Concept Guide
Table Of Contents
- Dell PowerEdge FN I/O Module Configuration Guide 9.14.1.0
- About this Guide
- Before You Start
- Configuration Fundamentals
- Getting Started
- Console Access
- Accessing the CLI Interface and Running Scripts Using SSH
- Boot Process
- Default Configuration
- Configuring a Host Name
- Configuring a Unique Host Name on the System
- Accessing the System Remotely
- Configuring the Enable Password
- Configuration File Management
- Managing the File System
- View the Command History
- Using HTTP for File Transfers
- Upgrading and Downgrading the Dell Networking OS
- Verify Software Images Before Installation
- Deploying FN I/O Module
- Management
- Configuring Privilege Levels
- Configuring Logging
- Display the Logging Buffer and the Logging Configuration
- Log Messages in the Internal Buffer
- Disabling System Logging
- Sending System Messages to a Syslog Server
- Changing System Logging Settings
- Display the Logging Buffer and the Logging Configuration
- Configuring a UNIX Logging Facility Level
- Synchronizing Log Messages
- Enabling Timestamp on Syslog Messages
- Enabling Secure Management Mode
- Enabling Secured CLI Mode
- File Transfer Services
- Terminal Lines
- Setting Time Out of EXEC Privilege Mode
- Using Telnet to get to Another Network Device
- Lock CONFIGURATION Mode
- Limit Concurrent Login Sessions
- Track Login Activity
- Recovering from a Forgotten Password
- Recovering from a Forgotten Enable Password
- Recovering from a Failed Start
- 802.1X
- Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM)
- Access Control Lists (ACLs)
- IP Access Control Lists (ACLs)
- Implementing ACL on the Dell Networking OS
- ACLs and VLANs
- ACL Optimization
- Determine the Order in which ACLs are Used to Classify Traffic
- IP Fragment Handling
- IP Fragments ACL Examples
- Layer 4 ACL Rules Examples
- Configure a Standard IP ACL
- Configuring a Standard IP ACL Filter
- Configure an Extended IP ACL
- Configuring Filters with a Sequence Number
- Configuring Filters Without a Sequence Number
- Established Flag
- Configure Layer 2 and Layer 3 ACLs
- Assign an IP ACL to an Interface
- Applying an IP ACL
- Counting ACL Hits
- Configure Ingress ACLs
- Configure Egress ACLs
- Applying Egress Layer 3 ACLs (Control-Plane)
- IP Prefix Lists
- Configuration Task List for Prefix Lists
- Creating a Prefix List
- Creating a Prefix List Without a Sequence Number
- Viewing Prefix Lists
- Applying a Prefix List for Route Redistribution
- Applying a Filter to a Prefix List (OSPF)
- ACL Remarks
- ACL Resequencing
- Resequencing an ACL or Prefix List
- Route Maps
- Important Points to Remember
- Configuration Task List for Route Maps
- Creating a Route Map
- Configure Route Map Filters
- Configuring Match Routes
- Configuring Set Conditions
- Configure a Route Map for Route Redistribution
- Configure a Route Map for Route Tagging
- Continue Clause
- Logging of ACL Processes
- Guidelines for Configuring ACL Logging
- Configuring ACL Logging
- Flow-Based Monitoring Support for ACLs
- Enabling Flow-Based Monitoring
- Bidirectional Forwarding Detection (BFD)
- Border Gateway Protocol IPv4 (BGPv4)
- Configuration Cloning
- Content Addressable Memory (CAM)
- Control Plane Policing (CoPP)
- Data Center Bridging (DCB)
- Supported Modes
- Ethernet Enhancements in Data Center Bridging
- Priority-Based Flow Control
- Enhanced Transmission Selection
- Data Center Bridging Exchange Protocol (DCBx)
- Creating a DCB Map
- Data Center Bridging: Default Configuration
- Data Center Bridging in a Traffic Flow
- Data Center Bridging: Auto-DCB-Enable Mode
- Configuring Priority-Based Flow Control
- Configuring Enhanced Transmission Selection
- Hierarchical Scheduling in ETS Output Policies
- DCBx Operation
- Verifying the DCB Configuration
- QoS dot1p Traffic Classification and Queue Assignment
- Troubleshooting PFC, ETS, and DCBx Operation
- Dynamic Host Configuration Protocol (DHCP)
- Supported Modes
- Assigning an IP Address using DHCP
- Debugging DHCP Client Operation
- DHCP Client
- How DHCP Client is Implemented
- DHCP Client on a Management Interface
- DHCP Client on a VLAN
- DHCP Packet Format and Options
- Option 82
- Releasing and Renewing DHCP-based IP Addresses
- Viewing DHCP Statistics and Lease Information
- Configuring DHCP relay source interface
- DHCP Snooping
- DHCP Snooping for a Multi-Tenant Host
- DHCP Snooping in a VLT Setup
- Enabling DHCP Snooping
- Enabling IPv6 DHCP Snooping
- Adding a Static Entry in the Binding Table
- Adding a Static IPV6 DHCP Snooping Binding Table
- Clearing the Binding Table
- Clearing the DHCP IPv6 Binding Table
- Displaying the Contents of the Binding Table
- Displaying the Contents of the DHCPv6 Binding Table
- Debugging the IPv6 DHCP
- IPv6 DHCP Snooping MAC-Address Verification
- Equal Cost Multi-Path (ECMP)
- FC FPORT
- FCoE Transit
- Supported Modes
- Fibre Channel over Ethernet
- Ensure Robustness in a Converged Ethernet Network
- FIP Snooping on Ethernet Bridges
- FIP Snooping in a Switch Stack
- Using FIP Snooping
- Important Points to Remember
- Enabling the FCoE Transit Feature
- Enable FIP Snooping on VLANs
- Configure the FC-MAP Value
- Configure a Port for a Bridge-to-Bridge Link
- Configure a Port for a Bridge-to-FCF Link
- Impact on Other Software Features
- FIP Snooping Prerequisites
- FIP Snooping Restrictions
- Configuring FIP Snooping
- Displaying FIP Snooping Information
- FCoE Transit Configuration Example
- FIPS Cryptography
- Force10 Resilient Ring Protocol (FRRP)
- GARP VLAN Registration Protocol (GVRP)
- FIP Snooping
- Internet Group Management Protocol (IGMP)
- Interfaces
- Basic Interface Configuration
- Advanced Interface Configuration
- Interface Types
- View Basic Interface Information
- Configuring the Default Interface
- Enabling a Physical Interface
- Physical Interfaces
- Automatic recovery of an Err-disabled interface
- Management Interfaces
- VLAN Interfaces
- Loopback Interfaces
- Null Interfaces
- VLAN Membership
- Port Channel Interfaces
- Port Channel Definition and Standards
- Port Channel Benefits
- Port Channel Implementation
- 100/1000/10000 Mbps Interfaces in Port Channels
- Configuration Tasks for Port Channel Interfaces
- Creating a Port Channel
- Adding a Physical Interface to a Port Channel
- Reassigning an Interface to a New Port Channel
- Configuring the Minimum Oper Up Links in a Port Channel
- Adding or Removing a Port Channel from a VLAN
- Assigning an IP Address to a Port Channel
- Deleting or Disabling a Port Channel
- Load Balancing through Port Channels
- Changing the Hash Algorithm
- Server Ports
- Bulk Configuration
- Defining Interface Range Macros
- Monitoring and Maintaining Interfaces
- Splitting QSFP Ports to SFP+ Ports
- Configuring wavelength for 10–Gigabit SFP+ optics
- Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port
- Layer 2 Flow Control Using Ethernet Pause Frames
- Configure MTU Size on an Interface
- Port-Pipes
- Auto-Negotiation on Ethernet Interfaces
- View Advanced Interface Information
- Enhanced Control of Remote Fault Indication Processing
- Internet Protocol Security (IPSec)
- IPv4 Routing
- IP Addresses
- IPv4 Path MTU Discovery Overview
- Using the Configured Source IP Address in ICMP Messages
- Configuring the Duration to Establish a TCP Connection
- Enabling Directed Broadcast
- Resolution of Host Names
- ARP
- ARP Learning via Gratuitous ARP
- ARP Learning via ARP Request
- Configuring ARP Retries
- ICMP
- UDP Helper
- Configurations Using UDP Helper
- Troubleshooting UDP Helper
- IPv6 Routing
- Protocol Overview
- IPv6 Header Fields
- Extension Header Fields
- Addressing
- Implementing IPv6 with the Dell Networking OS
- ICMPv6
- Path MTU Discovery
- IPv6 Neighbor Discovery
- Configuration Task List for IPv6 RDNSS
- IPv6 Multicast
- Configuration Task List for IPv6
- Adjusting Your CAM-Profile
- Assigning an IPv6 Address to an Interface
- Assigning a Static IPv6 Route
- Configuring Telnet with IPv6
- SNMP over IPv6
- Showing IPv6 Information
- Showing an IPv6 Interface
- Showing IPv6 Routes
- Showing the Running-Configuration for an Interface
- Clearing IPv6 Routes
- Disabling ND Entry Timeout
- Secure Shell (SSH) Over an IPv6 Transport
- iSCSI Optimization
- Intermediate System to Intermediate System
- Isolated Networks for Aggregators
- Link Aggregation
- Supported Modes
- How the LACP is Implemented on an Aggregator
- Link Aggregation Control Protocol (LACP)
- Configuring Auto LAG
- Configuring the Minimum Number of Links to be Up for Uplink LAGs to be Active
- Optimizing Traffic Disruption Over LAG Interfaces On IOA Switches in VLT Mode
- Preserving LAG and Port Channel Settings in Nonvolatile Storage
- Enabling LACP link-fallback
- Enabling the Verification of Member Links Utilization in a LAG Bundle
- Monitoring the Member Links of a LAG Bundle
- Verifying LACP Operation and LAG Configuration
- Multiple Uplink LAGs with 10G Member Ports
- Layer 2
- Link Layer Discovery Protocol (LLDP)
- Supported Modes
- Protocol Data Units
- Configure LLDP
- CONFIGURATION versus INTERFACE Configurations
- Enabling LLDP
- Advertising TLVs
- Optional TLVs
- LLDP Operation
- Storing and Viewing Unrecognized LLDP TLVs
- Viewing the LLDP Configuration
- Viewing Information Advertised by Adjacent LLDP Agents
- Configuring LLDPDU Intervals
- Configuring a Time to Live
- Clearing LLDP Counters
- Debugging LLDP
- Relevant Management Objects
- Microsoft Network Load Balancing
- Multicast Source Discovery Protocol (MSDP)
- Protocol Overview
- Anycast RP
- Implementation Information
- Configure the Multicast Source Discovery Protocol
- Enabling MSDP
- Manage the Source-Active Cache
- Accept Source-Active Messages that Fail the RFP Check
- Specifying Source-Active Messages
- Limiting the Source-Active Messages from a Peer
- Preventing MSDP from Caching a Local Source
- Preventing MSDP from Caching a Remote Source
- Preventing MSDP from Advertising a Local Source
- Logging Changes in Peership States
- Terminating a Peership
- Clearing Peer Statistics
- Debugging MSDP
- MSDP with Anycast RP
- Configuring Anycast RP
- MSDP Sample Configurations
- Multiple Spanning Tree Protocol (MSTP)
- Protocol Overview
- Spanning Tree Variations
- Implementation Information
- Configure Multiple Spanning Tree Protocol
- Enable Multiple Spanning Tree Globally
- Creating Multiple Spanning Tree Instances
- Influencing MSTP Root Selection
- Interoperate with Non-Dell Networking OS Bridges
- Changing the Region Name or Revision
- Modifying Global Parameters
- Enable BPDU Filtering Globally
- Modifying the Interface Parameters
- Configuring an EdgePort
- Flush MAC Addresses after a Topology Change
- MSTP Sample Configurations
- Debugging and Verifying MSTP Configurations
- Multicast Features
- Open Shortest Path First (OSPFv2 and OSPFv3)
- Protocol Overview
- OSPF with the Dell Networking OS
- Configuration Information
- OSPFv3 NSSA
- Configuration Task List for OSPFv3 (OSPF for IPv6)
- Enabling IPv6 Unicast Routing
- Assigning IPv6 Addresses on an Interface
- Assigning Area ID on an Interface
- Assigning OSPFv3 Process ID and Router ID Globally
- Configuring Stub Areas
- Configuring Passive-Interface
- Redistributing Routes
- Configuring a Default Route
- Enabling OSPFv3 Graceful Restart
- Displaying Graceful Restart
- OSPFv3 Authentication Using IPsec
- MIB Support for OSPFv3
- MIB Support for OSPFv3
- Policy-based Routing (PBR)
- PIM Sparse-Mode (PIM-SM)
- PIM Source-Specific Mode (PIM-SSM)
- Port Monitoring
- Private VLANs (PVLAN)
- Per-VLAN Spanning Tree Plus (PVST+)
- Quality of Service (QoS)
- Routing Information Protocol (RIP)
- Remote Monitoring (RMON)
- Rapid Spanning Tree Protocol (RSTP)
- Protocol Overview
- Configuring Rapid Spanning Tree
- Configuring Interfaces for Layer 2 Mode
- Enabling Rapid Spanning Tree Protocol Globally
- Adding and Removing Interfaces
- Modifying Global Parameters
- Enable BPDU Filtering Globally
- Modifying Interface Parameters
- Configuring an EdgePort
- Influencing RSTP Root Selection
- SNMP Traps for Root Elections and Topology Changes
- Configuring Fast Hellos for Link State Detection
- Security
- Service Provider Bridging
- sFlow
- Simple Network Management Protocol (SNMP)
- Supported Modes
- Implementation Information
- Configuring the Simple Network Management Protocol
- Setting Up User-Based Security (SNMPv3)
- Reading Managed Object Values
- Displaying the Ports in a VLAN using SNMP
- Fetching Dynamic MAC Entries using SNMP
- Deriving Interface Indices
- Monitor Port-Channels
- Entity MIBS
- SNMP Traps for Link Status
- Standard VLAN MIB
- MIB Support to Display the Available Memory Size on Flash
- MIB Support to Display the Software Core Files Generated by the System
- SNMP Support for WRED Green/Yellow/Red Drop Counters
- MIB Support to Display the Available Partitions on Flash
- MIB Support to Display Egress Queue Statistics
- MIB Support to Display Egress Queue Statistics
- MIB Support for entAliasMappingTable
- MIB Support for LAG
- MIB Support to Display Unrecognized LLDP TLVs
- MIB support for Port Security
- Transceiver Monitoring
- Configuring SNMP context name
- Stacking
- Storm Control
- Broadcast Storm Control
- Spanning Tree Protocol (STP)
- Protocol Overview
- Configure Spanning Tree
- Configuring Interfaces for Layer 2 Mode
- Enabling Spanning Tree Protocol Globally
- Adding an Interface to the Spanning Tree Group
- Removing an Interface from the Spanning Tree Group
- Modifying Global Parameters
- Modifying Interface STP Parameters
- Enabling Port Fast
- Global BPDU Filtering
- Selecting STP Root
- STP Root Guard
- SNMP Traps for Root Elections and Topology Changes
- Displaying STP Guard Configuration
- SupportAssist
- System Time and Date
- Tunneling
- Uplink Failure Detection (UFD)
- Supported Modes
- Feature Description
- How Uplink Failure Detection Works
- UFD and NIC Teaming
- Important Points to Remember
- Uplink Failure Detection (SMUX mode)
- Configuring Uplink Failure Detection (PMUX mode)
- Clearing a UFD-Disabled Interface (in PMUX mode)
- Displaying Uplink Failure Detection
- Sample Configuration: Uplink Failure Detection
- PMUX Mode of the IO Aggregator
- NPIV Proxy Gateway
- Upgrade Procedures
- Virtual LANs (VLANs)
- Virtual Link Trunking (VLT)
- Overview
- VLT Terminology
- Configure Virtual Link Trunking
- RSTP Configuration
- Preventing Forwarding Loops in a VLT Domain
- Sample RSTP Configuration
- Configuring VLT
- Configuring a VLT Interconnect
- Configuring a VLT Backup Link
- Configuring a VLT Port Delay Period
- Reconfiguring the Default VLT Settings (Optional)
- Connecting a VLT Domain to an Attached Access Device (Switch or Server)
- Configuring a VLT VLAN Peer-Down (Optional)
- Configure Multi-domain VLT (mVLT) (Optional)
- Verifying a VLT Configuration
- Connecting a VLT Domain
- PVST+ Configuration
- mVLT Configuration Example
- PIM-Sparse Mode Configuration Example
- Additional VLT Sample Configurations
- Troubleshooting VLT
- Specifying VLT Nodes in a PVLAN
- Association of VLTi as a Member of a PVLAN
- MAC Synchronization for VLT Nodes in a PVLAN
- PVLAN Operations When One VLT Peer is Down
- PVLAN Operations When a VLT Peer is Restarted
- Interoperation of VLT Nodes in a PVLAN with ARP Requests
- Scenarios for VLAN Membership and MAC Synchronization With VLT Nodes in PVLAN
- Configuring a VLT VLAN or LAG in a PVLAN
- Proxy ARP Capability on VLT Peer Nodes
- Configuring VLAN-Stack over VLT
- Virtual Router Redundancy Protocol (VRRP)
- Debugging and Diagnostics
- Standards Compliance
- FC Flex IO Modules
- FC Flex IO Modules
- Understanding and Working of the FC Flex IO Modules
- Data Center Bridging (DCB)
- Ethernet Enhancements in Data Center Bridging
- Enabling Data Center Bridging
- QoS dot1p Traffic Classification and Queue Assignment
- Configure Enhanced Transmission Selection
- Configure a DCBx Operation
- Verifying the DCB Configuration
- PFC and ETS Configuration Examples
- Using PFC and ETS to Manage Data Center Traffic
- Fibre Channel over Ethernet for FC Flex IO Modules
- NPIV Proxy Gateway for FC Flex IO Modules
Inuencing RSTP Root Selection.................................................................................................................................708
SNMP Traps for Root Elections and Topology Changes...........................................................................................708
Conguring Fast Hellos for Link State Detection.......................................................................................................708
49 Security....................................................................................................................................................710
Supported Modes...........................................................................................................................................................710
Understanding Banner Settings....................................................................................................................................710
Accessing the I/O Aggregator Using the CMC Console Only...................................................................................711
AAA Accounting.............................................................................................................................................................. 711
Conguration Task List for AAA Accounting..........................................................................................................711
AAA Authentication........................................................................................................................................................713
Conguration Task List for AAA Authentication................................................................................................... 713
AAA Authorization..........................................................................................................................................................716
Privilege Levels Overview........................................................................................................................................717
Conguration Task List for Privilege Levels........................................................................................................... 717
RADIUS............................................................................................................................................................................ 721
RADIUS Authentication and Authorization............................................................................................................721
Conguration Task List for RADIUS.......................................................................................................................723
Support for Change of Authorization and Disconnect Messages packets.......................................................725
TACACS+........................................................................................................................................................................ 737
Conguration Task List for TACACS+....................................................................................................................737
TACACS+ Remote Authentication.........................................................................................................................738
Enabling SCP and SSH..................................................................................................................................................739
Using SCP with SSH to Copy a Software Image.................................................................................................740
Secure Shell Authentication.................................................................................................................................... 741
Conguring the HMAC Algorithm for the SSH Client..........................................................................................741
Conguring the SSH Client Cipher List.................................................................................................................742
Conguring DNS in the SSH Server......................................................................................................................742
Telnet............................................................................................................................................................................... 743
VTY Line and Access-Class Conguration..................................................................................................................743
VTY Line Local Authentication and Authorization................................................................................................743
VTY Line Remote Authentication and Authorization........................................................................................... 744
Role-Based Access Control.......................................................................................................................................... 744
Overview of RBAC...................................................................................................................................................745
User Roles................................................................................................................................................................. 747
AAA Authentication and Authorization for Roles.................................................................................................750
Role Accounting....................................................................................................................................................... 753
Display Information About User Roles...................................................................................................................754
Dell EMC Networking OS Security Hardening...........................................................................................................755
Dell EMC Networking OS Image Verication....................................................................................................... 755
Startup Conguration Verication......................................................................................................................... 756
Conguring the root User Password..................................................................................................................... 757
Enabling User Lockout for Failed Login Attempts................................................................................................758
50 Service Provider Bridging........................................................................................................................ 759
VLAN Stacking...............................................................................................................................................................759
24
Contents