Dell Configuration Guide for the S55 System 8.3.5.
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Information in this publication is subject to change without notice. © 2014 Dell Force10. All rights reserved.
1 About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Configure Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49 Log Messages in the Internal Buffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50 Configuration Task List for System Log Management . . . . . . . . . . . . . . . . . . . . . . . .50 Disable System Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Linktrace Message and Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76 Link Trace Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77 Enable CFM SNMP Traps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78 Display Ethernet CFM Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79 6 802.1X . . . . . . . . . . . . . .
www.dell.com | support.dell.com Configuration Task List for Prefix Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 No CAM writes happen as a result of resequencing, so there is no packet loss; the behavior is like Hot-lock ACLs. Route Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122 Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122 Important Points to Remember . .
JumpStart mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209 File Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212 Domain Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com 12 Dynamic Host Configuration Protocol (DHCP) . . . . . . . . . . . . . . . . . . . . . . . . . . 245 Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245 DHCP Packet Format and Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246 Assigning an IP Address using DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .247 Implementation Information . . . . .
Viewing IGMP Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277 Adjusting Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 Adjusting Query and Response Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278 Adjusting the IGMP Querier Timeout Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278 Configuring a Static IGMP Group . . . . . . . . .
www.dell.com | support.dell.com Show debounce times in an interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315 Disable ports when one only SFM is available (E300 only) . . . . . . . . . . . . . . . . . .315 Disable port on one SFM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .316 Link Dampening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316 Important Points to Remember .
Configuration Task List for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .357 Change your CAM-Profile on an E-Series system . . . . . . . . . . . . . . . . . . . . . . . . .358 Adjust your CAM-Profile on an C-Series or S-Series . . . . . . . . . . . . . . . . . . . . . . .359 Assign an IPv6 Address to an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .360 Assign a Static IPv6 Route . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com mac learning-limit station-move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .394 Learning Limit Violation Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .394 Station Move Violation Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .396 Recovering from Learning Limit and Station Move Violations . . . . . . . . . . . . . . . . .396 Per-VLAN MAC Learning Limit . . . . . . .
Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .430 Enable Multiple Spanning Tree Globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .431 Add and Remove Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .431 Create Multiple Spanning Tree Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .431 Influence MSTP Root Selection . . . . . . . . . . .
www.dell.com | support.dell.com OSPF Adjacency with Cisco Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .470 Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .470 Configuration Task List for OSPFv2 (OSPF for IPv4) . . . . . . . . . . . . . . . . . . . . . . .471 Troubleshooting OSPFv2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
28 Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523 Private VLAN Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .523 Private VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .525 Private VLAN Configuration Task List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .525 Private VLAN Configuration Example . . . . . . . .
www.dell.com | support.dell.com Pre-calculating Available QoS CAM Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .568 Viewing QoS CAM Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .569 31 Routing Information Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571 Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
TACACS+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 620 Configuration Task List for TACACS+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .620 TACACS+ Remote Authentication and Authorization . . . . . . . . . . . . . . . . . . . . . . .622 Command Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .624 Protection from TCP Tiny and Overlapping Fragment Attacks . .
www.dell.com | support.dell.com Enable and Disable sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .659 Enable and Disable on an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .659 sFlow Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .660 Show sFlow Globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Interfaces for Layer 2 Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .693 Enabling Spanning Tree Protocol Globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .694 Adding an Interface to the Spanning Tree Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . .697 Removing an Interface from the Spanning Tree Group . . . . . . . . . . . . . . . . . . . . . . . . .697 Modifying Global Parameters . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com 41 System Time and Date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 733 Network Time Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .733 Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .734 Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1 About this Guide Objectives This guide describes the protocols and features supported by the Dell Networking operating system (FTOS) and provides configuration instructions and examples for implementing them. It supports the system platforms E-Series, C-Series, and S-Series. Though this guide contains information on protocols, it is not intended to be a complete reference. This guide is a reference for configuring protocols on Dell Networking systems.
www.dell.com | support.dell.com Information Symbols Table 1-1 describes symbols contained in this guide. Table 1-1. Information Symbols Symbol Warning Description Note This symbol informs you of important operational information. FTOS Behavior This symbol informs you of an FTOS behavior. These behaviors are inherent to the Dell Networking system or FTOS feature and are non-configurable.
2 Configuration Fundamentals The FTOS Command Line Interface (CLI) is a text-based interface through which you can configure interfaces and protocols. The CLI is largely the same for the E-Series, C-Series, and S-Series with the exception of some commands and command outputs. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels.
www.dell.com | support.dell.com CLI Modes Different sets of commands are available in each mode. A command found in one mode cannot be executed from another mode (with the exception of EXEC mode commands preceded by the command do; see The do Command on page 28). You can set user access rights to commands and command modes using privilege levels; for more information on privilege levels and security options, refer to Chapter 9, Security, on page 627.
Figure 2-2.
Prompt Access Command EXEC FTOS> Access the router through the console or Telnet. EXEC Privilege FTOS# • • From EXEC mode, enter the command enable. From any other mode, use the command end. CONFIGURATION FTOS(conf)# • From EXEC privilege mode, enter the command configure. From every mode except EXEC and EXEC Privilege, enter the command exit. • Note: Access all of the following modes from CONFIGURATION mode. IP ACCESS-LIST LINE 26 FTOS Command Modes CLI Command Mode INTERFACE modes www.
Table 2-1.
www.dell.com | support.dell.com The do Command Enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION, INTERFACE, SPANNING TREE, etc.) without returning to EXEC mode by preceding the EXEC mode command with the command do. Figure 2-4 illustrates the do command. Note: The following commands cannot be modified by the do command: enable, disable, exit, and configure. Figure 2-4.
Layer 2 protocols are disabled by default. Enable them using the no disable command. For example, in PROTOCOL SPANNING TREE mode, enter no disable to enable Spanning Tree. Obtaining Help Obtain a list of keywords and a brief functional description of those keywords at any CLI mode using the ? or help command: • Enter ? at the prompt or after a keyword to list the keywords available in the current mode. • ? after a prompt lists all of the available keywords.
www.dell.com | support.dell.com You must enter the minimum number of letters to uniquely identify a command. For example, cl cannot be entered as a partial keyword because both the clock and class-map commands begin with the letters “cl.” clo, however, can be entered as a partial keyword because only one command begins with those three letters. The TAB key auto-completes keywords in commands. You must enter the minimum number of letters to uniquely identify a command.
Filtering show Command Outputs Filter the output of a show command to display specific information by adding | [except | find | grep | no-more | save] specified_text after the command. The variable specified_text is the text for which you are filtering and it IS case sensitive unless the ignore-case sub-option is implemented. Starting with FTOS 7.8.1.0, the grep command accepts an ignore-case sub-option that forces the search to case-insensitive.
www.dell.com | support.dell.com • find displays the output of the show command beginning from the first occurrence of specified text Figure 2-11 shows this command used in combination with the command show linecard all. Figure 2-11.
3 Getting Started This chapter contains the following major sections: • • • • • • Default Configuration Configure a Host Name Accessing the System Remotely Configure the Enable Password Configuration File Management File System Management When you power up the chassis, the system performs\ a Power-On Self Test (POST) during which Route Processor Module (RPM), Switch Fabric Module (SFM), and line card status LEDs blink green.
www.dell.com | support.dell.com To access the console port, follow the procedures below. Refer to Table 3-1, "Pin Assignments Between the Console and a DTE Terminal Server," in Getting Started for the console port pinout. Step Task 1 Install an RJ-45 copper cable into the console port.Use a rollover (crossover) cable to connect the S4810 console port to a terminal server. 2 Connect the other end of the cable to the DTE terminal server.
Configure a Host Name The host name appears in the prompt. The default host name is FTOS. • • Host names must start with a letter and end with a letter or digit. Characters within the string can be letters, digits, and hyphens. To configure a host name: Step 1 Task Command Syntax Command Mode Create a new host name. hostname name CONFIGURATION The example below illustrates the hostname command.
www.dell.com | support.dell.com Note: Assign different IP addresses to each RPM’s management port. To configure the management port IP address: Step 1 2 3 Task Command Syntax Command Mode Enter INTERFACE mode for the Management port. interface ManagementEthernet slot/port CONFIGURATION Assign an IP address to the interface. ip address ip-address/mask Enable the interface. • • slot range: 0 to 1 port range: 0 • ip-address: an address in dotted-decimal format • (A.B.C.D).
To configure a username and password: Step 1 Task Command Syntax Command Mode Configure a username and password to access the system remotely. username username password [encryption-type] password encryption-type specifies how you are inputting the CONFIGURATION password, is 0 by default, and is not required. • • 0 is for inputting the password in clear text. 7 is for inputting a password that is already encrypted using a Type 7 hash.
www.dell.com | support.dell.com Configure the Enable Password Access the EXEC Privilege mode using the enable command. The EXEC Privilege mode is unrestricted by default. Configure a password as a basic security measure. There are two types of enable passwords: • enable password stores the password in the running/startup configuration using a DES encryption method. • enable secret is stored in the running/startup configuration in using a stronger, MD5 encryption method.
Copy Files to and from the System The command syntax for copying files is similar to UNIX. The copy command uses the format copy source-file-url destination-file-url. Note: See the FTOS Command Reference for a detailed description of the copy command. • • Table 3-2. To copy a local file to a remote system, combine the file-origin syntax for a local file location with the file-destination syntax for a remote file location shown in Table 3-2, "Forming a copy Command," in Getting Started.
www.dell.com | support.dell.com • The usbflash and rpm0usbflash commands are supported on E-Series ExaScale systems. Refer to your system’s Release Notes for a list of approved USB vendors. The following text is an example of using the copy command to save a file to an FTP server. FTOS#copy flash://FTOS-EF-8.2.1.0.bin ftp://myusername:mypassword@10.10.10.10//FTOS/ FTOS-EF-8.2.1.
Task Command Syntax Command Mode Save the running-configuration to: the startup-configuration on the internal flash of the primary RPM copy running-config startup-config the internal flash on an RPM copy running-config rpm{0|1}flash://filename Note: The internal flash memories on the RPMs are synchronized whenever there is a change, but only if the RPMs are running the same version of FTOS.
www.dell.com | support.dell.com View Files File information and content can only be viewed on local file systems. To view a list of files on the internal or external Flash: Step 1 Task Command Syntax Command Mode the internal flash of an RPM dir flash: EXEC Privilege the external flash of an RPM dir slot: View a list of files on: The output of the command dir also shows the read/write privileges, size (in bytes), and date of modification for each file, as shown in the example below.
View Configuration Files Configuration files have three commented lines at the beginning of the file, as shown in the example below, to help you track the last time any user made a change to the file, which user made the changes, and when the file was last saved to the startup-configuration.
www.dell.com | support.dell.com To change the default storage location: Task Command Syntax Command Mode Change the default directory. cd directory EXEC Privilege In the example below, the default storage location is changed to the external Flash of the primary RPM. File management commands then apply to the external Flash rather than the internal Flash.
4 Management Management is supported on platforms: ces This chapter explains the different protocols or services used to manage the Dell Networking system including: • • • • • • • Configure Privilege Levels Configure Logging File Transfer Services Terminal Lines Lock CONFIGURATION mode Recovering from a Forgotten Password on the S55 Recovering from a Failed Start on the S55 Configure Privilege Levels Privilege levels restrict access to commands based on user or terminal line.
www.dell.com | support.dell.com Removing a command from EXEC mode Remove a command from the list of available commands in EXEC mode for a specific privilege level using the command privilege exec from CONFIGURATION mode. In the command, specify a level greater than the level given to a user or terminal line, followed by the first keyword of each command to be restricted.
Task Command Syntax Allow access to INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode. Specify all keywords in the command. privilege configure level level {interface | line | route-map | router} {command-keyword ||...|| command-keyword} Allow access to a CONFIGURATION, INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode command. privilege {configure |interface | line | route-map | router} level level {command ||...
www.dell.com | support.dell.com Figure 4-1. 48 Create a Custom Privilege Level FTOS(conf)#do show run priv ! privilege exec level 3 capture privilege exec level 3 configure privilege exec level 4 resequence privilege exec level 3 capture bgp-pdu privilege exec level 3 capture bgp-pdu max-buffer-size privilege configure level 3 line privilege configure level 3 interface FTOS(conf)#do telnet 10.11.80.201 [telnet output omitted] FTOS#show priv Current privilege level is 3.
Apply a Privilege Level to a Username To set a privilege level for a user: Task Command Syntax Command Mode Configure a privilege level for a user. username username privilege level CONFIGURATION Apply a Privilege Level to a Terminal Line To set a privilege level for a terminal line: Task Command Syntax Command Mode Configure a privilege level for a terminal line.
www.dell.com | support.dell.com Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer.
Send System Messages to a Syslog Server Send system messages to a syslog server by specifying the server with the following command: Task Command Syntax Command Mode Specify the server to which you want to send system messages. You can configure up to eight syslog servers. logging {ip-address | hostname} CONFIGURATION Configure a Unix System as a Syslog Server Configure a UNIX system as a syslog server by adding the following lines to /etc/syslog.
www.dell.com | support.dell.com Task Command Syntax Command Mode Specify the size of the logging buffer. Note: When you decrease the buffer size, FTOS deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. logging buffered size CONFIGURATION Specify the number of messages that FTOS saves to its logging history table.
Figure 4-2. show logging Command Example FTOS#show logging syslog logging: enabled Console logging: level Debugging Monitor logging: level Debugging Buffer logging: level Debugging, 40 Messages Logged, Size (40960 bytes) Trap logging: level Informational %IRC-6-IRC_COMMUP: Link to peer RPM is up %RAM-6-RAM_TASK: RPM1 is transitioning to Primary RPM.
www.dell.com | support.dell.com Configure a UNIX logging facility level You can save system log messages with a UNIX system logging facility. To configure a UNIX logging facility level, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose logging facility [facility-type] CONFIGURATION Specify one of the following parameters.
Synchronize log messages You can configure FTOS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.
www.dell.com | support.dell.com To have FTOS include a timestamp with the syslog message, use the following command syntax in the CONFIGURATION mode: Command Syntax Command Mode Purpose service timestamps [log | debug] [datetime [localtime] [msec] [show-timezone] | uptime] CONFIGURATION Add timestamp to syslog messages. Specify the following optional parameters: • datetime: You can add the keyword localtime to include the localtime, msec, and show-timezone.
Enable FTP server To enable the system as an FTP server, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose ftp-server enable CONFIGURATION Enable FTP on the system. To view FTP configuration, use the show running-config ftp command (Figure 41) in the EXEC privilege mode. Figure 4-4.
www.dell.com | support.dell.com Configure FTP client parameters To configure FTP client parameters, use the following commands in the CONFIGURATION mode: Command Syntax Command Mode Purpose ip ftp source-interface interface CONFIGURATION Enter the following keywords and slot/port or number information: • For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information.
To apply an IP ACL to a line: Task Command Syntax Command Mode Apply an ACL to a VTY line. ip access-class access-list LINE To view the configuration, enter the show config command in the LINE mode, as shown in Figure 4-5. Figure 4-5. Applying an Access List to a VTY Line FTOS(config-std-nacl)#show config ! ip access-list standard myvtyacl seq 5 permit host 10.11.0.
www.dell.com | support.dell.com To configure authentication for a terminal line: Step Task Command Syntax Command Mode 1 Create an authentication method list. You may use a mnemonic name or use the keyword default. The default authentication method for terminal lines is local, and the default method list is empty. aaa authentication login {method-list-name | default} [method-1] [method-2] [method-3] [method-4] [method-5] [method-6] 2 Apply the method list from Step 1 to a terminal line.
To change the timeout period or disable EXEC timeout. Task Command Syntax Command Mode Set the number of minutes and seconds. Default: 10 minutes on console, 30 minutes on VTY. Disable EXEC timeout by setting the timeout period to 0. exec-timeout minutes [seconds] LINE Return to the default timeout values. no exec-timeout LINE View the configuration using the command show config from LINE mode. Figure 4-7.
www.dell.com | support.dell.com Figure 4-8. Telnet to Another Network Device FTOS# telnet 10.11.80.203 Trying 10.11.80.203... Connected to 10.11.80.203. Exit character is '^]'. Login: Login: admin Password: FTOS>exit FTOS#telnet 2200:2200:2200:2200:2200::2201 Trying 2200:2200:2200:2200:2200::2201... Connected to 2200:2200:2200:2200:2200::2201. Exit character is '^]'. FreeBSD/i386 (freebsd2.force10networks.
If any user is already in CONFIGURATION mode when while a lock is in place, Message 2 appears on their terminal. Message 2 Cannot Lock CONFIGURATION mode Error % Error: Can't lock configuration mode exclusively since the following users are currently configuring the system: User "admin" on line vty1 ( 10.1.1.1 ) Note: The CONFIGURATION mode lock corresponds to a VTY session, not a user.
www.dell.com | support.dell.com Step Task Command Syntax Command Mode 4 Set the system parameters to ignore the startup configuration file when the system reloads. setenv stconfigignore true uBoot 5 To save the changes, use the saveenv command saveenv uBoot 6 Reload the system. reset uBoot 7 Copy startup-config.bak to the running config. copy flash://startup-config.bak running-config EXEC Privilege 8 Remove all authentication statements you might have for the console.
Recovering from a Failed Start on the S55 A system that does not start correctly might be attempting to boot from a corrupted FTOS image or from a mis-specified location. In that case, you can restart the system and interrupt the boot process to point the system to another boot location. Use the setenv command, as described below.
| Management www.dell.com | support.dell.
5 802.1ag 802.1ag is available only on platform: s Ethernet Operations, Administration, and Maintenance (OAM) is a set of tools used to install, monitor, troubleshoot and manage Ethernet infrastructure deployments. Ethernet OAM consists of three main areas: 1. Service Layer OAM: IEEE 802.1ag Connectivity Fault Management (CFM) 2. Link Layer OAM: IEEE 802.3ah OAM 3.
www.dell.com | support.dell.com There is a need for Layer 2 equivalents to manage and troubleshoot native Layer 2 Ethernet networks. With these tools, you can identify, isolate, and repair faults quickly and easily, which reduces operational cost of running the network. OAM also increases availability and reduces mean time to recovery, which allows for tighter service level agreements, resulting in increased revenue for the service provider.
These roles define the relationships between all devices so that each device can monitor the layers under its responsibility. Maintenance points drop all lower-level frames and forward all higher-level frames. Figure 5-2.
www.dell.com | support.dell.com Implementation Information • Since the S-Series has a single MAC address for all physical/LAG interfaces, only one MEP is allowed per MA (per VLAN or per MD level). Configure CFM Configuring CFM is a five-step process: 1. Configure the ecfmacl CAM region using the cam-acl command. 2. Enable Ethernet CFM. 3. Create a Maintenance Domain. 4. Create a Maintenance Association. 5. Create Maintenance Points. 6.
Enable Ethernet CFM Task Command Syntax Command Mode Spawn the CFM process. No CFM configuration is allowed until the CFM process is spawned. ethernet cfm CONFIGURATION Disable Ethernet CFM without stopping the CFM process. disable ETHERNET CFM Create a Maintenance Domain Connectivity Fault Management (CFM) divides a network into hierarchical maintenance domains, as shown in Figure 5-1. Step 1 Task Command Syntax Command Mode Create maintenance domain.
www.dell.com | support.dell.com Create a Maintenance Association A Maintenance Association MA is a subdivision of an MD that contains all managed entities corresponding to a single end-to-end service, typically a VLAN. An MA is associated with a VLAN ID. Task Command Syntax Command Mode Create maintenance association. service name vlan vlan-id ECFM DOMAIN Create Maintenance Points Domains are comprised of logical entities called Maintenance Points.
Task Command Syntax Command Mode FTOS#show ethernet cfm maintenance-points local mep ------------------------------------------------------------------------------MPID Domain Name Level Type Port CCM-Status MA Name VLAN Dir MAC ------------------------------------------------------------------------------100 cfm0 test0 7 10 MEP DOWN Gi 4/10 00:01:e8:59:23:45 Enabled 200 cfm1 test1 6 20 MEP DOWN Gi 4/10 00:01:e8:59:23:45 Enabled 300 cfm2 test2 5 30 MEP DOWN Gi 4/10 00:01:e8:59:23:45 Enabl
www.dell.com | support.dell.com • MIP Database (MIP-DB): Every MIP must maintain a database of all other MEPs in the MA that have announced their presence via CCM Task Display the MEP Database.
Continuity Check Messages Continuity Check Messages (CCM) are periodic hellos used to: • • • • discover MEPs and MIPs within a maintenance domain detect loss of connectivity between MEPs detect mis-configuration, such as VLAN ID mismatch between MEPs to detect unauthorized MEPs in a maintenance domain Continuity Check Messages (CCM) are multicast Ethernet frames sent at regular intervals from each MEP.
www.dell.com | support.dell.com Enable CCM Step 1 Task Command Syntax Command Mode Enable CCM. no ccm disable ECFM DOMAIN Default: Disabled 2 Configure the transmit interval (mandatory). The interval specified applies to all MEPs in the domain. ccm transmit-interval seconds ECFM DOMAIN Default: 10 seconds Enable Cross-checking Task Command Syntax Command Mode Enable cross-checking. mep cross-check enable ETHERNET CFM Default: Disabled Start the cross-check operation for an MEP.
Figure 5-4. Linktrace Message and Response MPLS Core MEP Lin MIP ktra c e m M essa MIP MIP ge L i n k t ra ce R e s p o n s e Link trace messages carry a unicast target address (the MAC address of an MIP or MEP) inside a multicast frame. The destination group address is based on the MD level of the transmitting MEP (01:80:C2:00:00:3[8 to F]).
www.dell.com | support.dell.
Three values are giving within the trap messages: MD Index, MA Index, and MPID. You can reference these values against the output of show ethernet cfm domain and show ethernet cfm maintenance-points local mep.
www.dell.com | support.dell.com 80 Task Command Syntax FTOS#show ethernet cfm port-statistics interface gigabitethernet 0/5 Port statistics for port: Gi 0/5 ================================== RX Statistics ============= Total CFM Pkts 75394 CCM Pkts 75394 LBM Pkts 0 LTM Pkts 0 LBR Pkts 0 LTR Pkts 0 Bad CFM Pkts 0 CFM Pkts Discarded 0 CFM Pkts forwarded 102417 TX Statistics ============= Total CFM Pkts 10303 CCM Pkts 0 LBM Pkts 0 LTM Pkts 3 LBR Pkts 0 LTR Pkts 0 | 802.
6 802.1X 802.1X is supported on platforms: ces Protocol Overview 802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). This feature is named for its IEEE specification. 802.
www.dell.com | dell.com/support Figure 6-1.
3. The authenticator decapsulates the EAP Response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame, and forwards the frame to the authentication server. 4. The authentication server replies with an Access-Challenge. The Access-Challenge is request that the supplicant prove that it is who it claims to be, using a specified method (an EAP-Method). The challenge is translated and forwarded to the supplicant by the authenticator. 5.
www.dell.com | dell.com/support Figure 6-3. Code RADIUS Frame Format Identifier Range: 1-4 Codes: 1: Access-Request 2: Access-Accept 3: Access-Reject 11: Access-Challenge Length Message-Authenticator Attribute Type (79) EAP-Message Attribute Length EAP-Method Data (Supplicant Requested Credentials) fnC0034mp RADIUS Attributes for 802.1 Support Force10 systems includes the following RADIUS attributes in all 802.1X-triggered Access-Request messages: • • • • 84 | 802.
Configuring 802.1X Configuring 802.1X on a port is a two-step process: 1. Enable 802.1X globally. See page 85. 2. Enable 802.1X on an interface. See page 85. Related Configuration Tasks • • • • • • Configuring Request Identity Re-transmissions Configuring Port-control Re-authenticating a Port Configuring Timeouts Configuring a Guest VLAN Configuring an Authentication-fail VLAN Important Points to Remember • • • FTOS supports 802.
www.dell.com | dell.com/support Figure 6-4. Enabling 802.1X Supplicant Authenticator 2/1 Authentication Server 2/2 Force10(conf )#dot1x authentication Force10(conf )#interface range gigabitethernet 2/1 - 2 Force10(conf-if-range-gi-2/1-2)#dot1x authentication Force10(conf-if-range-gi-2/1-2)#show config ! interface GigabitEthernet 2/1 ip address 2.2.2.2/24 dot1x authentication no shutdown ! interface GigabitEthernet 2/2 ip address 1.0.0.1/24 dot1x authentication no shutdown To enable 802.
Figure 6-6. Verifying 802.1X Interface Configuration Force10#show dot1x interface gigabitethernet 2/1 802.1x information on Gi 2/1: ----------------------------Dot1x Status: Enable Port Control: AUTO Port Auth Status: UNAUTHORIZED Re-Authentication: Disable Untagged VLAN id: None Tx Period: 30 seconds Quiet Period: 60 seconds ReAuth Max: 2 Supplicant Timeout: 30 seconds Server Timeout: 30 seconds Re-Auth Interval: 3600 seconds Max-EAP-Req: 2 Auth Type: SINGLE_HOST Auth PAE State: Backend State: 802.
www.dell.com | dell.com/support Configuring a Quiet Period after a Failed Authentication If the supplicant fails the authentication process, the authenticator sends another Request Identity frame after 30 seconds by default, but this period can be configured. Note: The quiet period (dot1x quiet-period) is an transmit interval for after a failed authentication where as the Request Identity Re-transmit interval (dot1x tx-period) is for an unresponsive supplicant.
Forcibly Authorizing or Unauthorizing a Port IEEE 802.1X requires that a port can be manually placed into any of three states: • • • ForceAuthorized is an authorized state. A device connected to this port in this state is never subjected to the authentication process, but is allowed to communicate on the network. Placing the port in this state is same as disabling 802.1X on the port. ForceUnauthorized an unauthorized state.
www.dell.com | dell.com/support Re-authenticating a Port Periodic Re-authentication After the supplicant has been authenticated, and the port has been authorized, the authenticator can be configured to re-authenticates the supplicant periodically. If re-authentication is enabled, the supplicant is required to re-authenticate every 3600 seconds, but this interval can be configured. A maximum number of re-authentications can be configured as well.
Configuring Timeouts If the supplicant or the authentication server is unresponsive, the authenticator terminates the authentication process after 30 seconds by default. This amount of time that the authenticator waits for a response can be configured. To terminate the authentication process due to an unresponsive supplicant: Step 1 Task Command Syntax Command Mode Terminate the authentication process due to an unresponsive supplicant.
www.dell.com | dell.com/support Dynamic VLAN Assignment with Port Authentication FTOS supports dynamic VLAN assignment when using 802.1X. The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID.
Figure 6-11. Dynamic VLAN Assignment with 802.1X Force10(conf-if-gi-1/10)#show config interface GigabitEthernet 1/10 no ip address 2 switchport radius-server host 10.11.197.169 auth-port 1645 dot1x authentication 1 key 7 387a7f2df5969da4 no shutdow End-user Device Force10 switch 4 Force10#show dot1x interface gigabitethernet 1/10 802.
www.dell.com | dell.com/support If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases this behavior is not appropriate. External users of an enterprise network, for example, might not be able to be authenticated, but still need access to the network. Also, some dumb-terminals such as network printers do not have 802.1X capability and therefore cannot authenticate themselves.
Figure 6-13. Configuring an Authentication-fail VLAN Force10(conf-if-gi-1/2)#dot1x auth-fail-vlan 100 max-attempts 5 Force10(conf-if-gi-1/2)#show config ! interface GigabitEthernet 1/2 switchport dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no shutdown Force10(conf-if-gi-1/2)# View your configuration using the command show config from INTERFACE mode, as shown in Figure 6-12, or using the command show dot1x interface command from EXEC Privilege mode as shown in Figure 6-14. Figure 6-14.
www.dell.com | dell.com/support Multi-Host Authentication Multi-Host Authentication is available on platforms: c et s 802.1x assumes that a single end-user is connected to a single authenticator port, as shown in Figure 6-15; this one-to-one mode of authentication is called Single-host mode. If multiple end-users are connected to the same port, a many-to-one configuration, only the first end-user to respond to the identity request is authenticated.
When the host mode is changed on a port that is already authenticated: • • Single-host to Multi-host: all devices attached to the port that were previously blocked may access the network; the supplicant does not re-authenticate. Multi-host to Single-host: the port restarts the authentication process, and the first end-user to respond is authenticated and allowed access. Task Command Syntax Command Mode Configure Multi-host Authentication mode on a port.
www.dell.com | dell.com/support Task Command Syntax Command Mode Configure Single-host Authentication mode on a port. dot1x host-mode single-host INTERFACE FTOS(conf-if-gi-2/1)#dot1x port-control force-authorized FTOS(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1 802.
During the authentication process, the Dell Force10 system is able to learn the MAC address of the device though the EAPoL frames, and the VLAN assignment from the RADIUS server. With this information it creates an authorized-MAC to VLAN mapping table per port. Then, the system can tag all incoming untagged frames with the appropriate VLAN-ID based on the table entries. Task Command Syntax Command Mode Enable Multi-Supplicant Authentication mode on a port.
www.dell.com | dell.com/support MAC Authentication Bypass MAC Authentication Bypass is supported on platforms: cs MAC Authentication Bypass (MAB) enables you to provide MAC-based security by allowing only known MAC addresses within the network using a RADIUS server. 802.1X-enabled clients can authenticate themselves using the 802.1X protocol. Other devices that do not use 802.1X—like IP phones, printers, and IP fax machines—still need connectivity to the network.
MAB in Single-host and Multi-Host Mode In single-host and multi-host mode, the switch attempts to authenticate a supplicant using 802.1X. If 802.1X times out because the supplicant does not respond to the Request Identity frame and MAB is enabled, the switch attempts to authenticate the first MAC it learns on the port. Subsequently, for single-host mode, traffic from all other MACs is dropped; for multi-host mode, all traffic from all other MACs is accepted.
www.dell.com | dell.com/support Step Task Command Syntax Command Mode 3 (Optional) Use MAB authentication only— do not use 802.1X authentication first. If MAB fails the port or the MAC address is blocked, the port is placed in the guest VLAN (if configured). 802.1x authentication is not even attempted. Re-authentication is performed using 802.1X timers. dot1x auth-type mab-only INTERFACE 4 Display the 802.1X and MAB configuration.
7 Access Control Lists (ACL), Prefix Lists, and Route-maps Access Control Lists, Prefix Lists, and Route-maps are supported on platforms: Ingress IP and MAC ACLs are supported on platforms: ces ces Overview At their simplest, Access Control Lists (ACLs), Prefix lists, and Route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter discusses implementing IP ACLs, IP Prefix lists and Route-maps. For MAC ACLS, refer to Chapter 10, Layer 2, on page 47.
www.dell.com | support.dell.com IP Access Control Lists (ACLs) In the Dell Networking switch/routers, you can create two different types of IP ACLs: standard or extended. A standard ACL filters packets based on the source IP packet.
The CAM space is allotted in FP blocks. The total space allocated must equal 13 FP blocks. Note that there are 16 FP blocks, but the System Flow requires 3 blocks that cannot be reallocated. The default CAM Allocation settings on a C-Series matching are: • • • • • L3 ACL (ipv4acl): 6 L2 ACL(l2acl) : 5 IPv6 L3 ACL (ipv6acl): 0 L3 QoS (ipv4qos): 1 L2 QoS (l2qos): 1 The ipv6acl allocation must be entered as a factor of 2 (2, 4, 6, 8, 10).
www.dell.com | support.dell.com Implementing ACLs on FTOS One IP ACL can be assigned per interface with FTOS. If an IP ACL is not assigned to an interface, it is not used by the software in any other capacity. The number of entries allowed per ACL is hardware-dependent. Refer to your line card documentation for detailed specification on entries allowed per ACL. If counters are enabled on IP ACL rules that are already configured, those counters are reset when a new rule is inserted or prepended.
In cases such as these, where class-maps with overlapping ACL rules are applied to different queues, use the order keyword to specify the order in which you want to apply ACL rules, as shown in Figure 7-2. The order can range from 0 to 254. FTOS writes to the CAM ACL rules with lower order numbers (order numbers closer to 0) before rules with higher order numbers so that packets are matched as you intended. By default, all ACL rules have an order of 254. Figure 7-2.
www.dell.com | support.dell.com IP fragments ACL examples The following configuration permits all packets (both fragmented & non-fragmented) with destination IP 10.1.1.1. The second rule does not get hit at all. FTOS(conf)#ip access-list extended ABC FTOS(conf-ext-nacl)#permit ip any 10.1.1.1/32 FTOS(conf-ext-nacl)#deny ip any 10.1.1.1./32 fragments FTOS(conf-ext-nacl) To deny second/subsequent fragments, use the same rules in a different order.
Note the following when configuring ACLs with the fragments keyword. When an ACL filters packets it looks at the Fragment Offset (FO) to determine whether or not it is a fragment. FO = 0 means it is either the first fragment or the packet is a non-fragment. FO > 0 means it is dealing with the fragments of the original packet.
www.dell.com | support.dell.com To view the rules of a particular ACL configured on a particular interface, use the show ip accounting access-list ACL-name interface interface command (Figure 226) in EXEC Privilege mode. Figure 7-3. Command Example: show ip accounting access-list FTOS#show ip accounting access ToOspf interface gig 1/6 Standard IP access list ToOspf seq 5 deny any seq 10 deny 10.2.0.0 /16 seq 15 deny 10.3.0.0 /16 seq 20 deny 10.4.0.0 /16 seq 25 deny 10.5.0.0 /16 seq 30 deny 10.6.0.
Figure 7-5. Standard IP ACL FTOS(config-route-map)#ip access standard kigali FTOS(config-std-nacl)#permit 10.1.0.0/16 FTOS(config-std-nacl)#show config ! ip access-list standard kigali seq 5 permit 10.1.0.0/16 FTOS(config-std-nacl)# To view all configured IP ACLs, use the show ip accounting access-list command (Figure 229) in the EXEC Privilege mode. Figure 7-6.
www.dell.com | support.dell.com Configure filters with sequence number To create a filter for packets with a specified sequence number, use these commands in the following sequence, starting in the CONFIGURATION mode: Step 1 2 Command Syntax Command Mode Purpose ip access-list extended access-list-name CONFIGURATION Enter the IP ACCESS LIST mode by creating an extended IP ACL.
When you create the filters with a specific sequence number, you can create the filters in any order and the filters are placed in the correct order. Note: When assigning sequence numbers to filters, keep in mind that you might need to insert a new filter. To prevent reconfiguring multiple filters, assign sequence numbers in multiples of five or another number. Figure 7-7 illustrates how the seq command orders the filters according to the sequence number assigned.
www.dell.com | support.dell.com Figure 7-8. Extended IP ACL FTOS(config-ext-nacl)#deny tcp host 123.55.34.0 any FTOS(config-ext-nacl)#permit udp 154.44.123.34 0.0.255.255 host 34.6.0.0 FTOS(config-ext-nacl)#show config ! ip access-list extended nimule seq 5 deny tcp host 123.55.34.0 any seq 10 permit udp 154.44.0.0 0.0.255.255 host 34.6.0.
For information on MAC ACLs, refer to Chapter 20, “Layer 2,” on page 391. Assign an IP ACL to an Interface c and s Ingress and Egress IP ACL are supported on platform: e Ingress IP ACLs are supported on platforms: To pass traffic through a configured IP ACL, you must assign that ACL to a physical interface, a port channel interface, or a VLAN.
www.dell.com | support.dell.com Figure 7-9. Command example: show config in the INTERFACE Mode FTOS(conf-if)#show conf ! interface GigabitEthernet 0/0 ip address 10.2.1.100 255.255.255.0 ip access-group nimule in no shutdown FTOS(conf-if)# Use only Standard ACLs in the access-class command to filter traffic on Telnet sessions. Counting ACL Hits You can view the number of packets matching the ACL by using the count option when creating ACL entries.
Figure 7-10. Creating an Ingress ACL FTOS(conf)#interface gige 0/0 FTOS(conf-if-gige0/0)#ip access-group abcd in FTOS(conf-if-gige0/0)#show config ! gigethernet 0/0 no ip address ip access-group abcd in no shutdown FTOS(conf-if-gige0/0)#end FTOS#configure terminal FTOS(conf)#ip access-list extended abcd FTOS(config-ext-nacl)#permit tcp any any FTOS(config-ext-nacl)#deny icmp any any FTOS(config-ext-nacl)#permit 1.1.1.
www.dell.com | support.dell.com • • • To permit routes with the mask greater than /8 but less than /12, enter permit x.x.x.x/x ge 8 le 12 To deny routes with a mask less than /24, enter deny x.x.x.x/x le 24 To permit routes with a mask greater than /20, enter permit x.x.x.x/x ge 20 The following rules apply to prefix lists: • • • A prefix list without any permit or deny filters allows all routes.
Step Command Syntax Command Mode Purpose 2 seq sequence-number {deny | permit} ip-prefix [ge min-prefix-length] [le max-prefix-length] CONFIG-NPREFIXL Create a prefix list with a sequence number and a deny or permit action. The optional parameters are: • ge min-prefix-length: is the minimum prefix length to be matched (0 to 32). • le max-prefix-length: is the maximum prefix length to be matched (0 to 32).
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 2 {deny | permit} ip-prefix [ge min-prefix-length] [le max-prefix-length] CONFIG-NPREFIXL Create a prefix list filter with a deny or permit action. The optional parameters are: • ge min-prefix-length: is the minimum prefix length to be matched (0 to 32). • le max-prefix-length: is the maximum prefix length to be matched (0 to 32).
Figure 7-14. Command Example: show ip prefix-list summary FTOS>show ip prefix summary Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 ip prefix-list filter_ospf: count: 4, range entries: 1, sequences: 5 - 10 FTOS> Use a prefix list for route redistribution To pass traffic through a configured prefix list, you must use the prefix list in a route redistribution command.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose distribute-list prefix-list-name in [interface] CONFIG-ROUTER-OSPF Apply a configured prefix list to incoming routes. You can specify an interface. If you enter the name of a non-existent prefix list, all routes are forwarded. distribute-list prefix-list-name out [connected | rip | static] CONFIG-ROUTER-OSPF Apply a configured prefix list to incoming routes. You can specify which type of routes are affected.
Important Points to Remember • • • For route-maps with more than one match clause: • Two or more match clauses within the same route-map sequence have the same match commands (though the values are different), matching a packet against these clauses is a logical OR operation. • Two or more match clauses within the same route-map sequence have different match commands, matching a packet against these clauses is a logical AND operation.
www.dell.com | support.dell.com Figure 7-17. Command Example: show config in the ROUTE-MAP Mode FTOS(config-route-map)#show config ! route-map dilling permit 10 FTOS(config-route-map)# You can create multiple instances of this route map by using the sequence number option to place the route maps in the correct order. FTOS processes the route maps with the lowest sequence number first.
Figure 7-20. Command Example: show route-map FTOS#show route-map dilling route-map dilling, permit, sequence 10 Match clauses: Set clauses: route-map dilling, permit, sequence 15 Match clauses: interface Loopback 23 Set clauses: tag 3444 FTOS# To delete a route map, use the no route-map map-name command in the CONFIGURATION mode. Configure route map filters Within the ROUTE-MAP mode, there are match and set commands.
www.dell.com | support.dell.com Also, if there are different instances of the same route-map, then it’s sufficient if a permit match happens in any instance of that route-map.
Command Syntax Command Mode Purpose match ipv6 address prefix-list-name CONFIG-ROUTE-MAP Match destination routes specified in a prefix list (IPv6). match ip next-hop {access-list-name | prefix-list prefix-list-name} CONFIG-ROUTE-MAP Match next-hop routes specified in a prefix list (IPv4). match ipv6 next-hop {access-list-name | prefix-list prefix-list-name} CONFIG-ROUTE-MAP Match next-hop routes specified in a prefix list (IPv6).
www.dell.com | support.dell.com Command Syntax Command Mode Purpose set origin {egp | igp | incomplete} CONFIG-ROUTE-MAP Assign an ORIGIN attribute. set tag tag-value CONFIG-ROUTE-MAP Specify a tag for the redistributed routes. set weight value CONFIG-ROUTE-MAP Specify a value as the route’s weight. Use these commands to create route map instances.
Configure a route map for route tagging One method for identifying routes from different routing protocols is to assign a tag to routes from that protocol. As the route enters a different routing domain, it is tagged and that tag is passed along with the route as it passes through different routing protocols. This tag can then be used when the route leaves a routing domain to redistribute those routes again.
www.dell.com | support.dell.
8 Border Gateway Protocol IPv4 (BGPv4) Border Gateway Protocol IPv4 (BGPv4) version 4 (BGPv4) is supported on platforms: ces Platforms support BGP according to the following table: FTOS version Platform support 8.1.1.0 E-Series ExaScale 7.8.1.0 S-Series 7.7.1.0. C-Series pre-7.7.1.0 E-Series TeraScale ex s c et This chapter is intended to provide a general description of Border Gateway Protocol version 4 (BGPv4) as it is supported in the Dell Networking Operating System (FTOS).
www.dell.com | support.dell.com • • • Ignore Router-ID for some best-path calculations • 4-Byte AS Numbers • AS4 Number Representation • AS Number Migration • BGP4 Management Information Base (MIB) • Important Points to Remember Configuration Information • Configuration Task List for BGP • MBGP Configuration • Storing Last and Bad PDUs • Capturing PDUs • PDU Counters Sample Configurations BGP protocol standards are listed in the Appendix 45, Standards Compliance chapter.
A transit AS is one that provides connections through itself to separate networks. For example as seen in Figure 8-1, Router 1 can use Router 2 (the transit AS) to connect to Router 4. ISPs are always transit ASs, because they provide connections from one network to another. The ISP is considered to be “selling transit service” to the customer network, so thus the term Transit AS.
www.dell.com | support.dell.com Figure 8-2. Full Mesh Examples 4 Routers 6 Routers 8 Routers The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor. Establishing a session Information exchange between peers is driven by events and timers.
In order to make decisions in its operations with other BGP peers, a BGP peer uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established. For each peer-to-peer session, a BGP implementation tracks which of these six states the session is in. The BGP protocol defines the messages that each peer should exchange in order to change the session from one state to another. The first state is the Idle mode.
www.dell.com | support.dell.com • • If a route was received from a nonclient peer, reflect the route to all client peers. If the route was received from a client peer, reflect the route to all nonclient and all client peers. To illustrate how these rules affect routing, see Figure 8-3 and the following steps.Routers B, C, D, E, and G are members of the same AS - AS100. These routers are also in the same Route Reflection Cluster, where Router D is the Route Reflector.
BGP Attributes Routes learned via BGP have associated properties that are used to determine the best route to a destination when multiple paths exist to a particular destination. These properties are referred to as BGP attributes, and an understanding of how BGP attributes influence route selection is required for the design of robust networks.
www.dell.com | support.dell.com Figure 8-4. BGP Best Path Selection Best Path selection details 1. Prefer the path with the largest WEIGHT attribute. 2. Prefer the path with the largest LOCAL_PREF attribute. 3. Prefer the path that was locally Originated via a network command, redistribute command or aggregate-address command. • Routes originated with the network or redistribute commands are preferred over routes originated with the aggregate-address command. 4.
• AS_CONFED_SEQUENCE has a path length of 1, no matter how many ASs are in the AS_CONFED_SEQUENCE. 5. Prefer the path with the lowest ORIGIN type (IGP is lower than EGP, and EGP is lower than INCOMPLETE). 6. Prefer the path with the lowest Multi-Exit Discriminator (MED) attribute. The following criteria apply: • • • This comparison is only done if the first (neighboring) AS is the same in the two paths; the MEDs are compared only if the first AS in the AS_SEQUENCE is the same for both paths.
www.dell.com | support.dell.com Weight The Weight attribute is local to the router and is not advertised to neighboring routers. If the router learns about more than one route to the same destination, the route with the highest weight will be preferred. The route with the highest weight is installed in the IP routing table. Local Preference Local Preference (LOCAL_PREF) represents the degree of preference within the entire AS. The higher the number, the greater the preference for the route.
One AS assigns the MED a value and the other AS uses that value to decide the preferred path. For this example, assume the MED is the only attribute applied. In Figure 8-6, AS100 and AS200 connect in two places. Each connection is a BGP session. AS200 sets the MED for its T1 exit point to 100 and the MED for its OC3 exit point to 50. This sets up a path preference through the OC3 link. The MEDs are advertised to AS100 routers so they know which is the preferred path. An MED is a non-transitive attribute.
www.dell.com | support.dell.com Generally, an IGP indicator means that the route was derived inside the originating AS. EGP generally means that a route was learned from an external gateway protocol. An INCOMPLETE origin code generally results from aggregation, redistribution or other indirect ways of installing routes into BGP. In FTOS, these origin codes appear as shown in Figure 8-7. The question mark (?) indicates an Origin code of INCOMPLETE. The lower case letter (i) indicates an Origin code of IGP.
Next Hop The Next Hop is the IP address used to reach the advertising router. For EBGP neighbors, the Next-Hop address is the IP address of the connection between the neighbors. For IBGP, the EBGP Next-Hop address is carried into the local AS. A Next Hop attribute is set when a BGP speaker advertises itself to another BGP speaker outside its local AS. It can also be set when advertising routes within an AS.
www.dell.com | support.dell.com • • • If the redistribute command does not have any metric configured and BGP Peer out-bound route-map does have metric-type internal configured, BGP advertises the IGP cost as MED. If the redistribute command has metric configured (route-map set metric or redistribute route-type metric ) and the BGP Peer out-bound route-map has metric-type internal configured, BGP advertises the metric configured in the redistribute command as MED.
Where the 2-Byte format is 1-65535, the 4-Byte format is 1-4294967295. Enter AS Numbers using the traditional format. If the ASN is greater than 65535, the dot format is shown when using the show ip bgp commands. For example, an ASN entered as 3183856184 will appear in the show commands as 48581.51768; an ASN of 65123 is shown as 65123. To calculate the comparable dot format for an ASN from a traditional format, use ASN/65536. ASN%65536. Table 8-2.
www.dell.com | support.dell.com ASDOT representation combines the ASPLAIN and ASDOT+ representations. AS Numbers less than 65536 appear in integer format (asplain); AS Numbers equal to or greater than 65536 appear using the decimal method (asdot+). For example, the AS Number 65526 appears as 65526, and the AS Number 65546 appears as 1.10. Dynamic AS Number Notation application FTOS 8.3.1.0 applies the ASN Notation type change dynamically to the running-config statements.
Figure 8-10. config Dynamic changes when bgp asnotation command is disabled in the show running AS NOTATION DISABLED FTOS(conf-router_bgp)#no bgp asnotation FTOS(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057
www.dell.com | support.dell.com Figure 8-11. Local-AS Scenario Router A AS 100 Router C AS 300 Router B AS 200 Before Migration Router A AS 100 AS 100 Router C AS 300 Router B Local AS 200 After Migration, with Local-AS enabled When you complete your migration, and you have reconfigured your network with the new information you must disable this feature. If the “no prepend” option is used, the local-as will not be prepended to the updates received from the eBGP peer.
Local-as is prepended before the route-map to give an impression that update passed thru a router in AS 200 before it reached Router B. BGP4 Management Information Base (MIB) The FORCE10-BGP4-V2-MIB enhances FTOS BGP Management Information Base (MIB) support with many new SNMP objects and notifications (traps) defined in the draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell Networking website, www.force10networks.com.
www.dell.com | support.dell.com • • • • • • • • • • • The AFI/SAFI is not used as an index to the f10BgpM2PeerCountersEntry table. The BGP peer's AFI/ SAFI (IPv4 Unicast or IPv6 Multicast) is used for various outbound counters. Counters corresponding to IPv4 Multicast cannot be queried.
BGP Configuration To enable the BGP process and begin exchanging information, you must assign an AS number and use commands in the ROUTER BGP mode to configure a BGP neighbor. Defaults By default, BGP is disabled. By default, FTOS compares the MED attribute on different paths from within the same AS (the bgp always-compare-med command is not enabled). Note: In FTOS, all newly configured neighbors and peer groups are disabled.
www.dell.com | support.dell.
Use these commands in the following sequence, starting in the CONFIGURATION mode to establish BGP sessions on the router. Step 1 Command Syntax Command Mode Purpose router bgp as-number CONFIGURATION Assign an AS number and enter the ROUTER BGP mode. AS Number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) or 0.1-65535.65535 (Dotted format) Only one AS is supported per system If you enter a 4-Byte AS Number, 4-Byte AS Support is enabled automatically.
www.dell.com | support.dell.com Enter show config in CONFIGURATION ROUTER BGP mode to view the BGP configuration. Use the show ip bgp summary command in EXEC Privilege mode to view the BGP status. Figure 8-12 shows the summary with a 2-Byte AS Number displayed; Figure 8-13 shows the summary with a 4-Byte AS Number displayed. Figure 8-12. Command example: show ip bgp summary (2-Byte AS Number displayed) R2#show ip bgp summary BGP router identifier 192.168.10.
Figure 8-14 displays two neighbors, one is an external and the second one is an internal BGP neighbor. The first line of the output for each neighbor displays the AS number and states whether the link is an external or internal. The third line of the show ip bgp neighbors output contains the BGP State. If anything other than ESTABLISHED is listed, the neighbor is not exchanging information and routes.
www.dell.com | support.dell.com Figure 8-15. Command example: show running-config bgp R2#show running-config bgp ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.
Task Command Syntax Command Mode Enable ASDOT AS Number representation. Figure 8-17 bgp asnotation asdot CONFIG-ROUTER-BGP Enable ASDOT+ AS Number representation.Figure 8-18 bgp asnotation asdot+ CONFIG-ROUTER-BGP Figure 8-16. Command example and output: bgp asnotation asplain FTOS(conf-router_bgp)#bgp asnotation asplain FTOS(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.
www.dell.com | support.dell.com Configure Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. Another advantage of peer groups is that members of a peer groups inherit the configuration properties of the group and share same update policy. A maximum of 256 Peer Groups are allowed on the system. You create a peer group by assigning it a name, then adding members to the peer group. Once a peer group is created, you can configure route policies for it.
When you add a peer to a peer group, it inherits all the peer group’s configured parameters.
www.dell.com | support.dell.com Figure 8-20. Command example: show config (peer-group enabled FTOS(conf-router_bgp)#neighbor zanzibar no shutdown FTOS(conf-router_bgp)#show config ! router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes neighbor zanzibar peer-group neighbor zanzibar no shutdown neighbor 10.1.1.1 remote-as 65535 neighbor 10.1.1.1 shutdown neighbor 10.14.8.60 remote-as 18505 neighbor 10.14.8.
Figure 8-21. Command example: show ip bgp peer-group FTOS>show ip bgp peer-group Peer-group zanzibar, remote AS 65535 BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is zanzibar, peer-group internal, Number of peers in this group 26 Peer-group members (* - outbound optimized): 10.68.160.1 10.68.161.1 10.68.162.1 10.68.163.1 10.68.164.1 10.68.165.1 10.68.166.1 10.68.167.1 10.68.168.1 10.68.169.1 10.68.170.1 10.68.171.1 10.68.172.1 10.68.173.
www.dell.com | support.dell.com The BGP fast fall-over feature is configured on a per-neighbor or peer-group basis and is disabled by default.
Figure 8-22. Command example: show ip bgp neighbors FTOS#sh ip bgp neighbors BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.30.
www.dell.com | support.dell.com Figure 8-23. Command example: show ip bgp peer-group FTOS#sh ip bgp peer-group Peer-group test Fall-over enabled BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is test Number of peers in this group 1 Peer-group members (* - outbound optimized): 100.100.100.100* FTOS# router bgp 65517 neighbor test peer-group Fast Fall-Over neighbor test fall-over neighbor test no shutdown neighbor 100.100.100.
Only after the peer group responds to an OPEN message sent on the subnet does its BGP state change to ESTABLISHED. Once the peer group is ESTABLISHED, the peer group is the same as any other peer group. For more information on peer groups, refer to Configure Peer Groups on page 158. Maintain existing AS numbers during an AS migration The local-as feature smooths out the BGP network migration operation and allows you to maintain existing ASNs during a BGP network migration.
www.dell.com | support.dell.com Figure 8-24. Local-as information shown R2(conf-router_bgp)#show conf ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.
Figure 8-25. Allowas-in information shown R2(conf-router_bgp)#show conf ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 local-as 6500 neighbor 100.10.92.
www.dell.com | support.dell.com • • • Advertise to all BGP neighbors and peer-groups that the forwarding state of all routes has been saved. This prompts all peers to continue saving the routes they receive from your E-Series and to continue forwarding traffic. Bring the secondary RPM online as the primary and re-open sessions with all peers operating in “no shutdown” mode. Defer best path selection for a certain amount of time.
Filter on an AS-Path attribute The BGP attribute, AS_PATH, can be used to manipulate routing policies. The AS_PATH attribute contains a sequence of AS numbers representing the route’s path. As the route traverses an Autonomous System, the AS number is prepended to the route. You can manipulate routes based on their AS_PATH to affect interdomain routing. By identifying certain AS numbers in the AS_PATH, you can permit or deny routes based on the number in its AS_PATH.
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 2 {deny | permit} filter CONFIG-AS-PATH Enter the parameter to match BGP AS-PATH for filtering. This is the filter that will be used to match the AS-path. The entries can be any format, letters, numbers, or regular expressions. This command can be entered multiple times if multiple filters are desired. See Table 8-4 for accepted expressions.
Figure 8-27. Filtering with Regular Expression FTOS(config)#router bgp 99 FTOS(conf-router_bgp)#neigh AAA peer-group FTOS(conf-router_bgp)#neigh AAA no shut FTOS(conf-router_bgp)#show conf ! router bgp 99 neighbor AAA peer-group neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 shutdown FTOS(conf-router_bgp)#neigh 10.155.15.
www.dell.com | support.dell.com Table 8-4. Regular Expression Regular Expressions Definition ( ) (parenthesis) Specifies patterns for multiple use when followed by one of the multiplier metacharacters: asterisk *, plus sign +, or question mark ? [ ] (brackets) Matches any enclosed character; specifies a range of single characters - (hyphen) Used within brackets to specify a range of AS or community numbers. _ (underscore) Matches a ^, a $, a comma, a space, a {, or a }.
Command Syntax Command Mode Purpose redistribute ospf process-id [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name] ROUTER BGP or CONF-ROUTER_BGPv6_ AF Include specific OSPF routes in IS-IS. Configure the following parameters: • process-id range: 1 to 65535 • match external range: 1 or 2 • match internal • metric-type: external or internal. • map-name: name of a configured route map.
www.dell.com | support.dell.com Use these commands in the following sequence, starting in the CONFIGURATION mode to configure an IP community list. Step Command Syntax Command Mode Purpose 1 ip community-list CONFIGURATION Create a Community list and enter the COMMUNITY-LIST mode.
Figure 8-28.
www.dell.com | support.dell.com Manipulate the COMMUNITY attribute In addition to permitting or denying routes based on the values of the COMMUNITY attributes, you can manipulate the COMMUNITY attribute value and send the COMMUNITY attribute with the route information. By default, FTOS does not send the COMMUNITY attribute. Use the following command in the CONFIGURATION ROUTER BGP mode to send the COMMUNITY attribute to BGP neighbors.
Step Command Syntax Command Mode Purpose 3 exit CONFIG-ROUTE-MAP Return to the CONFIGURATION mode. 4 router bgp as-number CONFIGURATION Enter the ROUTER BGP mode. 5 neighbor {ip-address | peer-group-name} route-map map-name {in | out} CONFIG-ROUTER-BGP Apply the route map to the neighbor or peer group’s incoming or outgoing routes. To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode.
www.dell.com | support.dell.com Use any or all of the following commands in the CONFIGURATION ROUTER BGP mode to change how the MED attribute is used. Command Syntax Command Mode Purpose bgp always-compare-med CONFIG-ROUTERBGP Enable MED comparison in the paths from neighbors with different ASs. By default, this comparison is not performed.
Step Command Syntax Command Mode Purpose 4 router bgp as-number CONFIGURATION Enter the ROUTER BGP mode. 5 neighbor {ip-address | peer-group-name} route-map map-name {in | out} CONFIG-ROUTER-BGP Apply the route map to the neighbor or peer group’s incoming or outgoing routes. To view the BGP configuration, use the show config command in the CONFIGURATION ROUTER BGP mode. To view a route map configuration, use the show route-map command in EXEC Privilege mode.
www.dell.com | support.dell.com You can also use route maps to change this and other BGP attributes. For example, you can include the following command in a route map to specify the next hop address: Command Syntax Command Mode Purpose set weight weight CONFIG-ROUTE-MAP Sets weight for the route. • weight range: 0 to 65535 Enable multipath By default, the software allows one path to a destination. You can enable multipath to allow up to 16 parallel paths to a destination.
Refer to Chapter 7, “Access Control Lists (ACL), Prefix Lists, and Route-maps,” on page 103 for configuration information on prefix lists, AS-PATH ACLs, and route maps. Note: When you configure a new set of BGP policies, always reset the neighbor or peer group by entering the clear ip bgp command in EXEC Privilege mode. Use these commands in the following sequence, starting in the CONFIGURATION mode to filter routes using prefix lists.
www.dell.com | support.dell.com Use these commands in the following sequence, starting in the CONFIGURATION mode to filter routes using a route map. Step Command Syntax Command Mode Purpose route-map map-name [permit | deny] [sequence-number] CONFIGURATION Create a route map and assign it a name. 2 {match | set} CONFIG-ROUTE-MAP Create multiple route map filters with a match or set action.
Step Command Syntax Command Mode Purpose 5 neighbor {ip-address | peer-group-name} filter-list as-path-name {in | out} CONFIG-ROUTER-B GP Filter routes based on the criteria in the configured route map. Configure the following parameters: • ip-address or peer-group-name: enter the neighbor’s IP address or the peer group’s name. • as-path-name: enter the name of a configured AS-PATH ACL. • in: apply the AS-PATH ACL map to inbound routes. • out: apply the AS-PATH ACL to outbound routes.
www.dell.com | support.dell.com Aggregate routes FTOS provides multiple ways to aggregate routes in the BGP routing table. At least one specific route of the aggregate must be in the routing table for the configured aggregate to become active. Use the following command in the CONFIGURATION ROUTER BGP mode to aggregate routes.
Use the following commands in the CONFIGURATION ROUTER BGP mode to configure BGP confederations. Command Syntax Command Mode Purpose bgp confederation identifier as-number CONFIG-ROUTERBGP Specifies the confederation ID. AS-number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) bgp confederation peers as-number [... as-number] CONFIG-ROUTERBGP Specifies which confederation sub-AS are peers. AS-number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) All Confederation routers must be either 4-Byte or 2-Byte.
www.dell.com | support.dell.com Figure 8-31.
To set dampening parameters via a route map, use the following command in CONFIGURATION ROUTE-MAP mode: Command Syntax Command Mode Purpose set dampening half-life reuse CONFIG-ROUTE-MAP Enter the following optional parameters to configure route dampening parameters: • half-life range: 1 to 45. Number of minutes after which the Penalty is decreased. After the router assigns a Penalty of 1024 to a route, the Penalty is decreased by half after the half-life period expires.
www.dell.com | support.dell.com Use the following command in EXEC Privilege mode to clear information on route dampening and return suppressed routes to active state. Command Syntax Command Mode Purpose clear ip bgp dampening [ip-address mask] EXEC Privilege Clear all information or only information on a specific route. Use the following command in EXEC and EXEC Privilege mode to view statistics on route flapping.
Change BGP timers Use either or both of the following commands in the CONFIGURATION ROUTER BGP mode to configure BGP timers. Command Syntax Command Mode Purpose neighbors {ip-address | peer-group-name} timers keepalive CONFIG-ROUTERBGP Configure timer values for a BGP neighbor or peer group. • keepalive range: 1 to 65535. Time interval, in seconds, between keepalive messages sent to the neighbor routers. (Default: 60 seconds) • holdtime range: 3 to 65536.
www.dell.com | support.dell.com Use the clear ip bgp command in EXEC Privilege mode at the system prompt to reset a BGP connection using BGP soft reconfiguration. Command Syntax Command Mode Purpose clear ip bgp {* | neighbor-address | AS Numbers | ipv4 | peer-group-name} [soft [in | out]] EXEC Privilege Clear all information or only specific details.
Route map continue The BGP route map continue feature (in ROUTE-MAP mode) allows movement from one route-map entry to a specific route-map entry (the sequence number). If the sequence number is not specified, the continue feature moves to the next sequence number (also known as an implied continue). If a match clause exists, the continue feature executes only after a successful match occurs. If there are no successful matches, continue is ignored.
www.dell.com | support.dell.com MBGP Configuration et c MBGP for IPv4 Multicast is supported on platform c et s MBGP is not supported on the E-Series ExaScale ex platform. MBGP for IPv6 unicast is supported on platforms Multiprotocol BGP (MBGP) is an enhanced BGP that carries IP multicast routes. BGP carries two sets of routes: one set for unicast routing and one set for multicast routing.
BGP Regular Expression Optimization BGP policies that contain regular expressions to match against as-paths and communities might take a lot of CPU processing time, thus affect BGP routing convergence. Also, show bgp commands that get filtered through regular expressions can to take a lot of CPU cycles, especially when the database is large.
www.dell.com | support.dell.com Use the keyword no followed by the debug command To disable a specific debug command. For example, to disable debugging of BGP updates, enter no debug ip bgp updates command. 194 Use no debug ip bgp to disable all BGP debugging. Use undebug all to disable all debugging. Storing Last and Bad PDUs FTOS stores the last notification sent/received, and the last bad PDU received on per peer basis. The last bad PDU is the one that causes a notification to be issued.
Figure 8-34. Viewing the Last Bad PDU from BGP Peers FTOS(conf-router_bgp)#do show ip bgp neighbors 1.1.1.2 BGP neighbor is 1.1.1.2, remote AS 2, external link BGP version 4, remote router ID 2.4.0.
www.dell.com | support.dell.com The buffer size supports a maximum value between 40 MB (the default) and 100 MB. The capture buffers are cyclic and reaching the limit prompts the system to overwrite the oldest PDUs when new ones are received for a given neighbor or direction. Setting the buffer size to a value lower than the current max, might cause captured PDUs to be freed to set the new limit. Note: Memory on RP1 is not pre-allocated, and is allocated only when a PDU needs to be captured.
With full internet feed (205K) captured, approximately 11.8MB is required to store all of the PDUs, as shown in Figure 8-36. Figure 8-36. Required Memory for Captured PDUs FTOS(conf-router_bgp)#do show capture bgp-pdu neighbor 172.30.1.250 Incoming packet capture enabled for BGP neighbor 172.30.1.250 Available buffer size 29165743, 192991 packet(s) captured using 11794257 bytes [. . .] FTOS(conf-router_bgp)#do sho ip bg s BGP router identifier 172.30.1.
Sample Configuration Illustration Physical Links AS 99 Virtual Links GigE 1/21 10.0.1.21 /24 GigE 2/11 10.0.1.22 /24 Peer Group AAA Loopback ck 1 192.168.128.1 /24 Loopback 1 Lo 192.168.128.2 /24 19 e Pe rG u ro GigE 1/31 10.0.3.31 /24 p BB www.dell.com | support.dell.com Figure 8-37. B er Pe GigE 3/11 10.0.3.33 /24 o Gr C CC p u GigE 3/21 10.0.2.3 /24 Loopback 1 192.168.128.3 /24 AS 100 198 | Border Gateway Protocol IPv4 (BGPv4) GigE 2/31 10.0.2.
Figure 8-38. Enable BGP - Router 1 R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int gig 1/21 R1(conf-if-gi-1/21)#ip address 10.0.1.21/24 R1(conf-if-gi-1/21)#no shutdown R1(conf-if-gi-1/21)#show config ! interface GigabitEthernet 1/21 ip address 10.0.1.21/24 no shutdown R1(conf-if-gi-1/21)#int gig 1/31 R1(conf-if-gi-1/31)#ip address 10.0.3.
www.dell.com | support.dell.com Figure 8-39. Enable BGP - Router 2 R2# conf R2(conf)#int loop 0 R2(conf-if-lo-0)#ip address 192.168.128.2/24 R2(conf-if-lo-0)#no shutdown R2(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.2/24 no shutdown R2(conf-if-lo-0)#int gig 2/11 R2(conf-if-gi-2/11)#ip address 10.0.1.22/24 R2(conf-if-gi-2/11)#no shutdown R2(conf-if-gi-2/11)#show config ! interface GigabitEthernet 2/11 ip address 10.0.1.
Figure 8-40. Enable BGP - Router 3 R3# conf R3(conf)# R3(conf)#int loop 0 R3(conf-if-lo-0)#ip address 192.168.128.3/24 R3(conf-if-lo-0)#no shutdown R3(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.3/24 no shutdown R3(conf-if-lo-0)#int gig 3/11 R3(conf-if-gi-3/11)#ip address 10.0.3.33/24 R3(conf-if-gi-3/11)#no shutdown R3(conf-if-gi-3/11)#show config ! interface GigabitEthernet 3/11 ip address 10.0.3.
www.dell.com | support.dell.com Figure 8-41. Enable Peer Group - Router 1 R1#conf R1(conf)#router bgp 99 R1(conf-router_bgp)# network 192.168.128.0/24 R1(conf-router_bgp)# neighbor AAA peer-group R1(conf-router_bgp)# neighbor AAA no shutdown R1(conf-router_bgp)# neighbor BBB peer-group R1(conf-router_bgp)# neighbor BBB no shutdown R1(conf-router_bgp)# neighbor 192.168.128.2 peer-group AAA R1(conf-router_bgp)# neighbor 192.168.128.
Figure 8-42.
www.dell.com | support.dell.com Figure 8-43. Enable Peer Groups - Router 2 R2#conf R2(conf)#router bgp 99 R2(conf-router_bgp)# neighbor CCC peer-group R2(conf-router_bgp)# neighbor CCC no shutdown R2(conf-router_bgp)# neighbor BBB peer-group R2(conf-router_bgp)# neighbor BBB no shutdown R2(conf-router_bgp)# neighbor 192.168.128.1 peer AAA R2(conf-router_bgp)# neighbor 192.168.128.1 no shut R2(conf-router_bgp)# neighbor 192.168.128.3 peer BBB R2(conf-router_bgp)# neighbor 192.168.128.
Figure 8-44. Enable Peer Group - Router 3 R3#conf R3(conf)#router bgp 100 R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# AAA peer-group AAA no shutdown CCC peer-group CCC no shutdown 192.168.128.2 peer-group BBB 192.168.128.2 no shutdown 192.168.128.1 peer-group BBB 192.168.128.
www.dell.com | support.dell.com Figure 8-45.
9 Bare Metal Provisioning 2.0 Bare Metal Provisioning 2.0 is included as part of the FTOS image. It is supported on the following platforms: z Bare Metal Provisioning (BMP) improves accessibility to the switch by automatically loading pre-defined configurations and boot images that are stored in file servers. BMP can be used on a single switch or on multiple switches. For more information on using BMP and the different types of modes, refer to the Open Automation Guide.
www.dell.com | support.dell.com Restrictions BMP 2.0 is supported on the user ports and management ports of a switch. BMP 2.0 is not supported in a stacking environment. Overview On a new factory-loaded switch, the switch boots up in JumpStart mode. You can reconfigure a switch to reload between Normal and JumpStart mode.
Command Syntax Command Mode Purpose stop jump-start EXEC Privilege This command stops the jump-start reload process while it is in progress and changes the reload type to Normal mode. If the command is initiated while the switch is downloading an image or configuration file, the command takes effect when the DHCP release is sent. The reload settings that you configure with the reload-type command are stored in non-volatile memory and retained for future reboots.
www.dell.com | support.dell.com One or more of the following parameters must be configured on the DHCP server. • • • • • Boot File Name: The FTOS image to be loaded on the switch. The boot file name is expected to use Option 67 or the boot filename in the boot payload of the DHCP offer. If both are specified, Option 67 will be used. Configuration File Name: The configurations to be applied to the switch. The configuration file name is expected to use Option 209.
MAC-Based IP assignment One way to use the BMP mode most efficiently is to configure the DHCP server to assign a fixed IP address, FTOS image, and configuration file based on the switch’s MAC address. When this is done, the same IP address is assigned to the switch even on repetitive reloads and the same configuration file will be retrieved when using the DNS server or the network-config file to determine the hostname. The assigned IP address is only used to retrieve the files from the file server.
www.dell.com | support.dell.com Example content of the /etc/dhcpd.conf file: host ct-maa-s55-1 { hardware ethernet 00:01:e8:8a:e4:f5; fixed-address 10.16.206.210; class "DELLNTW-S55" { match if substring (option vendor-class-identifier,0,17) = "TY=DELLNTW-S55 "; filename "tftp://10.16.127.147/ FTOS-SD-8-3-5-338.bin"; } } Example vendor class identifier string: :"TY=DELLNTW-S55 ;HW=2.
The server that holds the boot and configuration files must be configured as the network source for the switch. The switch recognizes HTTP, TFTP, FTP, external USB memory and Flash URLs.
www.dell.com | support.dell.com DHCP server IP, TFTP server address, DNS server IP, bootfile name and the configuration filename from the DHCP server. If a DHCP offer has no image path or configuration file path it is considered to be an invalid BMP DHCP offer, the offer is ignored. The first DHCP offer with IP address, FTOS image and configuration file, or the IP address and FTOS image, or the IP address and configuration file is chosen. 4. The DHCP OFFER is selected.
c If the configuration file is downloaded from the server, any saved startup-configuration on the flash is ignored. If no configuration file is downloaded from the server or the config-download parameter is disable, the startup-configuration file on the flash is loaded as in normal reload. 6. When the FTOS image and the configuration file have been downloaded, the IP address is released. 00:04:06: %STKUNIT0-M:CP %JUMPSTART-5-JUMPSTART_RELEASE: DHCP RELEASE sent on Fo 0/56.
www.dell.com | support.dell.com 216 | Bare Metal Provisioning 2.
10 Content Addressable Memory Content Addressable Memory is supported on platforms • • • • • • • • • • • • • • • c et s Content Addressable Memory CAM Profiles Microcode Boot Behavior When to Use CAM Profiling Important Points to Remember Select CAM Profiles CAM Allocation Test CAM Usage View CAM Profiles View CAM-ACL settings View CAM-ACL settings CAM Optimization Applications for CAM Profiling Troubleshoot CAM Profiling Content Addressable Memory Content Addressable Memory (CAM) is a type of memory tha
www.dell.com | support.dell.com CAM Profiles Dell Networking systems partition each CAM module so that it can store the different types of information. The size of each partition is specified in the CAM profile. A CAM profile is stored on every card, including each RPM. The same profile must be on every line card and RPM in the chassis. There is a default CAM profile and several other CAM profiles available so that you can partition the CAM according to your performance requirements.
Table 10-1. CAM Profile Descriptions (continued) CAM Profile Description ipv4-64k-ipv6 Provides IPv6 functionality; an alternate to ipv6-extacl that redistributes CAM space from the IPv4FIB to IPv4Flow and IPv6FIB. Available Microcodes: ipv6-extacl The size of CAM partitions is measured in entries. Table 10-1 shows the number of entries available in each partition for all CAM profiles.
www.dell.com | support.dell.com There is a default microcode, and several other microcodes are available, so that you can adjust packet handling according to your application. Specifying a microcode is mandatory when selecting a CAM profile (though you are not required to change it). Note: Not all CAM profiles and microcodes are available for all systems. Refer to the Command Line Interface Reference Guide for details regarding available profiles for each system. Table 10-3.
• If you insert a dual-CAM line card into a chassis with a single-CAM profile, the line card boots with a matching profile, but operates with a lower capability.
www.dell.com | support.dell.com When to Use CAM Profiling The CAM profiling feature enables you to partition the CAM to best suit your application. For example: • • • • • • Configure more Layer 2 FIB entries when the system is deployed as a switch. Configure more Layer 3 FIB entries when the system is deployed as a router. Configure more ACLs (when IPv6 is not employed). Hash MPLS packets based on source and destination IP addresses for LAGs. See LAG Hashing on page 227.
• If a the standby RPM has a profile different from the primary RPM, the card reboots so that it can load the proper profile. To change the CAM profile on the entire system: Step 1 Task Command Syntax Command Mode Select a CAM profile. cam-profile profile microcode CONFIGURATION microcode Note: If selecting a cam-profile for VRF (cam-profile ipv4-vrf or ipv4-v6-vrf), implement the command in the CONFIGURATION mode only. If you use EXEC Privilege mode, the linecards may go into an error state.
www.dell.com | support.dell.com You must save the new CAM settings to the startup-config (write-mem or copy run start) then reload the system for the new settings to take effect. To configure the IPv4 and IPv6 ACLs and Qos regions on the entire system: Step 1 Task Command Syntax Command Mode Select a cam-acl action cam-acl [default | l2acl] CONFIGURATION Note: Selecting default resets the CAM entries to the default settings. Select l2acl to allocate space for the ACLs, and QoS regions.
View CAM Profiles View the current CAM profile for the chassis and each component using the command show cam-profile, as shown in Figure 10-4. This command also shows the profile that will be loaded upon the next chassis or component reload. Figure 10-4.
www.dell.com | support.dell.com Figure 10-6.
Figure 10-7.
www.dell.com | support.dell.com • • • When an IP header is present, hashing is based on IP 3 tuple (source IP address, destination IP address, and IP protocol). If an IP header is not found after the 5th label, hashing is based on the MPLS labels. If the packet has more than 5 MPLS labels, hashing is based on the source and destination MAC address. To enable this type of hashing, use the default CAM profile with the microcode lag-hash-mpls.
• • Use the CONFIGURATION mode commands so that the profile is change throughout the system. Use the EXEC Privilege mode commands to match the profile of a component to the profile of the target system. QoS CAM Region Limitation The default CAM profile allocates a partition within the IPv4Flow region to store QoS service policies. If the QoS CAM space is exceeded, messages similar to the ones in Message 3 are displayed.
| Content Addressable Memory www.dell.com | support.dell.
11 S-Series Debugging and Diagnostics The chapter contains the following major sections: • • • • • • • Offline diagnostics Trace logs Last restart reason (S55) show hardware commands (S55) Troubleshooting packet loss Application core dumps Mini core dumps Offline diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware.
www.dell.com | support.dell.com • • Diagnostic results are stored on the flash of the unit on which you performed the diagnostics. When offline diagnostics are complete, the unit or stack member reboots automatically. Running Offline Diagnostics 1. Place the unit in the offline state using the offline stack-unit command from EXEC Privilege mode, as shown in Figure 11-1. YOu cannot enter the command on a Master or Standby stack unit. The system reboots when the off-line diagnostics complete.
Figure 11-2. Verifying the Offline/Online Status of an S-Series Stack Unit FTOS#show system brief | no-more Stack MAC : 00:01:e8:d6:02:39 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Standby online S25V S25V 4.7.7.220 28 1 Management offline S50N S50N 4.7.7.220 52 2 Member online S25P S25P 4.7.7.
www.dell.com | support.dell.com Figure 11-3. Running Offline Diagnostics on an S-Series Standalone Unit FTOS#diag stack-unit 1 alllevels Warning - diagnostic execution will cause multiple link flaps on the peer side - advisable to shut directly connected ports Proceed with Diags [confirm yes/no]: yes 00:03:35: %S50N:1 %DIAGAGT-6-DA_DIAG_STARTED: Starting diags on stack unit 1 00:03:35 : Approximate time to complete these Diags ...
Figure 11-5. Viewing the Results of Offline Diagnostics on a Standalone Unit FTOS#show file flash://TestReport-SU-0.txt **********************************S-Series Diagnostics******************** Stack Unit Board Serial Number : DL267160098 CPU Version : MPC8541, Version: 1.1 PLD Version : 5 Diag image based on build : E_MAIN4.7.7.206 Stack Unit Board Voltage levels - 3.300000 V, 2.500000 V, 1.800000 V, 1.250000 V, 1.200000 V, 2.
www.dell.com | support.dell.com Auto Save on Crash or Rollover Exception information on for master or standby units is stored in the flash:/TRACE_LOG_DIR directory. This directory contains files that save trace information when there has been a task crash or timeout. On a master unit, the TRACE_LOG_DIR files can be reached by FTP or by using the show file command from the flash://TRACE_LOG_DIR directory.
Table 11-2. show hardware Commands Command Description show hardware stack-unit {0-11} cpu management statistics View internal interface status of the stack-unit CPU port which connects to the external management interface. show hardware stack-unit {0-11} cpu data-plane statistics View driver-level statistics for the data-plane port on the CPU for the specified stack-unit.
www.dell.com | support.dell.com • • • • clear hardware stack-unit 0-11 unit 0-1 counters clear hardware stack-unit 0-11 cpu data-plane statistics clear hardware stack-unit 0-11 cpu party-bus statistics clear hardware stack-unit 0-11 stack-port 48-51 Displaying Drop Counters The show hardware stack-unit 0–11 drops [unit 0–1 [port 0–49]] command assists in identifying which stack unit, port pipe, and port is experiencing internal drops, as shown in Figure 11-6 and Figure 11-7. Figure 11-6.
Figure 11-7.
www.dell.com | support.dell.com Figure 11-8.
Displaying Stack Port Statistics The show hardware stack-unit stack-port command displays input and output statistics for a stack-port interface, as shown in Figure 11-10. Figure 11-10.
www.dell.com | support.dell.com Application core dumps Application core dumps are disabled by default. A core dump file can be very large. Due to memory requirements the file can only be sent directly to an FTP server. It is not stored on the local flash. Enable full application core dumps with the following: Task Command Syntax Command Mode Enable RPM core dumps and specify the shutdown mode. logging coredump server CONFIGURATION Undo this command using the no logging coredump server.
Figure 11-13.
www.dell.com | support.dell.
Skippy812 12 Dynamic Host Configuration Protocol (DHCP) Dynamic Host Configuration Protocol (DHCP) is available on platforms: e c s z This chapter contains the following sections: • • • • • • • Protocol Overview Implementation Information Configuration Tasks Configure the System to be a DHCP Server Configure the System to be a Relay Agent Configure the System for User Port Stacking Configure Secure DHCP Protocol Overview Dynamic Host Configuration Protocol (DHCP) is an application layer protocol that d
www.dell.com | support.dell.com • Relay agent—an intermediary network device that passes DHCP messages between the client and server when the server is not on the same subnet as the host DHCP Packet Format and Options DHCP uses UDP as its transport protocol. The server listens on port 67 and transmits to port 68; the client listens on port 68 and transmits to port 67.
Assigning an IP Address using DHCP When a client joins a network: 1. The client initially broadcasts a DHCPDISCOVER message on the subnet to discover available DHCP servers. This message includes the parameters that the client requires and might include suggested values for those parameters. 2. Servers unicast or broadcast a DHCPOFFER message in response to the DHCPDISCOVER that offers to the client values for the requested parameters.
www.dell.com | support.dell.com Implementation Information • • The Dell Networking implementation of DHCP is based on RFC 2131 and RFC 3046. IP Source Address Validation is a sub-feature of DHCP Snooping; FTOS uses ACLs internally to implement this feature and as such, you cannot apply ACLs to an interface which has IP Source Address Validation.
Configure the System to be a DHCP Server Configure the System to be a DHCP Server is supported only on platforms: , , and c and s (S25/S50), A DHCP server is a network device that has been programmed to provide network configuration parameters to clients upon request. Servers typically serve many clients, making host management much more organized and efficient. The key responsibilities of DHCP servers are: 1.
www.dell.com | support.dell.com Configure the Server for Automatic Address Allocation This feature is available on c and s (S25/S50), , , and platforms only. Automatic Address Allocation is an address assignment method by which the DHCP server leases an IP address to a client from a pool of available addresses. Create an IP Address Pool An address pool is a range of IP addresses that may be assigned by the DHCP server. Address pools are indexed by subnet number.
Specify a Default Gateway The IP address of the default router should be on the same subnet as the client. Task Command Syntax Command Mode Specify default gateway(s) for the clients on the subnet, in order of preference. default-router address DHCP Enable DHCP Server This feature is available on c and s (S25/S50), , , and platforms only. The DHCP server is disabled by default. Step Task Command Syntax Command Mode 1 Enter the DHCP command-line context.
www.dell.com | support.dell.com Configure a Method of Hostname Resolution Dell Networking systems are capable of providing DHCP clients with parameters for two methods of hostname resolution. Address Resolution using DNS A domain is a group of networks. DHCP clients query DNS IP servers when they need to correlate host names to IP addresses. Step Task Command Syntax Command Mode 1 Create a domain.
Create Manual Binding Entries An address binding is a mapping between the IP address and Media Access Control (MAC) address of a client. The DHCP server assigns the client an available IP address automatically, and then creates a entry in the binding table. However, the administrator can manually create an entry for a client; manual bindings are useful when you want to guarantee that a particular network device receives a particular IP address. Manual bindings can be considered single-host address pools.
Note: DHCP Relay is not available on Layer 2 interfaces and VLANs. HCP Relay Device DHCP Server 10.11.2.5 Broadcast Source IP : 10.11.1.5 Destination IP: 255.255.255.255 Source Port: 67 Destination Port: 68 Unicast Source IP : 10.11.1.5 Destination IP: 10.11.0.3 Source Port: 67 Destination Port: 68 Unicast www.dell.com | support.dell.com When ip helper-address is configured, the system listens for DHCP broadcast messages on port 67.
Configure the System for User Port Stacking When you set the DHCP offer on the DHCP server, you can set the stacking-option variable to provide the stack-port detail so a stack can be formed when the units are connected. Configure Secure DHCP The following feature is available on platforms: c es and z except where noted. DHCP as defined by RFC 2131 provides no authentication or security mechanisms.
www.dell.com | support.dell.com The relay agent strips Option 82 from DHCP responses before forwarding them to the client. Task Command Syntax Command Mode Insert Option 82 into DHCP packets. For routers between the relay agent and the DHCP server, enter the trust-downstream option. ip dhcp relay information-option [trust-downstream] CONFIGURATION Configure the system to enable remote-id string in Option 82.
Enable DCHP snooping Step Task Command Syntax Command Mode 1 Enable DHCP Snooping globally. ip dhcp snooping CONFIGURATION 2 Specify ports connected to DHCP servers as trusted. ip dhcp snooping trust INTERFACE 3 Enable DHCP Snooping on a VLAN. ip dhcp snooping vlan CONFIGURATION Add a static entry in the binding table Task Command Syntax Command Mode Add a static entry in the binding table.
www.dell.com | support.dell.com View the DHCP Snooping statistics with the show ip dhcp snooping command. FTOS#show ip dhcp snooping IP IP IP IP DHCP DHCP DHCP DHCP Snooping Snooping Mac Verification Relay Information-option Relay Trust Downstream : : : : Enabled. Disabled. Disabled. Disabled.
Dynamic ARP Inspection Dynamic ARP inspection prevents ARP spoofing by forwarding only ARP frames that have been validated against the DHCP binding table. ARP is a stateless protocol that provides no authentication mechanism. Network devices accept ARP requests and replies from any device, and ARP replies are accepted even when no request was sent. If a client receives an ARP message for which a relevant entry already exists in its ARP cache, it overwrites the existing entry with the new information.
www.dell.com | support.dell.com • denial of service—an attacker can send a fraudulent ARP messages to a client to associate a false MAC address with the gateway address, which would blackhole all internet-bound packets from the client. Note: DAI uses entries in the L2SysFlow CAM region, a sub-region of SystemFlow. One CAM entry is required for every DAI-enabled VLAN. You can enable DAI on up to 16 VLANs on a system.
Use show arp inspection statistics command to see how many valid and invalid ARP packets have been processed. FTOS#show arp inspection statistics Dynamic ARP Inspection (DAI) Statistics --------------------------------------Valid ARP Requests Valid ARP Replies Invalid ARP Requests Invalid ARP Replies FTOS# : : : : 0 1000 1000 0 Bypass the ARP Inspection You can configure a port to skip ARP inspection by defining the interface as trusted, which is useful in multi-switch environments.
www.dell.com | support.dell.com The DHCP binding table associates addresses assigned by the DHCP servers, with the port on which the requesting client is attached. When IP Source Address Validation is enabled on a port, the system verifies that the source IP address is one that is associated with the incoming port. If an attacker is impostering as a legitimate client the source address appears on the wrong ingress port, and the system drops the packet.
Step 4 Task Command Syntax Command Mode Enable IP+MAC Source Address Validation. ip dhcp source-address-validation ipmac INTERFACE FTOS creates an ACL entry for each IP+MAC address pair in the binding table and applies it to the interface. Task Command Syntax Command Mode Display the IP+MAC ACL for an interface for the entire system.
www.dell.com | support.dell.
13 GARP VLAN Registration Protocol GARP VLAN Registration Protocol is supported on platform ces Protocol Overview Typical VLAN implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GARP VLAN Registration Protocol (GVRP), defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches.
www.dell.com | support.dell.com Figure 13-1. GVRP Compatibility Error Message FTOS(conf)#protocol spanning-tree pvst FTOS(conf-pvst)#no disable % Error: GVRP running. Cannot enable PVST. ......... FTOS(conf)#protocol spanning-tree mstp FTOS(conf-mstp)#no disable % Error: GVRP running. Cannot enable MSTP. ......... FTOS(conf)#protocol gvrp FTOS(conf-gvrp)#no disable % Error: PVST running. Cannot enable GVRP. % Error: MSTP running. Cannot enable GVRP.
Figure 13-2. GVRP Configuration Overview GVRP is configured globally and on all VLAN trunk ports for the edge and core switches. Edge Switches Edge Switches Core Switches VLANs 70-80 VLANs 10-20 VLANs 10-20 VLANs 30-50 VLANs 70-80 VLANs 30-50 NOTES: VLAN 1 mode is always fixed and cannot be configured All VLAN trunk ports must be configured for GVRP All VLAN trunk ports must be configured as 802.1Q Basic GVRP configuration is a 2-step process: 1. Enable GVRP globally. See page 268. 2.
www.dell.com | support.dell.com Figure 13-3. Enabling GVRP Globally FTOS(conf)#protocol gvrp FTOS(config-gvrp)#no disable FTOS(config-gvrp)#show config ! protocol gvrp no disable FTOS(config-gvrp)# Enabling GVRP on a Layer 2 Interface Enable GVRP on a Layer 2 interface using the command gvrp enable in INTERFACE mode, as shown in Figure 13-4.
Based on the configuration in the example shown in Figure 13-5, the interface 1/21 will not be removed from VLAN 34 or VLAN 35 despite receiving a GVRP Leave message. Additionally, the interface will not be dynamically added to VLAN 45 or VLAN 46, even if a GVRP Join message is received. Figure 13-5.
www.dell.com | support.dell.com 270 FTOS displays Message 1 if an attempt is made to configure an invalid GARP timer. Message 1 GARP Timer Error FTOS(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer.
14 Internet Group Management Protocol Table 14-1. FTOS Support for IGMP and IGMP Snooping Feature Platform IGMP version 1, 2, and 3 ces ces ces IGMP Snooping version 2 IGMP Snooping version 3 Multicast is premised on identifying many hosts by a single destination IP address; hosts represented by the same IP address are a multicast group. Internet Group Management Protocol (IGMP) is a Layer 3 multicast protocol that hosts use to join or leave a multicast group.
www.dell.com | support.dell.com IGMP version 2 IGMP version 2 improves upon version 1 by specifying IGMP Leave messages, which allows hosts to notify routers that they no longer care about traffic for a particular group. Leave messages reduce the amount of time that the router takes to stop forwarding traffic for a group to a subnet (leave latency) after the last host leaves the group.
Sending an Unsolicited IGMP Report A host does not have to wait for a general query to join a group. It may send an unsolicited IGMP Membership Report, also called an IGMP Join message, to the querier. Leaving a Multicast Group 1. A host sends a membership report of type 0x17 (IGMP Leave message) to the all routers multicast address 224.0.0.2 when it no longer cares about multicast traffic for a particular group. 2.
www.dell.com | support.dell.com Figure 14-3. Version (4) IHL IGMP version 3 Membership Report Packet Format TOS (0xc0) Total Length Flags Frag Offset TTL (1) Protocol (2) Header Checksum Type Reserved Src IP Addr Dest IP Addr (224.0.0.
Figure 14-4. IGMP Membership Reports: Joining and Filtering Membership Reports: Joining and Filtering 3 Interface Multicast Group Filter Source Source Address Timer Mode Timer 1/1 224.1.1.1 GMI Exclude None 1/1 224.1.1.1 Include 10.11.1.1 GMI 1/1 224.1.1.1 Include 10.11.1.1 GMI IGMP Group-and-Source Specific Query Non-Querier Querier Type: 0x11 Group Address: 244.1.1.1 Number of Sources: 1 Source Address: 10.11.1.1 1/1 10.11.1.
www.dell.com | support.dell.com Figure 14-5. IGMP Membership Queries: Leaving and Staying in Groups Membership Queries: Leaving and Staying Non-Querier Querier Interface Multicast Group Filter Source Source Address Timer Mode Timer 1/1 224.1.1.1 Include 10.11.1.1 LQMT 10.11.1.2 LQMT Non-querier builds identical table and waits Other Querier Present Interval to assume Querier role 1/1 2/1 224.2.2.2 GMI Exclude None IGMP Group-and-Source Specific Query Type: 0x11 Group Address: 224.1.1.
Figure 14-6. Viewing IGMP-enabled Interfaces FTOS#show ip igmp interface gig 7/16 GigabitEthernet 7/16 is up, line protocol is up Internet address is 10.87.3.2/24 IGMP is enabled on interface IGMP query interval is 60 seconds IGMP querier timeout is 300 seconds IGMP max query response time is 10 seconds Last member query response interval is 199 ms IGMP activity: 0 joins, 0 leaves IGMP querying router is 10.87.3.
www.dell.com | support.dell.com Figure 14-8. Viewing Static and Learned IGMP Groups FTOS(conf-if-gi-1/0)#do sho ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Uptime 224.1.1.1 GigabitEthernet 1/0 00:00:03 224.1.2.1 GigabitEthernet 1/0 00:56:55 Expires Never 00:01:22 Last Reporter CLI 1.1.1.2 Adjusting Timers View the current value of all IGMP timers using the command show ip igmp interface from EXEC Privilege mode, as shown in Figure 14-6.
2. When a router receives a query it compares the IP address of the interface on which it was received with the source IP address given in the query. If the receiving router IP address is greater than the source address given in the query, the router stops sending queries. By this method, the router with the lowest IP address on the subnet is elected querier and continues to send queries. 3.
www.dell.com | support.dell.com IGMP Snooping Multicast packets are addressed with multicast MAC addresses, which represent a group of devices, rather than one unique device. Switches forward multicast frames out of all ports in a VLAN by default, even though there may be only some interested hosts, which is a waste of bandwidth.
Figure 14-10. Enabling IGMP Snooping FTOS(conf-if-vl-100)#show config ! interface Vlan 100 no ip address ip igmp snooping fast-leave shutdown FTOS(conf-if-vl-100)# Disabling Multicast Flooding If the switch receives a multicast packet that has an IP address of a group it has not learned (unregistered frame), the switch floods that packet out of all ports on the VLAN.
www.dell.com | support.dell.com • When enabled, IGMP snooping Querier starts after one query interval in case no IGMP general query (with IP SA lower than its VLAN IP address) is received on any of its VLAN members. Adjusting the Last Member Query Interval When the querier receives a leave message from a receiver, it sends a group-specific query out of the ports specified in the forwarding table. If no response is received, it sends another.
15 Interfaces This chapter describes interface types, both physical and logical, and how to configure them with FTOS. 10/100/1000 Mbps Ethernet, Gigabit Ethernet, and 10 Gigabit Ethernet interfaces are supported on platforms ces SONET interfaces are only supported on platform the E-Series FTOS Configuration Guide.
www.dell.com | support.dell.
Figure 15-1. show interfaces Command Example FTOS#show interfaces tengigabitethernet 1/0 TenGigabitEthernet 1/0 is up, line protocol is up Hardware is Force10Eth, address is 00:01:e8:05:f3:6a Current address is 00:01:e8:05:f3:6a Pluggable media present, XFP type is 10GBASE-LR. Medium is MultiRate, Wavelength is 1310nm XFP receive power reading is -3.7685 Interface index is 67436603 Internet address is 65.113.24.
www.dell.com | support.dell.com Figure 15-2. show ip interfaces brief Command Example (Partial) FTOS#show ip interface Interface GigabitEthernet 1/0 GigabitEthernet 1/1 GigabitEthernet 1/2 GigabitEthernet 1/3 GigabitEthernet 1/4 GigabitEthernet 1/5 GigabitEthernet 1/6 GigabitEthernet 1/7 GigabitEthernet 1/8 brief IP-Address unassigned unassigned unassigned unassigned unassigned 10.10.10.
To enter the INTERFACE mode, use these commands in the following sequence, starting in the CONFIGURATION mode: Step 1 2 Command Syntax Command Mode Purpose interface interface CONFIGURATION Enter the keyword interface followed by the type of interface and slot/port information: • For a 10/100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. • For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information.
www.dell.com | support.dell.com For more information on VLANs, see Bulk Configuration and for more information on port channels, see Port Channel Interfaces. FTOS Behavior: S-Series systems use a single MAC address for all physical interfaces while E-Series and C-Series use a unique MAC address for each physical interface, though this results in no functional difference between these platforms.
Overview of Layer Modes On all systems running FTOS, you can place physical interfaces, port channels, and VLANs in Layer 2 mode or Layer 3 mode. By default, VLANs are in Layer 2 mode. Table 15-1.
www.dell.com | support.dell.com For information on enabling and configuring Spanning Tree Protocol, see Chapter 20, Layer 2. To view the interfaces in Layer 2 mode, use the command show interfaces switchport in the EXEC mode. Configure Layer 3 (Network) Mode When you assign an IP address to a physical interface, you place it in Layer 3 mode. Use the ip address command and no shutdown command in INTERFACE mode to enable Layer 3 mode on an individual interface.
Command Syntax Command Mode Purpose ip address ip-address mask [secondary] INTERFACE Configure a primary IP address and mask on the interface. The ip-address must be in dotted-decimal format (A.B.C.D) and the mask must be in slash format (/xx). Add the keyword secondary if the IP address is the interface’s backup IP address. You can only configure one (1) primary IP address per interface. You can configure up to 255 secondary IP addresses on a single interface.
www.dell.com | support.dell.com To configure a Management interface, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose interface Managementethernet interface CONFIGURATION Enter the slot and the port (0). ON the E-Series and C-Series, dual RPMs can be in use. Slot range: C-Series, E-Series: 0-1 S55: 0 To view the Primary RPM Management port, use the show interface Managementethernet command in the EXEC Privilege mode.
• • • The primary management interface will use only the virtual IP address if it is configured. The system can not be accessed through the native IP address of the primary RPM’s management interface. Once the virtual IP address is removed, the system is accessible through the native IP address of the primary RPM’s management interface. Primary and secondary management interface IP and virtual IP must be in the same subnet.
www.dell.com | support.dell.com VLAN Interfaces VLANs are logical interfaces and are, by default, in Layer 2 mode. Physical interfaces and port channels can be members of VLANs. For more information on VLANs and Layer 2, refer to Chapter 20, Layer 2. See also VLAN Stacking. Note: To monitor VLAN interfaces, use the Management Information Base for Network Management of TCP/IP-based internets: MIB-II (RFC 1213). Monitoring VLAN interfaces via SNMP is supported only on E-Series.
Loopback Interfaces A Loopback interface is a virtual interface in which the software emulates an interface. Packets routed to it are processed locally. Since this interface is not a physical interface, you can configure routing protocols on this interface to provide protocol stability. You can place Loopback interfaces in default Layer 3 mode.
www.dell.com | support.dell.com Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad. This section covers the following topics: • • • • Port channel definition and standards Port channel benefits Port channel implementation Configuration task list for port channel interfaces Port channel definition and standards Link aggregation is defined by IEEE 802.
Table 15-2. Number of Port-channels per Platform Platform Port-channels Members/Channel C-Series 128 8 S-Series 128 8 Table 15-3. Maximum number of configurable Port-channels Platform Port-channels E-Series ExaScale 255 Members/Channel 64 As soon as a port channel is configured, FTOS treats it like a physical interface. For example, IEEE 802.1Q tagging is maintained while the physical interface is in the port channel.
www.dell.com | support.dell.com For example, if four interfaces (Gi 0/0, 0/1, 0/2, 0/3) in which Gi 0/0 and Gi 0/3 are set to speed 100 Mb/s and the others are set to 1000 Mb/s, with all interfaces enabled, and you add them to a port channel by entering channel-member gigabitethernet 0/0-3 while in the port channel interface mode, and FTOS determines if the first interface specified (Gi 0/0) is up. Once it is up, the common speed of the port channel is 100 Mb/s.
Add a physical interface to a port channel The physical interfaces in a port channel can be on any line card in the chassis, but must be the same physical type. Note: Port channels can contain a mix of Gigabit Ethernet and 10/100/1000 Ethernet interfaces, but FTOS disables the interfaces that are not the same speed of the first channel member in the port channel (see 10/100/1000 Mbps interfaces in port channels).
www.dell.com | support.dell.com Figure 15-10. show interfaces port-channel brief Command Example FTOS#show int port brief LAG Mode 1 L2L3 Status up Uptime 00:06:03 2 up 00:06:03 L2L3 Ports Gi 13/6 Gi 13/12 Gi 13/7 Gi 13/8 Gi 13/13 Gi 13/14 (Up) * (Up) (Up) * (Up) (Up) (Up) FTOS# Figure 15-11 displays the port channel’s mode (L2 for Layer 2 and L3 for Layer 3 and L2L3 for a Layer 2 port channel assigned to a routed VLAN), the status, and the number of interfaces belonging to the port channel.
Figure 15-12. Error Message FTOS(conf-if-portch)#show config ! interface Port-channel 5 no ip address switchport channel-member GigabitEthernet 1/6 FTOS(conf-if-portch)#int gi 1/6 FTOS(conf-if)#ip address 10.56.4.4 /24 % Error: Port is part of a LAG Gi 1/6. FTOS(conf-if)# Error message Reassign an interface to a new port channel An interface can be a member of only one port channel.
www.dell.com | support.dell.com Figure 15-13.
To add a port channel to a VLAN, use either of the following commands: Command Syntax Command Mode Purpose tagged port-channel id number INTERFACE VLAN Add the port channel to the VLAN as a tagged interface. An interface with tagging enabled can belong to multiple VLANs. untagged port-channel id number INTERFACE VLAN Add the port channel to the VLAN as an untagged interface. An interface without tagging enabled can belong to only one VLAN.
www.dell.com | support.dell.com Load balancing through port channels FTOS uses hash algorithms for distributing traffic evenly over channel members in a port channel (LAG). The hash algorithm distributes traffic among ECMP paths and LAG members. The distribution is based on a flow, except for packet-based hashing. A flow is identified by the hash and is assigned to one link. In packet-based hashing, a single flow can be distributed on the LAG and uses one link.
On the E-Series, to change the 5-tuple default to 3-tuple, MAC, or packet-based, use the following command in CONFIGURATION mode: Command Syntax Command Mode Purpose [no] load-balance [ip-selection {3-tuple | packet-based}] [mac] CONFIGURATION To designate a method to balance traffic over a port channel. By default, IP 5-tuple is used to distribute traffic over members port channel. ip-selection 3-tuple—Distribute IP traffic based on IP source address, IP destination address, and IP protocol type.
www.dell.com | support.dell.com IPv4, IPv6, and non-IP traffic handling on the E-Series The table below presents the combinations of the load-balance command and their effect on traffic types. Table 15-6.
Hash algorithm The load-balance command discussed above selects the hash criteria applied to port channels. If even distribution is not obtained with the load-balance command, the hash-algorithm command can be used to select the hash scheme for LAG, ECMP and NH-ECMP. The 12 bit Lag Hash can be rotated or shifted till the desired hash is achieved. The nh-ecmp option allows you to change the hash value for recursive ECMP routes independently of non-recursive ECMP routes.
www.dell.com | support.dell.com On C-Series and S-Series, the hash-algorithm command is specific to ECMP groups and has different defaults from the E-Series. The default ECMP hash configuration is crc-lower. This takes the lower 32 bits of the hash key to compute the egress port.
The show range command is available under interface range mode. This command allows you to display all interfaces that have been validated under the interface range context. The show configuration command is also available under the interface range mode. This command allows you to display the running configuration only for interfaces that are part of interface range.
www.dell.com | support.dell.com Exclude a smaller port range If interface range has multiple port ranges, the smaller port range is excluded from prompt: Figure 15-20. Interface Range Prompt Excluding a Smaller Port Range FTOS(conf)#interface range gigabitethernet 2/0 - 23 , gigab 2/1 - 10 FTOS(conf-if-range-gi-2/0-23)# Overlap port ranges If overlapping port ranges are specified, the port range is extended to the smallest start port number and largest end port number: Figure 15-21.
Interface Range Macros The user can define an interface-range macro to automatically select a range of interfaces for configuration. Before you can use the macro keyword in the interface-range macro command string, you must define the macro.
www.dell.com | support.dell.com Monitor and Maintain Interfaces Monitor interface statistics with the monitor interface command. This command displays an ongoing list of the interface status (up/down), number of packets, traffic statistics, etc. Command Syntax Command Mode Purpose monitor interface interface EXEC Privilege View the interface’s statistics.
Figure 15-24. Command Example: monitor interface FTOS#monitor interface gi 3/1 FTOS uptime is 1 day(s), 4 hour(s), 31 minute(s) Monitor time: 00:00:00 Refresh Intvl.
www.dell.com | support.dell.com To test the condition of cables on 10/100/1000 BASE-T modules, use the tdr-cable-test command: Step 1 Command Syntax Command Mode Usage tdr-cable-test gigabitethernet / EXEC Privilege To test for cable faults on the GigabitEthernet cable. • Between two ports, the user must not start the test on both ends of the cable. • The user must enable the interface before starting the test. • The port should be enabled to run the test or the test prints an error message.
• Changes made do not affect any ongoing debounces. The timer changes take affect from the next debounce onward. Assign a debounce time to an interface Command Syntax Command Mode Purpose link debounce time [milliseconds] INTERFACE Enter the time to delay link status change notification on this interface. Range: 100-5000 ms • • Figure 15-25.
www.dell.com | support.dell.com When an E300 system boots up and a single SFM is active this configuration, any ports configured with this feature will be shut down. All other ports are booted up. Similarly, if an SFM fails (or is removed) in an E300 system with two SFM, ports configured with this feature will be shut down. All other ports are treated normally. When a second SFM is installed or replaced, all ports are booted up and treated as normally.
Enable Link Dampening Enable link dampening using the command dampening from INTERFACE mode, as shown in Figure 15-27. Figure 15-27. Configuring Link Dampening R1(conf-if-gi-1/1)#show config ! interface GigabitEthernet 1/1 ip address 10.10.19.
www.dell.com | support.dell.com Figure 15-30.
The globally assigned 48-bit Multicast address 01-80-C2-00-00-01 is used to send and receive pause frames. To allow full duplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with destination address equal to this multicast address. The PAUSE frame is defined by IEEE 802.3x and uses MAC Control frames to carry the PAUSE commands. Ethernet Pause Frames are supported on full duplex only.
www.dell.com | support.dell.com Enable Pause Frames Note: On the C-Series and S-Series (non-S55) platforms, Ethernet Pause Frames TX should be enabled only after consulting with the Dell Networking Technical Assistance Center. Note: The S55 supports only the rx control option. The S55 does not transmit pause frames. Ethernet Pause Frames flow control must be enabled on all ports on a chassis or a line card. If not, the system may exhibit unpredictable behavior.
Configure MTU Size on an Interface If a packet includes a Layer 2 header, the difference in bytes between the link MTU and IP MTU must be enough to include the Layer 2 header. For example, for VLAN packets, if the IP MTU is 1400, the Link MTU must be no less than 1422: 1400-byte IP MTU + 22-byte VLAN Tag = 1422-byte link MTU The MTU range is 592-9252, with a default of 1500. On the E-Series, the user must enter the ip mtu command to manually configure the IP MTU to compensate for the Layer 2 header.
www.dell.com | support.dell.com Port-pipes A port pipe is a Dell Networking specific term for the hardware path that packets follow through a system. Port pipes travel through a collection of circuits (ASICs) built into line cards and RPMs on which various processing events for the packets occur. One or two port pipes process traffic for a given set of physical interfaces or a port-set. The E300 only supports one port pipe per slot.
Auto-Negotiation on Ethernet Interfaces Setting speed and duplex mode of Ethernet Interfaces By default, auto-negotiation of speed and duplex mode is enabled on 10/100/1000 Base-T Ethernet interfaces. Only 10GE interfaces do not support auto-negotiation. When using 10GE interfaces, verify that the settings on the connecting devices are set to no auto-negotiation. Note: Starting with FTOS 7.8.1.
www.dell.com | support.dell.com Note: The show interfaces status command displays link status, but not administrative status. For link and administrative status, use show ip interface [interface | brief | linecard slot-number] [configuration]. Figure 15-31.
Figure 15-33.
www.dell.com | support.dell.com Figure 15-34.
Figure 15-36 shows how to configure rate interval when changing the default value: Figure 15-36.
www.dell.com | support.dell.com Dynamic Counters By default, counting for the following four applications is enabled: • • • • IPFLOW IPACL L2ACL L2FIB For remaining applications, FTOS automatically turns on counting when the application is enabled, and is turned off when the application is disabled. Please note that if more than four counter-dependent applications are enabled on a port pipe, there is an impact on line rate performance.
Clear interface counters The counters in the show interfaces command are reset by the clear counters command. This command does not clear the counters captured by any SNMP program. To clear the counters, use the following command in the EXEC Privilege mode: Command Syntax Command Mode Purpose clear counters [interface] [vrrp [vrid] | learning-limit] EXEC Privilege Clear the counters used in the show interface commands for all VRRP groups, VLANs, and physical interfaces or selected ones.
| Interfaces www.dell.com | support.dell.
16 IPv4 Addressing IPv4 Addressing is supported on platforms ces FTOS supports various IP addressing features. This chapter explains the basics of Domain Name Service (DNS), Address Resolution Protocol (ARP), and routing principles and their implementation in FTOS. • • • • IP Addresses Directed Broadcast Resolution of Host Names ARP Table 16-1 lists the defaults for the IP addressing features described in this chapter. Table 16-1.
www.dell.com | support.dell.com Implementation Information In FTOS, you can configure any IP address as a static route except IP addresses already assigned to interfaces. Note: FTOS versions 7.7.1.0 and later support 31-bit subnet masks (/31, or 255.255.255.254) as defined by RFC 3021. This feature allows you to save two more IP addresses on point-to-point links than 30-bit masks. FTOS supports RFC 3021 with ARP.
To assign an IP address to an interface, use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose interface interface CONFIGURATION Enter the keyword interface followed by the type of interface and slot/port information: • For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. • For a Loopback interface, enter the keyword loopback followed by a number from 0 to 16383.
www.dell.com | support.dell.com FTOS#show ip int gi 0/8 GigabitEthernet 0/8 is up, line protocol is up Internet address is 10.69.8.1/24 Broadcast address is 10.69.8.
Figure 16-3. show ip route static Command Example (partial) FTOS#show ip route static Destination Gateway ----------------S 2.1.2.0/24 Direct, Nu 0 S 6.1.2.0/24 via 6.1.20.2, S 6.1.2.2/32 via 6.1.20.2, S 6.1.2.3/32 via 6.1.20.2, S 6.1.2.4/32 via 6.1.20.2, S 6.1.2.5/32 via 6.1.20.2, S 6.1.2.6/32 via 6.1.20.2, S 6.1.2.7/32 via 6.1.20.2, S 6.1.2.8/32 via 6.1.20.2, S 6.1.2.9/32 via 6.1.20.2, S 6.1.2.10/32 via 6.1.20.2, S 6.1.2.11/32 via 6.1.20.2, S 6.1.2.12/32 via 6.1.20.2, S 6.1.2.13/32 via 6.1.20.2, S 6.1.
www.dell.com | support.dell.com To view the configured static routes for the management port, use the show ip management-route command in the EXEC privilege mode. Figure 16-4. show ip management-route Command Example FTOS>show ip management-route Destination ----------1.1.1.0/24 172.16.1.0/24 172.31.1.0/24 Gateway ------172.31.1.250 172.31.1.
Command Syntax Command Mode Purpose ip domain-lookup CONFIGURATION Enable dynamic resolution of host names. ip name-server ip-address [ip-address2 ... ip-address6] CONFIGURATION Specify up to 6 name servers. The order you entered the servers determines the order of their use. To view current bindings, use the show hosts command. Figure 16-5. show hosts Command Example FTOS>show host Default domain is force10networks.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose ip domain-list name CONFIGURATION Enter up to 63 characters to configure names to complete unqualified host names. Configure this command up to 6 times to specify a list of possible domain names. FTOS searches the domain names in the order they were configured until a match is found or the list is exhausted. DNS with traceroute To configure your switch to perform DNS with traceroute, follow the steps below in the CONFIGURATION mode.
ARP FTOS uses two forms of address resolution: ARP and Proxy ARP. Address Resolution Protocol (ARP) runs over Ethernet and enables endstations to learn the MAC addresses of neighbors on an IP network. Over time, FTOS creates a forwarding table mapping the MAC addresses to their corresponding IP address. This table is called the ARP Cache and dynamically learned addresses are removed after a defined period of time. For more information on ARP, see RFC 826, An Ethernet Address Resolution Protocol.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose arp ip-address mac-address interface CONFIGURATION Configure an IP address and MAC address mapping for an interface. • ip-address: IP address in dotted decimal format (A.B.C.D). • mac-address: MAC address in nnnn.nnnn.nnnn format • interface: enter the interface type slot/port information. These entries do not age and can only be removed manually. To remove a static ARP entry, use the no arp ip-address command syntax.
Command Syntax Command Mode Purpose clear arp-cache [interface | ip ip-address] [no-refresh] EXEC privilege Clear the ARP caches for all interfaces or for a specific interface by entering the following information: • For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. • For a port channel interface, enter the keyword port-channel followed by a number from 1 to 255 for TeraScale and ExaScale.
www.dell.com | support.dell.com Beginning with version 8.3.1.0, when a Gratuitous ARP is received, FTOS installs an ARP entry on all 3 CPUs. Task Command Syntax Command Mode Enable ARP learning via gratuitous ARP. arp learn-enable CONFIGURATION ARP Learning via ARP Request In FTOS versions prior to 8.3.1.0, FTOS learns via ARP Requests only if the Target IP specified in the packet matches the IP address of the receiving router interface.
Configurable ARP Retries In FTOS versions prior to 8.3.1.0 the number of ARP retries is set to 5 and is not configurable. After 5 retries, FTOS backs off for 20 seconds before it sends a new request. Beginning with FTOS version 8.3.1.0, the number of ARP retries is configurable. The backoff interval remains at 20 seconds. Task Command Syntax Command Mode Set the number of ARP retries. arp retries number CONFIGURATION Default: 5 Range: 5-20 Display all ARP entries learned via gratuitous ARP.
| IPv4 Addressing www.dell.com | support.dell.
17 IPv6 Addressing IPv6 Addressing, applies to platforms ces Note: The IPv6 basic commands are supported on all platforms. However, not all features are supported on all platforms, nor for all releases. See Table 17-2to determine the FTOS version supporting which features and platforms. IPv6 (Internet Protocol Version 6) is the successor to IPv4. Due to the extremely rapid growth in internet users, and IP addresses, IPv4 is reaching its maximum usage.
www.dell.com | support.dell.com • • • • Extended Address Space Stateless Autoconfiguration Header Format Simplification Improved Support for Options and Extensions Extended Address Space The address format is extended from 32 bits to 128 bits. This not only provides room for all anticipated needs, it allows for the use of a hierarchical address space structure to optimize global addressing.
• • • • • • • • Version (4 bits) Traffic Class (8 bits) Flow Label (20 bits) Payload Length (16 bits) Next Header (8 bits) Hop Limit (8 bits) Source Address (128 bits) Destination Address (128 bits) IPv6 provides for Extension Headers. Extension Headers are used only if necessary. There can be no extension headers, one extension header or more than one extension header in an IPv6 packet. Extension Headers are defined in the Next Header field of the preceding IPv6 header.
www.dell.com | support.dell.com Flow Label (20 bits) The Flow Label field identifies packets requiring special treatment in order to manage real-time data traffic. The sending router can label sequences of IPv6 packets so that forwarding routers can process packets within the same flow without needing to reprocess each packet’s head separately. Note: All packets in the flow must have the same source and destination addresses. Payload Length (16 bits) The Payload Length field specifies the packet payload.
Hop Limit (8 bits) The Hop Limit field shows the number of hops remaining for packet processing. In IPv4, this is known as the Time to Live (TTL) field and uses seconds rather than hops. Each time the packet moves through a forwarding router, this field decrements by 1. If a router receives a packet with a Hop Limit of 1, it decrements it to 0 (zero). The router discards the packet and sends an ICMPv6 message back to the sending router indicating that the Hop Limit was exceeded in transit.
www.dell.com | support.dell.com The Hop-by-Hop Options header contains: • • • Next Header (1 byte) This field identifies the type of header following the Hop-by-Hop Options header and uses the same values shown in Table 17-1. Header Extension Length (1 byte) This field identifies the length of the Hop-by-Hop Options header in 8-byte units, but does not include the first 8 bytes. Consequently, if the header is less than 8 bytes, the value is 0 (zero).
A network is denoted by the first address in the network and the size in bits of the prefix (in decimal), separated with a slash. Since a single host is seen as a network with a 128-bit prefix, host addresses may be written with a following /128. For example, 2001:0db8:1234::/48 stands for the network with addresses 2001:0db8:1234:0000:0000:0000:0000:0000 through 2001:0db8:1234:ffff:ffff:ffff:ffff:ffff Link-local Addresses Link-local addresses, starting with fe80:, are assigned only in the local link area.
www.dell.com | support.dell.com 352 Implementing IPv6 with FTOS FTOS supports both IPv4 and IPv6, and both may be used simultaneously in your system. Note: Dell Networking recommends that you use FTOS version 7.6.1.0 or later when implementing IPv6 functionality on an E-Series system. Table 17-2 lists the FTOS Version in which an IPv6 feature became available for each platform. The sections following the table give some greater detail about the feature.
Table 17-2. FTOS and IPv6 Feature Support Feature and/or Functionality FTOS Release Introduction Documentation and Chapter Location E-Series E-Series TeraScale ExaScale C-Series S-Series 7.4.1 8.2.1 7.8.1 7.8.1 IPv6 Basic Commands in the FTOS Command Line Interface Reference Guide 7.4.1 8.2.1 7.8.1 7.8.1 Extended Address Space in this chapter IPv6 neighbor discovery 7.4.1 8.2.1 7.8.1 7.8.1 IPv6 Neighbor Discovery in this chapter IPv6 stateless autoconfiguration 7.4.1 8.2.1 7.8.1 7.
www.dell.com | support.dell.com Table 17-2. FTOS and IPv6 Feature Support Secure Shell (SSH) 7.4.1 server support over IPv6 (inbound SSH) Layer 3 only 8.2.1 7.8.1 7.8.1 SSH over an IPv6 Transport in this chapter IPv6 Access Control Lists 7.4.1 8.2.1 7.8.1 8.2.1.0 IPv6 Access Control Lists in the FTOS Command Line Reference Guide 7.4.1 8.2.1 IPv6 Multicast PIM-SM for IPv6 IPv6 Multicast in this chapter; IPv6 PIM in the FTOS Command Line Reference Guide PIM-SSM for IPv6 7.5.1 8.2.
Figure 17-2. MTU Discovery Path Destination Source Router B Router A MTU = 1600 MTU = 1400 MTU = 1200 Packet (MTU = 1600) ICMPv6 (Type 2) Use MTU = 1400 Packet (MTU = 1400) ICMPv6 (Type 2) Use MTU = 1200 Packet (MTU = 1200) Packet Received IPv6 Neighbor Discovery IPv6 NDP is supported on platforms ces Neighbor Discovery Protocol (NDP) is a top-level protocol for neighbor discovery on an IPv6 network.
www.dell.com | support.dell.com Figure 17-3. NDP Router Redistribution Router C Network 2001:db8::1428:57ab Send a Packet to Network 2001:db8::1428:57ab Router A Router B Local Link Packet Destination (2001:db8::1428:57ab) ICMPv6 Redirect (Data: Use Router C) Packet Destination (Destination 2001:db8::1428:57ab) IPv6 Neighbor Discovery of MTU packets With FTOS 8.3.1.0, you can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface.
• • • Multicast Listener Discovery Protocol (MLD). MLD on a multicast router sends out periodic general MLD queries that the switch forwards through all ports in the VLAN. There are two versions of MLD: MLD version 1 is based on version 2 of the Internet Group Management Protocol (IGMP) for IPv4, and MLD version 2 is based on version 3 of the IGMP for IPv4. IPv6 multicast for FTOS supports versions 1 and 2 PIM-SM.
www.dell.com | support.dell.com • Clear IPv6 Routes Change your CAM-Profile on an E-Series system The cam-profile command is supported only on platform e Change your CAM profile to the CAM ipv6-extacl before doing any further IPv6 configuration. Once the CAM profile is changed, save the configuration and reboot your router.
Figure 17-5.
www.dell.com | support.dell.com Save the new CAM settings to the startup-config (write-mem or copy run start) then reload the system for the new settings to take effect. Command Syntax Command Mode Purpose cam-acl { ipv6acl } CONFIGURATION Allocate space for IPV6 ACLs. Enter the CAM profile name followed by the amount to be allotted. When not selecting the default option, you must enter all of the profiles listed and a range for each. The total space allocated must equal 13.
Assign a Static IPv6 Route IPv6 Static Routes are supported on platforms ces Use the ipv6 route command to configure IPv6 static routes.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose telnet ipv6 address EXEC or EXEC Privileged Enter the IPv6 Address for the device. ipv6 address : x:x:x:x::x mask : prefix length 0-128 IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing earlier in this chapter.
Command Syntax Command Mode Purpose FTOS#show ipv6 ? accounting IPv6 accounting information cam linecard IPv6 CAM Entries for Line Card fib linecard IPv6 FIB Entries for Line Card interface IPv6 interface information mbgproutes MBGP routing table mld MLD information mroute IPv6 multicast-routing table neighbors IPv6 neighbor information ospf OSPF information pim PIM V6 information prefix-list List IPv6 prefix lists route IPv6 routing information rpf RPF table FTOS# Show an IPv6 Interface View the IPv6 c
www.dell.com | support.dell.com Figure 17-6.
Show IPv6 Routes View the global IPv6 routing information with the following command. Command Syntax Command Mode Purpose show ipv6 route type EXEC Show IPv6 routing information for the specified route type. Enter the keyword: • To display information about a network, enter the ipv6 address (X:X:X:X::X). • To display information about a host, enter the hostname. • • • • • • • • • To display information about all IPv6 routes (including non-active routes), enter all.
www.dell.com | support.dell.com Figure 17-7.
Show the Running-Configuration for an Interface View the configuration for any interface with the following command. Command Syntax Command Mode Purpose show running-config interface type {slot/port} EXEC Show the currently running configuration for the specified interface Enter the keyword interface followed by the type of interface and slot/port information: • For a 10/100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/ port information.
| IPv6 Addressing www.dell.com | support.dell.
18 iSCSI Optimization This chapter describes how to detect and configure switchports for Dell Compellent arrays. The topics covered in this chapter include: • • iSCSI Optimization Overview Detection and Port Configuration for Dell Compellent Arrays iSCSI Optimization Overview iSCSI is a TCP/IP-based protocol for establishing and managing connections between IP-based storage devices and initiators in a storage area network (SAN).
www.dell.com | support.dell.com You must enter the iscsi profile-compellent command in INTERFACE configuration mode. For example: FTOS(conf-if-te-o/50# iscsi profile-compellent Auto-detection of Dell Compellent To auto-detect iSCSI optimization on a switch connected to a Dell Compellent array,: Task Command Command Mode Configure the auto-detection of Dell Compellent arrays on a port. Default: Dell Compellent disk arrays are not detected.
iSCSI Optimization Prerequisites • iSCSI optimization requires LLDP on the switch. LLDP is enabled by default (refer to Chapter 21, Link Layer Discovery Protocol). Configuring iSCSI Optimization To configure iSCSI optimization on a switch, follow these steps: Step Task Command Command Mode 1 (Optional) Enter interface configuration mode to configure the auto-detection of Compellent disk arrays.
| iSCSI Optimization www.dell.com | support.dell.
19 Link Aggregation Control Protocol Link Aggregation Control Protocol is supported on platforms ce s The major sections in the chapter are: • • • • • Introduction to Dynamic LAGs and LACP LACP Configuration Tasks Shared LAG State Tracking Configure LACP as Hitless LACP Basic Configuration Example Introduction to Dynamic LAGs and LACP A Link Aggregation Group (LAG), referred to as a port channel by FTOS, can provide both load-sharing and port redundancy across line cards.
www.dell.com | support.dell.com Important Points to Remember • • • • • • LACP enables you to add members to a port channel (LAG) as long as it has no static members. Conversely, if the LAG already contains a statically defined member (channel-member command), the port-channel mode command is not permitted. A static LAG cannot be created if a dynamic LAG using the selected number already exists.
LACP Configuration Commands If aggregated ports are configured with compatible LACP modes (Off, Active, Passive), LACP can automatically link them, as defined in IEEE 802.3, Section 43. The following commands configure LACP: Command Syntax Command Mode Purpose [no] lacp system-priority priority-value CONFIGURATION Configure the system priority.
www.dell.com | support.dell.com The LAG is in the default VLAN. To place the LAG into a non-default VLAN, use the tagged command on the LAG (Figure 19-2): Figure 19-2. Placing a LAG into a Non-default VLAN FTOS(conf)#interface vlan 10 FTOS(conf-if-vl-10)#tagged port-channel 32 Configure the LAG interfaces as dynamic After creating a LAG, configure the dynamic LAG interfaces. Figure 19-3 shows ports 3/15, 3/16, 4/15, and 4/16 added to LAG 32 in LACP mode with the command port-channel-protocol lacp.
To configure the LACP long timeout (Figure 196): Step 1 Task Command Syntax Command Mode Set the LACP timeout value to 30 seconds. lacp long-timeout CONFIG-INT-PO Figure 19-4. Invoking the LACP Long Timeout FTOS(conf)# interface port-channel 32 FTOS(conf-if-po-32)#no shutdown FTOS(conf-if-po-32)#switchport FTOS(conf-if-po-32)#lacp long-timeout FTOS(conf-if-po-32)#end FTOS# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.
Shared LAG State Tracking provides the flexibility to bring down a port channel (LAG) based on the operational state of another LAG. At any time, only two LAGs can be a part of a group such that the fate (status) of one LAG depends on the other LAG. In Figure 19-5, line-rate traffic from R1 destined for R4 follows the lowest-cost route via R2, as shown. Traffic is equally distributed between LAGs 1 and 2. If LAG 1 fails, all traffic from R1 to R4 flows across LAG 2 only.
In Figure 19-6, LAGs 1 and 2 have been placed into to the same failover group. Figure 19-6. Configuring Shared LAG State Tracking R2#config R2(conf)#port-channel failover-group R2(conf-po-failover-grp)#group 1 port-channel 1 port-channel 2 View the failover group configuration using the show running-configuration po-failover-group command, as shown in Figure 19-7. Figure 19-7.
www.dell.com | support.dell.com Figure 19-9.
Figure 19-10. Enabling Hitless LACP FTOS(conf)#redundancy protocol lacp FTOS#show running-config redundancy ! redundancy protocol lacp FTOS# FTOS#show running-config interface gigabitethernet 0/12 ! interface GigabitEthernet 0/12 no ip address ! port-channel-protocol LACP port-channel 200 mode active no shutdown LACP Basic Configuration Example The screenshots in this section are based on the example topology shown in Figure 19-11.
www.dell.com | support.dell.com Configuring a LAG on ALPHA Figure 19-12. Creating a LAG on ALPHA Alpha(conf)#interface port-channel 10 Alpha(conf-if-po-10)#no ip address Alpha(conf-if-po-10)#switchport Alpha(conf-if-po-10)#no shutdown Alpha(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Alpha(conf-if-po-10)# Figure 19-13.
Figure 19-14. Inspecting Configuration of LAG 10 on ALPHA Indicates the MAC address assigned to the LAG. This does NOT match any of the physical interface MAC addresses.
www.dell.com | support.dell.com Figure 19-15. Using the show lacp Command to Verify LAG 10 Status on ALPHA Alpha#sho lacp 10 Port-channel 10 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e806.953e Partner System ID: Priority 32768, Address 0001.e809.
Summary of the configuration on ALPHA Figure 19-16.
www.dell.com | support.dell.com Summary of the configuration on BRAVO Figure 19-17.
Figure 19-18. Using the show interface Command to Inspect a LAG Port on BRAVO Shows the status of this nterface. Also shows it is part of LAG 10. Bravo#show int gig 3/21 GigabitEthernet 3/21 is up, line protocol is up Port is part of Port-channel 10 Hardware is Force10Eth, address is 00:01:e8:09:c3:82 Current address is 00:01:e8:09:c3:82 Shows that this is a Layer 2 port.
www.dell.com | support.dell.com Figure 19-19. Using the show interfaces port-channel Command to Inspect LAG 10 Indicates the MAC address assigned to the LAG. This does NOT match any of the physical interface MAC addresses.
Figure 19-20. Using the show lacp Command to Inspect LAG Status FTOS#show lacp 10 Port-channel 10 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e809.c24a Partner System ID: Priority 32768, Address 0001.e806.
www.dell.com | support.dell.
20 Layer 2 Layer 2 features are supported on platforms: ecs This chapter describes the following Layer 2 features: • • • • • • Managing the MAC Address Table MAC Learning Limit NIC Teaming Configuring Redundant Pairs Restricting Layer 2 Flooding Far-end Failure Detection Managing the MAC Address Table FTOS provides the following management activities for the MAC address table: • • • • Clear the MAC Address Table Set the Aging Time for Dynamic Entries Configure a Static MAC Address Display the MAC Addre
www.dell.com | support.dell.com Set the Aging Time for Dynamic Entries Learned MAC addresses are entered in the table as dynamic entries, which means that they are subject to aging. For any dynamic entry, if no packet arrives on the switch with the MAC address as the source or destination address within the timer period, the address is removed from the table. The default aging time is 1800 seconds. Task Command Syntax Command Mode Disable MAC address aging for all dynamic entries.
Display the MAC Address Table To display the contents of the MAC address table: Task Command Syntax CommandMode Display the contents of the MAC address table. • address displays the specified entry. • aging-time displays the configured aging-time. • count displays the number of dynamic and static entries for all VLANs, and the total number of entries. • dynamic displays only dynamic entries • interface displays only entries for the specified interface. • static displays only static entries.
www.dell.com | support.dell.com To set a MAC learning limit on an interface: Task Command Syntax Command Mode Specify the number of MAC addresses that the system can learn off a Layer 2 interface. mac learning-limit address_limit INTERFACE Three options are available with the mac learning-limit command: dynamic, no-station-move, and station-move. Note: An SNMP trap is available for mac learning-limit station-move. No other SNMP traps are available for MAC Learning Limit, including limit violations.
You can configure the system to take an action when the MAC learning limit is reached on an interface and a new address is received using one of the following options with the mac learning-limit command: Task Command Syntax Generate a system log message when the MAC learning limit is exceeded. learn-limit-violation log Shut down the interface and generate a system log message when the MAC learning limit is exceeded.
www.dell.com | support.dell.com Station Move Violation Actions Station Move Violation Actions are supported only on platforms: s , , and . no-station-move is the default behavior. You can configure the system to take an action if a station move occurs using one the following options with the mac learning-limit command:. Task Command Syntax Generate a system log message indicating a station move. station-move-violation log Shut down the first port to learn the MAC address.
Per-VLAN MAC Learning Limit Per-VLAN MAC Learning Limit is available only on platform: e An individual MAC learning limit can be configured for each VLAN using Per-VLAN MAC Learning Limit. One application of Per-VLAN MAC Learning Limit is on access ports. In the following illustration, an Internet Exchange Point (IXP) connects multiple Internet Service Provider (ISP). An IXP can provide several types of services to its customers including public and private peering.
www.dell.com | support.dell.
(in the above example, this is Port 0/5 of the switch). To ensure the MAC address is disassociated with one port and re-associated with another port in the ARP table, you must configure the command mac-address-table station-move refresh-arp on the Dell Networking switch at the time that NIC teaming is being configured on the server. Note: If this command is not configured, traffic continues to be forwarded to the failed NIC until the ARP entry on the switch times out. Figure 20-2.
www.dell.com | support.dell.com Configuring Redundant Pairs Configuring Redundant Pairs is supported on platforms: ecs Z Networks that employ switches that do not support Spanning Tree (STP) — for example, networks with Digital Subscriber Line Access Mutiplexers (DSLAM) — cannot have redundant links between switches because they create switching loops (Figure 20-3).
You configure a redundant pair by assigning a backup interface to a primary interface with the switchport backup interface command. Initially, the primary interface is active and transmits traffic and the backup interface remains down. If the primary fails for any reason, the backup transitions to an active UP state. If the primary interface fails and later comes back up, it remains as the backup interface for the redundant pair.
www.dell.com | support.dell.com Figure 20-4.
Restricting Layer 2 Flooding Restricting Layer 2 Flooding is supported only on platform: e When Layer 2 multicast traffic must be forwarded on a VLAN that has multiple ports with different speeds on the same port-pipe, forwarding is limited to the speed of the slowest port. Restricted Layer 2 Flooding prevents slower ports from lowering the throughput of multicast traffic on faster ports by restricting flooding to ports with a speed equal to or above a link speed you specify.
www.dell.com | support.dell.com Far-end Failure Detection Far-end Failure Detection is supported on platforms e Z Far-end Failure Detection (FEFD) is a protocol that senses remote data link errors in a network. It responds by sending a unidirectional report that triggers an echoed response after a specified time interval. FEFD can be enabled globally or locally on an interface basis. Disabling the global FEFD configuration does not disable the interface configuration. Figure 20-7.
FEFD state changes FEFD has two operational modes, Normal and Aggressive. When Normal mode is enabled on an interface an a far-end failure is detected, no intervention is required to reset the interface to bring it back to an FEFD operational state.When Aggressive mode is enabled on an interface in the same state, manual intervention is required to reset the interface.
www.dell.com | support.dell.com Important Points to Remember • FEFD enabled ports are subject to an 8 to 10 second delay during an RPM failover before becoming operational. FEFD can be enabled globally or on a per interface basis. Interface FEFD configurations override global FEFD configurations. FTOS supports FEFD on physical Ethernet interfaces only, excluding the management interface.
Enable FEFD on an Interface Entering the command fefd in INTERFACE mode enables FEFD on a per interface basis. To change the FEFD mode, supplement the fefd command in INTERFACE mode by entering the command fefd [mode {aggressive | normal}]. To disable FEFD protocol on one interface, enter the command fefd disable in INTERFACE mode.
www.dell.com | support.dell.com Figure 20-10.
21 Link Layer Discovery Protocol Link Layer Discovery Protocol is supported only on platforms: ces This chapter contains the following sections: • • • 802.1AB (LLDP) Overview TIA-1057 (LLDP-MED) Overview Configuring LLDP 802.1AB (LLDP) Overview Link Layer Discovery Protocol (LLDP)—defined by IEEE 802.1AB—is a protocol that enables a LAN device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
www.dell.com | support.dell.com TLVs are encapsulated in a frame called an LLDP Data Unit (LLDPDU) (Figure 21-2), which is transmitted from one LLDP-enabled device to its LLDP-enabled neighbors. LLDP is a one-way protocol. LLDP-enabled devices (LLDP agents) can transmit and/or receive advertisements, but they cannot solicit and do not respond to advertisements. There are five types of TLVs. All types are mandatory in the construction of an LLDPDU except Optional TLVs.
Management TLVs A Management TLV is an Optional TLVs sub-type. This kind of TLV contains essential management information about the sender. The five types are described in Table 21-2. Organizationally Specific TLVs Organizationally specific TLVs can be defined by a professional organization or a vendor. They have two mandatory fields (Figure 21-3) in addition to the basic TLV fields (Figure 21-1): • Organizationally Unique Identifier (OUI)—a unique number assigned by the IEEE to an organization or vendor.
www.dell.com | support.dell.com Table 21-2. Optional TLV Types Type TLV Description 127 Port and Protocol VLAN ID On Dell Networking systems, indicates the tagged VLAN to which a port belongs (and the untagged VLAN to which a port belongs if the port is in hybrid mode) 127 VLAN Name Indicates the user-defined alphanumeric string that identifies the VLAN. This TLV is supported on C-Series only. 127 Protocol Identity Indicates the protocols that the port can process.
TIA Organizationally Specific TLVs The Dell Networking system is an LLDP-MED Network Connectivity Device (Device Type 4). Network connectivity devices are responsible for: • • transmitting an LLDP-MED capabilities TLV to endpoint devices storing the information that endpoint devices advertise Table 21-3 describes the five types of TIA-1057 Organizationally Specific TLVs. Table 21-3.
www.dell.com | support.dell.com LLDP-MED Capabilities TLV The LLDP-MED Capabilities TLV communicates the types of TLVs that the endpoint device and the network connectivity device support. LLDP-MED network connectivity devices must transmit the Network Policies TLV. • • The value of the LLDP-MED Capabilities field in the TLV is a 2 octet bitmap (Figure 21-4), each bit represents an LLDP-MED capability (Table 21-4). The possible values of the LLDP-MED Device Type is listed in Table 21-5.
LLDP-MED Network Policies TLV A network policy in the context of LLDP-MED is a device’s VLAN configuration and associated Layer 2 and Layer 3 configurations, specifically: • • • • VLAN ID VLAN tagged or untagged status Layer 2 priority DSCP value The application type is a represented by an integer (the Type integer in Table 21-6), which indicates a device function for which a unique network policy is defined.
www.dell.com | support.dell.com Figure 21-5. TLV Type (127) LLDP-MED Policies TLV TLV Length (8) 7 bits 9 bits Organizationally Organizationally Unique ID Defined Sub-type (00-12-BB) (2) 3 octets 1 octet Application Type (0-255) 1 octet U T X (0) 3 bits VLAN ID (0-4095) L2 Priority (0-7) DSCP Value (0-63) 12 bits 3 bits 6 bits Extended Power via MDI TLV The Extended Power via MDI TLV enables advanced PoE management between LLDP-MED endpoints and network connectivity devices.
• • • • • Viewing Information Advertised by Adjacent LLDP Agents Configuring LLDPDU Intervals Configuring Transmit and Receive Mode Configuring a Time to Live Debugging LLDP Important Points to Remember • • • • • LLDP is disabled by default. Dell Networking systems support up to 8 neighbors per interface. Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by 8 exceeds the maximum, the system will not configure more than 8000.
www.dell.com | support.dell.com Figure 21-7.
• If you configure an interface, only the interface will send LLDPDUs with the specified TLVs. If LLDP is configured both globally and at interface level, the interface level configuration overrides the global configuration. To advertise TLVs: Step Command Mode Task Command 1 Enter LLDP mode. protocol lldp CONFIGURATI ON or INTERFACE 2 Advertise one or more TLVs. Include the keyword for each TLV you want to advertise.
www.dell.com | support.dell.com Viewing the LLDP Configuration Display the LLDP configuration using the command show config in either CONFIGURATION or INTERFACE mode, as shown in Figure 21-9 and Figure 21-10, respectively Figure 21-9.
Figure 21-12.
www.dell.com | support.dell.com Figure 21-13.
Figure 21-14.
www.dell.com | support.dell.com Figure 21-15.
Figure 21-16.
www.dell.com | support.dell.com Table 21-7.
Table 21-8.
www.dell.com | support.dell.com Table 21-10.
22 Multiple Spanning Tree Protocol Multiple Spanning Tree Protocol is supported on platforms: ces Protocol Overview Multiple Spanning Tree Protocol (MSTP)—specified in IEEE 802.1Q-2003—is an RSTP-based spanning tree variation that improves on PVST+. MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances. In contrast, PVST+ allows a spanning tree instance for each VLAN.
www.dell.com | support.dell.com FTOS supports three other variations of Spanning Tree, as shown in Table 44. Table 22-1. FTOS Supported Spanning Tree Protocols Dell Networking Term IEEE Specification Spanning Tree Protocol 802.1d Rapid Spanning Tree Protocol 802.1w Multiple Spanning Tree Protocol 802.1s Per-VLAN Spanning Tree Plus Third Party Implementation Information • • • • • The FTOS MSTP implementation is based on IEEE 802.
• • SNMP Traps for Root Elections and Topology Changes Configuring Spanning Trees as Hitless Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP: Step Task Command Syntax Command Mode 1 Enter PROTOCOL MSTP mode. protocol spanning-tree mstp CONFIGURATION 2 Enable MSTP. no disable PROTOCOL MSTP Verify that MSTP is enabled using the show config command from PROTOCOL MSTP mode, as shown in Figure 22-2. Figure 22-2.
www.dell.com | support.dell.com Create an MSTI using the command msti from PROTOCOL MSTP mode. Specify the keyword vlan followed by the VLANs that you want to participate in the MSTI, as shown in Figure 22-3. Figure 22-3.
Influence MSTP Root Selection MSTP determines the root bridge, but you can assign one bridge a lower priority to increase the probability that it will become the root bridge. To change the bridge priority: Task Command Syntax Command Mode Assign a number as the bridge priority. A lower number increases the probability that the bridge becomes the root bridge.
www.dell.com | support.dell.com To change the region name or revision: Task Command Syntax Command Mode Change the region name. name name PROTOCOL MSTP Change the region revision number. • Range: 0 to 65535 • Default: 0 revision number PROTOCOL MSTP View the current region name and revision using the command show spanning-tree mst configuration from EXEC Privilege mode, as shown in Figure 22-6. Figure 22-6.
Task Command Syntax Command Mode Change the hello-time parameter. Note: With large configurations (especially those with more ports) Dell Networking recommends that you increase the hello-time. Range: 1 to 10 Default: 2 seconds hello-time seconds PROTOCOL MSTP Change the max-age parameter. Range: 6 to 40 Default: 20 seconds max-age seconds PROTOCOL MSTP Change the max-hops parameter.
www.dell.com | support.dell.com Table 22-2 lists the default values for port cost by interface. Table 22-2.
To enable EdgePort on an interface, use the following command: Task Command Syntax Command Mode Enable EdgePort on an interface. spanning-tree mstp edge-port [bpduguard | shutdown-on-violation] INTERFACE Verify that EdgePort is enabled on a port using the command show config from the INTERFACE mode, as shown in Figure 22-8. FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1 If the interface to be shutdown is a port channel then all the member ports are disabled in the hardware.
www.dell.com | support.dell.com MSTP Sample Configurations The running-configurations in Figure 22-10, Figure 22-11, and Figure 22-11 support the topology shown in Figure 22-9. The configurations are from FTOS systems. An S50 system using SFTOS, configured as shown Figure 22-13, could be substituted for an FTOS router in this sample following topology and MSTP would function as designed. Figure 22-9.
Figure 22-10.
www.dell.com | support.dell.com Figure 22-11.
Figure 22-12.
www.dell.com | support.dell.com Figure 22-13.
Figure 22-14. Displaying BPDUs and Events FTOS#debug spanning-tree mstp bpdu 1w1d17h : MSTP: Sending BPDU on Gi 1/31 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x68 CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 20000 Regional Bridge Id: 32768:0001.e809.c24a, CIST Port Id: 128:384 Msg Age: 2, Max Age: 20, Hello: 2, Fwd Delay: 15, Ver1 Len: 0, Ver3 Len: 96 Name: my-mstp-region, Rev: 0, Int Root Path Cost: 20000 Rem Hops: 19, Bridge Id: 32768:0001.e80d.
www.dell.com | support.dell.com Figure 22-15. Sample Output for show running-configuration spanning-tree mstp command FTOS#show run spanning-tree mstp ! protocol spanning-tree mstp name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 Figure 22-16.
23 Multicast Features Multicast Features are supported on platforms: ces This chapter contains the following sections: • • • • • • • • Enable IP Multicast Multicast with ECMP First Packet Forwarding for Lossless Multicast Multicast Policies Multicast Traceroute Multicast Quality of Service Optimize the E-Series for Multicast Traffic Tune the Central Scheduler for Multicast FTOS supports the following multicast protocols: • • • PIM Sparse-Mode PIM Source-Specific Mode Internet Group Management Protocol
www.dell.com | support.dell.com Multicast with ECMP Dell Networking multicast uses Equal-cost Multi-path (ECMP) routing to load-balance multiple streams across equal cost links. When creating the shared-tree Protocol Independent Multicast (PIM) uses routes from all configured routing protocols to select the best route to the rendezvous point (RP). If there are multiple, equal-cost paths, the PIM selects the route with the least number of currently running multicast streams.
As the upper five bits of an IP Multicast address are dropped in the translation, 32 different multicast group IDs all map to the same Ethernet address. For example, 224.0.0.5 is a well known IP address for OSPF that maps to the multicast MAC address 01:00:5e:00:00:05. However, 225.0.0.5, 226.0.0.5, etc., map to the same multicast MAC address. The Layer 2 FIB alone cannot differentiate multicast control traffic multicast data traffic with the same address, so if you use IP address 225.0.0.
www.dell.com | support.dell.com Multicast Policies FTOS offers parallel Multicast features for IPv4 and IPv6.
Note: The IN-L3-McastFib CAM partition is used to store multicast routes and is a separate hardware limit that is exists per port-pipe. Any software-configured limit might be superseded by this hardware space limitation. The opposite is also true, the CAM partition might not be exhausted at the time the system-wide route limit set by the ip multicast-limit is reached. Prevent a Host from Joining a Group You can prevent a host from joining a particular group by blocking specific IGMP reports.
| Multicast Features ip igmp snooping enable interface Vlan 400 ip pim sparse-mode ip address 10.11.4.1/24 untagged GigabitEthernet 1/2 ip igmp access-group igmpjoinfilR2G2 no shutdown (*, 239.0.0.1), uptime 00:00:06, expires 00:00:00, RP 10.11.12.2, flags: SCJ Incoming interface: GigabitEthernet 1/21, RPF neighbor 10.11.12.2 Outgoing interface list: Vlan 400 Forward/Sparse 00:00:06/Never interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.
Rate Limit IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined using the command ip igmp group-join-limit from INTERFACE mode. Hosts whose IGMP requests are denied will use the retry mechanism built-in to IGMP so that they’re membership is delayed rather than permanently denied. View the enable status of this feature using the command show ip igmp interface from EXEC Privilege mode.
| Multicast Features (10.11.5.2, 239.0.0.2), uptime 00:00:33, expires 00:03:07, flags: CT Incoming interface: GigabitEthernet 1/31, RPF neighbor 10.11.13.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:00:40/Never (*, 239.0.0.2), uptime 00:00:40, expires 00:00:00, RP 10.11.12.2, flags: SCJ Incoming interface: GigabitEthernet 1/21, RPF neighbor 10.11.12.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:00:40/Never (10.11.5.2, 239.0.0.
Prevent a PIM Router from Processing a Join Permit or deny PIM Join/Prune messages on an interface using an extended IP access list. Use the command ip pim join-filter to prevent the PIM SM router from creating state based on multicast source and/ or group.
www.dell.com | support.dell.com Prevent an IPv6 Neighbor from Forming an Adjacency Task Command Syntax Command Mode Prevent a router from participating in PIM.
Multicast Traceroute Multicast Traceroute is supported only on platform: e MTRACE is an IGMP-based tool that prints that network path that a multicast packet takes from a source to a destination, for a particular group. FTOS has mtrace client and mtrace transmit functionality. • • MTRACE Client—an mtrace client transmits mtrace queries and prints out the details received responses.
www.dell.com | support.dell.com Optimize the E-Series for Multicast Traffic Optimize the E-Series for Multicast Traffic is supported only on platform: e The default hardware settings for the E-series are for unicast applications like data centers and ISP networks. This means that the E-Series gives priority to unicast data forwarding rather than multicast data forwarding. For multicast intensive applications like trading, Dell Networking recommends reconfiguring some default settings.
FTOS provides the ability to adjust the scheduling weight for multicast traffic. For example, if the majority of your traffic is multicast, the default configuration might yield greater latency. In this case, allocate more backplane bandwidth for multicast using the command queue multicast bandwidth-percent from CONFIGURATION mode. View your configuration using the command show queue backplane multicast bandwidth-percentage. Figure 23-6.
| Multicast Features www.dell.com | support.dell.
24 Open Shortest Path First (OSPFv2 and OSPFv3) ces Open Shortest Path First version 3 (OSPF for IPv6) is supported on platforms c e Open Shortest Path First version 2 (OSPF for IPv4) is supported on platforms This chapter is intended to provide a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking Operating System (FTOS).
www.dell.com | support.dell.com Protocol Overview Open Shortest Path First (OSPF) routing is a link-state routing protocol that calls for the sending of Link-State Advertisements (LSAs) to all other routers within the same Autonomous System (AS) Areas. Information on attached interfaces, metrics used, and other variables is included in OSPF LSAs. As OSPF routers accumulate link-state information, they use the SPF algorithm (Shortest Path First algorithm) to calculate the shortest path to each node.
Figure 24-1. Autonomous System Areas Router M Router K Router F Router E Router L Area 200 Router D Router C Router G Area 100 Area 0 Router H Router B Router A Router I Router J Area 300 Area Types The Backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any Autonomous System (AS). All other areas must connect to Area 0. Areas can be defined in such a way that the backbone is not contiguous.
www.dell.com | support.dell.com A Stub Area (SA) does not receive external route information, except for the default route. These areas do receive information from inter-area (IA) routes. Note that all routers within an assigned Stub area must be configured as stubby, and no generate LSAs that do not apply. For example, a Type 5 LSA is intended for external areas and the Stubby area routers may not generate external LSAs. Stubby areas cannot be traversed by a virtual link.
Figure 24-2.
www.dell.com | support.dell.com Area Border Router (ABR) Within an AS, an Area Border (ABR) connects one or more areas to the Backbone. The ABR keeps a copy of the link-state database for every area it connects to, so it may keep multiple copies of the link state database. An Area Border Router (ABR) takes information it has learned on one of its attached areas and can summarize it before sending it out on other areas it is connected to.
Link-State Advertisements (LSAs) A Link-State Advertisement (LSA) communicates the router's local routing topology to all other local routers in the same area. • • OSPFv3 can treat LSAs as having link-local flooding scope, or store and flood them as if they are understood, while ignoring them in their own SPF algorithms. OSPFv2 always discards unknown LSA types.
www.dell.com | support.dell.com Each router link is defined as one of four types: type 1, 2, 3, or 4. The LSA includes a link ID field that identifies, by the network number and mask, the object this link connects to. Depending on the type, the link ID has different meanings.
Figure 24-3. Priority and Costs Example Router 2 Priority 180 Cost 50 Router 1 Priority 200 Cost 21 Router 3 Priority 100 Cost 25 Router 4 Priority 150 Cost 20 Router 1 selected by the system as DR. Router 2 selected by the system as BDR. If R1 fails, the system subtracts 21 fromR1 s priority number. R1 s new pr iority is 179. R2 as both the selected BDR and the now-highest priority, becomes the DR. If R3 fails, the system subtracts R2 s new priority is130. 50 fromits priority.
www.dell.com | support.dell.com • • NSSA External (type 7) Opaque Link-local (type 9) Fast Convergence ( OSPFv2, IPv4 only) Fast Convergence allows you to define the speeds at which LSAs are originated and accepted, and reduce OSPFv2 end-to-end convergence time. FTOS enables you to accept and originate LSAa as soon as they are available to speed up route information propagation. Note that the faster the convergence, the more frequent the route calculations and updates.
RFC-2328 Compliant OSPF Flooding In OSPF, flooding is the most resource-consuming task. The flooding algorithm described in RFC 2328 requires that OSPF flood LSAs on all interfaces, as governed by LSA's flooding scope. (Refer to Section 13 of the RFC.) When multiple direct links connect two routers, the RFC 2328 flooding algorithm generates significant redundant information across all links.
www.dell.com | support.dell.com OSPF ACK Packing The OSPF ACK Packing feature bundles multiple LS acknowledgements in a single packet, significantly reducing the number of ACK packets transmitted when the number of LSAs increases. This feature also enhances network utilization and reduces the number of small ACK packets sent to a neighboring router. OSPF ACK packing is enabled by default, and non-configurable.
OSPF must be configured GLOBALLY on the system in CONFIGURATION mode. OSPF features and functions are assigned to each router using the CONFIG-INTERFACE commands for each interface. Note: By default, OSPF is disabled Configuration Task List for OSPFv2 (OSPF for IPv4) Open Shortest Path First version 2 (OSPF for IPv4) is supported on platforms ces 1. Configure a physical interface. Assign an IP address, physical or loopback, to the interface to enable Layer 3 routing. 2. Enable OSPF globally.
www.dell.com | support.dell.com If implementing, Multi-Process OSPF, you must create an equal number of Layer 3 enabled interfaces and OSPF Process IDs. For example, if you create 4 OSPFv2 process IDs, you must have 4 interfaces with Layer 3 enabled. Use these commands on one of the interfaces to enable OSPFv2 routing. Step 1 Command Syntax Command Mode Usage ip address ip-address mask CONFIG-INTERFACE Assign an IP address to an interface. Format: A.B.C.
Use the no router ospf process-id command syntax in the CONFIGURATION mode to disable OSPF. Use the clear ip ospf process-id command syntax in EXEC Privilege mode to reset the OSPFv2 process. Use the show ip ospf process-id command in EXEC mode (Figure 408) to view the current OSPFv2 status. Figure 24-8. Command Example: show ip ospf process-id FTOS#show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.
www.dell.com | support.dell.com Return to CONFIGURATION mode to enable the OSPF process. The OSPF Process ID is the identifying number assigned to the OSPF process, and the Router ID is the IP address associated with the OSPF process. . Command Syntax Command Mode Usage router ospf process-id [vrf {vrf name}] CONFIGURATION Enable the OSPFv2 process globally. Range: 0-65535 vrf name: Enter the VRF key word and instance name to tie the OSPF instance to the VRF.
The OSPFv2 process evaluates the network commands in the order they are configured. Assign the network address that is most explicit first to include all subnets of that address. For example, if you assign the network address 10.0.0.0 /8, you cannot assign the network address 10.1.0.0 /16 since it is already included in the first network address.
www.dell.com | support.dell.com OSPF, by default, sends hello packets out to all physical interfaces assigned an IP address that are a subset of a network on which OSPF is enabled. Use the show ip ospf interface command (Figure 410) to view the interfaces currently active and the areas assigned to the interfaces. Figure 24-10. Command Example: show ip ospf process-id interface FTOS>show ip ospf 1 interface GigabitEthernet 12/17 is up, line protocol is up Internet Address 10.2.2.1/24, Area 0.0.0.
Configure stub areas OSPF supports different types of LSAs to help reduce the amount of router processing within the areas. Type 5 LSAs are not flooded into stub areas; the Area Border Router (ABR) advertises a default route into the stub area to which it is attached. Stub area routers use the default route to reach external destinations To ensure connectivity in your OSPFv2 network, never configure the backbone area as a stub area.
www.dell.com | support.dell.com Enable passive interfaces A passive interface is one that does not send or receive routing information. Enabling passive interface suppresses routing updates on an interface. Although the passive interface will neither send nor receive routing updates, the network on that interface will still be included in OSPF updates sent via other interfaces. Use the following command in the ROUTER OSPF mode to suppress the interface’s participation on an OSPF interface.
Figure 24-13. Command Example: show ip ospf process-id interface FTOS#show ip ospf 34 int GigabitEthernet 0/0 is up, line protocol is down Internet Address 10.1.2.100/24, Area 1.1.1.1 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DOWN, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 0.0.0.0 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.
www.dell.com | support.dell.com Figure 24-14 shows the convergence settings when fast-convergence is enabled and Figure 24-15 shows settings when fast-convergence is disabled. These displays appear with the show ip ospf command. Figure 24-14. Command Example: show ip ospf process-id (fast-convergence enabled) FTOS(conf-router_ospf-1)#fast-converge 2 FTOS(conf-router_ospf-1)#ex FTOS(conf)#ex FTOS#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.
Use any or all of the following commands in CONFIGURATION INTERFACE mode to change OSPFv2 parameters on the interfaces: Command Syntax Command Mode Usage ip ospf cost CONFIG-INTERFACE Change the cost associated with OSPF traffic on the interface. Cost: 1 to 65535 (default depends on the interface speed). ip ospf dead-interval seconds CONFIG-INTERFACE Change the time interval the router waits before declaring a neighbor dead. Configure Seconds range: 1 to 65535 (default is 40 seconds).
www.dell.com | support.dell.com Figure 24-16. Changing the OSPF Cost Value on an Interface FTOS(conf-if)#ip ospf cost 45 FTOS(conf-if)#show config ! interface GigabitEthernet 0/0 ip address 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 FTOS(conf-if)#end FTOS#show ip ospf 34 interface The change is made on the interface and it is reflected in the OSPF configuration GigabitEthernet 0/0 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.
• helper-reject neighbors—the router ID of each restart router that does not receive assistance from the • • configured router. mode—the situation or situations that trigger a graceful restart. role—the role or roles the configured router can perform. Note: By default, OSPF graceful restart is disabled. You enable OSPF graceful restart in CONFIGURATION ROUTER OSPF mode.
www.dell.com | support.dell.com Figure 24-17. Command Example: show run ospf (partial) FTOS#show run ospf ! router ospf 1 graceful-restart grace-period 300 graceful-restart role helper-only graceful-restart mode unplanned-only graceful-restart helper-reject 10.1.1.1 graceful-restart helper-reject 20.1.1.1 network 10.0.2.0/24 area 0 FTOS# Use the following command to disable OSPF graceful-restart after you have enabled it.
Use the following command in CONFIGURATION ROUTER OSPF mode to configure virtual links. Command Syntax Command Mode Usage area area-id virtual-link router-id [hello-interval seconds | retransmit-interval seconds | transmit-delay seconds | dead-interval seconds | authentication-key key | message-digest-key keyid md5 key] CONFIG-ROUTEROSPF-id Configure the optional parameters of a virtual link: • Area ID: assigned earlier (0-65535 or A.B.C.
www.dell.com | support.dell.com 486 Command Syntax Command Mode Usage seq sequence-number {deny |permit} ip-prefix [ge min-prefix-length] [le max-prefix-length] CONFIG- PREFIX LIST Create a prefix list with a sequence. number and a deny or permit action. The optional parameters are: ge min-prefix-length: is the minimum prefix length to be matched (0 to 32). le max-prefix-length: is the maximum prefix length to be matched (0 to 32).
Redistribute routes You can add routes from other routing instances or protocols to the OSPF process. With the redistribute command syntax, you can include RIP, static, or directly connected routes in the OSPF process. Note: Do not route iBGP routes to OSPF unless there are route-maps associated with the OSPF redistribution.
www.dell.com | support.dell.com Troubleshooting OSPFv2 FTOS has several tools to make troubleshooting easier. Be sure to check the following, as these are typical issues that interrupt an OSPFv2 process. Note that this is not a comprehensive list, just some examples of typical troubleshooting checks.
Figure 24-20. Command Example: show running-config ospf FTOS#show run ospf ! router ospf 3 ! router ospf 4 router-id 4.4.4.4 network 4.4.4.0/28 area 1 ! router ospf 5 ! router ospf 6 ! router ospf 7 mib-binding ! router ospf 8 ! router ospf 90 area 2 virtual-link 4.4.4.4 area 2 virtual-link 90.90.90.90 retransmit-interval 300 ! ipv6 router ospf 999 default-information originate always router-id 10.10.10.
www.dell.com | support.dell.com Use the following command in EXEC Privilege mode to configure the debugging options of an OSPFv2 process: 490 | Command Syntax Command Mode Usage debug ip ospf process-id [event | packet | spf] EXEC Privilege View debug messages. To view debug messages for a specific OSPF process ID, enter debug ip ospf process-id. If you do not enter a process ID, the command applies to the first OSPF process.
Configuration Task List for OSPFv3 (OSPF for IPv6) Open Shortest Path First version 3 (OSPF for IPv6) is supported on platforms ce The configuration options of OSPFv3 are the same as those for OSPFv2, but may be configured with differently labeled commands. Process IDs and areas need to be specified. Interfaces and addresses need to be included in the process. Areas can be defined as stub or totally stubby.
www.dell.com | support.dell.com Enable IPv6 Unicast Routing Command Syntax Command Mode Usage ipv6 unicast routing CONFIGURATION Enables IPv6 unicast routing globally. Assign IPv6 addresses on an interface Command Syntax Command Mode Usage ipv6 address ipv6 address CONF-INT-type slot/port Assign IPv6 address to the interface. IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:).
Assign OSPFv3 Process ID and Router ID Globally Command Syntax Command Mode Usage ipv6 router ospf {process ID} CONFIGURATION Enable the OSPFv3 process globally and enter OSPFv3 mode. Range: 0-65535 router-id {number} CONF-IPV6-ROUTER-OSPF Assign the Router ID for this OSPFv3 process number: IPv4 address Format: A.B.C.D Note: The router-id for an OSPFv3 router is entered as an IPv4 IP address.
www.dell.com | support.dell.com Configure Passive-Interface Use the following command to suppress the interface’s participation on an OSPFv3 interface. This command stops the router from sending updates on that interface. Command Syntax Command Mode Usage passive-interface {type slot/port} CONF-IPV6-ROUTER-OSPF Specify whether some or all some of the interfaces will be passive. Interface identifies the specific interface that will be passive.
Redistribute routes You can add routes from other routing instances or protocols to the OSPFv3 process. With the redistribute command syntax, you can include RIP, static, or directly connected routes in the OSPF process. Command Syntax Command Mode Usage redistribute {bgp | connected | static} [metric metric-value | metric-type type-value] [route-map map-name] [tag tag-value] CONF-IPV6-ROUTER-OSPF Specify which routes will be redistributed into OSPF process.
www.dell.com | support.dell.com Troubleshooting OSPFv3 FTOS has several tools to make troubleshooting easier. Be sure to check the following, as these are typical issues that interrupt the OSPFv3 process. Note that this is not a comprehensive list, just some examples of typical troubleshooting checks.
Use the following command in EXEC Privilege mode to configure the debugging options of an OSPFv3 process: Command Syntax Command Mode Usage debug ipv6 ospf packet {type slot/port} EXEC Privilege View debug messages for all OSPFv3 interfaces. • packet: view OSPF packet information. • For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information (e.g. passive-interface gi 2/1).
www.dell.com | support.dell.com Figure 24-21. Basic topology and CLI commands for OSPFv2 OSPF AREA 0 GI 2/1 GI 1/1 GI 2/2 GI 1/2 GI 3/1 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 ! interface GigabitEthernet 1/1 ip address 10.1.11.1/24 no shutdown ! interface GigabitEthernet 1/2 ip address 10.2.12.2/24 no shutdown ! interface Loopback 10 ip address 192.168.100.100/24 no shutdown 498 | GI 3/2 router ospf 33333 network 192.168.100.
25 PIM Sparse-Mode PIM Sparse-Mode is supported on platforms: ces PIM-Sparse Mode (PIM-SM) is a multicast protocol that forwards multicast traffic to a subnet only upon request using a PIM Join message; this behavior is the opposite of PIM-Dense Mode, which forwards multicast traffic to all subnets until a request to stop. Implementation Information • • • • • • • • • The Dell Networking implementation of PIM-SM is based on the IETF Internet Draft draft-ietf-pim-sm-v2-new-05.
www.dell.com | support.dell.com Requesting Multicast Traffic A host requesting multicast traffic for a particular group sends an IGMP Join message to its gateway router. The gateway router is then responsible for joining the shared tree to the RP (RPT) so that the host can receive the requested traffic. 1. Upon receiving an IGMP Join message, the receiver gateway router (last-hop DR) creates a (*,G) entry in its multicast routing table for the requested group.
source, including the RP, create an (S,G) entry and list the interface on which the message was received as an outgoing interface, thus recreating a SPT to the source. 3. Once the RP starts receiving multicast traffic via the (S,G) it unicasts a Register-Stop message to the first-hop DR so that multicast packets are no longer encapsulated in PIM Register packets and unicast.
www.dell.com | support.dell.com Enable PIM-SM You must enable PIM-SM on each participating interface: Step 1 2 Task Command Command Mode Enable multicast routing on the system. ip multicast-routing CONFIGURATION Enable PIM-Sparse Mode ip pim sparse-mode INTERFACE Display which interfaces are enabled with PIM-SM using the command show ip pim interface from EXEC Privilege mode, as shown in Figure 25-1. Figure 25-1.
Figure 25-3. Viewing the PIM Multicast Routing Table FTOS#show ip pim tib PIM Multicast Routing Table Flags: D - Dense, S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 192.1.2.1), uptime 00:29:36, expires 00:03:26, RP 10.87.2.6, flags: SCJ Incoming interface: GigabitEthernet 4/12, RPF neighbor 10.87.3.
www.dell.com | support.dell.com Step 3 Task Command Syntax Command Mode Set the expiry time for a specific (S,G) entry (Figure 25-4). Range 211-86400 seconds Default: 210 ip pim sparse-mode sg-expiry-timer seconds CONFIGURATION sg-list access-list-name Note: The expiry time configuration is nullified, and the default global expiry time is used if: • an ACL is specified for an in the ip pim sparse-mode sg-expiry-timer command, but the ACL has not been created or is a standard ACL.
Override Bootstrap Router Updates PIM-SM routers need to know the address of the RP for each group for which they have (*,G) entry. This address is obtained automatically through the bootstrap router (BSR) mechanism or a static RP configuration. If you have configured a static RP for a group, use the option override with the command ip pim rp-address to override bootstrap router updates with your static RP configuration.
www.dell.com | support.dell.com 506 Create Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM Multicast Border Routers (PMBRs). PMBRs connect each PIM domain to the rest of the internet. Create multicast boundaries and domains by filtering inbound and outbound Bootstrap Router (BSR) messages per interface, use the ip pim bsr-border command.
26 PIM Source-Specific Mode PIM Source-Specific Mode is supported on platforms: ces PIM-Source-Specific Mode (PIM-SSM) is a multicast protocol that forwards multicast traffic from a single source to a subnet. In the other versions of Protocol Independent Multicast (PIM), a receiver subscribes to a group only. The receiver receives traffic not just from the source in which it is interested but from all sources sending to that group.
| PIM Source-Specific Mode (10.11.5.2, 239.0.0.2), uptime 00:00:36, expires 00:03:14, flags: CT Incoming interface: GigabitEthernet 1/31, RPF neighbor 10.11.13.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:02:12/Never interface Vlan 400 ip pim sparse-mode ip address 10.11.4.1/24 untagged GigabitEthernet 1/2 ip igmp version 3 no shutdown interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.1/24 no shutdown RP 2/1 R1 3/21 3/1 Source 1 10.11.5.
Implementation Information • • • • The Dell Networking implementation of PIM-SSM is based on RFC 3569. C-Series supports a maximum of 31 PIM interfaces and 4K multicast entries including (*,G), and (S,G) entries. There is no limit on the number of PIM neighbors C-Series can have. S-Series supports a maximum of 31 PIM interfaces and 2K multicast entries including (*,G), and (S,G) entries. There is no limit on the number of PIM neighbors S-Series can have.
www.dell.com | support.dell.com Step 2 Task Command Syntax Command Mode Enter the command ip pim ssm-range and specify the ACL you created. ip pim ssm-range acl-name CONFIGURATION Display address ranges in the PIM-SSM range using the command show ip pim ssm-range from EXEC Privilege mode. Figure 26-2. Enabling PIM-SSM R1(conf)#do show run pim ! ip pim rp-address 10.11.12.2 group-address 224.0.0.0/4 ip pim ssm-range ssm R1(conf)#do show run acl ! ip access-list standard ssm seq 5 permit host 239.0.
interface Vlan 400 ip pim sparse-mode ip address 10.11.4.1/24 untagged GigabitEthernet 1/2 ip igmp version 3 no shutdown ip igmp snooping enable (10.11.5.2, 239.0.0.2), uptime 00:00:33, expires 00:00:00, flags: CJ Incoming interface: GigabitEthernet 1/31, RPF neighbor 10.11.13.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:00:33/Never (10.11.5.2, 239.0.0.1), uptime 00:01:50, expires 00:03:28, flags: CT Incoming interface: GigabitEthernet 1/31, RPF neighbor 10.11.13.
www.dell.com | support.dell.com Figure 26-4. Configuring PIM-SSM with IGMPv2 R1(conf)#do show run pim ! ip pim rp-address 10.11.12.2 group-address 224.0.0.0/4 ip pim ssm-range ssm R1(conf)#do show run acl ! ip access-list standard map seq 5 permit host 239.0.0.2 ! ip access-list standard ssm seq 5 permit host 239.0.0.2 R1(conf)#ip igmp ssm-map map 10.11.5.2 R1(conf)#do show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Mode 239.0.0.
27 Port Monitoring Port Monitoring is supported on platforms: ces Port Monitoring is a feature that copies all incoming or outgoing packets on one port and forwards (mirrors) them to to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG). Port Monitoring functionality is different between platforms, but the behavior is the same, with highlighted exceptions.
www.dell.com | support.dell.com Table 27-1 lists the maximum number of monitoring sessions per system. For the C-Series and S-Series, the total number of sessions is derived by consuming a unique destination port in each session, in each port-pipe. Table 27-1.
Message 3 One Source/Destination Port per Port-pipe Error Message on E-Series TeraScale % Error: Some port from this port pipe is already configured as MD. % Error: Some port from this port pipe is already configured as MG. Figure 27-1 illustrates a possible port monitoring configuration on the E-Series. Figure 27-1.
www.dell.com | support.dell.com Figure 27-2. Number of Monitoring Ports on the C-Series and S-Series FTOS#show mon session SessionID Source Destination Direction Mode ----------------------------------0 Gi 0/13 Gi 0/1 rx interface 10 Gi 0/14 Gi 0/2 rx interface 20 Gi 0/15 Gi 0/3 rx interface 30 Gi 0/16 Gi 0/37 rx interface FTOS(conf)#mon ses 300 FTOS(conf-mon-sess-300)#source gig 0/17 destination gig 0/4 direction tx % Error: Exceeding max MG ports for this MD port pipe.
Figure 27-4.
www.dell.com | support.dell.com FTOS Behavior: The C-Series and S-Series continue to mirror outgoing traffic even after an MD participating in Spanning Tree Protocol transitions from the forwarding to blocking. Configuring Port Monitoring To configure port monitoring: Step Task Command Syntax Command Mode 1 Verify that the intended monitoring port has no configuration other than no shutdown, as shown in Figure 27-6.
Figure 27-7.
www.dell.com | support.dell.com Flow-based Monitoring Flow-based Monitoring is supported only on platform e Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead all traffic on the interface. This feature is particularly useful when looking for malicious traffic. It is available for Layer 2 and Layer 3 ingress and egress traffic. You may specify traffic using standard or extended access-lists.
Figure 27-8. Configuring Flow-based Monitoring FTOS(conf)#monitor session 0 FTOS(conf-mon-sess-0)#flow-based enable FTOS(conf)#ip access-list ext testflow FTOS(config-ext-nacl)#seq 5 permit icmp any any count bytes monitor FTOS(config-ext-nacl)#seq 10 permit ip 102.1.1.
| Port Monitoring www.dell.com | support.dell.
28 Private VLANs FTOS 7.8.1.0 adds a Private VLAN (PVLAN) feature for the C-Series and S-Series: cs For syntax details on the commands discussed in this chapter, see the Private VLANs Commands chapter in the FTOS Command Reference.
www.dell.com | support.dell.com • A community VLAN can only contain ports configured as host. Isolated VLAN — An isolated VLAN is a type of secondary VLAN in a primary VLAN: • • • Ports in an isolated VLAN cannot talk directly to each other. Ports in an isolated VLAN can only communicate with promiscuous ports in the primary VLAN. An isolated VLAN can only contain ports configured as host.
Private VLAN Commands The commands dedicated to supporting the Private VLANs feature are: Table 28-1. Private VLAN Commands Task Command Syntax Command Mode Enable/disable Layer 3 communication between secondary VLANs. [no] ip local-proxy-arp Note: Even after ip-local-proxy-arp is disabled (no ip-local-proxy-arp) in a secondary VLAN, Layer 3 communication may happen between some secondary VLAN hosts, until the ARP timeout happens on those secondary VLAN hosts.
www.dell.com | support.dell.com Creating PVLAN ports Private VLAN ports are those that will be assigned to the private VLAN (PVLAN). Step Command Syntax Command Mode Purpose interface interface CONFIGURATION Access the INTERFACE mode for the port that you want to assign to a PVLAN. 2 no shutdown INTERFACE Enable the port. 3 switchport INTERFACE Set the port in Layer 2 mode.
Creating a Primary VLAN A primary VLAN is a port-based VLAN that is specifically enabled as a primary VLAN to contain the promiscuous ports and PVLAN trunk ports for the private VLAN. A primary VLAN also contains a mapping to secondary VLANs, which are comprised of community VLANs and isolated VLANs. Step Command Syntax Command Mode Purpose interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode for the VLAN to which you want to assign the PVLAN interfaces.
www.dell.com | support.dell.com Creating a Community VLAN A community VLAN is a secondary VLAN of the primary VLAN in a private VLAN. The ports in a community VLAN can talk to each other and with the promiscuous ports in the primary VLAN. Step Command Syntax Command Mode Purpose 1 interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode for the VLAN that you want to make a community VLAN. 2 no shutdown INTERFACE VLAN Enable the VLAN.
Figure 28-2.
www.dell.com | support.dell.com The result is that: • • • • The ports in community VLAN 4001 can communicate directly with each other and with promiscuous ports. The ports in community VLAN 4002 can communicate directly with each other and with promiscuous ports The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the primary VLAN 4000.
show vlan private-vlan mapping: Display the primary-secondary VLAN mapping. See the example • output from the S50V, above, in Figure 28-6. Two show commands revised to display PVLAN data are: • • show arp • show vlan: See Figure 28-4. revised output in Figure 28-7. show vlan private-vlan Example Output from C300 c300-1#show vlan private-vlan Primary Secondary Type Active ------- --------- --------- -----4000 Primary Yes 4001 Community Yes 4002 Community Yes 4003 Isolated Yes c300-1# Figure 28-5.
www.dell.com | support.dell.com Figure 28-8.
29 Per-VLAN Spanning Tree Plus Per-VLAN Spanning Tree Plus is supported platforms: ces Protocol Overview Per-VLAN Spanning Tree Plus (PVST+) is a variation of Spanning Tree—developed by a third party— that allows you to configure a separate Spanning Tree instance for each VLAN. For more information on Spanning Tree, see Chapter 38, Spanning Tree Protocol. Figure 29-1.
www.dell.com | support.dell.com FTOS supports three other variations of Spanning Tree, as shown in Table 29-1. Table 29-1. FTOS Supported Spanning Tree Protocols Dell Networking Term IEEE Specification Spanning Tree Protocol 802.1d Rapid Spanning Tree Protocol 802.1w Multiple Spanning Tree Protocol 802.1s Per-VLAN Spanning Tree Plus Third Party Implementation Information • • • • The FTOS implementation of PVST+ is based on IEEE Standard 802.1d. The FTOS implementation of PVST+ uses IEEE 802.
Enable PVST+ When you enable PVST+, FTOS instantiates STP on each active VLAN. To enable PVST+ globally: Step Task Command Syntax Command Mode 1 Enter PVST context. protocol spanning-tree pvst PROTOCOL PVST 2 Enable PVST+. no disable PROTOCOL PVST Disable PVST+ Task Command Syntax Command Mode Disable PVST+ globally. disable PROTOCOL PVST Disable PVST+ on an interface, or remove a PVST+ parameter configuration.
Load Balancing with PVST+ STI 2 root STI 1: VLAN 100 STI 2: VLAN 200 STI 3: VLAN 300 R2 vlan 100 bridge-priority 4096 2/32 Blocking 3/22 X R3 STI 3 root vlan 100 bridge-priority 4096 3/12 2/12 Forwarding www.dell.com | support.dell.com Figure 29-3. 1/22 X X 1/32 STI 1 root R1 vlan 100 bridge-priority 4096 The bridge with the bridge value for bridge priority is elected root.
Figure 29-4. Display the PVST+ Forwarding Topology FTOS_E600(conf)#do show spanning-tree pvst vlan 100 VLAN 100 Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 100 Current root has priority 4096, Address 0001.e80d.
www.dell.com | support.dell.com Task Command Syntax Command Mode Change the max-age parameter. Range: 6 to 40 Default: 20 seconds vlan max-age PROTOCOL PVST The values for global PVST+ parameters are given in the output of the command show spanning-tree pvst, as shown in Figure 29-4. Modify Interface PVST+ Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port: • • Port cost is a value that is based on the interface type.
Task Command Syntax Command Mode Change the port priority of an interface. Range: 0 to 240, in increments of 16 Default: 128 spanning-tree pvst vlan priority INTERFACE The values for interface PVST+ parameters are given in the output of the command show spanning-tree pvst, as shown in Figure 29-4. Configure an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner.
www.dell.com | support.dell.com FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1 If the interface to be shutdown is a port channel then all the member ports are disabled in the hardware. 2 When a physical port is added to a port channel already in error disable state, the new member port will also be disabled in the hardware.
Figure 29-5. PVST+ with Extend System ID Dell Force10 System VLAN unaware Hub P1 untagged in VLAN 10 X P2 untagged in VLAN 20 moves to blocking unless Extended System ID is enabled Task Command Syntax Command Mode Augment the Bridge ID with the VLAN ID. extend system-id PROTOCOL PVST FTOS(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.
www.dell.com | support.dell.com Figure 29-6.
Figure 29-7.
www.dell.com | support.dell.
30 Quality of Service Quality of Service (QoS) is supported on platforms: ces Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. The C-Series traffic has eight queues per port. Four queues are for data traffic and four are for control traffic. All queues are serviced using the Deficit Round Robin scheduling algorithm. You can only manage queuing prioritization on egress. Table 30-1.
www.dell.com | support.dell.com Table 30-1.
Figure 30-1. Dell Networking QoS Architecture Marking (DiffServ, 802.1p, Exp) Ingress Packet Processing Packet Classification (ACL) Rate Policing Buffers Class-based Queues Switching Rate Limiting Buffers Class-based Queues Egress Congestion Management (WFQ Scheduling) Egress Packet Processing Traffic Shaping Congestion Avoidance (WRED) Implementation Information Dell Networking QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication.
www.dell.com | support.dell.com • • Configure Port-based Rate Shaping Quality of Service Set dot1p Priorities for Incoming Traffic Change the priority of incoming traffic on the interface using the command dot1p-priority from INTERFACE mode, as shown in Figure 30-2. FTOS places traffic marked with a priority in a queue based on Table 30-2. If you set a dot1p priority for a port-channel, all port-channel members are configured with the same value.
On the C-Series and S-Series you can configure service-class dynamic dot1p from CONFIGURATION mode, which applies the configuration to all interfaces. A CONFIGURATION mode service-class dynamic dot1p entry supersedes any INTERFACE entries. See Mapping dot1p values to service queues. Note: You cannot configure service-policy input and service-class dynamic dot1p on the same interface. Figure 30-3.
www.dell.com | support.dell.com Figure 30-5.
Figure 30-7.
www.dell.com | support.dell.com Figure 30-9. Constructing Policy-based QoS Configurations Interface Input Service Policy 0 Output Service Policy 7 Input Policy Map Input Policy Map Class Map L3 ACL L3 Fields 7 0 DSCP Rate Policing Output Policy Map Output Policy Map Output QoS Policy Input QoS Policy Outgoing Marking Rate Limiting WRED B/W Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to each class.
Figure 30-10. Using the Order Keyword in ACLs FTOS(conf)#ip access-list standard acl1 FTOS(config-std-nacl)#permit 20.0.0.0/8 FTOS(config-std-nacl)#exit FTOS(conf)#ip access-list standard acl2 FTOS(config-std-nacl)#permit 20.1.1.
www.dell.com | support.dell.com Set DSCP values for egress packets based on flow Match-any Layer 3 flows may have several match criteria. All flows that that match at least one of the match criteria are mapped to the same queue since they are in the same class map. Setting a DSCP value from QOS-POLICY-IN mode (see Set a DSCP value for egress packets) assigns the same DSCP value to all of the matching flows in the class-map.
FTOS Behavior: An explicit “deny any" rule in a Layer 3 ACL used in a (match any or match all) class-map creates a "default to Queue 0" entry in the CAM, which causes unintended traffic classification. Below, traffic is classified in two Queues, 1 and 2. Class-map ClassAF1 is “match any,” and ClassAF2 is “match all”.
www.dell.com | support.dell.com Create a QoS Policy There are two types of QoS policies: input and output. Input QoS policies regulate Layer 3 and Layer 2 ingress traffic. The regulation mechanisms for input QoS policies are rate policing and setting priority values. There are two types of input QoS policies: Layer 3 and Layer 2. • • Layer 3 QoS input policies allow you to rate police and set a DSCP or dot1p value. Layer 2 QoS input policies allow you to rate police and set a dot1p value.
Figure 30-12. Marking DSCP Values for Egress Packets FTOS#config FTOS(conf)#qos-policy-input my-input-qos-policy FTOS(conf-qos-policy-in)#set ip-dscp 34 % Info: To set the specified DSCP value 34 (100-010 b) the QoS policy must be mapped to queue 4 (100 b).
www.dell.com | support.dell.com To allocate bandwidth to queues on the C-Series and S-Series, assign each queue a weight ranging from 1 to 1024, in increments of 2n , using the command bandwidth-weight. Table 30-3 shows the default bandwidth weights for each queue, and their equivalent percentage which is derived by dividing the bandwidth weight by the sum of all queue weights. Table 30-3. Queue Default Bandwidth Weights for C-Series and S-Series Default Weight Equivalent Percentage 0 1 6.
Create Input Policy Maps There are two types of input policy-maps: Layer 3 and Layer 2. 1. Create a Layer 3 input policy map using the command policy-map-input from CONFIGURATION mode. Create a Layer 2 input policy map by specifying the keyword layer2 with the policy-map-input command. 2.
www.dell.com | support.dell.com DSCP/CP hex range (XXX)xxx DSCP Definition Traditional IP Precedence E-Series Internal Queue ID C-Series Internal Queue ID S-Series Internal DSCP/CP Queue ID decimal 011XXX AF3 Flash 3 1 1 010XXX AF2 Immediate 2 1 1 001XXX AF1 Priority 1 0 0 000XXX BE (Best Effort) Best Effort 0 0 0 16–31 0–15 Honoring dot1p values on ingress packets FTOS provides the ability to honor dot1p values on ingress packets with the Trust dot1p feature.
By default, if no match occurs, the packet is queued to the default queue, Queue 0.
www.dell.com | support.dell.com Mapping dot1p values to service queues Mapping dot1p values to service queues is available only on platforms: cs On the C-Series and S-Series all traffic is by default mapped to the same queue, Queue 0. If you honor dot1p on ingress, then you can create service classes based the queueing strategy in Table 30-6 using the command service-class dynamic dot1p from INTERFACE mode. You may apply this queuing strategy globally by entering this command from CONFIGURATION mode.
Apply an output QoS policy to a queue Apply an output QoS policy to queues using the command service-queue from INTERFACE mode. Specify an aggregate QoS policy Specify an aggregate QoS policy using the command policy-aggregate from POLICY-MAP-OUT mode. Apply an output policy map to an interface Apply an input policy map to an interface using the command service-policy output from INTERFACE mode. You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it.
www.dell.com | support.dell.com Strict-priority Queueing You can assign strict-priority to one unicast queue, 1-7, using the command strict-priority from CONFIGURATION mode. Strict-priority means that FTOS dequeues all packets from the assigned queue before servicing any other queues. • • • The strict-priority supersedes bandwidth-percentage an bandwidth-weight percentage configurations. A queue with strict-priority can starve other queues in the same port-pipe.
You can create a custom WRED profile or use on of the five pre-defined profiles listed in Table 30-7. Table 30-7. Pre-defined WRED Profiles Default Profile Minimum Name Threshold Maximum Threshold wred_drop 0 0 wred_ge_y 1024 2048 wred_ge_g 2048 4096 wred_teng_y 4096 8192 wred_teng_g 8192 16384 Create WRED Profiles To create a WRED profile: 1. Create a WRED profile using the command wred from CONFIGURATION mode. 2. The command wred places you in WRED mode.
www.dell.com | support.dell.com WRED can be used in combination with storm control to regulate broadcast and unknown-unicast traffic. This feature is available through an additional option in command storm-control [broadcast | unknown-unicast] at CONFIGURATION. See the FTOS Command Line Reference for information on using this command. Using the command storm-control broadcast 50 out wred-profile, for example, first the total bandwidth that broadcast traffic can consume is reduced to 50% of line rate.
Figure 30-15.
www.dell.com | support.dell.com For example, if you configure 70% bandwidth to multicast, 80% bandwidth to one queue in unicast and 0 % to all remaining unicast queues, then first, FTOS assigns 70% bandwidth to multicast, then FTOS derives the 80% bandwidth for unicast from the remaining 30% of total bandwidth. Pre-calculating Available QoS CAM Space Pre-calculating Available QoS CAM Space is supported on platforms: ces Before version 7.3.
• Status indicates whether or not the specified policy-map can be completely applied to an interface in the port-pipe. • Allowed indicates that the policy-map can be applied because the estimated number of CAM entries is less or equal to the available number of CAM entries. The number of interfaces in the port-pipe to which the policy-map can be applied is given in parenthesis.
| Quality of Service www.dell.com | support.dell.
31 Routing Information Protocol Routing Information Protocol is supported only on platforms: ce s RIP is supported on the S-Series following the release of FTOS version 7.8.1.0, and on the C-Series with FTOS versions 7.6.1.0 and after. Routing Information Protocol (RIP) is based on a distance-vector algorithm, it tracks distances or hop counts to nearby routers when establishing network connections.
www.dell.com | support.dell.com This first RIP version does not support VLSM or CIDR and is not widely used. RIPv2 RIPv2 adds support for subnet fields in the RIP routing updates, thus qualifying it as a classless routing protocol. The RIPv2 message format includes entries for route tags, subnet masks, and next hop addresses. Another enhancement included in RIPv2 is multicasting for route updates on IP multicast address 224.0.0.9.
• • • • • • Set send and receive version (optional) Generate a default route (optional) Control route metrics (optional) Summarize routes (optional) Control route metrics Debug RIP For a complete listing of all commands related to RIP, refer to the FTOS Command Reference. Enable RIP globally By default, RIP is not enabled in FTOS.
www.dell.com | support.dell.com Figure 31-2. show ip rip database Command Example (Partial) FTOS#show ip rip database Total number of routes in RIP database: 978 160.160.0.0/16 [120/1] via 29.10.10.12, 00:00:26, Fa 160.160.0.0/16 auto-summary 2.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 2.0.0.0/8 auto-summary 4.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 4.0.0.0/8 auto-summary 8.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 8.0.0.0/8 auto-summary 12.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 12.
To control the source of RIP route information, use the following commands, in the ROUTER RIP mode: Command Syntax Command Mode Purpose neighbor ip-address ROUTER RIP Define a specific router to exchange RIP information between it and the Dell Networking system. You can use this command multiple times to exchange RIP information with as many RIP networks as you want. passive-interface interface ROUTER RIP Disable a specific interface from sending or receiving RIP routing information.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose redistribute isis [level-1 | level-1-2 | level-2] [metric metric-value] [route-map map-name] ROUTER RIP Include IS-IS routes in RIP. • metric range: 0 to 16 • map-name: name of a configured route map. Note: IS-IS is not supported on the S-Series platform. redistribute ospf process-id [match external {1 | 2} | match internal] [metric value] [route-map map-name] ROUTER RIP Include specific OSPF routes in RIP.
Figure 31-3.
www.dell.com | support.dell.com Figure 31-5.
Summarize routes Routes in the RIPv2 routing table are summarized by default, thus reducing the size of the routing table and improving routing efficiency in large networks. By default, the autosummary command in the ROUTER RIP mode is enabled and summarizes RIP routes up to the classful network boundary. If you must perform routing between discontiguous subnets, disable automatic summarization. With automatic route summarization disabled, subnets are advertised.
www.dell.com | support.dell.com Debug RIP The debug ip rip command enables RIP debugging. When debugging is enabled, you can view information on RIP protocol changes or RIP routes. To enable RIP debugging, use the following command in the EXEC privilege mode: Command Syntax Command Mode Purpose debug ip rip [interface | database | events | trigger] EXEC privilege Enable debugging of RIP. Figure 31-6 shows the confirmation when the debug function is enabled. Figure 31-6.
Configuring RIPv2 on Core 2 Figure 31-8. Configuring RIPv2 on Core 2 Core2(conf-if-gi-2/31)# Core2(conf-if-gi-2/31)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10.0 Core2(conf-router_rip)#network 10.300.10.0 Core2(conf-router_rip)#network 10.11.10.0 Core2(conf-router_rip)#network 10.11.20.0 Core2(conf-router_rip)#show config ! router rip network 10.0.0.
www.dell.com | support.dell.com Figure 31-10.
RIP Configuration on Core 3 Figure 31-12. RIP Configuration on Core 3 Core3(conf-if-gi-3/21)#router rip Core3(conf-router_rip)#version 2 Core3(conf-router_rip)#network 192.168.1.0 Core3(conf-router_rip)#network 192.168.2.0 Core3(conf-router_rip)#network 10.11.30.0 Core3(conf-router_rip)#network 10.11.20.0 Core3(conf-router_rip)#show config ! router rip network 10.0.0.0 network 192.168.1.0 network 192.168.2.
www.dell.com | support.dell.com Figure 31-14.
RIP Configuration Summary Figure 31-16. Summary of Core 2 RIP Configuration Using Output of show run Command ! interface GigabitEthernet 2/11 ip address 10.11.10.1/24 no shutdown ! interface GigabitEthernet 2/31 ip address 10.11.20.2/24 no shutdown ! interface GigabitEthernet 2/41 ip address 10.200.10.1/24 no shutdown ! interface GigabitEthernet 2/42 ip address 10.250.10.1/24 no shutdown router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 Figure 31-17.
www.dell.com | support.dell.
32 Remote Monitoring Remote Monitoring is supported on platform ces This chapter describes the Remote Monitoring (RMON): • • Implementation Fault Recovery Remote Monitoring (RMON) is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet Interfaces. RMON operates with SNMP and monitors all nodes on a LAN segment.
www.dell.com | support.dell.com Fault Recovery RMON provides the following fault recovery functions: Interface Down—When an RMON-enabled interface goes down, monitoring continues. However, all data values are registered as 0xFFFFFFFF (32 bits) or ixFFFFFFFFFFFFFFFF (64 bits). When the interface comes back up, RMON monitoring processes resumes. Note: A Network Management System (NMS) should be ready to interpret a down interface and plot the interface performance graph accordingly.
Set rmon alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. To disable the alarm, use the no form of this command: Command Syntax Command Mode Purpose [no] rmon alarm number variable interval {delta | absolute} rising-threshold [value event-number] falling-threshold value event-number [owner string] CONFIGURATION Set an alarm on any MIB object. Use the no form of this command to disable the alarm.
www.dell.com | support.dell.com Figure 32-1. rmon alarm Command Example FTOS(conf)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 20 delta rising-threshold 15 1 falling-threshold 0 owner nms1 Alarm Number MIB Variable Monitor Interval Counter Value Limit Triggered Event The above example configures RMON alarm number 10. The alarm monitors the MIB variable 1.3.6.1.2.1.2.2.1.20.1 (ifEntry.ifOutErrors) once every 20 seconds until the alarm is disabled, and checks the rise or fall of the variable.
Figure 32-2. rmon event Command Example FTOS(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 The above configuration example creates RMON event number 1, with the description “High ifOutErrors”, and generates a log entry when the event is triggered by an alarm. The user nms1 owns the row that is created in the event table by this command. This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”.
www.dell.com | support.dell.com Configure RMON collection history To enable the RMON MIB history group of statistics collection on an interface, use the rmon collection history command in interface configuration mode. To remove a specified RMON history group of statistics collection, use the no form of this command.
33 Rapid Spanning Tree Protocol Rapid Spanning Tree Protocol is supported on platforms: ces Protocol Overview Rapid Spanning Tree Protocol (RSTP) is a Layer 2 protocol—specified by IEEE 802.1w—that is essentially the same as Spanning-Tree Protocol (STP) but provides faster convergence and interoperability with switches configured with STP and MSTP. FTOS supports three other variations of Spanning Tree, as shown in Table 33-1. Table 33-1.
www.dell.com | support.dell.com • • • • Configuring Spanning Trees as Hitless SNMP Traps for Root Elections and Topology Changes Fast Hellos for Link State Detection Flush MAC Addresses after a Topology Change Important Points to Remember • • • • RSTP is disabled by default. FTOS supports only one Rapid Spanning Tree (RST) instance. All interfaces in VLANs and all enabled interfaces in Layer 2 mode are automatically added to the RST topology.
To configure the interfaces for Layer 2 and then enable them: Step Task Command Syntax Command Mode 1 If the interface has been assigned an IP address, remove it. no ip address INTERFACE 2 Place the interface in Layer 2 mode. switchport INTERFACE 3 Enable the interface. no shutdown INTERFACE Verify that an interface is in Layer 2 mode and enabled using the show config command from INTERFACE mode. Figure 33-2.
www.dell.com | support.dell.com Figure 33-3. Verifying RSTP is Enabled FTOS(conf-rstp)#show config ! protocol spanning-tree rstp no disable FTOS(conf-rstp)# Indicates that Rapid Spanning Tree is enabled When you enable Rapid Spanning Tree, all physical and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of the RST topology. • • Only one path from any bridge to any other bridge is enabled. Bridges block a redundant path by disabling one of the link ports.
Figure 33-5. show spanning-tree rstp Command Example FTOS#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.cbb4 Configured hello time 2, max age 20, forward delay 15, max hops 0 We are the root Current root has priority 32768, Address 0001.e801.
www.dell.com | support.dell.com Figure 33-6. show spanning-tree rstp brief Command Example R3#show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e80f.
Table 33-2 displays the default values for RSTP. Table 33-2.
www.dell.com | support.dell.com • Port priority influences the likelihood that a port will be selected to be a forwarding port in case that several ports have the same port cost. To change the port cost or priority of an interface, use the following commands: Task Command Syntax Command Mode Change the port cost of an interface. Range: 0 to 65535 Default: see Table 33-2. spanning-tree rstp cost cost INTERFACE Change the port priority of an interface.
FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1 If the interface to be shutdown is a port channel then all the member ports are disabled in the hardware. 2 When a physical port is added to a port channel already in error disable state, the new member port will also be disabled in the hardware. 3 When a physical port is removed from a port channel in error disable state, the error disabled state is cleared on this physical port (the physical port will be enabled in the hardware).
www.dell.com | support.dell.com Figure 33-8. bridge-priority Command Example FTOS(conf-rstp)#bridge-priority 4096 04:27:59: %RPM0-P:RP2 %SPANMGR-5-STP_ROOT_CHANGE: RSTP root changed. My Bridge ID: 4096:0001.e80b.88bd Old Root: 32768:0001.e801.cbb4 New Root: 4096:0001.e80b.88bd Old root bridge ID New root bridge ID SNMP Traps for Root Elections and Topology Changes Enable SNMP traps for RSTP, MSTP, and PVST+ collectively using the command snmp-server enable traps xstp.
34 Security Security features are supported on platforms ces This chapter discusses several ways to provide access security to the Dell Networking system. Platform-specific features are identified by the c, e or s icons (as shown below).
www.dell.com | support.dell.
Suppress AAA Accounting for null username sessions When AAA Accounting is activated, the FTOS software issues accounting records for all users on the system, including users whose username string, because of protocol translation, is NULL. An example of this is a user who comes in on a line where the AAA Authentication login method-list none command is applied.
www.dell.com | support.dell.com No specific show command exists for TACACS+ accounting. To obtain accounting records displaying information about users currently logged in, perform the following task in Privileged EXEC mode: Command Syntax Command Mode Purpose show accounting CONFIGURATION Step through all active sessions and print all the accounting records for the actively accounted functions. Figure 34-1.
Configure login authentication for terminal lines You can assign up to five authentication methods to a method list. FTOS evaluates the methods in the order in which you enter them in each list. If the first method list does not respond or returns an error, FTOS applies the next method list until the user either passes or fails the authentication. If the user fails a method list, FTOS does not apply the next method list.
www.dell.com | support.dell.com To view the configuration, use the show config command in the LINE mode or the show running-config in the EXEC Privilege mode. Note: Dell Networking recommends that you use the none method only as a backup. This method does not authenticate users. The none and enable methods do not work with SSH. You can create multiple method lists and assign them to different terminal lines.
To use local authentication for enable secret on console, while using remote authentication on VTY lines, perform the following steps: FTOS(config)# aaa authentication enable mymethodlist radius tacacs FTOS(config)# line vty 0 9 FTOS(config-line-vty)# enable authentication mymethodlist Server-side configuration TACACS+: When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then, a second packet with just the password.
www.dell.com | support.dell.com Privilege levels 2 through 14 are not configured and you can customize them for different users and access. After you configure other privilege levels, enter those levels by adding the level parameter after the enable command or by configuring a user name or password that corresponds to the privilege level. Refer to Configure a username and password for more information on configuring user names. By default, commands in FTOS are assigned to different privilege levels.
To configure a username and password, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose username name [access-class access-list-name] [nopassword | password [encryption-type] password] [privilege level] CONFIGURATION Assign a user name and password. Configure the optional and required parameters: • name: Enter a text string up to 63 characters long. • access-class access-list-name: Enter the name of a configured IP ACL.
www.dell.com | support.dell.com Configure custom privilege levels In addition to assigning privilege levels to the user, you can configure the privilege levels of commands so that they are visible in different privilege levels. Within FTOS, commands have certain privilege levels. With the privilege command, the default level can be changed or you can reset their privilege level back to the default.
Step Command Syntax Command Mode Purpose 3 privilege mode {level level command | reset command} CONFIGURATION Configure level and commands for a mode or reset a command’s level. Configure the following required and optional parameters: • mode: Enter a keyword for the modes (exec, configure, interface, line, route-map, router) • level level range: 0 to 15. Levels 0, 1 and 15 are pre-configured. Levels 2 to 14 are available for custom configuration.
www.dell.com | support.dell.com Figure 34-3. User john’s Login and the List of Available Commands apollo% telnet 172.31.1.53 Trying 172.31.1.53... Connected to 172.31.1.53. Escape character is '^]'.
Enable and disabling privilege levels Enter the enable or enable privilege-level command in the EXEC Privilege mode to set a user’s security level. If you do not enter a privilege level, FTOS sets it to 15 by default. To move to a lower privilege level, enter the command disable followed by the level-number you wish to set for the user in the EXEC Privilege mode. If you enter disable without a level-number, your security level is 1.
www.dell.com | support.dell.com After gaining authorization for the first time, you may configure these attributes. Note: RADIUS authentication/authorization is done for every login. There is no difference between first-time login and subsequent logins. Idle Time Every session line has its own idle-time. If the idle-time value is not changed, the default value of 30 minutes is used. RADIUS specifies idle-time allow for a user during a session before timeout.
The following list includes the configuration tasks for RADIUS. • • • • • Define a aaa method list to be used for RADIUS (mandatory) Apply the method list to terminal lines (mandatory except when using default lists) Specify a RADIUS server host (mandatory) Set global communication parameters for all RADIUS server hosts (optional) Monitor RADIUS (optional) For a complete listing of all FTOS commands related to RADIUS, refer to the Security chapter in the FTOS Command Reference.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose login authentication {method-list-name | default} LINE Enable AAA login authentication for the specified RADIUS method list. This procedure is mandatory if you are not using default lists. authorization exec methodlist CONFIGURATION To use the methodlist.
Set global communication parameters for all RADIUS server hosts You can configure global communication parameters (auth-port, key, retransmit, and timeout parameters) and specific host communication parameters on the same system. However, if both global and specific host parameters are configured, the specific host parameters override the global parameters for that RADIUS server host.
www.dell.com | support.dell.com TACACS+ FTOS supports Terminal Access Controller Access Control System (TACACS+ client, including support for login authentication.
To select TACACS as the login authentication method, use these commands in the following sequence in the CONFIGURATION mode: Step 1 2 Command Syntax Command Mode Purpose tacacs-server host {ip-address | host} CONFIGURATION Configure a TACACS+ server host. Enter the IP address or host name of the TACACS+ server. Use this command multiple times to configure multiple TACACS+ server hosts.
www.dell.com | support.dell.com Figure 34-4.
Figure 34-5 demonstrates how to configure the access-class from a TACACS+ server. This causes the configured access-class on the VTY line to be ignored. If you have configured a deny10 ACL on the TACACS+ server, FTOS downloads it and applies it. If the user is found to be coming from the 10.0.0.0 subnet, FTOS also immediately closes the Telnet connection. Note, that no matter where the user is coming from, they see the login prompt. Figure 34-5.
www.dell.com | support.dell.com To delete a TACACS+ server host, use the no tacacs-server host {hostname | ip-address} command. freebsd2# telnet 2200:2200:2200:2200:2200::2202 Trying 2200:2200:2200:2200:2200::2202... Connected to 2200:2200:2200:2200:2200::2202. Escape character is '^]'. Login: admin Password: FTOS# FTOS# !-The prompt is returned as the connection is authenticated.
SCP is a remote file copy program that works with SSH and is supported by FTOS. Note: The Windows-based WinSCP client software is not supported for secure copying between a PC and an FTOS-based system. Unix-based SCP client software is supported.
www.dell.com | support.dell.com Figure 34-6. Specifying an SSH version FTOS(conf)#ip ssh server version 2 FTOS(conf)#do show ip ssh SSH server : disabled. SSH server version : v2. Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled. Vty Encryption Remote IP To disable SSH server functions, enter no ip ssh server enable.
• ip ssh authentication-retries: Configure the maximum number of attempts that should be used to authenticate a user. • ip ssh connection-rate-limit: Configure the maximum number of incoming SSH connections per minute. • • • • • • • • • • • ip ssh hostbased-authentication enable: Enable hostbased-authentication for the SSHv2 server. ip ssh key-size: Configure the size of the server-generated RSA SSHv1 key. ip ssh password-authentication enable: Enable password authentication for the SSH server.
www.dell.com | support.dell.com Figure 34-8. Enabling SSH Password Authentication FTOS(conf)#ip ssh server enable % Please wait while SSH Daemon initializes ... done. FTOS(conf)#ip ssh password-authentication enable FTOS#sh ip ssh SSH server : enabled. Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled. Vty Encryption Remote IP RSA Authentication of SSH The following procedure authenticates an SSH client based on an RSA key using RSA authentication.
To configure host-based authentication: Step Task Command Syntax 1 Configure RSA Authentication. See RSA Authentication of SSH, above. 2 Create shosts by copying the public RSA key to the to the file shosts in the diretory .ssh, and write the IP address of the host to the file. Figure 34-10. Command Mode cp /etc/ssh/ssh_host_rsa_key.pub /.ssh/shosts Creating shosts admin@Unix_client# cd /etc/ssh admin@Unix_client# ls moduli sshd_config ssh_host_dsa_key.pub ssh_host_key.pub ssh_host_rsa_key.
www.dell.com | support.dell.com Figure 34-12. Client-based SSH Authentication FTOS#ssh 10.16.127.201 ? -l User name option -p SSH server port option (default 22) -v SSH protocol version Troubleshooting SSH • You may not bind id_rsa.pub to RSA authentication while logged in via the console. In this case, Message 2 appears. Message 2 RSA Authentication Error %Error: No username set for this term.
VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in FTOS. These depend on which authentication scheme you use — line, local, or remote: Table 34-1. VTY Access Authentication Method Username VTY access-class access-class support? support? Remote authorization support? Line YES NO NO Local NO YES NO TACACS+ YES NO YES (with FTOS 5.2.1.0 and later) RADIUS YES NO YES (with FTOS 6.1.1.
www.dell.com | support.dell.com Figure 34-13.
Figure 34-15.
| Security www.dell.com | support.dell.
35 Service Provider Bridging Service Provider Bridging is supported on platforms: ces This chapter contains the following major sections: • • • • • VLAN Stacking VLAN Stacking Packet Drop Precedence Dynamic Mode CoS for VLAN Stacking Layer 2 Protocol Tunneling Provider Backbone Bridging VLAN Stacking VLAN Stacking is supported on platforms: ces VLAN Stacking, also called Q-in-Q, is defined in IEEE 802.1ad—Provider Bridges, which is an amendment to IEEE 802.1Q—Virtual Bridged Local Area Networks.
VLAN Stacking in a Service Provider Network TPID (0x9100) PCP VID (VLAN 300) DEI PCP TPID (0x8100) CFI (0) VID (VLAN Red) AN 1 00 tagged 100 AN 0 10 VL VL www.dell.com | support.dell.com Figure 35-1.
Create Access and Trunk Ports An access port is a port on the service provider edge that directly connects to the customer. An access port may belong to only one service provider VLAN. A trunk port is a port on a service provider bridge that connects to another service provider bridge and is a member of multiple service provider VLANs. Physical ports and port-channels can be access or trunk ports.
www.dell.com | support.dell.com Display the status and members of a VLAN using the show vlan command from EXEC Privilege mode. Members of a VLAN-Stacking-enabled VLAN are marked with an M in column Q. Figure 35-3.
FTOS Options for Trunk Ports 802.1ad trunk ports may also be tagged members of a VLAN so that it can carry single and double-tagged traffic. You can enable trunk ports to carry untagged, single-tagged, and double-tagged VLAN traffic by making the trunk port a hybrid port. Step Task Command Syntax Command Mode 1 Configure a trunk port to carry untagged, single-tagged, and double-tagged traffic by making it a hybrid port. Note: Note: On the C-Series and S-Series, a trunk port can be added to an 802.
www.dell.com | support.dell.com Debug VLAN Stacking To debug the internal state and membership of a VLAN and its ports, use the debug member command, as shown in Figure 35-5. The port notations in Figure 35-5 are as follows: • • • • • MT — stacked trunk MU — stacked access port T— 802.1Q trunk port U— 802.1Q access port NU— Native VLAN (untagged) Figure 35-5.
Figure 35-6.
LUE TPID Mismatch and 0x8100 Match on the E-Series TeraScale TPID 0x9100 VLAN GREEN UE N BL VLA R1-E-Series TeraScale TPID: 0x9100 NB CE PROVIDER RVI SE X R2-E-Series TeraScale TPID: 0x8181 VLAN GREEN, VLAN VL AN Building D TPID 0x8100 VLA INTE RN ET www.dell.com | support.dell.com Figure 35-7.
LUE First-byte TPID Match on the E-Series ExaScale TPID 0x9191 VLAN GREEN UE N BL VLA R1-E-Series TeraScale TPID: 0x9191 Building D NB CE PROVIDER RVI SE VLA INTE RN ET Figure 35-8. X R2-E-Series ExaScale TPID: 0x9100 VLAN GREEN, VLAN VL AN PU VLAN R PURPLE ED RP LE Building C VL AN D RE Table 35-1 details the outcome of matched and mis-matched TPIDs in a VLAN-stacking network with the E-Series. Table 35-1.
www.dell.com | support.dell.com You can configure the first eight bits of the TPID using the command vlan-stack protocol-type. The TPID on the C-Series and S-Series systems is global. Ingress frames that do not match the system TPID are treated as untagged. This rule applies for both the outer tag TPID of a double-tagged frame and the TPID of a single-tagged frame.
VLA NB LUE Single and Double-tag First-byte TPID Match on C-Series and S-Series DEFAULT VLAN Figure 35-10. TPID 0x8181 R2-C-Series w/ FTOS <8.2.1.0 ED TPID: 0x8181 VLAN R PURPLE VLAN GREEN, VLAN EN GRE VLAN UE DEFAULT VLAN N BL R3-C-Series w/ FTOS >=8.2.1.0 VL VLA TPID: 0x8181 AN PU R1-C-Series w/ FTOS <8.2.1.
www.dell.com | support.dell.com Table 35-2 details the outcome of matched and mismatched TPIDs in a VLAN-stacking network with the C-Series and S-Series. Table 35-2. C-Series and S-Series Behaviors for Mis-matched TPID Network Position Incoming Packet TPID System TPID Match Type Pre-8.2.1.0 8.2.1.
Enable Drop Eligibility You must enable Drop Eligibility globally before you can honor or mark the DEI value. Task Command Syntax Command Mode Make packets eligible for dropping based on their DEI value. By default, packets are colored green, and DEI is marked 0 on egress. dei enable CONFIGURATION When Drop Eligibility is enabled, DEI mapping or marking takes place according to the defaults. In this case, the CFI is affected according to Table 35-3. Table 35-3.
www.dell.com | support.dell.com Task Command Syntax Command Mode FTOS#show interface dei-honor Default Drop precedence: Green Interface CFI/DEI Drop precedence ------------------------------------------------------------Gi 0/1 0 Green Gi 0/1 1 Yellow Gi 8/9 1 Red Gi 8/40 0 Yellow Mark Egress Packets with a DEI Value On egress, you can set the DEI value according to a different mapping than ingress (see Honor the Incoming DEI Value).
Figure 35-12. Statically and Dynamically Assigned dot1p for VLAN Stacking Untagged S-Tag with statically-assigned dot1p S-Tag DATA 0x0800 SA DA DATA 100 1 C-Tag C-Tag 3 0x0800 0x8100 SA DA 3 100 0x8100 C-Tagged 400 0x9100 SA DA 0x9100 SA DA S-Tag 4 400 S-Tag with mapped dot1p When configuring Dynamic Mode CoS, you have two options: a mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p.
www.dell.com | support.dell.com FTOS Behavior: For Option A above, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS configuration, the queue selected by Dynamic Mode CoS takes precedence. However, rate policing for the queue is determined by QoS configuration.
To map C-Tag dot1p values to S-Tag dot1p values and mark the frames accordingly: Step Task Command Syntax Command Mode Allocate CAM space to enable queuing frames according to the C-Tag or the S-Tag. vman-qos: mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p. This method requires half as many CAM entries as vman-qos-dual-fp. vman-qos-dual-fp: mark the S-Tag dot1p and queue the frame according to the S-Tag dot1p.
SPANNI NG TR VLAN Stacking without L2PT INTE RN E T no spanning-tree ETWORK EN RE SPAN NIN G www.dell.com | support.dell.com Figure 35-13. T ING TREE ANN SP CE PROVIDER w/ I V R SE EE EE TR Building B no spanning-tree X BPDU w/ destination MAC address: 01-80-C2-00-00-00 Building A You might need to transport control traffic transparently through the intermediate network to the other region.
VLAN Stacking with L2PT SPANNI NG TR Figure 35-14.
www.dell.com | support.dell.com Enable Layer 2 Protocol Tunneling Step Task Command Syntax Command Mode 1 Verify that the system is running the default CAM profile; you must use this CAM profile for L2PT. show cam-profile EXEC Privilege 2 Enable protocol tunneling globally on the system. protocol-tunnel enable CONFIGURATION 3 Tunnel BPDUs the VLAN.
There are total 13 user-configurable FP blocks on the C-Series and S-Series. The default number of blocks for L2PT is 0; you must allocate at least one to enable BPDU rate-limiting. Step Task Command Syntax Command Mode 1 Create at least one FP group for L2PT. See CAM Allocation on page 223 for details on this command. cam-acl l2acl CONFIGURATION 2 Save the running-config to the startup-config. copy running-config startup-config 3 Reload the system.
www.dell.com | support.dell.com Provider Backbone Bridging through IEEE 802.1ad eliminates the need for tunneling BPDUs with L2PT and increases the reliability of provider bridge networks as the network core need only learn the MAC addresses of core switches, as opposed to all MAC addresses received from attached customer devices. 656 | Task Command Syntax Command Mode Use the Provider Bridge Group address as the destination MAC address in BPDUs.
36 sFlow Configuring sFlow is supported on platforms • • • • • • • • ces Enable and Disable sFlow sFlow Show Commands Specify Collectors Polling Intervals Sampling Rate Back-off Mechanism sFlow on LAG ports Extended sFlow Overview FTOS supports sFlow version 5. sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic. It is designed to provide traffic monitoring for high speed networks with many switches and routers.
www.dell.com | support.dell.com Figure 36-1. sFlow Traffic Monitoring System sFlow Collector Switch/Router sFlow Datagrams sFlow Agent Poll Interface Counters Interface Counters Flow Samples Switch ASIC Implementation Information Dell Networking sFlow is designed so that the hardware sampling rate is per line card port-pipe and is decided based upon all the ports in that port-pipe.
• • • • • • • • • • FTOS exports all sFlow packets to the collector. A small sampling rate can equate to a large number of exported packets. A backoff mechanism will automatically be applied to reduce this amount. Some sampled packets may be dropped when the exported packet rate is high and the backoff mechanism is about to or is starting to take effect. The dropEvent counter, in the sFlow packet, will always be zero.
www.dell.com | support.dell.com sFlow Show Commands FTOS includes the following sFlow display commands: • • • Show sFlow Globally Show sFlow on an Interface Show sFlow on a Line Card Show sFlow Globally Use the following command to view sFlow statistics: Command Syntax show sflow Command Mode EXEC Purpose Display sFlow configuration information and statistics. Figure 36-2 is a sample output from the show sflow command: Figure 36-2.
Figure 36-3. Command Example: show sflow interface FTOS#show sflow interface gigabitethernet 1/16 Gi 1/16 Configured sampling rate :8192 Actual sampling rate :8192 Sub-sampling rate :2 Counter polling interval :15 Samples rcvd from h/w :33 Samples dropped for sub-sampling :6 The configuration, shown in Figure 36-2, is also displayed in the running configuration (Figure 36-4): Figure 36-4.
www.dell.com | support.dell.com Specify Collectors The sflow collector command allows identification of sFlow Collectors to which sFlow datagrams are forwarded. The user can specify up to two sFlow collectors. If two Collectors are specified, the samples are sent to both. Collection through Management interface is supported on platform: c e s.
The sflow sample-rate command, when issued in CONFIGURATION mode, changes the default sampling rate. By default, the sampling rate of an interface is set to the same value as the current global default sampling rate.If the value entered is not a correct power of 2, the command generates an error message with the previous and next power-of-2 value. Select one of these two number and re-enter the command. (For more information on values in power-of-2, see Sub-sampling.
www.dell.com | support.dell.com Back-off Mechanism If the sampling rate for an interface is set to a very low value, the CPU can get overloaded with flow samples under high-traffic conditions. In such a scenario, a binary back-off mechanism gets triggered, which doubles the sampling-rate (halves the number of samples per second) for all interfaces. The backoff mechanism continues to double the sampling-rate until CPU condition is cleared. This is as per sFlow version 5 draft.
Figure 36-6. Confirming that Extended sFlow is Enabled FTOS#show sflow sFlow services are enabled Extended sFlow settings Global default sampling rate: 4096 show all 3 types are enabled Global default counter polling interval: 15 Global extended information enabled: gateway, router, switch 1 collectors configured Collector IP addr: 10.10.10.3, Agent IP addr: 10.10.0.
www.dell.com | support.dell.com Table 36-1. Extended Gateway Summary IP SA IP DA srcAS and srcPeerAS dstAS and dstPeerAS static/connected/IGP static/connected/IGP — — Extended gateway data is not exported because there is no AS information. static/connected/IGP BGP 0 Exported src_as & src_peer_as are zero because there is no AS information for IGP. BGP static/connected/IGP — — Prior to FTOS version 7.8.1.0, extended gateway data is not be exported because IP DA is not learned via BGP.
37 Simple Network Management Protocol Simple Network Management Protocol is supported on platforms ces Protocol Overview Network management stations use Simple Network Management Protocol (SNMP) to retrieve or alter management data from network elements. A datum of management information is called a managed object; the value of a managed object can be static or variable. Network elements store managed objects in a database called a Management Information Base (MIB).
www.dell.com | support.dell.
Message 1 SNMP Enabled 22:31:23: %RPM1-P:CP %SNMP-6-SNMP_WARM_START: Agent Initialized - SNMP WARM_START. View your SNMP configuration, using the command show running-config snmp from EXEC Privilege mode, as shown in Figure 37-1. Figure 37-1. Creating an SNMP Community FTOS#snmp-server community my-snmp-community ro 22:31:23: %RPM1-P:CP %SNMP-6-SNMP_WARM_START: Agent Initialized - SNMP WARM_START.
www.dell.com | support.dell.com Task Command Figure 37-4. Reading the Value of Many Managed Objects at Once > snmpwalk -v 2c -c mycommunity 10.11.131.161 .1.3.6.1.2.1.1 SNMPv2-MIB::sysDescr.0 = STRING: Dell Force10 Networks Real Time Operating System Software Dell Force10 Operating System Version: 1.0 Dell Force10 Application Software Version: E_MAIN4.7.6.350 Copyright (c) 1999-2011 by Dell, Inc. Build Time: Mon May 12 14:02:22 PDT 2008 SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.6027.1.3.
Task Command Command Mode Identify the physical location of the system. For example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1. You may use up to 55 characters. Default: None snmp-server location text CONFIGURATION To configure the system from the manumitting station using SNMP: Task Command Command Mode Identify the system manager along with this person’s contact information (e.g E-mail address or phone number). You may use up to 55 characters.
www.dell.com | support.dell.com Step Task Command Command Mode 2 Specify which traps the Dell Networking system sends to the trap receiver. • Enable all Dell Networking enterpriseSpecific and RFC-defined traps using the command snmp-server enable traps from CONFIGURATION mode. • Enable all of the RFC-defined traps using the command snmp-server enable traps snmp from CONFIGURATION mode. snmp-server enable traps CONFIGURATION 3 Specify the interfaces out of which FTOS sends SNMP traps.
Table 37-2. Dell Networking Enterprise-specific SNMP Traps Command Option Trap MINOR_SFM: MInor alarm: No working standby SFM MINOR_SFM_CLR: Minor alarm cleared: Working standby SFM present TASK SUSPENDED: SUSPENDED - svce:%d - inst:%d - task:%s RPM0-P:CP %CHMGR-2-CARD_PARITY_ERR ABNORMAL_TASK_TERMINATION: CRASH - task:%s %s CPU_THRESHOLD: Cpu %s usage above threshold. Cpu5SecUsage (%d) CPU_THRESHOLD_CLR: Cpu %s usage drops below threshold.
www.dell.com | support.dell.com Table 37-2.
Table 37-3. MIB Objects for Copying Configuration Files via SNMP MIB Object OID Object Values Description copyDestFileLocation .1.3.6.1.4.1.6027.3.5.1.1.1.6 1 = flash 2 = slot0 3 = tftp 4 = ftp 5 = scp Specifies the location of destination file. • If the copyDestFileLocation is FTP or SCP, copyServerAddress, copyUserName, and copyUserPassword must be specified. copyDestFileName .1.3.6.1.4.1.6027.3.5.1.1.1.7 Path (if file is not in Specifies the name of destination file.
www.dell.com | support.dell.com Table 7 shows examples of using the command snmpset to copy a configuration. These examples assume that: • • • • the server OS is Unix you are using SNMP version 2c the community name is public, and the file f10-copy-config.mib is in the current directory or in the snmpset tool path. Note: In Unix, enter the command snmpset for help using this command. Place the file f10-copy-config.
Table 37-4. Copying Configuration Files via SNMP Task Copy the startup-config to the running-config using the following command from a Unix machine: snmpset -c private -v 2c force10system-ip-address copySrcFileType.index i 3 copyDestFileType.index i 2 Figure 37-8. Copying Configuration Files via SNMP using Object-Name Syntax > snmpset -c public -v 2c -m ./f10-copy-config.mib 10.11.131.162 copySrcFileType.7 i 3 copyDestFileType.7 i 2 FORCE10-COPY-CONFIG-MIB::copySrcFileType.
www.dell.com | support.dell.com Table 37-4. Copying Configuration Files via SNMP Task Figure 37-11. Copying Configuration Files via SNMP and TFTP to a Remote Server .snmpset -v 2c -c private -m ./f10-copy-config.mib 10.10.10.10 copySrcFileType.4 i 3 copyDestFileType.4 i 1 copyDestFileLocation.4 i 3 copyDestFileName.4 s /home/myfilename copyServerAddress.4 a 11.11.11.
To obtain a value for any of the MIB Objects in Table 8: Step Task 1 Get a copy-config MIB object value. snmpset -v 2c -c public -m ./f10-copy-config.mib force10system-ip-address [OID.index | mib-object.index • index is the index value used in the snmpset command used to complete the copy operation. Note: You can use the entire OID rather than the object name. Use the form: OID.index, as shown in Figure 62.
www.dell.com | support.dell.com Figure 37-15. Creating a VLAN using SNMP > snmpset -v2c -c mycommunity 123.45.6.78 .1.3.6.1.2.1.17.7.1.4.3.1.5.10 i 4 SNMPv2-SMI::mib-2.17.7.1.4.3.1.5.10 = INTEGER: 4 Assign a VLAN Alias Write a character string to the dot1qVlanStaticName object to assign a name to a VLAN, as shown in Figure 37-16. Figure 37-16. Assign a VLAN Alias using SNMP [Unix system output] > snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.1.
To display the ports in a VLAN, send an snmpget request for the object dot1qStaticEgressPorts using the interface index as the instance number, as shown for an S-Series in Figure 37-18. Figure 37-18. Display the Ports in a VLAN in SNMP > snmpget -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 SNMPv2-SMI::mib-2.17.7.1.4.3.1.2.
www.dell.com | support.dell.com Figure 37-19. Displaying Ports in a VLAN using SNMP [FTOS system output] R5(conf)#do show vlan id 10 Codes: Q: U x G NUM 10 * - Default VLAN, G - GVRP VLANs Untagged, T - Tagged Dot1x untagged, X - Dot1x tagged GVRP tagged, M - Vlan-stack Status Inactive Description Q Ports U Gi 0/2 [Unix system output] > snmpget -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 SNMPv2-SMI::mib-2.17.7.1.4.3.1.2.
Figure 37-20. Adding Untagged Ports to a VLAN using SNMP >snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 x "40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" .1.3.6.1.2.1.17.7.1.4.3.1.4.
www.dell.com | support.dell.com Enable and Disable a Port using SNMP Step Task Command Syntax Command Mode 1 Create an SNMP community on the Dell Networking system. snmp-server community CONFIGURATION 2 From the Dell Networking system, identify the interface index of the port for which you want to change the admin status. Or, from the management system, use the snmpwwalk command to identify the interface index.
Figure 37-22. Fetching Dynamic MAC Addresses on the Default VLAN -----------------------------MAC Addresses on FTOS System------------------------------R1_E600#show mac-address-table VlanId Mac Address Type Interface State 1 00:01:e8:06:95:ac Dynamic Gi 1/21 Active ------------------------------Query from Management Station------------------------------->snmpwalk -v 2c -c techpubs 10.11.131.162 .1.3.6.1.2.1.17.4.3.1 SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.232.6.149.
www.dell.com | support.dell.com Figure 37-25. Display the Interface Index Number FTOS#show interface gig 1/21 GigabitEthernet 1/21 is up, line protocol is up Hardware is Force10Eth, address is 00:01:e8:0d:b7:4e Current address is 00:01:e8:0d:b7:4e Interface index is 72925242 [output omitted] FTOS#show linecard all | grep 1 1 online online E48TF E48TF 7.7.1.1 48 The interface index is a binary number with bits that indicate the slot number, port number, interface type, and card type of the interface.
For interface indexing, slot and port numbering begins with the binary one. If the Dell Networking system begins slot and port numbering from 0, then the binary 1 represents slot and port 0. For example, the index number in Figure 37-27 gives the binary 2 for the slot number, though interface GigabitEthernet 1/21 belongs to Slot 1. This is because the port for this example is on an E-Series which begins numbering slots from 0.
www.dell.com | support.dell.com 688 Using SNMP for Entity MIB Queries The Entity MIB can be used for SNMP queries such as snmpget, snmpgetnext, and snmpwalk. Refer to the following table for OIDs and variables. To verify the results of the SNMP query, use the show inventory command for stack ID, chassis, and optional module details or the show inventory media command for information on base or optional modules, such as SFP or SFP+. Table 37-8.
Table 37-8. MIB Objects for Entity MIB Queries MIB Object OID Variable MIB entityMIBTrapPrefix 1.3.6.1.2.1.47.2.0 NODE Entity MIB entConfigChange 1.3.6.1.2.1.47.2.0.
www.dell.com | support.dell.
38 Spanning Tree Protocol Spanning Tree Protocol is supported on platforms: ces Protocol Overview Spanning Tree Protocol (STP) is a Layer 2 protocol—specified by IEEE 802.1d—that eliminates loops in a bridged topology by enabling only a single path through the network. By eliminating loops, the protocol improves scalability in a large network and enables you to implement redundant paths, which can be activated upon the failure of active paths.
www.dell.com | support.dell.com • • • • • Important Points to Remember • • • • • 692 Enabling PortFast Preventing Network Disruptions with BPDU Guard STP Root Selection SNMP Traps for Root Elections and Topology Changes Configuring Spanning Trees as Hitless | Spanning Tree Protocol (STP) is disabled by default. FTOS supports only one Spanning Tree instance (0). For multiple instances, you must enable MSTP, or PVST+. You may only enable one flavor of Spanning Tree at any one time.
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that will participate in Spanning Tree must be in Layer 2 mode and enabled. Figure 38-1.
www.dell.com | support.dell.com Enabling Spanning Tree Protocol Globally Spanning Tree Protocol must be enabled globally; it is not enabled by default. To enable Spanning Tree globally for all Layer 2 interfaces: Step Task Command Syntax Command Mode 1 Enter the PROTOCOL SPANNING TREE mode. protocol spanning-tree 0 CONFIGURATION 2 Enable Spanning Tree.
Figure 38-4. Spanning Tree Enabled Globally root R1 R2 1/3 Forwarding 2/1 1/4 Blocking 2/2 1/1 1/2 3/1 3/2 3/3 3/4 R3 2/3 2/4 Port 290 (GigabitEthernet 2/4) is Blocking Port path cost 4, Port priority 8, Port Identifier 8.290 Designated root has priority 32768, address 0001.e80d.2462 Designated bridge has priority 32768, address 0001.e80d.2462 Designated port id is 8.
www.dell.com | support.dell.com Confirm that a port is participating in Spanning Tree using the show spanning-tree 0 brief command from EXEC privilege mode. 696 Figure 38-6. show spanning-tree brief Command Example FTOS#show spanning-tree 0 brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e80d.2462 We are the root of the spanning tree Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e80d.
Adding an Interface to the Spanning Tree Group To add a Layer 2 interface to the Spanning Tree topology: Task Command Syntax Command Mode Enable Spanning Tree on a Layer 2 interface. spanning-tree 0 INTERFACE Removing an Interface from the Spanning Tree Group To remove a Layer 2 interface from the Spanning Tree topology: Task Command Syntax Command Mode Disable Spanning Tree on a Layer 2 interface. no spanning-tree 0 INTERFACE In FTOS versions prior to 7.6.1.
www.dell.com | support.dell.com Table 38-2.
To change the port cost or priority of an interface: Task Command Syntax Command Mode Change the port cost of an interface. Range: 0 to 65535 Default: see Table 38-2. spanning-tree 0 cost cost INTERFACE Change the port priority of an interface. Range: 0 to 15 Default: 8 spanning-tree 0 priority priority-value INTERFACE View the current values for interface parameters using the show spanning-tree 0 command from EXEC privilege mode. See Figure 38-5.
www.dell.com | support.dell.com Figure 38-7.
Preventing Network Disruptions with BPDU Guard The Portfast (and Edgeport, in the case of RSTP, PVST+, and MSTP) feature should be configured on ports that connect to end stations. End stations do not generate BPDUs, so ports configured with Portfast/ Edgport (edgeports) do not expect to receive BDPUs. If an edgeport does receive a BPDU, it likely means that it is connected to another part of the network, which can negatively effect the STP topology.
www.dell.com | support.dell.com FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1 If the interface to be shutdown is a port channel then all the member ports are disabled in the hardware. 2 When a physical port is added to a port channel already in error disable state, the new member port will also be disabled in the hardware.
STP Root Selection The Spanning Tree Protocol determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it will be selected as the root bridge. You can also specify that a bridge is the root or the secondary root. To change the bridge priority or specify that a bridge is the root or secondary root: Task Command Syntax Command Mode Assign a number as the bridge priority or designate it as the root or secondary root. priority-value range: 0 to 65535.
www.dell.com | support.dell.com Figure 38-10.
39 Stacking S-Series Switches Stacking S-Series Switches is supported on platforms z. Using the FTOS stacking feature, multiple S-Series switch units can be interconnected with stacking interfaces. The stack becomes manageable as a single switch through the stack management unit.
www.dell.com | support.dell.com Figure 39-1. S55 Stack Manager Redundancy FTOS#show redundancy --------- Stack-unit Status --------Mgmt ID: 1 Stack-unit ID: 0 Stack-unit Redundancy Role: Primary Stack-unit State: Active Stack-unit SW Version: SD8.3.5.1 Link to Peer: Up --------- PEER Stack-unit Status Stack-unit State: Peer stack-unit ID: Stack-unit SW Version: -------------------Standby 1 SD8.3.5.
Figure 39-2.
www.dell.com | support.dell.com Figure 39-3. Adding a Standalone S55 with a Lower MAC Address to a Stack— Before -------------------------------STANDALONE BEFORE CONNECTION---------------------------------Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Management online S55 S55 8.3.5.
Figure 39-4. After Adding a Standalone S55 with a Lower MAC Address and Equal Priority to a Stack— -------------------------------STANDALONE AFTER CONNECTION---------------------------------Standalone#%STKUNIT0-M:CP %POLLMGR-2-ALT_STACK_UNIT_STATE: Alternate Stack-unit is present 00:20:20: %STKUNIT0-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 1 present 00:20:22: %STKUNIT0-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 2 present Going for reboot.
www.dell.com | support.dell.com Figure 39-5. Before Adding a Standalone S55 with a Lower MAC Address but Higher Priority to a Stack— -------------------------------STANDALONE BEFORE CONNECTION---------------------------------Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Member not present S55 1 Member not present S55 2 Management online S55 S55 8.3.5.
Figure 39-6.
www.dell.com | support.dell.com Figure 39-7.
The S50 and S25 systems support mixed stacking, as long as the units have the same FTOS version. The S55 and S60 systems DO NOT SUPPORT mixed stacking. Stack only S55 systems together or only S60 systems together; do not stack them with any other system type. Figure 39-8 shows two common stacking topologies, ring and cascade (also called daisy-chain). A ring topology provides some performance gains and stack integrity. Note: The illustration below is an example to show ring and cascade topologies.
www.dell.com | support.dell.com Step 5 Task Command Syntax Command Mode Power the stack one unit at a time. Start with the management unit, then the standby, followed by each of the members in order of their assigned stack number (or the position in the stack you want each unit to take). Allow each unit to completely boot, and verify that the unit is detected by the stack manager, and then power the next unit.
LED Status Indicators on an S-Series Stack The stack unit is displayed in an LED panel on the front of each switch. Refer to the installation guide for your system type for a full discussion of all system display.
www.dell.com | support.dell.com Figure 39-11. Adding a Stack Unit with a Conflicting Stack Number—Before (S50 type) ------------------------STANDALONE BEFORE CONNECTION---------------------------------Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Member not present S50V 1 Management online S50V S50V 7.8.1.
Figure 39-13. Adding a Stack Unit with a Conflicting Stack Provision—Before (S50 type) ------------------------STANDALONE BEFORE CONNECTION---------------------------------Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Management online S50V S50V 7.8.1.
www.dell.com | support.dell.com Remove a Unit from an S-Series Stack The running-configuration and startup-configuration are synchronized on all stack units. A stack member that is disconnected from the stack maintain this configuration. To remove a stack member from the stack, disconnect the stacking cables from the unit. You may do this at any time, whether the unit is powered or not powered, online or offline.
Figure 39-16. Removing a Stack Member—After (S50 type) ----------------------------STANDALONE AFTER DISCONNECTION---------------------------------Standalone(stack-member-2)# Going for reboot.
www.dell.com | support.dell.com Step Task Command Syntax Command Mode 4 The management unit priority is 0 by default. If you configure the priority of the new unit to 1, the stack will reload. To avoid this scenario, configure the priority of the management unit to the highest value (14). Note: Do not configure the priority of the replacement unit, as this will be transferred from the management unit.
S-Series Stacking Configuration Tasks • • • • • • • Assign Unit Numbers to Units in an S-Series Stack Create a Virtual Stack Unit on an S-Series Stack Display Information about an S-Series Stack Influence Management Unit Selection on an S-Series Stack Manage Redundancy on an S-Series Stack Reset a Unit on an S-Series Stack Recover from Stack Link Flaps Assign Unit Numbers to Units in an S-Series Stack Each unit in the stack has a stack number that is either assigned by you or FTOS.
www.dell.com | support.dell.com Display Information about an S-Series Stack Task Command Syntax Command Mode Display for stack-identity, status, and hardware information on every unit in a stack (Figure 39-17). show system EXEC Privilege Display most of the information in show system, but in a more convenient tabular show system brief EXEC Privilege show system stack-unit EXEC Privilege show system stack-ports [status | topology] EXEC Privilege form (Figure 39-18).
Figure 39-17. Displaying Information about an S-Series Stack—show system (S50 type) FTOS#show system Stack MAC : 00:01:e8:d5:f9:6f -- Unit 0 -Unit Type Status Next Boot Required Type Current Type Master priority Hardware Rev Num Ports Up Time FTOS Version Jumbo Capable POE Capable Burned In MAC No Of MACs : : : : : : : : : : : : : : Member Unit online online S50V - 48-port E/FE/GE with POE (SB) S50V - 48-port E/FE/GE with POE (SB) 0 2.0 52 30 min, 7 sec 7.8.1.
www.dell.com | support.dell.com Figure 39-18. Displaying Information about a stack—show system brief (S50 type) FTOS#show system brief Stack MAC : 00:01:e8:d5:f9:6f -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Member online S50V S50V 7.8.1.0 52 1 Management online S50N S50N 7.8.1.0 52 2 Standby online S50V S50V 7.8.1.
Figure 39-20.
www.dell.com | support.dell.com Figure 39-21.
Manage Redundancy on an S-Series Stack Task Command Syntax Command Mode Reset the current management unit, and make the secondary management unit the new primary. A new secondary is elected, and when the former stack manager comes back online, it becomes a member unit. redundancy force-failover stack-unit EXEC Privilege Prevent the stack manager from rebooting after a failover. This command does not affect a forced failover, manual reset, or a stack-link disconnect.
www.dell.com | support.dell.com Recover from Stack Link Flaps S-Series Stack Link Integrity Monitoring enables units to monitor their own stack ports, and disable any stack port that flaps five times within 10 seconds. FTOS displays console messages the local and remote members of a flapping link, and on the primary and secondary management units as KERN-2-INT messages if the flapping port belongs to either of these units. In Figure 39-22, a stack-port on the manager flaps.
Recover from a Card Mismatch State on an S-Series Stack A card mismatch occurs if the stack has a provision for the lowest available stack number which does not match the model of a newly added unit (Figure 39-24). To recover, disconnect the new unit. Then, either: • • remove the provision from the stack, then reconnect the standalone unit, or renumber the standalone unit with another available stack number on the stack.
www.dell.com | support.dell.com Figure 39-24. Recovering from a Card Mismatch State on an S-Series Stack (S50 type) -----------------------------------STANDALONE UNIT BEFORE-----------------------------------Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Management online S50V S50V 7.8.1.
40 Storm Control ces Storm Control for Multicast is supported on platforms: c s Storm Control is supported on platforms: The storm control feature enables you to control unknown-unicast and broadcast traffic on Layer 2 and Layer 3 physical interfaces. FTOS Behavior: On the E-Series, FTOS supports broadcast control for Layer 3 traffic only. To control Layer 2 broadcast traffic use the command storm-control unknown-unicast.
www.dell.com | support.dell.com Configure storm control from CONFIGURATION mode 732 Configure storm control from CONFIGURATION mode using the command storm control. From CONFIGURATION mode you can configure storm control for ingress and egress traffic.
41 System Time and Date Chapter 41, System Time and Date settings, and Network Time Protocol are supported on platforms: es c System times and dates can be set and maintained through the Network Time Protocol (NTP). They are also set through FTOS CLIs and hardware settings.
www.dell.com | support.dell.com • • Roundtrip delay provides the capability to launch a message to arrive at the reference clock at a specified time. Dispersion represents the maximum error of the local clock relative to the reference clock.
Figure 41-1. NTP Fields Source Port (123) Destination Port (123) Length NTP Packet Payload Checksum Range: +32 to -32 Status Leap Indicator Code: 00: No Warning 01: +1 second 10: -1 second 11: reserved Type Precision Est. Error Est.
www.dell.com | support.dell.com Enable NTP NTP is disabled by default. To enable it, specify an NTP server to which the Dell Networking system will synchronize. Enter the command multiple times to specify multiple servers. You may specify an unlimited number of servers at the expense of CPU resources. Task Command Command Mode Specify the NTP server to which the Dell Networking system will synchronize.
Set the Hardware Clock with the Time Derived from NTP Task Command Command Mode Periodically update the system hardware clock with the time value derived from NTP. ntp update-calendar CONFIGURATION Figure 41-4.
www.dell.com | support.dell.com To disable NTP on an interface, use the following command in the INTERFACE mode: Command Syntax Command Mode Purpose ntp disable INTERFACE Disable NTP on the interface. To view whether NTP is configured on the interface, use the show config command in the INTERFACE mode. If ntp disable is not listed in the show config command output, then NTP is enabled. (The show config command displays only non-default configuration information.
Configure NTP authentication NTP authentication and the corresponding trusted key provide a reliable means of exchanging NTP packets with trusted time sources. NTP authentication begins when the first NTP packet is created following the configuration of keys. NTP authentication in FTOS uses the MD5 algorithm and the key is embedded in the synchronization packet that is sent to an NTP time source. FTOS Behavior: FTOS versions 8.2.1.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose ntp server ip-address [key keyid] [prefer] [version number] CONFIGURATION Configure an NTP server. Configure the IP address of a server and the following optional parameters: • key keyid: Configure a text string as the key exchanged between the NTP server and client. • prefer: Enter the keyword to set this NTP server as the preferred server. • version number: Enter a number 1 to 3 as the NTP version.
• • • • • • • • • • Poll Interval: integer indicating the minimum interval between transmitted messages, in seconds as a power of two. For instance, a value of six indicates a minimum interval of 64 seconds. Precision: integer indicating the precision of the various clocks, in seconds to the nearest power of two. The value must be rounded to the next larger power of two; for instance, a 50-Hz (20 ms) or 60-Hz (16.67ms) power-frequency clock would be assigned the value -5 (31.
www.dell.com | support.dell.com FTOS Time and Date The time and date can be set using the FTOS CLI.
Set the time and date for the switch software clock You can change the order of the month and day parameters to enter the time and date as time day month year. You cannot delete the software clock. The software clock runs only when the software is up. The clock restarts, based on the hardware clock, when the switch reboots. Command Syntax Command Mode Purpose clock set time month day year EXEC Privilege Set the system software clock to the current time and date.
www.dell.com | support.dell.com Set the timezone Coordinated Universal Time (UTC) is the time standard based on the International Atomic Time standard, commonly known as Greenwich Mean time. When determining system time, you must include the differentiator between UTC and your local timezone. For example, San Jose, CA is the Pacific Timezone with a UTC offset of -8. Command Syntax Command Mode Purpose clock timezone timezone-name offset CONFIGURATION Set the clock to the appropriate timezone.
Set Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight savings time on a one-time basis. Command Syntax Command Mode Purpose clock summer-time time-zone date start-month start-day start-year start-time end-month end-day end-year end-time [offset] CONFIGURATION Set the clock to the appropriate timezone and daylight savings time. time-zone: Enter the three-letter name for the time zone. This name is displayed in the show clock output.
www.dell.com | support.dell.
Command Syntax Command Mode Purpose start-year: Enter a four-digit number as the year. Range: 1993 to 2035 start-time: Enter the time in hours:minutes. For the hour variable, use the 24-hour format, example, 17:15 is 5:15 pm. end-week: If you entered a start-week, Enter the one of the following as the week that daylight savings ends: • • • week-number: enter a number from 1-4 as the number of the week to end daylight savings time.
www.dell.com | support.dell.
42 Upgrade Procedures Find the upgrade procedures Go to the FTOS Release Notes for your system type to see all the requirements to upgrade to the desired FTOS version. Follow the procedures in the FTOS Release Notes for the software version you wish to upgrade to. Get Help with upgrades Direct any questions or concerns about FTOS Upgrade Procedures to Dell Networking Technical Support Center. You can reach Technical Support: • • • On the Web: http://support.dell.
| Upgrade Procedures www.dell.com | support.dell.
43 Virtual LANs (VLAN) VLANs are supported on platforms ces This section contains the following subsections: • • • • • Default VLAN Port-Based VLANs VLANs and Port Tagging Configuration Task List for VLANs Enable Null VLAN as the Default VLAN Virtual LANs, or VLANs, are a logical broadcast domain, or logical grouping of interfaces in a LAN, in which all data received is kept locally and broadcast to all members of the group.
www.dell.com | support.dell.com Table 43-1 displays the defaults for VLANs in FTOS. Table 43-1. VLAN Defaults on FTOS Feature Default Spanning Tree group ID All VLANs are part of Spanning Tree group 0 Mode Layer 2 (no IP address is assigned) Default VLAN ID VLAN 1 Default VLAN When interfaces are configured for Layer 2 mode, they are automatically placed in the Default VLAN as untagged interfaces. Only untagged interfaces can belong to the Default VLAN.
Untagged interfaces must be part of a VLAN. To remove an untagged interface from the Default VLAN, you must create another VLAN and place the interface into that VLAN. Alternatively, enter the no switchport command, and FTOS removes the interface from the Default VLAN. A tagged interface requires an additional step to remove it from Layer 2 mode. Since tagged interfaces can belong to multiple VLANs, you must remove the tagged interface from all VLANs, using the no tagged interface command.
www.dell.com | support.dell.com • Tag Control Information (TCI) includes the VLAN ID (2 bytes total). The VLAN ID can have 4,096 values, but 2 are reserved. Note: The insertion of the tag header into the Ethernet frame increases the size of the frame to more than the 1518 bytes specified in the IEEE 802.3 standard. Some devices that are not compliant with IEEE 802.3 may not support the larger frame size.
Figure 43-3. show vlan Command Example FTOS#show vlan Codes: * - Default VLAN, G - GVRP VLANs * NUM 1 2 3 4 5 6 Status Inactive Active Active Active Active Active Q U U U T U U U Ports So 7/4-11 Gi 0/1,18 Gi 0/2,19 Gi 0/3,20 Po 1 Gi 0/12 So 9/0 FTOS# A VLAN is active only if the VLAN contains interfaces and those interfaces are operationally up. In Figure 43-3, VLAN 1 is inactive because it contains the interfaces that are not active.
www.dell.com | support.dell.com To tag frames leaving an interface in Layer 2 mode, you must assign that interface to a port-based VLAN to tag it with that VLAN ID. To tag interfaces, use these commands in the following sequence: Step 1 2 Command Syntax Command Mode Purpose interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode of the VLAN to which you want to assign the interface. tagged interface INTERFACE Enable an interface to include the IEEE 802.1Q tag header.
Use the untagged command to move untagged interfaces from the Default VLAN to another VLAN: Step 1 2 Command Syntax Command Mode Purpose interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode of the VLAN to which you want to assign the interface. untagged interface INTERFACE Configure an interface as untagged. This command is available only in VLAN interfaces.
www.dell.com | support.dell.com Assign an IP address to a VLAN VLANs are a Layer 2 feature. For two physical interfaces on different VLANs to communicate, you must assign an IP address to the VLANs to route traffic between the two interfaces. The shutdown command in INTERFACE mode does not affect Layer 2 traffic on the interface; the shutdown command only prevents Layer 3 traffic from traversing over the interface. Note: An IP address cannot be assigned to the Default VLAN, which, by default, is VLAN 1.
Native VLAN support breaks this barrier so that a port can be connected to both VLAN-aware and VLAN-unaware stations. Such ports are referred to as hybrid ports. Physical and port-channel interfaces may be hybrid ports. Native VLAN is useful in deployments where a Layer 2 port can receive both tagged and untagged traffic on the same physical port. The classic example is connecting a VOIP phone and a PC to the same port of the switch.
| Virtual LANs (VLAN) www.dell.com | support.dell.
44 Virtual Router Redundancy Protocol (VRRP) Virtual Router Redundancy Protocol (VRRP) is supported on platforms ces This chapter covers the following information: • • • • • VRRP Overview VRRP Benefits VRRP Implementation VRRP Configuration Sample Configurations Virtual Router Redundancy Protocol (VRRP) is designed to eliminate a single point of failure in a statically routed network. This protocol is defined in RFC 2338 and RFC 3768.
www.dell.com | support.dell.com In Figure 44-1 below, Router A is configured as the MASTER router. It is configured with the IP address of the virtual router and sends any packets addressed to the virtual router through interface GigabitEthernet 1/1 to the Internet. As the BACKUP router, Router B is also configured with the IP address of the virtual router. If for any reason Router A becomes unavailable, VRRP elects a new MASTER Router. Router B assumes the duties of Router A and becomes the MASTER router.
VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and they are not dependent on IGP protocols to converge or update routing tables. VRRP Implementation E-Series supports an unlimited total number of VRRP groups on the router while supporting up to 255 VRRP groups on a single interface (Table 44-1).
www.dell.com | support.dell.com The recommendations in Table 44-1 may vary depending on various factors like ARP broadcasts, IP broadcasts, or STP before changing the advertisement interval. When the number of packets processed by RP2/CP/FP processor increases or decreases based on the dynamics of the network, the advertisement intervals in may increase or decrease accordingly.
Figure 44-2. Command Example: vrrp-group FTOS(conf)#int gi 1/1 FTOS(conf-if-gi-1/1)#vrrp-group 111 FTOS(conf-if-gi-1/1-vrid-111)# Figure 44-3. Virtual Router ID and VRRP Group identifier Command Example Display: show config for the Interface FTOS(conf-if-gi-1/1)#show conf ! interface GigabitEthernet 1/1 ip address 10.10.10.
www.dell.com | support.dell.com • • If the virtual IP address and the interface’s primary/secondary IP address are the same, the priority on that VRRP group MUST be set to 255. The interface then becomes the OWNER router of the VRRP group and the interface’s physical MAC address is changed to that of the owner VRRP group’s MAC address. If multiple VRRP groups are configured on an interface, only one of the VRRP Groups can contain the interface primary or secondary IP address.
Figure 44-6. Command Example Display: show vrrp Same VRRP Group (VRID) FTOS#do show vrrp -----------------GigabitEthernet 1/1, VRID: 111, Net: 10.10.10.1 State: Master, Priority: 255, Master: 10.10.10.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 1768, Gratuitous ARP sent: 5 Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.10.1 10.10.10.2 10.10.10.3 10.10.10.
www.dell.com | support.dell.com Configure the VRRP Group’s priority with the following command in the VRRP mode: Task Command Syntax Command Mode Configure the priority for the VRRP group. INTERFACE -VRID priority priority Range: 1-255 Default: 100 Figure 44-7. Command Example: priority in Interface VRRP mode FTOS(conf-if-gi-1/2)#vrrp-group 111 FTOS(conf-if-gi-1/2-vrid-111)#priority 125 Figure 44-8.
Configure simple authentication with the following command in the VRRP mode: Task Command Syntax Command Mode Configure a simple text password. authentication-type simple [encryption-type] password INTERFACE-VRID Parameters: encryption-type: 0 indicates unencrypted; 7 indicates encrypted password: plain text Figure 44-9.
www.dell.com | support.dell.com Since preempt is enabled by default, disable the preempt function with the following command in the VRRP mode. Re-enable preempt by entering the preempt command. When preempt is enabled, it does not display in the show commands, because it is a default setting., Task Command Syntax Command Mode Prevent any BACKUP router with a higher priority from becoming the MASTER router. no preempt INTERFACE-VRID Figure 44-11.
Figure 44-13. Command Example: advertise-interval FTOS(conf-if-gi-1/1)#vrrp-group 111 FTOS(conf-if-gi-1/1-vrid-111)#advertise-interval 10 FTOS(conf-if-gi-1/1-vrid-111)# Figure 44-14. Command Example Display: advertise-interval in VRID mode FTOS(conf-if-gi-1/1-vrid-111)#show conf ! vrrp-group 111 advertise-interval 10 authentication-type simple 7 387a7f2df5969da4 no preempt priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.
www.dell.com | support.dell.com Figure 44-15. Command Example: track FTOS(conf-if-gi-1/1)#vrrp-group 111 FTOS(conf-if-gi-1/1-vrid-111)#track gigabitethernet 1/2 FTOS(conf-if-gi-1/1-vrid-111)# Figure 44-16. Command Example Display: track in VRID mode FTOS(conf-if-gi-1/1-vrid-111)#show conf ! vrrp-group 111 advertise-interval 10 authentication-type simple 7 387a7f2df5969da4 no preempt priority 255 track GigabitEthernet 1/2 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.
Figure 44-17. Configure VRRP Router 2 R2(conf)#int gi 2/31 R2(conf-if-gi-2/31)#ip address 10.1.1.1/24 R2(conf-if-gi-2/31)#no shut R2(conf-if-gi-2/31)#vrrp-group 99 R2(conf-if-gi-2/31-vrid-99)#virtual 10.1.1.2 R2(conf-if-gi-2/31-vrid-99)#no shut R2(conf-if-gi-2/31)#show conf ! interface GigabitEthernet 2/31 ip address 10.1.1.1/24 ! vrrp-group 99 virtual-address 10.1.1.3 no shutdown R2(conf-if-gi-2/31)#end R2#show vrrp -----------------GigabitEthernet 2/31, VRID: 99, Net: 10.1.1.
www.dell.com | support.dell.com Figure 44-18. VRRP Topography Illustration State Master: R2 was the first interface configured with VRRP Virtual MAC is automatically assigned and is the same on both Routers State Backup: R3 was the second interface configured with VRRP R2#show vrrp -----------------GigabitEthernet 2/31, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 100, Master: 10.1.1.
45 Standards Compliance This appendix contains the following sections: • • • IEEE Compliance RFC and I-D Compliance MIB Location Note: Unless noted, when a standard cited here is listed as supported by FTOS, FTOS also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website. Click on “Browse and search IETF documents”, enter an RFC number, and inspect the top of the resulting document for obsolescence citations to related RFCs.
www.dell.com | support.dell.com RFC and I-D Compliance The following standards are supported by FTOS, and are grouped by related protocol. The columns showing support by platform indicate which version of FTOS first supports the standard. Note: Checkmarks () in the E-Series column indicate that FTOS support was added before FTOS version 7.5.1. General Internet Protocols FTOS support, per platform Full Name 768 User Datagram Protocol 7.6.1 7.5.1 8.1.1 793 Transmission Control Protocol 7.6.1 7.
General IPv4 Protocols FTOS support, per platform RFC# Full Name E-Series E-Series S-Series C-Series TeraScale ExaScale 791 Internet Protocol 7.6.1 7.5.1 8.1.1 792 Internet Control Message Protocol 7.6.1 7.5.1 8.1.1 826 An Ethernet Address Resolution Protocol 7.6.1 7.5.1 8.1.1 1027 Using ARP to Implement Transparent Subnet Gateways 7.6.1 7.5.1 8.1.1 1035 DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION (client) 7.6.1 7.5.1 8.1.
www.dell.com | support.dell.com 778 General IPv6 Protocols FTOS support, per platform | RFC# Full Name 1886 E-Series E-Series TeraScale ExaScale S-Series C-Series DNS Extensions to support IP version 6 7.8.1 7.8.1 8.2.1 1981 (Partial) Path MTU Discovery for IP version 6 7.8.1 7.8.1 8.2.1 2460 Internet Protocol, Version 6 (IPv6) Specification 7.8.1 7.8.1 8.2.1 2461 (Partial) Neighbor Discovery for IP Version 6 (IPv6) 7.8.1 7.8.1 8.2.
Border Gateway Protocol (BGP) FTOS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale RFC# Full Name 1997 BGP Communities Attribute 7.8.1 7.7.1 8.1.1 2385 Protection of BGP Sessions via the TCP MD5 Signature Option 7.8.1 7.7.1 8.1.1 2439 BGP Route Flap Damping 7.8.1 7.7.1 8.1.1 2545 Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing 7.8.1 8.2.1 2796 BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP) 7.8.
www.dell.com | support.dell.com Intermediate System to Intermediate System (IS-IS) FTOS support, per platform E-Series TeraScale E-Series ExaScale OSI IS-IS Intra-Domain Routing Protocol (ISO DP 10589) 8.1.1 1195 Use of OSI IS-IS for Routing in TCP/IP and Dual Environments 8.1.1 2763 Dynamic Hostname Exchange Mechanism for IS-IS 8.1.1 2966 Domain-wide Prefix Distribution with Two-Level IS-IS 8.1.
Multiprotocol Label Switching (MPLS) FTOS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale RFC# Full Name 2702 Requirements for Traffic Engineering Over MPLS 8.3.1 3031 Multiprotocol Label Switching Architecture 8.3.1 3032 MPLS Label Stack Encoding 8.3.1 3209 RSVP-TE: Extensions to RSVP for LSP Tunnels 8.3.1 3630 Traffic Engineering (TE) Extensions to OSPF Version 2 8.3.
www.dell.com | support.dell.com Multicast FTOS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale Host Extensions for IP Multicasting 7.8.1 7.7.1 8.1.1 2236 Internet Group Management Protocol, Version 2 7.8.1 7.7.1 8.1.1 2710 Multicast Listener Discovery (MLD) for IPv6 8.2.1 3376 Internet Group Management Protocol, Version 3 3569 An Overview of Source-Specific Multicast (SSM) 3618 RFC# Full Name 1112 7.8.1 7.7.1 8.1.1 7.8.1 SSM for IPv4 7.7.
Network Management FTOS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale Structure and Identification of Management Information for TCP/IP-based Internets 7.6.1 7.5.1 8.1.1 1156 Management Information Base for Network Management of TCP/IP-based internets 7.6.1 7.5.1 8.1.1 1157 A Simple Network Management Protocol (SNMP) 7.6.1 7.5.1 8.1.1 1212 Concise MIB Definitions 7.6.1 7.5.1 8.1.
www.dell.com | support.dell.com 784 Network Management (continued) FTOS support, per platform | S-Series C-Series E-Series TeraScale E-Series ExaScale Coexistence Between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework 7.6.1 7.5.1 8.1.1 2578 Structure of Management Information Version 2 (SMIv2) 7.6.1 7.5.1 8.1.1 2579 Textual Conventions for SMIv2 7.6.1 7.5.1 8.1.1 2580 Conformance Statements for SMIv2 7.6.1 7.5.1 8.1.
Network Management (continued) FTOS support, per platform C-Series E-Series ExaScale Full Name 3815 Definitions of Managed Objects for the Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP) 5060 Protocol Independent Multicast MIB 7.8.1 7.8.1 7.7.1 8.1.1 ANSI/TIA-1057 The LLDP Management Information Base extension module for TIA-TR41.4 Media Endpoint Discovery information 7.7.1 7.6.1 7.6.1 8.1.1 draft-grant-tacacs -02 The TACACS+ Protocol 7.6.1 7.5.1 8.1.1 7.8.
www.dell.com | support.dell.com Network Management (continued) FTOS support, per platform RFC# Full Name S-Series FORCE10-CS-C HASSIS-MIB Dell Force10 C-Series Enterprise Chassis MIB FORCE10-IF-EX TENSION-MIB Dell Force10 Enterprise IF Extension MIB (extends the Interfaces portion of the MIB-2 (RFC 1213) by providing proprietary SNMP OIDs for other counters displayed in the “show interfaces” output) 7.6.1 FORCE10-LINK AGG-MIB Dell Force10 Enterprise Link Aggregation MIB 7.6.
MIB Location Dell Networking MIBs are under the Dell Force10 MIBs subhead on the Documentation page of iSupport: https://www.force10networks.com/csportal20/KnowledgeBase/Documentation.aspx You also can obtain a list of selected MIBs and their OIDs at the following URL: https://www.force10networks.com/csportal20/MIBs/MIB_OIDs.aspx Some pages of iSupport require a login. To request an iSupport account, go to: https://www.force10networks.com/CSPortal20/Support/AccountRequest.
| Standards Compliance www.dell.com | support.dell.
