SFTOS Configuration Guide
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instruction are not followed. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Information in this publication is subject to change without notice. © 2010 Dell Force10. All rights reserved.
New Features SFTOS 2.5.3 improves SFTOS internals only, with no new features. SFTOS 2.5.2 adds: • • A substantial support interface that is not accessible through the standard CLI modes and is not publicly documented Support for new S-Series platforms, including the S50N, S50N-DC, and S25P-DC Other Changes to the Document Changes in this edition include: • The major change in this edition is that the example configuration sequence for VLAN Stacking is corrected.
| New Features www.dell.com | support.dell.
Table of Contents New Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Other Changes to the Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 1 About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Checking Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Viewing the Software Version and Switch Numbers . . . . . . . . . . . . . . . . . . . . . . . . .32 Verifying Details about the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32 Showing Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deleting a Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61 Downloading a Configuration Script from a TFTP Server . . . . . . . . . . . . . . . . . .62 Troubleshooting a Downloaded Script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62 Applying a Configuration Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63 Listing Configuration Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89 Removing a Switch from a Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90 Setting Management Unit Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91 Inspecting Management Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring the Switch as a DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130 Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130 Configuration Task List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130 Configuring a DHCP address pool (required) . . . . . . . . . . . . . . . . . . . . . . . . . .131 Excluding IP addresses (optional) . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Example of configuring STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152 Influencing the Spanning Tree Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153 Example of influencing the spanning tree configuration . . . . . . . . . . . . . . . . . .154 Changing Spanning Tree Global Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155 Enabling an Edge Port . . . . . . . . . . . . . . . . . . . . . . . .
Using the “show policy-map” Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187 Using the show service-policy Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190 Configuring Differentiated Services by Department . . . . . . . . . . . . . . . . . . . . . . . . . . .191 Configuring Differentiated Services for Voice over IP . . . . . . . . . . . . . . . . . . . . . . . . . .194 13 Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Displaying GARP, GVRP, GMRP Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222 show garp and show gvrp configuration all commands . . . . . . . . . . . . . . . . . . .222 Creating an IP Subnet-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223 Configuring a Private Edge VLAN (PVLAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223 Configuring a Native VLAN . . . . . . . . . . . . . . . . . . . . . . . . . .
VLAN IP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .262 VLAN Routing Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263 Example of creating a routed VLAN between switches . . . . . . . . . . . . . . . . . . .263 VLAN Routing OSPF Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .264 VLAN Routing RIP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . .
| Table of Contents www.dell.com | support.dell.
1 About this Guide This chapter covers the following topics: • • • • • • • • Objectives on page 15 Audience on page 16 Introduction to the Guide on page 16 Conventions on page 16 Related Dell Force10 Documents and Additional Information on page 16 Contact Information on page 17 Documentation Feedback on page 17 The iSupport Website on page 17 • • • • Objectives Audience Conventions Related Dell Force10 Documents and Additional Information Objectives This document provides configuration instructions and
www.dell.com | support.dell.com Audience This document is intended for system administrators who are responsible for configuring or maintaining networks. This guide assumes you are knowledgeable in Layer 2 and Layer 3 networking technologies. Introduction to the Guide This guide provides examples of the use of E-Series switches in a typical network.
• • • • • • SFTOS Configuration Guide SFTOS and S-Series Release Notes S50 Quick Reference (also included as a printed booklet with the system) Hardware installation guides MIBs files S-Series Tech Tips and FAQ Except for the Tech Tips and FAQ documents, all of the documents listed above are also on the S-Series CD-ROM. Training slides are also on the S-Series CD-ROM. Currently, access to user documentation on iSupport (see The iSupport Website on page 17) is available without a customer account.
www.dell.com | support.dell.com Accessing iSupport Services The URL for iSupport is www.force10networks.com/support/. To access iSupport services you must have a userid and password. If you do not have one, you can request one at the website: 1. On the Dell Force10 iSupport page, click the Account Request link. 2. Fill out the User Account Request form and click Send. You will receive your userid and password by email. 3.
2 SFTOS Features This chapter contains these major sections: • • • • • Overview of SFTOS Features on page 19 Layer 2 Package Feature Details on page 20 Layer 3 Package Feature Details on page 22 Notable Differences between S-Series and E-Series on page 24 Port Naming Convention on page 26 The SFTOS software is available in two packages—the “Layer 2 Package” (“Switching”) and the “Layer 3 Package” (“Routing”).
www.dell.com | support.dell.com • — Flow Control at the MAC layer: you may configure the switch or a port to temporarily halt traffic when necessary to prevent overload (formerly IEEE 802.3x) • Additional functions you can use to manage the network including IGMP Snooping (see Chapter 15, IGMP Snooping), Port Mirroring (see Chapter 16, Port Mirroring), and Broadcast Storm Recovery.
• • 16k MAC Address Table Jumbo Frame Support QoS • • • • • • • 802.1p Priority Marking ACL Entries (L2 + L3) Bandwidth-based Rate Limiting Priority Queues Layer 2 Classification Layer 3 DSCP Wirespeed ACLs (L2/L3/L4) VLAN • • • • • • IEEE 802.1q Support Frame Extensions (IEEE 802.
www.dell.com | support.dell.
Multicast Protocols • • • • IGMP v1/v2 (RFC 1112, 2236) PIM-SM-edge DVMRP PIM-DM Management • ECMP SFTOS Features | 23
www.dell.com | support.dell.com Load Balancing • LAG Load Balancing: For IPv4 packets, LAG load balancing is provided automatically by a hash algorithm that is based on an XOR (eXclusive OR) of the 3 LSBs (Least Significant Bits) of the source and destination IP addresses. For all other packet types, the 3 LSBs of the source and destination MAC addresses are used. Broadcast, unknown unicast, and Layer 2 multicast packets are sent over a single port in the LAG.
• Displaying the MAC address table: Both FTOS and SFTOS have the show mac-address-table command, but the SFTOS command provided different results than the FTOS command before SFTOS Release 2.3. The SFTOS syntax still contains the unit/slot/port form cited above, for example, show mac-addr-table interface 1/0/4. • Displaying port information: FTOS and SFTOS have different sets of the show interface and show interfaces commands.
www.dell.com | support.dell.com • Software naming convention: E-Series software uses this naming convention: FTOS-EF-x.x.x.x Through version 2.3.1.5, the S-Series used a different format that ends with an “.opr” extension. Starting with SFTOS 2.4.1, SFTOS software image file names have a new naming format that is more descriptive and is consistent with the E-Series software naming convention: "SFTOS---.bin" for example: SFTOS-S2410-2.4.1.1-switching.bin.
3 Getting Started This chapter summarizes the following basic tasks: • • • • • • • Connecting to the Console Port on page 29 Command Line Interface (CLI) Overview on page 31 Checking Status on page 32 — Displaying Statistics on page 36 — Viewing the Software Version and Switch Numbers on page 32 — Showing Network Settings on page 34 — Displaying Supported Features and System Up-time on page 34 — Verifying Details about the Switch on page 32 User Management on page 36 — Creating a User and Password on pa
www.dell.com | support.dell.com Setting up a Management Connection to the Switch You have a choice of methods to manage the switch. You can access the SFTOS command line interface (CLI) through either the console port on the switch or through an out-of-band method such as Telnet or SSH. To use any method other than the console port (VT100 emulation), you must first configure a management IP address on the switch.
Connecting to the Console Port To access the console port, follow the procedure below: Step 1 Task Caution: Install a straight-through RJ-45 copper cable (for example, an Ethernet cable) into the console port. This is different from many other implementations that require a crossover (rollover) cable. If connecting to a terminal server and using an Ethernet crossover cable, daisychain another crossover cable to effectively get a straight-through cable connection.
www.dell.com | support.dell.com Step Task (continued) 5 Enter Line Config mode by logging in, entering Privileged Exec mode (enable command), Global Config mode (config command), then lineconfig. In Line Config mode, use the serial timeout command to set the console inactivity timeout (0 for no timeout; up to 160 minutes): Figure 3-2.
Command Line Interface (CLI) Overview The SFTOS Command Line Interface (CLI) is the main way to manage S-Series switches. You can use the CLI through: • • Console port: As described above (Connecting to the Console Port on page 29), the port is the one located at bottom right of the front panel (Use only the console port of the management unit in an S50 stack. The management unit is indicated by the lit LED labeled “PRI” on the top left of the S50 front panel.
www.dell.com | support.dell.com Getting Help From the CLI The following help commands are the same as those found in the E-Series: • • • Use “?” at the prompt to get a list of commands in that mode: “Force10# ?” Use “?” with a partial command to see what initial command words in that mode begin with that string: “Force10# i?” Use “?” after a command or partial command to get a list of commands that start with that word: “Force10# ip ?” Controlling Pagination Starting in SFTOS Release 2.
Figure 3-6. Verifying Details about the Switch Force10 #show switch Management Preconfig Plugged-in Switch Code Switch Status Model ID Model ID Status Version ------ ------------ ------------- ------------- --------------------- -------1 Mgmt Switch SA-01-GE-48T SA-01-GE-48T OK 2.3.1 Force10 #show switch 1 Switch............................ Management Status................. Hardware Management Preference.... Admin Management Preference....... Switch Type.......................
www.dell.com | support.dell.com Showing Network Settings Execute the show interface managementethernet command from either the User Exec or Privileged Exec modes. The resulting display, as shown in the example below, displays all the settings relating to IP-based management connections to the switch. The data includes the management IP address, subnet mask, default gateway, MAC information, etc., as shown below: Figure 3-7.
Figure 3-8. Displaying All Supported Features and System Uptime Force10 #show version Switch: 1 System Description............................. Vendor ID...................................... Plant ID....................................... Country Code................................... Date Code...................................... Serial Number.................................. Part Number.................................... Revision....................................... Catalog Number................
www.dell.com | support.dell.
Figure 3-9. Creating a User and a Password Force10 (Config)#username w_turner passwd willspwd User login name and password are set. Force10 (Config)#no username w_turner Force10 (Config)#username w_turner passwd newpwd User login name and password are set.Password Changed! Note: SFTOS 2.5.1.3 adds support for the following special characters: , . { } | , in other words, period, comma, open bracket, close bracket, and bar.
www.dell.com | support.dell.com Figure 3-11. Creating and Displaying SNMP Access Levels For details on SNMP, see Setting up SNMP Management on page 71. Setting the Enable Password To change the Privileged Exec password (also called the “Enable” password) in SFTOS Version 2.3.1 and above, you do so in Global Config mode. Enter enable passwd, press Enter, and enter a new password: Figure 3-12.
Figure 3-14. Force10 Force10 Force10 Force10 Enabling an Individual Port >enable #config (Config)#interface 1/0/22 (Interface 1/0/22)#no shutdown For more on setting up ports, see Configuring Interfaces on page 111. Setting the Management IP Address On first startup, you have management access only through the console port. If you want to manage the switch through an IP-based access method (Telnet, SSH, SNMP, TFTP, etc.), you must configure a management IP interface, using the following the procedure.
www.dell.com | support.dell.com Configuring an Interface with an IP Address Note: You must have the optional SFTOS Layer 3 Package installed to configure routing commands and to set IP addressing an interface. Use the show version command (see Figure 3-8 on page 35) to determine what software is installed. To assign an IP address to an interface, use the following commands: Command Syntax Command Mode Purpose ip routing Global Config Enables routing for the switch.
Use the show ip interface brief command to display a smaller set of information about all IP interfaces. Figure 3-16. Using the show ip interface brief Command Force10 #show ip interface brief Interface --------1/0/3 1/0/4 IP Address --------------50.0.0.2 66.1.1.1 IP Mask --------------255.255.255.0 255.255.255.
www.dell.com | support.dell.com Setting Up the Management VLAN As described in Setting the Management IP Address on page 39, when you set up a management IP address, you can manage the switch through an IP-based access method (SNMP, Telnet, etc.); any enabled port in the management VLAN is available for the IP-based access.
Figure 3-18. Force10 Force10 Force10 Force10 Force10 Example of Entering STP Commands in CLI #configure (Config)#spanning-tree (Config)#spanning-tree port mode enable all (Config)#exit #show spanning-tree summary Spanning Tree Adminmode........... Spanning Tree Version............. Configuration Name................ Configuration Revision Level...... Configuration Digest Key.......... 0xac36177f50283cd4b83821d8ab26de62 Configuration Format Selector..... No MST instances to display. Enabled IEEE 802.
www.dell.com | support.dell.com Important Points to Remember — Files • • Beginning with SFTOS Version 2.3, when you save the running-config to the startup-config file, the startup-config is converted to text, if it is not already. Upgrading the software to Version 2.3 or above automatically invokes a conversion of the binary configuration file to text. The conversion also includes updating configuration statements to statements that conform to the current version.
For information on the SSL and SSH files listed above, see the Secure Communications folder on the S-Series Documentation and Software CD-ROM. Points to Remember when Transferring Files Points to remember when downloading software code or configuration files include: • • • • • • • Code: — In SFTOS 2.5.1.x , a download of SFTOS overwrites SFTOS code in the designated section of flash memory, denoted by the copy command with the location names image1 and image2.
www.dell.com | support.dell.com Figure 3-19. Displaying the Current Software Version Force10 #show hardware Switch: 1 System Description............................. Vendor ID...................................... Plant ID....................................... Country Code................................... Date Code...................................... Serial Number.................................. Part Number.................................... Revision.......................................
Or, typically, before starting the download, users want to increase the transfer rate to the maximum. So, instead of immediately selecting 4, you would select option 2, which accesses a menu that enables you to change the baud rate to 115200. Typically, you would then also need to modify your terminal software settings to 115200. After changing the terminal session rate to 1152000, and the connection is re-established, for example in Hyperterminal, press the ‘?’ key to refresh to the Boot Menu text.
www.dell.com | support.dell.com Figure 3-21. Logging In and Using the enable Command Force10 User:admin Password: NOTE: Enter '?' for Command Help. Command help displays all options that are valid for the 'normal' and 'no' command forms. For the syntax of a particular command form, please consult the documentation. Force10 >enable Password: 2. Set the management IP address, subnet mask, and gateway address, as described in Setting the Management IP Address on page 39. 3.
With all versions of SFTOS, using the copy command to download SFTOS software to the management switch automatically propagates that software to all stack members. You also have the option of using the following version of the copy command to copy an image from the management unit to a stack member: copy {image1 | image2} unit://unit/{image1 | image2} For details on managing software in a stack of switches, see Upgrading Software in a Stack on page 94 in the Stacking chapter.
www.dell.com | support.dell.com Installing System Software After downloading a new software image (see Downloading a Software Image on page 45) and backing up the configuration (see Saving the Running Configuration on page 49), you are ready to install the new software. Execute the reload command, as shown in Using the reload command to upgrade to SFTOS 2.5.1 on page 53. Managing SFTOS Software with SFTOS Version 2.5.1 SFTOS v. 2.5.1 adds the Dual Image Management feature.
SFTOS Version 2.5.1 provides several new or revised software management commands: Command Syntax Command Mode Usage boot system [unit] {image1 | image2} Privileged Exec Activate a particular image on the target system (“activate”, here, means to identify, to the system, the software to install on the next reboot). copy tftp://tftp_server_ip_address/ path/filename {image1 | image2} Privileged Exec The system image download command revised for SFTOS 2.5.1. (Previous to 2.5.
www.dell.com | support.dell.com The Boot Menu is also revised in SFTOS v. 2.5.1 to allow the user to select either image from the boot menu (or also to download a replacement image). This choice is available in two cases: 52 • • If the user interrupts the boot sequence If the boot sequence fails to launch either saved software image. This can happen if the images become corrupted (if the CRC check fails on the image). When you are first installing SFTOS 2.5.
The example in Figure 3-25 shows the boot messages when loading the switch (all switches in the stack are reloaded if a stack exists) with SFTOS 2.5.1: Figure 3-25. Using the reload command to upgrade to SFTOS 2.5.1 Force10 #reload Are you sure you want to reload the stack? (y/n) y Reloading all switches. Force10 Boot Code... tffsDevCreate failed. Storing configuration files Storing Code base usrTffsConfig returned 0xffffffff, formatting...
www.dell.com | support.dell.com After installing SFTOS 2.5.1 on the management switch and the stack, as described above, use the following procedure for subsequent upgrades: Step Command Syntax Command Mode 1 show bootvar [unit] Privileged Exec (OPTIONAL) Display SFTOS version information and activation status on the specified stack member. If you do not specify a unit number, the command displays image details for all nodes on the stack.
Figure 3-26. Example of Launching the Boot Menu to select the Backup Image Force10 #reload Management switch has unsaved changes. Would you like to save them now? (y/n) n Configuration Not Saved! Are you sure you want to reload the stack? (y/n) y Reloading all switches. Force10 Boot Code... Version 01.00.26 06/03/2005 Select an option. If no selection in 2 seconds then operational code will start. 1 - Start operational code. 2 - Start Boot Menu.
www.dell.com | support.dell.com When converting from a Routing image to a Switching image, you must interrupt the reboot to revert the switch to factory defaults, as shown in Figure 3-27: Figure 3-27. Restoring Factory Defaults when Converting from Routing to Switching Image Force10 #reload Management switch has unsaved changes. Would you like to save them now? (y/n) y Configuration Saved! Are you sure you want to reload the stack? (y/n) y Reloading all switches. Force10 Boot Code...Version 01.00.
When the switch is booted, its configuration is managed by the startup configuration (“startup-config”) file that is stored in non-volatile memory (NVRAM). As you make configuration changes, those changes are stored in volatile system memory as the “running config” until you copy them to the startup-config. The quickest way to do that is to use the write memory command (executed from the Privileged Exec mode). You can also use the command copy system:running-config nvram:startup-config.
www.dell.com | support.dell.com Figure 3-29. Using the copy nvram:startup-config Command Force10 #copy nvram:startup-config tftp://10.16.1.56/s50_1 Mode........................................... Set TFTP Server IP............................. TFTP Path...................................... TFTP Filename.................................. Data Type...................................... TFTP 10.16.1.56 .
3. Select 10 to restore the configuration to factory defaults (deletes the configuration file). Note: Resetting to factory defaults is more powerful than executing the clear config command, because it resets all internal values. 4. Select option 9 to reload/boot the switch. Figure 3-31. Restoring the Configuration to Factory Defaults Force10 Boot Code... Version 01.00.27 11/18/2005 Select an option. If no selection in 2 seconds then operational code will start. 1 - Start operational code.
www.dell.com | support.dell.com Using Configuration Scripts This section contains: • • • • • • • Creating a Configuration Script on page 60 Viewing a Configuration Script File on page 60 Uploading a Configuration Script to a TFTP Server on page 61 Deleting a Script on page 61 Downloading a Configuration Script from a TFTP Server on page 62 Applying a Configuration Script on page 63 Listing Configuration Scripts on page 64 Configuration scripts are ‘flat’ configuration files stored in the NVRAM.
Command Syntax Command Mode Purpose script show scriptname.scr Privileged Exec To view a configuration script by specific name. Figure 3-32. Using the script show Command Force10 #script show test.scr 1 : !Current Configuration: 2 : ! 3 : hostname "Force10" 4 : network parms 10.10.1.33 255.255.255.0 10.10.1.254 5 : interface vlan 11 6 : !System Description "Force10 S50" 10 : !System Description F.5.6.2 ...
www.dell.com | support.dell.com Force10 #script delete test.scr Are you sure you want to delete the configuration script(s)? (y/n)y 1 configuration script(s) deleted. Downloading a Configuration Script from a TFTP Server To download a “config script”, use the copy command, as in the following. Command Syntax Command Mode Purpose copy tftp://x.x.x.x/scriptname.scr nvram:script scriptname.scr Privileged Exec Downloads the named script from the TFTP server identified by the URL. Figure 3-34.
Figure 3-35. Example of a Script Validation Error Message Configuration script validation failed.
www.dell.com | support.dell.com For example, the command to create a class-map called “cm-1” is class-map match-all cm-1, while the command to edit cm-1 later is class-map cm-1 (For more on class-map, see Using Differentiated Services (DiffServ) on page 177.) Attempting to apply an unmodified config script containing cm-1 to a machine that already has a class-map called cm-1 results in an error similar to the following example (see Figure 3-37 on page 64). Figure 3-37.
Displaying Logs The switch maintains four logs: • • • • Event log (“Persistent log”) — exception messages and critical boot-up messages; saved on switch reset — Use the command show eventlog. System log, “buffered log”) – system trace information; cleared on switch reset — Use the commands show logging or show logging history. List of logging hosts — Use the command show logging hosts. Traps – enabled trap events; cleared on switch reset — Use the command show logging traplogs.
| Getting Started www.dell.com | support.dell.
4 Management This chapter covers the following management tasks: • • • • • • • • • • • • Creating the Management IP Address Changing the Management VLAN from the Default on page 68 Verifying Access to a Management Port on page 69 Verifying Management Port Connectivity on page 69 Setting Stack Management Preferences on page 69 Setting the Host Name Prompt on page 70 Restoring the Configuration to Factory Defaults on page 70 Setting up SNMP Management on page 71 Link Layer Discovery Protocol (LLDP) on page 7
www.dell.com | support.dell.com Changing the Management VLAN from the Default As stated in Setting Up the Management VLAN on page 42 in the Getting Started chapter, the default management VLAN is the default VLAN 1, so, when you configure the management IP interface (see Creating the Management IP Address on page 67), any port that is part of the default VLAN will carry management traffic.
Verifying Access to a Management Port It is possible to set the management VLAN to a VLAN that does not exist. If you cannot reach anything from the management address, inspect the management VLAN with the commands show interface managementethernet or show running-config, to inspect the management IP settings, as shown in Figure 4-41. Figure 4-41. Verifying Management Port Network Force10 #show interface managementethernet IP Address..................................... Subnet Mask........................
www.dell.com | support.dell.com Setting the Host Name Prompt If you have more than one individually managed S-Series switch, you can differentiate them by creating a unique CLI host name prompt for each switch. Use the hostname command, in Global Config mode, to edit the prompt, as shown in Figure 4-43: Figure 4-43. Setting the Host Name Force10 (Config)#hostname Force10_S50 Force10_S50 (Config)# The host name is case-sensitive and can be up to 64 characters in length.
When the S50 starts to reload, the following text appears at the console: Figure 4-44. Rebooting Reloading all switches. Force10 Boot Code... Version 01.00.26 06/03/2005 Select an option. If no selection in 2 seconds then operational code will start. 1 - Start operational code. 2 - Start Boot Menu. Select (1, 2):2 2. When the text above appears, you have two seconds to enter 2 (as shown) and then press Enter. If you are not fast enough, the router will boot normally.
www.dell.com | support.dell.com SFTOS SNMP support conforms to RFC 1157 (SNMP v1), RFC 1213 (SNMP v2 (MIB-II)), and RFC 2570 (SNMP v3). For more on the MIBs and SNMP-related RFCs supported by SFTOS, refer to the SNMP appendix to this guide (see RFCs, MIBs, and Traps on page 285). That appendix also discusses the SNMP traps that SFTOS generates. The MIB files are on the S-Series product CD-ROM and on the iSupport website (password required): https://www.force10networks.
• • • • • • snmp-server community ipmask: Sets a client IP mask for an SNMP community. [no] snmp-server community mode name: Activates [deactivates] the designated SNMP community. All configured communities are enabled by default. snmp-server community ro: Restricts access to switch information to read-only. snmp-server community rw: Sets access to switch information to read/write. snmptrap ipaddr: Assigns an IP address to a specified community name.
www.dell.com | support.dell.com • • [no] snmp-server enable trap violation: This command enables the sending of new violation traps designating when a packet with a disallowed MAC address is received on a locked port (traps disabled by default). [no] snmp-server traps enable: This command sets the Authentication flag (traps disabled by default). Interface Config Mode: • • snmp trap link-status: This command enables link status traps by interface.
Link Layer Discovery Protocol (LLDP) The IEEE 802.1AB standard defines the Link Layer Discovery Protocol (LLDP). This protocol allows a switch residing on an 802 VLAN to advertise connectivity, physical description, management information, and major capabilities.
www.dell.com | support.dell.com Alarm (OID 1.3.6.1.2.1.16.3) Periodically takes statistical samples and compares them with set thresholds for events generation — includes the alarm table and requires the implementation of the event group. Alarm type, interval, starting threshold, stop threshold. Events (OID 1.3.6.1.2.1.16.9) Controls the generation and notification of events from this device — event type, description, last time event sent.
2 [no] rmon alarm 1-65535 SNMP_OID 5-3600 {delta | absolute} rising-threshold 0-4294967295 index falling-threshold 0-4294967295 index [owner string] Global Config Identify the event ID created in Step 1 for which you want to set [or disable] an alarm, identify the target MIB, and configure the parameters that trigger the alarm. 3 show rmon alarms brief Privileged Exec Display a summary of the contents of the RMON Alarm Table.
www.dell.com | support.dell.com Example of configuring an RMON alarm The following example shows the use of the rmon event and rmon alarm commands to create two event IDs and then associate them with an alarm. The event IDs are highlighted in the alarm statement. Figure 4-48. Configuring an RMON Alarm Force10# config Force10 (config)#rmon Force10 (config)#rmon Force10 (config)#rmon falling-threshold 100 Force10 (config)#exit Force10# show rmon event 10 event 20 alarm 50 1.3.6.1.4.1.6027.1.1.16.0.
The software clock runs only when the software is up. When the switch reboots, the clock restarts, based on the hardware clock. If you set the date and time manually, and then set up SNTP, the automatic update uses the SNTP update. Use the show clock command to check the accuracy of the system date and time.
www.dell.com | support.dell.com CLI Examples of SNTP Setup The following examples show the major command sequences in configuring the SNTP connection. Example #1: Configuring SNTP client mode Figure 4-49. Configuring SNTP Client Mode Force10 (Config)#sntp client mode broadcast ? Press Enter to execute the command. Force10 (Config)#sntp client mode unicast ? Press Enter to execute the command. Force10 (Config)#sntp broadcast client poll-interval ? <6-10> Enter value in the range (6 to 10).
Example #5: show sntp server Figure 4-53. Using the show sntp server Command Force10 #show sntp server Server IP Address: 10.11.8.6 Server Type: ipv4 Server Stratum: 3 Server Reference Id: NTP Srv: 128.4.1.2 Server Mode: Server Server Maximum Entries: 3 Server Current Entries: 1 SNTP Servers -----------IP Address: 10.11.8.
| Management www.dell.com | support.dell.
5 Stacking S-Series Switches This chapter contains the following sections: • • • • • • • • • • • S-Series Stackability Features Important Points to Remember Stacking Commands Overview on page 85 Management Unit Selection Algorithm on page 85 Unit Number Assignment on page 86 Stack Management and Functionality on page 86 Adding a Switch to a Stack on page 89 Removing a Switch from a Stack on page 90 Setting Management Unit Preferences on page 91 Upgrading Software in a Stack on page 94 Using show Commands f
www.dell.com | support.dell.com • • • • The original S50 model can only be stacked with another S50. The number of S50s in a stack is limited by the number of S50s with 10G modules (the hardware supports stacking eight units, but the current software implementation limits stack size to seven), but, again, Dell Force10 currently only supports a stack maximum of three units. Each switch member must run the same version of SFTOS.
Stacking Commands Overview Command Syntax Command Mode Purpose copy {image1 | image2} unit://unit/{image1 | image2} Privileged Exec Starting with SFTOS 2.5.1, this command copies a selected software image from the management switch to a designated switch. Note: Before SFTOS 2.5.1, the archive copy-sw command copied the system image from the management unit to the other stack members. copy tftp:// Privileged Exec Starting with SFTOS 2.5.
www.dell.com | support.dell.com • • • • • to be a management unit, then the newly added unit changes its configured value to disable the management unit function. Conversely, if the management unit function is enabled or unassigned on the unit and there is no other management unit in the system, then the unit becomes the management unit. If the management unit function is disabled on the unit, then it remains a non-management unit.
Number Assignment on page 86). Use the show switch command (Figure 5-56 on page 88) to see the status of the individual members in a stack. Note: Unit numbers are stored in NVRAM and are persistent, even when a unit is removed from a stack. The exceptions are if: 1) you change the unit number manually; or 2) you plug the unit into a new stack, and it gets assigned a new unit number because a unit in that new stack already has the same number. It is possible to pre-configure the stack for new units.
www.dell.com | support.dell.com All of the forwarding protocols run on the management unit. The subordinate units do not run the full stack. The forwarding database resides on the management unit, which then synchronizes the forwarding tables in the other units in the stack. The individual units in the stack then make individual forwarding decisions based on their local copy of the forwarding table.
Adding a Switch to a Stack Note: Dell Force10 currently supports a stack maximum of three units. S50 models can only stack with other S50 models. The S25P, S50N, and S50V can be stacked together. See the Quick Reference appropriate to your S-Series model or its installation guide for instructions on making the physical stacking connections. SFTOS provides three ways to add a switch to a stack: • • • Plug the unit into the stack and let the system configure it.
www.dell.com | support.dell.com Figure 5-57.
Step Command Syntax Command Mode 6 7 Purpose Attach the stacking cables to support the new configuration (see Figure 5-54 on page 84). show stack-port counters Privileged Exec Inspect the stack traffic data to confirm that the stack is successfully reconfigured. See Figure 5-68 on page 99. To remove a switch from the stack, use the no member unit command: Figure 5-58.
www.dell.com | support.dell.com Figure 5-60. Changing Switch Unit Priority Force10 (Config)#switch 4 priority 2 Force10 (Config)#exit Force10 #show switch Switch -----1 3 4 Management Status -----------Stack Member Mgmt Switch Stack Member Preconfig Model ID ------------SA-01-GE-48T SA-01-GE-48T SA-01-GE-48T Plugged-in Model ID ------------SA-01-GE-48T SA-01-GE-48T SA-01-GE-48T Switch Status --------------------OK OK OK Code Version -------2.3.1.5 2.3.1.5 2.3.1.5 Force10 #show switch 4 Switch.....
Figure 5-61. Moving the Management Unit Function within a Stack Force10 (config-stack)#movemanagement 1 3 Moving stack management will unconfigure entire stack including all interfaces. Are you sure you want to move stack management? (y/n) y Force10 (config-stack)# (Unit 1)>This switch is not manager of the stack. STACK: detach 15 units Unit 1 no longer has CLI (Unit 1)> Log into Unit 3 (Unit 3)> (Unit 3)>This switch is manager of the stack.
www.dell.com | support.dell.com Administrative Management Preference The “Administrative Management Preference” indicates the preference given to this unit over another units in a stack by an administrator when the management unit fails. The default value is 1. A value of 0 means the unit cannot become a management unit. This field indicates the administrative management preference value assigned to the switch. This preference value indicates how likely the switch is to be chosen as the management unit.
For more on downloading SFTOS, see Downloading a Software Image on page 45 in the Getting Started chapter. See also the command syntax for the set of Dual Software Image Management commands in that section of the System Configuration Commands chapter in the SFTOS Command Reference. The purpose of the two “image” bins is to enable you to easily specify which image to invoke on the next reboot. You do that with the command boot system [unit] {image1 | image2} before executing the reload command.
www.dell.com | support.dell.com Figure 5-62. Using the show bootvar Command within a Stack Force10-S50 #show switch Management Preconfig Plugged-in Switch Code Switch Status Model ID Model ID Status Version ------ ------------ ---------------- ---------------- --------------- -------1 Mgmt Switch SA-01-GE-48T SA-01-GE-48T OK F.10.20.1 2 Stack Member SA-01-GE-48T SA-01-GE-48T Code Version Mismatch F.10.16.
Figure 5-64. Using the show bootvar Command within a Stack Force10-S50 #boot system 2 image2 Activating image image2 .. Force10-S50 #show bootvar Image Descriptions image1 : default image image2 : Images currently available on Flash -------------------------------------------------------------------unit image1 image2 current-active next-active -------------------------------------------------------------------1 F.10.20.1 image1 image1 2 F.10.16.2 F.10.20.1 image1 image2 2.
www.dell.com | support.dell.com Using show Commands for Stacking Information Use show commands to gather information about stack members. In this chapter, see the following examples of using show commands: • • show stack-port: See Figure 5-55 on page 88. show switch: See Figure 5-56 on page 88, Figure 5-57 on page 90, Figure 5-58 on page 91, and Figure 5-59 on page 91. • • • show supported switchtype: See Figure 5-57 on page 90.
Figure 5-68.
www.dell.com | support.dell.com Figure 5-70.
6 System Logs This chapter describes the system logging features, in these major sections: • • • • • Logging Commands on page 101 Configuring the System Log on page 102 Using the Persistent Event Log on page 105 Displaying the SNMP Trap Log on page 106 Configuring Syslog Server Host Connections on page 107 The S-Series switch maintains five logs: • • • • • System log: This log, also referred to as the buffered log, collects events down to the level of “critical” (by default).
www.dell.com | support.dell.com • • • • • • • • • logging host. See Configuring Syslog Server Host Connections on page 107. logging host reconfigure. See Configuring Syslog Server Host Connections on page 107. logging host remove. See Configuring Syslog Server Host Connections on page 107. logging syslog. See Configuring Syslog Server Host Connections on page 107. show eventlog. See Using the Persistent Event Log on page 105. show logging. See Displaying the System Log on page 103. show logging history.
Command Syntax Command Mode Purpose See Configuring Syslog Server Host Connections on page 107. (Optional) To display accurate times and dates in the log, configure a connection to an SNTP server. See Setting the System Date and Time Manually on page 78. Note: You can copy the System log from the switch to a TFTP server. See Downloading and Uploading Files on page 44 in the Getting Started chapter.
www.dell.com | support.dell.com Interpreting system log messages 104 Table 6-2 uses the first log message in Figure 6-71 as an example to present the field descriptions: <189> JAN 01 00:00:58 0.0.0.0-1 TRAPMGR[190295576]: traputil.c(661) 67 %% Cold Start: Unit: 0 Table 6-2. | A System Log Message Decomposed Field Example Description <189> The leftmost column displays a combination of the facility and the severity. Divide the number in angle brackets by 8 to arrive at the facility.
Using the Persistent Event Log In addition to the optional buffered System log described above, the switch maintains a persistent Event log in NVRAM. Persistent logging is always enabled to memory and disabled to the console or to syslog servers. The log does not require configuration. The purpose of the Event log is to save system exception information to persistent memory for analysis by Dell Force10 Engineering.
www.dell.com | support.dell.com Displaying the SNMP Trap Log The show logging traplogs command displays a trap summary (number of traps since last reset and last view), followed by trap details, as shown in Figure 6-73. Figure 6-73. Using the show logging traplogs Command Force10 #show logging traplogs Number of Traps Since Last Reset............6 Number of Traps Since Log Last Viewed.......
Configuring Syslog Server Host Connections A syslog server can: • • • Store system messages and/or errors Store to local files on the switch or a remote server running a syslog daemon Collect message logs from many systems The S-Series switch sends System log messages to all enabled syslog servers. You have the following choices for managing the logging settings: • • Configure and enable the connections to up to eight syslog servers for a particular switch.
www.dell.com | support.dell.com Figure 6-74. Using the logging host Command Force10 #config Force10 (Config)#logging ? buffered Buffered (In-Memory) Logging Configuration. cli-command CLI Command Logging Configuration. console Console Logging Configuration. facility Syslog Facility Configuration. history Syslog Configuration. host Enter IP Address for Logging Host.
local7.debugging /var/log/force10.log • for a 5.7 SunOS UNIX system, include this line in the /etc/syslog.conf file local7.debugging /var/adm/force10.log In the lines above, local7 is the logging facility and debugging is the Syslog level. Therefore the Syslog daemon sends all messages since debugging is the lowest Syslog level. Refer to the logging facility and logging host command descriptions, above, for more information on those keywords and on setting the output from the switch.
| System Logs www.dell.com | support.dell.
7 Configuring Interfaces This chapter contains overview information on interfaces supported by SFTOS, along with information on configuring physical interfaces, in the following sections: • • • • • Interface Support in SFTOS Viewing Interface Information on page 112 Viewing Layer 3 Interface Information on page 117 Configuring Physical Interfaces on page 117 Bulk Configuration on page 126 Interface Support in SFTOS SFTOS supports the following interface types (SFTOS does not support null interfaces.
www.dell.com | support.dell.com Table 7-3. Interfaces in the S-Series Modes Possible Require Creation Port Channel Layer 2 Layer 3 Yes Yes Shut down (disabled) VLAN Layer 2 Layer 3 Yes* Yes Enabled (active for Layer 2) Shut down (disabled for Layer 3) Type of Interface Default State *The Default VLAN (VLAN 1) does not require creation, but it can be modified. Physical and logical interfaces are automatically in Layer 2 mode.
In addition to inspecting the running config, as described above (see Figure 7-76), the CLI provides multiple commands to inspect the status and configuration of interfaces: • • • • • • • • show interface managementethernet: Use this command, in either Privileged Exec mode or User Exec mode (the only command in this set that is available in User Exec mode), to display the current Management Ethernet interface settings. See Verifying Access to a Management Port on page 69.
www.dell.com | support.dell.com Port Force10 #show interface 1/0/1 Ports 1 through 48 Packets Received Without Error................. Packets Received With Error.................... Broadcast Packets Received..................... Packets Transmitted Without Errors............. Transmit Packet Errors......................... Collision Frames............................... Time Since Counters Last Cleared...............
Switch Force10 #show interface ethernet switchport Total Packets Received (Octets)................ Unicast Packets Received....................... Multicast Packets Received..................... Broadcast Packets Received..................... Receive Packets Discarded...................... 0 0 0 0 0 Octets Transmitted............................. Packets Transmitted Without Errors............. Unicast Packets Transmitted.................... Multicast Packets Transmitted..................
www.dell.com | support.dell.com Figure 7-82. Checking Detailed Interface Counters Per Port Using show interface ethernet Force10 #show interface ethernet 1/0/43 Total Packets Received (Octets)................ Packets Received > 1522 Octets................. Packets RX and TX 64 Octets.................... Packets RX and TX 65-127 Octets................ Packets RX and TX 128-255 Octets............... Packets RX and TX 256-511 Octets............... Packets RX and TX 512-1023 Octets..............
Viewing Layer 3 Interface Information Note: Layer 3 interfaces can only be created with the Layer 3 Package of SFTOS. Use the show version command to determine what package is installed. See Figure 3-8 on page 35.
www.dell.com | support.dell.com Physical interfaces can become part of virtual interfaces such as VLANs or Link Aggregation Groups (LAGs), also called port channels: • • For more information on VLANs, see VLANs on page 207. For more information on port channels, see Link Aggregation on page 165. The System Configuration chapter of the SFTOS Command Reference details the commands used in this chapter.
• • • • • • — Lag—This port is a member of a port-channel (LAG). — Probe—This port is a probe port. The Admin Mode column shows if the port is enabled or shut down. To enable the port, see Enabling an Interface on page 120. The Physical Mode column displays Auto if the port is set to auto-negotiate (Duplex mode and speed will be set from the auto-negotiation process.) To force a change in the setting, see Configuring Speed and Duplex Mode on page 120.
www.dell.com | support.dell.com Enabling an Interface Ports are shut down by default. To enable them, you can do so in bulk mode or per port. For more on bulk configuration, see Bulk Configuration on page 126. To enable an individual port, use the following sequence of commands: Step Command Syntax Command Mode Purpose 1 interface unit/slot/port Global Config To access the Interface Config mode for the selected port, enter the keyword interface followed by the port number in unit/slot/ port format.
Figure 7-86. Using the show port Command to Verify Port Settings Force10 #show port 1/0/30 Admin Interface Type Mode -------------- -----1/0/30 Enable Physical Mode ------Auto Physical Status -------100 Full Link Status -----Up Link Trap -----Enable LACP Mode ------Enable The Link Status field indicates whether the port is passing traffic. Of course, at some point in the process you must connect ports for that field to indicate Up. Note: Ports 45 through 48 are a special case in the S50.
www.dell.com | support.dell.com The following table describes the expected interface status of two directly connected fiber ports based on the configured or auto-negotiated speed and duplex settings. The fiber ports support only auto-negotiation or 1 Gbps full-duplex. Table 7-5.
Figure 7-87. Clearing Counters: Example of Using the clear counters Command Force10 #clear counters 1/0/1 Are you sure you want to clear the port stats? (y/n)y Port Stats Cleared. Force10 #clear counters all Are you sure you want to clear ALL port stats? (y/n)y ALL Port Stats Cleared. Force10 #clear counters Are you sure you want to clear the switch stats? (y/n)y Switch Stats Cleared. Force10 # Enabling Power over Ethernet Ports (PoE) SFTOS 2.5.
www.dell.com | support.dell.com You can override the default power allocation method by using the CLI to prioritize the delivery of power to the ports. When the power budget is exceeded, the next port attempting to power up causes the port with the lowest priority to stop delivering power, to allow higher priority ports to deliver power. In any case, even if a connected device is not currently drawing power, the port can stay up and pass data.
Figure 7-88. Sample of Output of show inlinepower Command for a Switch Force10-S50V >show inlinepower all Slot Port Admin Type Mode ------ --------------- ------- Output Class Priority Power ----- --------- ------ ----- Limit --------- Status 1/0/1 Enable 0 Low 0.000 18 Searching 1/0/2 Enable 0 Low 0.000 18 Searching 1/0/3 Enable 0 Low 0.000 18 Searching 1/0/4 Enable 0 Low 0.000 18 Searching 1/0/5 Enable 0 Low 0.
www.dell.com | support.dell.com Bulk Configuration Bulk configuration means configuring groups of interfaces (physical or logical) with the same command(s). You have these bulk configuration options: • Global: Make system-level changes in the Global Config mode. For example, to enable all ports, enter no shutdown all in Global Config mode. You can then disable certain ports in the Interface Config • • mode. Interface Config mode: SFTOS 2.5.
Bulk Configuration Examples The following examples are of using the interface range command for bulk configuration. Configure a single range In this example, the interface range ethernet range command was used to select ports 1 through 23 on stack member 5. Then, the no shutdown command enabled all of those ports. Figure 7-90.
| Configuring Interfaces www.dell.com | support.dell.
8 DHCP This chapter describes how to configure the S-Series to serve as a DHCP/BootP relay agent or a DHCP server. Note: The S-Series switch can only act as a DHCP/BootP relay agent when the Layer 3 Package of SFTOS is installed.
www.dell.com | support.dell.com Table 8-6. Messages Exchanged between a DHCP Client and Server Reference Message Use 0x01 DHCPDISCOVER The client is looking for available DHCP servers. 0x02 DHCPOFFER The server response to the client’s DHCPDISCOVER message. 0x03 DHCPREQUEST The client broadcasts to the server, requesting offered parameters from one server specifically, as defined in the packet.
Configuring a DHCP address pool (required) You can configure a DHCP address pool with a name that is a symbolic string (such as “Engineering”) or an integer (such as 0). Configuring a DHCP address pool also places you in DHCP pool configuration mode, as identified by the “(config-dhcp)#” prompt, from which you can configure pool parameters (for example, the IP subnet number and default router list). To configure a DHCP address pool, complete the following required steps.
www.dell.com | support.dell.com Figure 8-92. Using the show ip dhcp server statistics Command Force10 #show ip dhcp server statistics Automatic Bindings............................. 0 Expired Bindings............................... 0 Malformed Bindings............................. 0 Messages Received ------------------DHCP DISCOVER.................................. 5 DHCP REQUEST................................... 0 DHCP DECLINE................................... 0 DHCP RELEASE...........................
Configuring the Switch as a DHCP Relay Agent Implement the DHCP relay agent feature with bootpdhcprelay commands, all in Global Config mode. For details on these commands, see the Bootp/DHCP Relay Commands section of the Routing Commands chapter in the SFTOS Command Reference. Step Command Mode Purpose 1 bootpdhcprelay serverip ip-address Global Config Enter the IP address of the DHCP server. 2 bootpdhcprelay enable Global Config Enable forwarding of BootP/DHCP requests.
www.dell.com | support.dell.com Figure 8-94. Diagram of Two Switches Acting as DHCP Server and Relay Agent Configure switch “S50-B”, from the diagram above, as a DHCP server, as shown in Figure 8-95. Figure 8-95. Example of Configuring a Switch as a DHCP server S50-B #config S50-B (Config)#service dhcp S50-B (Config)#ip dhcp pool Pool1 S50-B (config-dhcp)#network 10.1.3.0 255.255.255.0 S50-B (config-dhcp)#default-router 10.1.3.1 S50-B (config-dhcp)#dns-server 192.168.1.
9 Providing User Access Security This chapter contains the following major sections: • • • • Choosing a TACACS+ Server and Authentication Method Configuring TACACS+ Server Connection Options on page 137 Configuring a RADIUS Connection on page 138 Enabling Secure Management with SSH on page 140 SFTOS supports several user-access security methods to the switch, including local (see Creating a User and Password on page 36), port security (IEEE 802.
www.dell.com | support.dell.com Command Mode Purpose show tacacs Privileged Exec Verify the configuration and status of TACACS servers (See Figure 9-98). show authentication Privileged Exec Display the ordered authentication methods for all authentication login lists. Step Command Syntax 4 5 TACACS would generally not be the last method specified, in order to avoid a situation where the final authentication option depends on a server that might be offline.
Figure 9-100. Verifying the Authentication Method Lists with the show authentication Command Force10_S50)#show authentication Authentication Login List Method 1 Method 2 Method 3 ------------------------- -------- -------- -------defaultList local undefined undefined one local tacacs undefined two undefined undefined undefined three tacacs reject undefined Figure 9-101 shows the assignment of list “three” to authenticate non-configured (default) users. Figure 9-101.
www.dell.com | support.dell.com Configuring a RADIUS Connection Remote Authentication Dial-In User Service (RADIUS) is another means of port-based network access control. The switch acts as an intermediary to a RADIUS server, which provides both an authentication and an accounting function to maintain data on service usages. Under RFC 2866, an extension was added to the RADIUS protocol giving the client the ability to deliver accounting information about a user to an accounting server.
• • radiusList method associated with the 802.1x default login (for non-configured users for 802.1x port security). 802.1x port-based access control is enabled for the system. Interface 1/0/1 in force-authorized mode, because this is where the RADIUS server and protected network resources are located If a user, or supplicant, attempts to communicate through the switch on any interface except port 1/0/1, the system challenges the supplicant for login credentials.
www.dell.com | support.dell.com Figure 9-104. Topology with Two RADIUS Servers Figure 9-105. Configuration Example for Two RADIUS Servers Force10 #config Force10 (Config)#radius server host auth 10.10.10.10 Force10 (Config)#radius server key auth 10.10.10.10 Enter secret (16 characters max):****** Re-enter secret:****** Force10 (Config)#radius server host auth 11.11.11.11 Force10 (Config)#radius server key auth 11.11.11.
Secure SHell (SSH) provides secure management through an encrypted transport session between the management station and switch. Enabling secure management through SSH is a four-step process: Note: Starting with SFTOS 2.5.1.1, SSH keys are generated automatically when you enable the SSH Server. Skip to Enabling SSH on page 142. 1. Generate the SSH keys certificates offline. 2. Copy the SSH keys certificates to the switch using TFTP. 3. Enable the secure management server (SSH) on the switch. 4.
www.dell.com | support.dell.com Enabling SSH Starting with SFTOS 2.5.1.1, you no longer need to generate the SSH keys off-line. Before you enable the SSH server, NVRAM does not contain the keys, as shown (or not shown, in this case) in Figure 9-106. After you enable the SSH server and the SSH keys are automatically generated, the keys will not be deleted even if SSH is disabled later. See Figure 9-107 on page 142. Figure 9-106.
2. To verify that the server has started, use the show ip ssh command to show the SSH server status. Figure 9-108. Using the show ip ssh Command to Show SSH Server Status Force10 #show ip ssh SSH Configuration Administrative Mode: .......................... Protocol Levels: .............................. SSH Sessions Currently Active: ................ Max SSH Sessions Allowed: ..................... SSH Timeout: .................................. Enabled Versions 1 and 2 0 5 5 3.
www.dell.com | support.dell.
10 Spanning Tree This chapter discusses the SFTOS implementation of Spanning Tree Protocol (STP), Multiple Spanning Tree Protocol (MSTP), and Rapid Spanning Tree Protocol (RSTP). The chapter contains the following major sections: • • • • • • • • • SFTOS STP Switching Features Spanning Tree Protocol (STP, IEEE 802.1D) on page 146 Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) on page 147 Multiple Spanning-Tree Protocol (MSTP, IEEE 802.
www.dell.com | support.dell.com Spanning Tree Protocol (STP, IEEE 802.1D) When SFTOS is set to run in basic Spanning Tree Protocol (STP) mode, SFTOS conforms to IEEE 802.1D and the RFC 1493 Bridge MIB. A spanning tree algorithm provides path redundancy while preventing undesirable loops in a network: • • • • SFTOS switching can be configured to run with STP enabled or disabled. Without STP, a path failure causes a loss of connectivity.
Basic STP CLI Port Management Privileged and User Exec Mode CLI command: • Display STP settings and parameters for an interface — show spanning-tree interface unit/slot/port Global Config Mode CLI command: • [Disable] enable STP administrative mode for all interfaces — [no] spanning-tree port mode enable all Interface Config Mode CLI command: • [Disable] enable STP administrative mode for an interface — [no] spanning-tree port mode enable For MSTP commands, see Multiple Spanning-Tree Protocol (MSTP, I
www.dell.com | support.dell.com Port States RSTP merges states from STP, leaving just three possible operational states. The 802.1D blocking and disabled states are merged into the 802.1w discarding state. The 802.1D learning and listening states are merged into the 802.1w learning state. Port Costs RSTP introduces new default port costs. BPDU Format RSTP has a unique BPDU format that uses all bits of the Flags field to communicate additional states.
Important Points to Remember MSTP is part of the SFTOS switching package. Either IEEE 802.1D or IEEE 802.1s operates at any given time. The following is the SFTOS implementation of MSTP: • • • • • • • • MSTP instances can only exist within a region. One Common Instance (CIST) and 32 additional Multiple Instances (MSTIs) are supported. Each port supports multiple STP states, with one state per instance. Thus, a port can be in the forwarding state in one instance and blocking in another instance.
www.dell.com | support.dell.com MSTP CLI Management SFTOS supports Multiple Spanning Tree Protocol (MSTP) by default. The basic STP commands (see Basic STP (802.1D) CLI Management on page 146) applicable to MSTP. In addition to display commands (see Display Spanning Tree Configuration on page 157), SFTOS provides the following commands specific to MSTP: Command Syntax Command Mode Purpose [no] spanning-tree msti instance Global Config Add an MSTP instance to the switch.
4. Verify the global configuration, the interface configuration, and the STP convergence. See Display Spanning Tree Configuration on page 157. 5. (OPTIONAL) Influence the STP topology. See Influencing the Spanning Tree Topology on page 153 6. (OPTIONAL) Change global STP operational parameters. See Changing Spanning Tree Global Parameters on page 155. 7. (OPTIONAL) Enable an edge port. See Enabling an Edge Port on page 156. 8. (OPTIONAL) Manage MSTP behavior. See MSTP Configuration Example on page 156.
www.dell.com | support.dell.com Enabling STP Use the following commands to run Spanning Tree convergence on participating switches. spanning tree Global Config Enable the Spanning Tree Protocol on participating switches. spanning-tree port mode enable Interface Config Enable STP on selected ports. spanning-tree port mode enable all Global Config Alternatively to enabling STP on selected ports, activate STP on all ports.
Figure 10-111. Using the spanning-tree Command S50-1 #config S50-1 (Config)#spanning-tree S50-2 #config S50-2 (Config)#spanning-tree S50-3 #config S50-3 (Config)#spanning-tree 3. Use either the spanning-tree port mode enable all command in Global Config mode to enable Spanning Tree on all ports (as shown in Figure 10-112), or use the spanning-tree port mode enable command in Interface Config mode (Figure 10-113) to enable selected ports. Figure 10-112.
www.dell.com | support.dell.
After lowering the priority of MST 5: Force10 #show spanning-tree mst port summary 5 all STP STP Port Interface Mode Type State Role --------- -------- ------- ----------------- ---------1/0/1 Enabled Disabled Disabled 1/0/2 Enabled Disabled Disabled 1/0/3 Enabled Disabled Disabled 1/0/4 Enabled Disabled Disabled 1/0/5 Enabled Disabled Disabled 1/0/6 Enabled Disabled Disabled 1/0/7 Enabled Disabled Disabled 1/0/8 Enabled Disabled Disabled 1/0/9 Enabled Disabled Disabled 1/0/10 Enabled Discarding Backup 1/0/
www.dell.com | support.dell.com Enabling an Edge Port Note: Only interfaces connected to end stations should be set up as edge ports. Edge ports in 802.1D mode are not supported. The edge port feature (Portfast) enables interfaces to begin forwarding packets immediately after they are connected. When enabled as an edge port, an interface skips the blocking and learning states so that it can start forwarding traffic sooner (typically saving 30 seconds that the switch would use to check for loops).
1. Configure switch R7.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose show spanning-tree mst detailed mstid Privileged Exec Display settings and parameters for one MST instance. show spanning-tree vlan vlanid Privileged Exec Display the association between an MST instance and a VLAN. See Figure 10-125 on page 162. show spanning-tree interface unit/slot/port Privileged Exec Display settings and parameters for a port within the CIST. See Figure 10-116 on page 158.
Use the show spanning-tree brief command (Figure 10-118) to determine current bridge characteristics: Figure 10-118. Example Output from spanning-tree brief Command Force10 #show spanning-tree brief Bridge Bridge Bridge Bridge Bridge Bridge Bridge Priority................................ Identifier.............................. Max Age................................. Max Hops................................ Hello Time.............................. Forward Delay........................... Hold Time......
www.dell.com | support.dell.com Figure 10-120 displays the output from the show spanning-tree mst port summary command for STP details of individual ports: Figure 10-120. Example Output of show spanning-tree mst port summary Command S50-2 #show spanning-tree mst port summary 0 1/0/1 MST Instance ID................................
Figure 10-122 shows the output of the show spanning-tree mst port summary command from S50-3 for participating ports: Figure 10-122. Example Output from show spanning-tree mst port summary Command S50-3 #show spanning-tree mst port summary 0 1/0/1 MST Instance ID................................ CST STP STP Port Interface Mode Type State Role --------- -------- ------- ----------------- ---------1/0/1 Enabled Forwarding Root S50-3 #show spanning-tree mst port summary 0 1/0/2 MST Instance ID..................
www.dell.com | support.dell.com Figure 10-124 shows the output of the show spanning-tree mst port summary command after lowering the priority of the MST instance (contrast to Figure 10-122): Figure 10-124.
Displaying STP, MSTP, and RSTP Operation Use the show interface ethernet unit/slot/port command to display STP, MSTP, and RSTP BPDUs transmitted and received. Figure 10-126. Example Output from show interface ethernet Command Force10 #show interface ethernet 1/0/1 Type........................................... Admin Mode..................................... Physical Mode.................................. Physical Status................................ Speed.......................................... Duplex.
| Spanning Tree www.dell.com | support.dell.
11 Link Aggregation This chapter contains the following major sections: • • • • • Link Aggregation—IEEE 802.3 Link Aggregation Group (LAG) Commands on page 168 Configuring a LAG on page 170 Link Aggregation Control Protocol (LACP) on page 174 Displaying LAGs (Port Channels) on page 176 Note: SFTOS 2.5.
www.dell.com | support.dell.com A LAG can offer the following benefits: • • • • Increased reliability and availability — if one of the physical links in the LAG goes down, traffic will be dynamically and transparently reassigned to one of the other physical links. Better use of physical resources — traffic can be load-balanced across the physical links. Increased bandwidth — the aggregated physical links deliver higher bandwidth than each individual link.
LAG Implementation Restrictions Interface restrictions: • • • • • All of the physical links of a LAG must run in full-duplex mode at the same speed. Set the speed and mode of a port to that of the LAG before adding the port to the LAG. LAG speed may not be changed. Routing is not supported on links in a LAG. An interface can belong to only one LAG. SFTOS supports 48 LAGs, with a maximum of eight members each. SFTOS supports IEEE 802.
www.dell.com | support.dell.com Link Aggregation Group (LAG) Commands Privileged Exec and User Exec mode commands • To remove all LAGs: — clear port-channel • To display a summary of LAGs, including port assignments: — show interface port-channel brief • To display settings and counters for a specific LAG, including port assignments: — show interface port-channel 1–128 Global Config mode commands Note: The [no] port lacpmode enable all command is deprecated.
The CLI commands in the Interface Port Channel Config mode include the following: • • • Add to the selected LAG (or delete from it), one or more ports: — [no] channel-member unit/slot/port–unit/slot/port,unit/slot/port Enter a description for the selected LAG: — [no] description Configure the priority for untagged frames: — dot1p-priority 0-7 • • • • Set the maximum transmission unit (MTU) size (in bytes) for the selected LAG: — [no] mtu 1518-9216 Attach a specified ACL to the selected LAG (and, option
www.dell.com | support.dell.com Interface Config mode commands Note: The [no] port lacpmode enable command is deprecated.
Step Command Syntax Command Mode Purpose (continued) 2 interface port-channel Global Config Create the LAG and/or enter Interface Port Channel Config mode. For the LAG ID, enter an integer between 1 and 128 that is not already in use by another LAG. The character string allows the dash “-” character as well as alphanumeric characters. 1–128 (Before v. 2.5.1, the syntax was port-channel name) 3 no shutdown Interface Port Channel Config Enable the LAG.
www.dell.com | support.dell.com Basic LAG configuration example This example shows configuring the S-Series switch to support LAGs to a server and to a Layer 2 switch. Figure 11-127. LAG Example Network Diagram 1. Use the show interface port-channel brief command to learn the LAG IDs already in use (see Figure 11-130 on page 173). This example assumes that IDs 10 and 20 are available. 2. Create LAG 10. Figure 11-128.
4. Verify both LAGs. Figure 11-130. Using the show interface port-channel brief Command Force10#show interface port-channel brief Codes: L - LACP Port-channel LAG Status Ports --- ------ ------10 Up 1/0/2 (Up) 1/0/3 (Up) 20 Up 1/0/2 (Up) 5. At this point, the LAGs could be added to VLANs, as described next.
www.dell.com | support.dell.com Using the Interface Range mode If you are applying the same configuration elements to a number of LAGs (also called bulk configuration), you can replicate the steps shown in the examples above for all of those LAGs from the Interface Range mode. The System Configuration chapter in the SFTOS Command Reference provides details on the command syntax used for the interface range command to define the range and access the mode.
LACP works by constantly exchanging custom MAC PDUs across LAN Ethernet links. The protocol packets are only exchanged between ports that are configured to be LACP-capable. LACP Configuration SFTOS allows the user to enable LACP and configure LACP timeout characteristics for a particular LAG. Note: LACP is enabled by default.
www.dell.com | support.dell.com Verify the status of the LAG as dynamic created through LACP: Figure 11-134. Displaying Details on a LAG with the show interface port-channel Command Force10 (Config)#exit Force10#show interface port-channel 2 Description.................................... MAC Address.................................... 00:01:E8:D5:A0:81 MTU............................................ 1518 Packets RX and TX 64 Octets.................... 0 Packets RX and TX 65-127 Octets................
12 Quality of Service This chapter contains the following major sections: • Using Differentiated Services (DiffServ) on page 177 •Deploying DiffServ on page 180 •Monitoring DiffServ on page 184 •Configuring Differentiated Services by Department on page 191 •Configuring Differentiated Services for Voice over IP on page 194 Using Differentiated Services (DiffServ) This section contains the following subsections: • • • • Deploying DiffServ on page 180 Monitoring DiffServ on page 184 Configuring Differentiat
www.dell.com | support.dell.com • Interior node: A switch in the core of the network is responsible for forwarding packets, rather than for classifying them. It will decode the DSCP in an incoming packet, and provide buffering and forwarding services using the appropriate queue management algorithms. To configure DiffServ on a particular S-Series router, you first determine the QoS (quality of service) requirements for the network as a whole.
Packet processing begins by testing the match criteria for a packet. A policy is applied to a packet when a class match within that policy is found. Note that the type of class — all, any, or ACL — has a bearing on the validity of match criteria specified when defining the class. A class type of any processes its match rules in an ordered sequence; additional rules specified for such a class simply extend this list.
www.dell.com | support.dell.com Deploying DiffServ The four basic steps necessary to deploy DiffServ are: 1. Create class-maps. (See Creating Class-maps/DiffServ Classes on page 180.) A class-map is used to differentiate between types of traffic based on a packet’s match to defined rules in the class-map. For information on using a class-map in configuration scripting, see Using Configuration Scripts on page 31. 2. Create a policy-map. (See Creating a Policy-Map on page 182.
The classname parameter is a case-sensitive alphanumeric string from 1 to 31 characters that you create to uniquely identify the class. Note: The word “default” is reserved and must not be used as a class name. For example, entering class-map match-all Dallas means “Create a class named Dallas that must match all statements in the policy.” After entering the command, and a new classname is defined, this command invokes the Class Map Config mode — “(Config-classmap)#” prompt.
www.dell.com | support.dell.com Creating a Policy-Map The second step in deploying DiffServ is to create a policy-map. From the Global Config mode, use the policy-map command (Figure 12-139) to create or identify an existing policy-map.
Figure 12-139. policy-map Command Example policy-map pm-1 in class cl-map-1 assign-queue 3 exit class cl-map-2 mark ip-precedence 1 exit In the above example, we have created a policy-map with the name of “pm-1”. This policy-map is meant to affect inbound traffic. Traffic that is part of the class cl-map-1 (created in the previous example) is affected. Traffic that falls into this class will be assigned to queue 3. Traffic that is a match for class cl-map-2 will have ip-precedence marked as 1.
www.dell.com | support.dell.com Figure 12-141. service-policy Interface Command Example Force10 Force10 Force10 Force10 #config (Config)#interface 1/0/4 (Interface 1/0/4)#service-policy in pm-1 (Interface 1/0/4)# Note: When applied globally, a service-policy command appears under each interface, as if the command were applied one interface at a time. The commands then can be removed from individual interfaces, or from all interfaces simultaneously, using the no form of the command.
Figure 12-142. show class-map Command Example Force10 #show class-map cm-3 Class Name..................................... cm-3 Class Type..................................... All Match Criteria Values ---------------------------- ------------------------------------IP Precedence 1 Reference Class cl-map-2 Force10 #show class-map cl-map-2 Class Name..................................... cl-map-2 Class Type.....................................
www.dell.com | support.dell.com Figure 12-143. show class-map Command Example Force10 #show class-map Class Name ------------------------------cl-map-1 cl-map-2 cm-3 Class Type Reference Class Name ----- ------------------------------All All All cl-map-2 Force10 # If classname is not specified, this command displays a list of all defined DiffServ classes. The following fields are displayed: Class Name—The name of this class.
Policy Attribute Table Size—The current number of entries (rows) in the Policy Attribute Table. Policy Attribute Table Max—The maximum allowed entries (rows) for the Policy Attribute Table. Service Table Size—The current number of entries (rows) in the Service Table. Service Table Max—The maximum allowed entries (rows) for the Service Table. The following examples show sample output from the show diffserv and show diffserv service brief commands. Figure 12-144.
www.dell.com | support.dell.com Drop—Drop a packet upon arrival. This is useful for emulating access control list operation using DiffServ, especially when DiffServ and ACL cannot co-exist on the same interface. Exceed CoS—The action to be taken on excess packets per the policing metrics. Exceed Secondary CoS—The action to be taken on excess packets conforming with the secondary class of service value per the policing metrics.
Non-Conform IP Precedence Value—This field displays the IP Precedence mark value if this action is markprec. Bandwidth—This field displays the minimum amount of bandwidth reserved in either percent or kilobits-per-second. Expedite Burst Size (KBytes)—This field displays the maximum guaranteed amount of bandwidth reserved in either percent or kilobits-per-second format. Shaping Average—This field is displayed if average shaping is in use.
www.dell.com | support.dell.com Figure 12-147. show policy-map Command Example Force10 #show policy-map pm-1 Policy Name.................................... pm-1 Policy Type.................................... In Class Name..................................... cl-map-1 Assign Queue................................... 3 --More-- or (q)uit Class Name..................................... cl-map-2 Mark IP Precedence.............................
The following information is repeated for each interface and direction (only those interfaces configured with an attached policy are shown): Intf (Interface)—Valid unit, slot and port number separated by forward slashes. Oper Stat (Operational Status)—The current operational status of this DiffServ service interface. Offered Packets—A count of the total number of packets offered to all class instances in this service before their defined DiffServ treatment is applied.
www.dell.com | support.dell.com Figure 12-150. DiffServ Internet Access Example Network Diagram 1. Ensure DiffServ operation is enabled for the switch. Force10 #config Force10 (Config)#diffserv 2. Create a DiffServ class of type all for each of the departments, and name them. Define the match criteria—VLAN ID—for the new classes. Figure 12-151.
each department's traffic on a different egress queue. This is how the DiffServ inbound policy connects to the CoS queue settings established below. Figure 12-152.
www.dell.com | support.dell.com Configuring Differentiated Services for Voice over IP 194 | One of the most valuable uses of DiffServ is to support Voice over IP (VoIP). VoIP traffic is inherently time-sensitive. For a network to provide acceptable service, a guaranteed transmission rate is vital. This example shows one way to provide the necessary quality of service: how to set up a class for UDP traffic, have that traffic marked on the inbound side, and then expedite the traffic on the outbound side.
1. Enter Global Config mode. Set queue 5 on all ports to use strict priority mode. This queue shall be used for all VoIP packets. Activate DiffServ for the switch. Force10 #config Force10 (Config)#cos-queue strict 5 Force10 (Config)#diffserv 2. Create a DiffServ classifier named “class_voip” and define a single match criterion to detect UDP packets. The class type match-all indicates that all match criteria defined for the class must be satisfied in order for a packet to be considered a match.
| Quality of Service www.dell.com | support.dell.
13 Access Control This chapter contains the following major sections: • • SFTOS Support for Access Control Lists •Common ACL Commands on page 198 •Access Control List Configuration Example on page 202 •Applying an IP ACL to the Loopback Interface on page 203 Enabling Broadcast Storm Control on page 205 SFTOS Support for Access Control Lists Access control lists (ACLs) are used to control the traffic entering a network.
www.dell.com | support.dell.com Note that the order of the rules is important: when a packet matches multiple rules in an ACL, the first rule created in the ACL takes precedence. Also, once you define an ACL for a given port, all traffic not specifically permitted by the ACL will be denied access.
Each rule is appended to the list of configured rules for the list. Note that an implicit “deny all” MAC rule always terminates the access list. Note: You can add new deny/permit list items to an existing list, but you cannot remove previously configured deny/permit list items. You must delete the list before recreating it as you want. • Change the name of a MAC ACL.
www.dell.com | support.dell.com IP ACL Commands IP ACLs ensure that only authorized users have access to specific resources and block any unwarranted attempts to reach network resources. The following rules apply to IP ACLs: • • • • • SFTOS does not support IP ACL configuration for IP packet fragments. The maximum number of ACLs you can create is 100, regardless of type. The maximum number of rules per IP ACL is hardware dependent.
• Attach a specified ACL to the selected interface: — ip access-group ACLnumber [1-4294967295] in The optional 1-4294967295 variable is an integer that indicates the order of application of this ACL relative to other ACLs assigned to this interface. Figure 13-160. Using the ip access-group Command Force10 (Config)#interface 1/0/21 Force10 (Interface 1/0/21)#ip access-group 100 1 in When the ip access-group command is used in Interface Config mode, it attaches a specified ACL to the selected interface.
www.dell.com | support.dell.com 2. Within that mode, use the ip access-group ACLnumber in command to assign the appropriate ACLs (see Figure 13-160 on page 201). For a configuration example, see Applying an IP ACL to the Loopback Interface on page 203. Access Control List Configuration Example The following example shows how to set up an IP ACL with two rules—one for TCP traffic and one for UDP traffic. The content of the two rules is the same.
Figure 13-164. Example of Defining a Second IP ACL Rule Force10 #config Force10 (Config)#access-list 101 permit udp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.255 Force10 (Config)# 3. Apply the ACL to inbound traffic on port 1/0/2. Only traffic matching the criteria will be accepted. Figure 13-165.
www.dell.com | support.dell.
Figure 13-166. Loopback ACL Example Force10 Force10 Force10 Force10 Force10 Force10 (Config)#access-list 2 permit every (Config)#access-list 2 deny 10.240.4.113 255.255.255.0 (Config)#interface loopback 0 (Conf-if-lo-0)# ip access-group 2 in 10 10 is the priority, (Conf-if-lo-0)# exit #show ip access-lists 2 an optional parameter. ACL ID: 2 Interface :loopback Rule Number: 1 Action......................................... permit Match All...................................... TRUE Rule Number: 2 Action.
www.dell.com | support.dell.com Figure 13-167. Using the show interface-ethernet Command 206 Force10 #show interface ethernet 1/0/2 Type........................................... Admin Mode..................................... Physical Mode.................................. Physical Status................................ Speed.......................................... Link Status.................................... MAC Address.................................... Total Packets Received (Octets)..........
14 VLANs This chapter describes the use of SFTOS to create IEEE 802.
www.dell.com | support.dell.com A VLAN is a set of end stations and the switch ports that connect them. You may have many reasons for the logical division, such as department or project membership. The only physical requirement is that the end station and the port to which it is connected both belong to the same VLAN. Each VLAN in a network has a VLAN ID, which appears in the IEEE 802.1Q tag in the Layer 2 header of packets transmitted on a VLAN.
• It is possible to set the management VLAN to a VLAN that does not exist. If you cannot reach anything from the management IP address (see Creating the Management IP Address on page 67), check the management VLAN using show interface managementethernet or show running-config. Implementing VLANs Table 14-8. VLAN ID Options VLAN ID Limitations 0 Reserved for .
www.dell.com | support.dell.com VLAN Mode Commands The starting point for VLAN command syntax statements is the VLAN Commands chapter (Chapter 7) in the SFTOS Command Reference.
Configuration Task List for VLANs • • • • • • • • Creating a VLAN and Adding Ports Clearing/Resetting a VLAN on page 214 Adding a LAG to a VLAN on page 215 Creating a Routed VLAN on page 217 Enabling Dynamic VLANs with GVRP on page 220 Creating an IP Subnet-based VLAN on page 223 Configuring a Private Edge VLAN (PVLAN) on page 223 Configuring a Native VLAN on page 224 For more VLAN configuration examples: • • In the Getting Started chapter, see introduction to VLAN configuration, Creating VLANS on page 4
www.dell.com | support.dell.com Example of creating a VLAN and assigning interfaces The diagram in this example shows four S-Series switches, R1, R2, R3, and R4, each configured with VLAN 2 to handle traffic destined for R1. This example creates VLAN 2 to connect four switches, with each switch having an interface that connects through VLAN 2 to switch R1. Figure 14-168. VLAN Topology VLAN 2 1.
6. Verify the configuration with the show vlan commands, or any of the other commands listed in Displaying VLAN Information on page 233. Notes: • • Note that VLAN2 on R1 has some untagged ports and some tagged ports. The tagging type (either untagged or tagged) must match those of their directly connected ports on the other switches. SFTOS 2.5 permits mixed tagged and untagged VLANs on an interface.
www.dell.com | support.dell.com 3. Create VLAN 4 on switch R3 and assign port 3. R3 #config R3 (Config)#interface vlan 4 R3 (Conf-if-vl-4)#tagged 1/0/3 4. Create VLAN 3 on switch R4 and assign port 4: R4 #config R4 (Config)#interface vlan 3 R4 (Conf-if-vl-3)#tagged 1/0/4 5.
Note: Recovery of VLAN information from the startup configuration would then require reloading the switch. Adding a LAG to a VLAN To add a Link Aggregation Group (LAG) (also called a Port Channel) to a VLAN, you first create the LAG, as detailed in the LAG chapter (Configuring a LAG on page 170), and then add the LAG to the VLAN, using the tagged or untagged command, just as you do when you add a port to a VLAN (see Creating a VLAN and Adding Ports on page 211). In the case of a LAG in SFTOS 2.
www.dell.com | support.dell.com Example of adding a LAG to a VLAN Figure 14-171. Adding a LAG to a VLAN 1. To create the topology shown in Figure 14-171, create the LAG on switch R1, giving it an integer ID (and, optionally, a description — the “admin1” shown here). Add ports to it, and enable it (use either the no shutdown command inside the Interface Port Channel mode, or use the global mode shown here). Figure 14-172.
Creating a Routed VLAN This section provides an example of how to configure an S-Series switch to enable VLAN routing. Your switch must be running a version of SFTOS that supports Layer 3 : Step Command Syntax Command Mode Usage ip routing Global Config Enable routing globally. 2 interface vlan vlan_id Global Config Specify a new or existing VLAN by VLAN number, from 2–4094. 3 ip address ip_address Interface VLAN Config Configure an IP address and subnet mask for the VLAN.
www.dell.com | support.dell.com Figure 14-176. Enabling Routing Globally on a Switch R5#configure R5 (Config)#ip routing 2. Enable ports: R5#configure R5 (Config)#interface 1/0/2 R5 (Interface 1/0/2)#no shutdown R5 (Interface 1/0/2)#exit R5 (Config)#interface 1/0/3 R5 (Interface 1/0/3)#no shutdown R5 (Interface 1/0/3)#exit 3. Create an IP VLAN (a routed VLAN) on switch R1and add port 2 to it: Figure 14-177. Creating an IP VLAN R5 (Config)#interface vlan 2 R5 (Conf-if-vl-200)#ip address 10.10.1.1 255.255.
Generic Attribute Registration Protocol (GARP) provides a generic attribute dissemination protocol used to support other protocols such as GVRP (GARP VLAN Registration Protocol. GARP is used to register and deregister attribute values with other GARP participants within bridged LANs. When a GARP participant declares or withdraws a given attribute, the attribute value is recorded with the applicant state machine for the port from which the declaration or withdrawal was made.
www.dell.com | support.dell.com GARP Commands In Global Config mode, you can enable GVRP, or GMRP, or both for the switch: gvrp adminmode enable gmrp adminmode enable: enables GARP Multicast Registration Protocol (GMRP) on the system gmrp interfacemode enable all: enables GARP Multicast Registration Protocol on all interfaces In Interface Config mode, enable GVRP for a port: gvrp interfacemode enable In Interface Config, Global Config, or Interface Range mode, set the timer values in centiseconds.
Step Command Syntax Command Mode Usage 6 show gvrp configuration all Privileged Exec Verify the GARP interface. 7 show vlan brief Privileged Exec Verify the VLAN. Example of Creating a Dynamic VLAN through GVRP In this case, after enabling GVRP globally and on specific ports, and then creating a VLAN on R2 with one of those ports: • • Switch 1 (“R1”) learns VLAN 3 from R2. Port 1/0/2 on R1 will become VLAN 3, and VLAN 3 traffic can go through. Figure 14-178.
www.dell.com | support.dell.com Figure 14-181. Using the show vlan id Command (R1) #show vlan id 3 Codes: * - Default VLAN, G - GVRP VLANs, E - Ethernet interface Vlan Id Status Q Ports ------- --------- - -------G 3 Active T E 1/0/2 Notes: • • The ‘G’ indicates that this VLAN was dynamically created via GVRP on R1. If you execute show vlan id 3 on R2, you will not see the G in the output, because the VLAN was actually configured on R2, not dynamically negotiated.
Creating an IP Subnet-based VLAN Note: IP Subnet-based VLAN functionality was not tested in SFTOS 2.5.2.0, so it is not supported. As shown in Figure 14-183, use the vlan association subnet ipaddr netmask command in Interface VLAN mode to configure an IP subnet-based VLAN by associating the VLAN with an IP address and subnet mask. Use the show vlan association subnet [ipaddr netmask] command to display the settings. Figure 14-183.
www.dell.com | support.dell.com The following sequence shows the steps for configuring a protected port group: Step Command Syntax Command Mode Usage switchport protected groupid [name name] Global Config Create a new (or specify an existing) protected port by group number, and then, optionally, assign a name to it. 2 interface unit/slot/port Global Config Access the Interface Config mode for a specific interface.
6. The default acceptframe type for all ports is “Untagged”. An interface can have only one native VLAN. It can be untagged or tagged. Untagged VLANs on an interface are native VLANs by default. On an interface where there is an untagged VLAN, there can be tagged VLANs, but not tagged native VLANs. Another way to say this is that an interface with a tagged native VLAN cannot be a member of another VLAN as untagged.
www.dell.com | support.dell.com Figure 14-186. Validating an Untagged Interface untagged 1/0/2 Is port 1/0/2 tagged as native for any other VLAN? Yes Reject command No Is port 1/0/2 untagged for any other non-default VLAN? Yes Reject command No Apply command; remove VLAN 1 as native VLAN.
Figure 14-187. Validating a Tagged Interface tagged 1/0/3 Is 1/0/3 untagged in the same VLAN? Yes Reject command No Is 1/0/3 tagged native in the same VLAN? No Apply command; set acceptframe to admitall Yes No action required. If the interface is already tagged native, then acceptframe is already set to vlanonly, and tagging properties are correct. Example of configuring a native VLAN Figure 14-188.
www.dell.com | support.dell.com Figure 14-190.
Configuring a VLAN Tunnel (DVLAN or VLAN-Stack) Note: VLAN stacking functionality existed in SFTOS prior to SFTOS 2.5.2.0, but it was not tested in SFTOS 2.5.2.0, so it is not supported in versions after SFTOS 2.5.1.13. VLAN stacking, also called Double VLAN (DVLAN) and QinQ, support VLAN tunneling. In more detail, with the VLAN-Stack feature, you can “stack” VLANs into one tunnel and switch them through the network.
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 3 mode dvlan-tunnel (same as mode dot1q-tunnel) Interface Config Enable DVLAN tagging for the port. 4 show dvlan-tunnel (same as show dot1q-tunnel) Privileged Exec Display DVLAN-enabled VLAN tagging. 5 show dvlan-tunnel interface {unit/slot/ port | all} (same as show dot1q-tunnel interface {unit/slot/port | all}) Privileged Exec Display detailed information for a specific interface.
DVLAN configuration example The example here shows how to configure VLANs so that VLAN traffic from switches R4 and R5 is encapsulated in frames tagged with VLAN 3 going through switch R7. Figure 14-194. DVLAN Example Topology Configure switch R4: Figure 14-195.
www.dell.com | support.dell.com Note: The first command in Figure 14-195 and in Figure 14-196 configures a dvlan-tunnel ethertype of vman, but you can assign a custom ethertype, which controls the encapsulation of the tunneled traffic, as long as the ethertype matches on both end switches (R4 and R5 here). Note: If you are sending large frames, make sure you configure the MTU appropriately. Configure switch R5: Figure 14-196.
Displaying VLAN Information The show port, show running-config (see Figure 14-198, below), and show vlan commands provide most of the information about the VLAN configuration. The show vlan command has the following options: • • • • • • (no option entered) Display summary information for all configured VLANs. See Figure 14-199, below. association Display associations to VLANs. brief Display switch VLANs. id Display VLAN configuration and configure VLANs. See Figure 14-200, below.
www.dell.com | support.dell.com Figure 14-198.
Figure 14-200.
| VLANs www.dell.com | support.dell.
15 IGMP Snooping This chapter discusses the use of IGMP (Internet Group Management Protocol) commands for IGMP Snooping, in the following major sections: • • Enabling IGMP Snooping on page 237 Monitoring IGMP Snooping on page 238 See also IGMP Proxy on page 251 in the Routing chapter of this guide.
www.dell.com | support.dell.com set igmp maxresponse 1–3599 (typically, 1 less than group membership interval) — Default 10 seconds — set igmp maxresponse all 1–3599 sets the maximum response time on all interfaces — Both commands are issued from the Global Config mode. set igmp mcrtexpiretime all 0-3600 — Default 0 seconds (no expiration) — The command (Global Config mode) sets the time for all interfaces.
Figure 15-203. Report from show igmp interface Command Force10 #show igmp interface ? Enter interface in unit/slot/port format. membershipDisplay interfaces subscribed to the multicast group. stats Display IGMP statistical information. Force10 #show igmp interface 1/0/10 Slot/Port......................................1/0/10 IGMP Admin Mode................................Enable Interface Mode.................................Disable IGMP Version...................................
www.dell.com | support.dell.com Figure 15-205. Report from show ip igmp interface Command Force10 #show ip igmp ? Press Enter to execute the command. groups Display the subscribed multicast groups. interface Display IGMP configuration information. Force10 #show ip igmp interface 1/0/2 Slot/Port.......................................1/0/2 IGMP Admin Mode.................................Enable Interface Mode..................................Disable IGMP Version....................................
16 Port Mirroring This chapter contains the following sections: • • • • Port Mirroring Features Port Mirroring Commands on page 242 Port Mirroring Configuration Examples on page 242 Verifying Port Mirroring on page 244 Port Mirroring Features • • • • • • Enables you to monitor network traffic with an external network analyzer Forwards a copy of each incoming and outgoing packet to a specific port that you designate Is used as a diagnostic tool, debugging feature, or means of fending off attacks The mirro
www.dell.com | support.dell.com Port Mirroring Commands The following are common port mirroring commands using Figure 16-208 as a model: • Enable port mirroring session (default is disable): monitor session 1 mode • Configure mirrored port: monitor session 1 source interface 1/0/2 • Configure destination port/probe port: monitor session 1 destination interface 1/0/3 (Remove an existing destination port before replacing it with another.
Configuring the mirrored port and destination port When enabled, the probe port monitors all traffic received and transmitted on the monitored port. A session is operationally active if and only if both a destination port and at least one source port is configured. If neither is true, the session is inactive. A port configured as a destination port acts as a mirroring port when the session is operationally active.
www.dell.com | support.dell.com Stopping the mirroring session and removing probe and mirrored ports Figure 16-213.
Using other commands that show port mirroring status You can use the show port all command to show all existing probe ports and mirrored ports, along with their operational status: Figure 16-215.
| Port Mirroring www.dell.com | support.dell.
17 Layer 3 Routing This chapter contains these major sections: • • • • • • • Enabling Routing on page 248 IGMP Proxy on page 251 RIP Configuration on page 255 OSPF Configuration on page 257 VLAN Routing on page 262 Link Aggregation on page 269 Virtual Router Redundancy Protocol on page 271 This chapter provides examples of how to use the routing features provided in the SFTOS Layer 3 Package (available only for some S-Series models) to configure your S-Series in some typical network scenarios.
www.dell.com | support.dell.com Enabling Routing The S-Series always provides Layer 2 bridging, while Layer 3 routing must be explicitly enabled, first for the S-Series router as a whole, and then for each port that is to participate in the routed network. As introduced in the Getting Started chapter, use the show version command (see Figure 3-8 on page 35) to verify that the Routing package (“Layer 3 Package”) of SFTOS is installed in order to utilize these routing procedures.
Then invoke the following commands, assuming that you are still in Interface Config mode after completing the Layer 2 procedure (see Configuring Physical Interfaces on page 117): Step Command Syntax Command Mode Purpose ip routing Config Enable routing on the switch. 2 interface unit/slot/port Config To access the INTERFACE mode for the selected port, enter the keyword interface followed by the port number in unit/slot/ port format.
www.dell.com | support.dell.com Port Routing Configuration Example The diagram in this section shows a Layer 3 switch configured for port routing. It connects three different subnets, each connected to a different port. The example shows the commands you would use to configure the S-Series to provide the port routing support shown in the diagram. Figure 17-219. Port Routing Example Network Diagram 1. Enable routing for the switch. IP forwarding will then be enabled by default.
Figure 17-220. Using the routing and ip address Commands to Enable Routing Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 #config (Config)#interface 1/0/2 (Interface 1/0/2)#routing (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0 (Interface 1/0/2)#exit (Config)#interface 1/0/5 (Interface 1/0/5)#routing (Interface 1/0/5)#ip address 192.150.5.1 255.255.255.
www.dell.com | support.dell.com IGMP Proxy Configuration The following procedure shows the basic steps for creation and configuring of an IGMP Proxy router. Step Command Syntax Command Mode Purpose ip routing Global Config Enable routing on the switch. 2 ip multicast Global Config Enable multicast forwarding on the router. Note: No multicast routing protocols can be enabled on the router. 3 ip igmp Global Config Set the IGMP administrative mode to active in the router.
Figure 17-221. IGMP Proxy Topology Figure 17-222. Configuring an Interface to Enable IGMP Proxy Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 #config (Config)#ip routing (Config)#ip multicast (Config)#ip igmp (Config)#interface 1/0/48 (Interface 1/0/48)# no shutdown (Interface 1/0/48)#routing (Interface 1/0/48)#ip address 4.4.4.4 255.255.255.
www.dell.com | support.dell.com Verifying the configuration Verify the configuration with these show commands, in Privileged Exec or User Exec modes: Use the show ip igmp-proxy command to display host interface status parameters. It displays operational parameters only when IGMP Proxy is enabled, as shown in Figure 17-225 Figure 17-224. Using the show ip igmp-proxy Command Force10 #show ip igmp-proxy Admin Mode..................................... Enable Operational Mode...............................
Figure 17-227. Using the show ip igmp-proxy interface Command Force10-S50V#show ip igmp-proxy interface VLAN .......................................... 2 Ver Query Rcvd Report Rcvd Report Sent Leave Rcvd Leave Sent ----------------------------------------------------------------1 2 3 0 0 0 0 0 0 0 0 0 ----0 ----- ----0 ----- For more IGMP information, see the IGMP Commands section of the IP Multicast Commands chapter in the SFTOS Command Reference.
www.dell.com | support.dell.com RIP Configuration Example The configuration commands used in the following example enable RIP on ports 1/0/2 and 1/0/3: 1. Enable routing for the switch. Figure 17-228. Using the ip routing Command to Enable Routing Force10 #config Force10 (Config)#ip routing 2. Enable routing and assign the IP for ports 1/0/2 and 1/0/3. Figure 17-229.
OSPF Configuration For larger networks, Open Shortest Path First (OSPF) is generally used in preference to RIP. OSPF offers several benefits to the administrator of a large and/or complex network: • • Less network traffic: • Routing table updates are sent only when a change has occurred. • Only changed part of the table is sent. • Updates are sent to a multicast, not a broadcast, address.
www.dell.com | support.dell.com Figure 17-232. OSPF Example Network Diagram: Inter-area Router 1. Enable routing for the switch. Figure 17-233. Enabling Routing for the Switch Force10 #config Force10 (Config)#ip routing 2. For ports 0/2 and 0/3, enable routing, and assign the IP: Figure 17-234. Enabling Routing for Ports Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 #config (Config)#interface 1/0/2 (Interface 1/0/2)#routing (Interface 1/0/2)#ip address 192.150.5.2 255.255.255.
4. Enable OSPF for the ports and set the OSPF priority and cost for the ports. Figure 17-236.
www.dell.com | support.dell.com Configuring OSPF on an S-Series operating as a border router The next diagram shows the same network segment with the S-Series operating as the border router in area 0.0.0.2. The example shows the commands used to configure the switch with OSPF enabled on port 0/2 for communication with the inter-area router in the OSPF backbone, and on ports 0/3 and 0/4 for communication with subnets within area 0.0.0.2. Figure 17-237. OSPF Example Network Diagram: Border Router 1.
3. Specify the router ID and enable OSPF for the switch. Set disable 1583compatibility to prevent the routing loop. Force10 Force10 Force10 Force10 Force10 Force10 (Config)#router ospf (Config router)#enable (Config router)#router-id 192.130.1.1 (Config router)#no 1583compatibility (Config router)#exit (Config)# 4. Enable OSPF for the ports and set the OSPF priority and cost for the ports.
www.dell.com | support.dell.com VLAN Routing This section introduces the basic commands for enabling VLAN routing and then provides examples for enabling VLAN routing over the OSPF and RIP protocols, in the following sections: • • • VLAN Routing Configuration on page 263 VLAN Routing OSPF Configuration on page 264 VLAN Routing RIP Configuration on page 267 You can configure an S-Series switch with some ports supporting VLANs and some supporting routing.
VLAN Routing Configuration The VLAN chapter in this guide (VLANs on page 207) contains a detailed explanation of enabling an IP VLAN (routed VLAN) on one S-Series switch. See Creating a Routed VLAN on page 217. The example in Figure 17-238 is a quick refresher on the sequence of commands that you execute on each switch participating in an IP VLAN: Figure 17-238. Creating an IP VLAN Force10 Force10 Force10 Force10 Force10 #configure (Config)#ip routing (Config)#interface vlan 5 (Conf-if-vl-5)#ip address 10.
www.dell.com | support.dell.com 4. As above, create VLAN 200 on switch R2, add an IP address, subnet mask, and port 2 to it: R1 (Config)#interface vlan 200 R1 (Conf-if-vl-200)#ip address 10.11.12.144 255.255.255.0 R1 (Conf-if-vl-200)#tagged 1/0/2 5. Verify configurations with the show vlan id command on each switch. VLAN Routing OSPF Configuration As described in OSPF Configuration on page 257, Open Shortest Path First (OSPF) is generally used in preference to RIP for routing in larger networks.
Figure 17-244. Configuring VLANs for OSPF Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 #config (Config)#interface vlan 10 (Conf-if-vl-10)#tagged 1/0/01 (Conf-if-vl-10)#tagged 1/0/02 (Conf-if-vl-10)#ip address 10.1.1.1 255.255.255.0 (Conf-if-vl-10)#ip ospf (Conf-if-vl-10)#ip ospf areaid 2 (Conf-if-vl-10)#exit (Config)#interface vlan 20 (Conf-if-vl-20)#tagged 1/0/03 (Conf-if-vl-20)#ip address 10.10.1.2 255.255.255.
www.dell.com | support.dell.com Figure 17-247. Output of the show ip ospf Command after Enabling OSPF Force10#show ip ospf Router ID...................................... OSPF Admin Mode................................ ASBR Mode...................................... RFC 1583 Compatibility......................... ABR Status..................................... Exit Overflow Interval......................... External LSA Count............................. External LSA Checksum..........................
Figure 17-249. Output of the show ip ospf interface vlan Command Force10 #show ip ospf interface vlan 10 IP Address..................................... Subnet Mask.................................... OSPF Admin Mode................................ OSPF Area ID................................... Router Priority................................ Retransmit Interval............................ Hello Interval................................. Dead Interval.................................. LSA Ack Interval.......
www.dell.com | support.dell.com 1. As done previously, create the VLANs and enable VLAN routing. In this example, commands in the Interface Config mode are used, an alternative to using the Interface VLAN mode commands shown in the previous example. Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 Force10 #config (Config)#interface vlan 10 (Conf-if-vl-10)#tagged 1/0/2 (Conf-if-vl-10)#ip address 192.150.3.1 255.255.255.
Link Aggregation A Link Aggregation Group (LAG) (also called a port channel) allows multiple physical links between two end-points to be treated as a single logical link. All of the physical links in a given LAG must operate in full-duplex mode at the same speed. A LAG will be treated by management functions as if it were a single physical port. It may be included in a VLAN. More than one LAG may be configured for a given switch. For more details on LAGs, see Link Aggregation on page 165.
www.dell.com | support.dell.com Figure 17-253. Inspecting a Layer 3 LAG Configuration R1 (Config)#exit R1 #show interfaces port-channel brief LAG Status Ports --- ------ ------10 Down 1/0/10 (Down) 1/0/11 (Down) R1 #show ip interface ? vlan brief R1 #show ip interface vlan 100 Primary IP Address............................. Routing Mode................................... Administrative Mode............................ Forward Net Directed Broadcasts................ Proxy ARP..............
Virtual Router Redundancy Protocol In a static default routed environment, all hosts are configured with a single default gateway. The router that owns this gateway IP address takes care of forwarding traffic from the LAN to the other networks. When an end station is statically configured with the address of the router that will handle its routed traffic, a single point of failure is introduced into the network. If the router goes down, the end station is unable to communicate.
www.dell.com | support.dell.com Figure 17-254. VRRP Example Network Configuration Layer 3 Switch acting as Router 2 Layer 3 Switch acting as Router 1 Port 0/4 192.150.2.4/24 Virtual Router ID 20 Virtual Addr. 192.150.2.1 Port 0/2 192.150.2.1/24 Virtual Router ID 20 Virtual Addr. 192.150.2.1 Layer 2 Switch Hosts Configuring VRRP: Master Router (Router 1) 1. Enable routing for Router 1. IP forwarding will then be enabled by default. Figure 17-255.
Figure 17-257. Configuring a port for a VRRP Group Force10 Force10 Force10 Force10 Force10 Force10 #config (Config)#interface 1/0/2 (Interface 1/0/2)no shutdown (Interface 1/0/2)#routing (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0 (Interface 1/0/2) 4. Assign a virtual router ID (VRID) (a VRRP group ID) to the port: Figure 17-258. Assigning Virtual Router ID to the Port Participating in the VRRP Group Force10 (Interface 1/0/2)#ip vrrp 20 Force10 (Interface 1/0/2) 5.
www.dell.com | support.dell.com 4. Assign the same virtual router ID to the port as defined for Router 1. Force10 (Config)#interface 1/0/4 Force10 (Interface 1/0/4)#ip vrrp 20 5. Specify the virtual IP address that the VRRP function will recognize. Since the virtual IP address on port 1/0/4 is the same as Router 1’s port 1/0/2 actual IP address, this router will be the VRRP backup while Router 1 is active. Force10 (Interface 1/0/4)#ip vrrp 20 ip 192.150.2.1 6. Set the priority for the port.
18 Troubleshooting This chapter describes how to identify and resolve software problems related to SFTOS on an S-Series switch. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. Additional troubleshooting information, such as LED descriptions, is provided in the hardware installation guide.
www.dell.com | support.dell.com Note: In SFTOS 2.3.1.9, these messages also appear when moving from the routing image to the switching image without resetting the configuration to factory defaults from the Boot Menu. This issue results from the use of unique flash file formats. Use one of the following procedures to resolve this condition: • • Clear the configuration in flash by resetting the switch to factory defaults. See Restoring the System to the Factory Default Configuration on page 58.
Recovering from a Lost Password The default CLI user, admin, has read/write access, with no password until you create one. Once created, the only way to recover from a lost admin password is to reload the switch using factory defaults. See Restoring the System to the Factory Default Configuration on page 58. Alternatively, if the user is not admin, then you can assign a new password to the user. See Creating a User and Password on page 36.
www.dell.com | support.dell.com In addition to issuing the show switch and show stack commands, use the show stack-port diag command to display communication statistics for the stacking ports: Figure 18-263.
When a local port connects to a remote port that does not support a speed of 1 Gbps, the speed on the local port may be shown as 100 full. The speed cannot be changed on the port if auto-negotiation is enabled, and the following error message will be reported (Note also that the following two figures display certain syslog messages because logging console 7 is enabled in Global Config mode.): Figure 18-264.
www.dell.com | support.dell.com Monitoring SFPs The four fiber ports on the S50 and S50V share the interface numbers 45, 46, 47, and 48 with the corresponding copper ports. Only the fiber port or the copper port can be active at any given point in time. The fiber ports take precedence over the copper ports — if the S50 detects good links through both copper port 48 and fiber port 48, it will bring up the fiber port's link and bring down the copper port's link.
Monitoring 10 GE Interfaces If a 10-Gigabit Ethernet (10-GE) interface does not reach a link up state, use the following steps: 1. Verify that you are using the correct XFP type. Optical specifications are available on the Dell Force10 website: http://www.force10networks.com/products/specifications.asp 2. Reseat the XFP or swap it with a known good one. 3. If you are using an XFP, connect one single fiber cable (as opposed to a pair) linking the Tx and Rx of the same XFP. 4. Cross-connect ports 49 and 50.
www.dell.com | support.dell.com The routing software first looks for the destination MAC address in the ARP table, which it maintains. If it finds the address in the ARP table, it sends the packet to the Layer 2 application, which resolves it and finds the egress port from which to send it. If the software cannot find the destination in the ARP table, it sends an ARP request. After receiving the ARP reply, the Layer 2 tables can be updated, and subsequent packets can be routed by the hardware.
— Enable Spanning Tree. In SFTOS, Spanning Tree is disabled by default. — Shut down any ports not being used. — Exclude VLAN 1 from all ports except the port used as the management port, as shown in the following example configuration for SFTOS Version 2.3.1. Figure 18-267.
www.dell.com | support.dell.com • • 284 • • • • Was the switch able to pass user traffic while the issue was occurring? What was the LED status? (If the switch remains able to pass traffic, the port LEDs should continue to blink. In particular, during a broadcast storm, all of the port LEDs should be blinking.
A RFCs, MIBs, and Traps This appendix contains these sections: • • • • • • IEEE Compliance RFC Compliance on page 286 SNMP-related RFCs on page 289 Industry MIBs Supported by SFTOS on page 290 Force 10 MIBs on page 291 SNMP Traps on page 293 This appendix contains auxiliary information to the section Setting up SNMP Management on page 71 in the Management chapter and the techtip “What Should I Poll with SNMP?” on the iSupport website: https://www.force10networks.
www.dell.com | support.dell.com • • GMRP — Dynamic L2 Multicast Registration GVRP — Dynamic VLAN Registration RFC Compliance The following is a list of the RFCs supported by FTOS, listed by related protocol. The RFC categories under headings that include the parenthetical phrase “in Layer 3 Package only” are supported only in the Layer 3 Package (Routing) of SFTOS 2.5.1.
• • • Draft-ietf-magma-igmp-proxy-06.txt — IGMP/MLD-based Multicast Forwarding (IGMP/MLD Proxying) Draft-ietf-ssm-arch-05.txt — Source-Specific Multicast for IP draft-ietf-magma-igmpv3-and-routing-05.txt — IGMPv3 and Multicast Routing Protocol Interaction Management • • • • • • • • • • • • • • • • • • • • • • HTML 4.0 Specification — December, 1997 (also HTML 4.01 Specification - December, 1999) Java and JavaScript 1.
www.dell.com | support.dell.
• • RFC 2233 — The Interfaces Group MIB using SMI v2 RFC 2787 — VRRP MIB Security • • • • • • • • • • RFC 1492 — TACACS+ RFC 2865 — RADIUS RFC 2866 — RADIUS Accounting RFC 2868 — RADIUS Attributes for Tunnel Protocol Support RFC 2869 — RADIUS Extensions RFC 3579 — RADIUS Support for Extensible Authentication Protocol (EAP) rfc2869bis — RADIUS Support for Extensible Authentication Protocol (EAP) RFC 3580 — 802.
www.dell.com | support.dell.
Table A-9. Industry MIBs Supported by SFTOS (continued) MIB Description SNMP-COMMUNITY-MIB This MIB module defines objects to help support coexistence between SNMPv1, SNMPv2, and SNMPv3. SNMP-FRAMEWORK-MIB The SNMP Management Architecture MIB SNMP-MPD-MIB The MIB for Message Processing and Dispatching SNMP-NOTIFICATION-MIB The Notification MIB module SNMP-TARGET-MIB The Target MIB module SNMP-USER-BASED-SM-MIB The management information definitions for the SNMP User-based Security Model.
www.dell.com | support.dell.com Table A-10.
SNMP Traps SNMP traps are the messages that are sent to designated trap receivers; they also appear in the report generated by the show logging traplogs command, an abbreviated sample of which appears in Figure A-269. A replication of the trap also appears in the System log, as described in Displaying the SNMP Trap Log on page 106. Figure A-269. Using the show logging traplogs Command Force10 #show logging traplogs Number of Traps Since Last Reset............... 60926 Trap Log Capacity......................
| RFCs, MIBs, and Traps www.dell.com | support.dell.
Index Symbols .opr extension {deny|permit} 26 198 Numerics 10 GE module 119 10 GigE 20 10/100/1000 Base-T Ethernet line card, auto negotiation 117 1000 Base-T (IEEE 802.3ab) 20 1583compatibility 258, 261 16k MAC Address Table 21 4k IPv4 Routing Table Entry 22 802.
www.dell.com | support.dell.
Enabling Differentiated Services 184 Enabling IGMP Snooping 237 Enabling Secure Management with SSH or SSL Enabling Traps 73 encapsulation command (VLAN) 210 encapsulation, link-level 250 end station 208 ENTITY-MIB 290 errorlog 44 E-Series differences 24 EtherChannel 165 Etherlike-MIB 290 Ethernet trunk 165 Event log 44, 65 Exempt Frames, VLAN 209 exit 251, 253 expedited forwarding (EF) 195 External Type 1 257 External Type 2 257 140 H F F10OS-DHCPSERVER-PRIVATE-MIB 292 F10OS-INVENTORY-MIB 292 F10OS-KEYI
www.dell.com | support.dell.
ip vrrp command (VLAN) 210, 262 IPv4 (RFC 1812) 22 IPv4 Router Discovery (RFC 1256) 22 iSupport 16, 17 iSupport (SNMP information) 72, 74 IVL (Independent VLAN Learning) 145 J Jumbo Frame Support 21 L LACP 175 LACP (Link Aggregation Control Protocol) 174 LACP enable 175 LACP PDU 165, 167 LAG 165 LAG configuration (port channel) 170 LAG described 165 LAG Distribution Algorithm 166 LAG Implementation 167 LAG Load Distribution 166 LAG maximums 167 LAG, dynamic 165 LAG, static 165 LAG-MIB 290 Layer 2 header
www.dell.com | support.dell.
P packet-forwarding distribution algorithm 166 pagination, controlling CLI 32 partitions 207 password recovery 36 patents 17 P-BRIDGE-MIB 290 Persistent log 65 persistent log 44 persistent log (Event log) 105 PIM-DM 251 PIM-SM 251 PoE power budget 123 police-simple 188 Policy 178 port 208 Port Channel Range 174 port channel. See also LAG.
www.dell.com | support.dell.
Running Configuration, Clearing 57 running-config and system-config files, managing 70, 71 S S2410 documentation 15 S50 interface managementethernet command 72 snmp-server community command 72 S50V switch 123 Saving the Startup Config to the Network 57 script 44 script apply command 63 script apply startup-config command 57 script delete command 61 script list command 64 script show scriptname.
www.dell.com | support.dell.
SNMP-COMMUNITY-MIB 291 SNMP-FRAMEWORK-MIB 291 SNMP-MPD-MIB 291 SNMP-NOTIFICATION-MIB 291 snmp-server community command (S50) 72 snmp-server enable traps bcaststorm command 73 snmp-server enable traps linkmode command 73 snmp-server enable traps multiusers command 73 snmp-server enable traps stpmode command 73 snmp-server traps enable command 74 SNMP-TARGET-MIB 291 snmptrap snmpversion command 74 SNMP-USER-BASED-SM-MIB 291 SNMPv2-MIB 35, 291 SNMPV2-TC 291 SNMPV2-TM 291 SNMP-VIEW-BASED-ACM-MIB 291 snmpwalk 12
www.dell.com | support.dell.
