Dell Networking OS Configuration Guide Dell Networking OS 8.4.7.
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Information in this publication is subject to change without notice. © 2014 Dell Force10. All rights reserved.
1 About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Change System Logging Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63 Display the Logging Buffer and the Logging Configuration . . . . . . . . . . . . . . . . . . . . . . .64 Configure a UNIX Logging Facility Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66 Synchronize Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6 802.3ah . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Link Layer OAM Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93 Link Layer OAMPDUs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94 Link Layer OAM Operational Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95 Link Layer OAM Discovery . . . . . .
www.dell.com | support.dell.com MAC Authentication Bypass . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127 MAB in Single-host and Multi-Host Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128 MAB in Multi-Supplicant Authentication Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . .128 Dynamic CoS with 802.1X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring BFD for VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198 Configuring BFD for Port-Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201 Configuring Protocol Liveness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203 Troubleshoot BFD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203 10 Border Gateway Protocol IPv4 (BGPv4) . . . . . . . .
www.dell.com | support.dell.com Boot Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288 When to Use CAM Profiling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .290 Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .290 Select CAM Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Source Address Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322 13 Equal Cost Multi-Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325 ECMP for Flow-based Affinity (E-Series) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325 Configurable Hash Algorithm (E-Series) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325 Deterministic ECMP Next Hop . . . . . . . . . . . . .
www.dell.com | support.dell.com FTSA Policy Sample Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .358 Debug FTSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365 16 GARP VLAN Registration Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Viewing IGMP Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .405 Adjusting Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406 Adjusting Query and Response Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .406 Adjusting the IGMP Querier Timeout Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .406 Configuring a Static IGMP Group . . . . . . . . .
www.dell.com | support.dell.com Assign a debounce time to an interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .443 Show debounce times in an interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .443 Disable ports when one only SFM is available (E300 only) . . . . . . . . . . . . . . . . . .443 Disable port on one SFM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .444 Splitting QSFP Ports to SFP+ Ports . . . . . . . .
21 IPv6 Addressing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479 Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .479 Extended Address Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .480 Stateless Autoconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .480 IPv6 Headers . . . . . . . . . .
www.dell.com | support.dell.com Configure Metric Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .528 Maximum Values in the Routing Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .528 Changing the IS-IS Metric Style in One Level Only . . . . . . . . . . . . . . . . . . . . . . . .528 Leaking from One Level to Another . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .530 Sample Configuration . . . . . . .
Important Points about Configuring Redundant Pairs . . . . . . . . . . . . . . . . . . . . . . .570 Restricting Layer 2 Flooding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .572 Far-end Failure Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .573 FEFD state changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .573 Important Points to Remember . . . . . . . . . .
www.dell.com | support.dell.com Related MLD Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .608 Change MLD Timer Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .609 Reduce Host Response Burstiness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .609 Reduce Leave Latency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Reducing Source-active Message Flooding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .634 Specify the RP Address Used in SA Messages . . . . . . . . . . . . . . . . . . . . . . . . . . .634 MSDP Sample Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .638 28 Multiple Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 643 Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Tracking Layer 3 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .679 Tracking IPv4 and IPv6 Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .679 Setting Tracking Delays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .680 VRRP Object Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Redistribute routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .721 Troubleshooting OSPFv2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .722 Sample Configurations for OSPFv2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .725 Basic OSPFv2 Router Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .725 Configuration Task List for OSPFv3 (OSPF for IPv6) .
www.dell.com | support.dell.com PIM-SM Graceful Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .764 First Packet Forwarding for Lossless Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .765 Monitoring PIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 766 PIM-SM and IGMP Snooping: Usage Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Create a Redirect List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .810 Create a Rule for a Redirect-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811 Apply a Redirect-list to an Interface using a Redirect-group . . . . . . . . . . . . . . . . . .814 Show Redirect List Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .815 Sample Configuration . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com PVST+ in Multi-vendor Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .855 PVST+ Extended System ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .855 Displaying STP Guard Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .856 PVST+ Sample Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
43 Rapid Spanning Tree Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 909 Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .909 Configuring Rapid Spanning Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .909 Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .909 Important Points to Remember . . . . . .
www.dell.com | support.dell.com VTY Line Local Authentication and Authorization . . . . . . . . . . . . . . . . . . . . . . . . . .959 VTY Line Remote Authentication and Authorization . . . . . . . . . . . . . . . . . . . . . . . .960 VTY MAC-SA Filter Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .960 45 Service Provider Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 963 VLAN Stacking . . . . . . . . . . . . . . . .
Extended sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 992 Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .994 47 Simple Network Management Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 995 Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .995 Implementation Information . . . . .
www.dell.com | support.dell.com MAC Addressing on S-Series Stacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1033 Management Access on S-Series Stacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1037 Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1038 S-Series Stacking Installation Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1038 Create an S-Series Stack . . . . . .
Enabling PortFast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1068 Preventing Network Disruptions with BPDU Guard . . . . . . . . . . . . . . . . . . . . . . . . . . .1069 STP Root Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1071 STP Root Guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1072 Root Guard Scenario . . . . . .
www.dell.com | support.dell.com 55 VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1111 Virtual LAN Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1111 Port-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1112 VLAN Tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
VRRP Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1189 VRRP version 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1190 VRRP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1191 Create a Virtual Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Save a hardware log to a file on the flash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1236 Manual reload messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1237 CP software exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1238 Command history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Trace logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1274 Buffer full condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1274 Manual reload condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1275 CP software exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1275 View trace buffer content .
| www.dell.com | support.dell.
1 About this Guide Objectives This guide describes the protocols and features supported by the Dell Networking OS and provides configuration instructions and examples for implementing them. It supports the system platforms E-Series, C-Series, and S-Series. The E-Series ExaScale platform is supported with Dell Networking OS version 8.1.1.0. and later. Though this guide contains information on protocols, it is not intended to be a complete reference.
www.dell.com | support.dell.com Conventions This document uses the following conventions to describe command syntax: Convention Description keyword Keywords are in bold and should be entered in the CLI as listed. parameter Parameters are in italics and require a number or word to be entered in the CLI. {X} Keywords and parameters within braces must be entered in the CLI. [X] Keywords and parameters within brackets are optional.
2 Configuration Fundamentals The Dell Networking OS Command Line Interface (CLI) is a text-based interface through which you can configure interfaces and protocols. The CLI is largely the same for the E-Series, C-Series, and S-Series with the exception of some commands and command outputs. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels.
www.dell.com | support.dell.com CLI Modes Different sets of commands are available in each mode. A command found in one mode cannot be executed from another mode (with the exception of EXEC mode commands preceded by the command do; see The do Command). You can set user access rights to commands and command modes using privilege levels; for more information on privilege levels and security options, refer to Chapter 44, Security.
Figure 2-2.
Prompt Access Command EXEC FTOS> Access the router through the console or Telnet. EXEC Privilege FTOS# • • CONFIGURATION FTOS(conf)# • • From EXEC mode, enter the command enable. From any other mode, use the command end. From EXEC privilege mode, enter the command configure. From every mode except EXEC and EXEC Privilege, enter the command exit. Note: Access all of the following modes from CONFIGURATION mode.
Table 2-1.
www.dell.com | support.dell.com The do Command Enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION, INTERFACE, SPANNING TREE, etc.) without returning to EXEC mode by preceding the EXEC mode command with the command do. Figure 2-4 illustrates the do command. Note: The following commands cannot be modified by the do command: enable, disable, exit, and configure. Figure 2-4.
Obtain Help Obtain a list of keywords and a brief functional description of those keywords at any CLI mode using the ? or help command: • Enter ? at the prompt or after a keyword to list the keywords available in the current mode. • ? after a prompt lists all of the available keywords. The output of this command is the same for the help command. Figure 2-6.
www.dell.com | support.dell.com • • • Table 2-2. The UP and DOWN arrow keys display previously entered commands (see Command History). The BACKSPACE and DELETE keys erase the previous letter. Key combinations are available to move quickly across the command line, as described in Table 2-2. Short-Cut Keys and their Actions Key Combination Action CNTL-A Moves the cursor to the beginning of the command line. CNTL-B Moves the cursor back one character. CNTL-D Deletes character at cursor.
Filter show Command Outputs Filter the output of a show command to display specific information by adding | [except | find | grep | no-more | save] specified_text after the command. The variable specified_text is the text for which you are filtering and it IS case sensitive unless the ignore-case sub-option is implemented. Starting with Dell Networking OS 7.8.1.0, the grep command accepts an ignore-case sub-option that forces the search to case-insensitive.
www.dell.com | support.dell.com • find displays the output of the show command beginning from the first occurrence of specified text Figure 2-11 shows this command used in combination with the command show linecard all. Figure 2-11.
3 Getting Started This chapter contains the following major sections: • • • • • • Default Configuration Configure a Host Name Access the System Remotely Configure the Enable Password Configuration File Management File System Management When you power up the chassis, the system performs a Power-On Self Test (POST) during which Route Processor Module (RPM), Switch Fabric Module (SFM), and line card status LEDs blink green.
www.dell.com | support.dell.com • Characters within the string can be letters, digits, and hyphens. To configure a host name: Step 1 Task Command Syntax Command Mode Create a new host name. hostname name CONFIGURATION Figure 3-1 illustrates the hostname command. Figure 3-1. Configuring a Hostname Default Hostname FTOS(conf)#hostname R1 R1(conf)# New Hostname Access the System Remotely You can configure the system to access it remotely by Telnet.
Note: Assign different IP addresses to each RPM’s management port. To configure the management port IP address: Step 1 2 Task Command Syntax Command Mode Enter INTERFACE mode for the Management port. interface ManagementEthernet slot/port CONFIGURATION Assign an IPv4 or IPv6 address to the interface. ip address {ipv4-address | ipv6-address}/mask • • • • • 3 Enable the interface. slot range: 0 to 1 port range: 0 INTERFACE ipv4-address: an address in dotted-decimal format (A.B.C.D).
www.dell.com | support.dell.com To configure a username and password: Step 1 Task Command Syntax Command Mode Configure a username and password to access the system remotely. username username password [encryption-type] password encryption-type specifies how you are inputting the CONFIGURATION password, is 0 by default, and is not required. • • 0 is for inputting the password in clear text. 7 is for inputting a password that is already encrypted using a Type 7 hash.
Configure the Enable Password The EXEC Privilege mode is accessed by the enable command. Configure a password as a basic security measure. When using a console connection, EXEC Privilege mode is unrestricted by default; it cannot be reached by a VTY connection if no password is configured. There are two types of enable passwords: • enable password stores the password in the running/startup configuration using a DES encryption method.
www.dell.com | support.dell.com Copy Files to and from the System The command syntax for copying files is similar to UNIX. The copy command uses the format copy source-file-url destination-file-url. Note: See the Dell Networking OS Command Reference for a detailed description of the copy command. • • Table 3-1. To copy a local file to a remote system, combine the file-origin syntax for a local file location with the file-destination syntax for a remote file location shown in Table 3-1.
The usbflash and rpm0usbflash commands are supported on E-Series ExaScale platform only. Refer to the Dell Networking OS Release Notes for a list of approved USB vendors. • Figure 3-3 shows an example of using the copy command to save a file to an FTP server. Figure 3-3. Saving a file to a Remote System Local Location Remote Location FTOS#copy flash://FTOS-EF-8.2.1.0.bin ftp://myusername:mypassword@10.10.10.10//FTOS/FTOS-EF-8.2.1.
www.dell.com | support.dell.com Task Command Syntax Command Mode Save the running-configuration to: the startup-configuration on the internal flash of the primary RPM copy running-config startup-config the internal flash on an RPM copy running-config rpm{0|1}flash://filename Note: The internal flash memories on the RPMs are synchronized whenever there is a change, but only if the RPMs are running the same version of Dell Networking OS.
To view a list of files on the internal or external Flash: Step 1 Task Command Syntax Command Mode the internal flash of an RPM dir flash: EXEC Privilege the external flash of an RPM dir slot: View a list of files on: The output of the command dir also shows the read/write privileges, size (in bytes), and date of modification for each file, as shown in Figure 3-5. Figure 3-5.
www.dell.com | support.dell.com Figure 3-6. Track Changes with Configuration Comments FTOS#show running-config Current Configuration ... ! Version 8.2.1.0 ! Last configuration change at Thu Apr 3 23:06:28 2008 by admin ! Startup-config last updated at Thu Apr 3 23:06:55 2008 by admin ! boot system rpm0 primary flash://FTOS-EF-8.2.1.0.bin boot system rpm0 secondary flash://FTOS-EF-7.8.1.0.bin boot system rpm0 default flash://FTOS-EF-7.7.1.1.bin boot system rpm1 primary flash://FTOS-EF-7.8.1.0.
Figure 3-8. Alternative Storage Location FTOS#cd slot0: FTOS#copy running-config test FTOS#copy run test ! 7419 bytes successfully copied FTOS#dir Directory of slot0: 1 2 3 4 5 6 7 8 9 drwdrwx ----rw---------------- 32768 512 0 7419 0 0 0 0 0 Jan Jul Jan Jul Jan Jan Jan Jan Jan 01 23 01 23 01 01 01 01 01 No File System Specified 1980 2007 1970 2007 1970 1970 1970 1970 1970 00:00:00 00:38:44 00:00:00 20:44:40 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 . ..
| Getting Started www.dell.com | support.dell.
4 System Management System Management is supported on platforms: ces This chapter explains the different protocols or services used to manage the Dell Networking system including: • • • • • • • • Configure Privilege Levels Configure Logging File Transfer Services Terminal Lines Lock CONFIGURATION mode Recovering from a Forgotten Password Recovering from a Forgotten Password on S-Series Recovering from a Failed Start Configure Privilege Levels Privilege levels restrict access to commands based on user or
www.dell.com | support.dell.com A user can access all commands at his privilege level and below. Remove a command from EXEC mode Remove a command from the list of available commands in EXEC mode for a specific privilege level using the command privilege exec from CONFIGURATION mode. In the command, specify a level greater than the level given to a user or terminal line, followed by the first keyword of each command to be restricted.
Task Command Syntax Allow access to INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode. Specify all keywords in the command. privilege configure level level {interface | line | route-map | router} {command-keyword ||...|| command-keyword} Allow access to a CONFIGURATION, INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode command. privilege {configure |interface | line | route-map | router} level level {command ||...
www.dell.com | support.dell.com Figure 4-1. 60 Create a Custom Privilege Level FTOS(conf)#do show run priv ! privilege exec level 3 capture privilege exec level 3 configure privilege exec level 4 resequence privilege exec level 3 capture bgp-pdu privilege exec level 3 capture bgp-pdu max-buffer-size privilege configure level 3 line privilege configure level 3 interface FTOS(conf)#do telnet 10.11.80.201 [telnet output omitted] FTOS#show priv Current privilege level is 3.
Apply a Privilege Level to a Username To set a privilege level for a user: Task Command Syntax Command Mode Configure a privilege level for a user. username username privilege level CONFIGURATION Apply a Privilege Level to a Terminal Line To set a privilege level for a terminal line: Task Command Syntax Command Mode Configure a privilege level for a terminal line.
www.dell.com | support.dell.com Log Messages in the Logging Buffer All error messages, except those beginning with %BOOTUP (Message 1), are log in the internal buffer.
Send System Messages to a Syslog Server Send system messages to a syslog server by specifying a server: Task Command Syntax Command Mode Specify the server to which you want to send system messages. You can configure up to eight syslog servers, which may be IPv4 and/or IPv6 addressed. logging {ip-address | ipv6-address | hostname} CONFIGURATION Configure a Unix System as a Syslog Server Configure a UNIX system as a syslog server by adding the following lines to /etc/syslog.
www.dell.com | support.dell.com Task Command Syntax Command Mode Specify the size of the logging buffer. Note: When you decrease the buffer size, Dell Networking OS deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. logging buffered size CONFIGURATION Specify the number of messages that Dell Networking OS saves to its logging history table.
Figure 4-2. show logging Command Example FTOS#show logging syslog logging: enabled Console logging: level Debugging Monitor logging: level Debugging Buffer logging: level Debugging, 40 Messages Logged, Size (40960 bytes) Trap logging: level Informational %IRC-6-IRC_COMMUP: Link to peer RPM is up %RAM-6-RAM_TASK: RPM1 is transitioning to Primary RPM.
www.dell.com | support.dell.com Configure a UNIX Logging Facility Level Facility is a message tag used to describe the application or process that submitted the log message. You can save system log messages with a UNIX system logging facility: Command Syntax Command Mode Purpose logging facility [facility-type] CONFIGURATION Specify one of the following parameters.
Synchronize Log Messages You can configure a terminal line to hold all logs until all command inputs and outputs are complete so that log printing does not interfere when you are performing management tasks. Log synchronization also filters system messages for a specific line based on severity level and limits number of messages that are printed at once. Step 1 2 Task Command Syntax Command Mode Enter the LINE mode.
www.dell.com | support.dell.com File Transfer Services You can configure the system to transfer files over the network using File Transfer Protocol (FTP). Configuration Task List for File Transfer Services The following list includes the configuration tasks for file transfer services: • • • Enable FTP server Configure FTP server parameters Configure FTP client parameters Enable FTP server To make the system an FTP server: Task Command Syntax Command Mode Make the system an FTP server.
Note: You cannot use the change directory (cd) command until ftp-server topdir is configured. Display your FTP configuration using the command show running-config ftp from EXEC Privilege mode, as shown in Figure 4-4. Configure FTP client parameters When the system will be an FTP client, configure FTP client parameters: Task Command Syntax Command Mode Specify a source interface. ip ftp source-interface interface CONFIGURATION Configure a password.
www.dell.com | support.dell.com Figure 4-5. Applying an Access List to a VTY Line FTOS(config-std-nacl)#show config ! ip access-list standard myvtyacl seq 5 permit host 10.11.0.1 FTOS(config-std-nacl)#line vty 0 FTOS(config-line-vty)#show config line vty 0 access-class myvtyacl Dell Networking OS Behavior: Prior to Dell Networking OS version 7.4.2.0, in order to deny access on a VTY line, you must apply an ACL and AAA authentication to the line.
Step 3 Task Command Syntax Command Mode If you used the line authentication method in the method list you applied to the terminal line, configure a password for the terminal line. password LINE In Figure 4-6 VTY lines 0-2 use a single authentication method, line. Figure 4-6.
www.dell.com | support.dell.com Figure 4-7. Configuring EXEC Timeout FTOS(conf)#line con 0 FTOS(config-line-console)#exec-timeout 0 FTOS(config-line-console)#show config line console 0 exec-timeout 0 0 FTOS(config-line-console)# Telnet to Another Network Device To telnet to another device: Task Command Syntax Telnet to the peer RPM. You do not need to configure the management port on the peer RPM to be able to telnet to it. telnet-peer-rpm Telnet to a device with an IPv4 or IPv6 address.
A two types of locks can be set: auto and manual. • • Set an auto-lock using the command configuration mode exclusive auto from CONFIGURATION mode. When you set an auto-lock, every time a user is in CONFIGURATION mode all other users are denied access. This means that you can exit to EXEC Privilege mode, and re-enter CONFIGURATION mode without having to set the lock again. Set a manual lock using the command configure terminal lock from CONFIGURATION mode.
www.dell.com | support.dell.com You can then send any user a message using the send command from EXEC Privilege mode. Alternatively you can clear any line using the command clear from EXEC Privilege mode. If you clear a console session, the user is returned to EXEC mode. Recovering from a Forgotten Password If you configure authentication for the console and you exit out of EXEC mode or your console session times out, you are prompted for a password to re-enter.
Step Task Figure 4-12. Command Syntax Command Mode Rename the startup-config RPM0-CP BOOT_ADMIN # dir flash: Directory of flash: 1 -rwx 11407411 Jun 09 2004 09:38:40 FTOS-EE3-5.3.1.1.bin 2 -rwx 4977 Jun 09 2004 09:38:38 startup-config.bak 7 Reload the system. reload BOOT_ADMIN 8 Copy startup-config.bak to the running config. copy flash://startup-config.bak running-config EXEC Privilege 9 Remove all authentication statements you might have for the console.
www.dell.com | support.dell.com Step 9 Task Command Syntax Command Mode Save the running-config to the startup-config. The startup-config files on both RPMs will be synchronized. copy running-config startup-config EXEC Privilege Recovering from a Forgotten Password on S-Series If you configure authentication for the console and you exit out of EXEC mode or your console session times out, you are prompted for a password to re-enter.
Recovering from a Failed Start A system that does not start correctly might be attempting to boot from a corrupted Dell Networking OS image or from a incorrect location. To resolve the problem, you can restart the system and interrupt the boot process to point the system to another boot location by using the boot change command, as described below.
www.dell.com | support.dell.com Very similar to the options of the boot change command, the boot system command is available in CONFIGURATION mode on the C-Series and E-Series to set the boot parameters that, when saved to the startup configuration file, are stored in NVRAM and are then used routinely: Task Command Syntax Command Mode Configure the system to routinely boot from the designated location. After entering rpm0 or rpm1, enter one of the three keywords and then the file-url.
5 802.1ag 802.1ag is available only on platform: s Ethernet Operations, Administration, and Maintenance (OAM) is a set of tools used to install, monitor, troubleshoot and manage Ethernet infrastructure deployments. Ethernet OAM consists of three main areas: 1. Service Layer OAM: IEEE 802.1ag Connectivity Fault Management (CFM) 2. Link Layer OAM: IEEE 802.3ah OAM 3.
www.dell.com | support.dell.com There is a need for Layer 2 equivalents to manage and troubleshoot native Layer 2 Ethernet networks. With these tools, you can identify, isolate, and repair faults quickly and easily, which reduces operational cost of running the network. OAM also increases availability and reduces mean time to recovery, which allows for tighter service level agreements, resulting in increased revenue for the service provider.
These roles define the relationships between all devices so that each device can monitor the layers under its responsibility. Maintenance points drop all lower-level frames and forward all higher-level frames. Figure 5-2.
www.dell.com | support.dell.com Implementation Information • Since the S-Series has a single MAC address for all physical/LAG interfaces, only one MEP is allowed per MA (per VLAN or per MD level). Configure CFM Configuring CFM is a five-step process: 1. Configure the ecfmacl CAM region using the cam-acl command. See Configuring Ingress Layer 2 ACL Sub-partitions. 2. Enable Ethernet CFM. 3. Create a Maintenance Domain. 4. Create a Maintenance Association. 5. Create Maintenance Points. 6.
Enable Ethernet CFM Task Command Syntax Command Mode Spawn the CFM process. No CFM configuration is allowed until the CFM process is spawned. ethernet cfm CONFIGURATION Disable Ethernet CFM without stopping the CFM process. disable ETHERNET CFM Create a Maintenance Domain Connectivity Fault Management (CFM) divides a network into hierarchical maintenance domains, as shown in Figure 5-1. Step 1 Task Command Syntax Command Mode Create maintenance domain.
www.dell.com | support.dell.com Create a Maintenance Association A Maintenance Association MA is a subdivision of an MD that contains all managed entities corresponding to a single end-to-end service, typically a VLAN. An MA is associated with a VLAN ID. Task Command Syntax Command Mode Create maintenance association. service name vlan vlan-id ECFM DOMAIN Create Maintenance Points Domains are comprised of logical entities called Maintenance Points.
Task Command Syntax Command Mode FTOS#show ethernet cfm maintenance-points local mep ------------------------------------------------------------------------------MPID Domain Name Level Type Port CCM-Status MA Name VLAN Dir ------------------------------------------------------------------------------- MAC 100 cfm0 7 MEP Gi 4/10 Enabled test0 10 DOWN 00:01:e8:59:23:45 200 cfm1 6 MEP Gi 4/10 Enabled test1 20 DOWN 00:01:e8:59:23:45 300 cfm2 5 MEP Gi 4/10 Enabled test2 30 DOWN
www.dell.com | support.dell.com Task Command Syntax Command Mode FTOS#show ethernet cfm maintenance-points remote detail MAC Address: 00:01:e8:58:68:78 Domain Name: cfm0 MA Name: test0 Level: 7 VLAN: 10 MP ID: 900 Sender Chassis ID: FTOS MEP Interface status: Up MEP Port status: Forwarding Receive RDI: FALSE MP Status: Active Display the MIP Database.
Continuity Check Messages Continuity Check Messages (CCM) are periodic hellos used to: • • • • discover MEPs and MIPs within a maintenance domain detect loss of connectivity between MEPs detect misconfiguration, such as VLAN ID mismatch between MEPs to detect unauthorized MEPs in a maintenance domain Continuity Check Messages (CCM) are multicast Ethernet frames sent at regular intervals from each MEP.
www.dell.com | support.dell.com Enable CCM Step 1 Task Command Syntax Command Mode Enable CCM. no ccm disable ECFM DOMAIN Default: Disabled 2 Configure the transmit interval (mandatory). The interval specified applies to all MEPs in the domain. ccm transmit-interval seconds ECFM DOMAIN Default: 10 seconds Enable Cross-checking Task Command Syntax Command Mode Enable cross-checking. mep cross-check enable ETHERNET CFM Default: Disabled Start the cross-check operation for an MEP.
Figure 5-4. Linktrace Message and Response MPLS Core MEP Lin MIP ktra c e m M essa MIP MIP ge L i n k t ra ce R e s p o n s e Link trace messages carry a unicast target address (the MAC address of an MIP or MEP) inside a multicast frame. The destination group address is based on the MD level of the transmitting MEP (01:80:C2:00:00:3[8 to F]).
www.dell.com | support.dell.com Task Command Syntax Command Mode FTOS#show ethernet cfm traceroute-cache Traceroute to 00:01:e8:52:4a:f8 on Domain Customer2, Level 7, MA name Test2 with VLAN 2 -----------------------------------------------------------------------------Hops Host IngressMAC Ingr Action Relay Action Next Host -----------------------------------------------------------------------------4 00:00:00:01:e8:53:4a:f8 00:01:e8:52:4a:f8 IngOK Delete all Link Trace Cache entries.
Three values are given within the trap messages: MD Index, MA Index, and MPID. You can reference these values against the output of show ethernet cfm domain and show ethernet cfm maintenance-points local mep.
www.dell.com | support.dell.com Task Command Syntax Command Mode Display CFM statistics by port.
6 802.3ah 802.3ah is available only on platform: s A metropolitan area network (MAN) is a set of LANs, geographically separated but managed by a single entity. If the distance is large—across a city, for example—connectivity between LANs is managed by a service provider. While LANs use Ethernet, service providers networks use an array of protocols (PPP and ATM), and a variety access technologies.
www.dell.com | support.dell.com • Remote Loopback—directs the remote system to reflects back frames that the local system transmits so that an administrator can isolate a fault. Remote Failure Indication—notifies a peer of a critical link event. • Link Layer OAMPDUs Link Layer OAM is conducted using OAMPDUs, shown in Figure 6-1. OAM is a slow protocol and by requirement may transmit no more than 10 frames per second, transmits to a multicast destination MAC, and uses an Ethernet subtype. Figure 6-1.
Link Layer OAM Operational Modes When participating in EFM OAM, system may operate in active or passive mode. • • Active mode—Active mode systems initiate discovery. Once the Discovery process completes, they can send any OAMPDU while connected to a peer in Active mode, and a subset of OAMPDUs if the peer is in Passive mode (see Table 6-1). Passive mode—Passive mode systems wait for an active mode system to initiate discovery, and do not send Variable Request or Loopback Control OAMPDUs.
www.dell.com | support.dell.com Link Layer OAM Events Link Layer OAM defines a set of events that may impact link operation, and monitors the link for those events. If an event occurs, the detecting system notifies its peer. There are two types of events: • • Critical Link Events—There are three critical events; each has an associated flag which can be set in the OAMPDU when the event occurs. Critical link events are communicated to the peer using Remote Failure Indication.
Configuring Link Layer OAM Configuring Link Layer OAM is a two-step process: 1. Enable Link Layer OAM. 2. Enable any or all of the following: a Link Performance Event Monitoring b Remote Failure Indication c Remote Loopback Related Configuration Tasks • • • Adjust the OAMPDU Transmission Parameters Display Link Layer OAM Configuration and Statistics Manage Link Layer OAM Enable Link Layer OAM Link Layer OAM is disabled by default.
www.dell.com | support.dell.com Task Command Syntax Command Mode FTOS# show ethernet oam discovery interface Output format: Local client __________ Administrative configurations: Mode:active Unidirection:not supported Link monitor:supported (on) Remote loopback:not supported MIB retrieval:not supported Mtu size:1500 Operational status: Port status:operational Loopback status:no loopback PDU permission:any PDU revision:1 Remote client ___________ MAC address:0030.88fe.
Adjust the OAMPDU Transmission Parameters Task Command Syntax Command Mode Specify a the maximum or minimum number of OAMPDUs to be sent per second. ethernet oam [max-rate value | min-rate value] INTERFACE Set the transmission mode to active or passive. ethernet oam mode {active | passive} Specify the amount of time that the system waits to receive an OAMPDU from a peer before considering it non-operational.
www.dell.com | support.dell.com Set Threshold Values The available pre-defined errors fall under two categories: • • Symbol Errors—a symbol is an (electrical or optical) pulse on the physical medium that represents one or more bits. A symbol error occurs when a symbol degrades in transit so that the receiver is not able to decode it. Gigabit and 10-Gigabit Ethernet have and expect symbol rate, also called Baud. Frame Errors—frame errors are frames with a bad CRC.
Frame Errors per Second Task Specify the high threshold value for frame errors, or disable the high threshold. Command Syntax Command Mode ethernet oam link-monitor frame threshold high INTERFACE {frames | none} Range: 1-65535 Default: None Specify the low threshold for frame errors. ethernet oam link-monitor frame threshold low frames Specify the time period for frame errors per second condition.
www.dell.com | support.dell.com Task Command Syntax Command Mode Specify the time period for error second per time period condition. ethernet oam link-monitor frame-seconds window milliseconds INTERFACE Range: 100-900, in multiples of 100 Default: 1000 milliseconds Execute an Action upon Exceeding the High Threshold When an error exceeds the low threshold, an event notification is sent to the peer.
Remote Loopback An active-mode device can place a passive peer into loopback mode by sending a Loopback Control OAMPDU. When in loopback mode: • • the remote peer returns unaltered all non-OAMPDU frames sent by the local peer, and all outbound data frames are discarded. Note: Control traffic egresses from loopback initiator and from interface in loopback mode. You must explicitly disable L2/L3 protocols to stop control traffic.
www.dell.com | support.dell.com Display Link Layer OAM Configuration and Statistics Task Command Syntax Command Mode Display Link Layer OAM status per interface.
Task Command Syntax Command Mode FTOS# show ethernet oam statistics interface Counters: _________ Information OAMPDU Tx: 3439489 Information OAMPDU Rx: 9489 Unique Event Notification OAMPDU Tx: 0 Unique Event Notification OAMPDU x: 0 Duplicate Event Notification OAMPDU Tx: 0 Duplicate Event Notification OAMPDU Rx: 0 Loopback Control OAMPDU Tx: 0 Loopback Control OAMPDU Rx: 2 Variable Request OAMPDU Tx: 0 Variable Request OAMPDU Rx: 0 Variable Response OAMPDU Tx: 0 Variab
www.dell.com | support.dell.com Manage Link Layer OAM Enable MIB Retrieval Support/Function IEEE 802.3ah defines the Link OAM MIB in Sec 30A.20, “OAM entity managed object class”; all of the objects described there are supported. Note that 802.3ah does not include the ability to set/write remote MIB variables. You must enable MIB retrieval support and the MIB retrieval function. Task Command Syntax Command Mode Enable MIB retrieval support and/or the MIB retrieval function.
7 802.1X 802.1X is supported on platforms: ces This chapter has the following sections: • • • • • • • • • • • • • • Protocol Overview Configuring 802.1X Important Points to Remember Enabling 802.
www.dell.com | support.dell.com 802.1X employs Extensible Authentication Protocol (EAP)* to transfer a device’s credentials to an authentication server (typically RADIUS) via a mandatory intermediary network access device, in this case, a Dell Networking switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure.
• The authentication-server selects the authentication method, verifies the information provided by the supplicant, and grants it network access privileges. Ports can be in one of two states: • • Ports are in an unauthorized state by default. In this state, non-802.1X traffic cannot be forwarded in or out of the port. The authenticator changes the port state to authorized if the server can authenticate the supplicant. In this state, network traffic can be forwarded normally.
www.dell.com | support.dell.com Figure 7-2. 802.1X Authentication Process Supplicant Authenticator EAP over LAN (EAPOL) Authentication Server EAP over RADIUS Request Identity Response Identity Access Request Access Challenge EAP Request EAP Reponse Access Request Access {Accept | Reject} EAP {Sucess | Failure} EAP over RADIUS 802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579.
RADIUS Attributes for 802.1 Support Dell Networking systems includes the following RADIUS attributes in all 802.1X-triggered Access-Request messages: Table 7-1. 802.1X Supported RADIUS Attributes Attribute Name Description 1 User-Name the name of the supplicant to be authenticated. 4 NAS-IP-Address 5 NAS-Port 24 State 30 Called-Station-Id 31 Calling-Station-Id relays the supplicant MAC address to the authentication server. 61 NAS-Port-Type NAS-port physical port type.
www.dell.com | support.dell.com Important Points to Remember • • • • • Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. All platforms support only RADIUS as the authentication server. On E-Series ExaScale, if the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured. 802.1X is not supported on port-channels or port-channel members.
To enable 802.1X: Step Task Command Syntax Command Mode 1 Enable 802.1X globally. dot1x authentication CONFIGURATION 2 Enter INTERFACE mode on an interface or a range of interfaces. interface [range] INTERFACE 3 Enable 802.1X on an interface or a range of interfaces. dot1x authentication INTERFACE Verify that 802.1X is enabled globally and at interface level using the command show running-config | find dot1x from EXEC Privilege mode, as shown in Figure 7-5. Figure 7-5. Verify 802.
www.dell.com | support.dell.com Configuring Request Identity Re-transmissions If the authenticator sends a Request Identity frame, but the supplicant does not respond, the authenticator waits 30 seconds and then re-transmits the frame. The amount of time that the authenticator waits before re-transmitting and the maximum number of times that the authenticator re-transmits are configurable.
Figure 7-7 shows configuration information for a port for which the authenticator re-transmits an EAP Request Identity frame: • • After 90 seconds and a maximum of 10 times for an unresponsive supplicant Re-transmits an EAP Request Identity frame Figure 7-7. Configure a Request Identity Re-transmissions FTOS(conf-if-range-gi-2/1)#dot1x tx-period 90 FTOS(conf-if-range-gi-2/1)#dot1x max-eap-req 10 FTOS(conf-if-range-gi-2/1)#dot1x quiet-period 120 FTOS#show dot1x interface gigabitethernet 2/1 802.
www.dell.com | support.dell.com To place a port in one of these three states: Step 1 Task Command Syntax Command Mode Place a port in the ForceAuthorized, ForceUnauthorized, or Auto state. dot1x port-control {force-authorized | force-unauthorized | auto} INTERFACE Default: auto Figure 7-8 shows configuration information for a port that has been force-authorized. Figure 7-8.
To configure a maximum number of re-authentications: Step 1 Task Command Syntax Command Mode Configure the maximum number of times that the supplicant can be reauthenticated. dot1x reauth-max number INTERFACE Figure 7-9. Range: 1-10 Default: 2 Configure a Reauthentiction Period FTOS(conf-if-gi-2/1)#dot1x reauthentication interval 7200 FTOS(conf-if-gi-2/1)#dot1x reauth-max 10 FTOS(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1 802.
www.dell.com | support.dell.com To terminate the authentication process due to an unresponsive authentication server: Step 1 Task Command Syntax Command Mode Terminate the authentication process due to an unresponsive authentication server. dot1x server-timeout seconds INTERFACE Range: 1-300.
Dynamic VLAN Assignment with Port Authentication Dynamic VLAN Assignment with Port Authentication is supported on platforms: c s et Dell Networking OS supports dynamic VLAN assignment when using 802.1X. During 802.1x authentication, the existing VLAN configuration of a port assigned to a non-default VLAN is overwritten and the port is assigned to a specified VLAN. • • If 802.1x authentication is disabled on the port, the port is re-assigned to the previously-configured VLAN. If 802.
www.dell.com | support.dell.com Figure 7-11 shows the configuration on a Dell Networking switch that uses dynamic VLAN assignment with 802.1X before you connect the end-user device (black and blue text), and after you connect the device (red text). The blue text corresponds to the numbered steps on page 119. Note that the GigabitEthernet 1/11 port, on which dynamic VLAN assignment with 802.1X is configured, is initially an untagged member of VLAN 300. After a successful 802.
Guest and Authentication-Fail VLANs Typically, the authenticator (Dell Networking system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is configured, or the VLAN that the authentication server indicates in the authentication data. Note: Ports cannot be dynamically assigned to the default VLAN.
www.dell.com | support.dell.com Configure an Authentication-Fail VLAN If the supplicant fails authentication, the authenticator re-attempts to authenticate after a specified amount of time (30 seconds by default, see Configuring a Quiet Period after a Failed Authentication). You can configure the maximum number of times the authenticator re-attempts authentication after a failure (3 by default), after which the port is placed in the Authentication-fail VLAN.
Multi-Host Authentication Multi-Host Authentication is available on platforms: c et s 802.1x assumes that a single end-user is connected to a single authenticator port, as shown in Figure 7-15; this one-to-one mode of authentication is called Single-host mode. If multiple end-users are connected to the same port, a many-to-one configuration, only the first end-user to respond to the identity request is authenticated.
www.dell.com | support.dell.com When the host mode is changed on a port that is already authenticated: • • Single-host to Multi-host: all devices attached to the port that were previously blocked may access the network; the supplicant does not re-authenticate. Multi-host to Single-host: the port restarts the authentication process, and the first end-user to respond is authenticated and allowed access. Task Command Syntax Command Mode Configure Multi-host Authentication mode on a port.
Task Command Syntax Command Mode Configure Single-host Authentication mode on a port. dot1x host-mode single-host INTERFACE FTOS(conf-if-gi-2/1)#dot1x port-control force-authorized FTOS(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1 802.
www.dell.com | support.dell.com During the authentication process, the Dell Networking system is able to learn the MAC address of the device though the EAPoL frames, and the VLAN assignment from the RADIUS server. With this information it creates an authorized-MAC to VLAN mapping table per port. Then, the system can tag all incoming untagged frames with the appropriate VLAN-ID based on the table entries. Task Command Syntax Command Mode Enable Multi-Supplicant Authentication mode on a port.
MAC Authentication Bypass MAC Authentication Bypass is supported on platforms: cs MAC Authentication Bypass (MAB) enables you to provide MAC-based security by allowing only known MAC addresses within the network using a RADIUS server. 802.1X-enabled clients can authenticate themselves using the 802.1X protocol. Other devices that do not use 802.1X—like IP phones, printers, and IP fax machines—still need connectivity to the network. The guest VLAN provides one way to access the network.
www.dell.com | support.dell.com MAB in Single-host and Multi-Host Mode In single-host and multi-host mode, the switch attempts to authenticate a supplicant using 802.1X. If 802.1X times out because the supplicant does not respond to the Request Identity frame and MAB is enabled, the switch attempts to authenticate the first MAC it learns on the port. Subsequently, for single-host mode, traffic from all other MACs is dropped; for multi-host mode, all traffic from all other MACs is accepted.
Step Task Command Syntax Command Mode 3 (Optional) Use MAB authentication only— do not use 802.1X authentication first. If MAB fails the port or the MAC address is blocked, the port is placed in the guest VLAN (if configured). 802.1x authentication is not even attempted. Re-authentication is performed using 802.1X timers. dot1x auth-type mab-only INTERFACE 4 Display the 802.1X and MAB configuration. show dot1x interface EXEC Privilege FTOS#show dot1x int Gi 2/32 802.
www.dell.com | support.dell.com Dynamic CoS with 802.1X Dynamic CoS with 802.1X is supported on platforms: cs Class of Service (CoS) is a method of traffic management that groups similar types of traffic so that they are serviced differently. One way of classifying traffic is 802.1p, which uses the 3-bit Priority field in the VLAN tag to mark frames (other classification methods include ToS, ACL, and DSCP).
Dell Networking OS Behavior: The following conditions are applied to the use of dynamic CoS with 802.1X authentication on C-Series and S-Series platforms: • In accordance with port-based QoS, incoming dot1p values can be mapped to only four priority values: 0, 2, 4, and 6. If the RADIUS server returns any other dot1p value (1, 3, 5, or 7), the value is not used and frames are forwarded on egress queue 0 without changing the incoming dot1p value.
| 802.1X www.dell.com | support.dell.
8 IP Access Control Lists (ACL), Prefix Lists, and Route-maps IP Access Control Lists, Prefix Lists, and Route-maps are supported on platforms: ces ces Egress IP ACLs are supported on platform: e Ingress IP ACLs are supported on platforms: Overview At their simplest, Access Control Lists (ACLs), Prefix lists, and Route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter discusses implementing IP ACLs, IP Prefix lists and Route-maps.
www.dell.com | support.dell.com • • • • • • • Assign an IP ACL to an Interface Configure Ingress ACLs Configure Egress ACLs Configure ACLs to Loopback • Applying an ACL on Loopback Interfaces IP Prefix Lists ACL Resequencing Route Maps IP Access Control Lists (ACLs) In the Dell Networking switch/routers, you can create two different types of IP ACLs: standard or extended. A standard ACL filters packets based on the source IP packet.
User Configurable CAM Allocation are supported on platform CAM optimization is supported on platforms c cs CAM Profiling CAM optimization is supported on platforms et CAM profiling for ACLs is supported on E-Series TeraScale only. For complete information regarding E-Series TeraScale CAM profiles and configuration, refer to Chapter 11, Content Addressable Memory. The default CAM profile has 1K Layer 2 ingress ACL entries.
www.dell.com | support.dell.com User Configurable CAM Allocation User Configurable CAM Allocations are supported on platform c Allocate space for IPV6 ACLs on the C-Series by using the cam-acl command in CONFIGURATION mode. The CAM space is allotted in FP blocks. The total space allocated must equal 13 FP blocks. Note that there are 16 FP blocks, but the System Flow requires 3 blocks that cannot be reallocated.
Figure 8-1.
www.dell.com | support.dell.com Standard and Extended ACLs take up the same amount of CAM space. A single ACL rule uses 2 CAM entries whether it is identified as a Standard or Extended ACL. Determine the order in which ACLs are used to classify traffic When you link class-maps to queues using the command service-queue, Dell Networking OS matches the class-maps according to queue priority (queue numbers closer to 0 have lower priorities).
• • • • • • Second and subsequent fragments are allowed because a Layer 4 rule cannot be applied to these fragments. If the packet is to be denied eventually, the first fragment would be denied and hence the packet as a whole cannot be reassembled. Implementing the required rules will use a significant number of CAM entries per TCP/UDP entry. For IP ACL, Dell Networking OS always applies implicit deny. You do not have to configure it.
www.dell.com | support.dell.com In the following, TCP packets that are first fragments or non-fragmented from host 10.1.1.1 with TCP destination port equal to 24 are permitted. Additionally, all TCP non-first fragments from host 10.1.1.1 are permitted. All other IP packets that are non-first fragments are denied. FTOS(conf)#ip access-list extended ABC FTOS(conf-ext-nacl)#permit tcp host 10.1.1.1 any eq 24 FTOS(conf-ext-nacl)#permit tcp host 10.1.1.
A standard IP ACL uses the source IP address as its match criterion. Note: On E-Series ExaScale systems, TCP ACL flags are not supported in standard or extended ACLs with IPv6 microcode. An error message is shown if IPv6 microcode is configured and an ACL is entered with a TCP filter included.
www.dell.com | support.dell.com Figure 8-4. Command example: seq FTOS(config-std-nacl)#seq 25 deny ip host 10.5.0.0 any log FTOS(config-std-nacl)#seq 15 permit tcp 10.3.0.0 /16 any FTOS(config-std-nacl)#show config ! ip access-list standard dilling seq 15 permit tcp 10.3.0.0/16 any seq 25 deny ip host 10.5.0.0 any log FTOS(config-std-nacl)# To delete a filter, use the no seq sequence-number command in the IP ACCESS LIST mode.
Figure 8-6. Command Example: show ip accounting access-list FTOS#show ip accounting access example interface gig 4/12 Extended IP access list example seq 10 deny tcp any any eq 111 seq 15 deny udp any any eq 111 seq 20 deny udp any any eq 2049 seq 25 deny udp any any eq 31337 seq 30 deny tcp any any range 12345 12346 seq 35 permit udp host 10.21.126.225 10.4.5.0 /28 seq 40 permit udp host 10.21.126.226 10.4.5.0 /28 seq 45 permit udp 10.8.0.0 /16 10.50.188.118 /31 range 1812 1813 seq 50 permit tcp 10.8.0.
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 2 seq sequence-number {deny | permit} {ip-protocol-number | icmp | ip | tcp | udp} {source mask | any | host ip-address} {destination mask | any | host ip-address} [operator port [port]] [count [byte] | log] [order] [monitor] [fragments] CONFIG-EXT-NACL Configure a drop or forward filter. • log and monitor options are supported on E-Series only.
When you create the filters with a specific sequence number, you can create the filters in any order and the filters are placed in the correct order. Note: When assigning sequence numbers to filters, keep in mind that you might need to insert a new filter. To prevent reconfiguring multiple filters, assign sequence numbers in multiples of five or another number. Figure 8-7 illustrates how the seq command orders the filters according to the sequence number assigned.
www.dell.com | support.dell.com Figure 8-8 illustrates an extended IP ACL in which the sequence numbers were assigned by the software. The filters were assigned sequence numbers based on the order in which they were configured (for example, the first filter was given the lowest sequence number). The show config command in the IP ACCESS LIST mode displays the two filters with the sequence numbers 5 and 10. Figure 8-8. Extended IP ACL FTOS(config-ext-nacl)#deny tcp host 123.55.34.
If a rule is simply appended, existing counters are not affected. Table 8-2. L2 and L3 ACL Filtering on Switched Packets L2 ACL Behavior L3 ACL Behavior Decision on Targeted Traffic Deny Deny Denied by L3 ACL Deny Permit Permitted by L3 ACL Permit Deny Denied by L3 ACL Permit Permit Permitted by L3 ACL Note: If an interface is configured as a “vlan-stack access” port, the packets are filtered by an L2 ACL only. The L3 ACL applied to such a port does not affect traffic.
www.dell.com | support.dell.com To apply an IP ACL (standard or extended) to a physical or port channel interface, use these commands in the following sequence in the INTERFACE mode: Step Command Syntax Command Mode Purpose 1 interface interface slot/port CONFIGURATION Enter the interface number. 2 ip address ip-address INTERFACE Configure an IP address for the interface, placing it in Layer-3 mode.
Step 3 Task View the number of packets matching the ACL using the show ip accounting access-list from EXEC Privilege mode. Configure Ingress ACLs Ingress ACLs are applied to interfaces and to traffic entering the system.These system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target traffic, it is a simpler implementation. To create an ingress ACLs, use the ip access-group command (Figure 233) in the EXEC Privilege mode.
www.dell.com | support.dell.com An egress ACL is used when users would like to restrict egress traffic. For example, when a DOS attack traffic is isolated to one particular interface, you can apply an egress ACL to block that particular flow from exiting the box, thereby protecting downstream devices. To create an egress ACLs, use the ip access-group command Figure 8-11 in the EXEC Privilege mode.
Dell Networking OS Behavior: VRRP hellos and IGMP packets are not affected when egress ACL filtering for CPU traffic is enabled. Packets sent by the CPU with the source address as the VRRP virtual IP address have the interface MAC address instead of VRRP virtual MAC address.
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose [seq number] permit loopback-logging any any CONFIGURATION If you are applying an extended ACL, and it has a deny ip any any entry, this entry denies internally generated packets as well as packets received from external devices. To prevent internally generated packets from being dropped, make sure that the ACL you intend to apply has the following entry: [seq number] permit loopback-logging any any.
IP Prefix Lists Prefix Lists are supported on platforms: ces IP prefix lists control routing policy. An IP prefix list is a series of sequential filters that contain a matching criterion (examine IP route prefix) and an action (permit or deny) to process routes. The filters are processed in sequence so that if a route prefix does not match the criterion in the first filter, the second filter (if configured) is applied.
www.dell.com | support.dell.com The following list includes the configuration tasks for prefix lists: • • Configuring a prefix list Use a prefix list for route redistribution For a complete listing of all commands related to prefix lists, refer to the Dell Networking OS Command Line Interface Reference document.
If you are creating a standard prefix list with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The Dell Networking OS assigns filters in multiples of five.
www.dell.com | support.dell.com Figure 8-15. Command example: show ip prefix-list detail FTOS>show ip prefix detail Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 seq 5 deny 1.102.0.0/16 le 32 (hit count: 0) seq 6 deny 2.1.0.0/16 ge 23 (hit count: 0) seq 10 permit 0.0.0.0/0 le 32 (hit count: 0) ip prefix-list filter_ospf: count: 4, range entries: 1, sequences: 5 - 10 seq 5 deny 100.100.1.0/24 (hit count: 0) seq 6 deny 200.
Figure 8-17. Command Example: show config in the ROUTER RIP Mode FTOS(conf-router_rip)#show config ! router rip distribute-list prefix juba out network 10.0.0.0 FTOS(conf-router_rip)#router ospf 34 To apply a filter to routes in OSPF, use either of the following commands in the ROUTER OSPF mode: Command Syntax Command Mode Purpose router ospf CONFIGURATION Enter OSPF mode distribute-list prefix-list-name in [interface] CONFIG-ROUTER-OSPF Apply a configured prefix list to incoming routes.
www.dell.com | support.dell.com IPv4 and IPv6 ACLs and prefixes and MAC ACLs can be resequenced. No CAM writes happen as a result of resequencing, so there is no packet loss; the behavior is like Hot-lock ACLs. Note: ACL Resequencing does not affect the rules or remarks or the order in which they are applied. It merely renumbers them so that new rules can be placed within the list as desired. Table 8-3. ACL Resequencing Example (Insert New Rules) seq 5 permit any host 1.1.1.1 seq 6 permit any host 1.1.
Figure 8-19. Resequence ACLs FTOS(config-ext-nacl)# show config ! ip access-list extended test remark 4 XYZ remark 5 this remark corresponds to permit any host 1.1.1.1 seq 5 permit ip any host 1.1.1.1 remark 9 ABC remark 10 this remark corresponds to permit ip any host 1.1.1.2 seq 10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.
www.dell.com | support.dell.com Figure 8-20. Resequence Remarks FTOS(config-ext-nacl)# show config ! ip access-list extended test remark 4 XYZ remark 5 this remark corresponds to permit any host 1.1.1.1 seq 5 permit ip any host 1.1.1.1 remark 9 ABC remark 10 this remark corresponds to permit ip any host 1.1.1.2 seq 10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.
Important Points to Remember • • • For route-maps with more than one match clause: • Two or more match clauses within the same route-map sequence have the same match commands (though the values are different), matching a packet against these clauses is a logical OR operation. • Two or more match clauses within the same route-map sequence have different match commands, matching a packet against these clauses is a logical AND operation.
www.dell.com | support.dell.com To view the configuration, use the show config command in the ROUTE-MAP mode (Figure 8-21). Figure 8-21. Command Example: show config in the ROUTE-MAP Mode FTOS(config-route-map)#show config ! route-map dilling permit 10 FTOS(config-route-map)# You can create multiple instances of this route map by using the sequence number option to place the route maps in the correct order. Dell Networking OS processes the route maps with the lowest sequence number first.
Figure 8-24. Command Example: show route-map FTOS#show route-map dilling route-map dilling, permit, sequence 10 Match clauses: Set clauses: route-map dilling, permit, sequence 15 Match clauses: interface Loopback 23 Set clauses: tag 3444 FTOS# To delete a route map, use the no route-map map-name command in the CONFIGURATION mode. Configure route map filters Within the ROUTE-MAP mode, there are match and set commands.
www.dell.com | support.dell.com Also, if there are different instances of the same route-map, then it’s sufficient if a permit match happens in any instance of that route-map.
Command Syntax Command Mode Purpose match ip address prefix-list-name CONFIG-ROUTE-MAP Match destination routes specified in a prefix list (IPv4). match ipv6 address prefix-list-name CONFIG-ROUTE-MAP Match destination routes specified in a prefix list (IPv6). match ip next-hop {access-list-name | prefix-list prefix-list-name} CONFIG-ROUTE-MAP Match next-hop routes specified in a prefix list (IPv4).
www.dell.com | support.dell.com Command Syntax Command Mode Purpose set ipv6 next-hop ip-address CONFIG-ROUTE-MAP Assign an IPv6 address as the route’s next hop. set origin {egp | igp | incomplete} CONFIG-ROUTE-MAP Assign an ORIGIN attribute. set tag tag-value CONFIG-ROUTE-MAP Specify a tag for the redistributed routes. set weight value CONFIG-ROUTE-MAP Specify a value as the route’s weight. Use these commands to create route map instances.
Figure 8-25. Route Redistribution into OSPF router ospf 34 default-information originate metric-type 1 redistribute static metric 20 metric-type 2 tag 0 route-map staticospf ! route-map staticospf permit 10 match interface GigabitEthernet 0/0 match metric 255 set level backbone Configure a route map for route tagging One method for identifying routes from different routing protocols is to assign a tag to routes from that protocol.
www.dell.com | support.dell.com Figure 8-27.
9 Bidirectional Forwarding Detection Bidirectional Forwarding Detection is supported only on platforms: BFD is supported on E-Series ExaScale ce ex with Dell Networking OS 8.2.1.0 and later. Protocol Overview Bidirectional Forwarding Detection (BFD) is a protocol that is used to rapidly detect communication failures between two adjacent systems. It is a simple and lightweight replacement for existing routing protocol link state detection mechanisms.
www.dell.com | support.dell.com How BFD Works Two neighboring systems running BFD establish a session using a three-way handshake. After the session has been established, the systems exchange control packets at agreed upon intervals. In addition, systems send a control packet anytime there is a state change or change in a session parameter; these control packets are sent without regard to transmit and receive intervals. Note: Dell Networking OS does not support multi-hop BFD sessions.
Version (4) IHL TOS Total Length Preamble Flags Start Frame Delimiter Frag Offset Destination MAC TTL (255) Source MAC Protocol Ethernet Type (0x8800) Header Checksum Version (1) State Range: 3784 Source Port Options Diag Code Dest IP Addr Padding Checksum UDP Packet Detect Mult My Discriminator Your Discriminator Random number generated by remote system to identify a session Required Min RX Interval Required Min Echo RX Interval Auth Type The minimum interval between Echo pac
www.dell.com | support.dell.com Table 9-1. BFD Packet Fields Field Description Diagnostic Code The reason that the last session failed. State The current local session state. See BFD sessions. Flag A bit that indicates packet function. If the poll bit is set, the receiving system must respond as soon as possible, without regard to its transmit interval. The responding system clears the poll bit and sets the final bit in its response.
BFD sessions BFD must be enabled on both sides of a link in order to establish a session. The two participating systems can assume either of two roles: • • Active—The active system initiates the BFD session. Both systems can be active for the same session. Passive—The passive system does not initiate a session. It only responds to a request for session initialization from the active system.
www.dell.com | support.dell.com handshake. At this point, the discriminator values have been exchanged, and the transmit intervals have been negotiated. 4. The passive system receives the control packet, changes its state to Up. Both systems agree that a session has been established. However, since both members must send a control packet—that requires a response—anytime there is a state change or change in a session parameter, the passive system sends a final response indicating the state change.
Figure 9-3. BFD State Machine current session state Up, Admin Down, Timer the packet received Down Init Down Admin Down, Timer Down Init Admin Down, Down, Timer Init, Up Up Up, Init Important Points to Remember • • • • • • • • BFD for line card ports is hitless, but is not hitless for VLANs since they are instantiated on the RPM. BFD is supported on C-Series and E-Series only. Dell Networking OS supports a maximum of 100 sessions per BFD agent.
www.dell.com | support.dell.com Configuring BFD for Physical Ports BFD on physical ports is useful when no routing protocol is enabled. Without BFD, if the remote system fails, the local system does not remove the connected route until the first failed attempt to send a packet. When BFD is enabled, the local system removes the route as soon as it stops receiving periodic control packets from the remote system. Configuring BFD for a physical port is a two-step process: 1. Enable BFD globally. 2.
Figure 9-5. Establishing a BFD Session for Physical Ports R2: ACTIVE Role R1: ACTIVE Role 4/24 2/1 Force10(config)# bfd enable Force10(config)# interface gigabitethernet 2/1 Force10(conf-if-gi-2/1)# ip address 2.2.2.2/24 Force10(conf-if-gi-2/1)# bfd neighbor 2.2.2.1 Force10(config)# bfd enable Force10(config)# interface gigabitethernet 4/24 Force10(conf-if-gi-2/1)# ip address 2.2.2.1/24 Force10(conf-if-gi-2/1)# bfd neighbor 2.2.2.
www.dell.com | support.dell.com Figure 9-7. View Session Details R1(conf-if-gi-4/24)#do show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 1 Local Addr: 2.2.2.1 Local MAC Addr: 00:01:e8:09:c3:e5 Remote Addr: 2.2.2.
Figure 9-8. Change Session Parameters for Physical Ports R1(conf-if-gi-4/24)#bfd interval 100 min_rx 100 multiplier 4 role passive R1(conf-if-gi-4/24)#do show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 1 Local Addr: 2.2.2.1 Local MAC Addr: 00:01:e8:09:c3:e5 Remote Addr: 2.2.2.
www.dell.com | support.dell.com To re-enable BFD on an interface: Step 1 Task Command Syntax Command Mode Enable BFD on an interface. bfd enable INTERFACE Configuring BFD for Static Routes BFD gives systems a link state detection mechanism for static routes. With BFD, systems are notified to remove static routes from the routing table as soon as the link state change occurs, rather than having to wait until packets fail to reach their next hop.
To establish a BFD session: Step 1 Task Command Syntax Command Mode Establish BFD sessions for all neighbors that are the next hop of a static route. ip route bfd CONFIGURATION Verify that sessions have been created for static routes using the command show bfd neighbors, as shown in Figure 9-10. View detailed session information using the command show bfd neighbors detail, as shown in Figure 9-8. Figure 9-10. View Established Sessions for Static Routes R1(conf)#ip route 2.2.3.0/24 2.2.2.
www.dell.com | support.dell.com To disable BFD for static routes: Step 1 Task Command Syntax Command Mode Disable BFD for static routes. no ip route bfd CONFIGURATION Configuring BFD for OSPF When using BFD with OSPF, the OSPF protocol registers with the BFD manager on the RPM. BFD sessions are established with all neighboring interfaces participating in OSPF.
Figure 9-11. Establishing Sessions with OSPF Neighbors Force10(conf-if-gi-2/1)# ip address 2.2.2.2/24 Force10(conf-if-gi-2/1)# no shutdown Force10(conf-if-gi-2/1)# exit Force10(config)# router ospf 1 Force10(config-router_ospf )# network 2.2.2.0/24 area 0 Force10(config-router_ospf )# bfd all-neighbors Force10(conf-if-gi-2/2)# ip address 2.2.3.1/24 Force10(conf-if-gi-2/2)# no shutdown Force10(conf-if-gi-2/2)# exit Force10(config)# router ospf 1 Force10(config-router_ospf )# network 2.2.3.
www.dell.com | support.dell.com Changing OSPF session parameters BFD sessions are configured with default intervals and a default role. The parameters that can be configured are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role. These parameters are configured for all OSPF sessions or all OSPF sessions on a particular interface; if you change a parameter globally, the change affects all OSPF neighbors sessions.
Configuring BFD for BGP BFD for BGP is only supported on platforms: ec In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, port-channel, and VLAN interfaces. BFD for BGP does not support IPv6 and the BGP multihop feature. Prerequisites Before configuring BFD for BGP, you must first perform the following tasks: 1.
www.dell.com | support.dell.com Note that the sample configuration shows alternative ways to establish a BFD session with a BGP neighbor: • • By establishing BFD sessions with all neighbors discovered by BGP (bfd all-neighbors command) By establishing a BFD session with a specified BGP neighbor (neighbor {ip-address | peer-group-name} bfd command) BFD packets originating from a router are assigned to the highest priority egress queue to minimize transmission delays.
Step 5 Task Command Syntax Command Mode Configure parameters for a BFD session established with all neighbors discovered by BGP. bfd all-neighbors [interval millisecs min_rx millisecs multiplier value role {active | passive}] CONFIG-ROUTERBGP OR OR Establish a BFD session with a specified BGP neighbor or peer group using the default BFD session parameters.
www.dell.com | support.dell.com • The neighbor inherits only the global timer values that are configured with the bfd all-neighbors command (interval, min_rx, and multiplier). If you explicitly enable (or disable) a peer group for BFD that has no BFD parameters configured (e.g. advertisement interval) using the neighbor peer-group-name bfd command, the peer group inherits any BFD settings configured with the bfd all-neighbors command.
The following examples show the BFD for BGP output displayed for these show commands. Figure 9-14. Verify a BFD for BGP Configuration: show running-config bgp Command R2# show running-config bgp ! router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor 3.3.3.2 no shutdown bfd all-neighbors Figure 9-15.
www.dell.com | support.dell.com Figure 9-16. Verify BFD Sessions with BGP Neighbors: show bfd neighbors detail Command R2# show bfd neighbors detail Session Discriminator: 9 Neighbor Discriminator: 10 Local Addr: 1.1.1.3 Local MAC Addr: 00:01:e8:66:da:33 Remote Addr: 1.1.1.
Figure 9-17. Display BFD Packet Counters: show bfd counters bgp Command R2# show bfd counters bgp Interface TenGigabitEthernet 6/0 Protocol BGP Messages: Registration : 5 De-registration : 4 Init : 0 Up : 6 Down : 0 Admin Down : 2 Interface TenGigabitEthernet 6/1 Protocol BGP Messages: Registration : 5 De-registration : 4 Init : 0 Up : 6 Down : 0 Admin Down : 2 Interface TenGigabitEthernet 6/2 Protocol BGP Messages: Registration : 1 De-registration : 0 Init : 0 Up : 1 Down : 0 Admin Down : 2 Figure 9-18.
www.dell.com | support.dell.com Figure 9-19. Display Routing Sessions with BGP Neighbors: show ip bgp neighbors Command R2# show ip bgp neighbors 2.2.2.2 BGP neighbor is 2.2.2.2, remote AS 1, external link BGP version 4, remote router ID 12.0.0.
Configuring BFD for IS-IS BFD for IS-IS is supported on platform: e When using BFD with IS-IS, the IS-IS protocol registers with the BFD manager on the RPM. BFD sessions are then established with all neighboring interfaces participating in IS-IS. If a neighboring interface fails, the BFD agent on the line card notifies the BFD manager, which in turn notifies the IS-IS protocol that a link state change occurred. Configuring BFD for IS-IS is a two-step process: 1. Enable BFD globally.
www.dell.com | support.dell.com To establish BFD with all IS-IS neighbors out of a single interface: Step 1 Task Command Syntax Command Mode Establish sessions with all IS-IS neighbors out of an interface. isis bfd all-neighbors INTERFACE View the established sessions using the command show bfd neighbors, as shown in Figure 9-21. Figure 9-21.
Disabling BFD for IS-IS If BFD is disabled globally, all sessions are torn down, and sessions on the remote system are placed in a Down state. If BFD is disabled on an interface, sessions on the interface are torn down, and sessions on the remote system are placed in a Down state (Message 3). Disabling BFD does not trigger a change in BFD clients; a final Admin Down packet is sent before the session is terminated.
www.dell.com | support.dell.com Figure 9-22. Establish Sessions with VRRP Neighbors VIRTUAL IP Address: 2.2.5.4 R1: BACKUP R2: MASTER 2/3 4/25 Force10(config-if-range-gi-4/25)# ip address 2.2.5.1/24 Force10(config-if-range-gi-4/25)# no shutdown Force10(config-if-range-gi-4/25)# vrrp-group 1 Force10(config-if-range-gi-4/25)# virtual-address 2.2.5.4 Force10(config-if-range-gi-4/25)# vrrp bfd all-neighbors Force10(config-if-range-gi-4/25)# vrrp bfd neighbor 2.2.5.2 Force10(conf-if-gi-2/3)#ip address 2.
Figure 9-23. View Established Sessions for VRRP Neighbors R1(conf-if-gi-4/25)#vrrp bfd all-neighbors R1(conf-if-gi-4/25)#do show bfd neighbor * Ad Dn C I O R V - Active session role Admin Down CLI ISIS OSPF Static Route (RTM) VRRP LocalAddr * 2.2.5.1 RemoteAddr 2.2.5.2 VRRP BFD Sessions Enabled Interface State Rx-int Tx-int Mult Clients Gi 4/25 Down 1000 1000 3 V Session state information is also shown in the show vrrp command output, as shown in Figure 9-24. Figure 9-24.
www.dell.com | support.dell.com To change parameters for a particular VRRP session: Step 1 Task Command Syntax Command Mode Change parameters for a particular VRRP session. vrrp bfd neighbor ip-address interval milliseconds min_rx milliseconds multiplier value role [active | passive] INTERFACE View session parameters using the command show bfd neighbors detail, as shown in Figure 9-8. Disabling BFD for VRRP If any or all VRRP sessions are disabled, the sessions are torn down.
Configuring BFD for VLANs is a two-step process: 1. Enable BFD globally on all participating routers. See Enabling BFD globally. 2. Establish sessions with VLAN neighbors. See page 199. Related configuration tasks • • Change session parameters. See page 200. Disable BFD for VLANs. See page 182. Establishing sessions with VLAN neighbors To establish a session, BFD must be enabled at interface level on both ends of the link, as shown in Figure 9-25. The session parameters do not need to match. Figure 9-25.
www.dell.com | support.dell.com Figure 9-26. View Established Sessions for VLAN Neighbors R2(conf-if-vl-200)#bfd neighbor 2.2.3.2 R2(conf-if-vl-200)#do show bfd neighbors * Ad Dn C I O R V - Active session role Admin Down CLI ISIS VLAN BFD OSPF Static Route (RTM) VRRP LocalAddr * 2.2.3.2 RemoteAddr 2.2.3.1 Sessions Enabled Interface State Rx-int Tx-int Mult Clients Vl 200 Up 100 100 3 C Changing session parameters BFD sessions are configured with default intervals and a default role.
Configuring BFD for Port-Channels BFD on port-channels is analogous to BFD on physical ports. If no routing protocol is enabled, and a remote system fails, the local system does not remove the connected route until the first failed attempt to send a packet. If BFD is enabled, the local system removes the route when it stops receiving periodic control packets from the remote system.
www.dell.com | support.dell.com To establish a session on a port-channel: Step 1 Task Command Syntax Establish a session on a port-channel. bfd neighbor ip-address Command Mode INTERFACE PORT-CHANNEL View the established sessions using the command show bfd neighbors, as shown in Figure 9-21. Figure 9-28. View Established Sessions for VLAN Neighbors R2(conf-if-po-1)#bfd neighbors 2.2.2.
To disable BFD for a port-channel: Step 1 Task Command Syntax Command Mode Disable BFD for a port-channel. no bfd enable INTERFACE PORT-CHANNEL Configuring Protocol Liveness Protocol Liveness is a feature that notifies the BFD Manager when a client protocol is disabled. When a client is disabled, all BFD sessions for that protocol are torn down. Neighbors on the remote system receive an Admin Down control packet and are placed in the Down state (Message 3).
www.dell.com | support.dell.com Figure 9-30. 204 debug bfd packet Command Output RX packet dump: 20 c0 03 18 00 00 00 01 86 a0 00 00 00:34:13 : Sent packet for TX packet dump: 20 c0 03 18 00 00 00 01 86 a0 00 00 00:34:14 : Received packet RX packet dump: 20 c0 03 18 00 00 00 01 86 a0 00 00 00:34:14 : Sent packet for TX packet dump: 00 05 00 00 00 04 00 01 86 a0 00 00 session with neighbor 2.2.2.2 on Gi 4/24 00 04 00 00 00 05 00 01 86 a0 00 00 for session with neighbor 2.2.2.
10 Border Gateway Protocol IPv4 (BGPv4) Border Gateway Protocol IPv4 (BGPv4) version 4 (BGPv4) is supported on platforms: ces Platforms support BGP according to the following table: Dell Networking OS version Platform support 8.1.1.0 E-Series ExaScale 7.8.1.0 S-Series 7.7.1.0. C-Series pre-7.7.1.0 E-Series TeraScale ex s c et This chapter is intended to provide a general description of Border Gateway Protocol version 4 (BGPv4) as it is supported in the Dell Networking OS.
www.dell.com | support.dell.
A stub AS is one that is connected to only one other AS. A transit AS is one that provides connections through itself to separate networks. For example as seen in Figure 10-1, Router 1 can use Router 2 (the transit AS) to connect to Router 4. ISPs are always transit ASs, because they provide connections from one network to another. The ISP is considered to be “selling transit service” to the customer network, so thus the term Transit AS.
www.dell.com | support.dell.com Figure 10-2. Full Mesh Examples 4 Routers 6 Routers 8 Routers The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor. Establish a session Information exchange between peers is driven by events and timers.
In order to make decisions in its operations with other BGP peers, a BGP peer uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established. For each peer-to-peer session, a BGP implementation tracks which of these six states the session is in. The BGP protocol defines the messages that each peer should exchange in order to change the session from one state to another. The first state is the Idle mode.
Figure 10-3. Route Reflection Example Router A { eBGP Route eBGP Route Router B Router E { www.dell.com | support.dell.com To illustrate how these rules affect routing, see Figure 10-3 and the following steps.Routers B, C, D, E, and G are members of the same AS - AS100. These routers are also in the same Route Reflection Cluster, where Router D is the Route Reflector. Router E and H are client peers of Router D; Routers B and C and nonclient peers of Router D.
BGP Attributes Routes learned via BGP have associated properties that are used to determine the best route to a destination when multiple paths exist to a particular destination. These properties are referred to as BGP attributes, and an understanding of how BGP attributes influence route selection is required for the design of robust networks.
www.dell.com | support.dell.com Figure 10-4. BGP Best Path Selection No, or Not Resulting in a Single Route Highest Weight Highest Local Pref Locally Originated Path Shortest AS Path Lowest Origin Code Lowest MED Learned via EBGP Lowest NEXT-HOP Cost Tie Breakers Lowest Cluster ID List from Lowest Router ID from Lowest Neighbor Addr A Single Route is Selected and Installed in the Routing Table Best Path selection details 1. Prefer the path with the largest WEIGHT attribute. 2.
• AS_CONFED_SEQUENCE has a path length of 1, no matter how many ASs are in the AS_CONFED_SEQUENCE. 5. Prefer the path with the lowest ORIGIN type (IGP is lower than EGP, and EGP is lower than INCOMPLETE). 6. Prefer the path with the lowest Multi-Exit Discriminator (MED) attribute. The following criteria apply: • • • This comparison is only done if the first (neighboring) AS is the same in the two paths; the MEDs are compared only if the first AS in the AS_SEQUENCE is the same for both paths.
www.dell.com | support.dell.com Weight The Weight attribute is local to the router and is not advertised to neighboring routers. If the router learns about more than one route to the same destination, the route with the highest weight will be preferred. The route with the highest weight is installed in the IP routing table. Local Preference Local Preference (LOCAL_PREF) represents the degree of preference within the entire AS. The higher the number, the greater the preference for the route.
One AS assigns the MED a value and the other AS uses that value to decide the preferred path. For this example, assume the MED is the only attribute applied. In Figure 10-6, AS100 and AS200 connect in two places. Each connection is a BGP session. AS200 sets the MED for its T1 exit point to 100 and the MED for its OC3 exit point to 50. This sets up a path preference through the OC3 link. The MEDs are advertised to AS100 routers so they know which is the preferred path. An MED is a non-transitive attribute.
www.dell.com | support.dell.com Generally, an IGP indicator means that the route was derived inside the originating AS. EGP generally means that a route was learned from an external gateway protocol. An INCOMPLETE origin code generally results from aggregation, redistribution or other indirect ways of installing routes into BGP. In Dell Networking OS, these origin codes appear as shown in Figure 10-7. The question mark (?) indicates an Origin code of INCOMPLETE.
Next Hop The Next Hop is the IP address used to reach the advertising router. For EBGP neighbors, the Next-Hop address is the IP address of the connection between the neighbors. For IBGP, the EBGP Next-Hop address is carried into the local AS. A Next Hop attribute is set when a BGP speaker advertises itself to another BGP speaker outside its local AS. It can also be set when advertising routes within an AS.
www.dell.com | support.dell.com Implement BGP with Dell Networking OS Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths with new ones. By default, a BGP speaker advertises only the best path to its peers for a given address prefix. If the best path becomes unavailable, the BGP speaker withdraws its path from its local RIB and recalculates a new best path.
Table 10-1gives some examples of these rules. Table 10-1.
www.dell.com | support.dell.com When creating Confederations, all the routers in a Confederation must be either 4-Byte or 2-Byte identified routers. You cannot mix them. Configure the 4-byte AS numbers with the four-octect-support command. AS4 Number Representation Dell Networking OS version 8.2.1.0 supports multiple representations of an 4-byte AS Numbers: asplain, asdot+, and asdot. Note: The ASDOT and ASDOT+ representations are supported only in conjunction with the 4-Byte AS Numbers feature.
Figure 10-9. Dynamic changes of the bgp asnotation command in the show running config ASDOT FTOS(conf-router_bgp)#bgp asnotation asdot FTOS(conf-router_bgp)#show conf ! router bgp 100 bgp asnotation asdot bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057
www.dell.com | support.dell.com Figure 10-10. config Dynamic changes when bgp asnotation command is disabled in the show running AS NOTATION DISABLED FTOS(conf-router_bgp)#no bgp asnotation FTOS(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057
Figure 10-11. Local-AS Scenario Router A AS 100 Router C AS 300 Router B AS 200 Before Migration Router A AS 100 AS 100 Router C AS 300 Router B Local AS 200 After Migration, with Local-AS enabled When you complete your migration, and you have reconfigured your network with the new information you must disable this feature. If the “no prepend” option is used, the local-as will not be prepended to the updates received from the eBGP peer.
www.dell.com | support.dell.com Local-as is prepended before the route-map to give an impression that update passed thru a router in AS 200 before it reached Router B. BGP4 Management Information Base (MIB) The FORCE10-BGP4-V2-MIB enhances Dell Networking OS BGP Management Information Base (MIB) support with many new SNMP objects and notifications (traps) defined in the draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell Networking website, www.force10networks.com.
• • • • • • • • • • • SNMP set for BGP is not supported. For all peer configuration tables (f10BgpM2PeerConfigurationGroup, f10BgpM2PeerRouteReflectorCfgGroup, and f10BgpM2PeerAsConfederationCfgGroup), an SNMP set operation will return an error. Only SNMP queries are supported. In addition, the f10BgpM2CfgPeerError, f10BgpM2CfgPeerBgpPeerEntry, and f10BgpM2CfgPeerRowEntryStatus fields are to hold the SNMP set status and are ignored in SNMP query.
www.dell.com | support.dell.
Table 10-3 displays the default values for BGP on Dell Networking OS. Table 10-3. Dell Networking OS BGP Defaults Item Default BGP Neighbor Adjacency changes All BGP neighbor changes are logged.
www.dell.com | support.dell.com • • • • • • Aggregate routes Configure BGP confederations Enable route flap dampening Change BGP timers BGP neighbor soft-reconfiguration Route map continue Enable BGP By default, BGP is not enabled on the system. Dell Networking OS supports one Autonomous System (AS) and you must assign the AS Number (ASN). To establish BGP sessions and route traffic, you must configure at least one BGP neighbor or peer.
Step Command Syntax Command Mode Purpose Use it only if you support 4-Byte AS Numbers or if you support AS4 Number Representation. If you are supporting 4-Byte ASNs, this command must be enabled first. Disable 4-Byte support and return to the default 2-Byte format by using the no bgp four-octet-as-support command. You cannot disable 4-Byte support if you currently have a 4-Byte ASN configured. Disabling 4-Byte AS Numbers also disables ASDOT and ASDOT+ number representation.
www.dell.com | support.dell.com Figure 10-12. Command example: show ip bgp summary (2-Byte AS Number displayed) R2#show ip bgp summary BGP router identifier 192.168.10.
The third line of the show ip bgp neighbors output contains the BGP State. If anything other than ESTABLISHED is listed, the neighbor is not exchanging information and routes. For more details on using the show ip bgp neighbors command, refer to the Dell Networking OS Command Line Interface Reference. Figure 10-14. Command example: show ip bgp neighbors FTOS#show ip bgp neighbors BGP neighbor is 10.114.8.60, remote AS 18508, external link External BGP version 4, remote router ID 10.20.20.
www.dell.com | support.dell.com Figure 10-15. Command example: show running-config bgp R2#show running-config bgp ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.
Task Command Syntax Command Mode Enable ASDOT AS Number representation. Figure 10-17 bgp asnotation asdot CONFIG-ROUTER-BGP Enable ASDOT+ AS Number representation.Figure 10-18 bgp asnotation asdot+ CONFIG-ROUTER-BGP Figure 10-16. Command example and output: bgp asnotation asplain FTOS(conf-router_bgp)#bgp asnotation asplain FTOS(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.
www.dell.com | support.dell.com Configure Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. Another advantage of peer groups is that members of a peer groups inherit the configuration properties of the group and share same update policy. A maximum of 256 Peer Groups are allowed on the system. You create a peer group by assigning it a name, then adding members to the peer group. Once a peer group is created, you can configure route policies for it.
When you add a peer to a peer group, it inherits all the peer group’s configured parameters.
www.dell.com | support.dell.com Figure 10-20. Command example: show config (peer-group enabled FTOS(conf-router_bgp)#neighbor zanzibar no shutdown FTOS(conf-router_bgp)#show config ! router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes neighbor zanzibar peer-group neighbor zanzibar no shutdown neighbor 10.1.1.1 remote-as 65535 neighbor 10.1.1.1 shutdown neighbor 10.14.8.60 remote-as 18505 neighbor 10.14.8.
Figure 10-21. Command example: show ip bgp peer-group FTOS>show ip bgp peer-group Peer-group zanzibar, remote AS 65535 BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is zanzibar, peer-group internal, Number of peers in this group 26 Peer-group members (* - outbound optimized): 10.68.160.1 10.68.161.1 10.68.162.1 10.68.163.1 10.68.164.1 10.68.165.1 10.68.166.1 10.68.167.1 10.68.168.1 10.68.169.1 10.68.170.1 10.68.171.1 10.68.172.1 10.68.
www.dell.com | support.dell.com The BGP fast fall-over feature is configured on a per-neighbor or peer-group basis and is disabled by default.
Figure 10-22. Command example: show ip bgp neighbors FTOS#sh ip bgp neighbors BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.30.
www.dell.com | support.dell.com Figure 10-23. Command example: show ip bgp peer-group FTOS#sh ip bgp peer-group Peer-group test Fall-over enabled BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is test Number of peers in this group 1 Peer-group members (* - outbound optimized): 100.100.100.100* FTOS# router bgp 65517 neighbor test peer-group Fast Fall-Over neighbor test fall-over neighbor test no shutdown Indicator neighbor 100.100.100.
Step Command Syntax Command Mode Purpose 2 neighbor peer-group-name subnet subnet-number mask CONFIG-ROUTERBGP Assign a subnet to the peer group. The peer group will respond to OPEN messages sent on this subnet. 3 neighbor peer-group-name no shutdown CONFIG-ROUTERBGP Enable the peer group. 4 neighbor peer-group-name remote-as as-number CONFIG-ROUTERBGP Create and specify a remote peer as a BGP neighbor.
www.dell.com | support.dell.com Figure 10-24. Local-as information shown R2(conf-router_bgp)#show conf ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.
Figure 10-25. Allowas-in information shown R2(conf-router_bgp)#show conf ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 local-as 6500 neighbor 100.10.92.
www.dell.com | support.dell.com • • • Advertise to all BGP neighbors and peer-groups that the forwarding state of all routes has been saved. This prompts all peers to continue saving the routes they receive from your E-Series and to continue forwarding traffic. Bring the secondary RPM online as the primary and re-open sessions with all peers operating in “no shutdown” mode. Defer best path selection for a certain amount of time.
Filter on an AS-Path attribute The BGP attribute, AS_PATH, can be used to manipulate routing policies. The AS_PATH attribute contains a sequence of AS numbers representing the route’s path. As the route traverses an Autonomous System, the AS number is prepended to the route. You can manipulate routes based on their AS_PATH to affect interdomain routing. By identifying certain AS numbers in the AS_PATH, you can permit or deny routes based on the number in its AS_PATH.
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 2 {deny | permit} filter CONFIG-AS-PATH Enter the parameter to match BGP AS-PATH for filtering. This is the filter that will be used to match the AS-path. The entries can be any format, letters, numbers, or regular expressions. This command can be entered multiple times if multiple filters are desired. See Table 10-4 for accepted expressions.
Figure 10-27. Filter with Regular Expression FTOS(config)#router bgp 99 FTOS(conf-router_bgp)#neigh AAA peer-group FTOS(conf-router_bgp)#neigh AAA no shut FTOS(conf-router_bgp)#show conf ! router bgp 99 neighbor AAA peer-group neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 shutdown FTOS(conf-router_bgp)#neigh 10.155.15.
www.dell.com | support.dell.com Table 10-4. Regular Expressions Regular Expression Definition ( ) (parenthesis) Specifies patterns for multiple use when followed by one of the multiplier metacharacters: asterisk *, plus sign +, or question mark ? [ ] (brackets) Matches any enclosed character; specifies a range of single characters - (hyphen) Used within brackets to specify a range of AS or community numbers. _ (underscore) Matches a ^, a $, a comma, a space, a {, or a }.
Command Syntax Command Mode Purpose redistribute ospf process-id [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name] ROUTER BGP or CONF-ROUTER_BGPv6_ AF Include specific OSPF routes in IS-IS. Configure the following parameters: • process-id range: 1 to 65535 • match external range: 1 or 2 • match internal • metric-type: external or internal. • map-name: name of a configured route map.
www.dell.com | support.dell.com Use these commands in the following sequence, starting in the CONFIGURATION mode to configure an IP community list. Step Command Syntax Command Mode Purpose 1 ip community-list CONFIGURATION Create a Community list and enter the COMMUNITY-LIST mode.
Figure 10-28.
www.dell.com | support.dell.com Manipulate the COMMUNITY attribute In addition to permitting or denying routes based on the values of the COMMUNITY attributes, you can manipulate the COMMUNITY attribute value and send the COMMUNITY attribute with the route information. By default, Dell Networking OS does not send the COMMUNITY attribute. Use the following command in the CONFIGURATION ROUTER BGP mode to send the COMMUNITY attribute to BGP neighbors.
Step Command Syntax Command Mode Purpose 3 exit CONFIG-ROUTE-MAP Return to the CONFIGURATION mode. 4 router bgp as-number CONFIGURATION Enter the ROUTER BGP mode. 5 neighbor {ip-address | peer-group-name} route-map map-name {in | out} CONFIG-ROUTER-BGP Apply the route map to the neighbor or peer group’s incoming or outgoing routes. To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode.
www.dell.com | support.dell.com Use any or all of the following commands in the CONFIGURATION ROUTER BGP mode to change how the MED attribute is used. Command Syntax Command Mode Purpose bgp always-compare-med CONFIG-ROUTERBGP Enable MED comparison in the paths from neighbors with different ASs. By default, this comparison is not performed.
Step Command Syntax Command Mode Purpose 4 router bgp as-number CONFIGURATION Enter the ROUTER BGP mode. 5 neighbor {ip-address | peer-group-name} route-map map-name {in | out} CONFIG-ROUTER-BGP Apply the route map to the neighbor or peer group’s incoming or outgoing routes. To view the BGP configuration, use the show config command in the CONFIGURATION ROUTER BGP mode. To view a route map configuration, use the show route-map command in EXEC Privilege mode.
www.dell.com | support.dell.com You can also use route maps to change this and other BGP attributes. For example, you can include the following command in a route map to specify the next hop address: Command Syntax Command Mode Purpose set weight weight CONFIG-ROUTE-MAP Sets weight for the route. • weight range: 0 to 65535 Enable multipath By default, the software allows one path to a destination. You can enable multipath to allow up to 16 parallel paths to a destination.
Refer to Chapter 8, IP Access Control Lists (ACL), Prefix Lists, and Route-maps for configuration information on prefix lists, AS-PATH ACLs, and route maps. Note: When you configure a new set of BGP policies, always reset the neighbor or peer group by entering the clear ip bgp command in EXEC Privilege mode. Use these commands in the following sequence, starting in the CONFIGURATION mode to filter routes using prefix lists.
www.dell.com | support.dell.com Use these commands in the following sequence, starting in the CONFIGURATION mode to filter routes using a route map. Step Command Syntax Command Mode Purpose route-map map-name [permit | deny] [sequence-number] CONFIGURATION Create a route map and assign it a name. 2 {match | set} CONFIG-ROUTE-MAP Create multiple route map filters with a match or set action.
Step Command Syntax Command Mode Purpose 5 neighbor {ip-address | peer-group-name} filter-list as-path-name {in | out} CONFIG-ROUTER-B GP Filter routes based on the criteria in the configured route map. Configure the following parameters: • ip-address or peer-group-name: enter the neighbor’s IP address or the peer group’s name. • as-path-name: enter the name of a configured AS-PATH ACL. • in: apply the AS-PATH ACL map to inbound routes. • out: apply the AS-PATH ACL to outbound routes.
www.dell.com | support.dell.com Aggregate routes Dell Networking OS provides multiple ways to aggregate routes in the BGP routing table. At least one specific route of the aggregate must be in the routing table for the configured aggregate to become active. Use the following command in the CONFIGURATION ROUTER BGP mode to aggregate routes.
Use the following commands in the CONFIGURATION ROUTER BGP mode to configure BGP confederations. Command Syntax Command Mode Purpose bgp confederation identifier as-number CONFIG-ROUTERBGP Specifies the confederation ID. AS-number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) bgp confederation peers as-number [... as-number] CONFIG-ROUTERBGP Specifies which confederation sub-AS are peers. AS-number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) All Confederation routers must be either 4-Byte or 2-Byte.
www.dell.com | support.dell.com Figure 10-31.
To set dampening parameters via a route map, use the following command in CONFIGURATION ROUTE-MAP mode: Command Syntax Command Mode Purpose set dampening half-life reuse CONFIG-ROUTE-MAP Enter the following optional parameters to configure route dampening parameters: • half-life range: 1 to 45. Number of minutes after which the Penalty is decreased. After the router assigns a Penalty of 1024 to a route, the Penalty is decreased by half after the half-life period expires.
www.dell.com | support.dell.com Use the following command in EXEC Privilege mode to clear information on route dampening and return suppressed routes to active state. Command Syntax Command Mode Purpose clear ip bgp dampening [ip-address mask] EXEC Privilege Clear all information or only information on a specific route. Use the following command in EXEC and EXEC Privilege mode to view statistics on route flapping.
Change BGP timers Use either or both of the following commands in the CONFIGURATION ROUTER BGP mode to configure BGP timers. Command Syntax Command Mode Purpose neighbors {ip-address | peer-group-name} timers keepalive CONFIG-ROUTERBGP Configure timer values for a BGP neighbor or peer group. • keepalive range: 1 to 65535. Time interval, in seconds, between keepalive messages sent to the neighbor routers. (Default: 60 seconds) • holdtime range: 3 to 65536.
www.dell.com | support.dell.com Use the clear ip bgp command in EXEC Privilege mode to reset a BGP connection using BGP soft reconfiguration. Command Syntax Command Mode Purpose neighbor {ipv4-address | ipv6-address | peer-group-name} soft-reconfiguration inbound CONFIG-ROUTERBGP Enable inbound soft-reconfiguration for the specified BGP neighbor. BGP stores all updates received by the neighbor but does not reset the peer session.
Route map continue The BGP route map continue feature (in ROUTE-MAP mode) allows movement from one route-map entry to a specific route-map entry (the sequence number). If the sequence number is not specified, the continue feature moves to the next sequence number (also known as an implied continue). If a match clause exists, the continue feature executes only after a successful match occurs. If there are no successful matches, continue is ignored.
www.dell.com | support.dell.com MBGP Configuration et c MBGP for IPv4 Multicast is supported on platform c et s MBGP is not supported on the E-Series ExaScale ex platform. MBGP for IPv6 unicast is supported on platforms Multiprotocol BGP (MBGP) is an enhanced BGP that carries IP multicast routes. BGP carries two sets of routes: one set for unicast routing and one set for multicast routing.
BGP Regular Expression Optimization BGP policies that contain regular expressions to match against as-paths and communities might take a lot of CPU processing time, thus affect BGP routing convergence. Also, show bgp commands that get filtered through regular expressions can to take a lot of CPU cycles, especially when the database is large.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose debug ip bgp {ip-address | peer-group-name} soft-reconfiguration EXEC Privilege Enable soft-reconfiguration debug. Enable soft-reconfiguration debug. To enhance debugging of soft reconfig, use the following command only when route-refresh is not negotiated to avoid the peer from resending messages: bgp soft-reconfig-backup In-BGP is shown via the show ip protocols command. Dell Networking OS displays debug messages on the console.
Figure 10-34. View the Last Bad PDU from BGP Peers FTOS(conf-router_bgp)#do show ip bgp neighbors 1.1.1.2 BGP neighbor is 1.1.1.2, remote AS 2, external link BGP version 4, remote router ID 2.4.0.
www.dell.com | support.dell.com The buffer size supports a maximum value between 40 MB (the default) and 100 MB. The capture buffers are cyclic and reaching the limit prompts the system to overwrite the oldest PDUs when new ones are received for a given neighbor or direction. Setting the buffer size to a value lower than the current max, might cause captured PDUs to be freed to set the new limit. Note: Memory on RP1 is not pre-allocated, and is allocated only when a PDU needs to be captured.
With full internet feed (205K) captured, approximately 11.8MB is required to store all of the PDUs, as shown in Figure 10-36. Figure 10-36. Required Memory for Captured PDUs FTOS(conf-router_bgp)#do show capture bgp-pdu neighbor 172.30.1.250 Incoming packet capture enabled for BGP neighbor 172.30.1.250 Available buffer size 29165743, 192991 packet(s) captured using 11794257 bytes [. . .] FTOS(conf-router_bgp)#do sho ip bg s BGP router identifier 172.30.1.
www.dell.com | support.dell.com Figure 10-37. Sample Configuration Illustration Physical Links AS 99 Virtual Links GigE 1/21 10.0.1.21 /24 GigE 2/11 10.0.1.22 /24 Peer Group AAA e Pe Loopback ck 1 192.168.128.1 /24 Loopback 1 Lo 192.168.128.2 /24 19 rG u ro p GigE 1/31 10.0.3.31 /24 BB B er Pe GigE 3/11 10.0.3.33 /24 o Gr C CC p u GigE 3/21 10.0.2.3 /24 Loopback 1 192.168.128.3 /24 AS 100 274 | Border Gateway Protocol IPv4 (BGPv4) GigE 2/31 10.0.2.
Figure 10-38. Enable BGP - Router 1 R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int gig 1/21 R1(conf-if-gi-1/21)#ip address 10.0.1.21/24 R1(conf-if-gi-1/21)#no shutdown R1(conf-if-gi-1/21)#show config ! interface GigabitEthernet 1/21 ip address 10.0.1.21/24 no shutdown R1(conf-if-gi-1/21)#int gig 1/31 R1(conf-if-gi-1/31)#ip address 10.0.3.
www.dell.com | support.dell.com Figure 10-39. Enable BGP - Router 2 R2# conf R2(conf)#int loop 0 R2(conf-if-lo-0)#ip address 192.168.128.2/24 R2(conf-if-lo-0)#no shutdown R2(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.2/24 no shutdown R2(conf-if-lo-0)#int gig 2/11 R2(conf-if-gi-2/11)#ip address 10.0.1.22/24 R2(conf-if-gi-2/11)#no shutdown R2(conf-if-gi-2/11)#show config ! interface GigabitEthernet 2/11 ip address 10.0.1.
Figure 10-40. Enable BGP - Router 3 R3# conf R3(conf)# R3(conf)#int loop 0 R3(conf-if-lo-0)#ip address 192.168.128.3/24 R3(conf-if-lo-0)#no shutdown R3(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.3/24 no shutdown R3(conf-if-lo-0)#int gig 3/11 R3(conf-if-gi-3/11)#ip address 10.0.3.33/24 R3(conf-if-gi-3/11)#no shutdown R3(conf-if-gi-3/11)#show config ! interface GigabitEthernet 3/11 ip address 10.0.3.
www.dell.com | support.dell.com Figure 10-41. Enable Peer Group - Router 1 R1#conf R1(conf)#router bgp 99 R1(conf-router_bgp)# network 192.168.128.0/24 R1(conf-router_bgp)# neighbor AAA peer-group R1(conf-router_bgp)# neighbor AAA no shutdown R1(conf-router_bgp)# neighbor BBB peer-group R1(conf-router_bgp)# neighbor BBB no shutdown R1(conf-router_bgp)# neighbor 192.168.128.2 peer-group AAA R1(conf-router_bgp)# neighbor 192.168.128.
Figure 10-42.
www.dell.com | support.dell.com Figure 10-43. Enable Peer Groups - Router 2 R2#conf R2(conf)#router bgp 99 R2(conf-router_bgp)# neighbor CCC peer-group R2(conf-router_bgp)# neighbor CC no shutdown R2(conf-router_bgp)# neighbor BBB peer-group R2(conf-router_bgp)# neighbor BBB no shutdown R2(conf-router_bgp)# neighbor 192.168.128.1 peer AAA R2(conf-router_bgp)# neighbor 192.168.128.1 no shut R2(conf-router_bgp)# neighbor 192.168.128.3 peer BBB R2(conf-router_bgp)# neighbor 192.168.128.
Figure 10-44. Enable Peer Group - Router 3 R3#conf R3(conf)#router bgp 100 R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# AAA peer-group AAA no shutdown CCC peer-group CCC no shutdown 192.168.128.2 peer-group BBB 192.168.128.2 no shutdown 192.168.128.1 peer-group BBB 192.168.128.
www.dell.com | support.dell.com Figure 10-45.
11 Content Addressable Memory Content Addressable Memory is supported on platforms c et s Note: Different platforms support varying levels of CAM adjustment. Be sure to read this chapter carefully prior to changing any CAM parameters.
www.dell.com | support.dell.com • • • The ExaScale EH and EJ series line cards are single-CAM line cards that support 10M and 40M CAM for storing the lookup information. The TeraScale EG-series line cards are dual-CAM and use two 18 Megabit CAM modules with a dedicated 512 IPv4 Forwarding Information Base (FIB), and flexible CAM allocations for Layer2, FIB, and ACLs. Either ExaScale 10G or 40G CAM line cards can be used in a system. CAM Profiles Note: In C-Series, CAM profiles are not supported.
Table 11-1. CAM Profile Descriptions CAM Profile Description Default An all-purpose profile that allocates CAM space according to the way Dell Networking systems are most commonly used. Available Microcodes: default, lag-hash-align, lag-hash-mpls, l2-switched-pbr eg-default For EG-series line cards only. EG series line cards have two CAM modules per Port-pipe.
L2FIB L2ACL IPv4FIB IPv4ACL IPv4Flow EgL2ACL EgIPv4ACL Reserved IPv6FIB IPv6ACL IPv6Flow EgIPv6ACL CAM entries per partition Default 32K 2K 256K 12K 24K 1K 1K 8K 0 0 0 0 eg-default 32K 2K 512K 12K 24K 1K 1K 8K 32K 3K 4K 1K ipv4-320k 32K 2K 320K 12K 12K 1K 1K 4K 0 0 0 0 pv4-egacl-16k 32K 2K 192K 8K 24K 0 16K 8K 0 0 0 0 ipv6-extacl 32K 2K 192K 12K 8K 1K 1K 2K 6K 3K 4K 2K l2-ipv4-inacl 32K 33K 64K 27K 8K 2K 2K 2K 0 0 0 0
Table 11-3. Microcode Descriptions Microcode Description lag-hash-align For applications that require the same hashing for bi-directional traffic (for example, VoIP call or P2P file sharing). For port-channels, this microcode maps both directions of a bi-directional flow to the same output link. lag-hash-mpls For hashing based on MPLS labels (up to five labels deep). With the default microcode, MPLS packets are distributed over a port-channel based on the MAC source and destination address.
www.dell.com | support.dell.com The Layer 2 ACL CAM partition has sub-partitions for several types of information. Table 11-4 lists the sub-partition and the percentage of the Layer 2 ACL CAM partition that Dell Networking OS allocates to each by default. Table 11-4. Layer 2 ACL CAM Sub-partition Sizes Partition % Allocated Sysflow 6 L2ACL 14 *PVST 50 QoS 12 L2PT 13 FRRP 5 You can re-configure the amount of space, in percentage, allocated to each sub-partition.
• If you insert a dual-CAM line card into a chassis with a single-CAM profile, the line card boots with a matching profile, but operates with a lower capability.
www.dell.com | support.dell.com When to Use CAM Profiling The CAM profiling feature enables you to partition the CAM to best suit your application. For example: • • • • • • Configure more Layer 2 FIB entries when the system is deployed as a switch. Configure more Layer 3 FIB entries when the system is deployed as a router. Configure more ACLs (when IPv6 is not employed). Hash MPLS packets based on source and destination IP addresses for LAGs. See LAG Hashing. Hash based on bidirectional flow for LAGs.
• • If a newly installed line card has a profile different from the primary RPM, the card reboots so that it can load the proper profile. If a the standby RPM has a profile different from the primary RPM, the card reboots so that it can load the proper profile. To change the CAM profile on the entire system: Step 1 Task Command Syntax Command Mode Select a CAM profile.
www.dell.com | support.dell.com • • • VMAN Dual QoS (vman-dual-qos): 0 IPV4 PBR(Ipv4pbr): 0 VRF ACL(vrfv4acl): 0 Note: The ipmacacl region was introduced for Secure DHCP. These ACL are not created through CLI, but rather are system generated from the DHCP snooping table.
This command applies to both IPv4 and IPv6 CAM profiles, but is best used when verifying QoS optimization for IPv6 ACLs. Use this command to determine whether sufficient ACL CAM space is available to enable a service-policy. Create a Class Map with all required ACL rules, then execute the test cam-usage command in Privilege mode to verify the actual CAM space required. Figure 11-3 gives a sample of the output shown when executing the command.
www.dell.com | support.dell.com View a brief output of the command show cam-profile using the summary option. The command show running-config cam-profile shows the current profile and microcode (Figure 11-5). Note: If you select the CAM profile from CONFIGURATION mode, the output of this command does not reflect any changes until you save the running-configuration and reload the chassis. Figure 11-5.
Figure 11-6.
www.dell.com | support.dell.com Figure 11-7.
• The IPv4Flow configuration is applied to entire system when you enter the command cam-ipv4flow from CONFIGURATION mode, however, you must save the running-configuration to affect the change. The amount of space that is allocated among the sub-partitions must be equal to the amount of CAM space allocated to IPv4Flow by the selected CAM profile (see Table 11-1.); Message 3 is displayed if the total allocated space is not correct.
www.dell.com | support.dell.com Figure 11-8. Configure IPv4Flow on the Entire System FTOS(conf)#cam-ipv4flow default FTOS#copy running-config startup-config File with same name already exist.
Table 11-6. Layer 2 ACL CAM Sub-partition Sizes (continued) Partition % Allocated L2PT 13 FRRP 5 You can re-configure the amount of space, in percentage, allocated to each sub-partition. • Apply the Ingress Layer 2 ACL configuration to entire system by entering the command cam-l2acl from CONFIGURATION mode, however, you must save the running-configuration to affect the change.
www.dell.com | support.dell.com Figure 11-9.
Figure 11-10.
www.dell.com | support.dell.com • If the packet has more than 5 MPLS labels, hashing is based on the source and destination MAC address. To enable this type of hashing, use the default CAM profile with the microcode lag-hash-mpls. LAG Hashing based on Bidirectional Flow To hash LAG packets such that both directions of a bidirectional flow (for example, VoIP or P2P file sharing) are mapped to the same output link in the LAG bundle, use the default CAM profile with the microcode lag-hash-align.
QoS CAM Region Limitation The default CAM profile allocates a partition within the IPv4Flow region to store QoS service policies. If the QoS CAM space is exceeded, messages similar to the ones in Message 5 are displayed.
| Content Addressable Memory www.dell.com | support.dell.
12 Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol is available on platforms: ces This chapter contains the following sections: • • • • • • Protocol Overview Implementation Information Configuration Tasks Configure the System to be a DHCP Server Configure the System to be a Relay Agent Configure Secure DHCP Protocol Overview Dynamic Host Configuration Protocol (DHCP) is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to netwo
www.dell.com | support.dell.com DHCP Packet Format and Options DHCP uses UDP as its transport protocol. The server listens on port 67 and transmits to port 68; the client listens on port 68 and transmits to port 67. The configuration parameters are carried as options in the DHCP packet in Type, Length, Value (TLV) format; many options are specified in RFC 2132.
Assign an IP Address using DHCP When a client joins a network: 1. The client initially broadcasts a DHCPDISCOVER message on the subnet to discover available DHCP servers. This message includes the parameters that the client requires and might include suggested values for those parameters. 2. Servers unicast or broadcast a DHCPOFFER message in response to the DHCPDISCOVER that offers to the client values for the requested parameters.
www.dell.com | support.dell.com Implementation Information • • • The Dell Networking implementation of DHCP is based on RFC 2131 and RFC 3046. DHCP is available on VLANs and Private VLANs. IP Source Address Validation is a sub-feature of DHCP Snooping; Dell Networking OS uses ACLs internally to implement this feature and as such, you cannot apply ACLs to an interface which has IP Source Address Validation.
• • • • Configuration Parameter Storage and Management: DHCP servers also store and maintain other parameters that are sent to clients when requested. These parameters specify in detail how a client is to operate. Lease Management: DHCP servers use leases to allocate addresses to clients for a limited time. The DHCP server maintains information about each of the leases, including lease length.
www.dell.com | support.dell.com To create an address pool: Step Task Command Syntax Command Mode 1 Access the DHCP server CLI context. ip dhcp server CONFIGURATION 2 Create an address pool and give it a name. pool name DHCP 3 Specify the range of IP addresses from which the DHCP server may assign addresses. • network is the subnet address. • prefix-length specifies the number of bits used for the network portion of the address you specify.
Enabling DHCP Server DHCP server is disabled by default. Step Task Command Syntax Command Mode 1 Enter the DHCP command-line context. ip dhcp server CONFIGURATION 2 Enable DHCP server. no disable DHCP Default: Disabled 3 Display the current DHCP configuration. show config DHCP In Figure 12-3, an IP phone is powered by PoE and has acquired an IP address from the Dell Networking system, which is advertising LLDP-MED.
www.dell.com | support.dell.com Address Resolution using NetBIOS WINS Windows Internet Naming Service (WINS) is a name resolution service that Microsoft DHCP clients use to correlate host names to IP addresses within a group of networks. Microsoft DHCP clients can be one of four types of NetBIOS nodes: broadcast, peer-to-peer, mixed, or hybrid.
To create a manual binding: Step Task Command Syntax Command Mode 1 Create an address pool pool name DHCP 2 Specify the client IP address. host address DHCP 3 Specify the client hardware address or client-identifier. • hardware-address is the client MAC address. type is the protocol of the hardware platform. The default protocol is Ethernet. client-identifier is required for Microsoft clients instead of a hardware addresses.
www.dell.com | support.dell.com DHCP Clear Commands Task Command Syntax Command Mode Clear DHCP binding entries for the entire binding table. clear ip dhcp binding EXEC Privilege Clear a DHCP binding entry for an individual IP address. clear ip dhcp binding ip address EXEC Privilege Clear a DHCP address conflict. clear ip dhcp conflict EXEC Privilege Clear DHCP server counters.
Figure 12-4. Configure Dell Networking Systems as a DHCP Relay Device DHCP Server 10.11.2.5 Unicast Source IP : 10.11.1.5 Destination IP: 10.11.0.3 Source Port: 67 Destination Port: 68 Unicast Broadcast Source IP : 10.11.1.5 Destination IP: 255.255.255.255 Source Port: 67 Destination Port: 68 DHCP Server 10.11.1.5 1/4 Broadcast Source IP : 0.0.0.0 Destination IP: 255.255.255.255 Source Port: 68 Destination Port: 67 Relay Agent Address: 0.0.0.0 1/3 Unicast Source IP : 10.11.1.3 Destination IP: 10.11.
www.dell.com | support.dell.com • • • DHCP Snooping Dynamic ARP Inspection Source Address Validation Option 82 RFC 3046 (Relay Agent Information option, or Option 82) is used for class-based IP address assignment. The code for the Relay Agent Information option is 82, and is comprised of two sub-options, Circuit ID and Remote ID. • • Circuit ID is the interface on which the client-originated message is received. Remote ID identifies the host from which the message is received.
When DHCP Snooping is enabled, the relay agent builds a binding table—using DHCPACK messages— containing the client MAC address, IP addresses, IP address lease time, port, VLAN ID, and binding type. Every time the relay agent receives a DHCPACK on an trusted port, it adds an entry to the table.
www.dell.com | support.dell.com Step Task Command Syntax Command Mode 2 Specify ports connected to DHCP servers as trusted. ip dhcp snooping trust INTERFACE 3 Enable DHCP Snooping on a VLAN. ip dhcp snooping vlan CONFIGURATION Add a static entry in the binding table Task Command Syntax Command Mode Add a static entry in the binding table.
View the DHCP Snooping statistics with the show ip dhcp snooping command. Figure 12-6. Command example: show ip dhcp snooping FTOS#show ip dhcp snooping IP IP IP IP DHCP DHCP DHCP DHCP Snooping Snooping Mac Verification Relay Information-option Relay Trust Downstream : : : : Enabled. Disabled. Disabled. Disabled.
www.dell.com | support.dell.com View the number of entries in the table with the show ip dhcp snooping binding command. This output displays the snooping binding table created using the ACK packets from the trusted port. Figure 12-7. Command example: show ip dhcp snooping binding FTOS#show ip dhcp snooping binding Codes : S - Static D - Dynamic IP Address MAC Address Expires(Sec) Type VLAN Interface ======================================================================== 10.1.1.
• denial of service—an attacker can send a fraudulent ARP messages to a client to associate a false MAC address with the gateway address, which would blackhole all internet-bound packets from the client. Note: DAI uses entries in the L2SysFlow CAM region, a sub-region of SystemFlow. One CAM entry is required for every DAI-enabled VLAN, and you can enable DAI on up to 16 VLANs on a system. However, the ExaScale default CAM profile allocates only 9 entries to the L2SysFlow region for DAI.
www.dell.com | support.dell.com Use show arp inspection statistics command to see how many valid and invalid ARP packets have been processed. Figure 12-9.
IP Source Address Validation IP Source Address Validation (SAV) prevents IP spoofing by forwarding only IP packets that have been validated against the DHCP binding table. A spoofed IP packet is one in which the IP source address is strategically chosen to disguise the attacker. For example, using ARP spoofing an attacker can assume a legitimate client’s identity and receive traffic addressed to it. Then the attacker can spoof the client’s IP address to interact with other clients.
www.dell.com | support.dell.com 324 Step Task Command Syntax Command Mode 3 Reload the system. reload EXEC Privilege 4 Enable IP+MAC Source Address Validation. ip dhcp source-address-validation ipmac INTERFACE Dell Networking OS creates an ACL entry for each IP+MAC address pair in the binding table and applies it to the interface. | Task Command Syntax Command Mode Display the IP+MAC ACL for an interface for for the entire system.
13 Equal Cost Multi-Path This chapter describes how to configure: • • ECMP for Flow-based Affinity (E-Series), including the configurable hash algorithm Configurable ECMP Hash Algorithm (C- and S-Series) ECMP for Flow-based Affinity (E-Series) ECMP for Flow-based Affinity (E-Series) is available on platform: e The hashing algorithm on E-Series TeraScale and E-Series ExaScale are different: • • On ExaScale, the hashing algorithm is based on CRC, checksum, or XOR.
www.dell.com | support.dell.com Dell Networking OS Behavior: In Dell Networking OS versions prior to 8.2.1.2, the ExaScale default hash-algorithm is 0. Beginning with version 8.2.1.2, the default hash-algorithm is 24. For information on the load-balancing criteria used by the hash algorithm to distribute traffic among ECMP paths and LAG members on an E-Series system, see E-Series load-balancing.
Task Specify the hash algorithm seed. Command Syntax Command Mode hash-algorithm seed value [linecard number] CONFIGURATION [port-set number] Range: 0 - 4095 In Figure 13-1, Core Router 1 is an E-Series TeraScale and Core Router 2 is an E-Series ExaScale. They have similar configurations and have routes for prefix P with two possible next-hops.
www.dell.com | support.dell.com Configurable ECMP Hash Algorithm (C- and S-Series) Configurable ECMP Hash Algorithm (C- and S-Series) is available on platforms: cs On C-Series and S-Series, the hash-algorithm command is specific to ECMP groups and has a different default from the E-Series (see Configurable Hash Algorithm (E-Series)). The default ECMP hash configuration is crc-lower, which takes the lower 32 bits of the hash key to compute the egress port.
14 Force10 Resilient Ring Protocol Force10 Resilient Ring Protocol is supported on platforms ce s The E-Series ExaScale platform is supported with Dell Networking OS 8.1.1.0 and later. Force10 Resilient Ring Protocol (FRRP) provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a Metropolitan Area Network (MAN) or large campuses.
www.dell.com | support.dell.com Each Transit node is also configured with a Primary port and a Secondary port on the ring, but the port distinction is ignored as long as the node is configured as a Transit node. If the ring is complete, the Master node logically blocks all data traffic in the transmit and receive directions on the Secondary port to prevent a loop.
If the Master node does not receive the Ring Health Frame (RHF) before the fail-period timer expires (a configurable timer), the Master node moves from the Normal state to the Ring-Fault state and unblocks its Secondary port. The Master node also clears its forwarding table and sends a control frame to all other nodes, instructing them to also clear their forwarding tables. Immediately after clearing its forwarding table, each node starts learning the new topology.
www.dell.com | support.dell.com In the example shown in Figure 14-2, FRRP 101 is a ring with its own Control VLAN, and FRRP 202 has its own Control VLAN running on another ring. A Member VLAN that spans both rings is added as a Member VLAN to both FRRP groups. Switch R3 has two instances of FRRP running on it: one for each ring. The example topology that follows shows R3 assuming the role of a Transit node for both FRRP 101 and FRRP 202. Figure 14-2.
• • • • • • • • • • Ring Status Check Frames are transmitted by the Master Node at specified intervals. Multiple physical rings can be run on the same switch. One Master node is supported per ring. All other nodes are Transit nodes. Each node has 2 member interfaces: Primary and Secondary. There is no limit to the number of nodes on a ring. The Master node ring port states are: blocking, pre-forwarding, forwarding, and disabled.
www.dell.com | support.dell.com Table 14-1. FRRP Components Concept Explanation Ring Interface State Each interface (port) that is part of the ring maintains one of four states • • • • Blocking State: Accepts ring protocol packets but blocks data packets. LLDP, FEFD, or other Layer 2 control packets are accepted. Only the master node Secondary port can enter this state. Pre-Forwarding State: A transition state before moving to the Forward state.
• • • The Control VLAN is used to carry any data traffic; it carries only RHFs. The Control VLAN cannot have members that are not ring ports. If multiple rings share one or more member VLANs, they cannot share any links between them. • Member VLANs across multiple rings are not supported in Master nodes. • Each ring has only one Master node; all others are transit nodes. FRRP Configuration These are the tasks to configure FRRP.
www.dell.com | support.dell.com 336 • • • • • • • All VLANS must be in Layer 2 mode. Only ring nodes can be added to the VLAN. A Control VLAN can belong to one FRRP group only. Control VLAN ports must be tagged. All ports on the ring must use the same VLAN ID for the Control VLAN. A VLAN cannot be configured as both a Control VLAN and Member VLAN on the same ring. Only two interfaces can be members of a Control VLAN (the Master Primary and Secondary ports).
Step Command Syntax Command Mode Purpose 5 member-vlan vlan-id {range} CONFIG-FRRP Identify the Member VLANs for this FRRP group VLAN-ID, Range: VLAN IDs for the ring’s Member VLANS. 6 no disable CONFIG-FRRP Enable FRRP Configuring and add the Member VLANs Control and Member VLANS are configured normally for Layer 2. Their status as Control or Member is determined at the FRRP group commands. For complete information about configuring VLANS in Layer 2 mode, see Chapter 24, Layer 2.
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 3 interface primary int slot/port secondary int slot/port control-vlan vlan id CONFIG-FRRP Assign the Primary and Secondary ports, and the Control VLAN for the ports on the ring. Interface: • For a 10/100/1000 Ethernet interface, enter the keyword keyword GigabitEthernet followed by the slot/port information.
Command Syntax Command Mode Purpose clear frrp EXEC PRIVELEGED Clear the counters associated with all FRRP groups Show FRRP configuration Use the following command to view the configuration for the FRRP group. Command Syntax Command Mode Purpose show configuration CONFIG-FRRP Show the configuration for this FRRP group Show FRRP information Use one of the following commands show general FRRP information.
www.dell.com | support.dell.com Figure 14-3 is an example of a basic FRRP topology. Below the figure are the associated CLI commands. Figure 14-3.
15 Force10 Service Agent Force10 Service Agent is supported on platforms: ce FTSA is supported on the E-Series ExaScale platform with Dell Networking OS 8.2.1.0 and later. Accurate and timely resolution of problems in your system or network requires gathering relevant data at the time a condition manifests, and getting that information to administrators as soon as possible.
www.dell.com | support.dell.com Configure Force10 Service Agent The minimal FTSA configuration is four steps: 1. Enable Force10 Service Agent. 2. Specify an SMTP Server for FTSA. 3. Providing an Administrator E-mail Address. 4. Enable the FTSA Messaging Service or: • • Configure a non-default recipient. See Add Additional Recipients of FTSA E-mails. Enable the FTSA Messaging Service.
Figure 15-1. Display the Default FTSA Configuration FTOS(conf-callhome)#show config ! call-home no enable-all server Force10 recipient ftsa@force10networks.com keyadd Force10DefaultPublicKey encrypt no enable Specify an SMTP Server for FTSA To specify the SMTP server that will receive and forward the E-mail messages generated by FTSA: Task Command Syntax Command Mode Specify an SMTP server in the form smtp.domain-name.com.
www.dell.com | support.dell.com FTSA Messaging Service The purpose of FTSA is to automatically send information about the switch to the network administrators or Dell Networking TAC, so that when there is a network problem, the relevant information is collected at the time the problem manifests.
You must still explicitly enable messaging for each recipient, including the default recipient. Each recipient has a (user-configurable) mnemonic label. Dell Networking OS creates a CLI context based on this label from which you can enable messaging and modify the E-mail parameters for the recipient. You can enter the context for a recipient by entering the command server label from the CALLHOME context. For example, the default label is Force10.
www.dell.com | support.dell.com To add a recipient, you first create a mnemonic label for it. Dell Networking OS uses this label to create an Dell Networking OS context in which you can configure the E-mail parameters for the recipient. For example, the default recipient is Dell Networking TAC and the label for this recipient is Force10.
Per-recipient, you have a choice of sending FTSA E-mails in clear text or with PGP5 encryption. Messages to the default recipient are configured for encryption using a public encryption key, as shown in Figure 15-2. Step Task Command Command Mode 1 Copy the encryption key file to the internal flash. The key Force10DefaultPublicKey for the default recipient is packed with Dell Networking OS, so enable encryption for it, proceed to Step 3.
www.dell.com | support.dell.com Set the Frequency of FTSA Type 3 Messages When messaging is enabled, FTSA sends an E-mail every 24 hours containing inventory information to all recipients. There is no facility for setting the frequency for individual recipients. Task Command Command Mode Set the frequency at which FTSA generates inventory E-mails.
Task Command Command Mode All E-mails are generated in XML format by default. For Type 5 messages only, you may generate E-mails in clear text format. The configuration is per action list. message-format {xml | text} CALLHOME ACTIONLIST Dell Networking OS Behavior: Dell Networking OS versions prior to 8.2.1.0 diverted Type 5 messages to the internal flash root directory when you enter the command log-only. Beginning in version 8.2.1.
www.dell.com | support.dell.com Figure 15-5. FTSA Type 2 Message Type - 2 0036232 Force10 0 FTSA periodically generates Type 3 messages, which contain the output of the command show inventory. Figure 15-6.
Figure 15-7. FTSA Type 4 Messages ---------------------------------Message Body----------------------------------------- Type - 4 0036232 Force10 0 ---------------------------------Message Attachment-----------------------------------Chassis Type : E300 Chassis Mode : TeraScale Software Version : 7.8.1.
www.dell.com | support.dell.com 2. Create the list of actions that FTSA should take if any of the conditions exist. See Create a Policy Action List. 3. Create a policy and assign a test list and action list. See Creating a Policy and Assign a Test and Action List. 4. Set optional policy parameters. See Additional Policy Configurations Figure 15-8.
Table 15-1.
www.dell.com | support.dell.com Table 15-2. Custom Policy Test Conditions Condition Keyword Description OID Memory Usage memory-free Per-CPU free memory in Megabytes. chSysProcessorMemSize * (1 chRpmMemUsageUtil) memory-free-percent Per-CPU total free memory in percent. 1 - chRpmMemUsageUtil memory-used Per-CPU total memory usage in Megabytes. chSysProcessorMemSize * chRpmMemUsageUtil memory-used-percent Per-CPU total memory usage in percent.
• • • • increase—If the difference between successive samples, calculated by subtracting the first value from the last, is greater than or equal to the previously sampled value, then the action list is executed. less-than—If the value of the probed system variable is less than the specified value, then the action list is executed. not-equal-to—If the value of the probed system variable is not the same as the specified value, then the action list is executed.
www.dell.com | support.dell.com 356 Add actions to a policy action list Once you create a policy action list, Dell Networking OS enters the CALLHOME ACTIONLIST context. The list you created is initially empty. You may choose one of three pre-defined action lists and add an unlimited number of custom actions. Table 15-3.
To add a pre-defined list of actions to your policy action list: Task Command Command Mode Add a pre-defined list of actions to your policy action list. default-action [exception | hardware | software] CALLHOME ACTIONLIST You may add an unlimited number of three types of custom actions: Task Command Command Mode Execute a recovery action when FTSA reaches the test-limit. You may reload the chassis or reset an RPM or linecard.
www.dell.com | support.dell.com Additional Policy Configurations Task Command Command Mode Associate a Dell Networking TAC case number with the policy. Configure a case number only if you already have a case open with Dell Networking for the policy. This case number is included in action-list messages sent to Dell Networking. case-number number CALLHOME POLICY Delay the subsequent execution of the test list after a match occurs.
Figure 15-9. Configure an FTSA Policy for a Linecard Down call-home admin-email pubsadmin@training10.com smtp server-address 192.168.1.1 no enable-all server Force10 recipient pubslab@training10.
www.dell.com | support.dell.com Figure 15-11. FTSA Type 5 Message for a Linecard Down Policy ---------------------------------Message Body----------------------------------------- Type - 5
Figure 15-12. FTSA Type 5 Message for a Linecard Down Policy (continued) - show logging driverlog linecard 1 23:19:46.191 UTC Wed Feb 25 2009 show logging driverlog linecard 1 [output omitted]
- show logging driverlog linecard 4 23:19:46.
www.dell.com | support.dell.com Figure 15-13. 362 FTSA Type 5 Message for a Linecard Down Policy (continued) - remote-exec cp dhsTestCp 23:19:54.597 UTC Wed Feb 25 2009 remote-exec cp dhsTestCp [output omitted]
- remote-exec cp dhsTestCp 23:20:00.
Figure 15-14. FTSA Type 5 Message for a BGP Peer Down Policy ---------------------------------Message Body----------------------------------------- Type - 5
www.dell.com | support.dell.com Figure 15-15. Configure an FTSA Policy for an Excessive CRC-error Condition call-home admin-email pubsadmin@training10.com smtp server-address 192.168.1.1 no enable-all server Force10 recipient pubslab@training10.
Figure 15-17. FTSA Type 5 Message for an Excessive CRC-error Condition ---------------------------------Message Body----------------------------------------- Type - 5
www.dell.com | support.dell.com Figure 15-18. 366 Call-home Debug All during Type 5 Message Generation #02:13:49 : CALL-HOME: Sending the following email 02:13:49 : From: pubsadmin@training10.com To: pubslab@training10.com Subject: Type - 5 Attachment: ramdisk:/crcerror-21_10_04.685.txt 02:13:49 : Message: Type - 5
16 GARP VLAN Registration Protocol GARP VLAN Registration Protocol is supported on platform ces GVRP is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0 and later. Protocol Overview Typical VLAN implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GARP VLAN Registration Protocol (GVRP), defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches.
www.dell.com | support.dell.com Figure 16-1. GVRP Compatibility Error Message FTOS(conf)#protocol spanning-tree pvst FTOS(conf-pvst)#no disable % Error: GVRP running. Cannot enable PVST. ......... FTOS(conf)#protocol spanning-tree mstp FTOS(conf-mstp)#no disable % Error: GVRP running. Cannot enable MSTP. ......... FTOS(conf)#protocol gvrp FTOS(conf-gvrp)#no disable % Error: PVST running. Cannot enable GVRP. % Error: MSTP running. Cannot enable GVRP.
Figure 16-2. GVRP Configuration Overview GVRP is configured globally and on all VLAN trunk ports for the edge and core switches. Edge Switches Edge Switches Core Switches VLANs 70-80 VLANs 10-20 VLANs 10-20 VLANs 30-50 VLANs 70-80 VLANs 30-50 NOTES: VLAN 1 mode is always fixed and cannot be configured All VLAN trunk ports must be configured for GVRP All VLAN trunk ports must be configured as 802.1Q Basic GVRP configuration is a 2-step process: 1. Enable GVRP globally. See page 370. 2.
www.dell.com | support.dell.com Figure 16-3. Enabling GVRP Globally FTOS(conf)#protocol gvrp FTOS(config-gvrp)#no disable FTOS(config-gvrp)#show config ! protocol gvrp no disable FTOS(config-gvrp)# Enabling GVRP on a Layer 2 Interface Enable GVRP on a Layer 2 interface using the command gvrp enable in INTERFACE mode, as shown in Figure 16-4.
Based on the configuration in the example shown in Figure 16-5, the interface 1/21 will not be removed from VLAN 34 or VLAN 35 despite receiving a GVRP Leave message. Additionally, the interface will not be dynamically added to VLAN 45 or VLAN 46, even if a GVRP Join message is received. Figure 16-5.
www.dell.com | support.dell.com 372 Dell Networking OS displays Message 1 if an attempt is made to configure an invalid GARP timer. Message 1 GARP Timer Error FTOS(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer.
17 High Availability High Availability is supported on platforms: ces High availability is a collection of features that preserves system continuity by maximizing uptime and minimizing packet loss during system disruptions. To support all the features within the HA collection, you should have the latest boot code. The following table lists the boot code requirements as of this Dell Networking OS release. Component Boot Code E-Series TeraScale RPM 2.4.2.1 E-Series TeraScale Line Card 2.3.2.
www.dell.com | support.dell.com Component Redundancy Dell Networking systems eliminates single points of failure by providing dedicated or load-balanced redundancy for each component. RPM Redundancy The current version of Dell Networking OS supports 1+1 hitless Route Processor Module (RPM) redundancy. The primary RPM performs all routing, switching, and control operations while the standby RPM monitors the primary RPM.
Boot the chassis with dual RPMs When you boot the system with two RPMs installed, the RPM in slot R0 is the primary RPM by default. Both RPMs should be running the same version of Dell Networking OS. You can configure either RPM to be the primary upon the next chassis reboot using the command redundancy primary from CONFIGURATION mode. Version compatibility between RPMs In general, the two RPMs should have the same Dell Networking OS version.
www.dell.com | support.dell.com Message 3 Boot Failure on Standby RPM System failed to boot up. Please reboot the chassis !!! 00:12:46: %RPM1-U:CP %TME-0-RPM BRINGUP FAIL: FTOS failed to bring up the system Communication between RPMs is not up, check the software version and reboot chassis. FTOS(standby)(bootfail)# Automatic and manual RPM failover RPM failover is the process of the standby RPM becoming the primary RPM. Dell Networking OS fails over to the standby RPM when: 1.
Figure 17-1. Viewing RPM Redundancy Status FTOS#show redundancy -- RPM Status ------------------------------------------------RPM Slot ID: 0 RPM Redundancy Role: Primary RPM State: Active RPM SW Version: 7.6.1.0 Link to Peer: Up -- PEER RPM Status ------------------------------------------------RPM State: Standby RPM SW Version: 7.6.1.
www.dell.com | support.dell.com Communication between RPMs E-Series RPMs have three CPUs: Control Processor (CP), Routing Processor 1 (RP1), and Routing Processor 2 (RP2). The CPUs use Fast Ethernet connections to communicate to each other and to the line card CPUs (LP) using Inter-Processor Communication (IPC). The CP monitors the health status of the other processors by sending a heartbeat message.
Table 17-2. Failover Behaviors Platform Failover Trigger Failover Behavior ce CP IRC timeout for a non-task crash reason on the primary RPM The standby RPM detects IRC time out and initiates failover. Dell Networking OS saves a CP trace log, the CP IPC-related system status, and a CP application core dump. Then the failed RPM reboots itself. e RP task or kernel crash on the primary RPM CP on the primary RPM detects the RP IPC timeout and notifies the standby RPM.
www.dell.com | support.dell.com Support for RPM redundancy by Dell Networking OS version Dell Networking OS supports increasing levels of RPM redundancy (warm and hot) as described in Table 17-3. Table 17-3. Support for RPM Redundancy by Dell Networking OS Version Failover Type Failover Behavior Platform Warm Failover The new primary RPM remains online, while the failed RPM, all line cards, and all SFMs reboot. ce Hot Failover Only the failed RPM reboots. All line cards and SFMs remain online.
Figure 17-2. Selecting a Primary RPM FTOS#show running-config redundancy ! redundancy auto-failover-limit count 3 period 60 redundancy auto-synchronize full redundancy primary rpm0 FTOS# Force an RPM failover Trigger an RPM failover between RPMs using the command redundancy force-failover rpm from EXEC Privilege mode. Use this feature when: • • you are replacing an RPM, and you are performing a warm upgrade Figure 17-3.
www.dell.com | support.dell.com Switch Fabric Module redundancy 382 Switch Fabric Module Redundancy is supported on platform: c Since the RPM on the C-Series also contains the switch fabric, even though the second RPM comes online as the standby, the switch fabric is active and is automatically available for routing. Change this behavior using the command redundancy sfm standby from CONFIGURATION mode. To bring the secondary SFM online, enter no redundancy sfm standby.
Online Insertion and Removal You can add, replace, or remove chassis components while the chassis is operating. This section contains the following sub-sections: • • RPM Online Insertion and Removal Line Card Online Insertion and Removal RPM Online Insertion and Removal Dell Networking systems are functional with only one RPM. If a second RPM is inserted, it comes online as the standby RPM, as shown in Figure 17-4.
www.dell.com | support.dell.com Figure 17-5.
Replace a line card If you are replacing a line card with a line card of the same type, you may replace the card without any additional configuration. If you are replacing a line card with a line card of a different type, remove the card and then remove the existing line card configuration using the command no linecard. If you do not, Dell Networking OS reports a card mismatch (Message 6) when you insert the new card, and the installed line card has a card mismatch status.
www.dell.com | support.dell.com Hitless behavior is defined in the context of an RPM failover only and does not include line card, SFM, and power module failures. • • On the E-Series: Failovers triggered by software exception, hardware exception, forced failover via the CLI, and manual removal of the primary RPM are all hitless. On the C-Series: Only failovers via the CLI are hitless. The system is not hitless in any other scenario.
Runtime System Health Check Runtime System Health Check is supported on platform: e Dell Networking OS runs a system health check to detect data transfer errors within the system. Dell Networking OS performs the check during normal operation by interspersing among, test frames among the data frames that carry user and system data. One such check is a data plane loopback test.
www.dell.com | support.dell.com Software Component Health Monitoring On each of the line cards and the RPM, there are a number of software components. Dell Networking OS performs a periodic health check on each of these components by querying the status of a flag, which the corresponding component resets within a specified time. If any health checks on the RPM fail, then the Dell Networking OS fails over to standby RPM.
• • The kernel is the central component of an operating system that manages system processors and memory allocation and makes these facilities available to applications. A kernel core dump is the contents of the memory in use by the kernel at the time of an exception. An application core dump is the contents of the memory allocated to a failed application at the time of an exception. System Log Event messages provide system administrators diagnostics and auditing information.
www.dell.com | support.dell.com Table 17-4 show the warm upgrade and downtime impact, if any, which each step. Table 17-4. Control Plane and Data Plane Status during Warm Upgrade Download 6.3.1.1 to Reboot RPM1 to RPMs Upgrade Initiate Warm Failover Reboot RPM0 to Upgrade RPM 0 7.6.1.0 Primary 7.6.1.0 Primary 7.6.1.0 Secondary 7.7.1.0 Secondary RPM 1 7.6.1.0 Secondary 7.7.1.0 Secondary 7.7.1.0 Primary 7.7.1.0 Primary Line Cards 7.6.1.0 7.6.1.0 7.7.1.0 7.7.1.
Figure 17-8. Determining your System Pre-requisites for Cache Boot FTOS#show rpm -- RPM card 0 -Status : active Next Boot : online Card Type : RPM - Route Processor Module (LC-EF3-RPM) Hardware Rev : 2.2i Hardware Revision 2.1 or later Num Ports : 1 Up Time : 1 day, 4 hr, 25 min Last Restart : reset by user FTOS Version : 4.7.5.427 Jumbo Capable : yes Specified boot code version CP Boot Flash : A: 2.4.1.1 [booted] B: 2.4.1.1 RP1 Boot Flash: A: 2.4.1.1 B: 2.4.1.1 [booted] RP2 Boot Flash: A: 2.4.1.1 B: 2.4.
www.dell.com | support.dell.com Select the Cache Boot Image Select the Dell Networking OS image that you want to cache using the command upgrade system-image, as shown in Figure 17-9. Dell Networking recommends using the keyword all with this command to avoid any mis-matched configurations. Note: The cache boot feature is not enabled by default; you must copy the running configuration to the startup configuration (copy running-config startup-config) after selecting a cache boot image in order to enable it.
Figure 17-10. Viewing the Cache Boot Configuration FTOS#show boot system all Current system image information in the system: ============================================= Type Boot Type A B ---------------------------------------------------------------CP DOWNLOAD BOOT 4.7.5.427 invalid RP1 DOWNLOAD BOOT 4.7.5.427 invalid RP2 DOWNLOAD BOOT 4.7.5.427 invalid linecard 0 DOWNLOAD BOOT 4.7.5.427 invalid linecard 1 is not present. linecard 2 is not present. linecard 3 is not present.
www.dell.com | support.dell.com In-Service Modular Hot-Fixes In-Service Modular Hot-Fixes are supported on platforms: e In-Service Modular Hot-Fixes provides a tool whereby you can install a patch while the system is on-line and running. This feature allows a patch to be added to a running Dell Networking OS process to obtain debugging information or to resolve a software issue in a deployed system. There is no need to reload or reboot the system when the patch is inserted.
Note: The show patch command can be used on both the primary and secondary RPMs, as shown here: FTOS(standby)#show patch Patch version Module E.1.1.bgp.1.0 bgp E.2.1.l2mgr.1.
www.dell.com | support.dell.com • Telnet/SSH—Each SSH and Telnet session is an individual process. If a Telnet or SSH software exception occurs, only your session is cleared, and you must log in again; no other sessions are affected. This behavior is an exception among the other restartable processes in that Telnet and SSH are not literally restarted.
When a system exceeds the configured restart threshold, Dell Networking OS displays Message 10.
| High Availability www.dell.com | support.dell.
18 Internet Group Management Protocol Table 18-1. Dell Networking OS Support for IGMP and IGMP Snooping Feature Platform IGMP version 1, 2, and 3 ces IGMP Snooping version 1, 2, and 3 ces Note: When both E-Series TeraScale and ExaScale are supported, only the e symbol is shown. If a feature is supported by one or the other chassis, the specific symbols are shown: e t for E-Series TeraScale or ex for E-Series ExaScale.
www.dell.com | support.dell.com IGMP Protocol Overview IGMP has three versions. Version 3 obsoletes and is backwards-compatible with version 2; version 2 obsoletes version 1. IGMP version 2 IGMP version 2 improves upon version 1 by specifying IGMP Leave messages, which allows hosts to notify routers that they no longer care about traffic for a particular group.
Response Timers for how the delay timer mechanism works). 3. The querier receives the report for a group and adds the group to the list of multicast groups associated with its outgoing port to the subnet. Multicast traffic for the group is then forwarded to that subnet. Sending an Unsolicited IGMP Report A host does not have to wait for a general query to join a group. It may send an unsolicited IGMP Membership Report, also called an IGMP Join message, to the querier. Leaving a Multicast Group 1.
www.dell.com | support.dell.com Figure 18-2. IGMP version 3 Membership Query Packet Format Max.
Figure 18-4. IGMP Membership Reports: Joining and Filtering Membership Reports: Joining and Filtering 3 Interface Multicast Group Filter Source Source Address Timer Mode Timer 1/1 224.1.1.1 GMI Exclude None 1/1 224.1.1.1 Include 10.11.1.1 GMI 1/1 224.1.1.1 Include 10.11.1.1 GMI IGMP Group-and-Source Specific Query Non-Querier Querier Type: 0x11 Group Address: 244.1.1.1 Number of Sources: 1 Source Address: 10.11.1.1 1/1 10.11.1.
www.dell.com | support.dell.com Figure 18-5. IGMP Membership Queries: Leaving and Staying in Groups Membership Queries: Leaving and Staying Non-Querier Querier Interface Multicast Group Filter Source Source Address Timer Mode Timer 1/1 224.1.1.1 Include 10.11.1.1 LQMT 10.11.1.2 LQMT Non-querier builds identical table and waits Other Querier Present Interval to assume Querier role 1/1 2/1 224.2.2.2 GMI Exclude None IGMP Group-and-Source Specific Query Type: 0x11 Group Address: 224.1.1.
Figure 18-6. Viewing IGMP-enabled Interfaces FTOS#show ip igmp interface gig 7/16 GigabitEthernet 7/16 is up, line protocol is up Internet address is 10.87.3.2/24 IGMP is enabled on interface IGMP query interval is 60 seconds IGMP querier timeout is 300 seconds IGMP max query response time is 10 seconds Last member query response interval is 199 ms IGMP activity: 0 joins, 0 leaves IGMP querying router is 10.87.3.
www.dell.com | support.dell.com Figure 18-8. Viewing Static and Learned IGMP Groups FTOS(conf-if-gi-1/0)#do sho ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Uptime 224.1.1.1 GigabitEthernet 1/0 00:00:03 224.1.2.1 GigabitEthernet 1/0 00:56:55 Expires Never 00:01:22 Last Reporter CLI 1.1.1.2 Adjusting Timers View the current value of all IGMP timers using the command show ip igmp interface from EXEC Privilege mode, as shown in Figure 18-6.
2. When a router receives a query it compares the IP address of the interface on which it was received with the source IP address given in the query. If the receiving router IP address is greater than the source address given in the query, the router stops sending queries. By this method, the router with the lowest IP address on the subnet is elected querier and continues to send queries. 3.
www.dell.com | support.dell.com IGMP Snooping Multicast packets are addressed with multicast MAC addresses, which represent a group of devices, rather than one unique device. Switches forward multicast frames out of all ports in a VLAN by default, even though there may be only some interested hosts, which is a waste of bandwidth.
Enabling IGMP Immediate-leave Configure the switch to remove a group-port association upon receiving an IGMP Leave message using the command ip igmp fast-leave from INTERFACE VLAN mode. View the configuration using the command show config from INTERFACE VLAN mode, as shown in Figure 18-10. Figure 18-10.
www.dell.com | support.dell.com • • • IGMP snooping Querier does not start if there is a statically configured multicast router interface in the VLAN. The switch may lose the querier election if it does not have the lowest IP address of all potential queriers on the subnet. When enabled, IGMP snooping Querier starts after one query interval in case no IGMP general query (with IP SA lower than its VLAN IP address) is received on any of its VLAN members.
19 Interfaces This chapter describes interface types, both physical and logical, and how to configure them with Dell Networking OS. 10/100/1000 Mbps Ethernet, Gigabit Ethernet, and 10 Gigabit Ethernet interfaces are supported on platforms ces SONET interfaces are only supported on platform e and are covered in the SONET/SDH chapter.
www.dell.com | support.dell.
Figure 19-1. show interfaces Command Example FTOS#show interfaces tengigabitethernet 1/0 TenGigabitEthernet 1/0 is up, line protocol is up Hardware is Force10Eth, address is 00:01:e8:05:f3:6a Current address is 00:01:e8:05:f3:6a Pluggable media present, XFP type is 10GBASE-LR. Medium is MultiRate, Wavelength is 1310nm XFP receive power reading is -3.7685 Interface index is 67436603 Internet address is 65.113.24.
www.dell.com | support.dell.com Figure 19-3. Interfaces listed in the show running-config Command (Partial) FTOS#show running Current Configuration ...
To confirm that the interface is enabled, use the show config command in the INTERFACE mode. To leave the INTERFACE mode, use the exit command or end command. The user can not delete a physical interface. Physical Interfaces The Management Ethernet interface, is a single RJ-45 Fast Ethernet port on the Route Processor Module (RPM) of the C-Series and E-Series, and provides dedicated management access to the system.
www.dell.com | support.dell.com Overview of Layer Modes On all systems running Dell Networking OS, you can place physical interfaces, port channels, and VLANs in Layer 2 mode or Layer 3 mode. By default, VLANs are in Layer 2 mode. Table 19-1.
For information on enabling and configuring Spanning Tree Protocol, see Chapter 24, Layer 2. To view the interfaces in Layer 2 mode, use the command show interfaces switchport in the EXEC mode. Configure Layer 3 (Network) Mode When you assign an IP address to a physical interface, you place it in Layer 3 mode. Use the ip address command and no shutdown command in INTERFACE mode to enable Layer 3 mode on an individual interface.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose ip address ip-address mask [secondary] INTERFACE Configure a primary IP address and mask on the interface. The ip-address must be in dotted-decimal format (A.B.C.D) and the mask must be in slash format (/xx). Add the keyword secondary if the IP address is the interface’s backup IP address. You can only configure one (1) primary IP address per interface. You can configure up to 255 secondary IP addresses on a single interface.
Management Interfaces Configure Management Interfaces on the E-Series and C-Series On the E-Series and C-Series, the dedicated Management interface is located on the RPM and provides management access to the system. You can configure this interface with Dell Networking OS, but the configuration options on this interface are limited. Gateway addresses and IP addresses cannot be configured if it appears in the main routing table of Dell Networking OS. In addition, Proxy ARP is not supported on this interface.
www.dell.com | support.dell.com Important Things to Remember — virtual-ip • • • • • • virtual-ip is a CONFIGURATION mode command. You may enter an IPv4 or IPv6 address. When applied, the management port on the primary RPM assumes the virtual IP address.
Displaying Information on a Management Interface To view information about the primary RPM management port, use the show interface Managementethernet command in EXEC or EXEC Privilege mode. If there are two RPMs on the system, you cannot view information on the interface. Figure 19-9.
www.dell.com | support.dell.com VLAN Interfaces VLANs are logical interfaces and are, by default, in Layer 2 mode. Physical interfaces and port channels can be members of VLANs. For more information on VLANs and Layer 2, refer to Chapter 24, Layer 2. See also VLAN Stacking. Note: To monitor VLAN interfaces, use the Management Information Base for Network Management of TCP/IP-based internets: MIB-II (RFC 1213). Monitoring VLAN interfaces via SNMP is supported only on E-Series.
Loopback Interfaces A Loopback interface is a virtual interface in which the software emulates an interface. Packets routed to it are processed locally. Since this interface is not a physical interface, you can configure routing protocols on this interface to provide protocol stability. You can place Loopback interfaces in default Layer 3 mode.
www.dell.com | support.dell.com Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad. This section covers the following topics: • • • • Port channel definition and standards Port channel benefits Port channel implementation Configuration task list for port channel interfaces Port channel definition and standards Link aggregation is defined by IEEE 802.
• Dynamic—Port channels that are dynamically configured using Link Aggregation Control Protocol (LACP). For details, see Chapter 23, Link Aggregation Control Protocol. Table 19-2. Number of Port-channels per Platform Platform Port-channels Members/Channel E-Series 255 16 C-Series 128 8 S-Series: S50 and S25 52 8 S-Series: S55, S60 and S4810 128 8 Table 19-3. Maximum number of configurable Port-channels Platform Port-channels E-Series ExaScale 512 Members/Channel 64 Table 19-4.
www.dell.com | support.dell.com The common speed is determined when the port channel is first enabled. At that time, the software checks the first interface listed in the port channel configuration. If that interface is enabled, its speed configuration becomes the common speed of the port channel. If the other interfaces configured in that port channel are configured with a different speed, Dell Networking OS disables them.
The port channel is now enabled and you can place the port channel in Layer 2 or Layer 3 mode. Use the switchport command to place the port channel in Layer 2 mode or configure an IP address to place the port channel in Layer 3 mode. You can configure a port channel as you would a physical interface by enabling or configuring protocols or assigning access control lists.
www.dell.com | support.dell.com Figure 19-13. show interfaces port-channel brief Command Example FTOS#show int port brief LAG Mode 1 L2L3 Status up Uptime 00:06:03 2 up 00:06:03 L2L3 Ports Gi 13/6 Gi 13/12 Gi 13/7 Gi 13/8 Gi 13/13 Gi 13/14 (Up) * (Up) (Up) * (Up) (Up) (Up) FTOS# Figure 19-14 displays the port channel’s mode (L2 for Layer 2 and L3 for Layer 3 and L2L3 for a Layer 2 port channel assigned to a routed VLAN), the status, and the number of interfaces belonging to the port channel.
Figure 19-15. Error Message FTOS(conf-if-portch)#show config ! interface Port-channel 5 no ip address switchport channel-member GigabitEthernet 1/6 FTOS(conf-if-portch)#int gi 1/6 FTOS(conf-if)#ip address 10.56.4.4 /24 % Error: Port is part of a LAG Gi 1/6. FTOS(conf-if)# Error message Reassign an interface to a new port channel An interface can be a member of only one port channel.
www.dell.com | support.dell.com Figure 19-16.
To add a port channel to a VLAN, use either of the following commands: Command Syntax Command Mode Purpose tagged port-channel id number INTERFACE VLAN Add the port channel to the VLAN as a tagged interface. An interface with tagging enabled can belong to multiple VLANs. untagged port-channel id number INTERFACE VLAN Add the port channel to the VLAN as an untagged interface. An interface without tagging enabled can belong to only one VLAN.
www.dell.com | support.dell.com Load balancing through port channels Dell Networking OS uses hash algorithms for distributing traffic evenly over channel members in a port channel (LAG). The hash algorithm distributes traffic among ECMP paths and LAG members. The distribution is based on a flow, except for packet-based hashing. A flow is identified by the hash and is assigned to one link. In packet-based hashing, a single flow can be distributed on the LAG and uses one link.
On the E-Series, to change the 5-tuple default to 3-tuple, MAC, or packet-based, use the following command in CONFIGURATION mode: Command Syntax Command Mode Purpose [no] load-balance [ip-selection {3-tuple | packet-based}] [mac] CONFIGURATION To designate a method to balance traffic over a port channel. By default, IP 5-tuple is used to distribute traffic over members port channel. ip-selection 3-tuple—Distribute IP traffic based on IP source address, IP destination address, and IP protocol type.
www.dell.com | support.dell.com IPv4, IPv6, and non-IP traffic handling on the E-Series The table below presents the combinations of the load-balance command and their effect on traffic types. Table 19-7.
Hash algorithm The load-balance command discussed above selects the hash criteria applied to port channels. If even distribution is not obtained with the load-balance command, the hash-algorithm command can be used to select the hash scheme for LAG, ECMP and NH-ECMP. The 12 bit Lag Hash can be rotated or shifted till the desired hash is achieved. The nh-ecmp option allows you to change the hash value for recursive ECMP routes independently of non-recursive ECMP routes.
www.dell.com | support.dell.com • lsb — always uses the least significant bit of the hash key to compute the egress port To change to another method, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose hash-algorithm ecmp {crc-upper} | {dest-ip} | {lsb} CONFIGURATION Change to another algorithm.
Bulk Configuration Examples The following are examples of using the interface range command for bulk configuration: • Create a single-range • Create a multiple-range • Exclude duplicate entries • Exclude a smaller port range • Overlap port ranges • Commas • Add ranges Create a single-range Figure 19-20. Creating a Single-Range Bulk Configuration FTOS(config)# interface range gigabitethernet 5/1 - 23 FTOS(config-if-range-gi-5/1-23)# no shutdown Create a multiple-range Figure 19-21.
www.dell.com | support.dell.com Overlap port ranges If overlapping port ranges are specified, the port range is extended to the smallest start port number and largest end port number: Figure 19-24.
Define the Interface Range This example shows how to define an interface-range macro named “test” to select Fast Ethernet interfaces 5/1 through 5/4: FTOS(config)# define interface-range test gigabitethernet 5/1 - 4 To show the defined interface-range macro configuration, use the command show running-config in the EXEC mode.
www.dell.com | support.dell.com Monitor and Maintain Interfaces Monitor interface statistics with the monitor interface command. This command displays an ongoing list of the interface status (up/down), number of packets, traffic statistics, etc. Command Syntax Command Mode Purpose monitor interface interface EXEC Privilege View the interface’s statistics.
Figure 19-27. Command Example: monitor interface FTOS#monitor interface gi 3/1 FTOS uptime is 1 day(s), 4 hour(s), 31 minute(s) Monitor time: 00:00:00 Refresh Intvl.
www.dell.com | support.dell.com To test the condition of cables on 10/100/1000 BASE-T modules, use the tdr-cable-test command: Step 1 Command Syntax Command Mode Usage tdr-cable-test gigabitethernet / EXEC Privilege To test for cable faults on the GigabitEthernet cable. • Between two ports, the user must not start the test on both ends of the cable. • The user must enable the interface before starting the test. • The port should be enabled to run the test or the test prints an error message.
• Changes made do not affect any ongoing debounces. The timer changes take affect from the next debounce onward. Assign a debounce time to an interface Command Syntax Command Mode Purpose link debounce time [milliseconds] INTERFACE Enter the time to delay link status change notification on this interface. Range: 100-5000 ms • • Figure 19-28.
www.dell.com | support.dell.com When an E300 system boots up and a single SFM is active this configuration, any ports configured with this feature will be shut down. All other ports are booted up. Similarly, if an SFM fails (or is removed) in an E300 system with two SFM, ports configured with this feature will be shut down. All other ports are treated normally. When a second SFM is installed or replaced, all ports are booted up and treated as normally.
Link Dampening Interface state changes occur when interfaces are administratively brought up or down or if an interface state changes. Every time an interface changes state or flaps, routing protocols are notified of the status of the routes that are affected by the change in state, and these protocols go through momentous task of re-converging. Flapping therefore puts the status of entire network at risk of transient loops and black holes.
www.dell.com | support.dell.com Figure 19-31. Viewing all Dampened Interfaces FTOS# show interfaces InterfaceState Flaps Gi 0/0 Up Gi 0/1 Up Gi 0/2 Down dampening Penalty Half-LifeReuse SuppressMax-Sup 0 0 5 750 2500 2 1200 20 500 1500 4 850 30 600 2000 20 300 120 View a dampening summary for the entire system using the command show interfaces dampening summary from EXEC Privilege mode, as shown in Figure 19-32. Figure 19-32.
In Dell Networking OS, MTU is defined as the entire Ethernet packet (Ethernet header + FCS + payload) Since different networking vendors define MTU differently, check their documentation when planing MTU sizes across a network. Table 19-8 lists the range for each transmission media. Table 19-8.
www.dell.com | support.dell.com When the transmission pause is set (tx on), 3 thresholds can be set to define the controls more closely. Ethernet Pause Frames flow control can be triggered when either the flow control buffer threshold or flow control packet pointer threshold is reached.
Command Syntax Command Mode Purpose Parameters: rx on: Enter the keywords rx on to process the received flow control frames on this port. rx off: Enter the keywords rx off to ignore the received flow control frames on this port. tx on: Enter the keywords tx on to send control frames from this port to the connected device when a higher rate of traffic is received.
www.dell.com | support.dell.com Configure MTU Size on an Interface If a packet includes a Layer 2 header, the difference in bytes between the link MTU and IP MTU must be large enough to include the Layer 2 header.
Port-pipes A port pipe is a Dell Networking specific term for the hardware path that packets follow through a system. Port pipes travel through a collection of circuits (ASICs) built into line cards and RPMs on which various processing events for the packets occur. One or two port pipes process traffic for a given set of physical interfaces or a port-set. The E300 only supports one port pipe per slot.
www.dell.com | support.dell.com Auto-Negotiation on Ethernet Interfaces Setting speed and duplex mode of Ethernet Interfaces By default, auto-negotiation of speed and duplex mode is enabled on 10/100/1000 Base-T Ethernet interfaces. Only 10GE interfaces do not support auto-negotiation. When using 10GE interfaces, verify that the settings on the connecting devices are set to no auto-negotiation. Note: Starting with Dell Networking OS 7.8.1.
Note: The show interfaces status command displays link status, but not administrative status. For link and administrative status, use show ip interface [interface | brief | linecard slot-number] [configuration]. Figure 19-34.
www.dell.com | support.dell.com Figure 19-36. Setting Auto-Negotiation Options FTOS(conf)# int gi 0/0 FTOS(conf-if)#neg auto FTOS(conf-if-autoneg)# ? end Exit from configuration mode exit Exit from autoneg configuration mode mode Specify autoneg mode no Negate a command or set its defaults For details on the speed, duplex, and negotiation auto commands, see the Interfaces chapter of the Dell Networking OS Command Reference.
Figure 19-37.
www.dell.com | support.dell.com Figure 19-39.
Dynamic Counters By default, counting for the following four applications is enabled: • • • • IPFLOW IPACL L2ACL L2FIB For remaining applications, Dell Networking OS automatically turns on counting when the application is enabled, and is turned off when the application is disabled. Please note that if more than four counter-dependent applications are enabled on a port pipe, there is an impact on line rate performance.
www.dell.com | support.dell.com Clear interface counters The counters in the show interfaces command are reset by the clear counters command. This command does not clear the counters captured by any SNMP program.
20 IPv4 Addressing IPv4 Addressing is supported on platforms ces IPv4 addressing is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0 and later. Dell Networking OS supports various IP addressing features. This chapter explains the basics of Domain Name Service (DNS), Address Resolution Protocol (ARP), and routing principles and their implementation in Dell Networking OS.
www.dell.com | support.dell.com At its most basic level, an IP address is 32-bits composed of network and host portions and represented in dotted decimal format. For example, 00001010110101100101011110000011 is represented as 10.214.87.131 For more information on IP addressing, refer to RFC 791, Internet Protocol. Implementation Information In Dell Networking OS, you can configure any IP address as a static route except IP addresses already assigned to interfaces. Note: Dell Networking OS versions 7.7.1.
To assign an IP address to an interface, use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose interface interface CONFIGURATION Enter the keyword interface followed by the type of interface and slot/port information: • For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. • For a Loopback interface, enter the keyword loopback followed by a number from 0 to 16383.
www.dell.com | support.dell.com FTOS#show ip int gi 0/8 GigabitEthernet 0/8 is up, line protocol is up Internet address is 10.69.8.1/24 Broadcast address is 10.69.8.
Figure 20-3. show ip route static Command Example (partial) FTOS#show ip route static Destination Gateway ----------------S 2.1.2.0/24 Direct, Nu 0 S 6.1.2.0/24 via 6.1.20.2, S 6.1.2.2/32 via 6.1.20.2, S 6.1.2.3/32 via 6.1.20.2, S 6.1.2.4/32 via 6.1.20.2, S 6.1.2.5/32 via 6.1.20.2, S 6.1.2.6/32 via 6.1.20.2, S 6.1.2.7/32 via 6.1.20.2, S 6.1.2.8/32 via 6.1.20.2, S 6.1.2.9/32 via 6.1.20.2, S 6.1.2.10/32 via 6.1.20.2, S 6.1.2.11/32 via 6.1.20.2, S 6.1.2.12/32 via 6.1.20.2, S 6.1.2.13/32 via 6.1.20.2, S 6.1.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose management route ip-address mask {forwarding-router-address | ManagementEthernet slot/port} CONFIGURATION Assign a static route to point to the management interface or forwarding router. To view the configured static routes for the management port, use the show ip management-route command in the EXEC privilege mode. Figure 20-4. show ip management-route Command Example FTOS>show ip management-route Destination ----------1.1.1.
Enable dynamic resolution of host names By default, dynamic resolution of host names (DNS) is disabled. To enable DNS, use the following commands in the CONFIGURATION mode: Command Syntax Command Mode Purpose ip domain-lookup CONFIGURATION Enable dynamic resolution of host names. ip name-server ipv4-address [ipv4-address2 ... ipv4-address6] CONFIGURATION Specify up to 6 IPv4 or IPv6 name servers. The order you entered the servers determines the order of their use.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose ip domain-list name CONFIGURATION Configure names to complete unqualified host names. Configure this command up to 6 times to specify a list of possible domain names. Dell Networking OS searches the domain names in the order they were configured until a match is found or the list is exhausted. DNS with traceroute To configure your switch to perform DNS with traceroute, follow the steps below in the CONFIGURATION mode.
ARP Dell Networking OS uses two forms of address resolution: ARP and Proxy ARP. Address Resolution Protocol (ARP) runs over Ethernet and enables endstations to learn the MAC addresses of neighbors on an IP network. Over time, Dell Networking OS creates a forwarding table mapping the MAC addresses to their corresponding IP address. This table is called the ARP Cache and dynamically learned addresses are removed after a defined period of time.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose arp ip-address mac-address interface CONFIGURATION Configure an IP address and MAC address mapping for an interface. • ip-address: IP address in dotted decimal format (A.B.C.D). • mac-address: MAC address in nnnn.nnnn.nnnn format • interface: enter the interface type slot/port information. These entries do not age and can only be removed manually. To remove a static ARP entry, use the no arp ip-address command syntax.
Command Syntax Command Mode Purpose clear arp-cache [interface | ip ip-address] [no-refresh] EXEC privilege Clear the ARP caches for all interfaces or for a specific interface by entering the following information: • For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. • For a port channel interface, enter the keyword port-channel followed by a number from 1 to 255 for TeraScale and ExaScale.
www.dell.com | support.dell.com Beginning with version 8.3.1.0, when a Gratuitous ARP is received, Dell Networking OS installs an ARP entry on all 3 CPUs. Task Command Syntax Command Mode Enable ARP learning via gratuitous ARP. arp learn-enable CONFIGURATION ARP Learning via ARP Request In Dell Networking OS versions prior to 8.3.1.0, Dell Networking OS learns via ARP Requests only if the Target IP specified in the packet matches the IP address of the receiving router interface.
Configurable ARP Retries In Dell Networking OS versions prior to 8.3.1.0 the number of ARP retries is set to 5 and is not configurable. After 5 retries, Dell Networking OS backs off for 20 seconds before it sends a new request. Beginning with Dell Networking OS version 8.3.1.0, the number of ARP retries is configurable. The backoff interval remains at 20 seconds. Task Command Syntax Command Mode Set the number of ARP retries.
www.dell.com | support.dell.com See the Dell Networking OS Command Line Reference Guide for a complete listing of all commands related to ICMP. Enable ICMP unreachable messages By default, ICMP unreachable messages are disabled. When enabled ICMP unreachable messages are created and sent out all interfaces. To disable ICMP unreachable messages, use the no ip unreachable command.
Configuring UDP Helper Configuring Dell Networking OS to direct UDP broadcast is a two-step process: 1. Enable UDP helper and specify the UDP ports for which traffic is forwarded. See Enabling UDP Helper. 2. Configure a broadcast address on interfaces that will receive UDP broadcast traffic. See Configuring a Broadcast Address. Important Points to Remember about UDP Helper • • • • The existing command ip directed broadcast is rendered meaningless if UDP helper is enabled on the same interface.
www.dell.com | support.dell.com Configuring a Broadcast Address Configure a broadcast address on an interface using the command ip udp-broadcast-address, as shown in Figure 20-12. Figure 20-12. Configuring a Broadcast Address FTOS(conf-if-vl-100)#ip udp-broadcast-address 1.1.255.255 FTOS(conf-if-vl-100)#show config ! interface Vlan 100 ip address 1.1.0.1/24 ip udp-broadcast-address 1.1.255.
UDP Helper with Broadcast-all Addresses When the destination IP address of an incoming packet is the IP broadcast address, Dell Networking OS rewrites the address to match the configured broadcast address. In Figure 20-14: 1. Packet 1 is dropped at ingress if no UDP helper address is configured. 2.
www.dell.com | support.dell.com In Figure 20-15, Packet 1 has the destination IP address 1.1.1.255, which matches the subnet broadcast address of VLAN 101. If UDP helper is configured and the packet matches the specified UDP port, then the system changes the address to the configured IP broadcast address and floods the packet on VLAN 101. Packet 2 is sent from host on VLAN 101. It has a broadcast MAC address and a destination IP address of 1.1.1.255.
UDP Helper with No Configured Broadcast Addresses • • If the incoming packet has a broadcast destination IP address, then the unaltered packet is routed to all Layer 3 interfaces. If the Incoming packet has a destination IP address that matches the subnet broadcast address of any interface, then the unaltered packet is routed to the matching interfaces. Troubleshooting UDP Helper Display debugging information using the command debug ip udp-helper, as shown in Figure 20-17. Figure 20-17.
| IPv4 Addressing www.dell.com | support.dell.
21 IPv6 Addressing IPv6 Addressing is supported on platforms: ces Note: The basic IPv6 commands are supported on all platforms. However, not all IPv6-based features are supported on all platforms and on all releases. Refer to Table 21-2 to see which Dell Networking OS version supports an IPv6 feature on each platform. IPv6 (Internet Protocol Version 6) is the successor to IPv4. Due to the extremely rapid growth in internet users, and IP addresses, IPv4 is reaching its maximum usage.
www.dell.com | support.dell.com Some key changes in IPv6 are: • • • • Extended Address Space Stateless Autoconfiguration Header Format Simplification Improved Support for Options and Extensions Extended Address Space The address format is extended from 32 bits to 128 bits. This not only provides room for all anticipated needs, it allows for the use of a hierarchical address space structure to optimize global addressing.
IPv6 Headers The IPv6 header has a fixed length of 40 bytes. This provides 16 bytes each for Source and Destination information, and 8 bytes for general header information. The IPv6 header includes the following fields: • • • • • • • • Version (4 bits) Traffic Class (8 bits) Flow Label (20 bits) Payload Length (16 bits) Next Header (8 bits) Hop Limit (8 bits) Source Address (128 bits) Destination Address (128 bits) IPv6 provides for Extension Headers. Extension Headers are used only if necessary.
www.dell.com | support.dell.com Traffic Class (8 bits) The Traffic Class field deals with any data that needs special handling. These bits define the packet priority and are defined by the packet Source. Sending and forwarding routers use this field to identify different IPv6 classes and priorities. Routers understand the priority settings and handle them appropriately during conditions of congestion.
Table 21-1. Next Header field values (continued) Value Description 59 No Next Header 60 Destinations option header Note: This is not a comprehensive table of Next Header field values. Refer to the Internet Assigned Numbers Authority (IANA) web page http://www.iana.org/assignments/protocol-numbers for a complete and current listing. Hop Limit (8 bits) The Hop Limit field shows the number of hops remaining for packet processing.
www.dell.com | support.dell.com Hop-by-Hop Options header The Hop-by-Hop options header contains information that is examined by every router along the packet’s path. It follows the IPv6 header and is designated by the Next Header value 0 (zero) (Table 21-1). When a Hop-by-Hop Options header is not included, the router knows that it does not have to process any router specific information and immediately processes the packet to its final destination.
• • • • • • 2001:0db8:0000:0000:0000:0000:1428:57ab 2001:0db8:0000:0000:0000::1428:57ab 2001:0db8:0:0:0:0:1428:57ab 2001:0db8:0:0::1428:57ab 2001:0db8::1428:57ab 2001:db8::1428:57ab IPv6 networks are written using Classless Inter-Domain Routing (CIDR) notation. An IPv6 network (or subnet) is a contiguous group of IPv6 addresses the size of which must be a power of two; the initial bits of addresses, which are identical for all hosts in the network, are called the network's prefix.
www.dell.com | support.dell.com Implementing IPv6 with Dell Networking OS Dell Networking OS supports both IPv4 and IPv6, and both may be used simultaneously in your system. Note: Dell Networking recommends that you use Dell Networking OS version 7.6.1.0 or later when implementing IPv6 functionality on an E-Series system. Table 21-2 lists the Dell Networking OS Version in which an IPv6 feature became available for each platform. The sections following the table give some greater detail about the feature.
Table 21-2. Dell Networking OS and IPv6 Feature Support (continued) IS-IS for IPv6 7.5.1 8.2.1 8.4.2 8.4.2 Chapter 22, Intermediate System to Intermediate System in the Dell Networking OS Configuration Guide IPv6 IS-IS in the Dell Networking OS Command Line Reference Guide IS-IS for IPv6 support for redistribution 7.6.1 8.2.1 8.4.2 8.4.
www.dell.com | support.dell.com Table 21-2. Dell Networking OS and IPv6 Feature Support (continued) PIM-SM for IPv6 7.4.1 8.2.1 8.4.2 8.4.2 IPv6 Multicast in this chapter; IPv6 PIM in the Dell Networking OS Command Line Reference Guide PIM-SSM for IPv6 7.5.1 8.2.1 8.4.2 8.4.2 IPv6 Multicast in this chapter IPv6 PIM in the Dell Networking OS Command Line Reference Guide MLDv1/v2 7.4.1 8.2.1 8.4.2 8.4.
Path MTU Discovery IPv6 MTU Discovery is supported on platforms ces Path MTU (Maximum Transmission Unit) defines the largest packet size that can traverse a transmission path without suffering fragmentation. Path MTU for IPv6 uses ICMPv6 Type-2 messages to discover the largest MTU along the path from source to destination and avoid the need to fragment the packet. The recommended MTU for IPv6 is 1280.
www.dell.com | support.dell.com With ARP, each node broadcasts ARP requests on the entire link. This approach causes unnecessary processing by uninterested nodes. With NDP, each node sends a request only to the intended destination via a multicast address with the unicast address used as the last 24 bits. Other hosts on the link do not participate in the process, greatly increasing network bandwidth efficiency. Figure 21-3.
QoS for IPv6 IPv6 QoS is supported on platforms: ces Dell Networking OS IPv6 supports quality of service based on DSCP field. You can configure Dell Networking OS to honor the DSCP value on incoming routed traffic and forward the packets with the same value. Refer to Chapter 40, Quality of Service for details. Refer also to the Honor DSCP values on ingress packets in the QoS chapter for information relating to the trust diffserv command.
www.dell.com | support.dell.com Dell Networking OS supports both inbound and outbound SSH sessions using IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. Refer to the Security Commands chapter in the Dell Networking OS Command Line Interface Reference document for SSH configuration details.
Figure 21-4. Command Example: show cam-profile summary (E-Series) FTOS#show cam-profile summary -- Chassis CAM Profile -: Current Settings : Next Boot Profile Name : IPV6-ExtACL : IPV6-ExtACL MicroCode Name : IPv6-ExtACL : IPv6-ExtACL -- Line card 1 -: Current Settings : Next Boot : IPV6-ExtACL : IPV6-ExtACL : IPv6-ExtACL : IPv6-ExtACL Profile Name MicroCode Name FTOS# Figure 21-5.
www.dell.com | support.dell.com The default option sets the CAM Profile as follows: • • • • • L3 ACL (ipv4acl): 4 L2 ACL(l2acl) : 6 IPv6 L3 ACL (ipv6acl): 0 L3 QoS (ipv4qos): 2 L2 QoS (l2qos): 1 Save the new CAM settings to the startup-config (write-mem or copy run start) then reload the system for the new settings to take effect.
Assign a Static IPv6 Route IPv6 Static Routes are supported on platforms ces Use the ipv6 route command to configure IPv6 static routes.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose telnet ipv6 address EXEC or EXEC Privileged Enter the IPv6 Address for the device. ipv6 address : x:x:x:x::x mask : prefix length 0-128 IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing earlier in this chapter.
Command Syntax Command Mode Purpose FTOS#show ipv6 ? accounting IPv6 accounting information cam linecard IPv6 CAM Entries for Line Card fib linecard IPv6 FIB Entries for Line Card interface IPv6 interface information mbgproutes MBGP routing table mld MLD information mroute IPv6 multicast-routing table neighbors IPv6 neighbor information ospf OSPF information pim PIM V6 information prefix-list List IPv6 prefix lists route IPv6 routing information rpf RPF table FTOS# IPv6 Addressing | 497
www.dell.com | support.dell.com Show an IPv6 Interface View the IPv6 configuration for a specific interface with the following command. Command Syntax Command Mode Purpose show ipv6 interface type {slot/ EXEC Show the currently running configuration for the specified interface Enter the keyword interface followed by the type of interface and slot/port information: • For all brief summary of IPv6 status and configuration , enter the keyword brief.
FTOS#show ipv6 interface gi 2/2 GigabitEthernet 2/2 is down, line protocol is down IPV6 is enabled Link Local address: fe80::201:e8ff:fe06:95a3 Global Unicast address(es): 3:4:5:6::8, subnet is 3::/24 Global Anycast address(es): Joined Group address(es): ff02::1 ff02::2 ff02::1:ff00:8 ff02::1:ff06:95a3 MTU is 1500 ICMP redirects are not sent DAD is enabled, number of DAD attempts: 1 ND reachable time is 30 seconds ND advertised reachable time is 30 seconds ND advertised retransmit interval is 30 seconds ND
www.dell.com | support.dell.com Figure 21-7.
Show the Running-Configuration for an Interface View the configuration for any interface with the following command. Command Syntax Command Mode Purpose show running-config interface type {slot/port} EXEC Show the currently running configuration for the specified interface Enter the keyword interface followed by the type of interface and slot/port information: • For a 10/100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/ port information.
www.dell.com | support.dell.com 502 Command Syntax Command Mode Purpose IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing earlier in this chapter.
22 Intermediate System to Intermediate System Intermediate System to Intermediate System is supported on platform: e Intermediate System to Intermediate System (IS-IS) protocol is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS, as described in this chapter.
www.dell.com | support.dell.com routing information directly with external routers located outside of the routing domains. Level 1-2 systems manage both inter-area and intra-area traffic by maintaining two separate link databases; one for Level 1 routes and one for Level 2 routes. A Level 1-2 router does not advertise Level 2 routes to a Level 1 router. To establish adjacencies, each IS-IS router sends different Protocol Data Units (PDU).
Multi-Topology IS-IS Dell Networking OS 7.8.1.0 and later support Multi-Topology Routing IS-IS. E-Series ExaScale platform ex supports Multi-Topology IS-IS with Dell Networking OS 8.2.1.0 and later. Multi-Topology IS-IS (MT IS-IS) allows you to create multiple IS-IS topologies on a single router with separate databases. This feature is used to place a virtual physical topology into logical routing domains, which can each support different routing and security policies.
www.dell.com | support.dell.com Adjacencies Adjacencies on point-to-point interfaces are formed as usual, where IS-IS routers do not implement Multi-Topology (MT) extensions. If a local router does not participate in certain MTs, it will not advertise those MT IDs in its IIHs and so will not include that neighbor within its LSPs. If an MT ID is not detected in the remote side's IIHs, the local router does not include that neighbor within its LSPs.
• The T3 timer sets the overall wait time after which the router determines that it has failed to achieve database synchronization (by setting the overload bit in its own LSP). This timer can be based on adjacency settings with the value derived from adjacent routers that are engaged in graceful restart recovery (the minimum of all the Remaining Time values advertised by the neighbors) or by setting a specific amount of time manually.
www.dell.com | support.dell.com Table 22-1 displays the default values for IS-IS. Table 22-1.
Configuration Task List for IS-IS The following list includes the configuration tasks for IS-IS: • • • • • • • • • • Enable IS-IS Configure Multi-Topology IS-IS (MT IS-IS) Configure IS-IS Graceful Restart Change LSP attributes Configure IS-IS metric style and cost Change the IS-type Control routing updates Configure authentication passwords Set the overload bit Debug IS-IS Enable IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS.
www.dell.com | support.dell.com Step Task Command Syntax Command Mode 3 Enter the interface configuration mode. Enter the keyword interface followed by the type of interface and slot/port information: • For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. • For the Loopback interface on the RPM, enter the keyword loopback followed by a number from 0 to 16383.
Figure 22-2. Command Example: show isis protocol FTOS#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223.2425.2627.2829.3031.3233 47.0004.004d.
www.dell.com | support.dell.com Configure Multi-Topology IS-IS (MT IS-IS) Step 1 Task Command Syntax Command Mode Enable Multi-Topology IS-IS for IPv6. Enter the transition keyword to allow an IS-IS IPv6 user to continue to use single-topology mode while upgrading to multi-topology mode.After every router has been configured with the transition keyword, and all the routers are in MT IS-IS IPv6 mode users can remove the transition keyword on each router.
Configure Multi-Topology IS-IS (MT IS-IS) Step 1 Task Command Syntax Command Mode Enable Multi-Topology IS-IS for IPv6. Enter the transition keyword to allow an IS-IS IPv6 user to continue to use single-topology mode while upgrading to multi-topology mode.After every router has been configured with the transition keyword, and all the routers are in MT IS-IS IPv6 mode users can remove the transition keyword on each router.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose graceful-restart restart- wait seconds ROUTER-ISIS Enable the Graceful Restart maximum wait time before a restarting peer comes up. Be sure to set the t3 timer to adjacency on the restarting router when implementing this command.
Use the show isis graceful-restart detail command in EXEC Privilege mode to view all Graceful Restart related configuration. Figure 22-4.
www.dell.com | support.dell.com Figure 22-5. Command Example: show isis interface show isis interface G1/34 GigabitEthernet 2/10 is up, line protocol is up MTU 1497, Encapsulation SAP Routing Protocol: IS-IS Circuit Type: Level-1-2 Interface Index 0x62cc03a, Local circuit ID 1 Level-1 Metric: 10, Priority: 64, Circuit ID: 0000.0000.000B.01 Hello Interval: 10, Hello Multiplier: 3, CSNP Interval: 10 Number of active level-1 adjacencies: 1 Level-2 Metric: 10, Priority: 64, Circuit ID: 0000.0000.000B.
Figure 22-6. Command Example: show running-config isis FTOS#show running-config isis ! router isis lsp-refresh-interval 902 net 47.0005.0001.000C.000A.4321.00 net 51.0005.0001.000C.000A.4321.00 FTOS# Configure IS-IS metric style and cost All IS-IS links or interfaces are associated with a cost that is used in the SPF calculations. The possible cost varies depending on the metric style supported.
www.dell.com | support.dell.com Figure 22-7. Command Example: show isis protocol FTOS#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223.2425.2627.2829.3031.3233 47.0004.004d.
Table 22-3. Correct Value Range for the isis metric command Metric Style Correct Value Range narrow transition 0 to 63 transition 0 to 63 Configuring the distance of a route Configure the distance for a route using the distance command from ROUTER ISIS mode.
www.dell.com | support.dell.com Figure 22-8. Command Example: show isis database FTOS#show isis database IS-IS Level-1 Link State Database LSPID LSP Seq Num B233.00-00 0x00000003 eljefe.00-00 * 0x00000009 eljefe.01-00 * 0x00000001 eljefe.02-00 * 0x00000001 Force10.00-00 0x00000002 IS-IS Level-2 Link State Database LSPID LSP Seq Num B233.00-00 0x00000006 eljefe.00-00 * 0x0000000D eljefe.01-00 * 0x00000001 eljefe.02-00 * 0x00000001 Force10.
Distribute Routes Another method of controlling routing information is to filter the information through a prefix list. Prefix lists are applied to incoming or outgoing routes and routes must meet the conditions of the prefix lists or Dell Networking OS does not install the route in the routing table. The prefix lists are globally applied on all interfaces running IS-IS. Configure the prefix list in the PREFIX LIST mode prior to assigning it to the IS-IS process.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose distribute-list prefix-list-name out [bgp as-number | connected | ospf process-id | rip | static] ROUTER ISIS Apply a configured prefix list to all outgoing IPv4 IS-IS routes. You can configure one of the optional parameters: • connected: for directly connected routes. • ospf process-id: for OSPF routes only. • rip: for RIP routes only. • static: for user-configured routes.
Command Syntax Command Mode Purpose distribute-list prefix-list-name out [bgp as-number | connected | ospf process-id | rip | static] ROUTER ISIS-AF IPV6 Apply a configured prefix list to all outgoing IPv6 IS-IS routes. You can configure one of the optional parameters: • connected: for directly connected routes. • ospf process-id: for OSPF routes only. • rip: for RIP routes only. • static: for user-configured routes.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose redistribute ospf process-id [level-1| level-1-2 | level-2] [metric value] [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name] ROUTER ISIS Include specific OSPF routes in IS-IS. Configure the following parameters: • process-id range: 1 to 65535 • level-1, level-1-2, or level-2: Assign all redistributed routes to a level. Default is level-2. • metric range: 0 to 16777215. Default is 0.
Use the show running-config isis command in EXEC Privilege mode to view IS-IS configuration globally (including both IPv4 and IPv6 settings), or the show config command in ROUTER ISIS mode to view the current IPv4 IS-IS configuration, or the show config command in ROUTER ISIS-ADDRESS FAMILY IPV6 mode to view the current IPv6 IS-IS configuration Configure authentication passwords You can assign an authentication password for routers in Level 1 and for routers in Level 2.
www.dell.com | support.dell.com When the bit is set, a 1 is placed in the OL column in the show isis database command output. In Figure 22-9, the overload bit is set in both the Level-1 and Level-2 database because the IS type for the router is Level-1-2 Figure 22-9. Command Example: show isis database FTOS#show isis database IS-IS Level-1 Link State Database LSPID LSP Seq Num B233.00-00 0x00000003 eljefe.00-00 * 0x0000000A eljefe.01-00 * 0x00000001 eljefe.02-00 * 0x00000001 Force10.
Command Syntax Command Mode Purpose debug isis snp-packets [interface] EXEC Privilege View IS-IS SNP packets, include CSNPs and PSNPs. To view specific information, enter one of the following optional parameters: • interface: Enter the type of interface and slot/port information to view IS-IS information on that interface only. debug isis spf-triggers EXEC Privilege View the events that triggered IS-IS shortest path first (SPF) events for debugging purposes.
www.dell.com | support.dell.com Configure Metric Values The following topics are covered in this section: • • • Maximum Values in the Routing Table Changing the IS-IS Metric Style in One Level Only Leaking from One Level to Another For any level (Level-1, Level-2, or Level-1-2), the value range possible in the isis metric command in INTERFACE mode changes depending on the metric style. Table 22-4.
Table 22-5. Metric Value when Metric Style Changes Beginning metric style Final metric style Resulting IS-IS metric value wide narrow transition default value (10) if the original value is greater than 63. A message is sent to the console.
www.dell.com | support.dell.com Table 22-6.
Sample Configuration The following configurations are examples for enabling IPv6 IS-IS. These are not comprehensive directions. They are intended to give you a some guidance with typical configurations. S Note: Only one IS-IS process can run on the router, even if both IPv4 and IPv6 routing is being used. You can copy and paste from these examples to your CLI. Be sure you make the necessary changes to support your own IP Addresses, Interfaces, Names, etc.
www.dell.com | support.dell.com Figure 22-10. IS-IS Sample Configuration Router 1 R1(conf)#interface Loopback 0 R1(conf-if-lo-0)#ip address 192.168.1.1/24 R1(conf-if-lo-0)#ipv6 address 2001:db8:9999:1::/48 R1(conf-if-lo-0)#ip router isis 9999 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#router isis 9999 R1(conf-router_isis)#is-type level-1 R1(conf-router_isis)#net FF.F101.0002.0C00.1111.
Figure 22-11. IS-IS Sample Configuration continued Router 2 R2(conf)#interface Loopback 0 R2(conf-if-lo-0)#ip address 192.168.1.1/24 R2(conf-if-lo-0)#ipv6 address 2001:db8:9999:1::/48 R2(conf-if-lo-0)#ip router isis 9999 R2(conf-if-lo-0)#no shutdown R2(conf-if-lo-0)#router isis 9999 R2(conf-router_isis)#int gi 2/11 R2(conf-if-gi-2/11)#ip address 10.0.12.
www.dell.com | support.dell.com Figure 22-12. IS-IS Sample Configuration continued Router 3 R3(conf)#interface Loopback 0 R3(conf-if-lo-0)#ip address 192.168.1.3/24 R3(conf-if-lo-0)#ipv6 address 2001:db8:9999:3::/48 R3(conf-if-lo-0)#ip router isis 9999 R3(conf-if-lo-0)#no shutdown R3(conf-if-lo-0)#router isis 9999 R3(conf-router_isis)#net FF.F101.0002.0C00.1133.
Figure 22-13. IPv6 IS-IS Sample Topography Loopback 0 2001:0db8:9999:2:: /48 (192.168.1.2 /24) GigE 2/11 2001:0db8:1021:2:: /48 (10.0.12.2 /24) GigE 2/31 2001:0db8:1023:2:: /48 (10.0.23.2 /24) R2 GigE 1/21 2001:0db8:1021:1:: /48 (10.0.12.1 /24) GigE 3/21 2001:0db8:1023:3:: /48 (10.0.23.3 /24) Loopback 0 R1 2001:0db8:9999:1:: /48 GigE 1/34 (192.168.1.1 /24) 2001:0db8:1022:1:: /48 (10.0.13.1 /24) R3 Loopback 0 2001:0db8:9999:3:: /48 (192.168.1.
www.dell.com | support.dell.
23 Link Aggregation Control Protocol Link Aggregation Control Protocol is supported on platforms ce s LACP addressing is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0 and later.
www.dell.com | support.dell.com The Dell Networking OS implementation of LACP is based on the standards specified in the IEEE 802.3: “Carrier sense multiple access with collision detection (CSMA/CD) access method and physical layer specifications.” LACP functions by constantly exchanging custom MAC PDUs across LAN Ethernet links. The protocol packets are only exchanged between ports that are configured as LACP capable.
LACP modes Dell Networking OS provides the following three modes for configuration of LACP: • • • Off—In this state, an interface is not capable of being part of a dynamic LAG. LACP does not run on any port that is configured to be in this state. Active—In this state, the interface is said to be in the “active negotiating state.” LACP runs on any link that is configured to be in this state. A port in Active state also automatically initiates negotiations with other ports by initiating LACP packets.
www.dell.com | support.dell.com LACP Configuration Tasks The tasks covered in this section are: • • • • • Create a LAG Configure the LAG interfaces as dynamic Set the LACP long timeout Monitor and Debugging LACP Configure Shared LAG State Tracking Create a LAG To create a dynamic port channel (LAG), define the LAG and then the LAG interfaces. Use the interface port-channel and switchport commands, as shown in Figure 23-1, which uses the example of LAG 32: Figure 23-1.
Figure 23-3. Creating a Dynamic LAG Example FTOS(conf)#interface Gigabitethernet 3/15 FTOS(conf-if-gi-3/15)#no shutdown FTOS(conf-if-gi-3/15)#port-channel-protocol lacp FTOS(conf-if-gi-3/15-lacp)#port-channel 32 mode active ... FTOS(conf)#interface Gigabitethernet 3/16 FTOS(conf-if-gi-3/16)#no shutdown FTOS(conf-if-gi-3/16)#port-channel-protocol lacp FTOS(conf-if-gi-3/16-lacp)#port-channel 32 mode active ...
www.dell.com | support.dell.com Figure 23-4. Invoking the LACP Long Timeout FTOS(conf)# interface port-channel 32 FTOS(conf-if-po-32)#no shutdown FTOS(conf-if-po-32)#switchport FTOS(conf-if-po-32)#lacp long-timeout FTOS(conf-if-po-32)#end FTOS# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.a12b Partner System ID: Priority 32768, Address 0001.e801.
Figure 23-5. LAGs using ECMP without Shared LAG State Tracking R4 Po 2 Po 1 Po 1 failure R1 Po 2 over-subscribed R2 R3 fnC0049mp To avoid packet loss, traffic must be re-directed through the next lowest-cost link (R3 to R4). Dell Networking OS has the ability to bring LAG 2 down in the event that LAG 1 fails, so that traffic can be re-directed, as described. This is what is meant by Shared LAG State Tracking.
www.dell.com | support.dell.com In Figure 23-8, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down upon the failure. This effect is logged by Message 2, in which a console message declares both LAGs down at the same time. Figure 23-8.
• • • • Only a LAG can be a member of a failover group. Shared LAG State Tracking can be configured on one side of a link or on both sides. If a LAG that is part of a failover group is deleted, the failover group is deleted. If a LAG moves to the down state due to this feature, its members may still be in the up state. Configure LACP as Hitless Configure LACP as Hitless is supported only on platforms: ce LACP on Dell Networking systems can be configured to be hitless.
www.dell.com | support.dell.com Figure 23-11. LACP Sample Topology Port Channel 10 ALPHA BRAVO Gig 3/21 Gig 2/31 Gig 2/32 Gig 3/23 Gig 2/33 Configuring a LAG on ALPHA Figure 23-12.
Figure 23-13. Inspecting a LAG Port Configuration on ALPHA Alpha#sh int gig 2/31 GigabitEthernet 2/31 is up, line protocol is up Port is part of Port-channel 10 Hardware is Force10Eth, address is 00:01:e8:06:95:c0 Current address is 00:01:e8:06:95:c0 Interface index is 109101113 Port will not be disabled on partial SFM failure Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes Shows the speed of this physical interface.
www.dell.com | support.dell.com Figure 23-14. 548 Inspecting Configuration of LAG 10 on ALPHA Indicates the MAC address assigned to the LAG. This does NOT match any of the physical interface MAC addresses.
Figure 23-15. Using the show lacp Command to Verify LAG 10 Status on ALPHA Alpha#sho lacp 10 Port-channel 10 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e806.953e Partner System ID: Priority 32768, Address 0001.e809.
www.dell.com | support.dell.com Summary of the configuration on ALPHA Figure 23-16.
Summary of the configuration on BRAVO Figure 23-17.
www.dell.com | support.dell.com Figure 23-18. 552 Using the show interface Command to Inspect a LAG Port on BRAVO Shows the status of this nterface. Also shows it is part of LAG 10. Bravo#show int gig 3/21 GigabitEthernet 3/21 is up, line protocol is up Port is part of Port-channel 10 Hardware is Force10Eth, address is 00:01:e8:09:c3:82 Current address is 00:01:e8:09:c3:82 Shows that this is a Layer 2 port.
Figure 23-19. Using the show interfaces port-channel Command to Inspect LAG 10 This does NOT match any of the physical interface MAC addresses.
www.dell.com | support.dell.com Figure 23-20. Using the show lacp Command to Inspect LAG Status Force10#show lacp 10 Port-channel 10 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e809.c24a Partner System ID: Priority 32768, Address 0001.e806.
24 Layer 2 Layer 2 features are supported on platforms ces The E-Series ExaScale platform is supported with Dell Networking OS 8.1.1.0 and later.
www.dell.com | support.dell.com Clear the MAC Address Table You may clear the MAC address table of dynamic entries: Task Command Syntax Command Mode Clear a MAC address table of dynamic entries.
Configure a Static MAC Address A static entry is one that is not subject to aging. Static entries must be entered manually: Task Command Syntax Command Mode Create a static MAC address entry in the MAC address table. mac-address-table static CONFIGURATION Display the MAC Address Table To display the contents of the MAC address table: Task Command Syntax CommandMode Display the contents of the MAC address table. • address displays the specified entry. • aging-time displays the configured aging-time.
www.dell.com | support.dell.
Three options are available with the mac learning-limit command: dynamic, no-station-move, and station-move, Note: An SNMP trap is available for mac learning-limit station-move. No other SNMP traps are available for MAC Learning Limit, including limit violations. mac learning-limit dynamic After you enable a MAC learning limit, MAC addresses learned on the port and entered in the MAC address table are static by default.
www.dell.com | support.dell.com mac learning-limit no-station-move Note: Sticky MAC is not supported on the S25 or S50 in Dell Networking OS release 8.4.2.6. The no-station-move option, also known as “sticky MAC,” provides additional port security by preventing a station move. When this option is configured, the first entry in the table is maintained instead of creating a new entry on the new interface. no-station-move is the default behavior. Entries created before this option is set are not affected.
Dell Networking OS Behavior: The following conditions apply when you enable the sticky-MAC address option for MAC learning on an interface: • When you enable the sticky MAC learning option, all dynamically-learned MAC addresses that you save to the start-up configuration are converted to statically-configured MAC addresses when you reboot the switch.
www.dell.com | support.dell.com Displaying MAC Learning-Limited Interfaces To display a list of all interfaces with a MAC learning limit: Task Command Syntax Command Mode Display a list of all interfaces with a MAC learning limit.
To display a list of interfaces configured with MAC learning limit or station move violation actions: Task Command Syntax Command Mode Display a list of all of the interfaces configured with MAC learning limit or station move violation.
www.dell.com | support.dell.com Figure 24-1. Per-VLAN MAC Learning Limit Internet Exchange Point 802.1QTagged interface GigabitEthernet 1/1 ... mac learning-limit 1 vlan 10 mac learning-limit 1 vlan 20 ISP A ISP B ISP C ISP A, B, and C are all public peers through VLAN 10. In addition, ISP A and C are private peers on a separate VLAN, VLAN 20. Since the access ports for ISP A and C are members of multiple VLANs, Per-VLAN MAC Learning Limit can be applied to those ports.
NIC Teaming NIC teaming is a feature that allows multiple network interface cards in a server to be represented by one MAC address and one IP address in order to provide transparent redundancy, balancing, and to fully utilize network adapter resources. Figure 24-2 shows a topology where two NICs have been teamed together. In this case, if the primary NIC fails, traffic switches to the secondary NIC, since they are represented by the same set of addresses. Figure 24-2.
www.dell.com | support.dell.com Figure 24-3. Configuring mac-address-table station-move refresh-arp Command X MAC: A:B:C:D A:B IP: 1.1.1.1 Port 0/1 Move MAC address k Active Lin Port 0/5 fnC0026mp mac-address-table station-move refresh-arp configured at time of NIC teaming MAC Move Optimization MAC Move Optimization is supported only on platform: e Station-move detection takes 5000ms because this is the interval at which the detection algorithm runs.
Since the virtual MAC address is never learned, traffic is forwarded to only one server rather than the entire cluster, and failover and balancing are not preserved (Figure 24-5). Figure 24-4.
www.dell.com | support.dell.com Figure 24-6.
Configuring Redundant Pairs Configuring Redundant Pairs is supported: • • ces On physical interfaces on platforms On static and dynamic port-channel interfaces on platforms ces The Redundant Pairs feature allows you to provide redundancy for Layer 2 links without using Spanning Tree (STP). You create redundant links by configuring pairs of Layer 2 (physical or port-channel) interfaces so that only one interface is up and carries user traffic at any time.
www.dell.com | support.dell.com To ensure that existing network applications see no difference when a primary interface in a redundant pair transitions to the backup interface, be sure to apply identical configurations of other traffic parameters to each interface. If you remove an interface in a redundant link (remove the line card of a physical interface or delete a port channel with the no interface port-channel command), the redundant pair configuration is also removed.
In Figure 24-8, interface 3/41 is a backup interface for 3/42, and 3/42 is DOWN as shown in message Message 1. If 3/41 fails, 3/42 transitions to the UP state, which makes the backup link active. A message similar to Message 1 appears whenever you configure a backup port.
www.dell.com | support.dell.com Restricting Layer 2 Flooding Restricting Layer 2 Flooding is supported only on platform: et When Layer 2 multicast traffic must be forwarded on a VLAN that has multiple ports with different speeds on the same port-pipe, forwarding is limited to the speed of the slowest port.
Far-end Failure Detection Far-end Failure Detection is supported only on platform: e Far-end Failure Detection (FEFD) is a protocol that senses remote data link errors in a network. It responds by sending a unidirectional report that triggers an echoed response after a specified time interval. Figure 24-10.
www.dell.com | support.dell.com 5. If the FEFD system has been set to Aggressive mode and neighboring echoes are not received after three intervals, the state changes to Err-disabled. All interfaces in the Err-disabled state must be manually reset using the fefd reset [interface] command in EXEC privilege mode (it can be done globally or one interface at a time) before the FEFD enabled system can become operational again. Table 24-1.
Report interval frequency and mode adjustments can be made by supplementing this command as well. Step Task Command Syntax Command Mode 1 Setup two or more connected interfaces for Layer 2 or Layer 3 use ip address ip address, switchport INTERFACE 2 Activate the necessary ports administratively no shutdown INTERFACE 3 Enable fefd globally fefd {interval | mode} CONFIGURATION Entering the show fefd command in EXEC privilege mode displays information about the state of each interface.
www.dell.com | support.dell.com Step Task Command Syntax Command Mode 3 Enable FEFD on each interface fefd {disable | interval | mode} INTERFACE Figure 24-12.
Figure 24-14.
| Layer 2 www.dell.com | support.dell.
25 Link Layer Discovery Protocol Link Layer Discovery Protocol is supported only on platforms: ces LLDP is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0 and later. This chapter contains the following sections: • • • • 802.1AB (LLDP) Overview TIA-1057 (LLDP-MED) Overview 802.3AT (Power-via-MDI) Overview Configuring LLDP 802.1AB (LLDP) Overview Link Layer Discovery Protocol (LLDP)—defined by IEEE 802.
www.dell.com | support.dell.com Figure 25-1. Type, Length, Value (TLV) Segment TLV Header TLV Type (1-127) TLV Length Value 9 bits 7 bits 0-511 octets Chassis ID Sub-type Chassis ID fnC0057mp 1- 255 octets 1 octet TLVs are encapsulated in a frame called an LLDP Data Unit (LLDPDU) (Figure 25-2), which is transmitted from one LLDP-enabled device to its LLDP-enabled neighbors. LLDP is a one-way protocol.
Optional TLVs Dell Networking OS supports the following optional TLVs: Management TLVs • • • IEEE 802.1 and 802.3 Organizationally Specific TLVs TIA-1057 Organizationally Specific TLVs Management TLVs A Management TLV is an Optional TLVs sub-type. This kind of TLV contains essential management information about the sender. The five types are described in Table 25-2. Organizationally Specific TLVs Organizationally specific TLVs can be defined by a professional organization or a vendor.
www.dell.com | support.dell.com Table 25-2. Optional TLV Types Type TLV Description 7 System capabilities Identifies the chassis as one or more of the following: repeater, bridge, WLAN Access Point, Router, Telephone, DOCSIS cable device, end station only, or other 8 Management address Indicates the network address of the management interface. Dell Networking OS does not currently support this TLV. IEEE 802.
With regard to connected endpoint devices, LLDP-MED provides network connectivity devices with the ability to: • • • • manage inventory manage Power over Ethernet (PoE) or Power over Ethernet Plus (PoE+) identify physical location identify network policy LLDP-MED is designed for, but not limited to, VoIP endpoints. TIA Organizationally Specific TLVs The Dell Networking system is an LLDP-MED Network Connectivity Device (Device Type 4).
www.dell.com | support.dell.com Table 25-3. Type TIA-1057 (LLDP-MED) Organizationally Specific TLVs (continued) Sub-type 127 11 127 12-255 TLV Description Inventory - Asset ID Indicates a user specified device number to manage inventory Reserved — LLDP-MED Capabilities TLV The LLDP-MED Capabilities TLV communicates the types of TLVs that the endpoint device and the network connectivity device support. LLDP-MED network connectivity devices must transmit the Network Policies TLV.
Table 25-5.
www.dell.com | support.dell.com Table 25-6. Type Network Policy Applications (continued) Application Description 5 Softphone Voice Softphone is a computer program that enables IP telephony on a computer, rather than using a phone. Specify this application type for this type of endpoint device. 6 Video Conferencing Specify this application type for dedicated video conferencing and other similar appliances supporting real-time interactive video.
Figure 25-6. TLV Type (127) Extended Power via MDI TLV TLV Length (7) Organizationally Organizationally Unique ID Defined Sub-type (00-12-BB) (4) Power Type (0) Power Source (1) Power Priority (2) 2 bits 4 bits Power Value (130) fnC0056mp 7 bits 9 bits 3 octets 1 octet 2 bits 2 octets 802.3AT (Power-via-MDI) Overview Link Layer Discovery Protocol (LLDP)—defined by IEEE 802.
www.dell.com | support.dell.com IEEE 802.3 Organizationally Specific TLVs Table 25-7 lists the currently defined IEEE 802.3 Organizationally Specific TLVs. Table 25-7. IEEE 802.3 Organizationally Specific TLVs IEEE 802.
The revised TLV is used by the PSE only when it is supplying power to a PI encompassed within an MDI and used by the PD only when it is drawing power from the PI. Power entities may continue to use the legacy TLV prior to supplying/drawing power to/from the PI. If the power entity implements Data Link Layer classification, it uses the Power-via-MDI TLV after the PI has been powered.
www.dell.com | support.dell.com • • INTERFACE level configurations override all CONFIGURATION level configurations. LLDP is not hitless. LLDP Compatibility • • Spanning Tree and Force10 Ring Protocol “blocked” ports allow LLDPDUs. 802.1X controlled ports do not allow LLDPDUs until the connected device is authenticated. CONFIGURATION versus INTERFACE Configurations All LLDP configuration commands are available in PROTOCOL LLDP mode, which is a sub-mode of CONFIGURATION mode and INTERFACE mode.
Enabling LLDP LLDP is disabled by default. LLDP can be enabled and disabled globally or per interface. If LLDP is enabled globally, all up interfaces send periodic LLDPDUs. To enable LLDP: Step Task Command Command Mode 1 Enter Protocol LLDP mode. protocol lldp CONFIGURATION or INTERFACE 2 Enable LLDP. no disable PROTOCOL LLDP Disabling and Undoing LLDP • • Disable LLDP globally or for an interface using the command disable.
www.dell.com | support.dell.com Step 2 Task Command Command Mode Advertise one or more TLVs. Include the keyword for each TLV you want to advertise. • For management TLVs: system-capabilities, advertise {management-tlv | dot1-tlv | dot3-tlv | med} PROTOCOL LLDP system-description • For 802.1 TLVs: port-protocol-vlan-id, • • For 802.
Figure 25-11. Viewing LLDP Global Configurations R1(conf)#protocol lldp R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description hello 10 no disable R1(conf-lldp)# Figure 25-12.
www.dell.com | support.dell.com Figure 25-14.
Figure 25-15.
www.dell.com | support.dell.com Figure 25-16.
Figure 25-17.
www.dell.com | support.dell.com Figure 25-18.
Table 25-8.
www.dell.com | support.dell.com Table 25-9.
Table 25-10. LLDP 802.
www.dell.com | support.dell.com Table 25-11.
Table 25-11.
www.dell.com | support.dell.
26 Multicast Listener Discovery Multicast Listener Discovery is supported only on platform: MLD Snooping is supported only on platform: e e Multicast Listener Discovery (MLD) is a Layer 3 protocol that IPv6 routers use to learn of the multicast receivers that are directly connected to them and the groups in which the receivers are interested. Multicast routing protocols (like PIM) use the information learned from MLD to route multicast traffic to all interested receivers.
www.dell.com | support.dell.com • • Maximum Response Delay—the maximum amount of time that the Querier waits to receive a response to a General or Multicast-Address-Specific Query. The value is zero in reports and Done messages. Multicast Address — set to zero in General Queries, and set to the relevant multicast address in multicast-address-specific queries and done messages. Figure 26-1.
Leaving a Multicast Group A receiver that is no longer interested in traffic for a particular group should leave the group by sending a Done message to the link-scope all-routers multicast address, FF02::02. When a Querier receives a Done message, it sends a Multicast-Address-Specific Query addressed to the relevant multicast group. Hosts still interested in receiving traffic for that group (according to the suppression mechanism) so that the group table entry is maintained.
www.dell.com | support.dell.com Figure 26-3.
• • Debug MLD MLD Snooping Change MLD Timer Values All non-queriers have a timer that is refreshed when it hears a General Query. If the timer expires, then the router can assume that the Querier is not present, and so it assumes the role of Querier. The Other Querier Present Interval, or Querier Timeout Interval, is the amount of time that passes before a non-querier router assumes that there is no longer a Querier on the link. Task Command Syntax Command Mode Adjust the querier-timeout value.
www.dell.com | support.dell.com Last Member Query Interval The Querier sends a Multicast-Address-Specific Query upon receiving a Done message to ascertain whether there are any remain receivers for a group. The Last Listener Query Interval is the Maximum Response Delay for a Multicast-Address-Specific Query, and also the amount of time between Multicast-Address-Specific Query retransmissions.
Display the MLD Group Table Task Command Syntax Command Mode Display MLD groups. Group information can be filtered, see the Dell Networking OS Command Line Reference for the options available with this command. show ipv6 mld {groups | interface} EXEC Privilege Clear MLD Groups Clear a specific group or all groups on an interface from the multicast routing table using the command clear ipv6 mld groups from EXEC Privilege mode.
www.dell.com | support.dell.com Enable MLD Snooping MLD is automatically enabled when you enable IPv6 PIM, but MLD Snooping must be explicitly enabled. Task Command Syntax Command Mode Enable MLD Snooping ipv6 mld snooping enable CONFIGURATION Disable MLD Snooping on a VLAN When MLD is enabled globally, it is by default enabled on all VLANs. Disable snooping on a VLAN, using the command no ipv6 mld snooping from INTERFACE VLAN mode.
View the ports that are connected to multicast routers using the command show ipv6 mld snooping mrouter from EXEC Privilege mode. Enable Snooping Explicit Tracking The switch can be a querier, and therefore also has the option of updating the group table through explicit-tracking (see Explicit Tracking). Whether the switch is the Querier or not, if snooping is enabled, the switch tracks all MLD joins.
www.dell.com | support.dell.com Figure 26-4. Port Inheritance on Mixed-mode VLANs Snooping Table VLAN 10 1 2 MLDv2 IGMP (*,G) 1 (*,G) 1, 3 (S,G) 1*, 3 3 4 exclude (*,G) include (S,G) In Figure 26-4, the host on Port 1 sends an exclude—that is, exclude nothing—report to join group G and receive traffic from all transmitting sources for the group. Dell Networking OS creates a (*,G) entry and lists Port 1 in the outgoing interface list.
27 Multicast Source Discovery Protocol Multicast Source Discovery Protocol is supported only on platform e MSDP addressing is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0 and later. Protocol Overview Multicast Source Discovery Protocol (MSDP) is a Layer 3 protocol that connects IPv4 PIM-SM domains. A domain in the context of MSDP is contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as BGP.
Multicast Source Discovery Protocol + + P 3 MPC IG Receiver OS PF + PI M PC 2 Source MP IG 4/1 AS Y Area 0 R4 4/31 2/1 + PI M AS X Area 0 OS PF www.dell.com | support.dell.com Figure 27-1. BGP R2 2/11 3/21 3/41 R3 P Pe MSD 1/21 1/2 R1 ersh ip RP RP1 1/1 PC 1 Receiver RPs advertise each (S,G) in its domain in Type, Length, Value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field.
Configuring Multicast Source Discovery Protocol Configuring MSDP is a three-step process: 1. Enable an exterior gateway protocol (EGP) with at least two routing domains. Figure 27-5 and MSDP Sample Configurations show the OSPF-BGP configuration used in this chapter for MSDP. Otherwise, see Chapter 31, Open Shortest Path First (OSPFv2 and OSPFv3) and Chapter 10, Border Gateway Protocol IPv4 (BGPv4). 2. Configure PIM-SM within each EGP routing domain.
interface GigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface GigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface GigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown | Multicast Source Discovery Protocol 1/1 1/21 PC 1 : 10.11.3.2/24 R1 1/2 interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.
router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 192.168.0.1/32 area 0 network 10.11.3.0/24 area 0 router ospf 1 network 192.168.0.1/32 area 0 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 redistribute static redistribute connected redistribute bgp 100 R2_E300(conf)#do show run bgp ! router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200 neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.3 update-source Loopback 0 neighbor 192.168.0.
| Multicast Source Discovery Protocol M PI P GM +I R1 1/2 RP1 PC 2 Receiver: 239.0.0.1 1/1 1/21 ip multicast routing ! ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4 AS 100 R2 2/31 R3 3/41 4/31 R4 AS 200 ip multicast-routing ! ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 ip multicast-routing ! ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 4/1 P GM + I PC 3 Receiver: 239.0.0.1 RP2 3/21 M PI ip multicast-routing ! ip pim rp-address 192.168.0.
R1_E600(conf)#do show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpTime 239.0.0.1 10.11.4.2 192.168.0.1 local 95 16:49:25 (10.11.4.2, 239.0.0.1), uptime 1d16h, expires 00:03:12, flags: CTA Incoming interface: GigabitEthernet 1/21, RPF neighbor 10.11.1.21 Outgoing interface list: GigabitEthernet 1/1 Forward/Sparse 22:26:37/Never (*, 239.0.0.1), uptime 22:26:37, expires 00:00:00, RP 192.168.0.
www.dell.com | support.dell.com Enable MSDP Enable MSDP by peering RPs in different administrative domains. Step Task Command Syntax Command Mode 1 Enable MSDP. ip multicast-msdp CONFIGURATION 2 PeerPIM systems in different administrative domains. ip msdp peer connect-source CONFIGURATION Figure 27-7. Configuring an MSDP Peer R3_E600(conf)#ip multicast-msdp R3_E600(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3_E600(conf)#do show ip msdp summary Peer Addr 192.168.0.
• • RPs can transmit SA messages periodically to prevent SA storms, and only sources that are in the cache are advertised in the SA to prevent transmitting multiple copies of the same source information. View the Source-active Cache Task Command Syntax Command Mode View the SA cache. show ip msdp sa-cache EXEC Privilege Figure 27-9. Displaying the MSDP Source-active Cache R3_E600#show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr 239.0.0.1 10.11.4.2 192.168.0.
www.dell.com | support.dell.com • • Task Command Syntax Command Mode Cache rejected sources. ip msdp cache-rejected-sa CONFIGURATION Accept Source-active Messages that fail the RFP Check A default peer is a peer from which active sources are accepted even though they fail the RFP check. • • • • 624 the peer RP is unreachable, or because of an SA message format error. | In Scenario 1 of Figure 27-10, all MSPD peers are up.
Figure 27-10.
www.dell.com | support.dell.com Task Command Syntax Command Mode Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the the RPF check. If you do not specify an access list, the peer accepts all sources advertised by that peer. All sources from RPs denied by the ACL are subjected to the normal RPF check. ip msdp default-peer ip-address list CONFIGURATION Figure 27-11. Accepting Source-active Messages with FTOS(conf)#ip msdp peer 10.0.50.
Prevent MSDP from Caching a Local Source You can prevent MSDP from caching an active source based on source and/or group. Since the source is not cached, it is not advertised to remote RPs. Task Command Syntax Command Mode OPTIONAL: Cache sources that are denied by the redistribute list in the rejected SA cache. ip msdp cache-rejected-sa CONFIGURATION Prevent the system from caching local SA entries based on source and group using an extended ACL.
www.dell.com | support.dell.com Prevent MSDP from Caching a Remote Source Task Command Syntax Command Mode OPTIONAL: Cache sources that are denied by the SA filter in the rejected SA cache. ip msdp cache-rejected-sa CONFIGURATION Prevent the system from caching remote sources learned from a specific peer based on source and group. ip msdp sa-filter list out peer list ext-acl CONFIGURATION In Figure 27-14, R1 is advertising source 10.11.4.2.
Prevent MSDP from Advertising a Local Source Task Command Syntax Command Mode Prevent an RP from advertising a source in the SA cache. ip msdp sa-filter list in peer list ext-acl CONFIGURATION In Figure 27-14, R1 stops advertising source 10.11.4.2. Since it is already in the SA cache of R3, the entry remains there until it expires. Figure 27-14. Preventing MSDP from Advertising a Local Source [Router 1] R1_E600(conf)#do show run msdp ! ip multicast-msdp ip msdp peer 192.168.0.
www.dell.com | support.dell.com Log Changes in Peership States Task Command Syntax Command Mode Log peership state changes. ip msdp log-adjacency-changes CONFIGURATION Terminate a Peership MSDP uses TCP as its transport protocol. In a peering relationship, the peer with the lower IP address initiates the TCP session, while the peer with the higher IP address listens on port 639. Task Command Syntax Command Mode Terminate the TCP connection with a peer.
Clear Peer Statistics Task Command Syntax Command Mode Reset the TCP connection to the peer and clear all peer statistics. clear ip msdp peer peer-address CONFIGURATION Figure 27-16. Clearing Peer Statistics R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.
www.dell.com | support.dell.com Debug MSDP Task Command Syntax Command Mode Display the information exchanged between peers. debug ip msdp CONFIGURATION Figure 27-17. Debugging MSDP R1_E600(conf)#do debug ip msdp All MSDP debugging has been turned on R1_E600(conf)#03:16:08 : MSDP-0: Peer 03:16:09 : MSDP-0: Peer 192.168.0.3, 03:16:27 : MSDP-0: Peer 192.168.0.3, 03:16:38 : MSDP-0: Peer 192.168.0.3, 03:16:39 : MSDP-0: Peer 192.168.0.3, 03:17:09 : MSDP-0: Peer 192.168.0.3, 03:17:10 : MSDP-0: Peer 192.
MSDP with Anycast RP (10.11.4.2, 239.0.0.1), uptime 00:00:52, expires 00:03:20, flags: FTA Incoming interface: GigabitEthernet 2/1, RPF neighbor 0.0.0.0 Outgoing interface list: GigabitEthernet 2/11 Forward/Sparse 00:00:50/00:02:40 GigabitEthernet 2/31 Forward/Sparse 00:00:50/00:02:40 PI M AS X Area 0 + PI M PC 2 Source + MP IG PC 3 Receiver OS PF + Figure 27-18. MP IG 4/1 R4 4/31 OS PF + 2/1 BGP (*, 239.0.0.1), uptime 00:00:23, expires 00:00:00, RP 192.168.0.
www.dell.com | support.dell.com Reducing Source-active Message Flooding RPs flood source-active messages to all of their peers away from the RP. When multiple RPs exist within a domain, the RPs forward received active source information back to the originating RP, which violates the RFP rule. You can prevent this unnecessary flooding by creating a mesh-group. A mesh in this context is a topology in which each RP in a set of RPs has a peership with all other RPs in the set.
Figure 27-19. R1 Configuration for MSDP with Anycast RP ip multicast-routing ! interface GigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface GigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface GigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.11/32 no shutdown ! router ospf 1 network 10.11.2.
www.dell.com | support.dell.com Figure 27-20. 636 R2 Configuration for MSDP with Anycast RP ip multicast-routing ! interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown ! interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown ! interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.
Figure 27-21. R3 Configuration for MSDP with Anycast RP ip multicast-routing ! interface GigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface GigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.
www.dell.com | support.dell.com 638 MSDP Sample Configurations The following figures show the running-configurations for the routers shown in figures Figure 27-5, Figure 27-4, Figure 27-5, Figure 27-6. Figure 27-22. MSDP Sample Configuration: R1 Running-config ip multicast-routing ! interface GigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface GigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface GigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.
Figure 27-23. MSDP Sample Configuration: R2 Running-config ip multicast-routing ! interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown ! interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown ! interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip address 192.168.0.2/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.
www.dell.com | support.dell.com Figure 27-24. 640 MSDP Sample Configuration: R3 Running-config ip multicast-routing ! interface GigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown ! interface GigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface ManagementEthernet 0/0 ip address 10.11.80.3/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.
Figure 27-25. MSDP Sample Configuration: R4 Running-config ip multicast-routing ! interface GigabitEthernet 4/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown ! interface GigabitEthernet 4/22 ip address 10.10.42.1/24 no shutdown ! interface GigabitEthernet 4/31 ip pim sparse-mode ip address 10.11.6.43/24 no shutdown ! interface Loopback 0 ip address 192.168.0.4/32 no shutdown ! router ospf 1 network 10.11.5.0/24 area 0 network 10.11.6.0/24 area 0 network 192.168.0.
www.dell.com | support.dell.
28 Multiple Spanning Tree Protocol Multiple Spanning Tree Protocol is supported on platforms: ces MSTP addressing is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0 and later. Protocol Overview Multiple Spanning Tree Protocol (MSTP)—specified in IEEE 802.1Q-2003—is an RSTP-based spanning tree variation that improves on PVST+.
www.dell.com | support.dell.com Dell Networking OS supports three other variations of Spanning Tree, as shown in Table 44. Table 28-1. Dell Networking OS Supported Spanning Tree Protocols Dell Networking Term IEEE Specification Spanning Tree Protocol 802.1d Rapid Spanning Tree Protocol 802.1w Multiple Spanning Tree Protocol 802.1s Per-VLAN Spanning Tree Plus Third Party Implementation Information • • • • • The Dell Networking OS MSTP implementation is based on IEEE 802.
Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP: Step Task Command Syntax Command Mode 1 Enter PROTOCOL MSTP mode. protocol spanning-tree mstp CONFIGURATION 2 Enable MSTP. no disable PROTOCOL MSTP Verify that MSTP is enabled using the show config command from PROTOCOL MSTP mode, as shown in Figure 28-2. Figure 28-2.
www.dell.com | support.dell.com Figure 28-3. Mapping VLANs to MSTI Instances FTOS(conf)#protocol spanning-tree mstp FTOS(conf-mstp)#msti 1 vlan 100 FTOS(conf-mstp)#msti 2 vlan 200-300 FTOS(conf-mstp)#show config ! protocol spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200-300 All bridges in the MSTP region must have the same VLAN-to-instance mapping. View to which instance a VLAN is mapped using the command show spanning-tree mst vlan from EXEC Privilege mode, as shown in Figure 28-6.
Influence MSTP Root Selection MSTP determines the root bridge, but you can assign one bridge a lower priority to increase the probability that it will become the root bridge. To change the bridge priority: Task Command Syntax Command Mode Assign a number as the bridge priority. A lower number increases the probability that the bridge becomes the root bridge.
www.dell.com | support.dell.com For a bridge to be in the same MSTP region as another, all three of these qualities must match exactly. The default values for name and revision will match on all Dell Networking Dell Networking OS equipment. If you have non-Dell Networking OS equipment that will participate in MSTP, ensure these values to match on all the equipment. Note: Some non-Dell Networking OS equipment may implement a non-null default region name.
To change MSTP parameters, use the following commands on the root bridge: Task Command Syntax Command Mode Change the forward-delay parameter. • Range: 4 to 30 • Default: 15 seconds forward-delay seconds PROTOCOL MSTP Change the hello-time parameter. Note: With large configurations (especially those with more ports) Dell Networking recommends that you increase the hello-time. Range: 1 to 10 Default: 2 seconds hello-time seconds PROTOCOL MSTP Change the max-age parameter.
www.dell.com | support.dell.com Modify Interface Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port: • • Port cost is a value that is based on the interface type. The greater the port cost, the less likely the port will be selected to be a forwarding port. Port priority influences the likelihood that a port will be selected to be a forwarding port in case that several ports have the same port cost.
Configure an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode an interface forwards frames by default until it receives a BPDU that indicates that it should behave otherwise; it does not go through the Learning and Listening states. The bpduguard shutdown-on-violation option causes the interface hardware to be shutdown when it receives a BPDU.
www.dell.com | support.dell.com Configure a Root Guard Use the Root Guard feature in a Layer 2 MSTP network to avoid bridging loops. You enable root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with root guard: • Root guard is supported on any MSTP-enabled port or port-channel interface except when used as a stacking port.
Configure a Loop Guard The Loop Guard feature provides protection against Layer 2 forwarding loops (STP loops) caused by a hardware failure, such as a cable failure or an interface fault. When a cable or interface fails, a participating STP link may become unidirectional (STP requires links to be bidirectional) and an STP port does not receive BPDUs. When an STP blocking port does not receive BPDUs, it transitions to a forwarding state. This condition can create a loop in the network.
www.dell.com | support.dell.com Flush MAC Addresses after a Topology Change Dell Networking OS has an optimized MAC address flush mechanism for RSTP, MSTP, and PVST+ that flushes addresses only when necessary, which allows for faster convergence during topology changes. However, you may activate the flushing mechanism defined by 802.1Q-2003 using the command tc-flush-standard, which flushes MAC addresses upon every topology change notification.
MSTP Sample Configurations The running-configurations in Figure 28-11, Figure 28-12, and Figure 28-12 support the topology shown in Figure 28-10. The configurations are from Dell Networking OS systems. An S50 system using Dell Networking OS, configured as shown Figure 28-14, could be substituted for an Dell Networking OS router in this sample following topology and MSTP would function as designed. Figure 28-10.
www.dell.com | support.dell.com Figure 28-11.
Figure 28-12.
www.dell.com | support.dell.com Figure 28-13.
Figure 28-14.
www.dell.com | support.dell.com Debugging and Verifying MSTP Configuration Display BPDUs using the command debug spanning-tree mstp bpdu from EXEC Privilege mode. Display MSTP-triggered topology change messages debug spanning-tree mstp events. Figure 28-15. Displaying BPDUs and Events FTOS#debug spanning-tree mstp bpdu 1w1d17h : MSTP: Sending BPDU on Gi 1/31 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x68 CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 20000 Regional Bridge Id: 32768:0001.
Figure 28-16. Sample Output for show running-configuration spanning-tree mstp command FTOS#show run spanning-tree mstp ! protocol spanning-tree mstp name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 Figure 28-17. Displaying BPDUs and Events - Debug Log of Successful MSTP Configuration FTOS#debug spanning-tree mstp bpdu MSTP debug bpdu is ON FTOS# 4w0d4h : MSTP: Sending BPDU on Gi 2/21 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x6e CIST Root Bridge Id: 32768:0001.e806.
www.dell.com | support.dell.
29 Multicast Features Multicast Features are supported on platforms: ces Multicast is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0 and later.
www.dell.com | support.dell.com Prior to enabling any multicast protocols, you must enable multicast routing. Task Command Syntax Command Mode Enable multicast routing. ip multicast-routing CONFIGURATION Multicast with ECMP Dell Networking multicast uses Equal-cost Multi-path (ECMP) routing to load-balance multiple streams across equal cost links.
Implementation Information • Because protocol control traffic in Dell Networking OS is redirected using the MAC address, and multicast control traffic and multicast data traffic might map to the same MAC address, Dell Networking OS might forward data traffic with certain MAC addresses to the CPU in addition to control traffic. As the upper five bits of an IP Multicast address are dropped in the translation, 32 different multicast group IDs all map to the same Ethernet address. For example, 224.0.0.
www.dell.com | support.dell.com • Using a Static Multicast MAC Address Limit the Number of Multicast Routes Task Command Syntax Command Mode Limit the total number of multicast routes on the system. ip multicast-limit CONFIGURATION Range: 1-50000 Default: 15000 When the limit is reached, Dell Networking OS does not process any IGMP or MLD joins to PIM—though it still processes leave messages—until the number of entries decreases below 95% of the limit.
Prevent a Host from Joining a Group You can prevent a host from joining a particular group by blocking specific IGMP reports. Create an extended access list containing the permissible source-group pairs. Use the command ip igmp access-group access-list-name from INTERFACE mode to apply the access list. Note: For rules in IGMP access lists, source is the multicast source, not the source of the IGMP packet.
| Multicast Features ip igmp snooping enable interface Vlan 400 ip pim sparse-mode ip address 10.11.4.1/24 untagged GigabitEthernet 1/2 ip igmp access-group igmpjoinfilR2G2 no shutdown (*, 239.0.0.1), uptime 00:00:06, expires 00:00:00, RP 10.11.12.2, flags: SCJ Incoming interface: GigabitEthernet 1/21, RPF neighbor 10.11.12.2 Outgoing interface list: Vlan 400 Forward/Sparse 00:00:06/Never interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.
Rate Limit IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined using the command ip igmp group-join-limit from INTERFACE mode. Hosts whose IGMP requests are denied will use the retry mechanism built-in to IGMP so that they’re membership is delayed rather than permanently denied. View the enable status of this feature using the command show ip igmp interface from EXEC Privilege mode.
| Multicast Features (10.11.5.2, 239.0.0.2), uptime 00:00:33, expires 00:03:07, flags: CT Incoming interface: GigabitEthernet 1/31, RPF neighbor 10.11.13.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:00:40/Never (*, 239.0.0.2), uptime 00:00:40, expires 00:00:00, RP 10.11.12.2, flags: SCJ Incoming interface: GigabitEthernet 1/21, RPF neighbor 10.11.12.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:00:40/Never (10.11.5.2, 239.0.0.
Using a Static Multicast MAC Address Using a Static Multicast MAC Address is supported on platform c When a multicast source and multicast receivers are in the same VLAN, you can configure a router so that multicast traffic is switched only to the ports assigned to a VLAN that is associated with a static multicast MAC address. This task improves router performance by limiting the output ports to which multicast data is sent.
www.dell.com | support.dell.com To display the current configuration of Layer 2 multicast switching on a router, enter the show mac-address-table static multicast [vlan vlan-id | multicast-mac-address [vlan vlan-id]] command in EXEC mode. Static MAC addresses configured for Layer 2 multicast forwarding with an associated VLAN and assigned output ports are displayed as shown in Figure 29-4. Figure 29-4.
IPv6 Multicast Policies IPv6 Multicast Policies is available only on platform: • • • • e Limit the Number of IPv6 Multicast Routes Prevent an IPv6 Neighbor from Forming an Adjacency Prevent an IPv6 Source from Registering with the RP Prevent an IPv6 PIM Router from Processing an IPv6 Join Limit the Number of IPv6 Multicast Routes You can limit the total number of IPv6 multicast routes on the system. The maximum number of multicast entries allowed on each line card is determined by the CAM profile.
www.dell.com | support.dell.com Prevent an IPv6 Source from Registering with the RP Task Command Syntax Command Mode Configured on the source DR, prevent the source DR from sending register packets to the RP for specific sources and groups.
• MTRACE Transit—when a Dell Networking system is an intermediate router between the source and destination in an MTRACE query, Dell Networking OS computes the RPF neighbor for the source, fills in the request, and forwards the request to the RPF neighbor. While computing the RPF neighbor, static mroutes and mBGP routes are preferred over unicast routes. When a Dell Networking system is the last hop to the destination, Dell Networking OS sends a response to the query.
www.dell.com | support.dell.com • • Allocate More Buffer Memory for Multicast WRED Allocate More Bandwidth to Multicast using Egress WFQ Allocate More Buffer Memory for Multicast WRED Allocate more buffer memory to multicast WRED (Weighted Random Early Detection) for bursty multicast traffic that might temporarily become oversubscribed. For example, the example WRED profile in Figure 40-14 allocates multicast traffic a minimum of 40 megabytes (out of 80 megabytes) of buffer memory and up to 60 megabytes.
30 Object Tracking IPv4/IPv6 Object Tracking is available on platforms: c e s (S50 only) This chapter covers the following information: • • • Object Tracking Overview Object Tracking Configuration Displaying Tracked Objects Object tracking allows Dell Networking OS client processes, such as VRRP, to monitor tracked objects (for example, interface or link status) and take appropriate action when the state of an object changes. Note: In release 8.4.1.0, object tracking is supported only on VRRP.
www.dell.com | support.dell.com You can create a tracked object to monitor the metric of the default route 0.0.0.0/0. After you configure the default route as a tracked object, you can configure the VRRP group to track the state of the route. In this way, the VRRP priority of the router with the better metric as determined by OSPF automatically becomes master of the VRRP group.
Tracking Layer 3 Interfaces You can create an object that tracks the Layer 3 state (IPv4 or IPv6 routing status) of an interface. • • The Layer 3 status of an interface is UP only if the Layer 2 status of the interface is UP and the interface has a valid IP address. The Layer 3 status of an interface goes DOWN when its Layer 2 status goes down or the IP address is removed from the routing table.
www.dell.com | support.dell.com • If the scaled metric for a route is greater than or equal to the DOWN threshold or the route is not entered in the routing table, the state of a route is DOWN. The UP and DOWN thresholds are user-configurable for each tracked route. The default UP threshold is 254; the default DOWN threshold is 255. The notification of a change in the state of a tracked object is sent when a metric value crosses a configured threshold.
You can assign a unique priority-cost value from 1 to 254 to each tracked VRRP object or group interface. The priority cost is subtracted from the VRRP group priority if a tracked VRRP object is in a DOWN state. If a VRRP group router acts as owner-master, the run-time VRRP group priority remains fixed at 255 and changes in the state of a tracked object have no effect. For more information on how to track a VRRP object, see Track an Interface or Object.
www.dell.com | support.dell.com To configure object tracking on the status of a Layer 2 interface, use the following commands. To remove object tracking on a Layer 2 interface, enter the no track object-id command. Step 1 Task Command Syntax Command Mode Configure object tracking on the line-protocol state of a Layer 2 interface. track object-id interface interface CONFIGURATION line-protocol Valid object IDs are from 1 to 65535.
For an IPv4 interface, a routing object only tracks the UP/DOWN status of the specified IPv4 interface (track interface ip-routing command). • • The status of an IPv4 interface is UP only if the Layer 2 status of the interface is UP and the interface has a valid IP address. The Layer 3 status of an IPv4 interface goes DOWN when its Layer 2 status goes down (for a Layer 3 VLAN, all VLAN ports must be down) or the IP address is removed from the routing table.
www.dell.com | support.dell.com Figure 30-4.
The tracking process uses a protocol-specific resolution value to convert the actual metric in the routing table to a scaled metric in the range 0 to 255. The resolution value is user-configurable and calculates the scaled metric by dividing a route's cost by the resolution value set for the route type: • • • • For ISIS, you can set the resolution in the range 1 to 1000, where the default is 10. For OSPF, you can set the resolution in the range 1 to 1592, where the default is 1.
www.dell.com | support.dell.com Figure 30-5. Command Example: track ip route reachability FTOS(conf)#track 104 ip route 10.0.0.0/8 reachability FTOS(conf-track-104)#delay up 20 down 10 FTOS(conf-track-104)#end FTOS#show track 104 Track 104 IP route 10.0.0.0/8 reachability Reachability is Down (route not in route table) 2 changes, last change 00:02:49 Tracked by: FTOS#configure FTOS(conf)#track 4 ip route 3.1.1.0/24 reachability vrf vrf1 Figure 30-6.
Step 3 4 5 Task Command Syntax Command Mode (Optional) Configure the time delay used before communicating a change in the UP and/or DOWN status of a tracked route. delay {[up seconds] [down seconds]} OBJECT TRACKING (Optional) Identify the tracked object with a text description. (Optional) Configure the metric threshold for the UP and/or DOWN routing status to be tracked for the specified route. Valid delay times are from 0 to 180 seconds. Default: 0.
www.dell.com | support.dell.
Figure 30-11. Command Example: show track resolution FTOS#show track resolution IP Route Resolution ISIS 1 OSPF 1 IPv6 Route Resolution ISIS 1 OSPF 1 Figure 30-12. Command Example: show track vrf FTOS#show track vrf red Track 5 IP route 192.168.0.
| Object Tracking www.dell.com | support.dell.
31 Open Shortest Path First (OSPFv2 and OSPFv3) ces Open Shortest Path First version 3 (OSPF for IPv6) is supported on platforms c e Open Shortest Path First version 2 (OSPF for IPv4) is supported on platforms OSPF for IPv4 is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0; OSPF for IPv6 is supported on E-Series ExaScale with Dell Networking OS version 8.2.1.0 and later.
www.dell.com | support.dell.com Protocol Overview Open Shortest Path First (OSPF) routing is a link-state routing protocol that calls for the sending of Link-State Advertisements (LSAs) to all other routers within the same Autonomous System (AS) Areas. Information on attached interfaces, metrics used, and other variables is included in OSPF LSAs. As OSPF routers accumulate link-state information, they use the SPF algorithm (Shortest Path First algorithm) to calculate the shortest path to each node.
Figure 31-1. Autonomous System Areas Router M Router K Router F Router E Router L Area 200 Router D Router C Router G Area 100 Area 0 Router H Router B Router A Router I Router J Area 300 Area Types The Backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any Autonomous System (AS). All other areas must connect to Area 0. Areas can be defined in such a way that the backbone is not contiguous.
www.dell.com | support.dell.com A Stub Area (SA) does not receive external route information, except for the default route. These areas do receive information from inter-area (IA) routes. Note that all routers within an assigned Stub area must be configured as stubby, and no generate LSAs that do not apply. For example, a Type 5 LSA is intended for external areas and the Stubby area routers may not generate external LSAs. Stubby areas cannot be traversed by a virtual link.
Figure 31-2.
www.dell.com | support.dell.com Area Border Router (ABR) Within an AS, an Area Border (ABR) connects one or more areas to the Backbone. The ABR keeps a copy of the link-state database for every area it connects to, so it may keep multiple copies of the link state database. An Area Border Router (ABR) takes information it has learned on one of its attached areas and can summarize it before sending it out on other areas it is connected to.
Link-State Advertisements (LSAs) A Link-State Advertisement (LSA) communicates the router's local routing topology to all other local routers in the same area. • • OSPFv3 can treat LSAs as having link-local flooding scope, or store and flood them as if they are understood, while ignoring them in their own SPF algorithms. OSPFv2 always discards unknown LSA types.
www.dell.com | support.dell.com For all LSA types, there are 20-byte LSA headers. One of the fields of the LSA header is the Link-State ID. Each router link is defined as one of four types: type 1, 2, 3, or 4. The LSA includes a link ID field that identifies, by the network number and mask, the object this link connects to. Depending on the type, the link ID has different meanings.
Figure 31-3. Priority and Costs Example Router 2 Priority 180 Cost 50 Router 1 Priority 200 Cost 21 Router 3 Priority 100 Cost 25 Router 4 Priority 150 Cost 20 Router 1 selected by the system as DR. Router 2 selected by the system as BDR. If R1 fails, the system subtracts 21 fromR1 s priority number. R1 s new pr iority is 179. R2 as both the selected BDR and the now-highest priority, becomes the DR. If R3 fails, the system subtracts R2 s new priority is130. 50 fromits priority.
www.dell.com | support.dell.com • • NSSA External (type 7) Opaque Link-local (type 9) Graceful Restart c e and s platforms in Helper and Restart modes. Graceful Restart for OSPFv3 is supported only on et platforms in Helper and Restart modes. Graceful Restart for OSPFv2 is supported on When a router goes down without a Graceful Restart, there is a possibility for loss of access to parts of the network due to ongoing network topology changes.
• period. You reconfigure OSPFv3 graceful restart to a “restarting-only” role when you enable the helper-reject role on an interface. OSPFv3 supports the helper-reject role on a per-interface basis. Configuring helper-reject role on an OSPFv2 router or OSPFv3 interface enables the restarting-only role globally on the router or locally on the interface. In a helper-reject role, OSPF does not participate in the graceful restart of an adjacent OSPFv2/v3 router.
www.dell.com | support.dell.com Each OSPFv2 process has a unique process ID and must have an associated Router ID. There must be an equal number of interfaces must be in Layer-3 mode for the number of processes created. For example, if 5 OSPFv2 processes are created on a system, there must be at least 5 interfaces assigned in Layer-3 mode. Each OSPFv2 process is independent.
Figure 31-4. Enabling RFC-2328 Compliant OSPF Flooding 00:10:41 : OSPF(1000:00): Printed only for ACK packets Rcv. v:2 t:5(LSAck) l:64 Acks 2 rid:2.2.2.2 aid:1500 chk:0xdbee aut:0 auk: keyid:0 from:Vl 1000 LSType:Type-5 AS External id:160.1.1.0 adv:6.1.0.0 seq:0x8000000c LSType:Type-5 AS External id:160.1.2.0 adv:6.1.0.0 seq:0x8000000c 00:10:41 : OSPF(1000:00): Rcv. v:2 t:5(LSAck) l:64 Acks 2 rid:2.2.2.2 aid:1500 chk:0xdbee aut:0 auk: keyid:0 from:Vl 100 LSType:Type-5 AS External id:160.1.1.0 adv:6.1.0.
www.dell.com | support.dell.com To ensure equal intervals between the routers, manually set the dead interval of the Dell Networking router to match the Cisco configuration. Use the command “ip ospf dead-interval ” in interface mode: Figure 31-6. Command Example: ip ospf intervals FTOS(conf)#int gi 2/2 FTOS(conf-if-gi-2/2)#ip ospf hello-interval 20 FTOS(conf-if-gi-2/2)#ip ospf dead-interval 80 FTOS(conf-if-gi-2/2)# Figure 31-7.
2. Enable OSPF globally. Assign network area and neighbors. 3. Add interfaces or configure other attributes.
www.dell.com | support.dell.com Return to CONFIGURATION mode to enable the OSPF process. The OSPF Process ID is the identifying number assigned to the OSPF process, and the Router ID is the IP address associated with the OSPF process. . Command Syntax Command Mode Usage router ospf process-id [vrf {vrf name}] CONFIGURATION Enable the OSPFv2 process globally. Range: 0-65535 vrf name: Enter the VRF key word and instance name to tie the OSPF instance to the VRF.
Enable Multi-Process OSPF Multi-Process OSPF allows multiple OSPFv2 processes on a single router. The following list shows the number of processes supported on each platform type. • • • The E-Series supports up to 30 OSPFv2 processes. The C-Series supports up to 6 OSPFv2 processes. The S-Series supports up to 4 OSPFv2 processes. Follow the same steps as above, when configuring a single OSPF process. Repeat them as often as necessary for the desired number of processes.
www.dell.com | support.dell.com In CONFIGURATION ROUTER OSPF mode, assign the Router ID. The Router ID is not required to be the router’s IP address. Dell Networking recommends using the IP address as the Router ID for easier management and troubleshooting. Command Syntax Command Mode Usage router-id ip address CONFIG-ROUTER-O SPF-id Assign the Router ID for the OSPFv2 process. IP Address: A.B.C.D Use the no router ospf process-id command syntax in the CONFIGURATION mode to disable OSPF.
Enable OSPFv2 on interfaces Each interface must have OSPFv2 enabled on it. It must be configured for Layer 3 protocol, and not be shutdown. OSPFv2 can also be assigned to a loopback interface as a virtual interface. OSPF functions and features, such as MD5 Authentication, Grace Period, Authentication Wait Time, etc, are assigned on a per interface basis. Note: If using features like MD5 Authentication, ensure all the neighboring routers are also configured for MD5.
www.dell.com | support.dell.com Figure 31-10. Command Example: show ip ospf process-id interface FTOS>show ip ospf 1 interface GigabitEthernet 12/17 is up, line protocol is up Internet Address 10.2.2.1/24, Area 0.0.0.0 Process ID 1, Router ID 11.1.2.1, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 11.1.2.1, Interface address 10.2.2.1 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.
Configure stub areas OSPF supports different types of LSAs to help reduce the amount of router processing within the areas. Type 5 LSAs are not flooded into stub areas; the Area Border Router (ABR) advertises a default route into the stub area to which it is attached. Stub area routers use the default route to reach external destinations To ensure connectivity in your OSPFv2 network, never configure the backbone area as a stub area.
www.dell.com | support.dell.
Enable passive interfaces A passive interface is one that does not send or receive routing information. Enabling passive interface suppresses routing updates on an interface. Although the passive interface will neither send nor receive routing updates, the network on that interface will still be included in OSPF updates sent via other interfaces. Use the following command in the ROUTER OSPF mode to suppress the interface’s participation on an OSPF interface.
www.dell.com | support.dell.com Figure 31-13. Command Example: show ip ospf process-id interface FTOS#show ip ospf 34 int GigabitEthernet 0/0 is up, line protocol is down Internet Address 10.1.2.100/24, Area 1.1.1.1 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DOWN, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 0.0.0.0 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.
Figure 31-14 shows the convergence settings when fast-convergence is enabled and Figure 31-15 shows settings when fast-convergence is disabled. These displays appear with the show ip ospf command. Figure 31-14. Command Example: show ip ospf process-id (fast-convergence enabled) FTOS(conf-router_ospf-1)#fast-converge 2 FTOS(conf-router_ospf-1)#ex FTOS(conf)#ex FTOS#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.
www.dell.com | support.dell.com Use any or all of the following commands in CONFIGURATION INTERFACE mode to change OSPFv2 parameters on the interfaces: Command Syntax Command Mode Usage ip ospf cost CONFIG-INTERFACE Change the cost associated with OSPF traffic on the interface. Cost: 1 to 65535 (default depends on the interface speed). ip ospf dead-interval seconds CONFIG-INTERFACE Change the time interval the router waits before declaring a neighbor dead.
Figure 31-16. Changing the OSPF Cost Value on an Interface FTOS(conf-if)#ip ospf cost 45 FTOS(conf-if)#show config ! interface GigabitEthernet 0/0 ip address 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 FTOS(conf-if)#end FTOS#show ip ospf 34 interface The change is made on the interface and it is reflected in the OSPF configuration GigabitEthernet 0/0 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.
www.dell.com | support.dell.com Enable OSPFv2 graceful restart Graceful Restart is enabled for the global OSPF process. Use these commands to configure OSPFv2 graceful restart. Refer to Graceful Restart for feature details. The Dell Networking implementation of OSPFv2 graceful restart enables you to specify: • • • • grace period—the length of time the graceful restart process can last before OSPF terminates it.
Command Syntax Command Mode Usage graceful-restart role [helper-only | restart-only] CONFIG-ROUTEROSPF-id Configure the graceful restart role or roles that this OSPFv2 router performs. Dell Networking OS supports the following options: • Helper-only. The OSPFv2 router supports graceful-restart only as a helper router. • Restart-only. The OSPFv2 router supports graceful-restart only during unplanned restarts. By default, OSPFv2 supports both restarting and helper roles.
www.dell.com | support.dell.com • message-digest-key: MD5 authentication key Use the following command in CONFIGURATION ROUTER OSPF mode to configure virtual links.
Filter routes To filter routes, use prefix lists. OSPF applies prefix lists to incoming or outgoing routes. Incoming routes must meet the conditions of the prefix lists, and if they do not, OSPF does not add the route to the routing table. Configure the prefix list in CONFIGURATION PREFIX LIST mode prior to assigning it to the OSPF process. Command Syntax Command Mode Usage ip prefix-list prefix-name CONFIGURATION Create a prefix list and assign it a unique name. You are in PREFIX LIST mode.
www.dell.com | support.dell.com Use the following command in CONFIGURATION- ROUTER-OSPF mode to redistribute routes: Command Syntax Command Mode Usage redistribute {bgp | connected | isis | rip | static} [metric metric-value | metric-type type-value] [route-map map-name] [tag tag-value] CONFIG-ROUTEROSPF-id Specify which routes will be redistributed into OSPF process.
• • • show neighbors show virtual links show routes Note: If you are using Multi-Process OSPF, you must enter the Process ID to view information regarding a specific OSPF process. If you do not enter the Process ID, only the first configured process is listed. Use the show running-config ospf command to see the state of all the enabled OSPFv2 processes. Command Syntax Command Mode Usage show running-config ospf EXEC Privilege View the summary of all OSPF process IDs enables on the router.
www.dell.com | support.dell.com Use the following command in EXEC Privilege mode to view the OSPFv2 configuration for a neighboring router: Command Syntax Command Mode Usage show ip ospf neighbor EXEC Privilege View the configuration of OSPF neighbors. Use the following command in EXEC Privilege mode to configure the debugging options of an OSPFv2 process: Command Syntax Command Mode Usage debug ip ospf process-id [event | packet | spf] EXEC Privilege View debug messages.
Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2. These are not comprehensive directions. They are intended to give you a some guidance with typical configurations. You can copy and paste from these examples to your CLI. Be sure you make the necessary changes to support your own IP Addresses, Interfaces, Names, etc. Basic OSPFv2 Router Topology The following illustration is a sample basic OSPFv2 topology.
www.dell.com | support.dell.com Configuration Task List for OSPFv3 (OSPF for IPv6) Open Shortest Path First version 3 (OSPF for IPv6) is supported on platforms ce The configuration options of OSPFv3 are the same as those for OSPFv2, but may be configured with differently labeled commands. Process IDs and areas need to be specified. Interfaces and addresses need to be included in the process. Areas can be defined as stub or totally stubby.
Enable IPv6 Unicast Routing Command Syntax Command Mode Usage ipv6 unicast routing CONFIGURATION Enables IPv6 unicast routing globally. Assign IPv6 addresses on an interface Command Syntax Command Mode Usage ipv6 address ipv6 address CONF-INT-type slot/port Assign IPv6 address to the interface. IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:).
www.dell.com | support.dell.com Assign OSPFv3 Process ID and Router ID Globally Command Syntax Command Mode Usage ipv6 router ospf {process ID} CONFIGURATION Enable the OSPFv3 process globally and enter OSPFv3 mode. Range: 0-65535 router-id {number} CONF-IPV6-ROUTER-OSPF Assign the Router ID for this OSPFv3 process number: IPv4 address Format: A.B.C.D Note: The router-id for an OSPFv3 router is entered as an IPv4 IP address.
Configure Passive-Interface Use the following command to suppress the interface’s participation on an OSPFv3 interface. This command stops the router from sending updates on that interface. Command Syntax Command Mode Usage passive-interface {type slot/port} CONF-IPV6-ROUTER-OSPF Specify whether some or all some of the interfaces will be passive. Interface identifies the specific interface that will be passive.
www.dell.com | support.dell.com Redistribute routes You can add routes from other routing instances or protocols to the OSPFv3 process. With the redistribute command syntax, you can include RIP, static, or directly connected routes in the OSPF process. Command Syntax Command Mode Usage redistribute {bgp | connected | static} [metric metric-value | metric-type type-value] [route-map map-name] [tag tag-value] CONF-IPV6-ROUTER-OSPF Specify which routes will be redistributed into OSPF process.
Enable OSPFv3 graceful restart Graceful Restart for OSPFv3 is supported only on platform information on the feature. et. Refer to Graceful Restart for more By default, OSPFv3 graceful restart is disabled and functions only in a helper role to help restarting neighbor routers in their graceful restarts when it receives a Grace LSA.
www.dell.com | support.dell.com To display information on the use and configuration of OSPFv3 graceful restart, enter any of the following commands: Command Syntax Command Mode Usage show run ospf EXEC Privilege Display the graceful-restart configuration for OSPFv2 and OSPFv3 (Figure 31-23). show ipv6 ospf database grace-lsa EXEC Privilege Display the Type-11 Grace LSAs sent and received on an OSPFv3 router (Figure 31-24).
Figure 31-24. Command Example: show ipv6 ospf database database-summary FTOS#show ipv6 ospf database database-summary ! OSPFv3 Router with ID (200.1.1.
www.dell.com | support.dell.com OSPFv3 Authentication Using IPsec OSPFv3 Authentication Using IPsec is supported only on platform: et Starting in release 8.4.2.0, OSPFv3 uses the IP Security (IPsec) to provide authentication for OSPFv3 packets. IPsec authentication ensures security in the transmission of OSPFv3 packets between IPsec-enabled routers. IPsec is a set of protocols developed by the IETF to support secure exchange of packets at the IP layer.
OSPFv3 Authentication using IPsec: Configuration Notes OSPFv3 authentication using IPsec is implemented according to the specifications in RFC 4552, including: • • • • To use IPsec, you configure an authentication (using AH) or encryption (using ESP) security policy on an interface or in an OSPFv3 area. Each security policy consists of a security policy index (SPI) and the key used to validate OSPFv3 packets. After IPsec is configured for OSPFv3, IPsec operation is invisible to the user.
www.dell.com | support.dell.com • • • Configuring IPsec Authentication for an OSPFv3 Area Configuring IPsec Encryption for an OSPFv3 Area Displaying OSPFv3 IPsec Security Policies Configuring IPsec Authentication on an Interface Prerequisite: Before you enable IPsec authentication on an OSPFv3 interface, you must first enable IPv6 unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area (see Configuration Task List for OSPFv3 (OSPF for IPv6)).
Configuring IPsec Encryption on an Interface Prerequisite: Before you enable IPsec encryption on an OSPFv3 interface, you must first enable IPv6 unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area (see Configuration Task List for OSPFv3 (OSPF for IPv6)).
www.dell.com | support.dell.com To remove an IPsec encryption policy from an interface, enter the no ipv6 ospf encryption ipsec spi number command. To remove null encryption on an interface to allow the interface to inherit the encryption policy configured for the OSPFv3 area, enter the no ipv6 ospf encryption null command. To display the configuration of IPsec encryption policies on the router, enter the show crypto ipsec policy command.
To display the configuration of IPsec authentication policies on the router, enter the show crypto ipsec policy command. Configuring IPsec Encryption for an OSPFv3 Area Prerequisite: Before you enable IPsec encryption in an OSPFv3 area, you must first enable OSPFv3 globally on the router (see Configuration Task List for OSPFv3 (OSPF for IPv6)).
www.dell.com | support.dell.com Note that when you configure encryption with the area encryption command, you enable both IPsec encryption and authentication. However, when you enable authentication on an area with the area authentication command, you do not enable encryption at the same time. If you have enabled IPsec authentication in an OSPFv3 area with the area authentication command, you cannot use the area encryption command in the area at the same time.
Figure 31-26. Command Example: show crypto ipsec policy FTOS#show crypto ipsec policy Crypto IPSec client security policy data Policy name Policy refcount Inbound ESP SPI Outbound ESP SPI Inbound ESP Auth Key Outbound ESP Auth Key Inbound ESP Cipher Key Outbound ESP Cipher Key Transform set : : : : : : : : : In this encryption policy, the keys OSPFv3-1-502 are not encrypted.
www.dell.com | support.dell.com To display the IPsec security associations (SAs) used on OSPFv3 interfaces, enter the following command: Command Syntax Command Mode Usage show crypto ipsec sa ipv6 [interface interface] EXEC Privilege Displays security associations set up for OSPFv3 links in IPsec authentication and encryption policies on the router.
Figure 31-27.
www.dell.com | support.dell.com Troubleshooting OSPFv3 Dell Networking OS has several tools to make troubleshooting easier. Be sure to check the following, as these are typical issues that interrupt the OSPFv3 process. Note that this is not a comprehensive list, just some examples of typical troubleshooting checks.
Use the following command in EXEC Privilege mode to configure the debugging options of an OSPFv3 process: Command Syntax Command Mode Usage debug ipv6 ospf [event | packet] {type slot/port} EXEC Privilege View debug messages for all OSPFv3 interfaces. • event: View OSPF event messages. • packet: View OSPF packets. • For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information (e.g. passive-interface gi 2/1).
www.dell.com | support.dell.
32 PIM Dense-Mode PIM Dense-Mode is supported on platforms: ces PIM-Dense Mode (PIM-DM) is a multicast protocol that directs routers to forward multicast traffic to all subnets until the router receives a request to stop; this behavior is the opposite of PIM-Sparse Mode, which does not forward multicast traffic to a subnet until the traffic is specifically requested using a PIM Join message.
www.dell.com | support.dell.com Figure 32-1. Multicast Flooding in a PIM-DM Network Source Group Address: 239.192.0.1 Hello R1 Adjacency R2 Receiver PIM-DM 001 R4 R3 Refusing Multicast Traffic If a PIM-DM router has no receivers for a group, it refuses multicast traffic by sending a PIM Prune message to address 224.0.0.13 out of the source interface. The upstream neighbor receives the prune message and determines if it has any remaining neighbors downstream.
When a router receives a prune message, it flags the relevant (S,G) entry and sets a timer. If the timer expires, it begins flooding traffic out of the interface, and downstream routers must again evaluate whether to prune itself from the tree. To prevent the timer from expiring, while the source is sending traffic for the (S,G), the first-hop router periodically sends an (S,G) state-refresh messages down the entire SPT.
www.dell.com | support.dell.com Configure PIM-DM Configuring PIM-DM is a two-step process: 1. Enable multicast routing using the command ip multicast-routing from CONFIGURATION mode. 2. Enable PIM-DM on an interface. See page 750. Related Configuration Tasks • • Clear the PIM TIB using the command clear ip pim tib from EXEC Privilege mode. Debug PIM-DM by displaying control activity (packets, events, timers, etc.) using the command debug ip pim from EXEC Privilege mode.
Figure 32-4. Enabling PIM-DM R1_E600(conf-if-range-gi-1/0,gi-1/12,gi-1/13)#show config ! interface GigabitEthernet 1/0 description Connection to Ixia ip address 2.1.0.1/24 ip pim dense-mode no shutdown ! interface GigabitEthernet 1/12 ip address 2.1.1.1/24 ip pim dense-mode no shutdown ! interface GigabitEthernet 1/13 ip address 2.1.2.1/24 ip pim dense-mode no shutdown R1_E600(conf-if-range-gi-1/0,gi-1/12,gi-1/13)#router rip R1_E600(conf-router_rip)#show config ! router rip network 2.0.0.
www.dell.com | support.dell.com Figure 32-6. 752 Viewing PIM Neighbors Command Example R1_E600(conf)#do show ip pim neighbor Neighbor Interface Address 2.1.1.2 Gi 1/12 2.1.2.2 Gi 1/13 R1_E600(conf)# Uptime/Expires Ver DR Prio/Mode GR 01:43:51/00:01:35 02:00:46/00:01:41 v2 v2 0 0 / D / D Display the PIM routing table using the command show ip pim tib from EXEC privilege mode, as shown in Figure 32-7.
Figure 32-7. Viewing the PIM Multicast Routing Table ------------------------------------- Router 1 ---------------------------------------------R1_E600(conf)#do show ip pim tib PIM Multicast Routing Table Flags: D - Dense, S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, M - MSDP created entry, A - Candidate for MSDP Advertisement K - Ack-Pending State Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 239.192.0.
| PIM Dense-Mode www.dell.com | support.dell.
33 PIM Sparse-Mode PIM Sparse-Mode is supported on platforms: ces PIM-SM is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0 and later. PIM-Sparse Mode (PIM-SM) is a multicast protocol that forwards multicast traffic to a subnet only upon request using a PIM Join message; this behavior is the opposite of PIM-Dense Mode, which forwards multicast traffic to all subnets until it receives a request to stop.
www.dell.com | support.dell.com Protocol Overview To distribute the same traffic to multiple receivers, PIM-SM creates a tree extending from a root, called the Rendezvous Point (RP), down branches that extend to the nodes which have requested the traffic. Nodes requesting the same traffic belong to the same multicast group. Initially, a single PIM-SM tree called a shared tree to distribute traffic.
Sending Multicast Traffic With PIM-SM, all multicast traffic must initially originate from the RP. A source must unicast traffic to the RP so that the RP can learn about the source and create an SPT to it. Then the last-hop DR may create an SPT directly to the source. 1. The source gateway router (first-hop DR) receives the multicast packets and creates an (S,G) entry in its multicast routing table.
www.dell.com | support.dell.com 3. Enable PIM-SM on an interface. See page 758.
Figure 33-2. Viewing PIM Neighbors Command Example FTOS#show ip pim neighbor Neighbor Interface Address 127.87.5.5 Gi 4/11 127.87.3.5 Gi 4/12 127.87.50.5 Gi 7/13 FTOS# Uptime/Expires Ver 01:44:59/00:01:16 01:45:00/00:01:16 00:03:08/00:01:37 v2 v2 v2 DR Prio/Mode 1 / S 1 / DR 1 / S Display the PIM routing table using the command show [ip | ipv6] pim tib from EXEC privilege mode, as shown in Figure 33-3. Figure 33-3.
www.dell.com | support.dell.com Configure the expiry time for a particular (S,G) entry: Step Task Command Syntax Command Mode 1 Create an Extended ACL ip access-list extended access-list-name CONFIGURATION 2 Specify the source and group to which the timer will be applied using extended ACLs with permit rules only. [seq sequence-number] permit ip CONFIG-EXT-NACL 3 Set the expiry time for a specific (S,G) entry (Figure 33-4).
Figure 33-5. Electing a Rendezvous Point FTOS#sh run int loop0 ! interface Loopback 0 ip address 1.1.1.1/32 ip pim sparse-mode no shutdown FTOS#sh run pim ! ip pim rp-address 1.1.1.1 group-address 224.0.0.0/4 Override Bootstrap Router Updates PIM-SM routers need to know the address of the RP for each group for which they have (*,G) entry. This address is obtained automatically through the bootstrap router (BSR) mechanism or a static RP configuration.
www.dell.com | support.dell.com IP Version Task Command Syntax Command Mode IPv6 Override bootstrap router RP election results with your static RP configuration. ipv6 pim rp-address CONFIGURATION IPv6 Display the assigned RP for a group. show ipv6 pim rp EXEC Privilege IPv6 Display the assigned RP for a group range (group-to-RP mapping).
Configure a Designated Router Multiple PIM-SM routers might be connected to a single LAN segment. One of these routers is elected to act on behalf of directly connected hosts. This router is the Designated Router (DR). The DR is elected using hello messages. Each PIM router learns about its neighbors by periodically sending a hello message out of each PIM-enabled interface. Hello messages contain the IP address of the interface out of which it is sent and a DR priority value.
www.dell.com | support.dell.com IP Version Task Command Syntax Command Mode IPv6 Filter inbound and outbound Bootstrap Router messages per interface. ipv6 pim bsr-border INTERFACE Remove candidate RP advertisements. clear ip pim rp-mapping EXEC PRIVILEGE Set a Threshold for Switching to the SPT Set a Threshold for Switching to the SPT is available only on platform: e Initially, a single PIM-SM tree called a shared tree to distribute traffic.
Dell Networking OS supports PIM-SM graceful restart based on the GenID. Per RFC 4601, hello messages should contain a Generation_Identifier option, which contains a randomly generated value (GenID) that is regenerated each time PIM forwarding is started or restarted on the interface, including when the router restarts.
www.dell.com | support.dell.com To prevent these delivery errors you must statically map the potential incoming interfaces for the (*,G) entries via the CLI. When you create this mapping, (*,G) entries are programmed in hardware. Packets are then fast forwarded starting with the first packet, and the potential for these delivery errors is avoided. Step 1 Task Command Syntax Command Mode Create a standard access-list that permits one or more IGMP groups.
• Table 33-1. It is recommended that you do not enable IGMP snooping on a PIM-SM snooping-enabled VLAN interface unless until it is necessary for VLAN operation.
www.dell.com | support.dell.com Feature Overview PIM-SM snooping functions in a Layer 2 network in which multiple routers are interconnected by a switch, such as an IXP where Internet service providers (ISPs) exchange Internet traffic between their networks. By default, the switch floods multicast traffic to all VLAN member ports, regardless of whether there are multicast receivers downstream that are joined to a multicast group.
• In the downstream PIM TIB, states and timers are maintained for each VLAN and member port. The downstream outgoing-interface timers for each valid (*,G) and (S,G) entry are started for each VLAN/ port and upstream neighbor combination: (port,*,G,neighbor) or (port,S,G,neighbor), where port is a downstream port and neighbor is the upstream neighbor. • A timer is removed when a timer times out or a prune message is received for a specific VLAN member port.
www.dell.com | support.dell.com PIM-SM Snooping Example Figure 33-8 shows an example with PIM-SM snooping enabled. When Router A sends a join message to Router B, the switches forward the join message only to Router B without flooding the message to other connected routers, such as Routers C and D. Figure 33-8.
Similarly, in Figure 33-8, when PIM-SM snooping is enabled and multicast data is sent to VLAN members of group G, the switches forward the data traffic from the server attached to Router B only to the router (Router A) in the multicast group that should receive it. Without PIM-SM snooping, the switches would flood the data to all connected routers, including Routers C and D. Figure 33-9.
www.dell.com | support.dell.com PIM-SM Snooping Configuration You can enable PIM-SM snooping globally on a switch or on individual VLANs. PIM-SM snooping is not enabled by default and does not require an IP address, PIM-DM, or PIM-SM. PIM-SM snooping and PIM multicast routing are mutually exclusive: PIM-SM snooping cannot be enabled on a switch/router if PIM-SM or PIM-DM is enabled.
Verify PIM-SM Snooping To display information about PIM-SM snooping operation, enter one of the following show commands: Task Command Command Mode Display information about PIM neighbors discovered by PIM-SM snooping. show ip pim snooping neighbor [vlan vlan-id] EXEC Privilege Figure 33-10 Display information about PIM group members and states stored in the tree information base (TIB) that was discovered by PIM-SM snooping.
www.dell.com | support.dell.com Figure 33-11. PIM-SM snooping: show ip pim snooping tib FTOS#show ip pim snooping tib PIM Multicast Snooping Table Flags: J/P - (*,G) Join/Prune, j/p - (S,G) Join/Prune SGR-P - (S,G,R) Prune Timers: Uptime/Expires * : Inherited port (*, 225.1.2.1), uptime 00:00:01, expires 00:02:59, RP 165.87.70.1, flags: J Incoming interface: Vlan 2, RPF neighbor 0.0.0.0 Outgoing interface list: GigabitEthernet 4/11 RPF 165.87.32.
Figure 33-13.
www.dell.com | support.dell.com Figure 33-14. PIM-SM snooping: show ip mroute snooping FTOS#show ip mroute snooping IPv4 Multicast Snooping Table (*, 224.0.0.0), uptime 17:46:23 Incoming vlan: Vlan 2 Outgoing interface list: GigabitEthernet 4/13 (*, 225.1.2.1), uptime 00:04:16 Incoming vlan: Vlan 2 Outgoing interface list: GigabitEthernet 4/11 GigabitEthernet 4/13 (165.87.1.7, 225.1.2.
34 PIM Source-Specific Mode PIM Source-Specific Mode is supported on platforms: ces PIM-SSM is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0 and later. PIM-Source-Specific Mode (PIM-SSM) is a multicast protocol that forwards multicast traffic from a single source to a subnet. In the other versions of Protocol Independent Multicast (PIM), a receiver subscribes to a group only.
| PIM Source-Specific Mode (10.11.5.2, 239.0.0.2), uptime 00:00:36, expires 00:03:14, flags: CT Incoming interface: GigabitEthernet 1/31, RPF neighbor 10.11.13.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:02:12/Never interface Vlan 400 ip pim sparse-mode ip address 10.11.4.1/24 untagged GigabitEthernet 1/2 ip igmp version 3 no shutdown interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.1/24 no shutdown RP 2/1 R1 3/21 3/1 Source 1 10.11.5.
Implementation Information • • • • • The Dell Networking implementation of PIM-SSM is based on RFC 3569. C-Series supports a maximum of 31 PIM interfaces and 4K multicast entries including (*,G), and (S,G) entries. There is no limit on the number of PIM neighbors C-Series can have. S-Series supports a maximum of 31 PIM interfaces and 2K multicast entries including (*,G), and (S,G) entries. There is no limit on the number of PIM neighbors S-Series can have.
www.dell.com | support.dell.com Enable PIM-SSM To enable PIM-SSM: Step Task Command Syntax Command Mode 1 Create an ACL that uses permit rules to specify what range of addresses should use SSM. You must at least include one rule, permit 232.0.0.0/8, which is the default range for PIM-SSM. [ip | ipv6] access-list standard name CONFIGURATION 2 Enter the command ip pim ssm-range and specify the ACL you created.
• When an extended ACL is associated with this command, Dell Networking OS displays an error message. If you apply an extended ACL before you create it, Dell Networking OS accepts the configuration, but when the ACL is later defined, Dell Networking OS ignores the ACL and the stated mapping has no effect. Display the source to which a group is mapped using the command show ip igmp ssm-map [group], as shown in Figure 34-4.
| PIM Source-Specific Mode interface Vlan 400 ip pim sparse-mode ip address 10.11.4.1/24 untagged GigabitEthernet 1/2 ip igmp version 3 no shutdown ip igmp snooping enable (10.11.5.2, 239.0.0.2), uptime 00:00:33, expires 00:00:00, flags: CJ Incoming interface: GigabitEthernet 1/31, RPF neighbor 10.11.13.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:00:33/Never (10.11.5.2, 239.0.0.1), uptime 00:01:50, expires 00:03:28, flags: CT Incoming interface: GigabitEthernet 1/31, RPF neighbor 10.11.
Figure 34-4. Configuring PIM-SSM with IGMPv2 R1(conf)#do show run pim ! ip pim rp-address 10.11.12.2 group-address 224.0.0.0/4 ip pim ssm-range ssm R1(conf)#do show run acl ! ip access-list standard map seq 5 permit host 239.0.0.2 ! ip access-list standard ssm seq 5 permit host 239.0.0.2 R1(conf)#ip igmp ssm-map map 10.11.5.2 R1(conf)#do show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Mode 239.0.0.2 Vlan 300 IGMPv2-Compat Member Ports: Gi 1/1 239.0.0.
| PIM Source-Specific Mode www.dell.com | support.dell.
35 Power over Ethernet and Power over Ethernet Plus cs Power over Ethernet Plus (PoE+) is supported only on platform: c Power over Ethernet (PoE) is supported only on platforms: This chapter contains the following major sections: • • • Configuring PoE/PoE+ Power Additional PoE Ports on the S-Series Deploying VOIP Power over Ethernet (PoE), as described by IEEE 802.3af specifies that a maximum of 15.
www.dell.com | support.dell.com Table 35-1 describes the classes of powered devices defined by IEEE 802.3af and 802.3at: Table 35-1. Classes of Powered Devices Class Power Range (Watts) Classification Current (mA) 0 0.44 to 12.95 < 5.0 1 0.44 to 3.84 10.5 2 3.84 to 6.49 18.5 3 6.49 to 12.95 28 PoE+ only 4 12.95 to 25.5 40 Note: Class 4 is meant for IEEE802.3at compliant devices which require >12.95 Watts.
The Power Supply 1600W-AC is auto-sensing and can provide either 1200W or 1600W, depending upon the input power source. Low-line (100-130VAC) input yields 1200W/54V and high-line (>180VAC) input yields 1600W/54V. You can have both 1200W and 1600W output, as long as all PSUs are Power Supply 1600W-AC. In the C7008/C300, the system power requirement is fulfilled before allocating power for PoE/PoE+.
www.dell.com | support.dell.com . Table 35-2.
Configuring PoE/PoE+ Configuring PoE/PoE+ is a two-step process: 1. Connect the IEEE 802.3af/802.3at -compliant powered device directly to a port. 2. Enable PoE/PoE+ on the port, as described next. Related Configuration Tasks • • • • • Manage Ports using Power Priority and the Power Budget Monitor the Power Budget Manage Power Priorities Recover from a Failed Power Supply Power Additional PoE Ports on the S-Series Enabling PoE/PoE+ on a Port PoE/PoE+ is disabled by default.
www.dell.com | support.dell.com Figure 35-1. Enabling PoE/PoE+ R1(conf)# int range gi 1/1 R1(conf-if-gi-1/1)# power inline auto R1(conf)# int range gi 0/1 R1(conf-if-gi-0/1)# power inline static 1/1 0/1 1/0 R1(conf)# int range gi 1/0 R1(conf-if-gi-1/0)# power inline auto 5000 View the amount of power that a port is consuming using the show power inline command from EXEC privilege mode. Figure 35-2.
Table 35-4. show power inline Field Description Field Port Number Class Displays the power classification of the connected device. If the device is powered up properly, it will display, Class 0, 1, 2, 3, or 4. Displays NO_DEVICE if no device is present, LEGACY if a legacy device is connected, PD_S/C if a short-circuit condition is detected, or PD_OVRLD if overload condition is detected. Note: After device detection, the Class value received via 802.
www.dell.com | support.dell.com 792 Table 35-5 describes the fields that the show power detail command displays. Table 35-5. | show power detail Field Description Field Port Number Unit (S-Series only) The stack member unit ID. Catalog Name (C-Series only) Displays the component’s Dell Networking catalog number. Slot ID (C-Series only) Displays the slot number in which the line card or RPM is installed. Total Power Available The total power available in the stack member or chassis.
Upgrade the PoE Controller Follow these steps to upgrade the PoE controller. Note: You cannot upgrade the PoE controller, when any other upgrade is in progress. Note: Upgrading the PoE controller may take few minutes to complete. The CLI is blocked until the upgrade is complete. Step 1 Task Command Mode Upgrade the PoE controller.
www.dell.com | support.dell.com FTOS# show revision -- RPM 0 -RPM FPGA Required FPGA version : 5.0 : 5.0 -- RPM 1 -RPM FPGA Required FPGA version : 5.0 : 5.0 -- Line card 0 -48 Port 1G LCM FPGA Required FPGA version : 3.6 : 3.6 -- Line card 1 -48 Port 1G LCM FPGA Required FPGA version : 3.6 : 3.6 -- Line card 2 -48 Port 1G LCM POEPLUS FPGA : 0.1 Required FPGA version : 0.1 PoE-Controller version : 2.39 -- Line card 3 -48 Port 1G LCM FPGA Required FPGA version : 3.6 : 3.
Dell Networking OS uses the following four parameters, in order, for defining the power priority for a port: 1. the power-inline mode: static or auto 2. the power-inline priority configuration 3. the LLDP-MED priority sent by the PD in the Extended Power-via-MDI TLV or the priority sent by the PD in the IEEE 802.3at power-via-mdi TLV 4. the port’s slot and port number Dell Networking OS maintains a sorted list of PoE/PoE+ ports based on these four parameters.
static: www.dell.com | support.dell.com Ports configured in static mode reserve a fixed power allocation whether a device is connected or not. By default 15.4W is allocated for PoE and 30.0W for PoE+, but this is user-configurable with the max_milliwatts option. No dynamic PoE/PoE+ class detection is performed on static ports, and Extended Power via MDI TLVs or IEEE 802.3at power-via-mdi TLVs have no effect.
2. When you configure a port with power inline auto with the power limit option max_milliwatts, power is only allocated after you connect a device to the port. • • • If the maximum power for the device class is less than the power limit you specified, Dell Networking OS allocates the required amount and returns the remaining amount to the budget. If there is not enough power in the budget, the configuration is maintained and the port waits for power to become available.
www.dell.com | support.dell.com The second result in this scenario is true even if a powered device is not connected to the port. Power can be allocated to a port, thus subtracting it from the power budget and making it unavailable to other ports, but that power does not have to be consumed. Manage Power Priorities PoE/PoE+ -enabled ports have power access priorities based first on their configuration and then by line card and port number. The default prioritization is presented in Table 35-6.
Recover from a Failed Power Supply If ports are PoE/PoE+ -enabled, and a PSU fails, power might be terminated on some ports to compensate for the power loss. This does not affect PoE/PoE+ individual port configurations. For C-Series, use the show power supply command to display PSU status (Figure 35-4). For S-Series, see the Power over Ethernet (PoE) chapter in the Dell Networking OS Command Reference for the S-Series for an example of the output of the show power inline output and its field descriptions.
www.dell.com | support.dell.com When a failed PSU is replaced and there is sufficient power for PoE/PoE+ , power is automatically re-supplied for previously configured PoE/PoE+ ports, and power is supplied first to ports with the highest priority. Figure 35-6.
Deploying VOIP VoIP phones on the market today follow the same basic boot and operations process: 1. Wait for an LLDP from the Ethernet switch. 2. Obtain an IP address from a DHCP server. 3. Send an LLDP-MED frame to the switch. 4. Wait for an LLDP-MED frame from the switch and read the Network Policy TLV to get the VLAN ID, Layer 2 Priority, and DSCP value. 5. Download applications and software from the call manager. 6.
www.dell.com | support.dell.com Figure 35-8.
Configure Quality of Service for an Office VOIP Deployment There are multiple ways you can use QoS to map ingress phone and PC traffic so that you can give them each a different quality of service. See Chapter 40, Quality of Service.
www.dell.com | support.dell.com Classifying VOIP traffic and applying QoS policies Avoid congestion and give precedence to voice and signaling traffic by classifying traffic based on subnet and using strict priority and bandwidth weights on egress, as outlined in the steps below. Figure 35-12 depicts the topology and shows the configuration for a C-Series. The steps are the same on an S-Series. Figure 35-13 is a screenshot showing some of the steps and the resulting running-config. Figure 35-12.
Figure 35-13. Classifying VOIP Traffic and Applying QoS Policies for an Office VOIP Deployment FTOS#sh run acl ! ip access-list extended pc-subnet seq 5 permit ip 201.1.1.0/24 any ! ip access-list extended phone-signalling seq 5 permit ip 192.1.1.0/24 host 192.1.1.1 ! ip access-list extended phone-subnet seq 5 permit ip 192.1.1.
www.dell.com | support.dell.
36 Policy-based Routing Policy-based Routing is supported on platforms: ces PBR is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0 and later. PBR is supported on the E-Series TeraScale, C-Series, and S-Series platforms in Dell Networking OS 8.4.2.0 and later.
ps ps Mb Operations Mb ps ps Mb Mb ps Mb Internet ps 45 10 1.5 With 3 separate internet connections from the Edge Routers, bandwidth can be allotted to meet each department's needs. Some departments will need higher-speed internet access while others will require less bandwidth. Customer Support Sales 1.5 Marketing 10 Engineering Mb Finance PBR Example 45 www.dell.com | support.dell.com Figure 36-1.
2. If the specified next-hops are not reachable, then the normal routing table is used to forward the traffic. 3. Dell Networking OS supports multiple next-hop entries in the redirect lists. 4. Redirect-Lists are applied at Ingress. Implementing Policy-based Routing with Dell Networking OS Non-contiguous bitmasks for PBR Non-contiguous bitmasks for PBR allows more granular and flexible control over routing policies. Network addresses that are in the middle of a subnet can be included or excluded.
www.dell.com | support.dell.com Configuration Task List for Policy-based Routing To enable the PBR: 1. 2. 3. Create a Redirect List Create a Rule for a Redirect-list Apply a Redirect-list to an Interface using a Redirect-group Create a Redirect List Use the following command in CONFIGURATION mode: Command Syntax Command Mode Purpose ip redirect-list redirect-list-name CONFIGURATION Create a redirect list by entering the list name.
Create a Rule for a Redirect-list Use the following command in CONFIGURATION REDIRECT-LIST mode to set the rules for the redirect list. You can enter the command multiple times and create a sequence of redirect rules. Use the seq nn redirect version of the command to organize your rules.
www.dell.com | support.dell.com Figure 36-4. Creating a Rule Example FTOS(conf-redirect-list)#redirect ? A.B.C.D Forwarding router's address sonet SONET interface IP address of forwarding router FTOS(conf-redirect-list)#redirect 3.3.3.3 ? <0-255> An IP protocol number icmp Internet Control Message Protocol ip Any Internet Protocol tcp Transmission Control Protocol udp User Datagram Protocol FTOS(conf-redirect-list)#redirect 3.3.3.3 ip ? A.B.C.
PBR Exceptions (Permit) Use the command permit to create an exception to a redirect list. Exceptions are used when a forwarding decision should be based on the routing table rather than a routing policy. Dell Networking OS assigns the first available sequence number to a rule configured without a sequence number and inserts the rule into the PBR CAM region next to the existing entries. Since the order of rules is important, ensure that you configure any necessary sequence numbers.
www.dell.com | support.dell.com Apply a Redirect-list to an Interface using a Redirect-group IP redirect lists are supported on physical interfaces as well as VLAN and port-channel interfaces. Note: When you apply a redirect-list on a port-channel on the E-Series, when traffic is redirected to the next hop and the destination port-channel is shut down, the traffic is dropped. However, on the C-Series, the traffic redirected to the destination port-channel is sometimes switched.
Show Redirect List Configuration To view the configuration redirect list configuration, use the following command in EXEC mode: Command Syntax Command Mode Purpose show ip redirect-list redirect-list-name EXEC View the redirect list configuration and the associated interfaces. show cam pbr show cam-usage EXEC View the redirect list entries programmed in the CAM. List the redirect list configuration using the show ip redirect-list redirect-list-name command.
www.dell.com | support.dell.com Figure 36-12. Showing CAM PBR Configuration Example FTOS(conf-if-gi-8/1)#do show cam pbr l 8 p0 TCP Flag: Bit 5 - URG, Bit 4 - ACK, Bit 3 - PSH, Bit 2 - RST, Bit 1 - SYN, Bit 0 - FIN Cam Port VlanID Proto Tcp Index Flag Src Dst Port Port SrcIp DstIp Next-hop MAC -------------------------------------------------------------------------------------------------------------------------------06080 0 N/A IP 0x0 0 0 200.200.200.200 200.200.200.200 199.199.199.
Figure 36-13. PBR Sample Illustration Customer Support 192.168.1.0 /24 192.168.2.0 /24 10.0.0.0 /16 10.1.0.0 /16 GigE 2/11 EDGE_ROUTER 1.5 Mbps 10 Mbps 45 Mbps 10.44.44.13 10.22.22.
www.dell.com | support.dell.com Figure 36-14. PBR Sample Configuration Create the Redirect-List GOLD. EDGE_ROUTER(conf-if-gi-3/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#$direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#$redirect 10.99.99.254 ip 192.168.2.
37 Port Monitoring Port Monitoring is supported on platforms: ces Port Monitoring is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0 and later. Port Monitoring is a feature that copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG).
www.dell.com | support.dell.com • A source port (MD) can only be monitored by one destination port (MG). The following error is displayed if you try to assign a monitored port to more than one monitoring port.
E-Series TeraScale The E-Series TeraScale system supports 1 monitoring session per port-pipe. E-Series TeraScale supports a maximum of 28 port pipes. On the E-Series TeraScale, Dell Networking OS supports a single source-destination statement in a monitor session (Message 2). E-Series TeraScale supports only one source and one destination port per port-pipe (Message 3). Therefore, the E-Series TeraScale supports as many monitoring sessions as there are port-pipes in the system.
www.dell.com | support.dell.com Port Monitoring on C-Series and S-Series The C-Series and S-Series support multiple source-destination statements in a monitor session, but there may only be one destination port in a monitoring session (Message 4). Message 4 One Destination Port in a Monitoring Session Error Message on C-Series and S-Series % Error: Only one MG port is allowed in a session.
Figure 37-3. Number of Monitoring Ports on the C-Series and S-Series FTOS(conf)#mon ses 300 FTOS(conf-mon-sess-300)#source gig 0/17 destination gig 0/4 direction tx % Error: Exceeding max MG ports for this MD port pipe.
www.dell.com | support.dell.com Figure 37-5.
Configuring Port Monitoring To configure port monitoring: Step Command Syntax Command Mode Task 1 show interface EXEC Privilege Verify that the intended monitoring port has no configuration other than no shutdown, as shown in Figure 37-6. 2 monitor session CONFIGURATION Create a monitoring session using the command monitor session from CONFIGURATION mode, as shown in Figure 37-6.
www.dell.com | support.dell.com Figure 37-7.
View an access-list that you applied to an interface using the command show ip accounting access-list from EXEC Privilege mode, as shown in Figure 37-8. Figure 37-8. Configuring Flow-based Monitoring FTOS(conf)#monitor session 0 FTOS(conf-mon-sess-0)#flow-based enable FTOS(conf)#ip access-list ext testflow FTOS(config-ext-nacl)#seq 5 permit icmp any any count bytes monitor FTOS(config-ext-nacl)#seq 10 permit ip 102.1.1.
www.dell.com | support.dell.com Remote Port Mirroring Example Figure 37-9 shows an example of how remote port mirroring works. Remote port mirroring uses the analyzers shown in the aggregation network in Site A. The VLAN traffic on monitored links from the access network is tagged and assigned to a dedicated L2 VLAN. Monitored links are configured in two source sessions shown with orange and green circles.
Configuration Notes When you configure remote port mirroring, the following conditions apply: • • • • • You can configure any switch in the network with source ports and destination ports, and allow it to function in an intermediate transport session for a reserved VLAN at the same time for multiple remote-port mirroring sessions. You can enable and disable individual mirroring sessions. BPDU monitoring is not required to use remote port mirroring.
www.dell.com | support.dell.com • A destination port for remote port mirroring cannot be used as a source port, including the session in which the port functions as the destination port. A source port channel or source VLAN, which has a member port that is configured as a destination port, cannot be used as a source port channel or source VLAN. A VLAN cannot be used as a source VLAN for remote port mirroring if: - The VLAN consists of more than 128 ports.
2. A source session that consists of multiple source ports, port channels, and VLANs which are associated with the dedicated VLAN and located on different source switches 3.
www.dell.com | support.dell.com Configure a dedicated L2 VLAN for Remote Port Mirroring Step Command Syntax Command Mode Task 1 interface vlan vlan-id CONFIGURATION Create a VLAN to transport mirrored traffic in remote port mirroring. Valid vlan-id values are 1 to 4094. The default VLAN ID is not supported. 2 mode remote-port-mirroring VLAN INTERFACE Configure the dedicated L2 VLAN to be used to transport mirrored traffic in remote port mirroring.
Configure a Source Session on Multiple Switches Step 2 Command Syntax Command Mode Task source {single-interface | range {interface-list | interface-range | mixed-interface-list} | vlan vlan-id | range {vlan-list | vlan-range | mixed-vlan-list}} destination remote-vlan vlan-id direction {rx | tx | both} MONITOR SESSION range interface-range specifies one of the following interface ranges: gigabitethernet slot/first_port - last_port tengigabitethernet slot/first_port - last_port port-channel first_numb
www.dell.com | support.dell.com Configure a Destination Session on Multiple Switches Step Command Syntax Command Mode Task 1 monitor session session-id CONFIGURATION Configure the destination session for remote port mirroring and enter Monitor Session configuration mode.
Displaying Remote-Port Mirroring Configurations To display the current configuration of remote port mirroring for a specified session, enter the show config command in MONITOR SESSION configuration mode.
www.dell.com | support.dell.com Sample Configuration: Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a destination session (destination ports connected to analyzers on destination switches). Figure 37-10 shows a sample configuration of remote port mirroring on a source switch.
Figure 37-12 shows a sample configuration of remote port mirroring on a destination switch. Note that in the show monitor session output of a destination session, the source is the reserved VLAN (for example, remote-vlan 22) and the destination is the destination port (for example, Gi 4/73) to which an analyzer is attached. Figure 37-12.
| Port Monitoring www.dell.com | support.dell.
38 Private VLANs Private VLANs is available on platforms: cs Private VLANs (PVLANs) provide Layer 2 isolation between ports within the same VLAN. That is, peer-to-peer communication is restricted or blocked. This is done by dividing the VLAN, into subdomains, and then restricting or blocking traffic flow between them.
www.dell.com | support.dell.com Figure 38-1. PVLAN: Primary and Secondary VLANs Primary VLAN Isolated VLAN Community VLAN Network There are three types of ports in PVLAN: • • • Host Ports—these ports are the ones that Private VLAN aims to isolate. They are connected to end-stations. Promiscuous Ports—these ports are members of the primary VLAN, and function as gateways to the primary and secondary VLANs. Trunk Ports—trunk ports carry tagged traffic between switches.
• • If a promiscuous or host port is untagged in a VLAN, and it receives a tagged packet in the same VLAN, the packet will NOT be dropped. A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch. Configure Private VLANs Configuring Private VLANs is a 3-step process: 1. Configure PVLAN Ports 2. Place PVLAN Ports in a Secondary VLAN 3.
www.dell.com | support.dell.com • Step Host ports cannot communicate with each other; they can only communicate with promiscuous ports. Task Command Syntax Command Mode 1 Access the INTERFACE VLAN mode for the VLAN that you want to make a community VLAN. interface vlan vlan-id CONFIGURATION 2 Designate the VLAN as a community or isolated VLAN. private-vlan mode {community | isolated} INTERFACE VLAN 3 Add one or more host ports to the VLAN.
Table 38-1. Private VLAN Commands Task Command Syntax Command Mode Display primary-secondary VLAN mapping.
| Private VLANs www.dell.com | support.dell.
39 Per-VLAN Spanning Tree Plus Per-VLAN Spanning Tree Plus is supported platforms: ces Port Monitoring is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0 and later. Protocol Overview Per-VLAN Spanning Tree Plus (PVST+) is a variation of Spanning Tree—developed by a third party— that allows you to configure a separate Spanning Tree instance for each VLAN. For more information on Spanning Tree, see Chapter 51, Spanning Tree Protocol. Figure 39-1.
www.dell.com | support.dell.com Dell Networking OS supports three other variations of Spanning Tree, as shown in Table 39-1. Table 39-1. Dell Networking OS Supported Spanning Tree Protocols Dell Networking Term IEEE Specification Spanning Tree Protocol 802.1d Rapid Spanning Tree Protocol 802.1w Multiple Spanning Tree Protocol 802.1s Per-VLAN Spanning Tree Plus Third Party Implementation Information • • • • The Dell Networking OS implementation of PVST+ is based on IEEE Standard 802.1d.
Enable PVST+ When you enable PVST+, Dell Networking OS instantiates STP on each active VLAN. To enable PVST+ globally: Step Task Command Syntax Command Mode 1 Enter PVST context. protocol spanning-tree pvst PROTOCOL PVST 2 Enable PVST+. no disable PROTOCOL PVST Disable PVST+ Task Command Syntax Command Mode Disable PVST+ globally. disable PROTOCOL PVST Disable PVST+ on an interface, or remove a PVST+ parameter configuration.
Load Balancing with PVST+ STI 2 root STI 1: VLAN 100 STI 2: VLAN 200 STI 3: VLAN 300 R2 vlan 100 bridge-priority 4096 2/32 Blocking 3/22 X R3 STI 3 root vlan 100 bridge-priority 4096 3/12 2/12 Forwarding www.dell.com | support.dell.com Figure 39-3. 1/22 X X 1/32 STI 1 root R1 vlan 100 bridge-priority 4096 The bridge with the bridge value for bridge priority is elected root.
Figure 39-4. Display the PVST+ Forwarding Topology FTOS_E600(conf)#do show spanning-tree pvst vlan 100 VLAN 100 Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 100 Current root has priority 4096, Address 0001.e80d.
www.dell.com | support.dell.com Modify Global PVST+ Parameters The root bridge sets the values for forward-delay, and hello-time and overwrites the values set on other PVST+ bridges. • • • Forward-delay is the amount of time an interface waits in the Listening State and the Learning State before it transitions to the Forwarding State. Hello-time is the time interval in which the bridge sends Bridge Protocol Data Units (BPDUs).
Table 39-2 lists the default values for port cost by interface. Table 39-2. PVST+ Default Port Cost Values Port Cost Default Value 100-Mb/s Ethernet interfaces 200000 1-Gigabit Ethernet interfaces 20000 10-Gigabit Ethernet interfaces 2000 Port Channel with 100 Mb/s Ethernet interfaces 180000 Port Channel with 1-Gigabit Ethernet interfaces 18000 Port Channel with 10-Gigabit Ethernet interfaces 1800 Note: The Dell Networking OS implementation of PVST+ uses IEEE 802.
www.dell.com | support.dell.com To enable EdgePort on an interface, use the following command: Task Enable EdgePort on an interface. Command Mode spanning-tree pvst edge-port INTERFACE [bpduguard | shutdown-on-violation] The EdgePort status of each interface is given in the output of the command show spanning-tree pvst, as shown in Figure 39-4.
Configure a Root Guard Use the Root Guard feature in a Layer 2 PVST+ network to avoid bridging loops. You enable root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with root guard: • Root guard is supported on any PVST-enabled port or port-channel interface except when used as a stacking port.
www.dell.com | support.dell.com Configure a Loop Guard The Loop Guard feature provides protection against Layer 2 forwarding loops (STP loops) caused by a hardware failure, such as a cable failure or an interface fault. When a cable or interface fails, a participating STP link may become unidirectional (STP requires links to be bidirectional) and an STP port does not receive BPDUs. When an STP blocking port does not receive BPDUs, it transitions to a forwarding state.
PVST+ in Multi-vendor Networks Some non-Dell Networking systems which have hybrid ports participating in PVST+ transmit two kinds of BPDUs: an 802.1D BPDU and an untagged PVST+ BPDU. Dell Networking systems do not expect PVST+ BPDU (tagged or untagged) on an untagged port. If this happens, Dell Networking OS places the port in error-disable state. This behavior might result in the network not converging.
www.dell.com | support.dell.com Task Command Syntax Command Mode Augment the Bridge ID with the VLAN ID. extend system-id PROTOCOL PVST FTOS(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32773 (priority 32768 sys-id-ext 5), Address 0001.e832.
PVST+ Sample Configurations Figure 39-7, Figure 39-8, and Figure 39-9 provide the running configurations for the topology shown in Figure 39-3. Figure 39-7.
www.dell.com | support.dell.com Figure 39-8.
40 Quality of Service Quality of Service (QoS) is supported on platforms: ces Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. The E-Series has eight unicast queues per port and 128 multicast queues per-port pipe. Traffic is queued on ingress and egress. By default, on ingress, all data traffic is mapped to Queue 0, and all control traffic is mapped to Queue 7. On egress control traffic is mapped across all eight queues.
www.dell.com | support.dell.com Table 40-1.
Figure 40-1. Dell Networking QoS Architecture Marking (DiffServ, 802.1p, Exp) Ingress Packet Processing Packet Classification (ACL) Rate Policing Buffers Class-based Queues Switching Rate Limiting Buffers Class-based Queues Egress Congestion Management (WFQ Scheduling) Egress Packet Processing Traffic Shaping Congestion Avoidance (WRED) Implementation Information Dell Networking QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication.
www.dell.com | support.dell.com Port-based QoS Configurations You can configure the following QoS features on an interface: • • • • • Set dot1p Priorities for Incoming Traffic Configure Port-based Rate Policing Configure Port-based Rate Limiting Configure Port-based Rate Shaping Broadcast Storm Control Set dot1p Priorities for Incoming Traffic Change the priority of incoming traffic on the interface using the command dot1p-priority from INTERFACE mode, as shown in Figure 40-2.
Honor dot1p Priorities on Ingress Traffic By default Dell Networking OS does not honor dot1p priorities on ingress traffic. Use the command service-class dynamic dot1p from INTERFACE mode to honor dot1p priorities on ingress traffic, as shown in Figure 40-3. You can configure this feature on physical interfaces and port-channels, but you cannot configure it on individual interfaces in a port channel.
www.dell.com | support.dell.com Configure Port-based Rate Policing Rate policing ingress traffic on an interface using the command rate police from INTERACE mode, as shown in Figure 40-4. If the interface is a member of a VLAN, you may specify the VLAN for which ingress packets are policed. Dell Networking OS Behavior: On the C-Series and S-Series, rate shaping is effectively rate limiting because of its smaller buffer size. On the E-Series: — 802.
Configure Port-based Rate Limiting Configure Port-based Rate Limiting is supported only on platform e Dell Networking OS Behavior: On the C-Series and S-Series, rate shaping is effectively rate limiting because of its smaller buffer size. On the E-Series: — 802.1Q-priority tagged frames are sometimes not rate-limited according to the configured rate-limit value.
www.dell.com | support.dell.com Configure Port-based Rate Shaping Rate shaping buffers, rather than drops, traffic exceeding the specified rate until the buffer is exhausted. If any stream exceeds the configured bandwidth on a continuous basis, it can consume all of the buffer space that is allocated to the port. Apply rate shaping to outgoing traffic on a port using the command rate shape from INTERFACE mode, as shown in Figure 40-8.
Policy-based QoS Configurations Policy-based QoS configurations consist of the components shown in Figure 40-9. Figure 40-9.
www.dell.com | support.dell.com 2. Once you create a class-map, Dell Networking OS places you in CLASS MAP mode. From this mode, specify your match criteria using the command match ip, as shown in Figure 40-10. Match-any class maps allow up to five ACLs, and match-all class-maps allow only one ACL. 3. After you specify your match criteria, link the class-map to a queue using the command service-queue from POLICY MAP mode, as shown in Figure 40-10. Figure 40-10.
Determine the order in which ACLs are used to classify traffic When you link class-maps to queues using the command service-queue, Dell Networking OS matches the class-maps according to queue priority (queue numbers closer to 0 have lower priorities). For example, in Figure 40-10, class-map cmap2 is matched against ingress packets before cmap1. ACLs acl1 and acl2 have overlapping rules because the address range 20.1.1.0/24 is within 20.0.0.0/8.
www.dell.com | support.dell.com Dell Networking OS Behavior: An explicit “deny any" rule in a Layer 3 ACL used in a (match any or match all) class-map creates a "default to Queue 0" entry in the CAM, which causes unintended traffic classification. Below, traffic is classified in two Queues, 1 and 2. Class-map ClassAF1 is “match any,” and ClassAF2 is “match all”.
Create a QoS Policy There are two types of QoS policies: input and output. Input QoS policies regulate Layer 3 and Layer 2 ingress traffic. The regulation mechanisms for input QoS policies are rate policing and setting priority values. There are two types of input QoS policies: Layer 3 and Layer 2. • • Layer 3 QoS input policies allow you to rate police and set a DSCP or dot1p value. Layer 2 QoS input policies allow you to rate police and set a dot1p value.
www.dell.com | support.dell.com Figure 40-12. Marking DSCP Values for Egress Packets FTOS#config FTOS(conf)#qos-policy-input my-input-qos-policy FTOS(conf-qos-policy-in)#set ip-dscp 34 % Info: To set the specified DSCP value 34 (100-010 b) the QoS policy must be mapped to queue 4 (100 b).
Configure policy-based rate shaping Rate shape egress traffic using the command rate-shape from QOS-POLICY-OUT mode. Output QoS policy can be applied to an output policy map with a policy aggregate or to an specific queue. Per queue rate shaping is supported on C-Series and S-Series only; see Create Output Policy Maps.
www.dell.com | support.dell.com Table 40-4 shows an example of choosing bandwidth weights for all four queues to achieve a target bandwidth allocation. Table 40-4. Assigning Bandwidth Weights for the C-Series and S-Series Weight Equivalent Percentage Target Allocation 0 1 0.44% 1% 1 64 28.44% 25% 2 128 56.89% 60% 3 32 14.
Apply an input QoS policy to an input policy map Apply an input QoS policy to an input policy map using the command policy-aggregate from POLICY-MAP-IN mode. Honor DSCP values on ingress packets Dell Networking OS provides the ability to honor DSCP values on ingress packets using Trust DSCP feature. Enable this feature using the command trust diffserv from POLICY-MAP-IN mode. Table 40-5 lists the standard DSCP definitions, and indicates to which queues Dell Networking OS maps DSCP values.
www.dell.com | support.dell.com Honoring dot1p values on ingress packets Dell Networking OS provides the ability to honor dot1p values on ingress packets with the Trust dot1p feature. Enable Trust dot1p using the command trust dot1p from POLICY-MAP-IN mode. Table 40-6 specifies the queue to which the classified traffic is sent based on the dot1p value. Table 40-6.
In the following configuration, packets are classified to queues using the three class maps: ! policy-map-input input-policy service-queue 1 class-map qos-BE1 service-queue 3 class-map qos-AF3 service-queue 4 class-map qos-AF4 ! class-map match-any qos-AF3 match ip dscp 24 match ip access-group qos-AF3-ACL ! class-map match-any qos-AF4 match ip dscp 32 match ip access-group qos-AF4-ACL ! class-map match-all qos-BE1 match ip dscp 0 match ip access-group qos-BE1-ACL The packet classification logic for the ab
www.dell.com | support.dell.com On the C-Series and S-Series all traffic is by default mapped to the same queue, Queue 0. If you honor dot1p on ingress, then you can create service classes based the queueing strategy in Table 40-6 using the command service-class dynamic dot1p from INTERFACE mode. You may apply this queuing strategy globally by entering this command from CONFIGURATION mode. • • All dot1p traffic is mapped to Queue 0 unless service-class dynamic dot1p is enabled on an interface or globally.
Specify an aggregate QoS policy Specify an aggregate QoS policy using the command policy-aggregate from POLICY-MAP-OUT mode. Apply an output policy map to an interface Apply an input policy map to an interface using the command service-policy output from INTERFACE mode. You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it.
www.dell.com | support.dell.com Strict-priority Queueing You can assign strict-priority to one unicast queue, 1-7, using the command strict-priority from CONFIGURATION mode. Strict-priority means that Dell Networking OS dequeues all packets from the assigned queue before servicing any other queues. • • • The strict-priority supersedes bandwidth-percentage an bandwidth-weight percentage configurations. A queue with strict-priority can starve other queues in the same port-pipe.
You can create a custom WRED profile or use on of the five pre-defined profiles listed in Table 40-7. Table 40-7. Pre-defined WRED Profiles Default Profile Minimum Name Threshold Maximum Threshold wred_drop 0 0 wred_ge_y 1024 2048 wred_ge_g 2048 4096 wred_teng_y 4096 8192 wred_teng_g 8192 16384 Create WRED Profiles To create a WRED profile: 1. Create a WRED profile using the command wred from CONFIGURATION mode. 2. The command wred places you in WRED mode.
www.dell.com | support.dell.com WRED can be used in combination with storm control to regulate broadcast and unknown-unicast traffic. This feature is available through an additional option in command storm-control [broadcast | unknown-unicast] at CONFIGURATION. See the Dell Networking OS Command Line Reference for information on using this command.
Figure 40-15.
www.dell.com | support.dell.com For example, if you configure 70% bandwidth to multicast, 80% bandwidth to one queue in unicast and 0 % to all remaining unicast queues, then first, Dell Networking OS assigns 70% bandwidth to multicast, then Dell Networking OS derives the 80% bandwidth for unicast from the remaining 30% of total bandwidth. Pre-calculating Available QoS CAM Space Pre-calculating Available QoS CAM Space is supported on platforms: ces Before version 7.3.
• Status indicates whether or not the specified policy-map can be completely applied to an interface in the port-pipe. • Allowed indicates that the policy-map can be applied because the estimated number of CAM entries is less or equal to the available number of CAM entries. The number of interfaces in the port-pipe to which the policy-map can be applied is given in parenthesis.
| Quality of Service www.dell.com | support.dell.
41 Routing Information Protocol Routing Information Protocol is supported only on platforms: ce s RIP is supported on the S-Series following the release of Dell Networking OS version 7.8.1.0, and on the C-Series with Dell Networking OS versions 7.6.1.0 and after. RIP is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0 and later.
www.dell.com | support.dell.com RIP must receive regular routing updates to maintain a correct routing table. Response messages containing a router’s full routing table are transmitted every 30 seconds. If a router does not send an update within a certain amount of time, the hop count to that route is changed to unreachable (a route hop metric of 16 hops). Another timer sets the amount of time before the unreachable routes are removed from the routing table.
RIP is best suited for small, homogeneous networks. All devices within the RIP network must be configured to support RIP if they are to participate in the RIP.
www.dell.com | support.dell.com Figure 41-1. show config Command Example in ROUTER RIP mode FTOS(conf-router_rip)#show config ! router rip network 10.0.0.0 FTOS(conf-router_rip)# When the RIP process has learned the RIP routes, use the show ip rip database command in the EXEC mode to view those routes (Figure 385). Figure 41-2. show ip rip database Command Example (Partial) FTOS#show ip rip database Total number of routes in RIP database: 978 160.160.0.0/16 [120/1] via 29.10.10.12, 00:00:26, Fa 160.
Assign IP addresses to interfaces that are part of the same subnet as the RIP network identified in the network command syntax. Control RIP routing updates By default, RIP broadcasts routing information out all enabled interfaces, but you can configure RIP to send or to block RIP routing information, either from a specific IP address or a specific interface.
www.dell.com | support.dell.com To add routes from other routing instances or protocols, use any of the following commands in the ROUTER RIP mode: Command Syntax Command Mode Purpose redistribute {connected | static} [metric metric-value] [route-map map-name] ROUTER RIP Include directly connected or user-configured (static) routes in RIP. • metric range: 0 to 16 • map-name: name of a configured route map.
Figure 41-3 shows an example of the RIP configuration after the ROUTER RIP mode version command is set to RIPv2. When the ROUTER RIP mode version command is set, the interface (GigabitEthernet 0/0) participating in the RIP process is also set to send and receive RIPv2. Figure 41-3.
www.dell.com | support.dell.com Figure 41-5.
Summarize routes Routes in the RIPv2 routing table are summarized by default, thus reducing the size of the routing table and improving routing efficiency in large networks. By default, the autosummary command in the ROUTER RIP mode is enabled and summarizes RIP routes up to the classful network boundary. If you must perform routing between discontiguous subnets, disable automatic summarization. With automatic route summarization disabled, subnets are advertised.
www.dell.com | support.dell.com Debug RIP The debug ip rip command enables RIP debugging. When debugging is enabled, you can view information on RIP protocol changes or RIP routes. To enable RIP debugging, use the following command in the EXEC privilege mode: Command Syntax Command Mode Purpose debug ip rip [interface | database | events | trigger] EXEC privilege Enable debugging of RIP. Figure 41-6 shows the confirmation when the debug function is enabled. Figure 41-6.
Configuring RIPv2 on Core 2 Figure 41-8. Configuring RIPv2 on Core 2 Core2(conf-if-gi-2/31)# Core2(conf-if-gi-2/31)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10.0 Core2(conf-router_rip)#network 10.300.10.0 Core2(conf-router_rip)#network 10.11.10.0 Core2(conf-router_rip)#network 10.11.20.0 Core2(conf-router_rip)#show config ! router rip network 10.0.0.
www.dell.com | support.dell.com Figure 41-10.
RIP Configuration on Core 3 Figure 41-12. RIP Configuration on Core 3 Core3(conf-if-gi-3/21)#router rip Core3(conf-router_rip)#version 2 Core3(conf-router_rip)#network 192.168.1.0 Core3(conf-router_rip)#network 192.168.2.0 Core3(conf-router_rip)#network 10.11.30.0 Core3(conf-router_rip)#network 10.11.20.0 Core3(conf-router_rip)#show config ! router rip network 10.0.0.0 network 192.168.1.0 network 192.168.2.
www.dell.com | support.dell.com Figure 41-14.
RIP Configuration Summary Figure 41-16. Summary of Core 2 RIP Configuration Using Output of show run Command ! interface GigabitEthernet 2/11 ip address 10.11.10.1/24 no shutdown ! interface GigabitEthernet 2/31 ip address 10.11.20.2/24 no shutdown ! interface GigabitEthernet 2/41 ip address 10.200.10.1/24 no shutdown ! interface GigabitEthernet 2/42 ip address 10.250.10.1/24 no shutdown router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 Figure 41-17.
www.dell.com | support.dell.
42 Remote Monitoring Remote Monitoring is supported on platform ces Remote Monitoring is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0 and later. This chapter describes the Remote Monitoring (RMON): • • Implementation Fault Recovery Remote Monitoring (RMON) is an industry-standard implementation that monitors network traffic by sharing network monitoring information.
www.dell.com | support.dell.com • RFC-3434 Fault Recovery RMON provides the following fault recovery functions: Interface Down—When an RMON-enabled interface goes down, monitoring continues. However, all data values are registered as 0xFFFFFFFF (32 bits) or ixFFFFFFFFFFFFFFFF (64 bits). When the interface comes back up, RMON monitoring processes resumes. Note: A Network Management System (NMS) should be ready to interpret a down interface and plot the interface performance graph accordingly.
Set rmon alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. To disable the alarm, use the no form of this command: Command Syntax Command Mode Purpose [no] rmon alarm number variable interval {delta | absolute} rising-threshold [value event-number] falling-threshold value event-number [owner string] CONFIGURATION Set an alarm on any MIB object. Use the no form of this command to disable the alarm.
www.dell.com | support.dell.com Figure 42-1. rmon alarm Command Example FTOS(conf)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 20 delta rising-threshold 15 1 falling-threshold 0 owner nms1 Alarm Number MIB Variable Monitor Interval Counter Value Limit Triggered Event The above example configures RMON alarm number 10. The alarm monitors the MIB variable 1.3.6.1.2.1.2.2.1.20.1 (ifEntry.ifOutErrors) once every 20 seconds until the alarm is disabled, and checks the rise or fall of the variable.
Figure 42-2. rmon event Command Example FTOS(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 The above configuration example creates RMON event number 1, with the description “High ifOutErrors”, and generates a log entry when the event is triggered by an alarm. The user nms1 owns the row that is created in the event table by this command. This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”.
www.dell.com | support.dell.com Configure RMON collection history To enable the RMON MIB history group of statistics collection on an interface, use the rmon collection history command in interface configuration mode. To remove a specified RMON history group of statistics collection, use the no form of this command.
43 Rapid Spanning Tree Protocol Rapid Spanning Tree Protocol is supported on platforms: ces RSTP is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0 and later. Protocol Overview Rapid Spanning Tree Protocol (RSTP) is a Layer 2 protocol—specified by IEEE 802.1w—that is essentially the same as Spanning-Tree Protocol (STP) but provides faster convergence and interoperability with switches configured with STP and MSTP.
www.dell.com | support.dell.com • • • • • • • Modify Interface Parameters Configure an EdgePort Preventing Network Disruptions with BPDU Guard Influence RSTP Root Selection Configuring Spanning Trees as Hitless Fast Hellos for Link State Detection Flush MAC Addresses after a Topology Change Important Points to Remember • • • • RSTP is disabled by default. Dell Networking OS supports only one Rapid Spanning Tree (RST) instance.
Configure Interfaces for Layer 2 Mode All interfaces on all bridges that will participate in Rapid Spanning Tree must be in Layer 2 and enabled. Figure 43-1.
www.dell.com | support.dell.com Enable Rapid Spanning Tree Protocol Globally Rapid Spanning Tree Protocol must be enabled globally on all participating bridges; it is not enabled by default. To enable Rapid Spanning Tree globally for all Layer 2 interfaces: Step Task Command Syntax Command Mode 1 Enter the PROTOCOL SPANNING TREE RSTP mode. protocol spanning-tree rstp CONFIGURATIO N 2 Enable Rapid Spanning Tree.
Figure 43-4. Rapid Spanning Tree Enabled Globally root R1 R2 1/3 Forwarding 2/1 1/4 Blocking 2/2 1/1 1/2 3/1 3/2 3/3 2/3 2/4 3/4 R3 Port 684 (GigabitEthernet 4/43) is alternate Discarding Port path cost 20000, Port priority 128, Port Identifier 128.684 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port id is 128.
www.dell.com | support.dell.com Figure 43-5. show spanning-tree rstp Command Example FTOS#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.cbb4 Configured hello time 2, max age 20, forward delay 15, max hops 0 We are the root Current root has priority 32768, Address 0001.e801.
Figure 43-6. show spanning-tree rstp brief Command Example R3#show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e80f.1dad Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------- -------- ---- ------- --- ------- -------------------- -------Gi 3/1 128.
www.dell.com | support.dell.com Table 43-2 displays the default values for RSTP. Table 43-2.
Modify Interface Parameters On interfaces in Layer 2 mode, you can set the port cost and port priority values. • • Port cost is a value that is based on the interface type. The default values are listed in Table 43-2. The greater the port cost, the less likely the port will be selected to be a forwarding port. Port priority influences the likelihood that a port will be selected to be a forwarding port in case that several ports have the same port cost.
www.dell.com | support.dell.com Verify that EdgePort is enabled on a port using the show spanning-tree rstp command from the EXEC privilege mode or the show config command from INTERFACE mode; Dell Networking recommends using the show config command, as shown in Figure 43-7. Dell Networking OS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1 If the interface to be shutdown is a port channel then all the member ports are disabled in the hardware.
Influence RSTP Root Selection The Rapid Spanning Tree Protocol determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it will be selected as the root bridge. To change the bridge priority, use the following command: Task Command Syntax Command Mode Assign a number as the bridge priority or designate it as the primary or secondary root. priority-value range: 0 to 65535.
www.dell.com | support.dell.com Fast Hellos for Link State Detection Fast Hellos for Link State Detection is available only on platform: s Use RSTP Fast Hellos to achieve sub-second link-down detection so that convergence is triggered faster. The standard RSTP link-state detection mechanism does not offer the same low link-state detection speed. RSTP Fast Hellos decrease the hello interval to the order of milliseconds and all timers derived from the hello timer are adjusted accordingly.
Configure a Root Guard Use the Root Guard feature in a Layer 2 RSTP network to avoid bridging loops. You enable root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with root guard: • Root guard is supported on any RSTP-enabled port or port-channel interface except when used as a stacking port.
www.dell.com | support.dell.com Configure a Loop Guard The Loop Guard feature provides protection against Layer 2 forwarding loops (STP loops) caused by a hardware failure, such as a cable failure or an interface fault. When a cable or interface fails, a participating STP link may become unidirectional (STP requires links to be bidirectional) and an STP port does not receive BPDUs. When an STP blocking port does not receive BPDUs, it transitions to a forwarding state.
Displaying STP Guard Configuration To verify the STP guard configured on RSTP port or port-channel interfaces, enter the show spanning-tree rstp guard command. Refer to Chapter 51, Spanning Tree Protocol for information on how to configure and use the STP root guard, loop guard, and BPDU guard features. Figure 43-9 shows an example for an RSTP network (instance 0) in which: • • • Root guard is enabled on a port that is in a root-inconsistent state.
www.dell.com | support.dell.
44 Security Security features are supported on platforms ces This chapter discusses several ways to provide access security to the Dell Networking system. Platform-specific features are identified by the c, e or s icons (as shown below). Security features are supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0 and later.
www.dell.com | support.dell.
Suppress AAA Accounting for null username sessions When AAA Accounting is activated, the Dell Networking OS software issues accounting records for all users on the system, including users whose username string, because of protocol translation, is NULL. An example of this is a user who comes in on a line where the AAA Authentication login method-list none command is applied.
www.dell.com | support.dell.com No specific show command exists for TACACS+ accounting. To obtain accounting records displaying information about users currently logged in, perform the following task in Privileged EXEC mode: Command Syntax Command Mode Purpose show accounting CONFIGURATION Step through all active sessions and print all the accounting records for the actively accounted functions. Figure 44-1.
Configure login authentication for terminal lines You can assign up to five authentication methods to a method list. Dell Networking OS evaluates the methods in the order in which you enter them in each list. If the first method list does not respond or returns an error, Dell Networking OS applies the next method list until the user either passes or fails the authentication. If the user fails a method list, Dell Networking OS does not apply the next method list.
www.dell.com | support.dell.com To view the configuration, use the show config command in the LINE mode or the show running-config in the EXEC Privilege mode. Note: Dell Networking recommends that you use the none method only as a backup. This method does not authenticate users. The none and enable methods do not work with SSH. You can create multiple method lists and assign them to different terminal lines.
To use local authentication for enable secret on console, while using remote authentication on VTY lines, perform the following steps: FTOS(config)# aaa authentication enable mymethodlist radius tacacs FTOS(config)# line vty 0 9 FTOS(config-line-vty)# enable authentication mymethodlist Server-side configuration TACACS+: When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then, a second packet with just the password.
www.dell.com | support.dell.com • Privilege level 15—the default level for the enable command, is the highest level. In this level you can access any command in Dell Networking OS. Privilege levels 2 through 14 are not configured and you can customize them for different users and access. After you configure other privilege levels, enter those levels by adding the level parameter after the enable command or by configuring a user name or password that corresponds to the privilege level.
To configure a username and password, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose username name [access-class access-list-name] [nopassword | password [encryption-type] password] [privilege level] CONFIGURATION Assign a user name and password. Configure the optional and required parameters: • name: Enter a text string up to 63 characters long. • access-class access-list-name: Enter the name of a configured IP ACL.
www.dell.com | support.dell.com Configure custom privilege levels In addition to assigning privilege levels to the user, you can configure the privilege levels of commands so that they are visible in different privilege levels. Within Dell Networking OS, commands have certain privilege levels. With the privilege command, the default level can be changed or you can reset their privilege level back to the default.
Step Command Syntax Command Mode Purpose 3 privilege mode {level level command | reset command} CONFIGURATION Configure level and commands for a mode or reset a command’s level. Configure the following required and optional parameters: • mode: Enter a keyword for the modes (exec, configure, interface, line, route-map, router) • level level range: 0 to 15. Levels 0, 1 and 15 are pre-configured. Levels 2 to 14 are available for custom configuration.
www.dell.com | support.dell.com Figure 44-3. User john’s Login and the List of Available Commands apollo% telnet 172.31.1.53 Trying 172.31.1.53... Connected to 172.31.1.53. Escape character is '^]'.
To move to a lower privilege level, enter the command disable followed by the level-number you wish to set for the user in the EXEC Privilege mode. If you enter disable without a level-number, your security level is 1. RADIUS Remote Authentication Dial-In User Service (RADIUS) is a distributed client/server protocol. This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and a RADIUS client (the Dell Networking system).
www.dell.com | support.dell.com 28 RADIUS_IDLE_TIMEOUT 61 RADIUS_NAS_PORT_TYPE 95 NAS_IPv6_ADDRESS 802.
Idle Time Every session line has its own idle-time. If the idle-time value is not changed, the default value of 30 minutes is used. RADIUS specifies idle-time allow for a user during a session before timeout. When a user logs in, the lower of the two idle-time values (configured or default) is used.
www.dell.com | support.dell.com • Monitor RADIUS (optional) For a complete listing of all Dell Networking OS commands related to RADIUS, refer to the Security chapter in the Dell Networking OS Command Reference. Note: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of authentication. However, if RADIUS authorization is configured and authentication is not, then a message is logged stating this.
Specify a RADIUS server host When configuring a RADIUS server host, you can set different communication parameters, such as the UDP port, the key password, the number of retries, and the timeout.
www.dell.com | support.dell.com To set global communication parameters for all RADIUS server hosts, use any or all of the following commands in the CONFIGURATION mode: Command Syntax Command Mode Purpose radius-server deadtime seconds CONFIGURATION Set a time interval after which a RADIUS host server is declared dead. • seconds range: 0 to 2147483647.
• • • • • • Choose TACACS+ as the Authentication Method Monitor TACACS+ TACACS+ Remote Authentication and Authorization TACACS+ Remote Authentication and Authorization Specify a TACACS+ server host Choose TACACS+ as the Authentication Method For a complete listing of all commands related to TACACS+, refer to the Security chapter in the Dell Networking OS Command Reference.
www.dell.com | support.dell.com Figure 44-4.
Figure 44-5 demonstrates how to configure the access-class from a TACACS+ server. This causes the configured access-class on the VTY line to be ignored. If you have configured a deny10 ACL on the TACACS+ server, Dell Networking OS downloads it and applies it. If the user is found to be coming from the 10.0.0.0 subnet, Dell Networking OS also immediately closes the Telnet connection. Note, that no matter where the user is coming from, they see the login prompt. Figure 44-5.
www.dell.com | support.dell.com To delete a TACACS+ server host, use the no tacacs-server host {hostname | ip-address} command. freebsd2# telnet 2200:2200:2200:2200:2200::2202 Trying 2200:2200:2200:2200:2200::2202... Connected to 2200:2200:2200:2200:2200::2202. Escape character is '^]'.
Dell Networking OS supports both inbound and outbound SSH sessions using IPv4 or IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For details on command syntax, see the Security chapter in the Dell Networking OS Command Line Interface Reference. SCP is a remote file copy program that works with SSH and is supported by Dell Networking OS.
www.dell.com | support.dell.com Figure 44-6. Specifying an SSH version FTOS(conf)#ip ssh server version 2 FTOS(conf)#do show ip ssh SSH server : disabled. SSH server version : v2. Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled. To disable SSH server functions, enter no ip ssh server enable.
• ip ssh connection-rate-limit: Configure the maximum number of incoming SSH connections per minute. • • • • • • • • • • • ip ssh hostbased-authentication enable: Enable hostbased-authentication for the SSHv2 server. ip ssh key-size: Configure the size of the server-generated RSA SSHv1 key. ip ssh password-authentication enable: Enable password authentication for the SSH server. ip ssh pub-key-file: Specify the file to be used for host-based authentication.
www.dell.com | support.dell.com Figure 44-8. Enabling SSH Password Authentication FTOS(conf)#ip ssh server enable % Please wait while SSH Daemon initializes ... done. FTOS(conf)#ip ssh password-authentication enable FTOS#sh ip ssh SSH server : enabled. Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled. RSA Authentication of SSH The following procedure authenticates an SSH client based on an RSA key using RSA authentication.
To configure host-based authentication: Step Task Command Syntax 1 Configure RSA Authentication. See RSA Authentication of SSH, above. 2 Create shosts by copying the public RSA key to the to the file shosts in the diretory .ssh, and write the IP address of the host to the file. Figure 44-10. Command Mode cp /etc/ssh/ssh_host_rsa_key.pub /.ssh/shosts Creating shosts admin@Unix_client# cd /etc/ssh admin@Unix_client# ls moduli sshd_config ssh_host_dsa_key.pub ssh_host_key.pub ssh_host_rsa_key.
www.dell.com | support.dell.com Figure 44-12. Client-based SSH Authentication FTOS#ssh 10.16.127.201 ? -l User name option -p SSH server port option (default 22) -v SSH protocol version Troubleshooting SSH • You may not bind id_rsa.pub to RSA authentication while logged in via the console. In this case, Message 2 appears. Message 2 RSA Authentication Error %Error: No username set for this term.
Trace Lists The Trace Lists feature is supported only on the E-Series: e You can log packet activity on a port to confirm the source of traffic attacking a system. Once the Trace list is enabled on the system, you view its traffic log to confirm the source address of the attacking traffic. In Dell Networking OS, Trace lists are similar to extended IP ACLs, except that Trace lists are not applied to an interface. Instead, Trace lists are enabled for all switched traffic entering the system.
www.dell.com | support.dell.com Since traffic passes through the filter in the order of the filter’s sequence, you can configure the trace list by first entering the TRACE LIST mode and then assigning a sequence number to the filter.
Step Command Syntax Command Mode Purpose 2 seq sequence-number {deny | permit} tcp {source mask | any | host ip-address} [operator port [port]] {destination mask | any | host ip-address} [operator port [port]] [established] [count [byte] | log] TRACE LIST Configure a trace list filter for TCP packets. • source: An IP address as the source IP address for the filter to match. • mask: a network mask • any: to match any IP source address • host ip-address: to match IP addresses in a host.
www.dell.com | support.dell.com Figure 44-13. Trace list Using seq Command Example FTOS(config-trace-acl)#seq 15 deny ip host 12.45.0.0 any log FTOS(config-trace-acl)#seq 5 permit tcp 121.1.3.45 0.0.255.255 any FTOS(config-trace-acl)#show conf ! ip trace-list dilling seq 5 permit tcp 121.1.0.0 0.0.255.255 any seq 15 deny ip host 12.45.0.
Command Syntax Command Mode Purpose {deny | permit} tcp {source mask | any | host TRACE LIST Configure a deny or permit filter to examine TCP packets. Configure the following required and optional parameters: • source: An IP address as the source IP address for the filter to match. • mask: a network mask • any: to match any IP source address • host ip-address: to match IP addresses in a host. • destination: An IP address as the source IP address for the filter to match.
www.dell.com | support.dell.com Figure 44-14. Trace List Example FTOS(config-trace-acl)#deny tcp host 123.55.34.0 any FTOS(config-trace-acl)#permit udp 154.44.123.34 0.0.255.255 host 34.6.0.0 FTOS(config-trace-acl)#show config ! ip trace-list nimule seq 5 deny tcp host 123.55.34.0 any seq 10 permit udp 154.44.0.0 0.0.255.255 host 34.6.0.
VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in Dell Networking OS. These depend on which authentication scheme you use — line, local, or remote: Table 44-1. VTY Access Authentication Method Username VTY access-class access-class support? support? Remote authorization support? Line YES NO NO Local NO YES NO TACACS+ YES NO YES (with Dell Networking OS 5.2.1.0 and later) RADIUS YES NO YES (with Dell Networking OS 6.1.1.
www.dell.com | support.dell.com Figure 44-16.
Figure 44-18.
| Security www.dell.com | support.dell.
45 Service Provider Bridging Service Provider Bridging is supported on platforms: ces This chapter contains the following major sections: • • • • • VLAN Stacking VLAN Stacking Packet Drop Precedence Dynamic Mode CoS for VLAN Stacking Layer 2 Protocol Tunneling Provider Backbone Bridging VLAN Stacking ces VLAN Stacking is supported on E-Series ExaScale ex with Dell Networking OS 8.2.1.0. and later. VLAN Stacking is supported on platforms: VLAN Stacking, also called Q-in-Q, is defined in IEEE 802.
Figure 45-1. VLAN Stacking in a Service Provider Network TPID (0x9100) PCP DEI VID (VLAN 300) PCP TPID (0x8100) CFI (0) VID (VLAN Red) AN 1 00 tagged 100 AN 0 10 VL VL www.dell.com | support.dell.com In at the access point of a VLAN-stacking network, service providers add a VLAN tag, the S-Tag, to each frame before the 802.1Q tag. From this point, the frame is double-tagged. The service provider uses the S-Tag, to forward the frame traffic across its network.
Configure VLAN Stacking Configuring VLAN-Stacking is a three-step process: 1. Create access and trunk ports. See page 965. 2. Assign access and trunk ports to a VLAN. See page 966. 3. Make the VLAN VLAN-stacking capable.
www.dell.com | support.dell.com Display the VLAN-Stacking configuration for a switchport using the command show config from INTERFACE mode, as shown in Figure 45-3. Figure 45-3.
Dell Networking OS Options for Trunk Ports 802.1ad trunk ports may also be tagged members of a VLAN so that it can carry single and double-tagged traffic. You can enable trunk ports to carry untagged, single-tagged, and double-tagged VLAN traffic by making the trunk port a hybrid port. Step Task Command Syntax Command Mode 1 Configure a trunk port to carry untagged, single-tagged, and double-tagged traffic by making it a hybrid port.
www.dell.com | support.dell.com VLAN Stacking in Multi-vendor Networks The first field in the VLAN tag is the Tag Protocol Identifier (TPID), which is two bytes. In a VLAN-stacking network, once the frame is double tagged, the outer tag TPID must match the TPID of the next-hop system. While 802.1Q requires that the inner tag TPID is 0x8100, it does not require a specific value for the outer tag TPID.
Figure 45-6.
LUE TPID Mismatch and 0x8100 Match on the E-Series TeraScale TPID 0x9100 VLAN GREEN UE N BL VLA R1-E-Series TeraScale TPID: 0x9100 NB CE PROVIDER RVI SE X R2-E-Series TeraScale TPID: 0x8181 VLAN GREEN, VLAN VL AN Building D TPID 0x8100 VLA INTE RN ET www.dell.com | support.dell.com Figure 45-7.
LUE First-byte TPID Match on the E-Series ExaScale TPID 0x9191 VLAN GREEN UE N BL VLA R1-E-Series TeraScale TPID: 0x9191 Building D NB CE PROVIDER RVI SE VLA INTE RN ET Figure 45-8. X R2-E-Series ExaScale TPID: 0x9100 VLAN R PURPLE VLAN GREEN, VLAN VL AN PU ED RP LE Building C VL AN D RE Table 45-1 details the outcome of matched and mis-matched TPIDs in a VLAN-stacking network with the E-Series. Table 45-1.
www.dell.com | support.dell.com You can configure the first eight bits of the TPID using the command vlan-stack protocol-type. The TPID on the C-Series and S-Series systems is global. Ingress frames that do not match the system TPID are treated as untagged. This rule applies for both the outer tag TPID of a double-tagged frame and the TPID of a single-tagged frame.
Single and Double-tag First-byte TPID Match on C-Series and S-Series VLA NB LUE DEFAULT VLAN Figure 45-10. TPID 0x8181 R2-C-Series w/ FTOS <8.2.1.0 ED TPID: 0x8181 VLAN R PURPLE VLAN GREEN, VLAN VLAN GREEN UE DEFAULT VLAN N BL R3-C-Series w/ FTOS >=8.2.1.0 VL VLA TPID: 0x8181 AN PU R1-C-Series w/ FTOS <8.2.1.
www.dell.com | support.dell.com Table 45-2 details the outcome of matched and mismatched TPIDs in a VLAN-stacking network with the C-Series and S-Series. Table 45-2. C-Series and S-Series Behaviors for Mis-matched TPID Network Position Incoming Packet TPID System TPID Match Type Pre-8.2.1.0 8.2.1.
Enable Drop Eligibility You must enable Drop Eligibility globally before you can honor or mark the DEI value. Task Command Syntax Command Mode Make packets eligible for dropping based on their DEI value. By default, packets are colored green, and DEI is marked 0 on egress. dei enable CONFIGURATION When Drop Eligibility is enabled, DEI mapping or marking takes place according to the defaults. In this case, the CFI is affected according to Table 45-3. Table 45-3.
www.dell.com | support.dell.com Task Command Syntax FTOS#show interface dei-honor Default Drop precedence: Green Interface CFI/DEI Drop precedence ------------------------------------------------------------Gi 0/1 0 Green Gi 0/1 1 Yellow Gi 8/9 1 Red Gi 8/40 0 Yellow Mark Egress Packets with a DEI Value On egress, you can set the DEI value according to a different mapping than ingress (see Honor the Incoming DEI Value).
Dynamic Mode CoS for VLAN Stacking Dynamic Mode CoS for VLAN Stacking is available only on platforms: cs One of the ways to ensure quality of service for customer VLAN-tagged frames is to use the 802.1p priority bits in the tag to indicate the level of QoS desired. When an S-Tag is added to incoming customer frames, the 802.1p bits on the S-Tag may be configured statically for each customer or derived from the C-Tag using Dynamic Mode CoS. Dynamic Mode CoS maps the C-Tag 802.1p value to a S-Tag 802.
www.dell.com | support.dell.com Dell Networking OS Behavior: For Option A above, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS configuration, the queue selected by Dynamic Mode CoS takes precedence. However, rate policing for the queue is determined by QoS configuration.
To map C-Tag dot1p values to S-Tag dot1p values and mark the frames accordingly: Step Task Command Syntax Command Mode Allocate CAM space to enable queuing frames according to the C-Tag or the S-Tag. vman-qos: mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p. This method requires half as many CAM entries as vman-qos-dual-fp. vman-qos-dual-fp: mark the S-Tag dot1p and queue the frame according to the S-Tag dot1p.
SPANNI NG TR VLAN Stacking without L2PT INTE RN E T no spanning-tree ETWORK EN RE SPAN NIN G www.dell.com | support.dell.com Figure 45-13. T ING TREE ANN SP CE PROVIDER w/ I V R SE EE EE TR Building B no spanning-tree X BPDU w/ destination MAC address: 01-80-C2-00-00-00 Building A You might need to transport control traffic transparently through the intermediate network to the other region.
VLAN Stacking with L2PT SPANNI NG TR Figure 45-14. INTE RN E E RE SPAN NIN G T no spanning-tree NETWORK EE EE TR ING TREE ANN SP PROVIDER w/ E C I RV SE BPDU w/ destination T MAC address: 01-01-e8-00-00-00 R1-E-Series R2 Non-Force10 System BPDU w/ destination MAC address: 01-80-C2-00-00-00 no spanning-tree Building B R3 Non-Force10 System BPDU w/ destination MAC address: 01-80-C2-00-00-00 Building A Implementation Information • • • L2PT is available for STP, RSTP, MSTP, and PVST+ BPDUs.
www.dell.com | support.dell.com Enable Layer 2 Protocol Tunneling Step Task Command Syntax Command Mode 1 Verify that the system is running the default CAM profile; you must use this CAM profile for L2PT. show cam-profile EXEC Privilege 2 Enable protocol tunneling globally on the system. protocol-tunnel enable CONFIGURATION 3 Tunnel BPDUs the VLAN.
Rate-limit BPDUs on the C-Series and S-Series CAM space is allocated in sections called Field Processor (FP) blocks. There are total 13 user-configurable FP blocks on the C-Series and S-Series. The default number of blocks for L2PT is 0; you must allocate at least one to enable BPDU rate-limiting. Step Task Command Syntax Command Mode 1 Create at least one FP group for L2PT. See CAM Allocation for details on this command. cam-acl l2acl CONFIGURATION 2 Save the running-config to the startup-config.
www.dell.com | support.dell.com The same is true for GVRP. 802.1ad specifies that provider bridges participating in GVRP use a reserved destination MAC address called the Provider Bridge GVRP Address, 01-80-C2-00-00-0D, to exchange GARP PDUs instead of the GVRP Address, 01-80-C2-00-00-21, specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat GARP PDUs originating from the customer network as normal data frames, rather than consuming them.
46 sFlow ces sFlow is supported on E-Series ExaScale ex with Dell Networking OS 8.1.1.0. and later. sFlow is supported on platforms • • • • • • • • Enable and Disable sFlow sFlow Show Commands Configure Collectors Polling Intervals Sampling Rate Back-off Mechanism sFlow on LAG ports Extended sFlow Overview Dell Networking OS supports sFlow version 5. sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic.
www.dell.com | support.dell.com Figure 46-1. sFlow Traffic Monitoring System sFlow Collector Switch/Router sFlow Datagrams sFlow Agent Poll Interface Counters Interface Counters Flow Samples Switch ASIC Implementation Information Dell Networking sFlow is designed so that the hardware sampling rate is per line card port-pipe and is decided based upon all the ports in that port-pipe.
• • • • • • • • • • • Dell Networking OS exports all sFlow packets to the collector. A small sampling rate can equate to a large number of exported packets. A backoff mechanism will automatically be applied to reduce this amount. Some sampled packets may be dropped when the exported packet rate is high and the backoff mechanism is about to or is starting to take effect. The dropEvent counter, in the sFlow packet, will always be zero.
www.dell.com | support.dell.com sFlow Show Commands Dell Networking OS includes the following sFlow display commands: • • • Show sFlow Globally Show sFlow on an Interface Show sFlow on a Line Card Show sFlow Globally Use the following command to view sFlow statistics: Command Syntax show sflow Command Mode EXEC Purpose Display sFlow configuration information and statistics. Figure 46-2 is a sample output from the show sflow command: Figure 46-2.
Figure 46-3. Command Example: show sflow interface FTOS#show sflow interface gigabitethernet 1/16 Gi 1/16 Configured sampling rate :8192 Actual sampling rate :8192 Sub-sampling rate :2 Counter polling interval :15 Samples rcvd from h/w :33 Samples dropped for sub-sampling :6 The configuration, shown in Figure 46-2, is also displayed in the running configuration (Figure 46-4): Figure 46-4.
www.dell.com | support.dell.com Configure Collectors The sflow collector command allows you to configure sFlow collectors to which sFlow datagrams are forwarded. You can configure up to two sFlow collectors (IPv4 or IPv6). If you configure two collectors, traffic samples are sent to both devices. e. IPv6 sFlow collectors and agents are supported on platforms: c e s.
Sampling Rate Sampling Rate is supported on platform et. The sFlow sampling rate is the number of packets that are skipped before the next sample is taken. sFlow does not have time-based packet sampling. The sflow sample-rate command, when issued in CONFIGURATION mode, changes the default sampling rate. By default, the sampling rate of an interface is set to the same value as the current global default sampling rate.
www.dell.com | support.dell.com Note: Sampling rate backoff can change the sampling rate value that is set in the hardware. This equation shows the relationship between actual sampling rate, sub-sampling rate, and the hardware sampling rate for an interface: Actual sampling rate = sub-sampling rate * hardware sampling rate Note the absence of a configured rate in the equation.
Use the command sflow [extended-switch] [extended-router] [extended-gateway] enable command. By default packing of any of the extended information in the datagram is disabled. Use the command show sflow to confirm that extended information packing is enabled, as shown in Figure 46-6. Figure 46-6.
www.dell.com | support.dell.com Important Points to Remember • • • • • The IP destination address has to be learned via BGP in order to export extended-gateway data, prior to Dell Networking OS version 7.8.1.0. If the IP destination address is not learned via BGP the Dell Networking system does not export extended-gateway data, prior to Dell Networking OS version 7.8.1.0. Dell Networking OS 7.8.1.
47 Simple Network Management Protocol Simple Network Management Protocol is supported on platforms ces SNMP is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0 and later. Note: On Dell Networking routers, standard and private SNMP MIBs are supported, including all Get and a limited number of Set operations (such as set vlan and copy cmd).
www.dell.com | support.dell.com Configuring SNMP requires only a single step: 1. Create a community. See page 996.
Message 1 SNMP Enabled 22:31:23: %RPM1-P:CP %SNMP-6-SNMP_WARM_START: Agent Initialized - SNMP WARM_START. View your SNMP configuration, using the command show running-config snmp from EXEC Privilege mode, as shown in Figure 47-1. Figure 47-1. Creating an SNMP Community FTOS#snmp-server community my-snmp-community ro 22:31:23: %RPM1-P:CP %SNMP-6-SNMP_WARM_START: Agent Initialized - SNMP WARM_START.
www.dell.com | support.dell.com Task Command Figure 47-4. Reading the Value of Many Managed Objects at Once > snmpwalk -v 2c -c mycommunity 10.11.131.161 .1.3.6.1.2.1.1 SNMPv2-MIB::sysDescr.0 = STRING: Force10 Networks Real Time Operating System Software Force10 Operating System Version: 1.0 Force10 Application Software Version: E_MAIN4.7.6.350 Copyright (c) 1999-2007 by Force10 Networks, Inc. Build Time: Mon May 12 14:02:22 PDT 2008 SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.6027.1.3.
Configure Contact and Location Information using SNMP You may configure system contact and location information from the Dell Networking system or from the management station using SNMP. To configure system contact and location information from the Dell Networking system: Task Command Command Mode Identify the system manager along with this person’s contact information (e.g E-mail address or phone number). You may use up to 55 characters.
www.dell.com | support.dell.com Subscribe to Managed Object Value Updates using SNMP By default, the Dell Networking system displays some unsolicited SNMP messages (traps) upon certain events and conditions. You can also configure the system to send the traps to a management station. Traps cannot be saved on the system.
Table 47-2. Dell Networking Enterprise-specific SNMP Traps Command Option Trap Examples envmon CARD_SHUTDOWN: %sLine card %d down - %s CARD_DOWN: %sLine card %d down - %s LINECARDUP: %sLine card %d is up CARD_MISMATCH: Mismatch: line card %d is type %s - type %s required.
www.dell.com | support.dell.com Table 47-2. Dell Networking Enterprise-specific SNMP Traps Command Option Trap Examples vlt Enable VLT traps. stp (includes only STP notifications) %SPANMGR-5-STP_ROOT_CHANGE: STP root changed for vlan 1. My Bridge ID: 0:0001.e867.b1f8 Old Root: 0:0000.0000.0000 New Root: 0:0001.e867.b1f8. %SPANMGR-5-STP_NEW_ROOT: New Spanning Tree Root, Bridge ID Priority 32768, Address 0001.e801.fc35.
Copy Configuration Files Using SNMP Use SNMP from a remote client to: • • • copy the running-config file to the startup-config file, or copy configuration files from the Dell Networking system to a server copy configuration files from a server to the Dell Networking system All of these tasks can be performed using IPv4 or IPv6 addresses. The examples in this section use IPv4 addresses; IPv6 addresses can be substituted for the IPv4 addresses in all of the examples.
www.dell.com | support.dell.com Table 47-3. MIB Objects for Copying Configuration Files via SNMP MIB Object OID Object Values Description copyDestFileName .1.3.6.1.4.1.6027.3.5.1.1.1.1.7 Path (if file is not in Specifies the name of destination file. default directory) and filename. copyServerAddress .1.3.6.1.4.1.6027.3.5.1.1.1.1.8 IP Address of the server The IP address of the server. • If the copyServerAddress is specified so must copyUserName, and copyUserPassword. copyUserName .1.3.6.1.4.
• • • • the server OS is Unix you are using SNMP version 2c the community name is public, and the file f10-copy-config.mib is in the current directory or in the snmpset tool path. Note: In Unix, enter the command snmpset for help using this command. Place the file f10-copy-config.mib the directory from which you are executing the snmpset command or in the snmpset tool path. Table 47-4.
www.dell.com | support.dell.com Table 47-4. Copying Configuration Files via SNMP Task snmpset -v 2c -c public -m ./f10-copy-config.mib force10system-ip-address copySrcFileType.index i 2 copyDestFileName.index s filepath/filename copyDestFileLocation.index i 4 copyServerAddress.index a server-ip-address copyUserName.index s server-login-id copyUserPassword.index s server-login-password • • server-ip-address must be preceded by the keyword a.
Dell Networking provides additional MIB Objects to view copy statistics. These are provided in Table 47-5. Table 47-5. MIB Objects for Copying Configuration Files via SNMP MIB Object OID Values Description copyState .1.3.6.1.4.1.6027.3.5.1.1.1.1.11 1= running 2 = successful 3 = failed Specifies the state of the copy operation. copyTimeStarted .1.3.6.1.4.1.6027.3.5.1.1.1.1.12 Time value Specifies the point in the up-time clock that the copy operation started. copyTimeCompleted .1.3.6.1.4.1.
www.dell.com | support.dell.com Figure 47-13 shows the command syntax using MIB object names, and Figure 47-14 shows the same command using the object OIDs. In both cases, the object is followed by same index number used in the snmpset command. Figure 47-13. Obtaining MIB Object Values for a Copy Operation using Object-name Syntax > snmpget -v 2c -c private -m ./f10-copy-config.mib 10.11.131.140 copyTimeCompleted.110 FORCE10-COPY-CONFIG-MIB::copyTimeCompleted.110 = Timeticks: (1179831) 3:16:38.
Figure 47-16. Assign a VLAN Alias using SNMP [Unix system output] > snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17.7.1.4.3.1.1.
www.dell.com | support.dell.com The table that the Dell Networking system sends in response to the snmpget request is a table that contains hexadecimal (hex) pairs, each pair representing a group of eight ports. • • • On the E-Series, 12 hex pairs represents a line card. Twelve pairs accommodates the greatest currently available line card port density, 96 ports. On the C-Series, 28 hex pairs represents a line card.
The value 40 is in the first set of 7 hex pairs, indicating that these ports are in Stack Unit 0. The hex value 40 is 0100 0000 in binary. As described above, the left-most position in the string represents Port 1. The next position from the left represents Port 2 and has a value of 1, indicating that Port 0/2 is in VLAN 10. The remaining positions are 0, so those ports are not in the VLAN.
www.dell.com | support.dell.com Figure 47-21. Adding Tagged Ports to a VLAN using SNMP >snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 x "40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" .1.3.6.1.2.1.17.7.1.4.3.1.4.
Table 47-6. MIB Objects for Fetching Dynamic MAC Entries in the Forwarding Database MIB Object OID dot1dTpFdbTable .1.3.6.1.2.1.17.4.3 Description MIB List the learned unicast MAC addresses on the default VLAN. Q-BRIDGE MIB dot1qTpFdbTable .1.3.6.1.2.1.17.7.1.2. List the learned unicast MAC addresses on 2 non-default VLANs. dot3aCurAggFdb Table .1.3.6.1.4.1.6027.3.2. List the learned MAC addresses of aggregated 1.1.5 links (LAG).
www.dell.com | support.dell.com Use dot3aCurAggFdbTable to fetch the learned MAC address of a port-channel. The instance number is the decimal conversion of the MAC address concatenated with the port-channel number. Figure 47-24.
• • • the next 5 bits represent the slot number the next 1 bit is 0 for a physical interface and 1 for a logical interface the next 1 bit is unused For example, the index 72925242 is 100010110001100000000111010 in binary. The binary interface index for GigabitEthernet 1/21 of a 48-port 10/100/1000Base-T line card with RJ-45 interface is shown in Figure 47-27. Notice that the physical/logical bit and the final, unused bit are not given.
www.dell.com | support.dell.com Monitor Port-channels To check the status of a Layer 2 port-channel, use f10LinkAggMib (.1.3.6.1.4.1.6027.3.2). Below, Po 1 is a switchport and Po 2 is in Layer 3 mode. [senthilnathan@lithium ~]$ snmpwalk -v 2c -c public 10.11.1.1 .1.3.6.1.4.1.6027.3.2.1.1 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.1.1 = INTEGER: 1 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.1.2 = INTEGER: 2 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.2.1 = Hex-STRING: 00 01 E8 13 A5 C7 SNMPv2-SMI::enterprises.6027.
Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an SNMP agent on a Dell Networking router, take into account the following behavior: • • • When you query an IPv4 icmpMsgStatsInPkts object in the ICMP table by using the snmpwalk command, the output for echo replies may be incorrectly displayed. Use the show ip traffic command to correctly display this information under ICMP statistics in the command output.
www.dell.com | support.dell.
48 SONET/SDH SONET/SDH is supported on platform e SONET/SDH is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.2 and later. Dell Networking OS supports two line cards with SONET—Packet-Over-SONET (POS) and PPP-over-SONET/SDH.
www.dell.com | support.dell.com • • • • • A POS interface cannot be configured as part of a LAG. Protection switching is not supported. POS interfaces cannot be mirrored ports. Configurable alarm thresholds (SF/SD BER, B1/B 2/B3 TC) are not supported. The CRC type and S1S0 flag cannot be changed. Configuring POS Interfaces POS interfaces require several configuration considerations, including • • • Encapsulation MTU Clock Settings Encapsulation The E-Series’ POS line card requires PPP encapsulation.
Configuring Maximum Transmission Unit (MTU) Maximum Transmission Unit is an integer value that represents the greatest number of bytes that any given interface on the system can handle. MTU settings allow the router to determine if a large packet needs to be fragmented before transmission. PPP must be enabled on a SONET interface before MTU can become configurable. MTU size can be changed in INTERFACE mode by entering the command mtu size. Figure 48-1.
www.dell.com | support.dell.com Figure 48-2. wanport command example interface TenGigabitEthernet 13/0 no ip address no shutdown FTOS(conf-if-te-13/0)# FTOS(conf-if-te-13/0)#wanport % Error: Port should be in shutdown mode, config ignored Te 13/0. FTOS(conf-if-te-13/0)# error FTOS(conf-if-te-13/0)#shutdown FTOS(conf-if-te-13/0)# due to no shutdown state Figure 48-3 displays the active alarms for the interface. Figure 48-3.
While performance monitoring provides advanced alert of link degradation, alarms indicate a failure. Fault management involves alarm monitoring and generation, reporting, logging, correlation, and clearing. E-Series POS and 10GE WAN interfaces support the SONET alarms shown in Table 48-1: • • • Section alarms—SLOS, SLOF Line alarms—AIS, RDI, FEBE(REI), SD, SF Path Alarms—AIS, RDI, FEBE(REI), LOP Since E-Series is Terminal Equipment (TE), it must support the alarms in Table 48-1. Table 48-1.
www.dell.com | support.dell.com Use the alarm-report command to configure the SONET alarms that a POS or 10 GE WAN interface can activate.Table 48-2 defines the alarms that you can enable. Task Command Syntax Specify which POS/SDH alarms to report to the remote SNMP server. alarm-report {lais | lrdi | pais | plop | prdi | sd-ber | sf-ber | slof | slos} Command Mode INTERFACE To view active alarms and defects, use the show controllers sonet command in EXEC Privilege mode.
SONET TRAP Example SONET Traps describes the traps and OIDs for SONET alarms that are reported on an SNMP trap receiver. Figure 48-4 shows an example of a SONET trap. Figure 48-4. SONET Trap example 2010-10-06 22:43:53 10.11.203.4 [10.11.203.4]: SNMPv2-MIB::sysUpTime.0 = Timeticks: (6057792) SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.6027.3.3.2.2.0.18 SNMPv2-SMI::enterprises.6027.3.3.1.2.1.1.3.0 = SNMPv2-SMI::enterprises.6027.3.3.1.2.1.1.2.0 = SNMPv2-SMI::enterprises.6027.3.3.1.2.1.1.4.
www.dell.com | support.dell.com Task Command Syntax Delay triggering the line or path alarms with a 100ms delay. delay triggers {line [lrdi | sd-ber | sf-ber] | path [pais | prdi] } Command Mode INTERFACE By default, certain alarms (LOS, LOF, LAIS, PLOP) bring the line protocol down immediately. Use this command, with the line option, to delay that trigger event by 100ms. By default, path alarms (AIS, RDI, LOP) do not cause (or trigger) the interface line protocol to go down.
SONET MIB Table 48-3 lists the managed objects supported in the SONET MIB, as defined in RFC 2558. Table 48-3. SONET MIB: Managed Objects SONET Managed Object Description sonetMediumType Sonet or SDH depending on the configuration sonetMediumTimeElapsed Time in seconds (up to 900 seconds) since the line card is up. Resets after 900 seconds has elapsed sonetMediumValidIntervals The number of previous intervals for which valid data has been stored.
www.dell.com | support.dell.com 1028 Table 48-4. | SONET Traps and OIDs (continued) Trap OID Trap Object SONET_L_RDI Line Remote Defect Indication 1.3.6.1.4.1.6027.3.3.2.2.0.10 alarm state (1.3.6.1.4.1.6027.3.3.1.2.1.1.3), alarm type(1.3.6.1.4.1.6027.3.3.1.2.1.1.2), ifindex(1.3.6.1.4.1.6027.3.3.1.2.1.1.4), slot(1.3.6.1.4.1.6027.3.3.1.2.1.1.5), port(1.3.6.1.4.1.6027.3.3.1.2.1.1.6) SONET_L_FEBE Line Far-end Background Block Errors 1.3.6.1.4.1.6027.3.3.2.2.0.11 alarm state (1.3.6.1.4.1.6027.3.3.1.
Table 48-4. SONET Traps and OIDs (continued) Trap OID Trap Object SONET_P_PSE 1.3.6.1.4.1.6027.3.3.2.2.0.22 alarm state (1.3.6.1.4.1.6027.3.3.1.2.1.1.3), alarm type(1.3.6.1.4.1.6027.3.3.1.2.1.1.2), ifindex(1.3.6.1.4.1.6027.3.3.1.2.1.1.4), slot(1.3.6.1.4.1.6027.3.3.1.2.1.1.5), port(1.3.6.1.4.1.6027.3.3.1.2.1.1.6) SONET_P_NSE 1.3.6.1.4.1.6027.3.3.2.2.0.23 alarm state (1.3.6.1.4.1.6027.3.3.1.2.1.1.3), alarm type(1.3.6.1.4.1.6027.3.3.1.2.1.1.2), ifindex(1.3.6.1.4.1.6027.3.3.1.2.1.1.4), slot(1.3.6.1.4.
| SONET/SDH www.dell.com | support.dell.
49 Stacking S-Series Switches Stacking S-Series Switches are supported on the S55. This chapter contains the following sections: • • • S-Series Stacking Overview Important Points to Remember S-Series Stacking Configuration Tasks S-Series Stacking Overview Up to eight S-Series systems can be interconnected so that all of the units function as a single unit. A stack is analogous to an E-Series or C-Series system with redundant RPMs and multiple line cards.
www.dell.com | support.dell.com Figure 49-1. S-Series Stack Manager Redundancy Stack#show redundancy -- Stack-unit Status ------------------------------------------------Mgmt ID: 0 Stack-unit ID: 1 Stack-unit Redundancy Role: Primary Stack-unit State: Active Stack-unit SW Version: 7.8.1.0 Link to Peer: Up -- PEER Stack-unit Status ------------------------------------------------Stack-unit State: Standby Peer stack-unit ID: 2 Stack-unit SW Version: 7.8.1.
Figure 49-2. Electing the Stack Manager Stack>show system brief Stack MAC : 00:01:e8:d5:f9:6f -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Standby online S50V S50V 7.8.1.0 52 1 Management online S50N S50N 7.8.1.0 52 2 Member online S50V S50V 7.8.1.
www.dell.com | support.dell.com Figure 49-3. Adding a Standalone with a Lower MAC Address to a Stack— Before -------------------------------STANDALONE BEFORE CONNECTION---------------------------------Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Management online S50V S50V 7.8.1.
Figure 49-4. Adding a Standalone with a Lower MAC Address and Equal Priority to a Stack—After -------------------------------STANDALONE AFTER CONNECTION---------------------------------Standalone#%STKUNIT0-M:CP %POLLMGR-2-ALT_STACK_UNIT_STATE: Alternate Stack-unit is present 00:20:20: %STKUNIT0-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 1 present 00:20:22: %STKUNIT0-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 2 present Going for reboot.
www.dell.com | support.dell.com Figure 49-5. Before Adding a Standalone with a Lower MAC Address but Higher Priority to a Stack— -------------------------------STANDALONE BEFORE CONNECTION---------------------------------Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Member not present S50V 1 Member not present S50N 2 Management online S50V S50V 7.8.1.
Figure 49-6.
www.dell.com | support.dell.com Figure 49-7.
You may stack any combination of S-Series models that have the same Dell Networking OS version. Figure 49-8 shows two common stacking topologies, ring and cascade (also called daisy-chain). A ring topology provides some performance gains and stack integrity. Figure 49-8.
www.dell.com | support.dell.com To display the status of the stacking ports, including the topology: Task Command Syntax Command Mode Display the stacking ports. show system stack-ports EXEC Privilege Figure 49-9 shows a daisy-chain topology. Figure 49-10 shows the same stack converted to a ring by connecting stack-port 2/51 to 0/51; you may rearrange the stacking cables without triggering a unit reset, so long as the stack manager is never disconnected from the stack. Figure 49-9.
Figure 49-11. A A A Stacking Cable Redundancy B B Stacking Cable Redundancy B Stacking 002 LED Status Indicators on an S-Series Stack The stack unit is displayed in an LED panel on the front of each switch.
www.dell.com | support.dell.com To manually assign a new unit a position in the stack: Step Task Command Syntax Command Mode 1 While the unit is unpowered, install stacking modules in the new unit. 2 On the stack, determine the next available stack-unit number, and the management prioritity of the management unit. show system brief show system stack-unit EXEC Privilege 3 Create a virtual unit and assign it the next available stack-unit number.
Figure 49-13. Adding a Stack Unit with a Conflicting Stack Number—After ------------------------STANDALONE AFTER CONNECTION---------------------------------00:08:45: %STKUNIT1-M:CP %POLLMGR-2-ALT_STACK_UNIT_STATE: Alternate Stack-unit is present 00:08:45: %STKUNIT1-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 0 present 00:08:47: %STKUNIT1-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 2 present Going for reboot.
www.dell.com | support.dell.com Figure 49-15. Adding a Stack Unit with a Conflicting Stack Number—After ------------------------STANDALONE AFTER CONNECTION---------------------------------01:38:34: %STKUNIT0-M:CP %POLLMGR-2-ALT_STACK_UNIT_STATE: Alternate Stack-unit is present 01:38:34: %STKUNIT0-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 1 present 01:38:34: %STKUNIT0-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 2 presentGoing for reboot. Reason is Stack merge Going for reboot.
Figure 49-16.
www.dell.com | support.dell.com Figure 49-17. Removing a Stack Member—After ----------------------------STANDALONE AFTER DISCONNECTION---------------------------------Standalone(stack-member-2)# Going for reboot.
Split an S-Series Stack To split a stack, unplug the desired stacking cables.You may do this at any time, whether the stack is powered or unpowered, and the units are online or offline. Each portion of the split stack retains the startup and running configuration of the original stack. For a parent stack that is split into two child stacks, A and B, each with multiple units: • • • • If one of the new stacks receives the primary and the secondary management units, it is unaffected by the split.
www.dell.com | support.dell.com Create a Virtual Stack Unit on an S-Series Stack Use virtual stack units to configure ports on the stack before adding a new unit, or to prevent Dell Networking OS from assigning a particular stack-number. Task Command Syntax Command Mode Create a virtual stack unit.
Figure 49-18. Displaying Information about an S-Series Stack—show system FTOS#show system Stack MAC : 00:01:e8:d5:f9:6f -- Unit 0 -Unit Type Status Next Boot Required Type Current Type Master priority Hardware Rev Num Ports Up Time Dell Networking Jumbo Capable POE Capable Burned In MAC No Of MACs : Member Unit : online : online : S50V - 48-port E/FE/GE with POE (SB) : S50V - 48-port E/FE/GE with POE (SB) : 0 : 2.0 : 52 : 30 min, 7 sec OS Version : 7.8.1.
www.dell.com | support.dell.com Figure 49-19. Displaying Information about an S-Series Stack—show system brief FTOS#show system brief Stack MAC : 00:01:e8:d5:f9:6f -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Member online S50V S50V 7.8.1.0 52 1 Management online S50N S50N 7.8.1.0 52 2 Standby online S50V S50V 7.8.1.
Influence Management Unit Selection on an S-Series Stack Stack Priority is the system variable that Dell Networking OS uses to determine which units in the stack will be the primary and secondary management units. If multiple units tie for highest priority, then the unit with the highest MAC address prevails.
www.dell.com | support.dell.com Task Command Syntax Command Mode Reload a stack-unit reset stack-unit 0-7 EXEC Privilege Reload a member unit, from the unit itself reset-self EXEC Privilege Reset a stack-unit when the unit is in a problem state. reset stack-unit 0-7 hard EXEC Privilege Monitor an S-Series Stack with SNMP S-Series supports the following tables in f10-ss-chassis.
Figure 49-21. Recovering from a Stack Link Flapping Error --------------------------------------MANAGMENT UNIT----------------------------------------Error: Stack Port 50 has flapped 5 times within 10 seconds.Shutting down this st ack port now. Error: Please check the stack cable/module and power-cycle the stack. 10:55:20: %STKUNIT1-M:CP %KERN-2-INT: Error: Stack Port 50 has flapped 5 times w ithin 10 seconds.Shutting down this stack port now.
www.dell.com | support.dell.com Figure 49-23. Recovering from a Card Mismatch State on an S-Series Stack -----------------------------------STANDALONE UNIT BEFORE-----------------------------------Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Management online S50V S50V 7.8.1.
50 Broadcast Storm Control Broadcast Storm Control is supported on platforms: ces This chapter contains the following configuration topics: • • • Layer 3 Broadcast Storm Control Layer 2 Broadcast Storm Control Multicast Storm Control Storm Control Overview Dell Networking OS Storm Control is a preventative measure against unexpectedly high rates of broadcast or multicast packets; these traffic bursts are called storms.
www.dell.com | support.dell.com Implementation Information • • • • Storm Control is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0 and later. The percentage of storm control is calculated based on the advertised rate of the line card, not by the speed setting of the interface. Do not apply per-VLAN QoS on an interface that has Storm Control enabled either on an interface or globally.
Enable Broadcast Storm Control on an Interface Enabling Storm control on an interface affects only ingress broadcasts. Task Command Syntax Command Mode On the E-Series, suppress Layer 3 all-hosts and subnet broadcasts on ingress if they exceed a user-defined limit. storm-control broadcast percentage partial-percentage [in | out] INTERFACE On the C-Series and S-Series, suppress Layer 3 all-host and subnet broadcasts on ingress if they exceed a user-defined limit.
www.dell.com | support.dell.com Task Command Syntax Command Mode On the E-Series, suppress unknown-unicast packets if they exceed a user-defined limit. storm-control unknown-unicast percentage partial-percentage [in | out] CONFIGURATION On the C-Series and S-Series, unknown-unicast packets on ingress if they exceed a user-defined limit.
FTOS#show storm-control broadcast gigabitethernet 11/11 Broadcast storm control configuration Interface Direction Percentage Wred Profile -------------------------------------------------------------Gi 11/11 Ingress 5.6 Gi 11/11 FTOS# Egress 5.6 - The following example displays the output of the show storm-control broadcast command on a C-Series platform.
| Broadcast Storm Control www.dell.com | support.dell.
51 Spanning Tree Protocol Spanning Tree Protocol is supported on platforms: ces STP is supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.2 and later. Protocol Overview Spanning Tree Protocol (STP) is a Layer 2 protocol—specified by IEEE 802.1d—that eliminates loops in a bridged topology by enabling only a single path through the network.
www.dell.com | support.dell.
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that will participate in Spanning Tree must be in Layer 2 mode and enabled. Figure 51-1.
www.dell.com | support.dell.com Enabling Spanning Tree Protocol Globally Spanning Tree Protocol must be enabled globally; it is not enabled by default. To enable Spanning Tree globally for all Layer 2 interfaces: Step Task Command Syntax Command Mode 1 Enter the PROTOCOL SPANNING TREE mode. protocol spanning-tree 0 CONFIGURATION 2 Enable Spanning Tree.
Figure 51-4. Spanning Tree Enabled Globally root R1 R2 1/3 Forwarding 2/1 1/4 Blocking 2/2 1/1 1/2 3/1 3/2 3/3 3/4 R3 2/3 2/4 Port 290 (GigabitEthernet 2/4) is Blocking Port path cost 4, Port priority 8, Port Identifier 8.290 Designated root has priority 32768, address 0001.e80d.2462 Designated bridge has priority 32768, address 0001.e80d.2462 Designated port id is 8.
www.dell.com | support.dell.com Confirm that a port is participating in Spanning Tree using the show spanning-tree 0 brief command from EXEC privilege mode. Figure 51-6. show spanning-tree brief Command Example FTOS#show spanning-tree 0 brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e80d.2462 We are the root of the spanning tree Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e80d.
Modifying Global Parameters You can modify Spanning Tree parameters. The root bridge sets the values for forward-delay, hello-time, and max-age and overwrites the values set on other bridges participating in Spanning Tree. Note: Dell Networking recommends that only experienced network administrators change the Spanning Tree parameters. Poorly planned modification of the Spanning Tree parameters can negatively impact network performance. Table 51-2 displays the default values for Spanning Tree. Table 51-2.
www.dell.com | support.dell.com View the current values for global parameters using the show spanning-tree 0 command from EXEC privilege mode. See Figure 51-5. Modifying Interface STP Parameters You can set the port cost and port priority values of interfaces in Layer 2 mode. • • Port cost is a value that is based on the interface type. The greater the port cost, the less likely the port will be selected to be a forwarding port.
To enable PortFast on an interface: Task Enable PortFast on an interface. Command Syntax Command Mode spanning-tree stp-id portfast INTERFACE [bpduguard [shutdown-on-violation]] Verify that PortFast is enabled on a port using the show spanning-tree command from the EXEC privilege mode or the show config command from INTERFACE mode; Dell Networking recommends using the show config command, as shown in Figure 51-7. Figure 51-7.
www.dell.com | support.dell.com Figure 51-8 shows a scenario in which an edgeport might unintentionally receive a BPDU. The port on the Dell Networking system is configured with Portfast. If the switch is connected to the hub, the BPDUs that the switch generates might trigger an undesirable topology change. If BPDU Guard is enabled, when the edge port receives the BPDU, the BPDU will be dropped, the port will be blocked, and a console message will be generated.
Figure 51-8.
www.dell.com | support.dell.com To change the bridge priority or specify that a bridge is the root or secondary root: Task Command Syntax Command Mode Assign a number as the bridge priority or designate it as the root or secondary root. priority-value range: 0 to 65535. The lower the number assigned, the more likely this bridge will become the root bridge. The default is 32768. • The primary option specifies a bridge priority of 8192. • The secondary option specifies a bridge priority of 16384.
In STP topology 2 (Figure 51-10 upper right), STP is enabled on device D on which a software bridge application is started to connect to the network. Because the priority of the bridge in device D is lower than the root bridge in Switch A, device D is elected as root, causing the link between Switches A and B to enter a blocking state. Network traffic then begins to flow in the directions indicated by the BPDU arrows in the topology.
www.dell.com | support.dell.com Figure 51-10.
Root Guard Configuration You enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port.
www.dell.com | support.dell.com Configuring Spanning Trees as Hitless Configuring Spanning Trees as Hitless is supported only on platforms: ce You can configure Spanning Tree (STP), Rapid Spanning Tree (RSTP), Multiple Spanning Tree (MSTP), and Per-Vlan Spanning Tree (PVST+) to be hitless (all or none must be configured as hitless). When configured as hitless, critical protocol state information is synchronized between RPMs so that RPM failover is seamless, and no topology change is triggered.
As shown in STP topology 3 (Figure 51-12 bottom middle), after you enable loop guard on an STP port or port-channel on Switch C, if no BPDUs are received and the max-age timer expires, the port transitions from a blocked state to a loop-inconsistent state (instead of to a forwarding state). Loop guard blocks the STP port so that no traffic is transmitted and no loop is created. As soon as a BPDU is received on an STP port in a loop-inconsistent state, the port returns to a blocking state.
www.dell.com | support.dell.com Figure 51-12.
Loop Guard Configuration You enable STP loop guard on a per-port or per-port channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface.
www.dell.com | support.dell.com 1080 Displaying STP Guard Configuration To verify the STP guard configured on port or port-channel interfaces, enter the show spanning-tree 0 guard [interface interface] command. Figure 51-13 shows an example for an STP network (instance 0) in which: • • • Root guard is enabled on a port that is in a root-inconsistent state. Loop guard is enabled on a port that is in a listening state.
52 System Time and Date Chapter 52, System Time and Date settings, and Network Time Protocol are supported on platforms: es c Time and Date and NTP are supported on the E-Series ExaScale platform with Dell Networking OS 8.1.1.0 and later. System times and dates can be set and maintained through the Network Time Protocol (NTP). They are also set through Dell Networking OS CLIs and hardware settings.
www.dell.com | support.dell.com NTP is designed to produce three products: clock offset, roundtrip delay, and dispersion, all of which are relative to a selected reference clock. • • • Clock offset represents the amount to adjust the local clock to bring it into correspondence with the reference clock. Roundtrip delay provides the capability to launch a message to arrive at the reference clock at a specified time. Dispersion represents the maximum error of the local clock relative to the reference clock.
Figure 52-1. NTP Fields Source Port (123) Destination Port (123) Length NTP Packet Payload Checksum Range: +32 to -32 Status Leap Indicator Code: 00: No Warning 01: +1 second 10: -1 second 11: reserved Type Precision Est. Error Est.
www.dell.com | support.dell.com Enable NTP NTP is disabled by default. To enable it, specify an NTP server to which the Dell Networking system will synchronize. Enter the command multiple times to specify multiple servers. You may specify an unlimited number of servers at the expense of CPU resources. Task Command Command Mode Specify the NTP server to which the Dell Networking system will synchronize. You may specify an IPv4 or IPv6 address, or hostname that resolves to an IPv4 or IPv6 address.
Set the Hardware Clock with the Time Derived from NTP Task Command Command Mode Periodically update the system hardware clock with the time value derived from NTP. ntp update-calendar CONFIGURATION Figure 52-4.
www.dell.com | support.dell.com To disable NTP on an interface, use the following command in the INTERFACE mode: Command Syntax Command Mode Purpose ntp disable INTERFACE Disable NTP on the interface. To view whether NTP is configured on the interface, use the show config command in the INTERFACE mode. If ntp disable is not listed in the show config command output, then NTP is enabled. (The show config command displays only non-default configuration information.
Configure NTP authentication NTP authentication and the corresponding trusted key provide a reliable means of exchanging NTP packets with trusted time sources. NTP authentication begins when the first NTP packet is created following the configuration of keys. NTP authentication in Dell Networking OS uses the MD5 algorithm and the key is embedded in the synchronization packet that is sent to an NTP time source. Dell Networking OS Behavior: Dell Networking OS versions 8.2.1.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose ntp server vrf vrf-name {ntp-server-name | ip-address} [key keyid] [prefer] [version number] CONFIGURATION Configure an NTP server. Configure the IP address of a server and the following optional parameters: • key keyid: Configure a text string as the key exchanged between the NTP server and client. • prefer: Enter the keyword to set this NTP server as the preferred server. • version number: Enter a number to specify the NTP version.
• • • • • • • • Root Delay (sys.rootdelay, peer.rootdelay, pkt.rootdelay): This is a signed fixed-point number indicating the total roundtrip delay to the primary reference source at the root of the synchronization subnet, in seconds. Note that this variable can take on both positive and negative values, depending on clock precision and skew. Root Dispersion (sys.rootdispersion, peer.rootdispersion, pkt.
www.dell.com | support.dell.com Set the time and date for the switch hardware clock Command Syntax Command Mode Purpose calendar set time month day year EXEC Privilege Set the hardware clock to the current time and date. time: Enter the time in hours:minutes:seconds. For the hour variable, use the 24-hour format, for example, 17:15:00 is 5:15 pm. month: Enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year.
The software clock runs only when the software is up. The clock restarts, based on the hardware clock, when the switch reboots. Command Syntax Command Mode Purpose clock set time month day year EXEC Privilege Set the system software clock to the current time and date. time: Enter the time in hours:minutes:seconds. For the hour variable, use the 24-hour format, for example, 17:15:00 is 5:15 pm. month: Enter the name of one of the 12 months in English.
www.dell.com | support.dell.com Set the timezone Coordinated Universal Time (UTC) is the time standard based on the International Atomic Time standard, commonly known as Greenwich Mean time. When determining system time, you must include the differentiator between UTC and your local timezone. For example, San Jose, CA is the Pacific Timezone with a UTC offset of -8. Command Syntax Command Mode Purpose clock timezone timezone-name offset CONFIGURATION Set the clock to the appropriate timezone.
Set Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight savings time on a one-time basis. Command Syntax Command Mode Purpose clock summer-time time-zone date start-month start-day start-year start-time end-month end-day end-year end-time [offset] CONFIGURATION Set the clock to the appropriate time zone and daylight savings time. time-zone: Enter the three-letter name for the time zone. This name is displayed in the show clock output.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose FTOS(conf)#clock summer-time pacific date Mar 14 2009 00:00 Nov 7 2009 00:00 FTOS(conf)#02:02:13: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Summertime configuration changed from "none" to "Summer time starts 00:00:00 Pacific Sat Mar 14 2009;Summer time ends 00:00:00 pacific Sat Nov 7 2009" Set Recurring Daylight Saving Time Set a date (and time zone) on which to convert the switch to daylight savings time on a specific day every year.
Command Syntax Command Mode Purpose start-year: Enter a four-digit number as the year. Range: 1993 to 2035 start-time: Enter the time in hours:minutes. For the hour variable, use the 24-hour format, example, 17:15 is 5:15 pm. end-week: If you entered a start-week, Enter the one of the following as the week that daylight savings ends: • • • week-number: enter a number from 1-4 as the number of the week to end daylight savings time.
www.dell.com | support.dell.
53 Uplink Failure Detection (UFD) Uplink Failure Detection (UFD) is supported on platform: s (S50 only) Feature Description Uplink Failure Detection (UFD) provides detection of the loss of upstream connectivity and, if used with NIC teaming, automatic recovery from a failed link. A switch provides upstream connectivity for devices, such as servers. If a switch loses its upstream connectivity, downstream devices also lose their connectivity.
www.dell.com | support.dell.com Figure 53-1. Uplink Failure Detection R1 R1 R1 X (A) S1 (B) S2 Server X S1 (C) S2 Server S1 X S2 Server How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group. An interface in an uplink-state group can be a physical interface or a port-channel (LAG) aggregation of physical interfaces.
Figure 53-2. Uplink Failure Detection Example Core Network Layer 3 Network When an upstream port-channel link goes down ... UFD brings down a downstream link in the same uplinkstate group ... X X Primary links: Backup links: Uplink-state groups: Server traffic is diverted over a backup link to upstream devices. If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a link-down state.
www.dell.com | support.dell.com Important Points to Remember When you configure Uplink Failure Detection, the following conditions apply: • You can configure up to sixteen uplink-state groups. By default, no uplink-state groups are created. An uplink-state group is considered to be operationally up if it has at least one upstream interface in the link-up state. An uplink-state group is considered to be operationally down if it has no upstream interfaces in the link-up state.
Configuring Uplink Failure Detection To configure Uplink Failure Detection, follow these steps: Step 1 Command Syntax and Mode Description uplink-state-group group-id Creates an uplink-state group and enabling the tracking of upstream links on the switch/router. Valid group-id values are 1 to 16. To delete an uplink-state group, enter the no uplink-state-group group-id command.
www.dell.com | support.dell.com Step 5 Command Syntax and Mode Description description text (Optional) Enters a text description of the uplink-state group. Maximum length: 80 alphanumeric characters. Command Mode: UPLINK-STATE-GROUP 6 no enable Command Mode: UPLINK-STATE-GROUP (Optional) Disables upstream-link tracking without deleting the uplink-state group. Default: Upstream-link tracking is automatically enabled in an uplink-state group.
Message 1 shows the Syslog messages displayed when you clear the UFD-disabled state from all disabled downstream interfaces in an uplink-state group by entering the clear ufd-disable uplink-state-group group-id command. All downstream interfaces return to an operationally up state.
www.dell.com | support.dell.com 1104 Displaying Uplink Failure Detection To display information on the Uplink Failure Detection feature, enter any of the following show commands: | Show Command Syntax Description show uplink-state-group [group-id] [detail] Command Mode: EXEC Displays status information on a specified uplink-state group or all groups. Valid group-id values are 1 to 16.
Figure 53-3.
www.dell.com | support.dell.com Figure 53-4.
Sample Configuration: Uplink Failure Detection Figure 53-7 shows a sample configuration of Uplink Failure Detection on a switch/router in which you: • • • • • • Configure uplink-state group 3. Add downstream links Gigabitethernet 0/1, 0/2, 0/5, 0/9, 0/11, and 0/12. Configure two downstream links to be disabled if an upstream link fails. Add upstream links Gigabitethernet 0/3 and 0/4. Add a text description for the group. Verify the configuration with various show commands. Figure 53-7.
www.dell.com | support.dell.
54 Upgrade Procedures Find the upgrade procedures Go to the Dell Networking OS Release Notes for your system type to see all the requirements to upgrade to the desired Dell Networking OS version. Follow the procedures in the Dell Networking OS Release Notes for the software version you wish to upgrade to. Get Help with upgrades Direct any questions or concerns about Dell Networking OS Upgrade Procedures to Dell Networking Technical Support Center.
| Upgrade Procedures www.dell.com | support.dell.
55 VLAN VLANs are supported on platforms: ces This chapter contains the following configuration topics: • • • • • • • Create a VLAN Assign Interfaces to VLANs Enable Routing between VLANs Use a Native VLAN on Trunk Ports Change the Default VLAN ID Set the Null VLAN as the Default VLAN Enable VLAN Interface Counters Virtual LAN Overview A Local Area Network (LAN) is a collection of devices in the same broadcast domain.
www.dell.com | support.dell.com Virtual LANs (VLANs) are a cost-effective method of segmenting and organizing a network. A single switch can be divided into multiple broadcast domains so that devices can be grouped and isolated; each logical segment is virtual LAN. Applying VLANs reduces broadcast traffic, introduces flexibility in the placement of devices on the network, and increases network security by allowing separate policies to be applied to each group.
VLAN Tagging Since a port may belong to more than one VLAN, the switch must be able to identify the VLAN two which a broadcast frame belongs. For this case, IEEE 802.1Q defines a method of marking frames to indicate the VLAN on which the frame originated. The marker, called a VLAN tag, is 4 bytes and is inserted after the source MAC in the Ethernet frame header, as shown in Figure 55-2.
www.dell.com | support.dell.com Figure 55-4. Switch Behavior for Tagged/Untagged Port Mismatch ports on either side of the link are untagged so traffic is forwarded but on the default VLAN tagged tagged tagged untagged untagged X (no config) X untagged tagged untagged (no config) ports on either side of the link are untagged so traffic is forwarded but on the default VLAN Default VLAN The Default VLAN and is part of the system startup configuration, and is by default VLAN 1.
• • Set the Null VLAN as the Default VLAN Enable VLAN Interface Counters Related Protocols and Topics The following protocols and topics are premised on VLANs, and contain more information about the utility of VLANs: • • • • 802.1X Chapter 16, GARP VLAN Registration Protocol. Chapter 45, Service Provider Bridging Chapter 39, Per-VLAN Spanning Tree Plus. Create a VLAN A VLAN is created when you assign it a VLAN ID. Task Command Syntax Command Mode Create a VLAN.
www.dell.com | support.dell.com Assign Interfaces to VLANs A port may either be an untagged member of a single VLAN, or a tagged member of perhaps multiple VLANs. • • Untagged Ports — ports that do not append an 802.1Q VLAN tag to frames on egress, and do not accept tagged frames on ingress (tagged frames are dropped). Untagged ports must be connected to VLAN-unaware devices. Tagged Ports — ports that append an 802.
Step Task Command Syntax Command Mode FTOS#show vlan Codes: * - Default VLAN, G - GVRP VLANs * NUM 1 2 Status Inactive Active 3 Active Q Ports T T T T T Po1(So 0/0-1) Gi 3/0 Po1(So 0/0-1) Gi 3/1 Po1(So 0/0-1) 4 Active FTOS(conf)#int vlan 4 FTOS(conf-if-vlan)#untagged gi 3/2 FTOS(conf-if-vlan)#show config ! interface Vlan 4 no ip address untagged GigabitEthernet 3/2 FTOS#show vlan Codes: * - Default VLAN, G - GVRP VLANs * NUM 1 2 Status Inactive Active 3 Active 4 Active Q Ports T T T T U
www.dell.com | support.dell.com Figure 55-5. Communicating between VLANs VLAN 100 10.11.100.1/24 VLAN 200 10.11.200.1/24 Task Command Syntax Command Mode Assign an IP address to a VLAN interface. ip address address/mask INTERFACE VLAN Use a Native VLAN on Trunk Ports Traditionally, a port may either be an untagged member of a single VLAN or a tagged member of multiple VLANs. However, Dell Networking OS allows you to make a port an untagged member and a tagged member of VLANs, concurrently.
To configure a port so that it has a native VLAN: Step 1 Task Command Remove any Layer 2 or Layer 3 configurations from the interface. Command Mode INTERFACE If the port has any configurations on it when you enter the command portmode hybrid, Dell Networking OS rejects the configuration, citing the following message: % Error: Port is in Layer-2 mode . 2 Configure the interface for hybrid mode. portmode hybrid INTERFACE 3 Configure the interface for switchport mode.
www.dell.com | support.dell.com 1120 Enable VLAN Interface Counters Use a Native VLAN on Trunk Ports is available only on platform: ex Note: VLAN egress counters might be higher than expected because source-suppression drops are counted. | Task Command Syntax Command Mode Configure ingress, egress or both counters for VLAN interfaces.
56 Virtual Routing and Forwarding (VRF) Virtual Routing and Forwarding (VRF) (VRF) is supported on platforms: e and c. VRF allows a physical router to partition itself into multiple Virtual Routers (VRs). The control and data plane are isolated in each VR so that traffic does NOT flow across VRs.Virtual Routing and Forwarding (VRF) allows multiple instances of a routing table to co-exist within the same router at the same time.
www.dell.com | support.dell.com Figure 56-1. VRF Network Example Edge Routers Customer Edge Routers Customer Edge Routers Provider Edge Routers Network without VRF Provider Edge Router with VRF Customer Edge Routers Provider Edge Router with VRF Customer Edge Routers Network with VRF VRF Configuration Notes On E-Series routers, Dell Networking VRF supports up to 15 VRF instances: 1 to 14 and the default VRF (0). Starting in C-Series release 8.4.7.
A network device may have the ability to configure different virtual routers, where each one has its own FIB that is not accessible to any other virtual router instance on the same device. Only Layer 3 interfaces can belong to a VRF.
www.dell.com | support.dell.com Table 56-1. Feature/Capability Supported? Note Layer 3 (IPv4/IPv6) ACLs, TraceLists, PBR, QoS on VLANs Yes Layer 3 (IPv4/IPv6) ACLs, TraceLists, PBR, QoS on physical interfaces and LAGs ACLs supported on all VRF VLAN ports. TraceLists are common for entire line card (except on ExaScale). PBR supported on default-VRF only. QoS not supported on VLANs. ACLs supported on all VRF ports. TraceLists are common for entire line card (except on ExaScale).
Layer 3 CAM resources are shared among all VRF instances. To ensure that each VRF instance has sufficient CAM space: • On an E-Series Terascale platform, use the cam-profile ipv4-vrf or cam-profile ipv4-v6-vrf command and reload the system command to activate the VRF CAM profile for IPv4 or IPv6. • On an E-Series Exascale platform, use the cam-profile command to set the CAM size. Then select and enable VRF microcode for use with the VRF CAM-profile template, and reload the system to activate the profile.
www.dell.com | support.dell.com Table 56-3. IPv4-v6-VRF CAM Profiles (Single CAM card) CAM Profile Table Allocation (K) L2FIB 32K L2ACL 3K IPv4FIB 64K IPv4ACL 1K IPv4Flow 12K EgL2ACL 1K EgIPv4ACL 11K Reserved 2K IPv6FIB 18K IPv6ACL 4K IPv6Flow 3K EgIPv6ACL 1K DHCP DHCP requests are not forwarded across VRF instances. The DHCP client and server must be on the same VRF instance. IP addressing Starting in E-Series release 8.4.1.0 and C-Series release 8.4.7.
• • • View VRF instance information Connect an OSPF process to a VRF instance Configure VRRP on a VRF Interface Load the VRF CAM Profile On an E-series Terascale platform, select the IPv4 or IPv6 CAM profile used to support VRF and reload the system to activate the profile. Step Task Command Syntax Command Mode 1 Select the appropriate CAM profile for your system.
www.dell.com | support.dell.com • • • • RIP IPv6 Multicast Static ARP Task Command Syntax Command Mode Create a non-default VRF instance by specifying a name and VRF ID number, and enter VRF configuration mode. The default VRF 0 is automatically configured when a router with VRF loaded in CAM boots up. ip vrf vrf-name vrf-id CONFIGURATION or ip vrf management VRF ID range: 1 to 14 and 0 (default VRF) Note: In C-Series release 8.4.7.0, the VRF ID range is from 1 to 15 and the default VRF is 0.
• All VLAN member ports must be removed from a VLAN that you move from one VRF instance to another. Task Command Syntax Command Mode Assign an interface to a VRF instance. ip vrf forwarding vrf-name INTERFACE View VRF instance information To display information about VRF configuration, enter the show ip vrf command. Task Command Syntax Command Mode Display the interfaces assigned to a VRF instance.
www.dell.com | support.dell.com In a virtualized network that consists of multiple VRFs, various overlay networks can exist on a shared physical infrastructure. Nodes (hosts and servers) that are part of the VRFs can be configured with IP static routes for reaching specific destinations through a given gateway in a VRF. VRRP provides high availability and protection for next-hop static routes by eliminating a single point of failure in the default static routed network.
Figure 56-3. Set up VRF interfaces interface GigabitEthernet 9/18 ip vrf forwarding blue ip address 11.0.0.1/24 no shutdown interface GigabitEthernet 7/0 ip vrf forwarding blue ip address 10.0.0.1/24 no shutdown interface GigabitEthernet 9/19 ip vrf forwarding orange ip address 21.0.0.1/24 no shutdown interface GigabitEthernet 7/1 ip vrf forwarding orange ip address 20.0.0.1/24 no shutdown interface GigabitEthernet 9/20 ip vrf forwarding green ip address 31.0.0.
www.dell.com | support.dell.com The following example relates to the configuration shown in Figure 56-2 and Figure 56-3. ROUTER 1 cam-profile ipv4-vrf microcode ipv4-vrf ! ip vrf default-vrf 0 ! ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet 3/0 no ip address switchport no shutdown ! interface GigabitEthernet 7/0 ip vrf forwarding blue ip address 10.0.0.1/24 no shutdown ! interface GigabitEthernet 7/1 ip vrf forwarding orange ip address 20.0.0.
ROUTER 1 continued router ospf 1 vrf blue router-id 1.0.0.1 network 1.0.0.0/24 area 0 network 10.0.0.0/24 area 0 ! router ospf 2 vrf orange router-id 2.0.0.1 network 2.0.0.0/24 area 0 network 20.0.0.0/24 area 0 ! ip route vrf green 31.0.0.0/24 3.0.0.
www.dell.com | support.dell.com ROUTER 2 continued interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.2/24 tagged TenGigabitEthernet 3/0 no shutdown ! interface Vlan 256 ip vrf forwarding green ip address 3.0.0.2/24 tagged TenGigabitEthernet 3/0 no shutdown ! router ospf 1 vrf blue router-id 1.0.0.2 network 11.0.0.0/24 area 0 network 1.0.0.0/24 area 0 passive-interface GigabitEthernet 9/18 ! router ospf 2 vrf orange router-id 2.0.0.2 network 21.0.0.0/24 area 0 network 2.0.0.
. ROUTER 1 continued FTOS#show ip ospf 1 neighbor Neighbor ID Pri State 1.0.0.2 1 FULL/DR FTOS#sh ip ospf 2 neighbor Neighbor ID Pri State 2.0.0.2 1 FULL/DR FTOS#show ip route vrf blue Dead Time Address 00:00:32 1.0.0.2 Interface Area Vl 128 0 Dead Time Address 00:00:37 2.0.0.
www.dell.com | support.dell.com The following shows the output of the show commands on Router 2. ROUTER 2 FTOS#show ip vrf VRF-Name VRF-ID Interfaces default-vrf 0 blue 1 orange Gi Te Gi Gi Gi Gi Gi Gi Gi Ma Ma Nu Vl Gi Vl 2 1/0-89, 3/0-3, 4/0-89, 5/0-89, 6/0-89, 9/0-17,21-47, 11/0-47, 12/0-47, 13/0-47, 0/0, 1/0, 0, 1 9/18, 128 Gi 9/19, Vl 192 Gi 9/20, Vl 256 green 3 FTOS#show ip ospf 1 neighbor Neighbor ID Pri State 1.0.0.1 1 FULL/BDR ! FTOS#sh ip ospf 2 neighbor Neighbor ID Pri State 2.0.0.
ROUTER 2 continued FTOS#show ip route vrf orange Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set C O C Destination --------
www.dell.com | support.dell.
57 Virtual Link Trunking (VLT) Virtual link trunking (VLT) is supported on the C-Series c. Overview VLT allows physical links between two chassis to appear as a single virtual link to the network core or other switches such as Edge, Access, or top-of-rack (ToR). VLT reduces the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches, and by supporting a loop-free topology.
www.dell.com | support.dell.com The following example shows VLT deployed on C-Series switches. The C-Series switches appear as a single virtual switch from the point of view of the switch or server supporting link aggregation control protocol (LACP). Note: In Figure 57-1, the term VLT Backup Link denotes both a VLT back-up link as well as a VLT secondary back-up link. Figure 57-1. VLT on C-Series Switches VLT on Core Switches You can also deploy VLT on core switches.
Enhanced VLT An enhanced VLT (eVLT) configuration creates a port channel between two VLT domains by allowing two different VLT domains, using different VLT domain ID numbers, connected by a standard link aggregation control protocol (LACP) LAG to form a loop-free Layer 2 topology in the aggregation layer. This configuration supports a maximum of four units, increasing the number of available ports and allowing for dual redundancy of the VLT.
www.dell.com | support.dell.com VLT Terminology The following are key VLT terms: • • • • • Virtual link trunk (VLT)—The combined port channel between an attached device and the VLT peer switches. VLT backup link—The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, periodic keep alive messages between the VLT peer switches. VLT interconnect (VLTi)—The link used to synchronize states between the VLT peer switches. Both ends must be on 10G or 40G interfaces.
• • • If the source is connected to an orphan (non-spanned, non-VLT) port in a VLT peer, the receiver is connected to a VLT (spanned) port-channel, and the VLT port-channel link between the VLT peer connected to the source and TOR is down, traffic is duplicated due to route inconsistency between peers. To avoid this scenario, Dell Networking recommends configuring both the source and the receiver on a spanned VLT VLAN.
www.dell.com | support.dell.com • • Separately configure each VLT peer switch with the same VLT domain ID and the VLT version. If the system detects mismatches between VLT peer switches in the VLT domain ID or VLT version, the VLT Interconnect (VLTi) does not activate. To find the reason for the VLTi being down, use the show vlt statistics command to verify that there are mismatch errors, then use the show vlt brief command on each VLT peer to view the VLT version on the peer switch.
• • • If the link between the VLT peer switches is established, changing the VLT system MAC address or the VLT unit-id causes the link between the VLT peer switches to become disabled. However, removing the VLT system MAC address or the VLT unit-id may disable the VLT ports if you happen to configure the unit ID or system MAC address on only one VLT peer at any time.
www.dell.com | support.dell.com • Note: PVST+ passthrough is supported in a VLT domain. PVST+ BPDUs does not result in an interface shutdown. PVST+ BPDUs for a non-default VLAN is flooded out as any other L2 multicast packet. On a default VLAN, RTSP is part of the PVST+ topology in that specific VLAN (default VLAN). • • • • • 1146 Software features supported on VLT port-channels • In a VLT domain, the following software features are supported on VLT port-channels: 802.
• • On a link fail over, when a VLT port channel fails, the traffic destined for that VLT port channel is redirected to the VLTi to avoid flooding.– • When a VLT switch determines that a VLT port channel has failed (and that no other local port channels are available), the peer with the failed port channel notifies the remote peer that it no longer has an active port channel for a link.
www.dell.com | support.dell.com RSTP can cause temporary port state blocking and may cause topology changes after link or node failures. Spanning tree topology changes are distributed to the entire layer 2 network, which can cause a network-wide flush of learned MAC and ARP addresses, requiring these addresses to be re-learned. However, enabling RSTP can detect potential loops caused by non-system issues such as cabling errors or incorrect configurations.
This delay in bringing up the VLT ports also applies when the VLTi link recovers from a failure that caused the VLT ports on the secondary VLT peer node to be disabled. PIM-Sparse Mode Support on VLT The designated router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports. VLT peer switches can act as a last-hop router for IGMP receivers and as a first-hop router for multicast sources. Figure 57-3.
www.dell.com | support.dell.com On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes is elected as the PIM designated router. If you configured IGMP snooping along with PIM on the VLT VLANs, you must configure VLTi as the static multicast router port on both VLT peer switches. This ensures that for first hop routers, the packets from the source are redirected to the designated router (DR) if they are incorrectly hashed.
Spanned VLANs Any VLAN configured on both VLT peer nodes is referred to as a Spanned VLAN. The VLT Interconnect (VLTi) port is automatically added as a member of the Spanned VLAN. As a result, any adjacent router connected to at least one VLT node on a Spanned VLAN subnet is directly reachable from both VLT peer nodes at the routing level. VLT Unicast Routing VLT unicast routing is supported on the C-Series platform. VLT unicast routing locally routes packets destined for the L3 endpoint of the VLT peer.
www.dell.com | support.dell.com VLT Multicast Routing VLT multicast routing is supported on the C-Series platform. VLT Multicast Routing provides resiliency to multicast routed traffic during the multicast routing protocol convergence period after a VLT link or VLT peer fails using the least intrusive method (PIM) and does not alter current protocol behavior. Unlike VLT Unicast Routing, a normal multicast routing protocol does not exchange multicast routes between VLT peers.
Configuring VLT Multicast To enable and configure VLT multicast, follow these steps. 1. Enable VLT on a switch, then configure a VLT domain and enter VLT-domain configuration mode. CONFIGURATION mode vlt domain domain-id 2. Enable peer-routing. VLT DOMAIN mode peer-routing 3. Configure the multicast peer-routing timeout. VLT DOMAIN mode peer-routing—timeout value value: Specify a value (in seconds) from 1 to 1200. 4. Configure a PIM-SM compatible VLT node as a designated router (DR).
www.dell.com | support.dell.com Run RSTP on both VLT peer switches. The primary VLT peer controls the RSTP states, such as forwarding and blocking, on both the primary and secondary peers. Dell Networking recommends configuring the primary VLT peer as the RSTP primary root device and configuring the secondary VLT peer as the RSTP secondary root device. BPDUs use the MAC address of the primary VLT peer as the RSTP bridge ID in the designated bridge ID field.
The following examples show the RSTP Configuration that you must perform on each peer switch to prevent forwarding loops.
www.dell.com | support.dell.com CONFIGURATION mode interface port-channel id-number Enter the same port-channel number configured with the peer-link port-channel command as described in Enabling VLT and Creating a VLT Domain. Note: To be included in the VLTi, the port channel must be in Default mode (no switchport or VLAN assigned). 2. Remove an IP address from the interface. INTERFACE PORT-CHANNEL mode no ip address. 3. Add one or more port interfaces to the port channel.
You can optionally specify the time interval used to send hello messages. The range is from 1 to 5 seconds. 3. (Optional) If the remote VLT peer has a standby RPM, then configure back-up-secondary to the management IP address of the standby RPM.. Note: From the standby RPM on the switch, ping the management address on the remote VLT peer and the management IP address of the standby RPM on the remote VLT peer to verify link connectivity.
www.dell.com | support.dell.com MANAGEMENT INTERFACE mode {ip address ipv4-address/ mask | ipv6 address ipv6-address/ mask} This is the IP address to be configured on the VLT peer with the back-up destination command. 3. Ensure that the interface is active. MANAGEMENT INTERFACE mode no shutdown 4. Repeat Steps 1 to 3 on the VLT peer switch. To set an amount of time, in seconds, to delay the system from restoring the VLT port, use the delay-restore command at any time.
The priority values are from 1 to 65535. The default is 32768. 3. (Optional) When you create a VLT domain on a switch, Dell Networking OS automatically creates a VLT-system MAC address used for internal system operations. VLT DOMAIN CONFIGURATION mode system-mac mac-address mac-address To explicitly configure the default MAC address for the domain by entering a new MAC address, use the system-mac command. The format is aaaa.bbbb.cccc. Also, reconfigure the same MAC address on the VLT peer switch.
www.dell.com | support.dell.com 4. Add one or more port interfaces to the port channel. INTERFACE PORT-CHANNEL mode channel-member interface interface: specify one of the following interface types: — 1-Gigabit Ethernet: enter gigabitethernet slot/port. — 10-Gigabit Ethernet: enter tengigabitethernet slot/port. — 40-Gigabit Ethernet: enter fortyGigE slot/port. 5. Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown 6.
The range is from 1 to 4094. Configuring Enhanced VLT (eVLT) (Optional) To configure enhanced VLT (eVLT) between two VLT domains on your network, use the following procedure. For a sample configuration, refer to eVLT Configuration Example. To set up the VLT domain, use the following commands. 1. Configure the port channel to be used for the VLT interconnect on a VLT switch and enter interface configuration mode.
www.dell.com | support.dell.com You can optionally specify the time interval used to send hello messages. The range is from 1 to 5 seconds. 7. When you create a VLT domain on a switch, Dell Networking OS automatically creates a VLT-system MAC address used for internal system operations. VLT DOMAIN CONFIGURATION mode system-mac mac-address mac-address To explicitly configure the default MAC address for the domain by entering a new MAC address, use the system-mac command. The format is aaaa.bbbb.cccc.
13. Add links to the eVLT port. Configure a range of interfaces to bulk configure. CONFIGURATION mode interface range {port-channel id} 14. Enable LACP on the LAN port. INTERFACE mode port-channel-protocol lacp 15. Configure the LACP port channel mode. INTERFACE mode port-channel number mode [active] 16. Ensure that the interface is active. MANAGEMENT INTERFACE mode no shutdown 17. Repeat steps 1 through 16 for the VLT peer node in Domain 1. 18.
www.dell.com | support.dell.com 7. Configure the peer 1 management ip/ interface ip for which connectivity is present in VLT peer 1. EXEC mode or EXEC Privilege mode show interfaces interface 8. Configure the VLT links between VLT peer 1 and VLT peer 2 to the top of rack unit (shown in the following example). 9. Configure the static LAG/LACP between ports connected from VLT peer 1 and VLT peer 2 to the top of rack unit. EXEC Privilege mode show running-config entity 10.
2. Configure the peer-link port-channel in the VLT domains of each peer unit. FTOS-2(conf)#interface port-channel 1 FTOS-2(conf-if-po-1)#channel-member TenGigabitEthernet 0/4-7 FTOS-4(conf)#interface port-channel 1 FTOS-4(conf-if-po-1)#channel-member TenGigabitEthernet 0/4-7 Configure the backup link between the VLT peer units. 1. Configure the peer 2 management ip interface ip for which connectivity is present in VLT peer 1. 2.
www.dell.com | support.dell.com 2. Configure the VLT peer link port channel id in VLT peer 1 and VLT peer 2. 3. In the Top of Rack unit, configure LACP in the physical ports (shown for VLT peer 1 only. Repeat steps for VLT peer 2. The bold vlt-peer-lag port-channel 31 indicates that port-channel 31 is the port-channel id configured in VLT peer 2).
In the ToR unit, configure LACP on the physical ports.
www.dell.com | support.dell.com Verify VLT is up. Verify that the VLTi (ICL) link, backup link connectivity (heartbeat status), and VLT peer link (peer chassis) are all up.
Verify that the VLT LAG is up in both VLT peer units. FTOS_VLTPeer1#show interfaces port-channel 21 brief Codes: L - LACP Port-channel L LAG Mode 21 L2L3 Status up Uptime 00:03:21 Ports Te 1/2 (Up) FTOS_VLTPeer2#show interfaces port-channel 30 brief Codes: L - LACP Port-channel L LAG Mode 31 L2L3 Status up Uptime 18:49:05 Ports Te 1/3 (Up) eVLT Configuration Example The following example demonstrates the steps to configure enhanced VLT (eVLT) in a network.
www.dell.com | support.dell.com eVLT Configuration Step Examples In Domain 1, configure the VLT domain and VLTi on Peer 1. Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)# channel-member TenGigabitEthernet 0/8-9 Domain_1_Peer1(conf)#vlt domain 1000 Domain_1_Peer1(conf-vlt-domain)# peer-link port-channel 1 Domain_1_Peer1(conf-vlt-domain)# back-up destination 10.16.130.11 Domain_1_Peer1(conf-vlt-domain)# back-up-secondary destination 10.16.130.
Add links to the eVLT port-channel on Peer 2. Domain_1_Peer2(conf)#interface range tengigabitethernet 0/4 - 5 Domain_1_Peer2(conf-if-range-te-0/16-17)# port-channel-protocol LACP Domain_1_Peer2(conf-if-range-te-0/16-17)# port-channel 100 mode active Domain_1_Peer2(conf-if-range-te-0/16-17)# no shutdown In Domain 2, configure the VLT domain and VLTi on Peer 3.
www.dell.com | support.dell.com Next, configure the VLT domain and VLTi on Peer 4. Domain_2_Peer4#configure Domain_2_Peer4(conf)#interface port-channel 1 Domain_2_Peer4(conf-if-po-1)# channel-member TenGigabitEthernet 0/8-9 Domain_2_Peer4#no shutdown Domain_2_Peer4(conf)#vlt domain 200 Domain_2_Peer4(conf-vlt-domain)# peer-link port-channel 1 Domain_2_Peer4(conf-vlt-domain)# back-up destination 10.18.130.22 Domain_2_Peer4(conf-vlt-domain)# back-up-secondary destination 10.18.130.
Configure the VLTi port as a static multicast router port for the VLAN. VLT_Peer1(conf)#interface vlan 4001 VLT_Peer1(conf-if-vl-4001)#ip igmp snooping mrouter interface port-channel 128 VLT_Peer1(conf-if-vl-4001)#exit VLT_Peer1(conf)#end Repeat these steps on VLT Peer Node 2. VLT_Peer2(conf)#ip multicast-routing VLT_Peer2(conf)#interface vlan 4001 VLT_Peer2(conf-if-vl-4001)#ip address 140.0.0.
www.dell.com | support.dell.com EXEC mode show spanning-tree rstp • Display the current status of a port or port-channel interface used in the VLT domain. EXEC mode show interfaces interface • specify one of the following interface types: Fast Ethernet: enter fast ethernet slot/port. 1-Gigabit Ethernet: enter gigabitethernet slot/port. 10-Gigabit Ethernet: enter tengigabitethernet slot/port. 40-Gigabit Ethernet: enter fortyGigE slot/port. Port channel: enter port-channel {1-128}.
Example of the show vlt brief Command.
www.dell.com | support.dell.com Example of the show vlt detail Command.
Example of the show vlt role Command. FTOS_VLTpeer1# show vlt role VLT Role --------VLT Role: Primary System MAC address: 00:01:e8:8a:df:bc System Role Priority: 32768 Local System MAC address: 00:01:e8:8a:df:bc Local System Role Priority: 32768 FTOS_VLTpeer2# show vlt role VLT Role --------VLT Role: Secondary System MAC address: 00:01:e8:8a:df:bc System Role Priority: 32768 Local System MAC address: 00:01:e8:8a:df:e6 Local System Role Priority: 32768 Example of the show running-config vlt Command.
www.dell.com | support.dell.com Example of the show vlt statistics Command.
FTOS_VLTpeer2#show vlt statistics VLT Domain Statistics ----------------------HeartBeat Messages Sent: 117057 HeartBeat Messages Received: 116200 ICL Hello's Sent: 38847 ICL Hello's Received: 38774 Domain Mismatch Errors: 0 Version Mismatch Errors: 0 Config Mismatch Errors: 0 VLT MAC Statistics -------------------L2 Info Pkts sent:19, L2 Info Pkts Rcvd:61, L2 Reg Request sent:5 L2 Reg Request rcvd:5 L2 Mac-sync Pkts Sent:7507 L2 Mac-sync Pkts Rcvd:7143 L2 Reg Response sent:4 L2 Reg Response rcvd:3 VLT Igm
www.dell.com | support.dell.com FTOS_VLTpeer1# show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e88a.dff8 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 4096, Address 0001.e88a.d656 Configured hello time 2, max age 20, forward delay 15 Interface Name PortID Prio ------ ------ ----Po 1 128.2 128 Po 3 128.4 128 Po 4 128.5 128 Po 100 128.101128 Po 110 128.111128 Po 111 128.112128 Po 120 128.
Configuring Virtual Link Trunking (VLT Peer 1) Enable VLT and create a VLT domain with a backup-link and interconnect trunk (VLTi). FTOS_VLTpeer1(conf)#vlt domain 999 FTOS_VLTpeer1(conf-vlt-domain)#peer-link port-channel 100 FTOS_VLTpeer1(conf-vlt-domain)#back-up destination 10.11.206.35 FTOS_VLTpeer1(conf-vlt-domain)#back-up-secondary destination 10.11.206.36 FTOS_VLTpeer1(conf-vlt-domain)#exit Configure the backup link.
www.dell.com | support.dell.com Verify that the port channels used in the VLT domain are assigned to the same VLAN.
Configure the VLT interconnect (VLTi). FTOS_VLTpeer2(conf)#interface port-channel 100 FTOS_VLTpeer2(conf-if-po-100)#no ip address FTOS_VLTpeer2(conf-if-po-100)#channel-member fortyGigE 3/4,8 FTOS_VLTpeer2(conf-if-po-100)#no shutdown FTOS_VLTpeer2(conf-if-po-100)#exit Configure the port channel to an attached device.
www.dell.com | support.dell.com 1184 Table 57-1. Troubleshooting VLT Description | Behavior at Peer Up Behavior During Run Time Action to Take Bandwidth monitoring A syslog error message and an SNMP trap is generated when the VLTi bandwidth usage goes above the 80% threshold and when it drops below 80%. A syslog error message and an SNMP trap is generated when the VLTi bandwidth usage goes above its threshold. Depending on the traffic that is received, the traffic can be offloaded in VLTi.
Table 57-1. Troubleshooting VLT (continued) Description Behavior at Peer Up Behavior During Run Time Action to Take Version ID mismatch A syslog error message and an SNMP trap are generated. A syslog error message and an SNMP trap are generated. Verify the Dell Networking OS software versions on the VLT peers is compatible. For more information, refer to the Release Notes for this release. VLT LAG ID is not configured on one VLT peer A syslog error message is generated.
www.dell.com | support.dell.
58 Virtual Router Redundancy Protocol (VRRP) IPv4 Virtual Router Redundancy Protocol (VRRP) is available on platforms: IPv6 VRRP (VRRP version 3) is available on platforms: ces ces This chapter covers the following information: • • • • • VRRP Overview VRRP Benefits VRRP Implementation VRRP Configuration Sample Configurations Virtual Router Redundancy Protocol (VRRP) is designed to eliminate a single point of failure in a statically routed network.
www.dell.com | support.dell.com Figure 58-1 shows a typical network configuration using VRRP. Instead of configuring the hosts on the network 10.10.10.0 with the IP address of either Router A or Router B as their default router; their default router is the IP Address configured on the virtual router. When any host on the LAN segment wants to access the Internet, it sends packets to the IP address of the virtual router. In Figure 58-1 below, Router A is configured as the MASTER router.
VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and they are not dependent on IGP protocols to converge or update routing tables.
www.dell.com | support.dell.com Note: 1500 VRRP groups are supported in Dell Networking OS Release 6.3.1.0 and later. The recommendations in Table 58-1 may vary depending on various factors like ARP broadcasts, IP broadcasts, or STP before changing the advertisement interval. When the number of packets processed by RP2/CP/FP processor increases or decreases based on the dynamics of the network, the advertisement intervals in may increase or decrease accordingly.
VRRP Configuration By default, VRRP is not configured.
www.dell.com | support.dell.com Figure 58-3. Command Example Display: show config for the Interface FTOS(conf-if-gi-1/1)#show conf ! interface GigabitEthernet 1/1 ip address 10.10.10.1/24 ! vrrp-group 111 no shutdown FTOS(conf-if-gi-1/1)# Note that the interface has an IP Address and is enabled Assign Virtual IP addresses Virtual routers contain virtual IP addresses configured for that VRRP Group (VRID).
• • If the virtual IP address and the interface’s primary/secondary IP address are the same, the priority on that VRRP group is automatically set to 255. The interface then becomes the MASTER/OWNER router of the VRRP group and the interface’s physical MAC address is changed to that of the owner VRRP group’s MAC address. (You can also configure a priority for the group even if the group is owned.
www.dell.com | support.dell.com Figure 58-6 shows the same VRRP group configured on multiple interfaces on different subnets. Note: show vrrp displays all of the active IPv4 groups, and show ipv6 vrrp displays all of the active IPv6 groups. Figure 58-6. Command Example Display: show vrrp Same VRRP Group (VRID) FTOS#do show vrrp -----------------GigabitEthernet 1/1, VRID: 111, Net: 10.10.10.1 State: Master, Priority: 255, Master: 10.10.10.
Set VRRP Group (Virtual Router) Priority Setting a Virtual Router priority to 255 ensures that router is the “owner” virtual router for the VRRP group. VRRP elects the MASTER router by choosing the router with the highest priority. The default priority for a Virtual Router is 100. The higher the number, the higher the priority. If the MASTER router fails, VRRP begins the election process to choose a new MASTER router based on the next-highest priority.
www.dell.com | support.dell.com Configure VRRP Authentication Note: Authentication is not available for IPv6 VRRP. Simple authentication of VRRP packets ensures that only trusted routers participate in VRRP processes. When authentication is enabled, Dell Networking OS includes the password in its VRRP transmission, and the receiving router uses that password to verify the transmission.
Disable Preempt The preempt command is enabled by default, and it forces the system to change the MASTER router if another router with a higher priority comes online. Prevent the BACKUP router with the higher priority from becoming the MASTER router by disabling preempt. Note: All virtual routers in the VRRP group must be configured the same: all configured with preempt enabled or configured with preempt disabled.
www.dell.com | support.dell.com Change the Advertisement interval By default, the MASTER router transmits a VRRP advertisement to all members of the VRRP group every 1 second, indicating it is operational and is the MASTER router. If the VRRP group misses 3 consecutive advertisements, then the election process begins and the BACKUP virtual router with the highest priority transitions to MASTER.
Track an Interface or Object In previous releases, you could set Dell Networking OS to track the state of an interface for a specified virtual group. Starting in release 8.4.1.0, you can track additional objects for a virtual group, such as Layer 3 interfaces (IPv4 and IPv6), IPv4/IPv6 route reachability, and thresholds of IPv4/IPv6 route metrics. For information on how to track supported objects, refer to Chapter 30, Object Tracking.
www.dell.com | support.dell.com To track an interface or configured object for a virtual group, use the track command in the VRRP mode: Task Command Syntax Command Mode Monitor an interface or a configured object and, optionally, reconfigure the cost value to be subtracted from the VRRP group priority if the status of the tracked object goes DOWN. track {interface | object-id} [priority-cost cost] Valid object IDs are from 1 to 65535. Cost range: 1-254.
Figure 58-16. Command Example: show track FTOS#show track Track 2 IPv6 route 2040::/64 metric threshold Metric threshold is Up (STATIC/0/0) 5 changes, last change 00:02:16 Metric threshold down 255 up 254 First-hop interface is GigabitEthernet 13/2 Tracked by: VRRP GigabitEthernet 7/30 IPv6 VRID 1 Track 3 IPv6 route 2050::/64 reachability Reachability is Up (STATIC) 5 changes, last change 00:02:16 First-hop interface is GigabitEthernet 13/2 Tracked by: VRRP GigabitEthernet 7/30 IPv6 VRID 1 Figure 58-17.
www.dell.com | support.dell.com VRRP on a VRF Interface VRRP is supported with Virtual Routing and Forwarding (VRF) only on platform: ec Starting in release E-Series 8.4.1.0 and C-Series release 8.4.7.0, you can configure the VRRP feature on interfaces that belong to a non-default Virtual Routing and Forwarding (VRF) instance on E-Series routers. In previous releases, the VRRP feature was not supported on interfaces that were configured for VRF.
Note: On E-Series routers, the VRID used by the VRRP protocol changes according to whether VRF microcode is loaded or not: • When VRF microcode is not loaded in CAM, the VRID for a VRRP group is the same as the VRID number configured with the vrrp-group or vrrp-ipv6-group command: Figure 58-19. VRID used when VRF microcode is not loaded FTOS(conf)#interface GigabitEthernet 3/0e FTOS(conf-if-gi-3/0)#ip address 1.1.1.1/24 FTOS(conf-if-gi-3/0)#vrrp-group 111 FTOS(conf-if-gi-3/0-vrid-111)#virtual-ip 1.1.1.
www.dell.com | support.dell.com Sample Configurations VRRP for IPv4 Configuration The configuration in Figure 58-21 shows how to enable IPv4 VRRP. This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, etc.
Figure 58-22. Configure VRRP for IPv4 Router 2 R2(conf)#int gi 2/31 R2(conf-if-gi-2/31)#ip address 10.1.1.1/24 R2(conf-if-gi-2/31)#vrrp-group 99 R2(conf-if-gi-2/31-vrid-99)#priority 200 R2(conf-if-gi-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-gi-2/31-vrid-99)#no shut R2(conf-if-gi-2/31)#show conf ! interface GigabitEthernet 2/31 ip address 10.1.1.1/24 ! vrrp-group 99 priority 200 virtual-address 10.1.1.
www.dell.com | support.dell.com VRRP for IPv6 Configuration 1206 Figure 58-22 shows an example of a VRRP for IPv6 configuration in which the IPv6 VRRP group consists of two routers. This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, etc.
Figure 58-23. VRRP for IPv6 Topology Master State: Although both R2 and R3 have the same priority (100), R2 is the master in the VRRP group because the R2 interface has a higher IPv6 address.
www.dell.com | support.dell.com Figure 58-24.
VRRP in VRF Configuration The example in this section shows how to enable VRRP operation in a VRF virtualized network for the following scenarios: • • Multiple VRFs on physical interfaces running VRRP Multiple VRFs on VLAN interfaces running VRRP To view a VRRP in VRF configuration, use the show commands described in Displaying a VRRP in VRF Configuration. Non-VLAN Scenario Figure 58-25. VRRP in VRF: Non-VLAN Example Switch-1 VRID 11 Node IP 10.10.1.5 Virtual IP 10.10.1.2 Switch-2 VRID 11 Node IP 10.
www.dell.com | support.dell.com Both Switch-1 and Switch-2 have three VRF instances defined: VRF-1, VRF-2, and VRF-3. Each VRF has a separate physical interface to a LAN switch and an upstream VPN interface to connect to the Internet. Both Switch-1 and Switch-2 use VRRP groups on each VRF instance in order that there is one master and one backup router for each VRF. In VRF-1 and VRF-2, Switch-2 serves as owner-master of the VRRP group and Switch-1 serves as the backup.
Figure 58-27. VRRP in VRF: Switch-2 Non-VLAN Configuration Switch-2 S2(conf)#ip vrf default-vrf 0 ! S2(conf)#ip vrf VRF-1 1 ! S2(conf)#ip vrf VRF-2 2 ! S2(conf)#ip vrf VRF-3 3 ! S2(conf)#interface GigabitEthernet 12/1 S2(conf-if-gi-12/1)#ip vrf forwarding VRF-1 S2(conf-if-gi-12/1)#ip address 10.10.1.2/24 S2(conf-if-gi-12/1)#vrrp-group 11 % Info: The VRID used by the VRRP group 11 in VRF 1 will be 177. S2(conf-if-gi-12/1-vrid-101)#priority 255 S2(conf-if-gi-12/1-vrid-101)#virtual-address 10.10.1.
www.dell.com | support.dell.com Figure 58-28. 1212 VRRP in VRF: Switch-1 VLAN Configuration Switch-1 S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface GigabitEthernet 12/4 S1(conf-if-gi-12/4)#no ip address S1(conf-if-gi-12/4)#switchport S1(conf-if-gi-12/4)#no shutdown ! S1(conf-if-gi-12/4)#interface vlan 100 S1(conf-if-vl-100)#ip vrf forwarding VRF-1 S1(conf-if-vl-100)#ip address 10.10.1.
Figure 58-29. VRRP in VRF: Switch-2 VLAN Configuration Switch-2 S2(conf)#ip vrf VRF-1 1 ! S2(conf)#ip vrf VRF-2 2 ! S2(conf)#ip vrf VRF-3 3 ! S2(conf)#interface GigabitEthernet 12/4 S2(conf-if-gi-12/4)#no ip address S2(conf-if-gi-12/4)#switchport S2(conf-if-gi-12/4)#no shutdown ! S2(conf-if-gi-12/4)#interface vlan 100 S2(conf-if-vl-100)#ip vrf forwarding VRF-1 S2(conf-if-vl-100)#ip address 10.10.1.
www.dell.com | support.dell.com Displaying a VRRP in VRF Configuration To display information on a VRRP group that is configured on an interface that belongs to a VRF instance, enter the show running-config track [interface interface] command: Figure 58-30. Command Example: show running-config track interface FTOS#show running-config interface gigabitethernet 13/4 interface GigabitEthernet 13/4 ip vrf forwarding red ip address 192.168.0.1/24 vrrp-group 4 virtual-address 192.168.0.
59 Dell Networking OS XML Feature Dell Networking OS XML Feature is supported on platforms: ce This chapter describes the Dell Networking OS XML Feature in the following major sections: • • • • • • • XML Functionality The Form of XML Requests and Responses The Configuration Request and Response The “Show” Request and Response Configuration Task List XML Error Conditions and Reporting Using display xml as a Pipe Option XML Functionality Through SSH/Telnet client sessions, Dell Networking OS XML provides
www.dell.com | support.dell.com — show rpm all — show linecard slot ID — show linecard all — show sfm slot ID — show logging 1-65535 — — — — show logging reverse show sfm show sfm all show version — show running-config—Only the full report is supported, no options.
This tag tells the CLI to invoke the EXEC PRIVILEGE mode. These requests encapsulate “show” commands. Response Format Similarly, every response from Dell Networking OS begins with the XML declaration, followed by a “Response” tag: :: :: What goes between the Response tags depends on the type of response, as discussed next.
www.dell.com | support.dell.com For details on responses to error conditions, see XML Error Conditions and Reporting. The “Show” Request and Response To generate an XML request that encapsulates a “show” command (to request a report), you use the tag instead of the tag as the Operation type. The schema of a show request allows only one , as shown here for the show linecard command.
Run an Dell Networking OS XML session Use the following procedure to start, run, and close an Dell Networking OS XML session: Step Command Syntax Command Mode Purpose terminal xml EXEC Privilege Invoke XML interface in Telnet and SSH client sessions. 2 [Construct input to the CLI by following the XML request schema, as described in The Form of XML Requests and Responses.
www.dell.com | support.dell.com Figure 59-2. Example of a Successful XML Session FTOS# terminal xml FTOS(xml)# Enter XML request with CTRL-Y or empty line Clear XML request with CTRL-C Exit XML mode with CTRL-Z: ip access standard test1
Configure a standard ACL To configure a standard ACL with XML, first enter Dell Networking OS XML mode, and then construct a configuration request, as described above. An example of a complete standard ACL configuration request message is: ip access list standard ToOspf seq 5 deny any seq 10 deny 10.2.0.0 /16 seq 15 deny 10.3.0.
www.dell.com | support.dell.com Create an egress ACL and apply rules to the ACL To create an egress ACL and apply rules to the ACL in one single XML request, first enter Dell Networking OS XML mode, and then construct the configuration request (see Run an Dell Networking OS XML session). The following example shows a configuration request message that accomplishes this task:
• • • — Invalid CLI commands or keywords — Invalid range of data specified in the CLI command XML_SCHEMA_ERROR—This error is caused by: — Invalid XML method or operation tags — Invalid object hierarchy or value out of range APPLICATION_ERROR—This error is caused by a failure to process the request, or a problem on the Dell Networking OS task. NO_ERROR—The XML request processed successfully.
www.dell.com | support.dell.com XML schema error This following XML request has transposed the and tag sets: ip access standard test2 The XML response to that malformed request is:
The second command in this XML request also makes an invalid request: ip access standard test1 no permit host 2.2.3.4 log count bytes The error response contains a of “APPLICATION_ERROR”, of “APPLICATION_ERROR” and a of “% Error: Access-list entry does not exist.
www.dell.com | support.dell.com Figure 59-3. 1226 Example: show linecard 0 | display xml FTOS>#show linecard 0 | display xml 0 online online EXW2PF3 - 2-port 10GE LAN/WAN PHY line card with XFP optics (EF3) EXW2PF3 - 2-port 10GE LAN/WAN PHY line card with XFP optics (EF3) 1.
60 C-Series Debugging and Diagnostics In addition to standard manageability features such as LEDs, SNMP alarms and traps, and Syslogging, the C-Series supports several diagnostic and debugging features that are crucial to isolating and resolving support issues during the operations and maintenance phase.
www.dell.com | support.dell.com Switch Fabric overview The switch fabric is formed through the installed RPMs and line cards via C-Series Switch Fabric (CSF) ASICs. Each RPM includes four CSFs, each of which provides eight Backplane Data (BDP) links, one link for each line card slot. In total, an RPM provides 32 BDP links of forwarding capacity. Each line card includes two CSFs.
Dell Networking OS Switch Agent (SWAGT) monitors the IDP and BDP links on the line cards. Dell Networking OS Link Monitoring task continually polls the status of the IDP and BDP links. If it finds an open link, the system brings down the link and reports the condition via a message similar to the one shown in Message 1.
www.dell.com | support.dell.com Figure 60-3. show sfm Command Example FTOS#show sfm Switch Fabric -- SFM 0 -Status Module Type Up Time -- SFM 1 -Status State: up : active : SFM - Switch Fabric Module : 1 day, 6 hr, 0 min : not present Use the Dell Networking OS Syslogging feature to monitor the overall status of the switch fabric. Changes in switch fabric status are reported via messages similar those in Message 2.
Table 60-2. Poll Manager Syslog Message Description Message Description POLLMGR-2-POLLMGR_RP M_ECC_ERR_DETECT Indicates that the system detected a single-bit ECC memory error in the RPM CPU memory (SDRAM). The system tracks the number of multi-bit errors and resets the system after a certain number of such errors are recorded. Upon reset, the system writes a failure trace file to the TRACE_LOG directory for analysis by Dell Networking.
www.dell.com | support.dell.com Inter-CPU timeouts The CP monitors the health status of the other processors using heartbeat messaging exchange. Dell Networking OS automatically saves critical information about the IPC failure to NVRAM. Such information includes: • • • • Status counters on the internal Ethernet interface Traffic profile of the inter-CPU bus Kernel drops High CPU exception conditions Upon the next boot, this information is uploaded to a file in the CRASH_LOG directory.
Dell Networking OS actually saves up to three persistent files depending upon the type of failure.
www.dell.com | support.dell.com Figure 60-5. show environment rpm Command Example FTOS#show environment rpm -- RPM Environment Status -Slot Status Temp Voltage -------------------------------------0 active 33C ok 1 not present Recognize an overtemperature condition An overtemperature condition occurs, for one of two reasons: • • The card genuinely is too hot. A sensor has malfunctioned. Inspect cards adjacent to the one reporting the condition to discover the cause.
2. Check air flow through the system. On the C-Series, air flows sideways from right to left. Ensure the air ducts are clean and that all fans are working correctly. 3. Once the software has determined that the temperature levels are within normal limits, the card can be re-powered safely. Use the power-on command in EXEC mode to bring the line card back online. In addition, Dell Networking requires that you install blanks in all slots without a line card to control airflow for adequate system cooling.
www.dell.com | support.dell.com The TRACE_LOG_DIR/TRACE_CURR_BOOT directory can be reached by FTP or by using the show file command from the flash://TRACE_LOG_DIR directory. Note: At reload this directory is renamed to flash:/TRACE_LOG_DIR/TRACE_LAST_BOOT and a new empty flash:/TRACE_LOG_DIR/TRACE_CURR_BOOT directory is created. Automatic trace log updates The system automatically saves trace files to the internal flash.
To manually write the contents of an RPM log to the internal flash: Task Command Syntax Command Mode Write the RPM trace log to flash. upload trace-log cp [cmd-history | hw-trace | sw-trace EXEC Privilege ] To manually write the contents of a line card log to the internal flash: Task Command Syntax Command Mode Write the line card trace log to flash. upload trace-log linecard [0-7] | [hw-trace | sw-traceupload trace-log cp | [cmd-history | hw-trace | EXEC Privilege sw-trace ] Figure 60-7.
www.dell.com | support.dell.com When the trace messages are being saved on reload, Message 9 is displayed. Message 9 Saving Trace Messages Starting to save trace messages… Done. The CP and LP trace file names at chassis reload are: • • CP: reload_traceRPM0_CP LP: reload_traceLP[0-7] Figure 60-8. TRACE_LAST_BOOT Directory example FTOS#cd /flash/TRACE_LOG_DIR/TRACE_LAST_BOOT FTOS#dir hw_traceLP0.0 hw_traceLP2.3 hw_traceRPM0_CP.3 hw_traceLP0.1 hw_traceLP2.4 hw_traceRPM0_CP.4 hw_traceLP2.0 hw_traceRPM0_CP.
Figure 60-9. Command Example: show command-history FTOS#show command-history [6/16 16:22:3]: CMD-(CLI):[enable]by default from console [6/16 16:22:6]: CMD-(CLI):[show cam-profile]by default from console [6/16 16:38:9]: CMD-(TEL0):[enable]by admin from vty0 (10.11.48.30) [6/16 16:38:10]: CMD-(CLI):[show qos statistics]by default from console [6/16 16:38:21]: CMD-(TEL0):[show command-history]by admin from vty0 (10.11.48.
www.dell.com | support.dell.com Figure 60-11.
Table 60-3. show hardware Commands Command Description show hardware cpu data-plane View driver-level statistics for the data-plane port on the CPU for the specified line card or RPM. show hardware unit Views advanced counters, statistics, and register information for the FP and CSF ASICs. Recognizing a High CPU Condition A high CPU condition exist when any of the messages in Message 10 appear.
www.dell.com | support.dell.com Monitoring hardware components with SNMP The SNMP traps and OIDs in Table 60-4 provide information on C-Series hardware components. Table 60-4. SNMP Traps and OIDs OID String OID Name Description .1.3.6.1.4.1.6027.3.1.1.3.8 chRPMMajorAlarmStatus Fault status of the major alarm LED on the RPM .1.3.6.1.4.1.6027.3.1.1.3.9 chRPMMinorAlarmStatus Fault status of the minor alarm LED on the RPM .1.3.6.1.4.1.6027.3.1.1.4.0.
Table 60-4. SNMP Traps and OIDs OID String OID Name Description .1.3.6.1.4.1.6027.3.1.1.2.1.1.2 chSysPowerSupplyOperStatus Each entry in the chSysPowerSupplyTable includes a set of objects which describe the status of a particular power supply. .1.3.6.1.4.1.6027.3.1.1.4.0.13 chAlarmPowerSupplyDown Trap generated when the power supply status changes to non-operational .1.3.6.1.4.1.6027.3.1.1.4.0.17 chAlarmPowerSupplyClear Trap generated when the power supply status changes to operational. .1.3.
www.dell.com | support.dell.com Offline diagnostics Note: As the SFM on the C-Series is a logical concept only, the FORCE10-CHASSIS-MIB SFM-related SNMP alarms and traps are not used. The offline diagnostics test suite is useful for isolating faults and debugging hardware. Diagnostics are invoked from the Dell Networking OS CLI. While diagnostics are running, the status can be monitored via the CLI. The tests results are written to a file in flash memory and can be displayed on screen.
• • Diagnostics test only connectivity, not the entire data path. The complete diagnostics test suite normally runs for 4 to 6 minutes; the 48-port 1-Gigabit line card takes slightly longer than the 4-port 10-Gigabit line card. Take the line card offline Place the line card in an offline state using the offline linecard command, as shown in Figure 60-12. Figure 60-12.
www.dell.com | support.dell.com Figure 60-15. show diag linecard Command Example FTOS#show diag linecard 5 Diag status of Linecard slot 5: ------------------------------------------------------------Card is currently offline. Card alllevels diag issued at THU FEB 08, 2018 04:10:06 PM. Current diag status: Card diags are in progress. -------------------------------------------------------------00:54:19 : Diagnostic test results are stored on file: flash:/TestReport -LC-5.
Figure 60-16. Viewing Offline Diagnostics Test Results FTOS#show diag linecard 5 Diag status of Linecard slot 5: ------------------------------------------------------------------Card is currently offline. Card alllevels diag issued at THU FEB 08, 2018 04:10:05 PM. Current diag status: Card diags are done. Duration of execution: 3 min 35 sec. Diagonostic test results located: flash:/TestReport-LC-5.
www.dell.com | support.dell.com Figure 60-17. Viewing Offline Diagnostics Test Results (continued) Test 107 - NVRAM Address Line test .................................. PASS Test 108 - NVRAM Data Line Test ..................................... PASS Test 110 - NVRAM Read Write test .................................... PASS .Test 111 - FLASH Write Read test .................................... PASS Test 112 - FPGA Registers Verification Test ......................... PASS Test 113 - FPGA Level1 Test ......
Buffer tuning Buffer Tuning allows you to modify the way your switch allocates buffers from its available memory, and helps prevent packet drops during a temporary burst of traffic. The C-Series and S-Series ASICs implement the key functions of queuing, feature lookups, and forwarding lookups in hardware. • • Forwarding Processor (FP) ASICs provide Ethernet MAC functions, queueing and buffering, as well as store feature and forwarding tables for hardware-based lookup and forwarding decisions.
www.dell.com | support.dell.com • Available packet pointers (2k per interface). Each packet is managed in the buffer using a unique packet pointer. Thus, each interface can manage up to 2k packets. You can configure dynamic buffers per port on both 1G and 10G FPs and per queue on CSFs. By default, the FP dynamic buffer allocation is 10 times oversubscribed.
Buffer tuning commands Task Command Command Mode Define a buffer profile for the FP queues. buffer-profile fp fsqueue CONFIGURATION Define a buffer profile for the CSF queues. buffer-profile csf csqueue CONFIGURATION Change the dedicated buffers on a physical 1G interface. buffer dedicated BUFFER PROFILE Change the maximum amount of dynamic buffers an interface can request. buffer dynamic BUFFER PROFILE Change the number of packet-pointers per queue.
www.dell.com | support.dell.com Dell Networking OS Behavior: When you remove a buffer-profile using the command no buffer-profile [fp | csf] from CONFIGURATION mode, the buffer-profile name still appears in the output of show buffer-profile [detail | summary]. After a line card reset, the buffer profile correctly returns to the default values, but the profile name remains.
Figure 60-20. Displaying Buffer Profile Allocations FTOS#show running-config interface tengigabitethernet 2/0 ! interface TenGigabitEthernet 2/0 no ip address mtu 9252 switchport no shutdown buffer-policy myfsbufferprofile FTOS#sho buffer-profile detail int gi 0/10 Interface Gi 0/10 Buffer-profile fsqueue-fp Dynamic buffer 1256.00 (Kilobytes) Queue# Dedicated Buffer Buffer Packets (Kilobytes) 0 3.00 256 1 3.00 256 2 3.00 256 3 3.00 256 4 3.00 256 5 3.00 256 6 3.00 256 7 3.
www.dell.com | support.dell.com Use a pre-defined buffer profile Dell Networking OS provides two pre-defined buffer profiles, one for single queue (i.e non-QoS) applications, and one for four queue (i.e QoS) applications. Task Command Syntax Command Mode Apply one of two pre-defined buffer profiles for all port-pipes in the system. buffer-profile global [1Q|4Q] CONFIGURATION You must reload the system for the global buffer-profile to take effect (Message 12).
Figure 60-21.
www.dell.com | support.dell.
61 E-Series TeraScale Debugging and Diagnostics This chapter addresses E-Series TeraScale Debugging and Diagnostics TeraScale platforms. Refer to Chapter 63, E-Series ExaScale Debugging and Diagnostics for information relating to that platform. In addition to the Dell Networking OS high availability features, E-Series and Dell Networking OS support several diagnostics and debug features that are integral components to delivering maximum uptime.
www.dell.com | support.dell.com • • • • Write the contents of the trace buffer Recognize a high CPU condition Configure an action upon a hardware error Core dumps Note: These diagnostics and debugability features are available on TeraScale systems only, unless specifically noted. Overview The Dell Networking OS diagnostics and debugging features are a proactive approach to maximizing system uptime and reducing meantime to resolution (MTTR) when a problem occurs.
Figure 61-1. Dataplane Loopback If three consecutive packets are lost, an error message is logged and then one of the following happens: • The RPM-SFM runtime loopback test failure initiates an SFM walk whenever it is enabled, feasible and necessary. The system automatically places each SFM (in sequential order) in an offline state, runs the loopback test, and then places the SFM back in an active state. This continues until the system determines a working SFM combination.
www.dell.com | support.dell.com • An SFM walk will not be able to identify multiple faulty SFMs, faulty linecards, or faulty RPM. In this case, the following event is logged. Message 2 SFM walk Event Log %TSM-2-RPM_LOOPBACK_FAIL: RPM-SFM dataplane loopback test failed %TSM-2-SFM_WALK_START: Automatic SFM walk-through started %TSM-2-SFM_WALK_FAIL: Automatic SFM walk-through failed to identify single faulty SFM • If a line card runtime loopback test fails, the system does not launch an SFM walk.
Task Command Mode Disable the automatic SFM walk that is launched after an RPM-SFM runtime loopback test failure. To re-enable the automatic SFM walk, use the no dataplane-diag disable sfm-walk command. dataplane-diag disable sfm-walk CONFIGURATION Note: Disabling the sfm-walk command prevents the sfm-bringdown command from taking effect.
www.dell.com | support.dell.com Task Command Mode Execute a manual dataplane loopback test: • all-loopback – Both the RPM and the line card dataplane loopback test is done. • rpm-loopback – Only the RPM dataplane loopback test is done. This test can be run when the switch fabric is in either an operational or a non-operational state.
Note: Execute this command only during an offline diagnostics; this command may bring down the switch fabric. When there are a full set of SFMs online, powering down one SFM will reduce the total bandwidth supported by the chassis, and may affect data flow. A warning message is issued at the command line that requires user confirmation to proceed with the command (Figure 61-3). Figure 61-3. power-off sfm command with data traffic warning message FTOS#power-off sfm 0 SFM0 is active.
www.dell.com | support.dell.com Reset the SFM When the SFM is taken offline due to an error condition, you can execute the reset sfm command and initiate a manual recovery. Task Command Mode Reset a specific SFM module (power-off and then power-on). reset sfm slot-number EXEC When an error is detected on an SFM module, this command is a manual recovery mechanism. Since this command can be used with live traffic running, the switch fabric will not go down if the switch fabric is in an UP state.
The PCDFO polling feature monitors data received over the switch fabric. When a DFO error is detected, no automatic action is initiated by the system. The message issued is similar to: Message 4 PCDFO error message %RPM1-P:CP %CHMGR-2-SFM_PCDFO: PCDFO error detected for SFM4 The following graphic illustrates the E600 and E1200 switch fabric architecture. Each ingress and egress Buffer and Traffic Management (BTM) ASIC maintains nine channel connections to the TeraScale Switch Fabric (TSF) ASIC.
www.dell.com | support.dell.com For the transient case, PCDFO errors are not reported to the log. The hardware system automatically recovers from the error state, and the dataplane continues to function properly. In persistent case, PCDFO errors will appear in the log, and the error state is likely to remain if not handled. With PCDFO error data alone, it is impossible to arrive at a conclusion which will pinpoint the cause for PCDFO error or reason for packets drop.
The three CPUs use Fast Ethernet connections to communicate to each other and to the line card CPUs using Inter-Processor Communication (IPC). The CP monitors the health status of the other processors using heartbeat messaging exchange. Message 6 CP monitor %RPM1-P:CP %RPM0-S:CP %RPM0-S:CP %RPM0-P:CP %IPC-2-STATUS: target rp2 not responding %RAM-6-FAILOVER_REQ: RPM failover request from active peer: Auto failover on failure %RAM-6-ELECTION_ROLE: RPM0 is transitioning to Primary RPM.
www.dell.com | support.dell.com In a dual RPM system, the two RPMs send synchronization messages via inter-RPM communication (IRC). As described in the High Availability chapter, an RPM failover can be triggered by loss of the heartbeat (similar to a keepalive message) between the two RPMs.
Show hardware commands The show hardware command tree consists of privileged EXEC commands created or changed specially for use with the E-Series. These commands display information from a hardware sub-component, such as the Buffer and Traffic Management (BTM) ASIC and the Forwarding and Packet Classification (FPC) ASIC. They should be used only under the guidance of Dell Networking technical support staff. The following table lists the show hardware commands.
www.dell.com | support.dell.com • • • • total run count total failure count consecutive failure count error code The diagnostics tests are grouped into three levels: Level 0—Check the inventory of devices. Verify the existence of devices (e.g., device ID test). Level 1—Verify the devices are accessible via designated paths (e.g., line integrity tests). Test the internal parts (e.g., registers) of devices. Level 2—Perform on-board loopback tests on various data paths (e.g., data port-pipe and Ethernet).
3. Execute the show diag command to view a report of the test results. FTOS#show diag linecard 4 Diag status of Linecard slot 4: ------------------------------------------------------------------Card is currently offline. Card level0 diag issued at TUE Mar 27, 2007 05:19:35 AM. Current diag status: Card diags are done (FAIL). Duration of execution: 0 min 0 sec.
www.dell.com | support.dell.com To enable Parity Error Correction: Step Task Command Command Mode 1 Verify that the line card has sufficient memory to enable this feature, as shown in Figure 61-8. show processes memory lp EXEC Privilege 2 Enable Parity Error Correction hardware monitor linecard asic fpc parity-correction CONFIGURATION 3 Reload the linecard. reset linecard EXEC Privilege Dell Networking OS displays Message 8 on the console, when you enable Parity Error Correction.
The line card status does not reflect transient errors until Dell Networking OS encounters five recoverable or 50 phantom transient errors on a card within an hour, as shown in Figure 61-9. The text “Last Event” indicates the last type of parity error (transient or real) that occurred. Use SNMP to poll the number of transient errors using the objects chSysCardParityPhantomError and chSysCardParityRecoverableError.
www.dell.com | support.dell.com Trace logs In addition to the syslog buffer, Dell Networking OS buffers trace messages which are continuously written by various Dell Networking OS software tasks to report hardware and software events and status information. Each trace message provides the date, time, and name of the Dell Networking OS process. All messages are stored in a ring buffer and can be saved to a file either manually or automatically upon failover.
Trace files are saved in the directory flash:/TRACE_LOG_DIR/TRACE_CURR_BOOT. Upon a system reload this directory is renamed flash:/TRACE_LOG_DIR/TRACE_LAST_BOOT, and an empty flash:/ TRACE_LOG_DIR/TRACE_CURR_BOOT directory is created. Manual reload condition When the chassis is reloaded manually (through the CLI), trace messages in all of the buffers (software and hardware) in CP and linecards are saved to the flash as reload_traceRPM0_CP and reload_traceLP1 in flash:/TRACE_LOG_DIR/TRACE_CURR_BOOT.
www.dell.com | support.dell.com Figure 61-10. show command-history Command Example FTOS#show command-history [12/5 10:57:8]: CMD-(CLI):service password-encryption [12/5 10:57:12]: CMD-(CLI):hostname Force10 [12/5 10:57:12]: CMD-(CLI):ip telnet server enable [12/5 10:57:12]: CMD-(CLI):line console 0 [12/5 10:57:12]: CMD-(CLI):line vty 0 9 [12/5 10:57:13]: CMD-(CLI):boot system rpm0 primary flash://FTOS-CB-1.1.1.2E2.
Recognize a high CPU condition A high CPU condition exists when any of the messages in Message 14 appear. Message 14 High CPU Condition Feb 13 13:56:16: %RPM1-S:CP %CHMGR-5-TASK_CPU_THRESHOLD: Cpu usage above threshold for task "sysAdmTsk"(100.00%) in CP. Feb 13 13:56:20: %RPM1-S:CP %CHMGR-5-CPU_THRESHOLD: Overall cp cpu usage above threshold. Cpu5SecUsage (100) Feb 13 13:56:20: %RPM1-S:CP %CHMGR-5-TASK_CPU_THRESHOLD_CLR: Cpu usage drops below threshold for task "sysAdmTsk"(0.00%) in CP.
www.dell.com | support.dell.
Kernel core dump—The E-Series supports kernel core dumps for CP and for RP1/RP2 using a naming convention of f10{cp|rp{1|2}}.kcore.gz. RP kernel core dumps are enabled by default. New files are written in flash until space is exhausted, in which case the write is aborted. CP kernel core dumps are disabled by default. Enable them using the command logging coredump cp from CONFIGURATION mode. If you use the keyword cp with this command, the system creates a file, named f10cp.kcore.
www.dell.com | support.dell.com Line card core dumps are disabled by default. To enable line card core dumps and specify the shutdown mode: Step 1 Task Command Syntax Command Mode Enable line card core dumps and specify the shutdown mode. logging coredump linecard {all | {0-13}} [port-shutdown | no-port-shutdown] EXEC Privilege Note: In the absence of port-shutdown and no-port-shutdown, the option no-port-shutdown is applied.
62 S-Series Debugging and Diagnostics The chapter contains the following major sections: • • • • • • • Offline diagnostics Trace logs Hardware watchdog timer Buffer tuning Troubleshooting packet loss Application core dumps Mini core dumps Offline diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware.
www.dell.com | support.dell.com Important Points to Remember • You can only perform offline diagnostics on an offline standalone unit or offline member unit of a stack of three or more. You cannot perform diagnostics on the management or standby unit in a stack of two or more (Message 1). Message 1 Offline Diagnostics on Master/Standby Error Running Diagnostics on master/standby unit is not allowed on stack. • • • • Perform offline diagnostics on one stack member at a time.
Figure 62-2. Verifying the Offline/Online Status of an S-Series Stack Unit FTOS#show system brief | no-more Stack MAC : 00:01:e8:d6:02:39 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Standby online S25V S25V 4.7.7.220 28 1 Management offline S50N S50N 4.7.7.220 52 2 Member online S25P S25P 4.7.7.
www.dell.com | support.dell.com Figure 62-3. Running Offline Diagnostics on an S-Series Standalone Unit FTOS#diag stack-unit 1 alllevels Warning - diagnostic execution will cause multiple link flaps on the peer side - advisable to shut directly connected ports Proceed with Diags [confirm yes/no]: yes 00:03:35: %S50N:1 %DIAGAGT-6-DA_DIAG_STARTED: Starting diags on stack unit 1 00:03:35 : Approximate time to complete these Diags ...
Figure 62-5. Viewing the Results of Offline Diagnostics on a Standalone Unit FTOS#show file flash://TestReport-SU-0.txt **********************************S-Series Diagnostics******************** Stack Unit Board Serial Number : DL267160098 CPU Version : MPC8541, Version: 1.1 PLD Version : 5 Diag image based on build : E_MAIN4.7.7.206 Stack Unit Board Voltage levels - 3.300000 V, 2.500000 V, 1.800000 V, 1.250000 V, 1.200000 V, 2.
www.dell.com | support.dell.com Auto Save on Crash or Rollover Exception information on for master or standby units is stored in the flash:/TRACE_LOG_DIR directory. This directory contains files that save trace information when there has been a task crash or timeout. On a master unit, the TRACE_LOG_DIR files can be reached by FTP or by using the show file command from the flash://TRACE_LOG_DIR directory.
1. CSF – Output queues going from the CSF. 2. FP Uplink—Output queues going from the FP to the CSF IDP links. 3. Front-End Link—Output queues going from the FP to the front-end PHY. All ports support eight queues, 4 for data traffic and 4 for control traffic. All 8 queues are tunable. Physical memory is organized into cells of 128 bytes. The cells are organized into two buffer pools— dedicated buffer and dynamic buffer.
www.dell.com | support.dell.com Figure 62-6. Buffer Tuning Points CSF Unit 3 1 IDP Switch Links 2 FP Unit 1 3 Front-end Links PHY PHY Deciding to tune buffers Dell Networking recommends exercising caution when configuring any non-default buffer settings, as tuning can significantly affect system performance. The default values work for most cases. As a guideline, consider tuning buffers if traffic is very bursty (and coming from several interfaces).
Buffer tuning commands Task Command Command Mode Define a buffer profile for the FP queues. buffer-profile fp fsqueue CONFIGURATION Define a buffer profile for the CSF queues. buffer-profile csf csqueue CONFIGURATION Change the dedicated buffers on a physical 1G interface. buffer dedicated BUFFER PROFILE Change the maximum amount of dynamic buffers an interface can request. buffer dynamic BUFFER PROFILE Change the number of packet-pointers per queue.
www.dell.com | support.dell.com Figure 62-7. Display the Default Buffer Profile FTOS#show buffer-profile detail interface gigabitethernet 0/1 Interface Gi 0/1 Buffer-profile Dynamic buffer 194.88 (Kilobytes) Queue# Dedicated Buffer Buffer Packets (Kilobytes) 0 2.50 256 1 2.50 256 2 2.50 256 3 2.50 256 4 9.38 256 5 9.38 256 6 9.38 256 7 9.38 256 Figure 62-8.
Using a pre-defined buffer profile Dell Networking OS provides two pre-defined buffer profiles, one for single-queue (i.e non-QoS) applications, and one for four-queue (i.e QoS) applications. Task Command Mode Apply one of two pre-defined buffer profiles for all port pipes in the system. buffer-profile global [1Q|4Q] CONFIGURATION You must reload the system for the global buffer profile to take effect (Message 3).
www.dell.com | support.dell.com Figure 62-9.
Figure 62-10.
www.dell.com | support.dell.com Figure 62-11.
Figure 62-12.
www.dell.com | support.dell.com Displaying Stack Port Statistics The show hardware stack-unit stack-port command displays input and output statistics for a stack-port interface, as shown in Figure 62-14. Figure 62-14.
Application core dumps Application core dumps are disabled by default. A core dump file can be very large. Due to memory requirements the file can only be sent directly to an FTP server. It is not stored on the local flash. Enable full application core dumps with the following: Task Command Syntax Command Mode Enable RPM core dumps and specify the shutdown mode. You may specify an IPv4 or IPv6 address for the server.
www.dell.com | support.dell.com Figure 62-16.
A Standards Compliance This appendix contains the following sections: • • • IEEE Compliance RFC and I-D Compliance MIB Location Note: Unless noted, when a standard cited here is listed as supported by Dell Networking OS, Dell Networking OS also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website.
www.dell.com | support.dell.com • • • Dell Networking — PVST+ SFF-8431 — SFP+ Direct Attach Cable (10GSFP+Cu) MTU — 9,252 bytes RFC and I-D Compliance The following standards are supported by Dell Networking OS, and are grouped by related protocol. The columns showing support by platform indicate which version of Dell Networking OS first supports the standard. Note: Checkmarks () in the E-Series column indicate that Dell Networking OS support was added before Dell Networking OS version 7.5.1.
General IPv4 Protocols Dell Networking OS support, per platform RFC# Full Name E-Series E-Series S-Series C-Series TeraScale ExaScale 791 Internet Protocol 7.6.1 7.5.1 8.1.1 792 Internet Control Message Protocol 7.6.1 7.5.1 8.1.1 826 An Ethernet Address Resolution Protocol 7.6.1 7.5.1 8.1.1 1027 Using ARP to Implement Transparent Subnet Gateways 7.6.1 7.5.1 8.1.1 1035 DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION (client) 7.6.1 7.5.1 8.1.
www.dell.com | support.dell.com General IPv6 Protocols 1302 Dell Networking OS support, per platform | RFC# Full Name 1886 E-Series E-Series TeraScale ExaScale S-Series C-Series DNS Extensions to support IP version 6 7.8.1 7.8.1 8.2.1 1981 (Partial) Path MTU Discovery for IP version 6 7.8.1 7.8.1 8.2.1 2460 Internet Protocol, Version 6 (IPv6) Specification 7.8.1 7.8.1 8.2.1 2461 (Partial) Neighbor Discovery for IP Version 6 (IPv6) 7.8.1 7.8.1 8.2.
Border Gateway Protocol (BGP) Dell Networking OS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale RFC# Full Name 1997 BGP Communities Attribute 7.8.1 7.7.1 8.1.1 2385 Protection of BGP Sessions via the TCP MD5 Signature Option 7.8.1 7.7.1 8.1.1 2439 BGP Route Flap Damping 7.8.1 7.7.1 8.1.1 2545 Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing 7.8.1 8.2.
www.dell.com | support.dell.com Intermediate System to Intermediate System (IS-IS) Dell Networking OS support, per platform E-Series TeraScale E-Series ExaScale OSI IS-IS Intra-Domain Routing Protocol (ISO DP 10589) 8.1.1 1195 Use of OSI IS-IS for Routing in TCP/IP and Dual Environments 8.1.1 2763 Dynamic Hostname Exchange Mechanism for IS-IS 8.1.1 2966 Domain-wide Prefix Distribution with Two-Level IS-IS 8.1.
Multiprotocol Label Switching (MPLS) Dell Networking OS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale RFC# Full Name 2702 Requirements for Traffic Engineering Over MPLS 8.3.1 3031 Multiprotocol Label Switching Architecture 8.3.1 3032 MPLS Label Stack Encoding 8.3.1 3209 RSVP-TE: Extensions to RSVP for LSP Tunnels 8.3.1 3630 Traffic Engineering (TE) Extensions to OSPF Version 2 8.3.
www.dell.com | support.dell.com Multicast Dell Networking OS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale Host Extensions for IP Multicasting 7.8.1 7.7.1 8.1.1 2236 Internet Group Management Protocol, Version 2 7.8.1 7.7.1 8.1.1 2710 Multicast Listener Discovery (MLD) for IPv6 8.2.1 3376 Internet Group Management Protocol, Version 3 3569 An Overview of Source-Specific Multicast (SSM) 3618 RFC# Full Name 1112 7.8.1 7.7.1 8.1.1 7.8.
Network Management Dell Networking OS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale Structure and Identification of Management Information for TCP/IP-based Internets 7.6.1 7.5.1 8.1.1 1156 Management Information Base for Network Management of TCP/IP-based internets 7.6.1 7.5.1 8.1.1 1157 A Simple Network Management Protocol (SNMP) 7.6.1 7.5.1 8.1.1 1212 Concise MIB Definitions 7.6.1 7.5.1 8.1.
www.dell.com | support.dell.com Network Management (continued) 1308 Dell Networking OS support, per platform | S-Series C-Series E-Series TeraScale E-Series ExaScale Coexistence Between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework 7.6.1 7.5.1 8.1.1 2578 Structure of Management Information Version 2 (SMIv2) 7.6.1 7.5.1 8.1.1 2579 Textual Conventions for SMIv2 7.6.1 7.5.1 8.1.1 2580 Conformance Statements for SMIv2 7.6.1 7.5.
Network Management (continued) Dell Networking OS support, per platform C-Series E-Series ExaScale Full Name 3815 Definitions of Managed Objects for the Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP) 5060 Protocol Independent Multicast MIB 7.8.1 7.8.1 7.7.1 8.1.1 ANSI/TIA-1057 The LLDP Management Information Base extension module for TIA-TR41.4 Media Endpoint Discovery information 7.7.1 7.6.1 7.6.1 8.1.1 draft-grant-tacacs -02 The TACACS+ Protocol 7.6.1 7.5.
www.dell.com | support.dell.com Network Management (continued) Dell Networking OS support, per platform RFC# Full Name S-Series FORCE10-CS-C HASSIS-MIB Dell Networking C-Series Enterprise Chassis MIB FORCE10-IF-EX TENSION-MIB Dell Networking Enterprise IF Extension MIB (extends the Interfaces portion of the MIB-2 (RFC 1213) by providing proprietary SNMP OIDs for other counters displayed in the ”show interfaces” output) 7.6.1 FORCE10-LINK AGG-MIB Dell Networking Enterprise Link Aggregation MIB 7.
MIB Location Dell Force10 MIBs are under the Force10 MIBs subhead on the Documentation page of iSupport: https://www.force10networks.com/csportal20/KnowledgeBase/Documentation.aspx You also can obtain a list of selected MIBs and their OIDs at the following URL: https://www.force10networks.com/csportal20/MIBs/MIB_OIDs.aspx Some pages of iSupport require a login. To request an iSupport account, go to: https://www.force10networks.com/CSPortal20/Support/AccountRequest.
| Standards Compliance www.dell.com | support.dell.
