Dell PowerConnect B-FCXs Configuration Manual
  1. Manuals
  2. Brands
  3. Dell Manuals
  4. Switch
  5. PowerConnect B-FCXs
  6. Configuration manual

Dell PowerConnect B-FCXs Configuration Manual

Powerconnect b-series fcx
Hide thumbs Also See for PowerConnect B-FCXs:
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
Table of Contents

Quick Links

See also: User Manual
53-1002266-01
18 March 2011
PowerConnect B-Series FCX
Configuration Guide
Table of Contents
loading

Related Manuals for Dell PowerConnect B-FCXs

Summary of Contents for Dell PowerConnect B-FCXs

  • Page 1 53-1002266-01 18 March 2011 PowerConnect B-Series FCX Configuration Guide...
  • Page 2 Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. Trademarks used in this text: Dell, the DELL logo, Dell OpenManage and PowerConnect are trademarks of Dell Inc.; Microsoft, Windows,and Windows Server are either trademarks or registered trademarks of Microsoft Corporation in the United States and/ or other countries.

  • Page 3: Table Of Contents

    Contacting Dell........
  • Page 4 Chapter 2 Configuring Basic Software Features Configuring basic system parameters ......18 Entering system administration information ....18 Configuring Simple Network Management Protocol (SNMP) parameters .
  • Page 5 Loading and saving configuration files ..... . . 65 Replacing the startup configuration with the running configuration Replacing the running configuration with the startup configuration Logging changes to the startup-config file .
  • Page 6 Viewing information about software licenses ....91 Viewing the License ID (LID) ......91 Viewing the license database .
  • Page 7 Image mismatches ........154 Advanced feature privileges (PowerConnect B-Series FCX ) .
  • Page 8 IPv6 management features .......199 IPv6 management ACLs ......199 IPv6 debug .
  • Page 9 Error disable recovery ........286 Enabling error disable recovery ......286 Setting the recovery interval .
  • Page 10 Displaying and modifying system parameter default settings ..321 Configuration considerations ......321 Displaying system parameter default values ....321 Modifying system parameter default values .
  • Page 11 Chapter 11 Configuring Uni-Directional Link Detection (UDLD) and Protected Link Groups UDLD overview .........383 UDLD for tagged ports .
  • Page 12 Dynamic link aggregation ....... . . 410 IronStack LACP trunk group configuration example ..411 Examples of valid LACP trunk groups .
  • Page 13 Configuring IP subnet, IPX network, and protocol-based VLANs within port-based VLANs......454 Configuring an IPv6 protocol VLAN ......458 Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) .
  • Page 14 Displaying VLAN information ......500 Displaying VLANs in alphanumeric order ....500 Displaying system-wide VLAN information .
  • Page 15 Using MAC-based VLANs and 802.1X security on the same port531 Configuring generic and Dell vendor-specific attributes on the RADIUS server ........532 Aging for MAC-based VLAN .
  • Page 16 Preserving user input for ACL TCP/UDP port numbers..566 Managing ACL comment text ......567 Adding a comment to an entry in a numbered ACL .
  • Page 17 QoS for stackable devices ....... .595 QoS profile restrictions in an IronStack ....595 QoS behavior for trusting Layer 2 (802.1p) in an IronStack .
  • Page 18 ACL statistics and rate limit counting ..... . .619 Enabling ACL statistics .......619 Enabling ACL statistics with rate limiting traffic policies.
  • Page 19 Rate limiting in hardware ....... . .644 How Fixed rate limiting works ......644 Configuration notes .
  • Page 20 Changing the minimum time between port reinitializations . .699 LLDP TLVs advertised by the Dell PowerConnect device..699 Configuring LLDP-MED ........707 Enabling LLDP-MED .
  • Page 21 PIM Dense ..........733 Initiating PIM multicasts on a network .
  • Page 22 Chapter 26 Configuring IP Basic configuration ........784 Overview .
  • Page 23 Chapter 27 Configuring Multicast Listening Discovery (MLD) Snooping on PowerConnect B-Series FCX Switches Overview ..........889 Configuration notes .
  • Page 24 Configuring RIP parameters .......910 Enabling RIP ........910 Configuring metric parameters .
  • Page 25 Configuring OSPF ........930 Configuration rules .
  • Page 26 Displaying OSPF information ......966 Displaying general OSPF configuration information ..967 Displaying CPU utilization statistics .
  • Page 27 Optional configuration tasks ......1004 Changing the Keep Alive Time and Hold Time ... 1004 Changing the BGP4 next-hop update timer .
  • Page 28 Configuring route flap dampening ......1054 Globally configuring route flap dampening ... . . 1055 Using a route map to configure route flap dampening for specific routes .
  • Page 29 Configuring basic VRRP parameters ..... . 1113 Configuring the Owner ......1113 Configuring a Backup.
  • Page 30 Configuring SSL security for the Web Management Interface . . .1161 Enabling the SSL server on the Dell PowerConnect device .1161 Changing the SSL server certificate key size ... . 1162 Support for SSL digital certificates larger than 2048 bytes 1162 Importing digital certificates and RSA private key files.
  • Page 31 TCP Flags - edge port security ......1201 Using TCP Flags in combination with other ACL features . . 1202 Chapter 33 Configuring SSH2 and SCP SSH version 2 support .
  • Page 32 Setting the quiet period ......1240 Specifying the wait interval and number of EAP-request/ identity frame retransmissions from the Dell PowerConnect device 1240 Specifying the wait interval and number of EAP-request/ identity frame retransmissions from the RADIUS server .
  • Page 33 .......1276 Configuring Dell-specific attributes on the RADIUS server .
  • Page 34 Configuring multi-device port authentication ....1278 Enabling multi-device port authentication ....1278 Specifying the format of the MAC addresses sent to the RADIUS server .
  • Page 35 Configuring web authentication options ....1320 Enabling RADIUS accounting for web authentication ..1320 Changing the login mode (HTTPS or HTTP) ... . . 1321 Specifying trusted ports.
  • Page 36 Configuring your NMS ......1369 Configuring SNMP version 3 on Dell PowerConnect devices1369 Defining the engine id .
  • Page 37 Displaying SNMP Information......1377 Displaying the Engine ID ......1377 Displaying SNMP groups .
  • Page 38 sFlow ..........1427 sFlow version 5 .

  • Page 39: About This Document

    PowerConnect B-Series FCX Stackable Switches. This guide includes procedures for configuring the software. The software procedures show how to perform tasks using the CLI. This guide also describes how to monitor Dell products using statistics and summary screens. This guide applies to the PowerConnect models listed in...

  • Page 40: Document Conventions

    Document conventions This section describes text formatting conventions and important notice formats used in this document. Text formatting The narrative-text formatting conventions that are used are as follows: bold text Identifies command names Identifies the names of user-manipulated GUI elements Identifies keywords Identifies text to enter at the GUI or CLI italic text...

  • Page 41: Notice To The Reader

    For the latest edition of these documents, which contain the most up-to-date information, refer to support.dell.com. Getting technical help Dell is committed to ensuring that your investment in our products remains cost-effective. If you need assistance, or find errors in the manuals, contact Dell Technical Support. Contacting Dell For customers in the United States, call 800-WWW.DELL (800.999.3355).
  • Page 42 If you do not have an active Internet connection, you can find contact information on your purchase invoice, packing slip, bill, or Dell product catalog. Dell provides several online and telephone-based support and service options. Availability varies by country and product, and some services may not be available in your area. To contact Dell for sales, technical support, or customer service issues: 1.

  • Page 43: Getting Familiar With Management Applications

    Chapter Getting Familiar with Management Applications Table 3 lists the individual Dell PowerConnect switches and the management application features they support. TABLE 3 Supported management application features Feature PowerConnect B-Series FCX Management port industry-standard Command Line Interface (CLI), including support for: •...

  • Page 44: Cli Commands For Use With The Management Port

    Using the management port • No packet received on a management port is sent to any in-band ports, and no packets received on in-band ports are sent to a management port. • A management port is not part of any VLAN •...

  • Page 45: Logging On Through The Cli

    39945 Logging on through the CLI Once an IP address is assigned to a Dell PowerConnect device running Layer 2 software or to an interface on the Dell PowerConnect device running Layer 3 software, you can access the CLI either through the direct serial connection to the device or through a local or remote Telnet session.

  • Page 46: On-Line Help

    VLANs, for routing protocols, and other configuration areas. NOTE By default, any user who can open a serial or Telnet connection to the Dell PowerConnect device can access all these CLI levels. To secure access, you can configure Enable passwords or local user accounts, or you can configure the device to use a RADIUS or TACACS/TACACS+ server for authentication.

  • Page 47: Line Editing Commands

    Using stack-unit, slot number, and port number with CLI commands lock-address logging --More--, next page: Space, next line: Return key, quit: Control-c The software provides the following scrolling options: • Press the Space bar to display the next page (one screen at a time). •...

  • Page 48: Cli Nomenclature On Stackable Devices

    Using stack-unit, slot number, and port number with CLI commands • slot number and port number • stack-unit, slot number, and port number The following sections show which format is supported on which devices. The ports are labelled on the front panels of the devices. CLI nomenclature on Stackable devices Stackable devices (PowerConnect B-Series FCX) use the stack-unit/slot/port nomenclature.
  • Page 49 At the --More-- prompt, you can press the forward slash key ( / ) and then enter a search string. The Dell PowerConnect device displays output starting from the first line that contains the search string, similar to the begin option for show commands. An example is given below.

  • Page 50: Using Special Characters In Regular Expressions

    Using stack-unit, slot number, and port number with CLI commands --More--, next page: Space, next line: Return key, quit: Control-c /telnet The results of the search are displayed. searching... telnet Telnet by name or IP address temperature temperature sensor commands terminal display syslog traceroute...
  • Page 51 Using stack-unit, slot number, and port number with CLI commands TABLE 5 Special characters for regular expressions Character Operation The period matches on any single character, including a blank space. For example, the following regular expression matches “aaz”, “abz”, “acz”, and so on, but not just “az”: The asterisk matches on zero or more sequential instances of a pattern.

  • Page 52: Creating An Alias For A Cli Command

    PowerConnect(config)#no alias wrsbc PowerConnect(config)#unalias wrsbc Syntax: unalias The specified must be the name of an alias already configured on the Dell PowerConnect device. To display the aliases currently configured on the Dell PowerConnect device, enter the following command at either the Privileged EXEC or CONFIG levels of the CLI.

  • Page 53: Logging On Through The Web Management Interface

    To use the Web Management Interface, open a Web browser and enter the IP address of the management port on the Dell PowerConnect device in the Location or Address field. The Web browser contacts the Dell PowerConnect device and displays a Login panel, such as the one shown below.

  • Page 54: Navigating The Web Management Interface

    There is no default read-write community string. You must add one using the CLI. As an alternative to using the SNMP community strings to log in, you can configure the Dell PowerConnect device to secure Web management access using local user accounts or Access Control Lists (ACLs).
  • Page 55 Logging on through the Web Management Interface FIGURE 3 First panel for Layer 3 Switch features NOTE If you are using Internet Explorer 6.0 to view the Web Management Interface, make sure the version you are running includes the latest service packs. Otherwise, the navigation tree (the left-most pane Figure 3) will not display properly.
  • Page 56 Logging on through the Web Management Interface Using the CLI, you can modify the appearance of the Web Management Interface with the web-management command. To cause the Web Management Interface to display the List view by default, enter the following command.
  • Page 57 Logging on through the Web Management Interface Front Panel Device Front Panel Frame Menu Type (Tree View shown) Page Menu Bottom Frame Menu Frame Device NOTE The tree view is available when you use the Web Management Interface with Netscape 4.0 or higher or Internet Explorer 4.0 or higher browsers.

  • Page 58: Logging On Through Brocade Network Advisor

    Logging on through Brocade Network Advisor Logging on through Brocade Network Advisor Refer to the Brocade® Network Advisor manual for information about using Brocade Network Advisor. PowerConnect B-Series FCX Configuration Guide 53-1002266-01...

  • Page 59: Configuring Basic Software Features

    Chapter Configuring Basic Software Features Table 6 lists the individual Dell PowerConnect switches and the basic software features they support. TABLE 6 Supported basic software features Feature PowerConnect B-Series FCX Basic System Parameters System name, contact, and location SNMP trap receiver and trap source...

  • Page 60: Configuring Basic System Parameters

    Table Entering system administration information You can configure a system name, contact, and location for a Dell PowerConnect device and save the information locally in the configuration file for future reference. This information is not required for system operation but is suggested. When you configure a system name, the name replaces the default system name in the CLI command prompt.

  • Page 61: Configuring Simple Network Management Protocol (Snmp)

    Specifying an SNMP trap receiver You can specify a trap receiver to ensure that all SNMP traps sent by the Dell PowerConnect device go to the same SNMP trap receiver or set of receivers, typically one or more host devices on the network.
  • Page 62 For example, if you configure each of your Dell PowerConnect devices that use the trap host to send a different community string, you can easily distinguish among the traps from different Dell PowerConnect devices based on the community strings.
  • Page 63 The parameter specifies the number of seconds and can be from 1 – 600 (ten minutes). The default is 60 seconds. Disabling SNMP traps Dell PowerConnect devices come with SNMP trap generation enabled by default for all traps. You can selectively disable one or more of the following traps. NOTE By default, all SNMP traps are enabled at system startup.

  • Page 64: Disabling Syslog Messages And Traps For Cli Access

    Disabling Syslog messages and traps for CLI access Dell PowerConnect devices send Syslog messages and SNMP traps when a user logs into or out of the User EXEC or Privileged EXEC level of the CLI. The feature applies to users whose access is authenticated by an authentication-method list based on a local user account, RADIUS server, or TACACS/TACACS+ server.

  • Page 65: Cancelling An Outbound Telnet Session

    Ctrl+^, pressing any key other than X or Ctrl+^ returns you to the Telnet session. Specifying a Simple Network Time Protocol (SNTP) server You can configure the Dell PowerConnect device to consult SNTP servers for the current system time and date.
  • Page 66 Dell PowerConnect recommends that you use the SNTP feature. To identify an SNTP server with IP address 208.99.8.95 to act as the clock reference for a Dell PowerConnect device, enter the following.

  • Page 67: Setting The System Clock

    SNTP server. Setting the system clock In addition to SNTP support, Dell PowerConnect switches and routers also allow you to set the system time counter. The time counter setting is not retained across power cycles and is not automatically synchronized with an SNTP server.
  • Page 68 Although SNTP servers typically deliver the time and date in Greenwich Mean Time (GMT), you can configure the Dell PowerConnect device to adjust the time for any one-hour offset from GMT or for one of the following U.S. time zones: •...

  • Page 69: Limiting Broadcast, Multicast, And Unknown Unicast Traffic

    Limiting broadcast, multicast, and unknown unicast traffic Dell PowerConnect devices can forward all flooded traffic at wire speed within a VLAN. However, some third-party networking devices cannot handle high rates of broadcast, multicast, or unknown-unicast traffic. If high rates of traffic are being received by the Dell PowerConnect device on a given port of that VLAN, you can limit the number of broadcast, multicast, or unknown-unicast packets or bytes received each second on that port.
  • Page 70 Configuring basic system parameters The variable specifies the maximum number of packets per second. It can be any number that is a multiple of 65536, up to a maximum value of 2147418112. If you enter the multicast limit command, multicast packets are included in the corresponding limit. If you specify 0, limiting is disabled.

  • Page 71: Configuring Cli Banners

    Setting a message of the day banner You can configure the Dell PowerConnect device to display a message on a user terminal when he or she establishes a Telnet CLI session. For example, to display the message “Welcome to PowerConnect!”...
  • Page 72 In earlier IronWare software releases, users were required to press the Enter key after the Message of the Day (MOTD) was displayed, prior to logging in to the Dell PowerConnect device on a console or from a Telnet session. Now, this requirement is disabled by default. Unless configured, users do not have to press Enter after the MOTD banner is displayed.
  • Page 73 Displaying a console message when an incoming Telnet session is detected You can configure the Dell PowerConnect device to display a message on the Console when a user establishes a Telnet session. This message indicates where the user is connecting from and displays a configurable text message.

  • Page 74: Configuring A Local Mac Address For Layer 2 Management Traffic32

    When you issue the use-local-management-mac, the Dell PowerConnect device changes a local bit in the first port MAC address and uses this MAC address for management traffic. The second bit of the first port MAC address is changed to 2. For example, if the MAC address is 00e0.5201.9900 after the feature is enabled, the switch uses...

  • Page 75: Modifying Port Speed And Duplex Mode

    Configuring basic port parameters Modifying port speed and duplex mode The Gigabit Ethernet copper ports are designed to auto-sense and auto-negotiate the speed and duplex mode of the connected device. If the attached device does not support this operation, you can manually enter the port speed to operate at either 10, 100, or 1000 Mbps.

  • Page 76: Application Notes

    Port speed down-shift enables Gbps copper ports on the Dell PowerConnect device to establish a link at 1000 Mbps over a 4-pair wire when possible, or to down-shift to 100 Mbps if the medium is a 2-pair wire.
  • Page 77 Configuring basic port parameters Syntax: [no] link-config gig copper autoneg-control down-shift ethernet [ethernet ] | to ... Specify the variable in the following formats: • PowerConnect B-Series FCX stackable switches – You can list all of the ports individually, use the keyword to to specify ranges of ports, or a combination of both.

  • Page 78: Modifying Port Duplex Mode

    Configuring basic port parameters To disable selective auto-negotiation of 100m-auto on ports 0/1/21 to 0/1/25 and 0/1/30, enter the following. PowerConnect(config)# no link-config gig copper autoneg-control 100m-auto ethernet 0/1/21 to 0/1/25 ethernet 0/1/30 Configuring maximum port speed advertisement To configure a maximum port speed advertisement of 10 Mbps on a port that has auto-negotiation enabled, enter a command such as the following at the Global CONFIG level of the CLI.

  • Page 79: Configuring Mdi/Mdix

    PowerConnect(config-if-e1000-2)# mdi-mdix auto Syntax: mdi-mdix After you enter the mdi-mdix command, the Dell PowerConnect device resets the port and applies the change. To display the MDI/MDIX settings, including the configured value and the actual resolved setting (for mdi-mdix auto), enter the command show interface at any level of the CLI.

  • Page 80: Disabling Or Re-Enabling A Port

    A port can be made inactive (disable) or active (enable) by selecting the appropriate status option. The default value for a port is enabled. To disable port 8 of a Dell PowerConnect device, enter the following. PowerConnect(config)# interface ethernet 8 PowerConnect(config-if-e1000-8)# disable You also can disable or re-enable a virtual interface.
  • Page 81 Configuring basic port parameters Disabling or re-enabling flow control You can configure the Dell PowerConnect device to operate with or without flow control. Flow control is enabled by default globally and on all full-duplex ports. You can disable and re-enable flow control at the Global CONFIG level for all ports.

  • Page 82: Configuring Symmetric Flow Control On Powerconnect B-Series Fcx

    Configuring basic port parameters Displaying flow-control status The show interface command displays configuration, operation, and negotiation status where applicable. For example, on a PowerConnect Stackable device, issuing the command for 10/100/1000M port 0/1/21 displays the following output. PowerConnect# show interfaces ethernet 0/1/21 GigabitEthernet0/1/21 is up, line protocol is up Hardware is GigabitEthernet, address is 00e0.5204.4014 (bia 00e0.5204.4014) Configured speed auto, actual 100Mbit, configured duplex fdx, actual fdx...
  • Page 83 Configuring basic port parameters Symmetric flow control addresses the requirements of a lossless service class in an Internet Small Computer System Interface (iSCSI) environment. It is supported on FCX standalone units as well as on all FCX units in an IronStack. About XON and XOFF thresholds An 802.3x PAUSE frame is generated when the buffer limit at the ingress port reaches or exceeds the port’s upper watermark threshold (XOFF limit).
  • Page 84 PowerConnect(config)# symmetric-flow-control set 2 xoff 91 xon 75 In the above configuration examples, when the XOFF limit of 91% is reached or exceeded, the Dell PowerConnect device will send PAUSE frames to the sender telling it to stop transmitting data temporarily.
  • Page 85 Configuring basic port parameters Syntax: symmetric-flow-control set 1 | 2 xoff <%> xon <%> symmetric-flow-control set 1 sets the XOFF and XON limits for 1G ports. symmetric-flow-control set 2 sets the XOFF and XON limits for 10G ports. For xoff <%>, the <%> minimum value is 60% and the maximum value is 95%. For xon <%>, the <%>...

  • Page 86: Configuring Phy Fifo Rx And Tx Depth

    CRCs and errors will begin to appear on the ports. Raising the FIFO depth setting will adjust for clock differences. Dell recommends that you disable the port before applying this command, and re-enable the port. Applying the command while traffic is flowing through the port can cause CRC and other errors for any packets that are actually passing through the PHY while the command is being applied.

  • Page 87: Enabling And Disabling Support For 100Basetx

    This module requires a Cat5 cable and uses an RJ45 connector. Enabling and disabling support for 100BaseFX Some Dell PowerConnect devices support 100BaseFX fiber transceivers. After you physically install a 100BaseFX transceiver, you must enter a CLI command to enable it. .

  • Page 88: Changing The Gbps Fiber Negotiation Mode

    Configuring basic port parameters Chassis-based and Stackable devices NOTE The following procedure applies to Stackable devices and to Chassis-based 100/1000 Fiber interface modules only. The CLI syntax for enabling and disabling 100BaseFX support on these devices differs than on a Compact device. Make sure you refer to the appropriate procedures. PowerConnect devices support the following types of SFPs for 100BaseFX: •...

  • Page 89: Modifying Port Priority (Qos)

    Configuring basic port parameters NOTE When Gbps negotiation mode is turned off (CLI command gig-default neg-off), the Dell device may inadvertently take down both ends of a link. This is a hardware limitation for which there is currently no workaround.

  • Page 90: Configuring Port Flap Dampening

    Configuring basic port parameters Enabling dynamic configuration of a Voice over IP (VoIP) phone You can create a voice VLAN ID for a port, or for a group of ports. To create a voice VLAN ID for a port, enter commands such as the following. PowerConnect(config)# interface ethernet 2 PowerConnect(config-if-e1000-2)# voice-vlan 1001 To create a voice VLAN ID for a group of ports, enter commands such as the following.

  • Page 91: Configuration Notes

    • The Dell PowerConnect device counts the number of times a port link state toggles from "up to down", and not from "down to up". •...
  • Page 92 Configuring basic port parameters PowerConnect(config)# interface ethernet 2/1 PowerConnect(config-if-e10000-2/1)# no link-error-disable 10 3 10 Displaying ports configured with port flap dampening Ports that have been disabled due to the port flap dampening feature are identified in the output of the show link-error-disable command. The following shows an example output. PowerConnect# show link-error-disable Port 2/1 is forced down by link-error-disable.
  • Page 93 Configuring basic port parameters TABLE 10 Output of show link-error-disable (Continued) This column... Displays... State The port state can be one of the following: • Idle – The link is normal and no link state toggles have been detected or sampled. •...

  • Page 94: Port Loop Detection

    Configuring basic port parameters Port loop detection This feature allows the Dell PowerConnect device to disable a port that is on the receiving end of a loop by sending test packets. You can configure the time period during which test packets are sent.
  • Page 95 Configuring the device to automatically re-enable ports To configure the Dell PowerConnect device to automatically re-enable ports that were disabled because of a loop detection, enter the following command. PowerConnect(config)# errdisable recovery cause loop-detection...
  • Page 96 Use the [no] form of the command to disable this feature. Specifying the recovery time interval The recovery time interval specifies the number of seconds the Dell PowerConnect device will wait before automatically re-enabling ports that were disabled because of a loop detection. (Refer to “Configuring the device to automatically re-enable ports”...
  • Page 97 Configuring basic port parameters If a port is errdisabled in Strict mode, it shows “ERR-DISABLE by itself”. If it is errdisabled due to its associated vlan, it shows “ERR-DISABLE by vlan ?” The following command displays the current disabled ports, including the cause and the time. PowerConnect# show loop-detection disable Number of err-disabled ports: 3 You can re-enable err-disable ports one by one by "disable"...

  • Page 98: Syslog Message

    Configuring basic port parameters TABLE 11 Field definitions for the show loop-detection resource command (Continued) This field... Describes... get-mem The number of get-memory requests size The size init The number of requests initiated Syslog message The following message is logged when a port is disabled due to loop detection. This message also appears on the console.

  • Page 99: Operations, Administration, And Maintenance

    IPv4 ping IPv4 traceroute Overview For easy software image management, all Dell PowerConnect devices support the download and upload of software images between the flash modules on the devices and a Trivial File Transfer Protocol (TFTP) server on the network.

  • Page 100: Determining The Software Versions Installed And Running On A Device58

    The system : started=warm start The version information is shown in bold type in this example: • “ 7.2.00aT53” indicates the flash code version number. The “T53” is used by Dell for record keeping. • “labeled as FER07200a” indicates the flash code image label. The label indicates the image type and version and is especially useful if you change the image file name.

  • Page 101: Determining The Boot Image Version Running On The Device

    The flash memory module contains only one boot image. If TFTP was used to install the file on the Dell PowerConnect device, the path may also be displayed with the filename in the show flash output. For example (path1/SXR05100.bin).

  • Page 102: Cli Commands

    Determining the software versions installed and running on a device CLI commands Use the following command syntax to verify the flash image: Syntax: verify md5 | sha1 | crc32 | primary | secondary [] • md5 – Generates a 16-byte hash code •...

  • Page 103: Image File Types

    Image file types Image file types This section lists the boot and flash image file types supported and how to install them on the PowerConnect family of switches. For information about a specific version of code, refer to the release notes. TABLE 13 Software image files Product...

  • Page 104: Using Snmp To Upgrade Software

    You can use a third-party SNMP management application to upgrade software on a PowerConnect device. NOTE Dell recommends that you make a backup copy of the startup-config file before you upgrade the software. If you need to run an older release, you will need to use the backup copy of the startup-config file.

  • Page 105: Changing The Block Size For Tftp File Transfers

    Changing the block size for TFTP file transfers When you use TFTP to copy a file to or from a Dell PowerConnect device, the device transfers the data in blocks of 8192 bytes by default. You can change the block size to one of the following if needed: •...

  • Page 106: Rebooting

    By default, the Dell device first attempts to boot from the image stored in its primary flash, then its secondary flash, and then from a TFTP server. You can modify this booting sequence at the global CONFIG level of the CLI using the boot system…...

  • Page 107: Loading And Saving Configuration Files

    10.1.1.1 Loading and saving configuration files For easy configuration management, all Dell PowerConnect devices support both the download and upload of configuration files between the devices and a TFTP server on the network. You can upload either the startup configuration file or the running configuration file to the TFTP server for backup and use in booting the system: •...

  • Page 108: Replacing The Running Configuration With The Startup Configuration

    You can name the configuration file when you copy it to a TFTP server. However, when you copy a configuration file from the server to a Dell PowerConnect device, the file is always copied as “startup-config” or “running-config”, depending on which type of file you saved to the server.

  • Page 109: Dynamic Configuration Loading

    You can load dynamic configuration commands (commands that do not require a reload to take effect) from a file on a TFTP server into the running-config on the Dell PowerConnect device. You can make configuration changes off-line, then load the changes directly into the device running-config, without reloading the software.
  • Page 110 Loading and saving configuration files NOTE If you copy-and-paste a configuration into a management session, the CLI ignores the “ ! “ instead of changing the CLI to the global CONFIG level. As a result, you might get different results if you copy-and-paste a configuration instead of loading the configuration using TFTP. •...

  • Page 111: Maximum File Sizes For Startup-Config File And Running-Config

    131 permit host pc1 host pc2 Maximum file sizes for startup-config file and running-config Each Dell PowerConnect device has a maximum allowable size for the running-config and the startup-config file. If you use TFTP to load additional information into a device running-config or startup-config file, it is possible to exceed the maximum allowable size.

  • Page 112: Copying A File From An Ipv6 Tftp Server

    Loading and saving configuration files with IPv6 • Copy a file from an IPv6 TFTP server to a specified destination Copying a file to an IPv6 TFTP server You can copy a file from the following sources to an IPv6 TFTP server: •...

  • Page 113: Using The Ipv6 Ncopy Command

    Loading and saving configuration files with IPv6 • Flash memory • Running configuration • Startup configuration Copying a file to flash memory For example, to copy a boot image from an IPv6 TFTP server to the primary or secondary storage location in the device flash memory, enter a command such as the following.

  • Page 114: Uploading Files From An Ipv6 Tftp Server

    Loading and saving configuration files with IPv6 • Copy a primary or secondary boot image from flash memory to an IPv6 TFTP server. • Copy the running configuration to an IPv6 TFTP server. • Copy the startup configuration to an IPv6 TFTP server •...

  • Page 115: Using Snmp To Save And Load Configuration Information

    The the device copies the specified file into the current startup configuration but does not overwrite the current configuration. Using SNMP to save and load configuration information You can use a third-party SNMP management application to save and load a configuration on a Dell PowerConnect device. PowerConnect B-Series FCX Configuration Guide...

  • Page 116: Erasing Image And Configuration Files

    ro | rw where is the community string and can be up to 32 characters long. 2. On the Dell device, enter the following command from the global CONFIG level of the CLI. no snmp-server pw-check This command disables password checking for SNMP set requests.

  • Page 117: Reloading After A Specific Amount Of Time

    Diagnostic error codes and remedies for TFTP transfers Reloading after a specific amount of time To schedule a system reload to occur after a specific amount of time has passed on the system clock, use reload after command. For example, to schedule a system reload from the secondary flash one day and 12 hours later, enter the following command at the global CONFIG level of the CLI.

  • Page 118: Testing Network Connectivity

    This section describes the IPv4 ping command. For details about IPv6 ping, refer to “IPv6 ping” page 255. To verify that a Dell PowerConnect device can reach another device through the network, enter a command such as the following at any level of the CLI on the Dell PowerConnect device: PowerConnect> ping 192.33.4.7 Syntax: ping ...
  • Page 119 "timeout" results are shown in the display as “Success rate is XX percent (X/Y)". The optional max-print-per-sec parameter specifies the maximum number of target responses the Dell PowerConnect device can display per second while in brief mode. You can specify from 0 – 2047. The default is 511.

  • Page 120: Tracing An Ipv4 Route

    “IPv6 Traceroute” on page 253. Use the traceroute command to determine the path through which a Dell PowerConnect device can reach another device. Enter the command at any level of the CLI. The CLI displays trace route information for each hop as soon as the information is received.

  • Page 121: Software-Based Licensing

    Brocade software portal. • License file – The file produced by the Brocade software portal when the license is generated. The file is uploaded to the Dell PowerConnect device and controls access to a licensed feature or feature set. •...

  • Page 122: Software-Based Licensing Overview

    When a license is ordered separately (not pre-installed), an entitlement certificate, along with a transaction key, are issued to the customer by Dell as proof of purchase. The transaction key and LID of the Dell PowerConnect device are used to generate a license key from the Brocade software licensing portal.

  • Page 123: Licensed Features And Part Numbers

    9WYV5(DL-FCX648-E-ADV) N2F2W(DL-FCX648-I-ADV) 9464V(DL-FCX648S-ADV) Licensing rules This section lists the software licensing rules and caveats related to the Dell PowerConnect devices that support software-based licensing. General notes The following licensing rules apply to all PowerConnect devices that support software licensing: •...
  • Page 124 Licensed features and part numbers For example, if stack member unit 4 does not have a license to run BGP whereas the Active controller does, unit 4 has an inferior license and will not be allowed to join the stack. Likewise, if unit 4 has a license to run BGP whereas the Active controller does not, unit 4 has a superior license and will be allowed to join the stack, but will not be elected as the Standby Controller.

  • Page 125: Configuration Tasks

    Configuration tasks Configuration tasks This section describes the configuration tasks for generating and obtaining a software license, then installing it on the Dell PowerConnect device. Perform the tasks in the order listed in Table TABLE 17 Configuration tasks for software licensing Configuration task See...
  • Page 126 Configuration tasks Figure 5 shows the Software Portal Login window. FIGURE 5 Brocade Software Portal Login window PowerConnect B-Series FCX Configuration Guide 53-1002266-01...
  • Page 127 Configuration tasks Figure 6 shows the License Management Welcome window that appears after logging in to the software portal. From this window, mouse over the License Management banner, then IP/Ethernet, then click on License Generation with Transaction key. FIGURE 6 License Management Welcome window License Query PowerConnect B-Series FCX Configuration Guide...
  • Page 128 Configuration tasks Figure 7 shows the IP/Ethernet License Generation window for generating a license using a transaction key and LID. FIGURE 7 IP Ethernet License Generation window Enter the required information in each text box shown in Figure 7. • For a description of the field, move the mouse pointer over the text box.
  • Page 129 Configuration tasks Press the Generate button to generate the license. Figure 8 shows the results window, which displays an order summary and the results of the license request. • If the license request was successful, the “Status” field will indicate Success and the “License File”...

  • Page 130: Installing A License File

    92. Deleting a license A license will remain in the license database until it is deleted. If you want to delete a license, Dell recommends that you first disable the licensed feature before deleting the associated license. To delete a license, enter a command such as the following at the Privileged EXEC level of the CLI: PowerConnect# license delete 7 This command immediately removes the license from the license database.

  • Page 131: Other Licensing Options Available From The Brocade Software Portal

    Other licensing options available from the Brocade Software Portal Other licensing options available from the Brocade Software Portal This section describes other software licensing tasks supported from the Brocade software portal. Viewing software license information You can use the License Query option to view software license information for a particular unit, transaction key, or both.

  • Page 132: Transferring A License

    Transferring a license A license can be transferred between Dell PowerConnect devices if the following conditions are true: •...

  • Page 133: Viewing Information About Software Licenses

    Viewing the License ID (LID) Dell PowerConnect devices that ship during and after the release of software licensing will have the LID imprinted on the label affixed to the device. You also can use the CLI command show version to view the LID on these devices, and on devices that shipped before the release of software licensing.

  • Page 134: Viewing The License Database

    Displays... Index The license hash number that uniquely identifies the license. Package Name The package name for the license. The license ID. This number is embedded in the Dell PowerConnect device. Status Indicates the status of the license: • Valid – A license is valid if the LID matches the serial number of the device for which the license was purchased, and the package name is recognized by the system.

  • Page 135: Viewing Software Packages Installed In The Device

    Viewing information about software licenses Viewing software packages installed in the device Use the show version command to view the software packages that are currently installed in the device. NOTE The software package name is not the same as the license name. PowerConnect#show version Copyright (c) 1996-2010 Brocade Communications Systems, Inc.
  • Page 136 Viewing information about software licenses PowerConnect B-Series FCX Configuration Guide 53-1002266-01...

  • Page 137: Stackable Devices

    This section gives a brief overview of IronStack technology, including IronStack terminology. This section also lists the PowerConnect B-Series FCX models that support stacking. IronStack technology features A stack is a group of devices that are connected so that they operate as a single chassis. Dell IronStack technology features include: •...

  • Page 138: Stackable Models

    IronStack overview • Active Controller, Standby Controller, and member units in a stack • Active Controller management of entire stack • Active Controller download of software images to all stack units • Standby Controller for stack redundancy • Active Controller maintenance of information database for all stack units •...
  • Page 139 Ethernet ports, and cannot be configured for any other purpose while operating as stacking ports. Dell stacking units contain two ports that can be stacking ports. However, the flexible stacking port feature also allows you to use one port as a stacking port and the other port as a regular data port.

  • Page 140: Building An Ironstack

    IronStack topologies IronStack technology supports linear and ring stack topologies. Although stackable units may be connected in a simple linear topology, Dell recommends a ring topology because it offers the best redundancy and the most resilient operation. Mixed unit topologies For more information about PowerConnect B-Series FCX stack topologies, see “PowerConnect...
  • Page 141 Building an IronStack FIGURE 11 PowerConnect B-Series FCX linear and ring stack topologies FIGURE 12 PowerConnect B-FCX-E ring topology stack using SFP+ module ports PowerConnect B-Series FCX Configuration Guide 53-1002266-01...

  • Page 142: Software Requirements

    Building an IronStack FIGURE 13 PowerConnect B-FCX-E linear topology stack using SFP+ module ports FIGURE 14 Mixed linear stack of PowerConnect B-FCX-E devices and PowerConnect B-FCX-S devices Device Software requirements All units in an IronStack must be running the same software version. See “Troubleshooting an IronStack”...

  • Page 143: Scenario 1 - Configuring A Three-Member Ironstack In A Ring Topology Using Secure-Setup

    Building an IronStack 1. Use the secure-setup utility to form your stack. Secure-setup gives you control over the design of your stack topology and provides security through password verification. For the secure-setup procedure, refer to “Scenario 1 - Configuring a three-member IronStack in a ring topology using secure-setup”...
  • Page 144 Building an IronStack • Authentication of secure-setup packets provides verification that these packets are from genuine Dell stack unit. MD5-based port verification confirms stacking ports. • Superuser password is required to allow password-protected devices to become members of an IronStack.
  • Page 145 5. Enter the stack secure-setup command. As shown In the following example, this command triggers a Dell proprietary discovery protocol that begins the discovery process in both upstream and downstream directions. The discovery process produces a list of upstream and downstream devices that are available to join the stack.
  • Page 146 Building an IronStack S FCX648 active 00e0.52ab.cd00 128 local Ready D FCX624 standby 0012.f2d5.2100 60 remote Ready D FCX624 member 0012.f239.2d40 0 remote Ready active standby +---+ +---+ +---+ -2/1| 1 |3/1--2/1| 2 |3/1--2/2| 3 |2/1- +---+ +---+ +---+ Current stack management MAC is 00e0.52ab.cd00 NOTE For field descriptions for the show stack command, refer to “Displaying stack information”...

  • Page 147: Scenario 2 - Configuring A Three-Member Ironstack In A Ring Topology Using The Automatic Setup Process

    Building an IronStack When the Active Controller has finished the authentication process, you will see output that shows the suggested assigned stack IDs for each member. You can accept these recommendations, or you can manually configure stack IDs. Enter the show stack command to verify that all units are in the ready state.
  • Page 148 Building an IronStack Follow the steps given below to configure a three-member IronStack in a ring topology using automatic setup process. 1. Power on the devices. 2. This process requires clean devices (except for the Active Controller) that do not contain any configuration information.
  • Page 149 Building an IronStack PowerConnect# show running config Current configuration: ver 07.2.00a stack unit 1 module 1 FCX-24-port-management-module priority 255 stack unit 2 module 1 FCX-24-port-management-module priority 240 stack unit 3 module 1 FCX-24-port-management-module stack enable NOTE For field descriptions for the show running config command, refer to “Displaying running configuration information”...

  • Page 150: Scenario 3 - Configuring A Three-Member Ironstack In A Ring Topology Using The Manual Configuration Process

    Building an IronStack Scenario 3 - Configuring a three-member IronStack in a ring topology using the manual configuration process NOTE For more detailed information about configuring an PowerConnect B-Series FCX IronStack, see “Configuring an FCX IronStack” on page 109 Follow the steps given below to configure a three-member IronStack in a ring topology using the manual configuration process.

  • Page 151: Configuring An Fcx Ironstack

    Building an IronStack For more information about cabling the devices, refer to the appropriate hardware installation guides. NOTE This method does not guarantee sequential stack IDs. If you want to change stack IDs to make them sequential, you can use secure-setup. Refer to “Renumbering stack units”...
  • Page 152 Building an IronStack NOTE If you are adding PowerConnect B-Series FCX-E or PowerConnect B-Series FCX-I devices to a stack containing PowerConnect B-Series FCX-S devices, you must reconfigure the stacking ports on the PowerConnect B-Series FCX-S devices to be the 10 Gbps ports on the front panel. You can then connect all of the devices in a stack using front panel ports.
  • Page 153 Building an IronStack 0 runts, 0 giants 0 packets output, 0 bytes, 0 underruns Transmitted 0 broadcasts, 0 multicasts, 0 unicasts 0 output errors, 0 collisions Relay Agent Information option: Disabled Changing PowerConnect B-Series FCX-S and PowerConnect B-Series FCXS-PowerConnect B-Series FCX4 ports from 10 Gbps to 16 Gbps To change the PowerConnect B-Series FCX4 ports from 10 Gbps back to 16 Gbps, enter the no speed-duplex 10g command at the interface level of the CLI, as shown in this example.
  • Page 154 Building an IronStack Secure-setup probe packets can be received by a default port whether or not it is acting as a stacking port. Stacking packets can be only received by a stacking port (which is also always a default port). In order to use stacking ports that are not defined in the default configuration, you must define the port settings for each unit using the default-port command, so that secure-setup can discover the topology of the stack.
  • Page 155 Building an IronStack TABLE 22 Slot and port designations for PowerConnect stackable devices Device Slot 1 Slot 2 Slot 3 Slot 4 PowerConnect 24 10/100/1000 ports Two 16 Gbps ports on rear Two 10 Gbps ports B-Series on front panel panel on front panel FCX624S...
  • Page 156 Building an IronStack If you enter an incorrect stack port number, you will get an error similar to the following. PowerConnectconfig-unit-3)# stack-port 3/4/1 Error! port 3/4/1 is invalid PowerConnect(config-unit-3)# stack-port 3/2/1 To return both ports to stacking status, enter the no stack-port command on the single stacking port.

  • Page 157: Configuring A Default Stacking Port To Function As

    Building an IronStack Stack unit 3 Power supply 1 is up Stack unit 3 Power supply 2 is down Config changed due to add/del units. Do write mem if you want to keep it Election, was active, no role change, assigned-ID=1, total 3 units, my priority=128 PowerConnect# Config changed due to add/del units.

  • Page 158: Verifying An Ironstack Configuration

    Building an IronStack Use the form of the command to revert to the 4-byte Ethernet preamble. Verifying an IronStack configuration Verifying an PowerConnect B-Series FCX IronStack configuration The following output shows an example configuration of an PowerConnect B-Series FCX IronStack. PowerConnect# show stack alone: standalone, D: dynamic config, S: static config Type...
  • Page 159 Building an IronStack P-ENGINE 1: type DB90, rev 01 ========================================================================== UNIT 4: SL 2: FCX-2XGC 2-port 16G Module (2-CX4) ========================================================================== UNIT 4: SL 3: FCX-2XG 2-port 16G Module (2-XFP) ========================================================================== UNIT 8: SL 1: FCX-48G 48-port Management Module P-ENGINE 0: type DB90, rev 01 P-ENGINE 1: type DB90, rev 01 ==========================================================================...

  • Page 160: Managing Your Ironstack

    SNMP, use this IP address to acquire MIB information and other management data. A Dell IronStack can be configured and managed using the command line interface (CLI) over a serial connection to a console port, or using Brocade Network Advisor. To determine what version of Brocade Network Advisor supports IronStack refer to the Brocade Network Advisor User Guide.
  • Page 161 Managing your IronStack on the Active Controller physical console port during a reload will not be visible on the console ports of the stack members because the remote connections are not established until the software loading process is complete. It is preferable to connect a cable to the console port on the stack unit that will normally be the Active Controller, rather than to the console port of one of the other stack units.

  • Page 162: Ironstack Management Mac Address

    Managing your IronStack PowerConnect# rconsole 2 Connecting to unit 2... (Press Ctrl-O X to exit) rconsole-2@PowerConnect#show stack Type Role Mac Address Prio State Comment S FCX624P standby 0012.f2e2.ba40 local Ready rconsole-2@PowerConnect# exit rconsole-2@PowerConnect> exit Disconnected. Returning to local session... Establish a remote console session with stack unit 3. PowerConnect# rconsole 3 Connecting to unit 3...
  • Page 163 Managing your IronStack NOTE For hitless stacking failover, Dell recommends that you configure the IronStack MAC address using the stack mac command. Without this configuration, the MAC address of the stack will change to the new base MAC address of the Active Controller. This could cause a spanning tree root change.

  • Page 164: Removing Mac Address Entries

    For field descriptions for the show chassis command, refer to “Displaying chassis information” page 133. Removing MAC address entries You can remove the following types of learned MAC address entries from the Dell system MAC address table: • All MAC address entries •...
  • Page 165 Managing your IronStack IronStack unit priority A unit with a higher priority is more likely to be elected Active Controller. The priority value can be 0 to 255 with a priority of 255 being the highest. The default priority value assigned to the Active Controller and Standby is 128.

  • Page 166: Cli Command Syntax

    “Changing PowerConnect B-Series FCX-S and CX4 ports from 16 Gbps to 10 Gbps” on page 110 kill console “Configuring TACACS/TACACS+ for devices in a Dell IronStack” on page 1165 priority “Changing the priority of a stack unit” on page 123 rconsole “Logging in through the console port”...

  • Page 167: Stacking Mode

    Managing your IronStack TABLE 23 Stacking CLI commands (Continued) Command Description location... show statistics stack-port “Displaying stacking port statistics” on page 146 show interfaces stack-ports “Displaying stacking port interface information” on page 145 show version “Displaying software version information” on page 144 stack enable “Stacking mode”...

  • Page 168: Copying The Flash Image To A Stack Unit From The Active Controller

    Managing your IronStack NOTE The two left ports on the Four-port 10Gbps SFP+ module do not pass regular Ethernet traffic by default. The stack disable command must be entered at the global level and the stack disable command must be configured on these two ports in order for them to pass regular traffic. Copying the flash image to a stack unit from the Active Controller To copy the flash image to a stack unit from the Active Controller primary or secondary flash, enter...

  • Page 169: Managing Ironstack Partitioning

    Managing your IronStack Available UPSTREAM units Hop(s) Type Mac Address FCX624 0012.f2d5.2100 FCX624 001b.ed5d.9940 Available DOWNSTREAM units Hop(s) Type Mac Address FCX624 001b.ed5d.9940 FCX624 0012.f2d5.2100 Do you accept the topology (RING) (y/n)?: n Available UPSTREAM units Hop(s) Type Mac Address FCX624 0012.f2d5.2100 FCX624...

  • Page 170: Mib Support For The Ironstack

    Managing your IronStack To reverse the partitioning, reconnect all of the units into the original stack topology using the stacking ports. This is the same as merging stacks. If the original Active Controller again has the highest priority, it will regain its role. If two partition Active Controllers have the same priority, the Active Controller with the most stack members will win the election.
  • Page 171 Managing your IronStack the stack MAC address changes. During this configured interval, if the previous Active Controller is reinstalled in the stack, the stack continues to use the MAC address of this unit, even though it may no longer be the Active Controller. If the previous Active Controller does not rejoin the stack during the specified time interval, the stack assumes the address of the new Active Controller as the stack MAC address.

  • Page 172: Unconfiguring An Ironstack

    Managing your IronStack priority 40 stack enable stack persistent-mac 60 To display the stack MAC addresses, enter the show stack command. PowerConnect(config)# show stack alone: standalone, D: dynamic config, S: static config Type Role Mac Address Prio State Comment FCX648S active 0012.f2d5.9380 local Ready...

  • Page 173: Displaying Ironstack Information

    Managing your IronStack • me - unconfigure this unit only • clean - removes all startup configuration files including v4 and v5 and makes this a clean unit NOTE The stack unconfigure me command is available to all units, while stack unconfigure all and stack unconfigure ...
  • Page 174 Managing your IronStack Compressed Pri Code size = 3034232, Version 05.0.00T7e1 (FCX05000.bin) Compressed Sec Code size = 2873523, Version 04.2.00aT7e1 (FCX04200a.bin) Compressed BootROM Code size = 403073, Version 03.0.00T7e5 Code Flash Free Space = 24117248 Stack unit 3: Compressed Pri Code size = 3034232, Version 05.0.00T7e1 (FCX05000.bin) Compressed Sec Code size = 2873568, Version 04.2.00T7e1 (FCX04200.bin) Compressed BootROM Code size = 405217, Version 04.0.00T7e5 Code Flash Free Space = 2252800...

  • Page 175: Displaying Chassis Information

    Managing your IronStack Dynamic memory: 238026752 bytes total, 182820504 bytes free, 23% used Stack unit 8: Total DRAM: 268435456 bytes Dynamic memory: 238026752 bytes total, 182811440 bytes free, 23% used PowerConnect# Syntax: show memory Table 25 describes the fields displayed in this output example. TABLE 25 Field definitions for the show memory command This field...
  • Page 176 Managing your IronStack Fan 1 ok Fan 2 ok Exhaust Side Temperature Readings: Current temperature : 31.5 deg-C Warning level..: 85.0 deg-C Shutdown level..: 90.0 deg-C Intake Side Temperature Readings: Current temperature : 32.0 deg-C Boot Prom MAC: 0012.f2db.e500 Syntax: show chassis Table 26 describes the fields displayed in this output example.
  • Page 177 Managing your IronStack S8:M2 FCX-1XG 1-port 16G Module (1-XFP) 0012.f2eb.d570 S8:M3 FCX-1XG 1-port 16G Module (1-XFP) 0012.f2eb.d571 PowerConnect(config)# Syntax: show module Table 27 describes the fields displayed in this output example. TABLE 27 Field definitions for the show module command This field...
  • Page 178 Managing your IronStack The show stack command displays general information about an IronStack, for all members, for a specified member, and with additional detail if required. The following output covers the entire stack. PowerConnect(config)# show stack alone: standalone, D: dynamic config, S: static config Type Role Mac Address...
  • Page 179 Managing your IronStack TABLE 29 Field descriptions for the show stack command This field Indicates... alone: Standalone This device is operating as a standalone device S: static configuration The configuration for this unit is static (has been saved with a write memory command).
  • Page 180 Managing your IronStack TABLE 31 Field descriptions for the show stack flash command This field Indicates... Device ID role The role of this device in the stack priority The priority of this device in the stack config Indicates the port state (up or down) and identifies the port by number (stack-ID/slot/port).
  • Page 181 Managing your IronStack Msgs sent: 0, Msgs received: 0 Atomic batches sent: 0, Atomic batches received: 0 Pkts sent: 1, Pkts received: 6 Msg bytes sent: 0, Msg bytes received: 0 Pkt bytes sent: 12, Pkt bytes received: 72 Flushes requested: 0, Suspends: 0, Resumes: 0 Packets sent with data (DAT), ACKs, and window updates (WND): Other: 1, ACK: 0, WND: 0, ACK+WND: 0 DAT: 0, DAT+ACK: 0, DAT+WND: 0, DAT+ACK+WND: 0...
  • Page 182 Managing your IronStack Session state: established (last established 31 minutes 11 seconds ago) Connections established: 1 Remote resets: 0, Reset packets sent: 0 Connection statistics (for current connection, if established): Msgs sent: 955, Msgs received: 489 Atomic batches sent: 0, Atomic batches received: 0 Pkts sent: 1172, Pkts received: 1054 Msg bytes sent: 43705, Msg bytes received: 18696 Pkt bytes sent: 236968, Pkt bytes received: 33564...
  • Page 183 Managing your IronStack Pkts sent: 8, Pkts received: 13 Msg bytes sent: 123, Msg bytes received: 20V Pkt bytes sent: 232, Pkt bytes received: 296 Flushes requested: 2, Suspends: 0, Resumes: 0 Packets sent with data (DAT), ACKs, and window updates (WND) Other: 5, ACK: 1, WND: 0, ACK+WND: 0 DAT: 2, DAT+ACK: 0, DAT+WND: 0, DAT+ACK+WND: 0 Data retransmits done: 0, Zero-window probes sent: 0...
  • Page 184 Managing your IronStack Other: 1, ACK: 0, WND: 0, ACK+WND: 0 DAT: 0, DAT+ACK: 0, DAT+WND: 0, DAT+ACK+WND: 0 Data retransmits done: 0, Zero-window probes sent: 0 Dup ACK pkts rcvd: 7, Pkts rcvd w/dup data: 0 Pkts rcvd w/data past window: 0 Session statistics, unit 3, channel 3: Session state: established (last established 32 minutes 19 seconds ago) Connections established: 1...
  • Page 185 Managing your IronStack Table 32 describes the output from the show stack neighbors command. TABLE 32 Field descriptions for the show stack neighbors command This field Indicates... The stack identification number for this unit. Stack-port1 Identifies the neighbor stack unit for stack-port1 for this unit id Stack-port2 Identifies the neighbor stack unit for stack-port2 for this unit id Displaying stack port information...

  • Page 186: Displaying Software Version Information

    Managing your IronStack module 3 FCX-xfp-1-port-16g-module priority 128 stack enable Syntax: show running-config Table 34 describes the output from the show running-config command. TABLE 34 Field descriptions for the show running-config command This field Indicates... Stack unit <#> The stack identification number for this unit. Module <#>...
  • Page 187 Managing your IronStack (3054675 bytes) from Primary FCX05000.bin BootROM: Version 04.0.00T7e5 (FEv2) HW: Chassis FCX648 ========================================================================== STACKID 1: SL 1: FCX-24G 24-port Management Module Serial #: PR11060248 P-ASIC 0: type D804, rev 01 ========================================================================== STACKID 1: SL 2: FCX-2XGC 2-port 16G Module (2-CX4) ========================================================================== STACKID 1: SL 3: FCX-1XG 1-port 16G Module (1-XFP) ==========================================================================...
  • Page 188 Managing your IronStack PowerConnect# show interfaces stack-ports Port Link State Dupl Speed Trunk Tag P MAC Name 1/2/1 Forward Full 10G-CX4 None l 0012.f2e4.6e30 1/2/2 Forward Full 10G-CX4 None l 0012.f2e4.6e31 2/2/1 Forward Full 10G-CX4 None l 0012.f2e3.11f0 2/2/2 Forward Full 10G-CX4 None l 0012.f2e3.11f1 3/2/1...

  • Page 189: Adding, Removing, Or Replacing Units In An Ironstack

    Managing your IronStack Syntax: show statistics stack-ports Table 36 describes the fields displayed by the show statistics stack-ports command. TABLE 36 Field definitions for the show statistics stack-ports command This field Indicates... Port The stack identification number for this unit. In Packets The number of incoming packets on this port Out Packets...
  • Page 190 Managing your IronStack • If the Active Controller has configuration information for a new unit, and it matches the base module (module 1) of the new unit, no action is necessary. If configuration information for non-base modules on the new unit does not match the information on the Active Controller, the Active Controller learns the configuration for the new unit module types and merges it with the information it has for the base module.

  • Page 191: Renumbering Stack Units

    Managing your IronStack NOTE Adding, removing or replacing a stack unit which is not at the end of linear topology may cause the other units in the stack to reset if these units lose their path to the Active Controller during the process.
  • Page 192 Managing your IronStack FCX624 001b.ed5d.9940 Do you accept the unit ids? (y/n)?: n Enter an unused id for the UPSTREAM FCX623 unit a 1 hop(s) (1-8)[5]: 2 Enter an unused id for the UPSTREAM FCX624 unit at 2 hop(s) (1-8) [6]: 3 PowerConnect# Election, was active, no role change, assigned-ID=1 reset unit 2: diff bootup id=5 reset unit 3: diff bootup id=6...

  • Page 193: Syslog, Snmp, And Traps

    SNMP engine IDs for stackable devices For Dell stacking devices, if an engine ID is not manually created or a stack MAC address is not specified and saved, the stack will lose its engine ID if the Active Controller fails and the Standby Controller takes over, because the Standby Controller creates a new engine ID at bootup.

  • Page 194: Troubleshooting An Unsuccessful Stack Build

    Troubleshooting an IronStack Troubleshooting an unsuccessful stack build If you are unable to build a stack, (for example, the show stack command does not display any stack units), perform the following steps. 1. Enter the show run command on each unit to make sure the configuration contains “stack enable”.

  • Page 195: Troubleshooting Image Copy Issues

    Troubleshooting an IronStack If the send message types: field is empty, it means that stack enable has not been configured. If the number of Recv IPC packets increases, but there are no Recv message types, then the packets are being dropped for various reasons, including the wrong IPC version, or a checksum error.

  • Page 196: Stack Mismatches

    Stack mismatches Stack mismatches When a stack mismatch occurs, the Active Controller can put any stack member into a non-operational state, which disables all of the ports except the stacking ports. Stack mismatches can occur for a variety of reasons, which are discussed in this section. NOTE The Active Controller can still download an image to the non-operational unit.

  • Page 197: Configuration Mismatch

    Image mismatches Major mismatch A major mismatch indicates an Interprocessor Communications (IPC)-related data structure change, or an election algorithm change, or that a version of the software that does not support stacking is installed on a unit. This can happen when the software undergoes a major change (such as a change from 05.0.00 to 05.1.00).

  • Page 198: Memory Allocation Failure

    Image mismatches Configuration mismatches can happen during manual setups, or when moving a unit from one stack to another stack. Secure-setup will try to overwrite a configuration mismatch even if the configuration is static. The overwrite attempt may fail if there are multi-slot trunk or LACP configurations on the ports of the unit to be overwritten.

  • Page 199: Troubleshooting Secure-Setup

    Image mismatches PowerConnectt# show running config stack unit 1 module 1 FCX-24-port-management-module module 3 FCX-cx4-2-port-16g-module module 4 FCX-xfp-2-port-16g-module priority 128 stack unit 2 module 1 FCX-24-port-management-module module 3 FCX-xfp-2-port-16g-module stack unit 3 module 1 FCX-48-port-management-module module 2 FCX-cx4-2-port-16g-module module 3 FCX-cx4-2-port-16g-module stack enable 3.

  • Page 200: Troubleshooting Unit Replacement Issues

    More about IronStack technology If secure-setup times out (this may happen due to inactivity), you will not be able to make any changes in your configuration or stack topology until you restart the session by entering the stack secure-setup command. The unit discovery process is triggered when secure-setup is initiated.

  • Page 201: Ironstack Topologies

    More about IronStack technology will recover their original startup-config.txt files and reboot as standalone devices. If you enter the stack unconfigure all command from the Active Controller all devices will recover their old startup-config.txt files and become standalone devices. When this happens, the startup-config.old file is renamed to startup-config.txt, and the stacking.boot file is removed.
  • Page 202 More about IronStack technology • Active Controller • Standby Controller • Stack member Active Controller The Active Controller contains the saved and running configuration files for each stack member. The configuration files include the system-level settings for the stack, and the interface-level settings for each stack member, as well as MIB counters and port status.
  • Page 203 More about IronStack technology Example My stack unit ID = 1, bootup role = active My stack unit ID = 3, bootup role = standby Active Controller and Standby Controller elections Whenever there is a topology change in the stack (a reset, unit failure, or the addition or removal of members), elections are held to determine the status of the Active Controller and Standby Controller.

  • Page 204: Powerconnect B-Series Fcx Hitless Stacking

    PowerConnect B-Series FCX hitless stacking Standby Controller election criteria The Standby Controller election is based on the following criteria. 1. The highest priority 2. Bootup as Active Controller 3. Bootup as Standby Controller 4. The lowest boot ID 5. The lowest MAC address Since Standby election candidates must have startup configurations that have been synchronized with the Active Controller, if the Active Controller does not have a startup-config.txt file, there will not be a Standby Controller.

  • Page 205: Supported Events

    PowerConnect B-Series FCX hitless stacking Supported events The following events are supported by hitless stacking: • Failover • Switchover • Priority change • Role change Non-supported events The following events are not supported by hitless stacking. These events require a software reload, resulting in an impact to data traffic.
  • Page 206 PowerConnect B-Series FCX hitless stacking TABLE 37 Hitless-supported services and protocols – PowerConnect B-Series FCX Traffic type Supported protocols and services Impact • Layer 2 switched traffic, 802.1p and 802.1Q Layer 2 switched traffic is not impacted during a hitless •...

  • Page 207: Configuration Notes And Feature Limitations

    Configuration notes and feature limitations • For hitless stacking on the PowerConnect B-Series FCX, Dell recommends that you configure the IronStack MAC address using the stack mac command. Without this configuration, the MAC address of the stack will change to the new base MAC address of the Active Controller.

  • Page 208: What Happens During A Hitless Stacking Switchover Or

    PowerConnect B-Series FCX hitless stacking (for example, a personal computer) pinging the stack might encounter a long delay depending on the client MAC aging time. The client won’t work until it ages out the old MAC address and sends ARP requests to relearn the new stack MAC address. Refer to “Manual allocation of the IronStack MAC address”...
  • Page 209 PowerConnect B-Series FCX hitless stacking • Hardware Abstraction Layer (HAL) – This includes the prefix-based routing table, next hop information for outgoing interfaces, and tunnel information. • Layer 3 IP forwarding information – This includes the routing table, IP cache table, and ARP table, as well as static and connected routes.

  • Page 210: Standby Controller Role In Hitless Stacking

    PowerConnect B-Series FCX hitless stacking Standby Controller role in hitless stacking In software releases that do not support hitless stacking, the Standby Controller functions as a dummy device, meaning it provides limited access to the CLI, such as show, stack, and a few debug commands.

  • Page 211: Support During Stack Formation, Stack Merge

    PowerConnect B-Series FCX hitless stacking When the Standby Controller is fully synchronized, the system will be ready for a switchover or failover. Runtime configuration mismatch In some cases, such as a runtime configuration mismatch between the Active Controller and candidate Standby Controller, the Standby Controller cannot be assigned by the Active Controller unless the candidate Standby Controller is reloaded.
  • Page 212 PowerConnect B-Series FCX hitless stacking Figure 15 illustrates hitless stacking support during stack formation. Operational stages 1 and 2 are also shown in this illustration. FIGURE 15 Hitless stacking support during stack formation Device stack formation FCX stack formation New Stack A stack is created using secure setup or “stack enable”...
  • Page 213 PowerConnect B-Series FCX hitless stacking Figure 16 illustrates hitless stacking support during a stack merge. FIGURE 16 Hitless stacking support during a stack merge Device stack merge Stack 1 Stack 2 Member 1 (pri=30) Active 1 (pri=30) Member 2 (pri=20) Active 1 (pri=100) Standby 2 (pri=20) Member 3 (pri=10)
  • Page 214 PowerConnect B-Series FCX hitless stacking Figure 17 illustrates hitless stacking support in a stack split. FIGURE 17 Hitless stacking support in a stack split stack split Active 1 (pri=30) Standby 2 (pri=20) Member 3 (pri=10) Member 4 (pri=0) Active 1 (pri=30) Member 3 (pri=10) Standby 2 (pri=20) Member 4 (pri=0)

  • Page 215: Hitless Stacking Default Behavior

    PowerConnect B-Series FCX hitless stacking Hitless stacking default behavior Hitless stacking is disabled by default. When disabled, the following limitations are in effect: • If a failover occurs, every unit in the stack will reload • Manual switchover is not allowed. If the CLI command stack switch-over is entered, the following message will appear on the console: Switch-over is not allowed.
  • Page 216 PowerConnect B-Series FCX hitless stacking Enabling hitless stacking Hitless stacking is disabled by default. To enable it, enable hitless failover as described in “Enabling hitless failover” on page 175. Displaying hitless stacking status You can use the show stack command to view whether or not hitless stacking is enabled. The following example shows that hitless stacking is disabled.

  • Page 217: Hitless Stacking Failover

    PowerConnect B-Series FCX hitless stacking Syntax: show stack Hitless stacking failover Hitless stacking failover provides automatic failover from the Active Controller to the Standby Controller without resetting any of the units in the stack and with sub-second or no packet loss to hitless stacking-supported services and protocols.

  • Page 218: Hitless Stacking Switchover

    PowerConnect B-Series FCX hitless stacking Hitless stacking failover example Figure 18 illustrates hitless stacking failover operation when the Active Controller fails. FIGURE 18 Hitless stacking failover when the Active Controller fails The stack comes back without the Active controller The Active controller fails after the stack reloads Active 1 Member 2 = bootup Standby...
  • Page 219 PowerConnect B-Series FCX hitless stacking For a description this feature’s impact to major system functions, refer to Table 37 on page 164. For examples of hitless stacking switchover operation, refer to “Hitless stacking switchover examples” on page 178. Executing a hitless stacking switchover The following must be in effect before a hitless switchover (switch over to the Standby Controller) is allowed: •...
  • Page 220 PowerConnect B-Series FCX hitless stacking Hitless stacking switchover examples This section illustrates hitless stacking failover and switchover operation during a CLI-driven switchover or priority change. Figure 19 illustrates a hitless stacking switchover triggered by the stack switch-over command. FIGURE 19 Manual switchover Device stack manual switchover Active 1...
  • Page 221 PowerConnect B-Series FCX hitless stacking Figure 20 illustrates a hitless stacking switchover when the Active Controller goes down then comes back up. The stack in this example has user-configured priorities. FIGURE 20 Hitless stacking switchover when the Active Controller comes back up Active controller comes back (in a stack with user-assigned priorities) The Active controller fails...
  • Page 222 PowerConnect B-Series FCX hitless stacking Figure 21 illustrates a hitless stacking switchover after the network administrator increases the priority value of the Standby Controller. FIGURE 21 Scenario 1 – Hitless stacking switchover after a priority change Device stack priority change - Scenario 1 FCX stack formation Active 1 (pri=100) Standby 2 (pri=0)
  • Page 223 PowerConnect B-Series FCX hitless stacking Figure 22 illustrates a hitless stacking switchover after the network administrator increases the priority value of one of the stack members. FIGURE 22 Scenario 2 – Hitless stacking switchover after a priority change Device stack priority change - Scenario 2 FCX stack formation Active 1 (pri=100) Standby 1 (pri=100)
  • Page 224 PowerConnect B-Series FCX hitless stacking Figure 23 illustrates a hitless stacking switchover after the network administrator increases the priority value for two of the stack members. FIGURE 23 Scenario 3 – Hitless stacking switchover after a priority change FCX stack formation Device stack priority change - Scenario 3 Active 1 (pri=100) Standby 2 (pri=0)

  • Page 225: Displaying Information About Hitless Stacking

    PowerConnect B-Series FCX hitless stacking Displaying information about hitless stacking Use the show stack command to view information pertinent to a hitless stacking switchover or failover. The command output illustrates the Active and Standby Controllers, as well as the readiness of the Standby Controller to take over the role of Active Controller, if needed. PowerConnect#show stack alone: standalone, D: dynamic config, S: static config Type...

  • Page 226: Displaying Hitless Stacking Diagnostic Information

    PowerConnect B-Series FCX hitless stacking To view the System log or the traps logged on an SNMP trap receiver, enter the show log command at any level of the CLI. The following example output shows what the log might look like after a switchover or assignment of the Standby Controller.
  • Page 227 PowerConnect B-Series FCX hitless stacking PowerConnect# debug stacking sync_rel_msg 4 stk_sync_trunk_mapping:sending trunk mapping... start running config sync sync_cdb:send cdb:sess = 0, pBuf = 2132f068 sync_cdb:send cdb:sess = 0, pBuf = 2132f57c stk_sync_cdb:finished cdb sync PowerConnect# debug stacking sync_rel_msg 8 Hitless sync: TRUNK INFO size (1282) ************************************* Trunk ID: 10 (1 based), (Hw Trunk ID: 1), g_sw_sys.trunk_config.trunk_entry[#9]...
  • Page 228 PowerConnect B-Series FCX hitless stacking PowerConnect B-Series FCX Configuration Guide 53-1002266-01...
  • Page 229 PowerConnect B-Series FCX hitless stacking PowerConnect B-Series FCX Configuration Guide 53-1002266-01...
  • Page 230 PowerConnect B-Series FCX hitless stacking PowerConnect B-Series FCX Configuration Guide 53-1002266-01...

  • Page 231: Monitoring Hardware Components

    This method of cable analysis is referred to as Time Domain Reflectometry (TDR). By examining the reflection, the Dell PowerConnect device can detect and report cable statistics such as local and remote link pair, cable length, and link status.

  • Page 232: Viewing The Results Of The Cable Analysis

    Virtual cable testing Syntax: phy cable-diag tdr Specify the variable in the following formats: • PowerConnect B-Series FCX stackable switches – Viewing the results of the cable analysis To display the results of the cable analysis, enter a command such as the following at the Privileged EXEC level of the CLI.

  • Page 233: Supported Fiber Optic Transceivers

    Table 42 lists the Small Form-Factor Pluggable (SFP) and 10-Gigabit Small Form Factor Pluggable (XFP) fiber optic transceivers supported on PowerConnect devices. TABLE 42 Supported fiber optic transceivers Label Manufacturing part number Type Dell part number Supports Digital Optical Monitoring? E1MG-BXD TRPBG1LXDBVS2FY 1000Base-BXD PYD7H...

  • Page 234: Digital Optical Monitoring

    Configuration limitations A Dell chassis device can monitor a maximum of 24 SFPs and 12 XFPs. Enabling digital optical monitoring To enable optical monitoring on all Dell-qualified optics installed in the device, use the following command. PowerConnect(config)#optical-monitor To enable optical monitoring on a specific port, use the following command.

  • Page 235: Setting The Alarm Interval

    Digital optical monitoring Use the no form of the command to disable digital optical monitoring. Setting the alarm interval You can optionally change the interval between which alarms and warning messages are sent. The default interval is three minutes. To change the interval, use the following command. PowerConnect(config)#interface ethernet 1/1 to 1/2 PowerConnect(config-mif-e10000-1/1-1/2)#optical-monitor 10 Syntax: [no] optical-monitor []...

  • Page 236: Viewing Optical Monitoring Information

    Digital optical monitoring Port 24: Type : 1G M-C Port 25: Type : 10G XG-SR(XFP) Vendor: Brocade Communications Inc. Version: 02 Part# : JXPR01SW05306 Serial#: F617604000A3 Port 26: Type : EMPTY Use the show media slot command to obtain information about the media device installed in a slot. PowerConnect#show media slot 1 Port 1/1: Type...
  • Page 237 The following table describes the information displayed by the show optic command. TABLE 43 Output from the show optic command This field... Displays... Port The Dell port number. • Temperature The operating temperature, in degrees Celsius, of the optical transceiver. •...

  • Page 238: Syslog Messages

    • The optical transceiver does not support digital optical monitoring. • The optical transceiver is not qualified, and therefore not supported by Dell. For details about the above Syslog messages, refer to Chapter 41, “Using Syslog”.

  • Page 239: Configuring Ipv6 Management On Powerconnect B-Series Fcxswitches

    Chapter Configuring IPv6 Management on PowerConnect B-Series FCXSwitches Table 45 lists the individual Dell PowerConnect switches and the IPv6 management features they support. NOTE The following table only shows the IPv6 management features that are supported. Full IPv6 L2/L3 support will be added in a future release.

  • Page 240: Ipv6 Management Overview

    Dell PowerConnect devices that support IPv6 may be used as management hosts. Interfaces on these devices are configured with IPv6 addresses, but do not have full IPv6 routing enabled. IPv6 is available on all Dell PowerConnect devices that are running Layer 2, base Layer 3, or full Layer 3 software images.

  • Page 241: Enabling And Disabling Ipv6

    2001:FF08:49EA:D088::/64 Enabling and disabling IPv6 IPv6 is enabled by default for Dell PowerConnect devices that support it. If desired, you can disable IPv6 on a global basis on an device by entering the following command at the Global CONFIG level of the CLI.

  • Page 242: Ipv6 Debug

    You must enclose the IPv6 address with square brackets [ ] in order for the Web browser to work. Restricting web access You can restrict Web management access to include only management functions on a Dell PowerConnect device that is acting as an IPv6 host, or restrict access so that the PowerConnect host can be reached by a specified IPv6 device.

  • Page 243: Ipv6 Logging

    The Domain Name Server (DNS) resolver feature lets you use a host name to perform Telnet, ping, and traceroute commands. You can also define a DNS domain on a Dell PowerConnect device and thereby recognize all hosts within that domain. After you define a domain name, the Dell PowerConnect device automatically appends the appropriate domain to the host and forwards it to the domain name server.

  • Page 244: Ipv6 Ping

    AAAA records, it can still respond to DNS queries. IPv6 ping The ping command allows you to verify the connectivity from a Dell PowerConnect device to an IPv6 device by performing an ICMP for IPv6 echo test.

  • Page 245: Sntp Over Ipv6

    I Indicates that the user interrupted ping. SNTP over IPv6 To enable the Dell PowerConnect device to send SNTP packets over IPv6, enter a command such as the following at the Global CONFIG level of the CLI. PowerConnect(config)#sntp server ipv6 3000::400 Syntax: sntp server ipv6 ...

  • Page 246: Secure Shell, Scp, And Ipv6

    Secure Shell (SSH) is a mechanism that allows secure remote access to management functions on the Dell PowerConnect device. SSH provides a function similar to Telnet. You can log in to and configure the Dell PowerConnect device using a publicly or commercially available SSH client program, just as you can with Telnet.

  • Page 247: Ipv6 Traceroute

    In addition, if there are multiple equal-cost routes to the destination, the Dell PowerConnect device displays up to three responses. For example, to trace the path from the Dell PowerConnect device to a host with an IPv6 address of 3301:23dd:349e:a384::34, enter the following command.
  • Page 248 IPv6 management commands PowerConnect B-Series FCX Configuration Guide 53-1002266-01...

  • Page 249: Stp Overview

    Chapter Configuring Spanning Tree Protocol (STP) Related Features Table 46 lists the individual Dell PowerConnect switches and the Spanning Tree Protocol (STP) features they support. TABLE 46 Supported STP features Feature PowerConnect B-Series FCX 802.1s Multiple Spanning Tree 802.1W Rapid Spanning Tree (RSTP) 802.1D Spanning Tree Support...

  • Page 250: Configuring Standard Stp Parameters

    STP is enabled by default on Layer 2 Switches but disabled by default on Layer 3 Switches. By default, each port-based VLAN on a Dell PowerConnect device runs a separate spanning tree (a separate instance of STP). A Dell PowerConnect device has one port-based VLAN (VLAN 1) by default that contains all the device ports.

  • Page 251: Enabling Or Disabling The Spanning Tree Protocol (Stp)

    A higher numerical value means a lower priority; thus, the highest priority is 0. NOTE If you plan to change STP bridge timers, Dell recommends that you stay within the following ranges, from section 8.10.2 of the IEEE STP specification. 2 * (forward_delay -1) >= max_age max_age >= 2 * (hello_time +1)

  • Page 252: Changing Stp Bridge And Port Parameters

    VLAN, you can no longer configure standard STP parameters globally using the CLI. From that point on, you can configure STP only within individual VLANs. To enable STP for all ports in all VLANs on a Dell PowerConnect device, enter the following command.
  • Page 253 2 * (forward_delay -1) >= max_age max_age >= 2 * (hello_time +1) To change a STP bridge priority on a Dell PowerConnect device to the highest value to make the device the root bridge, enter the following command. PowerConnect(config)#spanning-tree priority 0 The command in this example changes the priority on a device on which you have not configured port-based VLANs.

  • Page 254: Stp Protection Enhancement

    STP topology change. In this case, you can enable the STP Protection feature on the Dell PowerConnect port to which the end station is connected. STP Protection disables the connected device ability to initiate or participate in an STP topology change, by dropping all BPDUs received from the connected device.
  • Page 255 Enter the no form of the command to disable STP protection on the port. Clearing BPDU drop counters For each port that has STP Protection enabled, the Dell PowerConnect device counts and records the number of dropped BPDUs. You can use CLI commands to clear the BPDU drop counters for all ports on the device, or for a specific port on the device.

  • Page 256: Displaying Stp Information

    Configuring standard STP parameters PowerConnect#show stp-protect e 3 STP-protect is enabled on port 3. BPDU drop count is 478 If you enter the show stp-protect command for a port that does not have STP protection enabled, the following message displays on the console. PowerConnect#show stp-protect e 4 STP-protect is not enabled on port 4.
  • Page 257 Configuring standard STP parameters Displaying STP information for an entire device To display STP information, enter the following command at any level of the CLI. PowerConnect#show span VLAN 1 BPDU cam_index is 3 and the Master DMA Are(HEX) STP instance owned by VLAN 1 Global STP (IEEE 802.1D) Parameters: VLAN Root Root Root Prio Max He- Ho- Fwd Last...
  • Page 258 Configuring standard STP parameters TABLE 50 CLI display of STP information This field... Displays... Global STP parameters VLAN ID The port-based VLAN that contains this spanning tree (instance of STP). VLAN 1 is the default VLAN. If you have not configured port-based VLANs on this device, all STP information is for VLAN 1.

  • Page 259: Displaying Cpu Utilization Statistics

    Configuring standard STP parameters TABLE 50 CLI display of STP information (Continued) This field... Displays... State The port STP state. The state can be one of the following: • BLOCKING – STP has blocked Layer 2 traffic on this port to prevent a loop. The device or VLAN can reach the root bridge using another port, whose state is FORWARDING.
  • Page 260 Configuring standard STP parameters PowerConnect#show process cpu The system has only been up for 6 seconds. Process Name 5Sec(%) 1Min(%) 5Min(%) 15Min(%) Runtime(ms) 0.01 0.00 0.00 0.00 0.00 0.00 0.00 0.00 GVRP 0.00 0.00 0.00 0.00 ICMP 0.01 0.00 0.00 0.00 0.00 0.00...
  • Page 261 Configuring standard STP parameters PowerConnect#show vlans Total PORT-VLAN entries: 2 Maximum PORT-VLAN entries: 16 legend: [S=Slot] PORT-VLAN 1, Name DEFAULT-VLAN, Priority level0, Spanning tree On Untagged Ports: (S3) 9 10 11 12 13 14 15 16 Untagged Ports: (S3) 17 18 19 20 21 22 23 24 Untagged Ports: (S4) 9 10 11 12 13 14 15 16 17 Untagged Ports: (S4) 18 19 20 21 22 23 24...
  • Page 262 Configuring standard STP parameters If a port is disabled, the only information shown by this command is “DISABLED”. If a port is enabled, this display shows the following information. Syntax: show span detail [vlan [ethernet | ] The vlan parameter specifies a VLAN. Specify the ...
  • Page 263 Configuring standard STP parameters TABLE 51 CLI display of detailed STP information for ports (Continued) This field... Displays... Port number and STP state The internal port number and the port STP state. The internal port number is one of the following: •...
  • Page 264 Configuring standard STP parameters PowerConnect#show span detail vlan 1 ethernet 7/1 Port 7/1 is FORWARDING Port - Path cost: 19, Priority: 128, Root: 0x800000e052a9bb00 Designated - Bridge: 0x800000e052a9bb00, Interface: 7, Path cost: 0 Active Timers - None BPDUs - Sent: 29, Received: 0 Syntax: show span detail [vlan ...

  • Page 265: Configuring Stp Related Features

    Fast Port Span reduces the number of STP topology change notifications on the network. When an end station attached to a Fast Span port comes up or down, the Dell PowerConnect device does not generate a topology change notification for the port. In this situation, the notification is unnecessary since a change in the state of the host does not affect the network topology.
  • Page 266 Configuring STP related features • Fast Port Span eliminates unnecessary MAC cache aging that can be caused by topology change notifications. Bridging devices age out the learned MAC addresses in their MAC caches if the addresses are unrefreshed for a given period of time, sometimes called the MAC aging interval.

  • Page 267: Fast Uplink Span

    (two seconds for listening and two seconds for learning). The wiring closet switch must be a Dell PowerConnect device but the device at the other end of the link can be a Dell PowerConnect device or another vendor’s switch.
  • Page 268 Configuring STP related features NOTE To avoid the potential for temporary bridging loops, recommends that you use the Fast Uplink feature only for wiring closet switches (switches at the edge of the network cloud). In addition, enable the feature only on a group of ports intended for redundancy, so that at any given time only one of the ports is expected to be in the forwarding state.

  • Page 269: W Rapid Spanning Tree (Rstp)

    802.1W Draft 3 is referred to as RSTP Draft 3. RSTP Draft3 will continue to be supported on Dell PowerConnect devices for backward compatibility. However, customers who are currently using RSTP Draft 3 should migrate to 802.1W.
  • Page 270 Configuring STP related features • Classic or legacy 802.1D STP protocol requires a newly selected Root port to go through listening and learning stages before traffic convergence can be achieved. The 802.1D traffic convergence time is calculated using the following formula. 2 x FORWARD_DELAY + BRIDGE_MAX_AGE.
  • Page 271 Configuring STP related features Assignment of port roles At system start-up, all 802.1W-enabled bridge ports assume a Designated role. Once start-up is complete, the 802.1W algorithm calculates the superiority or inferiority of the RST BPDU that is received and transmitted on a port. On a root bridge, each port is assigned a Designated port role, except for ports on the same bridge that are physically connected together.
  • Page 272 Configuring STP related features FIGURE 26 Simple 802.1W topology Port7 Port8 Switch 2 Switch 1 Port2 Port2 Bridge priority = 200 Bridge priority = 100 Port4 Port3 Port3 Port2 Port3 Port3 Switch 3 Switch 4 Port4 Port4 Bridge priority = 300 Bridge priority = 400 Ports on Switch 1 All ports on Switch 1, the root bridge, are assigned Designated port roles.
  • Page 273 Configuring STP related features Edge ports and edge port roles The Dell implementation of 802.1W allows ports that are configured as Edge ports to be present in an 802.1W topology. (Figure 27). Edge ports are ports of a bridge that connect to workstations or computers.

  • Page 274: Bridge Port States

    Configuring STP related features NOTE Configuring shared media or non-point-to-point links as point-to-point links could lead to Layer 2 loops. The topology in Figure 28 is an example of shared media that should not be configured as point-to-point links. In Figure 28, a port on a bridge communicates or is connected to at least two ports.
  • Page 275 Configuring STP related features Edge port and non-edge port states As soon as a port is configured as an Edge port using the CLI, it goes into a forwarding state instantly (in less than 100 msec). When the link to a port comes up and 802.1W detects that the port is an Edge port, that port instantly goes into a forwarding state.
  • Page 276 Configuring STP related features In contrast to the 802.1D standard, the 802.1W standard does not have any bridge specific timers. All timers in the CLI are applied on a per-port basis, even though they are configured under bridge parameters. 802.1W state machines attempt to quickly place the ports into either a forwarding or discarding state.
  • Page 277 Configuring STP related features NOTE Proposed will never be asserted if the port is connected on a shared media link. Figure 29, Port3/Switch 200 is elected as the Root port FIGURE 29 Proposing and proposed stage Switch 100 Root Bridge Port2 Designated port RST BPDU...
  • Page 278 Configuring STP related features FIGURE 30 Sync stage Switch 100 Root Bridge Port1 Designated port Port1 Root port Sync BigIron Switch 200 Port3 Port2 Sync Sync Discarding Discarding Port2 Port3 Switch 300 Switch 400 Indicates a signal • Synced – Once the Designated port changes into a discarding state, it asserts a synced signal. Immediately, Alternate ports and Backup ports are synced.
  • Page 279 Configuring STP related features FIGURE 31 Synced stage Switch 100 Root Bridge Port1 Designated port Port1 Root port Synced BigIron Switch 200 Port2 Port3 Synced Synced Discarding Discarding Port2 Port3 Switch 300 Switch 400 Indicates a signal • Agreed – The Root port sends back an RST BPDU containing an agreed flag to its peer Designated port and moves into the forwarding state.
  • Page 280 Configuring STP related features FIGURE 32 Agree stage Switch 100 Root Bridge Port1 Designated port Forwarding RST BPDU Port1 sent with Root port an Agreed Synced flag Forwarding BigIron Switch 200 Port2 Port3 Synced Synced Discarding Discarding Port2 Port3 Switch 300 Switch 400 Indicates a signal At this point, the handshake mechanism is complete between Switch 100, the root bridge, and...
  • Page 281 Configuring STP related features FIGURE 33 Addition of a new root bridge Port2 Designated port Switch 60 Switch 100 Port2 Port4 Port1 Designated port Designated port Port1 Root port Switch 200 Port4 Port2 Port3 Port2 Port3 Switch 300 Switch 400 The handshake that occurs between Switch 60 and Switch 100 follows the one described in the previous section (“Handshake when no root port is elected”...
  • Page 282 Configuring STP related features FIGURE 34 New root bridge sending a proposal flag Port2 Handshake Designated Completed port Switch 60 Switch 100 Port2 Root port Port4 Port1 Designated port Proposing Proposing Port1 RST BPDU Root port sent with Forwarding a Proposing flag Switch 200 Port4...
  • Page 283 Configuring STP related features FIGURE 35 Sync and reroot Port2 Designated port Switch 60 Switch 100 Port2 Root port Port4 Port1 Designated port Proposing Proposing Port1 Root port Sync Reroot Forwarding BigIron Port4 Switch 200 Root port Sync Reroot Port2 Discarding Port3 Sync...
  • Page 284 Configuring STP related features FIGURE 36 Sync and rerooted Port2 Designated port Switch 60 Switch 100 Port2 Root port Port4 Port1 Designated port Proposing Port1 Designated port Sync Rerooted Discarding BigIron Port4 Switch 200 Root port Sync Rerooted Port2 Discarding Port3 Sync Sync...
  • Page 285 Configuring STP related features FIGURE 37 Rerooted, synced, and agreed Port2 Designated port Switch 60 Switch 100 Port 2 Root port Port4 Port1 Designated port Forwarding Proposing Port1 Rerooted RST BPDU Synced sent with Discarding an Agreed BigIron flag Port4 Switch 200 Root port Rerooted...

  • Page 286: Convergence In A Simple Topology

    Configuring STP related features FIGURE 38 Handshake completed after election of new root port Port2 Designated port Switch 60 Switch 100 Port2 Root port Port4 Port1 Designated port Proposing Port1 Alternate port Port4 Switch 200 Root port Port2 Port3 Proposing Proposing Port2 Port3...
  • Page 287 Configuring STP related features FIGURE 39 Convergence between two bridges Bridge priority = 1500 Switch 2 Port3 Designated port Port3 Root port Switch 3 Bridge priority = 2000 At power up, all ports on Switch 2 and Switch 3 assume Designated port roles and are at discarding states before they receive any RST BPDU.
  • Page 288 Configuring STP related features FIGURE 40 Simple Layer 2 topology Port3 Designated Port5 port Backup port Port2 Port2 Designated Bridge priority = 1500 port Root port Bridge priority = 1000 Switch 1 Switch 2 Port4 Port3 Designated port Designated port Port3 Alternate port...

  • Page 289: Convergence After A Link Failure

    Configuring STP related features Now, Port3/Switch 3 is currently in a discarding state and is negotiating a port role. It received RST BPDUs from Port3/Switch 2. The 802.1W algorithm determines that the RST BPDUs Port3/Switch 3 received are superior to those it can transmit; however, they are not superior to those that are currently being received by the current Root port (Port4).

  • Page 290: Convergence At Link Restoration

    Configuring STP related features FIGURE 42 Link failure in the topology Port5 Port3 Port2 Bridge priority = 1500 Port2 Switch 1 Bridge priority = 1000 Switch 2 Port3 Port4 Port4 Port3 Bridge priority = 2000 Switch 3 Switch 1 sets its Port2 into a discarding state. At the same time, Switch 2 assumes the role of a root bridge since its root port failed and it has no operational Alternate port.
  • Page 291 Configuring STP related features When Port2/Switch 2 receives the RST BPDUs, 802.1W algorithm determines that the RST BPDUs the port received are better than those received on Port3/Switch 3; therefore, Port2/Switch 2 is given the role of a Root port. All the ports on Switch 2 are informed that a new Root port has been assigned which then signals all the ports to synchronize their roles and states.
  • Page 292 Configuring STP related features Convergence in a complex 802.1W topology The following is an example of a complex 802.1W topology. FIGURE 43 Complex 802.1W topology Bridge priority = 200 Bridge priority = 1000 Port7 Port8 Bridge priority = 60 Port2 Port2 Port5 Port2...
  • Page 293 Configuring STP related features Next Switch 2 sends RST BPDUs with a proposal flag to Port3/Switch 4. Port3 becomes the Root port for the bridge; all other ports are given a Designated port role with discarding states. Port3/Switch 4 sends an RST BPDU with an agreed flag to Switch 2 to confirm that it is the new Root port.

  • Page 294: Propagation Of Topology Change

    Configuring STP related features FIGURE 44 Active Layer 2 path in complex topology Bridge priority = 200 Port7 Port8 Bridge priority = 1000 Bridge priority = 60 Port2 Port5 Port2 Port2 Switch 2 Switch 1 Switch 5 Port3 Port4 Port3 Port3 Port2 Port3...
  • Page 295 Configuring STP related features FIGURE 45 Beginning of topology change notice Bridge priority = 200 Bridge priority = 60 Port7 Port8 Bridge priority = 1000 Port5 Port2 Port2 Port2 Switch 5 Switch 1 Switch 2 Port3 Port4 Port3 Port3 Port2 Port3 Port3 Port3...
  • Page 296 Configuring STP related features FIGURE 46 Sending TCN to bridges connected to Switch 2 Bridge priority = 200 Port 7 Port8 Bridge priority = 1000 Bridge priority = 60 Port2 Port5 Port2 Port2 Switch 2 Switch 1 Switch 5 Port3 Port4 Port3 Port3...
  • Page 297 Configuring STP related features FIGURE 47 Completing the TCN propagation Port7 Port8 Port2 Port5 Switch 1 Switch 2 Switch 5 Port2 Port2 Bridge priority = 1000 Bridge priority = 200 Bridge priority = 60 Port3 Port4 Port3 Port3 Port2 Port3 Port3 Port3 Port4...
  • Page 298 Path costs for either 802.1W bridges or 802.1D bridges need to be changed; in most cases, path costs for 802.1W bridges need to be changed. Configuring 802.1W parameters on a Dell PowerConnect device The remaining 802.1W sections explain how to configure the 802.1W protocol in a Dell PowerConnect device. NOTE With RSTP running, enabling static trunk on ports that are members of VLAN 4000 will keep the system busy for 20 to 25 seconds.
  • Page 299 Configuring STP related features Enabling or disabling 802.1W in a port-based VLAN Use the following procedure to disable or enable 802.1W on a device on which you have configured a port-based VLAN. Changing the 802.1W state in a VLAN affects only that VLAN. To enable 802.1W for all ports in a port-based VLAN, enter commands such as the following.
  • Page 300 Configuring STP related features Once 802.1W is enabled on a port, it can be disabled on individual ports. 802.1W that have been disabled on individual ports can then be enabled as required. NOTE If you change the 802.1W state of the primary port in a trunk group, the change affects all ports in that trunk group.
  • Page 301 Configuring STP related features The priority parameter specifies the priority of the bridge. You can enter a value from 0 – 65535. A lower numerical value means the bridge has a higher priority. Thus, the highest priority is 0. The default is 32768. You can specify some or all of these parameters on the same command line.
  • Page 302 Configuring STP related features Set the admin-pt2pt-mac to enabled or disabled. If set to enabled, then a port is connected to another port through a point-to-point link. The point-to-point link increases the speed of convergence. This parameter, however, does not auto-detect whether or not the link is a physical point-to-point link.
  • Page 303 Configuring STP related features TABLE 53 CLI display of 802.1W summary (Continued) This field... Displays... Bridge IEEE 802.1W parameters Bridge Identifier The ID of the bridge. Bridge Max Age The configured max age for this bridge. The default is 20. Bridge Hello The configured hello time for this bridge.The default is 2.
  • Page 304 Configuring STP related features TABLE 53 CLI display of 802.1W summary (Continued) This field... Displays... Hello The hello value derived from the Root port. It is the number of seconds between two Hello packets. Port IEEE 802.1W parameters Port Num The port number shown in a slot#/port# format.
  • Page 305 Configuring STP related features PowerConnect#show 802-1w detail ====================================================================== VLAN 1 - MULTIPLE SPANNING TREE (MSTP - IEEE 802.1W) ACTIVE ====================================================================== BridgeId 800000e080541700, forceVersion 2, txHoldCount 3 Port 1 - Role: ROOT - State: FORWARDING PathCost 200000, Priority 128, AdminOperEdge F, AdminPt2PtMac F DesignatedPriority - Root: 0x800000e0804c9c00, Bridge: 0x800000e080541700 ActiveTimers - rrWhile 4 rcvdInfoWhile 4 MachineStates - PIM: CURRENT, PRT: ROOT_PORT, PST: FORWARDING...
  • Page 306 Configuring STP related features TABLE 54 CLI display of show spanning-tree 802.1W (Continued) This field... Displays... State The port current 802.1W state. A port can have one of the following states: • Forwarding • Discarding • Learning • Disabled Refer to “Bridge port states”...

  • Page 307: W Draft 3

    RSTP capabilities described in the 802.1W STP specification. 802.1W Draft 3 support is disabled by default. When the feature is enabled, if a root port on a Dell PowerConnect device that is not the root bridge becomes unavailable, the device can automatically Switch over to an alternate root port, without reconvergence delays.
  • Page 308 Configuring STP related features FIGURE 49 802.1W Draft 3 RSTP ready for failover The arrow shows the path to the root bridge Port2/2 Port1/2 Root Bridge Switch 2 Switch 1 Bridge priority = 4 Bridge priority = 2 Root port = 2/2 Port2/4 Port1/4 Alternate = 2/3, 2/4...
  • Page 309 Configuring STP related features FIGURE 50 802.1W Draft 3 RSTP failover to alternate root port The arrow shows the path to the root bridge Port 2/2 Port 1/2 Bridge priority = 4 Root Bridge Switch 2 Switch 1 Root port = 2/2 Bridge priority = 2 Alternate = 2/3, 2/4 Port 1/4...

  • Page 310: Configuration Considerations

    Change the forwarding delay on the root bridge to a value lower than the default 15 seconds. Dell recommends a value from 3 – 10 seconds. The lower forwarding delay helps reduce reconvergence delays in cases where 802.1W Draft 3 is not applicable, such as when a failed root port comes back up.

  • Page 311: Single Spanning Tree (Sstp)

    To disable 802.1W Draft 3 on a device that is running single STP, enter the following command. PowerConnect(config)#no spanning-tree single rstp Single Spanning Tree (SSTP) By default, each port-based VLAN on a Dell PowerConnect device runs a separate spanning tree, which you can enable or disable on an individual VLAN basis. PowerConnect B-Series FCX Configuration Guide...
  • Page 312 Configuring STP related features Alternatively, you can configure a Dell PowerConnect device to run a single spanning tree across all ports and VLANs on the device. The Single STP feature (SSTP) is especially useful for connecting a Dell PowerConnect device to third-party devices that run a single spanning tree in accordance with the 802.1Q specification.

  • Page 313: Stp Per Vlan Group

    • Standard STP – You can configure up to 254 instances of standard STP on a Dell PowerConnect device. It is possible to need more instances of STP than this in large configurations. Using STP per VLAN group, you can aggregate STP instances.
  • Page 314 Configuring STP related features • Single STP – Single STP allows all the VLANs to run STP, but each VLAN runs the same instance of STP, resulting in numerous blocked ports that do not pass any Layer 2 traffic. STP per VLAN group uses all available links by load balancing traffic for different instances of STP on different ports.
  • Page 315 Configuring STP related features Here are the CLI commands for implementing the STP per VLAN group configuration shown in Figure 51. The following commands configure the member VLANs (3, 4, 13, and 14) and the master VLANs (2 and 12). Notice that changes to STP parameters are made in the master VLANs only, not in the member VLANs.
  • Page 316 Configuring STP related features Configuration example for STP load sharing Figure 52 shows another example of a STP per VLAN group implementation. FIGURE 52 More complex STP per VLAN group example Member VLANs 2 - 200 Member VLANs 202 - 400 Member VLANs Root bridge FWD 1...

  • Page 317: Pvst/Pvst+ Compatibility

    PVST/PVST+ compatibility PowerConnect(config-vlan-201)#tag ethernet 1/2 ethernet 5/1 to 5/3 PowerConnect(config-vlan-201)#vlan 401 PowerConnect(config-vlan-401)#spanning-tree priority 3 PowerConnect(config-vlan-401)#tag ethernet 1/3 ethernet 5/1 to 5/3 PowerConnect(config-vlan-3601)#vlan 3801 PowerConnect(config-vlan-3801)#spanning-tree priority 20 PowerConnect(config-vlan-3801)#tag ethernet 1/20 ethernet 5/1 to 5/3 PowerConnect(config-vlan-3801)#exit The next group of commands configures VLAN groups for the member VLANs. Notice that the VLAN groups do not contain the VLAN numbers assigned to the master VLANs.

  • Page 318: Overview Of Pvst And Pvst

    IEEE 802.1Q BPDUs, you might need to enable dual-mode support. Support for Cisco's Per VLAN Spanning Tree plus (PVST+), allows a Dell PowerConnect device to run multiple spanning trees (MSTP) while also interoperating with IEEE 802.1Q devices. Dell PowerConnect ports automatically detect PVST+ BPDUs and enable support for the BPDUs once detected.

  • Page 319: Vlan Tags And Dual Mode

    802.1d and 802.1w for sending untagged frames on VLAN 1. On Dell PowerConnect switches, by default, the Port Native VLAN is the same as the Default VLAN, which is VLAN 1. Thus, to support IEEE 802.1Q in a typical configuration, a port must be able to send and receive untagged frames for VLAN 1 and tagged frames for the other VLANs, and interoperate with other vendor devices using VLAN 1.

  • Page 320: Configuring Pvst+ Support

    For more information about the dual-mode feature, refer to “Dual-mode VLAN ports” on page 497. Displaying PVST+ support information To display PVST+ information for ports on a Dell PowerConnect device, enter the following command at any level of the CLI. PowerConnect B-Series FCX Configuration Guide 53-1002266-01...

  • Page 321: Configuration Examples

    Syntax: show span pvst-mode This command displays the following information. TABLE 55 CLI display of PVST+ information This field... Displays... Dell PowerConnect Port port number. NOTE: The command lists information only for the ports on which PVST+ support is enabled. Method The method by which PVST+ support was enabled on the port.
  • Page 322 PVST/PVST+ compatibility Commands on the Dell PowerConnect Device PowerConnect(config)#vlan-group 1 vlan 2 to 4 PowerConnect(config-vlan-group-1)#tagged ethernet 1/1 PowerConnect(config-vlan-group-1)#exit PowerConnect(config)#interface ethernet 1/1 PowerConnect(config-if-1/1)#dual-mode PowerConnect(config-if-1/1)#pvst-mode These commands configure a VLAN group containing VLANs 2, 3, and 4, add port 1/1 as a tagged port to the VLANs, and enable the dual-mode feature and PVST+ support on the port.
  • Page 323 PVST/PVST+ compatibility These commands change the default VLAN ID, configure port 1/1 as a tagged member of VLANs 1 and 2, and enable the dual-mode feature and PVST+ support on port 1/1. Since VLAN 1 is tagged in this configuration, the default VLAN ID must be changed from VLAN 1 to another VLAN ID. Changing the default VLAN ID from 1 allows the port to process tagged frames for VLAN 1.

  • Page 324: Pvrst Compatibility

    STP topology change. In this case, you can enable the STP BPDU guard feature on the Dell PowerConnect port to which the end station is connected. STP BPDU guard shuts down the port and puts it into an errdisable state. This disables the connected device's ability to initiate or participate in an STP topology.

  • Page 325: Re-Enabling Ports Disabled By Bpdu Guard

    BPDU guard Re-enabling ports disabled by BPDU guard When a BPSU Guard-enabled port is disabled by BPDU Guard, the Dell PowerConnect device will place the port in errdisable state and display a message on the console indicating that the port is errdisabled (refer to “Example console messages”...

  • Page 326: Example Console Messages

    Root guard STP configured to ON, priority is level0, flow control enabled mirror disabled, monitor disabled Not member of any active trunks Not member of any configured trunks No port name IPG MII 96 bits-time, IPG GMII 96 bits-time IP MTU 1500 bytes 300 second input rate: 8 bits/sec, 0 packets/sec, 0.00% utilization 300 second output rate: 256 bits/sec, 0 packets/sec, 0.00% utilization 88 packets input, 15256 bytes, 0 no buffer...

  • Page 327: Enabling Stp Root Guard

    Root guard Configure root guard on all ports where the root bridge should not appear. This establishes a protective network perimeter around the core bridged network, cutting it off from the user network. NOTE Root guard may prevent network connectivity if it is improperly configured. Root guard must be configured on the perimeter of the network rather than the core.

  • Page 328: Error Disable Recovery

    Error disable recovery Error disable recovery In case a BPDU guard violation occurs, a port is placed into an errdisable state which is functionally equivalent to a Disable state. Once in an errdiable state, it remains in that state until one of the following methods is used to return the port to an Enabled state.

  • Page 329: Displaying The Error Disable Recovery State By Interface

    Error disable recovery Displaying the error disable recovery state by interface The port status of errdisabled displays in the output of the show interface and the show interface brief commands. In this example, errdisable is enabled on interface ethernet 1 and errdisable is enabled because of a BPDU guard violation.

  • Page 330: Errdisable Syslog Messages

    This ensures loop-free topology for one or more VLANs that have the similar layer-2 topology. The Dell implementation supports up to 16 spanning tree instances in an MSTP enabled bridge which means that it can support up to 16 different Layer 2 topologies.
  • Page 331 802.1s Multiple Spanning Tree Protocol FIGURE 56 MSTP configured network BigIron Switch 1 Port2/1 Region 2 Region 1 Port2/2 BigIron Port1/2 Switch 2 Port1/4 Port1/1 BigIron Port1/3 Port1/1 Switch 2 BigIro n Port2/1 Port2/1 Port3/1 Switch 3 BigIron Port1/5 BigIron Switch 3 Switch 5 Port3/2...

  • Page 332: Configuration Notes

    VLANs inside the MSTP scope are controlled by CIST. In addition, whenever you create a new VLAN inside MSTP scope, it is put under CIST control by default. In the Dell MSTP implementation however, a VLAN ID can be pre-mapped to another MSTI as described in “Configuring an MSTP instance”...

  • Page 333: Reduced Occurrences Of Mstp Reconvergence

    Reduced occurrences of MSTP reconvergence When a VLAN is deleted, the Dell PowerConnect device retains the associated VLAN to MSTI mapping instead of deleting it from the configuration. This way, a VLAN can be pre-mapped to an MSTI and MSTP reconvergence may not be necessary when a VLAN is added to or deleted from the configuration.
  • Page 334 802.1s Multiple Spanning Tree Protocol PowerConnect(config-vlan-20)#show run Current configuration: ver 7.2.00aT7f1 vlan 1 name DEFAULT-VLAN by port no spanning-tree vlan 10 by port tagged ethe 1 to 2 no spanning tree vlan 20 by port <----- VLAN 20 configuration tagged ethe 1 to 2 no spanning-tree mstp scope all mstp instance 0 vlan 1...

  • Page 335: Configuring Additional Mstp Parameters

    802.1s Multiple Spanning Tree Protocol The instance parameter defines the number for the instance of MSTP that you are deleting. The vlan parameter identifies one or more VLANs or a range of VLANs to the instance defined in this command. The vlan-group parameter identifies one or more VLAN groups to the instance defined in this command.
  • Page 336 An MSTP instance is configured with an MSTP ID for each region. Each region can contain one or more VLANs. The Dell implementation of MSTP allows you to assign VLANS or ranges of VLANs to an MSTP instance before or after they have been defined. If pre-defined, a VLAN will be placed in the MSTI that it was assigned to immediately when the VLAN is created.
  • Page 337 802.1s Multiple Spanning Tree Protocol The no option moves a VLAN or VLAN group from its assigned MSTI back into the CIST. NOTE The system does not allow an MSTI without any VLANs mapped to it. Consequently, removing all VLANs from an MSTI, deletes the MSTI from the system. The CIST by contrast will exist regardless of whether or not any VLANs are assigned to it or not.
  • Page 338 802.1s Multiple Spanning Tree Protocol The max-hops parameter specifies the maximum hop count. You can specify a value from 1 – 40 hops. The default value is 20 hops. Setting ports to be operational edge ports You can define specific ports as edge ports for the region in which they are configured to connect to devices (such as a host) that are not running STP, RSTP, or MSTP.
  • Page 339 802.1s Multiple Spanning Tree Protocol • PowerConnect B-Series FCX stackable switches – When a port is disabled for MSTP, it behaves as blocking for all the VLAN traffic that is controlled by MSTIs and the CIST. Forcing ports to transmit an MSTP BPDU To force a port to transmit an MSTP BPDU, use a command such as the following at the Global Configuration level.
  • Page 340 802.1s Multiple Spanning Tree Protocol FIGURE 57 Sample MSTP configuration BigIron Region 1 Core1 Port Ports 2/16 2/13-2/14 Ports 2/9-2/12 Ports Ports 3/17-3/20 Port10/1 3/1-3/2 BigIron BigIron BigIron RTR1 Core2 Port10/2 Port3/10 LAN4 Ports Ports 3/5-3/6 3/5-3/6 Region 2 RTR1 configuration PowerConnect(config-vlan-4093)#tagged ethernet 10/1 to 10/2 PowerConnect(config-vlan-4093)#exit PowerConnect(config)#mstp scope all...

  • Page 341: Displaying Mstp Statistics

    802.1s Multiple Spanning Tree Protocol Core2 configuration PowerConnect(config)#trunk ethernet 3/5 to 3/6 ethernet 3/17 to 3/20 PowerConnect(config)#vlan 1 name DEFAULT-VLAN by port PowerConnect(config-vlan-1)#exit PowerConnect(config)#vlan 20 by port PowerConnect(config-vlan-20)#tagged ethernet 3/5 to 3/6 ethernet 3/17 to 3/20 PowerConnect(config-vlan-20)#exit PowerConnect(config)#vlan 21 by port PowerConnect(config-vlan-21)#tagged ethernet 3/5 to 3/6 ethernet 3/17 to 3/20 PowerConnect(config-vlan-21)#exit PowerConnect(config)#vlan 22 by port...
  • Page 342 802.1s Multiple Spanning Tree Protocol PowerConnect#show mstp MSTP Instance 0 (CIST) - VLANs: 1 ---------------------------------------------------------------------------- Bridge Bridge Bridge Bridge Bridge Root Root Root Root Identifier MaxAge Hello FwdDly Hop MaxAge Hello FwdDly Hop 8000000cdb80af01 20 Root ExtPath RegionalRoot IntPath Designated Root Bridge Cost...

  • Page 343: Displaying Mstp Information For A Specified Instance

    802.1s Multiple Spanning Tree Protocol TABLE 56 Output from Show MSTP (Continued) This field... Displays... ExtPath Cost The configured path cost on a link connected to this port to an external MSTP region. Regional Root Bridge The Regional Root Bridge is the MAC address of the Root Bridge for the local region.

  • Page 344: Displaying Mstp Information For Cist Instance 0

    802.1s Multiple Spanning Tree Protocol PowerConnect#show mstp 1 MSTP Instance 1 - VLANs: 2 ---------------------------------------------------------------------------- Bridge Max RegionalRoot IntPath Designated Root Root Identifier Hop Bridge Cost Bridge Port cnt hex 8001000cdb80af01 20 8001000cdb80af01 0 8001000cdb80af01 Root Port Pri PortPath Role State Designa- Designated...
  • Page 345 802.1s Multiple Spanning Tree Protocol PowerConnect#show mstp detail MSTP Instance 0 (CIST) - VLANs: 4093 ---------------------------------------------------------------------------- Bridge: 800000b000c00000 [Priority 32768, SysId 0, Mac 00b000c00000] FwdDelay 15, HelloTime 2, MaxHops 20, TxHoldCount 6 Port 6/54 - Role: DESIGNATED - State: FORWARDING PathCost 20000, Priority 128, OperEdge T, OperPt2PtMac F, Boundary T Designated - Root 800000b000c00000, RegionalRoot 800000b000c00000, Bridge 800000b000c00000, ExtCost 0, IntCost 0...
  • Page 346 802.1s Multiple Spanning Tree Protocol PowerConnect B-Series FCX Configuration Guide 53-1002266-01...
  • Page 347 The procedures in this chapter describe how to configure basic Layer 2 parameters. Dell PowerConnect devices are configured at the factory with default parameters that allow you to begin using the basic features of the system immediately. However, many of the advanced features such as VLANs or routing protocols for the device must first be enabled at the system (global) level before they can be configured.

  • Page 348: About Port Regions

    Enabling or disabling the Spanning Tree Protocol (STP) STP (IEEE 802.1D bridge protocol) is supported on all Dell PowerConnect devices. STP detects and eliminates logical loops in the network. STP also ensures that the least cost path is taken when multiple paths exist between ports or VLANs.

  • Page 349: Modifying Stp Bridge And Port Parameters

    MAC learning rate control You can also enable and disable spanning tree on a port-based VLAN and on an individual port basis, and enable advanced STP features. Refer to Chapter 8, “Configuring Spanning Tree Protocol (STP) Related Features”. Modifying STP bridge and port parameters You can modify the following STP Parameters: •...

  • Page 350: Disabling The Automatic Learning Of Mac Addresses

    Configuring static MAC entries Disabling the automatic learning of MAC addresses By default, when a packet with an unknown Source MAC address is received on a port, the Dell PowerConnect device learns this MAC address on the port. You can prevent a physical port from learning MAC addresses by entering the following command.

  • Page 351: Multi-Port Static Mac Address

    Configuring static MAC entries NOTE Dell PowerConnect devices running Layer 3 code also support the assignment of static IP Routes, static ARP, and static RARP entries. For details on configuring these types of static entries, refer to “Configuring static routes”...

  • Page 352: Configuring Vlan-Based Static Mac Entries

    You can configure a VLAN to drop packets that have a particular source or destination MAC address. You can configure a maximum of 2048 static MAC address drop entries on a Dell PowerConnect device. Use the CLI command show running-config to view the static MAC address drop entries currently configured on the device.

  • Page 353: Flow-Based Mac Address Learning

    Flow-based MAC address learning For example, to remove entries for the MAC address 000d.cd80.00d0 in all VLANs, enter the following command at the Privilege EXEC level of the CLI. PowerConnect#clear mac-address 000d.cb80.00d0 Syntax: clear mac-address | ethernet | vlan If you enter clear mac-address without any parameter, the software removes all MAC address entries.

  • Page 354: How Flow-Based Learning Works

    Flow-based MAC address learning How flow-based learning works When a packet processor, let call it PP 1, receives an incoming packet with source MAC address X, it sends a new address message to the CPU. The system learns MAC address X by adding it to the software MAC table in the CPU, then programming it in the hardware MAC table in the source packet processor, in this case PP 1.

  • Page 355: Configuring Flow-Based Mac Address Learning

    Flow-based MAC address learning • A source MAC address is learned only on the ingress (source) packet processor. The MAC address is added to other packet processors as needed by their incoming traffic flows. During a brief period until the destination MAC address is successfully added to the hardware MAC table, unknown unicast flooding is expected on the VLAN.

  • Page 356: Displaying Information About Flow-Based Macs

    Enabling port-based VLANs Syntax: system-max mac The parameter specifies the maximum number of MAC addresses in the MAC table. For flow-based MACs, the minimum value is 16K and the maximum value is 32K. The default is 16K. Use the command show default values to display the default, maximum, and currently configured values for the MAC address table.

  • Page 357: Assigning Ieee 802.1Q Tagging To A Port

    VLANs within that ID range. NOTE VLAN IDs 4087, 4090, and 4093 are reserved for Dell internal use only. VLAN 4094 is reserved for use by Single STP. Also, if you are running an earlier release, VLAN IDs 4091 and 4092 may be reserved for Dell internal use only.

  • Page 358: Defining Mac Address Filters

    MAC address filtering on PowerConnect devices differ from other Dell PowerConnect devices in that you can only filter on source and destination MAC addresses. Other Dell PowerConnect devices allow you to also filter on the encapsulation type and frame type.
  • Page 359 Defining MAC address filters PowerConnect(config)# mac filter 3 deny any 0180.c200.0000 ffff.ffff.fff0 PowerConnect(config)# mac filter 4 deny any 0000.1234.5678 ffff.ffff.ffff PowerConnect(config)# mac filter 5 deny any 0000.2345.6789 ffff.ffff.ffff PowerConnect(config)# mac filter 1024 permit any any PowerConnect(config)# int e 1 PowerConnect(config-if-e1000-1)# mac filter-group 1 to 5 1024 These commands configure filter 1 to deny traffic with a source MAC address that begins with “3565”...

  • Page 360: Filters

    Enabling logging of management traffic permitted by MAC address filters You can configure the Dell PowerConnect device to generate Syslog entries and SNMP traps for management traffic that is permitted by MAC address filters. Management traffic applies to packets that are destined for the CPU, such as control packets. You can enable logging of permitted management traffic on a global basis or an individual port basis.

  • Page 361: Mac Address Filter Override For 802.1X-Enabled Ports

    For example, this feature enables you to connect a PC and a non-802.1X device, such as a Voice Over IP (VOIP) phone, to the same 802.1X-enabled port on the Dell PowerConnect device. The IP phone will bypass 802.1X authentication and the PC will require 802.1X authentication.

  • Page 362: Locking A Port To Restrict Addresses

    Locking a port to restrict addresses The | any parameter specifies the source MAC address. You can enter a specific address value and a comparison mask, or the keyword any to filter on all MAC addresses. Specify the mask using f (ones) and zeros. For example, to match on the first two bytes of the address aabb.ccdd.eeff, use the mask ffff.0000.0000.

  • Page 363: Displaying And Modifying System Parameter Default Settings

    Changing the table size for a parameter reconfigures the device memory. Whenever you reconfigure the memory on a Dell PowerConnect device, you must save the change to the startup-config file, then reload the software to place the change into effect.
  • Page 364 Displaying and modifying system parameter default settings The following shows an example output of the show default values command on a PowerConnect Layer 2 device. PowerConnect#show default values sys log buffers:50 mac age time:300 sec telnet sessions:5 System Parameters Default Maximum Current igmp-max-group-addr...
  • Page 365 Displaying and modifying system parameter default settings The following shows an example output on a PowerConnect IPV4 device running Layer 3 software. PowerConnect#show default values sys log buffers:50 mac age time:300 sec telnet sessions:5 ip arp age:10 min bootp relay max hops:4 ip ttl:64 hops ip addr per intf:24 when multicast enabled :...
  • Page 366 Displaying and modifying system parameter default settings The following shows an example output on a PowerConnect B-Series FCX devices serving as a management host in an IPv6 network and running the Layer 3 software image. PowerConnect#show default values sys log buffers:50 mac age time:300 sec telnet sessions:5 ip arp age:10 min...

  • Page 367: Modifying System Parameter Default Values

    Displaying and modifying system parameter default settings TABLE 58 System parameters in show default values command (Continued) This system parameter... Defines the maximum number of... hw-ip-mcast-mll Multicast output interfaces (clients) hw-ip-next-hop IP next hops and routes, including unicast next hops and multicast route entries hw-logical-interface Hardware logical interface pairs (physical port and VLAN pairs)

  • Page 368: Tdynamic Buffer Allocation For An Ironstack

    This can lead to dropped packets during egress queuing. Dell PowerConnect stackable devices provide the capability to allocate additional egress buffering and descriptors to handle momentary bursty traffic periods, especially when other priority queues may not be in use, or may not be experiencing heavy levels of traffic.

  • Page 369: Configuration Steps

    TDynamic Buffer Allocation for an IronStack For example, for an 8-unit stack of 48 ports, the packet processor numbering scheme is as follows:. Stack unit 1 - packet processors 0 and 1 Stack unit 2 - packet processors 2 and 3 Stack unit 3 - packet processors 4 and 5 Stack unit 4 - packet processors 6 and 7 Stack unit 5 - packet processors 8 and 9...

  • Page 370: Sample Configuration

    TDynamic Buffer Allocation for an IronStack PowerConnect#qd-buffer 1 2 76 2 Syntax: qd-buffer "DeviceNum: "PortTypeVal: 1 for 1 Gbps or 2 for 10 Gbps "NumBuffers: Number of buffers to allocate (minimum 1, maximum 4095) "PriorityQueue: Designates a specific queue (0 to 7). Sample Configuration This sample configuration assumes a four-unit stack with the following topology.

  • Page 371: Generic Buffer Profiles On Powerconnect Stackable Devices

    Remote Fault Notification (RFN) on 1G fiber connections qd-buffer 0 1 4095 0 qd-buffer 1 1 4095 0 qd-buffer 2 1 4095 0 qd-buffer 4 1 4095 0 qd-buffer 5 1 4095 0 qd-buffer 6 1 4095 0 qd-buffer 0 2 4095 0 qd-buffer 1 2 4095 0 qd-buffer 2 2 4095 0 qd-buffer 4 2 4095 0...

  • Page 372: Enabling And Disabling Remote Fault Notification

    Link Fault Signaling (LFS) is a physical layer protocol that enables communication on a link between two 10 Gbps Ethernet devices. When configured on a Dell PowerConnect 10 Gbps Ethernet port, the port can detect and report fault conditions on transmit and receive ports. Dell recommends enabling LFS on both ends of a link.

  • Page 373: Jumbo Frame Support

    1500 as their default MTU. Jumbo frames are Ethernet frames with more than 1,500 bytes MTU. Conventionally, jumbo frames can carry up to 9,000 bytes MTU. Dell PowerConnect devices support Layer 2 jumbo frames on 10/100, 100/100/1000, and 10GbE ports.
  • Page 374 Jumbo frame support PowerConnect B-Series FCX Configuration Guide 53-1002266-01...

  • Page 375: Topology Groups

    Topology groups simplify Layer 2 configuration and provide scalability by enabling you to use the same instance of a Layer 2 protocol for multiple VLANs. For example, if a Dell PowerConnect device is deployed in a Metro network and provides forwarding for two MRP rings that each contain 128 VLANs, you can configure a topology group for each ring.

  • Page 376: Master Vlan And Member Vlans

    Topology groups Master VLAN and member VLANs Each topology group contains a master VLAN and can contain one or more member VLANs and VLAN groups: • Master VLAN – The master VLAN contains the configuration information for the Layer 2 protocol.

  • Page 377: Configuring A Topology Group

    Topology groups • If you remove the master VLAN (by entering no master-vlan ), the software selects the new master VLAN from member VLANs. A new candidate master VLAN will be in configured order to a member VLAN so that the first added member VLAN will be a new candidate master VLAN.

  • Page 378: Displaying Topology Group Information

    Topology groups NOTE Once you add a VLAN or VLAN group as a member of a topology group, all the Layer 2 protocol configuration information for the VLAN or group is deleted. For example, if STP is configured on a VLAN and you add the VLAN to a topology group, the STP configuration is removed from the VLAN.

  • Page 379: Metro Ring Protocol (Mrp)

    VLAN. Metro Ring Protocol (MRP) MRP is a Dell proprietary protocol that prevents Layer 2 loops and provides fast reconvergence in Layer 2 ring topologies. It is an alternative to STP and is especially useful in Metropolitan Area Networks (MANs) where using STP has the following drawbacks: •...
  • Page 380 Switch D Customer A The ring in this example consists of four MRP nodes (Dell PowerConnect switches). Each node has two interfaces with the ring. Each node also is connected to a separate customer network. The nodes forward Layer 2 traffic to and from the customer networks through the ring. The ring interfaces are all in one port-based VLAN.

  • Page 381: Configuration Notes

    Configuration notes • When you configure MRP, Dell recommends that you disable one of the ring interfaces before beginning the ring configuration. Disabling an interface prevents a Layer 2 loop from occurring while you are configuring MRP on the ring nodes. Once MRP is configured and enabled on all the nodes, you can re-enable the interface.
  • Page 382 Metro Ring Protocol (MRP) MRP rings with shared interfaces (MRP Phase 2) With MRP Phase 2, MRP rings can be configured to share the same interfaces as long as the interfaces belong to the same VLAN. Figure 60 shows examples of multiple MRP rings that share the same interface.

  • Page 383: Ring Initialization

    Metro Ring Protocol (MRP) For example, in Figure 61, the ID of all interfaces on all nodes on Ring 1 is 1 and all interfaces on all nodes on Ring 2 is 2. Port 1/1 on node S1 and Port 2/2 on S2 have the IDs of 1 and 2 since the interfaces are shared by Rings 1 and 2.
  • Page 384 Metro Ring Protocol (MRP) FIGURE 62 Metro ring – initial state Customer A Switch B All ports start in Switch A Preforwarding state. Switch C Master Primary port on Master Node Customer A node sends RHP 1 Customer A Switch D Customer A MRP uses Ring Health Packets (RHPs) to monitor the health of the ring.
  • Page 385 Metro Ring Protocol (MRP) • Forwarding (F) – The interface can forward data as well as RHPs. An interface changes from Preforwarding to Forwarding when the port preforwarding time expires. This occurs if the port does not receive an RHP from the Master, or if the forwarding bit in the RHPs received by the port is off.
  • Page 386 Metro Ring Protocol (MRP) FIGURE 63 Metro ring – from preforwarding to forwarding RHP 2 Customer A Forwarding bit is on. Each port changes from Preforwarding to Forwarding when it receives this RHP. Switch B Secondary port Switch A receives RHP 1 Switch C and changes to Master...
  • Page 387 Metro Ring Protocol (MRP) RHP processing in MRP Phase 2 Figure 64 shows an example of how RHP packets are processed normally in MRP rings with shared interfaces. FIGURE 64 Flow of RHP packets on MRP rings with shared interfaces (secondary interface) Port2/2 Port3/2 (secondary interface) Master node...

  • Page 388: How Ring Breaks Are Detected And Healed

    Metro Ring Protocol (MRP) How ring breaks are detected and healed Figure 65 shows ring interface states following a link break. MRP quickly heals the ring and preserves connectivity among the customer networks. FIGURE 65 Metro ring – ring break Customer A Switch B Switch A...
  • Page 389 Metro Ring Protocol (MRP) • If the interface receives an RHP, the interface changes back to the Blocking state and resets the dead timer. • If the interface does not receive an RHP for its ring before the Preforwarding time expires, the interface changes to the Forwarding state, as shown in Figure •...

  • Page 390: Master Vlans And Customer Vlans

    Metro Ring Protocol (MRP) Master VLANs and customer VLANs All the ring ports must be in the same VLAN. Placing the ring ports in the same VLAN provides Layer 2 connectivity for a given customer across the ring. Figure 67 shows an example.

  • Page 391: Configuring Mrp

    Metro Ring Protocol (MRP) A topology group enables you to control forwarding in multiple VLANs using a single instance of a Layer 2 protocol such as MRP. A topology group contains a master VLAN and member VLANs. The master VLAN contains all the configuration parameters for the Layer 2 protocol (STP, MRP, or VSRP).
  • Page 392 These commands configure an MRP ring on VLAN 2. The ring ID is 1, the ring name is CustomerA, and this node (this Dell PowerConnect device) is the master for the ring. The ring interfaces are 1/1 and 1/2. Interface 1/1 is the primary interface and 1/2 is the secondary interface. The primary interface will initiate RHPs by default.

  • Page 393: Changing The Hello And Preforwarding Times

    The preforwarding time must be at least twice the value of the hello time and must be a multiple of the hello time. • If UDLD is also enabled on the device, Dell recommends that you set the MRP preforwarding time slightly higher than the default of 300 ms; for example, to 400 or 500 ms. •...

  • Page 394: Using Mrp Diagnostics

    Metro Ring Protocol (MRP) Using MRP diagnostics The MRP diagnostics feature calculates how long it takes for RHP packets to travel through the ring. When you enable MRP diagnostics, the software tracks RHP packets according to their sequence numbers and calculates how long it takes an RHP packet to travel one time through the entire ring. When you display the diagnostics, the CLI shows the average round-trip time for the RHP packets sent since you enabled diagnostics.

  • Page 395: Displaying Mrp Information

    Metro Ring Protocol (MRP) TABLE 61 CLI display of MRP ring diagnostic information (Continued) This field... Displays... Diag frame sent The number of diagnostic RHPs sent for the test. Diag frame lost The number of diagnostic RHPs lost during the test. If the recommended hello time and preforwarding time are different from the actual settings and you want to change them, refer to “Configuring MRP”...
  • Page 396 Metro Ring Protocol (MRP) TABLE 62 CLI display of MRP ring information This field... Displays... Ring id The ring ID State The state of MRP. The state can be one of the following: • enabled – MRP is enabled • disabled –...

  • Page 397: Mrp Cli Example

    RHPs rcvd The number of RHPs received on the interface. NOTE: On most Dell PowerConnect devices, this field applies only to the master node. On non-master nodes, this field contains 0. This is because the RHPs are forwarded in hardware on the non-master nodes.

  • Page 398: Commands On Switch B

    Metro Ring Protocol (MRP) The following commands configure the customer VLANs. The customer VLANs must contain both the ring interfaces as well as the customer interfaces. PowerConnect(config)#vlan 30 PowerConnect(config-vlan-30)#tag ethernet 1/1 to 1/2 PowerConnect(config-vlan-30)#tag ethernet 2/1 PowerConnect(config-vlan-30)#exit PowerConnect(config)#vlan 40 PowerConnect(config-vlan-40)#tag ethernet 1/1 to 1/2 PowerConnect(config-vlan-40)#tag ethernet 4/1 PowerConnect(config-vlan-40)#exit The following commands configure topology group 1 on VLAN 2.

  • Page 399: Virtual Switch Redundancy Protocol (Vsrp)

    Virtual Switch Redundancy Protocol (VSRP) is a Dell proprietary protocol that provides redundancy and sub-second failover in Layer 2 and Layer 3 mesh topologies. Based on the Dell Virtual Router Redundancy Protocol Extended (VRRPE), VSRP provides one or more backups for a Layer 2 Switch or Layer 3 Switch.

  • Page 400: Configuration Notes And Feature Limitations

    Dell PowerConnect devices use the redundant paths. A Dell PowerConnect device that is not itself configured for VSRP but is connected to a Dell PowerConnect device that is configured for VSRP, is VSRP aware. In this example, the three Dell PowerConnect devices connected to the VSRP devices are VSRP aware.

  • Page 401: Layer 2 And Layer 3 Redundancy

    Virtual Switch Redundancy Protocol (VSRP) Layer 2 and Layer 3 redundancy You can configure VSRP to provide redundancy for Layer 2 only or also for Layer 3: • Layer 2 only – The Layer 2 links are backed up but specific IP addresses are not backed up. •...
  • Page 402 Virtual Switch Redundancy Protocol (VSRP) • If the Backup does not receive a Hello message with a higher priority than its own by the time the hold-down timer expires, the Backup becomes the new Master and starts forwarding Layer 2 traffic on all ports. If you increase the timer scale value, each timer value is divided by the scale value.
  • Page 403 Virtual Switch Redundancy Protocol (VSRP) FIGURE 70 VSRP priority recalculation Configured priority = 100 Configured priority = 100 Actual priority = 100 * (3/3) = 100 Actual priority = 100 * (2/3) = 67 VSRP VSRP Backup Master optional link Link down VSRP VSRP...
  • Page 404 Virtual Switch Redundancy Protocol (VSRP) When you configure a track port, you assign a priority value to the port. If the port goes down, VSRP subtracts the track port priority value from the configured VSRP priority. For example, if the you configure a track port with priority 20 and the configured VSRP priority is 100, the software subtracts 20 from 100 if the track port goes down, resulting in a VSRP priority of 80.
  • Page 405 Virtual Switch Redundancy Protocol (VSRP) FIGURE 73 Track port priority subtracted during priority calculation Configured priority = 100 Configured priority = 100 Track priority 20 Actual priority = 100 * (3/3) = 100 Actual priority = (100 - 20) * (3/3) = 80 VSRP VSRP Backup...

  • Page 406: Vsrp-Aware Security Features

    Virtual Switch Redundancy Protocol (VSRP) Timer scale The VSRP Hello interval, Dead interval, Backup Hello interval, and Hold-down interval timers are individually configurable. You also can easily change all the timers at the same time while preserving the ratios among their values. To do so, change the timer scale. The timer scale is a value used by the software to calculate the timers.
  • Page 407 Virtual Switch Redundancy Protocol (VSRP) TABLE 63 VSRP parameters (Continued) Parameter Description Default See page... Interface parameters Authentication The type of authentication the VSRP devices use to No authentication page 369 type validate VSRP packets. On Layer 3 Switches, the authentication type must match the authentication type the VRID port uses with other routing protocols such as OSPF.
  • Page 408 Virtual Switch Redundancy Protocol (VSRP) TABLE 63 VSRP parameters (Continued) Parameter Description Default See page... Preference of When you save a Backup configuration, the software Configured timer page 371 timer source can save the configured VSRP timer values or the values are saved VSRP timer values received from the Master.

  • Page 409: Configuring Basic Vsrp Parameters

    Virtual Switch Redundancy Protocol (VSRP) TABLE 63 VSRP parameters (Continued) Parameter Description Default See page... RIP parameters Suppression of A Layer 3 Switch that is running RIP normally Disabled page 375 advertises routes to a backed up VRID even when the (routes are advertised) advertisements Layer 3 Switch is not currently the active Layer 3...

  • Page 410: Configuring Optional Vsrp Parameters

    Virtual Switch Redundancy Protocol (VSRP) Syntax: enable | disable Configuring optional VSRP parameters The following sections describe how to configure optional VSRP parameters. Disabling or re-enabling VSRP VSRP is enabled by default on Layer 2 Switches and Layer 3 Switches. On a Layer 3 Switch, if you want to use VRRP or VRRPE for Layer 3 redundancy instead of VSRP, you need to disable VSRP first.

  • Page 411: Configuring Authentication

    Virtual Switch Redundancy Protocol (VSRP) To change the timer scale, enter a command such as the following at the global CONFIG level of the CLI. PowerConnect(config)# scale-timer 2 This command changes the scale to 2. All VSRP, VRRP, and VRRP-E timer values will be divided by Syntax: [no] scale-timer ...
  • Page 412 Virtual Switch Redundancy Protocol (VSRP) Specifying no authentication for VSRP hello packets The following configuration specifies no authentication as the preferred VSRP-aware security method. In this case, the VSRP device will not accept incoming packets that have authentication strings. PowerConnect(config)#vlan 10 PowerConnect(config-vlan-10)#vsrp-aware vrid 2 no-auth Syntax: vsrp-aware vrid ...

  • Page 413: Changing The Backup Priority

    Virtual Switch Redundancy Protocol (VSRP) VSRP does not require you to specify an IP address. If you do not specify an address, VSRP provides Layer 2 redundancy. If you do specify an address, VSRP provides Layer 2 and Layer 3 redundancy.

  • Page 414: Changing The Hello Interval

    Virtual Switch Redundancy Protocol (VSRP) • Hold-down interval By default, each Backup saves the configured timer values to its startup-config file when you save the device configuration. You can configure a Backup to instead save the current timer values received from the Master when you save the configuration.
  • Page 415 Virtual Switch Redundancy Protocol (VSRP) NOTE The default Dead interval is three times the Hello interval plus one-half second. Generally, if you change the Hello interval, you also should change the Dead interval on the Backups. NOTE If you change the timer scale, the change affects the actual number of seconds. Changing the dead interval The Dead interval is the number of seconds a Backup waits for a Hello message from the Master before determining that the Master is dead.

  • Page 416: Changing The Default Track Priority

    Virtual Switch Redundancy Protocol (VSRP) Changing the hold-down interval The hold-down interval prevents Layer 2 loops from occurring during failover, by delaying the new Master from forwarding traffic long enough to ensure that the failed Master is really unavailable. To change the Hold-down interval, enter a command such as the following at the configuration level for the VRID.
  • Page 417 Virtual Switch Redundancy Protocol (VSRP) NOTE The priority option changes the priority of the specified interface, overriding the default track port priority. To change the default track port priority, use the backup track-priority command. Disabling or re-enabling backup pre-emption By default, a Backup that has a higher priority than another Backup that has become the Master can preempt the Master, and take over the role of Master.

  • Page 418: Displaying Vsrp Information

    Virtual Switch Redundancy Protocol (VSRP) VSRP-aware interoperablilty The vsrp-aware tc-vlan-flush command should be used in network configurations in which the Dell PowerConnect switch operates as the VSRP-Aware device connecting to a other devices as a VSRP Master. The command is available at the VLAN level, and is issued per a specific VRID, as shown here for VRID 11.
  • Page 419 Virtual Switch Redundancy Protocol (VSRP) This display shows the following information when you use the vrid or vlan parameter. For information about the display when you use the aware parameter, refer to “Displaying the active interfaces for a VRID” on page 378.

  • Page 420: Displaying The Active Interfaces For A Vrid

    Virtual Switch Redundancy Protocol (VSRP) TABLE 64 CLI display of VSRP VRID or VLAN information (Continued) This field... Displays... dead-interval The configured value for the dead interval. The dead interval is the number of seconds a Backup waits for a Hello message from the Master for the VRID before determining that the Master is no longer active.

  • Page 421: Vsrp Fast Start

    VSRP fast start VSRP fast start allows non-Dell PowerConnect or non-VSRP aware devices that are connected to a Dell PowerConnect device that is the VSRP Master to quickly switchover to the new Master when a VSRP failover occurs This feature causes the port on a VSRP Master to restart when a VSRP failover occurs. When the port shuts down at the start of the restart, ports on the non-VSRP aware devices that are connected to the VSRP Master flush the MAC address they have learned for the VSRP master.

  • Page 422: Vsrp And Mrp Signaling

    Virtual Switch Redundancy Protocol (VSRP) PowerConnect#show vsrp vrid 100 VLAN 100 auth-type no authentication VRID 100 ======== State Administrative-status Advertise-backup Preempt-mode save-current master enabled disabled true false Parameter Configured Current Unit/Formula priority (100-0)*(2.0/4.0) hello-interval sec/1 dead-interval sec/1 hold-interval sec/1 initial-ttl hops next hello sent in 00:00:00.3 Member ports:...
  • Page 423 Virtual Switch Redundancy Protocol (VSRP) FIGURE 75 VSRP on MRP rings that failed over Path 1 Path 2 Member Master Host Host Member Member Member Member MRP Member MRP Master MRP Member MRP Member VSRP Backup VSRP Backup VSRP Master VSRP Master VSRP VSRP...
  • Page 424 Virtual Switch Redundancy Protocol (VSRP) PowerConnect B-Series FCX Configuration Guide 53-1002266-01...

  • Page 425: Udld Overview

    Protected Link Groups Table 66 lists the individual Dell PowerConnect switches and the UDLD and protected link group features they support. These features are supported in the Layer 2, base Layer 3, edge Layer 3, and full Layer 3 software images, except where explicitly noted.

  • Page 426: Udld For Tagged Ports

    Dell PowerConnect device load balances traffic across two ports. Without the UDLD feature, a link failure on a link that is not directly attached to one of the Dell PowerConnect devices is undetected by the Dell PowerConnect devices. As a result, the Dell PowerConnect devices continue to send traffic on the ports connected to the failed link.

  • Page 427: Enabling Udld

    UDLD overview Enabling UDLD NOTE This section shows how to configure UDLD for untagged control packets. To configure UDLD for tagged control packets, refer to “Enabling UDLD for tagged ports”. To enable UDLD on a port, enter a command such as the following at the global CONFIG level of the CLI.

  • Page 428: Changing The Keepalive Retries

    The state of the physical link. This is the link between the Dell PowerConnect port and the directly connected device. Logical Link The state of the logical link. This is the state of the link between this Dell PowerConnect port and the Dell PowerConnect port on the other end of the link.

  • Page 429: Displaying Information For A Single Port

    This field... Displays... Current State The state of the logical link. This is the link between this Dell PowerConnect port and the Dell PowerConnect port on the other end of the link. Remote MAC Addr The MAC address of the port or device at the remote end of the logical link.

  • Page 430: Clearing Udld Statistics

    During normal operation, the active port in a protected link group is enabled and the standby ports are logically disabled. If the active port fails, the Dell PowerConnect device immediately enables one of the standby ports, and switches traffic to the standby port. The standby port becomes the new, active port.

  • Page 431: About Active Ports

    When you create a protected link group, you can optionally specify which port in the protected link group is the active port. If you do not explicitly configure an active port, the Dell PowerConnect device dynamically assigns one. A dynamic active port is the first port in the protected link group that comes up (usually the lowest numbered port in the group).

  • Page 432: An Active Port

    These commands configure port e1 as the active port and ports e2 – e4 as standby ports. If port 1 goes down, the Dell PowerConnect device enables the first available standby port, and switches the traffic to that port. Since the above configuration consists of a statically configured active port, the active port pre-empts other ports in the protected link group.
  • Page 433 Protected link groups The parameter specifies the protected link group number. Enter a number from 1 – 32. The active-port ethernet defines the active port. Specify the variable in the following formats: • PowerConnect B-Series FCX stackable switches – Viewing information about protected link groups You can use the following show commands to view information about protected link groups: •...
  • Page 434 Protected link groups PowerConnect#show int e 3 GigabitEthernet3 is up, line protocol is up, link keepalive is enabled Hardware is GigabitEthernet, address is 0012.f2a8.7140 (bia 0012.f2a8.7142) Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx Configured mdi mode AUTO, actual MDIX Member of 3 L2 VLANs, port is tagged, port state is protected-link-inactive BPDU guard is Disabled, ROOT protect is Disabled Link Error Dampening is Disabled...

  • Page 435: Trunk Group Overview

    Chapter Configuring Trunk Groups and Dynamic Link Aggregation Table 70 lists the individual Dell PowerConnect switches and the trunk groups and dynamic link aggregation features they support. TABLE 70 Supported trunk group and dynamic link aggregation features Feature PowerConnect B-Series FCX...

  • Page 436: Trunk Group Connectivity To A Server

    MAC and IP address. Figure 79 shows an example of a trunk group between a server and a Dell PowerConnect device. PowerConnect B-Series FCX Configuration Guide 53-1002266-01...

  • Page 437: Trunk Group Rules

    Trunk group rules Table lists the maximum number of trunk groups you can configure on a Dell PowerConnect device and the valid number of ports in a trunk group. The table applies to static and LACP trunk ports. TABLE 71...

  • Page 438: Trunk Group Configuration Examples

    Configuration notes for Dell PowerConnect devices in an IronStack In a Dell IronStack system, a trunk group may have port members distributed across multiple stack units. Both static and dynamic trunking are supported.
  • Page 439 Trunk group overview FIGURE 80 Examples of 2-port and 3-port trunk groups 42XG 424F 424C 424C 424C 424C 424C 424F 8X-12GM-4 Even Even Console Even Even Device 424C 424F EJECT EJECT EJECT EJECT AC OK DC OK AC OK DC OK AC OK DC OK AC OK...

  • Page 440: Support For Flexible Trunk Group Membership

    “CLI syntax for configuring non-consecutive ports in a trunk group” page 401. Trunk group load sharing Dell PowerConnect devices load-share across the ports in the trunk group. The method used for the load sharing depends on the device type and traffic type (Layer 2 or Layer 3). NOTE Layer 2 and Layer 3 AppleTalk traffic is not load-balanced.
  • Page 441 Trunk group overview Load sharing for unknown unicast, multicast, and broadcast traffic Dell PowerConnect devices load balance unknown unicast, multicast, and broadcast traffic based on the source port and VLAN ID and not on any source or destination information in the packet.

  • Page 442: Configuring A Trunk Group

    Configuring a trunk group 4. IPv6 TCP/UDP: Source IP, Destination IP, Flow Label, Source TCP/UDP Port, Destination TCP/UDP Port, Source MAC, Destination MAC 5. IPv6 Non-TCP/UDP: Source IP, Destination IP, Flow Label, Source MAC, Destination MAC Syntax: [no] trunk hash-options include-layer2 Configuring a trunk group Follow the steps given below to configure a trunk group.

  • Page 443: In Figure 78

    Configuring a trunk group Syntax: trunk deploy Each ethernet parameter introduces a port group. The variable specifies the primary port. Notice that each port group must begin with a primary port.. The primary port of the first port group specified (which must be the group with the lower port numbers) becomes the primary port for the entire trunk group.

  • Page 444: Example 2: Configuring A Trunk Group That Spans Two Gbps Ethernet Modules In A Chassis Device

    Configuring a trunk group NOTE The text shown in italics in the CLI example below shows messages echoed to the screen in answer to the CLI commands entered. PowerConnect(config)#trunk e 1/5 to 1/8 Trunk will be created in next trunk deploy PowerConnect(config)#write memory PowerConnect(config)#trunk deploy To configure the trunk group link between device2 and the server, enter the following commands...

  • Page 445: With One Port Per Module

    Configuring a trunk group Example 3: Configuring a multi-slot trunk group with one port per module You can select one port per module in a multi-slot trunk group. This feature is supported on GbE and 10-GbE ports, as well as on static and LACP trunk ports. For multi-slot trunk group rules, refer Table 74 on page 414.

  • Page 446: Additional Trunking Options

    Configuring a trunk group STK1(config)#trunk ethe 1/1/1 ethe 2/1/4 ethe 3/1/7 ethe 4/1/2 ethe 5/1/5 ethe 6/1/7 ethe 7/1/2 ethe 7/1/5 Trunk will be created in next trunk deploy. STK1(config)#trunk deploy STK1(config)#show trunk Configured trunks: Trunk ID: 1 Hw Trunk ID: 1 Ports_Configured: 8 Primary Port Monitored: Jointly Ports...
  • Page 447 Configuring a trunk group • Setting the sFlow sampling rate on an individual port in a trunk NOTE Depending on the operational state of LACP-enabled ports, at any time, these ports may join a trunk group, change trunk group membership, exit a trunk group, or possibly never join a trunk group. Therefore, before configuring trunking options on LACP-enabled ports (e.g., naming the port, disabiling the port, etc.), verify the actual trunk group port membership using the show trunk command.
  • Page 448 Configuring a trunk group NOTE If you enter no config-trunk-ind, all port configuration commands are removed from the individual ports and the configuration of the primary port is applied to all the ports. Also, once you enter the no config-trunk-ind command, the enable, disable, and monitor commands are valid only on the primary port and apply to the entire trunk group.
  • Page 449 Specifying the minimum number of ports in a static trunk group You can configure Dell PowerConnect devices to disable all of the ports in a trunk group when the number of active member ports drops below a specified threshold value. For example, if a trunk group has 4 ports, and the threshold for the trunk group is 3, then the trunk group is disabled if the number of available ports in the trunk group drops below 3.

  • Page 450: Displaying Trunk Group Configuration Information

    Displaying trunk group configuration information • The disable module command can be used to disable the ports on a module. However, on 10 Gbps modules, the disable module command does not cause the remote connection to be dropped. If a trunk group consists of 10 Gbps ports, and you use the disable module command to disable ports in the trunk group, which then causes the number of active ports in the trunk group to drop below the threshold value, the trunk group is not disabled.

  • Page 451: Viewing The First And Last Ports In A Trunk Group

    Displaying trunk group configuration information NOTE The show trunk command does not display any form of trunk when links are up. Table 73 describes the information displayed by the show trunk command. TABLE 73 CLI trunk group information This field... Displays...

  • Page 452: Dynamic Link Aggregation

    Passive mode – When you enable a port for passive link aggregation, the Dell PowerConnect port can exchange LACPDU messages with the port at the remote end of the link, but the Dell PowerConnect port cannot search for a link aggregation port or initiate negotiation of an aggregate link.

  • Page 453: Ironstack Lacp Trunk Group Configuration Example

    1/1/1-1/1/4 and 3/1/5-3/1/8. Examples of valid LACP trunk groups Dell PowerConnect ports follow the same configuration rules for dynamically created aggregate links as they do for statically configured trunk groups. Refer to “Trunk group rules” on page 395 “Trunk group load sharing”...

  • Page 454: Configuration Notes And Limitations

    Dell PowerConnect devices. The Dell rules apply to a Dell PowerConnect device even if the device at the other end is from another vendor and uses different rules. Refer to “Trunk group rules”...

  • Page 455: Adaptation To Trunk Disappearance

    Adaptation to trunk disappearance The Dell PowerConnect device will tear down an aggregate link if the device at the other end of the link reboots or brings all the links down. Tearing the aggregate link down prevents a mismatch if the other device has a different trunk configuration following the reboot or re-establishment of the links.

  • Page 456: Enabling Dynamic Link Aggregation

    Dynamic link aggregation Figure 83 shows an example of 2-port groups in a range of four ports on which link aggregation is enabled. Based on the states of the ports, some or all of them will be eligible to be used in an aggregate link.
  • Page 457 In conformance with the 802.3ad specification, the default key assigned to an aggregate link is based on the port type (1 Gbps port or 10 Gbps port). The Dell PowerConnect device assigns different keys to 10 Gbps ports than 1 Gbps ports, so that ports with different physical capabilities will not be able to form a trunk.

  • Page 458: Affects Trunk Groups And Dynamic Keys

    Tagged to Untagged VLAN –The port gets the default key for untagged ports. • Untagged to Tagged VLAN – If the Dell PowerConnect device finds a port with matching port properties, the port gets that port key. If it does not find one, the port gets a new key.

  • Page 459: Port Priority

    If you are connecting the Dell PowerConnect device to another vendor device and the link aggregation feature is not working, set the system priority on the Dell PowerConnect device to a lower priority (a higher priority value). In some cases, this change allows the link aggregation feature to operate successfully between the two devices.
  • Page 460 Dynamic link aggregation FIGURE 84 Ports with the same key in different aggregate links Port1/1 Port1/2 System ID: dddd.eeee.ffff Port1/3 All these ports have the same key, but are Ports 1/5 - 1/8: Key 4 Port1/4 in two separate aggregate links with Port1/5 two other devices.
  • Page 461 Dynamic link aggregation FIGURE 85 Multi-slot aggregate link Port1/1 All ports in a multi-slot aggregate link have Port1/2 the same key. Port1/3 Port1/4 Port3/5 Port3/6 Port3/7 Port3/8 System ID: aaaa.bbbb.cccc Ports 1/1 - 1/4: Key 0 Ports 3/5 - 3/8: Key 0 By default, the device ports are divided into 4-port groups.
  • Page 462 Dynamic link aggregation PowerConnect#show link-aggregate System ID: 0004.8055.b200 Long timeout: 90, default: 90 Short timeout: 3, default: 3 Port [Sys P] [Port P] [ Key ] [Act][Tio][Agg][Syn][Col][Dis][Def][Exp][Ope] 10000 10000 10000 10000 4/17 4/18 4/19 4/20 Syntax: show link-aggregate [ethernet ] Specify the ...

  • Page 463: Displaying And Determining The Status Of Aggregate Links

    Syntax: [no] link-aggregate configure [system-priority ] | [port-priority ] | [key ] The system-priority parameter specifies the Dell PowerConnect device link aggregation priority. A higher value indicates a lower priority. You can specify a priority from 0 – 65535. The default is 1.

  • Page 464: Events That Affect The Status Of Ports In An Aggregate Link

    Events that affect the status of ports in an aggregate link Dell PowerConnect devices can block traffic on a port or shut down a port that is part of a trunk group or aggregate link, when a port joins a trunk group and the port on the other end of the link shuts down or stops transmitting LACP packets.
  • Page 465 Displaying and determining the status of aggregate links NOTE Ports that are configured as part of an aggregate link must also have the same key. For more information about assigning keys, refer to the section “Link aggregation parameters” on page 416. The show link-aggregate command shows the following information.

  • Page 466: Displaying Lacp Status Information

    Displaying and determining the status of aggregate links TABLE 75 CLI display of link aggregation information (Continued) This field... Displays... Indicates whether the port is using default link aggregation values. The port uses default values if it has not received link aggregation information through LACP from the port at the remote end of the link.

  • Page 467: Clearing The Negotiated Aggregate Links Table

    Clearing the negotiated aggregate links table Clearing the negotiated aggregate links table When a group of ports negotiates a trunk group configuration, the software stores the negotiated configuration in a table. You can clear the negotiated link aggregation configurations from the software.
  • Page 468 Configuring single link LACP PowerConnect#show link-agg System ID: 00e0.5200.0118 Long timeout: 120, default: 120 Short timeout: 3, default: 3 Port [Sys P] [Port P] [ Key ] [Act][Tio][Agg][Syn][Col][Dis][Def][Exp][Ope] 1 singleton 1 singleton If singleton is configured on the port, the “Key” column displays “singleton”. Refer to “CLI display of link aggregation information”...

  • Page 469: Vlan Overview

    Chapter Configuring Virtual LANs (VLANs) Table 76 lists the individual Dell PowerConnect PowerConnect switches and the VLAN features they support. TABLE 76 Supported VLAN features Feature PowerConnect B-Series FCX VLAN Support 4096 maximum VLANs 802.1Q with tagging 802.1Q-in-Q tagging 802.1Q-in-Q tag profiles...
  • Page 470 Dell PowerConnect device that constitutes a Layer 2 broadcast domain. By default, all the ports on a Dell PowerConnect device are members of the default VLAN. Thus, all the ports on the device constitute a single Layer 2 broadcast domain. You can configure multiple port-based VLANs.
  • Page 471 VLAN overview NOTE VLAN IDs 4087, 4090, and 4093 are reserved for Dell internal use only. VLAN 4094 is reserved for use by Single STP. Also, if you are running an earlier release, VLAN IDs 4091 and 4092 may be reserved for Dell internal use only.
  • Page 472 VLAN overview FIGURE 86 Dell PowerConnect device containing user-defined Layer 2 port-based VLAN DEFAULT-VLAN VLAN ID = 1 Layer 2 Port-based VLAN User-configured port-based VLAN When you add a port-based VLAN, the device removes all the ports in the new VLAN from DEFAULT-VLAN.
  • Page 473 VLAN overview • Other – The device sends broadcasts for all protocol types other than those listed above to all ports within the VLAN. Figure 87 shows an example of Layer 3 protocol VLANs configured within a Layer 2 port-based VLAN.
  • Page 474 VLAN overview Integrated Switch Routing (ISR) The Dell Integrated Switch Routing (ISR) feature enables VLANs configured on Layer 3 Switches to route Layer 3 traffic from one protocol VLAN or IP subnet, IPX network, or AppleTalk cable VLAN to another. Normally, to route traffic from one IP subnet, IPX network, or AppleTalk cable VLAN to another, you would need to forward the traffic to an external router.

  • Page 475: Default Vlan

    VLAN overview NOTE The Layer 3 Switch routes packets between VLANs of the same protocol. The Layer 3 Switch cannot route from one protocol to another. NOTE IP subnet VLANs are not the same thing as IP protocol VLANs. An IP protocol VLAN sends all IP broadcasts on the ports within the IP protocol VLAN.

  • Page 476: Q Tagging

    VLAN ID of the VLAN from which the packet is sent. • The default tag value is 8100 (hexadecimal). This value comes from the 802.1Q specification. You can change this tag value on a global basis on Dell PowerConnect devices if needed to be compatible with other vendors’ equipment. •...
  • Page 477 If you use tagging on multiple devices, each device must be configured for tagging and must use the same tag value. In addition, the implementation of tagging must be compatible on the devices. The tagging on all Dell PowerConnect devices is compatible with other Dell PowerConnect devices. Figure 90 shows an example of two devices that have the same Layer 2 port-based VLANs configured across them.
  • Page 478 Support for 802.1Q-in-Q tagging Dell PowerConnect devices provide finer granularity for configuring 802.1Q tagging, enabling you to configure 802.1Q tag-types on a group of ports, thereby enabling the creation of two identical 802.1Q tags (802.1Q-in-Q tagging) on a single device. This enhancement improves SAV interoperability between Dell PowerConnect devices and other vendors’...

  • Page 479: Spanning Tree Protocol (Stp)

    A virtual routing interface is a logical routing interface that Layer 3 Switches use to route Layer 3 protocol traffic between protocol VLANs. Dell PowerConnect devices send Layer 3 traffic at Layer 2 within a protocol VLAN. However, Layer 3 traffic from one protocol VLAN to another must be routed.
  • Page 480 VLAN overview If you want the device to be able to send Layer 3 traffic from one protocol VLAN to another, you must configure a virtual routing interface on each protocol VLAN, then configure routing parameters on the virtual routing interfaces. For example, to enable a Layer 3 Switch to route IP traffic from one IP subnet VLAN to another, you must configure a virtual routing interface on each IP subnet VLAN, then configure the appropriate IP routing parameters on each of the virtual routing interfaces.

  • Page 481: Vlan And Virtual Routing Interface Groups

    VLAN overview VLAN and virtual routing interface groups Dell PowerConnect devices support the configuration of VLAN groups. To simplify configuration, you can configure VLAN groups and virtual routing interface groups. When you create a VLAN group, the VLAN parameters you configure for the group apply to all the VLANs within the group.
  • Page 482 VLAN overview FIGURE 92 VLAN with dynamic ports—all ports are active when you create the VLAN A = active port C = candidate port When you add ports dynamically, all the ports are added when you add the VLAN. SUBNET Ports in a new protocol VLAN that do not receive traffic for the VLAN protocol age out after 10 minutes and become candidate ports.

  • Page 483: Super Aggregated Vlans

    Static ports do not age out and do not leak broadcast packets. Super aggregated VLANs Dell PowerConnect devices support Super Aggregated VLANs. You can aggregate multiple VLANs within another VLAN. This feature allows you to construct Layer 2 paths and channels. This feature...

  • Page 484: Summary Of Vlan Configuration Rules

    VLAN, nor can you have an IPX protocol VLAN and an IPX network VLAN in the same port-based VLAN. As a Dell PowerConnect device receives packets, the VLAN classification starts from the highest level VLAN first. Therefore, if an interface is configured as a member of both a port-based VLAN and an IP protocol VLAN, IP packets coming into the interface are classified as members of the IP protocol VLAN because that VLAN is higher in the VLAN hierarchy.

  • Page 485: Routing Between Vlans

    Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) Dell calls the ability to route between VLANs with virtual routing interfaces Integrated Switch Routing (ISR). There are some important concepts to understand before designing an ISR backbone.

  • Page 486: Assigning A Different Vlan Id To The Default Vlan

    Routing between VLANs If your backbone consists of virtual routing interfaces all within the same STP domain, it is a bridged backbone, not a routed one. This means that the set of backbone interfaces that are blocked by STP will be blocked for routed protocols as well. The routed protocols will be able to cross these paths only when the STP state of the link is FORWARDING.

  • Page 487: And 4092

    Output of the show reserved-vlan-map command This field Displays Reserved Purpose Describes for what the VLAN is reserved. Note that the description is for Dell internal VLAN management. Default The default VLAN ID of the reserved VLAN. PowerConnect B-Series FCX Configuration Guide 53-1002266-01...

  • Page 488: Assigning Trunk Group Ports

    Routing between VLANs TABLE 77 Output of the show reserved-vlan-map command (Continued) This field Displays Re-assign The VLAN ID to which the reserved VLAN was reassigned. Current The current VLAN ID for the reserved VLAN. If you reassign a reserved VLAN without saving the configuration and reloading the software, the reassigned VLAN ID will display in the Re-assign column.
  • Page 489 Routing between VLANs FIGURE 94 Port-based VLANs 222 and 333 Device interface e 2 interface e 1 IP Subnet 2 IP Subnet 1 IPX Network 2 IPX Network 1 Appletalk Cable-Range 200 Appletalk Cable-Range 100 Appletalk Zone CTP Appletalk Zone Prepress VLAN 333 VLAN 222 Ports 9 - 16...
  • Page 490 Routing between VLANs FIGURE 95 More complex port-based VLAN Device IP Subnet1 IP Subnet3 IP Subnet4 IP Subnet2 IPX Net 1 IPX Net 4 IPX Net 3 IPX Net 2 Atalk 100.1 Atalk 300.1 Atalk 400.1 Atalk 200.1 Zone “A” Zone “D”...
  • Page 491 Routing between VLANs Configuring device-B Enter the following commands to configure device-B. PowerConnect> en PowerConnect# configure terminal PowerConnect(config)# hostname PowerConnect-B PowerConnect-B(config)# vlan 2 name BROWN PowerConnect-B(config-vlan-2)# untagged ethernet 1 to 4 PowerConnect-B(config-vlan-2)# tagged ethernet 25 to 26 PowerConnect-B(config-vlan-2)# spanning-tree PowerConnect-B(config-vlan-2)# spanning-tree priority 500 PowerConnect-B(config-vlan-2)# vlan 3 name GREEN PowerConnect-B(config-vlan-3)# untagged ethernet 5 to 8 PowerConnect-B(config-vlan-3)# tagged ethernet 25 to 26...

  • Page 492: Modifying A Port-Based Vlan

    Routing between VLANs Modifying a port-based VLAN You can make the following modifications to a port-based VLAN: • Add or delete a VLAN port. • Enable or disable STP. Removing a port-based VLAN Suppose you want to remove VLAN 5 from the example in Figure 95.

  • Page 493: Enable Spanning Tree On A Vlan

    Routing between VLANs 4. Enter the following commands to exit the VLAN CONFIG mode and save the configuration to the system-config file on flash memory. PowerConnect-A(config-vlan-4)# PowerConnect-A(config-vlan-4)# end PowerConnect-A# write memory You can remove all the ports from a port-based VLAN without losing the rest of the VLAN configuration.

  • Page 494: Protocol-Based Vlans

    Configuring IP subnet, IPX network and protocol-based VLANs To configure a specific path-cost or priority value for a given port, enter those values using the key words in the brackets [ ] shown in the syntax summary below. If you do not want to specify values for any given port, this portion of the command is not required.
  • Page 495 Configuring IP subnet, IPX network and protocol-based VLANs FIGURE 96 Protocol-based (Layer 3) VLANs Device Port25 IP-Subnet 1 IP-Subnet 2 IP-Subnet 3 IPX Net 1 Appletalk Cable 100 Port25 Layer 3 Switch IP-Subnet 1 IP-Subnet 2 IP-Subnet 3 Ports 1-16, 25 Ports 17-25 IPX Net 1 Appletalk Cable 100...

  • Page 496: Vlans Within Port-Based Vlans

    Configuring IP subnet, IPX network, and protocol-based VLANs within port-based VLANs PowerConnect(config-ipx-proto)# atalk-proto name Red PowerConnect(config-atalk-proto)# no dynamic PowerConnect(config-atalk-proto)# static ethernet 13 to 25 PowerConnect(config-atalk-proto)# end PowerConnect# write memory PowerConnect# Syntax: ip-subnet [name ] Syntax: ipx-network netbios-allow | netbios-disallow [name ] Syntax: ip-proto | ipx-proto | atalk-proto | decnet-proto | netbios-proto | other-proto static |...
  • Page 497 Configuring IP subnet, IPX network, and protocol-based VLANs within port-based VLANs FIGURE 97 More protocol-based VLANs Device Device Port9 Port17 Port1 Device-A Device-B Device-A Device-B VLAN 2 VLAN 3 VLAN 4 VLAN 4 VLAN 2 VLAN 3 = STP Blocked VLAN Device-C Device-C VLAN 2...
  • Page 498 Configuring IP subnet, IPX network, and protocol-based VLANs within port-based VLANs 4. To prevent machines with non-IP protocols from getting into the IP portion of VLAN 2, create another Layer 3 protocol VLAN to exclude all other protocols from the ports that contains the IP-protocol VLAN.
  • Page 499 Configuring IP subnet, IPX network, and protocol-based VLANs within port-based VLANs PowerConnect-B(config-vlan-ipx-proto)# static e5 to 8 e25 to 26 PowerConnect-B(config-vlan-ipx-proto)# exclude e1 to 4 PowerConnect-B(config-vlan-other-proto)# vlan 3 name IP-Sub_IPX-Net_VLANs PowerConnect-B(config-vlan-3)# untagged e9 to 16 PowerConnect-B(config-vlan-3)# tagged e25 to 26 PowerConnect-B(config-vlan-3)# spanning-tree PowerConnect-B(config-vlan-3)# spanning-tree priority 500 PowerConnect-B(config-vlan-3)# ip-sub 1.1.1.0/24 name Green PowerConnect-B(config-vlan-ip-subnet)# no dynamic...

  • Page 500: Configuring An Ipv6 Protocol Vlan

    Configuring an IPv6 protocol VLAN Configuring an IPv6 protocol VLAN You can configure a protocol-based VLAN as a broadcast domain for IPv6 traffic. When the Layer 3 Switch receives an IPv6 multicast packet (a packet with 06 in the version field and 0xFF as the beginning of the destination address), the Layer 3 Switch forwards the packet to all other ports.
  • Page 501 Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) Example Suppose you want to move routing out to each of three buildings in a network. Remember that the only protocols present on VLAN 2 and VLAN 3 are IP and IPX. Therefore, you can eliminate tagged ports 25 and 26 from both VLAN 2 and VLAN 3 and create new tagged port-based VLANs to support separate IP subnets and IPX networks for each backbone link.
  • Page 502 Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) PowerConnect>en No password has been assigned yet... PowerConnect# configure terminal PowerConnect(config)# hostname PowerConnect-A PowerConnect-A(config)# router ospf PowerConnect-A(config-ospf-router)# area 0.0.0.0 normal Please save configuration to flash and reboot. PowerConnect-A(config-ospf-router)# The following commands create the port-based VLAN 2. In the previous example, an external device defined the router interfaces for VLAN 2.
  • Page 503 Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) PowerConnect-A(config-vlan-ip-subnet)# ipx-network 1 ethernet_802.3 PowerConnect-A(config-vlan-ipx-network)# static ethernet 13 to 16 PowerConnect-A(config-vlan-ipx-network)# router-interface ve4 PowerConnect-A(config-vlan-ipx-network)# other-proto name block-other-protocols PowerConnect-A(config-vlan-other-proto)# exclude ethernet 9 to 16 PowerConnect-A(config-vlan-other-proto)# no dynamic PowerConnect-A(config-vlan-other-proto)# interface ve 3 PowerConnect-A(config-vif-3)# ip addr 1.1.1.1/24 PowerConnect-A(config-vif-3)# ip ospf area 0.0.0.0 PowerConnect-A(config-vif-3)# interface ve4...
  • Page 504 Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) This completes the configuration for device-A. The configuration for device-B and C is very similar except for a few issues which are as follows: • IP subnets and IPX networks configured on device-B and device-C must be unique across the entire network, except for the backbone port-based VLANs 5, 6, and 7 where the subnet is the same but the IP address must change.
  • Page 505 Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) PowerConnect-B(config-vif-4)# ipx network 7 ethernet_802.3 PowerConnect-B(config-vif-4)# vlan 4 name Bridged_ALL_Protocols PowerConnect-B(config-vlan-4)# untagged ethernet 17 to 24 PowerConnect-B(config-vlan-4)# tagged ethernet 25 to 26 PowerConnect-B(config-vlan-4)# spanning-tree PowerConnect-B(config-vlan-4)# vlan 5 name Rtr_BB_to_Bldg.1 PowerConnect-B(config-vlan-5)# tagged ethernet 25 PowerConnect-B(config-vlan-5)# no spanning-tree PowerConnect-B(config-vlan-5)# router-interface ve5...

  • Page 506: Configuring Protocol Vlans With Dynamic Ports

    Configuring protocol VLANs with dynamic ports PowerConnect-C(config-vlan-ip-subnet)# ipx-network 10 ethernet_802.3 PowerConnect-C(config-vlan-ipx-network)# static ethernet 13 to 16 PowerConnect-C(config-vlan-ipx-network)# router-interface ve4 PowerConnect-C(config-vlan-ipx-network)# other-proto name block-other-protocols PowerConnect-C(config-vlan-other-proto)# exclude ethernet 9 to 16 PowerConnect-C(config-vlan-other-proto)# no dynamic PowerConnect-C(config-vlan-other-proto)# interface ve 3 PowerConnect-C(config-vif-3)# ip addr 1.1.10.1/24 PowerConnect-C(config-vif-3)# ip ospf area 0.0.0.0 PowerConnect-C(config-vif-3)# interface ve4 PowerConnect-C(config-vif-4)# ipx network 10 ethernet_802.3...

  • Page 507: Aging Of Dynamic Ports

    Configuring protocol VLANs with dynamic ports Aging of dynamic ports When you add the ports to the VLAN, the software automatically adds them all to the VLAN. However, dynamically added ports age out. If the age time for a dynamic port expires, the software removes the port from the VLAN.

  • Page 508: Configuration Guidelines

    Configuring protocol VLANs with dynamic ports Configuration guidelines • You cannot dynamically add a port to a protocol VLAN if the port has any routing configuration parameters. For example, the port cannot have a virtual routing interface, IP subnet address, IPX network address, or AppleTalk network address configured on it.

  • Page 509: Configuring An Ipx Network Vlan With Dynamic Ports

    Configuring protocol VLANs with dynamic ports PowerConnect(config)# vlan 10 by port name IP_VLAN PowerConnect(config-vlan-10)# untagged ethernet 1/1 to 1/6 added untagged port ethe 1/1 to 1/6 to port-vlan 10. PowerConnect(config-vlan-10)# ip-subnet 1.1.1.0/24 name Mktg-LAN PowerConnect(config-vlan-10)# dynamic PowerConnect(config)# write memory These commands create a port-based VLAN on chassis ports 1/1 – 1/6 named “Mktg-LAN”, configure an IP subnet VLAN within the port-based VLAN, and then add ports from the port-based VLAN dynamically.

  • Page 510: Configuring Uplink Ports Within A Port-Based Vlan

    Configuring uplink ports within a port-based VLAN Syntax: ipx-network ethernet_ii | ethernet_802.2 | ethernet_802.3 | ethernet_snap [name ] Syntax: dynamic Configuring uplink ports within a port-based VLAN You can configure a subset of the ports in a port-based VLAN as uplink ports. When you configure uplink ports in a port-based VLAN, the device sends all broadcast and unknown-unicast traffic from a port in the VLAN to the uplink ports, but not to other ports within the VLAN.

  • Page 511: Multiple Port-Based Vlans

    VLAN, then add a separate IP subnet address to each virtual routing interface. The IP address on each of the virtual routing interfaces must be in a separate subnet. The Dell PowerConnect device routes Layer 3 traffic between the subnets using the subnet addresses.
  • Page 512 VLANs using the same IP subnet address, the Dell PowerConnect device performs a proxy ARP on behalf of the other host. The Dell PowerConnect device then replies to the ARP by sending the virtual routing interface MAC address. The Dell PowerConnect device uses the same MAC address for all virtual routing interfaces.
  • Page 513 IP subnet address. • If the destination is in the same VLAN as the source, the Dell PowerConnect device does not need to perform a proxy ARP. To configure multiple VLANs to use the same IP subnet address: •...

  • Page 514: Configuring Vlan Groups And Virtual Routing Interface Groups

    Configuring VLAN groups and virtual routing interface groups NOTE Because virtual routing interfaces 2 and 3 do not have their own IP subnet addresses but instead are “following” virtual routing interface a IP address, you still can configure an IPX or AppleTalk interface on virtual routing interfaces 2 and 3.
  • Page 515 Configuring VLAN groups and virtual routing interface groups The first command in this example begins configuration for VLAN group 1, and assigns VLANs 2 through 257 to the group. The second command adds ports 1/1 and 1/2 as tagged ports. Because all the VLANs in the group share the ports, you must add the ports as tagged ports.

  • Page 516: Configuring A Virtual Routing Interface Group

    Configuring VLAN groups and virtual routing interface groups PowerConnect# show vlan-group vlan-group 1 vlan 2 to 20 tagged ethe 1/1 to 1/2 vlan-group 2 vlan 21 to 40 tagged ethe 1/1 to 1/2 Syntax: show vlan-group [] The specifies a VLAN group. If you do not use this parameter, the configuration information for all the configured VLAN groups is displayed.

  • Page 517: Interface Group Information

    NOTE IPv6 is not supported with group-ve. NOTE Dell PowerConnect devices do not support ACLs with group-ve. NOTE PowerConnect devices support group-ve with OSPF and VRRP protocols only. The syntax and usage for the ip address command is the same as when you use the command at the interface level to add an IP interface.

  • Page 518: Routing Interfaces

    Configuring VLAN groups and virtual routing interface groups Allocating memory for more VLANs or virtual routing interfaces Layer 2 and Layer 3 Switches support up to 4095 VLANs. In addition, Layer 3 switches support up to 512 virtual routing interfaces. The number of VLANs and virtual routing interfaces supported on your product depends on the device and, for Chassis devices, the amount of DRAM on the management module.

  • Page 519: Configuring Super Aggregated Vlans

    You can aggregate up to 4094 VLANs within another VLAN. This provides a total VLAN capacity on one Dell PowerConnect device of 16,760,836 channels (4094 * 4094). The devices connected through the channel are not visible to devices in other channels. Therefore, each client has a private link to the other side of the channel.
  • Page 520 Configuring super aggregated VLANs FIGURE 101 Conceptual model of the super aggregated VLAN application ..Client 3 Client 5 Client 1 Client 1 192.168.1.69/24 Path = a single VLAN into which client VLANs are aggregated Channel = a client VLAN nested inside a Path...
  • Page 521 Configuring super aggregated VLANs FIGURE 102 Example of a super aggregated VLAN application Client 6 Client 10 Client 8 Client 1 Client 3 Client 5 Port1/1 Port1/5 Port1/1 Port1/3 Port1/5 Port1/3 ..

  • Page 522: Configuring Aggregated Vlans

    Configuring super aggregated VLANs Configuration notes • Super Aggregated VLANs and VSRP are not supported together on the same device. Configuring aggregated VLANs To configure aggregated VLANs, perform the following tasks: • On each edge device, configure a separate port-based VLAN for each client connected to the edge device.

  • Page 523: Verifying The Configuration

    Configuring super aggregated VLANs PowerConnect(config-vlan-104)# tagged ethernet 2/1 PowerConnect(config-vlan-104)# untagged ethernet 1/4 PowerConnect(config-vlan-104)# exit PowerConnect(config)# vlan 105 by port PowerConnect(config-vlan-105)# tagged ethernet 2/1 PowerConnect(config-vlan-105)# untagged ethernet 1/5 PowerConnect(config-vlan-105)# exit PowerConnect(config)# write memory Syntax: [no] vlan [by port] Syntax: [no] tagged ethernet [/] [to [/] | ethernet [/]] Syntax: [no] untagged ethernet [/]...
  • Page 524 Configuring super aggregated VLANs NOTE In these examples, the configurations of the edge devices (A, B, E, and F) are identical. The configurations of the core devices (C and D) also are identical. The aggregated VLAN configurations of the edge and core devices on one side must be symmetrical (in fact, a mirror image) to the configurations of the devices on the other side.
  • Page 525 Configuring super aggregated VLANs PowerConnectB(config)# vlan 105 by port PowerConnectB(config-vlan-105)# tagged ethernet 2/1 PowerConnectB(config-vlan-105)# untagged ethernet 1/5 PowerConnectB(config-vlan-105)# exit PowerConnectB(config)# write memory Commands for device C Because device C is aggregating channel VLANs from devices A and B into a single path, you need to change the tag type and enable VLAN aggregation.

  • Page 526: Configuring 802.1Q-In-Q Tagging

    802.1Q tag-types, but are not very flexible with the tag-types they accept. NOTE Dell PowerConnect devices treat a double-tagged Ethernet frame as a Layer 2 only frame. The packets are not inspected for Layer 3 and Layer 4 information, and operations are not performed on the packet utilizing Layer 3 or Layer 4 information.

  • Page 527: Configuration Rules

    306 for a list of valid port regions. • On devices that support port regions, if you configure a port with an 802.1Q tag-type, the Dell PowerConnect device automatically applies the 802.1Q tag-type to all ports within the same port region.
  • Page 528 If you specify a single port number, the 802.1Q tag applies to all ports within the port region. For example, if you enter the command tag-type 9100 ethernet 1, the Dell PowerConnect device automatically applies the 802.1Q tag to ports 1 – 12 because all of these ports are in the same port region.

  • Page 529: Example Configuration

    Configuring 802.1Q-in-Q tagging Example configuration Figure 104 shows an example 802.1Q-in-Q configuration. FIGURE 104 Example 802.1Q-in-Q configuration Client 6 Client 10 Client 1 Client 3 Client 5 Client 8 Port1 Port5 Port3 Port1 Port3 Port5 ..

  • Page 530: Configuring 802.1Q-In-Q Tag Profiles

    Configuring private VLANs NOTE Dell PowerConnect devices support private VLANs on both tagged and untagged ports. Tagged ports are supported only on the PowerConnect B-Series FCX platform. A private VLAN (PVLAN) is a VLAN that has the properties of standard Layer 2 port-based VLANs but also provides additional control over flooding packets on a VLAN.
  • Page 531 Configuring private VLANs FIGURE 105 PVLAN used to secure communication between a workstation and servers A private VLAN secures traffic Private VLAN between a primary port and host ports. Traffic between the hosts and Port-based VLAN the rest of the network must travel through the primary port.
  • Page 532 Configuring private VLANs • Community – Broadcasts and unknown unicasts received on community ports are sent to the primary port and also are flooded to the other ports in the community VLAN. Each PVLAN must have a primary VLAN. The primary VLAN is the interface between the secured ports and the rest of the network.

  • Page 533: Configuration Notes

    IGMP, may be sent only to the CPU for analysis, based on the IGMP snooping configuration. When protocol or subnet VLANs are enabled, or if PVLAN mappings are enabled, the Dell PowerConnect B-Series FCX Configuration Guide...
  • Page 534 Configuring private VLANs PowerConnect device will flood unknown unicast, unregistered multicast, and broadcast packets in software. The flooding of broadcast or unknown unicast from the community or isolated VLANs to other secondary VLANs will be governed by the PVLAN forwarding rules. The switching is done in hardware and thus the CPU does not enforce packet restrictions.The hardware forwarding behavior is supported on the PowerConnect B-Series FCX platforms only.
  • Page 535 Configuring private VLANs To map the secondary VLANs to the primary VLAN and to configure the tagged switch link port, enter commands such as the following. PowerConnect(config)# vlan 100 PowerConnect(config-vlan-100)# tagged ethernet 1/1/10 to 1/1/11 PowerConnect(config-vlan-100)# untagged ethernet 1/1/4 PowerConnect(config-vlan-100)# pvlan type primary PowerConnect(config-vlan-100)# pvlan mapping 101 ethernet 1/1/4 PowerConnect(config-vlan-100)# pvlan mapping 102 ethernet 1/1/4 PowerConnect(config-vlan-100)# pvlan pvlan-trunk 101 ethernet 1/1/10 to 1/1/11...
  • Page 536 Configuring private VLANs • An isolated VLAN must be associated with the primary VLAN for traffic from the isolated port to be switched. An isolated VLAN is associated with only one primary VLAN and to the same primary VLAN in the entire switched network. •...

  • Page 537: To The Pvlan

    Configuring private VLANs Enabling broadcast or unknown unicast traffic to the PVLAN To enhance PVLAN security, the primary PVLAN does not forward broadcast or unknown unicast packets to its community and isolated VLANs, and other ports in the primary VLAN. For example, if port 3/2 in Figure 105 on page 489 receives a broadcast packet from the firewall, the port does...

  • Page 538: Cli Example For A General Pvlan Network

    Configuring private VLANs CLI example for a general PVLAN network To configure the PVLANs shown in Figure 105 on page 489, enter the following commands. PowerConnect(config)# vlan 901 PowerConnect(config-vlan-901)# untagged ethernet 3/5 to 3/6 PowerConnect(config-vlan-901)# pvlan type community PowerConnect(config-vlan-901)# exit PowerConnect(config)# vlan 902 PowerConnect(config-vlan-902)# untagged ethernet 3/9 to 3/10 PowerConnect(config-vlan-902)# pvlan type isolated...

  • Page 539: Dual-Mode Vlan Ports

    Dual-mode VLAN ports PowerConnect(config)# vlan 100 by port PowerConnect(config-vlan-100)# tagged ethernet 1/1/10 to 1/1/11 PowerConnect(config-vlan-100)# pvlan type primary PowerConnect(config-vlan-100)# pvlan pvlan-trunk 102 ethernet 1/1/10 to 1/1/11 PowerConnect(config-vlan-100)# pvlan pvlan-trunk 101 ethernet 1/1/10 to 1/1/11 PowerConnect B-Series FCX 3 PowerConnect(config)# vlan 101 by port PowerConnect(config-vlan-101)# untagged ethernet 1/1/3 PowerConnect(config-vlan-101)# pvlan type isolated PowerConnect(config)# vlan 102 by port...
  • Page 540 Dual-mode VLAN ports FIGURE 108 Dual-mode VLAN port example VLAN 20 Untagged Traffic Traffic Port2/11 Tagged, VLAN 20 dual-mode Switch Port2/9 Port2/10 Tagged, VLAN 20 Untagged Untagged VLAN 20 Traffic Traffic To enable the dual-mode feature on port 2/11 in Figure 108,enter the following commands.
  • Page 541 Dual-mode VLAN ports FIGURE 109 Specifying a default VLAN ID for a dual-mode port VLAN 10 VLAN 10 Untagged Untagged Traffic Traffic Dual-mode Port2/11 Port2/10 Default VLAN ID 10 Untagged, VLAN 10 Tagged, VLAN 20 Switch Port2/9 Tagged, VLAN 20 VLAN 20 VLAN 20 Tagged...

  • Page 542: Displaying Vlan Information

    Displaying VLAN information The show vlan command displays a separate row for dual-mode ports on each VLAN. Example PowerConnect# show vlan Total PORT-VLAN entries: 3 Maximum PORT-VLAN entries: 16 legend: [S=Slot] PORT-VLAN 1, Name DEFAULT-VLAN, Priority level0, Spanning tree Off Untagged Ports: (S1) Untagged Ports: (S2) 8 12 13 14 15 16 17 18 19...

  • Page 543: Displaying System-Wide Vlan Information

    Displaying VLAN information Displaying system-wide VLAN information Use the show vlans command to display VLAN information for all the VLANs configured on the device. The following example shows the display for the IP subnet and IPX network VLANs configured in the examples in “Configuring an IP subnet VLAN with dynamic ports”...

  • Page 544: Displaying Global Vlan Information

    Displaying VLAN information PowerConnect# show vlan 4 Total PORT-VLAN entries: 5 Maximum PORT-VLAN entries: 3210 PORT-VLAN 4, Name [None], Priority level0, Spanning tree Off Untagged Ports: None Tagged Ports: Uplink Ports: None DualMode Ports: PowerConnect# show vlan 3 Total PORT-VLAN entries: 5 Maximum PORT-VLAN entries: 3210 PORT-VLAN 3, Name [None], Priority level0, Spanning tree Off Untagged Ports: None...

  • Page 545: Displaying A Port Vlan Membership

    Displaying VLAN information PowerConnect# show vlans ethernet 7/1 Total PORT-VLAN entries: 3 Maximum PORT-VLAN entries: 8 legend: [S=Slot] PORT-VLAN 100, Name [None], Priority level0, Spanning tree Off Untagged Ports: (S7) Tagged Ports: None Syntax: show vlans [ | ethernet [/] The ...

  • Page 546: Displaying Pvlan Information

    Displaying VLAN information • For untagged ports, the PVID is the VLAN ID number. • For dual-mode ports, the PVID is the dual-mode VLAN ID number. • For tagged ports without dual-mode, the PVID is always Not Applicable (NA). PowerConnect# show interfaces brief Port Link State...

  • Page 547: Gvrp Overview

    A Dell PowerConnect device enabled for GVRP can do the following: • Learn about VLANs from other Dell PowerConnect devices and configure those VLANs on the ports that learn about the VLANs. The device listens for GVRP Protocol Data Units (PDUs) from other devices, and implements the VLAN configuration information in the PDUs.

  • Page 548: Application Examples

    Application examples • IEEE draft P802.1t/D10, November 20, 2000 Application examples Figure 110 shows an example of a network that uses GVRP. This section describes various ways you can use GVRP in a network such as this one. “CLI examples” on page 522 lists the CLI commands to implement the applications of GVRP described in this section.

  • Page 549: Dynamic Core And Dynamic Edge

    Application examples Core device Edge device A Edge device B Edge device C • • • • GVRP is enabled on all GVRP is enabled on GVRP is enabled on GVRP is enabled on ports. port 4/24. Learning port 4/1. Learning is port 4/1.

  • Page 550: Fixed Core And Dynamic Edge

    Maximum column of the show default values display. • The default VLAN (VLAN 1) is not advertised by the Dell implementation of GVRP. The default VLAN contains all ports that are not members of statically configured VLANs or VLANs enabled for GVRP.
  • Page 551 Configuration notes • Single STP must be enabled on the device. Dell implementation of GVRP requires Single STP. If you do not have any statically configured VLANs on the device, you can enable Single STP as follows. PowerConnect(config)#vlan 1 PowerConnect(config-vlan-1)#exit...

  • Page 552: Configuring Gvrp

    Configuring GVRP Configuring GVRP To configure a device for GVRP, globally enable support for the feature, then enable the feature on specific ports. Optionally, you can disable VLAN learning or advertising on specific interfaces. You can also change the protocol timers and the GVRP base VLAN ID. Changing the GVRP base VLAN ID By default, GVRP uses VLAN 4093 as a base VLAN for the protocol.

  • Page 553: Enabling Gvrp

    Configuring GVRP Enabling GVRP To enable GVRP, enter commands such as the following at the global CONFIG level of the CLI. PowerConnect(config)#gvrp-enable PowerConnect(config-gvrp)#enable all The first command globally enables support for the feature and changes the CLI to the GVRP configuration level.

  • Page 554: Disabling Vlan Learning

    Configuring GVRP Disabling VLAN learning To disable VLAN learning on a port enabled for GVRP, enter a command such as the following at the GVRP configuration level. PowerConnect(config-gvrp)#block-learning ethernet 6/24 This command disables learning of VLAN information on port 6/24. NOTE The port still advertises VLAN information unless you also disable VLAN advertising.
  • Page 555 Configuring GVRP • Leaveall – The minimum interval at which GVRP sends Leaveall messages on all GVRP interfaces. Leaveall messages ensure that the GVRP VLAN membership information is current by aging out stale VLAN information and adding information for new VLAN memberships, if the information is missing.

  • Page 556: Displaying Gvrp Information

    Converting a VLAN created by GVRP into a statically-configured VLAN • Leave – 600 ms • Leaveall – 10000 ms Converting a VLAN created by GVRP into a statically-configured VLAN You cannot configure VLAN parameters on VLANs created by GVRP. Moreover, VLANs and VLAN ports added by GVRP do not appear in the running-config and cannot be saved in the startup-config file.

  • Page 557: Displaying Gvrp Configuration Information

    Displaying GVRP information • CPU utilization statistics • GVRP diagnostic information Displaying GVRP configuration information To display GVRP configuration information, enter a command such as the following. PowerConnect#show gvrp GVRP is enabled on the system GVRP BASE VLAN ID : 4093 GVRP MAX Leaveall Timer : 300000 ms GVRP Join Timer...
  • Page 558 Displaying GVRP information TABLE 82 CLI display of summary GVRP information (Continued) This field... Displays... GVRP Join Timer The value of the Join timer. NOTE: For descriptions of the Join, Leave, and Leaveall timers or to change the timers, refer to “Changing the GVRP timers”...

  • Page 559: Displaying Gvrp Vlan Information

    Displaying GVRP information PowerConnect#show gvrp ethernet 2/1 Port 2/1 - GVRP Enabled : YES GVRP Learning : ALLOWED GVRP Applicant : ALLOWED Port State : UP Forwarding : YES VLAN Membership: [VLAN-ID] [MODE] FORBIDDEN FIXED 1001 NORMAL 1003 NORMAL 1004 NORMAL 1007 NORMAL...
  • Page 560 Displaying GVRP information PowerConnect#show gvrp vlan brief Number of VLANs in the GVRP Database: 7 Maximum Number of VLANs that can be present: 4095 [VLAN-ID] [MODE] [VLAN-INDEX] STATIC-DEFAULT STATIC STATIC 1001 DYNAMIC 1003 DYNAMIC 4093 STATIC-GVRP-BASE-VLAN 4094 STATIC-SINGLE-SPAN-VLAN =========================================================================== Syntax: show gvrp vlan all | brief | This display shows the following information.

  • Page 561: Displaying Gvrp Statistics

    Displaying GVRP information This display shows the following information. TABLE 85 CLI display of summary VLAN information for GVRP This field... Displays... VLAN-ID The VLAN ID. VLAN-INDEX A number used as an index into the internal database. STATIC Whether the VLAN is a statically configured VLAN. DEFAULT Whether this is the default VLAN.

  • Page 562: Displaying Cpu Utilization Statistics

    Displaying GVRP information • PowerConnect B-Series FCX stackable switches – This display shows the following information for the port. TABLE 86 CLI display of GVRP statistics This field... Displays... Leave All Received The number of Leaveall messages received. Join Empty Received The number of Join Empty messages received.
  • Page 563 Displaying GVRP information PowerConnect#show process cpu Process Name 5Sec(%) 1Min(%) 5Min(%) 15Min(%) Runtime(ms) 0.01 0.03 0.09 0.22 0.00 0.00 0.00 0.00 GVRP 0.00 0.03 0.04 0.07 ICMP 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 OSPF 0.00 0.00 0.00 0.00 0.00 0.00 0.00...

  • Page 564: Displaying Gvrp Diagnostic Information

    Clearing GVRP statistics Displaying GVRP diagnostic information To display diagnostic information, enter the following command. PowerConnect#debug gvrp packets GVRP: Packets debugging is on GVRP: 0x2095ced4: 01 80 c2 00 00 21 00 e0 52 ab 87 40 00 3a 42 42 GVRP: 0x2095cee4: 03 00 01 01 02 00 04 05 00 02 04 05 00 07 04 05 GVRP: 0x2095cef4:...

  • Page 565: Dynamic Core And Fixed Edge

    CLI examples Dynamic core and fixed edge In this configuration, the edge devices advertise their statically configured VLANs to the core device. The core device does not have any statically configured VLANs but learns the VLANs from the edge devices. Enter the following commands on the core device.

  • Page 566: Dynamic Core And Dynamic Edge

    CLI examples PowerConnect(config-vlan-40)#exit PowerConnect(config)#gvrp-enable PowerConnect(config-gvrp)#enable ethernet 4/1 PowerConnect(config-gvrp)#block-learning ethernet 4/1 Dynamic core and dynamic edge In this configuration, the core and edge devices have no statically configured VLANs and are enabled to learn and advertise VLANs. The edge and core devices learn the VLANs configured on the devices in the edge clouds.

  • Page 567: Fixed Core And Fixed Edge

    CLI examples Fixed core and fixed edge The VLANs are statically configured on the core and edge devices. On each edge device, VLAN advertising is enabled but learning is disabled. GVRP is not configured on the core device. This configuration enables the devices in the edge clouds to learn the VLANs configured on the edge devices.
  • Page 568 CLI examples PowerConnect B-Series FCX Configuration Guide 53-1002266-01...

  • Page 569: Static And Dynamic Hosts

    Chapter Configuring MAC-based VLANs Table 87 lists the individual Dell PowerConnect switches and the MAC-based VLAN features they support. TABLE 87 Supported MAC-based VLAN features Feature PowerConnect B-Series FCX MAC-Based VLANs: • Source MAC address authentication • Policy-based classification and forwarding MAC-based VLANs and 802.1X security...

  • Page 570: Dynamic Mac-Based Vlan

    Dynamic MAC-based VLAN • Source MAC Address Authentication • Policy-Based Classification and Forwarding Source MAC address authentication Source MAC address authentication is performed by a central RADIUS server when it receives a PAP request with a username and password that match the MAC address being authenticated. When the MAC address is successfully authenticated, the server must return the VLAN identifier, which is carried in the Tunnel-Type, Tunnel-Medium-Type, and Tunnel-Private-Group-ID attributes of the RADIUS packets.

  • Page 571: Configuration Notes And Feature Limitations

    Dell PowerConnect devices do not support UDLD link-keepalives on ports with MAC-based VLAN enabled. • Dell PowerConnect devices do not support STP BPDU packets on ports with MAC-based VLAN enabled. • MAC-to-VLAN mapping must be associated with VLANs that exist on the switch. Create the VLANs before you configure the MAC-based VLAN feature.

  • Page 572: Configuration Example

    Configuration notes and feature limitations TABLE 88 CLI commands for MAC-based VLANs (Continued) CLI command Description CLI level show table-mac-vlan Displays information about allowed and denied global MAC addresses on ports with MAC-based VLAN enabled. show table-mac-vlan allowed-mac Displays MAC addresses that have been global successfully authenticated show table-mac-vlan denied-mac...

  • Page 573: Configuring Mac-Based Vlans

    Using MAC-based VLANs and 802.1X security on the same port On Dell PowerConnect devices, MAC-based VLANs and 802.1X security can be configured on the same port. When both of these features are enabled on the same port, MAC-based VLAN is performed prior to 802.1X authentication.

  • Page 574: Radius Server

    Vendor-Specific Attributes (VSAs) that specify additional information about the device. Add Dell vendor-specific attributes to your RADIUS server configuration, and configure the attributes in the individual or group profiles of the devices that will be authenticated. Dell. vendor-ID is 1991, vendor-type 1.

  • Page 575: Aging For Mac-Based Vlan

    The aging process for MAC-based VLAN works as described below. For permitted hosts For permitted hosts, as long as the Dell PowerConnect device is receiving traffic aging does not occur. The age column in the output of the show table-mac-vlan command displays Ena or S .

  • Page 576: Disabling Aging For Mac-Based Vlan Sessions

    VLAN table. NOTE If the Dell PowerConnect device receives a packet from an authenticated MAC address, and the MAC-based VLAN software aging is still in progress (hardware aging has already occurred), a RADIUS message is NOT sent to the RADIUS server.

  • Page 577: Configuring The Maximum Mac Addresses Per Port

    Configuring MAC-based VLANs PowerConnect(config)#interface e 3/1 PowerConnect(config-if-e1000-3/1)#mac-authentication disable-aging Syntax: [no] mac-authentication disable-aging Configuring the maximum MAC addresses per port To configure the maximum number of MAC addresses allowed per port, use the following commands: PowerConnect(config)#interface e 0/1/1 PowerConnect(config-if-e1000-0/1/1)#mac-authentication mac-vlan max-mac-entries 24 NOTE 32 MAC addresses maximum are allowed per port.

  • Page 578: Configuring Mac-Based Vlan For A Dynamic Host

    Configuring MAC-based VLANs Configuring MAC-based VLAN for a dynamic host Follow the steps given below to configure MAC-based VLAN for a dynamic host. 1. Enable multi-device port authentication globally using the following command. PowerConnect(config)#mac-authentication enable 2. Add each port on which you want MAC-based VLAN enabled as mac-vlan-permit for a specific VLAN.

  • Page 579: Configuring Mac-Based Vlans Using Snmp

    Configuring MAC-based VLANs using SNMP Configuring MAC-based VLANs using SNMP Several MIB objects have been developed to allow the configuration of MAC-based VLANs using SNMP. For more information, refer to the IronWare MIB Reference Guide. Displaying Information about MAC-based VLANs This section describes the show commands that display information related to MAC-based VLANs.

  • Page 580: Displaying Allowed Mac Addresses

    Rst indicates a restricted VLAN Time The time at which the MAC address was authenticated. If the clock is set on the Dell PowerConnect device, then the actual date and time are displayed. If the clock has not been set, then the time is displayed relative to when the device was last restarted.

  • Page 581: Displaying Detailed Mac-Vlan Data

    Displaying Information about MAC-based VLANs PowerConnect(config)#show table-mac-vlan denied-mac ------------------------------------------------------------------------------- MAC Address Port Vlan Authenticated Time dot1x ------------------------------------------------------------------------------- 0000.0030.1002 1/1/1 4092 No 00d00h11m57s H40 Syntax: show table-mac-vlan denied-mac The following table describes the information in this output. This field... Displays... MAC Address The denied MAC address for which the information is displayed.
  • Page 582 Displaying Information about MAC-based VLANs PowerConnect#show table-mac-vlan detailed e 0/1/2 Port : 0/1/2 Dynamic-Vlan Assignment : Disabled RADIUS failure action : Block Traffic Failure restrict use dot1x : No Override-restrict-vlan : Yes Vlan : (MAC-PERMIT-VLAN ) Port Vlan State : DEFAULT 802.1X override Dynamic PVID : NO Original PVID...

  • Page 583: Displaying Mac-Vlan Information For A Specific Interface

    Rst indicates a restricted VLAN Time The time at which the MAC address was authenticated. If the clock is set on the Dell PowerConnect device, then the actual date and time are displayed. If the clock has not been set, then the time is displayed relative to when the device was last restarted.

  • Page 584: Displaying Mac Addresses In A Mac-Based Vlan

    Displaying Information about MAC-based VLANs Displaying MAC addresses in a MAC-based VLAN Enter the following command to display a list of MAC addresses in a MAC-based VLAN. PowerConnect#show mac-address Total active entries from all ports = 1541 MAC-Address Port Type Index VLAN 0000.2000.0001...

  • Page 585: Displaying Mac-Based Vlan Logging

    Figure 111 illustrates a sample configuration that uses MAC-based VLAN on port e 0/1/1 on the Dell PowerConnect device. In this configuration, three host PCs are connected to port e 0/1/1 through a hub. Host A MAC address is statically configured on port e 0/1/1. The profile for Host B MAC address on the RADIUS server specifies that the PC should be assigned to VLAN 2.
  • Page 586 Sample application FIGURE 111 Sample MAC-based VLAN configuration RADIUS Server User: 0030.4875.3f73 (Host B) Tunnel-Private-Group-ID = VLAN2 No profile for MAC 0030.4875.3ff5 (Host C) Power Console Device Lnk/ Lnk/ Port e1 mac-vlan-permit Untagged Untagged Untagged Host station A Host station B Host station C MAC: 0030.4888.b9fe MAC: 0030.4875.3f73...
  • Page 587 Sample application mac-authentication hw-deny-age 30 mac-authentication auth-passwd-format xxxx.xxxx.xxxx interface ethernet 0/1/1 mac-authentication mac-vlan max-mac-entries 5 mac-authentication mac-vlan 0030.4888.b9fe vlan 1 priority 1 mac-authentication mac-vlan enable interface ethernet 0/1/2 mac-authentication mac-vlan max-mac-entries 5 mac-authentication mac-vlan enable The show table-mac-vlan command returns the following results for all ports in this configuration. PowerConnect#show table-mac-vlan --------------------------------------------------------------- Port...
  • Page 588 Sample application PowerConnect B-Series FCX Configuration Guide 53-1002266-01...
  • Page 589 Priority mapping using ACLs Hardware usage statistics Policy-based routing (PBR) (Supported in the full Layer 3 code only) This chapter describes how Access Control Lists (ACLs) are implemented and configured in the Dell PowerConnect devices. PowerConnect B-Series FCX Configuration Guide 53-1002266-01...

  • Page 590: Acl Overview

    (ACLs)”. ACL overview Dell PowerConnect devices support rule-based ACLs (sometimes called hardware-based ACLs), where the decisions to permit or deny packets are processed in hardware and all permitted packets are switched or routed in hardware. All denied packets are also dropped in hardware. In addition, PowerConnect devices support inbound ACLs only.

  • Page 591: Numbered And Named Acls

    ACL overview NOTE This is different from IP access policies. If you use IP access policies, you apply the individual policies to interfaces. • ACL entry – Also called an ACL rule, this is a filter command associated with an ACL ID. The maximum number of ACL rules you can configure is a system-wide parameter and depends on the device you are configuring.

  • Page 592: How Hardware-Based Acls Work

    How hardware-based ACLs work How hardware-based ACLs work When you bind an ACL to inbound traffic on an interface, the device programs the Layer 4 CAM with the ACL. Permit and deny rules are programmed. Most ACL rules require one Layer 4 CAM entry. However, ACL rules that match on more than one TCP or UDP application port may require several CAM entries.

  • Page 593: Configuring Standard Numbered Acls

    Dell PowerConnect ports do not support IP source guard and ACLs on the same port if one is configured at the port-level and the other is configured at the per-port-per-VLAN level.
  • Page 594 To specify the host name instead of the IP address, the host name must be configured using the DNS resolver on the Dell PowerConnect device. To configure the DNS resolver name, use the ip dns server-address… command at the global CONFIG level of the CLI.

  • Page 595: Configuration Example For Standard Numbered Acls

    Configuring standard named ACLs The log argument configures the device to generate Syslog entries and SNMP traps for packets that are denied by the access policy. NOTE You can enable logging on ACLs and filters that support logging even when the ACLs and filters are already in use.

  • Page 596: Standard Named Acl Syntax

    To specify the host name instead of the IP address, the host name must be configured using the DNS resolver on the Dell PowerConnect device. To configure the DNS resolver name, use the ip dns server-address… command at the global CONFIG level of the CLI.

  • Page 597: Configuration Example For Standard Named Acls

    Configuring standard named ACLs significant bits) and changes the non-significant portion of the IP address into ones. For example, if you specify 209.157.22.26/24 or 209.157.22.26 0.0.0.255, then save the changes to the startup-config file, the value appears as 209.157.22.0/24 (if you have enabled display of subnet lengths) or 209.157.22.0 0.0.0.255 in the startup-config file.

  • Page 598: Configuring Extended Numbered Acls

    Configuring extended numbered ACLs The commands in this example configure a standard ACL named “Net1”. The entries in this ACL deny packets from three source IP addresses from being forwarded on port 1. Since the implicit action for an ACL is “deny”, the last ACL entry in this ACL permits all packets that are not explicitly denied by the first three ACL entries.
  • Page 599 Configuring extended numbered ACLs The parameter is the extended access list number. Specify a number from 100 – 199. The deny | permit parameter indicates whether packets that match the policy are dropped or forwarded. The parameter indicates the type of IP packet you are filtering. You can specify a well-known name for any protocol whose number is less than 255.
  • Page 600 Configuring extended numbered ACLs • echo-reply • information-request • • mask-reply • mask-request • parameter-problem • redirect • source-quench • time-exceeded • timestamp-reply • timestamp-request • traffic policy • unreachable • The parameter specifies a comparison operator for the TCP or UDP port number.
  • Page 601 Configuring extended numbered ACLs NOTE If the ACL is for a virtual routing interface, you also can specify a subset of ports within the VLAN containing that interface when assigning an ACL to the interface. Refer to “Configuring standard numbered ACLs” on page 551.

  • Page 602: Configuration Examples For Extended Numbered Acls

    Configuring extended numbered ACLs The 802.1p-priority-matching option inspects the 802.1p bit in the ACL that can be used with adaptive rate limiting. Enter a value from 0 – 7. For details, refer to “Inspecting the 802.1p bit in the ACL for adaptive rate limiting” on page 765.
  • Page 603 Configuring extended numbered ACLs The fifth entry denies all OSPF traffic and generates Syslog entries for denied traffic. The sixth entry permits all packets that are not explicitly denied by the other entries. Without this entry, the ACL would deny all incoming or outgoing IP traffic on the ports to which you assign the ACL.

  • Page 604: Configuring Extended Named Acls

    Configuring extended named ACLs Configuring extended named ACLs The commands for configuring named ACL entries are different from the commands for configuring numbered ACL entries. The command to configure a numbered ACL is access-list. The command for configuring a named ACL is ip access-list. In addition, when you configure a numbered ACL entry, you specify all the command parameters on the same command.
  • Page 605 Configuring extended named ACLs The parameter indicates the type of IP packet you are filtering. You can specify a well-known name for any protocol whose number is less than 255. For other protocols, you must enter the number. Enter “?” instead of a protocol to list the well-known names recognized by the CLI.
  • Page 606 Configuring extended named ACLs • mask-reply • mask-request • parameter-problem • redirect • source-quench • time-exceeded • timestamp-reply • timestamp-request • traffic policy • unreachable • The parameter specifies a comparison operator for the TCP or UDP port number.
  • Page 607 Configuring extended named ACLs NOTE If the ACL is for a virtual routing interface, you also can specify a subset of ports within the VLAN containing that interface when assigning an ACL to the interface. Refer to “Configuring standard numbered ACLs” on page 551.

  • Page 608: Configuration Example For Extended Named Acls

    Preserving user input for ACL TCP/UDP port numbers The 802.1p-priority-matching option inspects the 802.1p bit in the ACL that can be used with adaptive rate limiting. Enter a value from 0 – 7. For details, refer to “Inspecting the 802.1p bit in the ACL for adaptive rate limiting”...

  • Page 609: Managing Acl Comment Text

    Managing ACL comment text The following example shows how this feature works for a TCP port (this feature works the same way for UDP ports). In this example, the user identifies the TCP port by number (80) when configuring ACL group 140. However, show ip access-list 140 reverts back to the port name for the TCP port (http in this example).

  • Page 610: Adding A Comment To An Entry In A Named Acl

    Managing ACL comment text The can be up to 128 characters in length. The comment must be entered separately from the actual ACL entry; that is, you cannot enter the ACL entry and the ACL comment with the same access-list or ip access-list command. Also, in order for the remark to be displayed correctly in the output of show commands, the comment must be entered immediately before the ACL entry it describes.

  • Page 611: Or Subnet-Based Vlan

    Applying an ACL to a virtual interface in a protocol- or subnet-based VLAN PowerConnect#show running-config … access-list 100 remark The following line permits TCP packets access-list 100 permit tcp 192.168.4.40/24 2.2.2.2/24 access-list 100 remark The following line permits UDP packets access-list 100 permit udp 192.168.2.52/24 2.2.2.2/24 access-list 100 deny ip any any Syntax: show running-config...

  • Page 612: Enabling Acl Logging

    Enabling ACL logging PowerConnect(config-vif-10)#int ve 20 PowerConnect(config-vif-20)#ip access-group test1 in PowerConnect(config-vif-20)#ip address 10.15.1.10 255.255.255.0 PowerConnect(config-vif-20)#exit PowerConnect(config)#ip access-list extended test1 PowerConnect(config-ext-nACL)#permit ip 10.15.1.0 0.0.0.255 any log PowerConnect(config-ext-nACL)#permit ip 192.168.10.0 0.0.0.255 any log PowerConnect(config-ext-nACL)#end PowerConnect# Enabling ACL logging You may want the software to log entries in the Syslog for packets that are denied by ACL filters. ACL logging is disabled by default;...
  • Page 613 Enabling ACL logging • ACL logging is intended for debugging purposes. Dell recommends that you disable ACL logging after the debug session is over. Configuration Tasks To enable ACL logging, complete the following steps: 1. Create ACL entries with the log option 2.

  • Page 614: Enabling Strict Control Of Acl Filtering Of Fragmented Packets

    Enabling strict control of ACL filtering of fragmented packets Displaying ACL Log Entries The first time an entry in an ACL permits or denies a packet and logging is enabled for that entry, the software generates a Syslog message and an SNMP trap. Messages for packets permitted or denied by ACLs are at the warning level of the Syslog.

  • Page 615: Enabling Acl Support For Switched Traffic In The Router Image

    Enabling ACL support for switched traffic in the router image The fragments are forwarded even if the first fragment, which contains the Layer 4 information, was denied. Generally, denying the first fragment of a packet is sufficient, since a transaction cannot be completed without the entire packet.

  • Page 616: A Port (Layer 2 Devices Only)

    For example, the VLAN numbers can be 201, 202, 203, and 204, but not 300, 401, 600, and 900. • Dell PowerConnect devices do not support a globally-configured PBR policy together with per-port-per-VLAN ACLs. • IPv4 ACLs that filter based on VLAN membership or VE port membership (ACL-per-port-per-VLAN), are supported together with IPv6 ACLs on the same device, as long as they are not bound to the same port or virtual interface.

  • Page 617: Applying An Ipv4 Acl To A Subset Of Ports On A Virtual Interface (Layer 3 Devices Only)

    Enabling ACL filtering based on VLAN membership or VE port membership PowerConnect(config)#access-list 10 permit PowerConnect(config)#int e 1/23 PowerConnect(config-if-e1000-1/23))#per-vlan 12 PowerConnect(config-if-e1000-1/23-vlan-12))#ip access-group 10 in The commands in this example configure port-based VLAN 12, and add ports e 5 – 8 as untagged ports and ports e 23 –...

  • Page 618: Using Acls To Filter Arp Packets

    ARP packet is not an IP packet; therefore, it is not subject to normal filtering provided by ACLs. When a Dell PowerConnect device receives an ARP request, the source MAC and IP addresses are stored in the device ARP table. A new record in the ARP table overwrites existing records that contain the same IP address.

  • Page 619: Displaying Acl Filters For Arp

    Using ACLs to filter ARP packets PowerConnect(config-ve-2)# exit PowerConnect(config)# interface ve 3 PowerConnect(config-ve-3)# ip access-group 102 in PowerConnect(config-ve-3)# ip follow ve 2 PowerConnect(config-ve-3)# ip use-ACL-on-arp PowerConnect(config-ve-3)# exit PowerConnect(config-vlan-4)# interface ve 4 PowerConnect(config-ve-4)# ip follow ve 2 PowerConnect(config-ve-4)# ip use-ACL-on-arp PowerConnect(config-ve-4)# exit Syntax: [no] ip use-ACL-on-arp [ ...

  • Page 620: Clearing The Filter Count

    Filtering on IP precedence and ToS values Clearing the filter count To clear the filter count for all interfaces on the device, enter a command such as the following. PowerConnect(config)# clear ACL-on-arp The above command resets the filter count on all interfaces in a device back to zero. Syntax: clear ACL-on-arp Filtering on IP precedence and ToS values To configure an extended IP ACL that matches based on IP precedence, enter commands such as...

  • Page 621: Qos Options For Ip Acls

    0 – 63 DSCP values, and distributes them among eight traffic classes (internal priorities) and eight 802.1p priorities. By default, the Dell PowerConnect device does the 802.1p to CoS mapping. If you want to change the priority mapping to DSCP to CoS mapping, you must enter the following ACL statement.

  • Page 622: Using An Ip Acl To Mark Dscp Values (Dscp Marking)

    The DSCP value can be from 0 – 63. Combined ACL for 802.1p marking Dell PowerConnect devices support a simple method for assigning an 802.1p priority value to packets without affecting the actual packet or the DSCP. In early IronWare software releases, users were required to provide DSCP-marking and DSCP-matching information in order to assign 802.1p priority values, which required the deployment of a 64-line ACL to match all possible DSCP...

  • Page 623: Dscp Matching

    QoS options for IP ACLs PowerConnect(config)#acc 105 per tcp any any 802.1p-priority-marking 1 internal-priority-marking 5 Syntax: access-list permit tcp any any 802.1p-priority-marking [internal-priority-marking ] For UDP PowerConnect(config) #acc 105 per udp any any 802.1p-priority-marking 1 or the following command, which also assigns an optional internal-priority-marking value.

  • Page 624: Acl-Based Rate Limiting

    ACL-based rate limiting Syntax: ...dscp-matching <0 – 63> NOTE For complete syntax information, refer to “Extended numbered ACL syntax” on page 556. ACL-based rate limiting ACL-based rate limiting provides the facility to limit the rate for IP traffic that matches the permit conditions in extended IP ACLs.

  • Page 625: Displaying Acl Information

    Displaying ACL information PowerConnect#show access-list 100 Extended IP access list 100 (hw usage : 2) deny ip any any (hw usage : 1 The first command enables hardware usage statistics, and the second command displays the hardware usage for IP access list 100.4 Syntax: show access-list hw-usage on | off Syntax: show access-list ...

  • Page 626: Policy-Based Routing (Pbr)

    PBR, you can route IP packets based on their source IP address. With extended ACLs, you can route IP packets based on all of the clauses in the extended ACL. You can configure the Dell PowerConnect device to perform the following types of PBR based on a packet Layer 3 and Layer 4 information: •...
  • Page 627 To specify the host name instead of the IP address, the host name must be configured using the DNS resolver on the Dell PowerConnect device. To configure the DNS resolver name, use the ip dns server-address… command at the global CONFIG level of the CLI.
  • Page 628 Policy-based routing (PBR) The parameter specifies the mask value to compare against the host address specified by the parameter. The is in dotted-decimal notation (IP address format). It is a four-part value, where each part is 8 bits (one byte) separated by dots, and each bit is a one or a zero.
  • Page 629 You can define an unlimited number of route maps on the Dell PowerConnect device, as long as system memory is available. The permit | deny parameter specifies the action the Dell PowerConnect device will take if a route matches a match statement: •...

  • Page 630: Basic Example

    Policy-based routing (PBR) The commands in this example change the CLI to the Interface level for virtual interface 1, then apply the “test-route” route map to the interface. You can apply a PBR route map to Ethernet ports or virtual interfaces. Syntax: ip policy route-map ...

  • Page 631: Setting The Output Interface To The Null Interface

    Policy-based routing (PBR) PowerConnect(config)#access-list 50 permit 209.157.23.0 0.0.0.255 PowerConnect(config)#access-list 51 permit 209.157.24.0 0.0.0.255 PowerConnect(config)#access-list 52 permit 209.157.25.0 0.0.0.255 The following commands configure three entries in a route map called “test-route”. The first entry (permit 50) matches on the IP address information in ACL 50 above. For IP traffic from subnet 209.157.23.0/24, this route map entry sets the next-hop IP address to 192.168.2.1.

  • Page 632: Trunk Formation

    Policy-based routing (PBR) The following command enables PBR by globally applying the route map to all interfaces. PowerConnect(config)#ip policy route-map file-13 Alternatively, you can enable PBR on specific interfaces, as shown in the following example. The commands in this example configure IP addresses in the source subnet identified in ACL 56, then apply route map file-13 to the interface.

  • Page 633: Classification

    Packets on Dell PowerConnect devices are classified in up to eight traffic classes with values between 0 and 7. Packets with higher priority classifications are given a precedence for forwarding.
  • Page 634 Classification • Static MAC address • Layer 2 Class of Service (CoS) value – This is the 802.1p priority value in the Ethernet frame. It can be a value from 0 through 7. The 802.1p priority is also called the Class of Service. •...
  • Page 635 Classification FIGURE 112 Determining a packet trust level - PowerConnect B-Series FCX devices Packet received on ingress port Does the Trust the DSCP- packet match an CoS-mapping or ACL that defines the DSCP-marking a priority? Does the Trust the priority MAC address of the static match a static...
  • Page 636 Classification TABLE 94 Default QoS mappings, columns 0 to 15 DSCP value 802.1p (CoS) value DSCP value Internal forwarding priority Forwarding queue TABLE 95 Default QoS mappings, columns 16 to 31 DSCP value 802.1p (CoS) value DSCP value Internal forwarding priority Forwarding queue...

  • Page 637: Qos For Stackable Devices

    QoS for stackable devices • DSCP to internal forwarding priority mapping – You can change the mapping between the DSCP value and the internal forwarding priority value from the default values shown in Table 94 through Table 97. This mapping is used for CoS marking and determining the internal priority when the trust level is DSCP.

  • Page 638: In An Ironstack

    When stacking is disabled on a device, outgoing traffic is marked with 802.1p based on the internal hardware queue. QoS queues Dell PowerConnect devices support the eight QoS queues (qosp0 through qosp7) listed in Table TABLE 98 QoS queues...

  • Page 639: Changing A Port Priority

    When you change the priority, you specify a number from 0 through 7. The priority number specifies the IEEE 802.1 equivalent to one of the eight QoS queues on Dell PowerConnect devices. The numbers correspond to the queues as shown in...

  • Page 640: Buffer Allocation/Threshold For Qos Queues

    802.1p priority override Buffer allocation/threshold for QoS queues By default, Dell Ironware software allocates a certain number of buffers to the outbound transport queue for each port based on QoS priority. The buffers control the total number of packets permitted in the outbound queue for the port. If desired, you can increase or decrease the maximum number of outbound transmit buffers allocated to all QoS queues, or to specific QoS queues on a port or group of ports.

  • Page 641: Marking

    DSCP-based QoS features as described in the Enterprise Configuration and Management Guide. Dell IronWare releases also support marking of the DSCP value. The software can read Layer 3 Quality of Service (QoS) information in an IP packet and select a forwarding queue for the packet based on the information.

  • Page 642: Configuring The Qos Mappings

    Configuring the QoS mappings PowerConnect stackable devices PowerConnect B-Series FCX devices support DSCP-based QoS on a per-port basis. DSCP-based QoS is not automatically honored for switched traffic. The default is 802.1p to CoS mapping. To honor DSCP-based QoS, enter the following command at the interface level of the CLI. PowerConnect(config-if-e1000-11)#trust dscp Syntax: trust dscp When trust dscp is enabled, the interface honors the Layer 3 DSCP value.

  • Page 643: Priority Mappings

    Configuring the QoS mappings TABLE 100 Default mappings of internal forwarding priority values Internal forwarding priority Forwarding queues 0 (lowest priority queue) qosp0 qosp1 qosp2 qosp3 qosp4 qosp5 qosp6 7 (highest priority queue) qosp7 You can change the DSCP to internal forwarding mappings. You also can change the internal forwarding priority to hardware forwarding queue mappings.

  • Page 644: Forwarding Queue Mappings

    Configuring the QoS mappings PowerConnect#show qos-tos ...portions of table omitted for simplicity... DSCP-Priority map: (dscp = d1d2) -----+---------------------------------------- Changing the VLAN priority 802.1p to hardware forwarding queue mappings To map a VLAN priority to a different hardware forwarding queue, enter commands such as the following at the global CONFIG level of the CLI.

  • Page 645: Scheduling

    Scheduling Hardware Queue Weighted Round Hybrid WRR and Strict Priority (SP) Robin (WRR) mode mode Weight 82% Strict Priority Strict Priority Weight 6% Weight 40% Strict Priority Weight 6% Weight 30% Strict Priority Weight 6% Weight 30% Strict Priority The example configuration described below is for a default, non-jumbo mode. The hardware queues for WRR mode is calculated as follows.
  • Page 646 VoIP traffic, and weighted round robin priority to other traffic types. By default, when you select the combined SP and WRR queueing method, the Dell PowerConnect device assigns strict priority to traffic in qosp7 and qosp6, and weighted round robin priority to traffic in qosp0 through qosp5.

  • Page 647: Selecting The Qos Queuing Method

    Scheduling Selecting the QoS queuing method By default, Dell PowerConnect devices use the WRR method of packet prioritization. To change the method to strict priority, enter the following command at the global CONFIG level of the CLI. PowerConnect(config)#qos mechanism strict To change the method back to weighted round robin, enter the following command.
  • Page 648 Scheduling TABLE 103 Default minimum bandwidth percentages on Dell PowerConnect devices Queue Default minimum percentage of bandwidth Without jumbo frames With jumbo frames qosp7 qosp6 qosp5 qosp4 qosp3 qosp2 qosp1 qosp0 When the queuing method is weighted round robin, the software internally translates the percentages into weights.
  • Page 649 NOTE The percentages must add up to 100. The Dell PowerConnect devices do not adjust the bandwidth percentages you enter. In contrast, the BigIron QoS does adjust the bandwidth percentages to ensure that each queue has at least its required minimum bandwidth percentage.

  • Page 650: Viewing Qos Settings

    Viewing QoS settings Viewing QoS settings To display the QoS settings for all of the queues, enter the show qos-profiles command. PowerConnect#show qos-profiles all bandwidth scheduling mechanism: weighted priority Profile qosp7 : Priority7 bandwidth requested 25% calculated Profile qosp6 : Priority6 bandwidth requested 15% calculated Profile qosp5...
  • Page 651 Viewing DSCP-based QoS settings TABLE 104 DSCP-based QoS configuration information This field... Displays... DSCP to traffic class map d1 and d2 The DSCP to forwarding priority mappings that are currently in effect. NOTE: The example shows the default mappings. If you change the mappings, the command displays the changed mappings Traffic class to 802.1 priority map Traffic Class and 802.1p...
  • Page 652 Viewing DSCP-based QoS settings PowerConnect#show qos-tos DSCP-->Traffic-Class map: (DSCP = d1d2: 00, 01...63) -----+---------------------------------------- Traffic-Class-->802.1p-Priority map (use to derive DSCP--802.1p-Priority): Traffic | 802.1p Class | Priority --------+--------- --------+--------- 8to4 queue mapping: Priority| Hardware Queue --------+--------- --------+--------- Syntax: show qos-tos The show qos-tos command displays the following information about 8 to 4 queue mapping. TABLE 105 8 to 4 queue mapping configuration information This field...

  • Page 653: Traffic Policies Overview

    Chapter Configuring Traffic Policies Table 106 lists the individual Dell PowerConnect switches and the traffic policy features they support. TABLE 106 Supported traffic policy features Feature PowerConnect B-Series FCX Traffic policies ACL-based fixed rate limiting ACL-based adaptive rate limiting 802.1p priority bit inspection in the ACL...

  • Page 654: Maximum Number Of Traffic Policies Supported On A Device

    Configuration notes and feature limitations Configuration notes and feature limitations Note the following when configuring traffic policies: • Traffic policies applies to IP ACLs only. • The maximum number of supported active TPDs is a system-wide parameter and depends on the device you are configuring.

  • Page 655: Supported On A Layer 3 Device

    NOTE Dell does not recommend setting the system maximum for traffic policies to 0 (zero), because this renders traffic policies ineffective. ACL-based rate limiting using traffic policies ACL-based rate limiting provides the facility to limit the rate for IP traffic that matches the permit conditions in extended IP ACLs.

  • Page 656: Support For Fixed Rate Limiting And Adaptive Rate Limiting

    ACL-based rate limiting using traffic policies You can configure ACL-based rate limiting on the following interface types: • Physical Ethernet interfaces • Virtual interfaces • Trunk ports • Specific VLAN members on a port (refer to “Applying an IPv4 ACL to specific VLAN members on a port (Layer 2 devices only)”...

  • Page 657: Configuring Acl-Based Adaptive Rate Limiting

    ACL-based rate limiting using traffic policies PowerConnect(config)#interface ethernet 5 PowerConnect(config-if-e5)#ip access-group 101 in PowerConnect(config-if-e5)#exit The previous commands configure a fixed rate limiting policy that allows port e5 to receive a maximum traffic rate of 100 kbps. If the port receives additional bits during a given one-second interval, the port drops the additional inbound packets that are received within that one-second interval.
  • Page 658 Larger bursts are more likely to exceed the rate limit. The CBS must be a value greater than zero (0). Dell recommends that this value be equal to or greater than the size of the largest possible IP packet in a stream.

  • Page 659: Over The Limit

    NOTE This feature is supported on PowerConnect B-Series FCX devices only. You can configure the Dell device to rate limit traffic for a specified 802.1p priority value. To do so, complete the following configuration steps. 1. Create an adaptive rate limiting traffic policy. Enter command such as the following:...
  • Page 660 ACL-based rate limiting using traffic policies • Drop packets that exceed the limit. • Permit packets that exceed the limit and forward them at the lowest priority level. Dropping packets that exceed the limit This section shows some example configurations and provides the CLI syntax for configuring a port to drop packets that exceed the configured limits for rate limiting.

  • Page 661: Acl Statistics And Rate Limit Counting

    exceed-action permit-at-low-pri ACL statistics and rate limit counting ACL statistics, also called ACL counting, enables the Dell device to count the number of packets and the number of bytes per packet to which ACL filters are applied.

  • Page 662: Enabling Acl Statistics With Rate Limiting Traffic Policies

    Viewing ACL and rate limit counters When ACL counting is enabled on the Dell device, you can use show commands to display the total packet count and byte count of the traffic filtered by ACL statements. The output of the show commands also displays the rate limiting traffic counters, which are automatically enabled for active rate limiting traffic policies.

  • Page 663: Clearing Acl And Rate Limit Counters

    Clearing ACL and rate limit counters The Dell device keeps a running tally of the number of packets and the number of bytes per packet that are filtered by ACL statements and rate limiting traffic policies. You can clear these accumulated counters, essentially resetting them to zero.

  • Page 664: Viewing Traffic Policies

    The is the name of the traffic policy definition for which you want to clear traffic policy counters. Viewing traffic policies To view traffic policies that are currently defined on the Dell device, enter the show traffic-policy command. The following example shows displayed output.Table 110 explains the output of the show traffic-policy command.

  • Page 665: Adding A Static Ip Route

    Dell recommends that you deploy these devices only at the edge of your network, since incoming traffic can learn directly-connected routes advertised by the Dell PowerConnect device, but outgoing traffic to other devices must use statically configured or default routes.

  • Page 666: Adding A Static Arp Entry

    Static entries are useful in cases where you want to pre-configure an entry for a device that is not connected to the Dell PowerConnect device, or you want to prevent a particular entry from aging out. The software removes a dynamic entry from the ARP cache if the ARP aging interval expires before the entry is refreshed.

  • Page 667: Modifying And Displaying Layer 3 System Parameter Limits

    Configuration notes • Changing the system parameters reconfigures the device memory. Whenever you reconfigure the memory on a Dell PowerConnect device, you must save the change to the startup-config file, then reload the software to place the change into effect. •...

  • Page 668: Configuring Rip

    1024 Configuring RIP If you want the Dell PowerConnect device to use RIP, you must enable the protocol globally, then enable RIP on individual ports. When you enable RIP on a port, you also must specify the version (version 1 only, version 2 only, or version 1 compatible with version 2).

  • Page 669: Enabling Rip

    Configuring RIP • Route redistribution – You can enable the software to redistribute static routes from the IP route table into RIP. Redistribution is disabled by default. • Learning of default routes – The default is disabled. • Loop prevention (split horizon or poison reverse) – The default is poison reverse. Enabling RIP RIP is disabled by default.

  • Page 670: Enabling Redistribution

    Configuring RIP When you enable redistribution, all IP static routes are redistributed by default. If you want to deny certain routes from being redistributed into RIP, configure deny filters for those routes before you enable redistribution. You can configure up to 64 RIP redistribution filters. They are applied in ascending numerical order.

  • Page 671: Enabling Learning Of Default Routes

    Changing the route loop prevention method RIP can use the following methods to prevent routing loops: • Split horizon – The Dell PowerConnect device does not advertise a route on the same interface as the one on which it learned the route. •...

  • Page 672: Enabling Or Disabling Layer 2 Switching

    NOTE Make sure you really want to disable all Layer 2 switching operations before you use this option. Consult Dell for information. Configuration Notes and Feature Limitations •...
  • Page 673 Enabling or disabling layer 2 switching Syntax: no route-only To disable Layer 2 switching only on a specific interface, go to the Interface configuration level for that interface, then disable the feature. The following commands show how to disable Layer 2 switching on port 2.
  • Page 674 Enabling or disabling layer 2 switching PowerConnect B-Series FCX Configuration Guide 53-1002266-01...

  • Page 675: Configuring Port Mirroring And Monitoring

    ACL-based mirroring of permitted traffic MAC address filter-based mirroring VLAN-based mirroring The procedures in this chapter describe how to configure port mirroring on Dell PowerConnect devices. Overview Port mirroring is a method of monitoring network traffic that forwards a copy of each incoming or outgoing packet from one port on a network switch to another port where the packet can be analyzed.

  • Page 676: Configuration Notes

    • Table 113 lists the number of mirror and monitor ports supported on the Dell PowerConnect devices. For more information about port regions, refer to “About port regions”...

  • Page 677: Command Syntax

    Configuring port mirroring and monitoring • For ingress ACL mirroring, the previous ingress rule also applies. The analyzer port setting command acl-mirror-port must be specified for each port, even though the hardware only supports one port per device. This applies whether the analyzer port is on the local device or on a remote device.

  • Page 678: Monitoring An Individual Trunk Port

    Configuring port mirroring and monitoring The both, in, and out parameters specify the traffic direction you want to monitor on the mirror port. There is no default. To display the port monitoring configuration, enter the show monitor and show mirror commands. Monitoring an individual trunk port You can monitor the traffic on an individual port of a static trunk group, and on an individual port of an LACP trunk group.

  • Page 679: Configuring Mirroring On An Ironstack

    Configuring mirroring on an Ironstack Configuring mirroring on an Ironstack You can configure mirroring on a Dell IronStack. An IronStack consists of up to 8 PowerConnect B-Series FCX devices. The stack operates as a chassis. The following examples show how to configure mirroring for ports that are on different members of a stack, and for ports that are on the same stack member as the mirror port.

  • Page 680: Acl-Based Inbound Mirroring

    ACL-based inbound mirroring ACL-based inbound mirroring This section describes ACL-based inbound mirroring for PowerConnect devices. Creating an ACL-based inbound mirror clause for PowerConnect B-Series FCX devices The following example shows how to configure an ACL-based inbound mirror clause. 1. Configure the mirror port. PowerConnect(config)#mirror-port ethernet 1/1/2 2.

  • Page 681: Vlan-Based Mirroring

    VLAN-based mirroring 1. Define a mirror port To activate mirroring on a port, use the mirror command in the global configuration mode. Example PowerConnect(config)#mirror e 0/1/14 Configuration Notes • If there is no input mirror port configured, MAC-Filter Based Mirroring does not take effect. It remains in the configuration, but is not activated.
  • Page 682 VLAN-based mirroring PowerConnect(config)#mirror-port ethernet 1/1/21 input PowerConnect(config)#vlan 10 PowerConnect(config-VLAN-10)#monitor ethernet 1/1/21 PowerConnect(config)#vlan 20 PowerConnect(config-VLAN-20)#monitor ethernet 1/1/21 PowerConnect(config-VLAN-20)#end Syntax: [no] monitor ethernet NOTE For PowerConnect B-Series FCX devices, since it is possible to have multiple mirror ports, monitor ports must specify which mirror port they are monitoring. To disable mirroring on VLAN 20, enter the following commands.
  • Page 683 VLAN-based mirroring Configuration notes The following rules apply to VLAN-Based Mirroring configurations. • A VLAN must have at least one port member configured before “monitor” can be configured. • Multiple VLANs can have monitor enabled at the same time, and the maximum number of monitor-configured VLANs is 8.
  • Page 684 VLAN-based mirroring PowerConnect B-Series FCX Configuration Guide 53-1002266-01...

  • Page 685: Rate Limiting Overview

    NOTE Dell recommends that you do not use Fixed rate limiting on ports that receive route control traffic or Spanning Tree Protocol (STP) control traffic. If the port drops control packets due to the Fixed rate limiting policy, routing or STP can be disrupted.

  • Page 686: Rate Limiting In Hardware

    Rate limiting in hardware Rate limiting in hardware Each Dell PowerConnect device supports line-rate rate limiting in hardware. The device creates entries in Content Addressable Memory (CAM) for the rate limiting policies. The CAM entries enable the device to perform the rate limiting in hardware instead of sending the traffic to the CPU.

  • Page 687: Configuring A Port-Based Rate Limiting Policy

    IP ACLs. This feature is available in the Layer 2 and Layer 3 code. To configure ACL-based rate limiting on a Dell PowerConnect device, you create individual traffic policies, then reference the traffic policies in one or more ACL entries (also called clauses or statements).

  • Page 688: Rate Shaping Overview

    Rate shaping overview PowerConnect#show rate-limit fixed Total rate-limited interface count: 11. Port Configured Input Rate Actual Input Rate 1000000 1000000 10000000 10005000 10000000 10000000 7500000 7502000 8000000 7999000 8000000 7999000 8000000 7999000 8000000 7999000 8000000 7999000 8000000 8000000 7500000 7502000 Syntax: show rate-limit fixed The command lists the ports on which fixed rate limiting is configured, and provides the information listed in...

  • Page 689: Configuring Outbound Rate Shaping For A Port

    Rate shaping overview • When outbound rate shaping is enabled on a port on an IPv4 device, the port QoS queuing method (qos mechanism) will be strict mode. This applies to IPv4 devices only. On IPv6 devices, the QoS mechanism is whatever method is configured on the port, even when outbound rate shaping is enabled.

  • Page 690: Displaying Rate Shaping Configurations

    Rate shaping overview The above commands configure an outbound rate shaper on port 1/14 and port 1/15. • On PowerConnect B-Series FCX devices, the configured outbound rate shaper (651 Kbps) on port 1/15 is the rounded to 616 Kbps. The configured 1300 Kbps limit on port 14 is rounded to 1232 Kbps.

  • Page 691: Igmp Snooping Overview

    Chapter Configuring IP Multicast Traffic Reduction for PowerConnect B-Series FCX Switches Table 116 lists the individual Dell PowerConnect switches and the IP multicast traffic reduction features they support. TABLE 116 Supported IP multicast reduction features Feature PowerConnect B-Series FCX IGMP v1/v2 Snooping Global...
  • Page 692 IGMP snooping overview An IGMP device is responsible for broadcasting general queries periodically, and sending group queries when it receives a leave message, to confirm that none of the clients on the port still want specific traffic before removing the traffic from the port. IGMPv2 lets clients specify what group (destination address) will receive the traffic but not to specify the source of the traffic.

  • Page 693: Configuration Notes

    IGMP snooping overview The value can be 4, 8, 16, or 32. Any other value is truncated to the closest lower ceiling. For example, a value of 15 is changed to 8. The default hash chain length is 4. A chain length of more than 4 may affect line rate switching.

  • Page 694: Configuring Queriers And Non-Queriers

    The non-queriers always forward multicast data traffic and IGMP messages to router ports which receive IGMP queries or PIM or DVMRP hellos. Dell recommends that you configure the device with the data traffic source (server) as a querier. If a server is attached to a non-querier, the non-querier always forwards traffic to the querier regardless of whether there are any clients on the querier.

  • Page 695: Vlan Specific Configuration

    PIM SM traffic snooping overview VLAN specific configuration You can configure IGMP snooping on some VLANs or on all VLANs. Each VLAN can be independently enabled or disabled for IGMP snooping, and can be configured for IGMPv2 or IGMPv3. In general, the ip multicast commands apply globally to all VLANs except those configured with VLAN-specific multicast commands.
  • Page 696 PIM SM traffic snooping overview FIGURE 114 PIM SM traffic reduction in an enterprise network Source for Groups 239.255.162.1 Switch snoops for PIM SM 239.255.162.69 join and prune messages. VLAN 2 Detects source on port1/1 Port1/1 and receiver for source group Layer 2 Switch Router on 5/1.

  • Page 697: Configuring Igmp Snooping

    Configuring IGMP snooping Notice that the ports connected to the source and the receivers are all in the same port-based VLAN on the device. This is required for the PIM SM snooping feature. The devices on the edge of the Global Ethernet cloud are configured for IP multicast traffic reduction and PIM SM traffic snooping.

  • Page 698: Configuring The Hardware And Software Resource Limits

    Configuring IGMP snooping Configuring the hardware and software resource limits The system supports up to 8K of hardware-switched multicast streams. The configurable range is from 256 through 8192 with a default of 512. Enter the following command to define the maximum number of IGMP snooping cache entries.

  • Page 699: Modifying The Age Interval

    Configuring IGMP snooping Modifying the age interval When the device receives a group membership report, it makes an entry for that group in the IGMP group table. The age interval specifies how long the entry can remain in the table before the device receives another group membership report.
  • Page 700 Configuring IGMP snooping IGMPv2 membership reports of the same group from different clients are considered to be the same and are rate-limited. Use the following command to alleviate report storms from many clients answering the upstream router query. PowerConnect(config)# ip multicast report-control Syntax: [no] ip multicast report-control The original command, ip igmp-report-control, has been renamed to ip multicast report-control.
  • Page 701 Configuring IGMP snooping Syntax: [no] ip pimsm-snooping NOTE The device must be in passive mode before it can be configured for PIM snooping. Configuring the IGMP mode for a VLAN You can configure a VLAN to use the active or passive IGMP mode. The default mode is passive. The setting specified for the VLAN overrides the global setting: •...
  • Page 702 Configuring IGMP snooping Configuring the IGMP version for the VLAN You can specify the IGMP version for a VLAN. For example, the following commands configure VLAN 20 to use IGMPv3. PowerConnect(config)# vlan 20 PowerConnect(config-vlan-20)# multicast version 3 Syntax: [no] multicast version 2 | 3 If no IGMP version is specified, then the globally-configured IGMP version is used.

  • Page 703: Configuring Static Router Ports

    Configuring IGMP snooping Configuring static router ports FastIron Stackable devices forward all multicast control and data packets to router ports which receive queries. Although router ports are learned, you can force multicast traffic to specified ports even though these ports never receive queries. To configure static router ports, enter the following commands.

  • Page 704: Enabling Fast Convergence

    Configuring IGMP snooping Every group on a physical port keeps its own tracking record. However, it can only track group membership; it cannot track by (source, group). For example, Client A and Client B belong to group1 but each receives traffic streams from different sources. Client A receives a stream from (source_1, group1) and Client B receives a stream from (source_2, group1).

  • Page 705: Displaying Igmp Snooping Information

    Displaying IGMP snooping information Displaying IGMP snooping information This section describes the show commands for IGMP snooping. Displaying IGMP errors To display information about possible IGMP errors, enter the following commands. PowerConnect# show ip multicast error snoop SW processed pkt: 173, up-time 160 sec Syntax: show ip multicast error The following table describes the output from the show ip multicast error command.
  • Page 706 Displaying IGMP snooping information PowerConnect# show ip multicast group 224.1.1.1 tracking Display group 224.1.1.1 in all interfaces with tracking enabled. p-:physical, ST:static, QR:querier, EX:exclude, IN:include, Y:yes, N:no VL70 : 1 groups, 1 group-port, tracking_enabled group p-port life mode source *** Note: has 1 static groups to the entire vlan, not displayed here 224.1.1.1 0/1/33 receive reports from 1 clients: (age)
  • Page 707 Displaying IGMP snooping information Syntax: show ip multicast mcache The following table describes the output of the show ip multicast mcache command. Field Description (source group) Source and group addresses of this data stream. (* group) means match group only; (source group) means match both.
  • Page 708 Displaying IGMP snooping information Syntax: show ip multicast resource The following table describes the output from the show ip multicast resource command. Field Description alloc The allocated number of units. in-use The number of units which are currently being used. avail The number of available units.
  • Page 709 Displaying IGMP snooping information Field Description GSQry Number of group source-specific queries received or sent. The membership report. MbrV2 The IGMPv2 membership report. MbrV3 The IGMPv3 membership report. IsIN Number of source addresses that were included in the traffic. IsEX Number of source addresses that were excluded in the traffic.

  • Page 710: Displaying Querier Information

    Displaying IGMP snooping information Field Description Indicates that the port is a querier. The IGMP version for the specified VLAN. In this example, VL70: dft V2 indicates that the default IGMP version V2 is set for VLAN 70. Displaying querier information You can use the show ip multicast vlan command to display the querier information for a VLAN.
  • Page 711 Displaying IGMP snooping information Passive interface with no other querier present The following example shows the output in which the VLAN interface is passive and no other querier is present with the lowest IP address. PowerConnect# show ip multicast vlan 10 Version=2, Intervals: Query=125, Group Age=260, Max Resp=10, Other Qr=260 VL10: dft V2, vlan cfg passive, 0 grp, 0 (*G) cache, no rtr port, 1/1/16...
  • Page 712 Displaying IGMP snooping information This interface is Querier default V2 group: 226.6.6.6, life = 240 group: 228.8.8.8, life = 240 group: 230.0.0.0, life = 240 group: 224.4.4.4, life = 240 2/1/24 2 groups, This interface is non-Querier Querier is 5.5.5.5 Age is 0 Max response time is 100 default V2...

  • Page 713: Clear Igmp Snooping Commands

    Displaying IGMP snooping information This interface is non-Querier (passive) default V2 group: 226.6.6.6, life = 260 group: 228.8.8.8, life = 260 group: 230.0.0.0, life = 260 group: 224.4.4.4, life = 260 2/1/24 2 groups, This interface is non-Querier (passive) Querier is 5.5.5.5 Age is 0 Max response time is 100 default V2...
  • Page 714 Displaying IGMP snooping information Clear mcache on a specific VLAN To clear the mcache on a specific VLAN, enter the following command. PowerConnect# clear ip multicast vlan 10 mcache Syntax: clear ip multicast vlan mcache The parameter specifies the specific VLAN in which to clear the mcache. Clear traffic on a specific VLAN To clear the traffic counters on a specific VLAN, enter the following command.

  • Page 715: Using Fdp

    FDP is disabled by default. NOTE If FDP is not enabled on a Dell PowerConnect device that receives an FDP update or the device is running a software release that does not support FDP, the update passes through the device at Layer 2.
  • Page 716 Syntax: fdp advertise ipv4 | ipv6 Changing the FDP update timer By default, a Dell PowerConnect device enabled for FDP sends an FDP update every 60 seconds. You can change the update timer to a value from 5 – 900 seconds.

  • Page 717: Displaying Fdp Information

    If the Dell PowerConnect device has intercepted CDP updates, then the CDP information is also displayed. Displaying neighbor information To display a summary list of all the Dell PowerConnect neighbors that have sent FDP updates to this Dell PowerConnect device, enter the following command. PowerConnectA# show fdp neighbor...
  • Page 718 Using FDP TABLE 118 Summary FDP and CDP neighbor information (Continued) This line... Displays... Capability The role the neighbor is capable of playing in the network. Platform The product platform of the neighbor. Port ID The interface through which the neighbor sent the update. To display detailed information, enter the following command.

  • Page 719: Clearing Fdp And Cdp Information

    Using FDP PowerConnectA# show fdp entry PowerConnect B Device ID: PowerConnect B configured as default VLAN1, tag-type8100 Entry address(es): Platform: PowerConnect Router, Capabilities: Router Interface: Eth 2/9 Port ID (outgoing port): Eth 2/9 is TAGGED in following VLAN(s): 9 10 11 Holdtime : 176 seconds Version : Foundry, Inc.

  • Page 720: Reading Cdp Packets

    Dell PowerConnect devices support intercepting and interpreting CDP version 1 and version 2 packets. NOTE The Dell PowerConnect device can interpret only the information fields that are common to both CDP version 1 and CDP version 2. NOTE When you enable interception of CDP packets, the Dell PowerConnect device drops the packets. As a result, Cisco devices will no longer receive the packets.

  • Page 721: Enabling Interception Of Cdp Packets On An Interface

    • CDP packet statistics Displaying neighbors To display the Cisco neighbors the Dell PowerConnect device has learned from CDP packets, enter the following command. PowerConnect# show fdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge...
  • Page 722 Reading CDP packets PowerConnect# show fdp neighbors ethernet 1/1 Device ID: Router Entry address(es): IP address: 207.95.6.143 Platform: cisco RSP4, Capabilities: Router Interface: Eth 1/1, Port ID (outgoing port): FastEthernet5/0/0 Holdtime : 127 seconds Version : Cisco Internetwork Operating System Software IOS (tm) RSP Software (RSP-JSV-M), Version 12.0(5)T1, RELEASE SOFTWARE (fc1)

  • Page 723: Clearing Cdp Information

    Reading CDP packets PowerConnect# show fdp traffic CDP counters: Total packets output: 0, Input: 3 Hdr syntax: 0, Chksum error: 0, Encaps failed: 0 No memory: 0, Invalid packet: 0, Fragmented: 0 Syntax: show fdp traffic Clearing CDP information You can clear the following CDP information: •...
  • Page 724 Reading CDP packets PowerConnect B-Series FCX Configuration Guide 53-1002266-01...
  • Page 725 Chapter Configuring LLDP and LLDP-MED Table 120 lists the individual Dell PowerConnect switches and the Link Layer Discovery Protocol (LLDP) features they support. TABLE 120 Supported LLDP features Feature PowerConnect B-Series FCX LLDP LLDP-MED Support for tagged LLDP packets IPv4 management address...

  • Page 726: Terms Used In This Chapter

    LLDP and LLDP-MED facilitate interoperability across multiple vendor devices. Dell PowerConnect devices running LLDP can interoperate with third-party devices running LLDP. The Dell LLDP and LLDP-MED implementation adheres to the IEEE 802.1AB and TIA-1057 standards. Terms used in this chapter Endpoint device –...

  • Page 727: Benefits Of Lldp

    LLDP overview FIGURE 115 LLDP connectivity port device info Switch xxxx IP-Phone xxxx IP-Phone xxxx OP-PBX xxxx I’m a PBX port device info I’m a switch IP-Phone xxxx xxxx Switch xxxx I’m a switch I’m a switch I’m a switch I’m a switch I’m a switch I’m a switch...

  • Page 728: Lldp-Med Overview

    LLDP-MED overview • Accurate topologies simplify troubleshooting within enterprise networks • Can discover devices with misconfigured or unreachable IP addresses LLDP-MED overview LLDP-MED is an extension to LLDP. This protocol enables advanced LLDP features in a Voice over IP (VoIP) network. Whereas LLDP enables network discovery between Network Connectivity devices, LLDP-MED enables network discovery between Network Connectivity devices and media Endpoints such as, IP telephones, softphones, VoIP gateways and conference bridges .Figure 116...

  • Page 729: Lldp-Med Class

    LLDP agent, nor can it acknowledge information received from another LLDP agent. Operating modes When LLDP is enabled on a global basis, by default, each port on the Dell device will be capable of transmitting and receiving LLDP packets. You can disable a port’s ability to transmit and receive LLDP packets, or change the operating mode to one of the following: •...

  • Page 730: Lldp Packets

    General operating principles • Receive LLDP information only Transmit mode An LLDP agent sends LLDP packets to adjacent LLDP-enabled devices. The LLDP packets contain information about the transmitting device and port. An LLDP agent initiates the transmission of LLDP packets whenever the transmit countdown timing counter expires, or whenever LLDP information has changed.

  • Page 731: Tlv Support

    802.3 organizationally-specific TLVs MAC/PHY configuration/status Power through MDI Link aggregation Maximum frame size LLDP-MED TLVs Dell PowerConnect devices honor and send the following LLDP-MED TLVs, as defined in the TIA-1057 standard: • LLDP-MED capabilities • Network policy PowerConnect B-Series FCX Configuration Guide...
  • Page 732 Dell PowerConnect devices use chassis ID subtype 4, the base MAC address of the device. Other third party devices may use a chassis ID subtype other than 4. The chassis ID will appear similar to the following on the remote device, and in the CLI display output on the Dell PowerConnect device (show lldp local-info).
  • Page 733 LLDP in its MIB. The TTL value is automatically computed based on the LLDP configuration settings. The TTL value will appear similar to the following on the remote device, and in the CLI display output on the Dell PowerConnect device (show lldp local-info).

  • Page 734: Mib Support

    TTL TLV packet format TLV Information Time to Live (TTL) TLV Type = 3 String Length = 2 7 bits 9 bits 2 octets MIB support Dell PowerConnect devices support the following standard MIB modules: • LLDP-MIB • LLDP-EXT-DOT1-MIB • LLDP-EXT-DOT3-MIB • LLDP-EXT-MED-MIB...

  • Page 735: Configuration Notes And Considerations

    LLDP. Therefore, these discovery protocols can run simultaneously on the same device. • By default, the Dell PowerConnect device limits the number of neighbors per port to four, and staggers the transmission of LLDP packets on different ports, in order to minimize any high-usage spikes to the CPU.

  • Page 736: Enabling Support For Tagged Lldp Packets

    LLDP packets are not exchanged until LLDP is enabled on a global basis. When LLDP is enabled on a global basis, by default, each port on the Dell device will be capable of transmitting and receiving LLDP packets. You can disable a port’s ability to transmit and receive LLDP packets, or change the operating mode to one of the following: •...
  • Page 737 Enabling and disabling receive only mode When LLDP is enabled on a global basis, by default, each port on the Dell PowerConnect device will be capable of transmitting and receiving LLDP packets. To change the LLDP operating mode from receive and transmit mode to receive only mode, simply disable the transmit mode.

  • Page 738: Specifying The Maximum Number Of Lldp Neighbors

    Configuring LLDP PowerConnect(config)#no lldp enable receive ports e 2/7 e 2/8 PowerConnect(config)#lldp enable transmit ports e 2/7 e 2/8 The above commands change the LLDP operating mode on ports 2/7 and 2/8 from receive only mode to transmit only mode. Any incoming LLDP packets will be dropped in software. Note that if you do not disable receive only mode, you will configure the port to both receive and transmit LLDP packets.

  • Page 739: Enabling Lldp Snmp Notifications And Syslog Messages

    Configuring LLDP PowerConnect(config)#lldp max-neighbors-per-port 6 Syntax: [no] lldp max-neighbors-per-port Use the [no] form of the command to remove the static configuration and revert to the default value of four. where is a number from 1 to 64. The default is number of LLDP neighbors per port is four. Use the show lldp command to view the configuration.

  • Page 740: Changing The Minimum Time Between Lldp Transmissions

    Configuring LLDP Syntax: [no] lldp snmp-notification-interval where is a value between 5 and 3600. The default is 5 seconds. Changing the minimum time between LLDP transmissions The LLDP transmit delay timer limits the number of LLDP frames an LLDP agent can send within a specified time frame.

  • Page 741: Changing The Holdtime Multiplier For Transmit Ttl

    is a value from 1 – 10. The default is two seconds. LLDP TLVs advertised by the Dell PowerConnect device When LLDP is enabled on a global basis, the Dell PowerConnect device will automatically advertise the following information, except for the features noted: General system information: •...
  • Page 742 The system description, VLAN name, and power-via-MDI information TLVs are not automatically enabled. The following sections show how to enable these advertisements. General system information Except for the system description, the Dell PowerConnect device will advertise the following system information when LLDP is enabled on a global basis: •...
  • Page 743 Configuring LLDP • Other interface For IPv6 addresses, link-local and anycast addresses will be excluded from these searches. If no IP address is configured on any of the above, the port's current MAC address will be advertised. To advertise a IPv4 management address, enter a command such as the following: PowerConnect(config)#lldp advertise management-address ipv4 209.157.2.1 ports e The management address will appear similar to the following on the remote device, and in the CLI display output on the PowerConnect device (show lldp local-info):...
  • Page 744 • Other System capabilities for Dell PowerConnect devices are based on the type of software image in use (e.g., Layer 2 switch or Layer 3 router). The enabled capabilities will be the same as the available capabilities, except that when using a router image (base or full Layer 3), if the global route-only feature is turned on, the bridge capability will not be included, since no bridging takes place.
  • Page 745 PowerConnect(config)#lldp advertise system-description ports e 2/4 to 2/12 The system description will appear similar to the following on the remote device, and in the CLI display output on the Dell PowerConnect device (show lldp local-info). + System description : "Brocade Communications, Inc., IronWare Version 04.0.00b256T3e1 Compiled on Sep 04 2007 at 0\...
  • Page 746 VLAN will not send VLAN name advertisements. 802.1 capabilities Except for the VLAN name, the Dell PowerConnect device will advertise the following 802.1 attributes when LLDP is enabled on a global basis: •...
  • Page 747 VLAN will not send VLAN name advertisements. 802.3 capabilities Except for Power-via-MDI information, the Dell PowerConnect device will advertise the following 802.3 attributes when LLDP is enabled on a global basis: •...
  • Page 748 PowerConnect(config)#no lldp advertise mac-phy-config-status ports e 2/4 to 2/12 The MAC/PHY configuration advertisement will appear similar to the following on the remote device, and in the CLI display output on the Dell PowerConnect device (show lldp local-info). + 802.3 MAC/PHY...

  • Page 749: Configuring Lldp-Med

    Configuring LLDP-MED The maximum frame size advertisement will appear similar to the following on the remote device, and in the CLI display output on the Dell PowerConnect device (show lldp local-info). Maximum frame size: 1522 octets Syntax: [no] lldp advertise max-frame-size ports ethernet | all For , specify the ports in one of the following formats:...

  • Page 750: For Lldp-Med Topology Changes

    Configuring LLDP-MED NOTE LLDP-MED is not enabled on ports where the LLDP operating mode is receive only or transmit only. LLDP-MED is enabled on ports that are configured to both receive and transmit LLDP packets and have the LLDP-MED capabilities TLV enabled. Enabling SNMP notifications and syslog messages for LLDP-MED topology changes SNMP notifications and Syslog messages for LLDP-MED provide management applications with...

  • Page 751: Defining A Location Id

    LLDP-MED fast start period. The default is 3. Defining a location id The LLDP-MED Location Identification extension enables the Dell PowerConnect device to set the physical location that an attached Class III Endpoint will use for location-based applications. This...
  • Page 752 Configuring LLDP-MED latitude is the angular distance north or south from the earth equator measured through 90 degrees. Positive numbers indicate a location north of the equator and negative numbers indicate a location south of the equator. resolution specifies the precision of the value given for latitude. A smaller value increases the area within which the device is located.
  • Page 753 The WGS 84 map was used as the basis for calculating the location. Example coordinate-based location advertisement The coordinate-based location advertisement will appear similar to the following on the remote device, and in the CLI display output on the Dell PowerConnect device (show lldp local-info). + MED Location ID Data Format: Coordinate-based...
  • Page 754 Configuring LLDP-MED • KR – Korea • US – United States is a value from 0 – 255, that describes the civic address element. For example, a CA type of 24 specifies a postal or zip code. Valid elements and their types are listed in Table 125.
  • Page 755 Configuring LLDP-MED TABLE 125 Elements used with civic address (Continued) Civic Address (CA) Description Acceptable values / examples type Street Examples: Canada – Street Germany – Street Japan – Block Korea – Street United States – Street Leading street direction N (north), E (east), S (south), W (west), NE, NW, SE, SW Trailing street suffix N (north), E (east), S (south), W (west), NE, NW, SE, SW...
  • Page 756 Example civic address location advertisement The Civic address location advertisement will appear similar to the following on the remote device, and in the CLI display output on the Dell PowerConnect device (show lldp local-info). + MED Location ID Data Format: Civic Address...

  • Page 757: Defining An Lldp-Med Network Policy

    Example ECS ELIN location advertisements The ECS ELIN location advertisement will appear similar to the following on the remote device, and in the CLI display output on the Dell PowerConnect device (show lldp local-info). + MED Location ID Data Format: ECS ELIN...
  • Page 758 Configuring LLDP-MED NOTE Endpoints will advertise a policy as “unknown” in the show lldp neighbor detail command output, if it is a policy that is required by the Endpoint and the Endpoint has not yet received it. Configuration syntax The CLI syntax for defining an LLDP-MED network policy differs for tagged, untagged, and priority tagged traffic.
  • Page 759 LLDP-MED capabilities TLV), the port operating mode is receive and transmit (the default), and the port has received an LLDP-MED advertisement from an Endpoint. By default, the Dell PowerConnect device will automatically advertise the following LLDP-MED attributes when the above criteria are met: •...

  • Page 760: Lldp Configuration Summary

    PowerConnect(config)#lldp advertise med-capabilities ports e 2/4 to 2/12 The LLDP-MED capabilities advertisement will appear similar to the following on the remote device, and in the CLI display output on the Dell PowerConnect device (show lldp local-info). + MED capabilities: capabilities, networkPolicy, location, extendedPSE MED device type : Network Connectivity Syntax: [no] lldp advertise med-capabilities ports ethernet ...

  • Page 761: Lldp Statistics

    LLDP-MED attributes advertised by the Dell PowerConnect device PowerConnect#show lldp LLDP transmit interval : 10 seconds LLDP transmit hold multiplier (transmit TTL: 40 seconds) LLDP transmit delay : 1 seconds LLDP SNMP notification interval : 5 seconds LLDP reinitialize delay...
  • Page 762 LLDP-MED attributes advertised by the Dell PowerConnect device PowerConnect#show lldp statistics Last neighbor change time: 23 hours 50 minutes 40 seconds ago Neighbor entries added : 14 Neighbor entries deleted Neighbor entries aged out Neighbor advertisements dropped : 0 Port...

  • Page 763: Lldp Neighbors

    The local LLDP port number. Chassis ID The identifier for the chassis. Dell PowerConnect devices use the base MAC address of the device as the Chassis ID. Port ID The identifier for the port. Dell PowerConnect devices use the permanent MAC address associated with the port as the port ID.

  • Page 764: Lldp Neighbors Detail

    LLDP-MED attributes advertised by the Dell PowerConnect device LLDP neighbors detail The show lldp neighbors detail command displays the LLDP advertisements received from LLDP neighbors. The following shows an example show lldp neighbors detail report. NOTE The show lldp neighbors detail output will vary depending on the data received. Also, values that are not recognized or do not have a recognizable format, may be displayed in hexadecimal binary form.

  • Page 765: Lldp Configuration Details

    LLDP-MED attributes advertised by the Dell PowerConnect device This field... Displays... Neighbor The source MAC address from which the packet was received, and the remaining TTL for the neighbor entry. Syntax: show lldp neighbors detail [ports ethernet | all] If you do not specify any ports or use the keyword all, by default, the report will show the LLDP neighbor details for all ports.
  • Page 766 LLDP-MED attributes advertised by the Dell PowerConnect device Application Type : Video Conferencing Policy Flags : Known Policy, Tagged VLAN ID : 100 L2 Priority DSCP Value : 10 + MED Location ID Data Format: Coordinate-based location Latitude Resolution : 20 bits Latitude Value : -78.303 degrees...

  • Page 767: Resetting Lldp Statistics

    Resetting LLDP statistics To reset LLDP statistics, enter the clear lldp statistics command at the Global CONFIG level of the CLI. The Dell PowerConnect device will clear the global and per-port LLDP neighbor statistics on the device (refer to “LLDP statistics”...
  • Page 768 Clearing cached LLDP neighbor information PowerConnect B-Series FCX Configuration Guide 53-1002266-01...

  • Page 769: Overview Of Ip Multicasting

    Chapter Configuring IP Multicast Protocols Table 126 lists the individual Dell PowerConnect switches and the IP multicast features they support. These features are supported in the full Layer 3 software image only. TABLE 126 Supported IP multicast features Feature PowerConnect B-Series FCX...

  • Page 770: Ipv4 Multicast Group Addresses

    Overview of IP multicasting IPv4 multicast group addresses In IPv4 Multicast, host groups are identified by Class D addresses, i.e., those with “1110” as their higher-order four bits. In Internet standard "dotted decimal" notation, these group addresses range from 224.0.0.0 to 239.255.255.255. However, the IANA IPv4 Multicast Address Registry (referencing RFC 3171) stipulates that the range 224.0.0.0 through 224.0.0.255 should not be used for regular multicasting applications.

  • Page 771: Suppression Of Unregistered Multicast Packets

    Changing global IP multicast parameters Suppression of unregistered multicast packets Be default, unregistered multicast packets are always forwarded in hardware but not copied to the CPU. However, if Layer 2 multicast (IGMP or MLD) is enabled, then unregistered multicast packets are forwarded in hardware and also copied to the CPU.
  • Page 772 Changing global IP multicast parameters NOTE The number of interface groups you can configure for DVMRP and PIM is unlimited; therefore, the system-max dvmrp-max-int-group and the system-max pim-max-int-group commands that define their maximum table sizes have been removed. The software allocates memory globally for each group, and also allocates memory separately for each interface IGMP membership in a multicast group.

  • Page 773: Changing Igmp V1 And V2 Parameters

    Changing IGMP V1 and V2 parameters IGMP allows routers to limit the multicast of IGMP packets to only those ports on the router that are identified as IP Multicast members. This section applies to Dell PowerConnect devices that support IGMP versions 1 and 2.

  • Page 774: Adding An Interface To A Multicast Group

    Adding an interface to a multicast group NOTE You must enter the ip multicast-routing command before changing the global IP Multicast parameters. Otherwise, the changes do not take effect and the software uses the default values. Modifying IGMP (V1 and V2) query interval period The IGMP query interval period defines how often a router will query an interface for group membership.

  • Page 775: Pim Dense

    PIM Dense When you manually add an interface to a multicast group, the Dell PowerConnect device forwards multicast packets for the group but does not itself accept packets for the group. You can manually add a multicast group to individual ports only. If the port is a member of a virtual routing interface, you must add the ports to the group individually.

  • Page 776: Initiating Pim Multicasts On A Network

    PIM Dense Initiating PIM multicasts on a network Once PIM is enabled on each router, a network user can begin a video conference multicast from the server on R1 as shown in Figure 120. When a multicast packet is received on a PIM-capable router interface, the interface checks its IP routing table to determine whether the interface that received the message provides the shortest path back to the source.
  • Page 777 PIM Dense FIGURE 120 Transmission of multicast packets from the source to host group members Video Conferencing 229.225.0.1 Server Group Group (207.95.5.1, 229.225.0.1) Member Member (Source, Group) 229.225.0.1 Group Group Group Member Member Member Leaf Node Leaf Node Leaf Node (No Group Members) Group Group...

  • Page 778: Grafts To A Multicast Tree

    PIM DM versions Dell PowerConnect devices support PIM DM V1 and V2. The default is V2. You can specify the version on an individual interface basis. The primary difference between PIM DM V1 and V2 is the methods the protocols use for messaging: •...

  • Page 779: Configuring Pim Dm

    Suppose you want to initiate the use of desktop video for fellow users on a sprawling campus network. All destination workstations have the appropriate hardware and software but the Dell PowerConnect routers that connect the various buildings need to be configured to support PIM...
  • Page 780 PIM Dense • Entering a no router pim command removes all configuration for PIM multicast on a Layer 3 Switch (router pim level) only. Globally Enabling and Disabling PIM without Deleting Multicast Configuration As stated above entering a no router pim command deletes the PIM configuration. If you want to disable PIM without deleting any PIM configuration, enter the following command.
  • Page 781 PIM Dense To apply a PIM neighbor timeout value of 360 seconds to all ports on the router operating with PIM, enter the following. PowerConnect(config)#router pim PowerConnect(config-pim-router)#nbr-timeout 360 Syntax: nbr-timeout <60-8000> The default is 180 seconds. Modifying hello timer This parameter defines the interval at which periodic hellos are sent out PIM interfaces. Routers use hello messages to inform neighboring routers of their presence.
  • Page 782 PIM Dense where

  • Page 783: Failover Time In A Multi-Path Topology

    PIM Dense Total number of IP routes: 19 B:BGP D:Connected R:RIP S:Static O:OSPF *:Candidate default Destination NetMask Gateway Port Cost Type 172.17.41.4 255.255.255.252*137.80.127.3 172.17.41.4 255.255.255.252 137.80.126.3 172.17.41.4 255.255.255.252 137.80.129.1 172.17.41.4 255.255.255.252 137.80.128.3 172.17.41.8 255.255.255.252 0.0.0.0 When the Highest IP RPF feature is enabled, the selection of the shortest path back to the source is based on which Reverse Path Forwarding (RPF) neighbor in the IP routing table has the highest IP address, if the cost of the routes are the same.

  • Page 784: Pim Sparse

    If the TTL for an interface is greater than 1, PIM packets received on the interface are always forwarded in software because each packet TTL must be examined. Therefore, Dell does not recommend modifying the TTL under normal operating conditions.

  • Page 785: Pim Sparse Switch Types

    PMBR – A PIM switch that has some interfaces within the PIM domain and other interface outside the PIM domain. PBMRs connect the PIM domain to the Internet. NOTE You cannot configure a Dell routing interface as a PMBR interface for PIM Sparse in the current software release. •...

  • Page 786: Rp Paths And Spt Paths

    SPT for subsequent packets from the source to the receiver. The Layer 3 Switch calculates a separate SPT for each source-receiver pair. NOTE Dell recommends that you configure the same ports as candidate BSRs and RPs. RP paths and SPT paths Figure 122 shows two paths for packets from the source for group 239.255.162.1 and a receiver...

  • Page 787: Configuring Global Pim Sparse Parameters

    Bootstrap Router (BSR) and candidate Rendezvous Point (RP). You can configure a Layer 3 Switch as a PIM Sparse switch without configuring the it as a candidate BSR and RP. However, if you do configure the Layer 3 Switch as one of these, Dell recommends that you configure it as both. Refer “Configuring BSRs”...
  • Page 788 PIM Sparse Rendezvous Point (RP). NOTE It is possible to configure the Layer 3 Switch as only a candidate BSR or RP, but Dell recommends that you configure the same interface on the same Layer 3 Switch as both a BSR and an RP.
  • Page 789 You can specify a value from 1 – 32. NOTE Dell recommends you specify 30 for IP version 4 (IPv4) networks. The specifies the BSR priority. You can specify a value from 0 – 255. When the election process for BSR takes place, the candidate BSR with the highest priority becomes the BSR.
  • Page 790 Syntax: clear pim rp-map Statically specifying the RP Dell recommends that you use the PIM Sparse protocol RP election process so that a backup RP can automatically take over if the active RP router becomes unavailable. However, if you do not want the RP to be selected by the RP election process but instead you want to explicitly identify the RP by its IP address, you can do using the following CLI method.
  • Page 791 PIM Sparse By default, the device switches from the RP to the SPT after receiving the first packet for a given PIM Sparse group. The Layer 3 Switch maintains a separate counter for each PIM Sparse source-group pair. After the Layer 3 Switch receives a packet for a given source-group pair, the Layer 3 Switch starts a PIM data timer for that source-group pair.

  • Page 792: And Statistics

    PIM Sparse Displaying PIM Sparse configuration information and statistics You can display the following PIM Sparse information: • Basic PIM Sparse configuration information • Group information • BSR information • Candidate RP information • RP-to-group mappings • RP information for a PIM Sparse group •...

  • Page 793: Displaying A List Of Multicast Groups

    PIM Sparse TABLE 127 Output of show ip pim sparse (Continued) This field... Displays... Neighbor timeout How many seconds the Layer 3 Switch will wait for a hello message from a neighbor before determining that the neighbor is no longer present and removing cached PIM Sparse forwarding entries for the neighbor.

  • Page 794: Displaying Bsr Information

    PIM Sparse PowerConnect#show ip pim group Total number of Groups: 2 Index 1 Group 239.255.162.1 Ports e3/11 Syntax: show ip pim group This display shows the following information. TABLE 128 Output of show ip pim group This field... Displays... Total number of Groups Lists the total number of IP multicast groups the Layer 3 Switch is forwarding.
  • Page 795 PIM Sparse TABLE 129 Output of show ip pim bsr This field... Displays... BSR address The IP address of the interface configured as the PIM Sparse Bootstrap Router (BSR). NOTE: If the word “local” does not appear in the field, this Layer 3 Switch is the BSR. If the local BSR address word “local”...
  • Page 796 PIM Sparse PowerConnect#show ip pim resource alloc in-use avail allo-fail up-limit get-mem NBR list timer 4096 pimsm J/P elem 48960 pimsm group2rp 4096 pimsm L2 reg xmt 0 no-limit mcache 1024 mcache hash link 0 no-limit mcache 2nd hash graft if no mcache 0 no-limit pim/dvm global group 0 no-limit...

  • Page 797: Displaying Candidate Rp Information

    PIM Sparse NOTE When the product of the number of active PIM interfaces multiplied by the number of multicast streams exceeds the total number of MLL, the CLI displays the message, “MLL pool out of memory”. NOTE The total number of MLL available changes according to the hardware configuration. Displaying candidate RP information To display candidate RP information, enter the following command at any CLI level.

  • Page 798: Displaying Rp Information For A Pim Sparse Group

    PIM Sparse 1 239.255.163.1 99.99.99.5 2 239.255.163.2 99.99.99.5 3 239.255.163.3 99.99.99.5 4 239.255.162.1 99.99.99.5 5 239.255.162.2 43.43.43.1 6 239.255.162.3 99.99.99.5 Syntax: show ip pim rp-map This display shows the following information. TABLE 132 Output of show ip pim rp-map This field... Displays...

  • Page 799: Displaying Multicast Neighbor Information

    PIM Sparse This display shows the following information. TABLE 134 Output of show ip pim rp-set This field... Displays... Number of group prefixes The number f PIM Sparse group prefixes for which the RP is responsible. Group prefix Indicates the multicast groups for which the RP listed by the previous field is a candidate RP.

  • Page 800: Displaying Information About An Upstream Neighbor Device

    PIM Sparse TABLE 135 Output of show ip pim nbr (Continued) This field... Displays... Age sec The number of seconds since the Layer 3 Switch received the last hello message from the neighbor. UpTime sec The number of seconds the PIM neighbor has been up. This timer starts when the Layer 3 Switch receives the first Hello messages from the neighbor.

  • Page 801: Displaying The Pim Multicast Cache

    PIM Sparse TABLE 136 Output of show ip pim flowcache (Continued) This field... Displays... This field is used for troubleshooting. Flags This field is used for troubleshooting. Displaying the PIM multicast cache To display the PIM multicast cache, enter the following command at any CLI level. PowerConnect#show ip pim mcache (*,239.255.162.1) RP207.95.7.1 forward port v1, Count 2 member ports ethe 3/3...
  • Page 802 PIM Sparse TABLE 137 Output of show ip pim mcache (Continued) This field... Displays... Indicates whether the cache entry uses the RP path or the SPT path. The RPT flag can have one of the following values: • 0 – The SPT path is used instead of the RP path. •...

  • Page 803: Displaying Pim Traffic Statistics

    PIM Sparse Displaying PIM traffic statistics To display PIM traffic statistics, use the following CLI method. PowerConnect#show ip pim traffic Port Hello Register RegStop Assert e3/8 Port Hello Register RegStop Assert Port Hello Register RegStop Assert Total 37 IGMP Statistics: Total Recv/Xmit 85/110 Total Discard/chksum Syntax: show ip pim traffic...

  • Page 804: Pim Passive

    PIM Passive Syntax: show ip pim error This command displays the number of warnings and non-zero PIM errors on the device. This count can increase during transition periods such as reboots and topology changes; however, if the device is stable, the number of errors should not increase. If warnings keep increasing in a stable topology, then there may be a configuration error or problems on the device.

  • Page 805: Passive Multicast Route Insertion

    Passive multicast route insertion Passive multicast route insertion Passive Multicast Route Insertion (PMRI) enables a Layer 3 switch running PIM Sparse to create an entry for a multicast route (e.g., (S,G)), with no directly attached clients or when connected to another PIM router (transit network).

  • Page 806: Using Acls To Control Multicast Features

    Using ACLs to control multicast features PowerConnect(config)#int e1 PowerConnect(config-if-1)#ip tunnel 192.3.45.6 NOTE The IP tunnel address represents the configured IP tunnel address of the destination router. In the case of Router A, its destination router is Router B. Router A is the destination router of Router B. For router B, enter the following.
  • Page 807 Using ACLs to control multicast features PowerConnect(config)#router pim PowerConnect(config-pim-router)#bsr-candidate ve 43 32 100 PowerConnect(config-pim-router)#rp-candidate ve 43 PowerConnect(config-pim-router)#rp-address 99.99.99.5 5 To configure an RP for multicast groups using the override switch, enter commands such as the following. PowerConnect(config)#access-list 44 permit 239.255.162.0 0.0.0.255 PowerConnect(config)#router pim PowerConnect(config-pim-router)#rp-address 43.43.43.1 PowerConnect(config-pim-router)#rp-address 99.99.99.5 44 override...

  • Page 808: Using Acls To Limit Pim Rp Candidate Advertisement

    Using ACLs to control multicast features PowerConnect#show ip pim rp-map Number of group-to-RP mappings: 6 Group address RP address ------------------------------- 1 239.255.163.1 43.43.43.1 2 239.255.163.2 43.43.43.1 3 239.255.163.3 43.43.43.1 4 239.255.162.1 99.99.99.5 5 239.255.162.2 99.99.99.5 6 239.255.162.3 99.99.99.5 The display shows the multicast group addresses covered by the RP candidate and the IP address of the RP for the listed multicast group.

  • Page 809: Disabling Cpu Processing For Select Multicast Groups

    By default, packets destined to these groups are processed by the CPU. However, when a large number of packets for these groups are received by the Dell PowerConnect device all at once, CPU resources may be overloaded. To alleviate the load on the CPU, you could disable CPU processing of packets for these groups.

  • Page 810: Viewing Disabled Multicast Addresses

    Disabling CPU processing for select multicast groups TABLE 139 Reserved multicast addresses (Continued) Multicast address Reserved for... 224.0.0.9 RIP V2 224.0.0.13 PIM V2 224.0.0.18 VRRP 224.0.0.22 IGMP V3 reports CLI command syntax To disable CPU processing for selective multicast groups, enter commands such as the following. PowerConnect# config t PowerConnect(config)# vlan 5 PowerConnect(config-vlan-5)# disable multicast-to-cpu 224.0.0.5...

  • Page 811: Another Multicast Router

    Displaying the multicast configuration for another multicast router The Dell implementation of Mrinfo is based on the DVMRP Internet draft by T. Pusateri, but applies to PIM and not to DVMRP. To display the PIM configuration of another PIM router, use the following CLI method.
  • Page 812 IGMP V3 IGMP V3 The Internet Group Management Protocol (IGMP) allows an IPV4 interface to communicate IP Multicast group membership information to its neighboring routers. The routers in turn limit the multicast of IP packets with multicast destination addresses to only those interfaces on the router that are identified as IP Multicast group members.

  • Page 813: Default Igmp Version

    IGMP V3 Default IGMP version IGMP V3 is available on Dell PowerConnect devices; however, the devices are shipped with IGMP V2 enabled. You must enable IGMP V3 globally or per interface. Also, you must specify what version of IGMP you want to run on a device globally, on each interface (physical port or virtual routing interface), and on each physical port within a virtual routing interface.

  • Page 814: A Virtual Routing Interface

    IGMP V3 To specify the IGMP version for a virtual routing interface on a physical port, enter a command such as the following. PowerConnect(config)#interface ve 3 PowerConnect(config-vif-1) ip igmp version 3 Syntax: [no] ip igmp version Enter 1, 2, or 3 for . Version 2 is the default version. Enabling the IGMP version on a physical port within a virtual routing interface To specify the IGMP version recognized by a physical port that is a member of a virtual routing...

  • Page 815: Setting The Query Interval

    IGMP V3 For example, two clients (Client A and Client B) belong to group1 but each is receiving traffic streams from different sources. Client A receives a stream from (source_1, group1) and Client B receives it from (source_2, group1). The router still waits for three seconds before it stops the traffic because the two clients are in the same group.

  • Page 816: Igmp V3 And Source Specific Multicast Protocols

    Therefore, enabling the SSM protocol for PIM-SM requires more resources than leaving the protocol disabled. Enabling SSM To enable the SSM protocol on a Dell PowerConnect device running PIM-SM, enter a command such as the following. PowerConnect(config)#router pim...
  • Page 817 IGMP V3 PowerConnect#show ip igmp group Interface v18 : 1 groups group phy-port static querier life mode #_src 239.0.0.1 e4/20 include 19 Interface v110 : 3 groups group phy-port static querier life mode #_src 239.0.0.1 e4/5 include 10 239.0.0.1 e4/6 exclude 13 224.1.10.1 e4/5...
  • Page 818 IGMP V3 TABLE 140 Output of show ip igmp group (Continued) This field Displays Static A “yes” entry in this column indicates that the multicast group was configured as a static group; “No” means it was not. Static multicast groups can be configured in IGMP V2 using the ip igmp static command.
  • Page 819 IGMP V3 Enter ve and its or ethernet and its to display information for a specific virtual routing interface or ethernet interface. Entering an address for displays information for a specified group on the specified interface. The report shows the following information. TABLE 141 Output of show ip igmp interface This field...

  • Page 820: Clearing Igmp Statistics

    IGMP Proxy TABLE 142 Output of show ip igmp traffic (Continued) This field Displays MbrV2 The IGMP V2 membership report. MbrV3 The IGMP V3 membership report. Leave Number of IGMP V2 “leave” messages on the interface. (See ToEx for IGMP V3.) IsIN Number of source addresses that were included in the traffic.

  • Page 821: Configuring Igmp Proxy

    IGMP Proxy is only supported in a PIM Dense environment where there are IGMP clients connected to the Dell PowerConnect device. The Dell PowerConnect device will not send IGMP reports on an IGMP proxy interface for remote clients connected to a PIM neighbor, as it will not be aware of groups that the remote clients are interested in.

  • Page 822: Configuration Example

    IP multicast protocols and IGMP snooping on the same device If there are two sources for a single group, where one source sends traffic into a VLAN with IGMP snooping enabled, while the other source sends traffic to a PIM enabled Layer 3 interface, a client for the group in the same VLAN as the first source will only receive traffic from that source.

  • Page 823: Cli Commands

    IP multicast protocols and IGMP snooping on the same device FIGURE 125 Example 2: IGMP Snooping and PIM Forwarding Both Sources for Server 10.10.10.100 Group 230.1.1.1 Server 20.20.20.1 Vlan 20 (with VE 20) Device Vlan 10 (DUT) 20.20.20.x/24 30.30.30.x/24 Client 10.10.10.1 40.40.40.x/24 for 230.1.1.1 Router...
  • Page 824 IP multicast protocols and IGMP snooping on the same device PowerConnect(config-vif-20)#exit PowerConnect(config)#interface e 13 PowerConnect(config-if-e1000-13)#ip address 30.30.30.10/24 PowerConnect(config-if-e1000-13)#ip pim 3. Configure the neighboring device. PowerConnect(config)#ip route 20.20.20.0 255.255.255.0 30.30.30.10 PowerConnect(config)#router pim PowerConnect(config-pim-router)#exit PowerConnect(config)#interface ethernet 3 PowerConnect(config-if-e1000-3)#ip address 30.30.30.20/24 PowerConnect(config-if-e1000-3)#ip pim PowerConnect(config-if-e1000-3)#interface ethernet 4 PowerConnect(config-if-e1000-4)#ip address 40.40.40.20/24 PowerConnect(config-if-e1000-4)#ip pim...
  • Page 825 Chapter Configuring IP Table 143 lists the individual Dell PowerConnect switches and the IP features they support. TABLE 143 Supported IP features Feature PowerConnect B-Series FCX BootP/DHCP relay Specifying which IP address will be included in a DHCP/BootP reply packet...

  • Page 826: Basic Configuration

    Basic configuration NOTE The terms Layer 3 Switch and router are used interchangeably in this chapter and mean the same. Basic configuration IP is enabled by default. Basic configuration consists of adding IP addresses for Layer 3 Switches, enabling a route exchange protocol, such as the Routing Information Protocol (RIP). If you are configuring a Layer 3 Switch, refer to “Configuring IP addresses”...

  • Page 827: Ip Interfaces

    Overview IP interfaces NOTE This section describes IPv4 addresses. For information about IPv6 addresses on all other PowerConnect devices, refer to “IPv6 addressing” on page 198. Layer 3 Switches and Layer 2 Switches allow you to configure IP addresses. On Layer 3 Switches, IP addresses are associated with individual interfaces.
  • Page 828 Overview Load Balancing Algorithm Mult. Equal- cost Paths Lowest Metric IP acc policy Lowest IP Route Incoming Session Fwding Admin. Table OSPF Port Table Cache Distance BGP4 Static ARP Outgoing Cache Table Port Figure 126 shows the following packet flow: 1.
  • Page 829 Overview 4. If the IP forwarding cache does not have an entry for the packet, the Layer 3 Switch checks the IP route table for a route to the packet destination. If the IP route table has a route, the Layer 3 Switch makes an entry in the session table or the forwarding cache, and sends the route to a queue on the outgoing ports: •...
  • Page 830 Overview The software places an entry from the static ARP table into the ARP cache when the entry interface comes up. Here is an example of a static ARP entry. Index IP Address MAC Address Port 207.95.6.111 0800.093b.d210 Each entry lists the information you specified when you created the entry. To display ARP entries, refer to the following sections: •...
  • Page 831 Overview Destination NetMask Gateway Port Cost Type 1.1.0.0 255.255.0.0 99.1.1.2 Each IP route table entry contains the destination IP address and subnet mask and the IP address of the next-hop router interface to the destination. Each entry also indicates the port attached to the destination or the next-hop to the destination, the route IP metric (cost), and the type.

  • Page 832: Ip Route Exchange Protocols

    Overview NOTE You cannot add static entries to the IP forwarding cache, although you can increase the number of entries the cache can contain. Refer to the section “Displaying and modifying system parameter default settings” on page 321. Layer 4 session table The Layer 4 session provides a fast path for forwarding packets.

  • Page 833: Ip Interface Redundancy Protocols

    IP access policies allow you to configure QoS based on sessions (Layer 4 traffic flows). Only one of these filtering mechanisms can be enabled on a Dell PowerConnect device at a time. Dell PowerConnect devices can store forwarding information for both methods of filtering in the session table.

  • Page 834: When Parameter Changes Take Effect

    Basic IP parameters and defaults – Layer 3 Switches • Multicast protocols: Internet Group Membership Protocol (IGMP) – refer to “Changing global IP multicast parameters” on page 729 Protocol Independent Multicast Dense (PIM-DM) – refer to “PIM Dense” on page 733 Protocol Independent Multicast Sparse (PIM-SM) –...
  • Page 835 Basic IP parameters and defaults – Layer 3 Switches TABLE 144 IP global parameters – Layer 3 Switches Parameter Description Default See page... IP state The Internet Protocol, version 4 Enabled NOTE: You cannot disable IP. IP address and Format for displaying an IP address and its network Class-based page 869 mask notation...
  • Page 836 Basic IP parameters and defaults – Layer 3 Switches TABLE 144 IP global parameters – Layer 3 Switches (Continued) Parameter Description Default See page... Time to Live The maximum number of routers (hops) through 64 hops page 815 (TTL) which a packet can pass before being discarded. Each router decreases a packet TTL by 1 before forwarding the packet.
  • Page 837 803 gateway which clients attached to the router can reach DNSs. addresses IP load sharing A Dell feature that enables the router to balance Enabled page 829 traffic to a specific destination across multiple equal-cost paths. IP load sharing uses a hashing algorithm based on the source IP address, destination IP address, and protocol field in the IP header.

  • Page 838: Ip Interface Parameters – Layer 3 Switches

    Basic IP parameters and defaults – Layer 3 Switches IP interface parameters – Layer 3 Switches Table 145 lists the interface-level IP parameters for Layer 3 Switches. TABLE 145 IP interface parameters – Layer 3 Switches Parameter Description Default See page... IP state The Internet Protocol, version 4 Enabled...

  • Page 839: Basic Ip Parameters And Defaults – Layer 2 Switches

    Basic IP parameters and defaults – Layer 2 Switches TABLE 145 IP interface parameters – Layer 3 Switches (Continued) Parameter Description Default See page... DHCP Server All PowerConnect devices can be configured to Disabled page 841 function as DHCP servers. UDP broadcast The router can forward UDP broadcast packets for The router helps forward...
  • Page 840 Basic IP parameters and defaults – Layer 2 Switches TABLE 146 IP global parameters – Layer 2 Switches Parameter Description Default See page... IP address Format for displaying an IP address and its network Class-based page 869 and mask mask information. You can enable one of the NOTE: Changing this notation following:...

  • Page 841: Interface Ip Parameters – Layer 2 Switches

    Configuring IP parameters – Layer 3 Switches TABLE 146 IP global parameters – Layer 2 Switches (Continued) Parameter Description Default See page... DHCP gateway The device can assist DHCP/BootP Discovery packets None configured page 868 stamp from one subnet to reach DHCP/BootP servers on a different subnet by placing the IP address of the router interface that forwards the packet in the packet Gateway field.
  • Page 842 Instead, you must configure the parameters on the virtual routing interface itself. Dell PowerConnect devices support both classical IP network masks (Class A, B, and C subnet masks, and so on) and Classless Interdomain Routing (CIDR) network prefix masks: •...
  • Page 843 All physical IP interfaces on Layer 3 devices share the same MAC address. For this reason, if more than one connection is made between two devices, one of which is a Layer 3 device, Dell recommends the use of virtual interfaces. It is not recommended to connect two or more physical IP interfaces between two routers.
  • Page 844 IP address, thus, they “follow” the virtual routing interface that has the IP address. This feature is helpful in conserving IP address space. The Dell feature that allows routing between VLANs within the same device, without the need for external routers, is called Integrated Switch Routing (ISR).

  • Page 845: Configuring Domain Name Server (Dns) Resolver

    When a client performs a DNS query, all hosts within that domain can be recognized. After you define a domain name, the Dell PowerConnect device automatically appends the appropriate domain to a host and forwards it to the DNS servers for resolution.
  • Page 846 Configuring IP parameters – Layer 3 Switches For example, if the domain “ds.company.com” is defined on a Layer 2 Switch or Layer 3 Switch and you want to initiate a ping to “mary”. You need to reference only the host name instead of the host name and its domain name.
  • Page 847 Configuring IP parameters – Layer 3 Switches Defining DNS server addresses You can configure the Dell PowerConnect device to recognize up to four DNS servers. The first entry serves as the primary default address. If a query to the primary address fails to be resolved after three attempts, the next DNS address is queried (also up to three times).

  • Page 848: Configuring Packet Parameters

    Configuring IP parameters – Layer 3 Switches NOTE In the previousexample, 209.157.22.199 is the IP address of the domain name server (default DNS gateway address), and 209.157.22.80 represents the IP address of the NYC02 host. Configuring packet parameters You can configure the following packet parameters on Layer 3 Switches. These parameters control how the Layer 3 Switch sends IP packets to other devices on an Ethernet network.
  • Page 849 ICMP unreachable message if a frame is too large to be forwarded – If a jumbo packet has the Do not Fragment (DF) bit set, and the outbound interface does not support the packet MTU size, the Dell PowerConnect device sends an ICMP unreachable message to the device that sent the packet.
  • Page 850 Configuring IP parameters – Layer 3 Switches You can increase the MTU size to accommodate jumbo packet sizes up to up to 10,232 bytes in an IronStack. Devices that are not part of an IronStack support up to 10,240 bytes. To globally enable jumbo support on all ports of a PowerConnect device, enter commands such as the following.

  • Page 851: Changing The Router Id

    Path MTU discovery (RFC 1191) support When the Dell PowerConnect device receives an IP packet that has its Do not Fragment (DF) bit set, and the packet size is greater than the MTU value of the outbound interface, then the Dell PowerConnect device returns an ICMP Destination Unreachable message to the source of the packet, with the Code indicating "fragmentation needed and DF set".

  • Page 852: Configuring Arp Parameters

    Configuring IP parameters – Layer 3 Switches NOTE You can specify an IP address used for an interface on the Layer 3 Switch, but do not specify an IP address in use by another device. Configuring ARP parameters Address Resolution Protocol (ARP) is a standard IP protocol that enables an IP Layer 3 Switch to obtain the MAC address of another device interface when the Layer 3 Switch knows the IP address of the interface.
  • Page 853 ICMP Host Unreachable message to the source. Rate limiting ARP packets You can limit the number of ARP packets the Dell PowerConnect device accepts during each second. By default, the software does not limit the number of ARP packets the device can receive.
  • Page 854 Configuring IP parameters – Layer 3 Switches NOTE If you want to change a previously configured the ARP rate limiting policy, you must remove the previously configured policy using the no rate-limit-arp command before entering the new policy. Changing the ARP aging period When the Layer 3 Switch places an entry in the ARP cache, the Layer 3 Switch also starts an aging timer for the entry.
  • Page 855 Local Proxy ARP is disabled by default. To use Local Proxy ARP, Proxy ARP (ip proxy-arp command) must be enabled globally on the Dell PowerConnect device. You can enter the CLI command to enable Local Proxy ARP even though Proxy ARP is not enabled, however, the configuration will not take effect until you enable Proxy ARP.
  • Page 856 ARP cache if the ARP aging interval expires before the entry is refreshed. Static entries do not age out, regardless of whether the Dell PowerConnect device receives an ARP request from the device that has the entry address.

  • Page 857: Configuring Forwarding Parameters

    Configuring IP parameters – Layer 3 Switches To increase the maximum number of static ARP table entries you can configure on a Layer 3 Switch, enter commands such as the following at the global CONFIG level of the CLI. PowerConnect(config)# system-max ip-static-arp 1000 PowerConnect(config)# write memory PowerConnect(config)# end PowerConnect# reload...
  • Page 858 PowerConnect(config)# ip directed-broadcast Syntax: [no] ip directed-broadcast Dell software makes the forwarding decision based on the router's knowledge of the destination network prefix. Routers cannot determine that a message is unicast or directed broadcast apart from the destination network prefix. The decision to forward or not forward the message is by definition only possible in the last hop router.

  • Page 859: Disabling Icmp Messages

    Syntax: [no] ip broadcast-zero Disabling ICMP messages Dell PowerConnect devices are enabled to reply to ICMP echo messages and send ICMP Destination Unreachable messages by default. You can selectively disable the following types of Internet Control Message Protocol (ICMP) messages: •...
  • Page 860 PowerConnect(config)# ip icmp echo broadcast-request Disabling ICMP destination unreachable messages By default, when a Dell PowerConnect device receives an IP packet that the device cannot deliver, the device sends an ICMP Unreachable message back to the host that sent the packet. You can...

  • Page 861: Disabling Icmp Redirect Messages

    Configuring IP parameters – Layer 3 Switches • The administration parameter disables ICMP Unreachable (caused by Administration action) messages. • The fragmentation-needed parameter disables ICMP Fragmentation-Needed But Do not-Fragment Bit Set messages. • The host parameter disables ICMP Host Unreachable messages. •...

  • Page 862: Static Route Types

    Configuring IP parameters – Layer 3 Switches • RIP – If RIP is enabled, the Layer 3 Switch can learn about routes from the advertisements other RIP routers send to the Layer 3 Switch. If the route has a lower administrative distance than any other routes from different sources to the same destination, the Layer 3 Switch places the route in the IP route table.
  • Page 863 Configuring IP parameters – Layer 3 Switches • The administrative distance for the route – The value that the Layer 3 Switch uses to compare this route with routes from other route sources to the same destination before placing a route in the IP route table.
  • Page 864 Configuring IP parameters – Layer 3 Switches PowerConnect(config)# ip route 207.95.7.0/24 207.95.6.157 When you configure a static IP route, you specify the destination address for the route and the next-hop gateway or Layer 3 Switch interface through which the Layer 3 Switch can reach the route. The Layer 3 Switch adds the route to the IP route table.
  • Page 865 Configuring IP parameters – Layer 3 Switches If you do not want to specify a next-hop IP address, you can instead specify a port or interface number on the Layer 3 Switch. The parameter is a virtual interface number. If you instead specify an Ethernet port, the ...
  • Page 866 Configuring IP parameters – Layer 3 Switches The parameter specifies the network or host address. The Layer 3 Switch will drop packets that contain this address in the destination field instead of forwarding them. The parameter specifies the network mask. Ones are significant bits and zeros allow any value.
  • Page 867 Configuring IP parameters – Layer 3 Switches The commands in the previous example configure two static IP routes. The routes go to different next-hop gateways but have the same metrics. These commands use the default metric value (1), so the metric is not specified. These static routes are used for load sharing among the next-hop gateways.
  • Page 868 Configuring IP parameters – Layer 3 Switches Figure 129 shows an example of two static routes configured for the same destination network. In this example, one of the routes is a standard static route and has a metric of 1. The other static route is a null route and has a higher metric than the standard static route.
  • Page 869 Configuring IP parameters – Layer 3 Switches FIGURE 130 Standard and interface routes to the same destination network Two static routes to 192.168.7.0/24: --Interface-based route through Port1/1, with metric 1. --Standard static route through gateway 192.168.8.11, with metric 3. 192.168.6.188/24 Port1/1 Switch A 192.168.8.12/24...

  • Page 870: Configuring A Default Network Route

    Configuring IP parameters – Layer 3 Switches Configuring a default network route The Layer 3 Switch enables you to specify a candidate default route without the need to specify the next hop gateway. If the IP route table does not contain an explicit default route (for example, 0.0.0.0/0) or propagate an explicit default route through routing protocols, the software can use the default network route as a default route instead.

  • Page 871: Configuring Ip Load Sharing

    Load sharing applies when the IP route table contains multiple, equal-cost paths to a destination. NOTE Dell PowerConnect devices also perform load sharing among the ports in aggregate links. Refer to “Trunk group load sharing” on page 398.
  • Page 872 Configuring IP parameters – Layer 3 Switches • Routes learned through BGP4 Administrative distance The administrative distance is a unique value associated with each type (source) of IP route. Each path has an administrative distance. The administrative distance is not used when performing IP load sharing, but the administrative distance is used when evaluating multiple equal-cost paths to the same destination from different sources, such as RIP, OSPF and so on.
  • Page 873 Configuring IP parameters – Layer 3 Switches The source of a path cost value depends on the source of the path: • IP static route – The value you assign to the metric parameter when you configure the route. The default metric is 1. Refer to “Configuring load balancing and redundancy using multiple static routes to the same destination”...

  • Page 874: Configuring Irdp

    Configuring IP parameters – Layer 3 Switches • If the IP forwarding sharing cache contains a forwarding entry for the destination, the device uses the entry to forward the traffic. • If the IP load forwarding cache does not contain a forwarding entry for the destination, the software selects a path from among the available equal-cost paths to the destination, then creates a forwarding entry in the cache based on the calculation.

  • Page 875: Enabling Irdp Globally

    Configuring IP parameters – Layer 3 Switches • If you leave the feature disabled globally but enable it on individual ports, you also can configure the IRDP parameters on an individual port basis. NOTE You can configure IRDP parameters only an individual port basis. To do so, IRDP must be disabled globally and enabled only on individual ports.

  • Page 876: Configuring Rarp

    Configuring IP parameters – Layer 3 Switches Enabling IRDP on an individual port To enable IRDP on an individual interface and change IRDP parameters, enter commands such as the following. PowerConnect(config)# interface ethernet 1/3 PowerConnect(config-if-1/3)# ip irdp maxadvertinterval 400 This example shows how to enable IRDP on a specific port and change the maximum advertisement interval for Router Advertisement messages to 400 seconds.
  • Page 877 Configuring IP parameters – Layer 3 Switches RARP is enabled by default. However, you must create a RARP entry for each host that will use the Layer 3 Switch for booting. A RARP entry consists of the following information: • The entry number –...

  • Page 878: Configuring Udp Broadcast And Ip Helper Parameters

    Configuring IP parameters – Layer 3 Switches Creating static RARP entries You must configure the RARP entries for the RARP table. The Layer 3 Switch can send an IP address in reply to a client RARP request only if create a RARP entry for that client. To assign a static IP RARP entry for static routes on a router, enter a command such as the following.
  • Page 879 Configuring IP parameters – Layer 3 Switches • Configure a helper adders on the interface connected to the clients. Specify the helper address to be the IP address of the application server or the subnet directed broadcast address for the IP subnet the server is in. A helper address is associated with a specific interface and applies only to client requests received on that interface.
  • Page 880 Configuring IP parameters – Layer 3 Switches Syntax: [no] ip forward-protocol udp | The parameter can have one of the following values. For reference, the corresponding port numbers from RFC 1340 are shown in parentheses. If you specify an application name, enter the name only, not the parentheses or the port number shown here: •...

  • Page 881: Configuring Bootp/Dhcp Relay Parameters

    Configuring IP parameters – Layer 3 Switches Syntax: ip helper-address The parameter specifies the helper address number and can be from 1 through 16. The command specifies the server IP address or the subnet directed broadcast address of the IP subnet the server is in.
  • Page 882 This feature is supported on PowerConnect B-Series FCX devices. You can configure the Dell PowerConnect device so that a BOOTP/DHCP reply to a client contains the server IP address as the source address instead of the router IP address. To do so, enter the following command at the Global CONFIG level of the CLI.

  • Page 883: Dhcp Server

    Configuring IP parameters – Layer 3 Switches NOTE The BootP/DHCP hop count is not the TTL parameter. To modify the maximum number of BootP/DHCP hops, enter the following command. PowerConnect(config)# bootp-relay-max-hops 10 This command allows the Layer 3 Switch to forward BootP/DHCP requests that have passed through ten previous hops before reaching the Layer 3 Switch.
  • Page 884 Configuring IP parameters – Layer 3 Switches • For DHCP client hitless support in an IronStack, the stack mac command must be used to configure the IronStack MAC address, so that the MAC address does not change in the event of a switchover or failover.
  • Page 885 Configuring IP parameters – Layer 3 Switches FIGURE 131 DHCP Server configuration flow chart Classify incoming message previous Reserve the Send offer to host Host DHCP allocation in previous and listen for responds? enabled? DB for this allocated address response host? Use RX Portnum, Ciaddr field, and...
  • Page 886 2. Create a DHCP Server address pool by entering a command similar to the following. PowerConnect(config)# ip dhcp-server pool cabo 3. Configure the DHCP Server address pool by entering commands similar to the following. PowerConnect(config-dhcp-cabo)# network 172.16.1.0/24 PowerConnect(config-dhcp-cabo)# domain-name dell.com PowerConnect(config-dhcp-cabo)# dns-server 172.16.1.2 172.16.1.3 PowerConnect(config-dhcp-cabo)# netbios-name-server 172.16.1.2 PowerConnect(config-dhcp-cabo)# lease 0 0 5 4.
  • Page 887 Configuring IP parameters – Layer 3 Switches Default DHCP server settings Table 151 shows the default DHCP server settings. TABLE 151 DHCP server default settings Parameter Default Value DHCP server Disabled Lease database expiration time 86400 seconds The duration of the lease for an assigned IP address 43200 seconds (one day) Maximum lease database expiration time 86400 seconds...
  • Page 888 Configuring IP parameters – Layer 3 Switches TABLE 153 DHCP Server CLI commands Command Description ip dhcp-server arp-ping-timeout <#> Specifies the time (in seconds) the server will wait for a response to an arp-ping packet before deleting the client from the binding database. The minimum setting is 5 seconds and the maximum time is 30 seconds.

  • Page 889: Enabling Dhcp Server

    Configuring IP parameters – Layer 3 Switches TABLE 153 DHCP Server CLI commands Command Description netbios-name-server
    Specifies the IP address of a NetBIOS WINS server or servers that are [ |] available to Microsoft DHCP clients. Refer to “Configure the NetBIOS server for DHCP clients”...
  • Page 890 Configuring IP parameters – Layer 3 Switches Setting the wait time for ARP-ping response At startup, the server reconciles the lease-binding database by sending an ARP-ping packet out to every client. If there is no response to the ARP-ping packet within a set amount of time (set in seconds), the server deletes the client from the lease-binding database.
  • Page 891 Configuring IP parameters – Layer 3 Switches •
    - The IP address of the DHCP server This command assigns an IP address to the selected DHCP server. Configure the boot image The bootfile command specifies a boot image name to be used by the DHCP client. PowerConnect(config-dhcp-cabo)# bootfile foxhound In this example, the DHCP client should use the boot image called “foxhound”.
  • Page 892 Configuring IP parameters – Layer 3 Switches Specify addresses to exclude from the address pool The excluded-address command specifies either a single address, or a range of addresses that are to be excluded from the address pool. PowerConnect(config-dhcp-cabo)# excluded-address 101.2.3.44 Syntax: excluded-address <[
    ...

  • Page 893: Displaying Dhcp Server Information

    Configuring IP parameters – Layer 3 Switches Displaying DHCP server information The following DHCP show commands may be entered from any level of the CLI. Display active lease entries The show ip dhcp-server binding command displays a specific active lease, or all active leases, as shown in this example: PowerConnect# show ip dhcp-server binding The following output is displayed:...
  • Page 894 Configuring IP parameters – Layer 3 Switches netbios-name-server: 192.168.1.101 network: 192.168.1.0 255.255.255.0 next-bootstrap-server: 192.168.1.102 tftp-server: 192.168.1.103 Syntax: show ip dhcp-server address-pool[s] [] • address-pool[s] - If you enter address-pools, the display will show all address pools • - Displays information about a specific address pool The following table describes this output.
  • Page 895 Configuring IP parameters – Layer 3 Switches TABLE 156 CLI display of show ip dhcp-server flash command This field... Displays... IP address The IP address of the flash memory lease-binding database Client-ID/Hardware address The address of the client Lease expiration The time when the lease will expire Type The type of lease...

  • Page 896: Image Update

    Configuring IP parameters – Layer 3 Switches TABLE 157 CLI display of show ip dhcp-server summary command This field... Displays... Total number of active leases Indicates the number of leases that are currently active Total number of deployed address-pools The number of address pools currently in use. Total number of undeployed address-pools The number of address-pools being held in reserve.
  • Page 897 Configuring IP parameters – Layer 3 Switches 2. If auto-update is enabled, the TFTP flash image is downloaded and updated. The device compares the filename of the requested flash image with the image stored in flash. If the filenames are different, then the device will download the new image from a TFTP server, write the downloaded image to flash, then reload the device or stack.
  • Page 898 Configuring IP parameters – Layer 3 Switches The following configuration rules apply to flash image update: • To enable flash image update (ip dhcp-client auto-update enable command), also enable auto-configuration (ip dhcp-client enable command). • The image filename to be updated must have the extension .bin. •...
  • Page 899 Configuring IP parameters – Layer 3 Switches FIGURE 133 The DHCP Client-Based Auto-Configuration steps IP Address Validation and Lease Negotiation Legend: Typical process (may change depending on environment) System boot/ feature enable Other Possible Events Existing Device New Device (start) Asks server if Static or DHCP...
  • Page 900 Configuring IP parameters – Layer 3 Switches 3. If the device has a dynamic address, the device asks the DHCP server to validate that address. If the server does not respond, the device will continue to use the existing address until the lease expires.
  • Page 901 Configuring IP parameters – Layer 3 Switches The TFTP configuration download and update step NOTE This process only occurs when the client device reboots, or when Auto-Configuration has been disabled and then re-enabled. 1. When the device reboots, or the Auto-Configuration feature has been disabled and then re-enabled, the device uses information from the DHCP server to contact the TFTP server to update the running-configuration file: •...
  • Page 902 Configuring IP parameters – Layer 3 Switches Configuration notes • When using DHCP on a router, if you have a DHCP address for one interface, and you want to connect to the DHCP server from another interface, you must disable DHCP on the first interface, then enable DHCP on the second interface.
  • Page 903 Configuring IP parameters – Layer 3 Switches PowerConnect(config)# show ip Switch IP address: 10.44.16.116 Subnet mask: 255.255.255.0 Default router address: 10.44.16.1 TFTP server address: 10.44.16.41 Configuration filename: foundry.cfg Image filename: None The following example shows output from the show ip address command for a Layer 2 device. PowerConnect(config)# show ip address IP Address Type...

  • Page 904: Configuring Ip Parameters – Layer 2 Switches

    Configuring IP parameters – Layer 2 Switches PowerConnect(config)# show run Current configuration: ver 7.2.00aT7f1 module 1 FCX-24-port-management-module module 2 FCX-cx4-2-port-16g-module module 3 FCX-xfp-1-port-16g-module vlan 1 name DEFAULT-VLAN by port ip dns domain-name test.com ip dns server-address 10.44.3.111 interface ethernet 0/1/2 ip address 10.44.3.233 255.255.255.0 dynamic ip dhcp-client lease 691109 interface ethernet 0/1/15...

  • Page 905: The Default Gateway

    Management Interface, you must configure an IP address for the Layer 2 Switch. Optionally, you also can specify the default gateway. Dell PowerConnect devices support both classical IP network masks (Class A, B, and C subnet masks, and so on) and Classless Interdomain Routing (CIDR) network prefix masks: •...

  • Page 906: Defining A Dns Entry

    Configuring IP parameters – Layer 2 Switches For example, if the domain “newyork.com” is defined on a Layer 2 Switch or Layer 3 Switch and you want to initiate a ping to host “NYC01” on that domain, you need to reference only the host name in the command instead of the host name and its domain name.

  • Page 907: Changing The Ttl Threshold

    Configuring IP parameters – Layer 2 Switches NOTE In the previous example, 209.157.22.199 is the IP address of the domain name server (default DNS gateway address), and 209.157.22.80 represents the IP address of the NYC02 host. FIGURE 134 Querying a Host on the newyork.com Domain Domain Name Server nyc01 newyork.com...
  • Page 908 Configuring IP parameters – Layer 2 Switches By allowing multiple subnet DHCP requests to be sent on the same wire, you can reduce the number of router ports required to support secondary addressing as well as reduce the number of DHCP servers required, by allowing a server to manage multiple subnet address assignments.
  • Page 909 Configuring IP parameters – Layer 2 Switches How DHCP Assist works Upon initiation of a DHCP session, the client sends out a DHCP discovery packet for an address from the DHCP server as seen in Figure 136. When the DHCP discovery packet is received at a Layer 2 Switch with the DHCP Assist feature enabled, the gateway address configured on the receiving interface is inserted into the packet.
  • Page 910 Configuring IP parameters – Layer 2 Switches NOTE The DHCP relay function of the connecting router must be turned on. FIGURE 137 DHCP offers are forwarded back toward the requestors Step 4: DHCP Server extracts the gateway DHCP address from each packet and Server assigns IP addresses for each 207.95.7.6...

  • Page 911: Displaying Ip Configuration Information And Statistics

    Displaying IP configuration information and statistics Up to eight addresses can be defined for each gateway list in support of ports that are multi-homed. When multiple IP addresses are configured for a gateway list, the Layer 2 Switch inserts the addresses into the discovery packet in a round robin fashion. Up to 32 gateway lists can be defined for each Layer 2 Switch.
  • Page 912 Displaying IP configuration information and statistics • IP interfaces – refer to “Displaying IP interface information” on page 873. • ARP entries – refer to “Displaying ARP entries” on page 874. • Static ARP entries – refer to “Displaying ARP entries” on page 874.
  • Page 913 Displaying IP configuration information and statistics TABLE 159 CLI display of global IP configuration information – Layer 3 Switch This field... Displays... Global settings The Time-To-Live (TTL) for IP packets. The TTL specifies the maximum number of router hops a packet can travel before reaching the router. If the packet TTL value is higher than the value specified in this field, the router drops the packet.
  • Page 914 Displaying IP configuration information and statistics TABLE 159 CLI display of global IP configuration information – Layer 3 Switch (Continued) This field... Displays... Port The Layer 4 TCP or UDP port the policy checks for in packets. The port can be displayed by its number or, for port types the router recognizes, by the well-known name.

  • Page 915: Displaying Ip Interface Information

    Displaying IP configuration information and statistics To display utilization statistics for a specific number of seconds, enter a command such as the following. PowerConnect# show process cpu 2 Statistics for last 1 sec and 80 ms Process Name Sec(%) Time(ms) 0.00 0.01 0.00...

  • Page 916: Displaying Arp Entries

    Displaying IP configuration information and statistics TABLE 160 CLI display of interface IP configuration information (Continued) This field... Displays... Method Whether the IP address has been saved in NVRAM. If you have set the IP address for the interface in the CLI or Web Management Interface, but have not saved the configuration, the entry for the interface in the Method field is “manual”.
  • Page 917 Displaying IP configuration information and statistics The mac-address parameter lets you restrict the display to entries for a specific MAC address. The parameter lets you specify a mask for the mac-address parameter, to display entries for multiple MAC addresses. Specify the MAC address mask as “f”s and “0”s, where “f”s are significant bits.
  • Page 918 Displaying IP configuration information and statistics TABLE 161 CLI display of ARP cache (Continued) This field... Displays... Port The port on which the entry was learned. NOTE: If the ARP entry type is DHCP, the port number will not be available until the entry gets resolved through ARP.

  • Page 919: Displaying The Forwarding Cache

    DIRECT. The MAC address of the destination. NOTE: If the entry is type U (indicating that the destination is this Dell PowerConnect device), the address consists of zeroes. PowerConnect B-Series FCX Configuration Guide...

  • Page 920: Displaying The Ip Route Table

    Displaying IP configuration information and statistics TABLE 163 CLI display of IP forwarding cache – Layer 3 Switch (Continued) This field... Displays... Type The type of host entry, which can be one or more of the following: • D – Dynamic •...
  • Page 921 Displaying IP configuration information and statistics The bgp option displays the BGP4 routes. The direct option displays only the IP routes that are directly attached to the Layer 3 Switch. The ospf option displays the OSPF routes. The rip option displays the RIP routes. The static option displays only the static IP routes.

  • Page 922: Clearing Ip Routes

    Displaying IP configuration information and statistics Example PowerConnect# show ip route summary IP Routing Table - 35 entries: 6 connected, 28 static, 0 RIP, 1 OSPF, 0 BGP, 0 ISIS, 0 MPLS Number of prefixes: /0: 1 /16: 27 /22: 1 /24: 5 /32: 1 Syntax: show ip route summary In this example, the IP route table contains 35 entries.

  • Page 923: Displaying Ip Traffic Statistics

    Displaying IP configuration information and statistics To clear route 209.157.22.0/24 from the IP routing table, enter the following command. PowerConnect# clear ip route 209.157.22.0/24 Syntax: clear ip route [ ] Syntax: clear ip route [/] Displaying IP traffic statistics To display IP traffic statistics, enter the following command at any CLI level. PowerConnect# show ip traffic IP Statistics 139 received, 145 sent, 0 forwarded...
  • Page 924 The number of packets dropped by the device because the value in the Protocol field of the packet header is unrecognized by this device. no buffer This information is used by Dell customer support. other errors The number of packets dropped due to error types other than those listed above.

  • Page 925: Displaying Ip Information – Layer 2 Switches

    The number of TCP connections opened by this device in response to connection requests (TCP SYNs) received from other devices. failed attempts This information is used by Dell customer support. active resets The number of TCP connections this device reset by sending a TCP RESET message to the device at the other end of the connection.
  • Page 926 Displaying IP configuration information and statistics • Global IP settings – refer to “Displaying global IP configuration information” on page 884. • ARP entries – refer to “Displaying ARP entries” on page 884. • IP traffic statistics – refer to “Displaying IP traffic statistics”...
  • Page 927 Displaying IP configuration information and statistics Syntax: show arp This display shows the following information. TABLE 167 CLI display of ARP cache This field... Displays... Total ARP Entries The number of entries in the ARP cache. Maximum The total number of ARP entries supported on the device. capacity The IP address of the device.
  • Page 928 The number of packets dropped by the device because the value in the Protocol field of the packet header is unrecognized by this device. no buffer This information is used by Dell customer support. other errors The number of packets that this device dropped due to error types other than the types listed above.
  • Page 929 The number of UDP packets dropped because the packet did not contain a valid UDP port number. input errors This information is used by Dell customer support. TCP statistics The TCP statistics are derived from RFC 793, “Transmission Control Protocol”.
  • Page 930 PowerConnect B-Series FCX Configuration Guide 53-1002266-01...

  • Page 931: Overview

    Chapter Configuring Multicast Listening Discovery (MLD) Snooping on PowerConnect B-Series FCX Switches Table 169 lists the individual Dell PowerConnect switches and the MLD snooping features they support.. TABLE 169 Supported MLD snooping features Feature PowerConnect B-Series FCX MLD V1/V2 snooping (global and...
  • Page 932 Overview The interfaces respond to general queries by sending a membership report containing one or more of the following records associated with a specific group: • Current-state record - Indicates the sources from which the interface wants to receive or not receive traffic.

  • Page 933: Configuration Notes

    The hardware resource limit applies only to snooping-enabled VLANs. In VLANs where snooping is not enabled, multicast streams are switched in hardware without using any pre-installed resources. The Dell PowerConnect device supports up to 32K of MLD groups. They are produced by client membership reports.

  • Page 934: Using Mldv1 With Mldv2

    For example, two data streams from different sources to the same group require two (S G) entries in MLDv2, compared to only one (* G) in MLDv1. Dell recommends that you use MLDv2 only in a source-specific application. Because each VLAN can be configured for the version independently, some VLANs might match (* G) while others match (S G).

  • Page 935: Configuring Mld Snooping

    Configuring MLD snooping NOTE To avoid version deadlock, when an interface receives a report with a lower version than that for which it has been configured, the interface does not automatically downgrade the running MLD version. Configuring MLD snooping Configuring MLD Snooping on Stackable devices consists of the following global and VLAN-specific tasks.

  • Page 936: Configuring The Global Mld Mode

    Configuring MLD snooping The system supports up to 32K of groups. The configurable range is 256 to 32768 and the default is 8192. The configured number is the upper limit of an expandable database. Client memberships exceeding the group limits are not processed. Disabling transmission and receipt of MLD packets on a port When a VLAN is snooping-enabled, all MLD packets are trapped to the CPU without hardware VLAN flooding.

  • Page 937: Configuring The Global Mld Version

    Configuring MLD snooping Syntax: [no] ipv6 mld-snooping age-interval The parameter specifies the aging time. You can specify a value from 20 – 7200 seconds. The default is 140 seconds. Modifying the query interval (Active MLD snooping mode only) If the MLD mode is set to active, you can modify the query interval, which specifies how often the device sends group membership queries.

  • Page 938: Leave Message

    Configuring MLD snooping Modifying the wait time before stopping traffic when receiving a leave message You can define the wait time before stopping traffic to a port when the device receives a leave message for that port. The device sends group-specific queries once per second to determine if any client on the same port still needs the group.

  • Page 939: Disabling Mld Snooping For The Vlan

    Configuring MLD snooping Disabling MLD snooping for the VLAN When MLD snooping is enabled globally, you can disable it for a specific VLAN. For example, the following commands disable MLD snooping for VLAN 20. This setting overrides the global setting for VLAN 20.

  • Page 940: Configuring Static Router Ports

    Configuring MLD snooping The ipv6-address parameter is the IPv6 address of the multicast group. The count is optional, which allows a contiguous range of groups. Omitting the count is equivalent to the count being 1. If there are no numbers, the static groups apply to the entire VLAN. Configuring static router ports A device always forwards all multicast control and data packets to router ports that receive queries.

  • Page 941: Configuring Fast Leave For Mldv1

    Configuring MLD snooping Every group on a physical port keeps its own tracking record. However, it can track group membership only; it cannot track by (source, group). For example, Client A and Client B belong to group1 but each is receiving traffic from different sources. Client A receives a traffic stream from (source_1, group1) and Client B receives a traffic stream from (source_2, group1).

  • Page 942: Displaying Mld Snooping Information

    Configuring MLD snooping Displaying MLD snooping information You can display the following MLD Snooping information: • MLD Snooping error information • Information about VLANs • Group and forwarding information for VLANs • MLD memory pool usage • Status of MLD traffic •...
  • Page 943 Configuring MLD snooping If tracking and fast leave are enabled, you can display the list of clients for a particular group by entering the following command. PowerConnect#show ipv6 mld-snooping group ff0e::ef00:a096 tracking Display group ff0e::ef00:a096 in all interfaces with tracking enabled. p-:physical, ST:static, QR:querier, EX:exclude, IN:include, Y:yes, N:no VL1 : 1 grp, 1 grp-port, tracking_enabled group...
  • Page 944 Configuring MLD snooping PowerConnect#show ipv6 mld-snooping mcache Example: (S G) cnt=: (S G) are the lowest 32 bits, cnt: SW proc. count OIF: 0/1/22 TR(0/1/32,0/1/33), TR is trunk, 0/1/32 primary, 0/1/33 output vlan 1, has 2 cache (abcd:ef50 0:100), cnt=121 OIF: 0/1/11 0/1/9 age=0s up-time=120m vidx=4130 (ref-cnt=1) (abcd:ef50 0:101), cnt=0...
  • Page 945 Configuring MLD snooping This field... Displays... get-fail Displays the number of resource failures. NOTE: It is important to pay close attention to this field. limit The upper limit of this expandable field. The MLD group limit is configured using the system-max mld-max-group-addr command.

  • Page 946: Clear Mld Snooping Commands

    Configuring MLD snooping This field Displays IsEX Number of source addresses that were excluded in the traffic. ToIN Number of times the interface mode changed from EXCLUDE to INCLUDE. ToEX Number of times the interface mode changed from INCLUDE to EXCLUDE. ALLO Number of times additional source addresses were allowed on the interface.
  • Page 947 Configuring MLD snooping Clear MLD counters on VLANs To clear MLD Snooping error and traffic counters on all VLANs, enter a command similar to the following. PowerConnect#clear ipv6 mld-snooping counters Syntax: clear ipv6 mld-snooping counters Clear MLD mcache To clear the mcache on all VLANs, enter the following command. PowerConnect#clear ipv6 mld-snooping mcache Syntax: clear ipv6 mld-snooping mcache Clear mcache on a specific VLAN...
  • Page 948 Configuring MLD snooping PowerConnect B-Series FCX Configuration Guide 53-1002266-01...

  • Page 949: Rip Overview

    Chapter Configuring RIP (IPv4) Table 170 lists the individual Dell PowerConnect switches and the RIP features they support. TABLE 170 Supported RIP features Feature PowerConnect B-Series FCX RIP V1 and V2 Route learning and advertising Route redistribution into RIP Route metrics Route loop prevention: •...

  • Page 950: Icmp Host Unreachable Message For Undeliverable Arps

    RIP parameters and defaults • Version (V1) • V1 compatible with V2 • Version (V2) (the default) ICMP host unreachable message for undeliverable ARPs If the router receives an ARP request packet that it is unable to deliver to the final destination because of the ARP timeout and no ARP response is received (the router knows of no route to the destination address), the router sends an ICMP Host Unreachable message to the source.

  • Page 951: Rip Interface Parameters

    RIP parameters and defaults TABLE 171 RIP global parameters (Continued) Parameter Description Default Reference Learning The router can learn default routes from its RIP neighbors. Disabled page 915 default routes NOTE: You also can enable or disable this parameter on an individual interface basis.

  • Page 952: Configuring Rip Parameters

    Configuring RIP parameters Configuring RIP parameters Use the following procedures to configure RIP parameters on a system-wide and individual interface basis. Enabling RIP RIP is disabled by default. To enable it, use the following method. NOTE You must enable the protocol globally and also on individual interfaces on which you want to advertise RIP.

  • Page 953: Changing The Administrative Distance

    Configuring RIP parameters PowerConnect(config)#interface ethernet 0/6/1 PowerConnect(config-if-0/6/1)#ip metric 5 These commands configure port 6/1 to add 5 to the cost of each route learned on the port. Syntax: ip metric <1-16> Configuring a RIP offset list A RIP offset list allows you to add to the metric of specific inbound or outbound routes learned or advertised by RIP.

  • Page 954: Configuring Redistribution

    Configuring RIP parameters NOTE Refer to “Changing administrative distances” on page 1014 for the default distances for all route sources. To change the administrative distance for RIP routes, enter a command such as the following. PowerConnect(config-rip-router)#distance 140 This command changes the administrative distance to 140 for all RIP routes. Syntax: [no] distance ...
  • Page 955 Configuring RIP parameters Syntax: [no] permit | deny redistribute all | bgp | ospf | static address [match-metric | set-metric ] The variable specifies the redistribution filter ID. The software uses the filters in ascending numerical order. Thus, if filter 1 denies a route from being redistributed, the software does not redistribute that route even if a filter with a higher ID permits redistribution of the route.

  • Page 956: Configuring Route Learning And Advertising Parameters

    Configuring RIP parameters This command assigns a RIP metric of 10 to each route that is redistributed into RIP. Syntax: [no] default-metric <1-15> Enabling redistribution After you configure redistribution parameters, you need to enable redistribution. To enable RIP redistribution, enter the following command. PowerConnect(config-rip-router)#redistribution Syntax: [no] redistribution The no form of this command disables RIP redistribution.

  • Page 957: Changing The Route Loop Prevention Method

    By default, a Layer 3 Switch learns RIP routes from all its RIP neighbors. Neighbor filters allow you to specify the neighbor routers from which the Dell PowerConnect device can receive RIP routes. Neighbor filters apply globally to all ports.

  • Page 958: Vrrpe Backup Interface

    Configuring RIP parameters These loop prevention methods are configurable on an individual interface basis. One of the methods is always in effect on an interface enabled for RIP. If you disable one method, the other method is enabled. NOTE These methods may be used in addition to the RIP maximum valid route cost of 15. To disable poison reverse and enable split horizon on an interface, enter commands such as the following.

  • Page 959: Displaying Rip Filters

    Displaying RIP filters NOTE By default, routes that do not match a route filter are learned or advertised. To prevent a route from being learned or advertised, you must configure a filter to deny the route. To configure RIP filters, enter commands such as the following. PowerConnect(config-rip-router)#filter 1 permit 192.53.4.1 255.255.255.0 PowerConnect(config-rip-router)#filter 2 permit 192.53.5.1 255.255.255.0 PowerConnect(config-rip-router)#filter 3 permit 192.53.6.1 255.255.255.0...

  • Page 960: Displaying Cpu Utilization Statistics

    Displaying CPU utilization statistics TABLE 173 CLI display of RIP filter information This field... Displays... Route filters The rows underneath “RIP Route Filter Table” list the RIP route filters. If no RIP route filters are configured on the device, the following message is displayed: “No Filters are configured in RIP Route Filter Table”. Index The filter number.
  • Page 961 Displaying CPU utilization statistics PowerConnect#show process cpu Process Name 5Sec(%) 1Min(%) 5Min(%) 15Min(%) Runtime(ms) 0.01 0.03 0.09 0.22 0.04 0.06 0.08 0.14 GVRP 0.00 0.00 0.00 0.00 ICMP 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 OSPF 0.00 0.00 0.00 0.00 0.04 0.07...
  • Page 962 Displaying CPU utilization statistics PowerConnect B-Series FCX Configuration Guide 53-1002266-01...
  • Page 963 Chapter Configuring OSPF Version 2 (IPv4) Table 174 lists the individual Dell PowerConnect switches and the OSPF Version 2 features they support. TABLE 174 Supported OSPF V2 features Feature PowerConnect B-Series FCX OSPF V2 OSPF point-to-point links RFC 1583 and RFC 2178 compliant...

  • Page 964: Overview Of Ospf

    Overview of OSPF TABLE 174 Supported OSPF V2 features (Continued) Feature PowerConnect B-Series FCX Syslog messages Clearing OSPF information This chapter describes how to configure OSPF Version 2 on Layer 3 Switches using the CLI. OSPF Version 2 is supported on devices running IPv4. NOTE The terms Layer 3 Switch and router are used interchangeably in this chapter and mean the same thing.

  • Page 965: Ospf Point-To-Point Links

    Overview of OSPF An Autonomous System Boundary Router (ASBR) is a router that is running multiple protocols and serves as a gateway to routers outside an area and those operating with different protocols. The ASBR is able to import and translate different protocol routes into OSPF through a process known as redistribution.

  • Page 966: Designated Routers In Multi-Access Networks

    Overview of OSPF In an OSPF point-to-point network, where a direct Layer 3 connection exists between a single pair of OSPF routers, there is no need for Designated and Backup Designated Routers, as is the case in OSPF multi-access networks. Without the need for Designated and Backup Designated routers, a point-to-point network establishes adjacency and converges faster.

  • Page 967: Ospf Rfc 1583 And 2178 Compliance

    DR. The router with the next highest router ID is designated as the BDR. NOTE By default, the Dell router ID is the IP address configured on the lowest numbered loopback interface. If the Layer 3 Switch does not have a loopback interface, the default router ID is the lowest numbered IP address configured on the device.

  • Page 968: Reduction Of Equivalent As External Lsas

    In some cases, multiple ASBRs in an AS can originate equivalent LSAs. The LSAs are equivalent when they have the same cost, the same next hop, and the same destination. Dell PowerConnect devices optimize OSPF by eliminating duplicate AS External LSAs in this case. The Layer 3 Switch with the lower router ID flushes the duplicate External LSAs from its database and thus does not flood the duplicate External LSAs into the OSPF AS.
  • Page 969 Overview of OSPF FIGURE 141 AS External LSA reduction Routers D, E, and F are OSPF ASBRs OSPF Autonomous System (AS) Another routing domain and EBGP routers. (such as BGP4 or RIP) Router A Router D Router ID: 2.2.2.2 Router F Router B Router E Router ID: 1.1.1.1...

  • Page 970: Support For Ospf Rfc 2328 Appendix E

    Router F. Support for OSPF RFC 2328 Appendix E Dell PowerConnect devices provide support for Appendix E in OSPF RFC 2328. Appendix E describes a method to ensure that an OSPF router (such as a Layer 3 Switch) generates unique link state IDs for type-5 (External) link state advertisements (LSAs) in cases where two networks have the same network address but different network masks.

  • Page 971: Dynamic Ospf Activation And Configuration

    Overview of OSPF All three networks have the same network address, 10.0.0.0. Without support for RFC 2328 Appendix E, an OSPF router uses the same link state ID, 10.0.0.0, for the LSAs for all three networks. For example, if the router generates an LSA with ID 10.0.0.0 for network 10.0.0.0 255.0.0.0, this LSA conflicts with the LSA generated for network 10.0.0.0 255.255.0.0 or 10.0.0.0 255.255.255.0.

  • Page 972: Dynamic Ospf Memory

    OSPF dead-interval are provided in “Modifying interface defaults” on page 937. The Dell implementation of OSPF graceful restart supports RFC 3623: Graceful OSPF Restart. For details on how to configure OSPF graceful restart, refer to “Configuring OSPF graceful restart”...

  • Page 973: Ospf Parameters

    OSPF is automatically enabled without a system reset. Configuration rules • Dell PowerConnect devices support a maximum of 676 OSPF interfaces. • If a router is to operate as an ASBR, you must enable the ASBR capability at the system level.

  • Page 974: Enabling Ospf On The Router

    Configuring OSPF Interface parameters: • Assign interfaces to an area. • Define the authentication key for the interface. • Change the authentication-change interval • Modify the cost for a link. • Modify the dead interval. • Modify MD5 authentication key parameters. •...

  • Page 975: Assigning Ospf Areas

    Configuring OSPF If you have disabled the protocol but have not yet saved the configuration to the startup-config file and reloaded the software, you can restore the configuration information by re-entering the command to enable the protocol (for example, router ospf), or by selecting the Web management option to enable the protocol.
  • Page 976 Configuring OSPF When an NSSA contains more than one ABR, OSPF elects one of the ABRs to perform the LSA translation for NSSA. OSPF elects the ABR with the highest router ID. If the elected ABR becomes unavailable, OSPF automatically elects the ABR with the next highest router ID to take over translation of LSAs for the NSSA.
  • Page 977 When you configure an NSSA, you can specify an address range for aggregating the external routes that the NSSA's ABR exports into other areas. The Dell implementation of NSSA is based on RFC 1587. Figure 142 shows an example of an OSPF network containing an NSSA.
  • Page 978 Configuring OSPF The ABR translates the Type-7 LSAs into Type-5 LSAs. If an area range is configured for the NSSA, the ABR also summarizes the LSAs into an aggregate LSA before flooding the Type-5 LSAs into the backbone. Since the NSSA is partially “stubby” the ABR does not flood external LSAs from the backbone into the NSSA.

  • Page 979: Assigning An Area Range (Optional)

    Configuring OSPF The parameter specifies the portions of the IP address that a route must contain to be summarized in the summary route. In the example above, all networks that begin with 209.157 are summarized into a single route. Assigning an area range (optional) You can assign a range for an area, but it is not required.

  • Page 980: Ospf Interface Parameters

    Configuring OSPF • ip ospf cost • ip ospf dead-interval • ip ospf hello-interval • ip ospf md5-authentication key-activation-wait-time | key-id [0 | 1] key • ip ospf passive • ip ospf priority •...
  • Page 981 Configuring OSPF MD5-authentication activation wait time: The number of seconds the Layer 3 Switch waits until placing a new MD5 key into effect. The wait time provides a way to gracefully transition from one MD5 key to another without disturbing the network. The wait time can be from 0 through 14400 seconds.

  • Page 982: Changing The Timer For Ospf Authentication Changes

    Configuring OSPF NOTE If you want the software to assume that the value you enter is the clear-text form, and to encrypt display of that form, do not enter 0 or 1. Instead, omit the encryption option and allow the software to use the default behavior.
  • Page 983 Configuring an OSPF non-broadcast interface Layer 3 switches support Non-Broadcast Multi-Access (NBMA) networks. This feature enables you to configure an interface on a Dell PowerConnect device to send OSPF traffic to its neighbor as unicast packets rather than broadcast packets.

  • Page 984: Assigning Virtual Links

    Configuring OSPF PowerConnect(config)#int ve 20 PowerConnect(config-vif-20)#ip ospf area 0 PowerConnect(config-vif-20)#ip ospf network non-broadcast PowerConnect(config-vif-20)#exit Syntax: [no] ip ospf network non-broadcast The following commands specify 1.1.20.1 as an OSPF neighbor address. The address specified must be in the same subnet as a non-broadcast interface. PowerConnect(config)#router ospf PowerConnect(config-ospf-router)#neighbor 1.1.20.1 For example, to configure the feature in a network with three routers connected by a hub or switch,...
  • Page 985 Configuring OSPF NOTE By default, the Dell router ID is the IP address configured on the lowest numbered loopback interface. If the Layer 3 Switch does not have a loopback interface, the default router ID is the lowest numbered IP address configured on the device. For more information or to change the router ID, refer to “Changing the router ID”...

  • Page 986: Modifying Virtual Link Parameters

    Configuring OSPF PowerConnectC(config-ospf-router)#area 1 virtual-link 10.0.0.1 PowerConnectC(config-ospf-router)#write memory Syntax: area | virtual-link [authentication-key | dead-interval | hello-interval | retransmit-interval | transmit-delay ] The area | parameter specifies the transit area. The parameter specifies the router ID of the OSPF router at the remote end of the virtual link.
  • Page 987 Configuring OSPF MD5 Authentication Wait Time: This parameter determines when a newly configured MD5 authentication key is valid. This parameter provides a graceful transition from one MD5 key to another without disturbing the network. All new packets transmitted after the key activation wait time interval use the newly configured MD5 Key.
  • Page 988 Configuring OSPF Changing the reference bandwidth for the cost on OSPF interfaces Each interface on which OSPF is enabled has a cost associated with it. The Layer 3 Switch advertises its interfaces and their costs to OSPF neighbors. For example, if an interface has an OSPF cost of ten, the Layer 3 Switch advertises the interface with a cost of ten to other OSPF routers.

  • Page 989: Defining Redistribution Filters

    Route redistribution imports and translates different protocol routes into a specified protocol type. On Dell routers, redistribution is supported for static routes, OSPF, RIP, and BGP4. When you configure redistribution for RIP, you can specify that static, OSPF, or BGP4 routes are imported into RIP routes.
  • Page 990 Configuring OSPF Figure 144 on page 948, an administrator wants to configure the PowerConnect Layer 3 Switch acting as the ASBR (Autonomous System Boundary Router) between the RIP domain and the OSPF domain to redistribute routes between the two domains. NOTE The ASBR must be running both RIP and OSPF protocols to support this activity.
  • Page 991 Configuring OSPF NOTE Redistribution is permitted for all routes by default, so the permit redistribute 1 all command in the example above is shown for clarity but is not required. You also have the option of specifying import of just OSPF, BGP4, or static routes, as well as specifying that only routes for a specific network or with a specific cost (metric) be imported, as shown in the following command syntax.

  • Page 992: Table

    Configuring OSPF Preventing specific OSPF routes from being installed in the IP route table By default, all OSPF routes in the OSPF route table are eligible for installation in the IP route table. You can configure a distribution list to explicitly deny specific routes from being eligible for installation in the IP route table.
  • Page 993 Enter only one valid interface number. If necessary, use the show interface brief command to display a list of valid interfaces. If you do not specify an interface, the Dell PowerConnect device applies the ACL to all incoming route updates.
  • Page 994 Configuring OSPF PowerConnect(config)#ip access-list extended no_ip PowerConnect(config-ext-nACL)#deny ip 4.0.0.0 0.255.255.255 255.255.0.0 0.0.255.255 PowerConnect(config-ext-nACL)#permit ip any any PowerConnect(config-ext-nACL)#exit PowerConnect(config)#router ospf The first three commands configure an extended ACL that denies routes to any 4.x.x.x destination network with a 255.255.0.0 network mask and allows all other routes for eligibility to be installed in the IP route table.

  • Page 995: Modifying The Default Metric For Redistribution

    Configuring OSPF Because this ACL is input to an OSPF distribution list, the parameter actually specifies the subnet mask of the route. The parameter specifies the portion of the subnet mask to match against. For example, the and values 255.255.255.255 0.0.0.255 mean that subnet mask /24 and longer match the ACL.
  • Page 996 Configuring OSPF PowerConnect(config)#ip route 1.1.0.0 255.255.0.0 207.95.7.30 PowerConnect(config)#ip route 1.2.0.0 255.255.0.0 207.95.7.30 PowerConnect(config)#ip route 1.3.0.0 255.255.0.0 207.95.7.30 PowerConnect(config)#ip route 4.1.0.0 255.255.0.0 207.95.6.30 PowerConnect(config)#ip route 4.2.0.0 255.255.0.0 207.95.6.30 PowerConnect(config)#ip route 4.3.0.0 255.255.0.0 207.95.6.30 PowerConnect(config)#ip route 4.4.0.0 255.255.0.0 207.95.6.30 5 PowerConnect(config)#route-map abc permit 1 PowerConnect(config-routemap abc)#match metric 5 PowerConnect(config-routemap abc)#set metric 8 PowerConnect(config-routemap abc)#router ospf...

  • Page 997: Disabling Or Re-Enabling Load Sharing

    Disabling or re-enabling load sharing Dell routers can load share among up to eight equal-cost IP routes to a destination. By default, IP load sharing is enabled. The default is 4 equal-cost paths but you can specify from 2 to 6 paths.

  • Page 998: Configuring External Route Summarization

    PowerConnect->R5 • PowerConnect->R6 Normally, the Dell PowerConnect switch will choose the path to the R1 with the lower metric. For example, if R3 metric is 1400 and R4 metric is 600, the Dell PowerConnect switch will always choose R4. However, suppose the metric is the same for all four routers in this example. If the costs are the same, the switch now has four equal-cost paths to R1.

  • Page 999: Configuring Default Route Origination

    Configuring OSPF PowerConnect(config-ospf-router)#summary-address 10.1.0.0 255.255.0.0 The command in this example configures summary address 10.1.0.0, which includes addresses 10.1.1.0, 10.1.2.0, 10.1.3.0, and so on. For all of these networks, only the address 10.1.0.0 (the parent route) is advertised in external LSAs. However, if the parent route has not been configured with a summary address, or if the summary address for the parent route is configured after the child route, the Layer 3 switch will advertise all routes.

  • Page 1000: Modifying Spf Timers

    Configuring OSPF If the Layer 3 Switch is an ASBR, you can use the “always” option when you enable the default route origination. The always option causes the ASBR to create and advertise a default route if it does not already have one configured. If default route origination is enabled and you disable it, the default route originated by the Layer 3 Switch is flushed.

This manual is also suitable for:

Powerconnect fcx624-iPowerconnect fcx624-ePowerconnect fcx624-sPowerconnect fcx648-iPowerconnect fcx648-ePowerconnect fcx648-s.

Table of Contents