Concept Guide
Table Of Contents
- Dell PowerEdge FN I/O Module Configuration Guide 9.14.1.0
- About this Guide
- Before You Start
- Configuration Fundamentals
- Getting Started
- Console Access
- Accessing the CLI Interface and Running Scripts Using SSH
- Boot Process
- Default Configuration
- Configuring a Host Name
- Configuring a Unique Host Name on the System
- Accessing the System Remotely
- Configuring the Enable Password
- Configuration File Management
- Managing the File System
- View the Command History
- Using HTTP for File Transfers
- Upgrading and Downgrading the Dell Networking OS
- Verify Software Images Before Installation
- Deploying FN I/O Module
- Management
- Configuring Privilege Levels
- Configuring Logging
- Display the Logging Buffer and the Logging Configuration
- Log Messages in the Internal Buffer
- Disabling System Logging
- Sending System Messages to a Syslog Server
- Changing System Logging Settings
- Display the Logging Buffer and the Logging Configuration
- Configuring a UNIX Logging Facility Level
- Synchronizing Log Messages
- Enabling Timestamp on Syslog Messages
- Enabling Secure Management Mode
- Enabling Secured CLI Mode
- File Transfer Services
- Terminal Lines
- Setting Time Out of EXEC Privilege Mode
- Using Telnet to get to Another Network Device
- Lock CONFIGURATION Mode
- Limit Concurrent Login Sessions
- Track Login Activity
- Recovering from a Forgotten Password
- Recovering from a Forgotten Enable Password
- Recovering from a Failed Start
- 802.1X
- Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM)
- Access Control Lists (ACLs)
- IP Access Control Lists (ACLs)
- Implementing ACL on the Dell Networking OS
- ACLs and VLANs
- ACL Optimization
- Determine the Order in which ACLs are Used to Classify Traffic
- IP Fragment Handling
- IP Fragments ACL Examples
- Layer 4 ACL Rules Examples
- Configure a Standard IP ACL
- Configuring a Standard IP ACL Filter
- Configure an Extended IP ACL
- Configuring Filters with a Sequence Number
- Configuring Filters Without a Sequence Number
- Established Flag
- Configure Layer 2 and Layer 3 ACLs
- Assign an IP ACL to an Interface
- Applying an IP ACL
- Counting ACL Hits
- Configure Ingress ACLs
- Configure Egress ACLs
- Applying Egress Layer 3 ACLs (Control-Plane)
- IP Prefix Lists
- Configuration Task List for Prefix Lists
- Creating a Prefix List
- Creating a Prefix List Without a Sequence Number
- Viewing Prefix Lists
- Applying a Prefix List for Route Redistribution
- Applying a Filter to a Prefix List (OSPF)
- ACL Remarks
- ACL Resequencing
- Resequencing an ACL or Prefix List
- Route Maps
- Important Points to Remember
- Configuration Task List for Route Maps
- Creating a Route Map
- Configure Route Map Filters
- Configuring Match Routes
- Configuring Set Conditions
- Configure a Route Map for Route Redistribution
- Configure a Route Map for Route Tagging
- Continue Clause
- Logging of ACL Processes
- Guidelines for Configuring ACL Logging
- Configuring ACL Logging
- Flow-Based Monitoring Support for ACLs
- Enabling Flow-Based Monitoring
- Bidirectional Forwarding Detection (BFD)
- Border Gateway Protocol IPv4 (BGPv4)
- Configuration Cloning
- Content Addressable Memory (CAM)
- Control Plane Policing (CoPP)
- Data Center Bridging (DCB)
- Supported Modes
- Ethernet Enhancements in Data Center Bridging
- Priority-Based Flow Control
- Enhanced Transmission Selection
- Data Center Bridging Exchange Protocol (DCBx)
- Creating a DCB Map
- Data Center Bridging: Default Configuration
- Data Center Bridging in a Traffic Flow
- Data Center Bridging: Auto-DCB-Enable Mode
- Configuring Priority-Based Flow Control
- Configuring Enhanced Transmission Selection
- Hierarchical Scheduling in ETS Output Policies
- DCBx Operation
- Verifying the DCB Configuration
- QoS dot1p Traffic Classification and Queue Assignment
- Troubleshooting PFC, ETS, and DCBx Operation
- Dynamic Host Configuration Protocol (DHCP)
- Supported Modes
- Assigning an IP Address using DHCP
- Debugging DHCP Client Operation
- DHCP Client
- How DHCP Client is Implemented
- DHCP Client on a Management Interface
- DHCP Client on a VLAN
- DHCP Packet Format and Options
- Option 82
- Releasing and Renewing DHCP-based IP Addresses
- Viewing DHCP Statistics and Lease Information
- Configuring DHCP relay source interface
- DHCP Snooping
- DHCP Snooping for a Multi-Tenant Host
- DHCP Snooping in a VLT Setup
- Enabling DHCP Snooping
- Enabling IPv6 DHCP Snooping
- Adding a Static Entry in the Binding Table
- Adding a Static IPV6 DHCP Snooping Binding Table
- Clearing the Binding Table
- Clearing the DHCP IPv6 Binding Table
- Displaying the Contents of the Binding Table
- Displaying the Contents of the DHCPv6 Binding Table
- Debugging the IPv6 DHCP
- IPv6 DHCP Snooping MAC-Address Verification
- Equal Cost Multi-Path (ECMP)
- FC FPORT
- FCoE Transit
- Supported Modes
- Fibre Channel over Ethernet
- Ensure Robustness in a Converged Ethernet Network
- FIP Snooping on Ethernet Bridges
- FIP Snooping in a Switch Stack
- Using FIP Snooping
- Important Points to Remember
- Enabling the FCoE Transit Feature
- Enable FIP Snooping on VLANs
- Configure the FC-MAP Value
- Configure a Port for a Bridge-to-Bridge Link
- Configure a Port for a Bridge-to-FCF Link
- Impact on Other Software Features
- FIP Snooping Prerequisites
- FIP Snooping Restrictions
- Configuring FIP Snooping
- Displaying FIP Snooping Information
- FCoE Transit Configuration Example
- FIPS Cryptography
- Force10 Resilient Ring Protocol (FRRP)
- GARP VLAN Registration Protocol (GVRP)
- FIP Snooping
- Internet Group Management Protocol (IGMP)
- Interfaces
- Basic Interface Configuration
- Advanced Interface Configuration
- Interface Types
- View Basic Interface Information
- Configuring the Default Interface
- Enabling a Physical Interface
- Physical Interfaces
- Automatic recovery of an Err-disabled interface
- Management Interfaces
- VLAN Interfaces
- Loopback Interfaces
- Null Interfaces
- VLAN Membership
- Port Channel Interfaces
- Port Channel Definition and Standards
- Port Channel Benefits
- Port Channel Implementation
- 100/1000/10000 Mbps Interfaces in Port Channels
- Configuration Tasks for Port Channel Interfaces
- Creating a Port Channel
- Adding a Physical Interface to a Port Channel
- Reassigning an Interface to a New Port Channel
- Configuring the Minimum Oper Up Links in a Port Channel
- Adding or Removing a Port Channel from a VLAN
- Assigning an IP Address to a Port Channel
- Deleting or Disabling a Port Channel
- Load Balancing through Port Channels
- Changing the Hash Algorithm
- Server Ports
- Bulk Configuration
- Defining Interface Range Macros
- Monitoring and Maintaining Interfaces
- Splitting QSFP Ports to SFP+ Ports
- Configuring wavelength for 10–Gigabit SFP+ optics
- Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port
- Layer 2 Flow Control Using Ethernet Pause Frames
- Configure MTU Size on an Interface
- Port-Pipes
- Auto-Negotiation on Ethernet Interfaces
- View Advanced Interface Information
- Enhanced Control of Remote Fault Indication Processing
- Internet Protocol Security (IPSec)
- IPv4 Routing
- IP Addresses
- IPv4 Path MTU Discovery Overview
- Using the Configured Source IP Address in ICMP Messages
- Configuring the Duration to Establish a TCP Connection
- Enabling Directed Broadcast
- Resolution of Host Names
- ARP
- ARP Learning via Gratuitous ARP
- ARP Learning via ARP Request
- Configuring ARP Retries
- ICMP
- UDP Helper
- Configurations Using UDP Helper
- Troubleshooting UDP Helper
- IPv6 Routing
- Protocol Overview
- IPv6 Header Fields
- Extension Header Fields
- Addressing
- Implementing IPv6 with the Dell Networking OS
- ICMPv6
- Path MTU Discovery
- IPv6 Neighbor Discovery
- Configuration Task List for IPv6 RDNSS
- IPv6 Multicast
- Configuration Task List for IPv6
- Adjusting Your CAM-Profile
- Assigning an IPv6 Address to an Interface
- Assigning a Static IPv6 Route
- Configuring Telnet with IPv6
- SNMP over IPv6
- Showing IPv6 Information
- Showing an IPv6 Interface
- Showing IPv6 Routes
- Showing the Running-Configuration for an Interface
- Clearing IPv6 Routes
- Disabling ND Entry Timeout
- Secure Shell (SSH) Over an IPv6 Transport
- iSCSI Optimization
- Intermediate System to Intermediate System
- Isolated Networks for Aggregators
- Link Aggregation
- Supported Modes
- How the LACP is Implemented on an Aggregator
- Link Aggregation Control Protocol (LACP)
- Configuring Auto LAG
- Configuring the Minimum Number of Links to be Up for Uplink LAGs to be Active
- Optimizing Traffic Disruption Over LAG Interfaces On IOA Switches in VLT Mode
- Preserving LAG and Port Channel Settings in Nonvolatile Storage
- Enabling LACP link-fallback
- Enabling the Verification of Member Links Utilization in a LAG Bundle
- Monitoring the Member Links of a LAG Bundle
- Verifying LACP Operation and LAG Configuration
- Multiple Uplink LAGs with 10G Member Ports
- Layer 2
- Link Layer Discovery Protocol (LLDP)
- Supported Modes
- Protocol Data Units
- Configure LLDP
- CONFIGURATION versus INTERFACE Configurations
- Enabling LLDP
- Advertising TLVs
- Optional TLVs
- LLDP Operation
- Storing and Viewing Unrecognized LLDP TLVs
- Viewing the LLDP Configuration
- Viewing Information Advertised by Adjacent LLDP Agents
- Configuring LLDPDU Intervals
- Configuring a Time to Live
- Clearing LLDP Counters
- Debugging LLDP
- Relevant Management Objects
- Microsoft Network Load Balancing
- Multicast Source Discovery Protocol (MSDP)
- Protocol Overview
- Anycast RP
- Implementation Information
- Configure the Multicast Source Discovery Protocol
- Enabling MSDP
- Manage the Source-Active Cache
- Accept Source-Active Messages that Fail the RFP Check
- Specifying Source-Active Messages
- Limiting the Source-Active Messages from a Peer
- Preventing MSDP from Caching a Local Source
- Preventing MSDP from Caching a Remote Source
- Preventing MSDP from Advertising a Local Source
- Logging Changes in Peership States
- Terminating a Peership
- Clearing Peer Statistics
- Debugging MSDP
- MSDP with Anycast RP
- Configuring Anycast RP
- MSDP Sample Configurations
- Multiple Spanning Tree Protocol (MSTP)
- Protocol Overview
- Spanning Tree Variations
- Implementation Information
- Configure Multiple Spanning Tree Protocol
- Enable Multiple Spanning Tree Globally
- Creating Multiple Spanning Tree Instances
- Influencing MSTP Root Selection
- Interoperate with Non-Dell Networking OS Bridges
- Changing the Region Name or Revision
- Modifying Global Parameters
- Enable BPDU Filtering Globally
- Modifying the Interface Parameters
- Configuring an EdgePort
- Flush MAC Addresses after a Topology Change
- MSTP Sample Configurations
- Debugging and Verifying MSTP Configurations
- Multicast Features
- Open Shortest Path First (OSPFv2 and OSPFv3)
- Protocol Overview
- OSPF with the Dell Networking OS
- Configuration Information
- OSPFv3 NSSA
- Configuration Task List for OSPFv3 (OSPF for IPv6)
- Enabling IPv6 Unicast Routing
- Assigning IPv6 Addresses on an Interface
- Assigning Area ID on an Interface
- Assigning OSPFv3 Process ID and Router ID Globally
- Configuring Stub Areas
- Configuring Passive-Interface
- Redistributing Routes
- Configuring a Default Route
- Enabling OSPFv3 Graceful Restart
- Displaying Graceful Restart
- OSPFv3 Authentication Using IPsec
- MIB Support for OSPFv3
- MIB Support for OSPFv3
- Policy-based Routing (PBR)
- PIM Sparse-Mode (PIM-SM)
- PIM Source-Specific Mode (PIM-SSM)
- Port Monitoring
- Private VLANs (PVLAN)
- Per-VLAN Spanning Tree Plus (PVST+)
- Quality of Service (QoS)
- Routing Information Protocol (RIP)
- Remote Monitoring (RMON)
- Rapid Spanning Tree Protocol (RSTP)
- Protocol Overview
- Configuring Rapid Spanning Tree
- Configuring Interfaces for Layer 2 Mode
- Enabling Rapid Spanning Tree Protocol Globally
- Adding and Removing Interfaces
- Modifying Global Parameters
- Enable BPDU Filtering Globally
- Modifying Interface Parameters
- Configuring an EdgePort
- Influencing RSTP Root Selection
- SNMP Traps for Root Elections and Topology Changes
- Configuring Fast Hellos for Link State Detection
- Security
- Service Provider Bridging
- sFlow
- Simple Network Management Protocol (SNMP)
- Supported Modes
- Implementation Information
- Configuring the Simple Network Management Protocol
- Setting Up User-Based Security (SNMPv3)
- Reading Managed Object Values
- Displaying the Ports in a VLAN using SNMP
- Fetching Dynamic MAC Entries using SNMP
- Deriving Interface Indices
- Monitor Port-Channels
- Entity MIBS
- SNMP Traps for Link Status
- Standard VLAN MIB
- MIB Support to Display the Available Memory Size on Flash
- MIB Support to Display the Software Core Files Generated by the System
- SNMP Support for WRED Green/Yellow/Red Drop Counters
- MIB Support to Display the Available Partitions on Flash
- MIB Support to Display Egress Queue Statistics
- MIB Support to Display Egress Queue Statistics
- MIB Support for entAliasMappingTable
- MIB Support for LAG
- MIB Support to Display Unrecognized LLDP TLVs
- MIB support for Port Security
- Transceiver Monitoring
- Configuring SNMP context name
- Stacking
- Storm Control
- Broadcast Storm Control
- Spanning Tree Protocol (STP)
- Protocol Overview
- Configure Spanning Tree
- Configuring Interfaces for Layer 2 Mode
- Enabling Spanning Tree Protocol Globally
- Adding an Interface to the Spanning Tree Group
- Removing an Interface from the Spanning Tree Group
- Modifying Global Parameters
- Modifying Interface STP Parameters
- Enabling Port Fast
- Global BPDU Filtering
- Selecting STP Root
- STP Root Guard
- SNMP Traps for Root Elections and Topology Changes
- Displaying STP Guard Configuration
- SupportAssist
- System Time and Date
- Tunneling
- Uplink Failure Detection (UFD)
- Supported Modes
- Feature Description
- How Uplink Failure Detection Works
- UFD and NIC Teaming
- Important Points to Remember
- Uplink Failure Detection (SMUX mode)
- Configuring Uplink Failure Detection (PMUX mode)
- Clearing a UFD-Disabled Interface (in PMUX mode)
- Displaying Uplink Failure Detection
- Sample Configuration: Uplink Failure Detection
- PMUX Mode of the IO Aggregator
- NPIV Proxy Gateway
- Upgrade Procedures
- Virtual LANs (VLANs)
- Virtual Link Trunking (VLT)
- Overview
- VLT Terminology
- Configure Virtual Link Trunking
- RSTP Configuration
- Preventing Forwarding Loops in a VLT Domain
- Sample RSTP Configuration
- Configuring VLT
- Configuring a VLT Interconnect
- Configuring a VLT Backup Link
- Configuring a VLT Port Delay Period
- Reconfiguring the Default VLT Settings (Optional)
- Connecting a VLT Domain to an Attached Access Device (Switch or Server)
- Configuring a VLT VLAN Peer-Down (Optional)
- Configure Multi-domain VLT (mVLT) (Optional)
- Verifying a VLT Configuration
- Connecting a VLT Domain
- PVST+ Configuration
- mVLT Configuration Example
- PIM-Sparse Mode Configuration Example
- Additional VLT Sample Configurations
- Troubleshooting VLT
- Specifying VLT Nodes in a PVLAN
- Association of VLTi as a Member of a PVLAN
- MAC Synchronization for VLT Nodes in a PVLAN
- PVLAN Operations When One VLT Peer is Down
- PVLAN Operations When a VLT Peer is Restarted
- Interoperation of VLT Nodes in a PVLAN with ARP Requests
- Scenarios for VLAN Membership and MAC Synchronization With VLT Nodes in PVLAN
- Configuring a VLT VLAN or LAG in a PVLAN
- Proxy ARP Capability on VLT Peer Nodes
- Configuring VLAN-Stack over VLT
- Virtual Router Redundancy Protocol (VRRP)
- Debugging and Diagnostics
- Standards Compliance
- FC Flex IO Modules
- FC Flex IO Modules
- Understanding and Working of the FC Flex IO Modules
- Data Center Bridging (DCB)
- Ethernet Enhancements in Data Center Bridging
- Enabling Data Center Bridging
- QoS dot1p Traffic Classification and Queue Assignment
- Configure Enhanced Transmission Selection
- Configure a DCBx Operation
- Verifying the DCB Configuration
- PFC and ETS Configuration Examples
- Using PFC and ETS to Manage Data Center Traffic
- Fibre Channel over Ethernet for FC Flex IO Modules
- NPIV Proxy Gateway for FC Flex IO Modules
• If you reboot both VLT peers in BMP mode and the VLT LAGs are static, the DHCP server reply to the DHCP discover oer may not be
forwarded by the ToR to the correct node. To avoid this scenario, congure the VLT LAGs to the ToR and the ToR port channel to the
VLT peers with LACP. If supported by the ToR, enable the lacp-ungroup feature on the ToR using the lacp ungroup member-
independent port-channel command.
• If the lacp-ungroup feature is not supported on the ToR, reboot the VLT peers one at a time. After rebooting, verify that VLTi (ICL)
is active before attempting DHCP connectivity.
•
When you enable IGMP snooping on the VLT peers, ensure the value of the delay-restore command is not less than the query
interval.
• When you enable Layer 3 routing protocols on VLT peers, make sure the delay-restore timer is set to a value that allows sucient time
for all routes to establish adjacency and exchange all the L3 routes between the VLT peers before you enable the VLT ports.
• Only use the lacp ungroup member-independent command if the system connects to nodes using bare metal provisioning
(BMP) to upgrade or boot from the network.
• Ensure that you congure all port channels where LACP ungroup is applicable as hybrid ports and as untagged members of a VLAN.
BMP uses untagged dynamic host conguration protocol (DHCP) packets to communicate with the DHCP server.
• If the DHCP server is located on the ToR and the VLTi (ICL) is down due to a failed link when a VLT node is rebooted in BMP mode, it is
not able to reach the DHCP server, resulting in BMP failure.
• If the source is connected to an orphan (non-spanned, non-VLT) port in a VLT peer, the receiver is connected to a VLT (spanned) port-
channel, and the VLT port-channel link between the VLT peer connected to the source and TOR is down, trac is duplicated due to
route inconsistency between peers. To avoid this scenario, Dell Networking recommends conguring both the source and the receiver
on a spanned VLT VLAN.
• In a topology in which two VLT peer nodes that are connected by a VLTi link and are connected to a ToR switch using a VLT LAG
interface, if you congure an egress IP ACL and apply it on the VLT LAG of both peers using the deny ip any any command, the
trac is permitted on the VLT LAG instead of being denied. The correct behavior of dropping the trac on the VLT LAG occurs when
VLT is up on both the peer nodes. However, if VLT goes down on one of the peers, trac traverses through VLTi and the other peer
switches it to the VLT LAG. Although egress ACL is applied on the VLT nodes to deny all trac, this egress ACL does not deny the
trac (switching trac is not denied owing to the egress IP ACL). You cannot use egress ACLs to deny trac properly in such a VLT
scenario.
• To support Q-in-Q over VLT, ICL is implicitly made as vlan-stack trunk port and the TPID of the ICL is set as 8100.
• Layer 2 Protocol Tunneling is not supported in VLT.
Conguration Notes
When you congure VLT, the following conditions apply.
• VLT domain
– A VLT domain supports two chassis members, which appear as a single logical device to network access devices connected to VLT
ports through a port channel.
– A VLT domain consists of the two core chassis, the interconnect trunk, backup link, and the LAG members connected to attached
devices.
– Each VLT domain has a unique MAC address that you create or VLT creates automatically.
– ARP tables are synchronized between the VLT peer nodes.
– VLT peer switches operate as separate chassis with independent control and data planes for devices attached on non-VLT ports.
– One chassis in the VLT domain is assigned a primary role; the other chassis takes the secondary role. The primary and secondary
roles are required for scenarios when connectivity between the chassis is lost. VLT assigns the primary chassis role according to the
lowest MAC address. You can congure the primary role.
– In a VLT domain, the peer switches must run the same Dell Networking operating system (OS) software version.
– Separately congure each VLT peer switch with the same VLT domain ID and the VLT version. If the system detects mismatches
between VLT peer switches in the VLT domain ID or VLT version, the VLT Interconnect (VLTi) does not activate. To nd the reason
for the VLTi being down, use the show vlt statistics command to verify that there are mismatch errors, then use the show
vlt brief command on each VLT peer to view the VLT version on the peer switch. If the VLT version is more than one release
dierent from the current version in use, the VLTi does not activate.
– The chassis members in a VLT domain support connection to orphan hosts and switches that are not connected to both switches in
the VLT core.
• VLT interconnect (VLTi)
Virtual Link Trunking (VLT)
909