Page 1: Cli Reference Guide
Dell Networking 2024/2048/3024/3048/4032/4064 CLI Reference Guide Regulatory Model: N2024/N2024P/N2048/ N2048P/N3024/N3024F/N3024P/N3048/ N3048P/N4032/N4032F/N4064/N4064F...
Page 2 Other trademarks and trade names may be used in this publication to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.
Page 3: Table Of Contents
Contents Command Groups ....Introduction ..... . . Command Groups .
Page 4 Layer 2 Switching Commands ..AAA Commands ....TACACS+ Accounting ....Commands in this Chapter .
Page 5 password (User EXEC) ....show aaa ias-users ....show aaa statistics .
Page 6 Commands in this Chapter ....ip access-list ..... . . deny | permit (IP ACL) .
Page 7 show mac address-table multicast ... show mac address-table ....show mac address-table address ... . show mac address-table count .
Page 8 isdp holdtime ..... . . isdp timer ......show isdp .
Page 9 show dhcp l2relay circuit-id vlan ... . show dhcp l2relay remote-id vlan ... . clear dhcp l2relay statistics interface ..11 DHCP Management Interface Commands 323 Commands in this Chapter .
Page 10 ip dhcp snooping verify mac-address ..show ip dhcp snooping ....show ip dhcp snooping binding .
Page 11 14 E-mail Alerting Commands ..Commands in this Chapter ....logging email ..... . logging email urgent .
Page 12 clear counters ..... . description ......duplex .
Page 13 speed ......storm-control broadcast ....storm-control multicast .
Page 14 traceroute ethernet cfm ....show ethernet cfm errors ....show ethernet cfm domain .
Page 15 clear gvrp statistics ....garp timer ......gvrp enable (global) .
Page 16 ip igmp snooping vlan mrouter ... . . 20 IGMP Snooping Querier Commands . . . Commands in this Chapter ....ip igmp snooping querier .
Page 17 ip host ......ip name-server ..... . ipv6 address (Interface Configuration) .
Page 18 23 IPv6 MLD Snooping Commands ..Commands in this Chapter ....ipv6 mld snooping vlan groupmembership-interval ipv6 mld snooping vlan immediate-leave .
Page 19 show ipv6 mld snooping querier ... . 25 IP Source Guard Commands ..Commands in this Chapter ....ip verify source .
Page 20 action ......link-dependency group ....
Page 21 show lldp ......show lldp interface ....show lldp local-device .
Page 22 show mvr interface ....show mvr traffic ..... 30 Port Channel Commands .
Page 23 show lacp ......show statistics port-channel ....31 MLAG .
Page 24 32 Port Monitor Commands ... . Commands in this Chapter ....monitor session ..... remote-span .
Page 25 conform-color ..... . cos-queue min-bandwidth ....cos-queue random-detect .
Page 26 match source-address mac ....match srcip ......match srcip6 .
Page 27 show diffserv service brief ....show interfaces cos-queue ....show interfaces random-detect .
Page 28 priority ......radius-server attribute 4 ....radius-server deadtime .
Page 29 name (mst) ......revision (mst) ..... . . show spanning-tree .
Page 30 spanning-tree mst priority ....spanning-tree portfast ....spanning-tree portfast bpdufilter default .
Page 31 show tacacs ..... . . tacacs-server host ....tacacs-server key .
Page 32 38 VLAN Commands ....Double VLAN Mode ....Independent VLAN Learning .
Page 33 show vlan association mac ....show vlan association subnet ....switchport access vlan .
Page 34 show vlan private-vlan ....39 Voice VLAN Commands ... . . Commands in this Chapter .
Page 35 dot1x port-control ....dot1x re-authenticate ....dot1x reauthentication .
Page 36 show dot1x clients ....show dot1x interface ....show dot1x interface statistics .
Page 37 show lldp dcbx ..... . Enhanced Transmission Selection (ETS) Commands classofservice traffic-class-group ... traffic-class-group max-bandwidth .
Page 38 ......arp cachesize ..... . arp dynamicrenew .
Page 39 dns-server (IP DHCP Pool Config) ... . domain-name (IP DHCP Pool Config) ..hardware-address ....host .
Page 40 47 DHCPv6 Commands ....clear ipv6 dhcp ..... . dns-server (IPv6 DHCP Pool Config) .
Page 41 ipv6 dhcp snooping binding ....ipv6 dhcp snooping database ....ipv6 dhcp snooping database write-delay .
Page 42 show ip dvmrp ..... . show ip dvmrp interface ....show ip dvmrp neighbor .
Page 43 ip igmp version 1015 ..... show ip igmp 1016 ..... . show ip igmp groups 1017 .
Page 44 ip dhcp relay information check 1033 ... ip dhcp relay information check-reply 1034 ..ip dhcp relay information option 1035 ... ip dhcp relay information option-insert 1036 .
Page 45 ip route distance 1053 ....ip routing 1053 ......match ip address 1054 .
Page 46 55 IPv6 Routing Commands 1081 ... IPv6 Limitations & Restrictions 1081 ... . Commands in this Chapter 1081 ....clear ipv6 neighbors 1082 .
Page 47 ipv6 nd ra-interval 1096 ....ipv6 nd ra-lifetime 1097 ....ipv6 nd reachable-time 1098 .
Page 48 show ipv6 neighbors 1123 ....show ipv6 route 1124 ....show ipv6 route preferences 1125 .
Page 49 ip pim bsr-candidate 1145 ....ip pim dense-mode 1146 ....ip pim dr-priority 1146 .
Page 50 show ip pim rp mapping 1163 ....58 IPv6 Multicast Commands 1167 ..clear ipv6 mroute 1167 .
Page 51 show ipv6 pim rp-hash 1186 ....show ipv6 pim rp mapping 1186 ....59 OSPF Commands 1191 .
Page 52 area virtual-link dead-interval 1210 ... . area virtual-link hello-interval 1211 ... . area virtual-link retransmit-interval 1212 ..area virtual-link transmit-delay 1213 .
Page 53 ip ospf dead-interval 1228 ....ip ospf hello-interval 1228 ....ip ospf mtu-ignore 1229 .
Page 54 show ip ospf abr 1251 ....show ip ospf area 1252 ....show ip ospf asbr 1254 .
Page 55 area nssa default-info-originate (Router OSPFv3 Config) 1280 area nssa no-redistribute 1281 ....area nssa no-summary 1282 ....area nssa translator-role 1283 .
Page 56 ipv6 ospf cost 1299 ..... ipv6 ospf dead-interval 1300 ....ipv6 ospf hello-interval 1300 .
Page 57 show ipv6 ospf asbr 1319 ....show ipv6 ospf border-routers 1319 ... . . show ipv6 ospf database 1320 .
Page 58 show ip irdp 1339 ..... . 62 Routing Information Protocol Commands 1341 Commands in this Chapter 1341 ....auto-summary 1341 .
Page 59 63 Tunnel Interface Commands 1357 ..Commands in this Chapter 1357 ....interface tunnel 1358 ....show interfaces tunnel 1358 .
Page 60 vrrp priority 1372 ..... . . vrrp timers advertise 1372 ....vrrp timers learn 1373 .
Page 61 show auto-copy-sw 1393 ....show boot 1393 ..... . . 67 Captive Portal Commands 1395 .
Page 62 session-timeout 1408 ....verification 1409 ..... . . captive-portal client deauthenticate 1410 .
Page 63 user group name 1425 ....68 CLI Macro Commands 1427 ... . . Commands in this Chapter 1428 .
Page 64 sntp broadcast client enable 1441 ... . . sntp client poll timer 1441 ....sntp server 1442 .
Page 65 71 Configuration and Image File Commands 1457 File System Commands 1457 ....Command Line Interface Scripting 1457 ..Commands in this Chapter 1457 .
Page 66 72 Denial of Service Commands 1477 ..Commands in this Chapter 1478 ....dos-control firstfrag 1479 ....dos-control icmp 1479 .
Page 67 show line 1492 ......speed 1493 ......74 Management ACL Commands 1495 .
Page 68 passwords min-length 1508 ....passwords strength-check 1509 ....passwords strength minimum uppercase-letters 1510 .
Page 69 power inline 1526 ..... . power inline detection 1527 ....power inline high-power 1527 .
Page 70 show rmon events 1549 ....show rmon hcalarm 1550 ....show rmon history 1551 .
Page 71 debug ip dvmrp 1573 ..... debug ip igmp 1573 ..... debug ip mcache 1574 .
Page 72 exception core-file 1587 ....exception dump 1588 ....exception protocol 1589 .
Page 73 show snmp 1610 ..... . . show snmp engineID 1611 ....show snmp filters 1611 .
Page 74 cryptho key generate dsa 1635 ....crypto key generate rsa 1636 ....crypto key pubkey-chain ssh 1637 .
Page 75 logging 1652 ......logging audit 1654 ..... . logging buffered 1655 .
Page 76 banner motd acknowledge 1673 ....clear checkpoint statistics 1675 ....clear counters stack-ports 1676 .
Page 77 set description 1693 ..... slot 1694 ......show banner 1696 .
Page 78 show system id 1724 ....show system power 1725 ....show system temperature 1726 .
Page 79 87 Terminal Length Commands 1749 ..terminal length 1749 ..... 88 Time Ranges Commands 1751 .
Page 80 1766 ......exit 1767 ......quit 1768 .
Page 81: Appendix A: List Of Commands
show ip http server status 1782 ....show ip http server secure status 1783 ... state 1784 .
Page 82 Contents...
Page 83: Command Groups
EIA/TIA-232 port or through a Telnet/SSH session. This guide describes how the CLI is structured, describes the command syntax, and describes the command functionality. This guide also provides information for configuring the Dell Networking switch, details the procedures, and provides configuration examples. Basic User’s Guide...
Page 84 (continued) Table 1-1. System Command Groups Command Group Description Administrative Profiles Group commands into a profile and assign a profile to a Commands user upon authentication. Administrative Profiles Configures and displays ACL information. Address Table Configures bridging address tables. Auto-VoIP Configures Auto VoIP for IP phones on a switch.
Page 85 (continued) Table 1-1. System Command Groups Command Group Description Configures and displays QoS information. Radius Configures and displays RADIUS information. Spanning Tree Configures and reports on Spanning Tree protocol. TACACS+ Configures and displays TACACS+ information. VLAN Configures VLANs and displays VLAN information. Voice VLAN Configures voice VLANs and displays voice VLAN information.
Page 86 (continued) Table 1-1. System Command Groups Command Group Description Router Discovery Protocol Manages router discovery operations. (IPv4) Routing Information Configures RIP activities. Protocol (IPv4) Tunnel Interface (IPv6) Managing tunneling operations. Virtual Router Controls virtual LAN routing. Redundancy (IPv4) Virtual Router Manages router redundancy on the system.
Page 87: Mode Types
(continued) Table 1-1. System Command Groups Command Group Description SNMP Configures SNMP communities, traps and displays SNMP information. Configures SSH authentication. Syslog Manages and displays syslog messages. System Management Configures the switch clock, name and authorized users. Telnet Server Configures Telnet service on the switch and displays Telnet information.
Page 88 • L — Logging • LC — Line Configuration • LD — Link Dependency • MA — Management Access-level • MC — MST Configuration • MD —MLAG Domain Configuration • MDC — Maintenance Domain Configuration • ML — MAC-List Configuration •...
Page 89: Layer 2 Commands
• v6DP — IPv6 DHCP Pool Configuration Layer 2 Commands Command Description Mode aaa authentication dot1x Specifies an authentication method for 802.1x default clients. aaa authentication enable Defines authentication method lists for accessing higher privilege levels. aaa authentication login Defines login authentication. aaa authorization network Enables the switch to accept VLAN assignment default radius...
Page 90: Administrative Profiles
Command Description Mode show authentication Shows information about authentication methods methods. show users accounts Displays information about the local user database. show users login-history Displays information about login histories of users. username Establishes a username-based authentication system. Optionally allows the specification of an Administrative Profile for a local user.
Page 91 Command Description Mode ip access-list Creates an Access Control List (ACL) that is accesslistnumber. identified by the parameter deny | permit (IP ACL) The deny command denies traffic if the conditions defined in the deny statement are matched. The permit command allows traffic if the conditions defined in the permit statement are matched.
Page 92: Address Table
Address Table Command Description Mode clear mac address-table Removes any learned entries from the forwarding database. mac address-table aging- Sets the address table aging time. time mac address-table multicast Forbids adding a specific multicast address to forbidden address specific ports. mac address-table static vlan Registers MAC-layer multicast addresses to the bridge forwarding table, and adds static ports to...
Page 93 Command Description Mode show ports security Displays the port-lock status. show ports security Displays current dynamic addresses in locked addresses ports. For the meaning of each Mode abbreviation, see Mode Typeson page 87. Auto-VoIP Command Description Mode switchport voice detect auto Enables the VoIP Profile on all the interfaces of GC or the switch.
Page 94 Command Description Mode show isdp traffic Displays ISDP statistics. For the meaning of each Mode abbreviation, see Mode Types on page 87. DHCP L2 Relay Command Description Mode dhcp l2relay (Global Enables the Layer 2 DHCP Relay agent for an GC or Configuration) interface or globally.
Page 95: Dhcp Snooping
DHCP Snooping Command Description Mode clear ip dhcp snooping Clears all DHCP Snooping entries. binding clear ip dhcp snooping Clears all DHCP Snooping statistics. statistics ip dhcp snooping Enables DHCP snooping globally or on a GC or specific VLAN. ip dhcp snooping binding Configures a static DHCP Snooping binding.
Page 96: Dynamic Arp Inspection
Dynamic ARP Inspection Command Description Mode arp access-list Creates an ARP ACL. clear ip arp inspection Resets the statistics for Dynamic ARP statistics Inspection on all VLANs. ip arp inspection filter Configures the ARP ACL to be used for a single VLAN or a range of VLANs to filter invalid ARP packets.
Page 97 E-mail Alerting Command Description Mode logging email Enables e-mail alerting and sets the lowest severity level for which log messages are e- mailed. logging email urgent Sets the lowest severity level at which log messages are e-mailed in an urgent manner. logging traps Sets the lowest severity level at which SNMP traps are logged.
Page 98: Ethernet Configuration
Command Description Mode show mail-server Displays the configuration of all the mail servers or a particular mail server. For the meaning of each Mode abbreviation, see Mode Types on page 87. Ethernet Configuration Command Description Mode clear counters Clears statistics on an interface. description Adds a description to an interface.
Page 99 Displays the detail for all configured interfaces. UE show interfaces status Displays the status for all configured interfaces. UE Display the optic static parameters as well show interfaces transceiver as the Dell qualification. show monitor capture Displays captured packets transmitted or received from the CPU. show statistics Displays statistics for one port or for the entire switch.
Page 100 Ethernet CFM Command Description Mode ethernet cfm domain Enters into maintenance domain Configuration mode for an existing domain. Use the optional level parameter to create a domain and enter into maintenance domain Configuration mode. service Associates a VLAN with a maintenance domain. MDC ethernet cfm cc level Initiates sending continuity checks (CCMs) at the specified interval and level on a VLAN...
Page 101: Green Ethernet
Green Ethernet Command Description Mode green-mode energy-detect Enables a Dell proprietary mode of power reduction on ports that are not connected to another interface. green-mode eee Enables EEE low power idle mode on an interface or all the interfaces. clear green-mode statistics Clears: •...
Page 102: Igmp Snooping
Command Description Mode garp timer Adjusts the GARP application join, leave, and leaveall GARP timer values. gvrp enable (global) Enables GVRP globally. gvrp enable (interface) Enables GVRP on an interface. gvrp registration-forbid Deregisters all VLANs, and prevents dynamic VLAN registration on the port. gvrp vlan-creation-forbid Enables or disables dynamic VLAN creation.
Page 103: Igmp Snooping Querier
Command Description Mode ip igmp snooping vlan last- Sets the IGMP Maximum Response time on a member-query-interval particular VLAN. ip igmp snooping vlan Sets the Multicast Router Present Expiration mcrtrexpiretime time. Enables IGMP report suppression on a ip igmp snooping report- suppression specific VLAN.
Page 104 IP Addressing Command Description Mode clear host Deletes entries from the host name-to-address cache. clear ip address-conflict- Clears the address conflict detection status in detect the switch. ip address (Out-of-Band) Sets an IP address for the out-of-band interface. IC ip address-conflict-detect Triggers the switch to run active address conflict detection by sending gratuitous ARP packets for IPv4 addresses on the switch.
Page 105: Ipv6 Mld Snooping
Command Description Mode show hosts Displays the default domain name, a list of name server hosts, static and cached list of host names and addresses. show ip address-conflict Displays the status information corresponding UE or to the last detected address conflict. show ip helper-address Displays the ip helper addresses configuration.
Page 106: Ipv6 Mld Snooping Querier
Command Description Mode ipv6 mld snooping vlan Sets the MLD Group Membership Interval groupmembership-interval time on a VLAN or interface. ipv6 mld snooping vlan last- Sets the MLD Maximum Response time for an IC or listener-query-interval interface or VLAN. ipv6 mld snooping listener- Enables MLD listener message suppression on a message-suppression specific VLAN.
Page 107: Iscsi Optimization
IP Source Guard Command Description Mode ip verify source Enables IP Source Guard on an interface. ip verify source port-security Enables IP Source Guard using both the IP address and MAC address as filtering criteria. ip verify binding Configures IPSG static bindings. show ip verify Displays IPSG interface configuration.
Page 108 Command Description Mode link-dependency group Enters the link-dependency mode to configure a link-dependency group. Adds member gigabit Ethernet port(s) to the dependency list. depends-on Adds the dependent Ethernet ports or port channels list. show link-dependency Shows the link dependencies configured on a particular group.
Page 109 Command Description Mode lldp transmit-tlv Specifies which optional TLVs in the 802.1AB basic management set will be transmitted in the LLDPDUs. show lldp Displays the current LLDP configuration summary. show lldp interface Displays the current LLDP interface state. show lldp local-device Displays the LLDP local data.
Page 110 Command Description Mode peer-keepalive destination Enables the Dual Control Plane Detection Protocol with the configured IP address of the peer MLAG, the local source address and the peer timeout value. peer-keepalive enable Enables the peer keep-alive protocol. role priority Configures the priority value used on a switch for primary/secondary role selection.
Page 111: Multicast Vlan Registration
Multicast VLAN Registration Command Description Mode Enables MVR. GC or mvr group Adds an MVR membership group. mvr mode Changes the MVR mode type. mvr querytime Sets the MVR query response time. mvr vlan Sets the MVR multicast VLAN. mvr immediate Enables MVR Immediate Leave mode.
Page 112: Port Monitor
Command Description Mode lacp port-priority Configures the priority value for physical ports. lacp system-priority Configures the system LACP priority. lacp timeout Assigns an administrative LACP timeout. port-channel min-links Sets the minimum number of links that must be up in order for the port channel interface to be declared up.
Page 113 Command Description Mode match-all class-map Defines a new DiffServ class of type match-any, match-access-group . For now, match-all only is available in the CLI. class-map rename Changes the name of a DiffServ class. classofservice dot1p- Maps an 802.1p priority to an internal traffic GC or mapping class for a switch.
Page 114 Command Description Mode match class-map Adds add to the specified class definition the set of match conditions defined for another class. match cos Adds to the specified class definition a match condition for the Class of Service value. match destination-address Adds to the specified class definition a match condition based on the destination MAC address of a packet.
Page 115 Command Description Mode match source-address mac Adds to the specified class definition a match condition based on the source MAC address of the packet. match srcip Adds to the specified class definition a match condition based on the source IP address of a packet.
Page 116 Command Description Mode redirect Specifies that all incoming packets for the PCMC associated traffic stream are redirected to a specific egress interface (physical port or port- channel). service-policy Attaches a policy to an interface in a particular GC or direction. show class-map Displays all configuration information for the specified class.
Page 117 Command Description Mode traffic-shape Specifies the maximum transmission GC or bandwidth limit for the interface as a whole. vlan priority Assigns a default VLAN priority tag for untagged frames ingressing an interface. For the meaning of each Mode abbreviation, see Mode Types on page 87.
Page 118 Command Description Mode priority Specifies the order in which the servers are to be used, with 0 being the highest priority. radius-server attribute 4 Sets the network access server (NAS) IP address for the RADIUS server. radius-server deadtime Improves RADIUS response times when servers are unavailable.
Page 119: Spanning Tree
Command Description Mode usage Specifies the usage type of the server. For the meaning of each Mode abbreviation, see Mode Types on page 87. Spanning Tree Command Description Mode clear spanning-tree Restarts the protocol migration process on all detected-protocols interfaces or on the specified interface. exit (mst) Exits the MST configuration mode and applies configuration changes.
Page 120 Command Description Mode spanning-tree cost Configures the spanning tree path cost for a port. spanning-tree disable Disables spanning tree on a specific port. spanning-tree forward-time Configures the spanning tree bridge forward time. spanning-tree guard Selects whether loop guard or root guard is enabled on an interface.
Page 121 Command Description Mode spanning-tree transmit hold- Set the maximum number of BPDUs that a count bridge is allowed to send within a hello time window (2 seconds). Configures the rate at which gratuitous spanning-tree uplinkfast frames are sent after a switchover to an alternate port and enables Direct Rapid Convergence.
Page 122 Command Description Mode show tacacs Displays TACACS+ server settings and statistics. tacacs-server host Specifies a TACACS+ server host. tacacs-server key Sets the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ daemon. tacacs-server key Sets the authentication and encryption key for all communication between the switch and the TACACS serve.
Page 123 Command Description Mode show dvlan-tunnel Displays all interfaces enabled for Double VLAN Tunneling. show dvlan-tunnel interface Displays detailed information about Double VLAN Tunneling for the specified interface. show interfaces switchport Displays switchport configuration. show port protocol Displays the Protocol-Based VLAN information for either the entire system or for the indicated group.
Page 124: Voice Vlan
Command Description Mode switchport mode private- Defines a private VLAN association for an vlan isolated or community port or a mapping for a promiscuous port. switchport private-vlan Defines a private-VLAN association for an isolated or community port or a mapping for a promiscuous port.
Page 125 For the meaning of each Mode abbreviation, see Mode Types on page 87. 802.1x Command Description Mode dot1x dynamic-vlan enable Enables the capability of creating VLANs dynamically when a RADIUS-assigned VLAN does not exist in the switch. dot1x initialize Begins the initialization sequence on the specified port.
Page 126 Command Description Mode dot1x timeout server- Sets the number of seconds the switch waits for timeout a response from the authentication server before resending the request. dot1x timeout tx-period Sets the number of seconds the switch waits for a response to an EAP-request/identify frame from the client before resending the request.
Page 127: Layer 3 Commands
Command Description Mode show dot1x interface Displays 802.1X statistics for the specified statistics interface. show dot1x users Displays active 802.1X authenticated users for the switch. clear dot1x Clears the authentication history table captured authentication–history during successful and unsuccessful authentication. dot1x guest-vlan Sets the guest VLAN on a port.
Page 128 Command Description Mode clear arp-cache management Removes all entries from the ARP cache learned from the management port. ip local-proxy-arp Enables proxying of ARP requests. ip proxy-arp Enables proxy ARP on a router interface. show arp Displays the Address Resolution Protocol (ARP) cache.
Page 129 Command Description Mode host Specifies a manual binding for a DHCP client host. ip dhcp bootp automatic Enables automatic BOOTP address assignments. ip dhcp conflict logging Enables DHCP address conflict detection. ip dhcp excluded-address Excludes one or more DHCP addresses from automatic assignment.
Page 130 Command Description Mode show ip dhcp server statistics Displays the DHCP server binding and message counters. For the meaning of each Mode abbreviation, see Mode Types on page 87. DHCPv6 Command Description Mode clear ipv6 dhcp Clears DHCPv6 statistics for all interfaces or for a specific interface.
Page 131 DHCPv6 Snooping Command Description Mode clear ipv6 dhcp snooping Clears all IPv6 DHCP snooping entries. UE or binding clear ipv6 dhcp snooping Clears all IPv6 DHCP snooping statistics. UE or statistics ipv6 dhcp snooping Globally enables IPv6 DHCP snooping. ipv6 dhcp snooping vlan Enables IPv6 DHCP snooping on a set of VLANs.
Page 132 Command Description Mode show ipv6 dhcp snooping Displays IPv6 DHCP snooping configurations UE or database related to database persistency. show ipv6 dhcp snooping Displays IPv6 DHCP snooping filtration UE or statistics statistics. show ipv6 source binding Displays the IPv6 source guard configurations UE or on all ports, an individual port, or on a VLAN.
Page 133 GMRP Command Description Mode gmrp enable Enables GMRP globally or on a port. GC or show gmrp configuration Displays GMRP configuration. GC or For the meaning of each Mode abbreviation, see Mode Types on page 87. IGMP Command Description Mode ip igmp last-member-query- Sets the number of Group-Specific Queries count...
Page 134: Igmp Proxy
Command Description Mode show ip igmp groups Displays the registered multicast groups on the interface. show ip igmp interface Displays the IGMP information for the specified interface. show ip igmp membership Displays the list of interfaces that have registered in the multicast group. show ip igmp interface stats Displays the IGMP statistical information for the interface.
Page 135 Command Description Mode bootpdhcprelay Configures the minimum wait time in seconds minwaittime for BootP/DHCP Relay on the system. clear ip helper statistics Resets (to 0) the statistics displayed in show ip helper statistics. ip dhcp relay information Enables DHCP Relay to check that the relay check agent information option in forwarded BOOTREPLY messages is valid.
Page 136 IP Routing Command Description Mode encapsulation Configures the link layer encapsulation type for the packet. ip address Configures an IP address on an interface. nables the forwarding of network-directed ip netdirbcast broadcasts. ip policy route-map Applies a route map on an interface. ip route Configures a static route.
Page 137: Ipv6 Routing
Command Description Mode show ip interface Displays all pertinent information about the IP interface. show ip policy Displays the route maps used for policy based routing on the router interfaces. show ip protocols Displays the parameters and current state of the active routing protocols.
Page 138 Command Description Mode ipv6 enable Enables IPv6 routing on an interface (including tunnel and loopback interfaces) that has not been configured with an explicit IPv6 address. ipv6 hop-limit Configures the hop limit used in IPv6 PDUs originated by the router. ipv6 host Defines static host name-to- ipv6 address mapping in the host cache.
Page 139 Command Description Mode ipv6 nd other-config-flag Sets the other stateful configuration flag in router advertisements sent from the interface. ipv6 nd prefix Sets the IPv6 prefixes to include in the router advertisement. ipv6 nd ra-interval Sets the transmission interval between router advertisements.
Page 140: Loopback Interface
Command Description Mode show ipv6 mld groups Displays information about multicast groups that MLD reported. show ipv6 mld interface Displays MLD related information for an interface. show ipv6 mld host-proxy Displays a summary of the host interface status parameters. show ipv6 mld host-proxy Displays information about multicast groups groups that the MLD Proxy reported.
Page 141 Command Description Mode show interfaces loopback Displays information about configured loopback interfaces. For the meaning of each Mode abbreviation, see Mode Types on page 87. Multicast Command Description Mode ip mcast boundary Adds an administrative scope multicast boundary. ip mroute Creates a static multicast route for a source range.
Page 142 Command Description Mode ip pim rp-candidate Configures the router to advertise itself to the bootstrap router (BSR) as a PIM candidate rendezvous point (RP) for a specific multicast group range. ip pim sparse-mode Administratively configures PIM sparse mode for IP multicast routing. ip pim ssm Administratively configures PIM Source Specific Multicast (SSM) range of addresses for...
Page 143: Ipv6 Multicast
Command Description Mode show ip pim rp mapping Displays the mappings for the PIM group to the UE or active rendezvous points (RPs). For the meaning of each Mode abbreviation, see Mode Types on page 87. IPv6 Multicast Command Description Mode ipv6 pim (VLAN Interface Administratively enables PIM-SM multicast...
Page 144 Command Description Mode show ipv6 pim Displays global status of IPv6 PIMSM and its PE or IPv6 routing interfaces. show ipv6 pim bsr-router Display the bootstrap router (BSR) information. PE, or show ipv6 pim interface Displays interface config parameters. PE or show ipv6 pim neighbor Displays IPv6 PIMSM neighbors learned on the PE or...
Page 145 Command Description Mode area range (Router OSPF) Creates a specified area range for a specified ROSPF NSSA. area stub Creates a stub area for the specified area ID. ROSPF area stub no-summary Prevents Summary LSAs from being advertised ROSPF into the NSSA. area virtual-link Creates the OSPF virtual interface for the ROSPF...
Page 146 Command Description Mode distance ospf Sets the route preference value of OSPF in the ROSPF router. distribute-list out Specifies the access list to filter routes received ROSPF from the source protocol. enable Resets the default administrative mode of OSPF ROSPF in the router (active).
Page 147 Command Description Mode nsf helper strict-lsa- Set an OSPF helpful neighbor exit helper mode ROSPF checking whenever a topology change occurs. nsf restart-interval Configures the length of the grace period on the ROSPF restarting router. network area Enables OSPFv2 on an interface and sets its area ROSPF ID if the IP address of an interface is covered by this network command.
Page 148 Command Description Mode show ip ospf interface Displays brief information for the IFO object or brief virtual interface tables. show ip ospf interface Displays the statistics for a specific interface. stats show ip ospf neighbor Displays information about OSPF neighbors. show ip ospf range Displays information about the area ranges for the specified area-id.
Page 149 Command Description Mode area nssa no-redistribute Configures the NSSA ABR so that learned ROSV3 external routes will not be redistributed to the NSSA. area nssa no-summary Configures the NSSA so that summary LSAs are ROSV3 not advertised into the NSSA. area nssa translator-role Configures the translator role of the NSSA.
Page 150 Command Description Mode enable Resets the default administrative mode of OSPF ROSV3 in the router (active). exit-overflow-interval Configures the exit overflow interval for OSPF. ROSV3 external-lsdb-limit Configures the external LSDB limit for OSPF. ROSV3 ipv6 ospf Enables OSPF on a router interface or loopback interface.
Page 151 Command Description Mode nsf restart-interval Configures the length of the grace period on the ROSV3 restarting router. passive-interface Sets the interface or tunnel as passive. passive-interface default Enables the global passive mode by default for all ROSV3 interfaces. redistribute Configures the OSPFv3 protocol to allow ROSV3 redistribution of routes from the specified source protocol/routers.
Page 152 Command Description Mode show ipv6 ospf neighbor Displays information about OSPF neighbors. show ipv6 ospf range Displays information about the area ranges for the specified area identifier. show ipv6 ospf stub table Displays the OSPF stub table. show ipv6 ospf virtual- Displays the OSPF Virtual Interface information links for a specific area and neighbor.
Page 153: Routing Information Protocol
Routing Information Protocol Command Description Mode auto-summary Enables the RIP auto-summarization mode. default-information Controls the advertisement of default routes. originate (Router RIP Configuration) default-metric Sets a default for the metric of distributed routes. distance rip Sets the route preference value of RIP in the router.
Page 154 For the meaning of each Mode abbreviation, see Mode Types on page 87. Tunnel Interface Command Description Mode interface tunnel Enables the interface configuration mode for a tunnel. show interfaces tunnel Displays the parameters related to tunnel such as tunnel mode, tunnel source address and tunnel destination address.
Page 155 Command Description Mode vrrp mode Enables the virtual router configured on an interface. Enabling the status field starts a virtual router. vrrp preempt Sets the preemption mode value for the virtual router configured on a specified interface. vrrp priority Sets the priority value for the virtual router configured on a specified interface.
Page 156: Utility Commands
Utility Commands Auto-Install Command Description Mode boot auto-copy-sw Enables or disables Stack Firmware Synchronization. boot auto-copy-sw allow- Enables downgrading the firmware version on downgrade the stack member if the firmware version on the manager is older than the firmware version on the member.
Page 157 Command Description Mode https port Configures an additional HTTPS port for captive portal to monitor. show captive-portal Displays the status of captive portal. show captive-portal status Reports the status of all captive portal instances in the system. block Blocks all traffic for a captive portal configuration.
Page 158 Command Description Mode show captive-portal Displays the clients authenticated to all captive configuration client status portal configurations or a to specific configuration. show captive-portal Displays information about clients interface client status authenticated on all interfaces or a specific interface. show captive-portal Displays the clients authenticated to all captive interface configuration portal configurations or a to specific...
Page 159 Command Description Mode user group Creates a user group. user group moveusers Moves a group's users to a different group. user group name Configures a group name. For the meaning of each Mode abbreviation, see Mode Types on page 87. CLI Macro Command Description...
Page 160: Configuration And Image Files
Command Description Mode sntp server Configures the SNTP server to use SNTP to request and accept NTP traffic from it. sntp trusted-key Authenticates the identity of a system to which Simple Network Time Protocol (SNTP) will synchronize. sntp unicast client enable Enables clients to use Simple Network Time Protocol (SNTP) predefined Unicast clients.
Page 161: Denial Of Service
Command Description Mode delete Deletes a file from a flash memory. delete backup-image Deletes a file from a flash memory device. delete backup-config Deletes the backup configuration file. delete startup-config Deletes the startup configuration file. Prints the contents of the flash file system. erase Erases the startup configuration, the backup configuration, or the backup image.
Page 162 Command Description Mode dos-control tcpfrag Enables TCP Fragment Denial of Service protection. ip icmp echo-reply Enables or disables the generation of ICMP Echo Reply messages. ip icmp error-interval Limits the rate at which IPv4 ICMP error messages are sent. ip unreachables Enables the generation of ICMP Destination Unreachable messages.
Page 163: Management Acl
Management ACL Command Description Mode deny (management) Defines a deny rule. management access-class Defines which management access-list is used. GC management access-list Defines a management access-list, and enters the access-list for configuration. permit (management) Defines a permit rule. show management access- Displays the active management access-list.
Page 164 Command Description Mode passwords strength Enforces a minimum number of lowercase minimum lowercase-letters letters that a password must contain. passwords strength Enforces a minimum number of numeric minimum numeric- numbers that a password should contain. characters passwords strength Enforces a minimum number of special minimum special-characters characters that a password may contain.
Page 165 Command Description Mode test copper-port tdr Diagnoses with TDR (Time Domain Reflectometry) technology the quality and characteristics of a copper cable attached to a port. For the meaning of each Mode abbreviation, see Mode Types on page 87. Power Over Ethernet (PoE) Command Description Mode...
Page 166: Sdm Templates
RMON Command Description Mode rmon alarm Configures alarm conditions. rmon collection history Enables a Remote Monitoring (RMON) MIB history statistics group on an interface. rmon event Configures an RMON event. rmon hcalarm Configures high capacity alarms. show rmon alarm Displays alarm configurations. show rmon alarms Displays the alarms summary table.
Page 167 Serviceability Tracing Command Description Mode debug arp Enables tracing of ARP packets. debug auto-voip Enables Auto VOIP debug messages. debug clear Disables all debug traces. debug console Enables the display of debug trace output on the login session in which it is executed. Enable the tracing of CFM components debug dot1ag for events and CFM PDUs based on the...
Page 168 Command Description Mode debug ipv6 pimdm Traces PIMDMv6 packet reception and transmission. debug ipv6 pimsm Traces PIMSMv6 packet reception and transmission. debug isdp Traces ISDP packet reception and transmission. PE debug lacp Traces of LACP packets received and transmitted by the switch. debug mldsnooping Traces MLD snooping packet reception and transmission.
Page 169 sFlow Command Description Mode sflow destination Configures sFlow collector parameters (owner string, receiver timeout, ip address, and port). sflow polling Enables a new sflow poller instance for the data source if rcvr_idx is valid. sflow polling (Interface Enable a new sflow poller instance for this data Mode) source if rcvr_idx is valid.
Page 170 Command Description Mode snmp-server community Sets up the community access string to permit access to SNMP protocol. snmp-server community- Maps SNMP v1 and v2 security models to the group group name. snmp-server contact Sets up a system contact (sysContact) string. snmp-server enable traps Enables SNMP traps globally or enables specific SNMP traps.
Page 171 Command Description Mode Deletes the RSA or DSA keys from the crypto key zeroize {rsa|dsa} switch. ip ssh port Specifies the port to be used by the SSH server. GC ip ssh pubkey-auth Enables public key authentication for incoming SSH sessions. ip ssh server Enables the switch to be configured from a SSH server connection.
Page 172: System Management
Command Description Mode logging console Limits messages logged to the console based on severity. logging facility Configures the facility to be used in log messages. logging file Limits syslog messages sent to the logging file based on severity. logging on Controls error messages logging.
Page 173 Command Description Mode clear checkpoint Clears the statistics for the checkpointing statistics process. Clears the statistics for all stack-ports. clear counters stack- ports connect Connects to the serial console of a different stack member. cut-through mode Enables the cut-through mode on the switch. exec-banner Enables exec banner on the console, telnet or SSH connection.
Page 174 Command Description Mode slot Configures a slot in the system. show banner Displays banner information. show checkpoint Displays the statistics for the checkpointing statistics process. show cut-through mode Show the cut-through mode on the switch. show idprom interface Displays the optics EEPRM contents in a user- UE or PE interface-id readable format.
Page 175: Telnet Server
Command Description Mode show system id Displays the service ID information. show system power Displays information about the system level UE or PE power consumption. show system Displays information about the system UE or PE temperature temperature and fan status. show tech-support Displays system and configuration information (for debugging/calls to technical support).
Page 176: Terminal Length
Command Description Mode show ip telnet Displays the status of the Telnet server and the Telnet TCP port number. For the meaning of each Mode abbreviation, see Mode Types on page 87. Terminal Length Command Description Mode terminal length Sets the terminal length. For the meaning of each Mode abbreviation, see Mode Types on page 87.
Page 177: User Interface
User Interface Command Description Mode enable Enters the privileged EXEC mode. Gets the CLI user control back to the privileged execution mode or user execution mode. exit Exits any configuration mode to the previously (All) highest mode in the CLI mode hierarchy. exit (EXEC) Closes an active terminal session by logging off the switch.
Page 178 Command Description Mode key-generate Specifies the key-generate. location Specifies the location or city name. organization-unit Specifies the organization-unit or department name. show crypto certificate Displays the SSL certificates of your switch. mycertificate show ip http server status Displays the HTTP server status information. show ip http server secure Displays the HTTP secure server status UE or...
Page 179: Using The Cli
Using the CLI Dell Networking N2000/N3000/N4000 Series Switches Introduction This chapter describes the basics of entering and editing the Dell Networking N2000/N3000/N4000 Series Command Line Interface (CLI) commands and defines the command hierarchy. It also explains how to activate the CLI and implement its major functions.
Page 180 Two instances where the help information can be displayed are: Keyword lookup — The key is entered in place of a command. A list • of all valid commands and corresponding help messages is displayed. • Partial keyword lookup — A command is incomplete and the key is entered in place of a parameter.
Page 181 Table 2-1. History Buffer Keyword Source or Destination Up-arrow key Recalls commands in the history buffer, beginning with the most recent command. Repeats the key sequence to recall +
successively older commands. Down-arrow key Returns to more recent commands in the history buffer after recalling commands with the up-arrow key.
Page 182 console(config-if-Gi1/0/1)#show interface status Port Name Duplex Speed Neg Link Flow Control State Status --------- ------------------------- ------ ------- ---- ------ ------------ Gi1/0/1 Unknown Auto Down Inactive Gi1/0/2 Unknown Auto Down Inactive Gi1/0/3 Unknown Auto Down Inactive Gi1/0/4 Unknown Auto Down Inactive Gi1/0/5 Unknown Auto Down Inactive Gi1/0/6...
Page 183 Table 2-2. CLI Shortcuts Keyboard Key Description Delete previous character + Go to beginning of line + Go to end of line + Go forward one character + Go backward one character + Delete current character + Delete to beginning of line +...

Page 184 Operating on Multiple Objects (Range) The CLI allows the user to operate on the set of objects at the same time. The guidelines are as follows for range operation: • Operations on objects with four or more instances support the range operation, unless noted otherwise in the specific command documentation.

Page 185 • Some parameters must be configured individually for each port or interface. Command Scripting The CLI can be used as a programmable management interface. To facilitate this function, any characters entered after the character are treated as a comment and ignored by the CLI. Also, the CLI allows the user to disable session timeouts.

Page 186 Table 2-3. CLI Command Notation Conventions Convention Description In a command line, square brackets indicate an optional entry. In a command line inclusive brackets indicate a selection of compulsory parameters separated by the character. One option must be selected. For example: flowcontrol auto means that for the flowcontrol command either auto, on or off must be selected.

Page 187 • Port # — The port number is an integer number assigned to the physical port on the switch and corresponds to the lexan printed next to the port on the front or back panel. Ports are numbered from 1 to the maximum number of ports available on the switch, typically 24 or 48.

Page 188 Port Channel Interfaces Port-channel (or LAG) interfaces are represented in the CLI by the variable port-channel-number ., which can assume values from 1-128 on most Dell Networking switches. When listed in command line output, port channel interfaces are preceded by...

Page 189 2/0 Slot......2/0 Slot Status....... Empty Admin State....... Enable Power State....... Enable Configured Card: Model Identifier....Dell Networking N3024F Card Description....Dell 24 Port 10G Fiber Pluggable......No Example #3 console(config-if-Gi1/0/23)#show slot Admin Power Configured Card Slot Status...

Page 190: Cli Command Modes
CLI Command Modes Since the set of CLI commands is very large, the CLI is structured as a command-tree hierarchy, where related command sets are assigned to command modes for easier access. At each level, only the commands related to that level are available to the user and only those commands are shown in the context sensitive help for that level.

Page 191 The Privileged EXEC mode provides access to commands that can not be executed in the User EXEC mode and permits access to the switch Configuration mode. The Global Configuration mode manages switch configuration on a global level. For specific interface configurations, command modes exist at a sublevel.

Page 192 console(config)# The following are the Global Configuration modes: • SNMP v3 Host Configuration — Configures the parameters for the SNMP v3 server host. SNMP Community Configuration — Configures the parameters for the • SNMP server community. Preconfiguration Nearly all switch features support a preconfiguration capability, even when the feature is not enabled or the required hardware is not present.

Page 193 Router OSPFv3 Configuration — Global configuration mode command • ipv6 router ospf is used to enter into the Router OSPFv3 Configuration mode. IPv6 DHCP Pool Mode — Global configuration mode command ipv6 • dhcp pool is used to enter into the IPv6 DHCP Pool mode. •...

Page 194 SSH Public Key-chain — Contains commands to manually specify other • switch SSH public keys. The Global Configuration mode command crypto key pub-key chain ssh is used to enter the SSH Public Key-chain configuration mode. • SSH Public Key-string — Contains commands to manually specify the SSH Public-key of a remote SSH Client.

Page 195 For example, if the current configuration mode is config-if and the object being operated on is gigabit ethernet 1 on unit 1, the prompt displays the object type and unit (for example, 1/0/1). [# | >] — The # sign is used to indicate that the system is in the Privileged EXEC mode.

Page 196 (continued) Table 2-5. Navigating CLI Command Modes Command Mode Access Method Command Prompt Exit or Access Previous Mode Line Interface From Global To exit to Global console(config-line)# Configuration Configuration mode, use the line mode, use the command. exit command, or press +...

Page 197 (continued) Table 2-5. Navigating CLI Command Modes Command Mode Access Method Command Prompt Exit or Access Previous Mode MAC Access List From Global To exit to Global console(config-mac-access- list)# Configuration Configuration mode, use the mac mode, use the access-list exit command, command.

Page 198 (continued) Table 2-5. Navigating CLI Command Modes Command Mode Access Method Command Prompt Exit or Access Previous Mode Radius From Global To exit to Global console(Config-auth- radius)# Configuration Configuration mode, use the mode, use the radius-server host exit command, command. or press +...

Page 199 (continued) Table 2-5. Navigating CLI Command Modes Command Mode Access Method Command Prompt Exit or Access Previous Mode Crypto From Global To exit to Global console(config-crypto-cert)# Certificate Configuration Configuration Generation mode, use the mode, use the crypto certificate exit command, number generate or press...

Page 200 (continued) Table 2-5. Navigating CLI Command Modes Command Mode Access Method Command Prompt Exit or Access Previous Mode From Global To exit to Global console(config-mst)# Configuration Configuration mode, use the mode, use the spanning-tree mst exit command, configuration or press command.

Page 201 (continued) Table 2-5. Navigating CLI Command Modes Command Mode Access Method Command Prompt Exit or Access Previous Mode Router OSPFv3 From Global To exit to Global console(config-rtr)# Config Configuration Configuration mode, use the ipv6 mode, use the router ospf exit command, command.

Page 202 (continued) Table 2-5. Navigating CLI Command Modes Command Mode Access Method Command Prompt Exit or Access Previous Mode 40 Gigabit From Global To exit to Global console (config-if- unit/slot/port Ethernet Configuration Configuration mode, use the mode, use the interface exit command, fortygigabitetherne or press t command.

Page 203: Starting The Cli
(continued) Table 2-5. Navigating CLI Command Modes Command Mode Access Method Command Prompt Exit or Access Previous Mode Loopback From Global To exit to Global console(config- loopback-id loopback configuration mode, Configuration use the interface mode, use the loopback exit command, command.

Page 204: Configuration Management
Configuration Management All managed systems have software images and databases that must be configured, backed up and restored. Two software images may be stored on the system, but only one of them is active. The other one is a backup image. The same is true for configuration files, which store the configuration parameters for the switch.

Page 205 Refer to the copy command description on page 1460 in the Layer 2 commands section of the guide for command details. Referencing External/Internal File systems Configuration or software images are copied to or retrieved from remote file systems using the TFTP protocol. •...

Page 206 Management Interface Security This section describes the minimum set of management interface security measures implemented by the CLI. Management interface security consists of user account management, user access control and remote network/host access controls. CLI through Telnet, SSH, Serial Interfaces The CLI is accessible through a local serial interface/console port, the out-of- band interface, or in-band interfaces.

Page 207 When Radius is used, the field returns the access level for the user. Two vendor specific options are supported. These are CISCO-AV-Pairs(Shell:priv-lvl=x) and Dell Radius VSA (user-group=x). TACACS+ provides the appropriate level of access. The following rules and specifications apply: •...

Page 208 • If authentication servers are used, the user can identify at least two remote servers (the user may choose to configure only one server) and what protocol to use with the server, TACACS+ or Radius. One of the servers is primary and the other is the secondary server (the user is not required to specify a secondary server).

Page 209 The security log record contains the following information: • The user name, if available, or the protocol being accessed if the event is related to a remote management system. • The IP address from which the user is connecting or the IP address of the remote management system.

Page 210 the user to press either or any other key. If the user presses any key except , the CLI shows the next page. A key stops the display and returns to the CLI prompt. Boot Message The boot message is a system message that is not user-configurable and is displayed when the system is booting.

Page 211: Boot Utility Menu
Boot Utility Menu If a user is connected through the serial interface during the boot sequence, the operator is presented with the option to enter the Boot Utility Menu during the boot sequence. Selecting item 2 displays the menu and may be typed only during the initial boot up sequence.

Page 212 Bringing up eth0 interface...done. Adding default gateway 10.27.20.1 to the Routing Table...done. Bringing down eth0 interface...done. Erasing /dev/mtd6!!! Erasing 128 Kibyte @ 17e0000 -- 99 % complete. Updating code file... Code Update Instructions Found! Critical components modified on Back-Up Partition -- Please activate Back-Up Image to load the same on Reboot Do you wish to activate Back-Up Image? (Y/N): Cleaning tmpfs filesystem on /mnt/download...done.

Page 213 Applying Global configuration, please wait ... usbMount took 0 milliseconds Welcome to Dell Easy Setup Wizard The setup wizard guides you through the initial switch configuration, and gets you up and running as quickly as possible. You can skip the setup wizard, and enter CLI mode to manually configure the switch.

Page 214 Thank you for using the Dell Easy Setup Wizard. You will now enter CLI mode. usbMount took 1 milliseconds Applying Interface configuration, please wait ... Monitoring Traps from CLI It is possible to connect to the CLI session and monitor the events or faults that are being sent as traps from the system.

Page 215: Layer 2 Switching Commands
Layer 2 Switching Commands The chapters that follow describe commands that conform to the OSI model data link layer (Layer 2). Layer 2 commands provide a logical organization for transmitting data bits on a particular medium. This layer defines the framing, addressing, and checksum functions for Ethernet packets.

Page 216 Layer 2 Switching Commands...

Page 217: Aaa Commands
AAA Commands Dell Networking N2000/N3000/N4000 Series Switches Management access to the switch is via telnet, HTTP, SSH, or the serial console (SNMP access is discussed in SNMP Commands). To ensure that only authorized users can access and change the configuration of the switch, users must be authenticated.

Page 218: Tacacs+ Accounting
support the concept of time-out, subsequent entries in the list are never attempted. For example, the local authentication method implementation does not supply a time-out value. If a list contains the local method, followed by the RADIUS authentication method, the RADIUS method is not attempted.

Page 219: Commands In This Chapter
Accounting Method Lists An Accounting Method List (AML) is an ordered list of accounting methods that can be applied to the accounting types (exec or commands). Accounting Method Lists are identified by the default keyword or by a user-defined name. TACACS+ and RADIUS are supported as accounting methods.

Page 220: Aaa Authentication Dot1X Default
aaa authorization ip http authentication show authentication methods aaa authorization network ip https authentication show users accounts default radius aaa ias-user username login authentication show users login-history aaa new-model password (aaa IAS User username Configuration) aaa authentication dot1x default Use the aaa authentication dot1x default command in Global Configuration mode to specify an authentication method for 802.1x clients.

Page 221: Aaa Authentication Enable
Example The following example configures 802.1x authentication to use no authentication. Absent any other configuration, this command allows all 802.1x users to pass traffic through the switch. console(config)# aaa authentication dot1x default none The following example configures 802.1x authentication to use a RADIUS server.

Page 222: Default Configuration
Default Configuration The default enable list is enableList. It is used by console, telnet, and SSH none and only contains the method Command Mode Global Configuration mode User Guidelines The default and optional list names created with the aaa authentication enable command are used with the enable authentication command.

Page 223: Aaa Authentication Login
aaa authentication login Use the aaa authentication login command in Global Configuration mode to set the authentication method required for user at login. To return to the default configuration, use the no form of this command. Syntax list-name method1 method2... aaa authentication login {default | list-name no aaa authentication login {default |...

Page 224: Aaa Authorization
User Guidelines The default and optional list names created with the aaa authentication login command are used with the login authentication command. Create a list-name method list by entering the aaa authentication login command for list-name a particular protocol, where is any character string used to name method this list.

Page 225 exec— • Provides EXEC authorization. All methods are supported. commands— • Performs authorization of user commands. Only none and TACACs methods are supported. • network— Performs RADIUS authorization. Only the default list is supported. default — • . The list The default list of methods for authorization services dfltCmdAuthList is the default list for command authorization and the list dfltExecAuthList is the default list for EXEC authorization.

Page 226 User Guidelines A maximum of five authorization method lists may be created for command types. Command authorization attempts authorization for all EXEC mode commands associated with a privilege level, including global configuration commands. EXEC authorization attempts authorization when a user attempts to enter Privileged EXEC mode.

Page 227: Aaa Authorization Network Default Radius
console(config)#aaa authorization exec "qwerty" radius aaa authorization network default radius Use the aaa authorization network default radius command in Global Configuration mode to enable the switch to accept VLAN assignment by the RADIUS server. Syntax aaa authorization network default radius no aaa authorization network default radius Default Configuration By default, the switch does not accept VLAN assignments by the RADIUS...

Page 228: Aaa New-Model
The aaa new-model command in Global Configuration mode is a no-op command. It is present only for compatibility purposes. Dell Networking switches only support the new model command set. Syntax aaa new-model Default Configuration This command has no default configuration.

Page 229: Clear (Ias)
Example The following example configures the switch to use the new model command set. (config)# aaa new-model clear (IAS) Use the clear aaa ias-users command in Privileged EXEC mode to delete all IAS users. Syntax clear aaa ias-users Default Configuration This command has no default configuration.

Page 230: Enable Authentication
commands— • Perform authorization for each command entered by the user. exec— • Perform EXEC authorization for the user (authorization required to enter privileged EXEC mode). • default— The default list of methods for command authorization (cmdAuthList). • list_name — Character string used to name the list of authorization methods.

Page 231: Enable Password
Syntax list-name enable authentication {default | no enable authentication • default — Uses the default list created with the aaa authentication enable command. list-name — Uses the indicated list created with the aaa authentication • enable command. (Range: 1-12 characters) Default Configuration Uses the default set with the command aaa authentication enable.

Page 232: Ip Http Authentication
password — Password for this level (Range: 8- 64 characters). The special • characters allowed in the password include ! # $ % & ‘ ( ) * + , - . / : ; < = > @ [ \ ] ^ _ ` { | } ~. User names can contain blanks if the name is surrounded by double quotes.

Page 233: Ip Https Authentication
Syntax method1 method2 ip http authentication ...] no ip http authentication method1 [ method2 ...] — Specify at least one from the following table: • Keyword Source or destination local Uses the local username database for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication.

Page 234 Syntax method1 method2 ip https authentication ...] no ip https authentication method1 [ method2 ...] — Specify at least one from the following table: • Keyword Source or destination local Uses the local username database for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication.

Page 235: Login Authentication
login authentication Use the login authentication command in Line Configuration mode to specify the login authentication method list for a line (console, telnet, or SSH). To return to the default specified by the authentication login command, use the no form of this command. Syntax list-name login authentication {default |...

Page 236: Password (Aaa Ias User Configuration)
password (aaa IAS User Configuration) Use the password command in aaa IAS User Configuration mode to configure a password for a user. The password is composed of up to 64 alphanumeric characters. An optional parameter [encrypted] is provided to indicate that the password given to the command is already pre-encrypted.

Page 237: Password (Line Configuration)
password (Line Configuration) Use the password command in Line Configuration mode to specify a password on a line. To remove the password, use the no form of this command. NOTE: For commands that configure password properties, see Password Management Commands on page 1503.

Page 238: Show Aaa Ias-Users
password (User EXEC) Use the password command in User EXEC mode to allow a currently logged in user to change the password for only that user without having read/write privileges. This command should be used after the password has aged. The user is prompted to enter the old password and the new password.

Page 239: Show Aaa Statistics
Syntax show aaa ias-users Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show aaa ias-users UserName ------------------- Client-1 Client-2 show aaa statistics Use the show aaa statistics command in Privileged EXEC mode to display accounting statistics.

Page 240: Show Authentication Methods
Examples console#show aaa statistics Number of Accounting Notifications sent at beginning of an EXEC session: 0 Errors when sending Accounting Notifications beginning of an EXEC session: 0 Number of Accounting Notifications sent at end of an EXEC session: 0 Errors when sending Accounting Notifications at end of an EXEC session: 0 Number of Accounting Notifications sent at beginning of a command execution: Errors when sending Accounting Notifications at beginning of a command execution: 0...

Page 241: Show Authorization Methods
Enable Authentication Method Lists ---------------------------------- enableList : enable none enableNetList : enable Line Login Method List Enable Method List ------- ----------------- ------------------ Console defaultList enableList Telnet networkList enableNetList networkList enableNetList HTTPS :local HTTP :local DOT1X show authorization methods Use the show authorization methods command in Privileged EXEC mode to display the configured authorization method lists.

Page 242: Show Users Accounts
---------------------------- ------------------------------ dfltCmdAuthList none Line Exec Method Lists Command Method Lists --------- --------------------- --------------------- Console dfltExecAuthList dfltCmdAuthList Telnet dfltExecAuthList dfltCmdAuthList dfltExecAuthList dfltCmdAuthList Network Authorization Methods ---------------------- ------- Dot1x radius show users accounts Use the show users accounts command in Privileged EXEC mode to display the local user status with respect to user account lockout and password aging.

Page 243: Show Users Login-History
Parameter Description Lockout Displays the user’s lockout status (True or False). Example The following example displays information about the local user database. console#show users accounts UserName Privilege Password Password Lockout Aging Expiry date ----------- --------- --------- ----------- ------- admin False guest False brcm1...

Page 244 Example The following example show user login history outputs. console#show users login-history Login Time Username Protocol Location -------------------- --------- --------- ----------- Jan 19 2005 08:23:48 Serial Jan 19 2005 08:29:29 Robert HTTP 172.16.0.8 Jan 19 2005 08:42:31 John 172.16.0.1 Jan 19 2005 08:49:52 Betty Telnet 172.16.1.7...

Page 245 Encrypted password entered, copied from another switch • encrypted— configuration. Password strength checking is not applied to the encrypted string. Default Configuration The default privilege level is 1. Command Mode Global Configuration mode User Guidelines To use the ! character as part of the username or password string, it should be enclosed within quotation marks.

Page 246: Username Unlock
Message Type Message Description Reason behind the failure Exceeds Minimum Length of a Password. Password should be in the range of 8-64 characters in length. Set minimum password length to 0 by using the passwords min-length 0 command. Password should contain Minimum ...

Page 247 Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. AAA Commands...

Page 248 AAA Commands...

Page 249: Administrative Profiles Commands
This capability is similar to the industry standard “User Roles” feature. The main difference is that the Administrative Profile is obtained via authentication rather than via authorization. This was necessary because Dell Networking does not support AAA authorization of users.

Page 250 If the successful authentication method does not provide an Administrative Profile for a user, then the user is permitted access based upon the user’s privilege level (as in previous releases). This means that if a user successfully passes enable authentication, the user is permitted access to all commands. This is also true if none of the Administrative Profiles provided are configured on the switch.

Page 251: Description (Administrative Profile Configuration)
admin-profile Use the admin-profile command in Global Configuration mode to create an administrative profile. The system-defined administrative profiles cannot be deleted. When creating a profile, the user is placed into Administrative Profile Configuration mode. Use the no form of the command to delete an administrative profile and all its rules.

Page 252 no description text —A description of, or comment about, the administrative profile. To • include white space, enclose the description in quotes. Range: 1 to 128 printable characters. Default Configuration This command has no default configuration. Command Mode Administrative Profile Configuration mode User Guidelines The description string is required to be enclosed in quotes if it contains embedded white space.

Page 253: Show Admin-Profiles
mode-name— The name of the CLI mode to which the profile will permit • or deny access. Default Configuration This command has no default configuration. Command Mode Administrative Profile Configuration mode User Guidelines This command has no user guidelines. Example console(admin-profile)#rule 1 permit command “access-list *”...

Page 254: Show Admin-Profiles Brief
• Profile: network-security • Profile: router-admin • Profile: multicast-admin • Profile: dhcp-admin • Profile: CP-admin • Profile: network-operator. Example console#show admin-profiles name qos Profile: qos Description: This profile allows access to QoS commands. ----------------------------------------------------------- Rule Perm Type Entity ----------------------------------------------------------- 1 permit command access-list * 2 permit...

Page 255: Show Cli Modes
Example console#show admin-profiles brief Profile: network-admin Profile: network-security Profile: router-admin Profile: multicast-admin Profile: dhcp-admin Profile: CP-admin Profile: network-operator show cli modes Use the show cli modes command in Privileged EXEC mode to list the names of all the CLI modes. Syntax show cli modes Default Configuration...

Page 256 Administrative Profiles Commands...

Page 257: Acl Commands
The Dell Networking ACL feature allows classification of packets based upon Layer 2 through Layer 4 header information. An Ethernet IPv6 packet is distinguished from an IPv4 packet by its unique Ethertype value; thus, all IPv4 and IPv6 classifiers include the Ethertype field.

Page 258 SNMP trap. The Dell Networking ACL permit/deny rule specification supports a log parameter that enables hardware hit count collection and reporting.

Page 259 Table 6-1. Common Ethertypes EtherType Protocol 0x0800 Internet Protocol version 4 (IPv4) 0x0806 Address Resolution Protocol (ARP) 0x0842 Wake-on LAN Packet 0x8035 Reverse Address Resolution Protocol (RARP) 0x8100 VLAN tagged frame (IEEE 802.1Q) 0x86DD Internet Protocol version 6 (IPv6) 0x8808 MAC Control 0x8809 Slow Protocols (IEEE 802.3)

Page 260: Ip Access-List
Commands in this Chapter This chapter explains the following commands: ip access-list mac access-list extended deny | permit (IP ACL) mac access-list extended rename deny | permit (Mac-Access-List- service-acl input Configuration) ip access-group show service-acl interface mac access-group show ip access-lists –...

Page 261 ACL names are global. An IPv6 access list cannot have the same name as an IPv4 access list. Access list names can consist of any printable character. Names can be up to 31 characters in length. deny permit (IP ACL) Use this command in Ipv4-Access-List Configuration mode to create a new rule for the current IP access list.

Page 262 portkey , which can be one of the following keywords: domain, echo, ftp, ftp-data, http, smtp, snmp, telnet, tftp, and www. Each of these keywords translates into its equivalent destination port number. – When “range” is specified, IP ACL rule matches only if the layer 4 startport and port number falls within the specified portrange.

Page 263 • flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack] [+urg Specifies that the IP/TCP/UDP ACL rule matches on | -urg] [established]— the TCP flags. Ack – Acknowledgement bit – Fin – Finished bit –...

Page 264 • Specifies the rule matches packets that are non-initial fragments— fragments (fragment bit asserted). Not valid for rules that match L4 information such as TCP port number since that information is carried in the initial packet. This keyword is visible only if the protocol is IP, TCP, or UDP. •...

Page 265 subnets. In general, any rule that specifies matching on an upper layer protocol field should also include matching constraints for lower layer protocol fields. For example, a rule to match packets directed to the well- known UDP port number 22 (SSH) should also include constraints on the IP protocol field (UDP).

Page 266 The rate-limit command is not supported for ACLs configured in egress (out) IPv4 access-groups. Any – is equivalent to 0.0.0.0 255.255.255.255 for IPv4 access lists Host – indicates specified address with mask equal to 255.255.255.255 and address 0.0.0.0 for IPv4. The command accepts the optional time-range parameter.

Page 267 then the ACL rule is applied when the time-range with a specified name becomes active. The ACL rule is removed when the time-range with a specified name becomes inactive. Syntax srcmac srcmacmask dstmac {deny | permit} {{any | } {any | bpdu | ethertypekey 0x0600-0xFFFF 0-4095...

Page 268: Ip Access-Group
• interface — unit/slot/port Valid physical interface in format, for example 1/0/12. Default Configuration This command has no default configuration. Command Mode Mac-Access-List Configuration mode User Guidelines The no form of this command is not supported, as the rules within an ACL cannot be deleted individually.

Page 269 in — The access list is applied to ingress packets. • out—The access list is applied to egress packets. • • control-plane—The access list is applied to egress control plane packets only. This is only available in Global Configuration mode. seqnum —...

Page 270: Mac Access-Group
mac access-group Use the mac access-group command in Global Configuration or Interface Configuration mode to attach a specific MAC Access Control List (ACL) to an interface. Syntax name sequence mac access-group [in | out | control-plane] [ name no mac access-group •...

Page 271: Mac Access-List Extended
This command specified in Interface Configuration mode only affects a single interface. Example This example rate limits multicast traffic ingressing the internal CPU port to 8 kbps and a maximum burst of 4 kilobytes. This affects both unknown multicast data plane traffic as well as control plane traffic. While this ACL may be useful in mitigating the effect of unknown multicast traffic on the switch CPU, use of this rule in the ingress or egress direction is highly likely to disrupt normal multicast traffic.

Page 272: Mac Access-List Extended Rename
User Guidelines Use this command to create a mac access control list. The CLI mode is changed to Mac-Access-List Configuration when this command is successfully executed. Example The following example creates MAC ACL and enters MAC-Access-List- Configuration mode. console(config)#mac access-list extended LVL7DELL console(config-mac-access-list)# mac access-list extended rename Use the mac access-list extended rename command in Global Configuration...

Page 273: Service-Acl Input
service-acl input Use the service-acl input command in Interface Configuration mode to block Link Local Protocol Filtering (LLPF) protocol(s) on a given port. Use the no form of this command to unblock link-local protocol(s) on a given port. Syntax service-acl input {blockcdp | blockvtp | blockdtp | blockudld | blockpagp | blocksstp | blockall} no service-acl input •...

Page 274: Show Service-Acl Interface
show service-acl interface This command displays the status of LLPF rules configured on a particular port or on all the ports. Syntax interface-id show service-acl interface { | all} • physical or logical interface-id—Any interface. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration.

Page 275: Show Ip Access-Lists
in— • Show the ingress ACLs. out— • Show the egress ACLs. • control-plane— Show the control plane ACLs. Default Configuration No ACLs are configured by default. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.

Page 276: Show Mac Access-Lists
User Guidelines There are no user guidelines for this command. Examples The following example displays IP ACLs configured on a device. console#show ip access-lists ACL Name: ip1 Inbound Interface(s): gi1/0/30 Rule Number: 1 Action......... permit Match All........FALSE Protocol........1(icmp) Committed Rate.........

Page 277 MAC ACL Name: unkn-multicast Inbound Interface(s): control-plane Rule Number: 1 Action......... permit Source MAC Address......0100.5E00.0000 Source MAC Mask........ FFFF.FF00.0000 Committed Rate......... 8 Committed Burst Size......4 Rule Number: 2 Action......... permit Match All........TRUE ACL Commands...

Page 278 ACL Commands...

Page 279: Address Table Commands
Address Table Commands Dell Networking N2000/N3000/N4000 Series Switches Static MAC Filtering allows the administrator to add a number of unicast or multicast MAC addresses directly to the forwarding database. This is typically a small number relative to the total size of the database. Associated with each static MAC address is a set of source ports, a set of destination ports and VLAN information.

Page 280: Clear Mac Address-Table
Commands in this Chapter This chapter explains the following commands: clear mac address-table show mac address-table show mac address-table multicast interface mac address-table aging- show mac address-table show mac address-table time static mac address-table multicast show mac address-table show mac address-table vlan forbidden address address mac address-table static...

Page 281: Mac Address-Table Aging-Time
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example In this example, the mac address-table tables are cleared. console#clear mac address-table dynamic mac address-table aging-time Use the mac address-table aging-time command in Global Configuration mode to set the aging time of the address. To restore the default, use the no form of the mac address table aging-time command.

Page 282: Mac Address-Table Multicast Forbidden Address
console(config)#mac address-table aging-time 400 mac address-table multicast forbidden address Use the mac address-table multicast forbidden address command in Global Configuration mode to forbid adding a specific Multicast address to specific ports. To return to the system default, use the no form of this command. If routers exist on the VLAN, do not change the unregistered multicast drop addresses state to...

Page 283: Mac Address-Table Static Vlan
Examples In this example the MAC address 0100.5e02.0203 is forbidden on port 2/0/9 within VLAN 8. console(config)#mac address-table multicast forbidden address vlan 8 0100.5e02.0203 add gigabitethernet 2/0/9 mac address-table static vlan Use the mac address table static vlan command in Global Configuration mode to add a static MAC-layer station source address to the bridge table.

Page 284: Port Security
Example The following example adds a permanent static MAC-layer station source address c2f3.220a.12f4 to the MAC address table. console(config)# mac address-table static c2f3.220a.12f4 vlan 4 interface gigabitethernet6/0/1 port security Use the port security command in Interface Configuration mode to disable the learning of new addresses on an interface.

Page 285: Port Security Max
console(config)#interface gigabitethernet te1/0/1 console(config-if-Te1/0/1)#port security trap 100 port security max Use the port security max command in Interface Configuration mode to configure the maximum addresses that can be learned on the port while the port is in port security mode. To return to the system default, use the no form of this command.

Page 286 Syntax vlan-id mac-multicast- show mac address-table multicast [vlan ] [address { address ip-multicast-address }] [format {ip | mac}] vlan_id — A valid VLAN ID value. • mac-multicast-address — A valid MAC Multicast address. • ip- multicast-address — A valid IP Multicast address. •...

Page 287: Show Mac Address-Table
show mac address-table Use the show mac address-table command in User EXEC or Privileged EXEC mode to display all entries in the bridge-forwarding database. Syntax show mac address-table Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.

Page 288: Show Mac Address-Table Count
Syntax mac-address interface-id show mac address-table address [interface ] [vlan vlan-id • mac-address — A MAC address with the format xxxx.xxxx.xxxx. • interface-id — Display information for a specific interface. Valid interfaces include physical ports and port channels. • vlan-id — Display entries for the specific VLAN only.

Page 289: Show Mac Address-Table Dynamic
• interface-id — Specify an interface type; valid interfaces include physical ports and port channels. • vlan-id — Specify a valid VLAN, the range is 1 to 4093. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.

Page 290: Show Mac Address-Table Interface
Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example In this example, all dynamic entries in the mac address-table are displayed. console#show mac address-table dynamic Aging time is 300 Sec Vlan Mac Address...

Page 291: Show Mac Address-Table Static
Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example In this example, all classes of entries in the bridge-forwarding database for gigabit Ethernet interface 1/0/1 are displayed. console#show mac address-table interface gigabitethernet 1/0/1 Aging time is 300 Sec Vlan Mac Address...

Page 292: Show Mac Address-Table Vlan
Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example In this example, all static entries in the bridge-forwarding database are displayed. console#show mac address-table static Vlan Mac Address Type Port ---- -------------- -----...

Page 293: Show Ports Security
Example In this example, all classes of entries in the bridge-forwarding database are displayed. console#show mac address-table vlan 1 Mac Address Table ------------------------------------- Vlan Mac Address Type Ports ---- --------------- ------- ------- 0000.0001.0000 Dynamic gi1/0/1 0000.8420.5010 Dynamic gi1/0/1 0000.E26D.2C2A Dynamic gi1/0/1 0000.E89A.596E Dynamic gi1/0/1 0001.02F1.0B33...

Page 294: Show Ports Security Addresses
Port Status Action Maximum Trap Frequency ---- ------ ---------- -------- ------- ------- 1/0/1 Locked Discard Enable 1/0/2 Unlocked 1/0/3 Locked Discard Disable The following table describes the fields in this example. Field Description Port The port number. Status The status can be one of the following: Locked or Unlocked.

Page 295 User Guidelines This command has no user guidelines. Examples The following example displays dynamic addresses for port channel number 1/0/1. console#show ports security addresses Te1/0/1 Dynamic addresses: 83 Maximum addresses: 100 Learned addresses ------- --------- Address Table Commands...

Page 296 Address Table Commands...

Page 297 Auto-VoIP Commands Dell Networking N2000/N3000/N4000 Series Switches Voice over Internet Protocol (VoIP) allows network users to make telephone calls using a computer network over a data network like the Internet. With the increased prominence of delay-sensitive applications (voice, video, and other multimedia applications) deployed in networks today, proper QoS configuration ensures high-quality application performance.

Page 298: Show Switchport Voice
show switchport voice Use the show switchport voice command to show the status of Auto-VoIP on an interface or all interfaces. Syntax port- show switchport voice [gigabitethernet unit/slot/port| port-channel channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port] Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines...

Page 299 Gi1/0/16 Disabled Gi1/0/17 Disabled Gi1/0/18 Disabled Gi1/0/19 Disabled Gi1/0/20 Disabled Gi1/0/21 Disabled Gi1/0/22 Disabled Gi1/0/23 Disabled Gi1/0/24 Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Po10 Disabled Po11 Disabled Po12 Disabled Po13 Disabled Po14 Disabled Po15 Disabled --More-- or (q)uit The following example shows command output when a port is specified: console#show switchport voice gigabitethernet 1/0/1 Interface...

Page 300: Switchport Voice Detect Auto
switchport voice detect auto The switchport voice detect auto command is used to enable the VoIP Profile on all the interfaces of the switch (global configuration mode) or for a specific interface (interface configuration mode).Use the no form of the command to disable the VoIP Profile.

Page 301: Clear Isdp Counters
Industry Standard Discovery Protocol (ISDP) is a proprietary Layer 2 network protocol which inter-operates with Cisco network equipment and is used to share information between neighboring devices. Dell Networking switches participate in the ISDP protocol and are able to both discover and be discovered by devices that support the Cisco Discovery Protocol (CDP).

Page 302: Clear Isdp Table
User Guidelines There are no user guidelines for this command. Example console#clear isdp counters clear isdp table The clear isdp table command clears entries in the ISDP table. Syntax clear isdp table Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines...

Page 303: Isdp Enable
Default Configuration ISDP sends version 2 packets by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#isdp advertise-v2 isdp enable The isdp enable command enables ISDP on the switch. User the “no” form of this command to disable ISDP.

Page 304: Isdp Holdtime
console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#isdp enable isdp holdtime The isdp holdtime command configures the hold time for ISDP packets that the switch transmits. The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it. The range is given in seconds.

Page 305: Show Isdp
Syntax time isdp timer no isdp timer time • —The time in seconds (range: 5–254 seconds). Default Configuration The default timer is 30 seconds. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example sets the isdp timer value to 40 seconds.

Page 306: Show Isdp Entry
Example console#show isdp Timer........ 30 Hold Time......180 Version 2 Advertisements..... Enabled Neighbors table last time changed..0 days 00:06:01 Device ID......QTFMPW82400020 Device ID format capability..Serial Number Device ID format..... Serial Number show isdp entry The show isdp entry command displays ISDP entries. If a device id specified, then only the entry about that device is displayed.

Page 307: Show Isdp Interface
Port ID GigabitEthernet1/1 Holdtime Advertisement Version Entry last changed time 0 days 00:13:50 Version : Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000 I9K91S-M), Version 12.2(25)EWA9, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 21-Mar-07 12:20 by tinhuang show isdp interface The show isdp interface command displays ISDP settings for the specified...

Page 308: Show Isdp Neighbors
1/0/8 Enabled 1/0/9 Enabled 1/0/10 Enabled 1/0/11 Enabled 1/0/12 Enabled 1/0/13 Enabled 1/0/14 Enabled 1/0/15 Enabled 1/0/16 Enabled 1/0/17 Enabled 1/0/18 Enabled 1/0/19 Enabled 1/0/20 Enabled 1/0/21 Enabled 1/0/22 Enabled 1/0/23 Enabled 1/0/24 Enabled console#show isdp interface gigabitethernet 1/0/1 Interface Mode --------------- ----------...

Page 309: Show Isdp Traffic
Example console#show isdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route, S - Switch, H - Host, I - IGMP, r - Repeater Device ID Intf Hold Cap. Platform Port ID ------------- ----- ---- --------------- Switch1/0/1 RI cisco WS-C4948 GigabitEthernet1/1 console#show isdp neighbors detail...

Page 310: Cdp Interoperability Commands
User Guidelines There are no user guidelines for this command. Example console#show isdp traffic ISDP Packets Received......4253 ISDP Packets Transmitted....... 127 ISDPv1 Packets Received......0 ISDPv1 Packets Transmitted..... 0 ISDPv2 Packets Received......4253 ISDPv2 Packets Transmitted..... 4351 ISDP Bad Header........ 0 ISDP Checksum Error......

Page 311: Dhcp Layer 2 Relay Commands
IP packets transparently, a DHCP Relay agent processes DHCP messages and generates new DHCP messages as a result. The Dell Networking DHCP Relay supports DHCP Relay Option 82 circuit- id and remote-id for a VLAN. Commands in this Chapter...

Page 312: Dhcp L2Relay (Interface Configuration)
dhcp l2relay (Global Configuration) Use the dhcp l2relay command to enable Layer 2 DHCP Relay functionality. The subsequent commands mentioned in this section can only be used when the L2-DHCP Relay is enabled. Use the no form of this command to disable L2-DHCP Relay.

Page 313: Dhcp L2Relay Circuit-Id
Command Mode Interface Configuration (Ethernet, Port-channel). User Guidelines There are no user guidelines for this command. Example console(config-if-Gi1/0/1)#dhcp l2relay dhcp l2relay circuit-id Use the dhcp l2relay circuit-id command to enable setting the DHCP Option 82 Circuit ID for a VLAN. When enabled, the interface number is added as the Circuit ID in DHCP option 82.

Page 314: Dhcp L2Relay Trust
dhcp l2relay remote-id Use the dhcp l2relay remote-id command to enable setting the DHCP Option 82 Remote ID for a VLAN. When enabled, the supplied string is used for the Remote ID in DHCP Option 82. Use the no form of this command to disable setting the DHCP Option 82 Remote ID.

Page 315: Dhcp L2Relay Vlan
Default Configuration DHCP Option 82 is discarded by default. Configuration Mode Interface Configuration (Ethernet, Port-channel). User Guidelines There are no user guidelines for this command. Example console(config-if-Gi1/0/1)#dhcp l2relay trust dhcp l2relay vlan Use the dhcp l2relay vlan command to enable the L2 DHCP Relay agent for a set of VLANs.

Page 316: Show Dhcp L2Relay All
show dhcp l2relay all Use the show dhcp l2relay all command in Privileged EXEC mode to display the summary of DHCP L2 Relay configuration. Syntax show dhcp l2relay all Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.

Page 317: Show Dhcp L2Relay Stats Interface
Syntax interface-id show dhcp l2relay interface {all | • — Show all interfaces. • interface-id — A physical interface. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.

Page 318: Show Dhcp L2Relay Subscription Interface
Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay stats interface all DHCP L2 Relay is Enabled. Interface UntrustedServer UntrustedClient TrustedServer TrustedClient MsgsWithOpt82 MsgsWithOpt82 MsgsWithoutOpt82 MsgsWithoutOpt82 ---------...

Page 319: Show Dhcp L2Relay Vlan
show dhcp l2relay agent-option vlan Use the show dhcp l2relay agent-option vlan command in Privileged EXEC mode to display DHCP L2 Relay Option-82 configuration specific to VLANs. Syntax vlan-range show dhcp l2relay agent-option vlan vlan-range • — Show information for the specified VLAN range. A range may be a single VLAN ID or two VLAN IDs separated by a single dash with no embedded spaces.

Page 320: Show Dhcp L2Relay Circuit-Id Vlan
Syntax vlan-range show dhcp l2relay vlan vlan-range • — Show information for the specified VLAN range. A range may be a single VLAN ID or two VLAN IDs separated by a single dash with no embedded spaces. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines...

Page 321: Show Dhcp L2Relay Remote-Id Vlan
Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay circuit-id vlan 300 DHCP L2 Relay is Enabled. DHCP Circuit-Id option is enabled on the following VLANs: show dhcp l2relay remote-id vlan Use the show dhcp l2relay remote-id vlan command in Privileged EXEC mode to display whether DHCP L2 Relay is globally enabled and shows the...

Page 322: Clear Dhcp L2Relay Statistics Interface
--------------------- 200remote_22 clear dhcp l2relay statistics interface Use the show dhcp l2relay statistics interface command in Privileged EXEC mode to reset the DHCP L2 Relay counters to zero. Specify the port with the counters to clear, or use the all keyword to clear the counters on all ports. Syntax interface-id clear dhcp l2relay statistics interface {all |...

Page 323 DHCP Management Interface Commands Dell Networking N2000/N3000/N4000 Series Switches Dell Networking switches support an embedded DHCP client. Any IP interface can use DHCP to obtain an IP address. The DHCP client can run on multiple interfaces simultaneously. For IPv4, an IP interface can either use manually configured addresses or be enabled for DHCP .

Page 324: Release Dhcp
release dhcp debug dhcp packet renew dhcp show dhcp lease release dhcp Use the release dhcp command in Privileged EXEC mode to force the DHCPv4 client to release a leased address. Syntax interface-id release dhcp interface-id • — Any valid VLAN interface. See Interface Naming Conventions interface representation.

Page 325: Renew Dhcp
renew dhcp Use the renew dhcp command in Privileged EXEC mode to force the DHCP client to immediately renew an IPv4 address lease. Syntax interface-id renew dhcp { | out-of-band} interface-id • —Any valid routing interface. See Interface Naming Conventions for interface representation.

Page 326: Debug Dhcp Packet
debug dhcp packet Use the debug dhcp packet command in Privileged EXEC mode to display debug information about DHCPv4 client activities and to trace DHCPv4 packets to and from the local DHCPv4 client. To disable debugging, use the no form of this command. Syntax debug dhcp packet [transmit | receive] no debug dhcp packet [transmit | receive]...

Page 327 Syntax vlan-id show dhcp lease [interface { out-of-band | vlan • out-of-band—The out-of-band interface. • vlan—The VLAN and VLAN ID. Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines This command lists all IPv4 addresses currently leased from a DHCP server on a routing interface.

Page 328 Examples The following example shows the output from this command when the device has leased two IPv4 addresses from the DHCP server. console#show dhcp lease IP address: 10.1.20.1 on interface VLAN10 Subnet mask: 255.255.255.0 DHCP Lease server: 10.1.20.3, state: 5 Bound DHCP transaction id: 0x7AD Lease: 86400 secs, Renewal: 43200 secs, Rebind: 75600 secs Retry count: 0...

Page 329: Dhcp Snooping Commands
DHCP Snooping Commands Dell Networking N2000/N3000/N4000 Series Switches DHCP Snooping is a security feature that monitors DHCP messages between DHCP clients and DHCP server to filter harmful DHCP messages and build a bindings database of {MAC address, IP address, VLAN ID, interface} tuples that are considered authorized.

Page 330: Clear Ip Dhcp Snooping Binding
Commands in this Chapter This chapter explains the following commands: clear ip dhcp snooping binding ip dhcp snooping trust clear ip dhcp snooping statistics ip dhcp snooping verify mac-address ip dhcp snooping show ip dhcp snooping ip dhcp snooping binding show ip dhcp snooping binding ip dhcp snooping database show ip dhcp snooping database...

Page 331: Clear Ip Dhcp Snooping Statistics
clear ip dhcp snooping statistics Use the clear ip dhcp snooping statistics command to clear all DHCP Snooping statistics. Syntax clear ip dhcp snooping statistics Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC User Guidelines There are no user guidelines for this command.

Page 332: Ip Dhcp Snooping Binding
User Guidelines To enable DHCP snooping, do the following: 1 Enable DHCP Snooping globally. 2 Enable DHCP Snooping per VLAN. 3 Set DHCP Snooping trusted port on the port in the DHCP server direction. The bindings database populated by DHCP snooping is used by several other services, including IP source guard and dynamic ARP inspection.

Page 333: Ip Dhcp Snooping Database
Default Configuration There are no static or dynamic DHCP snooping bindings by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ip dhcp snooping binding 00:00:00:00:00:01 vlan 10 10.131.12.134 interface 1/0/1 ip dhcp snooping database Use the ip dhcp snooping database command to configure the persistent storage location of the DHCP snooping database.

Page 334: Ip Dhcp Snooping Database Write-Delay
Example The following example configures the storage location of the snooping database as local. console(config)#ip dhcp snooping database local The following example configures the storage location of the snooping database as remote. console(config)#ip dhcp snooping database tftp://10.131.11.1/db.txt ip dhcp snooping database write-delay Use the ip dhcp snooping database write-delay command to configure the interval in seconds at which the DHCP Snooping database will be stored in persistent storage.

Page 335: Ip Dhcp Snooping Limit
ip dhcp snooping limit Use the ip dhcp snooping limit command to diagnostically disable itself if the rate of received DHCP messages exceeds the configured limit. Use the no shutdown command to re-enable the interface. Use the no form of this command to disable automatic shutdown of the interface.

Page 336: Ip Dhcp Snooping Log-Invalid
range of 0-300 packets per second and the burst interval in the range of 1-15 seconds. In general, a rate limit of under 100 pps is valid for untrusted interfaces. Examples console(config-if-Gi1/0/1)#ip dhcp snooping limit none console(config-if-Gi1/0/1)#ip dhcp snooping limit rate 100 burst interval 1 ip dhcp snooping log-invalid Use the ip dhcp snooping log-invalid command to enable logging of DHCP messages filtered by the DHCP Snooping application.

Page 337: Ip Dhcp Snooping Trust
ip dhcp snooping trust Use the ip dhcp snooping trust command to configure a port as trusted. Use the no form of this command to configure a port as untrusted. Syntax ip dhcp snooping trust no ip dhcp snooping trust Default Configuration Ports are untrusted by default.

Page 338: Show Ip Dhcp Snooping
ip dhcp snooping verify mac-address Use the ip dhcp snooping verify mac-address command to enable the verification of the source MAC address with the client MAC address in the received DHCP message. Use the “no” form of this command to disable verification of the source MAC address.

Page 339: Show Ip Dhcp Snooping Binding
Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show ip dhcp snooping DHCP snooping is Disabled DHCP snooping source MAC verification is enabled DHCP snooping is enabled on the following VLANs: 11 - 30, 40 Interface Trusted...

Page 340: Show Ip Dhcp Snooping Database
Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show ip dhcp snooping binding Total number of bindings: 2 MAC Address IP Address VLAN Interface Type Lease (Secs) -----------------...

Page 341: Show Ip Dhcp Snooping Interfaces
agent url: /10.131.13.79:/sai1.txt write-delay: 5000 show ip dhcp snooping interfaces Use the show ip dhcp snooping interfaces command to show the DHCP Snooping status of the interfaces. Syntax interface show ip dhcp snooping interfaces [ • interface—A valid physical interface. Default Configuration There is no default configuration for this command.

Page 342: Show Ip Dhcp Snooping Statistics
show ip dhcp snooping statistics Use the show ip dhcp snooping statistics command to display the DHCP snooping filtration statistics. Syntax show ip dhcp snooping statistics Default Configuration There is no default configuration for this command. Command Mode User EXEC, Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines The following fields are displayed by this command:...

Page 343 1/0/7 1/0/8 1/0/9 1/0/10 1/0/11 1/0/12 1/0/13 1/0/14 1/0/15 1/0/16 1/0/17 1/0/18 1/0/19 1/0/20 DHCP Snooping Commands...

Page 344 DHCP Snooping Commands...

Page 345: Dynamic Arp Inspection Commands
Dynamic ARP Inspection Commands Dell Networking N2000/N3000/N4000 Series Switches Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. The feature prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its neighbors.

Page 346: Clear Ip Arp Inspection Statistics
acl-name — A valid ARP ACL name (Range: 1–31 characters). • Default Configuration There are no ARP ACLs created by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#arp access-list tier1 clear ip arp inspection statistics Use the clear ip arp inspection statistics command in Privileged EXEC mode to reset the statistics for Dynamic Address Resolution Protocol (ARP)

Page 347: Ip Arp Inspection Filter
ip arp inspection filter Use the ip arp inspection filter command to configure the ARP ACL to be used for a single VLAN or a range of VLANs to filter invalid ARP packets. If the static keyword is given, packets that do not match a permit statement are dropped without consulting the DHCP snooping bindings.

Page 348: Ip Arp Inspection Trust
no ip arp inspection limit none — To set no rate limit. • pps — The number of packets per second (Range: 0–300). • seconds — The number of seconds (Range: 1–15). • Default Configuration The default rate limit is 15 packets per second. The default burst interval is 1 second.

Page 349: Ip Arp Inspection Validate
Default Configuration Interfaces are configured as untrusted by default. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines There are no user guidelines for this command. Example console(config-if-Gi1/0/3)#ip arp inspection trust ip arp inspection validate Use the ip arp inspection validate command to enable additional validation checks like source MAC address validation, destination MAC address validation or IP address validation on the received ARP packets.

Page 350: Ip Arp Inspection Vlan
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example console(config)#ip arp inspection validate src-mac dst-mac ip console(config)#ip arp inspection validate src-mac ip console(config)#ip arp inspection validate dst-mac ip console(config)#ip arp inspection validate ip ip arp inspection vlan Use the ip arp inspection vlan command to enable Dynamic ARP Inspection on a single VLAN or a range of VLANs.

Page 351: Permit Ip Host Mac Host
permit ip host mac host Use the permit ip host mac host command to configure a rule for a valid IP address and MAC address combination used in ARP packet validation. Use the “no” form of this command to delete an ARP ACL rule. Syntax sender-ip sender-mac...

Page 352: Show Ip Arp Inspection
Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show arp access-list ARP access list H2 permit ip host 1.1.1.1 mac host 00:01:02:03:04:05 permit ip host 1.1.1.2 mac host 00:03:04:05:06:07 ARP access list H3 ARP access list H4...

Page 353: Command Mode
Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines The following information is displayed for each VLAN when a VLAN range is supplied: Field Description VLAN The VLAN-ID for each displayed row.

Page 354: Show Ip Arp Inspection Vlan
----------------------------------------------- 1 Disabled Enabled console# Following is an example of the show ip arp inspection interfaces command. console#show ip arp inspection interfaces Interface Trust State Rate Limit Burst Interval (pps) (seconds) --------------- ----------- ---------- --------------- 1/0/1 Untrusted 1/0/2 Untrusted Following is an example of the show ip arp inspection statistics command. console#show ip arp inspection statistics VLAN Forwarded...

Page 355 Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines The following global parameters are displayed: Parameter Description Source Mac Validation If Source Mac validation of ARP frame is enabled. Destination Mac If Destination Mac validation of ARP Response frame is Validation...

Page 356 Enabled Disabled Dynamic ARP Inspection Commands...

Page 357 E-mail Alerting Commands Dell Networking N2000/N3000/N4000 Series Switches E-mail Alerting is an extension of the logging system. The Dell Networking logging system allows the user to configure a variety of destinations for log messages. This feature adds e-mail configuration capabilities, by which the log messages are sent to a configured SMTP server such that an operator may receive the log in an e-mail account of their choice.

Page 358: Logging Email
Commands in this Chapter This chapter explains the following commands: logging email show logging email statistics logging email urgent clear logging email statistics logging traps security logging email message-type to-addr mail-server ip-address | hostname logging email from-addr port (Mail Server Configuration Mode) logging email message-type subject username (Mail Server Configuration Mode)

Page 359: Logging Email Urgent
– notice (5) – info (6) – debug (7) Default Configuration E-mail alerting is disabled by default. When e-mail alerting is enabled, log messages at or above severity Warning are e-mailed. Command Mode Global Configuration mode User Guidelines The logging email command with no arguments enables e-mail alerting. Specify a severity to set the severity level of log messages that are e-mailed in a non-urgent manner.

Page 360: Logging Traps
– emergency (0) – alert (1) – critical (2) – error (3) – warning (4) – notice (5) – info (6) – debug (7) • none— If you specify this keyword, no log messages are e-mailed urgently. All log messages at or above the non-urgent level (configured with the logging email command) are e-mailed in batch.

Page 361: Logging Email Message-Type To-Addr
severity —If you specify a severity level, log messages at or above the • severity level are e-mailed. The severity level may either be specified by keyword or as an integer from 0 to 7. The accepted keywords, and the numeric severity level each represents, are as follows.

Page 362: Logging Email From-Addr
Syntax to-email- logging email message-type {urgent | non-urgent | both} to-addr addr to-addr no logging email to-addr message-type no logging email message-type {urgent | non-urgent | both} to-addr email-addr Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines This command removes the configured to-addr field of e-mail.

Page 363: Logging Email Logtime
logging email message-type subject Use the logging email message-type subject command in Global Configuration mode to configures subject of the e-mail. Use the no form of this command to remove the existing subject and return to the default subject. Syntax message-type subject logging email message-type...

Page 364: Show Logging Email Statistics
Command Mode Global Configuration User Guidelines This command has no user guidelines. logging email test message-type Use the logging email test message-type command in Global Configuration mode to test whether or not an e-mail is being sent to an SMTP server. Syntax message-type message-body...

Page 365: Clear Logging Email Statistics
Syntax show logging email statistics Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines This command has no user guidelines. clear logging email statistics Use the clear logging email statistics command in Privileged EXEC mode to clear the e-mail alerting statistics.

Page 366 security Use the security command in Mail Server Configuration mode to set the e- mail alerting security protocol. This enables and disables the switch to use TLS authentication with the SMTP Server. If the administrator sets the TLS mode and, if the SMTP sever does not support TLS mode, then no e-mail goes to the SMTP server.

Page 367: Port (Mail Server Configuration Mode)
Default Configuration The default configuration for a mail server is shown in the table below. Field Default Email Alert Mail Server Port Email Alert Security Protocol none Email Alert Username admin Email Alert Password admin Command Mode Global Configuration User Guidelines This command has no user guidelines.

Page 368: Username (Mail Server Configuration Mode)
User Guidelines Port 25 is the standard SMTP port for cleartext messages. Port 465 is the standard port for messages sent using TLSv1. Messages are always sent in plain text mode. username (Mail Server Configuration Mode) Use the username command in Mail Server Configuration mode to configure the username required by the authentication.

Page 369: Show Mail-Server
Default Configuration The default value for password is admin. Command Mode Mail Server Configuration User Guidelines This command has no user guidelines. show mail-server Use the show mail-server command in Privileged EXEC mode to display the configuration of all the mail servers or a particular mail server. Syntax ip-address hostname...

Page 370 SMTP server authentication details: Username: admin Mail server2 configuration: SMTP server IP Address: 10.131.1.31 SMTP server Port: SMTP server security protocol: SMTP server authentication details: Username: admin console#show mail-server ip-address 10.131.1.11 SMTP server IP Address: 10.131.1.11 SMTP server Port: SMTP server security protocol: SMTP server authentication details: Username: admin...

Page 371: Ethernet Configuration Commands
The increase in throughput is particularly valuable on data center servers where the larger frame size increases efficiency of the system and allows processing of more requests. The Dell Networking jumbo frames feature extends the standard ethernet MTU (Max Frame Size) from 1518 (1522 with VLAN header) bytes to 9216 bytes.

Page 372: Clear Counters
On a storm control enabled interface, if the ingress rate of that type of packet (L2 broadcast, multicast, or unicast) is greater than the configured threshold level (as a percentage of port speed or as an absolute packets-per-second rate), the switch forwarding-plane discards the excess traffic. speed command controls interface link speeds and auto-negotiation.

Page 373 Syntax port-channel- clear counters [{gigabitethernet unit/slot/port | port-channel number | switchport | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines Use of the clear counters command with no parameters indicates that both switch and all interface statistics are to be cleared.

Page 374: Flowcontrol Receive
Global Configuration and Interface Configuration modes User Guidelines Dell Networking switches implement receive flow control only. They never issue a flow control PAUSE frame when congested, but do respect received flow control PAUSE frames received from other switches. Disabling flow control causes the switch to ignore received PAUSE frames.

Page 375 Interface specific configuration overrides any global configuration. Changing the flow control setting on a copper port restarts auto-negotiation and causes a brief link-flap while auto-negotiation occurs. Changing the flow control setting on a fiber port may cause a brief link flap as the PHY is reset. Enabling flow control on some ports and not others can lead to excessive packet loss in situations where some ports on the switch have been paused and the internal packet buffers are consumed.

Page 376: Interface Range
User Guidelines Dell Networking switches implement receive flow control only. They never issue a flow control PAUSE frame when congested, but will respect received flow control PAUSE frames received from other switches. Disabling flow control causes the switch to ignore received PAUSE frames.

Page 377: Monitor Capture (Global Configuration)
port-type —Shows all interfaces of the specified type. • Default Configuration This command has no default configuration. Command Mode Global Configuration, Interface Range and Interface modes User Guidelines Commands under the interface range context are executed independently on each active interface in the range. If the command returns an error on one of the active interfaces, it does not stop executing commands on other active interfaces.

Page 378 No monitor capture stops the capture and returns the configuration to the defaults. No monitor capture file size returns the capture file size to the defaults. No monitor capture remote port returns the TCP port to the default. Syntax max-size monitor capture [file [size ] | remote [port ] | line [wrap]]...

Page 379 display only the captured packets that were not previously displayed as the show command empties the capture buffer. When a capture session is stopped, it is possible to display all saved packets as often as is desired. The command show monitor capture packets always displays the captured packets in chronological order.

Page 380 packets that have been already displayed during capturing session are overwritten in RAM by new captured packets if capturing is still in progress. In this manner, the limit of displaying 128 packets per session can be overcome (but only in monitor capture line wrap mode). Packets that have not been displayed are not overwritten.

Page 381 NVRAM Capture: After packet capture is activated, packets are stored in NVRAM until the capture file reaches its maximum size, or until the capture is stopped manually. When the capture is started, the capture file from the previous capture is deleted. The captured file can be uploaded via TFTP, SFTP, SCP via CLI and SNMP using the copy command.

Page 382: Monitor Capture (Privileged Exec)
• Message that keeps the authentication parameters • Request to get network statistics • Request to stop the current capture, keeping the device open Wireshark replies supported are: • Reply which sends the list of all the remote interfaces • Reply that remote device has been opened correctly •...

Page 383 Default Configuration Capture is not enabled by default. By default, both transmitted and received packets are captured. Command Modes Privileged EXEC mode User Guidelines In general, starting packet capture erases the previous capture buffer contents. Example console# monitor capture start all rate-limit cpu Use the rate-limit cpu command to reduce the amount of unknown unicast/multicast packets forwarded to the CPU.

Page 384 User Guidelines Unknown unicast and multicast packets are copied to the CPU on the lowest priority QoS queue. Unknown packets are those that do not have hardware forwarding entries. Known unicast/multicast packets are hardware forwarded and are not queued to the CPU. Control plane packets (e.g. spanning tree BPDUs) are copied or forwarded to the CPU on higher priority queues.

Page 385: Show Interfaces Advertise
------ ---------- free 1053933568 alloc 673873920 CPU Utilization: Name 5 Secs 60 Secs 300 Secs ---------- ------------------- -------- -------- -------- 1129 osapiTimer 0.00% 0.00% 0.01% 1133 _interrupt_thread 0.09% 0.01% 0.00% 1137 bcmCNTR.0 0.24% 0.31% 0.31% 1142 bcmRX 23.00% 27.01% 18.01% 1147 ipMapForwardingTas 32.97%...

Page 386 User Guidelines The priority resolution field indicates the auto-negotiated link speed and duplex. The clock field indicates whether the local interface has auto- negotiated to clock master or clock slave. When the link is down, the field will show No link. When the link is down, the Oper Peer Advertisement and Priority Resolution fields will show dashes.

Page 387: Show Interfaces Configuration
show interfaces configuration Use the show interfaces configuration command in User EXEC mode to display the configuration for all configured interfaces. Syntax show interfaces configuration [{gigabitethernet unit/slot/port| port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode User EXEC mode, Configuration mode and all Configuration submodes User Guidelines...

Page 388: Show Interfaces Counters
Port Description Duplex Speed Admin State --------- ------------------------------ ------ ------- ---- ----- ----- Gi1/0/1 Full 1000 Auto 1518 show interfaces counters Use the show interfaces counters command in User EXEC mode to display traffic seen by the interface. Syntax show interfaces counters [errors] [gigabitethernet unit/slot/port | port- port-channel-number | tengigabitethernet unit/slot/port | channel fortygigabitethernet unit/slot/port]...

Page 389 Field Description InUcastPkts Counted received Unicast packets. InMcastPkts Counted received Multicast packets. InBcastPkts Counted received Broadcast packets. OutOctets Counted transmitted octets. OutUcastPkts Counted transmitted Unicast packets. OutMcastPkts Counted transmitted Multicast packets. OutBcastPkts Counted transmitted Broadcast packets. Alignment Errors A count of frames received that are not an integral number of octets in length and do not pass the FCS check.

Page 390 Field Description Transmitted PFC A count of the transmitted PFC frames. Frames Receive Packets Count of frames discarded due to any reason Discards Transmit Packets Count of packet queued for transmission and discards for Discarded any reason Example The following example displays traffic seen by the physical interface: console>show interfaces counters Port InOctets...

Page 391: Show Interfaces Description
FCS Errors: ........0 Single Collision Frames: ...... 0 Late Collisions: ......0 Excessive Collisions: ......0 Multiple Collisions: ......0 Received packets dropped > MTU: ....0 Transmitted packets dropped > MTU: .... 0 Internal MAC Rx Errors: ....... 0 Received Pause Frames: ......

Page 392: Show Interfaces Detail
2/0/1 2/0/2 Description ---- ----------- Output show interfaces detail Use the show interfaces detail command in Privileged EXEC mode to display detailed status and configuration of the specified interface. Syntax show interfaces detail • interface-id— A physical interface or port channel identifier. Default Configuration This command has no default configuration.

Page 393: Show Interfaces Status
Flow Control: Enabled Port: Gi1/0/1 VLAN Membership mode: Access Mode Operating parameters: PVID: 1 Ingress Filtering: Enabled Acceptable Frame Type: Untagged Default Priority: 0 GVRP status: Disabled Protected: Disabled Port Gi1/0/1 is member in: VLAN Name Egress rule Type ---- --------------------------------- ----------- -------- default...

Page 394 Syntax show interfaces status Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines Port channels are only displayed if configured. Use the show interfaces port- channel command to display configured and unconfigured port channels. Interfaces configured as stacking ports will show as detached in the output of show interfaces status command.

Page 395 Port Description Vlan Duplex Speed Link Flow Ctrl State Status --------- ------------------------- ----- ------ ------- ---- ----- --------- Te1/0/1 prom Unknown Auto Down Inactive Te1/0/2 Unknown Auto Down Inactive Te1/0/3 host Unknown Auto Down Inactive Te1/0/4 Unknown Auto Down Inactive Te1/0/5 trnk Unknown Auto Down...

Page 396: Show Interfaces Transceiver
Use the show interfaces transceiver command to display the optic static parameters as well as the Dell qualification. Syntax show interfaces transceiver [properties] • properties—Displays the static parameters for the optics. Default Configuration This command has no default configuration.

Page 397: Show Monitor Capture
Te1/0/9 SFP+ 10GBASE-LRM ANF0L5J Te1/0/11 SFP+ 10GBASE-LRM ANF0L5R Te1/0/13 1GBASE-SX PCC1PT5 Te1/0/15 SFP+ 10GBASE-SR AD1125A002R Te1/0/17 SFP+ 10GBASE-SR AD0815E00PC show monitor capture Use this command to display captured packets transmitted or received from the CPU. Syntax show monitor capture [packets] Default Configuration This command has no default configuration.

Page 398: Show Statistics
0030 00 00 00 00 00 00 00 00 00 01 3a 00 05 02 00 00 0040 01 00 82 00 43 62 27 10 00 00 00 00 00 00 00 00 0050 00 00 00 00 00 00 00 00 00 00 ff ff 00 00 =================== 1/0/1 Length = 94...

Page 399 Syntax show statistics {gigabitethernet unit/slot/port |switchport | port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port} unit/slot/port — • A valid interface. See Interface Naming Conventions interface representation. • switchport—Displays statistics for the entire switch. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines...

Page 400 Total Packets Received Without Errors..0 Unicast Packets Received....... 0 Multicast Packets Received..... 0 Broadcast Packets Received..... 0 Total Packets Received with MAC Errors..0 Jabbers Received....... 0 Fragments/Undersize Received....0 Alignment Errors....... 0 FCS Errors........0 Overruns........0 Total Received Packets Not Forwarded... 0 802.3x Pause Frames Received....

Page 401: Show Statistics Switchport
Time Since Counters Last Cleared....0 day 13 hr 20 min 24 sec show statistics switchport Use the show statistics command in Privileged EXEC mode to display detailed statistics for a specific port or for the entire switch. Syntax interface-id show statistics { |switchport} interface-id —The...

Page 402 Unicast Packets Transmitted ifHCOutUcastPkts Multicast Packets Transmitted ifHCOutMulticastPkts Broadcast Packets Transmitted ifHCOutBroadcastPkts Transmit Packets Discarded ifOutDiscards Example The following example shows statistics for the entire switch. console#show statistics switchport Total Packets Received (Octets)....0 Packets Received Without Error....0 Unicast Packets Received....... 0 Multicast Packets Received.....

Page 403: Show Storm-Control
show storm-control Use the show storm-control command in Privileged EXEC mode to display the configuration of storm control. Syntax show storm-control [all | {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.

Page 404 Syntax shutdown no shutdown Default Configuration The interface is enabled. Command Mode Interface Configuration (Ethernet, Port-Channel, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Examples The following example disables gigabit Ethernet port 1/0/5. console(config)#interface gigabitethernet 1/0/5 console(config-if-Gi1/0/5)# shutdown The following example reenables gigabit ethernet port 1/0/5.

Page 405 40000—Configures the port to 40 Gbps operation. • auto—The port automatically detects the speed it should run based on the • port at the other end of the link. If you use the 10, 100, or 1000 keywords with the auto keyword, the port only negotiates at the specified speeds. Default Configuration Auto-negotiation is enabled by default on copper ports.

Page 406: Storm-Control Broadcast
storm-control broadcast Use the storm-control broadcast command in Interface Configuration mode to enable broadcast storm recovery mode for a specific interface. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.

Page 407: Storm-Control Unicast
When you use the no storm-control multicast command to "disable" storm- control after having set the level or rate to a non-default value, that value is still set but is not active until you reenable storm-control. Syntax rate storm-control multicast [level | no storm-control multicast •...

Page 408: Switchport Protected
Syntax rate storm-control unicast [level | no storm-control unicast • level— The configured rate as a percentage of link-speed. rate — The configured rate in kilobits per second (Kbps). (Range: 0-100) • Default Configuration The default value is 5. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines.

Page 409: Switchport Protected Name
Default Configuration No protected switchports are defined. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example configures Ethernet port 1/0/1 as a member of protected group 1. console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#switchport protected 1 switchport protected name Use the switchport protected name command in Global Configuration mode to adds the port to the protected group 1 and also sets the group name to...

Page 410: Show Switchport Protected
User Guidelines This command has no user guidelines. Example The following example assigns the name "protected" to group 1. console(config-if-Gi1/0/1)#switchport protected 1 name protected show switchport protected Use the show switchport protected command in Privileged EXEC mode to display the status of all the interfaces, including protected and unprotected interfaces.

Page 411: Show System Mtu
Syntax show system internal pktmgr internal control sw-rate-limit Default Configuration This command has no default configuration. Command Modes Privileged EXEC mode User Guidelines See the rate-limit cpu command for further information on the output of this command. Example console# show system internal pktmgr internal control sw-rate-limit Inband pps global threshold 1024 show system mtu Use the show system mtu command to display the configured MTU.

Page 412: System Jumbo Mtu
Example a11-39#show system mtu System Jumbo MTU size is 9216 bytes system jumbo mtu Use the system jumbo mtu command to globally configure the Maximum Transmission Unit (MTU) on all interfaces, IP/IPv6 interfaces, VLAN interfaces, and port channel interfaces for forwarded and system-generated frames.

Page 413 advertise different IP MTUs, they will not form an adjacency (unless OSPF has been instructed to ignore differences in IP MTU with the ip ospf mtuignore command). Ethernet Configuration Commands...

Page 414 Ethernet Configuration Commands...

Page 415: Ethernet Cfm Commands
IEEE Std. 802.3 LAN, this specification deals with the fault diagnosis at service layer across networks comprising multiple LANs, including LANs other than 802.3 media. Dell Networking CFM is only available on the N4000 series switches. CFM is not compatible with iSCSI optimization. Disable iSCSI optimization before enabling CFM.

Page 416: Ethernet Cfm Domain
ethernet cfm mep enable show ethernet cfm maintenance-points local ethernet cfm mep active show ethernet cfm maintenance-points remote ethernet cfm mep archive-hold-time show ethernet cfm statistics ethernet cfm mip level debug cfm ethernet cfm domain Use the ethernet cfm domain command in Global Configuration mode to enter into maintenance domain Configuration mode for an existing domain.

Page 417: Ethernet Cfm Cc Level
Example In this example, a domain vin is created at level 1. console(config)#ethernet cfm domain vin level 1 console(config-cfm-mdomain)# service Use the service command in maintenance domain Configuration mode to associate a VLAN with a maintenance domain. Use the no form of the command to remove the association.

Page 418: Ethernet Cfm Mep Level
Syntax vlan-list secs ethernet cfm cc level vlan interval vlanid —VLAN ID representing a service instance that is monitored by this • maintenance association. The range is 1-4093. • secs—Time interval between successive transmissions. The range is 1, 10, 60, and 600 seconds. The default is 1 second. Default Configuration CCMs are not sent by default.

Page 419: Ethernet Cfm Mep Enable
Default Configuration No MEPs are preconfigured. Command Mode Interface Configuration User Guidelines This command has no user guidelines. Example The following example creates a maintenance endpoint at level 1 with mpid 1010 on vlan 10. console(config-if-Gi1/0/3)#ethernet cfm mep level 1 direction up mpid 1010 vlan 10 ethernet cfm mep enable Use the ethernet cfm mep enable command in Interface Configuration mode...

Page 420: Ethernet Cfm Mep Active
Example The following example enables a maintenance endpoint at level 1 with mpid 1010 on vlan 10. console(config-if-Gi1/0/3)#ethernet cfm mep enable level 1 vlan 10 mpid 1010 ethernet cfm mep active Use the ethernet cfm mep active command in Interface Configuration mode to activate a MEP at the specified level and direction.

Page 421: Ethernet Cfm Mip Level
hold-time —The time in seconds to maintain the data for a missing MEP • before removing the data. The default value is 600 seconds. Default Configuration No MEPs are preconfigured. Command Mode Interface Configuration User Guidelines The hold time should generally be less than the CCM message interval. Example The following example sets the hold time for maintaining internal information regarding a missing MEP .

Page 422: Ping Ethernet Cfm
User Guidelines This command has no user guidelines. Example console(config-if-gi1/0/1)# ethernet cfm mip level <7> ping ethernet cfm Use the ping ethernet cfm command in Privileged EXEC mode to generate a loopback message (LBM) from the configured MEP . Syntax mac-addr 1-8191 domain...

Page 423: Traceroute Ethernet Cfm
User Guidelines This command has no user guidelines. Example console #ping ethernet cfm mac 00:11:22:33:44:55 level 1 vlan 10 mpid 1 count traceroute ethernet cfm Use the traceroute ethernet command in Privileged EXEC mode to generate a link trace message (LTM) from the configured MEP. Syntax mac-addr 1-8191...

Page 424: Show Ethernet Cfm Errors
User Guidelines This command has no user guidelines. Example console # linktrace src-mep 200 target-mep 400 ttl 64 show ethernet cfm errors Use the show ethernet cfm errors command in Privileged EXEC mode to display the cfm errors. Syntax domain-id show ethernet cfm errors {domain | level •...

Page 425: Show Ethernet Cfm Maintenance-Points Local
Syntax domain-id show ethernet cfm domain {brief | • domain—Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.

Page 426: Show Ethernet Cfm Maintenance-Points Remote
Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example show ethernet cfm maintenance-points local level 1 ---- ----- ---- ---- ------ ----- -------- ------ ----------- ----- MPID Level Type VLAN Port Dire-...

Page 427: Show Ethernet Cfm Statistics
Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console# show ethernet cfm maintenance-points remove level 1 ------ ------- ----- ----------------- ---- ----------------- ----------- MEP Id RMEP Id Level VLAN Expiry Timer(sec) Service Id ------ ------- ----- ----------------- ---- ----------------- -----------...

Page 428: Debug Cfm
Example show Ethernet cfm statistics [domain | level <0-7>] Console# show ethernet cfm statistics ------------------------------------------------------------------ Statistics for 'Domain: domain1, Level: 1, Vlan: 11, MEP Id: 1' ------------------------------------------------------------------ Out-of-sequence CCM's received CCM's transmitted : 259 In-order Loopback Replies received Out-of-order Loopback Replies received: 0 Bad MSDU Loopback Replies received Loopback Replies transmitted Unexpected LTR's received...

Page 429: Privileged Exec
event—CFM events • pdu—CFM PDUs • • ccm—Continuity check messages • ltm—Link trace messages • lbm—Loopback messages • tx—Transmit only • rx—Receive only • all—Everything Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines This command has no user guidelines. Example Console# show ethernet cfm statistics ------------------------------------------------------------------...

Page 430 Bad MSDU Loopback Replies received Loopback Replies transmitted Unexpected LTR's received ------------------------------------------------------------------ Statistics for 'Domain: domain1, Level: 1, Vlan: 11, MEP Id: 3' ------------------------------------------------------------------ Out-of-sequence CCM's received CCM's transmitted In-order Loopback Replies received Out-of-order Loopback Replies received: 0 Bad MSDU Loopback Replies received Loopback Replies transmitted Unexpected LTR's received Ethernet CFM Commands...

Page 431: Energy-Detect Mode
Green Ethernet Commands Dell Networking switches support various Green Ethernet modes, i.e., power saving modes, namely: • Energy-Detect Mode • Energy Efficient Ethernet These modes can enable significant operational cost reductions through direct power savings and reducing cooling costs. Energy-Detect Mode...

Page 432: Green-Mode Energy-Detect
– green-mode energy-detect This command enables a Dell proprietary mode of power reduction on ports that are not connected to another interface. Use the green-mode energy- detect command in Interface Configuration mode to enable energy-detect mode on an interface or all the interfaces. Energy-detect mode is disabled by default on 1G copper interfaces and enabled by default on 10G copper interfaces.

Page 433: Green-Mode Eee
be disabled. An error message (Unable to set energy-detect mode) will be displayed if the user attempts to configure energy-detect on a 10G port on a N2000/N3000 series switch. green-mode eee Use the green-mode eee command in Interface Configuration mode to enable EEE low power idle mode on an interface.

Page 434: Clear Green-Mode Statistics
clear green-mode statistics Use the clear green-mode statistics command in Privileged EXEC mode to clear: • The EEE LPI event count, and LPI duration • The EEE LPI history table entries • The Cumulative Power savings estimates for a specified interface or for all the interfaces based upon the argument. Syntax interface-id clear green-mode statistics {...

Page 435: Show Green-Mode Interface-Id
Syntax 30 sec 36000 sec green-mode eee-lpi-history {sampling-interval – | max- samples • sampling-interval—The interval in seconds at which power consumption data needs to be collected. • max-samples—Maximum number of samples to keep. Default Configuration The sampling-interval default value is 3600 seconds and the max-samples default value is 168.

Page 436 Syntax interface-id show green-mode interface-id • —Any valid interface. See Interface Naming Conventions interface representation. Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines This command output provides the following information. Term Description Energy Detect Energy-detect Energy-detect mode is enabled or disabled.

Page 437 Term Description Rx Low Power Idle This field indicates duration of Rx LPI state in 10us Duration (μSec) increments. Shows the total duration of Rx LPI since the EEE counters are last cleared. Tx Low Power Idle This field is incremented each time MAC TX enters LP IDLE Event Count state.

Page 438 Term Description Remote Tw_sys_rx Integer that indicates the value of Tw_sys that the remote (μSec) system requests from the local system. This value maps from the aLldpXdot3RemRxTwSys attribute. Remote Tw_sys_rx Integer that indicates the value of Receive Tw_sys echoed back Echo (μSec) by the remote system.

Page 439: Show Green-Mode
Tx Low Power Idle Event Count..0 Tx Low Power Idle Duration (uSec)..0 Tw_sys_tx (usec)..... 17 Tw_sys_tx Echo(usec)....17 Tw_sys_rx (usec)..... 17 Tw_sys_tx Echo(usec)....17 Fallback Tw_sys (usec)....17 Remote Tw_sys_tx (usec)....21 Remote Tw_sys_tx Echo(usec)..21 Remote Tw_sys_rx (usec)....21 Remote Tw_sys_tx Echo(usec)..

Page 440: Show Green-Mode Eee-Lpi-History Interface
Term Description Energy Detect Energy-detect Energy-detect Admin mode is enabled or disabled. Config Energy-detect Opr Energy detect mode is currently active or inactive. The energy detect mode may be administratively enabled, but the operational status may be inactive. EEE Config EEE Admin Mode is enabled or disabled.

Page 441 Syntax interface-id show green-mode eee-lpi-history interface interface-id • —Any valid interface. See Interface Naming Conventions interface representation. Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines On combo ports, samples are only collected on the copper ports when enabled.

Page 442: Green Ethernet Commands
Percentage of Percentage of SampleTime Since Time Spent in Time Spent in No. the SampleLPI Mode SinceLPI Mode Since Was Recorded Last SampleLast Reset ------ -------------- -------------- -------------- 0d:00:00:13 0d:00:00:44 0d:00:01:15 0d:00:01:46 0d:00:02:18 0d:00:02:49 0d:00:03:20 0d:00:03:51 0d:00:04:22 0d:00:04:53 Green Ethernet Commands...

Page 443: Gvrp Commands
GVRP Commands Dell Networking N2000/N3000/N4000 Series Switches GARP VLAN Registration Protocol (GVRP) is used to propagate VLAN membership information throughout the network. GVRP is based on the Generic Attribute Registration Protocol (GARP), which defines a method of propagating a defined attribute (that is, VLAN membership) throughout the network.

Page 444: Garp Timer
Syntax port- clear gvrp statistics [{gigabitethernet unit/slot/port | port-channel channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example clears all the GVRP statistics information on port 1/0/8.

Page 445: Gvrp Enable (Global)
timer_value — Timer values in centiseconds. The range is 10-100 for join, • 20-600 for leave, and 200-6000 for leaveall. Default Configuration The default timer values are as follows: • Join timer — 20 centiseconds • Leave timer — 60 centiseconds •...

Page 446: Gvrp Enable (Interface)
Syntax gvrp enable no gvrp enable Default Configuration GVRP is globally disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example globally enables GVRP on the device. console(config)#gvrp enable gvrp enable (interface) Use the gvrp enable command in Interface Configuration mode to enable GVRP on an interface.

Page 447: Gvrp Registration-Forbid
User Guidelines An Access port cannot join dynamically to a VLAN because it is always a member of only one VLAN. Membership in untagged VLAN would be propagated in a same way as a tagged VLAN. In such cases it is the administrator’s responsibility to set the PVID to be the untagged VLAN VID.

Page 448: Show Gvrp Configuration
Example The following example shows how default dynamic registering and deregistering is forbidden for each VLAN on port 1/0/8. console(config)#interface gigabitethernet 1/0/8 console(config-if-Gi1/0/8)#gvrp registration-forbid gvrp vlan-creation-forbid Use the gvrp vlan-creation-forbid command in Interface Configuration mode to disable dynamic VLAN creation. To enable dynamic VLAN creation, use the no form of this command.

Page 449 Syntax port- show gvrp configuration [{gigabitethernet unit/slot/port | port-channel channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows how to display GVRP configuration information:...

Page 450: Show Gvrp Error-Statistics
show gvrp error-statistics Use the show gvrp error-statistics command in User EXEC mode to display GVRP error statistics. Syntax port- show gvrp error-statistics [{gigabitethernet unit/slot/port| port-channel channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode User EXEC mode, Configuration mode and all Configuration submodes User Guidelines...

Page 451: Show Gvrp Statistics
show gvrp statistics Use the show gvrp statistics command in User EXEC mode to display GVRP statistics. Syntax port- show gvrp statistics [{gigabitethernet unit/slot/port| port-channel channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode User EXEC mode, Configuration mode and all Configuration submodes User Guidelines...

Page 452 1/0/5 1/0/6 1/0/7 1/0/8 GVRP Commands...

Page 453: Igmp Snooping Commands
IGMP messages. Although the software processing the IGMP messages could maintain state information based on the full IP group addresses, the forwarding tables in Dell Networking are mapped to link layer addresses. The Multicast Forwarding Database (MFDB) manages the forwarding address table for Layer 2 multicast protocols, such as IGMP Snooping.

Page 454: Ip Igmp Snooping
mechanism. This means that all other routers on the network are suppressed and thus not detectable by the switch. If a query is not received on an interface within a specified length of time (multicast router present expiration time), that interface is removed from the list of interfaces with multicast routers attached.

Page 455 Default Configuration IGMP snooping is enabled globally and on all VLANs by default. Command Mode Global Configuration mode User Guidelines Use this command without parameters to globally enable IGMP snooping. Use the no form of the command to disable IGMP snooping. Use the vlan parameter to enable IGMP snooping on a specific VLAN.

Page 456: Show Ip Igmp Snooping
show ip igmp snooping Use the show ip igmp snooping command in Privileged EXEC mode to display the IGMP snooping configuration and SSM statistics. Syntax vlan-id show ip igmp snooping [vlan vlan-id • —Specifies a VLAN ID value. Default Configuration This command has no default configuration.

Page 457: Show Ip Igmp Snooping Groups
show ip igmp snooping groups Use the show ip igmp snooping groups command in User EXEC mode to display the Multicast groups learned by IGMP snooping and IGMP SSM entries. Syntax vlan-id ip-multicast-address show ip igmp snooping groups [vlan ] [address vlan_id —...

Page 458: Show Ip Igmp Snooping Mrouter
VLAN Group Reporter Filter Source Address ---- --------------------- ----------------- ------- ---------- ----------- 224.2.2.2 192.168.10.2 include Te1/0/1 1.1.1.2 console(config)#show ip igmp snooping Admin Mode........Enable IGMP Router-Alert check......Disabled Multicast Control Frame Count....6847 SSM FDB Capacity....... 128 SSM FDB High Water Mark......1 SSM FDB Current Entries......

Page 459: Ip Igmp Snooping Vlan Immediate-Leave
User Guidelines This command has no user guidelines. Example The following example shows IGMP snooping mrouter information. console#show ip igmp snooping mrouter VLAN ID Port ------- ----------- Gi2/0/1 ip igmp snooping vlan immediate-leave This command enables or disables IGMP Snooping immediate-leave mode on a selected VLAN.

Page 460: Ip Igmp Snooping Vlan Groupmembership-Interval
User Guidelines This command has no user guidelines. Example The following example enables IGMP snooping immediate-leave mode on VLAN 2. console(config)#ip igmp snooping vlan 2 immediate-leave ip igmp snooping vlan groupmembership-interval This command sets the IGMP Group Membership Interval time on a VLAN. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a particular interface before deleting the interface from the entry.

Page 461 Example The following example configures an IGMP snooping group membership interval of 1500 seconds on VLAN 2. console(config)#ip igmp snooping vlan 2 groupmembership-interval 1500 ip igmp snooping vlan last-member-query- interval This command sets the last-member-query interval on a particular VLAN. The last-member-query-interval is the amount of time in seconds after which a host is considered to have left the group.

Page 462: Ip Igmp Snooping Vlan Mcrtrexpiretime
console(config)#ip igmp snooping vlan 2 last-member-query-interval 7 ip igmp snooping vlan mcrtrexpiretime This command sets the Multicast Router Present Expiration time. The time is set on a particular VLAN. This is the amount of time in seconds that a switch waits for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached.

Page 463: Ip Igmp Snooping Unregistered Floodall
Syntax vlan-id ip igmp snooping vlan report-suppression no ip igmp report-suppression vlan id — Number assigned to the VLAN • Default Configuration Report suppression is enabled by default. Command Mode Global Configuration mode User Guidelines When IGMP report suppression is enabled, the switch only sends the first report received for a group in response to a query.

Page 464: Ip Igmp Snooping Vlan Mrouter
Command Mode Global Configuration mode. User Guidelines There is no equivalent MLD command since this setting applies to both protocols. Example console(config)#ip igmp snooping unregistered floodall ip igmp snooping vlan mrouter This command statically configures a port as connected to a multicast router for a specified VLAN.

Page 465 Example console(config)#ip igmp snooping vlan 10 mrouter interface Gi1/0/2 IGMP Snooping Commands...

Page 466 IGMP Snooping Commands...

Page 467: Igmp Snooping Querier Commands
In a network with IP multicast routing, an IP multicast router acts as the IGMP querier. However, if it is required that the IP-multicast traffic in a VLAN be switched and no multicast router is present in the network, the Dell Networking switch can be configured as an IGMP querier. When IGMP...

Page 468: Ip Igmp Snooping Querier
ip igmp snooping querier This command enables IGMP Snooping Querier on the system (Global Configuration mode) or on a VLAN. Using this command, you can specify the IP address that the snooping querier switch should use as the source address when generating periodic queries. The no form of this command disables IGMP Snooping Querier on the system.

Page 469: Ip Igmp Snooping Querier Election Participate
User Guidelines When using the command in Global Configuration mode to configure a snooping querier source address, the IPv4 address is the global querier address. When using the command in VLAN Configuration mode to configure a snooping querier source address, the IPv4 address is the querier address for the VLAN.

Page 470: Ip Igmp Snooping Querier Query-Interval
Syntax vlan-id ip igmp snooping querier election participate vlan-id no ip igmp snooping querier election participate Default Configuration The snooping querier is configured to not participate in the querier election by default. If the switch detects another querier in the VLAN, it will cease sending queries for the querier timeout period.

Page 471: Ip Igmp Snooping Querier Timer Expiry
Command Mode Global Configuration mode User Guidelines The value of this parameter should be larger than the IGMP Max Response Time value inserted into general query messages by the querier. The default IGMP Max Response Time is defined in RFC 3376 as 10 seconds. DNOS queriers use this value when sending general query messages.

Page 472: Ip Igmp Snooping Querier Version
User Guidelines This command has no user guidelines. Example The following example sets the querier timer expiry time to 100 seconds. console(config)#ip igmp snooping querier timer expiry 100 ip igmp snooping querier version This command sets the IGMP version of the query that the snooping switch is going to send periodically.

Page 473: Show Ip Igmp Snooping Querier
show ip igmp snooping querier This command displays IGMP Snooping Querier information. Configured information is displayed whether or not IGMP Snooping Querier is enabled. If a querier is active in the network and IGMP snooping querier is enabled, the querier’s IP address is shown in the Last Querier Address field. Syntax vlan_id show ip igmp snooping querier [detail | vlan...

Page 474 Parameter Description VLAN Admin Mode Indicates whether IGMP Snooping Querier is active on the VLAN. VLAN Operational Indicates whether IGMP Snooping Querier is in the Querier or State Non-Querier state. When the switch is in Querier state it sends out periodic general queries. When in Non-Querier state it waits for moving to Querier state and does not send out any queries.

Page 475 Operational State......Querier Last Querier Address..... 2.2.2.2 Operational version....2 Operational Max Resp Time....10 IGMP Snooping Querier Commands...

Page 476 IGMP Snooping Querier Commands...

Page 477: Ip Addressing Commands
IP Addressing Commands Dell Networking N2000/N3000/N4000 Series Switches Interfaces on the Dell Networking switches support a variety of capabilities to support management of the switch. In addition to performing switching and routing of network traffic, Dell Networking switches act as a host for management of the switch.

Page 478: Clear Host
clear host Use the clear host command in Privileged EXEC mode to delete entries from the host name-to-address cache. Syntax name clear host { | *} name — Host name to be deleted from the host name-to-address cache. • (Range: 1-255 characters) •...

Page 479: Interface Out-Of-Band
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console# console#configure console(config)#clear ip address-conflict-detect interface out-of-band Use the interface out-of-band command to enter into OOB interface configuration mode. Syntax interface out-of-band Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines...

Page 480 Syntax ip-address mask prefix-length ip address { } | dhcp} no ip address ip-address —Specifies a valid IP address. • mask —Specifies a valid subnet (network) mask IP address. • prefix-length —The number of bits that comprise the IP address prefix. •...

Page 481: Ip Address-Conflict-Detect Run
ip address-conflict-detect run Use the ip address-conflict-detect run command in Global Configuration mode to trigger the switch to run active address conflict detection by sending gratuitous ARP packets for IPv4 addresses on the switch. Syntax ip address–conflict–detect run Default Configuration This command has no default configuration.

Page 482 Command Mode Interface (VLAN) Configuration mode User Guidelines This command only applies to routing interfaces. When DHCP is enabled on a routing interface, the system automatically deletes all manually configured IPv4 addresses on the interface. • The command no ip address removes the interface’s primary address (Manual/DHCP) including the secondary addresses, if configured, and sets the Interface method to None.

Page 483: Ip Default-Gateway
ip default-gateway Use the ip default-gateway command in Global Configuration mode to configure a default gateway (router). Syntax ip-address ip default-gateway ip-address no ip default-gateway ip-address —Valid IPv4 address of an attached router. • Default Configuration No default gateway is defined. Command Mode Global Configuration mode User Guidelines...

Page 484: Ip Domain-Lookup
ip domain-lookup Use the ip domain-lookup command in Global Configuration mode to enable IP Domain Naming System (DNS)-based host name-to-address translation. To disable the DNS, use the no form of this command. Syntax ip domain-lookup no ip domain-lookup Default Configuration DNS name resolution is enabled by default.

Page 485: Ip Host
Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines a default domain name of dell.com. console(config)#ip domain-name dell.com ip host Use the ip host command in Global Configuration mode to define static host name-to-address mapping in the host cache.

Page 486: Ip Name-Server
Example The following example defines a static host name-to-address mapping in the host cache. console(config)#ip host accounting.dell.com 176.10.23.1 ip name-server Use the ip name-server command in Global Configuration mode to define available IPv4 or IPv6 name servers. To delete a name server, use the no form of this command.

Page 487: Ipv6 Address (Interface Configuration)
ipv6 address (Interface Configuration) Use the ipv6 address command to set the IPv6 address of the management interface. Use the no form of this command to reset the IPv6 address to the default. Syntax prefix/prefix-length ipv6 address { [eui64] | autoconfig | dhcp} no ipv6 address prefix —Consists of the bits of the address to be configured.

Page 488: Ipv6 Address (Oob Port)
console(config-if-vlan10)#ipv6 enable console(config-if-vlan10)#ipv6 address dhcp Configure a default gateway on vlan 10 console(config)#no ipv6 address autoconfig console(config)#no ipv6 address 2003::6/64 console(config)#no ipv6 address 2001::/64 eui64 console(config)#no ipv6 address ipv6 address (OOB Port) Use the ipv6 address command in Interface (out-of-band) Configuration mode to set the IPv6 prefix on the out-of-band port.

Page 489: Ipv6 Address Dhcp
Command Mode Interface (out-of-band) Configuration mode User Guidelines When DHCPv6 is enabled on the Out-of-Band interface, the system automatically deletes all manually configured IPv6 addresses on the interface. DHCPv6 can be enabled on the Out-of-Band interface only when IPv6 auto configuration or DHCPv6 is not enabled on any of the in-band management interfaces.

Page 490: Ipv6 Enable (Interface Configuration)
This command will fail if DHCPv6 server has been configured on the interface. Examples In the following example, DHCPv6 is enabled on interface vlan2. console#config console(config)#interface vlan2 console(config-if-vlan2)#ipv6 address dhcp ipv6 enable (Interface Configuration) Use the ipv6 enable command in Interface Configuration mode to enable IPv6 on a routing interface.

Page 491: Ipv6 Enable (Oob Configuration)
ipv6 enable (OOB Configuration) Use the ipv6 enable command in Interface (out-of-band) Configuration mode to enable IPv6 operation on the out-of-band interface. Prefixes configured by the ipv6 address command are not configured until the interface is enabled. Syntax ipv6 enable no ipv6 enable Default Configuration By default, IPv6 is not enabled on the out-of-band port.

Page 492: Show Hosts
Command Mode Interface (out-of-band) Configuration mode User Guidelines There are no user guidelines for this command. show hosts Use the show hosts command in User EXEC mode to display the default domain name, a list of name server hosts, and the static and cached list of host names and addresses.

Page 493: Show Ip Address-Conflict
-------------------------- ---------------------------- accounting.gm.com 176.16.8.8 Cache: TTL (Hours) Host Total Elapsed Type Addresses ---------------- ----- ------- ------- ------------- www.stanford.edu 171.64.14.203 show ip address-conflict Use the show ip address-conflict command in User EXEC or Privileged EXEC mode to display the status information corresponding to the last detected address conflict.

Page 494 Example console#show ip address-conflict Address Conflict Detection Status...Conflict Detected Last Conflicting IP Address..10.131.12.56 Last Conflicting MAC Address..00:01:02:04:5A:BC Time Since Conflict Detected..5 days 2 hrs 6 mins 46 secs console#show ip address-conflict Address Conflict Detection Status..No Conflict Detected show ip helper-address Use the show ip helper-address command in Privileged EXEC mode to display IP helper addresses configuration.

Page 495: Show Ipv6 Dhcp Interface Out-Of-Band Statistics
vlan 30 dhcp vlan 30 0 192.168.23.1 dhcp 0 192.168.40.1 show ipv6 dhcp interface out-of-band statistics Use the show ipv6 dhcp interface out-of-band statistics command in Privileged EXEC mode to display IPv6 DHCP statistics for the out-of-band interface. Syntax show ipv6 dhcp interface out-of-band statistics Default Configuration This command has no default configuration.

Page 496: Show Ipv6 Interface Out-Of-Band
show ipv6 interface out-of-band Use the show ipv6 interface out-of-band command in Privileged EXEC mode to show the IPv6 out-of-band port configuration. Syntax show ipv6 interface out-of-band Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.

Page 497: Ipv6 Access List Commands
The Dell Networking ACL feature allows classification of packets based upon Layer 2 through Layer 4 header information. An Ethernet IPv6 packet is distinguished from an IPv4 packet by its unique Ethertype value; thus all IPv6 classifiers include the Ethertype field.

Page 498 ipv6 access-list rename – deny permit (IPv6 ACL) This command creates a new rule for the current IPv6 access list. Each rule is appended to the list of configured rules for the list. A rule may either deny or permit traffic according to the specified classification fields.

Page 499 icmp-type icmp-code icmp-message type ] | icmp-message [icmp-code dscp queue-id [routing] [fragments] [dscp ]}} [log] [assign-queue ] [{mirror unit/slot/port rate burst-size | redirect} ] [rate-limit {deny | permit}–Specifies whether the IP ACL rule permits or denies the • matching traffic. ipv6-protocol number every...

Page 500 – When “gt” is specified, IPv6 ACL rule matches if the layer 4 destination port number is greater than the specified port number or portkey. It is equivalent to specifying the range as to 65535. –...

Page 501 Urg – Urgent bit – icmp-type [icmp-code icmp-code ] | icmp-message icmp- • [icmp-type message ]—Specifies a match condition for ICMP packets. – When icmp-type is specified, IP ACL rule matches on the specified ICMP message type, a number from 0 to 255. –...

Page 502 queue-id —Specifies the assign-queue, which is the queue • assign-queue identifier to which packets matching this rule are assigned. unit/slot/ port —Specifies the mirror or redirect • {mirror | redirect} interface which is the unit/slot/port to which packets matching this rule are copied or forwarded, respectively.

Page 503 Since ACLs have an implicit deny all at the end of the last access-group, IPv6 ACLs need an explicit permit icmp any any nd-na and permit icmp any any nd-ns statements as match conditions. These additional conditions allow for ICMPv6 neighbor discovery to occur. The 'no' form of this command is not supported, since the rules within an IPv6 ACL cannot be deleted individually.

Page 504: Ipv6 Access-List
ipv6 access-list The ipv6 access-list command creates an IPv6 Access Control List (ACL) consisting of classification fields defined for the IP header of an IPv6 frame. name parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the IPv6 access list. If an IPv6 ACL with this name already exists, this command enters Ipv6- Access-List Configuration mode to update the existing IPv6 ACL.

Page 505: Ipv6 Traffic-Filter
Syntax name newname ipv6 access-list rename name — the name of an existing IPv6 ACL. • newname — alphanumeric string from 1 to 31 characters uniquely • identifying the IPv6 access list. Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode User Guidelines...

Page 506 Syntax name seq-num ipv6 traffic-filter [in | out | control-plane][ name no ipv6 traffic-filter • name — Alphanumeric string of 1 to 31 characters uniquely identifying the IPv6 access list. • in — The access list is applied to ingress packets. •...

Page 507: Show Ipv6 Access-Lists
show ipv6 access-lists Use the show ipv6 access-lists command in User EXEC and Privileged EXEC mode to display an IPv6 access list and all of the rules that are defined for the name IPv6 ACL. Use the [ ] parameter to identify a specific IPv6 ACL to display.

Page 508 IPv6 Access List Commands...

Page 509: Ipv6 Mld Snooping Commands
(ICMPv6), and MLD messages are a subset of ICMPv6 messages, identified in IPv6 packets by a preceding Next Header value of 58. Dell Networking switches can snoop on both MLDv1 and MLDv2 protocol packets and bridge IPv6 multicast data based on destination IPv6 Multicast MAC Addresses.

Page 510: Ipv6 Mld Snooping Vlan Immediate-Leave
ipv6 mld snooping vlan groupmembership- interval The ipv6 mld snooping vlan groupmembership-interval command sets the MLD Group Membership Interval time on a VLAN or interface. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a particular interface before deleting the interface from the entry.

Page 511: Ipv6 Mld Snooping Listener-Message-Suppression
You should enable immediate-leave admin mode only on VLANs where only one host is connected to each layer 2 LAN port. This prevents the inadvertent dropping of the other hosts that were connected to the same layer 2 LAN port, but were still interested in receiving multicast traffic directed to that group.

Page 512 Default Configuration Listener message suppression is enabled by default. Command Mode Global Configuration mode. User Guidelines MLD listener message suppression is equivalent to IGMP report suppression. When MLD listener message suppression is enabled, the switch only sends the first report received for a group in response to a query. Listener message suppression is only applicable to MLDv1.

Page 513: Ipv6 Mld Snooping Vlan Mcrtexpiretime
User Guidelines This command has no user guidelines. Example console(config)#ipv6 mld snooping vlan 2 last-listener-query-interval 7 ipv6 mld snooping vlan mcrtexpiretime The ipv6 mld snooping mcrtexpiretime command sets the Multicast Router Present Expiration time. The time is set for a particular interface or VLAN. This is the amount of time in seconds that a switch waits for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached.

Page 514: Ipv6 Mld Snooping Vlan Mrouter
ipv6 mld snooping vlan mrouter This command statically configures a port as connected to a multicast router for a specified VLAN. The no form of this command removes the static binding. Syntax vlan-id interface ipv6 mld snooping vlan mrouter interface vlan-id interface no ipv6 mld snooping vlan...

Page 515: Show Ipv6 Mld Snooping
Default Configuration MLD Snooping is enabled globally and on all VLANs by default. Command Mode Global Configuration mode. User Guidelines Use this command without parameters to globally enable MLD Snooping. Use the no form of the command to disable MLD Snooping. Use the vlan parameter to enable MLD Snooping on a specific VLAN.

Page 516 Syntax show ipv6 mld snooping [interface {{gigabitethernet unit/slot/port| port- port-channel-number | tengigabitethernet unit/slot/port | channel vlan-id fortygigabitethernet unit/slot/port}} | vlan Default Configuration This command has no default configuration Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines With no optional arguments, the command displays the following information: •...

Page 517: Show Ipv6 Mld Snooping Groups
• Group Membership Interval — Shows the amount of time in seconds that a switch will wait for a report from a particular group on a particular interface, which is participating in the VLAN, before deleting the interface from the entry. This value may be configured. •...

Page 518 Syntax vlan-id ipv6-multicast- show ipv6 mld snooping groups [{vlan | address address vlan_id — Specifies a VLAN ID value. • ipv6-multicast-address — Specifies an IPv6 Multicast address. • Default configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This user guideline applies to all switch models.To see the full Multicast address table (including static addresses) use the...

Page 519: Show Ipv6 Mld Snooping Mrouter
show ipv6 mld snooping mrouter Use the show ipv6 mld snooping mrouter command in Privileged EXEC mode to display information on dynamically learned Multicast router interfaces. Syntax show ipv6 mld snooping mrouter Default configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines...

Page 520 IPv6 MLD Snooping Commands...

Page 521 IPv6 MLD Snooping Querier Commands Dell Networking N2000/N3000/N4000 Series Switches The MLD Snooping Querier is an extension of the MLD Snooping feature. MLD Snooping Querier allows the switch to simulate an MLD router in a Layer 2-only network, thus removing the need to have an MLD Router to collect the multicast group membership information.

Page 522: Ipv6 Mld Snooping Querier (Vlan Mode)
Syntax ipv6 mld snooping querier no ipv6 mld snooping querier Default Configuration MLD Snooping Querier is disabled by default. Command Mode Global Configuration mode User Guidelines It is not recommended the MLD Snooping Querier be enabled on a switch enabled for IPv6 multicast routing. Example console(config)#ipv6 mld snooping querier ipv6 mld snooping querier (VLAN mode)

Page 523: Ipv6 Mld Snooping Querier Address
User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 mld snooping querier vlan 10 ipv6 mld snooping querier address Use the ipv6 mld snooping querier address command to set the global MLD Snooping Querier address. Use the no form of this command to reset the global MLD Snooping Querier address to the default.

Page 524: Ipv6 Mld Snooping Querier Query-Interval
enabled, if the Snooping Querier finds that the other Querier's source address is numerically lower than the Snooping Querier's address, it stops sending periodic queries. If the Snooping Querier wins the election then it will continue sending periodic queries. Use the no form of this command to disable election participation on a VLAN.

Page 525: Ipv6 Mld Snooping Querier Timer Expiry
interval — Amount of time that the switch waits before sending another • general query. (Range: 1–1800 seconds) Default Configuration The default query interval is 60 seconds. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example console(config)#ipv6 mld snooping querier 120 ipv6 mld snooping querier timer expiry...

Page 526: Show Ipv6 Mld Snooping Querier
User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 mld snooping querier timer expiry 222 show ipv6 mld snooping querier Use the show ipv6 mld snooping querier command to display MLD Snooping Querier information. Configured information is displayed whether or not MLD Snooping Querier is enabled.

Page 527 Querier Query Interval Shows the amount of time that a Snooping Querier waits before sending out a periodic general query. Querier Expiry Interval Displays the amount of time to wait in the Non-Querier operational state before moving to a Querier state. When the optional argument vlan vlan-id is used, the following additional information appears: Parameter...

Page 528 IPv6 MLD Snooping Querier Commands...

Page 529: Ip Source Guard Commands
IP Source Guard Commands Dell Networking N2000/N3000/N4000 Series Switches IP Source Guard (IPSG) is a security feature that filters IP packets based on source ID. The source ID may either be source IP address or a {source IP address, source MAC address} pair. The network administrator configures whether enforcement includes the source MAC address.

Page 530 Use the no form of the command to enable unverified traffic to flow over the interfaces. Syntax ip verify source {port-security} no ip verify source • port-security—Enables filtering based on IP address, VLAN, and MAC address. Default Configuration By default, no sources are blocked. Command Mode Interface Configuration mode User Guidelines...

Page 531: Ip Verify Binding
ip verify source port-security Use the ip verify source port-security command in Interface Configuration mode to enable filtering of IP packets that do not match the source IP address and the source MAC address bindings in the DHCP snooping database.. Syntax ip verify source port-security Default Configuration...

Page 532: Show Ip Verify
User Guidelines The configured IP address and MAC address are used to match the source IP address and source MAC address for packets received on the interface. Hosts sending packets using the configured source IP address and source MAC address are trusted on the interface. Example console(config)#ip verify binding 00:11:22:33:44:55 vlan 1 1.2.3.4 interface gigabitethernet 1/0/2...

Page 533: Show Ip Verify Source
----------- ----------- Gi1/0/1 ipv4 Gi1/0/2 ipv4-mac Gi1/0/3 Gi1/0/4 Gi1/0/5 ipv4-mac Gi1/0/6 Gi1/0/7 Gi1/0/8 Gi1/0/9 console(config-if-Gi1/0/5)#show ip verify interface gi1/0/5 Interface Filter Type ----------- ----------- Gi1/0/5 ipv6-mac show ip verify source Use the show ip verify source command in Privileged EXEC mode to display the bindings configured on a particular interface or all interfaces.

Page 534: Show Ip Source Binding
show ip source binding Use the show ip source binding command in Privileged EXEC mode to display all bindings (static and dynamic). Syntax show ip source binding Default Configuration There is no default configuration for this command. Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.

Page 535: Iscsi Optimization Commands
Optimization Commands Dell Networking N2000/N3000/N4000 Series Switches iSCSI Optimization provides a means of performing configuration specific to storage traffic and optionally giving traffic between iSCSI initiator and target systems special Quality of Service (QoS) treatment. iSCSI Optimization is best applied to mixed-traffic networks where iSCSI packets constitutes a portion of overall traffic.

Page 536: Iscsi Aging Time
In addition, if configured, the packets can be updated with IEEE 802.1p or IP-DSCP values. This is done by enabling remark. Remarking packets with priority data provides special QoS treatment as the packets continue through the network. iSCSI Optimization borrows ACL lists from the global system pool. ACL lists allocated by iSCSI Optimization reduce the total number of ACLs available for use by the network operator.

Page 537: Iscsi Cos
User Guidelines Changing the aging time has the following behavior: • When aging time is increased, current sessions will be timed out according to the new value. • When aging time is decreased, any sessions that have been dormant for a time exceeding the new setting will be immediately deleted from the table.

Page 538 Default Configuration By default, frames are not remarked. The default vpt setting for iSCSI is 4, which the default class of service dot1p mapping assigns to queue 2. Command Mode Global Configuration mode. User Guidelines The remark option only applies to DSCP values. Remarking is not available for vpt values.

Page 539: Iscsi Enable
console(config)#iscsi cos dscp 10 remark iscsi enable The iscsi enable command globally enables iSCSI optimization. To disable iSCSI optimization, use the no form of this command. Syntax iscsi enable no iscsi enable Default Configuration iSCSI is enabled by default. Command Mode Global Configuration mode User Guidelines This command modifies the running config to enable flow control on all...

Page 540: Iscsi Target Port
AE Selector = 1 AE Protocol = 3260 AE Priority = priority configured for iSCSI PFC (the VPT value above). This TLV is sent in addition to any Application Priority TLV information received from the configuration source. If the configuration source is sending iSCSI or FCoE application priority information, it is not necessary to enable iscsi cos to send the iSCSI Application Priority TLV.

Page 541 the first character. A question mark may not appear anywhere in the target name. The name can contain embedded blanks if enclosed in double quotes. Default Configuration iSCSI well-known ports 3260 and 860 are configured by default but can be removed as any other configured target.

Page 542: Show Iscsi
show iscsi Use the show iscsi command in Privileged EXEC mode to display the iSCSI configuration. Syntax show iscsi Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.

Page 543: Show Iscsi Sessions
show iscsi sessions Use the show iscsi sessions command in Privileged EXEC mode to display the iSCSI status. Syntax show iscsi sessions [detailed] • detailed — Displayed list has additional data when this option is used. Default Configuration If not specified, sessions are displayed in short mode (not detailed). Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines...

Page 544 ----------------------------------------------------- Session 1: Initiator: iqn.1992-04.com.os vendor.plan9:cdrom.12.storage:sys1.xyz ----------------------------------------------------- Time started: 17-Jul-2008 10:04:50 Time for aging out: 10 min ISID: 11 Initiator Initiator Target Target IP address TCP port IP address IP port 172.16.1.3 49154 172.16.1.20 30001 172.16.1.4 49155 172.16.1.21 30001 172.16.1.5 49156 172.16.1.22 30001 Session 2: ----------------------------------------------------- Initiator: iqn.1995-05.com.os-vendor.plan9:cdrom.10...

Page 545: Link Dependency Commands
Link Dependency Commands Dell Networking N2000/N3000/N4000 Series Switches Link dependency allows the link status of a group of interfaces to be made dependent on the link status of other interfaces. The effect is that the link status of a group that depends on another interface either mirrors or inverts the link status of the depended-on interface.

Page 546: Link-Dependency Group
Command Mode Link Dependency mode User Guidelines The action up command will cause the group members to be up when no depended-on interfaces are up. Example console(config-depend-1)#action up link-dependency group Use the link-dependency group command to enter the link-dependency mode to configure a link-dependency group. Syntax GroupId link-dependency group...

Page 547 Use this command to add member ten gigabit or gigabit Ethernet port(s) or port channels to the dependency list. Syntax intf-list add {gigabitethernet | tengigabitethernet | port-channel} intf-list — List of Ethernet interfaces in unit/slot/port format. Separate • nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports.

Page 548: Show Link-Dependency
Syntax depends-on {gigabitethernet | port-channel | tengigabitethernet | intf-list fortygigabitethernet} no depends-on {gigabitethernet | port-channel | tengigabitethernet | intf-list fortygigabitethernet} intf-list — List of ports in unit/slot/port format or port-channel numbers. • Separate nonconsecutive items with a comma and no spaces. Use a hyphen to designate the range of ports or port-channel numbers.

Page 549 Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines No specific guidelines. Example The following command shows link dependencies for all groups. console#show link-dependency GroupId Member Ports Ports Depended On Link Action Group State ------- ----------------------------------------------------- 1 Gi4/0/2-3,Gi4/0/5 Gi4/0/10-12 Link Up Up/Down The following command shows link dependencies for group 1 only.

Page 550 Link Dependency Commands...

Page 551: Lldp Commands
Devices are not required to implement both transmit and receive functions and each function can be enabled or disabled separately by the network manager. Dell Networking supports both the transmit and receive functions in order to support device discovery.

Page 552: Clear Lldp Remote-Data
The receive function accepts incoming LLDPDU frames and stores information about the remote stations. Both local and remote data may be displayed by the user interface and retrieved using SNMP as defined in the LLDP MIB definitions. The component maintains one remote entry per physical network connection.

Page 553: Clear Lldp Statistics
Default Configuration By default, data is removed only on system reset. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays how to clear the LLDP remote data. console#clear lldp remote-data clear lldp statistics Use the clear lldp statistics command in Privileged EXEC mode to reset all LLDP statistics.

Page 554: Dcb Enable
dcb enable This command enables the sending of DCBX information in LLDP frames. Syntax dcb enable no dcb enable Command Mode Global Configuration mode Default Value The sending of DCBX information in enabled by default. User Guidelines Use this command to disable the sending of DCBX information when it is desirable to utilize legacy QoS and disable the automatic configuration of CNAs based on transmitted DCBX information.

Page 555: Lldp Med Confignotification
Default Value LLDP-MED is disabled on all supported interfaces. User Guidelines No specific guidelines. Example console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#lldp med lldp med confignotification This command is used to enable sending the topology change notification. Syntax lldp med confignotification no lldp med confignotification Command Mode Interface (Ethernet) Configuration Default Value...

Page 556: Lldp Med Transmit-Tlv
no lldp med faststartrepeatcount count — Number of LLDPPDUs that are transmitted when the protocol is • enabled. (Range 1–10) Command Mode Global Configuration Default Value User Guidelines No specific guidelines. Example console(config)# lldp med faststartrepeatcount 2 lldp med transmit-tlv This command is used to specify which optional TLVs in the LLDP MED set are transmitted in the LLDPDUs.

Page 557: Lldp Notification
Example console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#lldp med transmit-tlv capabilities console(config-if-Gi1/0/1)#lldp med transmit-tlv network-policies lldp notification Use the lldp notification command in Interface Configuration mode to enable remote data change notifications. To disable notifications, use the no form of this command. Syntax lldp notification no lldp notification Default Configuration...

Page 558: Lldp Receive
Syntax interval lldp notification-interval no lldp notification-interval • interval — The smallest interval in seconds at which to send remote data change notifications. (Range: 5–3600 seconds) Default Configuration The default value is 5 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.

Page 559: Lldp Timers
User Guidelines This command has no user guidelines. Example The following example displays how to enable the LLDP receive capability. console(config-if-Gi1/0/3)#lldp receive lldp timers Use the lldp timers command in Global Configuration mode to set the timing parameters for local data transmission on ports enabled for LLDP . To return any or all parameters to factory default, use the no form of this command.

Page 560: Lldp Transmit
User Guidelines This command has no user guidelines. Examples The following example displays how to configure LLDP to transmit local information every 1000 seconds. console(config)#lldp timers interval 1000 The following example displays how to set the timing parameter at 1000 seconds with a hold multiplier of 8 and a 5 second delay before reinitialization.

Page 561: Lldp Transmit-Mgmt
lldp transmit-mgmt Use the lldp transmit-mgmt command in Interface Configuration mode to include transmission of the local system management address information in the LLDPDUs. To cancel inclusion of the management information, use the no form of this command. Syntax lldp transmit-mgmt no lldp transmit-mgmt Default Configuration By default, management address information is not included.

Page 562: Show Lldp
sys-name — Transmits the system name TLV • sys-desc — Transmits the system description TLV • • sys-cap — Transmits the system capabilities TLV • port desc — Transmits the port description TLV Default Configuration By default, no optional TLVs are included. Command Mode Interface Configuration (Ethernet) mode User Guidelines...

Page 563: Show Lldp Interface
User Guidelines This command has no user guidelines. Example The following example displays the current LLDP configuration summary. console# show lldp Global Configurations: Transmit Interval: 30 seconds Transmit TTL Value: 120 seconds Reinit Delay: 2 seconds Notification Interval: limited to every 5 seconds console#show lldp LLDP transmit and receive disabled on all interfaces show lldp interface...

Page 564: Show Lldp Local-Device
--------- ---- -------- -------- -------- ------- ---- 1/0/1 Enabled Enabled Enabled 0,1,2,3 1/0/2 Down Enabled Enabled Disabled 1/0/3 Down Disabled Disabled Disabled 1,2 TLV Codes: 0 – Port Description, 1 – System Name, 2 – System Description, 3 – System Capability console# show lldp interface 1/0/1 Interface Link Transmit Receive Notify...

Page 565: Show Lldp Med
console#show lldp local-device all LLDP Local Device Summary Interface Port ID Port Description --------- -------------------- -------------------- 1/0/1 00:62:48:00:00:02 console# show lldp local-device detail 1/0/1 LLDP Local Device Detail Interface: 1/0/1 Chassis ID Subtype: MAC Address Chassis ID: 00:62:48:00:00:00 Port ID Subtype: MAC Address Port ID: 00:62:48:00:00:02 System Name: System Description: Routing...

Page 566: Show Lldp Med Interface
Fast Start Repeat Count: 3 Device Class: Network Connectivity show lldp med interface This command displays a summary of the current LLDP MED configuration for a specific interface. Syntax show lldp med interface {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port| all} • all —...

Page 567: Show Lldp Med Local-Device Detail
show lldp med local-device detail This command displays the advertised LLDP local data in detail. Syntax show lldp med local-device detail {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port} Command Mode Privileged EXEC, Configuration mode and all Configuration submodes Default Value Not applicable Example Console#show lldp med local-device detail 1/0/1 LLDP MED Local Device Detail...

Page 568: Show Lldp Med Remote-Device
Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE Available: 0.3 watts Source: primary Priority: critical Extended POE PD Required: 0.2 watts Source: local Priority: low show lldp med remote-device This command displays the current LLDP MED remote data.

Page 569 Example Console#show lldp med remote-device all LLDP MED Remote Device Summary Local InterfaceDevice Class --------------------- 1/0/1Class I 1/0/2 Not Defined 1/0/3Class II 1/0/4Class III 1/0/5Network Con Console#show lldp med remote-device detail 1/0/1 LLDP MED Remote Device Detail Local Interface: 1/0/1 Capabilities MED Capabilities Supported: capabilities, networkpolicy, location, extendedpse...

Page 570: Show Lldp Remote-Device
Model Name: xxx xxx xxx Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE Available: 0.3 Watts Source: primary Priority: critical Extended POE PD Required: 0.2 Watts Source: local Priority: low show lldp remote-device Use the lldp remote-device command in Privileged EXEC mode to display...

Page 571: Show Lldp Statistics
User Guidelines This command has no user guidelines. Examples These examples show current LLDP remote data, including a detailed version. console#show lldp remote-device Local Remote Interface Device ID Port ID TTL --------- ----------------- ----------------- ---------- 1/0/1 01:23:45:67:89:AB 01:23:45:67:89:AC 60 seconds 1/0/2 01:23:45:67:89:CD 01:23:45:67:89:CE 120 seconds...

Page 572: Traffic Statistics
User Guidelines This command has no user guidelines. Examples The following examples shows an example of the display of current LLDP traffic statistics. console#show lldp statistics all LLDP Device Statistics Last Update........0 days 22:58:29 Total Inserts........ 1 Total Deletes........ 0 Total Drops........

Page 573 Fields Description Total Ageouts Number of times any remote data entry has been deleted due to time-to-live (TTL) expiration. Transmit Total Total number of LLDP frames transmitted on the indicated port. Receive Total Total number of valid LLDP frames received on the indicated port.

Page 574 LLDP Commands...

Page 575 Multicast VLAN Registration Commands Dell Networking N2000/N3000/N4000 Series Switches Multicast VLAN registration (MVR) is a method for consolidating multicast traffic from multiple VLANs onto a single VLAN. A typical usage scenario would be the distribution of a multicast group to a switch using a single VLAN where the switch has users in different VLANs subscribing to the multicast group.

Page 576: Mvr Group
Commands in this Chapter This chapter explains the following commands: mvr type mvr group mvr vlan group mvr mode show mvr mvr querytime show mvr members mvr vlan show mvr interface mvr immediate show mvr traffic Use the mvr command in Global Configuration and Interface Configuration modes to enable MVR.

Page 577: Mvr Mode
Syntax A.B.C.D count mvr group A.B.C.D count no mvr group A.B.C.D —Specify a multicast group. • count —Specifies the number of multicast groups to configure. Groups are • configured contiguously by incrementing the first group specified. Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines...

Page 578: Mvr Querytime
no mvr mode compatible—Do not allow membership joins on source ports. • • dynamic—Send IGMP joins to the multicast source when IGMP joins are received on receiver ports. Default Configuration The default mode is compatible. Command Mode Global Configuration User Guidelines This command has no user guidelines.

Page 579: Mvr Vlan
User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message Defaulting MVR query response time. Error Completion Message None Example console(config)#interface Gi1/0/1 console(config-if-Gi1/0/1)#switchport access vlan 10 console(config-if-Gi1/0/1)#mvr console(config-if-Gi1/0/1)#mvr type receiver console(config-if-Gi1/0/1)#exit console(config)#mvr mode dynamic console(config)#mvr querytime 10 mvr vlan Use the mvr vlan command in Global Configuration mode to set the MVR...

Page 580: Mvr Immediate
Message Type Message Description Successful Completion Message MVR multicast VLAN ID is set to the default value which is equal to 1. Error Completion Message Receiver port in mVLAN, operation failed. mvr immediate Use the mvr immediate command in Interface Configuration mode to enable MVR Immediate Leave mode.

Page 581: Mvr Type
mvr type Use the mvr type command in Interface Configuration mode to set the MVR port type. Use the no form of this command to set the MVR port type to None. Syntax mvr type {receiver | source} no mvr type •...

Page 582: Mvr Vlan Group
console(config-if-Gi1/0/1)#interface Gi1/0/24 console(config-if-Gi1/0/24)#switchport mode trunk console(config-if-Gi1/0/24)#switchport trunk native vlan 99 console(config-if-Gi1/0/24)#switchport trunk allowed vlan add 99 console(config-if-Gi1/0/24)#mvr console(config-if-Gi1/0/24)#mvr type source console(config-if-Gi1/0/24)#exit mvr vlan group Use the mvr vlan group command in Interface Configuration mode to participate in the specific MVR group. Use the no form of this command to remove the port participation from the specific MVR group.

Page 583: Show Mvr
console(config-if-Gi1/0/24)#switchport trunk native vlan 2000 console(config-if-Gi1/0/24)#switchport trunk allowed vlan add 2000 console(config-if-Gi1/0/24)#mvr console(config-if-Gi1/0/24)#mvr type source console(config-if-Gi1/0/24)#mvr vlan 2000 group 239.1.1.1 show mvr Use the show mvr command in Privileged EXEC mode to display global MVR settings. Syntax show mvr Default Configuration This command has no default configuration.

Page 584: Show Mvr Members
Parameter Description MVR Current Multicast groups The current number of MVR groups allocated. MVR Query Response Time The current MVR query response time. MVR Mode The current MVR mode. It can be compatible or dynamic. Example console #show mvr MVR Running......TRUE MVR multicast VLAN.......

Page 585: Show Mvr Interface
Message Type Message Description Error Completion Message MVR disabled The following table explains the output parameters. Parameter Description MVR Group IP MVR group multicast IP address. Status The status of the specific MVR group. It can be active or inactive. Members The list of ports which participates in the specific MVR group.

Page 586 Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message None Error Completion Message MVR disabled The following table explains the output parameters. Parameter Description Port Interface number...

Page 587: Show Mvr Traffic
console#show mvr interface Fa1/0/23 members vlan 12 235.0.0.1 STATIC ACTIVE 235.1.1.1 STATIC ACTIVE show mvr traffic Use the show mvr traffic command in Privileged EXEC mode to display global MVR statistics. Syntax show mvr traffic Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines...

Page 588 Parameter Description IGMP Report V1 Transmitted Number of transmitted IGMP Reports V1. IGMP Report V2 Transmitted Number of transmitted IGMP Reports V2. IGMP Leave Transmitted Number of transmitted IGMP Leaves. IGMP Packet Receive Failures Number of failures on receiving the IGMP packets.

Page 589: Port Channel Commands
'members' as individual links. In the Dell Networking system, the Actor System waits for 3 seconds before aggregating manually. The 3 second wait time is specified by the protocol standard.

Page 590: Static Lags
Static LAGS A static LAG is fundamentally no different from a dynamically configured LAG. All the requirements for the member ports hold true (member ports must be physical, same speed, and so on). The only difference is this LAG has an additional parameter static which makes this LAG not require a partner system running Link Aggregation Control Protocol (LACP) to be able to aggregate it's member ports.

Page 591: Lag Hashing
Source/Destination IP and source/destination TCP/UDP Port fields of the packet. Enhanced LAG Hashing Dell Networking devices based on Broadcom XGS-IV silicon support configuration of hashing algorithms for each LAG interface. The hashing algorithm is used to distribute traffic load among the physical ports of the LAG while preserving the per-flow packet order.

Page 592: Manual Aggregation Of Lags
• Enhanced LAG hashing is the default hashing mode for LAGs. Manual Aggregation of LAGs Dell Networking switching supports the manual addition and deletion of links to aggregates. In the manual configuration of aggregates, the ports send their Actor Information (LACPDUs) to the partner system in order to find a suitable Partner to form an aggregation.

Page 593 hashing-mode show lacp lacp port-priority show statistics port-channel lacp system-priority – channel-group Use the channel-group command in Interface Configuration mode to associate a port with a port channel. To remove the channel-group configuration from the interface, use the no form of this command. Syntax port-channel-number channel-group...

Page 594: Interface Port-Channel
console(config-if-Gi1/0/6)# channel-group 1 mode active interface port-channel Use the interface port-channel command in Global Configuration mode to enter port-channel configuration mode. Syntax port-channel-number interface port-channel Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Port channel numbers range from 1 to 128.

Page 595 Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Commands in the interface range context are executed independently on each interface in the range. If the command returns an error on one of the interfaces, it stops the execution of the command on subsequent interfaces.

Page 596: Lacp Port-Priority
• 7 — Enhanced hashing mode Default Configuration The default hashing mode is 7—Enhanced hashing mode. Command Mode Interface Configuration (port-channel) User Guidelines No specific guidelines. Example console(config)#interface port-channel l console(config-if-po1)#hashing-mode 4 console(config-if-po1)#no hashing mode lacp port-priority Use the lacp port-priority command to configure the priority value for physical ports.

Page 597: Lacp System-Priority
User Guidelines Per IEEE 802.1AX-2008 Section 5.6, ports are selected for aggregation by each switch based upon the port priority assigned by the switch with the higher system priority, starting with the highest priority port of the switch with the higher switch priority, and working downward through the ordered list of port priority values for the ports.

Page 598: Lacp Timeout
Command Mode Global Configuration mode User Guidelines Per IEEE 802.1AX-2008 Section 5.6, ports are selected for aggregation by each switch based upon the port priority assigned by the switch with the higher system priority, starting with the highest priority port of the switch with the higher switch priority, and working downward through the ordered list of port priority values for the ports.

Page 599: Port-Channel Local-Preference
Default Configuration The default port timeout value is long. Command Mode Interface Configuration (Ethernet) mode Interface Range mode User Guidelines The LACP time-out setting indicates a local preference for the rate of LACPDU transmission and the period of time before invalidating received LACPDU information.

Page 600: Port-Channel Min-Links
Command Mode Interface Configuration (port-channel) mode User Guidelines For a LAG that contains links distributed across stacking units, the default behavior is to distribute locally received ingress traffic across all LAG links in the stack per the selected hashing algorithm. When enabled, this command disables forwarding of ingress unicast traffic across stacking links for a LAG that is comprised of links on multiple stack units.

Page 601: Show Interfaces Port-Channel
Command Mode Interface Configuration (port-channel) mode User Guidelines This command has no user guidelines. show interfaces port-channel Use the show interfaces port-channel command to show port-channel information. Syntax port-channel-number ] show interfaces port-channel [ Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines...

Page 602: Show Lacp
Po2No Configured PortsStatic31 Hash Algorithm Type 1 - Source MAC, VLAN, Ethertype, source module and port ID 2 - Destination MAC, VLAN, Ethertype, source module and port ID 3 - Source IP and source TCP/UDP port 4 - Destination IP and destination TCP/UDP port 5 - Source/Destination MAC, VLAN, Ethertype, source MODID/port 6 - Source/Destination IP and source/destination TCP/UDP port 7 - Enhanced hashing mode...

Page 603 Example The following example shows how to display LACP Ethernet interface information. console#show lacp gigabitethernet 1/0/1 Port 1/0/1 LACP parameters: Actor system priority: system mac addr: 00:00:12:34:56:78 port Admin key: port Oper key: port Oper priority: port Admin timeout: LONG port Oper timeout: LONG LACP Activity:...

Page 604: Show Statistics Port-Channel
show statistics port-channel Use the show statistics port-channel command in Privileged EXEC mode to display statistics about a specific port-channel. Syntax port-channel-number show statistics port-channel Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.

Page 605 --More-- or (q)uit FCS Errors........0 Overruns........0 Total Received Packets Not Forwarded... 0 Local Traffic Frames......0 802.3x Pause Frames Received....0 Unacceptable Frame Type......0 Multicast Tree Viable Discards....0 Reserved Address Discards...... 0 Broadcast Storm Recovery....... 0 CFI Discards........

Page 606 Port Channel Commands...

Page 607: Clear Vpc Statistics
MLAG Dell Networking N2000/N3000/N4000 Series Switches MLAG enables a LAG to be created across two independent switches, so that some member ports of a MLAG can reside on one switch and the other members of a MLAG can reside on another switch. The partner switch on the remote side can be a MLAG-unaware unit.

Page 608: Debug Vpc
Default Configuration There is no default configuration for this command. Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#clear vpc statistics debug vpc Use the debug vpc command to enable debug traces for the specified protocols.

Page 609: Feature Vpc
Default Configuration This command has no default configuration. Command Modes Global Configuration mode User Guidelines This command has no user guidelines. Example console#debug vpc peer-link data-message VPC peer link data message tracing enabled. feature vpc The feature vpc command globally enables MLAG. Use the no form of the command to globally disable MLAG.

Page 610: Peer-Detection Enable
Example console#configure terminal console(config)#feature vpc peer-detection enable Use the peer-detection enable command to enable the Dual Control Plane Detection Protocol. This enables the detection of peer MLAG switches and suppresses state transitions out of the secondary state in the presence of peer link failures.

Page 611: Peer-Keepalive Destination
peer-keepalive destination Use the peer-keepalive destination command to enable the Dual Control Plane Detection Protocol with the configured IP address of the peer MLAG, the local source address and the peer timeout value. The UDP port on which the MLAG switch listens to the Dual Control Plane Detection Protocol messages is also configurable with this command.

Page 612: Peer-Keepalive Enable
The Dual Control Plane Detection Protocol is a UDP-based protocol. The administrator must configure this protocol on an IP interface with a VLAN that is not shared with any of the MLAG interfaces. This can include the out- of-band port. When enabled, the dual-control plane detection protocol sends a control plane detection message to the peer once every second.

Page 613 User Guidelines MLAG will not become operational until the peer keepalive protocol detects a peer and syncs the peer information. Peer keepalive timeout state transitions are suppressed if the Dual Control Plan Detection (DCPDP) is enabled and detects that the peer is still alive. Two failure situations cause state transitions: •...

Page 614: Role Priority
role priority Use the role priority command to configure the priority value used on a switch for primary/secondary role selection. The primary switch is responsible for maintaining and propagating spanning-tree and link-aggregation to the secondary switch. Use the no form of the command to return the switch priority to the default value.

Page 615: Show Vpc
show vpc Use the show vpc command to display MLAG information. The configuration and operational modes of the MLAG are displayed. The MLAG is operationally enabled if all preconditions are met. The port channel configured as an MLAG interface is also displayed along with the member ports on the current switch and peer switch (plus their link status).

Page 616: Show Vpc Brief
show vpc brief Use the show vpc brief command to display the MLAG global status. The command displays the current MLAG operational mode as well as the peerlink and keepalive status is also displayed. The number of configured and operational MLAGs along with the system MAC and role are also displayed. Syntax show vpc brief Default Configuration...

Page 617 Peer detection......... Peer detected, VPC Operational Peer-Link details ----------------- Interface........Po1 Peer link status....... UP Peer-link STP Mode......Disabled Configured Vlans....... 1,10,11,12,13,14,15,16,17 Egress tagging......... 10,11,12,13,14,15,16,17 VPC Details ----------- Number of VPCs configured...... 2 Number of VPCs operational..... 2 VPC id# 1 ----------- Interface........

Page 618: Show Vpc Consistency-Parameters
VPC id# 1 ----------------- Config mode........Enabled Operational mode....... Enabled Port channel........Po2 Local MemberPorts Status ----------------- ------ Gi1/0/23 Gi1/0/24 Peer MemberPorts Status ---------------- ------ Gi1/0/23 Gi1/0/24 show vpc consistency-parameters Use the show vpc consistency parameters on both MLAG peers to display MLAG related configuration information in a format suitable for comparison with the other MLAG peer.

Page 619: Show Vpc Consistency-Features
show vpc consistency-features Use the show vpc consistency parameters on both MLAG peers to display MLAG related configuration information in a format suitable for comparison with the other MLAG peer. Syntax port-channel-number show vpc consistency-features { global | interface port-channel-number —A valid port-channel identifier (range 1-128). •...

Page 620: Show Vpc Role
User Guidelines There are no user guidelines for this command. Example (console) # show vpc peer-keepalive Peer IP address …………………………………10.130.14.55 UDP port ……………………………………………………50000 Peer detection ……………………………………Enabled Peer is detected ………………………………True show vpc role Use the show vpc role command to display information about the keepalive status and parameters.

Page 621: Show Vpc Statistics
show vpc statistics Use the show vpc statistics command to display the counters for the keepalive messages trasmitted and received by the MLAG switch. Syntax show vpc statistics {peer-keepalive | peer-link} Default Configuration There is no default configuration for this command. Command Modes Privileged EXEC mode and above User Guidelines...

Page 622 Peer link BPDU’s Tx error......9 Peer link BPDU’s received from peer....143 Peer link BPDU’s Rx error......1 Peer link LACPDU’s tranmsitted to peer....123 Peer link LACPDU’s Tx error......9 Peer link LACPDU’s received from peer....143 Peer link LACPDU’s Rx error......1 (console) #show vpc statistics peer-link Peer link control messages transmitted..

Page 623: Vpc Domain
Default Configuration LAGs are not members of an MLAG domain by default. It is expected that all links belonging to an MLAG instance are connected to switch (or switches) which consider the links to be members of a single LAG. This configuration must be present on both the primary and secondary switches.

Page 624: Vpc Peer-Link
Default Configuration By default, no MLAG domains are configured. Command Modes Global Configuration mode User Guidelines Only one MLAG domain (domain 1) is supported. Example console(config)#vpc domain 1 console(config-vpc 1)#peer-keepalive enable console(config-vpc 1)#peer-keepalive destination 192.168.0.2 source 192.168.0.1 console(config-vpc 1)#peer detection enable console(config-vpc 1)#exit vpc peer-link Use the vpc peer-link command to configure a port channel as the MLAG...

Page 625 User Guidelines This configuration must the present on both the primary and secondary switches. The peer keep-alive protocol is required for MLAG operation. Configure and enable a LAG between the two MLAG peers as an MLAG peer link before executing this command. Example console(config)#interface port-channel 1 console(config-if-Po1)#description "MLAG-Peer-Link"...

Page 626 MLAG...

Page 627: Port Monitor Commands
Port Monitor Commands Dell Networking N2000/N3000/N4000 Series Switches Dell Networking switches allow the user to monitor traffic with an external network analyzer. The external network analyzer can use any of the Ethernet ports as a probe port. The probe port transmits a mirror copy of the traffic being probed.

Page 628: Monitor Session
Commands in this Chapter This chapter explains the following commands: monitor session show monitor session remote-span show vlan remote-span monitor session Use the monitor session command in Global Configuration mode to configure a probe port and a monitored port for monitor session (port monitoring).

Page 629 vlan-id — The source VLAN identifier. All the ports in this VLAN are vlan • mirrored. The source VLAN must not be the RSPAN VLAN. acl-name — An IP or MAC ACL name. • rspan-vlan-id — An RSPAN VLAN. • remote vlan interface-id —...

Page 630: Vlan Configuration Mode
Example This example shows how to configure a source switch using VLAN 723 as the destination RSPAN VLAN and Gi1/0/3 as the source interface. Gi1/0/10 is configured as the reflector port. It is recommended that interface gi1/0/10 be configured as a trunk port. Interface gi1/0/10 must be configured as a member of VLAN 723.

Page 631: Show Monitor Session
User Guidelines Traffic in a RSPAN VLAN is always flooded as MAC address learning is disabled on RSPAN VLANs. VLANs on transit switches should be configured as remote-span VLANs in order to ensure delivery of all mirrored packets. Example console(config-vlan10)#remote-span console(config)# show monitor session Use the show monitor session command in Privileged EXEC mode to display...

Page 632 Type : Local session Source ports Both : Te1/0/10 Destination ports : Te2/0/20 IP access-group : a1 The following example shows the detailed status of the port based mirroring session that is constrained to a local switch. console(config)#show monitor session 1 detail Session Admin mode : Disabled...

Page 633: Show Vlan Remote-Span
console# show monitor session 1 detail Session Type : Remote Destination Session Source Ports RX Only : None TX Only : None Both : None Source VLANs RX Only : None Source RSPAN VLAN : 999 Destination Ports : Gi1/0/15 Dest RSPAN VLAN : None show vlan remote-span...

Page 634 Port Monitor Commands...

Page 635: Qos Commands
Access Control Lists The Dell Networking ACL feature allows classification of packets based upon Layer 2 through Layer 4 header information. An Ethernet IPv6 packet is distinguished from an IPv4 packet by its unique Ether-type value; thus, all IPv4 and IPv6 classifiers include the Ether-type field.

Page 636: Layer 2 Acls
Class of Service (CoS) The Dell Networking CoS Queueing feature allows the user to directly configure device queueing and, therefore, provide the desired QoS behavior without the complexities of DiffServ. The CoS feature allows the user to determine the following queue behavior: •...

Page 637: Queue Mapping
Untrusted Port Default Priority • Queue Configuration This enables Dell Networking switches to support a wide variety of delay sensitive video and audio multicast applications. CoS mapping tables, port default priority, and hardware queue parameters may be configured on LAG interfaces as well as physical port interfaces.

Page 638 process is also used for cases where a trusted port mapping is unable to be honored, such as when a nonIP packet arrives at a port configured to trust the IP precedence or IP DSCP value. Commands in this Chapter This chapter explains the following commands: assign-queue mark ip-dscp...

Page 639 – – show class-map – assign-queue Use the assign-queue command in Policy-Class-Map Configuration mode to modify the queue ID to which the associated traffic stream is assigned. Syntax queueid assign-queue queueid — Specifies a valid queue ID. (Range: integer from 0–6.) •...

Page 640 Configuration when this command is executed successfully. Example The following example shows how to specify the DiffServ class name of "DELL." console(config)#policy-map DELL1 console(config-classmap)#class DELL class-map Use the class-map command in Global Configuration mode to define a new match-all DiffServ class of type .

Page 641: Class-Map Rename
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example creates a class-map named "DELL" which requires all ACE’s to be matched. console(config)#class-map DELL console(config-cmap)# class-map rename Use the class-map rename command in Global Configuration mode to change the name of a DiffServ class.

Page 642: Classofservice Dot1P-Mapping
Example The following example displays how to change the name of a DiffServ class from "DELL" to "DELL1." console(config)#class-map rename DELL DELL1 console(config)# classofservice dot1p-mapping Use the classofservice dot1p-mapping command in Global Configuration mode to map an 802.1p priority to an internal traffic class. In Interface Configuration mode, the mapping is applied only to packets received on that interface.

Page 643: Classofservice Ip-Dscp-Mapping
Command Mode Global Configuration or Interface Configuration (Ethernet, Port-channel) mode User Guidelines None Example The following example configures mapping for user priority 1 and traffic class console(config)#classofservice dot1p-mapping 1 2 classofservice ip-dscp-mapping Use the classofservice ip-dscp-mapping command in Global Configuration mode to map an IP DSCP value to an internal traffic class.

Page 644 IP DSCP Traffic Class 8(cs1) 10(af11) 12(af12) 14(af13) 16(cs2) 18(af21) 20(af22) 22(af23) 24(cs3) 26(af31) 28(af32) QoS Commands...

Page 645 IP DSCP Traffic Class 30(af33) 32(cs4) 34(af41) 36(af42) 38(af43) 40(cs5) 46(ef) 48(cs6) 56(cs7) QoS Commands...

Page 646: Classofservice Trust
IP DSCP Traffic Class Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays mapping for IP DSCP 1 and traffic class 2. console(config)#classofservice ip-dscp-mapping 1 2 classofservice trust Use the classofservice trust command in either Global Configuration mode or Interface Configuration mode to set the class of service trust mode of an interface.

Page 647 ip-dscp — Specifies that the mode be set to trust IP DSCP packet • markings. Default Configuration This command has no default configuration. Command Mode Global Configuration mode or Interface Configuration (gigabitethernet, port-channel, tengigabitethernet fortygigabitethernet) mode User Guidelines This command has no user guidelines. Examples The following example displays how you set the class of service trust mode of an interface to trust dot1p (802.1p) packet markings when in Global...

Page 648 Syntax conform-color {class-map-name} [exceed-color { class-map-name } ] Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines Color conforming classes must be one of the following types: • Primary COS • Secondary COS • DSCP •...

Page 649: Cos-Queue Min-Bandwidth
console(config-policy-classmap)#conform-color class-cos1 console(config-policy-classmap)#exit console(config-policy-map)#exit console(config)# cos-queue min-bandwidth Use the cos-queue min-bandwidth command in either Global Configuration mode or Interface Configuration mode to specify the minimum transmission bandwidth for each interface queue. To restore the default for each queue’s minimum bandwidth value, use the no form of this command. Syntax bw-0 bw-1 bw-n...

Page 650: Cos-Queue Random-Detect
When ETS is operational on a switch, this command overrides the ETS assignments and assigns minimum bandwidth constraints across traffic class groups. This allows the administrator to ensure that the frame scheduler does not completely starve lower priority groups when strict priority is enabled on a high numbered TCG.

Page 651 Command Mode Interface Configuration (physical or port-channel) mode or Global Configuration mode User Guidelines When used on a port-channel, this command will override the settings on the individual interfaces that are part of the port channel. Removing an interface from the port channel restores the individual interface settings. This command can be used in Interface Range mode.

Page 652: Cos-Queue Strict
cos-queue strict Use the cos-queue strict command in either Global Configuration mode or Interface Configuration mode to activate the strict priority scheduler mode for each specified queue. To restore the default weighted scheduler mode for each specified queue, use the no form of this command. Syntax queue-id-1 queue-id-2...

Page 653 diffserv Use the diffserv command in Global Configuration mode to set the DiffServ operational mode to active. While disabled, the DiffServ configuration is retained and can be changed, but it is not activated. When enabled, DiffServ services are activated. To set the DiffServ operational mode to inactive, use the no form of this command.

Page 654: Mark Cos
Command Mode Policy-Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to specify that matching packets are to be dropped at ingress. console(config-policy-classmap)#drop mark cos Use the mark cos command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified class of service value in the priority field of the 802.1p header.

Page 655: Mark Ip-Dscp
mark ip-dscp Use the mark ip-dscp command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified IP DSCP value. Syntax dscpval mark ip-dscp dscpval — Specifies a DSCP value (10, 12, 14, 18, 20, 22, 26, 28, 30, 34, 36, •...

Page 656: Match Class-Map
Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines. This command has no user guidelines. Example The following example displays console(config)#policy-map p1 in console(config-policy-map)#class c1 console(config-policy-classmap)#mark ip-precedence 2 console(config-policy-classmap)# match class-map Use the match class-map command to add to the specified class definition the set of match conditions defined for another class.

Page 657: Match Cos
Example The following example adds match conditions defined for the Dell class to the class currently being configured. console(config-classmap)#match class-map Dell The following example deletes the match conditions defined for the Dell class from the class currently being configured.

Page 658: Match Destination-Address Mac
Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays adding a match condition to the specified class. console(config-classmap)#match cos 1 match destination-address mac Use the match destination-address mac command in Class-Map Configuration mode to add a match condition based on the destination MAC address of a packet.

Page 659: Match Dstip
Example The following example displays adding a match condition for the specified MAC address and bit mask. console(config-classmap)#match destination-address mac AA:ED:DB:21:11:06 FF:FF:FF:EF:EE:EE match dstip Use the match dstip command in Class-Map Configuration mode to add a match condition based on the destination IP address of a packet. Syntax ipaddr ipmask match dstip...

Page 660: Match Dstl4Port
Syntax destination-ipv6-prefix/prefix-length match dstip6 destination-ipv6-prefix —IPv6 prefix in IPv6 global address format. • prefix-length —IPv6 prefix length value. • Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-classmap)#match dstip6 2001:DB8::/32 match dstl4port...

Page 661: Match Ethertype
Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays adding a match condition based on the destination layer 4 port of a packet using the "echo" port name keyword. console(config-classmap)#match dstl4port echo match ethertype Use the match ethertype command in Class-Map Configuration mode to add a match condition based on the value of the ethertype.

Page 662: Match Ip6Flowlbl
console(config-classmap)#match ethertype arp match ip6flowlbl The match ip6flowlbl command adds to the specified class definition a match condition based on the IPv6 flow label of a packet. Syntax label match ip6flowlbl label - The value to match in the Flow Label field of the IPv6 header •...

Page 663: Match Ip Precedence
dscpval — Specifies an integer value or a keyword value for the DSCP • af11 , af12 , af13 , af21 , af22 , field. (Integer Range: 0–63) (Keyword Values: af23 , af31 , af32 , af33 , af41 , af42 , af43 , be , cs0 , cs1 , cs2 , cs3 , cs4 , cs5 , cs6 , cs7 , ef ) Default Configuration This command has no default configuration.

Page 664: Match Ip Tos
Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation.

Page 665: Match Protocol
Command Mode Class-Map Configuration mode User Guidelines The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation. free form This specification is the version of the IP DSCP/Precedence/TOS...

Page 666: Match Source-Address Mac
User Guidelines This command has no user guidelines. Example The following example displays adding a match condition based on the "ip" protocol name keyword. console(config-classmap)#match protocol ip match source-address mac Use the match source-address mac command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source MAC address of the packet.

Page 667: Match Srcip
console(config-classmap)# match source-address mac 10:10:10:10:10:10 11:11:11:11:11:11 match srcip Use the match srcip command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source IP address of a packet. Syntax ipaddr ipmask match srcip ipaddr —...

Page 668: Match Srcl4Port
Syntax source-ipv6-prefix/prefix-length match srcip6 source-ipv6-prefix —IPv6 prefix in IPv6 global address format. • prefix-length —IPv6 prefix length value. • Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-classmap)#match srcip6 2001:DB8::/32 match srcl4port...

Page 669: Match Vlan
Command Mode Class-Map Configuration mode User Guidelines Only one srcl4port matching criteria can be specified. To remove the matching criteria, delete the class map. Example The following example displays how to add a match condition using the "snmp" port name keyword. console(config-classmap)#match srcl4port snmp match vlan Use the match vlan command in Class-Map Configuration mode to add to...

Page 670 Example The following example displays adding a match condition for the VLAN ID "2." console(config-classmap)#match vlan 2 mirror Use the mirror command in Policy-Class-Map Configuration mode to mirror all the data that matches the class defined to the destination port specified. Syntax interface mirror...

Page 671 Syntax datarate burstsize conform-action {drop | set-prectransmit police-simple { cos | set-dscp-transmit dscpval | transmit} [violate-action {drop | set-cos- cos | set-prec-transmit cos | set-dscp-transmit dscpval | transmit transmit}]} datarate — Data rate in kilobits per second (kbps). (Range: • 1–4294967295) burstsize —...

Page 672 console(config-policy-classmap)#police-simple 1000 64 conform-action transmit violate-action drop police-single-rate Use the police-single-rate command to implement a single-rate Three Color Market (srTCM) per RFC 2697. An srTCM meters a traffic stream and colors packets according to three parameters: Committed Information Rate (CIR), Committed Burst Size (CBS), and Peak Burst Size (PBS).

Page 673 User Guidelines The CIR is measured in Kbps, the CBS in Kbytes, and the PBS in Kbytes. It is recommended that the CBS and PBS be configured to be larger than the largest expected IP packet. A class command in policy-map mode must be issued for an existing class-map before entering this command.

Page 674 ip-prec — Remark the IP precedence in the packet to set-prec-transmit – ip-prec and transmit. (Range 0-7) dscp-val — Remark the DSCP in the packet to dscp- – set-dscp-transmit val and transmit. (Range 0-63) 802.1p-priority — Remark the 802.1p priority in the set-cos-transmit –...

Page 675: Random-Detect Queue-Parms
Example The following example shows how to establish a new ingress DiffServ policy named "DELL." console(config)#policy-map DELL in console(config-policy-classmap)# random-detect queue-parms Use the random-detect queue-parms command to configure the WRED green, yellow and red TCP and non-TCP packet minimum and maximum thresholds and corresponding drop probabilities on an interface or all interfaces.

Page 676 Syntax queue-id minthresh- random-detect queue-parms [queue-id] ... min-thresh green minthresh-yellow minthresh-red minthresh-nontcp max- max-thresh thresh-green max-thresh-yellow max-thresh-red maxthresh-nontcp queue-id no random-detect queue-parms [queue-id] ... queue-id —The class of service queue. Range 0 to 6. • min-thresh —The minimum threshold at which to begin dropping, based •...

Page 677 User Guidelines The Green/Yellow/Red Ranges may overlap and are applied to each color independently. Within a color, the range from minimum to maximum is divided into eight (0...7) fixed probabilities at which packets are dropped based on the instantaneous egress queue size: 0 - 6.25% of maximum drop probability 1 - 18.75% of maximum drop probability 2 - 30.25% of maximum drop probability...

Page 678 random-detect exponential-weighting-constant Use the random-detect exponential-weighting-constant command to configure the decay in the calculation of the average queue size user for WRED on an interface or all interfaces. Syntax 0-15 random-detect exponential-weighting-constant no random-detect exponential-weighting-constant 0–15 — The weighting constant is used to smooth the calculation of the •...

Page 679 interface — Specifies any valid interface. Interface is Ethernet port or • port-channel (Range: po1-po32 or gi1/0/1-gi1/0/24) Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example shows how to redirect incoming packets to port 1/0/1. console(config-policy-classmap)#redirect 1/0/1 service-policy Use the service-policy command in either Global Configuration mode (for all...

Page 680: Show Class-Map
ACLs and DiffServ policies may not both exist on the same interface in the same direction. Example The following example shows how to attach a service policy named "DELL" to all interfaces. console(config)#service-policy DELL show class-map Use the show class-map command in Privileged EXEC mode to display all configuration information for the specified class.

Page 681 Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays all the configuration information for the class named "Dell". console#show class-map Class L3 Class Name Type Proto...

Page 682: Show Classofservice Dot1P-Mapping
show classofservice dot1p-mapping Use the show classofservice dot1p-mapping command in Privileged EXEC mode to display the current Dot1p (802.1p) priority mapping to internal traffic classes for a specific interface. Syntax show classofservice dot1p-mapping [{gigabitethernet unit/slot/port | port- port-channel-number | tengigabitethernet unit/slot/port | channel fortygigabitethernet unit/slot/port}] Default Configuration...

Page 683: Show Classofservice Ip-Dscp-Mapping
show classofservice ip-dscp-mapping Use the show classofservice ip-dscp-mapping command in Privileged EXEC mode to display the current IP DSCP mapping to internal traffic classes for a specific interface. Syntax show classofservice ip-dscp-mapping Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines...

Page 684 10(af11) 12(af12) 14(af13) 16(cs2) 18(af21) --More-- or (q)uit 20(af22) 22(af23) 24(cs3) 26(af31) 28(af32) 30(af33) 32(cs4) 34(af41) 36(af42) 38(af43) 40(cs5) --More-- or (q)uit 46(ef) 48(cs6) QoS Commands...

Page 685: Show Classofservice Trust
56(cs7) console# show classofservice trust Use the show classofservice trust command in Privileged EXEC mode to display the current trust mode setting for a specific interface. Syntax port- show classofservice trust [{gigabitethernet unit/slot/port| port-channel channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.

Page 686: Show Diffserv
show diffserv Use the show diffserv command in Privileged EXEC mode to display the DiffServ general information, which includes the current administrative mode setting as well as the current and maximum number of DiffServ components. Syntax show diffserv Default Configuration This command has no default configuration.

Page 687: Show Diffserv Service Interface Port-Channel
Syntax show diffserv service interface {gigabitethernet unit/slot/port| tengigabitethernet unit/slot/port fortygigabitethernet unit/slot/port} {in|out} • in—Show ingress policies. • out—Show egress policies. Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.

Page 688: Show Diffserv Service Brief
Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines Not applicable Example console#show diffserv service interface port-channel 1 in DiffServ Admin Mode......Enable Interface........po1 Direction........In No policy is attached to this interface in this direction show diffserv service brief Use the show diffserv service brief command in Privileged EXEC mode to display all interfaces in the system to which a DiffServ policy has been...

Page 689: Show Interfaces Cos-Queue
----------- ----------- ------------ ------------------- 1/0/1 Down DELL show interfaces cos-queue Use the show interfaces cos-queue command in Privileged EXEC mode to display the class-of-service queue configuration for the specified interface. Syntax show interfaces cos-queue [{gigabitethernet unit/slot/port | port-channel port-channel-number | tengigabitethernet unit/slot/port |...

Page 690 Weighted Tail Drop Weighted Tail Drop This example displays the COS configuration for the specified interface 1/0/1. console#show interfaces cos-queue gigabitethernet 1/0/1 Interface........1/0/1 Interface Shaping Rate......0 Queue Id Min. Bandwidth Scheduler Type Queue Management Type -------- -------------- -------------- -------------- Weighted Tail Drop...

Page 691: Show Interfaces Random-Detect
Parameter Description Scheduler Type Indicates whether this queue is scheduled for transmission using a strict priority or a weighted scheme. This value is a configured value. show interfaces random-detect Use the show interfaces random-detect command in Privileged EXEC mode to display WRED policy on an interface. Syntax interface-id show interfaces random-detect...

Page 692: Show Policy-Map Interface
Policy Type Class Members ----------- ----------- ------------- POLY1 DellClass DELL DellClass show policy-map interface Use the show policy-map interface command in Privileged EXEC mode to display policy-oriented statistics information for the specified interface. Syntax show policy-map interface {gigabithethernet unit/slot/port| tengigabitethernet unit/slot/port...

Page 693: Show Service-Policy
Interface........te1/0/1 Operational Status......Down Policy Name........DELL Interface Summary: Class Name........Dell Networking In Offered Packets......1003 In Discarded Packets......11 show service-policy Use the show service-policy command in Privileged EXEC mode to display a summary of policy-oriented statistics information for all interfaces.

Page 694 Example The following example displays a summary of policy-oriented statistics information. console#show service-policy Oper Policy Intf Stat Name ------ ----- ------------------------------- 1/0/1 Down DELL 1/0/2 Down DELL 1/0/3 Down DELL 1/0/4 Down DELL 1/0/5 Down DELL 1/0/6 Down DELL 1/0/7...

Page 695: Vlan Priority
Command Mode Global Configuration mode, Interface Configuration (gigabitethernet, port- channel, tengigabitethernet fortygigabitethernet) mode User Guidelines This command implements a true shaper where bursts of traffic are buffered and smoothed. Shaping occurs if the average rate exceeds the configured limit or a burst exceeds 2% of the configured limit. Effectively, all CoS queues are configured with the configured rate limit in the scheduler.

Page 696 User Guidelines This command has no user guidelines. Example The following example configures the default VLAN priority to 1 for untagged frames ingressing interface Te1/0/1. console(config-if-Te1/0/1)#vlan priority 1 QoS Commands...

Page 697: Radius Commands
Dell Networking supports a RADIUS client in conformance with RFC 2865 and accounting functions in conformance with RFC2866. The RADIUS client will apply user policies under control of the RADIUS server, e.g.

Page 698 Table 34-1. RADIUS Attributes Supported by Dell Networking Switch Service Type RADIUS Attribute Name 802.1X User Manager Captive Portal NAS-IP-ADDRESS NAS-PORT SERVICE-TYPE FILTER-ID FRAMED-MTU REPLY-MESSAGE STATE CLASS VENDOR-SPECIFIC SESSION-TIMEOUT IDLE-TIMEOUT TERMINATION-ACTION CALLED-STATION-ID CALLING-STATION-ID NAS-IDENTIFIER ACCT-STATUS-TYPE Set by RADIUS client for...

Page 699 Table 34-1. RADIUS Attributes Supported by Dell Networking Switch Service Type RADIUS Attribute Name 802.1X User Manager Captive Portal NAS-PORT-TYPE TUNNEL-TYPE TUNNEL-MEDIUM-TYPE EAP-MESSAGE MESSAGE-AUTHENTICATOR Set by RADIUS client for Accounting TUNNEL-PRIVATE-GROUP-ID Yes The following attributes are processed in the RADIUS Access-Accept message received from a RADIUS server: •...

Page 700 • FILTER-ID – Name of the filter list for this user. • TUNNEL-TYPE – Used to indicate that a VLAN is to be assigned to the user when set to tunnel type VLAN (13). • TUNNEL-MEDIUM-TYPE – Used to indicate the tunnel medium type. Must be set to medium type 802 (6) to enable VLAN assignment.

Page 701: Aaa Accounting Dot1X Default Start-Stop
aaa accounting dot1x default start-stop The aaa accounting network default start-stop group radius command has been migrated to the aaa accounting dot1x default start-stop {radius|none} command. Use the aaa accounting dot1x default start-stop command in Global Configuration mode to create an accounting method list. Use the no form of the command to delete a list.

Page 702 User Guidelines Accounting records, when enabled for a line mode, are sent at both the beginning and at the end (start-stop) of command execution or only at the end (stop-only) of command execution. If none is specified, then accounting is disabled for RADIUS. If radius is the specified accounting method, accounting records are forwarded to the list of RADIUS servers.

Page 703 list_name—Character string of not more than 15 characters used to name • the list of accounting methods. The list name can consist of any printable character. Use quotes around the list name if embedded blanks are contained in the list name. Default Configuration Accounting is not enabled by default.

Page 704 Command Mode Radius (accounting) mode User Guidelines There are no user guidelines for this command. Example The following example sets port number 56 for accounting requests. console(config)#radius-server host acct 3.2.3.2 console(Config-acct-radius)#acct-port 56 auth-port Use the auth-port command in Radius mode to set the port number on which the RADIUS server listens for authentication requests.

Page 705: Debug Aaa Accounting
console(config-radius)#auth-port 2412 deadtime Use the deadtime command in Radius mode to configure the minimum amount of time to wait before attempting to recontact an unresponsive RADIUS server. If a RADIUS server is currently active and responsive, that server will be used until it no longer responds. RADIUS servers whose deadtime interval has not expired are skipped when searching for a new RADIUS server to contact.

Page 706 Syntax debug aaa accounting no debug aaa accounting Default Configuration Debugging is disabled by default. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Use the key command to specify the encryption key which is shared with the RADIUS server.

Page 707: Command Modes
Example The following example specifies an authentication and encryption key of lion-king “ ”. console(config)#radius-server host acct 3.2.3.2 console(Config-acct-radius)#key keyacct key encrypted Use the key encrypted command to configure an encrypted key that is shared with the RADIUS server. Use the no form of the command to remove the key. Syntax key-string key encrypted...

Page 708: Name (Radius Server)
msgauth Use the msgauth command to enable the message authenticator attribute to be used for the RADIUS Authenticating server being configured. Use the “no” form of this command to disable the message authenticator attribute. Syntax msgauth no msgauth Default Configuration The message authenticator attribute is enabled by default.

Page 709 Default Configuration The default RADIUS server name is Default-RADIUS-Server. Command Mode Radius Configuration mode User Guidelines Names may only be set for authentication servers, not for accounting servers. Names may consist of alphanumeric characters and the underscore, dash and blanks.Embed the name in double quotes to use a name with blanks. NOTE: When multiple RADIUS servers are configured with different names, e.g.

Page 710 to communicate with the primary server for any reason, it uses the backup servers configured with the same server name. These backup servers are identified as the “Secondary” type. Syntax primary Default Configuration There is no primary authentication server by default. Command Mode Radius mode User Guidelines...

Page 711: Radius-Server Attribute
User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command. Example The following example specifies a priority of 10 for the designated server. console(config)#radius-server host 192.143.120.123 console(config-radius)#priority 10 radius-server attribute 4 Use the radius-server attribute 4 command in Global Configuration mode to set the network access server (NAS) IP address for the RADIUS server.

Page 712: Radius-Server Deadtime
Example The following example sets the NAS IP address in RADIUS attribute 4 to 192.168.10.22. console(config)#radius-server attribute 4 192.168.10.22 radius-server deadtime Use the radius-server deadtime command in Global Configuration mode to configure the minimum amount of time to wait before attempting to recontact an unresponsive RADIUS server.

Page 713: Radius-Server Host
Example The following example sets the minimum interval for a RADIUS server will not be contacted after becoming unresponsive. console(config)#radius-server deadtime 10 radius-server host Use the radius-server host command in Global Configuration mode to specify a RADIUS server host and enter RADIUS Configuration mode. To delete the specified Radius host, use the no form of this command.

Page 714: Radius-Server Key
Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the authentication and encryption key for all Radius communications between the device and the Radius server to “dell- .” server console(config)#radius-server key dell-server RADIUS Commands...

Page 715: Radius-Server Key Encrypted
radius-server key encrypted Use the radius-server key encrypted command to set the authentication and encryption key for the communication between the switch and radius server. Use the no form of the command to disable the key. Syntax key-string radius-server key encrypted key-string —...

Page 716: Radius-Server Source-Ip
no radius-server retransmit retries — Specifies the retransmit value. (Range: 1–10) • Default Configuration The default is 3 attempts. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the number of times the Radius client attempts to retransmit requests to the Radius server to 5 attempts.

Page 717: Radius-Server Timeout
User Guidelines This command has no user guidelines. Example The following example configures the source IP address used for communication with Radius servers to 10.1.1.1. console(config)#radius-server source-ip 10.1.1.1 radius-server timeout Use the radius-server timeout command in Global Configuration mode to set the interval for which a switch waits for a server host to reply.

Page 718: Show Aaa Servers
retransmit Use the retransmit command in Radius mode to specify the number of times the Radius client retransmits requests to the Radius server. Syntax retries retransmit retries — Specifies the retransmit value. (Range: 1-10 attempts) • Default Configuration The default number for attempts is 3. Command Mode Radius mode User Guidelines...

Page 719 authentication—This optional parameter will cause authentication servers • to be displayed. • name—This optional parameter will cause the server names to be displayed instead of the server configuration parameters. servername —Will cause only the server(s) with server-name name to be •...

Page 720: Radius Accounting Mode
Field Description RADIUS Accounting A Global parameter to indicate whether the accounting Mode mode for all the servers is enabled or not. RADIUS Attribute 4 A Global parameter to indicate whether the NAS-IP- Mode Address attribute has been enabled to use in RADIUS requests.

Page 721: Show Accounting Methods
Default-RADIUS-Server 4.4.4.4 1812 test 6.6.6.6 1812 show accounting methods Use the show accounting methods command in Privileged EXEC mode to display the configured accounting method lists. Syntax show accounting methods Default Configuration This command has no default setting. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.

Page 722 Syntax ipaddress hostname show radius statistics [accounting | authentication] [{ servername | name • accounting | authentication—The type of server (accounting or authentication). ipaddress —The RADIUS server host IP address. • hostname —Host name of the Radius server host. (Range: 1–158 •...

Page 723 Field Description Retransmissions The number of RADIUS Accounting Request packets retransmitted to this RADIUS accounting server. Responses The number of RADIUS packets received on the accounting port from this server. Malformed The number of malformed RADIUS Accounting Response Responses packets received from this server. Malformed packets include packets with an invalid length.

Page 724 Field Description Access Rejects The number of RADIUS Access Reject packets, including both valid and invalid packets, that were received from this server. Access Challenges The number of RADIUS Access Challenge packets, including both valid and invalid packets, that were received from this server.

Page 725 RADIUS Server Name......Default_RADIUS_Server Server Host Address......192.168.37.200 Access Requests....... 0.00 Access Retransmissions......0 Access Accepts........ 0 Access Rejects........ 0 Access Challenges......0 Malformed Access Responses....0 Bad Authenticators......0 Pending Requests......0 Timeouts........0 Unknown Types......... 0 Packets Dropped....... 0 source-ip Use the source-ip command in Radius mode to specify the source IP address to be used for communication with Radius servers.

Page 726 timeout Use the timeout command in Radius mode to set the timeout value in seconds for the designated Radius server. Syntax timeout timeout timeout — Timeout value in seconds for the specified server. (Range: 1-30 • seconds.) Default Configuration The default value is 3 seconds. Command Mode Radius mode User Guidelines...

Page 727 Default Configuration all. The default variable setting is Command Mode Radius mode User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command. Example login The following example specifies usage type console(config)#radius-server host 192.143.120.123 console(config-radius)#usage login RADIUS Commands...

Page 728 RADIUS Commands...

Page 729: Spanning Tree Commands
Management of MSTP is compliant with the requirements of RFC5060. The following features are supported by Dell Networking MSTP: STP Loop Guard - The Loop Guard feature is an enhancement of the Multiple Spanning Tree Protocol. Loop guard protects a network from forwarding loops induced by BPDU packet loss.

Page 730 port. In this way, the root guard enforces the position of the root bridge. In MSTP scenario the port may be designated in one of the instances while being alternate in the CIST, and so on. Root guard is a per port (not a per port per instance command) configuration so all the MSTP instances this port participates in should not be in root role.

Page 731: Clear Spanning-Tree Detected-Protocols
show spanning-tree spanning-tree spanning-tree spanning-tree vlan forward-time portfast forward-time show spanning-tree spanning-tree guard spanning-tree spanning-tree vlan summary portfast bpdufilter hello-time default show spanning-tree spanning-tree spanning-tree spanning-tree vlan vlan loopguard portfast default max-age spanning-tree spanning-tree max- spanning-tree port- spanning-tree vlan root priority (Interface Configuration) spanning-tree auto-...

Page 732: Exit (Mst)
Example The following example restarts the protocol migration process (forces the renegotiation with neighboring switches) on 1/0/1. console#clear spanning-tree detected-protocols gigabitethernet 1/0/1 exit (mst) Use the exit command in MST mode to exit the MST configuration mode and apply all configuration changes. Syntax exit Default Configuration...

Page 733 VLAN mapping, the same configuration revision number, and the same name. Dell Networking MSTP supports mapping of VLANs to MST instances, even though the underlying VLAN may not be defined on the switch. Traffic received on VLANs not defined on the port received is dropped.

Page 734: Bridge Address
console(config-mst)#instance 1 add vlan 2600-2799 console(config-mst)#instance 1 add vlan 3000-4093 console(config-mst)#instance 2 add vlan 200-349 console(config-mst)#instance 2 add vlan 351-399 console(config-mst)#instance 2 add vlan 450-499 console(config-mst)#instance 2 add vlan 2000-2199 console(config-mst)#instance 2 add vlan 2500-2599 console(config-mst)#instance 2 add vlan 2800-2999 console(config-mst)#exit console(config)#interface te1/1/1 console(config-if-Te1/1/1)#switchport mode trunk...

Page 735: Show Spanning-Tree
Example The following example sets the configuration name to “region1”. console(config)#spanning-tree mst configuration console(config-mst)#name region1 revision (mst) Use the revision command in MST mode to identify the configuration revision number. To return to the default setting, use the no form of this command.

Page 736 Syntax port- show spanning-tree [{gigabitethernet unit/slot/port | port-channel channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet instance-id unit/slot/port}] [instance instance-id show spanning-tree [detail] [active | blockedports] | [instance show spanning-tree mst-configuration show spanning-tree {uplinkfast | backbonefast} • detail—Displays detailed information. active—Displays active ports only. •...

Page 737 Root Port Gi1/0/1 Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec TxHoldCount 6 sec Bridge ID Priority 32768 Address 001E.C9AA.AD1B Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio.Nbr Cost Role Restricted...

Page 738 Priority 32768 Address 001E.C9AA.AD1B Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Number of topology changes 1 last change occurred 0d0h17m7s ago Times: hold 6, hello 2, max age 20, forward delay 15 Port Gi1/0/1 Enabled State: Forwarding Role: Root Port id: 128.1...

Page 739 Root Protection: No Designated bridge Priority: 32768 Address: 001E.C9AA.AD1B Designated port id: 128.5 Designated path cost: 20000 CST Regional Root: 80:00:00:1E:C9:AA:AD:1B CST Port Cost: 0 BPDU: sent 524, received 0 console#show spanning-tree detail blockedports Spanning tree Enabled (BPDU flooding : Disabled) Portfast BPDU filtering Disabled mode rstp CST Regional Root: 80:00:00:1E:C9:AA:AD:1B...

Page 740: Show Spanning-Tree Summary
show spanning-tree summary Use the show spanning-tree summary command to display spanning tree settings and parameters for the switch. Syntax show spanning-tree summary Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines The following fields are displayed: Field...

Page 741: Port Cost
MST Instances List of all multiple spanning tree instances configured on the switch. Example console#show spanning-tree summary Spanning Tree Adminmode... Enabled Spanning Tree Version..... IEEE 802.1w BPDU Guard Mode....Disabled BPDU Flood Mode....Disabled BPDU Filter Mode....Disabled Configuration Name....00-1E-C9-AA-AC-84 Configuration Revision Level..

Page 742 VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 32768 Address 0000.0000.0001 Cost Port 1 (1/0/1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0000.0000.0003 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec...

Page 743: Spanning-Tree Auto-Portfast
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr ------------------- ---- --- --------- -------- ---------------------------- Gi1/0/5 Desg FWD 4 128.19 Gi1/0/6 Desg FWD 4 128.21 spanning-tree Use the spanning-tree command in Global Configuration mode to enable spanning-tree functionality.

Page 744: Spanning-Tree Backbonefast
Syntax spanning-tree auto-portfast no spanning-tree auto-portfast Default Configuration Auto portfast mode is enabled by default. Command Mode Interface Configuration (Ethernet, Port Channel) mode User Guidelines There are no user guidelines for this command. Example The following example enables spanning-tree functionality on gigabit ethernet interface 4/0/1.

Page 745: Spanning-Tree Bpdu Flooding
Command Modes Global Configuration Mode User Guidelines IRC can be configured even if the switch is configured for MST(RSTP) or RSTP-PV mode. It only has an effect when the switch is configured for STP-PV mode. If an IRC-enabed switch receives an inferior BPDU from its designated switch on a root or blocked port, it sets the maximum aging time on the interfaces on which it received the inferior BPDU if there are alternate paths to the designated switch.

Page 746: Spanning-Tree Bpdu-Protection
Example console#spanning-tree bpdu flooding spanning-tree bpdu-protection Use the spanning-tree bpdu-protection command in Global Configuration mode to enable BPDU protection on a switch. Use the no form of this command to resume the default status of BPDU protection function. For an access layer device, the access port is generally connected to the user terminal (such as a desktop computer) or file server directly and configured as an edge port to implement the fast transition.

Page 747: Spanning-Tree Cost
spanning-tree cost Use the spanning-tree cost command in Interface Configuration mode to configure the externally advertised spanning-tree path cost for a port. To return to the default port path cost, use the no form of this command. The path cost is used in the selection of an interface for the forwarding or blocking states.

Page 748: Spanning-Tree Disable
vlan-id cost If an interface is configured with both the spanning-tree vlan cost cost command and the spanning-tree cost command, the spanning-tree vlan vlan-id cost cost value is used in the spanning tree calculation. Example The following example configures the external path cost to be 8192 for VLANs 12, 13, 24, 25, and 26.

Page 749: Spanning-Tree Forward-Time
spanning-tree forward-time Use the spanning-tree forward-time command in Global Configuration mode to configure the spanning-tree bridge forward time, which is the amount of time a port remains in the listening and learning states before entering the forwarding state. To reset the default forward time, use the no form of this command. Syntax seconds spanning-tree forward-time...

Page 750: Spanning-Tree Guard
spanning-tree guard The spanning-tree guard command selects whether loop guard or root guard is enabled on an interface. If neither is enabled, the port operates in accordance with the multiple spanning tree protocol. Use the “no” form of this command to disable loop guard or root guard on the interface. Syntax spanning-tree guard {root | loop | none} •...

Page 751: Spanning-Tree Max-Age
no spanning-tree loopguard default Default Configuration Loop guard is disabled by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables spanning-tree loopguard functionality on all ports. console(config)#spanning-tree loopguard default spanning-tree max-age Use the spanning-tree max-age command in Global Configuration mode to configure the spanning-tree bridge maximum age.

Page 752: Spanning-Tree Max-Hops
User Guidelines When configuring the Max-Age the following relationships should be satisfied: 2*(Forward-Time - 1) >= Max-Age Max-Age >= 2*(Hello-Time + 1) Example The following example configures the spanning-tree bridge maximum-age to 10 seconds. console(config)#spanning-tree max-age 10 spanning-tree max-hops Use the spanning-tree max-hops command to set the MSTP Max Hops parameter to a new value for the common and internal spanning tree.

Page 753: Spanning-Tree Mode
spanning-tree mode Use the spanning-tree mode command in Global Configuration mode to configure the spanning-tree protocol. To return to the default configuration, use the no form of this command. Syntax spanning-tree mode {stp | rstp | mst | pvst | rapid-pvst} no spanning-tree mode •...

Page 754: Spanning-Tree Mst Configuration
RSTP-PV maintains independent spanning tree information about each configured VLAN. RSTP-PV uses IEEE 802.1Q trunking and allows a trunked VLAN to maintain blocked or forwarding state per port on a per VLAN basis. This allows a trunk port to be forwarding for some VLANs and blocked on other VLANs.

Page 755: Spanning-Tree Mst Cost
User Guidelines For two or more switches to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number and the same name. Example The following example configures an MST region. console (config)#spanning-tree mst configuration console (config-mst)#instance 1 add vlan 10-20 console (config-mst)#name region1 console (config-mst)#revision 1...

Page 756: Spanning-Tree Mst Port-Priority
Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines MST instance id 0 is the common internal spanning tree instance (CIST). Example The following example configures the MSTP instance 1 path cost for interface 1/0/9 to 4. console(config)#interface gigabitethernet 1/0/9 console(config-if-Gi1/0/9)#spanning-tree mst 1 cost 4 spanning-tree mst port-priority Use the spanning-tree mst port-priority command in Interface Configuration...

Page 757: Spanning-Tree Mst Priority
User Guidelines The priority will be set to the nearest multiple of 4096 if not an exact multiple of 4096. Example The following example configures the port priority of gigabit Ethernet interface 1/0/5 to 144. console(config)#interface gigabitethernet 1/0/5 console(config-if)#spanning-tree mst 1 port-priority 144 spanning-tree mst priority Use the spanning-tree mst priority command in Global Configuration mode to set the switch priority for the specified spanning-tree instance.

Page 758: Spanning-Tree Portfast
Example The following example configures the spanning tree priority of instance 1 to 4096. console(config)#spanning-tree mst 1 priority 4096 spanning-tree portfast Use the spanning-tree portfast command in Interface Configuration mode to enable PortFast mode. In PortFast mode, the interface is immediately put into the forwarding state upon linkup, without waiting for the timer to expire.

Page 759: Spanning-Tree Portfast Bpdufilter Default
spanning-tree portfast bpdufilter default The spanning-tree portfast bpdufilter default command discards BPDUs received on spanning-tree ports in portfast mode. Use the “no” form of the command to disable discarding. Syntax spanning-tree portfast bpdufilter default no spanning-tree portfast bpdufilter default Default Configuration This feature is disabled by default.

Page 760: Spanning-Tree Port-Priority (Interface Configuration)
Default Configuration Portfast mode is disabled by default. Command Mode Global Configuration mode User Guidelines This command only applies to access ports. This command should be used with care. An interface with NOTE: PortFast mode enabled is moved directly to the spanning tree forwarding state when linkup occurs without waiting for the standard forward-time delay.

Page 761 Default Configuration The default port-priority for IEEE STP is 128. Command Mode Interface Configuration mode User Guidelines If the VLAN parameter is given, the priority is configured only for the selected VLANs (applies only when pvst or rapid-pvst mode is selected). Configuration without the VLAN parameter configures the port priority for RSTP, STP-PV, and RSTP-PV.

Page 762: Spanning-Tree Priority
Example The following example configures a port connected to a host to be least likely to be selected for forwarding to the root bridge, even if the host begins to send BPDUs. console(config-if-Gi1/0/1)#spanning-tree port-priority 240 console(config-if-Gi1/0/1)#spanning-tree vlan 10 port-priority 240 spanning-tree priority Use the spanning-tree priority command in Global Configuration mode to configure the spanning-tree priority.

Page 763: Spanning-Tree Tcnguard
spanning-tree tcnguard Use the spanning-tree tcnguard command to prevent a port from propagating topology change notifications. Use the “no” form of the command to enable TCN propagation. Syntax spanning-tree tcnguard no spanning-tree tcnguard Default Configuration TCN propagation is disabled by default. Command Mode Interface Configuration (Ethernet, Port Channel) mode User Guidelines...

Page 764: Spanning-Tree Uplinkfast
Default Configuration The default hold count is 6 BPDUs. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example sets the maximum number of BPDUs sent to 6. console(config)#spanning-tree transmit hold-count 6 spanning-tree uplinkfast Use the spanning-tree uplinkfast command to configure the rate at which gratuitous frames are sent (in packets per second) after a switchover to an...

Page 765: Spanning-Tree Vlan
User Guidelines DirectLink Rapid Convergence (DRC) can be configured even if the switch is configured for MST(RSTP) mode. It only has an effect when the switch is configured for STP-PV or RSTP-PV modes. Enabling DRC sets the switch priority to 49152. Path costs less than 3000 have an additional 3000 added when DRC is enabled.

Page 766: Spanning-Tree Vlan Forward-Time
To change the allocation of spanning-tree instances to VLANs, use the no spanning-tree vlan command to disassociate a VLAN from a per VLAN spanning-tree instance and use the spanning-tree vlan command to associate the spanning-tree instance with the desired VLAN. Command Modes Global Configuration mode User Guidelines...

Page 767: Spanning-Tree Vlan Hello-Time
Command Modes Global Configuration Mode User Guidelines Set this value to a lower number to accelerate the transition to forwarding. The network operator should take into account the end to end BPDU propagation delay, the maximum frame lifetime, the maximum transmission halt delay and the message age overestimate values specific to their network when configuring this parameter.

Page 768: Spanning-Tree Vlan Max-Age
Use the form of the command to return the hello time to its default value. Example console(config)#spanning-tree vlan 3 hello-time 1 spanning-tree vlan max-age Use the spanning-tree vlan max-age command to configure the spanning tree maximum age time for a set of VLANs. Use the no form of the command to return the maximum age timer to the default value.

Page 769: Spanning-Tree Vlan Root
spanning-tree vlan root Use the spanning-tree vlan root primary command to configure the switch to become the root bridge or standby root bridge by modifying the bridge priority from the default value to a lower value calculated to ensure the bridge is the root (or standby) bridge.

Page 770 Syntax vlan-list priority spanning-tree vlan { } priority vlan-list no spanning-tree vlan { } priority vlan-list –A single VLAN ID or a list of VLAN IDs in comma delineated or • range format with no embedded blanks. Range 1-4094. priority –The bridge priority advertised when combined with the switch •...

Page 771 Dell Networking supports authentication of a user using a TACACS+ server. When TACACS+ is configured as the authentication method for a user login type (CLI/HTTP/HTTPS), the NAS will prompt for the user login credentials and request services from the TACACS+ client;...

Page 772 port tacacs-server key encrypted priority tacacs-server timeout show tacacs timeout Use the key command in TACACS Configuration mode to specify the authentication and encryption key for all TACACS communications between the device and the TACACS server. This key must match the key used on the TACACS daemon.

Page 773: Usage Guidelines
key-string — The key string in encrypted form. It should be 256 characters • in length Default Configuration There is no default configuration for this command. Command Modes TACACS Configuration mode. Usage Guidelines This command has no user guidelines. Example console(tacacs)# key encrypted f6fdffe48c908deb0f4c3bd36c032e72f6fdffe48c908deb0f4c3bd36c032e72f6fdffe48c90 8deb0f4c3bd36c032e72f6fdffe48c908deb0f4c3bd36c032e72f6fdffe48c908deb0f4c3bd3...

Page 774: Show Tacacs
User Guidelines This command has no user guidelines. Example The following example displays how to specify TACACS server port number 1200. console(tacacs)#port 1200 priority Use the priority command in TACACS Configuration mode to specify the order in which servers are used, where 0 (zero) is the highest priority. Syntax priority priority [...

Page 775: Tacacs-Server Host
Syntax ip-address show tacacs [ ip-address — • The name or IP address of the host. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following example displays TACACS+ server settings.

Page 776: Tacacs-Server Key
hostname — The hostname of the TACACS+ server. (Range: 1-255 • characters). Default Configuration No TACACS+ host is specified. Command Mode Global Configuration mode User Guidelines To specify multiple hosts, multiple tacacs-server host commands can be used. TACACS servers are keyed by the host name, therefore it is advisable to use unique host names.

Page 777: Tacacs-Server Key Encrypted
Command Mode Global Configuration mode User Guidelines The tacacs-server key command accepts any printable characters for the key except a double quote or question mark. Enclose the string in double quotes to include spaces within the key. The surrounding quotes are not used as part of the name.

Page 778: Tacacs-Server Timeout
Example console(config)# tacacs-server key encrypted f6fdffe48c908deb0f4c3bd36c032e72f6fdffe48c908deb0f4c3bd36c032e72f6fdffe48c90 8deb0f4c3bd36c032e72f6fdffe48c908deb0f4c3bd36c032e72f6fdffe48c908deb0f4c3bd3 6c032e72f6fdffe48c908deb0f4c3bd36c032e72f6fdffe48c908deb0f4c3bd36c032e72f6fd ffe48c908deb0f4c3bd36c032e72 console(config)# tacacs-server timeout Use the tacacs-server timeout command in Global Configuration mode to set the interval during which a switch waits for a server host to reply. To restore the default, use the no form of this command. Syntax timeout tacacs-server timeout [...

Page 779 Syntax timeout timeout [ timeout — The timeout value in seconds. (Range: 1–30) • Default Configuration If left unspecified, the timeout defaults to the global value. Command Mode TACACS Configuration mode User Guidelines This command has no user guidelines. Example This example shows how to specify the timeout value.

Page 780 TACACS+ Commands...

Page 781: Udld Commands
UDLD Commands The UDLD feature detects unidirectional links on physical ports. A unidirectional link is a forwarding anomaly in a Layer 2 communication channel in which a bi-directional link stops passing traffic in one direction. UDLD must be enabled on the both sides of the link in order to detect a unidirectional link.

Page 782: Processing Udld Traffic From Neighbors
recognize only the sending failures on unidirectional links. If all devices in the network support UDLD, this functionality is enough to detect all unidirectional links. Processing UDLD Traffic from Neighbors Every UDLD-capable device collects information about all other UDLD- capable devices. Each device populates UDLD echo packets with collected neighbor information to help neighbors identify unidirectional links.

Page 783: Udld Enable (Global Configuration)
UDLD will put the port into the diagnostically disabled state in the following cases: When there is a loopback. The device ID and port ID sent out on a port is received back. UDLD PDU is received from a partner does not have its own details (echo).

Page 784: Udld Reset
Command Mode Global Configuration mode User Guidelines This command globally enables UDLD. Interfaces which are not connected or enabled at the Ethernet layer at the time the command is issued will be enabled for UDLD when connected or enabled. udld reset Use the udld reset command in Privileged EXEC mode to reset (enable) all interfaces disabled by UDLD.

Page 785: Udld Message Time
udld message time Use the udld message time command in Global Configuration mode to configure the interval between the transmission of UDLD probe messages on ports that are in the advertisement phase. Use the no form of the command to return the message transmission interval to the default value.

Page 786: Udld Enable (Interface Configuration)
no udld timeout interval timeout-interval —UDLD timeout interval. Range is 5 to 60 seconds. • Default Configuration The default timeout interval is 5 seconds. Command Mode Global Configuration mode User Guidelines This command sets the time interval used to determine if the link has bidirectional or unidirectional connectivity.

Page 787: Udld Port
udld port Use the udld port command in Interface (physical) Configuration mode to select the UDLD operating mode on a specific interface. Use the no form of the command to reset the operating mode to the default (normal). Syntax udld port aggressive no udld port •...

Page 788 Command Mode Privileged EXEC or User EXEC mode, Configuration mode and all Configuration submodes User Guidelines When no interface is specified, the following fields are shown: Field Description Admin Mode The global administrative mode of UDLD. Message Interval The time period (in seconds) between the transmission of UDLD probe packets.

Page 789: Debug Udld
Field Description UDLD Status The status of the link as determined by UDLD. The options are: • Undetermined – UDLD has not collected enough information to determine the state of the port. • Not applicable – UDLD is disabled, either globally or on the port.

Page 790 User Guidelines This command has no user guidelines. UDLD Commands...

Page 791: Vlan Commands
VLAN Commands Dell Networking N2000/N3000/N4000 Series Switches Dell Networking 802.1Q VLANs are an implementation of the Virtual Local Area Network, specification 802.1Q. Operating at Layer 2 of the OSI model, the VLAN is a means of parsing a single network into logical user groups or organizations as if they physically resided on a dedicated LAN segment of their own.

Page 792: Independent Vlan Learning
The Dell Networking switching component can be configured to enable the port in double-VLAN (DVLAN) mode. In this mode switch looks for 12th, 13th, 16th, and 17th bytes for the tag status in the incoming frame. The outer tag (S-TAG) TPID is identified with the 12th and 13th bytes values. The inner tag (C-TAG) TPID is identified with 16th and 17th bytes values.

Page 793: Ip Subnet Based Vlans
MAC address. Private VLAN Commands The Dell Networking Private VLAN feature separates a regular VLAN domain into two or more subdomains. Each subdomain is defined (represented) by a primary VLAN and a secondary VLAN. The primary VLAN ID is the same for all subdomains that belong to a private VLAN.

Page 794 • Primary VLAN Forwards the traffic from the promiscuous ports to isolated ports, community ports and other promiscuous ports in the same private VLAN. Only one primary VLAN can be configured per private VLAN. All ports within a private VLAN share the same primary VLAN. •...

Page 795 Figure 38-1. Private VLANs Isolated VLAN An endpoint connected over an isolated VLAN is allowed to communicate with endpoints connected to promiscuous ports only. Endpoints connected to adjacent endpoints over an isolated VLAN cannot communicate with each other. Community VLAN An endpoint connected over a community VLAN is allowed to communicate with the endpoints within the community and can also communicate with any configured promiscuous port.

Page 796 In order to enable Private VLAN operation across multiple switches which are not stacked, the inter-switch links should carry VLANs which belong to a private VLAN. The trunk ports which connect neighbor switches have to be assigned to the primary, isolated, and community VLANs of a private VLAN. In regular VLANs, ports in the same VLAN switch traffic at L2.

Page 797: Dvlan-Tunnel Ethertype
protocol vlan group switchport access vlan association show vlan private-vlan– vlan – switchport general – – forbidden vlan Private VLAN Commands switchport private- private-vlan show interfaces show vlan private-vlan vlan switchport switchport mode – – – private-vlan dvlan-tunnel ethertype Use the dvlan-tunnel ethertype command in Global Configuration mode to enable the configuration of the inner and outer VLAN tag ethertype.

Page 798 Command Mode Global Configuration, Interface Configuration, Interface Range, and Port- Channel Range modes User Guidelines This command configures the outer VLAN tag type (primary TPID) for double VLAN tagging when used in global CONFIG mode with the primary- tpid parameter. Only one outer tag type can be configured for the switch. The outer tag is added on egress and removed on ingress on uplink (service provider) ports.

Page 799: Interface Vlan
Service provider port is participating in service provider VLAN 100 and egress tagging is enabled console(config-if-Gi1/0/1)#switchport general allowed vlan add 100 tagged console(config-if-Gi1/0/1)#mode dvlan-tunnel console(config-if-Gi1/0/1)#vlan-tunnel ethertype vman console(config-if-Gi1/0/1)#exit Customer port config console(config)#interface Gi1/0/2 console(config-if-Gi1/0/2)#switchport mode general Service provider VLAN 100 configured as the PVID on the customer port console(config-if-Gi1/0/2)#switchport general pvid 100 Customer port is participating in service provider VLAN 100 and egress tagging is disabled...

Page 800: Interface Range Vlan
vlan-id —The ID of a valid VLAN (Range 1–4093). • Default Configuration By default, routing is enabled on VLAN 1. However, VLAN 1 does not route packets until an IP address is assigned to the VLAN. DHCP is not enabled on VLAN 1 by default.

Page 801: Mode Dvlan-Tunnel
User Guidelines Commands used in the interface range context are executed independently on each interface in the range. If the command returns an error on one of the interfaces, an error message is displayed and execution continues on other interfaces. Example The following example groups VLAN 221 through 228 and VLAN 889 to execute the commands entered in interface range mode.

Page 802: Name (Vlan Configuration)
Uplink Port Behavior If a single-tagged (SP tagged) or double-tagged (SP tag as outer tag) packet ingresses an uplink port, the switch strips the outer tag prior to forwarding it to the respective access ports. If an untagged or single tagged (802.1Q tagged) packet egresses an uplink port, the switch tags it with the configured ethertype and service provider VLAN ID taken from the service port PVID.

Page 803: Protocol Group
Command Mode VLAN Configuration mode User Guidelines The VLAN name may include any alphanumeric characters including a space, underscore, or dash. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may truncate entries at the first illegal character or reject the entry entirely.

Page 804: Protocol Vlan Group
Default Configuration This command has no default configuration. Command Mode VLAN Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to attach the VLAN ID "100" to the protocol-based VLAN group "3." console(config-vlan)#protocol group 3 100 protocol vlan group Use the protocol vlan group command in Interface Configuration mode to add the physical unit/slot/port interface to the protocol-based group...

Page 805: Protocol Vlan Group All
groupid — The protocol-based VLAN group ID, which is automatically • generated when you create a protocol-based VLAN group with the vlan protocol group command. To see the group ID associated with the name of a protocol group, use the show port protocol all command. Default Configuration This command has no default configuration.

Page 806: Show Dvlan-Tunnel
groupid — The protocol-based VLAN group ID, which is automatically • generated when you create a protocol-based VLAN group with the vlan protocol group command. To see the group ID associated with the name of a protocol group, use the show port protocol all command. Default Configuration This command has no default configuration.

Page 807: Show Dvlan-Tunnel Interface
Example The following example shows how to display all interfaces for Double VLAN Tunneling. console#show dvlan-tunnel Interfaces Enabled for DVLAN Tunneling..1/0/1 show dvlan-tunnel interface Use the show dvlan-tunnel interface command in Privileged EXEC mode to display detailed information about Double VLAN Tunneling for the specified interface or all interfaces.

Page 808: Show Interfaces Switchport
EtherType This field represents a 2-byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel. The three different EtherType tags are: (1) 802.1Q, which represents the commonly used value of 0x8100. (2) vMAN, which represents the commonly used value of 0x88A8.

Page 809 • Voice VLAN It is recommended that the private VLAN host ports be configured as spanning-tree portfast. The command displays the following information. Parameter Description private-vlan host- Displays VLAN association for the private-VLAN host ports. association private-vlan Displays VLAN mapping for the private-VLAN promiscuous mapping ports.

Page 810 Forbidden VLANS: VLAN Name ---- --------- The following example displays switchport configuration individually for 1/0/2. console#show interface switchport gigabitethernet 1/0/2 Port 1/0/2: VLAN Membership mode: General Operating parameters: PVID: 4095 (discard vlan) Ingress Filtering: Enabled Acceptable Frame Type: All Port 1/0/1 is member in: VLAN Name Egress rule...

Page 811: Show Port Protocol
2922 Community A1 untagged Static Static configuration: PVID: 2922 Ingress Filtering: Enabled Acceptable Frame Type: Untagged GVRP status: Disabled Port 2/0/19 is member in: VLAN Name Egress rule Type ---- --------- ----------- ----- 2921 Primary A untagged Static 2922 Community A1 untagged Static show port protocol...

Page 812: Show Vlan
Group Group Name Protocol(s VLAN Interface(s) --------------- ----- ---------- ---- ------------ test 1/0/1 show vlan Use the show vlan command in Privileged EXEC mode to display detailed information, including interface information and dynamic VLAN type, for a specific VLAN or RSPAN VLAN. The ID is a valid VLAN identification number.

Page 813: Show Vlan Association Mac
This example shows information for a specific VLAN ID. console#show vlan id 10 VLAN Name Ports Type ----- --------------- ------------- -------------- Te1/0/1 Static RSPAN Vlan ------------------------------------------------------------------ Enabled This example shows information for a specific VLAN name. console#show vlan name myspan VLAN Name Ports...

Page 814: Show Vlan Association Subnet
User Guidelines This command has no user guidelines. Example The following example shows no entry in MAC address to VLAN cross- reference. console#show vlan association mac MAC Address VLAN ID ----------------------- ------- 0001.0001.0001.0001 console# show vlan association subnet Use the show vlan association subnet command in Privileged EXEC mode to display the VLAN associated with a specific configured IP-Address and netmask.

Page 815: Switchport Access Vlan
Example The following example shows the case if no IP Subnet to VLAN association exists. console#show vlan association subnet IP Address IP Mask VLAN ID ---------------- ---------------- ------- The IP Subnet to VLAN association does not exist. switchport access vlan Use the switchport access vlan command in Interface Configuration mode to configure the VLAN ID when the interface is in access mode.

Page 816: Switchport General Forbidden Vlan
console(config)#interface gigabitethernet 1/0/8 console(config-if-Gi1/0/8)#switchport access vlan 23 switchport general forbidden vlan Use the switchport general forbidden vlan command in Interface Configuration mode to forbid adding specific VLANs to a general mode port. To revert to allowing the addition of specific VLANs to the port, use the remove parameter of this command.

Page 817: Switchport General Allowed Vlan
switchport general acceptable-frame-type tagged-only Use the switchport general acceptable-frame-type tagged-only command in Interface Configuration mode to discard untagged frames at ingress. To enable untagged frames at ingress, use the no form of this command. Syntax switchport general acceptable-frame-type tagged-only no switchport general acceptable-frame-type tagged-only Default Configuration All frame types are accepted at ingress.

Page 818: Switchport General Ingress-Filtering Disable
vlan-list — List of VLAN IDs to add. Separate nonconsecutive VLAN • IDs with a comma and no spaces. Use a hyphen to designate a range of IDs. vlan-list — List of VLAN IDs to remove. Separate nonconsecutive remove • VLAN IDs with a comma and no spaces.

Page 819: Switchport General Pvid
no switchport general ingress-filtering disable Default Configuration Ingress filtering is enabled. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines Ingress filtering, when enabled, discards received frames that are not tagged with a VLAN for which the port is a member. If ingress filtering is disabled, tagged frames from all VLANs are processed by the switch.

Page 820: Switchport Mode
Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines Setting a new PVID does NOT remove the previously configured PVID VLAN from the port membership. Example The following example shows how to configure the PVID for 1/0/8, when the interface is in general mode.

Page 821: Switchport Trunk
general—Full 802.1q support VLAN interface. A general mode port is a • combination of both trunk and access ports capabilities. It is possible to fully configure all VLAN features on a general mode port. Both tagged and untagged packets may be accepted and transmitted. Default Configuration The default switchport mode is access.

Page 822 all specifies all VLANs from 1 to 4093. This keyword is not allowed on – commands that do not permit all VLANs in the list to be set at the same time. add adds the defined list of VLANs to those currently set instead of –...

Page 823 It is possible to exclude VLANs that have not yet been created from trunk port membership. Example console(config-if-Gi1/0/1)#switchport trunk allowed vlan 1-1024 console(config-if-Gi1/0/1)#switchport trunk allowed vlan except 1,2,3,5,7,11,13 vlan Use the vlan command in Global Configuration mode to configure a VLAN. To delete a VLAN, use the no form of this command.

Page 824: Vlan Association Mac
Example The following example shows how to create (add) VLAN IDs 22, 23, and 56. console(config)#vlan 22,23,56 console(config-vlan)# vlan association mac Use the vlan association mac command in VLAN Configuration mode to associate a MAC address to a VLAN. The maximum number of MAC-based VLANs is 256.

Page 825: Vlan Association Subnet
vlan association subnet Use the vlan association subnet command in VLAN Configuration mode to associate a VLAN to a specific IP-subnet. Only packets with a matching source IP address are placed into the VLAN. Syntax ip-address subnet-mask vlan association subnet ip-address subnet-mask no vlan association subnet ip-address —...

Page 826: Vlan Protocol Group
Syntax vlan-id vlan makestatic vlan-id — Valid vlan ID. Range is 2–4093. • Default Configuration This command has no default configuration. Command Mode Global Configuration Mode User Guidelines The dynamic VLAN (created via GRVP) should exist prior to executing this command.

Page 827: Vlan Protocol Group Add Protocol
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console(config)# vlan protocol group 1 vlan protocol group add protocol Use the vlan protocol group add protocol command in Global Configuration mode to add a protocol to the protocol-based VLAN groups identified by groupid .

Page 828: Vlan Protocol Group Name
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to add the "ip" protocol to the protocol based VLAN group identified as "2." console(config)#vlan protocol group add protocol 2 ethertype 0xXXXX vlan protocol group name This is a new command for assigning a group name to vlan protocol group id.

Page 829: Vlan Protocol Group Remove
User Guidelines This command has no user guidelines. Example console(config)# vlan protocol group name 1 usergroup vlan protocol group remove Use the vlan protocol group remove command in Global Configuration groupid mode to remove the protocol-based VLAN group identified by Syntax groupid vlan protocol group remove...

Page 830: Switchport Private-Vlan
switchport private-vlan Use the switchport private-vlan command in Interface Configuration mode to define a private VLAN association for an isolated or community port or a mapping for a promiscuous port. Use the no form of the command to remove the private VLAN association or mapping from the interface.

Page 831: Switchport Mode Private-Vlan
switchport mode private-vlan Use the switchport mode private-vlan command in Interface Configuration mode to define a private VLAN association for an isolated or community interface or a mapping for a promiscuous interface. Use the no form of the command to remove the private VLAN association or mapping from the interface.

Page 832 private-vlan Use the private-vlan command in VLAN Configuration mode to define a private VLAN association between the primary and secondary VLANs. Use the no form of the command to remove the private VLAN association. Syntax vlan- private-vlan {primary|isolated|community|association [add|remove] list no private-vlan [association] association—Defines an association between the primary VLAN and •...

Page 833: Show Vlan Private-Vlan
An isolated VLAN is used by isolated ports to communicate with promiscuous ports. It does not carry traffic to other community ports or other isolated ports with the same primary VLAN. The primary VLAN is the VLAN that carries traffic from a promiscuous port to the private ports.

Page 834 Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines Do not configure private VLANs on ports configured with any of these features: • Link Aggregation Control Protocol (LACP) • Multicast VLAN Registration (MVR) • Voice VLAN It is recommended that the private VLAN host ports be configured as spanning-tree portfast.

Page 835: Voice Vlan Commands
Voice VLAN Commands Dell Networking N2000/N3000/N4000 Series Switches The Voice VLAN feature enables switch ports to carry voice traffic with an administrator-defined priority so as to enable prioritization of voice traffic over data traffic. Using Voice VLAN helps to ensure that the sound quality of an IP phone is protected from deterioration when the data traffic utilization on the port is high.

Page 836: Voice Vlan (Interface)
Commands in this Chapter This chapter explains the following commands: voice vlan voice vlan data priority voice vlan (Interface) show voice vlan voice vlan This command is used to enable the voice VLAN capability on the switch. Syntax voice vlan no voice vlan Command Mode Global Configuration...

Page 837: Voice Vlan Data Priority
auth—Enables/disables authentication on the voice vlan port. • data—Observe the priority on received voice vlan traffic (trusted mode). • • dot1p—Configure Voice VLAN 802.1p priority tagging for voice traffic. • dscp—Configure DSCP value for voice traffic on the voice vlan port. (Range: 0–64).

Page 838: Show Voice Vlan
Syntax voice vlan data priority {trust | untrust} • trust Trust the dot1p priority or DSCP values contained in packets — arriving on the voice vlan port. • untrust Do not trust the dot1p priority or DSCP values contained in —...

Page 839 When the interface parameter is specified: Voice VLAN Mode The admin mode of the voice VLAN on the interface. Voice VLAN ID The voice VLAN ID. Voice VLAN Priority The Dot1p priority for the voice VLAN on the port. Voice VLAN The tagging option for the voice VLAN traffic.

Page 840 Voice VLAN Commands...

Page 841: Local 802.1X Authentication Server
A port is defined as a single point of attachment to the LAN. The Dell Networking supports an 802.1x Authenticator service with a local authentication server or authentication using remote RADIUS or TACACS servers.

Page 842: Mac Authentication Bypass
Whenever an operator configures a port in Dot1x authentication mode and selects the authentication method as internal, then the user credentials received from the Dot1x supplicant is validated against the IDAS by Dot1x component. The Dot1x application accesses the Dot1x user database to check whether the user credentials present in the authentication message corresponds to a valid user or not.

Page 843: Guest Vlan
Guest VLAN The Guest VLAN feature allows a Dell Networking switch to provide a distinguished service to unauthenticated users (not rogue users who fail authentication). This feature provides a mechanism to allow visitors and contractors to have network access to reach external network with no ability to surf internal LAN.

Page 844: Radius-Based Dynamic Vlan Assignment
client is authenticated and is undisturbed by the failure condition(s). The reasons for failure are logged and buffered into the local logging database such that the operator can track the failure conditions. Clients authenticated when monitor mode is enabled are always assigned to the default VLAN, regardless of the RADIUS assignment.

Page 845: Dot1X Dynamic-Vlan Enable
dot1x system-auth-control clear authentication dot1x unauth-vlan monitor authentication-history dot1x timeout guest-vlan- show authentication show dot1x advanced period dot1x timeout quiet-period show authenticaton – authentication-history 802.1x Advanced Features dot1x guest-vlan dot1x unauth-vlan show dot1x advanced dot1x dynamic-vlan enable Use the dot1x dynamic-vlan enable command in Global Configuration mode to enable the capability of creating VLANs dynamically when a RADIUS–assigned VLAN does not exist in the switch.

Page 846: Dot1X Initialize
dot1x initialize This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is auto or mac-based. If the control mode is not auto or mac-based, an error will be returned.

Page 847: Dot1X Mac-Auth-Bypass
User Guidelines Local processing of IEEE 802.1x frames must be disabled (no dot1x system- auth-control) for this capability to be enabled. This capability is useful in situations where the authenticator device is placed one or more hops away from the authenticating host. The intervening switch will flood all received IEEE 802.1x frames in the VLAN.

Page 848: Dot1X Max-Req
dot1x max-req Use the dot1x max-req command in Interface Configuration mode to set the maximum number of times that the switch sends an Extensible Authentication Protocol (EAP)-request frame (assuming that no response is received) to the client before restarting the authentication process. To return to the default setting, use the no form of this command.

Page 849: Dot1X Max-Users
dot1x max-users Use the dot1x max-users command in Interface Configuration mode to set the maximum number of clients supported on the port when MAC-based 802.1X authentication is enabled on the port. Use the no version of the command to reset the maximum number of clients supported on the port when MAC-based 802.1X authentication is enabled on the port.

Page 850 Syntax dot1x port-control {force-authorized | force-unauthorized | auto | mac- based} no dot1x port-control • auto — Enables 802.1x authentication on the interface and causes the port to transition to the authorized or unauthorized state based on the 802.1x authentication exchange between the switch and the client. •...

Page 851: Dot1X Reauthentication
console(config)# interface gigabitethernet 1/0/2 console(config-if-Gi1/0/2)# dot1x port-control mac-based dot1x re-authenticate Use the dot1x re-authenticate command in Privileged EXEC mode to enable manually initiating a re-authentication of all 802.1x-enabled ports or the specified 802.1x-enabled port. Syntax dot1x re-authenticate [gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port] Default Configuration This command has no default configuration.

Page 852: Dot1X System-Auth-Control
Default Configuration Periodic reauthentication is disabled. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example enables periodic reauthentication of the client. console(config)# interface gigabitethernet 1/0/16 console(config-if-Gi1/0/16)# dot1x reauthentication dot1x system-auth-control Use the dot1x system-auth-control command in Global Configuration mode to enable 802.1x globally.

Page 853: Dot1X System-Auth-Control Monitor
Example The following example enables 802.1x globally. console(config)# dot1x system-auth-control dot1x system-auth-control monitor Use the dot1x system-auth-control monitor command in Global Configuration mode to enable 802.1x monitor mode globally. To disable this function, use the no form of this command. Syntax dot1x system-auth-control monitor no dot1x system-auth-control monitor...

Page 854: Dot1X Timeout Quiet-Period
Syntax seconds dot1x timeout guest-vlan-period no dot1x timeout guest-vlan-period seconds — Time in seconds that the switch waits before authorizing the • client if the client is a dot1x unaware client. Range 1-300. Default Configuration The switch remains in the quiet state for 90 seconds. Command Mode Interface Configuration (Ethernet) mode User Guidelines...

Page 855: Dot1X Timeout Re-Authperiod
seconds — Time in seconds that the switch remains in the quiet state • following a failed authentication exchange with the client. (Range: 0–65535 seconds) Default Configuration The switch remains in the quiet state for 60 seconds. Command Mode Interface Configuration (Ethernet) mode User Guidelines During the quiet period, the switch does not accept or initiate any authentication requests.

Page 856: Dot1X Timeout Server-Timeout
seconds — Number of seconds between re-authentication attempts. • (Range: 300–4294967295) Default Configuration Re-authentication period is 3600 seconds. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example sets the number of seconds between re-authentication attempts to 300.

Page 857: Dot1X Timeout Tx-Period
Command Mode Interface Configuration (Ethernet) mode User Guidelines The actual timeout is this parameter or the product of the Radius transmission times the Radius timeout, whichever is smaller. Example The following example sets the time for the retransmission to the authentication server to 3600 seconds.

Page 858: Authentication Enable
User Guidelines Change the default value of this command only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. Example The following command sets the number of seconds that the switch waits for a response to an EAP-request/identity frame to 3600 seconds.

Page 859: Authentication Order
authentication order This command sets the order of authentication methods used on a port. The available authentication methods are Dot1x, MAB, and captive portal. Ordering sets the order of methods that the switch attempts when trying to authenticate a new device connected to a port. If one method is unsuccessful or timed out, the next method is attempted.

Page 860: Authentication Restart
Use the no form of this command to return the port to the default order of priority for the authentication methods. Syntax authentication priority [mab | dot1x | captive-portal] [mab | dot1x | captive-portal] [mab | dot1x | captive-portal] no authentication priority Default Configuration There is no default configuration for this command.

Page 861: Clear Authentication Statistics
Default Configuration The default timer value is 300 seconds. Command Modes Interface VLAN Configuration mode User Guidelines None Example console(config-if-Gi1/0/1)# authentication timer restart 1800 console(config-if-Gi1/0/1)# no authentication timer restart clear authentication statistics Use this command to clear the authentication statistics. Syntax interface-id clear authentication statistics {...

Page 862: Show Authentication
clear authentication authentication-history Use this command to clear the authentication history logs. Syntax interface-id clear authentication authentication-history { | all} interface-id —The interface. • • all—All interfaces. Default Configuration There is no default configuration for this command. Command Modes Privileged EXEC mode User Guidelines None Example...

Page 863: Show Authenticaton Authentication-History
Command Modes Privileged EXEC mode User Guidelines This command has no user guidelines. Example console# show authentication Tiered Authentication......Enabled console# show authentication interface Gi1/0/1 Port........... Gi1/0/1 Authentication Restart timer....300 Configured method order......dot1x mab captive-portal Enabled method order......dot1x mab undefined Configured method priority.....

Page 864: Show Authentication Statistics
Command Modes Privileged EXEC mode User Guidelines This command has no user guidelines. Example console#show authentication authentication-history Gi1/0/1 Time Stamp Interface MAC-Address Auth Status Method --------------------- --------- ----------------- ------------ ------ Jul 21 1919 15:06:15 Gi1/0/1 00:00:00:00:00:01 Authorized 802.1X show authentication statistics Use this command to display the Authentication Manager statistics on one or more interfaces.

Page 865: Show Dot1X
Mab attempts........0 Mab failed attempts......0 Captive-portal attempts......0 Captive-Portal failed attempts....0 show dot1x Use the show dot1x command in Privileged EXEC mode to display: • A summary of the global dot1x configuration. • Summary information of the dot1x configuration for a specified port or all ports.

Page 866: Show Dot1X Authentication-History
Field Description Monitor Mode Indicates whether the Dot1x Monitor mode on the switch is enabled or disabled. Dynamic VLAN Indicates if VLANs assigned by the RADIUS server are Creation Mode dynamically created by the dot1x client. EAPOL flood mode Indicates whether EAPOL frames are flooded on the interface or are processed locally by the switch.

Page 867 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines The following table explains the output parameters. Parameter Description Time Stamp Exact time at which the event occurs. Interface Physical Port on which the event occurs.

Page 868: Show Dot1X Clients
--------------------- --------- ----------------- ------ ---------- Mar 22 2010 01:16:31 gi1/0/2 00:01:02:03:04:05 111 Authorized Mar 22 2010 01:20:33 gi1/0/7 00:00:0D:00:00:00 222 Authorized console#show dot1x authentication-history gi1/0/1 Time Stamp Interface MAC-Address VLANID Auth Status --------------------- --------- ----------------- ------ ---------- Mar 22 2010 01:16:31 gi1/0/1 00:01:02:03:04:05 111 Authorized...

Page 869 Field Description Clients Indicates the number of Dot1x clients authenticated using Authenticated using Monitor mode. Monitor Mode Clients Indicates the number of Dot1x clients authenticated using Authenticated using 802.1x authentication process. Dot1x The following table describes the significant fields shown in the display. Field Description Interface...

Page 870: Show Dot1X Interface
This command shows the status of MAC Authentication Bypass. This feature is an extension of Dot1x Option 81 feature added in Dell Networking Release 2.1. to accept a VLAN name as an alternative to a number when RADIUS indicates the Tunnel-Private-Group-ID for a supplicant.

Page 871: Show Dot1X Interface Statistics
Example console#show dot1x interface gigabitethernet 1/0/10 Administrative Mode....Disabled Dynamic VLAN Creation Mode..Disabled Monitor Mode...... Disabled Port Admin Oper Reauth Reauth Mode Mode Control Period ------- ------------------ ------------ -------- ---------- Gi1/0/10 auto FALSE 3600 Quiet Period........60 Transmit Period........ 30 Maximum Requests.......

Page 872 User Guidelines The following table describes the significant fields shown in the display. Field Description EAPOL Frames Received The number of valid EAPOL frames of any type that have been received by this Authenticator. EAPOL Frames The number of EAPOL frames of any type that have Transmitted been transmitted by this Authenticator.

Page 873: Show Dot1X Users
console#show dot1x interface gigabitethernet 1/0/2 statistics Port......... gi1/0/2 EAPOL Frames Received......0 EAPOL Frames Transmitted....... 0 EAPOL Start Frames Received....0 EAPOL Logoff Frames Received....0 Last EAPOL Frame Version....... 0 Last EAPOL Frame Source......0000.0000.0000 EAP Response/Id Frames Received....0 EAP Response Frames Received....

Page 874: Clear Dot1X Authentication–History
1/0/1 1/0/2 John Switch# show dot1x users username Bob Port Username --------- --------- 1/0/1 The following table describes the significant fields shown in the display: Field Description Username The username representing the identity of the Supplicant. Port The port that the user is using. clear dot1x authentication–history Use the clear dot1x authentication–history command in Privileged EXEC mode to clear the authentication history table captured during successful and...

Page 875: Dot1X Guest-Vlan
802.1x Advanced Features dot1x guest-vlan Use the dot1x guest-vlan command in Interface Configuration mode to set the guest VLAN on a port. The VLAN must already have been defined. The no form of this command sets the guest VLAN id to zero, which disables the guest VLAN on a port.

Page 876: Show Dot1X Advanced
Syntax vlan-id dot1x unauth-vlan no dot1x unauth-vlan vlan-id — The ID of a valid VLAN to use for unauthenticated clients • (Range: 0-4093). Default Configuration The unauthenticated VLAN is disabled on the interface by default. Command Mode Interface Configuration (Ethernet) mode User Guidelines Configure the unauthenticated VLAN before using this command.

Page 877 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays 802.1x advanced features for the switch. console#show dot1x advanced Port Guest Unauthenticated...

Page 878 802.1x Commands...

Page 879 Data Center Technology Commands The data center commands allow network operators to deploy lossless Ethernet capabilities in support of a converged network with Fibre Channel and Ethernet data, as specified by the FC-BB-5 working group of ANSI T11. This capability allows operators to deploy networks at a lower cost while still maintaining the same SAN network management operations that exists today.

Page 880 Data Center Technology Commands...

Page 881: Data Center Bridging Exchange Protocol
Data Center Bridging Commands Dell Networking N2000/N3000/N4000 Series Switches NOTE: Enhanced Transmission Selection commands are only supported on N4000 series switches. CLI commands and Dell OpenManage Switch Administrator pages are not available for other switch models. Data Center Bridging Exchange Protocol The Data Center Bridging Exchange Protocol (DCBX) is used by DCB devices to exchange configuration information with directly connected peers.

Page 882 The Dell Networking QoS implementation contains Differentiated Services (DiffServ) support that allows traffic to be classified into streams and given certain QOS treatment in accordance with defined per-hop behaviors.

Page 883 2 Bandwidth percentage (weight percentage) of each Traffic Class Group. 3 Scheduling algorithm for each Traffic Class Group. For Dell Networking switches which do not support configuration of ETS traffic classes in the hardware, the ETS information is propagated from the configuration source to the other DCBX peers.

Page 884 ETS settings for the peer using the “recommend” ETS TLV. Both the configuration and recommendation ETS TLVs are implemented for Dell Networking switches in release 4.2. The peer ETS TLVs are stored in the DCBX database and are accessible using show commands.

Page 885: Port Roles
Interoperability with IEEE DCBX The Dell Networking switch automatically detects if a peer is operating with either of the two CEE DCBX versions or the IEEE standard DCBX version.

Page 886 DCBX is enabled on that port. Incompatible peer configurations will be logged and counted with an error counter. The default operating mode for each port is Manual for Dell Networking releases; however, customer platforms may change the default mode for selected ports to either Auto-Upstream or Auto-Downstream mode.

Page 887 1 If the configuration is compatible with the configuration source, then the DCBX client becomes operationally active on the upstream port. 2 If the configuration is not compatible with the configuration source, then a message is logged indicating an incompatible configuration, an error counter is incremented, and the DCBX client is operationally disabled on the port.

Page 888 Configuration Source Port Selection Process When an auto-upstream or auto-downstream port receives a configuration from a peer, the DCBX client first checks if there is an active configuration source. If there is a configuration source already selected, the received configuration is checked against the local port operational values as received from the configuration source, and if compatible, the client marks the port as operationally enabled.

Page 889: Data Center Bridging Capability Exchange Commands
In order to reduce flapping of configuration information, if the configuration source port is disabled, disconnected or loses LLDP connectivity, the system clears the selection of configuration source port (if not manually selected) and enables the willing bit on all auto-upstream ports. The configuration on the auto-configuration ports is not cleared (configuration holdover).

Page 890: Lldp Dcbx Version
Syntax datacenter-bridging Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet) mode User Guidelines NOTE: This command is only available on N40xx series switches. Datacenter bridging mode is only available on physical interfaces, not on port-channel interfaces. To ensure proper operation, users must configure all physical interfaces in a port channel to have the same data-center bridging configuration.

Page 891: Lldp Tlv-Select Dcbxp (Dcb Enable)
Syntax lldp dcbx version {auto | cin | cee | ieee} no lldp dcbx version • auto—Automatically select the version based on the peer response. • CIN—Force the mode to Cisco-Intel-Nuova. (DCBX 1.0) CEE—Force the mode to CEE (DCBX 1.06) •...

Page 892 for transmission. If executed in Interface mode, the interface configuration overrides the global configuration for that interface. Entering the command with no parameters enables transmission of all TLVs. Use the no form of the command to return the configuration to the default settings.

Page 893: Lldp Dcbx Port-Role
The following example globally configures all ports to not transmit any DCBX TLVs. console(config)#no dcb enable lldp dcbx port-role Use the lldp dcbx port-role command in Interface Configuration mode to configure the port role to manual, auto-upstream, auto-downstream and configuration source. The default port role is manual. Syntax lldp dcbx port-role {auto-up |auto-down | manual | configuration-source} •...

Page 894: Show Lldp Tlv-Select
Default Configuration The default port role is manual. Command Mode Interface Config User Guidelines NOTE: This command is only available on N40xx series switches. In order to reduce configuration flapping, ports that obtain configuration information from a configuration source port will maintain that configuration for 2x the LLDP time out, even if the configuration source port becomes operationally disabled.

Page 895: Show Lldp Dcbx
User Guidelines NOTE: This command is only available on N40xx series switches. This command has no user guidelines. Examples console# show lldp tlv-select interface te1/0/1 Interface ETS Config ETS Recommend App Priority QCN ------------ ---------- ------------- ------------ --- te1/0/1Yes console# show lldp tlv-select interface all Interface ETS Config ETS Recommend...

Page 896 This command has no user guidelines. Example #1 DCBX Status: console# show lldp dcbx interface all status Config DCBX DCBX Frame Interface Status Role Version Errors Dscrd Dscrd ---------- ------- -------- -------- ------ ------ ------ ------ ----- te1/0/1 Enabled Auto-up CEE 1.06 Yes te1/0/2 Enabled...

Page 897 Auto-configuration Port Role: Auto-downstream Peer Is Configuration Source: False Local Configuration: Max/Oper Type Subtype Version En/Will/Adv PFC(3) 000 Y/Y/Y PG(2) Y/Y/Y APP(4) 000 Y/Y/Y Number of TCs Supported: 3 Priority Group Id: 0:00 1:01 2:02 3:03 4:04 5:05 6:06 7:07 PG Percentage (%): 0:12 1:10 2:12 3:00...

Page 898 Example #4 DCBX enabled – IEEE device (DCBX Version Forced): console# show lldp dcbx interface te1/0/1 Interface te1/0/1 DCBX Admin Status: Enabled Configured DCBX Version: CIN 1.0 Peer DCBX Version: CEE 1.6 Peer MAC: 00:23:24:A4:21:03 Peer Description: Cisco Nexus 5020 IOS Version 5.00 Auto-configuration Port Role: Auto-upstream Peer Is Configuration Source:...

Page 899: Classofservice Traffic-Class-Group
Enhanced Transmission Selection (ETS) Commands NOTE: Enhanced Transmission Selection commands are only supported on N4000 series switches. CLI commands and Dell OpenManage Switch Administrator pages are not available for other switch models. classofservice traffic-class-group This command maps the internal Traffic Class to an internal Traffic Class Group (TCG).

Page 900 Default Configuration By default, all the traffic classes are mapped to TCG 0. In the default configuration, all the Traffic Classes are grouped as one Traffic Class Group and TCG0 is configured as weighted round robin. Command Mode Global Config, Interface Configuration modes User Guidelines NOTE: This command is only available on N40xx series switches.

Page 901: Traffic-Class-Group Max-Bandwidth
traffic-class-group max-bandwidth Use this command in Global Config or Interface Configuration mode to specify the maximum transmission bandwidth limit for each TCG as a percentage of the interface rate. Also known as rate shaping, this has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bound.

Page 902: Traffic-Class-Group Min-Bandwidth
If a non-zero value is specified for any bw-x maximum bandwidth parameter, it must not be less than the current minimum bandwidth value for the corresponding queue. A bw-x maximum bandwidth parameter value of 0 may be specified at any time without restriction. The maximum bandwidth limits may be used with either a weighted or strict priority scheduling scheme.

Page 903: Traffic-Class-Group Strict
User Guidelines NOTE: This command is only available on N40xx series switches. This command specified in Interface Configuration mode only affects a single interface, whereas the Global Configuration mode setting is applied to all interfaces. The Interface Configuration mode command is only available on the N4000 series switches.

Page 904 Syntax traffic-class-group strict [ … ] no traffic-class-group strict tcg-id —The TCG identifier. Range is 0 to 2 • Default Configuration The default scheduling mode for all TCGs is weighted scheduling. Command Mode Global Configuration mode, Interface Configuration mode User Guidelines NOTE: This command is only available on N40xx series switches.

Page 905: Traffic-Class-Group Weight
Example The following example demonstrates how to set TCGs 1 and 2 to strict priority scheduling. console(config)# traffic-class-group strict 1 2 traffic-class-group weight Use the traffic-class-group weight command in Global Config or Interface Configuration mode to specify the scheduling weight for each TCG. The scheduler attempts to balance the traffic selected for transmission from the TCGs such that, when the switch is congested, traffic is selected from the round robin configured TCGs in proportion to their weights.

Page 906: Show Classofservice Traffic-Class-Group
The weight percentage is not considered for Traffic Class Groups that are configured for strict priority scheduling. Auto-configuration ports utilize the weights received from the auto-configuration source but do no alter the manual settings. Manually configured ports enabled for DCBX transmit the manually configured weights in the TC Bandwidth table in the ETS TLVs.

Page 907: Show Interfaces Traffic-Class-Group
Traffic class group 7 is reserved by the system and is not shown. Auto-configuration ports utilize the traffic class group mappings received from the auto-configuration source. Manually configured ports enabled for DCBX transmit the traffic class groups in the ETS TLVs. Example The following example demonstrates how to display the global traffic class to group mappings:...

Page 908: Group Configuration
The parameter is optional. If specified, the TCG mapping table of the interface is displayed. If omitted, the global configuration settings are displayed (these may have been subsequently overridden by per-port configuration). The following information is displayed: Field Description Interface Displays the slot/port of the interface.

Page 909 Priority Flow Control Commands Dell Networking N4000 Series Switches Priority Flow Control (PFC) provides a means of pausing frames based on individual priorities on a single physical link. By pausing the congested priority or priorities independently, protocols that are highly loss sensitive can share the same link with traffic that has different loss tolerances with less congestion spreading than standard flow control.

Page 910: Priority-Flow-Control Mode
The effective default behavior on an interface enabled for PFC without a no- drop priority is that no flow control (legacy or PFC) is enabled. If the user enables PFC but does not create any no-drop priorities, the interface will not be lossless.

Page 911: Priority-Flow-Control Priority
Default Configuration Priority-flow-control mode is off (disabled) by default. Command Mode Datacenter-Bridging Configuration mode User Guidelines NOTE: This command is only available on N40xx series switches. PFC must be enabled before FIP snooping can operate over the interface. Use the no form of the command to return the mode to the default (off). VLAN tagging (trunk or general mode) must be enabled on the interface in order to carry the dot1p value through the network.

Page 912: Clear Priority-Flow-Control Statistics
Syntax priority-list priority-flow-control priority {drop | no-drop} no priority-flow-control priority • drop—Disable lossless behavior on the selected priorities. • no-drop—Enable lossless behavior on the selected priorities. Default Configuration The default behavior for all priorities is drop. Command Mode Datacenter-Bridging Configuration mode User Guidelines NOTE: This command is only available on N40xx series switches.

Page 913: Show Interfaces Priority-Flow-Control
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example #1 console#clear priority-flow-control statistics tengigabitethernet 1/0/1 Example #2 console#clear priority-flow-control statistics show interfaces priority-flow-control Use the show interfaces priority-flow-control command in Privileged EXEC mode to display the global or interface priority flow control status and statistics.

Page 914 Operational Drop Priorities: 2-7 Configured No-Drop Priorities: 0-1 Operational No-Drop Priorities:0-1 Delay Allowance: 32456 bit times Peer Configuration Compatible: True Compatible Configuration Count: 3 Incompatible Configuration Count: 1 Priority Received PFC Frames Transmitted PFC Frames -------- ----------------- ---------------------- console#show interfaces priority-flow-control Port Drop No-Drop...

Page 915 Te1/0/23 0-2,4-7 Active Te1/0/24 Inactive Priority Flow Control Commands...

Page 916 Priority Flow Control Commands...

Page 917 Layer 3 Commands The chapters that follow describe commands that conform to the OSI model’s Network Layer (Layer 3). Layer 3 commands perform a series of exchanges over various data links to deliver data between any two nodes in a network.

Page 918 Layer 3 Commands...

Page 919: Arp Commands
ARP Commands Dell Networking N2000/N3000/N4000 Series Switches When a host has an IP packet to send on an Ethernet network, it must encapsulate the IP packet in an Ethernet frame. The Ethernet header requires a destination MAC address. If the destination IP address is on the same network as the sender, the sender uses the Address Resolution Protocol (ARP) to determine the MAC address associated with destination IP address.

Page 920: Arp Aging
ARP Aging Dynamic entries in the ARP cache are aged. When an entry for a neighbor router reaches its maximum age, the system sends an ARP request to the neighbor router to renew the entry. Entries for neighbor routers should remain in the ARP cache as long as the neighbor continues to respond to ARP requests.

Page 921: Arp Cachesize
Syntax ip-address hardware-address ip-address no arp ip-address — IP address of a device on a subnet attached to an existing • routing interface. hardware-address — A unicast MAC address for that device. • Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines...

Page 922: Arp Dynamicrenew
Default Configuration The switch defaults to using the maximum allowed cache size. Command Mode Global Configuration mode User Guidelines The ARP cache size is dependant on the switching hardware used. Values different from the default given above may exist in a given switch model. Example The following example defines an arp cachesize of 500.

Page 923: Arp Purge
request to the neighbor. If the neighbor responds, the age of the ARP cache entry is reset to 0 without removing the entry from the hardware. Traffic to the host continues to be forwarded in hardware without interruption. If the entry is not being used to forward data packets, then the entry is deleted from the ARP cache, unless the dynamic renew option is enabled.

Page 924: Arp Resptime
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example removes the specified IP address from arp cache. console#arp purge 192.168.1.10 arp resptime Use the arp resptime command in Global Configuration mode to configure the ARP request response time-out.

Page 925: Arp Retries
arp retries Use the arp retries command in Global Configuration mode to configure the ARP count of maximum requests for retries. To return to the default value, use the no form of this command. Syntax integer arp retries no arp retries integer —...

Page 926: Clear Arp-Cache
Default Configuration The default value is 1200 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines 900 seconds as the timeout. console(config)#arp timeout 900 clear arp-cache Use the clear arp-cache command in Privileged EXEC mode to remove all ARP entries of type dynamic from the ARP cache.

Page 927: Clear Arp-Cache Management
console#clear arp-cache gateway clear arp-cache management Use the clear arp-cache management command to clear all entries that show as management arp entries in the show arp command. Syntax clear arp-cache management Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.

Page 928: Ip Local-Proxy-Arp
ip local-proxy-arp Use the ip local proxy-arp command in Interface Configuration mode to enable proxying of ARP requests. This allows the switch to respond to ARP requests within a subnet where routing is not enabled. Syntax ip local-proxy-arp no ip local-proxy-arp Default Configuration Proxy arp is disabled by default.

Page 929: Show Arp
Command Mode Interface Configuration (VLAN) mode User Guidelines The ip proxy-arp command is not available in interface range mode. Example The following example enables proxy arp for VLAN 15. (config)#interface vlan 15 console(config-if-vlan15)#ip proxy-arp show arp Use the show arp command in Privileged EXEC mode to display all entries in the Address Resolution Protocol (ARP) cache.

Page 930 console#show arp Static ARP entries are only active when the IP address is reachable on a local subnet Age Time (seconds)......1200 Response Time (seconds)......1 Retries........4 Cache Size........6144 Dynamic Renew Mode......Disable Total Entry Count Current / Peak....0 / 0 Static Entry Count Configured / Active / Max ..

Page 931 DHCP Server and Relay Agent Commands Dell Networking N2000/N3000/N4000 Series Switches DHCP is based on the Bootstrap Protocol (BOOTP). It also captures the behavior of BOOTP relay agents and DHCP participants can inter operate with BOOTP participants. The host RFC’s standardize the configuration parameters which can be supplied by the DHCP server to the client.

Page 932: Ip Dhcp Pool
• Internet access cost is greatly reduced by using automatic assignment as Static IP addresses are considerably more expensive to purchase than are automatically allocated IP addresses. • Using DHCP a centralized management policy can be implemented as the DHCP server keeps information about all the subnets. This allows a system operator to update a single server when configuration changes take place.

Page 933 User Guidelines This capability requires the DHCP service to be enabled. Enable the DHCP service using the service dhcp command. Dell Networking supports dynamic, automatic, and manual address assignment. Dynamic address assignment leases an address to the client for a limited period of time. Automatic assignment assigns a permanent address to a client.

Page 934 • NetBIOS Node Type – netbios-node-type • Client default router – default-router • Client address lease time – lease Administrators may also configure manual bindings for clients using the host command in DHCP Pool Configuration mode. This is the most often used for DHCP clients for which the administrator wishes to reserve an ip address, for example a computer server or a printer.

Page 935: Clear Ip Dhcp Binding
bootfile Use the bootfile command in DHCP Pool Configuration mode to set the name of the image for the DHCP client to load. Use the no form of the command to remove the bootfile configuration. Use the show ip dhcp pool command to display pool configuration parameters.

Page 936: Clear Ip Dhcp Conflict
Default Configuration The command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console#clear ip dhcp binding 1.2.3.4 clear ip dhcp conflict Use the clear ip dhcp conflict command in Privileged EXEC mode to remove DHCP server address conflicts.

Page 937 client-identifier Use the client-identifier command in DHCP Pool Configuration mode to identify a Microsoft DHCP client to be manually assigned an address. Use the no form of the command to remove the client identifier configuration. Syntax unique-identifier client-identifier no client-identifier unique-identifier —The identifier of the Microsoft DHCP client.

Page 938 Syntax name client-name no client-name name —The name of the DHCP client. The client name is specified as up • to 31 printable characters. Default Configuration There is no default client name. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration...

Page 939: Dns-Server (Ip Dhcp Pool Config)
ip-address2 —The IPv4 address of the second default router for the DHCP • client. Default Configuration No default router is configured. Command Mode DHCP Pool Configuration mode User Guidelines This command has no user guidelines. Example console(config-dhcp-pool)#default-router 192.168.22.1 192.168.23.1 dns-server (IP DHCP Pool Config) Use the dns-server command in IP DHCP Pool Configuration mode to set the IP DNS server address which is provided to a DHCP client by the DHCP server.

Page 940: Domain-Name (Ip Dhcp Pool Config)
domain-name (IP DHCP Pool Config) Use the domain-name command in IP DHCP Pool Configuration mode to set the DNS domain name which is provided to a DHCP client by the DHCP server. The DNS name is an alphanumeric string up to 255 characters in length.

Page 941 Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. It may be necessary to use the no host command prior to executing the no hardware-address command. Example console(config-dhcp-pool)#hardware-address 00:23:12:43:23:54 console(config-dhcp-pool)#host 192.168.21.131 32 host Use the host command in DHCP Pool Configuration mode to specify a...

Page 942: Ip Dhcp Bootp Automatic
User Guidelines Use the client-identifier hardware-address command prior to using this command for an address pool. Use the show ip dhcp pool command to display pool configuration parameters. Example console(config-dhcp-pool)#client-identifier 00:23:12:43:23:54 console(config-dhcp-pool)#host 192.168.21.131 32 ip dhcp bootp automatic Use the ip dhcp bootp automatic command in Global Configuration mode to enable automatic BOOTP address assignment.

Page 943: Ip Dhcp Conflict Logging
ip dhcp conflict logging Use the ip dhcp conflict logging command in Global Configuration mode to enable DHCP address conflict detection. Use the no form of the command to disable DHCP conflict logging. Syntax ip dhcp conflict logging no ip dhcp conflict logging Default Configuration Conflict logging is enabled by default.

Page 944: Ip Dhcp Ping Packets
high-address —An IPv4 address indicating the ending range for exclusion • from automatic DHCP address assignment. The high-address must be numerically greater than the low-address. Default Configuration By default, no IP addresses are excluded from the lists configured by the IP DHCP pool configuration.

Page 945 Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console#ip dhcp ping packets 5 lease Use the lease command in DHCP Pool Configuration mode to set the period for which a dynamically assigned DHCP address is valid. Use the infinite parameter to indicate that addresses are to be automatically assigned.

Page 946 User Guidelines This command has no user guidelines. Example console(config-dhcp-pool)#lease 1 12 59 netbios-name-server Use the netbios-name-server command in DHCP Pool Configuration mode to configure the IPv4 address of the Windows Internet Naming Service (WINS) for a Microsoft DHCP client. Use the no form of the command to remove the NetBIOS name server configuration.

Page 947 netbios-node-type Use the netbios-node-type command in DHCP Pool Configuration mode to set the NetBIOS node type for a Microsoft DHCP client. Use the no form of the command to remove the netbios node configuration. Syntax type netbios-node-type no netbios-node-type type —The NetBIOS node type can be b-node, h-node, m-node or p-node. •...

Page 948 Syntax network-number mask prefix-length network network-number —A valid IPv4 address • • mask— A valid IPv4 network mask with contiguous left-aligned bits. prefix-length —An integer indicating the number of leftmost bits in the • network-number to use as a prefix for allocating cells. Default Configuration This command has no default configuration.

Page 949 User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. The IPv4 address is conveyed in the SIADDR field of the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages. Example console(config-dhcp-pool)#next-server 192.168.21.2 option Use the option command in DHCP Pool Configuration mode to supply arbitrary configuration information to a DHCP client.

Page 950 User Guidelines The option information must match the selected option type and length. Options cannot be longer than 255 characters in length. The option information is conveyed in the TLV specified by the code parameter in the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages.

Page 951 (continued) Figure 46-1. Option Codes and Lengths Option Code Fixed Length Minimum Length Multiple Of 23 (IP TTL) – – 24 (Path MTU Aging) – – 25 (Path MTU Plateau) – 26 (Interface MTU) – – 27 (Subnets are local) –...

Page 952 (continued) Figure 46-1. Option Codes and Lengths Option Code Fixed Length Minimum Length Multiple Of 45 (NetBIOS Datagram – Distribution) 47 (Netbois Scope) – – 48 (X-Windows Font – Server) 49 (X-Windows Display – Manager) 58 (Renewal Time T1) – –...

Page 953: Service Dhcp
console(config-dhcp-pool)#option 29 hex 01 console(config-dhcp-pool)#option 59 hex 00 00 10 01 console(config-dhcp-pool)#option 25 hex 01 ff service dhcp Use the service dhcp command in Global Configuration mode to enable local IPv4 DHCP server on the switch. Use the no form of the command to disable the DHCPv4 service.

Page 954: Show Ip Dhcp Binding
Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. The IPv4 address of the NTP server is conveyed in the Option 42 TLV of the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages.

Page 955: Show Ip Dhcp Conflict
show ip dhcp conflict Use the show ip dhcp conflict command in User EXEC mode to display DHCP address conflicts for all relevant interfaces or a specified interface. If an interface is specified, the optional statistics parameter is available to view statistics for the specified interface.

Page 956: Show Ip Dhcp Pool
User Guidelines This command has no user guidelines. Example console#show ip dhcp server statistics show ip dhcp pool Use the show ip dhcp pool command in User EXEC or Privileged EXEC mode to display the configured DHCP pool or pools. If no pool name is specified, information about all pools is displayed.

Page 957 Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show ip dhcp server statistics Automatic Bindings......100 Expired Bindings....... 32 Malformed Bindings......0 Messages Received ---------- ---------- DHCP DISCOVER........132 DHCP REQUEST........

Page 958 DHCP Server and Relay Agent Commands...

Page 959: Clear Ipv6 Dhcp
DHCPv6 Commands Dell Networking N2000/N3000/N4000 Series Switches This chapter explains the following commands: clear ipv6 dhcp service dhcpv6 dns-server (IPv6 DHCP Pool Config) show ipv6 dhcp domain-name (IPv6 DHCP Pool Config) show ipv6 dhcp binding ipv6 dhcp pool show ipv6 dhcp interface (User EXEC)

Page 960: Dns-Server (Ipv6 Dhcp Pool Config)
User Guidelines This command has no user guidelines. Examples The following examples clears DHCPv6 statistics for VLAN 11. console#clear ipv6 dhcp interface vlan 11 statistics\ dns-server (IPv6 DHCP Pool Config) Use the dns-server command in IPv6 DHCP Pool Configuration mode to set the IPv6 DNS server address which is provided to a DHCPv6 client by the DHCPv6 server.

Page 961: Ipv6 Dhcp Pool
domain no domain-name domain — DHCPv6 domain name. (Range: 1–255 characters) • Default Configuration This command has no default configuration. Command Mode IPv6 DHCP Pool Configuration mode User Guidelines DHCPv6 pool can have multiple number of domain names with maximum of Example The following example sets the DNS domain name "test", which is provided to a DHCPv6 client by the DHCPv6 server.

Page 962: Ipv6 Dhcp Relay
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enters IPv6 DHCP Pool Configuration mode. console(config)#service dhcpv6 console(config)#ipv6 dhcp pool addrpool console(config-dhcp6s-pool)# ipv6 dhcp relay Use the ipv6 dhcp relay command in Interface Configuration mode to configure an interface for DHCPv6 relay functionality.

Page 963: Ipv6 Dhcp Server
Command Mode Interface Configuration (VLAN, Tunnel) mode User Guidelines The IPv6 DHCP service must be enavbled to use this feature. Enable the relay-address IPv6 DHCP service using the service dhcpv6 command. If is an relay-interface relay-address IPv6 global address, then is not required.

Page 964 pref-value — Preference value • used by clients to determine preference — between multiple DHCPv6 servers. (Range: 0-4294967295) Default Configuration The default preference value is 20. Rapid commit is not enabled by default. Command Mode Interface Configuration (VLAN, Tunnel) mode User Guidelines This feature requires the IPv6 DHCP service.

Page 965 console(config-dhcp6s-pool)# address prefix-delegation 2001::/64 00:01:32:00:32:00 console(config-dhcp6s-pool)# exit console(config)#interface vlan 10 console(config-if-vlan10)#ipv6 dhcp server pool1 console(config-if-vlan10)# prefix-delegation Use the prefix-delegation command in IPv6 DHCP Pool Configuration mode to define multiple IPv6 prefixes within a pool for distributing to specific DHCPv6 Prefix delegation clients. Syntax ipv6-prefix/prefix-length client-DUID hostname...

Page 966: Service Dhcpv6
User Guidelines This command has no user guidelines. Example The following example defines a Multiple IPv6 prefix and client DUID within a pool for distributing to specific DHCPv6 Prefix delegation clients. console(config)#ipv6 dhcp pool addrpool console(config-dhcp6s-pool)#prefix-delegation 2020:1::1/64 00:01:00:09:f8:79:4e:00:04:76:73:43:76 The following example defines a unique local address prefix with the MAC address 00:1D:BA:06:37:64 converted to EUI-64 format and a preferred lifetime of 5 days.

Page 967: Show Ipv6 Dhcp
Example The following example enables DHCPv6 globally. console#configure console(config)#service dhcpv6 console(config)#no service dhcpv6 show ipv6 dhcp Use the show ipv6 dhcp command in Privileged EXEC mode to display the DHCPv6 server name and status. Syntax show ipv6 dhcp Default Configuration This command has no default configuration.

Page 968: Show Ipv6 Dhcp Interface (User Exec)
Syntax ipv6-address show ipv6 dhcp binding [ ipv6-address — Valid IPv6 address. • Default Configuration This command has no default configuration. Command Mode Privileged EXEC and User EXEC modes, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the configured DHCP pool based on the entered IPv6 address.

Page 969 Command Mode User EXEC, Privileged EXEC modes, Configuration mode and all Configuration submodes User Guidelines Statistics are shown depending on the interface mode (relay, server, or client). Examples The following examples display DHCPv6 information for VLAN 11 when configured in relay mode. console>...

Page 970: Show Ipv6 Dhcp Interface (Privileged Exec)
show ipv6 dhcp interface (Privileged EXEC) Use the show ipv6 dhcp interface command in Privileged EXEC mode to display configuration and status information about an IPv6 DHCP interface or all interfaces. Syntax interface-id show ipv6 dhcp interface [ ]{statistics} interface-id —Any valid IP interface. See •...

Page 971 Term Description T2 Time The T2 (in seconds) time as indicated by the DHCPv6 Server. T2 value indicates the time interval after which the Client sends Rebind message to the Server in case there are no replies to the Renew messages. Interface IAID An identifier for an identity association chosen by this Client.

Page 972: Dhcpv6 Commands
IPv6 Interface......... Vl10 Mode........... Relay Relay Address........3030::3 Relay Interface Number......Relay Relay Remote ID........ Option Flags........console#show ipv6 dhcp interface vlan 10 IPv6 Interface......... Vl10 Mode........... Server Pool Name........asd Server Preference......20 Option Flags........console#show ipv6 dhcp interface vlan 10 statistics DHCPv6 Server Interface Vl10 Statistics DHCPv6 Solicit Packets Received....

Page 973: Show Ipv6 Dhcp Pool
DHCPv6 Malformed Packets Received..... 0 Total DHCPv6 Packets Received......0 DHCPv6 Solicit Packets Transmitted....0 DHCPv6 Request Packets Transmitted....0 DHCPv6 Renew Packets Transmitted...... 0 DHCPv6 Rebind Packets Transmitted..... 0 DHCPv6 Release Packets Transmitted....0 Total DHCPv6 Packets Transmitted...... 0 show ipv6 dhcp pool Use the show ipv6 dhcp pool command in Privileged EXEC mode to display the configured DHCP pool.

Page 974 Syntax show ipv6 dhcp statistics Default Configuration This command has no default configuration. Command Mode User EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the DHCPv6 server name and status. console>...

Page 975: Clear Ipv6 Dhcp Snooping Binding
DHCPv6 Snooping Commands Dell Networking N2000/N3000/N4000 Series Switches This chapter explains the following commands: clear ipv6 dhcp snooping binding ipv6 dhcp snooping verify mac-address clear ipv6 dhcp snooping statistics ipv6 verify binding ipv6 dhcp snooping ipv6 verify source ipv6 dhcp snooping vlan...

Page 976: Clear Ipv6 Dhcp Snooping Statistics
Command Modes User EXEC, Privileged EXEC User Guidelines This command has no user guidelines. Example (console) #clear ipv6 dhcp snooping binding clear ipv6 dhcp snooping statistics Use the clear ipv6 dhcp snooping statistics command to clear all IPv6 DHCP Snooping statistics. Syntax clear ipv6 dhcp snooping statistics Default Configuration...

Page 977: Ipv6 Dhcp Snooping Vlan
Syntax ipv6 dhcp snooping no ipv6 dhcp snooping Default Configuration By default, DHCP snooping is not enabled. Command Modes Global Configuration mode User Guidelines The DHCP snooping application processes incoming DHCP messages. For RELEASE and DECLINE messages from a DHCPv6 client and RECONFIGURE messages from a DHCPv6 server received on an untrusted interface, the application compares the receive interface and VLAN with the client’s interface and VLAN in the bindings database.

Page 978: Ipv6 Dhcp Snooping Binding
Syntax vlan-range ipv6 dhcp snooping vlan vlan-range no ipv6 dhcp snooping vlan-range —A single VLAN, one or more VLANs separated by commas, or • two VLANs separated by a single dash indicating all VLANs between the first and second inclusive. Multiple VLAN identifiers can be entered vlan-range .

Page 979: Ipv6 Dhcp Snooping Database
• mac-address — A valid mac address in standard format. • vlan-id — A configured VLAN id. (Range 1-4093) • ip-address — A valid IPv6 address. • interface-id — A valid interface ID in short or long format. Physical interfaces and port channels are supported.

Page 980: Ipv6 Dhcp Snooping Database Write-Delay
User Guidelines The DHCP binding database is persistently stored on a configured external server or locally in flash, depending on the user configuration. A row-wise checksum is placed in the text file that is stored on the configured TFTP server. On switch startup, the switch reads the text file and uses the contents to build the DHCP snooping database.

Page 981: Ipv6 Dhcp Snooping Limit
ipv6 dhcp snooping limit Use the ipv6 dhcp snooping limit command configures an interface to be diagnostically disabled if the rate of received DHCP messages exceeds the configured limit. Use the no shutdown command to reenable the interface. Use the no form of the command to disable diagnostic disabling of the interface.

Page 982: Ipv6 Dhcp Snooping Log-Invalid
The administrator can configure the rate and burst interval. Rate limiting is configured independently on each physical interface and may be enabled on both trusted and untrusted interfaces. The rate limit is configurable in the range of 0-300 packets per second and the burst interval in the range of 1-15 seconds.

Page 983: Ipv6 Dhcp Snooping Trust
ipv6 dhcp snooping trust Use the ipv6 dhcp snooping trust command to configure an interface as trusted. Use the no form of the command to return the interface to the default configuration. Syntax ipv6 dhcp snooping trust no ipv6 dhcp snooping trust Default Configuration By default, interfaces are untrusted.

Page 984: Ipv6 Verify Binding
no ipv6 dhcp snooping verify mac-address Default Configuration By default, MAC address verification is not enabled. Command Modes Global Configuration mode User Guidelines DHCP MAC address verification operates on DHCP messages received over untrusted interfaces. The source MAC address of DHCP packet is different from the client hardware if: •...

Page 985: Ipv6 Verify Source
Syntax mac-address vlan-id ip-address interface id ipv6 verify binding vlan interface mac-address vlan-id ip-address interface no ipv6 verify binding vlan interface mac-address —A valid mac address in standard format. • vlan-id —A configured VLAN id. (Range 1-4093. • ip-address —A valid IPv6 address. •...

Page 986: Show Ipv6 Dhcp Snooping
Default Configuration By default, no sources are blocked. Command Modes Interface Configuration mode (physical and port-channel) User Guidelines DHCP snooping should be enabled on any interfaces for which ipv6 verify source is configured. If ipv6 verify source is configured on an interface for which DHCP snooping is disabled, or for which DHCP snooping is enabled and the interface is trusted, incoming traffic on the interface is dropped.

Page 987: Show Ipv6 Dhcp Snooping Binding
User Guidelines This command has not user guidelines. Example (console)#show ipv6 dhcp snooping DHCP snooping is Disabled DHCP snooping source MAC verification is enabled DHCP snooping is enabled on the following VLANs: 11 - 30, 40 Interface Trusted Log Invalid Pkts --------- -------- ----------------...

Page 988: Show Ipv6 Dhcp Snooping Database
User Guidelines There are no user guidelines for this command. Example (console)#show ipv6 dhcp snooping binding Total number of bindings: 2 MAC Address IPv6 Address VLAN Interface Lease time(Secs) ------------------ ------------ ---- --------- ------------- 00:02:B3:06:60:80 2000::1/64 86400 00:0F:FE:00:13:04 3000::1/64 86400 show ipv6 dhcp snooping database Use the show ipv6 dhcp snooping database command to display IPv6 DHCP snooping configuration related to database persistency.

Page 989: Show Ipv6 Dhcp Snooping Interfaces
show ipv6 dhcp snooping interfaces Use the show ipv6 dhcp snooping interfaces command to show the DHCP Snooping status of IPv6 interfaces. Syntax interface id show ipv6 dhcp snooping interfaces [ interface id —A valid physical interface. • Default Configuration There is no default configuration for this command.

Page 990: Show Ipv6 Source Binding
Default Configuration This command has no default configuration. Command Modes User EXEC, Privileged EXEC (all show modes) User Guidelines The following statistics are displayed. Parameter Description MAC Verify Failures The number of DHCP messages that got filtered on an untrusted interface because of the source MAC address and client hardware address mismatch.

Page 991: Show Ipv6 Verify
Syntax interface-id show ipv6 source binding [{dhcp-snooping | static}] [interface [vlan vlan-id] • dhcp-snooping — Displays the DHCP snooping bindings. • static —Displays the statically configured bindings. Default Configuration This command has no default configuration. Command Modes User EXEC, Privileged EXEC (all show modes) User Guidelines This command has no user guidelines.

Page 992: Show Ipv6 Verify Source
Command Modes User EXEC, Privileged EXEC (all show modes) User Guidelines The filter type is one of the following values: • ipv6-mac: User has configure MAC address filtering on this interface • ipv6: IPv6 address filtering is configured on this interface •...

Page 993 Default Configuration There is no default configuration for this command. Command Modes User EXEC, Privileged EXEC (all show modes) User Guidelines If MAC address filtering is not configured on the interface, the MAC Address field is empty. If port security is disabled on the interface, the MAC Address field displays permit-all.

Page 994 DHCPv6 Snooping Commands...

Page 995: Dvmrp Commands
DVMRP Commands Dell Networking N3000/N4000 Series Switches Distance Vector Multicast Routing Protocol (DVMRP) is a dense mode multicast protocol and is most appropriate for use in networks where bandwidth is relatively plentiful and there is at least one multicast group member in each subnet.

Page 996: Ip Dvmrp Metric
Default Configuration Disabled is the default configuration. Command Mode Global Configuration Interface Configuration (VLAN) mode User Guidelines PIM must be disabled before DVMRP can be enabled. Example The following example sets VLAN 15’s administrative mode of DVMRP to active. console(config)#interface vlan 15 console(config-if-vlan15)#ip dvmrp ip dvmrp metric Use the ip dvmrp metric command in Interface Configuration mode to...

Page 997: Show Ip Dvmrp
User Guidelines This command has no user guidelines. Example The following example configures a metric of 5 for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip dvmrp metric 5 show ip dvmrp Use the show ip dvmrp command in Privileged EXEC mode to display the system-wide information for DVMRP .

Page 998: Show Ip Dvmrp Interface
show ip dvmrp interface Use the show ip dvmrp interface command in Privileged EXEC mode to display the interface information for DVMRP on the specified interface. Syntax vlan-id show ip dvmrp interface vlan vlan-id — Valid VLAN ID. • Default Configuration This command has no default condition.

Page 999: Show Ip Dvmrp Nexthop
Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the neighbor information for DVMRP . console(config)#show ip dvmrp neighbor No neighbors available. show ip dvmrp nexthop Use the show ip dvmrp nexthop command in Privileged EXEC mode to display the next hop information on outgoing interfaces for routing multicast datagrams.

Page 1000: Show Ip Dvmrp Prune
show ip dvmrp prune Use the show ip dvmrp prune command in Privileged EXEC mode to display the table that lists the router’s upstream prune information. Syntax show ip dvmrp prune Default Configuration This command has no default condition. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.

This manual is also suitable for:
Networking 4064 Networking 3024 Networking 2048 Networking 3048 Networking 4032

Dell Networking 2024 Reference Manual

Table of Contents

Appendix A: List of Commands

1 Command Groups

5 Administrative Profiles

7 Address Table

24 Ipv6 Mld Snooping Querier

26 Iscsi Optimization

30 Port Channel

29 Multicast Vlan Registration

32 Port Monitor

2 Using the Cli

3 Layer 2 Switching Commands

4 Aaa Commands

6 Acl Commands

9 Cdp Interoperability Commands

10 Dhcp Layer 2 Relay Commands

12 Dhcp Snooping Commands

13 Dynamic Arp Inspection Commands

15 Ethernet Configuration Commands

16 Ethernet Cfm Commands

17 Green Ethernet Commands

18 Gvrp Commands

19 Igmp Snooping Commands

20 Igmp Snooping Querier Commands

22 Ipv6 Access List Commands

23 Ipv6 Mld Snooping Commands

25 Ip Source Guard Commands

27 Link Dependency Commands

28 Lldp Commands

33 Qos Commands

Quick Links

CLI Reference Guide

Chapters

Related Manuals for Dell Networking 2024

Summary of Contents for Dell Networking 2024