP) and TIA-1057 (LLDP-MED). The Dell Networking system is an LLDP-MED network connectivity device. Regarding connected endpoint devices, LLDP-MED provides network connectivity devices with the ability to: •...
Page 659 Inventory Management Implementation of this TLVs set of TLVs is optional in LLDP-MED devices. None or all TLVs must be supported. The Dell Networking OS does not currently support these TLVs. Inventory — Hardware Indicates the hardware Revision revision of the LLDP-MED device.
Page 660 LLDP-MED capability (as shown in the following table). • The possible values of the LLDP-MED device type are shown in the following. The Dell Networking system is a network connectivity device, which is Type 4. When you enable LLDP-MED (using the advertise med command), the system begins transmitting this TLV.
Page 661 LLDP-MED Network Policies TLV A network policy in the context of LLDP-MED is a device’s VLAN configuration and associated Layer 2 and Layer 3 configurations. LLDP-MED network policies TLV include: • VLAN ID • VLAN tagged or untagged status • Layer 2 priority •...
Page 662 • Power Type — there are two possible power types: power source entity (PSE) or power device (PD). The Dell Networking system is a PSE, which corresponds to a value of 0, based on the TIA-1057 specification. •...
Page 663: Configure Lldp
Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the maximum, the system does not configure more than 8000.
Page 664: Enabling Lldp
Example of the protocol lldp Command (CONFIGURATION Level) R1(conf)#protocol lldp R1(conf-lldp)#? advertise Advertise TLVs disable Disable LLDP protocol globally Exit from configuration mode exit Exit from LLDP configuration mode hello LLDP hello configuration mode LLDP mode configuration (default = rx and tx) multiplier LLDP multiplier configuration Negate a command or set its defaults...
Page 665: Disabling And Undoing Lldp
Disabling and Undoing LLDP To disable or undo LLDP, use the following command. • Disable LLDP globally or for an interface. disable To undo an LLDP configuration, precede the relevant command with the keyword no. Enabling LLDP on Management Ports LLDP on management ports is enabled by default.
Page 666: Advertising Tlvs
Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces. • If you configure the system globally, all interfaces send LLDPDUs with the specified TLVs. • If you configure an interface, only the interface sends LLDPDUs with the specified TLVs. •...
Page 667: Viewing The Lldp Configuration
In the following example, LLDP is enabled globally. R1 and R2 are transmitting periodic LLDPDUs that contain management, 802.1, and 802.3 TLVs. Figure 79. Configuring LLDP Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display the LLDP configuration.
Page 668: Viewing Information Advertised By Adjacent Lldp Agents
Time since last information change of this neighbor: 01:50:16 Remote MTU: 1554 Remote System Desc: Dell Force10 Networks Real Time Operating System Software . Dell Force10 Operating System Version: 1.0. Dell Force10 App lication Software Version: 7.5.1.0. Copyright (c) 19...
Page 669: Configuring Lldpdu Intervals
99-Build Time: Thu Aug 9 01:05:51 PDT 2007 Existing System Capabilities: Repeater Bridge Router Enabled System Capabilities: Repeater Bridge Router Remote Port Vlan ID: 1 Port and Protocol Vlan ID: 1, Capability: Supported, Status: Enabled --------------------------------------------------------------------------- ======================================================================== Configuring LLDPDU Intervals LLDPDUs are transmitted periodically;...
Page 670: Configuring Transmit And Receive Mode
Configuring Transmit and Receive Mode After you enable LLDP, the switch transmits and receives LLDPDUs by default. To configure the system to transmit or receive only and return to the default, use the following commands. • Transmit only. CONFIGURATION mode or INTERFACE mode mode tx •...
Page 671: Configuring A Time To Live
Configuring a Time to Live The information received from a neighbor expires after a specific amount of time (measured in seconds) called a time to live (TTL). The TTL is the product of the LLDPDU transmit interval (hello) and an integer called a multiplier. The default multiplier is 4, which results in a default TTL of 120 seconds.
Page 672: Relevant Management Objects
• View a readable version of the TLVs. debug lldp brief • View a readable version of the TLVs plus a hexadecimal version of the entire LLDPDU. debug lldp detail Figure 80. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects The system supports all IEEE 802.1AB MIB objects.
Page 673 Table 52. LLDP Configuration MIB Objects MIB Object LLDP Variable LLDP MIB Object Description Category LLDP adminStatus lldpPortConfigAdminStatus Whether you enable the local Configuration LLDP agent for transmit, receive, or both. msgTxHold lldpMessageTxHoldMultiplier Multiplier value. msgTxInterval lldpMessageTxInterval Transmit Interval value. rxInfoTTL lldpRxInfoTTL Time to live for received...
Page 674 Table 53. LLDP System MIB Objects TLV Type TLV Name TLV Variable System LLDP MIB Object Chassis ID chassis ID subtype Local lldpLocChassisIdSubt Remote lldpRemChassisIdSub type chassid ID Local lldpLocChassisId Remote lldpRemChassisId Port ID port subtype Local lldpLocPortIdSubtype Remote lldpRemPortIdSubtyp port ID Local lldpLocPortId...
Page 675 TLV Type TLV Name TLV Variable System LLDP MIB Object interface numbering Local lldpLocManAddrIfSub subtype type Remote lldpRemManAddrIfSu btype interface number Local lldpLocManAddrIfId Remote lldpRemManAddrIfId Local lldpLocManAddrOID Remote lldpRemManAddrOID Table 54. LLDP 802.1 Organizationally specific TLV MIB Objects TLV Type TLV Name TLV Variable System...
Page 676 Table 55. LLDP-MED System MIB Objects TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object lldpXMedPortCapSup LLDP-MED LLDP-MED Local ported Capabilities Capabilities lldpXMedPortConfigT LVsTx Enable lldpXMedRemCapSup Remote ported lldpXMedRemConfig TLVsTxEnable LLDP-MED Class Local lldpXMedLocDeviceC Type lass Remote lldpXMedRemDevice Class Network Policy Application Type Local...
Page 677 TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object Location Identifier Location Data Format Local lldpXMedLocLocation Subtype Remote lldpXMedRemLocatio nSubtype Location ID Data Local lldpXMedLocLocation Info Remote lldpXMedRemLocatio nInfo Extended Power via Power Device Type Local lldpXMedLocXPoEDe viceType Remote lldpXMedRemXPoED eviceType lldpXMedLocXPoEPS...
Page 678: Multicast Source Discovery Protocol (Msdp)
Multicast Source Discovery Protocol (MSDP) This chapter describes how to configure and use the multicast source discovery protocol (MSDP). Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as border gateway protocol (BGP).
Page 679 When an MSDP peer receives an SA message, it determines if there are any group members within the domain interested in any of the advertised sources. If there are, the receiving RP sends a join message to the originating RP, creating a shortest path tree (SPT) to the source. Figure 81.
Page 680 RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected. Figure 82.
Page 681: Anycast Rp
RP. Receivers join toward the new RP and connectivity is maintained. Implementation Information The Dell Networking OS implementation of MSDP is in accordance with RFC 3618 and Anycast RP is in accordance with RFC 3446.
Page 682: Related Configuration Tasks
Related Configuration Tasks The following lists related MSDP configuration tasks. • Enable MSDP • Manage the Source-Active Cache • Accept Source-Active Messages that Fail the RFP Check • Specifying Source-Active Messages • Limiting the Source-Active Cache • Preventing MSDP from Caching a Local Source •...
Page 683 • MSDP Sample Configurations Figure 83. Configuring Interfaces for MSDP Figure 84. Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol (MSDP)
Page 684: Enable Msdp
Enable MSDP Enable MSDP by peering RPs in different administrative domains. Enable MSDP. CONFIGURATION mode ip multicast-msdp Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Example of Configuring and Viewing MSDP R3(conf)#ip multicast-msdp R3(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3(conf)#do show ip msdp summary Peer Addr Local Addr...
Page 685: Viewing The Source-Active Cache
Viewing the Source-Active Cache To view the source-active cache, use the following command. • View the SA cache. EXEC Privilege mode show ip msdp sa-cache Example of the show ip msdp sa-cache Command R3#show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr...
Page 686: Enabling The Rejected Source-Active Cache
Enabling the Rejected Source-Active Cache To cache rejected sources, use the following command. Active sources can be rejected because the RPF check failed, the SA limit is reached, the peer RP is unreachable, or the SA message has a format error. •...
Page 687 • In Scenario 4, RP1 has a default peer plus an access list. The list permits RP4 so the RPF check is disregarded for active sources from it, but RP5 (and all others because of the implicit deny all) are subject to the RPF check and fail, so those active sources are rejected.
Page 688: Specifying Source-Active Messages
If you do not specify an access list, the peer accepts all sources that peer advertises. All sources from RPs that the ACL denies are subject to the normal RPF check. Example of the ip msdp default-peer Command and Viewing Denied Sources Dell(conf)#ip msdp peer 10.0.50.2 connect-source Vlan 50 Dell(conf)#ip msdp default-peer 10.0.50.2 list fifty Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50...
Page 689: Preventing Msdp From Caching A Local Source
The default limit is 100K. If the total number of sources received from the peer is already larger than the limit when this configuration is applied, those sources are not discarded. To enforce the limit in such a situation, first clear the SA cache. Preventing MSDP from Caching a Local Source You can prevent MSDP from caching an active source based on source and/or group.
Page 690: Preventing Msdp From Caching A Remote Source
Preventing MSDP from Caching a Remote Source To prevent MSDP from caching a remote source, use the following commands. OPTIONAL: Cache sources that the SA filter denies in the rejected SA cache. CONFIGURATION mode ip msdp cache-rejected-sa Prevent the system from caching remote sources learned from a specific peer based on source and group.
Page 691: Preventing Msdp From Advertising A Local Source
Preventing MSDP from Advertising a Local Source To prevent MSDP from advertising a local source, use the following command. • Prevent an RP from advertising a source in the SA cache. CONFIGURATION mode ip msdp sa-filter list in peer list ext-acl Example of Verifying the System is not Advertising Local Sources In the following example, R1 stops advertising source 10.11.4.2.
Page 692: Terminating A Peership
Terminating a Peership MSDP uses TCP as its transport protocol. In a peering relationship, the peer with the lower IP address initiates the TCP session, while the peer with the higher IP address listens on port 639. • Terminate the TCP connection with a peer. CONFIGURATION mode ip msdp shutdown Example of the Verifying that Peering State is Disabled...
Page 693: Debugging Msdp
Local Addr: 192.168.0.3(639) Connect Source: Lo 0 State: Established Up/Down Time: 00:04:26 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 5/0 SAs learned from this peer: 0 SA Filtering: Input (S,G) filter: myremotefilter Output (S,G) filter: none R3(conf)#do clear ip msdp peer 192.168.0.1 R3(conf)#do show ip msdp peer Peer Addr: 192.168.0.1...
Page 694 less effective as traffic increases because preemptive load balancing requires prior knowledge of traffic distributions. • lack of scalable register decasulation: With only a single RP per group, all joins are sent to that RP regardless of the topological distance between the RP, sources, and receivers, and data is transmitted to the RP until the SPT switch threshold is reached.
Page 695: Configuring Anycast Rp
Configuring Anycast RP To configure anycast RP: In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address. CONFIGURATION mode interface loopback Make this address the RP for the group. CONFIGURATION mode ip pim rp-address In each routing domain that has multiple RPs serving a group, create another Loopback interface on...
Page 696: Specifying The Rp Address Used In Sa Messages
Specifying the RP Address Used in SA Messages The default originator-id is the address of the RP that created the message. In the case of Anycast RP, there are multiple RPs all with the same address. To use the (unique) address of another interface as the originator-id, use the following command. •...
Page 697 interface TenGigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown interface TenGigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown interface Loopback 1 ip address 192.168.0.22/32 no shutdown router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0...
Page 698: Msdp Sample Configurations
router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.3/32 area 0 redistribute static redistribute connected redistribute bgp 200 router bgp 200 redistribute ospf 1 neighbor 192.168.0.22 remote-as 100 neighbor 192.168.0.22 ebgp-multihop 255 neighbor 192.168.0.22 update-source Loopback 0 neighbor 192.168.0.22 no shutdown ip multicast-msdp ip msdp peer 192.168.0.11 connect-source Loopback 0 ip msdp peer 192.168.0.22 connect-source Loopback 0...
Page 699 ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 0 ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4 MSDP Sample Configuration: R2 Running-Config ip multicast-routing interface TenGigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown interface TenGigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown interface TenGigabitEthernet 2/31 ip pim sparse-mode...
Page 700 ip address 10.11.80.3/24 no shutdown interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.3/32 area 0 redistribute static redistribute connected redistribute bgp 200 router bgp 200 redistribute ospf 1 neighbor 192.168.0.2 remote-as 100 neighbor 192.168.0.2 ebgp-multihop 255 neighbor 192.168.0.2 update-source Loopback 0...
Page 701 no shutdown interface TenGigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown interface TenGigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown interface Loopback 0 ip address 192.168.0.2/32 no shutdown router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.2/32 area 0 redistribute static redistribute connected...
Page 702 redistribute bgp 200 router bgp 200 redistribute ospf 1 neighbor 192.168.0.2 remote-as 100 neighbor 192.168.0.2 ebgp-multihop 255 neighbor 192.168.0.2 update-source Loopback 0 neighbor 192.168.0.2 no shutdown ip multicast-msdp ip msdp peer 192.168.0.1 connect-source Loopback 0 ip route 192.168.0.2/32 10.11.0.23 MSDP Sample Configuration: R4 Running-Config ip multicast-routing interface TenGigabitEthernet 0/21 ip pim sparse-mode...
Page 703: Multiple Spanning Tree Protocol (Mstp)
Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves on per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances.
Page 704: Spanning Tree Variations
MSTP Sample Configurations • Debugging and Verifying MSTP Configurations Spanning Tree Variations The Dell Networking OS supports four variations of spanning tree, as shown in the following table. Table 56. Spanning Tree Variations Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d...
Page 705: Configure Multiple Spanning Tree Protocol
• Creating Multiple Spanning Tree Instances • Adding and Removing Interfaces • Influencing MSTP Root Selection • Interoperate with Non-Dell Networking OS Bridges • Changing the Region Name or Revision • Modifying Global Parameters • Modifying the Interface Parameters •...
Page 706: Adding And Removing Interfaces
Specify the keyword vlan then the VLANs that you want to participate in the MSTI. Examples of Creating and Viewing MSTP Instances The following example shows using the msti command. Dell(conf)#protocol spanning-tree mstp Dell(conf-mstp)#msti 1 vlan 100 Dell(conf-mstp)#msti 2 vlan 200-300 Dell(conf-mstp)#show config protocol spanning-tree mstp...
Page 707: Influencing Mstp Root Selection
All bridges in the MSTP region must have the same VLAN-to-instance mapping. To view which instance a VLAN is mapped to, use the show spanning-tree mst vlan command from EXEC Privilege mode. Dell(conf-mstp)#name my-mstp-region Dell(conf-mstp)#exit Dell(conf)#do show spanning-tree mst config MST region name: my-mstp-region Revision: 0 MSTI VID 1 100...
Page 708: Interoperate With Non-Dell Bridges
For a bridge to be in the same MSTP region as another, all three of these qualities must match exactly. The default values for the name and revision number must match on all Dell Networking OS devices. If there are non-Dell devices that participate in MSTP, ensure that these values match on all devices.
Page 709: Changing The Region Name Or Revision
Max-hops — the maximum number of hops a BPDU can travel before a receiving switch discards it. NOTE: Dell Networking recommends that only experienced network administrators change MSTP parameters. Poorly planned modification of MSTP parameters can negatively affect network performance.
Page 710 Change the hello-time parameter. PROTOCOL MSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. Change the max-age parameter.
Page 711: Modifying The Interface Parameters
Modifying the Interface Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port. • Port cost is a value that is based on the interface type. The greater the port cost, the less likely the port is selected to be a forwarding port.
Page 712: Configuring An Edgeport
Enable EdgePort on an interface. INTERFACE mode spanning-tree mstp edge-port [bpduguard | shutdown-on-violation] Dell Networking OS Behavior: Regarding bpduguard shutdown-on-violation behavior: • If the interface to be shut down is a port channel, all the member ports are disabled in the hardware.
Page 713: Flush Mac Addresses After A Topology Change
EXEC Privilege mode. MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from Dell Networking OS systems. Figure 93. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Multiple Spanning Tree Protocol (MSTP)
Page 714: Router 1 Running-Configurationrouter 2 Running-Configurationrouter 3 Running-Configurationexample Running-Configuration
Router 1 Running-Configuration This example uses the following steps: Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. Assign Layer-2 interfaces to the MSTP topology. Create VLANs mapped to MSTP instances tag interfaces to the VLANs. (Step 1) protocol spanning-tree mstp no disable...
Page 715 revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 (Step 2) interface TenGigabitEthernet 2/11 no ip address switchport no shutdown interface TenGigabitEthernet 2/31 no ip address switchport no shutdown (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 2/11,31 no shutdown interface Vlan 200 no ip address...
Page 716 no ip address tagged TenGigabitEthernet 3/11,21 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 3/11,21 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 3/11,21 no shutdown Example Running-Configuration This example uses the following steps: Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. Assign Layer-2 interfaces to the MSTP topology.
Page 717: Debugging And Verifying Mstp Configurations
Are there “extra” MSTP instances in the Sending or Received logs? This may mean that an additional MSTP instance was configured on one router but not the others. The following example shows viewing an MSTP configuration. Dell#show run spanning-tree mstp protocol spanning-tree mstp name Tahiti...
Page 718 The following example shows viewing the debug log (a successful MSTP configuration). Dell#debug spanning-tree mstp bpdu MSTP debug bpdu is ON Dell# 4w0d4h : MSTP: Sending BPDU on Te 2/21 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x6e CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 0...
Page 719: Multicast Features
Multicast Features The Dell Networking OS supports the following multicast protocols: • PIM Sparse-Mode (PIM-SM) • Internet Group Management Protocol (IGMP) • Multicast Source Discovery Protocol (MSDP) Topics: • Enabling IP Multicast • Implementation Information • First Packet Forwarding for Lossless Multicast •...
Page 720: First Packet Forwarding For Lossless Multicast
All initial multicast packets are forwarded to receivers to achieve lossless multicast. When the Dell Networking system is the RP, and has receivers for a group G, it forwards all initial multicast packets for the group based on the (*,G) entry rather than discarding them until the (S,G) entry is created, making Dell Networking systems suitable for applications sensitive to multicast packet loss.
Page 721 Limiting the Number of Multicast Routes When the total number of multicast routes on a system limit is reached, Dell Networking OS does not process any IGMP or multicast listener discovery protocol (MLD) joins to PIM — though it still processes leave messages —...
Page 722 Dell Networking OS Behavior: Do not enter the ip igmp access-group command before creating the access-list. If you do, after entering your first deny rule, the system clears multicast routing table and re- learns all groups, even those not covered by the rules in the access-list, because there is an implicit deny all rule at the end of all access-lists.
Page 723 limiting Receiver 1, so both IGMP reports are accepted, and two corresponding entries are created in the routing table. Figure 94. Preventing a Host from Joining a Group Table 58. Preventing a Host from Joining a Group — Description Location Description 1/21 •...
Page 724 Location Description • no shutdown 1/31 • Interface GigabitEthernet 1/31 • ip pim sparse-mode • ip address 10.11.13.1/24 • no shutdown • Interface GigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11 • Interface GigabitEthernet 2/11 •...
Page 725 Location Description Receiver 2 • Interface VLAN 400 • ip pim sparse-mode • ip address 10.11.4.1/24 • untagged GigabitEthernet 1/2 • ip igmp access-group igmpjoinfilR2G2 • no shutdown Rate Limiting IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined.
Page 726 allowed to forward both groups. As a result, Receiver 1 receives only one transmission, while Receiver 2 receives duplicate transmissions. Figure 95. Preventing a Source from Transmitting to a Group Table 59. Preventing a Source from Transmitting to a Group — Description Location Description 1/21...
Page 727 Location Description • no shutdown 1/31 • Interface GigabitEthernet 1/31 • ip pim sparse-mode • ip address 10.11.13.1/24 • no shutdown • Interface GigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11 • Interface GigabitEthernet 2/11 •...
Page 728 NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the source.
Page 729: Object Tracking
IPv4 or IPv6 object tracking is available on Dell Networking OS. Object tracking allows the Dell Networking operating system (OS) client processes, such as virtual router redundancy protocol (VRRP), to monitor tracked objects (for example, interface or link status) and take appropriate action when the state of an object changes.
Page 730: Track Layer 2 Interfaces
Later, if network conditions change and the cost of the default route in each router changes, the mastership of the VRRP group is automatically reassigned to the router with the better metric. Figure 96. Object Tracking Example When you configure a tracked object, such as an IPv4 or IPv6 a route or interface, you specify an object number to identify the object.
Page 731: Track Layer 3 Interfaces
Track Layer 3 Interfaces You can create an object that tracks the Layer 3 state (IPv4 or IPv6 routing status) of an interface. • The Layer 3 status of an interface is UP only if the Layer 2 status of the interface is UP and the interface has a valid IP address.
Page 732: Tracking A Metric Threshold
For OSPF, you can set the resolution in the range from 1 to 1592, where the default is 1. • The resolution value used to map static routes is not configurable. By default, Dell Networking OS assigns a metric of 0 to static routes.
Page 733: Track Route Reachability
Example of IPv4 and IPv 6 Tracking Metric Thresholds The following example configures object tracking on the metric threshold of an IPv4 route. Dell(conf)#track 6 ip route 2.1.1.0/24 metric threshold Dell(conf-track-6)#delay down 20 Dell(conf-track-6)#delay up 20 Dell(conf-track-6)#description track ip route metric...
Page 734: Tracking Route Reachability
EXEC Privilege mode show track object-id Examples of IPv4 and IPv6 Tracking Route Reachability The following example configures object tracking on the reachability of an IPv4 route. Dell(conf)#track 104 ip route 10.0.0.0/8 reachability Dell(conf-track-104)#delay up 20 down 10 Dell(conf-track-104)#end Dell#show track 104 Track 104 IP route 10.0.0.0/8 reachability...
Page 735: Set Tracking Delays
Tracked by: Dell#configure Dell(conf)#track 4 ip route 3.1.1.0/24 reachability vrf vrf1 The following example configures object tracking on the reachability of an IPv6 route. Dell(conf)#track 105 ipv6 route 1234::/64 reachability Dell(conf-track-105)#delay down 5 Dell(conf-track-105)#description Headquarters Dell(conf-track-105)#end Dell#show track 105 Track 105...
Page 736: Tracking A Layer 2 Interface
Track Layer 3 Interfaces • Track IPv4 and IPv6 Routes For a complete listing of all commands related to object tracking, refer to the Dell Networking OS Command Line Interface Reference Guide. Tracking a Layer 2 Interface You can create an object that tracks the line-protocol state of a Layer 2 interface and monitors its operational status (UP or DOWN).
Page 737: Tracking A Layer 3 Interface
Example of Configuring Object Tracking Dell(conf)#track 100 interface tengigabitethernet 7/1/1 line-protocol Dell(conf-track-100)#delay up 20 Dell(conf-track-100)#description San Jose data center Dell(conf-track-100)#end Dell#show track 100 Track 100 Interface TenGigabitEthernet 7/1/1 line-protocol Description: San Jose data center Tracking a Layer 3 Interface You can create an object that tracks the routing status of an IPv4 or IPv6 Layer 3 interface.
Page 738: Displaying Tracked Objects
EXEC Privilege mode show track object-id Examples of Configuring Object Tracking for an IPv4 or IPv6 Interface Example of configuring object tracking for an IPv4 interface. Dell(conf)#track 101 interface tengigabitethernet 7/2/1 ip routing Dell(conf-track-101)#delay up 20 Dell(conf-track-101)#description NYC metro Dell(conf-track-101)#end...
Page 739 Resource Parameter State LastChange IP route reachability 10.16.0.0/16 Example of the show track resolution command. Dell#show track resolution IP Route Resolution ISIS OSPF IPv6 Route Resolution ISIS Example of the show track vrf command. Dell#show track vrf red Object Tracking...
Page 740 Reachability is Up (CONNECTED) 3 changes, last change 00:02:39 First-hop interface is GigabitEthernet 13/4 Example of Viewing the object tracking configuration. Dell#show running-config track track 1 ip route 23.0.0.0/8 reachability track 2 ipv6 route 2040::/64 metric threshold delay down 3...
Page 741: Open Shortest Path First (Ospfv2 And Ospfv3)
Open Shortest Path First (OSPFv2 and OSPFv3) This chapter describes how to configure and use Open Shortest Path First (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6). NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are the same between OSPFv2 and OSPFv3.
Page 742: Autonomous System (As) Areas
Autonomous System (AS) Areas OSPF operates in a type of hierarchy. The largest entity within the hierarchy is the autonomous system (AS), which is a collection of networks under a common administration that share a common routing strategy. OSPF is an intra-AS (interior gateway) routing protocol, although it is capable of receiving routes from and sending routes to other ASs.
Page 743: Area Types
AS information from the backbone or other areas. However, a virtual link can traverse it. • Totally stubby areas are referred to as no summary areas in the Dell Networking OS. Networks and Neighbors As a link-state protocol, OSPF sends routing information to other OSPF routers concerning the state of the links between them.
Page 744 The following example shows different router designations. Figure 98. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example.
Page 745: Designated And Backup Designated Routers
These router designations are not the same ad the router IDs described earlier. The DRs and BDRs are configurable in the Dell Networking OS. If you do not define DR or BDR, the system assigns them. OSPF looks at the priority of the routers on the segment to determine which routers are the DR and BDR. The router with the highest priority is elected the DR.
Page 746: Link-State Advertisements (Lsas)
A link-state advertisement (LSA) communicates the router’s local routing topology to all other local routers in the same area. The LSA types supported by Dell Networking are defined as follows: • Type 1: Router LSA — The router lists links to other routers or networks in the same area. Type 1 LSAs are flooded across their own area only.
Page 747: Virtual Links
require reduced intervals for LSA transmission and acceptance. Throttling timers allow for this improved convergence times. The LSA throttling timers are configured in milliseconds, with the interval time increasing exponentially until a maximum time has been reached. If the maximum time is reached, the system, the system continues to transmit at the max-interval until twice the max-interval time has passed.
Page 748: Ospf Implementation
Figure 99. Priority and Cost Examples OSPF Implementation The Dell Networking OS supports up to 10,000 OSPF routes for OSPFv2. Within the 10,000 routes, you can designate up to 8,000 routes as external and up to 2,000 as inter/intra area routes.
Page 749: Fast Convergence (Ospfv2, Ipv4 Only)
• Network (type 2) • Network Summary (type 3) • AS Boundary (type 4) • LSA(type 5) • External LSA (type 7) • Link LSA, OSPFv3 only (type 8) • Opaque Link-Local (type 9) • Grace LSA, OSPFv3 only (type 11) Fast Convergence (OSPFv2, IPv4 Only) Fast convergence allows you to define the speeds at which LSAs are originated and accepted, and reduce OSPFv2 end-to-end convergence time.
Page 750: Rfc-2328 Compliant Ospf Flooding
LSType:Type-5 AS External(5) Age:1 Seq:0x8000000c id:170.1.2.0 Adv:6.1.0.0 Netmask:255.255.255.0 fwd:0.0.0.0 E2, tos:0 metric:0 To confirm that you enabled RFC-2328–compliant OSPF flooding, use the show ip ospf command. Dell#show ip ospf Routing Process ospf 1 with ID 2.2.2.2 Supports only single TOS (TOS0) routes...
Page 751: Ospf Ack Packing
OSPF ACK packing is enabled by default and non-configurable. Setting OSPF Adjacency with Cisco Routers To establish an OSPF adjacency between Dell Networking and Cisco routers, the hello interval and dead interval must be the same on both routers.
Page 752: Configuration Information
Enable OSPF globally. Assign network area and neighbors. Add interfaces or configure other attributes. For a complete list of the OSPF commands, refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Open Shortest Path First (OSPFv2 and OSPFv3)
Page 753 In CONFIGURATION ROUTER OSPF mode, assign the router ID. The router ID is not required to be the router’s IP address. However, Dell Networking recommends using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described.
Page 754 EXEC mode show ip ospf process-id Example of Viewing the Current OSPFv2 Status Dell#show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.10 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs...
Page 755 If you try to enable more OSPF processes than available Layer 3 interfaces, the following message displays: Dell(conf)#router ospf 1 % Error: No router ID available. Assigning an OSPFv2 Area After you enable OSPFv2, assign the interface to an OSPF area. Set up OSPF areas and enable OSPFv2 on an interface with the network command.
Page 756 Dell(conf-router_ospf-1)#network 20.20.20.20/24 area 2 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To view the configuration, use the show config command in CONFIGURATION ROUTER OSPF mode. OSPF, by default, sends hello packets out to all physical interfaces assigned an IP address that is a subset of a network on which OSPF is enabled.
Page 757 Example of the show ip ospf database database-summary Command To view which LSAs are transmitted, use the show ip ospf database process-id database-summary command in EXEC Privilege mode. Dell#show ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area ID Router Network S-Net S-ASBR Type-7 Subtotal 2.2.2.2...
Page 758 To view information on areas, use the show ip ospf process-id command in EXEC Privilege mode. Configuring LSA Throttling Timers Configured link-state advertisement (LSA) timers replace the standard transmit and acceptance times for LSAs. The LSA throttling timers are configured in milliseconds. The interval time increases exponentially until a maximum time is reached.
Page 759 When you configure a passive interface, the show ip ospf process-id interface command adds the words passive interface to indicate that the hello packets are not transmitted on that interface (shown in bold). Dell#show ip ospf 34 int TengigabitEthernet 0/0 is up, line protocol is down Internet Address 10.1.2.100/24, Area 1.1.1.1 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 10...
Page 760 A higher convergence level can result in occasional loss of OSPF adjacency. Generally, convergence level 1 meets most convergence requirements. Only select higher convergence levels following consultation with Dell Technical Support. Examples of Enabling Fast-Convergence In the following examples, Convergence Level shows the fast-converge parameter setting and Min LSA origination shows the LSA parameters (shown in bold).
Page 761 • seconds: the range is from 1 to 65535 (the default is 40 seconds). The dead interval must be four times the hello interval. The dead interval must be the same on all routers in the OSPF network. • Change the time interval between hello-packet transmission. CONFIG-INTERFACE mode ip ospf hello-interval seconds •...
Page 762 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 Dell(conf-if)#end Dell#show ip ospf 34 interface TengigabitEthernet 0/0 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 45 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 10.1.2.100...
Page 763 • Create a prefix list and assign it a unique name. CONFIGURATION mode ip prefix-list prefix-name You are in PREFIX LIST mode. • Create a prefix list with a sequence number and a deny or permit action. CONFIG- PREFIX LIST mode seq sequence-number {deny |permit} ip-prefix [ge min-prefix-length] [le max- prefix-length] The optional parameters are:...
Page 764 Example of Viewing OSPF Configuration after Redistributing Routes To view the current OSPF configuration, use the show running-config ospf command in EXEC mode or the show config command in ROUTER OSPF mode. Dell(conf-router_ospf)#show config router ospf 34 network 10.1.2.32 0.0.0.255 area 2.2.2.2 network 10.1.3.24 0.0.0.255 area 3.3.3.3...
Page 765 OSPF packet information. • spf: view SPF information. • database-timers rate-limit: view the LSAs currently in the queue. Example of Viewing OSPF Configuration Dell#show run ospf router ospf 3 router ospf 4 router-id 4.4.4.4 network 4.4.4.0/28 area 1 router ospf 5...
Page 766: Sample Configurations For Ospfv2
Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes.
Page 767: Ospf Area 0 - Te 3/1 And 3/2
no shutdown interface Loopback 10 ip address 192.168.100.100/24 no shutdown OSPF Area 0 — Te 3/1 and 3/2 router ospf 33333 network 192.168.100.0/24 area 0 network 10.0.13.0/24 area 0 network 10.0.23.0/24 area 0 interface Loopback 30 ip address 192.168.100.100/24 no shutdown interface TengigabitEthernet 3/1 ip address 10.1.13.3/24 no shutdown...
Page 768: Configuration Task List For Ospfv3 (Ospf For Ipv6)
Configuration Task List for OSPFv3 (OSPF for IPv6) This section describes the configuration tasks for Open Shortest Path First version 3 (OSPF for IPv6) on the switch. The configuration options of OSPFv3 are the same as those options for OSPFv2, but you may configure OSPFv3 with differently labeled commands.
Page 769: Assigning Area Id On An Interface
ipv6 address ipv6 address IPv6 addresses are normally written as eight groups of four hexadecimal digits; separate each group by a colon (:). The format is A:B:C::F/128. Bring up the interface. CONF-INT-type slot/port mode no shutdown Assigning Area ID on an Interface To assign the OSPFv3 process to an interface, use the following command.
Page 770: Assigning Ospfv3 Process Id And Router Id To A Vrf
NOTE: Enter the router-id for an OSPFv3 router as an IPv4 IP address. • Disable OSPF. CONFIGURATION mode no ipv6 router ospf process-id • Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf process Enter an example that illustrates the current task (optional). Enter the tasks the user should do after finishing this task (optional).
Page 771: Configuring The Cost Of Ospfv3 Routes
Configuring the Cost of OSPFv3 Routes Change in bandwidth directly affects the cost of OSPF routes. • Explicitly specify the cost of sending a packet on an interface. INTERFACE mode ipv6 ospf interface-cost • interface-cost:The range is from 1 to 65535. Default cost is based on the bandwidth. •...
Page 772: Redistributing Routes
• For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information (for example, passive-interface ten 2/3). • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information (for example, passive-interface ten 2/4). • For a VLAN, enter the keyword vlan then a number from 1 to 4094 (for example, passive- interface vlan 2222).
Page 773: Ospfv3 Authentication Using Ipsec
IP header and before the next layer protocol header in Transport mode. It is possible to insert the ESP header between the next layer protocol header and encapsulated IP header in Tunnel mode. However, Tunnel mode is not supported in the Dell Networking OS. For detailed information about the IP ESP protocol, refer to RFC 4303.
Page 774 OSPFv3 Authentication Using IPsec: Configuration Notes OSPFv3 authentication using IPsec is implemented according to the specifications in RFC 4552. • To use IPsec, configure an authentication (using AH) or encryption (using ESP) security policy on an interface or in an OSPFv3 area. Each security policy consists of a security policy index (SPI) and the key used to validate OSPFv3 packets.
Page 775 Configuring IPsec Authentication on an Interface To configure, remove, or display IPsec authentication on an interface, use the following commands. Prerequisite: Before you enable IPsec authentication on an OSPFv3 interface, first enable IPv6 unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area (refer to Configuration Task List for OSPFv3 (OSPF for IPv6)).
Page 776 • Enable IPsec encryption for OSPFv3 packets on an IPv6-based interface. INTERFACE mode ipv6 ospf encryption {null | ipsec spi number esp encryption-algorithm [key- encryption-type] key authentication-algorithm [key-authentication-type] key} • null: causes an encryption policy configured for the area to not be inherited on the interface. •...
Page 777 • Enable IPSec authentication for OSPFv3 packets in an area. CONF-IPV6-ROUTER-OSPF mode area-id authentication ipsec spi number {MD5 | SHA1} [key-encryption-type] key • area area-id: specifies the area for which OSPFv3 traffic is to be authenticated. For area-id, enter a number or an IPv6 prefix. •...
Page 778 Examples of the show crypto ipsec Commands In the first example, the keys are not encrypted (shown in bold). In the second and third examples, the keys are encrypted (shown in bold). Dell#show crypto ipsec policy Crypto IPSec client security policy data Policy name...
Page 779 Outbound ESP Cipher Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a Transform set : esp-128-aes esp-sha1-hmac The following example shows the show crypto ipsec sa ipv6 command. Dell#show crypto ipsec sa ipv6 Interface: TenGigabitEthernet 0/0 Link Local address: fe80::201:e8ff:fe40:4d10 IPSecv6 policy name: OSPFv3-1-500 inbound ah sas...
Page 780: Troubleshooting Ospfv3
Interface: TenGigabitEthernet 0/1 Link Local address: fe80::201:e8ff:fe40:4d11 IPSecv6 policy name: OSPFv3-1-600 inbound ah sas outbound ah sas inbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac...
Page 781 show ipv6 route summary • View the summary information for the OSPFv3 database. EXEC Privilege mode show ipv6 ospf database • View the configuration of OSPFv3 neighbors. EXEC Privilege mode show ipv6 ospf neighbor • View debug messages for all OSPFv3 interfaces. EXEC Privilege mode debug ipv6 ospf [event | packet] {type slot/port} •...
Page 782: Per-Vlan Spanning Tree Plus (Pvst+)
Per-VLAN Spanning Tree Plus (PVST Per-VLAN spanning tree plus (PVST+) is a variation of spanning tree — developed by a third party — that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN). Protocol Overview A sample PVST+ topology is shown below.
Page 783: Implementation Information
The Dell Networking OS supports three other versions of spanning tree, as shown in the following table. Table 60. Spanning Tree Versions Supported Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tree Protocol (MSTP) 802 .1s...
Page 784: Enabling Pvst
Enabling PVST+ When you enable PVST+, the system instantiates STP on each active VLAN. Enter PVST context. PROTOCOL PVST mode protocol spanning-tree pvst Enable PVST+. PROTOCOL PVST mode no disable Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands. •...
Page 785: Influencing Pvst+ Root Selection
Influencing PVST+ Root Selection As shown in the previous PVST+ illustration, all VLANs use the same forwarding topology because R2 is elected the root, and all TengigabitEthernet ports have the same cost. The following per-VLAN spanning tree illustration changes the bridge priority of each bridge so that a different forwarding topology is generated for each VLAN.
Page 786: Modifying Global Pvst+ Parameters
Example of the show spanning-tree pvst vlan Command To display the PVST+ forwarding topology, use the show spanning-tree pvst [vlan vlan-id] command from EXEC Privilege mode. Dell(conf)#do show spanning-tree pvst vlan 100 VLAN 100 Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6...
Page 787: Modifying Interface Pvst+ Parameters
• Change the hello-time parameter. PROTOCOL PVST mode vlan hello-time NOTE: With large configurations (especially those configurations with more ports), Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. • Change the max-age parameter.
Page 788: Configuring An Edgeport
The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs. Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multi-vendor network, verify that the costs are values you intended.
Page 789: Pvst+ In Multi-Vendor Networks
PVST+ to avoid potential misconfigurations. If you enable PVST+ on the Dell Networking switch in this network, P1 and P2 receive BPDUs from each other. Ordinarily, the Bridge ID in the frame matches the Root ID, a loop is detected, and the rules of convergence require that P2 move to blocking state because it has the lowest port ID.
Page 790: Pvst+ Sample Configurations
Augment the bridge ID with the VLAN ID. PROTOCOL PVST mode extend system-id Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32773 (priority 32768 sys-id-ext 5), Address 0001.e832.73f7...
Page 791 no shutdown interface TengigabitEthernet 1/32 no ip address switchport no shutdown protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 interface Vlan 100 no ip address tagged TengigabitEthernet 1/22,32 no shutdown interface Vlan 200 no ip address tagged TengigabitEthernet 1/22,32 no shutdown interface Vlan 300 no ip address...
Page 792 no shutdown interface TengigabitEthernet 3/22 no ip address switchport no shutdown interface Vlan 100 no ip address tagged TengigabitEthernet 3/12,22 no shutdown interface Vlan 200 no ip address tagged TengigabitEthernet 3/12,22 no shutdown interface Vlan 300 no ip address tagged TengigabitEthernet 3/12,22 no shutdown protocol spanning-tree pvst no disable...
Page 793: Pim Sparse-Mode (Pim-Sm)
The SPT-Threshold is zero, which means that the last-hop designated router (DR) joins the shortest path tree (SPT) to the source after receiving the first multicast packet. • The Dell Networking OS reduces the number of control messages sent between multicast routers by bundling Join and Prune requests in the same message. •...
Page 794: Requesting Multicast Traffic
Requesting Multicast Traffic A host requesting multicast traffic for a particular group sends an Internet group management protocol (IGMP) Join message to its gateway router. The gateway router is then responsible for joining the shared tree to the RP (RPT) so that the host can receive the requested traffic.
Page 795: Configuring Pim-Ssm
Prune message. Dell Networking OS Behavior: When the router creates an SPT to the source, there are then two paths between the receiver and the source, the SPT and the RPT. Until the router can prune itself from the RPT, the receiver receives duplicate multicast packets which may cause disruption.
Page 796: Enable Pim-Sm
You can influence the selection of the Rendezvous Point by enabling PIM-Sparse mode on a Loopback interface and assigning a low IP address. To display PIM neighbors for each interface, use the show ip pim neighbor command EXEC Privilege mode. Dell#show ip pim neighbor Neighbor Interface Uptime/Expires Address Prio/Mode 127.87.5.5...
Page 797: Configuring S,G Expiry Timers
The range is from 211 to 86,400 seconds. The default is 210. Example Configuring an (S,G) Expiry Time Dell(conf)#ip pim sparse-mode sg-expiry-timer 1800 To display the expiry time configuration, use the show running-configuration pim command from EXEC Privilege mode. Configuring a Static Rendezvous Point The rendezvous point (RP) is a PIM-enabled interface on a router that acts as the root a group-specific tree;...
Page 798: Overriding Bootstrap Router Updates
226.1.1.1 165.87.50.5 To display the assigned RP for a group range (group-to-RP mapping), use the show ip pim rp mapping command in EXEC privilege mode. Dell#show ip pim rp mapping PIM Group-to-RP Mappings Group(s): 224.0.0.0/4, Static RP: 165.87.50.5, v2 Configuring a Designated Router Multiple PIM-SM routers might be connected to a single local area network (LAN) segment.
Page 799: Creating Multicast Boundaries And Domains
The restart-time and stale-entry-time options can be configured only when NSF is enabled on the system. • (option) restart-time: the time the Dell Networking system requires to restart. The default value is 120 seconds. • (option) stale-entry-time: the maximum amount of time that the Dell Networking system preserves entries from a restarting neighbor.
Page 800: Pim Source-Specific Mode (Pim-Ssm)
IGMPv3. Because receivers subscribe to a source and group, the RP and shared tree is unnecessary; only SPTs are used. On Dell Networking systems, it is possible to use PIM-SM with IGMPv3 to achieve the same result, but PIM-SSM eliminates the unnecessary protocol overhead.
Page 801: Important Points To Remember
Important Points to Remember • The default SSM range is 232/8 always. Applying an SSM range does not overwrite the default range. Both the default range and SSM range are effective even when the default range is not added to the SSM ACL.
Page 802: Use Pim-Ssm With Igmp Version 2 Hosts
R1(conf)#do show ip pim ssm-range Group Address / MaskLen 239.0.0.2 / 32 Use PIM-SSM with IGMP Version 2 Hosts PIM-SSM requires receivers that support IGMP version 3. You can employ PIM-SSM even when receivers support only IGMP version 1 or version 2 by translating (*,G) entries to (S,G) entries. Translate (*,G) entries to (S,G) entries using the ip igmp ssm-map acl command source from CONFIGURATION mode.
Page 803 Member Ports: Te 1/1 239.0.0.1 Vlan 400 INCLUDE 00:00:10 Never 10.11.4.2 R1(conf)#do show ip igmp ssm-map IGMP Connected Group Membership Group Address Interface Mode Uptime Expires Last Reporter 239.0.0.2 Vlan 300 IGMPv2-Compat 00:00:36 Never 10.11.3.2 Member Ports: Te 1/1 R1(conf)#do show ip igmp ssm-map 239.0.0.2 SSM Map Information Group : 239.0.0.2...
Page 804: Policy-Based Routing (Pbr)
Policy-based Routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. This chapter covers the following topics: • Overview • Implementing Policy-based Routing with Dell Networking OS • Configuration Task List for Policy-based Routing • Sample Configuration Topics: •...
Page 805 • If the specified next-hops are not reachable, then the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists. • Redirect-Lists are applied at Ingress. PBR with Redirect-to-Tunnel Option: The user can provide a tunnel id for a redirect rule.
Page 806: Implementing Policy-Based Routing With Dell Networking Os
ICMP pings to verify reach ability and/or check the Tunnel Interface UP or DOWN status, and then route traffic out to that next-hop and/or Tunnel Interface Implementing Policy-based Routing with Dell Networking OS • Non-contiguous bitmasks for PBR •...
Page 807 Format: 16 characters Delete the redirect list with the no ip redirect-list command. The following example creates a redirect list by the name of “xyz.” Dell(conf)#ip redirect-list ? WORD Redirect-list name (max 16 chars) Dell(conf)#ip redirect-list xyz Create a Rule for a Redirect-list Use the following command in CONFIGURATION REDIRECT-LIST mode to set the rules for the redirect list.
Page 808 — IP address of the network or host to which the packets are sent. FORMAT: A.B.C.D/NN, or ANY or HOST IP address Below is an example: Dell(conf-redirect-list)#redirect 1.1.1.1 tcp an any ? Match on the ack bit Match only packets on a given Policy-based Routing (PBR)
Page 809 A.B.C.D Source address Any source host host A single source host Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 ? Mask A.B.C.D or /nn Mask in dotted decimal or in slash format Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 ? A.B.C.D Destination address Policy-based Routing (PBR)
Page 810: Pbr Exceptions (Permit)
Dell Networking OS assigns the first available sequence number to a rule configured without a sequence number and inserts the rule into the PBR CAM region next to the existing entries. Since the order of rules is important, ensure that you configure any necessary sequence numbers.
Page 811 Delete the redirect list from this interface with the [no] ip redirect- group command. In this example, the list “xyz” is applied to the tenGigabitEthernet 2/1 interface. Applying a Redirect-list to an Interface Example: Dell(conf-if-te-1/1/1)#ip redirect-group test Dell(conf-if-te-1/1/1)#ip redirect-group xyz Dell(conf-if-te-1/1/1)#show config interface TenGigabitEthernet 1/1/1...
Page 812 In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect List Configuration To view the redirect list configuration, use the following command in EXEC mode: Table 65.
Page 813: Sample Configuration
Showing CAM PBR Configuration Example : Dell#show cam pbr stack-unit 1 port-set 0 TCP Flag: Bit 5 - URG, Bit 4 - ACK, Bit 3 - PSH, Bit 2 - RST, Bit 1 - SYN, Bit 0 -...
Page 814 Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23/1)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/24 any EDGE_ROUTER(conf-redirect-list)# seq 15 permit ip any any EDGE_ROUTER(conf-redirect-list)#show config ip redirect-list GOLD description Route GOLD traffic to ISP_GOLD. seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any seq 10 redirect 10.99.99.254 ip 192.168.2.0/24 any seq 15 permit ip any any...
Page 815: 2/11View Redirect-List Gold
Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 tcp 155.55.2.0/24 222.22.2.0/24 Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 tcp any any Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp 155.55.0.0/16 host 144.144.144.144 Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp any host 144.144.144.144 Dell(conf-redirect-list)#redirect 43.1.1.2 track 4 ip host 7.7.7.7 host 144.144.144.144 Dell(conf-redirect-list)#end...
Page 816 Dell(conf-if-tu-2)#no shutdown Dell(conf-if-tu-2)#end Dell# Create Track Objects to track the Tunnel Interfaces: Dell#configure terminal Dell(conf)#track 1 interface tunnel 1 ip routing Dell(conf-track-1)#exit Dell(conf)#track 2 interface tunnel 2 ipv6 routing Dell(conf-track-2)#end Verify the Status of the Track Objects (Up/Down): Dell#show track brief...
Page 817 Create a Redirect-list with Track Objects pertaining to Tunnel Interfaces: Dell#configure terminal Dell(conf)#ip redirect-list explicit_tunnel Dell(conf-redirect-list)#redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24 Dell(conf-redirect-list)#redirect tunnel 1 track 1 tcp any any Dell(conf-redirect-list)#redirect tunnel 1 track 1 udp 155.55.0.0/16 host 144.144.144.144 Dell(conf-redirect-list)#redirect tunnel 2 track 2 tcp 155.55.2.0/24 222.22.2.0/24...
Page 818: Port Extenders (Pes)
Port Extenders (PEs) The C9010 switch supports the IEEE 802.1BR fabric protocol to expand the port density of the chassis, using C1048P port extenders. In this deployment, the C9010 operates as a controlling bridge for the C1048P. The C1048P functions as a remote line card that is physically connected to, and provisioned by, a C9010 over 10GbE links according to the IEEE 802.1BR standard.
Page 819: Ieee 802.1Br
IEEE 802.1BR The IEEE 802.1BR protocol allows a controlling bridge to use IEEE LAN technologies to discover and manage port extenders. The following illustration shows how a controlling bridge connects through an automatically established port channel (auto-LAG) to an uplink port on one or more port extenders. Figure 104.
Page 820: 802.1Br Terms And Definitions
You can disable the port extender feature by entering the no feature extended-bridge command. Dell Networking does not recommend that you use this command because it may result in traffic loss. It brings down the all port extenders that are online and deletes their configurations. For...
Page 821: Provisioning A Port Extender
PE when you attach it to a control bridge port and power up the PE. NOTE: Although you can provision a PE before or after you install and power on the PE, Dell Networking OS recommends pre-configuring software provisioning before you install a PE and then connect it to a pre-configured, cascaded control bridge port.
Page 822 Dell# show pe pe-id Dell# show pe brief Dell# show interfaces port-channel brief Example of Provisioning a Port Extender Dell(conf)# interface range tengigabitethernet 1/0, tengigabitethernet 1/12 Dell(conf-if-te-1/0,te-1/12)# no shutdown Dell(conf-if-te-1/0,te-1/12)# exit Dell(conf)# pe provision 10 Dell(conf-pe-10)# cascade interface tengigabitethernet 1/0,12...
Page 823: Pe Selection Logic
In the User-Configured Cascade Ports field, A (active) indicates that a C9010 port is up (no shutdown) and configured as a cascade port; I (inactive) indicates that a port is down and configured as a cascade port. Dell# show interface port-channel br Codes: L - LACP Port-channel O - OpenFlow Controller Port-channel...
Page 824 20 cascade interface TenGigabitEthernet 1/12 Dell# show pe brief Port Extenders Information ---------------------------------------------------------- PE-id Status Stack-size Type System-MAC ---------------------------------------------------------- online C1048P a0:68:00:3f:92:bc offline C1048P 00:00:00:00:00:00 Dell#show pe errors PE-id: 10 PE MAC: a0:68:00:3f:92:bc Interface Errors: TenGigabitEthernet 1/12 - Error State •...
Page 825 1/0. As a result, port 1/0 is not included in the auto-LAG although it is discovered as an LLDP neighbor. Dell# show running-config pe feature extended-bridge pe provision 10 cascade interface TenGigabitEthernet 1/12 stack-unit 0 type C1048P Dell# show lldp neighbors | grep 00:01:02:03:11:01 Te 1/0 TenGigabitEthernet 0/1 00:01:02:03:11:01 Te 1/12 TenGigabitEthernet 0/2 00:01:02:03:11:01...
Page 826: Managing A Port Extender
• connect pe pe-id EXEC Privilege • pe-id is a port-extender ID number from 0 to 255. Dell# connect pe 254 Login: peadmin Password: calvin Displaying PE Status To verify the operational status of a C1048P attached to a C9010, enter any of the show commands in this section.
Page 827: Resetting A Port Extender
• reset pe pe-id stack-unit pe-stack-unit-id EXEC Privilege • pe-id is a port-extender ID number from 0 to 255. • pe-stack-unit-id is a PE stack-unit ID number from 0 to 7. Dell# reset pe 0 stack-unit 1 Port Extenders (PEs)
Page 828: Preventing Loops On Port Extender Ports
Dell(conf)# mac-address-table station-move threshold 5 interval 30 NOTE: Dell Networking OS recommends that you use the command because xSTP protocols are not supported on PEs. If a station move for a MAC address is detected above the configured threshold and within the specified time, a syslog message is triggered with the port information.
Page 829: Upgrading A Port Extender
Port-channel 1 is up, line protocol is down(Pe Loop Detection) Upgrading a Port Extender You can update the Dell Networking operating system (OS) on a port extender manually as needed or allow it to be automatically updated by the controlling bridge.
Page 830 After the upgrade is successful, reload the PE or PE stack. To reload a PE stack, enter the stack-unit number of the master unit. EXEC Privilege mode reset pe {0-255} [stack-unit {0-7}] Dell# Dell#reset pe Resetting PE will reload the entire PE STACK. Continue? [yes/no]: yes Verify the OS image upgrade. EXEC Privilege mode...
Page 831: De-Provisioning A Port Extender
• To de-provision a PE that is online, shut down its cascade ports and then enter the no pe provision pe-id command; for example: Dell(conf)# interface range te 1/0 , te 1/12 Dell(conf-if-range-te-1/0,te-1/12)# shutdown Dell(conf-if-range-te-1/0,te-1/12)# exit Dell(conf)# no pe provision 10 •...
Page 832: Dual Homing
copy Copy from one file to another delete Delete a file diag Run diagnosis List files on a filesystem disable Turn off privileged commands enable Turn on privileged commands exit Exit from the EXEC format Format a filesystem hostname Set system's network name Reset a command offline Take a PE stack unit offline...
Page 833: Configuration Terminal Batch Mode
Configuration Terminal Batch mode. Configuration Terminal Batch Mode The C9010 platform with Dell Networking OS 9.10(0.0) supports the Configuration Terminal Batch mode. You should perform the common PE configurations using this mode.
Page 834 Systems with Port Extender The following diagram illustrates PE 1 connected to System A and PE 2 connected to System B. Figure 106. Systems with Port Extender — Before setting up Dual Homing You can connect System A and System B and configure them as VLT peers as follows: Ensure that System A and System B are upgraded to OS 9.10(0.).
Page 835 You can configure PE 1 and PE 2 from both the systems. Example of Configuring PE Dual Homing Dell#configure terminal batch Dell(conf-b)#pe provision 1 Dell(conf-b-pe-1)#cascade interface TenGigabitEthernet 0/0 Dell(conf-b-pe-1)#cascade interface TenGigabitEthernet 1/4 peer Dell(conf-b)#commit Dell(conf-b)#end Dell# Aug 11 22:54:36: %RPM0-P:CP %CLIBATCH-6-CLI_BATCH_CONFIG_COMPLETE_TRAP: Batch...
Page 836 Dell#show pe 1 Codes: A - Active, I - Inactive Reason: CTM - Card Type Mismatch, CAM - CAM ACL Mismatch SVM - Software Version Mismatch, UE - Unknown Error Offline Reason: UNP - Unit Not Present, ICE - IPC CP Error, IRE - IPC RP Error...
Page 837 System A and needs to be removed. PE CONFIGURATION (BATCH mode) no cascade interface interface slot/port Dell# no cascade interface TenGigabitEthernet 0/1 Configure the cascade interface of the System B through the batch mode of System A and commit the configuration.
Page 838: Upgrading To Os 9.10(0.0)
Figure 109. Standalone System and System with PE — After setting up Dual Homing You can configure PE 1 from both System A and System B. Upgrading to OS 9.10(0.0) To upgrade the Dell Networking OS 9.9(0.0) to OS 9.10(0.0): • Upgrade the bootflash of the devices to 3.3.1.18 in OS 9.10.0.0.
Page 839 C1048P f8:b1:56:00:02:8a Dell# Use the upgrade bootflash-image all command to upgrade the boot-flash image in both the CB and the Dell#upgrade bootflash-image all tftp://10.16.127.35/FTOS-C9000-9.10.0.0.bin 00:08:58 : Discarded 1 pkts. Expected block num : 51. Received block num: 50 !!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!.!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!.! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.
Page 840 - upgrade success. !!!!! Bootflash image upgrade for all cards completed successfully. Warning: Kindly save the system configuration before reloading. Dell# Use the upgrade system-image all command to upgrade the image in both the CB and the PE. Dell#upgrade system-image ftp: B: Address or name of remote host []: 10.16.127.141...
Page 841 The above procedure brings up the devices in Dell Networking OS 9.10(0.0). To get a dual homing setup, you need to have a VLT domain running in two systems with the same OS version. Refer to Setting up Dual Homing.
Page 842 Apr 3 05:52:52: %RPM1-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Po 458 Apr 3 05:54:35: %RPM1-P:CP %IFMGR-5-OSTATE_UP: Changed interface state to up: Te 0/22 Apr 3 05:54:35: %RPM1-P:CP %IFMGR-5-OSTATE_UP: Changed interface state to up: Te 0/23 Apr 3 05:54:35: %RPM1-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 0/22 Apr 3 05:54:35: %RPM1-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 0/23...
Page 843: Supported Features
Po 257 Apr 3 05:55:02: %PE200-UNIT2-M:CP %EVL-6-EVENT_LOGGING: Start uploading pre- recorded traps(count:15) to CB Apr 3 05:55:04: %PE200-UNIT2-M:CP %EVL-6-EVENT_LOGGING: Completed uploading pre-recorded traps(send count:15, pending traps:0) to CB Dell# Dell#show pe brief Port Extenders Information ---------------------------------------------------------- PE-id Status Stack-size...
Page 844 • LAGs • LLDP • Loop detection and MAC Learning Limit • A port extender does not support: • • FEFD • GVRP • FRRP • Sticky MAC • STP Edge port support on PE interfaces • VLAN stacking • Port Extenders (PEs)
Page 845: Port Extender (Pe) Stacking
C1048P supports stacking only with other C1048P port extenders. Stacking is not supported on C9010 switches. To set up a PE stack, follow the installation procedure in the Dell Networking C1048P Getting Started Guide or Dell Networking C1048P Installation Guide.
Page 846: Stack Master Election
To display the PE stack master, enter the show pe pe—id system brief command. The following example shows output from an established stack. Example of Displaying Stack Members Dell#show pe 0 system brief Stack MAC: a0:68:00:3f:92:bc Stack Info Unit...
Page 847: Important Points To Remember
Before you start, ensure that the PE stack units are cabled in a ring topology, powered on, and that one or more stack units are attached to a 10GbE port on the parent C9010. For detailed information, see the Dell Networking C1048P Getting Started Guide or Dell Networking C1048P Installation Guide.
Page 848 INTERFACE CONFIGURATION mode no shutdown Example of Configuring a PE Stack NOTE: Dell Networking OS recommends not to use RPM Slots 10 and 11 for PE connectivity. Dell(conf)# feature extended-bridge Dell(conf)# pe provision 2 Dell(conf-pe-2)# cascade interface tengigabitethernet 0/0-1 Dell(conf-pe-2)# exit...
Page 849: Adding A Unit To An Existing Pe Stack
Dell(conf-b)#commit Dell(conf-b)#end Dell# show pe 2 Codes: A - Active, I - Inactive Reason: CTM - Card Type Mismatch, CAM - CAM ACL Mismatch SVM - Software Version Mismatch, UE - Unknown Error Offline Reason: UNP - Unit Not Present,...
Page 850: Renumbering A Stack Unit
• renumber renumber is the new stack-unit ID. Dell# pe 200 stack-unit 3 renumber 5 Renumbering the stack master triggers a stack reload, as shown in the following message. When the stack comes back online, the master unit remains the management unit.
Page 851: Managing Pe Stack Redundancy
• pe-id — port extender identifier. The range is from 0 to 255. The following example shows the redundancy reset-counter pe command. Dell #redundancy reset-counter pe 0 • Display redundancy information. EXEC Privilege mode show redundancy pe pe-id pe-id —...
Page 852: Removing A Unit From A Pe Stack
Examples of Removing a PE Stack Member The following example shows the status of stack-unit 1 before it is removed from the PE stack. Dell#show pe 0 system brief Stack MAC : 00:01:e8:8a:df:e6 -- Stack Info --...
Page 853: Verifying A Pe Stack Master And Standby
• Display information about PE stack units connected to the C9010, including the discovery status. show pe Dell# show pe Maximum number of PE Units allowed: 40 Current number of PE units in the system: 8 Codes: A - Active, I - Inactive...
Page 854 9230 10000 9795 Speed in RPM • Display information about a specified PE stack unit, including status, unit type, and MAC address. Dell#show pe 255 system stack-unit 2 Unit 2 -- Unit Type : Management Unit Status : online Next Boot...
Page 855: Locating The Port Extender
Display the type of stack topology (ring or daisy chain) with a list of all stack ports, port status, and link speed. The interface values are in the format pe-id/stack-port. Enter the PE ID of the master unit. show pe pe-id system stack-ports status Dell#show pe 255 system stack-ports status Topology: Ring Interface...
Page 856: Troubleshooting A Pe Stack
To debug an error condition in a PE stack, you can connect a console to the console port on the master unit and enter PE console commands. Contact Dell Networking support for assistance. The supported PE console commands are described in the C9000 Series Command-Line Reference Guide.
Page 857: Port Monitoring
The mirrored traffic can be sent to a port to which a network analyzer is connected to inspect or troubleshoot the traffic. The Dell Networking OS supports the following mirroring techniques: • Port monitoring — Monitors network traffic by forwarding a copy of incoming and outgoing packets from a source port to a destination port on the same network router.
Page 858: Important Points To Remember
Figure 110. Port Monitoring Configurations Dell Networking OS Behavior: All monitored frames are tagged if the configured monitoring direction is egress (TX), regardless of whether the monitored port (MD) is a Layer 2 or Layer 3 port. If the MD port is a Layer 2 port, the frames are tagged with the VLAN ID of the VLAN to which the MD belongs.
Page 859: Examples Of Port Monitoring
Port-based Te 0/17 Te 0/1 interface Port-based Dell Networking OS Behavior: The switch continues to mirror outgoing traffic even after an MD participating in spanning tree protocol (STP) transitions from the forwarding to blocking. Configuring Port Monitoring Port monitoring (also referred as mirroring) monitors network traffic by forwarding a copy of incoming and outgoing packets from a source port to a destination port on the same network router To configure port monitoring on the port extender, use the following commands.
Page 860 EXEC Privilege mode show running-config monitor session Create a monitoring session using the command monitor session from CONFIGURATION mode, as shown in the following example. MONITOR SESSION mode monitor session [session-ID] source interface | range destination interface direction {rx | tx | both} Specify the source and destination port and direction of traffic, as shown in the following example.
Page 861 The following example monitors and displays information about port extender interface 255/0/0. Dell(conf)#monitor session 1 source peGigE 255/0/0 destination TenGigabitEthernet 0/23 direction both Dell(conf-mon-sess-0)# Dell(conf-mon-sess-0)#do show monitor session 1 SessID Source Destination Dir Mode Source IP Dest IP DSCP TTL Mirrors-Drop? ------------- ----------- ----------------------------------...
Page 862: Remote Port Mirroring
VLAN. Each intermediate switch that participates in the transport of mirrored traffic must be configured with the reserved L2 VLAN. Remote port monitoring supports mirroring sessions in which multiple source and destination ports are distributed across multiple switches Dell(conf)#monitor session 0 type rpm Dell(conf-mon-sess-0)#source ? fortyGigE...
Page 863: Remote Port Mirroring Example
peGigE PE Gigabit Ethernet interface port-channel Port-channel interface range Configure interface range remote vlan Remote-Port-Mirroing vlan tengigabitethernet TenGigabit Ethernet interface vlan VLAN Monitoring Remote Port Mirroring Example Remote port mirroring uses the analyzers shown in the aggregation network in Site A. The VLAN traffic on monitored links from the access network is tagged and assigned to a dedicated L2 VLAN.
Page 864: Configuring Remote Port Mirroring
Configuring Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a destination session (destination ports connected to analyzers on destination switches). Configuration Notes When you configure remote port mirroring, the following conditions apply: •...
Page 865: Displaying A Remote-Port Mirroring Configuration
Port-channel 10 destination remote-vlan 300 direction rx no disable To display the currently configured source and destination sessions for remote port mirroring on a switch, enter the show monitor session command in EXEC Privilege mode. Dell(conf)#do show monitor session SessID Source Destination...
Page 866: Configuring Remote Port Monitoring
Examples of Remote-Port Monitoring Configuration Dell(conf)#interface vlan 10 Dell(conf-if-vl-10)#mode remote-port-mirroring Dell(conf-if-vl-10)#tagged te 0/4 Dell(conf-if-vl-10)#exit Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source te 0/5 destination remote-vlan 10 dir rx Dell(conf-mon-sess-1)#no disable Dell(conf-mon-sess-1)#exit Dell(conf)#inte vlan 100 Dell(conf-if-vl-100)#tagged te 0/7 Dell(conf-if-vl-100)#exit Dell(conf)#interface vlan 20...
Page 867 Dell(conf-if-vl-20)#mode remote-port-mirroring Dell(conf-if-vl-20)#tagged te 0/6 Dell(conf-if-vl-20)#exit Dell(conf)#monitor session 2 type rpm Dell(conf-mon-sess-2)#source vlan 100 destination remote-vlan 20 dir rx Dell(conf-mon-sess-2)#no disable Dell(conf-mon-sess-2)#exit Dell(conf)#mac access-list standard mac_acl Dell(config-std-macl)#permit 00:00:00:00:11:22 count monitor Dell(config-std-macl)#exit Dell(conf)#interface vlan 100 Dell(conf-if-vl-100)#mac access-group mac_acl1 in Dell(conf-if-vl-100)#exit Dell(conf)#inte te 0/30...
Page 868 Port-channel 2 mac access-group mac2 out no shutdown Create an RPM session (In the following example, port-channels 1 and 2 are LACP). Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source port-channel 1 destination remote-vlan 10 dir Port Monitoring...
Page 869: Encapsulated Remote-Port Monitoring
NOTE: When configuring ERPM, follow these guidelines: • The Dell Networking OS supports ERPM source sessions only. Encapsulated packets terminate at the destination IP address or at the analyzer. • You can configure up to four ERPM source sessions on the switch.
Page 870 The next example shows the configuration of an ERPM session in which VLAN 11 is monitored as the source interface and a MAC ACL filters the monitored ingress traffic. Dell(conf)#mac access-list standard flow Dell(config-std-macl)#seq 5 permit 00:00:0a:00:00:0b count monitor Dell#show running-config interface vlan 11 interface Vlan 11...
Page 871 The following example shows you how to configures a source as a physical interface only for ERPM. Dell(conf)#monitor session 3 type erpm Dell(conf-mon-sess-3)#)source vlan 100 dir rx Dell(conf-mon-sess-3)# erpm source-ip 1.1.1.1 dest-ip 100.1.1.2 Dell(conf-mon-sess-3)# flow-based enable Dell(conf-mon-sess-3)# no disable The following example configures the port extender ports so that they are tagged and untagged members of VLAN 100.
Page 872: Power Over Ethernet (Poe)
AC power supply and an external DC power supply. Each power supply provides 1000 W, of which PoE uses up to 850 W. For more information about C9010 power supply installation and troubleshooting, see the Dell Networking C9010 Getting Started Guide.
Page 873: Configuring Poe Or Poe
• Advertising the Extended Power through MDI • Advertising Extended Power Though dot3–TLVs • Detecting Legacy Devices and Allocating Power • Deploying Voice Over IP (VoIP) • Managing PoE on the Port Extender Configuring PoE or PoE+ Configuring PoE or PoE+ is a two-step process: Connect the IEEE 802.3af/802.3at-compliant powered device directly to a port.
Page 874: Manage Ports Using Power Priority And The Power Budget
PD advertises, which, like the power-inline priority, can be Critical, High, or Low. If the Dell Networking OS still finds a tie, priority is based on the fourth parameter, which is the ports position in the port extender; there cannot be a tie based on this parameter.
Page 875: Determining The Affect Of A Port On The Power Budget
When you configure a port as power inline without setting the max_milliwatts power limit option, the Dell Networking OS does not allocate any power to the port unless a device is connected and there is no limit to the amount of power consumed by the powered device.
Page 876: Configuring Power Management On The Pe - Class And Static Mode
The following example configures the power management to Static mode on the port extender 0 on stack unit 0. Dell(conf)#power inline mode pe 0 stack-unit 0 static Example: Displaying PoE Power Allocation on a Port Extender The following example displays the PoE power allocation on a specified port extender, using the show power inline {pe pe-id stack—unit unit number | interface interface } command in EXEC and...
Page 877: Allocate Poe Power To Powered Devices To A Connected Pe Interface
Total Inline Power Consumed: 0W Remaining inline power Available :841W Power Management Mode : Static Interface Inline Power Inline Power Class Device PoE Port LLDP Max / Alloc Consumed Type Priority Support (Watts) (Watts) ---------- ----------- ----------- ------ ------ ------- ------ PeGi 0/0/0 30.00/0.00...
Page 878 For a description of the fields, see Displaying PoE Power Allocation. For information about displaying inline power consumption on a port extender, see Displaying Power Consumption on the Port Extender. Dell#show power inline pe 255 stack-unit 0 Global inline power Threshold : Power over Ethernet (PoE)
Page 879 5000 mW on interface peGigE 0/0/2 interface peGigE 0/0/3 is not configured. The default value of 30000 mW is the maximum power that you can allocate to a device. This configuration has the following PoE topology: Figure 112. PoE Topology Dell(conf)#interface peGigE 0/0/1 Dell(conf-if-pegi-0/0/1)#power inline Dell(conf)#interface peGigE 0/0/2 Dell(conf-if-pegi-0/0/2)#power inline 15000...
Page 880: Setting The Threshold Limit For The Poe Power Budget
Power Requirement: Dell Networking OS uses it for power allocation Power Priority — Critical, High, or Low: Dell Networking OS uses it for power priority calculation. External Power Source: Dell Networking OS does not use this information. IEEE 802.3at power-via-mdi To configure the system or an interface to advertise IEEE 802.1ab extended power-via-mdi TLV, use the...
Page 881: Advertising Extended Power Though Dot3-Tlvs
EXEC mode (the PD-requested power value must be within the class max watts limit). Type — Dell Networking OS uses type only when the type is Type1 or Type2 PD and displays the type in the show power inline command in EXEC mode. The Dell Networking OS does not use Type1 or Type2 PSE requests.
Page 882: Detecting Legacy Devices And Allocating Power
The following example configures all the interfaces to advertise extended power though dot3–TLVs in configuration mode. Dell(conf-lldp)#advertise dot3-tlv power-via-mdi Example of Advertising in LLDP Interface Configuration Mode The following example configures interface peGigE 0/0/1 to advertise extended power though dot3–...
Page 883: Deploying Voice Over Ip (Voip)
Dell(conf)#power inline legacy pe 0 stack-unit 0 Deploying Voice Over IP (VoIP) For a complete list of all PoE commands, see the Dell Networking OS Command Line Reference Guide. Current VoIP phones follow the same basic boot and operations process: Wait for an LLDP from the Ethernet switch.
Page 884: Configuring Lldp-Med For An Office Voip Deployment
LLDP-MED advertises VLAN, dot1P, and DSCP configurations on the switch so that you do not need to manually configure every phone with this information. In the following example, the phone initiates a DHCP request on the advertised voice VLAN, VLAN 200. Dell#show running-config lldp protocol lldp advertise med...
Page 885: Configuring Qos For An Office Voip Deployment
If you know that traffic originating from the phone is tagged with the DSCP value of 46 (EF), you can make the associated queue a strict-priority queue, as shown in the following example. Dell#show run policy-map-input policy-map-input HonorDSCP trust diffserv Dell#sh run int gigabitethernet 0/6/11 interface GigabitEthernet 0/6/11 description "IP Phone X" no ip address portmode hybrid...
Page 886: Classifying Voip Traffic And Applying Qos Policies
Classifying VoIP Traffic and Applying QoS Policies You can avoid congestion and give precedence to voice and signaling traffic by classifying traffic based on the subnet and using strict priority and bandwidth weights on egress, as outlined in the following steps. The following figure depicts the topology and configuration for a C9000 system.
Page 887 2 class-map phone-signalling service-queue 3 class-map phone-subnet Dell#sh run qos-policy-output qos-policy-output data bandwidth-weight 8 qos-policy-output signalling bandwidth-weight 64 Dell#sh run policy-map-output policy-map-output BW service-queue 1 qos-policy data service-queue 2 qos-policy signalling Dell#sh run | grep strict-p Power over Ethernet (PoE)
Page 888: Managing Poe On The Port Extender
To upgrade the PoE controller firmware on a port extender, use the following command. You can upgrade the PoE controller firmware using the firmware packaged with the Dell Networking OS. After the upgrade is successful, the port extender reloads automatically.
Page 889: Suspending Power Delivery On The Port Extender
— Specify the stack unit number of the port extender. The range is from 0 to 7. Example of Suspending Power Delivery on the Port Extender Dell#power inline suspend pe 0 stack-unit 0 Example of Displaying Suspended Power Delivery on the Port Extender Dell#power inline suspend pe 0 stack-unit 0...
Page 890: Monitor The Power Budget
The following example disable power delivery on the port extender. Dell#power inline restore pe 0 stack-unit 0 Example of Displaying Restored Power Delivery on the Port Extender Dell#show power inline pe 0 stack-unit 0 Global inline power Threshold: 99 Power Reserved for inline Power:841W...
Page 891: Displaying Power Allocated To Power Devices
Specify a pe-id/unit/port for the interface. Example of Displaying Allocated Power to Power Devices Stack unit in pe to which this config applies Dell#show power inline pe 2 stack-unit 1 Global inline power Threshold : Power Reserved for inline Power:...
Page 892 You can configure priority or it is received via 802.3 Power via MDI. The user-configured priority always takes precedence. See the power inline priority command in the Power Over Ethernet (PoE) chapter of the Dell Networking OS Command Reference Guide.
Page 893: Displaying Power Consumption On The Port Extender
— Enter the keyword pe and the port extender ID. The range is from 0 to 255. • stack-unit unit-number — Enter the keyword stack-unit and the stack unit number. The range is from 0 to 7. Example of Displaying Total Power Consumption Dell#show power detail pe 255 stack-unit 0 Unit Total System Redundancy Inline Inline...
Page 894 Field Description Inline Power Remaining Difference between the available power and the allocated power. (Watts) Power over Ethernet (PoE)
Page 895: Private Vlans (Pvlan)
Private VLANs (PVLAN) Private VLANs (PVLANs) extend Dell Networking OS security suite by providing Layer 2 isolation between ports within the same virtual local area network (VLAN). A PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair.
Page 896: Using The Private Vlan Commands
• A community VLAN can only contain ports configured as host. • Isolated VLAN — a type of secondary VLAN in a primary VLAN: • Ports in an isolated VLAN cannot talk directly to each other. • Ports in an isolated VLAN can only communicate with promiscuous ports in the primary VLAN. •...
Page 897: Configuration Task List
Secondary VLANs are Layer 2 VLANs, so even if they are operationally down while primary VLANs are operationally up, Layer 3 traffic is still transmitted across secondary VLANs. NOTE: For more information about PVLAN commands, refer to the Dell Networking OS Command Line Reference Guide. Configuration Task List The following sections contain the procedures that configure a private VLAN.
Page 898: Creating Pvlan Ports
“regular” ports (ports not configured as PVLAN ports) to PVLANs. The example below shows the switchport mode private-vlan command on a port and on a port channel. Dell#conf Dell(conf)#interface TengigabitEthernet 2/1 Dell(conf-if-te-2/1)#switchport mode private-vlan promiscuous Dell(conf)#interface TengigabitEthernet 2/2 Dell(conf-if-te-2/2)#switchport mode private-vlan host Dell(conf)#interface TengigabitEthernet 2/3 Dell(conf-if-te-2/3)#switchport mode private-vlan trunk...
Page 899: Creating A Primary Vlan
Creating a Primary VLAN A primary VLAN is a port-based VLAN that is specifically enabled as a primary VLAN to contain the promiscuous ports and PVLAN trunk ports for the private VLAN. A primary VLAN also contains a mapping to secondary VLANs, which are comprised of community VLANs and isolated VLANs.
Page 900: Creating A Community Vlan
NOTE: If a promiscuous or host port is untagged in a VLAN and it receives a tagged packet in the same VLAN, the packet is NOT dropped. Creating a Community VLAN A community VLAN is a secondary VLAN of the primary VLAN in a private VLAN. The ports in a community VLAN can talk to each other and with the promiscuous ports in the primary VLAN.
Page 901 PVLAN member VLANs (primary, community, and isolated VLANs). Dell#conf Dell(conf)# interface vlan 10 Dell(conf-vlan-10)# private-vlan mode primary Dell(conf-vlan-10)# private-vlan mapping secondary-vlan 100-101 Dell(conf-vlan-10)# untagged Te 2/1 Dell(conf-vlan-10)# tagged Te 2/3 Dell(conf)# interface vlan 101 Dell(conf-vlan-101)# private-vlan mode community...
Page 902: Private Vlan Configuration Example
Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 115. Sample Private VLAN Topology The following configuration is based on the example diagram: • Te 0/0 and Te 23 are configured as promiscuous ports, assigned to the primary VLAN, VLAN 4000. •...
Page 903: Inspecting The Private Vlan Configuration
Display the type and status of the configured PVLAN interfaces. show interfaces private-vlan [interface interface] This command is specific to the PVLAN feature. For more information, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide. •...
Page 904 Primary Te 0/3,25 4001 Community Yes Te 0/4-5 4003 Isolated Te 0/6 The following example shows the show vlan private-vlan mapping command. Dell#show vlan private-vlan mapping Private Vlan: Primary : 4000 Isolated : 4003 Community : 4001 NOTE: In the following example, notice the addition of the PVLAN codes – P, I, and C – in the left column.
Page 905 no shutdown interface TengigabitEthernet 0/4 no ip address switchport switchport mode private-vlan host no shutdown interface TengigabitEthernet 0/5 no ip address switchport switchport mode private-vlan host no shutdown interface TengigabitEthernet 0/6 no ip address switchport switchport mode private-vlan host no shutdown interface TengigabitEthernet 0/25 no ip address switchport...
Page 906: Quality Of Service (Qos)
This chapter describes how to use and configure Quality of Service (QoS) features on the switch. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Figure 116. Dell Networking QoS Architecture Topics: • Implementation Information •...
Page 907: Implementation Information
• SNMP Support for Buffer Statistics Tracking Implementation Information The Dell Networking QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication. It also implements these Internet Engineering Task Force (IETF) documents: • RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers •...
Page 908: Honoring Dot1P Priorities On Ingress Traffic
Packet Dot1p on Ingress Packet Queue Number on C9000 Series • Change the priority of incoming traffic on the interface. dot1p-priority Example of Configuring a dot1p Priority on an Interface Dell#config Dell(conf)#interface tengigabitethernet 1/2 Dell(conf-if)#switchport Dell(conf-if)#dot1p-priority 1 Dell(conf-if)#end Dell# Honoring dot1p Priorities on Ingress Traffic By default, the system does not honor dot1p priorities on ingress traffic.
Page 909: Configuring Port-Based Rate Policing
When priority-tagged frames ingress a tagged port, the frames are dropped because, for a tagged port, the default VLAN is 0. Dell Networking OS Behavior: Hybrid ports can receive untagged, tagged, and priority tagged frames. The rate metering calculation might be inaccurate for untagged ports because an internal assumption is made that all frames are treated as tagged.
Page 910: Policy-Based Qos Configurations
Policy-Based QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 117. Constructing Policy-Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic.
Page 911 Match-any class maps allow up to five ACLs. Match-all class-maps allow only one ACL. Link the class-map to a queue. POLICY MAP mode service-queue Example of Creating a Layer 3 Class Map Dell(conf)#ip access-list standard acl1 Dell(config-std-nacl)#permit 20.0.0.0/8 Dell(config-std-nacl)#exit Dell(conf)#ip access-list standard acl2 Dell(config-std-nacl)#permit 20.1.1.0/24 order 0...
Page 912 The following example matches IPv6 traffic with a DSCP value of 40. Dell(conf)# class-map match-all test Dell(conf-class-map)# match ipv6 dscp 40 The following example matches IPv4 and IPv6 traffic with a precedence value of 3. Dell(conf)# class-map match-any test1 Dell(conf-class-map)#match ip-any precedence 3 Creating a Layer 2 Class Map All class maps are Layer 3 by default;...
Page 913 Apply the Layer 2 policy on a Layer 3 interface. INTERFACE mode Dell(conf-if-fo-0/0)# service-policy input l2p layer2 Applying DSCP and VLAN Match Criteria on a Service Queue You can configure Layer 3 class maps which contain both a Layer 3 Differentiated Services Code Point (DSCP) and IP VLAN IDs as match criteria to filter incoming packets on a service queue on the switch.
Page 914 To display all class-maps or a specific class map, use the following command. Dell Networking OS Behavior: An explicit “deny any" rule in a Layer 3 ACL used in a (match any or match all) class-map creates a "default to Queue 0" entry in the CAM, which causes unintended traffic classification. In the following example, traffic is classified in two Queues, 1 and 2.
Page 915: Create A Qos Policy
Packets value shown in the show qos statistics command is reset. NOTE: To avoid issues misconfiguration causes, Dell Networking recommends configuring either DCBX or Egress QoS features, but not both simultaneously. If you enable both DCBX and Egress QoS at the same time, the DCBX configuration is applied and unexpected behavior occurs on the Egress QoS.
Page 916 The 6–bits that are used for DSCP are also used to identify the queue in which traffic is buffered. When you set a DSCP value, Dell Networking OS displays an informational message advising you of the queue to which you should apply the QoS policy (using the service-queue from POLICY-MAP-IN mode). If you apply the QoS policy to a queue other than the one specified in the informational message, Dell Networking OS replaces the first 3–bits in the DSCP field with the queue ID you specified.
Page 917 QOS-POLICY-IN mode set mac-dot1p Creating an Output QoS Policy To create an output QoS policy, use the following commands. Create an output QoS policy. CONFIGURATION mode qos-policy-output After you configure an output QoS policy, do one or more of the following: Strict-Priority Queuing Configuring Policy-Based Rate Shaping Allocating Bandwidth to Queue...
Page 918 When you assign a percentage to one queue, note that this change also affects the amount of bandwidth that is allocated to other queues. Therefore, whenever you are allocating bandwidth to one queue, Dell Networking recommends evaluating your bandwidth requirements for all other queues as well.
Page 919: Create Policy Maps
Create Policy Maps There are two types of policy maps: input and output. Creating Input Policy Maps There are two types of input policy-maps: Layer 3 and Layer 2. Create a Layer 3 input policy map. CONFIGURATION mode policy-map-input Create a Layer 2 input policy map by entering the policy-map-input layer2 command. After you create an input policy map, do one or more of the following: Applying a Class-Map or Input QoS Policy to a Queue Applying an Input QoS Policy to an Input Policy Map...
Page 920 Table 73. Default DSCP to Queue Mapping DSCP/CP bit range (in DSCP Definition Traditional IP Internal Queue ID DSCP/CP decimal hexadecimal) Precedence range 111xxx Network Control 56–63 110xxx Internetwork 48–55 Control 101xxx EF (Expedited CRITIC/ECP 40–47 Forwarding) 100xxx AF4 (Assured Flash Override 32–39 Forwarding)
Page 921 Mapping dot1p Values to Service Queues All traffic is by default mapped to the same queue, Queue 0. If you honor dot1p on ingress, you can create service classes based the queueing strategy in Honoring dot1p Values on Ingress Packets. You may apply this queuing strategy globally by entering the following command from CONFIGURATION mode.
Page 922: Dscp Color Maps
policy-map-output After you create an output policy map, do one or more of the following: Applying an Output QoS Policy to a Queue Specifying an Aggregate QoS Policy Applying an Output Policy Map to an Interface Apply the policy map to an interface. Applying an Output QoS Policy to a Queue To apply an output QoS policy to a queue, use the following command.
Page 923: Creating A Dscp Color Map
Creating a DSCP Color Map You can create a DSCP color map to outline the differentiated services codepoint (DSCP) mappings to the appropriate color mapping (green, yellow, red) for the input traffic. The system uses this information to classify input traffic on an interface based on the DSCP value of each packet and assigns it an initial drop precedence of green, yellow, or red The default setting for each DSCP value (0-63) is green (low drop precedence).
Page 924: Displaying Dscp Color Maps
20,30 Dscp-color-map mapTWO yellow 16,55 Display a specific DSCP color map. Dell# show qos dscp-color-map mapTWO Dscp-color-map mapTWO yellow 16,55 Displaying a DSCP Color Policy Configuration To display the DSCP color policy configuration for one or all interfaces, use the show qos dscp-color- policy {summary [interface] | detail {interface}} command in EXEC mode.
Page 925: Enabling Qos Rate Adjustment
Display summary information about a color policy for a specific interface. Dell# show qos dscp-color-policy summary te 0/10 Interface dscp-color-map TE 0/10 mapONE Display detailed information about a color policy for a specific interface Dell# show qos dscp-color-policy detail te 0/10...
Page 926: Enabling Strict-Priority Queueing
Enabling Strict-Priority Queueing In strict-priority queuing, the system de-queues all packets from the assigned queue before servicing any other queues. You can assign strict-priority to one unicast queue, using the strict-priority command. • Policy-based per-queue rate shaping is not supported on the queue configured for strict-priority queuing.
Page 927: Creating Wred Profiles
example, 2000KB, is reached, all incoming packets are dropped until the buffer space consumes less than 2000KB of the specified traffic. Figure 118. Packet Drop Rate for WRED You can create a custom WRED profile or use one of the five pre-defined profiles. Table 75.
Page 928: Applying A Wred Profile To Traffic
To display the default and configured WRED profiles, use the following command. • Display default and configured WRED profiles and their threshold values. EXEC mode show qos wred-profile Example of the show qos wred-profile Command Dell#show qos wred-profile Wred-profile-name min-threshold max-threshold max-drop-rate wred_drop...
Page 929: Displaying Wred Drop Statistics
Out of Profile The following shows the show qos statistics output on the port extender. DELL#show qos statistics peGigE 0/1/1 Interface peGigE 0/1/1 Queue# Matched Pkts DELL#show qos statistics wred-profile peGigE 0/1/1 Interface peGigE 0/1/1 Drop-statistic Dropped Pkts Green Yellow...
Page 930: Explicit Congestion Notification
Explicit Congestion Notification Explicit Congestion Notification (ECN) enhances and extends WRED functionality by marking packets for later transmission instead of dropping them when a threshold value is exceeded. Use ECN for WRED to reduce the packet transmission rate in a congested, heavily-loaded network. While WRED drops packets to indicate congestion, ECN marks packets instead of dropping them when the average queue length exceeds the threshold value.
Page 931: Example: Color-Marking Non-Ecn Packets In One Traffic Class
• match ip dscp • match ip precedence • match ip vlan By default, all packets are marked for green handling if the rate-police and trust-diffserv commands are not used in an ingress policy map. All packets marked for red handling or “violate” are dropped. In the class map, in addition to color-marking matching packets for yellow handling, you can also configure a DSCP value for matching packets.
Page 932: Example: Color-Marking Non-Ecn Packets In Different Traffic Classes
Example: Color-marking non-ECN Packets in Different Traffic Classes The following examples both show how to mark non-ECN packets for “yellow” handling when packets with DCSP 40 egress on queue 2 and packets with DSCP 50 egress on queue 3. Non-ECN-capable packets have the ECN field in their packet headers set to 0.
Page 933: Using A Configurable Weight For Wred And Ecn
match ip access-group dscp_50_ecn policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Using A Configurable Weight for WRED and ECN The switch supports a user-configurable weight that determines the average queue size used in WRED and Explicit Congestion Notification (ECN) operation on front-end I/O and backplane interfaces. By default, the switch uses a weight factor of 0 (instantaneous ECN marking), which results in packet dropping during times of network congestion based on the configured minimum and maximum WRED thresholds.
Page 934: Global Service-Pools For Wred With Ecn
The average queue size is computed using the last calculated average-queue size and the current queue size. The following is the formula to calculate the average queue size: average-queue-size (t+1) = average-queue- size (t) + (current-queue-length - average-queue-size (t))/2^N where t is the time or the current instant at which average queue size is measured, t+1 is the next calculation of the average queue size, and N is the weight factor.
Page 935: Configuring A Weight For Wred And Ecn Operation
Configure the weight factor for computation of average-queue size. This weight value applies to front- end and backplane ports. QOS-POLICY-OUT mode Dell(conf-qos-policy-out)#wred weight number Configure one or more WRED profiles, and specify the threshold and maximum drop rate WRED mode Dell(conf-wred)#wred thresh-1 Dell(conf-wred)#threshold min 100 max 200 max-drop-rate 40 Quality of Service (QoS)
Page 936: Pre-Calculating Available Qos Cam Space
Dell(conf)#service-class wred green queue5 thresh-1 queue7 thresh-2 backplane Dell(conf)#service-class wred yellow queue1 thresh-2 queue3 thresh-1 backplane Dell(conf)#service-class wred weight queue0 11 queue6 4 queue7 9 backplane Create a global buffer pool that serves as a shared buffer accessed by multiple queues when the minimum guaranteed buffers for a queue are consumed.
Page 937: Snmp Support For Buffer Statistics Tracking
Verify that there are enough available CAM entries. test cam-usage Example of the test cam-usage Command Dell# test cam-usage service-policy input pmap_l2 linecard 0 port-set 0 Linecard | Port-pipe | CAM Partition | Available CAM | Estimated CAM | Status ===============================================================================...
Page 938 • fpEgrQBuffSnapshotTable: Retrieves BST statistics from the egress port used in a buffer. This table displays a snapshot of the buffer cells used by unicast and multicast data and control queues. • fpIngPgBuffSnapshotTable: Retrieves BST statistics from the ingress port for the shared and headroom cells used in a priority group.
Page 939: Routing Information Protocol (Rip)
Routing Information Protocol (RIP) The Routing Information Protocol (RIP) tracks distances or hop counts to nearby routers when establishing network connections and is based on a distance-vector algorithm. RIP protocol standards are listed in the Standards Compliance chapter. Topics: • Protocol Overview •...
Page 940: Ripv2
RIPv2 is multicasting for route updates on IP multicast address 224.0.0.9. Implementation Information The Dell Networking OS supports both versions of RIP and allows you to configure one version globally and the other version on interfaces or both versions on the interfaces.
Page 941: Configuration Task List
• Controlling Route Metrics • Debugging RIP For a complete listing of all commands related to RIP, refer to the Dell Networking OS Command Reference Interface Guide. Enabling RIP Globally By default, RIP is disabled on the switch. To enable RIP globally, use the following commands.
Page 942 RIP updates from other sources. To control the source of RIP route information, use the following commands. • Define a specific router to exchange RIP information between it and the Dell Networking system. Routing Information Protocol (RIP)
Page 943 ROUTER RIP mode neighbor ip-address You can use this command multiple times to exchange RIP information with as many RIP networks as you want. • Disable a specific interface from sending or receiving RIP routing information. ROUTER RIP mode passive-interface interface Assigning a Prefix List to RIP Routes Another method of controlling RIP (or any routing protocol) routing information is to filter the information through a prefix list.
Page 944 RIPv2. When you set the ROUTER RIP mode version command, the interface (TengigabitEthernet 0/0) participating in the RIP process is also set to send and receive RIPv2 (shown in bold). Dell#show ip protocols Routing Protocols is RIP Sending updates every 30 seconds, next due in 23...
Page 945: Generating A Default Route
RIPv1 and RIPv2 and receiving only RIPv2 is shown in the following example. Dell(conf-if)#ip rip send version 1 2 Dell(conf-if)#ip rip receive version 2 The following example of the show ip protocols command confirms that both versions are sent out on the interface.
Page 946: Summarize Routes
• route-map-name: The name of a configured route map. To confirm that the default route configuration is completed, use the show config command in ROUTER RIP mode. Summarize Routes Routes in the RIPv2 routing table are summarized by default, thus reducing the size of the routing table and improving routing efficiency in large networks.
Page 947: Rip Configuration Example
Enable debugging of RIP. Example of the debug ip rip Command The following example shows the confirmation when you enable the debug function. Dell#debug ip rip RIP protocol debug is ON Dell# To disable RIP, use the no debug ip rip command.
Page 948 RIP Configuration on Core2 The following example shows how to configure RIPv2 on a host named Core2. Example of Configuring RIPv2 on Core 2 Core2(conf-if-te-2/31)# Core2(conf-if-te-2/31)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10.0 Core2(conf-router_rip)#network 10.300.10.0 Core2(conf-router_rip)#network 10.11.10.0 Core2(conf-router_rip)#network 10.11.20.0 Core2(conf-router_rip)#show config router rip network 10.0.0.0 version 2 Core2(conf-router_rip)#...
Page 949 > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------- 10.11.10.0/24 Direct, Te 2/11 00:02:26 10.11.20.0/24 Direct, Te 2/31 00:02:02 10.11.30.0/24 via 10.11.20.1, Te 2/31 120/1 00:01:20 10.200.10.0/24 Direct, Te 2/41 00:03:03...
Page 950 router rip network 10.0.0.0 network 192.168.1.0 network 192.168.2.0 version 2 Core3(conf-router_rip)# Core 3 RIP Output The examples in this section show the core 2 RIP output. • To display Core 3 RIP database, use the show ip rip database command. •...
Page 951 To view the RIP configuration activity on Core 3, use the show ip protocols command. Core3#show ip protocols Routing Protocol is "RIP" Sending updates every 30 seconds, next due in 6 Invalid after 180 seconds, hold down 180, flushed after 240 Output delay 8 milliseconds between packets Automatic network summarization is in effect Outgoing filter for all interfaces is...
Page 952 The following example shows viewing the RIP configuration on Core 3. interface TengigabitEthernet 3/11 ip address 10.11.30.1/24 no shutdown interface TengigabitEthernet 3/21 ip address 10.11.20.1/24 no shutdown interface TengigabitEthernet 3/43 ip address 192.168.1.1/24 no shutdown interface TengigabitEthernet 3/44 ip address 192.168.2.1/24 no shutdown router rip version 2...
Page 953: Remote Monitoring (Rmon)
Remote monitoring (RMON) is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces. RMON operates with the simple network management protocol (SNMP) and monitors all nodes on a local area network (LAN) segment.
Page 954: Setting The Rmon Alarm
Chassis Down — When a chassis goes down, all sampled data is lost. But the RMON configurations are saved in the configuration file. The sampling process continues after the chassis returns to operation. • Platform Adaptation — RMON supports all Dell Networking chassis and all Dell Networking Ethernet interfaces. Setting the RMON Alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode.
Page 955: Configuring An Rmon Event
This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”. Dell(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 Remote Monitoring (RMON)
Page 956: Configuring Rmon Collection Statistics
The following command example enables the RMON statistics collection on the interface, with an ID value of 20 and an owner of john. Dell(conf-if-mgmt)#rmon collection statistics controlEntry 20 owner john Configuring the RMON Collection History To enable the RMON MIB history group of statistics collection on an interface, use the rmon collection history command in INTERFACE CONFIGURATION mode.
Page 957 The following command example enables an RMON MIB collection history group of statistics with an ID number of 20 and an owner of john, both the sampling interval and the number of buckets use their respective defaults. Dell(conf-if-mgmt)#rmon collection history controlEntry 20 owner john Remote Monitoring (RMON)
Page 958: Rapid Spanning Tree Protocol (Rstp)
(STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP).. Protocol Overview The Dell Networking OS supports three other versions of spanning tree, as shown in the following table. Table 78. Spanning Tree Versions Supported Dell Networking Term...
Page 959: Important Points To Remember
• Adding a group of ports to a range of VLANs sends multiple messages to the RSTP task, avoid using the range command. When using the range command, Dell Networking recommends limiting the range to five ports and 40 VLANs.
Page 960: Enabling Rapid Spanning Tree Protocol Globally
To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. The bold lines indicate that the interface is in Layer 2 mode. Dell(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 no ip address...
Page 961 If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.cbb4...
Page 962: Adding And Removing Interfaces
Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port id is 128.378, designated path cost 0 Number of transitions to forwarding state 1 BPDU : sent 121, received 2 The port is not in the Edge port mode Port 379 (TengigabitEthernet 2/3) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.379 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4...
Page 963: Modifying Global Parameters
Max-age — the length of time the bridge maintains configuration information before it refreshes that information by recomputing the RST topology. NOTE: Dell Networking recommends that only experienced network administrators change the Rapid Spanning Tree group parameters. Poorly planned modification of the RSTP parameters can negatively affect network performance.
Page 964: Enabling Snmp Traps For Root Elections And Topology Changes
NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. • Change the max-age parameter. PROTOCOL SPANNING TREE RSTP mode max-age seconds The range is from 6 to 40.
Page 965: Influencing Rstp Root Selection
Configure EdgePort only on links connecting to an end station. If you enable EdgePort on an interface connected to a network, it can cause loops. Dell Networking OS Behavior: Regarding bpduguard shutdown-on-violation behavior: • If the interface to be shut down is a port channel, all the member ports are disabled in the hardware.
Page 966: Configuring Fast Hellos For Link State Detection
To verify that EdgePort is enabled on a port, use the show spanning-tree rstp command from EXEC privilege mode or the show config command from INTERFACE mode. NOTE: Dell Networking recommends using the show config command from INTERFACE mode. In the following example, the bold line indicates that the interface is in EdgePort mode. Dell(conf-if-te-2/0)#show config...
Page 967 The range is from 50 to 950 milliseconds. Example of Verifying Hello-Time Interval Dell(conf-rstp)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e811.2233 Root Bridge hello time 50 ms, max age 20, forward delay 15 Bridge ID Priority 0, Address 0001.e811.2233...
Page 968: Security
Security This chapter describes several ways to provide access security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Topics: •...
Page 969: Overview Of Rbac
When you enable role-based only AAA authorization using the aaa authorization role-only command in Configuration mode, the Dell Networking OS checks to ensure that you do not lock yourself out and that the user authentication is available for all terminal lines.
Page 970 The authentication method list should be in the same order as the authorization method list. For example, if you configure the authentication method list in the following order (TACACS+, local), Dell Networking recommends that authorization method list is configured in the same order (TACACS+, local).
Page 971: User Roles
System-Defined RBAC User Roles By default, the Dell Networking OS provides 4 system defined user roles. You can create up to 8 additional user roles. NOTE: You cannot delete any system defined roles. The system defined user roles are as follows: •...
Page 972 (secadmin) permissions. Create a new user role, myrole and inherit security administrator permissions. Dell(conf)#userrole myrole inherit secadmin Verify that the user role, myrole, has inherited the security administrator permissions. The output highlighted in bold indicates that the user role has successfully inherited the security administrator permissions.
Page 973 Note that the netadmin role is not listed in the Role access: secadmin,sysadmin, which means the netadmin cannot access the show users command. Dell(conf)#role exec deleterole netadmin show users Dell#show role mode exec show users Role access: secadmin,sysadmin Example: Allow Security Administrator to Configure Spanning Tree The following example allows the security administrator (secadmin) to configure the spanning tree protocol.
Page 974 10-Gigabit Ethernet interfaces. Dell(conf)#role configure addrole secadmin ? LINE Initial keywords of the command to modify Dell(conf)#role configure addrole secadmin interface tengigabitethernet Dell(conf)#show role mode configure interface Role access: netadmin, secadmin, sysadmin Example: Verify that the Security Administrator Can Access Interface Mode The following example shows that the secadmin role can now access Interface mode (highlighted in bold).
Page 975: Aaa Authentication And Authorization For Roles
CONFIGURATION mode. Example The following example creates a user name that is authenticated based on a user role. Dell (conf) #username john password 0 password role secadmin The following example deletes a user role. NOTE:...
Page 976 To configure AAA authentication, use the aaa authentication command in CONFIGURATION mode. aaa authentication login {method-list-name | default} method [… method4] Configure AAA Authorization for Roles Authorization services determine if the user has permission to use a command in the CLI. Users with only privilege levels can use commands in privilege-or-role mode (the default) provided their privilege level is the same or greater than the privilege level of those commands.
Page 977 : attribute sep value “attribute” and “value” are an attribute-value (AV) pair defined in the Dell Network OS TACACS+ specification, and “sep” is “=”. These attributes allow the full set of features available for TACACS+ authorization and are authorized with the same attributes for RADIUS.
Page 978: Role Accounting
The format to create a Dell Network OS AV pair for privilege level is shell:priv-lvl= where number is a value between 0 and 15. Force10-avpair= ”shell:priv-lvl=15“ Example for Creating a AVP Pair for System Defined or User-Defined Role The following section shows you how to create an AV pair to allow a user to login from a network access server to have access to commands based on the user’s role.
Page 979: Display Information About User Roles
The following example applies the accounting default method to the user role secadmin (security administrator). Dell(conf-vty-0)# accounting commands role secadmin default Displaying Active Accounting Sessions for Roles To display active accounting sessions for each user role, use the show accounting command in EXEC mode.
Page 980: Aaa Accounting
AAA Accounting Accounting, authentication, and authorization (AAA) accounting is part of the AAA security model. For details about commands related to AAA security, refer to the Security chapter in the Dell Networking OS Command Reference Guide. AAA accounting enables tracking of services that users are accessing and the amount of network resources being consumed by those services.
Page 981: Configuration Task List For Aaa Accounting
TACACS+ server to send a stop record accounting notice at the end of the requested user process. • tacacs+: designate the security service. The system supports only TACACS+. Example Dell(conf)#aaa accounting dot1x default start-stop tacacs+ Dell(conf)# tacacs-server host server-address key key Security...
Page 982 15. Dell(conf)#aaa accounting exec default start-stop tacacs+ Dell(conf)#aaa accounting command 15 default start-stop tacacs+ Configuring AAA Accounting for Terminal Lines To enable AAA accounting with a named method list for a specific terminal line (where com15 and execAcct are the method list names), use the following commands.
Page 983: Aaa Authentication
With AAA, you can specify the security protocol or mechanism for different login methods and different users. In the Dell Networking OS, AAA uses a list of authentication methods, called method lists, to define the types of authentication and the sequence in which they are applied. You can define a method list or use the default method list.
Page 984 To configure an authentication method and method list, use the following commands. Dell Networking OS Behavior: If you use a method list on the console port in which RADIUS or TACACS is the last authentication method, and the server is not reachable, Dell Networking OS allows access even though the username and password credentials cannot be verified.
Page 985 NOTE: Dell Networking recommends using the none method only as a backup. This method does not authenticate users. The none and enable methods do not work with secure shell (SSH). You can create multiple method lists and assign them to different terminal lines.
Page 986: Aaa Authorization
You can configure a privilege level for users who need limited access to the system. Every command in the Dell Networking OS is assigned a privilege level of 0, 1, or 15. You can configure up to 16 privilege levels. The system is pre-configured with three privilege levels and you can configure 13 more.
Page 987: Configuration Task List For Privilege Levels
Dell Networking OS Command Reference Guide. Configuring a Username and Password In the Dell Networking OS, you can assign a specific username to limit user access to the system. To configure a username and password, use the following command.
Page 988 Configuring the Enable Password Command To configure the Dell Networking OS, use the enable command to enter EXEC Privilege level 15. After entering the command, the system requests that you enter a password. Privilege levels are not assigned to passwords, rather passwords are assigned to a privilege level. You can always change a password for any privilege level.
Page 989 In addition to assigning privilege levels to the user, you can configure the privilege levels of commands so that they are visible in different privilege levels. Within the Dell Networking OS, commands have certain privilege levels. With the privilege command, you can change the default level or you can reset their privilege level back to the default.
Page 990 Line 3: The configure command is assigned to privilege level 8 because it needs to reach CONFIGURATION mode where the snmp-server commands are located. Line 4: The snmp-server commands, in CONFIGURATION mode, are assigned to privilege level 8. Dell(conf)#username john privilege 8 password john Dell(conf)#enable password level 8 notjohn Dell(conf)#privilege exec level 8 configure...
Page 991 Dell#confi Dell(conf)#? Exit from Configuration mode exit Exit from Configuration mode Reset a command snmp-server Modify SNMP parameters Dell(conf)# Specifying LINE Mode Password and Privilege You can specify a password authentication of all users on different terminal lines. The user’s privilege level is the same as the privilege level assigned to the terminal line, unless a more specific privilege level is assigned to the user.
Page 992: Radius
This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and a RADIUS client (the Dell Networking system). The system sends user information to the RADIUS server and requests authentication of the user and password. The RADIUS server returns one of the following responses: •...
Page 993: Configuration Task List For Radius
Idle Time Every session line has its own idle-time. If the idle-time value is not changed, the default value of 30 minutes is used. RADIUS specifies idle-time allow for a user during a session before timeout. When a user logs in, the lower of the two idle-time values (configured or default) is used.
Page 994 • Monitoring RADIUS (optional) For a complete listing of supported RADIUS commands, refer to the Security chapter in the Dell Networking OS Command Reference Guide. NOTE: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of authentication.
Page 995 • To use the method list. CONFIGURATION mode authorization exec methodlist Specifying a RADIUS Server Host When configuring a RADIUS server host, you can set different communication parameters, such as the UDP port, the key password, the number of retries, and the timeout. To specify a RADIUS server host and configure its communication parameters, use the following command.
Page 996: Tacacs
• Set a time interval after which a RADIUS host server is declared dead. CONFIGURATION mode radius-server deadtime seconds • seconds: the range is from 0 to 2147483647. The default is 0 seconds. • Configure a key for all RADIUS communications between the system and RADIUS server hosts. CONFIGURATION mode radius-server key [encryption-type] key •...
Page 997 TACACS+ Remote Authentication and Authorization • Specifying a TACACS+ Server Host For a complete listing of all commands related to TACACS+, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Choosing TACACS+ as the Authentication Method One of the login authentication methods available is TACACS+ and the user’s name and password are sent for...
Page 998: Tacacs+ Remote Authentication And Authorization
Dell(conf)#do show run tacacs+ tacacs-server key 7 d05206c308f4d35b tacacs-server host 10.10.10.10 timeout 1 Dell(conf)#tacacs-server key angeline Dell(conf)#%SYSTEM-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user admin on vty0 (10.11.9.209) %SYSTEM-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authentication success on vty0 ( 10.11.9.209 ) %SYSTEM-P:CP %SEC-5-LOGOUT: Exec session is terminated for user admin on line vty0 (10.11.9.209)
Page 999 Example of Specifying a TACACS+ Server Host Dell# Dell(conf)# Dell(conf)#ip access-list standard deny10 Dell(conf-std-nacl)#permit 10.0.0.0/8 Dell(conf-std-nacl)#deny any Dell(conf)# Dell(conf)#aaa authentication login tacacsmethod tacacs+ Dell(conf)#aaa authentication exec tacacsauthorization tacacs+ Dell(conf)#tacacs-server host 25.1.1.2 key Force10 Dell(conf)# Dell(conf)#line vty 0 9 Dell(config-line-vty)#login authentication tacacsmethod Dell(config-line-vty)#authorization exec tacauthor...
Page 1000: Command Authorization
Secure shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. The Dell Neetworking OS is compatible with SSH versions 1.5 and 2, both the client and server modes. SSH sessions are encrypted and use authentication.

Dell C9000 Series Networking Configuration Manual

1 About this Guide

2 Configuration Fundamentals

3 Getting Started

4 Switch Management

802.1X

6 Access Control Lists (Acls)

7 Bidirectional Forwarding Detection (BFD)

8 Border Gateway Protocol Ipv4 (Bgpv4)

9 Content Addressable Memory (CAM)

10 Control Plane Policing (Copp)

11 Data Center Bridging (DCB)

Quick Links

Troubleshooting

Related Manuals for Dell C9000 Series

Summary of Contents for Dell C9000 Series