Dell Configuration Guide for the S60 System 8.3.3.
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Information in this publication is subject to change without notice. © 2014 Dell Force10. All rights reserved.
About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | dell.com/support Configure Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53 Log Messages in the Internal Buffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54 Configuration Task List for System Log Management . . . . . . . . . . . . . . . . . . . . . . . .54 Disable System Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Linktrace Message and Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80 Link Trace Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81 Enable CFM SNMP Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82 Display Ethernet CFM Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83 8 802.1X . . . . . . . . . . . . .
www.dell.com | dell.com/support Configuring ACLs to Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125 Applying an ACL on Loopback Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125 IP Prefix Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11 Bare Metal Provisioning 2.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | dell.com/support Last restart reason (S60) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252 show hardware commands (S60) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252 Hardware watchdog timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254 Buffer tuning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Multiple FRRP Rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291 Important FRRP Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292 Important FRRP Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293 Implementing FRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .294 FRRP Configuration . . . . . . . . . . .
www.dell.com | dell.com/support 18 Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321 10 Interface Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322 View Basic Interface Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322 Enable a Physical Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
19 IPv4 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .368 Configuration Task List for IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .368 Directed Broadcast . . . . . . .
www.dell.com | dell.com/support SNMP over IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .402 Show IPv6 Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .402 Show an IPv6 Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .403 Show IPv6 Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Recovering from Learning Limit and Station Move Violations . . . . . . . . . . . . . . . . .438 Per-VLAN MAC Learning Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .439 NIC Teaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440 MAC Move Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .441 Configuring Redundant Pairs . . . . . . . . . . . . . . . .
www.dell.com | dell.com/support Create Multiple Spanning Tree Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .475 Influence MSTP Root Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .477 Interoperate with Non-FTOS Bridges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .477 Modify Global Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuration Task List for OSPFv2 (OSPF for IPv4) . . . . . . . . . . . . . . . . . . . . . . .515 Troubleshooting OSPFv2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .533 Configuration Task List for OSPFv3 (OSPF for IPv6) . . . . . . . . . . . . . . . . . . . . . . .535 Troubleshooting OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .540 Sample Configurations for OSPFv2 . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | dell.com/support 31 Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571 Private VLAN Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .572 Private VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .573 Private VLAN Configuration Task List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Pre-calculating Available QoS CAM Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .616 Viewing QoS CAM Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .617 Configure Quality of Service for an Office VOIP Deployment . . . . . . . . . . . . . . . . . . . .617 Honor the incoming DSCP value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .617 Honor the incoming dot1p value . . . . . . . . . . . . . . . . . . .
www.dell.com | dell.com/support Configuration Task List for Privilege Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .660 RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 665 RADIUS Authentication and Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .665 Configuration Task List for RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .666 TACACS+ . . . . . . . .
Provider Backbone Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .709 39 sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711 Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | dell.com/support Viewing the System Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .743 Viewing Alarm LED Status Using SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .744 Using SNMP for Entity MIB Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .745 41 Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Recover from Stack Link Flaps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .780 Recover from a Card Problem State on an S-Series Stack . . . . . . . . . . . . . . . . . .781 Recover from a Card Mismatch State on an S-Series Stack . . . . . . . . . . . . . . . . .781 43 Storm Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 783 Configure Storm Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | dell.com/support Configuration Task List for VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .818 VLAN Interface Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .822 Native VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .822 Enable Null VLAN as the Default VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3 About this Guide Objectives This guide describes the protocols and features supported by the Dell Networking operating system (FTOS) and provides configuration instructions and examples for implementing them. It supports the system platforms E-Series, C-Series, and S-Series. Though this guide contains information on protocols, it is not intended to be a complete reference. This guide is a reference for configuring protocols on Dell Networking systems.
www.dell.com | dell.com/support Conventions This document uses the following conventions to describe command syntax: Convention Description keyword Keywords are in bold and should be entered in the CLI as listed. parameter Parameters are in italics and require a number or word to be entered in the CLI. {X} Keywords and parameters within braces must be entered in the CLI. [X] Keywords and parameters within brackets are optional.
4 Configuration Fundamentals The FTOS Command Line Interface (CLI) is a text-based interface through which you can configure interfaces and protocols. The CLI is largely the same for the E-Series, C-Series, and S-Series with the exception of some commands and command outputs. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels.
www.dell.com | dell.com/support CLI Modes Different sets of commands are available in each mode. A command found in one mode cannot be executed from another mode (with the exception of EXEC mode commands preceded by the command do; see The do Command). You can set user access rights to commands and command modes using privilege levels; for more information on privilege levels and security options, refer to Chapter 9, Security, on page 627.
Figure 4-2.
Prompt Access Command EXEC FTOS> Access the router through the console or Telnet. EXEC Privilege FTOS# • • From EXEC mode, enter the command enable. From any other mode, use the command end. CONFIGURATION FTOS(conf)# • From EXEC privilege mode, enter the command configure. From every mode except EXEC and EXEC Privilege, enter the command exit. • Note: Access all of the following modes from CONFIGURATION mode. IP ACCESS-LIST LINE 28 FTOS Command Modes CLI Command Mode INTERFACE modes www.
Table 4-1.
www.dell.com | dell.com/support The do Command Enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION, INTERFACE, SPANNING TREE, etc.) without returning to EXEC mode by preceding the EXEC mode command with the command do. Figure 4-4 illustrates the do command. Note: The following commands cannot be modified by the do command: enable, disable, exit, and configure. Figure 4-4.
Obtaining Help Obtain a list of keywords and a brief functional description of those keywords at any CLI mode using the ? or help command: • Enter ? at the prompt or after a keyword to list the keywords available in the current mode. • ? after a prompt lists all of the available keywords. The output of this command is the same for the help command. Figure 4-6.
www.dell.com | dell.com/support • • • Table 4-2. The UP and DOWN arrow keys display previously entered commands (see Command History). The BACKSPACE and DELETE keys erase the previous letter. Key combinations are available to move quickly across the command line, as described in Table 4-2. Short-Cut Keys and their Actions Key Combination Action CNTL-A Moves the cursor to the beginning of the command line. CNTL-B Moves the cursor back one character. CNTL-D Deletes character at cursor.
Filtering show Command Outputs Filter the output of a show command to display specific information by adding | [except | find | grep | no-more | save] specified_text after the command. The variable specified_text is the text for which you are filtering and it IS case sensitive unless the ignore-case sub-option is implemented. Starting with FTOS 7.8.1.0, the grep command accepts an ignore-case sub-option that forces the search to case-insensitive.
www.dell.com | dell.com/support • find displays the output of the show command beginning from the first occurrence of specified text Figure 4-11 shows this command used in combination with the command show linecard all. Figure 4-11.
5 Getting Started This chapter contains the following major sections: • • • • • • Default Configuration Configure a Host Name Accessing the System Remotely Configure the Enable Password Configuration File Management File System Management When you power up the chassis, the system performs a Power-On Self Test (POST) during which Route Processor Module (RPM), Switch Fabric Module (SFM), and line card status LEDs blink green.
www.dell.com | dell.com/support Serial console The RS-232 console port is labeled on the S60 chassis. It is in the upper right-hand side, as you face the rear of the chassis. Console Port To access the console port, follow the procedures below. Refer to Table 5-1 for the console port pinout. Step Task 1 Install an RJ-45 copper cable into the console port.Use a rollover (crossover) cable to connect the S60 console port to a terminal server.
Table 5-1. Pin Assignments Between the E-Series Console and a DTE Terminal Server (continued) E-Series Console Port RJ-45 to RJ-45 Rollover Cable RJ-45 to DB-9 Adapter Terminal Server Device Signal RJ-45 pinout RJ-45 Pinout DB-9 Pin Signal NC 7 2 4 DTR CTS 8 1 7 RTS USB-B console The USB-B connector port is labeled on the the S60 chassis.
www.dell.com | dell.com/support Step Task (continued) 7 Using the terminal settings shown here, set the terminal connection settings. • 9600 baud rate, No parity, 8 data bits, 1 stop bit, No flow control 8 You will see the message below when you are connected to the S60. Default Configuration A version of FTOS is pre-loaded onto the chassis, however the system is not configured when you power up for the first time (except for the default hostname, which is FTOS).
Configure a Host Name The host name appears in the prompt. The default host name is FTOS. • • Host names must start with a letter and end with a letter or digit. Characters within the string can be letters, digits, and hyphens. To configure a host name: Step 1 Task Command Syntax Command Mode Create a new host name. hostname name CONFIGURATION Figure 5-1 illustrates the hostname command. Figure 5-1.
www.dell.com | dell.com/support Configure the Management Port IP Address Assign IP addresses to the management ports in order to access the system remotely. Note: Assign different IP addresses to each RPM’s management port. To configure the management port IP address: Step 1 2 3 Task Command Syntax Command Mode Enter INTERFACE mode for the Management port. interface ManagementEthernet slot/port CONFIGURATION Assign an IP address to the interface.
To configure a username and password: Step 1 Task Command Syntax Command Mode Configure a username and password to access the system remotely. username username password [encryption-type] password encryption-type specifies how you are inputting the CONFIGURATION password, is 0 by default, and is not required. • • 0 is for inputting the password in clear text. 7 is for inputting a password that is already encrypted using a Type 7 hash.
www.dell.com | dell.com/support Configure the Enable Password Access the EXEC Privilege mode using the enable command. The EXEC Privilege mode is unrestricted by default. Configure a password as a basic security measure. There are two types of enable passwords: • enable password stores the password in the running/startup configuration using a DES encryption method. • enable secret is stored in the running/startup configuration in using a stronger, MD5 encryption method.
Copy Files to and from the System The command syntax for copying files is similar to UNIX. The copy command uses the format copy source-file-url destination-file-url. Note: See the FTOS Command Reference for a detailed description of the copy command. • • Table 5-2. To copy a local file to a remote system, combine the file-origin syntax for a local file location with the file-destination syntax for a remote file location shown in Table 5-2.
www.dell.com | dell.com/support Figure 5-3 shows an example of using the copy command to save a file to an FTP server. Figure 5-3. Saving a file to a Remote System Local Location Remote Location FTOS#copy flash://FTOS-EF-8.2.1.0.bin ftp://myusername:mypassword@10.10.10.10//FTOS/FTOS-EF-8.2.1.
Task Command Syntax Command Mode Save the running-configuration to: the startup-configuration on the internal flash of the primary RPM copy running-config startup-config the internal flash on an RPM copy running-config rpm{0|1}flash://filename Note: The internal flash memories on the RPMs are synchronized whenever there is a change, but only if the RPMs are running the same version of FTOS.
www.dell.com | dell.com/support The output of the command dir also shows the read/write privileges, size (in bytes), and date of modification for each file, as shown in Figure 5-5. Figure 5-5.
Figure 5-6. Tracking Changes with Configuration Comments FTOS#show running-config Current Configuration ... ! Version 8.2.1.0 ! Last configuration change at Thu Apr 3 23:06:28 2008 by admin ! Startup-config last updated at Thu Apr 3 23:06:55 2008 by admin ! boot system rpm0 primary flash://FTOS-EF-8.2.1.0.bin boot system rpm0 secondary flash://FTOS-EF-7.8.1.0.bin boot system rpm0 default flash://FTOS-EF-7.7.1.1.bin boot system rpm1 primary flash://FTOS-EF-7.8.1.0.bin boot system gateway 10.10.10.
www.dell.com | dell.com/support Figure 5-8. Alternative Storage Location FTOS#cd slot0: FTOS#copy running-config test FTOS#copy run test ! 7419 bytes successfully copied FTOS#dir Directory of slot0: 1 2 3 4 5 6 7 8 9 drwdrwx ----rw---------------- 32768 512 0 7419 0 0 0 0 0 Jan Jul Jan Jul Jan Jan Jan Jan Jan 01 23 01 23 01 01 01 01 01 No File System Specified 1980 2007 1970 2007 1970 1970 1970 1970 1970 00:00:00 00:38:44 00:00:00 20:44:40 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 . ..
6 Management Management is supported on platforms: ces This chapter explains the different protocols or services used to manage the Dell Networking system including: • • • • • • • Configure Privilege Levels Configure Logging File Transfer Services Terminal Lines Lock CONFIGURATION mode Recovering from a Forgotten Password on the S60 Recovering from a Failed Start on the S60 Configure Privilege Levels Privilege levels restrict access to commands based on user or terminal line.
www.dell.com | dell.com/support Removing a command from EXEC mode Remove a command from the list of available commands in EXEC mode for a specific privilege level using the command privilege exec from CONFIGURATION mode. In the command, specify a level greater than the level given to a user or terminal line, followed by the first keyword of each command to be restricted.
Task Command Syntax Allow access to INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode. Specify all keywords in the command. privilege configure level level {interface | line | route-map | router} {command-keyword ||...|| command-keyword} Allow access to a CONFIGURATION, INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode command. privilege {configure |interface | line | route-map | router} level level {command ||...
www.dell.com | dell.com/support Figure 6-1. 52 Create a Custom Privilege Level FTOS(conf)#do show run priv ! privilege exec level 3 capture privilege exec level 3 configure privilege exec level 4 resequence privilege exec level 3 capture bgp-pdu privilege exec level 3 capture bgp-pdu max-buffer-size privilege configure level 3 line privilege configure level 3 interface FTOS(conf)#do telnet 10.11.80.201 [telnet output omitted] FTOS#show priv Current privilege level is 3.
Apply a Privilege Level to a Username To set a privilege level for a user: Task Command Syntax Command Mode Configure a privilege level for a user. username username privilege level CONFIGURATION Apply a Privilege Level to a Terminal Line To set a privilege level for a terminal line: Task Command Syntax Command Mode Configure a privilege level for a terminal line.
www.dell.com | dell.com/support Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer.
Send System Messages to a Syslog Server Send system messages to a syslog server by specifying the server with the following command: Task Command Syntax Command Mode Specify the server to which you want to send system messages. You can configure up to eight syslog servers. logging {ip-address | hostname} CONFIGURATION Configure a Unix System as a Syslog Server Configure a UNIX system as a syslog server by adding the following lines to /etc/syslog.
www.dell.com | dell.com/support Task Command Syntax Command Mode Specify the size of the logging buffer. Note: When you decrease the buffer size, FTOS deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. logging buffered size CONFIGURATION Specify the number of messages that FTOS saves to its logging history table.
Figure 6-2. show logging Command Example FTOS#show logging syslog logging: enabled Console logging: level Debugging Monitor logging: level Debugging Buffer logging: level Debugging, 40 Messages Logged, Size (40960 bytes) Trap logging: level Informational %IRC-6-IRC_COMMUP: Link to peer RPM is up %RAM-6-RAM_TASK: RPM1 is transitioning to Primary RPM.
www.dell.com | dell.com/support Configure a UNIX logging facility level You can save system log messages with a UNIX system logging facility. To configure a UNIX logging facility level, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose logging facility [facility-type] CONFIGURATION Specify one of the following parameters.
Synchronize log messages You can configure FTOS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.
www.dell.com | dell.com/support To have FTOS include a timestamp with the syslog message, use the following command syntax in the CONFIGURATION mode: Command Syntax Command Mode Purpose service timestamps [log | debug] [datetime [localtime] [msec] [show-timezone] | uptime] CONFIGURATION Add timestamp to syslog messages. Specify the following optional parameters: • datetime: You can add the keyword localtime to include the localtime, msec, and show-timezone.
Enable FTP server To enable the system as an FTP server, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose ftp-server enable CONFIGURATION Enable FTP on the system. To view FTP configuration, use the show running-config ftp command (Figure 6-4) in the EXEC privilege mode. Figure 6-4.
www.dell.com | dell.com/support Configure FTP client parameters To configure FTP client parameters, use the following commands in the CONFIGURATION mode: Command Syntax Command Mode Purpose ip ftp source-interface interface CONFIGURATION Enter the following keywords and slot/port or number information: • For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information.
To apply an IP ACL to a line: Task Command Syntax Command Mode Apply an ACL to a VTY line. ip access-class access-list LINE To view the configuration, enter the show config command in the LINE mode, as shown in Figure 6-5. Figure 6-5. Applying an Access List to a VTY Line FTOS(config-std-nacl)#show config ! ip access-list standard myvtyacl seq 5 permit host 10.11.0.
www.dell.com | dell.com/support To configure authentication for a terminal line: Step Task Command Syntax Command Mode 1 Create an authentication method list. You may use a mnemonic name or use the keyword default. The default authentication method for terminal lines is local, and the default method list is empty. aaa authentication login {method-list-name | default} [method-1] [method-2] [method-3] [method-4] [method-5] [method-6] 2 Apply the method list from Step 1 to a terminal line.
To change the timeout period or disable EXEC timeout. Task Command Syntax Command Mode Set the number of minutes and seconds. Default: 10 minutes on console, 30 minutes on VTY. Disable EXEC timeout by setting the timeout period to 0. exec-timeout minutes [seconds] LINE Return to the default timeout values. no exec-timeout LINE View the configuration using the command show config from LINE mode. Figure 6-7.
www.dell.com | dell.com/support Figure 6-8. Telnet to Another Network Device FTOS# telnet 10.11.80.203 Trying 10.11.80.203... Connected to 10.11.80.203. Exit character is '^]'. Login: Login: admin Password: FTOS>exit FTOS#telnet 2200:2200:2200:2200:2200::2201 Trying 2200:2200:2200:2200:2200::2201... Connected to 2200:2200:2200:2200:2200::2201. Exit character is '^]'. FreeBSD/i386 (freebsd2.force10networks.
If any user is already in CONFIGURATION mode when while a lock is in place, Message 2 appears on their terminal. Message 2 Cannot Lock CONFIGURATION mode Error % Error: Can't lock configuration mode exclusively since the following users are currently configuring the system: User "admin" on line vty1 ( 10.1.1.1 ) Note: The CONFIGURATION mode lock corresponds to a VTY session, not a user.
www.dell.com | dell.com/support Step Task Command Syntax Command Mode 4 Set the system parameters to ignore the startup configuration file when the system reloads. setenv stconfigignore true uBoot 5 To save the changes, use the saveenv command saveenv uBoot 6 Save the running-config. copy running-config startup-config EXEC Privilege 7 Reload the system. reset uBoot 8 Copy startup-config.bak to the running config. copy flash://startup-config.
Step 9 Task Command Syntax Command Mode Save the running-config to the startup-config. copy running-config startup-config EXEC Privilege Recovering from a Failed Start on the S60 A system that does not start correctly might be attempting to boot from a corrupted FTOS image or from a mis-specified location. In that case, you can restart the system and interrupt the boot process to point the system to another boot location. Use the setenv command, as described below.
| Management www.dell.com | dell.
7 802.1ag 802.1ag is available only on platform: s Ethernet Operations, Administration, and Maintenance (OAM) is a set of tools used to install, monitor, troubleshoot and manage Ethernet infrastructure deployments. Ethernet OAM consists of three main areas: 1. Service Layer OAM: IEEE 802.1ag Connectivity Fault Management (CFM) 2. Link Layer OAM: IEEE 802.3ah OAM 3.
www.dell.com | dell.com/support There is a need for Layer 2 equivalents to manage and troubleshoot native Layer 2 Ethernet networks. With these tools, you can identify, isolate, and repair faults quickly and easily, which reduces operational cost of running the network. OAM also increases availability and reduces mean time to recovery, which allows for tighter service level agreements, resulting in increased revenue for the service provider.
These roles define the relationships between all devices so that each device can monitor the layers under its responsibility. Maintenance points drop all lower-level frames and forward all higher-level frames. Figure 7-2.
www.dell.com | dell.com/support Implementation Information • Since the S-Series has a single MAC address for all physical/LAG interfaces, only one MEP is allowed per MA (per VLAN or per MD level). Configure CFM Configuring CFM is a five-step process: 1. Configure the ecfmacl CAM region using the cam-acl command. See Configure Ingress Layer 2 ACL Sub-partitions. 2. Enable Ethernet CFM 3. Create a Maintenance Domain 4. Create a Maintenance Association 5. Create Maintenance Points 6.
Enable Ethernet CFM Task Command Syntax Command Mode Spawn the CFM process. No CFM configuration is allowed until the CFM process is spawned. ethernet cfm CONFIGURATION Disable Ethernet CFM without stopping the CFM process. disable ETHERNET CFM Create a Maintenance Domain Connectivity Fault Management (CFM) divides a network into hierarchical maintenance domains, as shown in Figure 7-1. Step 1 Task Command Syntax Command Mode Create maintenance domain.
www.dell.com | dell.com/support Create a Maintenance Association A Maintenance Association MA is a subdivision of an MD that contains all managed entities corresponding to a single end-to-end service, typically a VLAN. An MA is associated with a VLAN ID. Task Command Syntax Command Mode Create maintenance association. service name vlan vlan-id ECFM DOMAIN Create Maintenance Points Domains are comprised of logical entities called Maintenance Points.
Task Command Syntax Command Mode FTOS#show ethernet cfm maintenance-points local mep ------------------------------------------------------------------------------MPID Domain Name Level Type Port CCM-Status MA Name VLAN Dir ------------------------------------------------------------------------------- MAC 100 cfm0 7 MEP Gi 4/10 Enabled test0 10 DOWN 00:01:e8:59:23:45 200 cfm1 6 MEP Gi 4/10 Enabled test1 20 DOWN 00:01:e8:59:23:45 300 cfm2 5 MEP Gi 4/10 Enabled test2 30 DOWN
www.dell.com | dell.com/support Task Command Syntax Command Mode FTOS#show ethernet cfm maintenance-points remote detail MAC Address: 00:01:e8:58:68:78 Domain Name: cfm0 MA Name: test0 Level: 7 VLAN: 10 MP ID: 900 Sender Chassis ID: FTOS MEP Interface status: Up MEP Port status: Forwarding Receive RDI: FALSE MP Status: Active Display the MIP Database.
Continuity Check Messages Continuity Check Messages (CCM) are periodic hellos used to: • • • • discover MEPs and MIPs within a maintenance domain detect loss of connectivity between MEPs detect misconfiguration, such as VLAN ID mismatch between MEPs to detect unauthorized MEPs in a maintenance domain Continuity Check Messages (CCM) are multicast Ethernet frames sent at regular intervals from each MEP.
www.dell.com | dell.com/support Enable CCM Step 1 Task Command Syntax Command Mode Enable CCM. no ccm disable ECFM DOMAIN Default: Disabled ccm transmit-interval seconds Default: 10 seconds ECFM DOMAIN Task Command Syntax Command Mode Enable cross-checking. mep cross-check enable ETHERNET CFM 2 Configure the transmit interval (mandatory). The interval specified applies to all MEPs in the domain. Enable Cross-checking Default: Disabled Start the cross-check operation for an MEP.
Figure 7-4. Linktrace Message and Response MPLS Core MEP Lin MIP ktra c e m M essa MIP MIP ge L i n k t ra ce R e s p o n s e Link trace messages carry a unicast target address (the MAC address of an MIP or MEP) inside a multicast frame. The destination group address is based on the MD level of the transmitting MEP (01:80:C2:00:00:3[8 to F]).
www.dell.com | dell.com/support Task Command Syntax Command Mode FTOS#show ethernet cfm traceroute-cache Traceroute to 00:01:e8:52:4a:f8 on Domain Customer2, Level 7, MA name Test2 with VLAN 2 -----------------------------------------------------------------------------Hops Host IngressMAC Ingr Action Relay Action Next Host -----------------------------------------------------------------------------4 00:00:00:01:e8:53:4a:f8 00:01:e8:52:4a:f8 IngOK Delete all Link Trace Cache entries.
Three values are giving within the trap messages: MD Index, MA Index, and MPID. You can reference these values against the output of show ethernet cfm domain and show ethernet cfm maintenance-points local mep.
www.dell.com | dell.com/support Task Command Syntax Command Mode Display CFM statistics by port.
8 802.1X 802.1X is supported on platforms: ces Protocol Overview 802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). This feature is named for its IEEE specification. 802.
www.dell.com | dell.com/support Figure 8-1.
3. The authenticator decapsulates the EAP Response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame, and forwards the frame to the authentication server. 4. The authentication server replies with an Access-Challenge. The Access-Challenge is request that the supplicant prove that it is who it claims to be, using a specified method (an EAP-Method). The challenge is translated and forwarded to the supplicant by the authenticator. 5.
www.dell.com | dell.com/support Figure 8-3. Code RADIUS Frame Format Identifier Range: 1-4 Codes: 1: Access-Request 2: Access-Accept 3: Access-Reject 11: Access-Challenge Length Message-Authenticator Attribute Type (79) EAP-Message Attribute Length EAP-Method Data (Supplicant Requested Credentials) fnC0034mp RADIUS Attributes for 802.1 Support Force10 systems includes the following RADIUS attributes in all 802.1X-triggered Access-Request messages: • • • • 88 | 802.
Configuring 802.1X Configuring 802.1X on a port is a two-step process: 1. Enable 802.1X globally. See page 89. 2. Enable 802.1X on an interface. See page 89. Related Configuration Tasks • • • • • • Configuring Request Identity Re-transmissions Configuring Port-control Re-authenticating a Port Configuring Timeouts Configuring a Guest VLAN Configuring an Authentication-fail VLAN Important Points to Remember • • • FTOS supports 802.
www.dell.com | dell.com/support Figure 8-4. Enabling 802.1X Supplicant Authenticator 2/1 Authentication Server 2/2 Force10(conf )#dot1x authentication Force10(conf )#interface range gigabitethernet 2/1 - 2 Force10(conf-if-range-gi-2/1-2)#dot1x authentication Force10(conf-if-range-gi-2/1-2)#show config ! interface GigabitEthernet 2/1 ip address 2.2.2.2/24 dot1x authentication no shutdown ! interface GigabitEthernet 2/2 ip address 1.0.0.1/24 dot1x authentication no shutdown To enable 802.
Figure 8-6. Verifying 802.1X Interface Configuration Force10#show dot1x interface gigabitethernet 2/1 802.1x information on Gi 2/1: ----------------------------Dot1x Status: Enable Port Control: AUTO Port Auth Status: UNAUTHORIZED Re-Authentication: Disable Untagged VLAN id: None Tx Period: 30 seconds Quiet Period: 60 seconds ReAuth Max: 2 Supplicant Timeout: 30 seconds Server Timeout: 30 seconds Re-Auth Interval: 3600 seconds Max-EAP-Req: 2 Auth Type: SINGLE_HOST Auth PAE State: Backend State: 802.
www.dell.com | dell.com/support Configuring a Quiet Period after a Failed Authentication If the supplicant fails the authentication process, the authenticator sends another Request Identity frame after 30 seconds by default, but this period can be configured. Note: The quiet period (dot1x quiet-period) is an transmit interval for after a failed authentication where as the Request Identity Re-transmit interval (dot1x tx-period) is for an unresponsive supplicant.
Forcibly Authorizing or Unauthorizing a Port IEEE 802.1X requires that a port can be manually placed into any of three states: • • • ForceAuthorized is an authorized state. A device connected to this port in this state is never subjected to the authentication process, but is allowed to communicate on the network. Placing the port in this state is same as disabling 802.1X on the port. ForceUnauthorized an unauthorized state.
www.dell.com | dell.com/support Re-authenticating a Port Periodic Re-authentication After the supplicant has been authenticated, and the port has been authorized, the authenticator can be configured to re-authenticates the supplicant periodically. If re-authentication is enabled, the supplicant is required to re-authenticate every 3600 seconds, but this interval can be configured. A maximum number of re-authentications can be configured as well.
Configuring Timeouts If the supplicant or the authentication server is unresponsive, the authenticator terminates the authentication process after 30 seconds by default. This amount of time that the authenticator waits for a response can be configured. To terminate the authentication process due to an unresponsive supplicant: Step 1 Task Command Syntax Command Mode Terminate the authentication process due to an unresponsive supplicant.
www.dell.com | dell.com/support Dynamic VLAN Assignment with Port Authentication FTOS supports dynamic VLAN assignment when using 802.1X. The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID.
Figure 8-11. Dynamic VLAN Assignment with 802.1X Force10(conf-if-gi-1/10)#show config interface GigabitEthernet 1/10 no ip address 2 switchport radius-server host 10.11.197.169 auth-port 1645 dot1x authentication 1 key 7 387a7f2df5969da4 no shutdow End-user Device Force10 switch 4 Force10#show dot1x interface gigabitethernet 1/10 802.
www.dell.com | dell.com/support If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases this behavior is not appropriate. External users of an enterprise network, for example, might not be able to be authenticated, but still need access to the network. Also, some dumb-terminals such as network printers do not have 802.1X capability and therefore cannot authenticate themselves.
Figure 8-13. Configuring an Authentication-fail VLAN Force10(conf-if-gi-1/2)#dot1x auth-fail-vlan 100 max-attempts 5 Force10(conf-if-gi-1/2)#show config ! interface GigabitEthernet 1/2 switchport dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no shutdown Force10(conf-if-gi-1/2)# View your configuration using the command show config from INTERFACE mode, as shown in Figure 8-12, or using the command show dot1x interface command from EXEC Privilege mode as shown in Figure 8-14. Figure 8-14.
www.dell.com | dell.com/support Multi-Host Authentication Multi-Host Authentication is available on platforms: c et s 802.1x assumes that a single end-user is connected to a single authenticator port, as shown in Figure 8-15; this one-to-one mode of authentication is called Single-host mode. If multiple end-users are connected to the same port, a many-to-one configuration, only the first end-user to respond to the identity request is authenticated.
When the host mode is changed on a port that is already authenticated: • • Single-host to Multi-host: all devices attached to the port that were previously blocked may access the network; the supplicant does not re-authenticate. Multi-host to Single-host: the port restarts the authentication process, and the first end-user to respond is authenticated and allowed access. Task Command Syntax Command Mode Configure Multi-host Authentication mode on a port.
www.dell.com | dell.com/support Task Command Syntax Command Mode Configure Single-host Authentication mode on a port. dot1x host-mode single-host INTERFACE FTOS(conf-if-gi-2/1)#dot1x port-control force-authorized FTOS(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1 802.
During the authentication process, the Dell Force10 system is able to learn the MAC address of the device though the EAPoL frames, and the VLAN assignment from the RADIUS server. With this information it creates an authorized-MAC to VLAN mapping table per port. Then, the system can tag all incoming untagged frames with the appropriate VLAN-ID based on the table entries. Task Command Syntax Command Mode Enable Multi-Supplicant Authentication mode on a port.
www.dell.com | dell.com/support MAC Authentication Bypass MAC Authentication Bypass is supported on platforms: cs MAC Authentication Bypass (MAB) enables you to provide MAC-based security by allowing only known MAC addresses within the network using a RADIUS server. 802.1X-enabled clients can authenticate themselves using the 802.1X protocol. Other devices that do not use 802.1X—like IP phones, printers, and IP fax machines—still need connectivity to the network.
MAB in Single-host and Multi-Host Mode In single-host and multi-host mode, the switch attempts to authenticate a supplicant using 802.1X. If 802.1X times out because the supplicant does not respond to the Request Identity frame and MAB is enabled, the switch attempts to authenticate the first MAC it learns on the port. Subsequently, for single-host mode, traffic from all other MACs is dropped; for multi-host mode, all traffic from all other MACs is accepted.
www.dell.com | dell.com/support Step Task Command Syntax Command Mode 3 (Optional) Use MAB authentication only— do not use 802.1X authentication first. If MAB fails the port or the MAC address is blocked, the port is placed in the guest VLAN (if configured). 802.1x authentication is not even attempted. Re-authentication is performed using 802.1X timers. dot1x auth-type mab-only INTERFACE 4 Display the 802.1X and MAB configuration.
9 Access Control Lists (ACL), Prefix Lists, and Route-maps Access Control Lists, Prefix Lists, and Route-maps are supported on platforms: ces ces Egress IP and MAC ACLs are supported on platforms: e Ingress IP and MAC ACLs are supported on platforms: Overview At their simplest, Access Control Lists (ACLs), Prefix lists, and Route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter discusses implementing IP ACLs, IP Prefix lists and Route-maps.
www.dell.com | dell.com/support • • • • • • Configuring Ingress ACLs Configuring Egress ACLs Configuring ACLs to Loopback • Applying an ACL on Loopback Interfaces IP Prefix Lists ACL Resequencing Route Maps IP Access Control Lists (ACLs) In the Dell Networking switch/routers, you can create two different types of IP ACLs: standard or extended. A standard ACL filters packets based on the source IP packet.
CAM optimization is supported on platforms cs CAM Profiling CAM optimization is supported on platforms et The default CAM profile has 1K Layer 2 ingress ACL entries. If you need more memory for Layer 2 ingress ACLs, select the profile l2-ipv4-inacl. When budgeting your CAM allocations for ACLs and QoS configurations, remember that ACL and QoS rules might consume more than one CAM entry depending on complexity. For example, TCP and UDP rules with port range options might require more than one CAM entry.
www.dell.com | dell.com/support The CAM space is allotted in FP blocks. The total space allocated must equal 13 FP blocks. Note that there are 16 FP blocks, but the System Flow requires 3 blocks that cannot be reallocated. The default CAM Allocation settings on a C-Series matching are: • • • • • L3 ACL (ipv4acl): 6 L2 ACL(l2acl) : 5 IPv6 L3 ACL (ipv6acl): 0 L3 QoS (ipv4qos): 1 L2 QoS (l2qos): 1 The ipv6acl allocation must be entered as a factor of 2 (2, 4, 6, 8, 10).
Implementing ACLs on FTOS One IP ACL can be assigned per interface with FTOS. If an IP ACL is not assigned to an interface, it is not used by the software in any other capacity. The number of entries allowed per ACL is hardware-dependent. Refer to your line card documentation for detailed specification on entries allowed per ACL. If counters are enabled on IP ACL rules that are already configured, those counters are reset when a new rule is inserted or prepended.
www.dell.com | dell.com/support ACLs acl1 and acl2 have overlapping rules because the address range 20.1.1.0/24 is within 20.0.0.0/8. Therefore, (without the keyword order) packets within the range 20.1.1.0/24 match positive against cmap1 and are buffered in queue 7, though you intended for these packets to match positive against cmap2 and be buffered in queue 4.
• Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the fragments option and apply it to a loopback interface, the command is accepted, but the ACL entries are not actually installed the offending rule in CAM. IP fragments ACL examples The following configuration permits all packets (both fragmented & non-fragmented) with destination IP 10.1.1.1. The second rule does not get hit at all.
www.dell.com | dell.com/support To log all the packets denied and to override the implicit deny rule and the implicit permit rule for TCP/ UDP fragments, use a configuration similar to the following. FTOS(conf)#ip access-list extended ABC FTOS(conf-ext-nacl)#permit tcp any any fragment FTOS(conf-ext-nacl)#permit udp any any fragment FTOS(conf-ext-nacl)#deny ip any any log FTOS(conf-ext-nacl) Note the following when configuring ACLs with the fragments keyword.
Step Command Syntax Command Mode Purpose 2 seq sequence-number {deny | permit} {source [mask] | any | host ip-address} [count [byte] | log ] [order] [monitor] [fragments] CONFIG-STD-NACL Configure a drop or forward filter. The parameters are: • log and monitor options are supported on E-Series only. Note: When assigning sequence numbers to filters, keep in mind that you might need to insert a new filter.
www.dell.com | dell.com/support To configure a filter without a specified sequence number, use these commands in the following sequence, starting in the CONFIGURATION mode: Step 1 Command Syntax Command Mode Purpose ip access-list standard CONFIGURATION Create a standard IP ACL and assign it a unique name. CONFIG-STD-NACL Configure a drop or forward IP ACL filter. • log and monitor options are supported on E-Series only.
Configure an extended IP ACL Extended IP ACLs filter on source and destination IP addresses, IP host addresses, TCP addresses, TCP host addresses, UDP addresses, and UDP host addresses. Since traffic passes through the filter in the order of the filter’s sequence, you can configure the extended IP ACL by first entering the IP ACCESS LIST mode and then assigning a sequence number to the filter. Note: On E-Series ExaScale systems, TCP ACL flags are not supported in an extended ACL with IPv6 microcode.
www.dell.com | dell.com/support Step Command Syntax seq 2 Command Mode Purpose CONFIG-EXT-NACL Configure an extended IP ACL filter for TCP packets. • log and monitor options are supported on E-Series only. sequence-number {deny | permit} tcp {source mask | any | host ip-address}} [count [byte] | log ] [order] [monitor] [fragments] When you use the log keyword, CP processor logs details about the packets that match.
Figure 9-7. Command Example: seq FTOS(config-ext-nacl)#seq 15 deny ip host 112.45.0.0 any log FTOS(config-ext-nacl)#seq 5 permit tcp 12.1.3.45 0.0.255.255 any FTOS(config-ext-nacl)#show confi ! ip access-list extended dilling seq 5 permit tcp 12.1.0.0 0.0.255.255 any seq 15 deny ip host 112.45.0.
www.dell.com | dell.com/support Figure 9-8. Extended IP ACL FTOS(config-ext-nacl)#deny tcp host 123.55.34.0 any FTOS(config-ext-nacl)#permit udp 154.44.123.34 0.0.255.255 host 34.6.0.0 FTOS(config-ext-nacl)#show config ! ip access-list extended nimule seq 5 deny tcp host 123.55.34.0 any seq 10 permit udp 154.44.0.0 0.0.255.255 host 34.6.0.
For information on MAC ACLs, refer to Chapter 23, “Layer 2,” on page 433. Assign an IP ACL to an Interface c s (S25/S50) Ingress and Egress IP ACL are supported on platforms: e Ingress IP ACLs are supported on platforms: To pass traffic through a configured IP ACL, you must assign that ACL to a physical interface, a port channel interface, or a VLAN.
www.dell.com | dell.com/support To view which IP ACL is applied to an interface, use the show config command (Figure 232) in the INTERFACE mode or the show running-config command in the EXEC mode. Figure 9-9. Command example: show config in the INTERFACE Mode FTOS(conf-if)#show conf ! interface GigabitEthernet 0/0 ip address 10.2.1.100 255.255.255.0 ip access-group nimule in no shutdown FTOS(conf-if)# Use only Standard ACLs in the access-class command to filter traffic on Telnet sessions.
Figure 9-10. Creating an Ingress ACL FTOS(conf)#interface gige 0/0 FTOS(conf-if-gige0/0)#ip access-group abcd in FTOS(conf-if-gige0/0)#show config ! gigethernet 0/0 no ip address ip access-group abcd in no shutdown FTOS(conf-if-gige0/0)#end FTOS#configure terminal FTOS(conf)#ip access-list extended abcd FTOS(config-ext-nacl)#permit tcp any any FTOS(config-ext-nacl)#deny icmp any any FTOS(config-ext-nacl)#permit 1.1.1.
www.dell.com | dell.com/support Figure 9-11. Creating an Egress ACL FTOS(conf)#interface gige 0/0 FTOS(conf-if-gige0/0)#ip access-group abcd out FTOS(conf-if-gige0/0)#show config ! gigethernet 0/0 no ip address ip access-group abcd out no shutdown FTOS(conf-if-gige0/0)#end FTOS#configure terminal FTOS(conf)#ip access-list extended abcd FTOS(config-ext-nacl)#permit tcp any any FTOS(config-ext-nacl)#deny icmp any any FTOS(config-ext-nacl)#permit 1.1.1.
Configuring ACLs to Loopback ACLs can be supplied on Loopback interfaces supported on platform e Configuring ACLs onto the CPU in a loopback interface protects the system infrastructure from attack— malicious and incidental—by explicitly allowing only authorized traffic. The ACLs on loopback interfaces are applied only to the CPU on the RPM—this eliminates the need to apply specific ACLs onto all ingress interfaces and achieves the same results.
www.dell.com | dell.com/support Figure 9-12. Applying an ACL to the Loopback Interface FTOS(conf)#interface loopback 0 FTOS(conf-if-lo-0)#ip access-group abcd in FTOS(conf-if-lo-0)#show config ! interface Loopback 0 no ip address ip access-group abcd in no shutdown FTOS(conf-if-lo-0)#end FTOS#configure terminal FTOS(conf)#ip access-list extended abcd FTOS(config-ext-nacl)#permit tcp any any FTOS(config-ext-nacl)#deny icmp any any FTOS(config-ext-nacl)#permit 1.1.1.
The following rules apply to prefix lists: • • • A prefix list without any permit or deny filters allows all routes. An “implicit deny” is assumed (that is, the route is dropped) for all route prefixes that do not match a permit or deny filter in a configured prefix list. Once a route matches a filter, the filter’s action is applied. No additional filters are applied to the route.
www.dell.com | dell.com/support If you want to forward all routes that do not match the prefix list criteria, you must configure a prefix list filter to permit all routes (permit 0.0.0.0/0 le 32). The “permit all” filter should be the last filter in your prefix list. To permit the default route only, enter permit 0.0.0.0/0. Figure 9-13 illustrates how the seq command orders the filters according to the sequence number assigned.
Figure 9-14. Prefix List FTOS(conf-nprefixl)#permit 123.23.0.0 /16 FTOS(conf-nprefixl)#deny 133.24.56.0 /8 FTOS(conf-nprefixl)#show conf ! ip prefix-list awe seq 5 permit 123.23.0.0/16 seq 10 deny 133.0.0.0/8 FTOS(conf-nprefixl)# To delete a filter, enter the show config command in the PREFIX LIST mode and locate the sequence number of the filter you want to delete; then use the no seq sequence-number command in the PREFIX LIST mode.
www.dell.com | dell.com/support Use a prefix list for route redistribution To pass traffic through a configured prefix list, you must use the prefix list in a route redistribution command. The prefix list is applied to all traffic redistributed into the routing process and the traffic is either forwarded or dropped depending on the criteria and actions specified in the prefix list. To apply a filter to routes in RIP (RIP is supported on C and E-Series.
To view the configuration, use the show config command in the ROUTER OSPF mode (Figure 241) or the show running-config ospf command in the EXEC mode. Figure 9-18. Command Example: show config in ROUTER OSPF Mode FTOS(conf-router_ospf)#show config ! router ospf 34 network 10.2.1.1 255.255.255.255 area 0.0.0.1 distribute-list prefix awe in FTOS(conf-router_ospf)# ACL Resequencing ACL Resequencing allows you to re-number the rules and remarks in an access or prefix list.
www.dell.com | dell.com/support Resequencing an ACL or Prefix List Resequencing is available for IPv4 and IPv6 ACLs and prefix lists and MAC ACLs. To resequence an ACL or prefix list use the appropriate command in Table 9-5. You must specify the list name, starting number, and increment when using these commands. Table 9-5.
Figure 9-20. Resequencing Remarks FTOS(config-ext-nacl)# show config ! ip access-list extended test remark 4 XYZ remark 5 this remark corresponds to permit any host 1.1.1.1 seq 5 permit ip any host 1.1.1.1 remark 9 ABC remark 10 this remark corresponds to permit ip any host 1.1.1.2 seq 10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.
www.dell.com | dell.com/support • • • Two or more match clauses within the same route-map sequence have the same match commands (though the values are different), matching a packet against these clauses is a logical OR operation. • Two or more match clauses within the same route-map sequence have different match commands, matching a packet against these clauses is a logical AND operation.
Figure 9-21. Command Example: show config in the ROUTE-MAP Mode FTOS(config-route-map)#show config ! route-map dilling permit 10 FTOS(config-route-map)# You can create multiple instances of this route map by using the sequence number option to place the route maps in the correct order. FTOS processes the route maps with the lowest sequence number first. When a configured route map is applied to a command, like redistribute, traffic passes through all instances of that route map until a match is found.
www.dell.com | dell.com/support Figure 9-24. Command Example: show route-map FTOS#show route-map dilling route-map dilling, permit, sequence 10 Match clauses: Set clauses: route-map dilling, permit, sequence 15 Match clauses: interface Loopback 23 Set clauses: tag 3444 FTOS# To delete a route map, use the no route-map map-name command in the CONFIGURATION mode. Configure route map filters Within the ROUTE-MAP mode, there are match and set commands.
Also, if there are different instances of the same route-map, then it’s sufficient if a permit match happens in any instance of that route-map.
www.dell.com | dell.com/support Command Syntax Command Mode Purpose match ip address prefix-list-name CONFIG-ROUTE-MAP Match destination routes specified in a prefix list (IPv4). match ipv6 address prefix-list-name CONFIG-ROUTE-MAP Match destination routes specified in a prefix list (IPv6). match ip next-hop {access-list-name | prefix-list prefix-list-name} CONFIG-ROUTE-MAP Match next-hop routes specified in a prefix list (IPv4).
Command Syntax Command Mode Purpose set ipv6 next-hop ip-address CONFIG-ROUTE-MAP Assign an IPv6 address as the route’s next hop. set origin {egp | igp | incomplete} CONFIG-ROUTE-MAP Assign an ORIGIN attribute. set tag tag-value CONFIG-ROUTE-MAP Specify a tag for the redistributed routes. set weight value CONFIG-ROUTE-MAP Specify a value as the route’s weight. Use these commands to create route map instances.
www.dell.com | dell.com/support Configure a route map for route tagging One method for identifying routes from different routing protocols is to assign a tag to routes from that protocol. As the route enters a different routing domain, it is tagged and that tag is passed along with the route as it passes through different routing protocols. This tag can then be used when the route leaves a routing domain to redistribute those routes again.
10 Border Gateway Protocol IPv4 (BGPv4) Border Gateway Protocol IPv4 (BGPv4) version 4 (BGPv4) is supported on platforms: ces Platforms support BGP according to the following table: FTOS version Platform support 8.1.1.0 E-Series ExaScale 7.8.1.0 S-Series 7.7.1.0. C-Series pre-7.7.1.0 E-Series TeraScale ex s c et This chapter is intended to provide a general description of Border Gateway Protocol version 4 (BGPv4) as it is supported in the Dell Networking operating system (FTOS).
www.dell.com | dell.
A stub AS is one that is connected to only one other AS. A transit AS is one that provides connections through itself to separate networks. For example as seen in Figure 10-1, Router 1 can use Router 2 (the transit AS) to connect to Router 4. ISPs are always transit ASs, because they provide connections from one network to another. The ISP is considered to be “selling transit service” to the customer network, so thus the term Transit AS.
www.dell.com | dell.com/support Figure 10-2. Full Mesh Examples 4 Routers 6 Routers 8 Routers The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor. Establishing a session Information exchange between peers is driven by events and timers.
In order to make decisions in its operations with other BGP peers, a BGP peer uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established. For each peer-to-peer session, a BGP implementation tracks which of these six states the session is in. The BGP protocol defines the messages that each peer should exchange in order to change the session from one state to another. The first state is the Idle mode.
Figure 10-3. Route Reflection Example Router A { eBGP Route eBGP Route Router B Router E { www.dell.com | dell.com/support To illustrate how these rules affect routing, see Figure 10-3 and the following steps. Routers B, C, D, E, and G are members of the same AS - AS100. These routers are also in the same Route Reflection Cluster, where Router D is the Route Reflector. Router E and H are client peers of Router D; Routers B and C and nonclient peers of Router D.
BGP Attributes Routes learned via BGP have associated properties that are used to determine the best route to a destination when multiple paths exist to a particular destination. These properties are referred to as BGP attributes, and an understanding of how BGP attributes influence route selection is required for the design of robust networks.
www.dell.com | dell.com/support Figure 10-4. BGP Best Path Selection Best Path selection details 1. Prefer the path with the largest WEIGHT attribute. 2. Prefer the path with the largest LOCAL_PREF attribute. 3. Prefer the path that was locally Originated via a network command, redistribute command or aggregate-address command. • Routes originated with the network or redistribute commands are preferred over routes originated with the aggregate-address command. 4.
• AS_CONFED_SEQUENCE has a path length of 1, no matter how many ASs are in the AS_CONFED_SEQUENCE. 5. Prefer the path with the lowest ORIGIN type (IGP is lower than EGP, and EGP is lower than INCOMPLETE). 6. Prefer the path with the lowest Multi-Exit Discriminator (MED) attribute. The following criteria apply: • • • This comparison is only done if the first (neighboring) AS is the same in the two paths; the MEDs are compared only if the first AS in the AS_SEQUENCE is the same for both paths.
www.dell.com | dell.com/support Weight The Weight attribute is local to the router and is not advertised to neighboring routers. If the router learns about more than one route to the same destination, the route with the highest weight will be preferred. The route with the highest weight is installed in the IP routing table. Local Preference Local Preference (LOCAL_PREF) represents the degree of preference within the entire AS. The higher the number, the greater the preference for the route.
One AS assigns the MED a value and the other AS uses that value to decide the preferred path. For this example, assume the MED is the only attribute applied. In Figure 10-6, AS100 and AS200 connect in two places. Each connection is a BGP session. AS200 sets the MED for its T1 exit point to 100 and the MED for its OC3 exit point to 50. This sets up a path preference through the OC3 link. The MEDs are advertised to AS100 routers so they know which is the preferred path. An MED is a non-transitive attribute.
www.dell.com | dell.com/support Generally, an IGP indicator means that the route was derived inside the originating AS. EGP generally means that a route was learned from an external gateway protocol. An INCOMPLETE origin code generally results from aggregation, redistribution or other indirect ways of installing routes into BGP. In FTOS, these origin codes appear as shown in Figure 10-7. The question mark (?) indicates an Origin code of INCOMPLETE. The lower case letter (i) indicates an Origin code of IGP.
Next Hop The Next Hop is the IP address used to reach the advertising router. For EBGP neighbors, the Next-Hop address is the IP address of the connection between the neighbors. For IBGP, the EBGP Next-Hop address is carried into the local AS. A Next Hop attribute is set when a BGP speaker advertises itself to another BGP speaker outside its local AS. It can also be set when advertising routes within an AS.
www.dell.com | dell.com/support • • • If the redistribute command does not have any metric configured and BGP Peer out-bound route-map does have metric-type internal configured, BGP advertises the IGP cost as MED. If the redistribute command has metric configured (route-map set metric or redistribute route-type metric ) and the BGP Peer out-bound route-map has metric-type internal configured, BGP advertises the metric configured in the redistribute command as MED.
Where the 2-Byte format is 1-65535, the 4-Byte format is 1-4294967295. Enter AS Numbers using the traditional format. If the ASN is greater than 65535, the dot format is shown when using the show ip bgp commands. For example, an ASN entered as 3183856184 will appear in the show commands as 48581.51768; an ASN of 65123 is shown as 65123. To calculate the comparable dot format for an ASN from a traditional format, use ASN/65536. ASN%65536. Table 10-2.
www.dell.com | dell.com/support ASDOT representation combines the ASPLAIN and ASDOT+ representations. AS Numbers less than 65536 appear in integer format (asplain); AS Numbers equal to or greater than 65536 appear using the decimal method (asdot+). For example, the AS Number 65526 appears as 65526, and the AS Number 65546 appears as 1.10. Dynamic AS Number Notation application FTOS 8.3.1.0 applies the ASN Notation type change dynamically to the running-config statements.
Figure 10-10. config Dynamic changes when bgp asnotation command is disabled in the show running AS NOTATION DISABLED FTOS(conf-router_bgp)#no bgp asnotation FTOS(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057
www.dell.com | dell.com/support Figure 10-11. Local-AS Scenario Router A AS 100 Router C AS 300 Router B AS 200 Before Migration Router A AS 100 AS 100 Router C AS 300 Router B Local AS 200 After Migration, with Local-AS enabled When you complete your migration, and you have reconfigured your network with the new information you must disable this feature. If the “no prepend” option is used, the local-as will not be prepended to the updates received from the eBGP peer.
Local-as is prepended before the route-map to give an impression that update passed thru a router in AS 200 before it reached Router B. BGP4 Management Information Base (MIB) The FORCE10-BGP4-V2-MIB enhances FTOS BGP Management Information Base (MIB) support with many new SNMP objects and notifications (traps) defined in the draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell Networking website, www.force10networks.com.
www.dell.com | dell.com/support • • • • • • • • • • • The AFI/SAFI is not used as an index to the f10BgpM2PeerCountersEntry table. The BGP peer's AFI/ SAFI (IPv4 Unicast or IPv6 Multicast) is used for various outbound counters. Counters corresponding to IPv4 Multicast cannot be queried.
BGP Configuration To enable the BGP process and begin exchanging information, you must assign an AS number and use commands in the ROUTER BGP mode to configure a BGP neighbor. Defaults By default, BGP is disabled. By default, FTOS compares the MED attribute on different paths from within the same AS (the bgp always-compare-med command is not enabled). Note: In FTOS, all newly configured neighbors and peer groups are disabled.
www.dell.com | dell.
Use these commands in the following sequence, starting in the CONFIGURATION mode to establish BGP sessions on the router. Step 1 Command Syntax Command Mode Purpose router bgp as-number CONFIGURATION Assign an AS number and enter the ROUTER BGP mode. AS Number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) or 0.1-65535.65535 (Dotted format) Only one AS is supported per system Note: If you enter a 4-Byte AS Number, 4-Byte AS Support is enabled automatically.
www.dell.com | dell.com/support Enter show config in CONFIGURATION ROUTER BGP mode to view the BGP configuration. Use the show ip bgp summary command in EXEC Privilege mode to view the BGP status. Figure 10-12 shows the summary with a 2-Byte AS Number displayed; Figure 10-13 shows the summary with a 4-Byte AS Number displayed. Figure 10-12. Command example: show ip bgp summary (2-Byte AS Number displayed) R2#show ip bgp summary BGP router identifier 192.168.10.
Figure 10-14 displays two neighbors, one is an external and the second one is an internal BGP neighbor. The first line of the output for each neighbor displays the AS number and states whether the link is an external or internal. The third line of the show ip bgp neighbors output contains the BGP State. If anything other than ESTABLISHED is listed, the neighbor is not exchanging information and routes.
www.dell.com | dell.com/support Figure 10-15. Command example: show running-config bgp R2#show running-config bgp ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.
Task Command Syntax Command Mode Enable ASDOT AS Number representation. Figure 10-17 bgp asnotation asdot CONFIG-ROUTER-BGP Enable ASDOT+ AS Number representation.Figure 10-18 bgp asnotation asdot+ CONFIG-ROUTER-BGP Figure 10-16. Command example and output: bgp asnotation asplain FTOS(conf-router_bgp)#bgp asnotation asplain FTOS(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.
www.dell.com | dell.com/support Configure Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. Another advantage of peer groups is that members of a peer groups inherit the configuration properties of the group and share same update policy. A maximum of 256 Peer Groups are allowed on the system. You create a peer group by assigning it a name, then adding members to the peer group. Once a peer group is created, you can configure route policies for it.
After you create a peer group, you can use any of the commands beginning with the keyword neighbor to configure that peer group. When you add a peer to a peer group, it inherits all the peer group’s configured parameters.
www.dell.com | dell.com/support Figure 10-20. Command example: show config (peer-group enabled FTOS(conf-router_bgp)#neighbor zanzibar no shutdown FTOS(conf-router_bgp)#show config ! router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes neighbor zanzibar peer-group neighbor zanzibar no shutdown neighbor 10.1.1.1 remote-as 65535 neighbor 10.1.1.1 shutdown neighbor 10.14.8.60 remote-as 18505 neighbor 10.14.8.
Figure 10-21. Command example: show ip bgp peer-group FTOS>show ip bgp peer-group Peer-group zanzibar, remote AS 65535 BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is zanzibar, peer-group internal, Number of peers in this group 26 Peer-group members (* - outbound optimized): 10.68.160.1 10.68.161.1 10.68.162.1 10.68.163.1 10.68.164.1 10.68.165.1 10.68.166.1 10.68.167.1 10.68.168.1 10.68.169.1 10.68.170.1 10.68.171.1 10.68.172.1 10.68.
www.dell.com | dell.com/support The BGP fast fall-over feature is configured on a per-neighbor or peer-group basis and is disabled by default.
Figure 10-22. Command example: show ip bgp neighbors FTOS#sh ip bgp neighbors BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.30.
www.dell.com | dell.com/support Figure 10-23. Command example: show ip bgp peer-group FTOS#sh ip bgp peer-group Peer-group test Fall-over enabled BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is test Number of peers in this group 1 Peer-group members (* - outbound optimized): 100.100.100.100* FTOS# router bgp 65517 neighbor test peer-group Fast Fall-Over neighbor test fall-over neighbor test no shutdown neighbor 100.100.100.
Only after the peer group responds to an OPEN message sent on the subnet does its BGP state change to ESTABLISHED. Once the peer group is ESTABLISHED, the peer group is the same as any other peer group. For more information on peer groups, refer to Configure Peer Groups. Maintain existing AS numbers during an AS migration The local-as feature smooths out the BGP network migration operation and allows you to maintain existing ASNs during a BGP network migration.
www.dell.com | dell.com/support Figure 10-24. Local-as information shown R2(conf-router_bgp)#show conf ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.
Figure 10-25. Allowas-in information shown R2(conf-router_bgp)#show conf ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 local-as 6500 neighbor 100.10.92.
www.dell.com | dell.com/support • • • Advertise to all BGP neighbors and peer-groups that the forwarding state of all routes has been saved. This prompts all peers to continue saving the routes they receive from your E-Series and to continue forwarding traffic. Bring the secondary RPM online as the primary and re-open sessions with all peers operating in “no shutdown” mode. Defer best path selection for a certain amount of time.
Filter on an AS-Path attribute The BGP attribute, AS_PATH, can be used to manipulate routing policies. The AS_PATH attribute contains a sequence of AS numbers representing the route’s path. As the route traverses an Autonomous System, the AS number is prepended to the route. You can manipulate routes based on their AS_PATH to affect interdomain routing. By identifying certain AS numbers in the AS_PATH, you can permit or deny routes based on the number in its AS_PATH.
www.dell.com | dell.com/support Step Command Syntax Command Mode Purpose 2 {deny | permit} filter CONFIG-AS-PATH Enter the parameter to match BGP AS-PATH for filtering. This is the filter that will be used to match the AS-path. The entries can be any format, letters, numbers, or regular expressions. This command can be entered multiple times if multiple filters are desired. See Table 10-4 for accepted expressions.
Figure 10-27. Filtering with Regular Expression FTOS(config)#router bgp 99 FTOS(conf-router_bgp)#neigh AAA peer-group FTOS(conf-router_bgp)#neigh AAA no shut FTOS(conf-router_bgp)#show conf ! router bgp 99 neighbor AAA peer-group neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 shutdown FTOS(conf-router_bgp)#neigh 10.155.15.
www.dell.com | dell.com/support Table 10-4. Regular Expressions Regular Expression Definition ( ) (parenthesis) Specifies patterns for multiple use when followed by one of the multiplier metacharacters: asterisk *, plus sign +, or question mark ? [ ] (brackets) Matches any enclosed character; specifies a range of single characters - (hyphen) Used within brackets to specify a range of AS or community numbers. _ (underscore) Matches a ^, a $, a comma, a space, a {, or a }.
Command Syntax Command Mode Purpose redistribute ospf process-id [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name] ROUTER BGP or CONF-ROUTER_BGPv6_ AF Include specific OSPF routes in IS-IS. Configure the following parameters: • process-id range: 1 to 65535 • match external range: 1 or 2 • match internal • metric-type: external or internal. • map-name: name of a configured route map.
www.dell.com | dell.com/support Use these commands in the following sequence, starting in the CONFIGURATION mode to configure an IP community list. Step Command Syntax Command Mode Purpose 1 ip community-list CONFIGURATION Create a Community list and enter the COMMUNITY-LIST mode.
Figure 10-28.
www.dell.com | dell.com/support Manipulate the COMMUNITY attribute In addition to permitting or denying routes based on the values of the COMMUNITY attributes, you can manipulate the COMMUNITY attribute value and send the COMMUNITY attribute with the route information. By default, FTOS does not send the COMMUNITY attribute. Use the following command in the CONFIGURATION ROUTER BGP mode to send the COMMUNITY attribute to BGP neighbors.
Step Command Syntax Command Mode Purpose 3 exit CONFIG-ROUTE-MAP Return to the CONFIGURATION mode. 4 router bgp as-number CONFIGURATION Enter the ROUTER BGP mode. 5 neighbor {ip-address | peer-group-name} route-map map-name {in | out} CONFIG-ROUTER-BGP Apply the route map to the neighbor or peer group’s incoming or outgoing routes. To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode.
www.dell.com | dell.com/support Use any or all of the following commands in the CONFIGURATION ROUTER BGP mode to change how the MED attribute is used. Command Syntax Command Mode Purpose bgp always-compare-med CONFIG-ROUTERBGP Enable MED comparison in the paths from neighbors with different ASs. By default, this comparison is not performed.
Step Command Syntax Command Mode Purpose 4 router bgp as-number CONFIGURATION Enter the ROUTER BGP mode. 5 neighbor {ip-address | peer-group-name} route-map map-name {in | out} CONFIG-ROUTER-BGP Apply the route map to the neighbor or peer group’s incoming or outgoing routes. To view the BGP configuration, use the show config command in the CONFIGURATION ROUTER BGP mode. To view a route map configuration, use the show route-map command in EXEC Privilege mode.
www.dell.com | dell.com/support You can also use route maps to change this and other BGP attributes. For example, you can include the following command in a route map to specify the next hop address: Command Syntax Command Mode Purpose set weight weight CONFIG-ROUTE-MAP Sets weight for the route. • weight range: 0 to 65535 Enable multipath By default, the software allows one path to a destination. You can enable multipath to allow up to 16 parallel paths to a destination.
Refer to Chapter 9, “Access Control Lists (ACL), Prefix Lists, and Route-maps,” on page 107 for configuration information on prefix lists, AS-PATH ACLs, and route maps. Note: When you configure a new set of BGP policies, always reset the neighbor or peer group by entering the clear ip bgp command in EXEC Privilege mode. Use these commands in the following sequence, starting in the CONFIGURATION mode to filter routes using prefix lists.
www.dell.com | dell.com/support Use these commands in the following sequence, starting in the CONFIGURATION mode to filter routes using a route map. Step Command Syntax Command Mode Purpose route-map map-name [permit | deny] [sequence-number] CONFIGURATION Create a route map and assign it a name. 2 {match | set} CONFIG-ROUTE-MAP Create multiple route map filters with a match or set action.
Step Command Syntax Command Mode Purpose 5 neighbor {ip-address | peer-group-name} filter-list as-path-name {in | out} CONFIG-ROUTER-B GP Filter routes based on the criteria in the configured route map. Configure the following parameters: • ip-address or peer-group-name: enter the neighbor’s IP address or the peer group’s name. • as-path-name: enter the name of a configured AS-PATH ACL. • in: apply the AS-PATH ACL map to inbound routes. • out: apply the AS-PATH ACL to outbound routes.
www.dell.com | dell.com/support Aggregate routes FTOS provides multiple ways to aggregate routes in the BGP routing table. At least one specific route of the aggregate must be in the routing table for the configured aggregate to become active. Use the following command in the CONFIGURATION ROUTER BGP mode to aggregate routes.
Use the following commands in the CONFIGURATION ROUTER BGP mode to configure BGP confederations. Command Syntax Command Mode Purpose bgp confederation identifier as-number CONFIG-ROUTERBGP Specifies the confederation ID. AS-number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) bgp confederation peers as-number [... as-number] CONFIG-ROUTERBGP Specifies which confederation sub-AS are peers. AS-number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) All Confederation routers must be either 4-Byte or 2-Byte.
www.dell.com | dell.com/support Figure 10-31.
To set dampening parameters via a route map, use the following command in CONFIGURATION ROUTE-MAP mode: Command Syntax Command Mode Purpose set dampening half-life reuse CONFIG-ROUTE-MAP Enter the following optional parameters to configure route dampening parameters: • half-life range: 1 to 45. Number of minutes after which the Penalty is decreased. After the router assigns a Penalty of 1024 to a route, the Penalty is decreased by half after the half-life period expires.
www.dell.com | dell.com/support Use the following command in EXEC Privilege mode to clear information on route dampening and return suppressed routes to active state. Command Syntax Command Mode Purpose clear ip bgp dampening [ip-address mask] EXEC Privilege Clear all information or only information on a specific route. Use the following command in EXEC and EXEC Privilege mode to view statistics on route flapping.
Change BGP timers Use either or both of the following commands in the CONFIGURATION ROUTER BGP mode to configure BGP timers. Command Syntax Command Mode Purpose neighbors {ip-address | peer-group-name} timers keepalive CONFIG-ROUTERBGP Configure timer values for a BGP neighbor or peer group. • keepalive range: 1 to 65535. Time interval, in seconds, between keepalive messages sent to the neighbor routers. (Default: 60 seconds) • holdtime range: 3 to 65536.
www.dell.com | dell.com/support Use the clear ip bgp command in EXEC Privilege mode at the system prompt to reset a BGP connection using BGP soft reconfiguration. Command Syntax Command Mode Purpose clear ip bgp {* | neighbor-address | AS Numbers | ipv4 | peer-group-name} [soft [in | out]] EXEC Privilege Clear all information or only specific details.
Route map continue The BGP route map continue feature (in ROUTE-MAP mode) allows movement from one route-map entry to a specific route-map entry (the sequence number). If the sequence number is not specified, the continue feature moves to the next sequence number (also known as an implied continue). If a match clause exists, the continue feature executes only after a successful match occurs. If there are no successful matches, continue is ignored.
www.dell.com | dell.com/support MBGP Configuration et c MBGP for IPv4 Multicast is supported on platform c et s MBGP is not supported on the E-Series ExaScale ex platform. MBGP for IPv6 unicast is supported on platforms Multiprotocol BGP (MBGP) is an enhanced BGP that carries IP multicast routes. BGP carries two sets of routes: one set for unicast routing and one set for multicast routing.
BGP Regular Expression Optimization BGP policies that contain regular expressions to match against as-paths and communities might take a lot of CPU processing time, and thus can affect BGP routing convergence. Also, show bgp commands that get filtered through regular expressions can take a lot of CPU cycles, especially when the database is large.
www.dell.com | dell.com/support FTOS displays debug messages on the console. To view which debugging commands are enabled, use the show debugging command in EXEC Privilege mode. 204 Use the keyword no followed by the debug command To disable a specific debug command. For example, to disable debugging of BGP updates, enter no debug ip bgp updates command. Use no debug ip bgp to disable all BGP debugging. Use undebug all to disable all debugging.
Figure 10-34. Viewing the Last Bad PDU from BGP Peers FTOS(conf-router_bgp)#do show ip bgp neighbors 1.1.1.2 BGP neighbor is 1.1.1.2, remote AS 2, external link BGP version 4, remote router ID 2.4.0.
www.dell.com | dell.com/support The buffer size supports a maximum value between 40 MB (the default) and 100 MB. The capture buffers are cyclic and reaching the limit prompts the system to overwrite the oldest PDUs when new ones are received for a given neighbor or direction. Setting the buffer size to a value lower than the current max, might cause captured PDUs to be freed to set the new limit. Note: Memory on RP1 is not pre-allocated, and is allocated only when a PDU needs to be captured.
With full internet feed (205K) captured, approximately 11.8MB is required to store all of the PDUs, as shown in Figure 10-36. Figure 10-36. Required Memory for Captured PDUs FTOS(conf-router_bgp)#do show capture bgp-pdu neighbor 172.30.1.250 Incoming packet capture enabled for BGP neighbor 172.30.1.250 Available buffer size 29165743, 192991 packet(s) captured using 11794257 bytes [. . .] FTOS(conf-router_bgp)#do sho ip bg s BGP router identifier 172.30.1.
Sample Configuration Illustration Physical Links AS 99 Virtual Links GigE 1/21 10.0.1.21 /24 GigE 2/11 10.0.1.22 /24 Peer Group AAA Loopback ck 1 192.168.128.1 /24 Loopback 1 Lo 192.168.128.2 /24 19 e Pe rG u ro GigE 1/31 10.0.3.31 /24 p BB www.dell.com | dell.com/support Figure 10-37. B er Pe GigE 3/11 10.0.3.33 /24 o Gr C CC p u GigE 3/21 10.0.2.3 /24 Loopback 1 192.168.128.3 /24 AS 100 208 | Border Gateway Protocol IPv4 (BGPv4) GigE 2/31 10.0.2.
Figure 10-38. Enable BGP - Router 1 R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int gig 1/21 R1(conf-if-gi-1/21)#ip address 10.0.1.21/24 R1(conf-if-gi-1/21)#no shutdown R1(conf-if-gi-1/21)#show config ! interface GigabitEthernet 1/21 ip address 10.0.1.21/24 no shutdown R1(conf-if-gi-1/21)#int gig 1/31 R1(conf-if-gi-1/31)#ip address 10.0.3.
www.dell.com | dell.com/support Figure 10-39. Enable BGP - Router 2 R2# conf R2(conf)#int loop 0 R2(conf-if-lo-0)#ip address 192.168.128.2/24 R2(conf-if-lo-0)#no shutdown R2(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.2/24 no shutdown R2(conf-if-lo-0)#int gig 2/11 R2(conf-if-gi-2/11)#ip address 10.0.1.22/24 R2(conf-if-gi-2/11)#no shutdown R2(conf-if-gi-2/11)#show config ! interface GigabitEthernet 2/11 ip address 10.0.1.
Figure 10-40. Enable BGP - Router 3 R3# conf R3(conf)# R3(conf)#int loop 0 R3(conf-if-lo-0)#ip address 192.168.128.3/24 R3(conf-if-lo-0)#no shutdown R3(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.3/24 no shutdown R3(conf-if-lo-0)#int gig 3/11 R3(conf-if-gi-3/11)#ip address 10.0.3.33/24 R3(conf-if-gi-3/11)#no shutdown R3(conf-if-gi-3/11)#show config ! interface GigabitEthernet 3/11 ip address 10.0.3.
www.dell.com | dell.com/support Figure 10-41. Enable Peer Group - Router 1 R1#conf R1(conf)#router bgp 99 R1(conf-router_bgp)# network 192.168.128.0/24 R1(conf-router_bgp)# neighbor AAA peer-group R1(conf-router_bgp)# neighbor AAA no shutdown R1(conf-router_bgp)# neighbor BBB peer-group R1(conf-router_bgp)# neighbor BBB no shutdown R1(conf-router_bgp)# neighbor 192.168.128.2 peer-group AAA R1(conf-router_bgp)# neighbor 192.168.128.
Figure 10-42.
www.dell.com | dell.com/support Figure 10-43. Enable Peer Groups - Router 2 R2#conf R2(conf)#router bgp 99 R2(conf-router_bgp)# neighbor CCC peer-group R2(conf-router_bgp)# neighbor CCC no shutdown R2(conf-router_bgp)# neighbor BBB peer-group R2(conf-router_bgp)# neighbor BBB no shutdown R2(conf-router_bgp)# neighbor 192.168.128.1 peer AAA R2(conf-router_bgp)# neighbor 192.168.128.1 no shut R2(conf-router_bgp)# neighbor 192.168.128.3 peer BBB R2(conf-router_bgp)# neighbor 192.168.128.
Figure 10-44. Enable Peer Group - Router 3 R3#conf R3(conf)#router bgp 100 R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# neighbor R3(conf-router_bgp)# AAA peer-group AAA no shutdown CCC peer-group CCC no shutdown 192.168.128.2 peer-group BBB 192.168.128.2 no shutdown 192.168.128.1 peer-group BBB 192.168.128.
www.dell.com | dell.com/support Figure 10-45.
11 Bare Metal Provisioning 2.0 Bare Metal Provisioning 2.0 is included as part of the FTOS image. It is supported on the following platforms: z Bare Metal Provisioning (BMP) improves accessibility to the switch by automatically loading pre-defined configurations and boot images that are stored in file servers. BMP can be used on a single switch or on multiple switches. For more information on using BMP and the different types of modes, refer to the Open Automation Guide.
www.dell.com | dell.com/support Restrictions BMP 2.0 is supported on the user ports and management ports of a switch. BMP 2.0 is not supported in a stacking environment. Overview On a new factory-loaded switch, the switch boots up in JumpStart mode. You can reconfigure a switch to reload between Normal and JumpStart mode.
Command Syntax Command Mode Purpose stop jump-start EXEC Privilege This command stops the jump-start reload process while it is in progress and changes the reload type to Normal mode. If the command is initiated while the switch is downloading an image or configuration file, the command takes effect when the DHCP release is sent. The reload settings that you configure with the reload-type command are stored in non-volatile memory and retained for future reboots.
www.dell.com | dell.com/support One or more of the following parameters must be configured on the DHCP server. • • • • • Boot File Name: The FTOS image to be loaded on the switch. The boot file name is expected to use Option 67 or the boot filename in the boot payload of the DHCP offer. If both are specified, Option 67 will be used. Configuration File Name: The configurations to be applied to the switch. The configuration file name is expected to use Option 209.
option config-file "flash://S4810-1.conf"; Flash path relative to /f10/flash directory option config-file "usbflash://S60-1.conf"; External USB memory MAC-Based IP assignment One way to use the BMP mode most efficiently is to configure the DHCP server to assign a fixed IP address, FTOS image, and configuration file based on the switch’s MAC address.
www.dell.com | dell.com/support Example content of the /etc/dhcpd.conf file: host ct-maa-s60-1 { hardware ethernet 00:01:e8:82:4e:57; fixed-address 10.16.206.209; class "DELLNTW-S60" { match if substring (option vendor-class-identifier,0,17) = "TY=DELLNTW-S60 "; filename "tftp://10.16.127.147/ FTOS-SC-8-3-3-414.bin"; } } Example vendor class identifier string: "TY=DELLNTW-S60 ;HW=2.
File Server Set up a file server and ensure connectivity. The server that holds the boot and configuration files must be configured as the network source for the switch. The switch recognizes HTTP, TFTP, FTP, external USB memory and Flash URLs.
www.dell.com | dell.com/support 2. The switch sends DHCP Discover on all the interface up ports.
.......................................................................................... .......................................................................................... .......................................................................................... .......................................................................................... .......................................................................................... ...............................
www.dell.com | dell.com/support 226 | Bare Metal Provisioning 2.
12 Content Addressable Memory Content Addressable Memory is supported on platforms • • • • • • • • • • • • • • • • • • c et s Content Addressable Memory CAM Profiles Microcode CAM Profiling for ACLs When to Use CAM Profiling Important Points to Remember Select CAM Profiles CAM Allocation Test CAM Usage View CAM Profiles View CAM-ACL settings View CAM-ACL settings Configure IPv4Flow Sub-partitions Configure Ingress Layer 2 ACL Sub-partitions Return to the Default CAM Configuration CAM Optimization Applicat
www.dell.com | dell.com/support • The TeraScale EG-series line cards are dual-CAM and use two 18 Megabit CAM modules with a dedicated 512 IPv4 Forwarding Information Base (FIB), and flexible CAM allocations for Layer2, FIB, and ACLs. Either ExaScale 10G or 40G CAM line cards can be used in a system. • CAM Profiles Dell Networking systems partition each CAM module so that it can store the different types of information. The size of each partition is specified in the CAM profile.
Table 12-1. CAM Profile Descriptions (continued) CAM Profile Description unified-default Maintains the CAM allocations for the and IPv4 FIB while allocating more CAM space for the Ingress and Egress Layer 2 ACL, and IPv4 ACL regions. Available Microcodes: ipv6-extacl ipv4-VRF Provides VRF functionality for IPv4. Available Microcodes:ipv4-vrf ipv4-v6-VRF Provides VRF functionality for both IPv4 and I.
www.dell.com | dell.com/support Microcode Microcode is a compiled set of instructions for a CPU. On Dell Networking systems, the microcode controls how packets are handled. There is a default microcode, and several other microcodes are available, so that you can adjust packet handling according to your application. Specifying a microcode is mandatory when selecting a CAM profile (though you are not required to change it). Note: Not all CAM profiles and microcodes are available for all systems.
The Layer 2 ACL CAM partition has sub-partitions for several types of information. Table 12-4 lists the sub-partition and the percentage of the Layer 2 ACL CAM partition that FTOS allocates to each by default. Table 12-4. Layer 2 ACL CAM Sub-partition Sizes Partition % Allocated Sysflow 6 L2ACL 14 *PVST 50 QoS 12 L2PT 13 FRRP 5 You can re-configure the amount of space, in percentage, allocated to each sub-partition.
www.dell.com | dell.com/support • If you insert a dual-CAM line card into a chassis with a single-CAM profile, the line card boots with a matching profile, but operates with a lower capability.
When to Use CAM Profiling The CAM profiling feature enables you to partition the CAM to best suit your application. For example: • • • • • • Configure more Layer 2 FIB entries when the system is deployed as a switch. Configure more Layer 3 FIB entries when the system is deployed as a router. Configure more ACLs (when IPv6 is not employed). Hash MPLS packets based on source and destination IP addresses for LAGs. See LAG Hashing. Hash based on bidirectional flow for LAGs.
www.dell.com | dell.com/support To change the CAM profile on the entire system: Step 1 Task Command Syntax Command Mode Select a CAM profile. cam-profile profile microcode CONFIGURATION microcode Note: If selecting a cam-profile for VRF (cam-profile ipv4-vrf or ipv4-v6-vrf), implement the command in the CONFIGURATION mode only. If you use EXEC Privilege mode, the linecards may go into an error state. 2 Save the running-configuration.
To configure the IPv4 and IPv6 ACLs and Qos regions on the entire system: Step 1 Task Command Syntax Command Mode Select a cam-acl action cam-acl [default | l2acl] CONFIGURATION Note: Selecting default resets the CAM entries to the default settings. Select l2acl to allocate space for the ACLs, and QoS regions. 2 Enter the number of FP blocks for each region.
www.dell.com | dell.com/support View CAM Profiles View the current CAM profile for the chassis and each component using the command show cam-profile, as shown in Figure 12-4. This command also shows the profile that will be loaded upon the next chassis or component reload. Figure 12-4.
Figure 12-6.
www.dell.com | dell.com/support Figure 12-7.
• The IPv4Flow configuration is applied to entire system when you enter the command cam-ipv4flow from CONFIGURATION mode, however, you must save the running-configuration to affect the change. The amount of space that is allocated among the sub-partitions must be equal to the amount of CAM space allocated to IPv4Flow by the selected CAM profile (see Table 12-1.); Message 3 is displayed if the total allocated space is not correct.
www.dell.com | dell.com/support Figure 12-8. Configuring IPv4Flow on the Entire System FTOS(conf)#cam-ipv4flow default FTOS#copy running-config startup-config File with same name already exist.
Figure 12-9. Layer 2 ACL CAM Sub-partition Sizes Partition % Allocated L2PT 13 FRRP 5 You can re-configure the amount of space, in percentage, allocated to each sub-partition. • Apply the Ingress Layer 2 ACL configuration to entire system by entering the command cam-l2acl from CONFIGURATION mode, however, you must save the running-configuration to affect the change.
www.dell.com | dell.com/support Figure 12-10.
Figure 12-11.
www.dell.com | dell.com/support • If the packet has more than 5 MPLS labels, hashing is based on the source and destination MAC address. To enable this type of hashing, use the default CAM profile with the microcode lag-hash-mpls. LAG Hashing based on Bidirectional Flow To hash LAG packets such that both directions of a bidirectional flow (for example, VoIP or P2P file sharing) are mapped to the same output link in the LAG bundle, use the default CAM profile with the microcode lag-hash-align.
QoS CAM Region Limitation The default CAM profile allocates a partition within the IPv4Flow region to store QoS service policies. If the QoS CAM space is exceeded, messages similar to the ones in Message 5 are displayed.
| Content Addressable Memory www.dell.com | dell.
13 Debugging and Diagnostics The chapter contains the following major sections: • • • • • • • • • Offline diagnostics Trace logs Last restart reason (S60) show hardware commands (S60) Hardware watchdog timer Buffer tuning Troubleshooting packet loss Application core dumps Mini core dumps Offline diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware.
www.dell.com | dell.com/support Important Points to Remember • You can only perform offline diagnostics on an offline standalone unit or offline member unit of a stack of three or more. You cannot perform diagnostics on the management or standby unit in a stack of two or more (Message 1). Message 1 Offline Diagnostics on Master/Standby Error Running Diagnostics on master/standby unit is not allowed on stack. • • • • Perform offline diagnostics on one stack member at a time.
Figure 13-2. Verifying the Offline/Online Status of an S-Series Stack Unit FTOS#show system brief | no-more Stack MAC : 00:01:e8:d6:02:39 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Standby online S25V S25V 4.7.7.220 28 1 Management offline S50N S50N 4.7.7.220 52 2 Member online S25P S25P 4.7.7.
www.dell.com | dell.com/support Figure 13-3. Running Offline Diagnostics on an S-Series Standalone Unit FTOS#diag stack-unit 1 alllevels Warning - diagnostic execution will cause multiple link flaps on the peer side - advisable to shut directly connected ports Proceed with Diags [confirm yes/no]: yes 00:03:35: %S50N:1 %DIAGAGT-6-DA_DIAG_STARTED: Starting diags on stack unit 1 00:03:35 : Approximate time to complete these Diags ...
Figure 13-5. Viewing the Results of Offline Diagnostics on a Standalone Unit FTOS#show file flash://TestReport-SU-0.txt **********************************S-Series Diagnostics******************** Stack Unit Board Serial Number : DL267160098 CPU Version : MPC8541, Version: 1.1 PLD Version : 5 Diag image based on build : E_MAIN4.7.7.206 Stack Unit Board Voltage levels - 3.300000 V, 2.500000 V, 1.800000 V, 1.250000 V, 1.200000 V, 2.
www.dell.com | dell.com/support Auto Save on Crash or Rollover Exception information on for master or standby units is stored in the flash:/TRACE_LOG_DIR directory. This directory contains files that save trace information when there has been a task crash or timeout. On a master unit, the TRACE_LOG_DIR files can be reached by FTP or by using the show file command from the flash://TRACE_LOG_DIR directory.
Table 13-2. show hardware Commands Command Description show hardware stack-unit {0-11} fpga registers View the FPGA registers or FPGA interrupt statistics on the stack-unit. | stats show hardware stack-unit {0-11} cpu management statistics View internal interface status of the stack-unit CPU port which connects to the external management interface. show hardware stack-unit {0-11} cpu data-plane statistics View driver-level statistics for the data-plane port on the CPU for the specified stack-unit.
www.dell.com | dell.com/support Table 13-2. show hardware Commands Command Description show hardware stack-unit {0-11} buffering-unit port-stats View the internal statistics on the buffering chi for the Hi gig ports. show hardware stack-unit {0-11} buffering-unit queue-stats [cpu | multicast | unicast] View the internal queuing inside the buffer chip .
Table 13-3 describes the type and number of ASICs per platform. Table 13-3. ASICS by Platform Hardware FP CSF S50N, S50V 2 0 S25V, S25P, S25N 1 0 You can tune buffers at three locations, as shown in Figure 13-6. 1. CSF – Output queues going from the CSF. 2. FP Uplink—Output queues going from the FP to the CSF IDP links. 3. Front-End Link—Output queues going from the FP to the front-end PHY. All ports support eight queues, 4 for data traffic and 4 for control traffic. All 8 queues are tunable.
www.dell.com | dell.com/support Figure 13-6. Buffer Tuning Points CSF Unit 3 1 IDP Switch Links 2 FP Unit 1 3 Front-end Links PHY PHY Deciding to tune buffers Dell Networking recommends exercising caution when configuring any non-default buffer settings, as tuning can significantly affect system performance. The default values work for most cases. As a guideline, consider tuning buffers if traffic is very bursty (and coming from several interfaces).
Buffer tuning commands Task Command Command Mode Define a buffer profile for the FP queues. buffer-profile fp fsqueue CONFIGURATION Define a buffer profile for the CSF queues. buffer-profile csf csqueue CONFIGURATION Change the dedicated buffers on a physical 1G interface. buffer dedicated BUFFER PROFILE Change the maximum amount of dynamic buffers an interface can request. buffer dynamic BUFFER PROFILE Change the number of packet-pointers per queue.
www.dell.com | dell.com/support Figure 13-7. Display the Default Buffer Profile FTOS#show buffer-profile detail interface gigabitethernet 0/1 Interface Gi 0/1 Buffer-profile Dynamic buffer 194.88 (Kilobytes) Queue# Dedicated Buffer Buffer Packets (Kilobytes) 0 2.50 256 1 2.50 256 2 2.50 256 3 2.50 256 4 9.38 256 5 9.38 256 6 9.38 256 7 9.38 256 Figure 13-8.
Using a pre-defined buffer profile FTOS provides two pre-defined buffer profiles, one for single-queue (i.e non-QoS) applications, and one for four-queue (i.e QoS) applications. Task Command Mode Apply one of two pre-defined buffer profiles for all port pipes in the system. buffer-profile global [1Q|4Q] CONFIGURATION You must reload the system for the global buffer profile to take effect (Message 3).
www.dell.com | dell.com/support Figure 13-9.
The S60 switch has two ASICS; each physical port on the ASICS has 8 virtual queues for unicast traffic. There are a total of 53 ports, including the CPU ports which result in 440 total virtual queues. Virtual queues 0 through 431 are for unicast traffic, while virtual queues 432 through 440 are used for multicast traffic on the entire system. Each of the 8 virtual queues are used for each corresponding CoS value. Figure 13-12. Viewing multicast traffic on virtual queues.
www.dell.com | dell.com/support • • • • • • • show hardware ipv6 {e.g.
Figure 13-14.
www.dell.com | dell.com/support Figure 13-15.
Displaying Stack Port Statistics The show hardware stack-unit stack-port command displays input and output statistics for a stack-port interface, as shown in Figure 13-17. Figure 13-17.
www.dell.com | dell.com/support Application core dumps Application core dumps are disabled by default. A core dump file can be very large. Due to memory requirements the file can only be sent directly to an FTP server. It is not stored on the local flash. Enable full application core dumps with the following: Task Command Syntax Command Mode Enable RPM core dumps and specify the shutdown mode. logging coredump server CONFIGURATION Undo this command using the no logging coredump server.
Figure 13-19.
| Debugging and Diagnostics www.dell.com | dell.
Skippy812 14 Dynamic Host Configuration Protocol (DHCP) Dynamic Host Configuration Protocol (DHCP) is available on platforms: e c s z This chapter contains the following sections: • • • • • • • Protocol Overview Implementation Information Configuration Tasks Configure the System to be a DHCP Server Configure the System to be a Relay Agent Configure the System for User Port Stacking Configure Secure DHCP Protocol Overview Dynamic Host Configuration Protocol (DHCP) is an application layer protocol that d
www.dell.com | dell.com/support DHCP Packet Format and Options DHCP uses UDP as its transport protocol. The server listens on port 67 and transmits to port 68; the client listens on port 68 and transmits to port 67. The configuration parameters are carried as options in the DHCP packet in Type, Length, Value (TLV) format; many options are specified in RFC 2132.
Assigning an IP Address using DHCP When a client joins a network: 1. The client initially broadcasts a DHCPDISCOVER message on the subnet to discover available DHCP servers. This message includes the parameters that the client requires and might include suggested values for those parameters. 2. Servers unicast or broadcast a DHCPOFFER message in response to the DHCPDISCOVER that offers to the client values for the requested parameters.
www.dell.com | dell.com/support Implementation Information • • The Force10 Networks implementation of DHCP is based on RFC 2131 and RFC 3046. IP Source Address Validation is a sub-feature of DHCP Snooping; FTOS uses ACLs internally to implement this feature and as such, you cannot apply ACLs to an interface which has IP Source Address Validation.
Configure the System to be a DHCP Server Configure the System to be a DHCP Server is supported only on platforms: , , and . c and s (S25/S50), A DHCP server is a network device that has been programmed to provide network configuration parameters to clients upon request. Servers typically serve many clients, making host management much more organized and efficient. The key responsibilities of DHCP servers are: 1.
www.dell.com | dell.com/support Configure the Server for Automatic Address Allocation This feature is available on c and s (S25/S50), , , and platforms only. Automatic Address Allocation is an address assignment method by which the DHCP server leases an IP address to a client from a pool of available addresses. Create an IP Address Pool An address pool is a range of IP addresses that may be assigned by the DHCP server. Address pools are indexed by subnet number.
Specify a Default Gateway The IP address of the default router should be on the same subnet as the client. Task Command Syntax Command Mode Specify default gateway(s) for the clients on the subnet, in order of preference. default-router address DHCP Enable DHCP Server This feature is available on c and s (S25/S50), , , and platforms only. The DHCP server is disabled by default. Step Task Command Syntax Command Mode 1 Enter the DHCP command-line context.
www.dell.com | dell.com/support Configure a Method of Hostname Resolution Force10 Networks systems are capable of providing DHCP clients with parameters for two methods of hostname resolution. Address Resolution using DNS A domain is a group of networks. DHCP clients query DNS IP servers when they need to correlate host names to IP addresses. Step Task Command Syntax Command Mode 1 Create a domain.
Create Manual Binding Entries An address binding is a mapping between the IP address and Media Access Control (MAC) address of a client. The DHCP server assigns the client an available IP address automatically, and then creates a entry in the binding table. However, the administrator can manually create an entry for a client; manual bindings are useful when you want to guarantee that a particular network device receives a particular IP address. Manual bindings can be considered single-host address pools.
www.dell.com | dell.com/support Configure the System to be a Relay Agent The following feature is available on platforms: ces DHCP clients and servers request and offer configuration information via broadcast DHCP messages. Routers do not forward broadcasts, so if there are no DHCP servers on the subnet, the client does not receive a response to its request and therefore cannot access the network.
To view the ip helper-address configuration for an interface, use the command show ip interface from EXEC privilege mode, as shown in the following example. R1_E600#show ip int gig 1/3 GigabitEthernet 1/3 is up, line protocol is down Internet address is 10.11.0.1/24 Broadcast address is 10.11.0.255 Address determined by user input IP MTU is 1500 bytes Helper address is 192.168.0.1 192.168.0.
www.dell.com | dell.com/support The DHCP relay agent inserts Option 82 before forwarding DHCP packets to the server. The server can use this information to: • • • track the number of address requests per relay agent; restricting the number of addresses available per relay agent can harden a server against address exhaustion attacks. associate client MAC addresses with a relay agent to prevent offering an IP address to a client spoofing the same MAC address on a different relay agent.
Binding table entries are deleted when a lease expires, or the relay agent encounters a DHCPRELEASE, DHCPNACK, DHCPDECLINE. FTOS Behavior: Introduced in FTOS version 7.8.1.0, DHCP Snooping was available for Layer 3 only and dependent on DHCP Relay Agent (ip helper-address). FTOS version 8.2.1.0 extends DHCP Snooping to Layer 2, and you do not have to enable relay agent to snoop on Layer 2 interfaces.
www.dell.com | dell.com/support View the DHCP Snooping statistics with the show ip dhcp snooping command. FTOS#show ip dhcp snooping IP IP IP IP DHCP DHCP DHCP DHCP Snooping Snooping Mac Verification Relay Information-option Relay Trust Downstream : : : : Enabled. Disabled. Disabled. Disabled.
Dynamic ARP Inspection Dynamic ARP inspection prevents ARP spoofing by forwarding only ARP frames that have been validated against the DHCP binding table. ARP is a stateless protocol that provides no authentication mechanism. Network devices accept ARP requests and replies from any device, and ARP replies are accepted even when no request was sent. If a client receives an ARP message for which a relevant entry already exists in its ARP cache, it overwrites the existing entry with the new information.
www.dell.com | dell.com/support • denial of service—an attacker can send a fraudulent ARP messages to a client to associate a false MAC address with the gateway address, which would blackhole all internet-bound packets from the client. Note: DAI uses entries in the L2SysFlow CAM region, a sub-region of SystemFlow. One CAM entry is required for every DAI-enabled VLAN. You can enable DAI on up to 16 VLANs on a system.
Use show arp inspection statistics command to see how many valid and invalid ARP packets have been processed. FTOS#show arp inspection statistics Dynamic ARP Inspection (DAI) Statistics --------------------------------------Valid ARP Requests Valid ARP Replies Invalid ARP Requests Invalid ARP Replies FTOS# : : : : 0 1000 1000 0 Bypass the ARP Inspection You can configure a port to skip ARP inspection by defining the interface as trusted, which is useful in multi-switch environments.
www.dell.com | dell.com/support The DHCP binding table associates addresses assigned by the DHCP servers, with the port on which the requesting client is attached. When IP Source Address Validation is enabled on a port, the system verifies that the source IP address is one that is associated with the incoming port. If an attacker is impostering as a legitimate client the source address appears on the wrong ingress port, and the system drops the packet.
Step 4 Task Command Syntax Command Mode Enable IP+MAC Source Address Validation. ip dhcp source-address-validation ipmac INTERFACE FTOS creates an ACL entry for each IP+MAC address pair in the binding table and applies it to the interface. Task Command Syntax Command Mode Display the IP+MAC ACL for an interface for the entire system.
www.dell.com | dell.
15 Force10 Resilient Ring Protocol Force10 Resilient Ring Protocol is supported on platforms ce s Force10 Resilient Ring Protocol (FRRP) provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a Metropolitan Area Network (MAN) or large campuses.
www.dell.com | dell.com/support to be transmitted and received through it. See Figure 15-1 for a simple example of this FRRP topology. Note that ring direction is determined by the Master node’s Primary and Secondary ports. Figure 15-1.
If the Master node does not receive the Ring Health Frame (RHF) before the fail-period timer expires (a configurable timer), the Master node moves from the Normal state to the Ring-Fault state and unblocks its Secondary port. The Master node also clears its forwarding table and sends a control frame to all other nodes, instructing them to also clear their forwarding tables. Immediately after clearing its forwarding table, each node starts learning the new topology.
www.dell.com | dell.com/support In the example shown in Figure 15-2, FRRP 101 is a ring with its own Control VLAN, and FRRP 202 has its own Control VLAN running on another ring. A Member VLAN that spans both rings is added as a Member VLAN to both FRRP groups. Switch R3 has two instances of FRRP running on it: one for each ring. The example topology that follows shows R3 assuming the role of a Transit node for both FRRP 101 and FRRP 202. Figure 15-2.
• • • • • • • • • Multiple physical rings can be run on the same switch One Master node per ring—all other nodes are Transit Each node has 2 member interfaces—Primary, Secondary No limit to the number of nodes on a ring Master node ring port states—blocking, pre-forwarding, forwarding, disabled Transit node ring port states—blocking, pre-forwarding, forwarding, disabled STP disabled on ring interfaces Master node secondary port is in blocking state during Normal operation Ring Health Frames (RHF) • Hello R
www.dell.com | dell.com/support Table 15-1. FRRP Components Concept Explanation Ring Interface State Each interface (port) that is part of the ring maintains one of four states • • • • Blocking State: Accepts ring protocol packets but blocks data packets. LLDP, FEFD, or other Layer 2 control packets are accepted. Only the master node Secondary port can enter this state. Pre-Forwarding State: A transition state before moving to the Forward state.
• • • The Control VLAN is used to carry any data traffic; it carries only RHFs. The Control VLAN cannot have members that are not ring ports. If multiple rings share one or more member VLANs, they cannot share any links between them. • Member VLANs across multiple rings are not supported in Master nodes. • Each ring has only one Master node; all others are transit nodes. FRRP Configuration These are the tasks to configure FRRP.
www.dell.com | dell.com/support 296 • • • • • • • All VLANS must be in Layer 2 mode. Only ring nodes can be added to the VLAN. A Control VLAN can belong to one FRRP group only. Control VLAN ports must be tagged. All ports on the ring must use the same VLAN ID for the Control VLAN. A VLAN cannot be configured as both a Control VLAN and Member VLAN on the same ring. Only two interfaces can be members of a Control VLAN (the Master Primary and Secondary ports).
Step Command Syntax Command Mode Purpose 5 member-vlan vlan-id {range} CONFIG-FRRP Identify the Member VLANs for this FRRP group VLAN-ID, Range: VLAN IDs for the ring’s Member VLANS. 6 no disable CONFIG-FRRP Enable FRRP Configure and add the Member VLANs Control and Member VLANS are configured normally for Layer 2. Their status as Control or Member is determined at the FRRP group commands. For complete information about configuring VLANS in Layer 2 mode, see Chapter 23, Layer 2.
www.dell.com | dell.com/support Step Command Syntax Command Mode Purpose 3 interface primary int slot/port secondary int slot/port control-vlan vlan id CONFIG-FRRP Assign the Primary and Secondary ports, and the Control VLAN for the ports on the ring. Interface: • For a 10/100/1000 Ethernet interface, enter the keyword keyword GigabitEthernet followed by the slot/port information.
Command Syntax Command Mode Purpose clear frrp EXEC PRIVELEGED Clear the counters associated with all FRRP groups Show FRRP configuration Use the following command to view the configuration for the FRRP group. Command Syntax Command Mode Purpose show configuration CONFIG-FRRP Show the configuration for this FRRP group Show FRRP information Use one of the following commands show general FRRP information.
www.dell.com | dell.com/support Figure 15-3 is an example of a basic FRRP topology. Below the figure are the associated CLI commands. Figure 15-3.
R1 MASTER R2 TRANSIT R3 TRANSIT interface GigabitEthernet 1/24 no ip address switchport no shutdown ! interface GigabitEthernet 1/34 no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged GigabitEthernet 1/24,34 no shutdown ! interface Vlan 201 no ip address tagged GigabitEthernet 1/24,34 no shutdown interface GigabitEthernet 2/14 no ip address switchport no shutdown ! interface GigabitEthernet 2/31 no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged Gi
www.dell.com | dell.
16 GARP VLAN Registration Protocol GARP VLAN Registration Protocol is supported on platform ces Protocol Overview Typical VLAN implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GARP VLAN Registration Protocol (GVRP), defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches.
www.dell.com | dell.com/support Figure 16-1. GVRP Compatibility Error Message FTOS(conf)#protocol spanning-tree pvst FTOS(conf-pvst)#no disable % Error: GVRP running. Cannot enable PVST. ......... FTOS(conf)#protocol spanning-tree mstp FTOS(conf-mstp)#no disable % Error: GVRP running. Cannot enable MSTP. ......... FTOS(conf)#protocol gvrp FTOS(conf-gvrp)#no disable % Error: PVST running. Cannot enable GVRP. % Error: MSTP running. Cannot enable GVRP.
Figure 16-2. GVRP Configuration Overview GVRP is configured globally and on all VLAN trunk ports for the edge and core switches. Edge Switches Edge Switches Core Switches VLANs 70-80 VLANs 10-20 VLANs 10-20 VLANs 30-50 VLANs 70-80 VLANs 30-50 NOTES: VLAN 1 mode is always fixed and cannot be configured All VLAN trunk ports must be configured for GVRP All VLAN trunk ports must be configured as 802.1Q Basic GVRP configuration is a 2-step process: 1. Enable GVRP globally. See page 306. 2.
www.dell.com | dell.com/support Figure 16-3. Enabling GVRP Globally FTOS(conf)#protocol gvrp FTOS(config-gvrp)#no disable FTOS(config-gvrp)#show config ! protocol gvrp no disable FTOS(config-gvrp)# Enabling GVRP on a Layer 2 Interface Enable GVRP on a Layer 2 interface using the command gvrp enable in INTERFACE mode, as shown in Figure 16-4.
Based on the configuration in the example shown in Figure 16-5, the interface 1/21 will not be removed from VLAN 34 or VLAN 35 despite receiving a GVRP Leave message. Additionally, the interface will not be dynamically added to VLAN 45 or VLAN 46, even if a GVRP Join message is received. Figure 16-5.
www.dell.com | dell.com/support 308 FTOS displays Message 1 if an attempt is made to configure an invalid GARP timer. Message 1 GARP Timer Error FTOS(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer.
17 Internet Group Management Protocol Table 17-1. FTOS Support for IGMP and IGMP Snooping Feature Platform IGMP version 1, 2, and 3 ces ces ces IGMP Snooping version 2 IGMP Snooping version 3 Multicast is premised on identifying many hosts by a single destination IP address; hosts represented by the same IP address are a multicast group. Internet Group Management Protocol (IGMP) is a Layer 3 multicast protocol that hosts use to join or leave a multicast group.
www.dell.com | dell.com/support IGMP Protocol Overview IGMP has three versions. Version 3 obsoletes and is backwards-compatible with version 2; version 2 obsoletes version 1. IGMP version 2 IGMP version 2 improves upon version 1 by specifying IGMP Leave messages, which allows hosts to notify routers that they no longer care about traffic for a particular group.
Response Timers for how the delay timer mechanism works). 3. The querier receives the report for a group and adds the group to the list of multicast groups associated with its outgoing port to the subnet. Multicast traffic for the group is then forwarded to that subnet. Sending an Unsolicited IGMP Report A host does not have to wait for a general query to join a group. It may send an unsolicited IGMP Membership Report, also called an IGMP Join message, to the querier. Leaving a Multicast Group 1.
www.dell.com | dell.com/support Figure 17-2. IGMP version 3 Membership Query Packet Format Max.
Figure 17-4. IGMP Membership Reports: Joining and Filtering Membership Reports: Joining and Filtering 3 Interface Multicast Group Filter Source Source Address Timer Mode Timer 1/1 224.1.1.1 GMI Exclude None 1/1 224.1.1.1 Include 10.11.1.1 GMI 1/1 224.1.1.1 Include 10.11.1.1 GMI IGMP Group-and-Source Specific Query Non-Querier Querier Type: 0x11 Group Address: 244.1.1.1 Number of Sources: 1 Source Address: 10.11.1.1 1/1 10.11.1.
www.dell.com | dell.com/support Figure 17-5. IGMP Membership Queries: Leaving and Staying in Groups Membership Queries: Leaving and Staying Non-Querier Querier Interface Multicast Group Filter Source Source Address Timer Mode Timer 1/1 224.1.1.1 Include 10.11.1.1 LQMT 10.11.1.2 LQMT Non-querier builds identical table and waits Other Querier Present Interval to assume Querier role 1/1 2/1 224.2.2.2 GMI Exclude None IGMP Group-and-Source Specific Query Type: 0x11 Group Address: 224.1.1.
Figure 17-6. Viewing IGMP-enabled Interfaces FTOS#show ip igmp interface gig 7/16 GigabitEthernet 7/16 is up, line protocol is up Internet address is 10.87.3.2/24 IGMP is enabled on interface IGMP query interval is 60 seconds IGMP querier timeout is 300 seconds IGMP max query response time is 10 seconds Last member query response interval is 199 ms IGMP activity: 0 joins, 0 leaves IGMP querying router is 10.87.3.
www.dell.com | dell.com/support Figure 17-8. Viewing Static and Learned IGMP Groups FTOS(conf-if-gi-1/0)#do sho ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Uptime 224.1.1.1 GigabitEthernet 1/0 00:00:03 224.1.2.1 GigabitEthernet 1/0 00:56:55 Expires Never 00:01:22 Last Reporter CLI 1.1.1.2 Adjusting Timers View the current value of all IGMP timers using the command show ip igmp interface from EXEC Privilege mode, as shown in Figure 17-6.
2. When a router receives a query it compares the IP address of the interface on which it was received with the source IP address given in the query. If the receiving router IP address is greater than the source address given in the query, the router stops sending queries. By this method, the router with the lowest IP address on the subnet is elected querier and continues to send queries. 3.
www.dell.com | dell.com/support IGMP Snooping Multicast packets are addressed with multicast MAC addresses, which represent a group of devices, rather than one unique device. Switches forward multicast frames out of all ports in a VLAN by default, even though there may be only some interested hosts, which is a waste of bandwidth.
Figure 17-10. Enabling IGMP Snooping FTOS(conf-if-vl-100)#show config ! interface Vlan 100 no ip address ip igmp snooping fast-leave shutdown FTOS(conf-if-vl-100)# Disabling Multicast Flooding If the switch receives a multicast packet that has an IP address of a group it has not learned (unregistered frame), the switch floods that packet out of all ports on the VLAN.
www.dell.com | dell.com/support • When enabled, IGMP snooping Querier starts after one query interval in case no IGMP general query (with IP SA lower than its VLAN IP address) is received on any of its VLAN members. Adjusting the Last Member Query Interval When the querier receives a leave message from a receiver, it sends a group-specific query out of the ports specified in the forwarding table. If no response is received, it sends another.
18 Interfaces This chapter describes interface types, both physical and logical, and how to configure them with FTOS. 10/100/1000 Mbps Ethernet, Gigabit Ethernet, and 10 Gigabit Ethernet interfaces are supported on platforms ces SONET interfaces are only supported on platform the E-Series FTOS Configuration Guide.
www.dell.com | dell.
Figure 18-1. show interfaces Command Example FTOS#show interfaces tengigabitethernet 1/0 TenGigabitEthernet 1/0 is up, line protocol is up Hardware is Force10Eth, address is 00:01:e8:05:f3:6a Current address is 00:01:e8:05:f3:6a Pluggable media present, XFP type is 10GBASE-LR. Medium is MultiRate, Wavelength is 1310nm XFP receive power reading is -3.7685 Interface index is 67436603 Internet address is 65.113.24.
www.dell.com | dell.com/support Figure 18-3. Interfaces listed in the show running-config Command (Partial) FTOS#show running Current Configuration ...
To confirm that the interface is enabled, use the show config command in the INTERFACE mode. To leave the INTERFACE mode, use the exit command or end command. The user can not delete a physical interface. Physical Interfaces The Management Ethernet interface, is a single RJ-45 Fast Ethernet port on the Route Processor Module (RPM) of the C-Series and E-Series and on each unit of the S60; it provides dedicated management access to the system.
www.dell.com | dell.com/support Overview of Layer Modes On all systems running FTOS, you can place physical interfaces, port channels, and VLANs in Layer 2 mode or Layer 3 mode. By default, VLANs are in Layer 2 mode. Table 18-1.
For information on enabling and configuring Spanning Tree Protocol, see Chapter 10, Layer 2, on page 47. To view the interfaces in Layer 2 mode, use the command show interfaces switchport in the EXEC mode. Configure Layer 3 (Network) Mode When you assign an IP address to a physical interface, you place it in Layer 3 mode. Use the ip address command and no shutdown command in INTERFACE mode to enable Layer 3 mode on an individual interface.
www.dell.com | dell.com/support Command Syntax Command Mode Purpose ip address ip-address mask [secondary] INTERFACE Configure a primary IP address and mask on the interface. The ip-address must be in dotted-decimal format (A.B.C.D) and the mask must be in slash format (/xx). Add the keyword secondary if the IP address is the interface’s backup IP address. You can only configure one (1) primary IP address per interface. You can configure up to 255 secondary IP addresses on a single interface.
To configure a Management interface, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose interface Managementethernet interface CONFIGURATION Enter the slot and the port (0). ON the E-Series and C-Series, dual RPMs can be in use. Slot range: C-Series, E-Series: 0-1 S60: 0 To view the Primary RPM Management port, use the show interface Managementethernet command in the EXEC Privilege mode. If there are 2 RPMs, the you cannot view information on that interface.
www.dell.com | dell.com/support • • Once the virtual IP address is removed, the system is accessible through the native IP address of the primary RPM’s management interface. Primary and secondary management interface IP and virtual IP must be in the same subnet. Configure Management Interfaces on the S-Series The user can manage the S-Series from any port. Configure an IP address for the port using the ip address command, and enable it using the command no shutdown.
VLAN Interfaces VLANs are logical interfaces and are, by default, in Layer 2 mode. Physical interfaces and port channels can be members of VLANs. For more information on VLANs and Layer 2, refer to Chapter 10, Layer 2, on page 47. See also Chapter 18, VLAN Stacking, on page 367. Note: To monitor VLAN interfaces, use the Management Information Base for Network Management of TCP/IP-based internets: MIB-II (RFC 1213). Monitoring VLAN interfaces via SNMP is supported only on E-Series.
www.dell.com | dell.com/support Loopback Interfaces A Loopback interface is a virtual interface in which the software emulates an interface. Packets routed to it are processed locally. Since this interface is not a physical interface, you can configure routing protocols on this interface to provide protocol stability. You can place Loopback interfaces in default Layer 3 mode.
Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad. This section covers the following topics: • • • • Port channel definition and standards Port channel benefits Port channel implementation Configuration task list for port channel interfaces Port channel definition and standards Link aggregation is defined by IEEE 802.
www.dell.com | dell.com/support • Dynamic—Port channels that are dynamically configured using Link Aggregation Control Protocol (LACP). For details, see Chapter 22, Link Aggregation Control Protocol. Table 18-2. Number of Port-channels per Platform Platform Port-channels Members/Channel E-Series 255 16 C-Series 128 8 S-Series: S50 and S25 52 8 S-Series: S55, S60 and S4810 128 8 Table 18-3.
The common speed is determined when the port channel is first enabled. At that time, the software checks the first interface listed in the port channel configuration. If that interface is enabled, its speed configuration becomes the common speed of the port channel. If the other interfaces configured in that port channel are configured with a different speed, FTOS disables them.
www.dell.com | dell.com/support The port channel is now enabled and you can place the port channel in Layer 2 or Layer 3 mode. Use the switchport command to place the port channel in Layer 2 mode or configure an IP address to place the port channel in Layer 3 mode. You can configure a port channel as you would a physical interface by enabling or configuring protocols or assigning access control lists.
Step Command Syntax Command Mode Purpose 2 show config INTERFACE PORT-CHANNEL Double check that the interface was added to the port channel. To view the port channel’s status and channel members in a tabular format, use the show interfaces port-channel brief (Figure 177) command in the EXEC Privilege mode. Figure 18-10.
www.dell.com | dell.com/support As soon as a physical interface is added to a port channel, the properties of the port channel determine the properties of the physical interface. The configuration and status of the port channel are also applied to the physical interfaces within the port channel. For example, if the port channel is in Layer 2 mode, you cannot add an IP address or a static MAC address to an interface that is part of that port channel.
Figure 18-13.
www.dell.com | dell.com/support To add a port channel to a VLAN, use either of the following commands: Command Syntax Command Mode Purpose tagged port-channel id number INTERFACE VLAN Add the port channel to the VLAN as a tagged interface. An interface with tagging enabled can belong to multiple VLANs. untagged port-channel id number INTERFACE VLAN Add the port channel to the VLAN as an untagged interface. An interface without tagging enabled can belong to only one VLAN.
Load balancing through port channels FTOS uses hash algorithms for distributing traffic evenly over channel members in a port channel (LAG). The hash algorithm distributes traffic among ECMP paths and LAG members. The distribution is based on a flow, except for packet-based hashing. A flow is identified by the hash and is assigned to one link. In packet-based hashing, a single flow can be distributed on the LAG and uses one link.
www.dell.com | dell.com/support On the E-Series, to change the 5-tuple default to 3-tuple, MAC, or packet-based, use the following command in CONFIGURATION mode: Command Syntax Command Mode Purpose [no] load-balance [ip-selection {3-tuple | packet-based}] [mac] CONFIGURATION To designate a method to balance traffic over a port channel. By default, IP 5-tuple is used to distribute traffic over members port channel.
IPv4, IPv6, and non-IP traffic handling on the E-Series The table below presents the combinations of the load-balance command and their effect on traffic types. Table 18-6.
www.dell.com | dell.com/support Hash algorithm The load-balance command discussed above selects the hash criteria applied to port channels. If even distribution is not obtained with the load-balance command, the hash-algorithm command can be used to select the hash scheme for LAG, ECMP and NH-ECMP. The 12 bit Lag Hash can be rotated or shifted till the desired hash is achieved. The nh-ecmp option allows you to change the hash value for recursive ECMP routes independently of non-recursive ECMP routes.
• lsb — always uses the least significant bit of the hash key to compute the egress port To change to another method, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose hash-algorithm ecmp {crc-upper} | {dest-ip} | {lsb} CONFIGURATION Change to another algorithm. For more on load-balancing, see “Equal Cost Multipath and Link Aggregation Frequently Asked Questions” in the E-Series FAQ section (login required) of iSupport: https://www.force10networks.
www.dell.com | dell.com/support Bulk Configuration Examples The following are examples of using the interface range command for bulk configuration: • Create a single-range • Create a multiple-range • Exclude duplicate entries • Exclude a smaller port range • Overlap port ranges • Commas • Add ranges Create a single-range Figure 18-17.
Overlap port ranges If overlapping port ranges are specified, the port range is extended to the smallest start port number and largest end port number: Figure 18-21.
www.dell.com | dell.com/support Define the Interface Range This example shows how to define an interface-range macro named “test” to select Fast Ethernet interfaces 5/1 through 5/4: FTOS(config)# define interface-range test gigabitethernet 5/1 - 4 To show the defined interface-range macro configuration, use the command show running-config in the EXEC mode.
Monitor and Maintain Interfaces Monitor interface statistics with the monitor interface command. This command displays an ongoing list of the interface status (up/down), number of packets, traffic statistics, etc. Command Syntax Command Mode Purpose monitor interface interface EXEC Privilege View the interface’s statistics. Enter the type of interface and slot/port information: • For a 10/100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information.
www.dell.com | dell.com/support Figure 18-24. Command Example: monitor interface FTOS#monitor interface gi 3/1 FTOS uptime is 1 day(s), 4 hour(s), 31 minute(s) Monitor time: 00:00:00 Refresh Intvl.
To test the condition of cables on 10/100/1000 BASE-T modules, use the tdr-cable-test command: Step 1 Command Syntax Command Mode Usage tdr-cable-test gigabitethernet / EXEC Privilege To test for cable faults on the GigabitEthernet cable. • Between two ports, the user must not start the test on both ends of the cable. • The user must enable the interface before starting the test. • The port should be enabled to run the test or the test prints an error message.
www.dell.com | dell.com/support Assign a debounce time to an interface Command Syntax Command Mode Purpose link debounce time [milliseconds] INTERFACE Enter the time to delay link status change notification on this interface. Range: 100-5000 ms • Default for Copper is 3100 ms • Default for Fiber is 100 ms Figure 18-25.
Similarly, if an SFM fails (or is removed) in an E300 system with two SFM, ports configured with this feature will be shut down. All other ports are treated normally. When a second SFM is installed or replaced, all ports are booted up and treated as normally. This feature does not take affect until a single SFM is active in the E300 system. Disable port on one SFM This feature must be configured for each interface to shut down in the event that an SFM is disabled.
www.dell.com | dell.com/support Figure 18-27. Configuring Link Dampening R1(conf-if-gi-1/1)#show config ! interface GigabitEthernet 1/1 ip address 10.10.19.1/24 dampening 1 2 3 4 no shutdown R1(conf-if-gi-1/1)#exit View the link dampening configuration on an interface using the command show config, or view dampening information on all or specific dampened interfaces using the command show interfaces dampening from EXEC Privilege mode, as shown in Figure 18-28. Figure 18-28.
Link Dampening Support for XML View the output of the following show commands in XML by adding | display xml to the end of the command: • • • show interfaces dampening show interfaces dampening summary show interfaces interface x/y Configure MTU size on an Interface The E-Series supports a link Maximum Transmission Unit (MTU) of 9252 bytes and maximum IP MTU of 9234 bytes. The link MTU is the frame size of a packet, and the IP MTU size is used for IP fragmentation.
www.dell.com | dell.com/support The PAUSE frame is defined by IEEE 802.3x and uses MAC Control frames to carry the PAUSE commands. Ethernet Pause Frames are supported on full duplex only. The only configuration applicable to half duplex ports is rx off tx off. Note that if a port is over-subscribed, Ethernet Pause Frame flow control does not ensure no loss behavior.
On the C-Series and S-Series systems, the flow-control sender and receiver must be on the same port-pipe. Flow control is not supported across different port-pipes on the C-Series or S-Series system. Command Syntax Command Mode Purpose flowcontrol rx [off | on] tx [off | on] [threshold INTERFACE Control how the system responds to and generates 802.3x pause frames on 1 and 10Gig line cards.
www.dell.com | dell.com/support Configure MTU Size on an Interface If a packet includes a Layer 2 header, the difference in bytes between the link MTU and IP MTU must be enough to include the Layer 2 header. For example, for VLAN packets, if the IP MTU is 1400, the Link MTU must be no less than 1422: 1400-byte IP MTU + 22-byte VLAN Tag = 1422-byte link MTU On the E-Series, the user must enter the ip mtu command to manually configure the IP MTU to compensate for the Layer 2 header.
Port-pipes A port pipe is a Dell Networking specific term for the hardware path that packets follow through a system. Port pipes travel through a collection of circuits (ASICs) built into line cards and RPMs on which various processing events for the packets occur. One or two port pipes process traffic for a given set of physical interfaces or a port-set. The E300 only supports one port pipe per slot.
www.dell.com | dell.com/support Auto-Negotiation on Ethernet Interfaces Setting speed and duplex mode of Ethernet Interfaces By default, auto-negotiation of speed and duplex mode is enabled on 10/100/1000 Base-T Ethernet interfaces. Only 10GE interfaces do not support auto-negotiation. When using 10GE interfaces, verify that the settings on the connecting devices are set to no auto-negotiation. Note: Starting with FTOS 7.8.1.
Note: The show interfaces status command displays link status, but not administrative status. For link and administrative status, use show ip interface [interface | brief | linecard slot-number] [configuration]. Figure 18-31.
www.dell.com | dell.com/support Figure 18-33.
Figure 18-34.
www.dell.com | dell.com/support Figure 18-36.
• • L2ACL L2FIB For remaining applications, FTOS automatically turns on counting when the application is enabled, and is turned off when the application is disabled. Please note that if more than four counter-dependent applications are enabled on a port pipe, there is an impact on line rate performance.
www.dell.com | dell.com/support Clear interface counters The counters in the show interfaces command are reset by the clear counters command. This command does not clear the counters captured by any SNMP program.
19 IPv4 Routing IPv4 Routing is supported on platforms ces FTOS supports various IP addressing features. This chapter explains the basics of Domain Name Service (DNS), Address Resolution Protocol (ARP), and routing principles and their implementation in FTOS. • • • • • IP Addresses Directed Broadcast Resolution of Host Names ARP UDP Helper Table 19-1 lists the defaults for the IP addressing features described in this chapter. Table 19-1.
www.dell.com | dell.com/support is represented as 10.214.87.131 For more information on IP addressing, refer to RFC 791, Internet Protocol. Implementation Information In FTOS, you can configure any IP address as a static route except IP addresses already assigned to interfaces. Note: FTOS versions 7.7.1.0 and later support 31-bit subnet masks (/31, or 255.255.255.254) as defined by RFC 3021. This feature allows you to save two more IP addresses on point-to-point links than 30-bit masks.
To assign an IP address to an interface, use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose interface interface CONFIGURATION Enter the keyword interface followed by the type of interface and slot/port information: • For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. • For a Loopback interface, enter the keyword loopback followed by a number from 0 to 16383.
www.dell.com | dell.com/support FTOS#show ip int gi 0/8 GigabitEthernet 0/8 is up, line protocol is up Internet address is 10.69.8.1/24 Broadcast address is 10.69.8.
Figure 19-3. show ip route static Command Example (partial) FTOS#show ip route static Destination Gateway ----------------S 2.1.2.0/24 Direct, Nu 0 S 6.1.2.0/24 via 6.1.20.2, S 6.1.2.2/32 via 6.1.20.2, S 6.1.2.3/32 via 6.1.20.2, S 6.1.2.4/32 via 6.1.20.2, S 6.1.2.5/32 via 6.1.20.2, S 6.1.2.6/32 via 6.1.20.2, S 6.1.2.7/32 via 6.1.20.2, S 6.1.2.8/32 via 6.1.20.2, S 6.1.2.9/32 via 6.1.20.2, S 6.1.2.10/32 via 6.1.20.2, S 6.1.2.11/32 via 6.1.20.2, S 6.1.2.12/32 via 6.1.20.2, S 6.1.2.13/32 via 6.1.20.2, S 6.1.
www.dell.com | dell.com/support To view the configured static routes for the management port, use the show ip management-route command in the EXEC privilege mode. Figure 19-4. show ip management-route Command Example FTOS>show ip management-route Destination ----------1.1.1.0/24 172.16.1.0/24 172.31.1.0/24 Gateway ------172.31.1.250 172.31.1.
Command Syntax Command Mode Purpose ip domain-lookup CONFIGURATION Enable dynamic resolution of host names. ip name-server ip-address [ip-address2 ... ip-address6] CONFIGURATION Specify up to 6 name servers. The order you entered the servers determines the order of their use. To view current bindings, use the show hosts command. Figure 19-5. show hosts Command Example FTOS>show host Default domain is force10networks.
www.dell.com | dell.com/support DNS with traceroute To configure your switch to perform DNS with traceroute, follow the steps below in the CONFIGURATION mode. Command Syntax Command Mode Purpose ip domain-lookup CONFIGURATION Enable dynamic resolution of host names. ip name-server ip-address [ip-address2 ... ip-address6] CONFIGURATION Specify up to 6 name servers. The order you entered the servers determines the order of their use.
In FTOS, Proxy ARP enables hosts with knowledge of the network to accept and forward packets from hosts that contain no knowledge of the network. Proxy ARP makes it possible for hosts to be ignorant of the network, including subnetting. For more information on Proxy ARP, refer to RFC 925, Multi-LAN Address Resolution, and RFC 1027, Using ARP to Implement Transparent Subnet Gateways.
www.dell.com | dell.com/support Figure 19-7. show arp static Command Example FTOS#show arp Protocol Address Age(min) Hardware Address Interface VLAN CPU -------------------------------------------------------------------------------Internet 10.1.2.4 17 08:00:20:b7:bd:32 Ma 1/0 CP FTOS# Enable Proxy ARP By default, Proxy ARP is enabled. To disable Proxy ARP, use no proxy-arp command in the interface mode.
Command Syntax Command Mode Purpose clear arp-cache [interface | ip ip-address] [no-refresh] EXEC privilege Clear the ARP caches for all interfaces or for a specific interface by entering the following information: • For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. • For a port channel interface, enter the keyword port-channel followed by a number from 1 to 255 for TeraScale and ExaScale.
www.dell.com | dell.com/support Beginning with version 8.3.1.0, when a Gratuitous ARP is received, FTOS installs an ARP entry on all 3 CPUs. Task Command Syntax Command Mode Enable ARP learning via gratuitous ARP. arp learn-enable CONFIGURATION ARP Learning via ARP Request In FTOS versions prior to 8.3.1.0, FTOS learns via ARP Requests only if the Target IP specified in the packet matches the IP address of the receiving router interface.
Configurable ARP Retries In FTOS versions prior to 8.3.1.0 the number of ARP retries is set to 5 and is not configurable. After 5 retries, FTOS backs off for 20 seconds before it sends a new request. Beginning with FTOS version 8.3.1.0, the number of ARP retries is configurable. The backoff interval remains at 20 seconds. Task Command Syntax Command Mode Set the number of ARP retries. arp retries number CONFIGURATION Default: 5 Range: 5-20 Display all ARP entries learned via gratuitous ARP.
www.dell.com | dell.com/support Enabling UDP Helper Enable UPD helper using the command ip udp-helper udp-ports, as shown in Figure 19-10. Figure 19-10. Enabling UDP Helper FTOS(conf-if-gi-1/1)#ip udp-helper udp-port 1000 FTOS(conf-if-gi-1/1)#show config ! interface GigabitEthernet 1/1 ip address 2.1.1.1/24 ip udp-helper udp-port 1000 no shutdown View the interfaces and ports on which UDP helper is enabled using the command show ip udp-helper from EXEC Privilege mode, as shown in Figure 19-11.
Figure 19-13. Configuring a Broadcast Address R1_E600(conf)#do show interfaces vlan 100 Vlan 100 is up, line protocol is down Address is 00:01:e8:0d:b9:7a, Current address is 00:01:e8:0d:b9:7a Interface index is 1107787876 Internet address is 1.1.0.1/24 IP UDP-Broadcast address is 1.1.255.
www.dell.com | dell.com/support 3. Packet 2 is also forwarded to the ingress interface with an unchanged destination address because it does not have broadcast address configured. Figure 19-14. UDP helper with All Broadcast Addresses VLAN 100 IP address: 1.1.0.1/24 Subnet broadcast address: 1.1.0.255 Configured broadcast address: 1.1.255.255 Hosts on VLAN 100: 1.1.0.2, 1.1.0.3, 1.1.0.4 Packet 1 Destination Address: 255.255.255.255 1/2 1/1 1/3 Ingress interface IP Address: 2.1.1.
In Figure 19-16, Packet 1 has a destination IP address that matches the configured broadcast address of VLAN 100 and 101. If UDP helper is enabled and the UDP port number matches, the packet is flooded on both VLANs with an unchanged destination address. Packet 2 is sent from a host on VLAN 101. It has broadcast MAC address and a destination IP address that matches the configured broadcast address on VLAN 101.
www.dell.com | dell.com/support Figure 19-18. 384 Debugging IP Helper with UDP Helper Packet 0.0.0.0:68 -> 255.255.255.255:67 TTL 128 2005-11-05 11:59:35 %RELAY-I-PACKET, BOOTP REQUEST (Unicast) received at interface 172.21.50.193 BOOTP Request, XID = 0x9265f901, secs = 0 hwaddr = 00:02:2D:8D:46:DC, giaddr = 0.0.0.0, hops = 2 2005-11-05 11:59:35 %RELAY-I-BOOTREQUEST, Forwarded BOOTREQUEST for 00:02:2D:8D:46:DC to 137.138.17.
20 IPv6 Basics IPv6 Basics, applies to platforms ces Note: The IPv6 basic commands are supported on all platforms. However, not all features are supported on all platforms, nor for all releases. See Table 20-2to determine the FTOS version supporting which features and platforms. IPv6 (Internet Protocol Version 6) is the successor to IPv4. Due to the extremely rapid growth in internet users, and IP addresses, IPv4 is reaching its maximum usage.
www.dell.com | dell.com/support Protocol Overview IPv6 is an evolution of IPv4. IPv6 is generally installed as an upgrade in devices and operating systems. Most new devices and operating systems support both IPv4 and IPv6. Some key changes in IPv6 are: • • • • Extended Address Space Stateless Autoconfiguration Header Format Simplification Improved Support for Options and Extensions Extended Address Space The address format is extended from 32 bits to 128 bits.
The router redistribution functionality in Neighbor Discovery Protocol (NDP) is similar to IPv4 router redirect messages. Neighbor Discovery Protocol (NDP) uses ICMPv6 redirect messages (Type 137) to inform nodes that a better router exists on the link. IPv6 Headers The IPv6 header has a fixed length of 40 bytes. This provides 16 bytes each for Source and Destination information, and 8 bytes for general header information.
www.dell.com | dell.com/support Traffic Class (8 bits) The Traffic Class field deals with any data that needs special handling. These bits define the packet priority and are defined by the packet Source. Sending and forwarding routers use this field to identify different IPv6 classes and priorities. Routers understand the priority settings and handle them appropriately during conditions of congestion.
Table 20-1. Next Header field values (continued) Value Description 59 No Next Header 60 Destinations option header Note: This is not a comprehensive table of Next Header field values. Refer to the Internet Assigned Numbers Authority (IANA) web page http://www.iana.org/assignments/protocol-numbers for a complete and current listing. Hop Limit (8 bits) The Hop Limit field shows the number of hops remaining for packet processing.
www.dell.com | dell.com/support Hop-by-Hop Options header The Hop-by-Hop options header contains information that is examined by every router along the packet’s path. It follows the IPv6 header and is designated by the Next Header value 0 (zero) (Table 20-1). When a Hop-by-Hop Options header is not included, the router knows that it does not have to process any router specific information and immediately processes the packet to its final destination.
• • • • • • 2001:0db8:0000:0000:0000:0000:1428:57ab 2001:0db8:0000:0000:0000::1428:57ab 2001:0db8:0:0:0:0:1428:57ab 2001:0db8:0:0::1428:57ab 2001:0db8::1428:57ab 2001:db8::1428:57ab IPv6 networks are written using Classless Inter-Domain Routing (CIDR) notation. An IPv6 network (or subnet) is a contiguous group of IPv6 addresses the size of which must be a power of two; the initial bits of addresses, which are identical for all hosts in the network, are called the network's prefix.
www.dell.com | dell.com/support Implementing IPv6 with FTOS FTOS supports both IPv4 and IPv6, and both may be used simultaneously in your system. Note: Dell Networking recommends that you use FTOS version 7.6.1.0 or later when implementing IPv6 functionality on an E-Series system. Table 20-2 lists the FTOS Version in which an IPv6 feature became available for each platform. The sections following the table give some greater detail about the feature.
Table 20-2. IS-IS for IPv6 support for redistribution FTOS and IPv6 Feature Support (continued) 7.6.1 8.2.1 Intermediate System to Intermediate System (IS-IS) in the FTOS Configuration Guide IPv6 IS-IS in the FTOS Command Line Reference Guide ISIS for IPv6 support for 7.6.1 distribute lists and administrative distance 8.2.1 Intermediate System to Intermediate System (IS-IS) in the FTOS Configuration Guide IPv6 IS-IS in the FTOS Command Line Reference Guide OSPF for IPv6 (OSPFv3) 7.4.1 8.2.1 7.8.
www.dell.com | dell.com/support Table 20-2. MLDv1 Snooping FTOS and IPv6 Feature Support (continued) 7.4.1 8.2.1 IPv6 Multicast in this chapter Multicast IPv6 in the FTOS Command Line Reference Guide MLDv2 Snooping 8.3.1.0 8.3.1.0 IPv6 Multicast in this chapter Multicast IPv6 in the FTOS Command Line Reference Guide IPv6 QoS trust DSCP values 7.4.1 8.2.
Figure 20-2. MTU Discovery Path Destination Source Router B Router A MTU = 1600 MTU = 1400 MTU = 1200 Packet (MTU = 1600) ICMPv6 (Type 2) Use MTU = 1400 Packet (MTU = 1400) ICMPv6 (Type 2) Use MTU = 1200 Packet (MTU = 1200) Packet Received IPv6 Neighbor Discovery IPv6 NDP is supported on platforms ces Neighbor Discovery Protocol (NDP) is a top-level protocol for neighbor discovery on an IPv6 network.
www.dell.com | dell.com/support Figure 20-3. NDP Router Redistribution Router C Network 2001:db8::1428:57ab Send a Packet to Network 2001:db8::1428:57ab Router A Router B Local Link Packet Destination (2001:db8::1428:57ab) ICMPv6 Redirect (Data: Use Router C) Packet Destination (Destination 2001:db8::1428:57ab) IPv6 Neighbor Discovery of MTU packets With FTOS 8.3.1.0, you can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface.
• • • Multicast Listener Discovery Protocol (MLD). MLD on a multicast router sends out periodic general MLD queries that the switch forwards through all ports in the VLAN. There are two versions of MLD: MLD version 1 is based on version 2 of the Internet Group Management Protocol (IGMP) for IPv4, and MLD version 2 is based on version 3 of the IGMP for IPv4. IPv6 multicast for FTOS supports versions 1 and 2 PIM-SM.
www.dell.com | dell.com/support • Clear IPv6 Routes Change your CAM-Profile on an E-Series system The cam-profile command is supported only on platform e Change your CAM profile to the CAM ipv6-extacl before doing any further IPv6 configuration. Once the CAM profile is changed, save the configuration and reboot your router.
Figure 20-5.
www.dell.com | dell.com/support Save the new CAM settings to the startup-config (write-mem or copy run start) then reload the system for the new settings to take effect. Command Syntax Command Mode Purpose cam-acl { ipv6acl } CONFIGURATION Allocate space for IPV6 ACLs. Enter the CAM profile name followed by the amount to be allotted. When not selecting the default option, you must enter all of the profiles listed and a range for each. The total space allocated must equal 13.
Assign a Static IPv6 Route IPv6 Static Routes are supported on platforms ces Use the ipv6 route command to configure IPv6 static routes.
www.dell.com | dell.com/support Command Syntax Command Mode Purpose telnet ipv6 address EXEC or EXEC Privileged Enter the IPv6 Address for the device. ipv6 address : x:x:x:x::x mask : prefix length 0-128 IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing earlier in this chapter.
Command Syntax Command Mode Purpose FTOS#show ipv6 ? accounting IPv6 accounting information cam linecard IPv6 CAM Entries for Line Card fib linecard IPv6 FIB Entries for Line Card interface IPv6 interface information mbgproutes MBGP routing table mld MLD information mroute IPv6 multicast-routing table neighbors IPv6 neighbor information ospf OSPF information pim PIM V6 information prefix-list List IPv6 prefix lists route IPv6 routing information rpf RPF table FTOS# Show an IPv6 Interface View the IPv6 c
www.dell.com | dell.com/support Figure 20-6.
Figure 20-7 illustrates the show ipv6 route command output. Figure 20-7.
www.dell.com | dell.com/support Show the Running-Configuration for an Interface View the configuration for any interface with the following command.
Command Syntax Command Mode Purpose IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing earlier in this chapter.
| IPv6 Basics www.dell.com | dell.
21 iSCSI Optimization iSCSI Optimization is supported on platforms This chapter describes how to configure internet small computer system interface (iSCSI) optimization, which enables quality-of-service (QoS) treatment for iSCSI traffic.
www.dell.com | dell.com/support Figure 21-1. iSCSI Optimization Example Detection and Auto-configuration for Dell EqualLogic Arrays The iSCSI optimization feature includes auto-provisioning support with the ability to detect directly connected Dell EqualLogic storage arrays and automatically reconfigure the switch to enhance storage traffic flows. The switch uses the link layer discovery protocol (LLDP) to discover Dell EqualLogic devices on the network.
The following message is displayed the first time a Dell EqualLogic array is detected and describes the configuration changes that are automatically performed: %STKUNIT0-M:CP %IFMGR-5-IFM_ISCSI_AUTO_CONFIG: This switch is being configured for optimal conditions to support iSCSI traffic which will cause some automatic configuration to occur including jumbo frames and flow-control on all ports; no storm control and spanning-tree port fast to be enabled on the port of detection.
www.dell.com | dell.com/support Auto-detection of Dell Compellent To auto-detect iSCSI optimization on a switch connected to a Dell Compellent array, follow these steps: Step 1 Task Command Command Mode Configure the auto-detection of Dell Compellent arrays on a port. Default: Dell Compellent disk arrays are not detected.
Default iSCSI Optimization Values Table 21-1 shows the default values for the iSCSI optimization feature. Table 21-1. iSCSI Optimization: Default Parameters Parameter iSCSI Optimization global setting Default Value Disabled iSCSI Optimization Prerequisites • iSCSI optimization requires LLDP on the switch. LLDP is disabled by default (refer to Chapter 24, Link Layer Discovery Protocol).
www.dell.com | dell.com/support Use the show commands in Table 21-2 to display information on iSCSI optimization 414 Table 21-2. | Displaying iSCSI Optimization Information Command Output show run iscsi Displays all globally-configured non-default iSCSI settings in the current FTOS session.
22 Link Aggregation Control Protocol Link Aggregation Control Protocol is supported on platforms ce s The major sections in the chapter are: • • • • • Introduction to Dynamic LAGs and LACP LACP Configuration Tasks Shared LAG State Tracking Configure LACP as Hitless LACP Basic Configuration Example Introduction to Dynamic LAGs and LACP A Link Aggregation Group (LAG), referred to as a port channel by FTOS, can provide both load-sharing and port redundancy across line cards.
www.dell.com | dell.com/support Important Points to Remember • • • • • • • • In FTOS software version 8.3.3.9, the default startup configuration is all 1G ports in L2 switch mode, admin up. LACP enables you to add members to a port channel (LAG) as long as it has no static members. Conversely, if the LAG already contains a statically defined member (channel-member command), the port-channel mode command is not permitted.
• Passive—In this state, the interface is not in an active negotiating state, but LACP will run on the link. A port in Passive state also responds to negotiation requests (from ports in Active state). Ports in Passive state respond to LACP packets. FTOS supports LAGs in the following cases: • A port in Active state can set up a port channel (LAG) with another port in Active state. • A port in Active state can set up a LAG with another port in Passive state.
www.dell.com | dell.com/support Create a LAG To create a dynamic port channel (LAG), define the LAG and then the LAG interfaces. Use the interface port-channel and switchport commands, as shown in Figure 22-1, which uses the example of LAG 32: Figure 22-1. Placing a LAG into the Default VLAN FTOS(conf)#interface port-channel 32 FTOS(conf-if-po-32)#no shutdown FTOS(conf-if-po-32)#switchport The LAG is in the default VLAN.
Figure 22-3. Creating a Dynamic LAG Example FTOS(conf)#interface Gigabitethernet 3/15 FTOS(conf-if-gi-3/15)#no shutdown FTOS(conf-if-gi-3/15)#port-channel-protocol lacp FTOS(conf-if-gi-3/15-lacp)#port-channel 32 mode active ... FTOS(conf)#interface Gigabitethernet 3/16 FTOS(conf-if-gi-3/16)#no shutdown FTOS(conf-if-gi-3/16)#port-channel-protocol lacp FTOS(conf-if-gi-3/16-lacp)#port-channel 32 mode active ...
www.dell.com | dell.com/support Figure 22-4. Invoking the LACP Long Timeout FTOS(conf)# interface port-channel 32 FTOS(conf-if-po-32)#no shutdown FTOS(conf-if-po-32)#switchport FTOS(conf-if-po-32)#lacp long-timeout FTOS(conf-if-po-32)#end FTOS# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.a12b Partner System ID: Priority 32768, Address 0001.e801.
Figure 22-5. LAGs using ECMP without Shared LAG State Tracking R4 Po 2 Po 1 Po 1 failure R1 Po 2 over-subscribed R2 R3 fnC0049mp To avoid packet loss, traffic must be re-directed through the next lowest-cost link (R3 to R4). FTOS has the ability to bring LAG 2 down in the event that LAG 1 fails, so that traffic can be re-directed, as described. This is what is meant by Shared LAG State Tracking.
www.dell.com | dell.com/support In Figure 22-8, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down upon the failure. This effect is logged by Message 2, in which a console message declares both LAGs down at the same time. Figure 22-8.
• • • • Only a LAG can be a member of a failover group. Shared LAG State Tracking can be configured on one side of a link or on both sides. If a LAG that is part of a failover group is deleted, the failover group is deleted. If a LAG moves to the down state due to this feature, its members may still be in the up state. Configure LACP as Hitless Configure LACP as Hitless is supported only on platforms: ce LACP on Dell Networking systems can be configured to be hitless.
www.dell.com | dell.com/support Figure 22-11. LACP Sample Topology Port Channel 10 ALPHA BRAVO Gig 3/21 Gig 2/31 Gig 2/32 Gig 3/23 Gig 2/33 Configuring a LAG on ALPHA Figure 22-12.
Figure 22-13. Inspecting a LAG Port Configuration on ALPHA Alpha#sh int gig 2/31 GigabitEthernet 2/31 is up, line protocol is up Port is part of Port-channel 10 Hardware is Force10Eth, address is 00:01:e8:06:95:c0 Current address is 00:01:e8:06:95:c0 Interface index is 109101113 Port will not be disabled on partial SFM failure Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes Shows the speed of this physical interface.
www.dell.com | dell.com/support Figure 22-14. 426 Inspecting Configuration of LAG 10 on ALPHA Indicates the MAC address assigned to the LAG. This does NOT match any of the physical interface MAC addresses.
Figure 22-15. Using the show lacp Command to Verify LAG 10 Status on ALPHA Alpha#sho lacp 10 Port-channel 10 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e806.953e Partner System ID: Priority 32768, Address 0001.e809.
www.dell.com | dell.com/support Summary of the configuration on ALPHA Figure 22-16.
Summary of the configuration on BRAVO Figure 22-17.
www.dell.com | dell.com/support Figure 22-18. 430 Using the show interface Command to Inspect a LAG Port on BRAVO Shows the status of this nterface. Also shows it is part of LAG 10. Bravo#show int gig 3/21 GigabitEthernet 3/21 is up, line protocol is up Port is part of Port-channel 10 Hardware is Force10Eth, address is 00:01:e8:09:c3:82 Current address is 00:01:e8:09:c3:82 Shows that this is a Layer 2 port.
Figure 22-19. Using the show interfaces port-channel Command to Inspect LAG 10 Indicates the MAC address assigned to the LAG. This does NOT match any of the physical interface MAC addresses.
www.dell.com | dell.com/support Figure 22-20. Using the show lacp Command to Inspect LAG Status FTOS#show lacp 10 Port-channel 10 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e809.c24a Partner System ID: Priority 32768, Address 0001.e806.
23 Layer 2 Layer 2 features are supported on platforms: ces This chapter describes the following Layer 2 features: • • • • • • • Managing the MAC Address Table MAC Learning Limit NIC Teaming Configuring Redundant Pairs Configuring Redundant Pairs Restricting Layer 2 Flooding Far-end Failure Detection Managing the MAC Address Table FTOS provides the following management activities for the MAC address table: • • • • Clear the MAC Address Table Set the Aging Time for Dynamic Entries Configure a Static MAC
www.dell.com | dell.com/support Set the Aging Time for Dynamic Entries Learned MAC addresses are entered in the table as dynamic entries, which means that they are subject to aging. For any dynamic entry, if no packet arrives on the switch with the MAC address as the source or destination address within the timer period, the address is removed from the table. The default aging time is 1800 seconds. Task Command Syntax Command Mode Disable MAC address aging for all dynamic entries.
Display the MAC Address Table To display the contents of the MAC address table: Task Command Syntax CommandMode Display the contents of the MAC address table. • address displays the specified entry. • aging-time displays the configured aging-time. • count displays the number of dynamic and static entries for all VLANs, and the total number of entries. • dynamic displays only dynamic entries • interface displays only entries for the specified interface. • static displays only static entries.
www.dell.com | dell.com/support To set a MAC learning limit on an interface: Task Command Syntax Command Mode Specify the number of MAC addresses that the system can learn off a Layer 2 interface. mac learning-limit address_limit INTERFACE Three options are available with the mac learning-limit command: dynamic, no-station-move, and station-move. Note: An SNMP trap is available for mac learning-limit station-move. No other SNMP traps are available for MAC Learning Limit, including limit violations.
mac learning-limit no-station-move The no-station-move option, also known as “sticky MAC,” provides additional port security by preventing a station move. When this option is configured, the first entry in the table is maintained instead of creating a new entry on the new interface. no-station-move is the default behavior. Entries created before this option is set are not affected.
www.dell.com | dell.com/support Station Move Violation Actions Station Move Violation Actions are supported only on platforms: s , , and no-station-move is the default behavior (see mac learning-limit no-station-move). You can configure the system to take an action if a station move occurs using one the following options with the mac learning-limit command:. Task Command Syntax Generate a system log message indicating a station move.
Per-VLAN MAC Learning Limit Per-VLAN MAC Learning Limit is available only on platform: e An individual MAC learning limit can be configured for each VLAN using Per-VLAN MAC Learning Limit. One application of Per-VLAN MAC Learning Limit is on access ports. In the following illustration, an Internet Exchange Point (IXP) connects multiple Internet Service Provider (ISP). An IXP can provide several types of services to its customers including public and private peering.
www.dell.com | dell.
When NIC teaming is employed, consider that the server MAC address is originally learned on Port 0/1 of the switch (Figure 23-3). When the NIC fails, the same MAC address is learned on Port 0/5 of the switch. The MAC address must be disassociated with the one port and re-associated with another in the ARP table; in other words, the ARP entry must be “moved”.
www.dell.com | dell.com/support Configuring Redundant Pairs Configuring Redundant Pairs is supported only on platform: ecs Networks that employ switches that do not support Spanning Tree (STP)—for example, networks with Digital Subscriber Line Access Mutiplexers (DSLAM)—cannot have redundant links between switches because they create switching loops (Figure 23-4).
In Figure 23-5, interface 3/41 is a backup interface for 3/42, and 3/42 is in the down state, as shown in message Message 1. If 3/41 fails, 3/42 transitions to the up state, which makes the backup link active. A message similar to Message 1 appears whenever you configure a backup port.
www.dell.com | dell.com/support Restricting Layer 2 Flooding Restricting Layer 2 Flooding is supported only on platform: e When Layer 2 multicast traffic must be forwarded on a VLAN that has multiple ports with different speeds on the same port-pipe, forwarding is limited to the speed of the slowest port.
Figure 23-7.
www.dell.com | dell.com/support Table 23-1.
Step Task Command Syntax Command Mode 3 Enable fefd globally fefd {interval | mode} CONFIGURATION Entering the show fefd command in EXEC privilege mode displays information about the state of each interface. Figure 23-8. Show FEFD global outputs FTOS#show fefd FEFD is globally 'ON', interval is 3 seconds, mode is 'Normal'.
www.dell.com | dell.com/support Figure 23-9. FEFD enabled interface configuration FTOS(conf-if-gi-1/0)#show config ! interface GigabitEthernet 1/0 no ip address switchport fefd mode normal no shutdown FTOS(conf-if-gi-1/0)#do show fefd | grep 1/0 Gi 1/0 Normal 3 Unknown Debugging FEFD By entering the command debug fefd events in EXEC privilege mode, output is displayed whenever events occur that initiate or disrupt an FEFD enabled connection. Figure 23-10.
During an RPM Failover In the event that an RPM failover occurs, FEFD will become operationally down on all enabled ports for approximately 8-10 seconds before automatically becoming operational again. Figure 23-12. FEFD state change during an RPM failover 02-05-2009 12:40:38 Local7.Debug 10.16.151.12 Feb 5 07:06:09: %RPM1-S:CP %RAM-6-FAILOVER_REQ: RPM failover request from active peer: User request. 02-05-2009 12:40:38 Local7.Debug 10.16.151.
| Layer 2 www.dell.com | dell.
24 Link Layer Discovery Protocol Link Layer Discovery Protocol is supported only on platforms: ces This chapter contains the following sections: • • • 802.1AB (LLDP) Overview TIA-1057 (LLDP-MED) Overview Configuring LLDP 802.1AB (LLDP) Overview Link Layer Discovery Protocol (LLDP)—defined by IEEE 802.1AB—is a protocol that enables a LAN device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
www.dell.com | dell.com/support TLVs are encapsulated in a frame called an LLDP Data Unit (LLDPDU) (Figure 24-2), which is transmitted from one LLDP-enabled device to its LLDP-enabled neighbors. LLDP is a one-way protocol. LLDP-enabled devices (LLDP agents) can transmit and/or receive advertisements, but they cannot solicit and do not respond to advertisements. There are five types of TLVs. All types are mandatory in the construction of an LLDPDU except Optional TLVs.
Management TLVs A Management TLV is an Optional TLVs sub-type. This kind of TLV contains essential management information about the sender. The five types are described in Table 24-2. Organizationally Specific TLVs Organizationally specific TLVs can be defined by a professional organization or a vendor. They have two mandatory fields (Figure 24-3) in addition to the basic TLV fields (Figure 24-1): • Organizationally Unique Identifier (OUI)—a unique number assigned by the IEEE to an organization or vendor.
www.dell.com | dell.com/support Table 24-2. Optional TLV Types Type TLV Description 127 Port and Protocol VLAN ID On Dell Networking systems, indicates the tagged VLAN to which a port belongs (and the untagged VLAN to which a port belongs if the port is in hybrid mode) 127 VLAN Name Indicates the user-defined alphanumeric string that identifies the VLAN. This TLV is supported on C-Series only. 127 Protocol Identity Indicates the protocols that the port can process.
TIA Organizationally Specific TLVs The Dell Networking system is an LLDP-MED Network Connectivity Device (Device Type 4). Network connectivity devices are responsible for: • • transmitting an LLDP-MED capabilities TLV to endpoint devices storing the information that endpoint devices advertise Table 24-3 describes the five types of TIA-1057 Organizationally Specific TLVs. Table 24-3.
www.dell.com | dell.com/support LLDP-MED Capabilities TLV The LLDP-MED Capabilities TLV communicates the types of TLVs that the endpoint device and the network connectivity device support. LLDP-MED network connectivity devices must transmit the Network Policies TLV. • • The value of the LLDP-MED Capabilities field in the TLV is a 2 octet bitmap (Figure 24-4), each bit represents an LLDP-MED capability (Table 24-4). The possible values of the LLDP-MED Device Type is listed in Table 24-5.
LLDP-MED Network Policies TLV A network policy in the context of LLDP-MED is a device’s VLAN configuration and associated Layer 2 and Layer 3 configurations, specifically: • • • • VLAN ID VLAN tagged or untagged status Layer 2 priority DSCP value The application type is a represented by an integer (the Type integer in Table 24-6), which indicates a device function for which a unique network policy is defined.
www.dell.com | dell.com/support Figure 24-5. TLV Type (127) LLDP-MED Policies TLV TLV Length (8) 7 bits 9 bits Organizationally Organizationally Unique ID Defined Sub-type (00-12-BB) (2) 3 octets 1 octet Application Type (0-255) 1 octet U T X (0) 3 bits VLAN ID (0-4095) L2 Priority (0-7) DSCP Value (0-63) 12 bits 3 bits 6 bits Extended Power via MDI TLV The Extended Power via MDI TLV enables advanced PoE management between LLDP-MED endpoints and network connectivity devices.
• • • • • Viewing Information Advertised by Adjacent LLDP Agents Configuring LLDPDU Intervals Configuring Transmit and Receive Mode Configuring a Time to Live Debugging LLDP Important Points to Remember • • • • • LLDP is disabled by default. Dell Networking systems support up to 8 neighbors per interface. Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by 8 exceeds the maximum, the system will not configure more than 8000.
www.dell.com | dell.com/support Figure 24-7.
• If you configure an interface, only the interface will send LLDPDUs with the specified TLVs. If LLDP is configured both globally and at interface level, the interface level configuration overrides the global configuration. To advertise TLVs: Step Command Mode Task Command 1 Enter LLDP mode. protocol lldp CONFIGURATI ON or INTERFACE 2 Advertise one or more TLVs. Include the keyword for each TLV you want to advertise.
www.dell.com | dell.com/support Viewing the LLDP Configuration Display the LLDP configuration using the command show config in either CONFIGURATION or INTERFACE mode, as shown in Figure 24-9 and Figure 24-10, respectively Figure 24-9.
Figure 24-12.
www.dell.com | dell.com/support Figure 24-13.
Figure 24-14.
www.dell.com | dell.com/support Figure 24-15.
Figure 24-16.
www.dell.com | dell.com/support Table 24-7.
Table 24-8.
www.dell.com | dell.com/support Table 24-9. LLDP 802.
Table 24-10.
www.dell.com | dell.com/support Table 24-10.
25 Multiple Spanning Tree Protocol Multiple Spanning Tree Protocol is supported on platforms: ces Protocol Overview Multiple Spanning Tree Protocol (MSTP)—specified in IEEE 802.1Q-2003—is an RSTP-based spanning tree variation that improves on PVST+. MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances. In contrast, PVST+ allows a spanning tree instance for each VLAN.
www.dell.com | dell.com/support FTOS supports three other variations of Spanning Tree, as shown in Table 25-1. Table 25-1. FTOS Supported Spanning Tree Protocols Dell Networking Term IEEE Specification Spanning Tree Protocol 802.1d Rapid Spanning Tree Protocol 802.1w Multiple Spanning Tree Protocol 802.1s Per-VLAN Spanning Tree Plus Third Party Implementation Information • • • • • The FTOS MSTP implementation is based on IEEE 802.
• • • Preventing Network Disruptions with BPDU Guard SNMP Traps for Root Elections and Topology Changes Configuring Spanning Trees as Hitless Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP: Step Task Command Syntax Command Mode 1 Enter PROTOCOL MSTP mode. protocol spanning-tree mstp CONFIGURATION 2 Enable MSTP. no disable PROTOCOL MSTP Verify that MSTP is enabled using the show config command from PROTOCOL MSTP mode, as shown in Figure 25-2. Figure 25-2.
www.dell.com | dell.com/support Create an MSTI using the command msti from PROTOCOL MSTP mode. Specify the keyword vlan followed by the VLANs that you want to participate in the MSTI, as shown in Figure 25-3. Figure 25-3.
Influence MSTP Root Selection MSTP determines the root bridge, but you can assign one bridge a lower priority to increase the probability that it will become the root bridge. To change the bridge priority: Task Command Syntax Command Mode Assign a number as the bridge priority. A lower number increases the probability that the bridge becomes the root bridge.
www.dell.com | dell.com/support To change the region name or revision: Task Command Syntax Command Mode Change the region name. name name PROTOCOL MSTP Change the region revision number. • Range: 0 to 65535 • Default: 0 revision number PROTOCOL MSTP View the current region name and revision using the command show spanning-tree mst configuration from EXEC Privilege mode, as shown in Figure 25-6. Figure 25-6.
Task Command Syntax Command Mode Change the hello-time parameter. Note: With large configurations (especially those with more ports) Dell Networking recommends that you increase the hello-time. Range: 1 to 10 Default: 2 seconds hello-time seconds PROTOCOL MSTP Change the max-age parameter. Range: 6 to 40 Default: 20 seconds max-age seconds PROTOCOL MSTP Change the max-hops parameter.
www.dell.com | dell.com/support Table 25-2 lists the default values for port cost by interface. Table 25-2.
To enable EdgePort on an interface, use the following command: Task Command Syntax Command Mode Enable EdgePort on an interface. spanning-tree mstp edge-port [bpduguard | shutdown-on-violation] INTERFACE Verify that EdgePort is enabled on a port using the command show config from the INTERFACE mode, as shown in Figure 25-8. FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1If the interface to be shutdown is a port channel then all the member ports are disabled in the hardware.
www.dell.com | dell.com/support MSTP Sample Configurations The running-configurations in Figure 25-10, Figure 25-11, and Figure 25-11 support the topology shown in Figure 25-9. The configurations are from FTOS systems. An S50 system using SFTOS, configured as shown Figure 25-13, could be substituted for an FTOS router in this sample following topology and MSTP would function as designed. Figure 25-9.
Figure 25-10.
www.dell.com | dell.com/support Figure 25-11.
Figure 25-12.
www.dell.com | dell.com/support Figure 25-13.
Figure 25-14. Displaying BPDUs and Events FTOS#debug spanning-tree mstp bpdu 1w1d17h : MSTP: Sending BPDU on Gi 1/31 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x68 CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 20000 Regional Bridge Id: 32768:0001.e809.c24a, CIST Port Id: 128:384 Msg Age: 2, Max Age: 20, Hello: 2, Fwd Delay: 15, Ver1 Len: 0, Ver3 Len: 96 Name: my-mstp-region, Rev: 0, Int Root Path Cost: 20000 Rem Hops: 19, Bridge Id: 32768:0001.e80d.
www.dell.com | dell.com/support Figure 25-15. Sample Output for show running-configuration spanning-tree mstp command FTOS#show run spanning-tree mstp ! protocol spanning-tree mstp name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 Figure 25-16.
26 Multicast Features Multicast Features are supported on platforms: ces This chapter contains the following sections: • • • • • • • • Enable IP Multicast Multicast with ECMP First Packet Forwarding for Lossless Multicast Multicast Policies Multicast Traceroute Multicast Quality of Service Optimize the E-Series for Multicast Traffic Tune the Central Scheduler for Multicast FTOS supports the following multicast protocols: • • • PIM Sparse-Mode PIM Source-Specific Mode Internet Group Management Protocol
www.dell.com | dell.com/support Prior to enabling any multicast protocols, you must enable multicast routing. Task Command Syntax Command Mode Enable multicast routing. ip multicast-routing CONFIGURATION Multicast with ECMP Dell Networking multicast uses Equal-cost Multi-path (ECMP) routing to load-balance multiple streams across equal cost links.
Implementation Information • • • • Because protocol control traffic in FTOS is redirected using the MAC address, and multicast control traffic and multicast data traffic might map to the same MAC address, FTOS might forward data traffic with certain MAC addresses to the CPU in addition to control traffic. As the upper five bits of an IP Multicast address are dropped in the translation, 32 different multicast group IDs all map to the same Ethernet address. For example, 224.0.0.
www.dell.com | dell.com/support Both scenarios might be unacceptable depending on the multicast application. Beginning with the FTOS versions above, when the Dell Networking system is the RP, and has receivers for a group G, it forwards all initial multicast packets for the group based on the (*,G) entry rather than discarding them until the (S,G) entry is created, making Dell Networking systems suitable for applications sensitive to multicast packet loss.
• If the limit is decreased after it is reached, FTOS does not clear the existing sessions. Entries are cleared upon a timeout (you may also clear entries using clear ip mroute). Note: FTOS waits at least 30 seconds between stopping and starting IGMP join processing. You may experience this delay when manipulating the limit after it is reached. When the multicast route limit is reached, FTOS displays Message 1.
| Multicast Features ip igmp snooping enable interface Vlan 400 ip pim sparse-mode ip address 10.11.4.1/24 untagged GigabitEthernet 1/2 ip igmp access-group igmpjoinfilR2G2 no shutdown (*, 239.0.0.1), uptime 00:00:06, expires 00:00:00, RP 10.11.12.2, flags: SCJ Incoming interface: GigabitEthernet 1/21, RPF neighbor 10.11.12.2 Outgoing interface list: Vlan 400 Forward/Sparse 00:00:06/Never interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.
Rate Limit IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined using the command ip igmp group-join-limit from INTERFACE mode. Hosts whose IGMP requests are denied will use the retry mechanism built-in to IGMP so that they’re membership is delayed rather than permanently denied. View the enable status of this feature using the command show ip igmp interface from EXEC Privilege mode.
| Multicast Features (10.11.5.2, 239.0.0.2), uptime 00:00:33, expires 00:03:07, flags: CT Incoming interface: GigabitEthernet 1/31, RPF neighbor 10.11.13.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:00:40/Never (*, 239.0.0.2), uptime 00:00:40, expires 00:00:00, RP 10.11.12.2, flags: SCJ Incoming interface: GigabitEthernet 1/21, RPF neighbor 10.11.12.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:00:40/Never (10.11.5.2, 239.0.0.
Prevent a PIM Router from Processing a Join Permit or deny PIM Join/Prune messages on an interface using an extended IP access list. Use the command ip pim join-filter to prevent the PIM SM router from creating state based on multicast source and/ or group.
www.dell.com | dell.com/support Prevent an IPv6 Neighbor from Forming an Adjacency Task Command Syntax Command Mode Prevent a router from participating in PIM.
Multicast Traceroute Multicast Traceroute is supported only on platform: e MTRACE is an IGMP-based tool that prints that network path that a multicast packet takes from a source to a destination, for a particular group. FTOS has mtrace client and mtrace transmit functionality. • • MTRACE Client—an mtrace client transmits mtrace queries and prints out the details received responses.
www.dell.com | dell.com/support Optimize the E-Series for Multicast Traffic Optimize the E-Series for Multicast Traffic is supported only on platform: e The default hardware settings for the E-series are for unicast applications like data centers and ISP networks. This means that the E-Series gives priority to unicast data forwarding rather than multicast data forwarding. For multicast intensive applications like trading, Dell Networking recommends reconfiguring some default settings.
FTOS provides the ability to adjust the scheduling weight for multicast traffic. For example, if the majority of your traffic is multicast, the default configuration might yield greater latency. In this case, allocate more backplane bandwidth for multicast using the command queue multicast bandwidth-percent from CONFIGURATION mode. View your configuration using the command show queue backplane multicast bandwidth-percentage. Figure 26-6.
| Multicast Features www.dell.com | dell.
27 Open Shortest Path First (OSPFv2 and OSPFv3) ces Open Shortest Path First version 3 (OSPF for IPv6) is supported on platforms c e Open Shortest Path First version 2 (OSPF for IPv4) is supported on platforms This chapter is intended to provide a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking Operating System (FTOS).
www.dell.com | dell.com/support Protocol Overview Open Shortest Path First (OSPF) routing is a link-state routing protocol that calls for the sending of Link-State Advertisements (LSAs) to all other routers within the same Autonomous System (AS) Areas. Information on attached interfaces, metrics used, and other variables is included in OSPF LSAs. As OSPF routers accumulate link-state information, they use the SPF algorithm (Shortest Path First algorithm) to calculate the shortest path to each node.
Figure 27-1. Autonomous System Areas Router M Router K Router F Router E Router L Area 200 Router D Router C Router G Area 100 Area 0 Router H Router B Router A Router I Router J Area 300 Area Types The Backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any Autonomous System (AS). All other areas must connect to Area 0. Areas can be defined in such a way that the backbone is not contiguous.
www.dell.com | dell.com/support A Stub Area (SA) does not receive external route information, except for the default route. These areas do receive information from inter-area (IA) routes. Note that all routers within an assigned Stub area must be configured as stubby, and no generate LSAs that do not apply. For example, a Type 5 LSA is intended for external areas and the Stubby area routers may not generate external LSAs. Stubby areas cannot be traversed by a virtual link.
Figure 27-2.
www.dell.com | dell.com/support Area Border Router (ABR) Within an AS, an Area Border (ABR) connects one or more areas to the Backbone. The ABR keeps a copy of the link-state database for every area it connects to, so it may keep multiple copies of the link state database. An Area Border Router (ABR) takes information it has learned on one of its attached areas and can summarize it before sending it out on other areas it is connected to.
Link-State Advertisements (LSAs) A Link-State Advertisement (LSA) communicates the router's local routing topology to all other local routers in the same area. • • OSPFv3 can treat LSAs as having link-local flooding scope, or store and flood them as if they are understood, while ignoring them in their own SPF algorithms. OSPFv2 always discards unknown LSA types.
www.dell.com | dell.com/support Each router link is defined as one of four types: type 1, 2, 3, or 4. The LSA includes a link ID field that identifies, by the network number and mask, the object this link connects to. Depending on the type, the link ID has different meanings.
Figure 27-3. Priority and Costs Example Router 2 Priority 180 Cost 50 Router 1 Priority 200 Cost 21 Router 3 Priority 100 Cost 25 Router 4 Priority 150 Cost 20 Router 1 selected by the system as DR. Router 2 selected by the system as BDR. If R1 fails, the system subtracts 21 fromR1 s priority number. R1 s new pr iority is 179. R2 as both the selected BDR and the now-highest priority, becomes the DR. If R3 fails, the system subtracts R2 s new priority is130. 50 fromits priority.
www.dell.com | dell.com/support • • NSSA External (type 7) Opaque Link-local (type 9) Graceful Restart Graceful Restart supported on c e and s platforms for both Helper and Restart modes. When a router goes down without a Graceful Restart, there is a potential to lose access to parts of the network due to the necessity of network topology changes. Additionally, LSA flooding and reconvergence can cause substantial delays.
Multi-Process OSPF allows multiple OSPFv2 processes on a single router. Multiple OSPFv2 processes allow for isolating routing domains, supporting multiple route policies and priorities in different domains, and creating smaller domains for easier management. • • • • • The E-Series supports up to 28 OSPFv2 processes. The C-Series supports up to 6 OSPFv2 processes. The S50 and S25 support up to 4 OSPFv2 processes. The S55, S60, and S4810 support up to 16 OSPFv2 processes.
www.dell.com | dell.com/support Figure 27-4. Enabling RFC-2328 Compliant OSPF Flooding 00:10:41 : OSPF(1000:00): Printed only for ACK packets Rcv. v:2 t:5(LSAck) l:64 Acks 2 rid:2.2.2.2 aid:1500 chk:0xdbee aut:0 auk: keyid:0 from:Vl 1000 LSType:Type-5 AS External id:160.1.1.0 adv:6.1.0.0 seq:0x8000000c LSType:Type-5 AS External id:160.1.2.0 adv:6.1.0.0 seq:0x8000000c 00:10:41 : OSPF(1000:00): Rcv. v:2 t:5(LSAck) l:64 Acks 2 rid:2.2.2.
To ensure equal intervals between the routers, manually set the dead interval of the Dell Networking router to match the Cisco configuration. Use the command “ip ospf dead-interval ” in interface mode: Figure 27-6. Command Example: ip ospf intervals FTOS(conf)#int gi 2/2 FTOS(conf-if-gi-2/2)#ip ospf hello-interval 20 FTOS(conf-if-gi-2/2)#ip ospf dead-interval 80 Dead Interval Set at 4x Hello Interval FTOS(conf-if-gi-2/2)# Figure 27-7.
www.dell.com | dell.com/support 3. Add interfaces or configure other attributes.
Return to CONFIGURATION mode to enable the OSPF process. The OSPF Process ID is the identifying number assigned to the OSPF process, and the Router ID is the IP address associated with the OSPF process. . Command Syntax Command Mode Usage router ospf process-id [vrf {vrf name}] CONFIGURATION Enable the OSPFv2 process globally. Range: 0-65535 vrf name: Enter the VRF key word and instance name to tie the OSPF instance to the VRF.
www.dell.com | dell.com/support Enable Multi-Process OSPF Multi-Process OSPF allows multiple OSPFv2 processes on a single router. The following list shows the number of processes supported on each platform type. • • • • • The E-Series supports up to 30 OSPFv2 processes. The C-Series supports up to 6 OSPFv2 processes. The S50 and S25 support up to 4 OSPFv2 processes. The S55, S60, and S4810 support up to 16 OSPFv2 processes. The Z9000 supports up to 3 OSPFv2 processes.
In CONFIGURATION ROUTER OSPF mode, assign the Router ID. The Router ID is not required to be the router’s IP address. Dell Networking recommends using the IP address as the Router ID for easier management and troubleshooting. Command Syntax Command Mode Usage router-id ip address CONFIG-ROUTER-O SPF-id Assign the Router ID for the OSPFv2 process. IP Address: A.B.C.D Use the no router ospf process-id command syntax in the CONFIGURATION mode to disable OSPF.
www.dell.com | dell.com/support OSPF functions and features, such as MD5 Authentication, Grace Period, Authentication Wait Time, etc, are assigned on a per interface basis. Note: If using features like MD5 Authentication, ensure all the neighboring routers are also configured for MD5. Figure 27-9 presents an example of assigning an IP address to an interface and then assigning an OSPFv2 area that includes that Layer-3 interface’s IP address. Figure 27-9.
Loopback interfaces also assist in the OSPF process. OSPF will pick the highest interface address as the router-id and a loopback interface address has a higher precedence than other interface addresses. Figure 27-11 gives an example of the show ip ospf process-id interface command with a Loopback interface. Figure 27-11. Command Example: show ip ospf process-id interface FTOS#show ip ospf 1 int GigabitEthernet 13/23 is up, line protocol is up Internet Address 10.168.0.1/24, Area 0.0.0.
www.dell.com | dell.com/support Step Command Syntax Command Mode Usage 3 router ospf process-id [vrf {vrf CONFIGURATION Enter the ROUTER OSPF mode. Process ID is the ID assigned when configuring OSPFv2 globally (page 58). vrf name: Enter the VRF key word and instance name to tie the OSPF instance to the VRF. All network commands under this OSPF instance are subsequently tied to the VRF instance. CONFIG-ROUTER-O SPF-id Configure the area as a stub area.
Use the following command in the ROUTER OSPF mode to suppress the interface’s participation on an OSPF interface. This command stops the router from sending updates on that interface. Command Syntax Command Mode Usage passive-interface {default | interface} CONFIG-ROUTEROSPF-id Specify whether all or some of the interfaces will be passive. Default enabled passive interfaces on ALL interfaces in the OSPF process.
www.dell.com | dell.com/support Figure 27-13. Command Example: show ip ospf process-id interface FTOS#show ip ospf 34 int GigabitEthernet 0/0 is up, line protocol is down Internet Address 10.1.2.100/24, Area 1.1.1.1 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DOWN, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 0.0.0.0 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.
Figure 27-14 shows the convergence settings when fast-convergence is enabled and Figure 27-15 shows settings when fast-convergence is disabled. These displays appear with the show ip ospf command. Figure 27-14. Command Example: show ip ospf process-id (fast-convergence enabled) FTOS(conf-router_ospf-1)#fast-converge 2 FTOS(conf-router_ospf-1)#ex FTOS(conf)#ex FTOS#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.
www.dell.com | dell.com/support Use any or all of the following commands in CONFIGURATION INTERFACE mode to change OSPFv2 parameters on the interfaces: Command Syntax Command Mode Usage ip ospf cost CONFIG-INTERFACE Change the cost associated with OSPF traffic on the interface. Cost: 1 to 65535 (default depends on the interface speed). ip ospf dead-interval seconds CONFIG-INTERFACE Change the time interval the router waits before declaring a neighbor dead.
Figure 27-16. Changing the OSPF Cost Value on an Interface FTOS(conf-if)#ip ospf cost 45 FTOS(conf-if)#show config ! interface GigabitEthernet 0/0 ip address 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 FTOS(conf-if)#end FTOS#show ip ospf 34 interface The change is made on the interface and it is reflected in the OSPF configuration GigabitEthernet 0/0 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.
www.dell.com | dell.com/support • helper-reject neighbors—the router ID of each restart router that does not receive assistance from the • • configured router. mode—the situation or situations that trigger a graceful restart. role—the role or roles the configured router can perform. Note: By default, OSPF graceful restart is disabled. You enable OSPF graceful restart in CONFIGURATION ROUTER OSPF mode.
Figure 27-17. Command Example: show run ospf (partial) FTOS#show run ospf ! router ospf 1 graceful-restart grace-period 300 graceful-restart role helper-only graceful-restart mode unplanned-only graceful-restart helper-reject 10.1.1.1 graceful-restart helper-reject 20.1.1.1 network 10.0.2.0/24 area 0 FTOS# Use the following command to disable OSPF graceful-restart after you have enabled it.
www.dell.com | dell.com/support Use the following command in CONFIGURATION ROUTER OSPF mode to configure virtual links. Command Syntax Command Mode Usage area area-id virtual-link router-id [hello-interval seconds | retransmit-interval seconds | transmit-delay seconds | dead-interval seconds | authentication-key key | message-digest-key keyid md5 key] CONFIG-ROUTEROSPF-id Configure the optional parameters of a virtual link: • Area ID: assigned earlier (0-65535 or A.B.C.
Filter routes To filter routes, use prefix lists. OSPF applies prefix lists to incoming or outgoing routes. Incoming routes must meet the conditions of the prefix lists, and if they do not, OSPF does not add the route to the routing table. Configure the prefix list in CONFIGURATION PREFIX LIST mode prior to assigning it to the OSPF process. Command Syntax Command Mode Usage ip prefix-list prefix-name CONFIGURATION Create a prefix list and assign it a unique name. You are in PREFIX LIST mode.
www.dell.com | dell.com/support Redistribute routes You can add routes from other routing instances or protocols to the OSPF process. With the redistribute command syntax, you can include RIP, static, or directly connected routes in the OSPF process. Note: Do not route iBGP routes to OSPF unless there are route-maps associated with the OSPF redistribution.
Troubleshooting OSPFv2 FTOS has several tools to make troubleshooting easier. Be sure to check the following, as these are typical issues that interrupt an OSPFv2 process. Note that this is not a comprehensive list, just some examples of typical troubleshooting checks.
www.dell.com | dell.com/support Figure 27-20. Command Example: show running-config ospf FTOS#show run ospf ! router ospf 3 ! router ospf 4 router-id 4.4.4.4 network 4.4.4.0/28 area 1 ! router ospf 5 ! router ospf 6 ! router ospf 7 mib-binding ! router ospf 8 ! router ospf 90 area 2 virtual-link 4.4.4.4 area 2 virtual-link 90.90.90.90 retransmit-interval 300 ! ipv6 router ospf 999 default-information originate always router-id 10.10.10.
Use the following command in EXEC Privilege mode to configure the debugging options of an OSPFv2 process: Command Syntax Command Mode Usage debug ip ospf process-id [event | packet | spf] EXEC Privilege View debug messages. To view debug messages for a specific OSPF process ID, enter debug ip ospf process-id. If you do not enter a process ID, the command applies to the first OSPF process.
www.dell.com | dell.com/support • • • • Configure stub areas Configure Passive-Interface Redistribute routes Configure a default route Enable IPv6 Unicast Routing Command Syntax Command Mode Usage ipv6 unicast routing CONFIGURATION Enables IPv6 unicast routing globally. Assign IPv6 addresses on an interface Command Syntax Command Mode Usage ipv6 address ipv6 address CONF-INT-type slot/port Assign IPv6 address to the interface.
Assign OSPFv3 Process ID and Router ID Globally Command Syntax Command Mode Usage ipv6 router ospf {process ID} CONFIGURATION Enable the OSPFv3 process globally and enter OSPFv3 mode. Range: 0-65535 router-id {number} CONF-IPV6-ROUTER-OSPF Assign the Router ID for this OSPFv3 process number: IPv4 address Format: A.B.C.D Note: The router-id for an OSPFv3 router is entered as an IPv4 IP address.
www.dell.com | dell.com/support Configure Passive-Interface Use the following command to suppress the interface’s participation on an OSPFv3 interface. This command stops the router from sending updates on that interface. Command Syntax Command Mode Usage passive-interface {type slot/port} CONF-IPV6-ROUTER-OSPF Specify whether some or all some of the interfaces will be passive. Interface identifies the specific interface that will be passive.
Redistribute routes You can add routes from other routing instances or protocols to the OSPFv3 process. With the redistribute command syntax, you can include RIP, static, or directly connected routes in the OSPF process. Command Syntax Command Mode Usage redistribute {bgp | connected | static} [metric metric-value | metric-type type-value] [route-map map-name] [tag tag-value] CONF-IPV6-ROUTER-OSPF Specify which routes will be redistributed into OSPF process.
www.dell.com | dell.com/support Troubleshooting OSPFv3 FTOS has several tools to make troubleshooting easier. Be sure to check the following, as these are typical issues that interrupt the OSPFv3 process. Note that this is not a comprehensive list, just some examples of typical troubleshooting checks.
Use the following command in EXEC Privilege mode to configure the debugging options of an OSPFv3 process: Command Syntax Command Mode Usage debug ipv6 ospf packet {type slot/port} EXEC Privilege View debug messages for all OSPFv3 interfaces. • packet: view OSPF packet information. • For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information (e.g. passive-interface gi 2/1).
www.dell.com | dell.com/support Figure 27-21. Basic topology and CLI commands for OSPFv2 OSPF AREA 0 GI 2/1 GI 1/1 GI 2/2 GI 1/2 GI 3/1 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 ! interface GigabitEthernet 1/1 ip address 10.1.11.1/24 no shutdown ! interface GigabitEthernet 1/2 ip address 10.2.12.2/24 no shutdown ! interface Loopback 10 ip address 192.168.100.100/24 no shutdown 542 | GI 3/2 router ospf 33333 network 192.168.100.
28 PIM Sparse-Mode PIM Sparse-Mode is supported on platforms: ces PIM-Sparse Mode (PIM-SM) is a multicast protocol that forwards multicast traffic to a subnet only upon request using a PIM Join message; this behavior is the opposite of PIM-Dense Mode, which forwards multicast traffic to all subnets until a request to stop. Implementation Information • • • • • • • • • • The Dell Networking implementation of PIM-SM is based on the IETF Internet Draft draft-ietf-pim-sm-v2-new-05.
www.dell.com | dell.com/support Requesting Multicast Traffic A host requesting multicast traffic for a particular group sends an IGMP Join message to its gateway router. The gateway router is then responsible for joining the shared tree to the RP (RPT) so that the host can receive the requested traffic. 1. Upon receiving an IGMP Join message, the receiver gateway router (last-hop DR) creates a (*,G) entry in its multicast routing table for the requested group.
source, including the RP, create an (S,G) entry and list the interface on which the message was received as an outgoing interface, thus recreating a SPT to the source. 3. Once the RP starts receiving multicast traffic via the (S,G) it unicasts a Register-Stop message to the first-hop DR so that multicast packets are no longer encapsulated in PIM Register packets and unicast.
www.dell.com | dell.com/support Enable PIM-SM You must enable PIM-SM on each participating interface: Step Task Command Command Mode 1 Enable multicast routing on the system. ip multicast-routing CONFIGURATION 2 Enable PIM-Sparse Mode ip pim sparse-mode INTERFACE Display which interfaces are enabled with PIM-SM using the command show ip pim interface from EXEC Privilege mode, as shown in Figure 28-1. Figure 28-1.
Figure 28-3. Viewing the PIM Multicast Routing Table FTOS#show ip pim tib PIM Multicast Routing Table Flags: D - Dense, S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 192.1.2.1), uptime 00:29:36, expires 00:03:26, RP 10.87.2.6, flags: SCJ Incoming interface: GigabitEthernet 4/12, RPF neighbor 10.87.3.
www.dell.com | dell.com/support Step 3 Task Command Syntax Command Mode Set the expiry time for a specific (S,G) entry (Figure 28-4). Range 211-86400 seconds Default: 210 ip pim sparse-mode sg-expiry-timer seconds sg-list access-list-name CONFIGURATION Note: The expiry time configuration is nullified, and the default global expiry time is used if: • an ACL is specified in the ip pim sparse-mode sg-expiry-timer command, but the ACL has not been created or is a standard ACL.
Override Bootstrap Router Updates PIM-SM routers need to know the address of the RP for each group for which they have (*,G) entry. This address is obtained automatically through the bootstrap router (BSR) mechanism or a static RP configuration. If you have configured a static RP for a group, use the option override with the command ip pim rp-address to override bootstrap router updates with your static RP configuration.
www.dell.com | dell.com/support Create Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM Multicast Border Routers (PMBRs). PMBRs connect each PIM domain to the rest of the internet. Create multicast boundaries and domains by filtering inbound and outbound Bootstrap Router (BSR) messages per interface, use the ip pim bsr-border command.
Enable PIM-SM graceful restart (non-stop forwarding capability) using the command ip pim graceful-restart nsf from CONFIGURATION mode. There are two options with this command: • restart-time is the time required by the Dell Networking system to restart. The default value is 180 seconds. • stale-entry-time is the maximum amount of time that the Dell Networking system preserves entries from a restarting neighbor. The default value is 60 seconds.
| PIM Sparse-Mode www.dell.com | dell.
29 PIM Source-Specific Mode PIM Source-Specific Mode is supported on platforms: ces PIM-Source-Specific Mode (PIM-SSM) is a multicast protocol that forwards multicast traffic from a single source to a subnet. In the other versions of Protocol Independent Multicast (PIM), a receiver subscribes to a group only. The receiver receives traffic not just from the source in which it is interested but from all sources sending to that group.
| PIM Source-Specific Mode (10.11.5.2, 239.0.0.2), uptime 00:00:36, expires 00:03:14, flags: CT Incoming interface: GigabitEthernet 1/31, RPF neighbor 10.11.13.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:02:12/Never interface Vlan 400 ip pim sparse-mode ip address 10.11.4.1/24 untagged GigabitEthernet 1/2 ip igmp version 3 no shutdown interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.1/24 no shutdown RP 2/1 R1 3/21 3/1 Source 1 10.11.5.
Implementation Information • • • • • The Dell Networking implementation of PIM-SSM is based on RFC 3569. C-Series supports a maximum of 31 PIM interfaces and 4K multicast entries including (*,G), and (S,G) entries. There is no limit on the number of PIM neighbors C-Series can have. S-Series supports a maximum of 31 PIM interfaces and 2K multicast entries including (*,G), and (S,G) entries. There is no limit on the number of PIM neighbors S-Series can have.
www.dell.com | dell.com/support Enable PIM-SSM To enable PIM-SSM: Step Task Command Syntax Command Mode 1 Create an ACL that uses permit rules to specify what range of addresses should use SSM. You must at least include one rule, permit 232.0.0.0/8, which is the default range for PIM-SSM. ip access-list standard name CONFIGURATION 2 Enter the command ip pim ssm-range and specify the ACL you created.
• When an extended ACL is associated with this command, FTOS displays an error message. If you apply an extended ACL before you create it, FTOS accepts the configuration, but when the ACL is later defined, FTOS ignores the ACL and the stated mapping has no effect. Display the source to which a group is mapped using the command show ip igmp ssm-map [group], as shown in Figure 29-4 on page 559.
| PIM Source-Specific Mode interface Vlan 400 ip pim sparse-mode ip address 10.11.4.1/24 untagged GigabitEthernet 1/2 ip igmp version 3 no shutdown ip igmp snooping enable (10.11.5.2, 239.0.0.2), uptime 00:00:33, expires 00:00:00, flags: CJ Incoming interface: GigabitEthernet 1/31, RPF neighbor 10.11.13.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:00:33/Never (10.11.5.2, 239.0.0.1), uptime 00:01:50, expires 00:03:28, flags: CT Incoming interface: GigabitEthernet 1/31, RPF neighbor 10.11.
Figure 29-4. Configuring PIM-SSM with IGMPv2 R1(conf)#do show run pim ! ip pim rp-address 10.11.12.2 group-address 224.0.0.0/4 ip pim ssm-range ssm R1(conf)#do show run acl ! ip access-list standard map seq 5 permit host 239.0.0.2 ! ip access-list standard ssm seq 5 permit host 239.0.0.2 R1(conf)#ip igmp ssm-map map 10.11.5.2 R1(conf)#do show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Mode 239.0.0.2 Vlan 300 IGMPv2-Compat Member Ports: Gi 1/1 239.0.0.
| PIM Source-Specific Mode www.dell.com | dell.
30 Port Monitoring Port Monitoring is supported on platforms: ces Port Monitoring is a feature that copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG). Port Monitoring functionality is different between platforms, but the behavior is the same, with highlighted exceptions.
www.dell.com | dell.com/support • The C-Series and S-Series may only have four destination ports per port-pipe. There is no limitation on the total number of monitoring sessions. Table 30-1 lists the maximum number of monitoring sessions per system. For the C-Series and S-Series, the total number of sessions is derived by consuming a unique destination port in each session, in each port-pipe. Table 30-1.
On the E-Series TeraScale, FTOS supports a single source-destination statement in a monitor session (Message 2). E-Series TeraScale supports only one source and one destination port per port-pipe (Message 3). Therefore, the E-Series TeraScale supports as many monitoring sessions as there are port-pipes in the system. Message 2 Multiple Source-Destination Statements Error Message on E-Series TeraScale % Error: Remove existing monitor configuration.
www.dell.com | dell.com/support The number of source ports FTOS allows within a port-pipe is equal to the number of physical ports in the port-pipe (n). However, n number of ports may only have four different destination ports (Message 5). Figure 30-2.
Figure 30-4.
www.dell.com | dell.com/support FTOS Behavior: The C-Series and S-Series continue to mirror outgoing traffic even after an MD participating in Spanning Tree Protocol transitions from the forwarding to blocking. Configuring Port Monitoring To configure port monitoring: Step Task Command Syntax Command Mode 1 Verify that the intended monitoring port has no configuration other than no shutdown, as shown in Figure 30-6.
Figure 30-7.
www.dell.com | dell.com/support Flow-based Monitoring Flow-based Monitoring is supported only on platform e Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead all traffic on the interface. This feature is particularly useful when looking for malicious traffic. It is available for Layer 2 and Layer 3 ingress and egress traffic. You may specify traffic using standard or extended access-lists.
Figure 30-8. Configuring Flow-based Monitoring FTOS(conf)#monitor session 0 FTOS(conf-mon-sess-0)#flow-based enable FTOS(conf)#ip access-list ext testflow FTOS(config-ext-nacl)#seq 5 permit icmp any any count bytes monitor FTOS(config-ext-nacl)#seq 10 permit ip 102.1.1.
| Port Monitoring www.dell.com | dell.
31 Private VLANs FTOS 7.8.1.0 adds a Private VLAN (PVLAN) feature for the C-Series and S-Series: cs For syntax details on the commands discussed in this chapter, see the Private VLANs Commands chapter in the FTOS Command Reference.
www.dell.com | dell.com/support Private VLAN Concepts The VLAN types in a private VLAN (PVLAN) include: Community VLAN — A community VLAN is a type of secondary VLAN in a primary VLAN: • • • Ports in a community VLAN can communicate with each other. Ports in a community VLAN can communicate with all promiscuous ports in the primary VLAN. A community VLAN can only contain ports configured as host.
Each of the port types can be any type of physical Ethernet port, including port channels (LAGs). For details on port channels, see Port Channel Interfaces in Chapter 18, Interfaces. For an introduction to VLANs, see Chapter 23, Layer 2. Private VLAN Commands The commands dedicated to supporting the Private VLANs feature are: Table 31-1. Private VLAN Commands Task Command Syntax Command Mode Enable/disable Layer 3 communication between secondary VLANs.
www.dell.com | dell.com/support Private VLAN Configuration Task List The following sections contain the procedures that configure a private VLAN: • • • • Creating PVLAN ports Creating a Primary VLAN Creating a Community VLAN Creating an Isolated VLAN Creating PVLAN ports Private VLAN ports are those that will be assigned to the private VLAN (PVLAN). Step Command Syntax Command Mode Purpose interface interface CONFIGURATION Access the INTERFACE mode for the port that you want to assign to a PVLAN.
Creating a Primary VLAN A primary VLAN is a port-based VLAN that is specifically enabled as a primary VLAN to contain the promiscuous ports and PVLAN trunk ports for the private VLAN. A primary VLAN also contains a mapping to secondary VLANs, which are comprised of community VLANs and isolated VLANs. Step Command Syntax Command Mode Purpose interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode for the VLAN to which you want to assign the PVLAN interfaces.
www.dell.com | dell.com/support Creating a Community VLAN A community VLAN is a secondary VLAN of the primary VLAN in a private VLAN. The ports in a community VLAN can talk to each other and with the promiscuous ports in the primary VLAN. Step Command Syntax Command Mode Purpose 1 interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode for the VLAN that you want to make a community VLAN. 2 no shutdown INTERFACE VLAN Enable the VLAN.
Figure 31-2. Configuring VLANs for a Private VLAN FTOS#conf FTOS(conf)# interface vlan 10 FTOS(conf-vlan-10)# private-vlan mode primary FTOS(conf-vlan-10)# private-vlan mapping secondary-vlan 100-101 FTOS(conf-vlan-10)# untagged Gi 2/1 FTOS(conf-vlan-10)# tagged Gi 2/3 FTOS(conf)# interface vlan 101 FTOS(conf-vlan-101)# private-vlan mode community FTOS(conf-vlan-101)# untagged Gi 2/10 FTOS(conf)# interface vlan 100 Private VLAN Configuration Example Figure 31-3.
www.dell.com | dell.com/support The result is that: • • • • The ports in community VLAN 4001 can communicate directly with each other and with promiscuous ports. The ports in community VLAN 4002 can communicate directly with each other and with promiscuous ports The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the primary VLAN 4000.
show vlan private-vlan mapping: Display the primary-secondary VLAN mapping. See the example • output from the S50V, above, in Figure 31-6. Two show commands revised to display PVLAN data are: • • show arp • show vlan: See Figure 31-4. revised output in Figure 31-7. show vlan private-vlan Example Output from C300 c300-1#show vlan private-vlan Primary Secondary Type Active ------- --------- --------- -----4000 Primary Yes 4001 Community Yes 4002 Community Yes 4003 Isolated Yes Figure 31-5.
www.dell.com | dell.com/support Figure 31-8.
32 Per-VLAN Spanning Tree Plus Per-VLAN Spanning Tree Plus is supported platforms: ces Protocol Overview Per-VLAN Spanning Tree Plus (PVST+) is a variation of Spanning Tree—developed by a third party— that allows you to configure a separate Spanning Tree instance for each VLAN. For more information on Spanning Tree, see Chapter 41, Spanning Tree Protocol. Figure 32-1.
www.dell.com | dell.com/support FTOS supports three other variations of Spanning Tree, as shown in Table 32-1. Table 32-1. FTOS Supported Spanning Tree Protocols Dell Networking Term IEEE Specification Spanning Tree Protocol 802.1d Rapid Spanning Tree Protocol 802.1w Multiple Spanning Tree Protocol 802.1s Per-VLAN Spanning Tree Plus Third Party Implementation Information • • • • The FTOS implementation of PVST+ is based on IEEE Standard 802.1d. The FTOS implementation of PVST+ uses IEEE 802.
• • • PVST+ in Multi-vendor Networks PVST+ Extended System ID PVST+ Sample Configurations Enable PVST+ When you enable PVST+, FTOS instantiates STP on each active VLAN. To enable PVST+ globally: Step Task Command Syntax Command Mode 1 Enter PVST context. protocol spanning-tree pvst PROTOCOL PVST 2 Enable PVST+. no disable PROTOCOL PVST Disable PVST+ Task Command Syntax Command Mode Disable PVST+ globally.
Load Balancing with PVST+ STI 2 root STI 1: VLAN 100 STI 2: VLAN 200 STI 3: VLAN 300 R2 vlan 100 bridge-priority 4096 2/32 Blocking 3/22 X R3 STI 3 root vlan 100 bridge-priority 4096 3/12 2/12 Forwarding www.dell.com | dell.com/support Figure 32-3. 1/22 X X 1/32 STI 1 root R1 vlan 100 bridge-priority 4096 The bridge with the bridge value for bridge priority is elected root.
Figure 32-4. Display the PVST+ Forwarding Topology FTOS_E600(conf)#do show spanning-tree pvst vlan 100 VLAN 100 Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 100 Current root has priority 4096, Address 0001.e80d.
www.dell.com | dell.com/support Task Command Syntax Command Mode Change the max-age parameter. Range: 6 to 40 Default: 20 seconds vlan max-age PROTOCOL PVST The values for global PVST+ parameters are given in the output of the command show spanning-tree pvst, as shown in Figure 32-4. Modify Interface PVST+ Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port: • • Port cost is a value that is based on the interface type.
Task Command Syntax Command Mode Change the port priority of an interface. Range: 0 to 240, in increments of 16 Default: 128 spanning-tree pvst vlan priority INTERFACE The values for interface PVST+ parameters are given in the output of the command show spanning-tree pvst, as shown in Figure 32-4. Configure an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner.
www.dell.com | dell.com/support FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1If the interface to be shutdown is a port channel then all the member ports are disabled in the hardware. 2When a physical port is added to a port channel already in error disable state, the new member port will also be disabled in the hardware.
Figure 32-5. PVST+ with Extend System ID Dell Force10 System VLAN unaware Hub P1 untagged in VLAN 10 X P2 untagged in VLAN 20 moves to blocking unless Extended System ID is enabled Task Command Syntax Command Mode Augment the Bridge ID with the VLAN ID. extend system-id PROTOCOL PVST FTOS(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.
www.dell.com | dell.com/support Figure 32-6.
Figure 32-7.
www.dell.com | dell.
33 Quality of Service Quality of Service (QoS) is supported on platforms: ces Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. The E-Series has eight unicast queues per port and 128 multicast queues per-port pipe. Traffic is queued on ingress and egress. By default, on ingress, all data traffic is mapped to Queue 0, and all control traffic is mapped to Queue 7. On egress control traffic is mapped across all eight queues.
www.dell.com | dell.com/support Table 33-1.
Figure 33-1. Dell Networking QoS Architecture Marking (DiffServ, 802.1p, Exp) Ingress Packet Processing Packet Classification (ACL) Rate Policing Buffers Class-based Queues Switching Rate Limiting Buffers Class-based Queues Egress Congestion Management (WFQ Scheduling) Egress Packet Processing Traffic Shaping Congestion Avoidance (WRED) Implementation Information Dell Networking QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication.
www.dell.com | dell.com/support • • • Configure Port-based Rate Limiting Configure Port-based Rate Shaping Storm Control Set dot1p Priorities for Incoming Traffic Change the priority of incoming traffic on the interface using the command dot1p-priority from INTERFACE mode, as shown in Figure 33-2. FTOS places traffic marked with a priority in a queue based on Table 33-2. If you set a dot1p priority for a port-channel, all port-channel members are configured with the same value.
On the C-Series and S-Series you can configure service-class dynamic dot1p from CONFIGURATION mode, which applies the configuration to all interfaces. A CONFIGURATION mode service-class dynamic dot1p entry supersedes any INTERFACE entries. See Mapping dot1p values to service queues. Note: You cannot configure service-policy input and service-class dynamic dot1p on the same interface. Figure 33-3.
www.dell.com | dell.com/support Figure 33-5.
Figure 33-7.
www.dell.com | dell.com/support Figure 33-9. Constructing Policy-based QoS Configurations Interface Input Service Policy 0 Output Service Policy 7 Input Policy Map Input Policy Map Class Map L3 ACL L3 Fields 7 0 DSCP Rate Policing Output Policy Map Output Policy Map Output QoS Policy Input QoS Policy Outgoing Marking Rate Limiting WRED B/W % Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to each class.
Figure 33-10. Using the Order Keyword in ACLs FTOS(conf)#ip access-list standard acl1 FTOS(config-std-nacl)#permit 20.0.0.0/8 FTOS(config-std-nacl)#exit FTOS(conf)#ip access-list standard acl2 FTOS(config-std-nacl)#permit 20.1.1.
www.dell.com | dell.com/support Set DSCP values for egress packets based on flow Match-any Layer 3 flows may have several match criteria. All flows that match at least one of the match criteria are mapped to the same queue since they are in the same class map. Setting a DSCP value from QOS-POLICY-IN mode (see Set a DSCP value for egress packets) assigns the same DSCP value to all of the matching flows in the class-map.
FTOS Behavior: An explicit “deny any” rule in a Layer 3 ACL used in a (match any or match all) class-map creates a “default to Queue 0" entry in the CAM, which causes unintended traffic classification. Below, traffic is classified in two Queues, 1 and 2. Class-map ClassAF1 is “match any,” and ClassAF2 is “match all”.
www.dell.com | dell.com/support Create a QoS Policy There are two types of QoS policies: input and output. Input QoS policies regulate Layer 3 and Layer 2 ingress traffic. The regulation mechanisms for input QoS policies are rate policing and setting priority values. There are two types of input QoS policies: Layer 3 and Layer 2. • • Layer 3 QoS input policies allow you to rate police and set a DSCP or dot1p value. Layer 2 QoS input policies allow you to rate police and set a dot1p value.
Figure 33-12. Marking DSCP Values for Egress Packets FTOS#config FTOS(conf)#qos-policy-input my-input-qos-policy FTOS(conf-qos-policy-in)#set ip-dscp 34 % Info: To set the specified DSCP value 34 (100-010 b) the QoS policy must be mapped to queue 4 (100 b).
www.dell.com | dell.com/support To allocate bandwidth to queues on the C-Series and S-Series, assign each queue a weight ranging from 1 to 1024, in increments of 2n, using the command bandwidth-weight. Table 33-3 shows the default bandwidth weights for each queue, and their equivalent percentage which is derived by dividing the bandwidth weight by the sum of all queue weights. Table 33-3. Default Bandwidth Weights for C-Series and S-Series Queue Default Weight Equivalent Percentage 0 1 6.
Create Input Policy Maps There are two types of input policy-maps: Layer 3 and Layer 2. 1. Create a Layer 3 input policy map using the command policy-map-input from CONFIGURATION mode. Create a Layer 2 input policy map by specifying the keyword layer2 with the policy-map-input command. 2.
www.dell.com | dell.com/support DSCP/CP hex range (XXX)xxx DSCP Definition Traditional IP Precedence E-Series Internal Queue ID C-Series Internal Queue ID S-Series Internal DSCP/CP Queue ID decimal 011XXX AF3 Flash 3 1 1 010XXX AF2 Immediate 2 1 1 001XXX AF1 Priority 1 0 0 000XXX BE (Best Effort) Best Effort 0 0 0 16–31 0–15 Honoring dot1p values on ingress packets FTOS provides the ability to honor dot1p values on ingress packets with the Trust dot1p feature.
By default, if no match occurs, the packet is queued to the default queue, Queue 0.
www.dell.com | dell.com/support Mapping dot1p values to service queues Mapping dot1p values to service queues is available only on platforms: cs On the C-Series and S-Series all traffic is by default mapped to the same queue, Queue 0. If you honor dot1p on ingress, then you can create service classes based the queueing strategy in Table 33-6 using the command service-class dynamic dot1p from INTERFACE mode. You may apply this queuing strategy globally by entering this command from CONFIGURATION mode.
Apply an output QoS policy to a queue Apply an output QoS policy to queues using the command service-queue from INTERFACE mode. Specify an aggregate QoS policy Specify an aggregate QoS policy using the command policy-aggregate from POLICY-MAP-OUT mode. Apply an output policy map to an interface Apply an input policy map to an interface using the command service-policy output from INTERFACE mode. You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it.
www.dell.com | dell.com/support Strict-priority Queueing You can assign strict-priority to one unicast queue, 1-7, using the command strict-priority from CONFIGURATION mode. Strict-priority means that FTOS dequeues all packets from the assigned queue before servicing any other queues. • • • The strict-priority supersedes bandwidth-percentage an bandwidth-weight percentage configurations. A queue with strict-priority can starve other queues in the same port-pipe.
You can create a custom WRED profile or use on of the five pre-defined profiles listed in Table 33-7. Table 33-7. Pre-defined WRED Profiles Default Profile Minimum Name Threshold Maximum Threshold wred_drop 0 0 wred_ge_y 1024 2048 wred_ge_g 2048 4096 wred_teng_y 4096 8192 wred_teng_g 8192 16384 Create WRED Profiles To create a WRED profile: 1. Create a WRED profile using the command wred from CONFIGURATION mode. 2. The command wred places you in WRED mode.
www.dell.com | dell.com/support WRED can be used in combination with storm control to regulate broadcast and unknown-unicast traffic. This feature is available through an additional option in command storm-control [broadcast | unknown-unicast] at CONFIGURATION. See the FTOS Command Line Reference for information on using this command. Using the command storm-control broadcast 50 out wred-profile, for example, first the total bandwidth that broadcast traffic can consume is reduced to 50% of line rate.
Figure 33-15.
www.dell.com | dell.com/support For example, if you configure 70% bandwidth to multicast, 80% bandwidth to one queue in unicast and 0 % to all remaining unicast queues, then first, FTOS assigns 70% bandwidth to multicast, then FTOS derives the 80% bandwidth for unicast from the remaining 30% of total bandwidth. Pre-calculating Available QoS CAM Space Pre-calculating Available QoS CAM Space is supported on platforms: ces Before version 7.3.
• Status indicates whether or not the specified policy-map can be completely applied to an interface in the port-pipe. • Allowed indicates that the policy-map can be applied because the estimated number of CAM entries is less or equal to the available number of CAM entries. The number of interfaces in the port-pipe to which the policy-map can be applied is given in parenthesis.
www.dell.com | dell.com/support Figure 33-17.
Figure 33-19.
www.dell.com | dell.com/support Figure 33-20. 620 Classifying VOIP Traffic and Applying QoS Policies for an Office VOIP Deployment FTOS#sh run acl ! ip access-list extended pc-subnet seq 5 permit ip 201.1.1.0/24 any ! ip access-list extended phone-signalling seq 5 permit ip 192.1.1.0/24 host 192.1.1.1 ! ip access-list extended phone-subnet seq 5 permit ip 192.1.1.
34 Routing Information Protocol Routing Information Protocol is supported only on platforms: ce s RIP is supported on the S-Series following the release of FTOS version 7.8.1.0, and on the C-Series with FTOS versions 7.6.1.0 and after. Routing Information Protocol (RIP) is based on a distance-vector algorithm, it tracks distances or hop counts to nearby routers when establishing network connections.
www.dell.com | dell.com/support RIP must receive regular routing updates to maintain a correct routing table. Response messages containing a router’s full routing table are transmitted every 30 seconds. If a router does not send an update within a certain amount of time, the hop count to that route is changed to unreachable (a route hop metric of 16 hops). Another timer sets the amount of time before the unreachable routes are removed from the routing table.
Configuration Task List for RIP • • • • • • • • • Enable RIP globally (mandatory) Configure RIP on interfaces (optional) Control RIP routing updates (optional) Set send and receive version (optional) Generate a default route (optional) Control route metrics (optional) Summarize routes (optional) Control route metrics Debug RIP For a complete listing of all commands related to RIP, refer to the FTOS Command Reference. Enable RIP globally By default, RIP is not enabled in FTOS.
www.dell.com | dell.com/support When the RIP process has learned the RIP routes, use the show ip rip database command in the EXEC mode to view those routes (Figure 385). Figure 34-2. show ip rip database Command Example (Partial) FTOS#show ip rip database Total number of routes in RIP database: 978 160.160.0.0/16 [120/1] via 29.10.10.12, 00:00:26, Fa 160.160.0.0/16 auto-summary 2.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 2.0.0.0/8 auto-summary 4.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 4.0.0.
Control RIP routing updates By default, RIP broadcasts routing information out all enabled interfaces, but you can configure RIP to send or to block RIP routing information, either from a specific IP address or a specific interface. To control which devices or interfaces receive routing updates, you must configure a direct update to one router and configure interfaces to block RIP updates from other sources.
www.dell.com | dell.com/support To add routes from other routing instances or protocols, use any of the following commands in the ROUTER RIP mode: Command Syntax Command Mode Purpose redistribute {connected | static} [metric metric-value] [route-map map-name] ROUTER RIP Include directly connected or user-configured (static) routes in RIP. • metric range: 0 to 16 • map-name: name of a configured route map.
Figure 34-3 shows an example of the RIP configuration after the ROUTER RIP mode version command is set to RIPv2. When the ROUTER RIP mode version command is set, the interface (GigabitEthernet 0/0) participating in the RIP process is also set to send and receive RIPv2. Figure 34-3.
www.dell.com | dell.com/support Figure 34-5.
Summarize routes Routes in the RIPv2 routing table are summarized by default, thus reducing the size of the routing table and improving routing efficiency in large networks. By default, the autosummary command in the ROUTER RIP mode is enabled and summarizes RIP routes up to the classful network boundary. If you must perform routing between discontiguous subnets, disable automatic summarization. With automatic route summarization disabled, subnets are advertised.
www.dell.com | dell.com/support Debug RIP The debug ip rip command enables RIP debugging. When debugging is enabled, you can view information on RIP protocol changes or RIP routes. To enable RIP debugging, use the following command in the EXEC privilege mode: Command Syntax Command Mode Purpose debug ip rip [interface | database | events | trigger] EXEC privilege Enable debugging of RIP. Figure 34-6 shows the confirmation when the debug function is enabled. Figure 34-6.
Configuring RIPv2 on Core 2 Figure 34-8. Configuring RIPv2 on Core 2 Core2(conf-if-gi-2/31)# Core2(conf-if-gi-2/31)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10.0 Core2(conf-router_rip)#network 10.300.10.0 Core2(conf-router_rip)#network 10.11.10.0 Core2(conf-router_rip)#network 10.11.20.0 Core2(conf-router_rip)#show config ! router rip network 10.0.0.
www.dell.com | dell.com/support Figure 34-10.
RIP Configuration on Core 3 Figure 34-12. RIP Configuration on Core 3 Core3(conf-if-gi-3/21)#router rip Core3(conf-router_rip)#version 2 Core3(conf-router_rip)#network 192.168.1.0 Core3(conf-router_rip)#network 192.168.2.0 Core3(conf-router_rip)#network 10.11.30.0 Core3(conf-router_rip)#network 10.11.20.0 Core3(conf-router_rip)#show config ! router rip network 10.0.0.0 network 192.168.1.0 network 192.168.2.
www.dell.com | dell.com/support Figure 34-14.
RIP Configuration Summary Figure 34-16. Summary of Core 2 RIP Configuration Using Output of show run Command ! interface GigabitEthernet 2/11 ip address 10.11.10.1/24 no shutdown ! interface GigabitEthernet 2/31 ip address 10.11.20.2/24 no shutdown ! interface GigabitEthernet 2/41 ip address 10.200.10.1/24 no shutdown ! interface GigabitEthernet 2/42 ip address 10.250.10.1/24 no shutdown router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 Figure 34-17.
www.dell.com | dell.
35 Remote Monitoring Remote Monitoring is supported on platform ces This chapter describes the Remote Monitoring (RMON): • • Implementation Fault Recovery Remote Monitoring (RMON) is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet Interfaces. RMON operates with SNMP and monitors all nodes on a LAN segment.
www.dell.com | dell.com/support Fault Recovery RMON provides the following fault recovery functions: Interface Down—When an RMON-enabled interface goes down, monitoring continues. However, all data values are registered as 0xFFFFFFFF (32 bits) or ixFFFFFFFFFFFFFFFF (64 bits). When the interface comes back up, RMON monitoring processes resumes. Note: A Network Management System (NMS) should be ready to interpret a down interface and plot the interface performance graph accordingly.
Set rmon alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. To disable the alarm, use the no form of this command: Command Syntax Command Mode Purpose [no] rmon alarm number variable interval {delta | absolute} rising-threshold [value event-number] falling-threshold value event-number [owner string] CONFIGURATION Set an alarm on any MIB object. Use the no form of this command to disable the alarm.
www.dell.com | dell.com/support Figure 35-1. rmon alarm Command Example FTOS(conf)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 20 delta rising-threshold 15 1 falling-threshold 0 owner nms1 Alarm Number MIB Variable Monitor Interval Counter Value Limit Triggered Event The above example configures RMON alarm number 10. The alarm monitors the MIB variable 1.3.6.1.2.1.2.2.1.20.1 (ifEntry.ifOutErrors) once every 20 seconds until the alarm is disabled, and checks the rise or fall of the variable.
Figure 35-2. rmon event Command Example FTOS(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 The above configuration example creates RMON event number 1, with the description “High ifOutErrors”, and generates a log entry when the event is triggered by an alarm. The user nms1 owns the row that is created in the event table by this command. This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”.
www.dell.com | dell.com/support Configure RMON collection history To enable the RMON MIB history group of statistics collection on an interface, use the rmon collection history command in interface configuration mode. To remove a specified RMON history group of statistics collection, use the no form of this command.
36 Rapid Spanning Tree Protocol Rapid Spanning Tree Protocol is supported on platforms: ces Protocol Overview Rapid Spanning Tree Protocol (RSTP) is a Layer 2 protocol—specified by IEEE 802.1w—that is essentially the same as Spanning-Tree Protocol (STP) but provides faster convergence and interoperability with switches configured with STP and MSTP. FTOS supports three other variations of Spanning Tree, as shown in Table 36-1. Table 36-1.
www.dell.com | dell.com/support • • • • • • • Configure an EdgePort Preventing Network Disruptions with BPDU Guard Influence RSTP Root Selection Configuring Spanning Trees as Hitless SNMP Traps for Root Elections and Topology Changes Fast Hellos for Link State Detection Flush MAC Addresses after a Topology Change Important Points to Remember • • • • RSTP is disabled by default. FTOS supports only one Rapid Spanning Tree (RST) instance.
To configure the interfaces for Layer 2 and then enable them: Step Task Command Syntax Command Mode 1 If the interface has been assigned an IP address, remove it. no ip address INTERFACE 2 Place the interface in Layer 2 mode. switchport INTERFACE 3 Enable the interface. no shutdown INTERFACE Verify that an interface is in Layer 2 mode and enabled using the show config command from INTERFACE mode. Figure 36-2.
www.dell.com | dell.com/support Figure 36-3. Verifying RSTP is Enabled FTOS(conf-rstp)#show config ! protocol spanning-tree rstp no disable FTOS(conf-rstp)# Indicates that Rapid Spanning Tree is enabled When you enable Rapid Spanning Tree, all physical and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of the RST topology. • • Only one path from any bridge to any other bridge is enabled. Bridges block a redundant path by disabling one of the link ports.
Figure 36-5. show spanning-tree rstp Command Example FTOS#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.cbb4 Configured hello time 2, max age 20, forward delay 15, max hops 0 We are the root Current root has priority 32768, Address 0001.e801.
www.dell.com | dell.com/support Figure 36-6. show spanning-tree rstp brief Command Example R3#show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e80f.
Table 36-2 displays the default values for RSTP. Table 36-2.
www.dell.com | dell.com/support • Port priority influences the likelihood that a port will be selected to be a forwarding port in case that several ports have the same port cost. To change the port cost or priority of an interface, use the following commands: Task Command Syntax Command Mode Change the port cost of an interface. Range: 0 to 65535 Default: see Table 36-2. spanning-tree rstp cost cost INTERFACE Change the port priority of an interface.
FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1If the interface to be shutdown is a port channel then all the member ports are disabled in the hardware. 2When a physical port is added to a port channel already in error disable state, the new member port will also be disabled in the hardware. 3When a physical port is removed from a port channel in error disable state, the error disabled state is cleared on this physical port (the physical port will be enabled in the hardware).
www.dell.com | dell.com/support Figure 36-8. bridge-priority Command Example FTOS(conf-rstp)#bridge-priority 4096 04:27:59: %RPM0-P:RP2 %SPANMGR-5-STP_ROOT_CHANGE: RSTP root changed. My Bridge ID: 4096:0001.e80b.88bd Old Root: 32768:0001.e801.cbb4 New Root: 4096:0001.e80b.88bd Old root bridge ID New root bridge ID SNMP Traps for Root Elections and Topology Changes Enable SNMP traps for RSTP, MSTP, and PVST+ collectively using the command snmp-server enable traps xstp.
37 Security Security features are supported on platforms ces This chapter discusses several ways to provide access security to the Dell Networking system. Platform-specific features are identified by the • • • • • • • • • • c, e or s icons (as shown below).
www.dell.com | dell.
Suppress AAA Accounting for null username sessions When AAA Accounting is activated, the FTOS software issues accounting records for all users on the system, including users whose username string, because of protocol translation, is NULL. An example of this is a user who comes in on a line where the AAA Authentication login method-list none command is applied.
www.dell.com | dell.com/support No specific show command exists for TACACS+ accounting. To obtain accounting records displaying information about users currently logged in, perform the following task in Privileged EXEC mode: Command Syntax Command Mode Purpose show accounting CONFIGURATION Step through all active sessions and print all the accounting records for the actively accounted functions. Figure 37-1.
Configure login authentication for terminal lines You can assign up to five authentication methods to a method list. FTOS evaluates the methods in the order in which you enter them in each list. If the first method list does not respond or returns an error, FTOS applies the next method list until the user either passes or fails the authentication. If the user fails a method list, FTOS does not apply the next method list.
www.dell.com | dell.com/support To view the configuration, use the show config command in the LINE mode or the show running-config in the EXEC Privilege mode. Note: Dell Networking recommends that you use the none method only as a backup. This method does not authenticate users. The none and enable methods do not work with SSH. You can create multiple method lists and assign them to different terminal lines.
To use local authentication for enable secret on console, while using remote authentication on VTY lines, perform the following steps: FTOS(config)# aaa authentication enable mymethodlist radius tacacs FTOS(config)# line vty 0 9 FTOS(config-line-vty)# enable authentication mymethodlist Server-side configuration TACACS+: When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then, a second packet with just the password.
www.dell.com | dell.com/support Privilege levels 2 through 14 are not configured and you can customize them for different users and access. After you configure other privilege levels, enter those levels by adding the level parameter after the enable command or by configuring a user name or password that corresponds to the privilege level. Refer to Configure a username and password for more information on configuring user names. By default, commands in FTOS are assigned to different privilege levels.
To configure a username and password, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose username name [access-class access-list-name] [nopassword | password [encryption-type] password] [privilege level] CONFIGURATION Assign a user name and password. Configure the optional and required parameters: • name: Enter a text string up to 63 characters long. • access-class access-list-name: Enter the name of a configured IP ACL.
www.dell.com | dell.com/support Configure custom privilege levels In addition to assigning privilege levels to the user, you can configure the privilege levels of commands so that they are visible in different privilege levels. Within FTOS, commands have certain privilege levels. With the privilege command, the default level can be changed or you can reset their privilege level back to the default.
Step Command Syntax Command Mode Purpose 3 privilege mode {level level command | reset command} CONFIGURATION Configure level and commands for a mode or reset a command’s level. Configure the following required and optional parameters: • mode: Enter a keyword for the modes (exec, configure, interface, line, route-map, router) • level level range: 0 to 15. Levels 0, 1 and 15 are pre-configured. Levels 2 to 14 are available for custom configuration.
www.dell.com | dell.com/support Figure 37-3. User john’s Login and the List of Available Commands apollo% telnet 172.31.1.53 Trying 172.31.1.53... Connected to 172.31.1.53. Escape character is '^]'.
To move to a lower privilege level, enter the command disable followed by the level-number you wish to set for the user in the EXEC Privilege mode. If you enter disable without a level-number, your security level is 1. RADIUS Remote Authentication Dial-In User Service (RADIUS) is a distributed client/server protocol. This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and a RADIUS client (the Dell Networking system).
www.dell.com | dell.com/support Idle Time Every session line has its own idle-time. If the idle-time value is not changed, the default value of 30 minutes is used. RADIUS specifies idle-time allow for a user during a session before timeout. When a user logs in, the lower of the two idle-time values (configured or default) is used.
• Monitor RADIUS (optional) For a complete listing of all FTOS commands related to RADIUS, refer to the Security chapter in the FTOS Command Reference. Note: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of authentication. However, if RADIUS authorization is configured and authentication is not, then a message is logged stating this.
www.dell.com | dell.com/support Specify a RADIUS server host When configuring a RADIUS server host, you can set different communication parameters, such as the UDP port, the key password, the number of retries, and the timeout.
To set global communication parameters for all RADIUS server hosts, use any or all of the following commands in the CONFIGURATION mode: Command Syntax Command Mode Purpose radius-server deadtime seconds CONFIGURATION Set a time interval after which a RADIUS host server is declared dead. • seconds range: 0 to 2147483647. Default: 0 seconds radius-server key [encryption-type] key CONFIGURATION Configure a key for all RADIUS communications between the system and RADIUS server hosts.
www.dell.com | dell.com/support • • • • • • Choose TACACS+ as the Authentication Method Monitor TACACS+ TACACS+ Remote Authentication and Authorization TACACS+ Remote Authentication and Authorization Specify a TACACS+ server host Choose TACACS+ as the Authentication Method For a complete listing of all commands related to TACACS+, refer to the Security chapter in the FTOS Command Reference.
Figure 37-4.
www.dell.com | dell.com/support Figure 37-5 demonstrates how to configure the access-class from a TACACS+ server. This causes the configured access-class on the VTY line to be ignored. If you have configured a deny10 ACL on the TACACS+ server, FTOS downloads it and applies it. If the user is found to be coming from the 10.0.0.0 subnet, FTOS also immediately closes the Telnet connection. Note, that no matter where the user is coming from, they see the login prompt. Figure 37-5.
To delete a TACACS+ server host, use the no tacacs-server host {hostname | ip-address} command. freebsd2# telnet 2200:2200:2200:2200:2200::2202 Trying 2200:2200:2200:2200:2200::2202... Connected to 2200:2200:2200:2200:2200::2202. Escape character is '^]'. Login: admin Password: FTOS# FTOS# Command Authorization The AAA command authorization feature configures FTOS to send each configuration command to a TACACS server for authorization before it is added to the running configuration.
www.dell.com | dell.com/support SCP is a remote file copy program that works with SSH and is supported by FTOS. Note: The Windows-based WinSCP client software is not supported for secure copying between a PC and an FTOS-based system. Unix-based SCP client software is supported.
Figure 37-6. Specifying an SSH version FTOS(conf)#ip ssh server version 2 FTOS(conf)#do show ip ssh SSH server : disabled. SSH server version : v2. Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled. To disable SSH server functions, enter no ip ssh server enable.
www.dell.com | dell.com/support • ip ssh connection-rate-limit: Configure the maximum number of incoming SSH connections per minute. • • • • • • • • • • • ip ssh hostbased-authentication enable: Enable hostbased-authentication for the SSHv2 server. ip ssh key-size: Configure the size of the server-generated RSA SSHv1 key. ip ssh password-authentication enable: Enable password authentication for the SSH server. ip ssh pub-key-file: Specify the file to be used for host-based authentication.
Figure 37-8. Enabling SSH Password Authentication FTOS(conf)#ip ssh server enable % Please wait while SSH Daemon initializes ... done. FTOS(conf)#ip ssh password-authentication enable FTOS#sh ip ssh SSH server : enabled. Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled. RSA Authentication of SSH The following procedure authenticates an SSH client based on an RSA key using RSA authentication.
www.dell.com | dell.com/support To configure host-based authentication: Step Task Command Syntax 1 Configure RSA Authentication. See RSA Authentication of SSH, above. 2 Create shosts by copying the public RSA key to the to the file shosts in the diretory .ssh, and write the IP address of the host to the file. Figure 37-10. Command Mode cp /etc/ssh/ssh_host_rsa_key.pub /.ssh/shosts Creating shosts admin@Unix_client# cd /etc/ssh admin@Unix_client# ls moduli sshd_config ssh_host_dsa_key.
Figure 37-12. Client-based SSH Authentication FTOS#ssh 10.16.127.201 ? -l User name option -p SSH server port option (default 22) -v SSH protocol version Troubleshooting SSH • You may not bind id_rsa.pub to RSA authentication while logged in via the console. In this case, Message 2 appears. Message 2 RSA Authentication Error %Error: No username set for this term. • Host-based authentication must be enabled on the server (Dell Networking system) and the client (Unix machine).
www.dell.com | dell.com/support Trace Lists The Trace Lists feature is supported only on the E-Series: e You can log packet activity on a port to confirm the source of traffic attacking a system. Once the Trace list is enabled on the system, you view its traffic log to confirm the source address of the attacking traffic. In FTOS, Trace lists are similar to extended IP ACLs, except that Trace lists are not applied to an interface.
Since traffic passes through the filter in the order of the filter’s sequence, you can configure the trace list by first entering the TRACE LIST mode and then assigning a sequence number to the filter. To create a filter for packets with a specified sequence number, use these commands in the following sequence, starting in the CONFIGURATION mode: Step 1 2 Command Syntax Command Mode Purpose ip trace-list trace-list-name CONFIGURATION Enter the TRACE LIST mode by creating an trace list.
www.dell.com | dell.com/support Step Command Syntax Command Mode Purpose 2 seq sequence-number {deny | permit} tcp {source mask | any | host ip-address} [operator port [port]] {destination mask | any | host ip-address} [operator port [port]] [established] [count [byte] | log] TRACE LIST Configure a trace list filter for TCP packets. • source: An IP address as the source IP address for the filter to match.
Figure 37-13. Trace list Using seq Command Example FTOS(config-trace-acl)#seq 15 deny ip host 12.45.0.0 any log FTOS(config-trace-acl)#seq 5 permit tcp 121.1.3.45 0.0.255.255 any FTOS(config-trace-acl)#show conf ! ip trace-list dilling seq 5 permit tcp 121.1.0.0 0.0.255.255 any seq 15 deny ip host 12.45.0.0 any log If you are creating a Trace list with only one or two filters, you can let FTOS assign a sequence number based on the order in which the filters are configured.
www.dell.com | dell.com/support Command Syntax Command Mode Purpose {deny | permit} tcp {source mask | any | host TRACE LIST Configure a deny or permit filter to examine TCP packets. Configure the following required and optional parameters: • source: An IP address as the source IP address for the filter to match. • mask: a network mask • any: to match any IP source address • host ip-address: to match IP addresses in a host. • destination: An IP address as the source IP address for the filter to match.
Figure 37-14. Trace List Example FTOS(config-trace-acl)#deny tcp host 123.55.34.0 any FTOS(config-trace-acl)#permit udp 154.44.123.34 0.0.255.255 host 34.6.0.0 FTOS(config-trace-acl)#show config ! ip trace-list nimule seq 5 deny tcp host 123.55.34.0 any seq 10 permit udp 154.44.0.0 0.0.255.255 host 34.6.0.0 To view all configured Trace lists and the number of packets processed through the Trace list, use the show ip accounting trace-list command (Figure 110) in the EXEC Privilege mode.
www.dell.com | dell.com/support VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in FTOS. These depend on which authentication scheme you use — line, local, or remote: Table 37-1. VTY Access Authentication Method Username VTY access-class access-class support? support? Remote authorization support? Line YES NO NO Local NO YES NO TACACS+ YES NO YES (with FTOS 5.2.1.0 and later) RADIUS YES NO YES (with FTOS 6.1.1.
Figure 37-16. Example Access-Class Configuration Using Local Database FTOS(conf)#user gooduser password abc privilege 10 access-class permitall FTOS(conf)#user baduser password abc privilege 10 access-class denyall FTOS(conf)# FTOS(conf)#aaa authentication login localmethod local FTOS(conf)# FTOS(conf)#line vty 0 9 FTOS(config-line-vty)#login authentication localmethod FTOS(config-line-vty)#end Note: See also the section Chapter 9, Access Control Lists (ACL), Prefix Lists, and Route-maps.
www.dell.com | dell.com/support Figure 37-18.
38 Service Provider Bridging Service Provider Bridging is supported on platforms: ces This chapter contains the following major sections: • • • • • VLAN Stacking VLAN Stacking Packet Drop Precedence Dynamic Mode CoS for VLAN Stacking Layer 2 Protocol Tunneling Provider Backbone Bridging VLAN Stacking VLAN Stacking is supported on platforms: ces VLAN Stacking, also called Q-in-Q, is defined in IEEE 802.1ad—Provider Bridges, which is an amendment to IEEE 802.1Q—Virtual Bridged Local Area Networks.
VLAN Stacking in a Service Provider Network TPID (0x9100) PCP VID (VLAN 300) DEI PCP TPID (0x8100) CFI (0) VID (VLAN Red) AN 1 00 tagged 100 AN 0 10 VL VL www.dell.com | dell.com/support Figure 38-1.
Create Access and Trunk Ports An access port is a port on the service provider edge that directly connects to the customer. An access port may belong to only one service provider VLAN. A trunk port is a port on a service provider bridge that connects to another service provider bridge and is a member of multiple service provider VLANs. Physical ports and port-channels can be access or trunk ports.
www.dell.com | dell.com/support Display the status and members of a VLAN using the show vlan command from EXEC Privilege mode. Members of a VLAN-Stacking-enabled VLAN are marked with an M in column Q. Figure 38-3.
FTOS Options for Trunk Ports 802.1ad trunk ports may also be tagged members of a VLAN so that it can carry single and double-tagged traffic. You can enable trunk ports to carry untagged, single-tagged, and double-tagged VLAN traffic by making the trunk port a hybrid port. Step Task Command Syntax Command Mode 1 Configure a trunk port to carry untagged, single-tagged, and double-tagged traffic by making it a hybrid port. Note: Note: On the C-Series and S-Series, a trunk port can be added to an 802.
www.dell.com | dell.com/support Debug VLAN Stacking To debug the internal state and membership of a VLAN and its ports, use the debug member command, as shown in Figure 38-5. The port notations in Figure 38-5 are as follows: • • • • • MT — stacked trunk MU — stacked access port T— 802.1Q trunk port U— 802.1Q access port NU— Native VLAN (untagged) Figure 38-5.
Figure 38-6.
LUE TPID Mismatch and 0x8100 Match on the E-Series TeraScale TPID 0x9100 VLAN GREEN UE N BL VLA R1-E-Series TeraScale TPID: 0x9100 NB CE PROVIDER RVI SE X R2-E-Series TeraScale TPID: 0x8181 VLAN GREEN, VLAN VL AN Building D TPID 0x8100 VLA INTE RN ET www.dell.com | dell.com/support Figure 38-7.
LUE First-byte TPID Match on the E-Series ExaScale TPID 0x9191 VLAN GREEN UE N BL VLA R1-E-Series TeraScale TPID: 0x9191 Building D NB CE PROVIDER RVI SE VLA INTE RN ET Figure 38-8. X R2-E-Series ExaScale TPID: 0x9100 VLAN GREEN, VLAN VL AN PU VLAN R PURPLE ED RP LE Building C VL AN D RE Table 38-1 details the outcome of matched and mis-matched TPIDs in a VLAN-stacking network with the E-Series. Table 38-1.
www.dell.com | dell.com/support You can configure the first eight bits of the TPID using the command vlan-stack protocol-type. The TPID on the C-Series and S-Series systems is global. Ingress frames that do not match the system TPID are treated as untagged. This rule applies for both the outer tag TPID of a double-tagged frame and the TPID of a single-tagged frame.
VLA NB LUE Single and Double-tag First-byte TPID Match on C-Series and S-Series DEFAULT VLAN Figure 38-10. TPID 0x8181 R2-C-Series w/ FTOS <8.2.1.0 ED TPID: 0x8181 VLAN R PURPLE VLAN GREEN, VLAN EN GRE VLAN UE DEFAULT VLAN N BL R3-C-Series w/ FTOS >=8.2.1.0 VL VLA TPID: 0x8181 AN PU R1-C-Series w/ FTOS <8.2.1.
www.dell.com | dell.com/support Table 38-2 details the outcome of matched and mismatched TPIDs in a VLAN-stacking network with the C-Series and S-Series. Table 38-2. C-Series and S-Series Behaviors for Mis-matched TPID Network Position Incoming Packet TPID System TPID Match Type Pre-8.2.1.0 8.2.1.
Enable Drop Eligibility You must enable Drop Eligibility globally before you can honor or mark the DEI value. Task Command Syntax Command Mode Make packets eligible for dropping based on their DEI value. By default, packets are colored green, and DEI is marked 0 on egress. dei enable CONFIGURATION When Drop Eligibility is enabled, DEI mapping or marking takes place according to the defaults. In this case, the CFI is affected according to Table 38-3. Table 38-3.
www.dell.com | dell.com/support Task Command Syntax Command Mode FTOS#show interface dei-honor Default Drop precedence: Green Interface CFI/DEI Drop precedence ------------------------------------------------------------Gi 0/1 0 Green Gi 0/1 1 Yellow Gi 8/9 1 Red Gi 8/40 0 Yellow Mark Egress Packets with a DEI Value On egress, you can set the DEI value according to a different mapping than ingress (see Honor the Incoming DEI Value).
Figure 38-12. Statically and Dynamically Assigned dot1p for VLAN Stacking Untagged S-Tag with statically-assigned dot1p S-Tag DATA 0x0800 SA DA DATA 100 1 C-Tag C-Tag 3 0x0800 0x8100 SA DA 3 100 0x8100 C-Tagged 400 0x9100 SA DA 0x9100 SA DA S-Tag 4 400 S-Tag with mapped dot1p When configuring Dynamic Mode CoS, you have two options: a mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p.
www.dell.com | dell.com/support FTOS Behavior: For Option A above, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS configuration, the queue selected by Dynamic Mode CoS takes precedence. However, rate policing for the queue is determined by QoS configuration.
To map C-Tag dot1p values to S-Tag dot1p values and mark the frames accordingly: Step Task Command Syntax Command Mode Allocate CAM space to enable queuing frames according to the C-Tag or the S-Tag. vman-qos: mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p. This method requires half as many CAM entries as vman-qos-dual-fp. vman-qos-dual-fp: mark the S-Tag dot1p and queue the frame according to the S-Tag dot1p.
SPANNI NG TR VLAN Stacking without L2PT INTE RN E T no spanning-tree ETWORK EN RE SPAN NIN G www.dell.com | dell.com/support Figure 38-13. T ING TREE ANN SP CE PROVIDER w/ I V R SE EE EE TR Building B no spanning-tree X BPDU w/ destination MAC address: 01-80-C2-00-00-00 Building A You might need to transport control traffic transparently through the intermediate network to the other region.
VLAN Stacking with L2PT SPANNI NG TR Figure 38-14.
www.dell.com | dell.com/support Specify a Destination MAC Address for BPDUs By default, FTOS uses a Dell Networking-unique MAC address for tunneling BPDUs. You can configure another value. Task Command Syntax Command Mode Overwrite the BPDU with a user-specified destination MAC address when BPDUs are tunneled across the provider network.
Debug Layer 2 Protocol Tunneling Task Command Syntax Command Mode Display debugging information for L2PT. debug protocol-tunnel EXEC Privilege Provider Backbone Bridging Provider Backbone Bridging is supported only on platforms: cs IEEE 802.1ad—Provider Bridges amends 802.1Q—Virtual Bridged Local Area Networks so that service providers can use 802.1Q architecture to offer separate VLANs to customers with no coordination between customers, and minimal coordination between customers and the provider.
| Service Provider Bridging www.dell.com | dell.
39 sFlow Configuring sFlow is supported on platforms • • • • • • • • ces Enable and Disable sFlow sFlow Show Commands Specify Collectors Polling Intervals Sampling Rate Back-off Mechanism sFlow on LAG ports Extended sFlow Overview FTOS supports sFlow version 5. sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic. It is designed to provide traffic monitoring for high speed networks with many switches and routers.
www.dell.com | dell.com/support Figure 39-1. sFlow Traffic Monitoring System sFlow Collector Switch/Router sFlow Datagrams sFlow Agent Poll Interface Counters Interface Counters Flow Samples Switch ASIC Implementation Information Dell Networking sFlow is designed so that the hardware sampling rate is per line card port-pipe and is decided based upon all the ports in that port-pipe.
• • • • • • • • • • FTOS exports all sFlow packets to the collector. A small sampling rate can equate to a large number of exported packets. A backoff mechanism will automatically be applied to reduce this amount. Some sampled packets may be dropped when the exported packet rate is high and the backoff mechanism is about to or is starting to take effect. The dropEvent counter, in the sFlow packet, will always be zero.
www.dell.com | dell.com/support sFlow Show Commands FTOS includes the following sFlow display commands: • • • Show sFlow Globally on page 49 Show sFlow on an Interface on page 50 Show sFlow on a Line Card on page 50 Show sFlow Globally Use the following command to view sFlow statistics: Command Syntax show sflow Command Mode EXEC Purpose Display sFlow configuration information and statistics. Figure 39-2 is a sample output from the show sflow command: Figure 39-2.
Figure 39-3. Command Example: show sflow interface FTOS#show sflow interface gigabitethernet 1/16 Gi 1/16 Configured sampling rate :8192 Actual sampling rate :8192 Sub-sampling rate :2 Counter polling interval :15 Samples rcvd from h/w :33 Samples dropped for sub-sampling :6 The configuration, shown in Figure 39-2, is also displayed in the running configuration (Figure 39-4): Figure 39-4.
www.dell.com | dell.com/support Specify Collectors The sflow collector command allows identification of sFlow Collectors to which sFlow datagrams are forwarded. The user can specify up to two sFlow collectors. If two Collectors are specified, the samples are sent to both. Collection through Management interface is supported on platform: e.
The sflow sample-rate command, when issued in CONFIGURATION mode, changes the default sampling rate. By default, the sampling rate of an interface is set to the same value as the current global default sampling rate.If the value entered is not a correct power of 2, the command generates an error message with the previous and next power-of-2 value. Select one of these two number and re-enter the command. (For more information on values in power-of-2, see Sub-sampling.
www.dell.com | dell.com/support Back-off Mechanism If the sampling rate for an interface is set to a very low value, the CPU can get overloaded with flow samples under high-traffic conditions. In such a scenario, a binary back-off mechanism gets triggered, which doubles the sampling-rate (halves the number of samples per second) for all interfaces. The backoff mechanism continues to double the sampling-rate until CPU condition is cleared. This is as per sFlow version 5 draft.
Figure 39-6. Confirming that Extended sFlow is Enabled FTOS#show sflow sFlow services are enabled Extended sFlow settings Global default sampling rate: 4096 show all 3 types are enabled Global default counter polling interval: 15 Global extended information enabled: gateway, router, switch 1 collectors configured Collector IP addr: 10.10.10.3, Agent IP addr: 10.10.0.
www.dell.com | dell.com/support Table 39-1. Extended Gateway Summary IP SA IP DA srcAS and srcPeerAS dstAS and dstPeerAS static/connected/IGP static/connected/IGP — — Extended gateway data is not exported because there is no AS information. static/connected/IGP BGP 0 Exported src_as & src_peer_as are zero because there is no AS information for IGP. BGP static/connected/IGP — — Prior to FTOS version 7.8.1.0, extended gateway data is not be exported because IP DA is not learned via BGP.
40 Simple Network Management Protocol Simple Network Management Protocol is supported on platforms ces Protocol Overview Network management stations use Simple Network Management Protocol (SNMP) to retrieve or alter management data from network elements. A datum of management information is called a managed object; the value of a managed object can be static or variable. Network elements store managed objects in a database called a Management Information Base (MIB).
www.dell.com | dell.
Message 1 SNMP Enabled 22:31:23: %RPM1-P:CP %SNMP-6-SNMP_WARM_START: Agent Initialized - SNMP WARM_START. View your SNMP configuration, using the command show running-config snmp from EXEC Privilege mode, as shown in Figure 40-1. Figure 40-1. Creating an SNMP Community FTOS#snmp-server community my-snmp-community ro 22:31:23: %RPM1-P:CP %SNMP-6-SNMP_WARM_START: Agent Initialized - SNMP WARM_START.
www.dell.com | dell.com/support Task Command Figure 40-4. Reading the Value of Many Managed Objects at Once > snmpwalk -v 2c -c mycommunity 10.11.131.161 .1.3.6.1.2.1.1 SNMPv2-MIB::sysDescr.0 = STRING: Force10 Networks Real Time Operating System Software Force10 Operating System Version: 1.0 Force10 Application Software Version: E_MAIN4.7.6.350 Copyright (c) 1999-2007 by Force10 Networks, Inc. Build Time: Mon May 12 14:02:22 PDT 2008 SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.6027.1.3.
Task Command Command Mode Identify the physical location of the system. For example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1. You may use up to 55 characters. Default: None snmp-server location text CONFIGURATION To configure the system from the manumitting station using SNMP: Task Command Command Mode Identify the system manager along with this person’s contact information (e.g E-mail address or phone number). You may use up to 55 characters.
www.dell.com | dell.com/support Step Task Command Command Mode 2 Specify which traps the Dell Networking system sends to the trap receiver. • Enable all Dell Networking enterpriseSpecific and RFC-defined traps using the command snmp-server enable traps from CONFIGURATION mode. • Enable all of the RFC-defined traps using the command snmp-server enable traps snmp from CONFIGURATION mode. snmp-server enable traps CONFIGURATION 3 Specify the interfaces out of which FTOS sends SNMP traps.
Table 40-2. Dell Networking Enterprise-specific SNMP Traps Command Option Trap envmon CARD_SHUTDOWN: %sLine card %d down - %s CARD_DOWN: %sLine card %d down - %s LINECARDUP: %sLine card %d is up CARD_MISMATCH: Mismatch: line card %d is type %s - type %s required.
www.dell.com | dell.com/support Table 40-2. Dell Networking Enterprise-specific SNMP Traps Command Option Trap xstp %SPANMGR-5-STP_NEW_ROOT: New Spanning Tree Root, Bridge ID Address 0001.e801.fc35. Priority 32768, %SPANMGR-5-STP_TOPOLOGY_CHANGE: Bridge port GigabitEthernet 11/38 transitioned from Forwarding to Blocking state. %SPANMGR-5-MSTP_NEW_ROOT_BRIDGE: Elected root bridge for instance 0. %SPANMGR-5-MSTP_NEW_ROOT_PORT: MSTP root changed to port Gi 11/38 for instance 0.
Table 40-3. MIB Objects for Displaying the Hardware Counters MIB Object OID Description fpIngIPv4L3Discards 1.3.6.1.4.1.6027.3.16.1.1.3.1.5 IPv4 Layer 3 discards. fpIngPolicyDiscards 1.3.6.1.4.1.6027.3.16.1.1.3.1.6 Packet dropped due to policy discards. fpIngPacketsDroppedByFP 1.3.6.1.4.1.6027.3.16.1.1.3.1.7 Packets dropped by forwarding plane. fpIngL2L3Drops 1.3.6.1.4.1.6027.3.16.1.1.3.1.8 L2 and L3 packets drops. fpIngPortBitMapZeroDrops 1.3.6.1.4.1.6027.3.16.1.1.3.1.
www.dell.com | dell.com/support Displaying the Hardware Counters To view the hardware drop counters, use the following command: snmpwalk -v2c -cpublic 10.16.206.11 SNMPv2-SMI::enterprises.6027.3.16.1.1.3 SNMPv2-SMI::enterprises.6027.3.16.1.1.3.1.2.3.5 = Counter64: 175 SNMPv2-SMI::enterprises.6027.3.16.1.1.3.1.3.3.5 = Counter64: 0 SNMPv2-SMI::enterprises.6027.3.16.1.1.3.1.4.3.5 = Counter64: 0 SNMPv2-SMI::enterprises.6027.3.16.1.1.3.1.5.3.5 = Counter64: 0 SNMPv2-SMI::enterprises.6027.3.16.1.1.3.1.6.3.
The relevant MIBs for these functions are: Table 40-4. MIB Objects for Copying Configuration Files via SNMP MIB Object OID Object Values Description copySrcFileType .1.3.6.1.4.1.6027.3.5.1.1.1.2 1 = FTOS file 2 = running-config 3 = startup-config Specifies the type of file to copy from. Valid values are: • If the copySrcFileType is running-config or startup-config, the default copySrcFileLocation is flash.
www.dell.com | dell.com/support To copy a configuration file: Step Task Command Syntax Command Mode 1 Create an SNMP community string with read/ write privileges. snmp-server community community-name rw CONFIGURATION 2 Copy the f10-copy-config.mib MIB from the Dell Networking iSupport webpage to the server to which you are copying the configuration file. 3 On the server, use the command snmpset as shown: snmpset -v snmp-version -c community-name -m mib_path/f10-copy-config.
Table 40-5. Copying Configuration Files via SNMP Task snmpset -v 2c -c public -m ./f10-copy-config.mib force10system-ip-address copySrcFileType.index i 2 copyDestFileType.index i 3 Figure 56 show the command syntax using MIB object names, and Figure 57 shows the same command using the object OIDs. In both cases, the object is followed by a unique index number. Figure 40-6. Copying Configuration Files via SNMP using Object-Name Syntax > snmpset -v 2c -r 0 -t 60 -c public -m ./f10-copy-config.mib 10.10.
www.dell.com | dell.com/support Table 40-5. Copying Configuration Files via SNMP Task • • server-ip-address must be preceded by the keyword a. values for copyUsername and copyUserPassword must be preceded by the keyword s. Figure 40-10. Copying Configuration Files via SNMP and FTP to a Remote Server > snmpset -v 2c -c private -m ./f10-copy-config.mib 10.10.10.10 copySrcFileType.110 i 2 copyDestFileName.110 s /home/startup-config copyDestFileLocation.110 i 4 copyServerAddress.110 a 11.11.11.
Dell Networking provides additional MIB Objects to view copy statistics. These are provided in Table 8. Table 40-6. MIB Objects for Copying Configuration Files via SNMP MIB Object OID Values Description copyState .1.3.6.1.4.1.6027.3.5.1.1.1.11 1= running 2 = successful 3 = failed Specifies the state of the copy operation. copyTimeStarted .1.3.6.1.4.1.6027.3.5.1.1.1.12 Time value Specifies the point in the up-time clock that the copy operation started. copyTimeCompleted .1.3.6.1.4.1.6027.3.5.
www.dell.com | dell.com/support Figure 61 shows the command syntax using MIB object names, and Figure 62 shows the same command using the object OIDs. In both cases, the object is followed by same index number used in the snmpset command. Figure 40-13. Obtaining MIB Object Values for a Copy Operation using Object-name Syntax > snmpget -v 2c -c private -m ./f10-copy-config.mib 10.11.131.140 copyTimeCompleted.110 FORCE10-COPY-CONFIG-MIB::copyTimeCompleted.110 = Timeticks: (1179831) 3:16:38.
Figure 40-16. Assign a VLAN Alias using SNMP [Unix system output] > snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17.7.1.4.3.1.1.
www.dell.com | dell.com/support The table that the Dell Networking system sends in response to the snmpget request is a table that contains hexadecimal (hex) pairs, each pair representing a group of eight ports. • • • On the E-Series, 12 hex pairs represents a line card. Twelve pairs accommodates the greatest currently available line card port density, 96 ports. On the C-Series, 28 hex pairs represents a line card.
The value 40 is in the first set of 7 hex pairs, indicating that these ports are in Stack Unit 0. The hex value 40 is 0100 0000 in binary. As described above, the left-most position in the string represents Port 1. The next position from the left represents Port 2 and has a value of 1, indicating that Port 0/2 is in VLAN 10. The remaining positions are 0, so those ports are not in the VLAN.
www.dell.com | dell.com/support Figure 40-21. Adding Tagged Ports to a VLAN using SNMP >snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 x "40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" .1.3.6.1.2.1.17.7.1.4.3.1.4.
Each object is comprised an OID concatenated with an instance number. In the case of these objects, the instance number is the decimal equivalent of the MAC address; derive the instance number by converting each hex pair to its decimal equivalent. For example, the decimal equivalent of E8 is 232, and so the instance number for MAC address 00:01:e8:06:95:ac is .0.1.232.6.149.172. The value of dot1dTpFdbPort is the port number of the port off which the system learns the MAC address.
www.dell.com | dell.com/support Deriving Interface Indices FTOS assigns an interface number to each (configured or unconfigured) physical and logical interface. Display the interface index number using the command show interface from EXEC Privilege mode, as shown in Figure 40-25. Figure 40-25.
Figure 40-27. Binary Representation of Interface Index 2 bits 7 bits 4 bits 14 bits 10 0010110 0011 00000000111010 Interface Type Card Type Slot Port Number Number For interface indexing, slot and port numbering begins with the binary one. If the Dell Networking system begins slot and port numbering from 0, then the binary 1 represents slot and port 0. For example, the index number in Figure 40-27 gives the binary 2 for the slot number, though interface GigabitEthernet 1/21 belongs to Slot 1.
www.dell.com | dell.com/support Viewing Alarm LED Status Using SNMP The following table specifies the alarm notification settings (minor, major, and off). An example of a minor alarm event would be a rise in temperature above the minimum threshold. An example of a major alarm event would be a rise in temperature above the maximum threshold. Table 40-9. MIB Objects for Viewing System Alarm LED Status MIB Object OID Description MIB chStackUnitAlarmLEDStatus 1.3.6.1.4.1.6027.3.10.1.2.2.1.
Using SNMP for Entity MIB Queries The Entity MIB can be used for SNMP queries such as snmpget, snmpgetnext, and snmpwalk. Refer to the following table for OIDs and variables. To verify the results of the SNMP query, use the show inventory command for stack ID, chassis, and optional module details or the show inventory media command for information on base or optional modules, such as SFP or SFP+. Table 40-10. MIB Objects for Entity MIB Queries MIB Object OID Variable MIB entity 1.3.6.1.2.1.
www.dell.com | dell.com/support 746 Table 40-10. | MIB Objects for Entity MIB Queries MIB Object OID Variable MIB entityMIBTrapPrefix 1.3.6.1.2.1.47.2.0 NODE Entity MIB entConfigChange 1.3.6.1.2.1.47.2.0.
41 Spanning Tree Protocol Spanning Tree Protocol is supported on platforms: ces Protocol Overview Spanning Tree Protocol (STP) is a Layer 2 protocol—specified by IEEE 802.1d—that eliminates loops in a bridged topology by enabling only a single path through the network. By eliminating loops, the protocol improves scalability in a large network and enables you to implement redundant paths, which can be activated upon the failure of active paths.
www.dell.com | dell.com/support • • • • • • • Important Points to Remember • • • • • 748 Modifying Global Parameters Modifying Interface STP Parameters Enabling PortFast Preventing Network Disruptions with BPDU Guard STP Root Selection SNMP Traps for Root Elections and Topology Changes Configuring Spanning Trees as Hitless | In FTOS software version 8.3.3.9, Spanning Tree Protocol (STP) is enabled by default on all 1G ports.
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that will participate in Spanning Tree must be in Layer 2 mode and enabled. Figure 41-1.
www.dell.com | dell.com/support Enabling Spanning Tree Protocol Globally Spanning Tree Protocol must be enabled globally; it is not enabled by default. To enable Spanning Tree globally for all Layer 2 interfaces: Step Task Command Syntax Command Mode 1 Enter the PROTOCOL SPANNING TREE mode. protocol spanning-tree 0 CONFIGURATION 2 Enable Spanning Tree.
Figure 41-4. Spanning Tree Enabled Globally root R1 R2 1/3 Forwarding 2/1 1/4 Blocking 2/2 1/1 1/2 3/1 3/2 3/3 3/4 R3 2/3 2/4 Port 290 (GigabitEthernet 2/4) is Blocking Port path cost 4, Port priority 8, Port Identifier 8.290 Designated root has priority 32768, address 0001.e80d.2462 Designated bridge has priority 32768, address 0001.e80d.2462 Designated port id is 8.
www.dell.com | dell.com/support Confirm that a port is participating in Spanning Tree using the show spanning-tree 0 brief command from EXEC privilege mode. Figure 41-6. show spanning-tree brief Command Example FTOS#show spanning-tree 0 brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e80d.2462 We are the root of the spanning tree Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e80d.
Modifying Global Parameters You can modify Spanning Tree parameters. The root bridge sets the values for forward-delay, hello-time, and max-age and overwrites the values set on other bridges participating in Spanning Tree. Note: Dell Networking recommends that only experienced network administrators change the Spanning Tree parameters. Poorly planned modification of the Spanning Tree parameters can negatively impact network performance. Table 41-2 displays the default values for Spanning Tree. Table 41-2.
www.dell.com | dell.com/support View the current values for global parameters using the show spanning-tree 0 command from EXEC privilege mode. See Figure 41-5. Modifying Interface STP Parameters You can set the port cost and port priority values of interfaces in Layer 2 mode. • • Port cost is a value that is based on the interface type. The greater the port cost, the less likely the port will be selected to be a forwarding port.
To enable PortFast on an interface: Task Command Syntax Command Mode Enable PortFast on an interface. spanning-tree stp-id portfast [bpduguard | [shutdown-on-violation]] INTERFACE Verify that PortFast is enabled on a port using the show spanning-tree command from the EXEC privilege mode or the show config command from INTERFACE mode; Dell Networking recommends using the show config command, as shown in Figure 41-7. Figure 41-7.
www.dell.com | dell.com/support Note: Note that unless the shutdown-on-violation option is enabled, spanning-tree only drops packets after a BPDU violation; the physical interface remains up, as shown below. FTOS(conf-if-gi-0/7)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e805.fb07 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e85d.
Figure 41-8. Enabling BPDU Guard FTOS(conf-if-gi-3/41)# spanning-tree 0 portfast bpduguard shutdown-on-violation FTOS(conf-if-gi-3/41)#show config ! interface GigabitEthernet 3/41 no ip address switchport spanning-tree 0 portfast bpduguard shutdown-on-violation no shutdown 3/41 Hub Switch with Spanning Tree Enabled FTOS Behavior: BPDU Guard and BPDU filtering (see Removing an Interface from the Spanning Tree Group) both block BPDUs, but are two separate features.
www.dell.com | dell.com/support View only the root information using the show spanning-tree root command (see Figure 41-9) from EXEC privilege mode. Figure 41-9. show spanning-tree root Command Example FTOS#show spanning-tree 0 root Root ID Priority 32768, Address 0001.e80d.
42 Stacking S-Series Switches Stacking S-Series Switches is supported on platforms z. Using the FTOS stacking feature, multiple S-Series switch units can be interconnected with stacking interfaces. The stack becomes manageable as a single switch through the stack management unit.
www.dell.com | dell.com/support Figure 42-1. S-Series Stack Manager Redundancy Stack#show redundancy -- Stack-unit Status ------------------------------------------------Mgmt ID: 0 Stack-unit ID: 1 Stack-unit Redundancy Role: Primary Stack-unit State: Active Stack-unit SW Version: 7.8.1.0 Link to Peer: Up -- PEER Stack-unit Status ------------------------------------------------Stack-unit State: Standby Peer stack-unit ID: 2 Stack-unit SW Version: 7.8.1.
Figure 42-2. Electing the Stack Manager Stack>show system brief Stack MAC : 00:01:e8:d5:f9:6f -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Standby online S50V S50V 7.8.1.0 52 1 Management online S50N S50N 7.8.1.0 52 2 Member online S50V S50V 7.8.1.
www.dell.com | dell.com/support Figure 42-3. Adding a Standalone with a Lower MAC Address to a Stack— Before -------------------------------STANDALONE BEFORE CONNECTION---------------------------------Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Management online S50V S50V 7.8.1.
Figure 42-4. Adding a Standalone with a Lower MAC Address and Equal Priority to a Stack—After -------------------------------STANDALONE AFTER CONNECTION---------------------------------Standalone#%STKUNIT0-M:CP %POLLMGR-2-ALT_STACK_UNIT_STATE: Alternate Stack-unit is present 00:20:20: %STKUNIT0-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 1 present 00:20:22: %STKUNIT0-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 2 present Going for reboot.
www.dell.com | dell.com/support Figure 42-5. Before Adding a Standalone with a Lower MAC Address but Higher Priority to a Stack— -------------------------------STANDALONE BEFORE CONNECTION---------------------------------Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Member not present S50V 1 Member not present S50N 2 Management online S50V S50V 7.8.1.
Figure 42-6.
www.dell.com | dell.com/support Figure 42-7.
You may stack any combination of S-Series models that have the same FTOS version. The S60 can be stacked in the following topologies: ring, cascade (also called daisy-chain) and braided ring. A braided ring topology can be used in a stack with four or more switches. It provides redundant paths while minimizing switch interconnect cable distances. In this topology, each switch has a directly attached data-path that is one to two peers away.
www.dell.com | dell.com/support To display the status of the stacking ports, including the topology: Task Command Syntax Command Mode Display the stacking ports. show system stack-ports EXEC Privilege Figure 42-9 shows an example of a daisy-chain topology. Figure 42-10 shows the same stack converted to a ring by connecting stack-port 2/51 to 0/51; you may rearrange the stacking cables without triggering a unit reset, so long as the stack manager is never disconnected from the stack. Figure 42-9.
Figure 42-11. A A A Stacking Cable Redundancy B B Stacking Cable Redundancy B Stacking 002 LED Status Indicators on an S-Series Stack The stack unit is displayed in an LED panel on the front of each switch.
www.dell.com | dell.com/support To manually assign a new unit a position in the stack: Step Task Command Syntax Command Mode 1 While the unit is unpowered, install stacking modules in the new unit. 2 On the stack, determine the next available stack-unit number, and the management prioritity of the management unit. show system brief show system stack-unit EXEC Privilege 3 Create a virtual unit and assign it the next available stack-unit number.
Figure 42-13. Adding a Stack Unit with a Conflicting Stack Number—After ------------------------STANDALONE AFTER CONNECTION---------------------------------00:08:45: %STKUNIT1-M:CP %POLLMGR-2-ALT_STACK_UNIT_STATE: Alternate Stack-unit is present 00:08:45: %STKUNIT1-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 0 present 00:08:47: %STKUNIT1-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 2 present Going for reboot.
www.dell.com | dell.com/support Figure 42-15. Adding a Stack Unit with a Conflicting Stack Number—After ------------------------STANDALONE AFTER CONNECTION---------------------------------01:38:34: %STKUNIT0-M:CP %POLLMGR-2-ALT_STACK_UNIT_STATE: Alternate Stack-unit is present 01:38:34: %STKUNIT0-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 1 present 01:38:34: %STKUNIT0-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 2 presentGoing for reboot. Reason is Stack merge Going for reboot.
Figure 42-16.
www.dell.com | dell.com/support Figure 42-17. Removing a Stack Member—After ----------------------------STANDALONE AFTER DISCONNECTION---------------------------------Standalone(stack-member-2)# Going for reboot.
Step Task Command Syntax Command Mode 4 The management unit priority is 0 by default. If you configure the priority of the new unit to 1, the stack will reload. To avoid this scenario, configure the priority of the management unit to the highest value (14). Note: Do not configure the priority of the replacement unit, as this will be transferred from the management unit. stack-unit priority CONFIGURATION 5 Reload the switch to confirm the stack-unit number is correct.
www.dell.com | dell.
Task Command Syntax Command Mode Display most of the information in show system, but in a more convenient tabular show system brief EXEC Privilege show system stack-unit EXEC Privilege show system stack-ports [status | topology] EXEC Privilege form (Figure 42-19). Display the same information in show system, but only for the specified unit (Figure 42-19). Display topology and stack link status for the entire stack.
www.dell.com | dell.com/support Figure 42-19. Displaying Information about an S-Series Stack—show system brief FTOS#show system brief Stack MAC : 00:01:e8:d5:f9:6f -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Member online S50V S50V 7.8.1.0 52 1 Management online S50N S50N 7.8.1.0 52 2 Standby online S50V S50V 7.8.1.
Influence Management Unit Selection on an S-Series Stack Stack Priority is the system variable that FTOS uses to determine which units in the stack will be the primary and secondary management units. If multiple units tie for highest priority, then the unit with the highest MAC address prevails.
www.dell.com | dell.com/support Task Command Syntax Command Mode Reload a member unit, from the unit itself reset-self EXEC Privilege Reset a stack-unit when the unit is in a problem state. reset stack-unit 0-11 hard EXEC Privilege Monitor an S-Series Stack with SNMP S-Series supports the following tables in f10-ss-chassis.
Figure 42-21. Recovering from a Stack Link Flapping Error --------------------------------------MANAGMENT UNIT----------------------------------------Error: Stack Port 50 has flapped 5 times within 10 seconds.Shutting down this st ack port now. Error: Please check the stack cable/module and power-cycle the stack. 10:55:20: %STKUNIT1-M:CP %KERN-2-INT: Error: Stack Port 50 has flapped 5 times w ithin 10 seconds.Shutting down this stack port now.
www.dell.com | dell.com/support Figure 42-23. Recovering from a Card Mismatch State on an S-Series Stack -----------------------------------STANDALONE UNIT BEFORE-----------------------------------Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Management online S50V S50V 7.8.1.
43 Storm Control ces Storm Control for Multicast is supported on platforms: c s Storm Control is supported on platforms: The storm control feature enables you to control unknown-unicast and broadcast traffic on Layer 2 and Layer 3 physical interfaces. FTOS Behavior: On the E-Series, FTOS supports broadcast control for Layer 3 traffic only. To control Layer 2 broadcast traffic use the command storm-control unknown-unicast.
www.dell.com | dell.com/support • 784 The percentage of storm control is calculated based on the advertised rate of the line card, not by the speed setting. Configure storm control from CONFIGURATION mode Configure storm control from CONFIGURATION mode using the command storm control. From CONFIGURATION mode you can configure storm control for ingress and egress traffic.
44 System Time and Date Chapter 44, System Time and Date settings, and Network Time Protocol are supported on platforms: es c System times and dates can be set and maintained through the Network Time Protocol (NTP). They are also set through FTOS CLIs and hardware settings.
www.dell.com | dell.com/support • • • Clock offset represents the amount to adjust the local clock to bring it into correspondence with the reference clock. Roundtrip delay provides the capability to launch a message to arrive at the reference clock at a specified time. Dispersion represents the maximum error of the local clock relative to the reference clock.
Figure 44-1. NTP Fields Source Port (123) Destination Port (123) Length NTP Packet Payload Checksum Range: +32 to -32 Status Leap Indicator Code: 00: No Warning 01: +1 second 10: -1 second 11: reserved Type Precision Est. Error Est.
www.dell.com | dell.com/support Enable NTP NTP is disabled by default. To enable it, specify an NTP server to which the Dell Networking system will synchronize. Enter the command multiple times to specify multiple servers. You may specify an unlimited number of servers at the expense of CPU resources. Task Command Command Mode Specify the NTP server to which the Dell Networking system will synchronize.
Set the Hardware Clock with the Time Derived from NTP Task Command Command Mode Periodically update the system hardware clock with the time value derived from NTP. ntp update-calendar CONFIGURATION Figure 44-4.
www.dell.com | dell.com/support To disable NTP on an interface, use the following command in the INTERFACE mode: Command Syntax Command Mode Purpose ntp disable INTERFACE Disable NTP on the interface. To view whether NTP is configured on the interface, use the show config command in the INTERFACE mode. If ntp disable is not listed in the show config command output, then NTP is enabled. (The show config command displays only non-default configuration information.
Configure NTP authentication NTP authentication and the corresponding trusted key provide a reliable means of exchanging NTP packets with trusted time sources. NTP authentication begins when the first NTP packet is created following the configuration of keys. NTP authentication in FTOS uses the MD5 algorithm and the key is embedded in the synchronization packet that is sent to an NTP time source. FTOS Behavior: FTOS versions 8.2.1.
www.dell.com | dell.com/support Command Syntax Command Mode Purpose ntp server ip-address [key keyid] [prefer] [version number] CONFIGURATION Configure an NTP server. Configure the IP address of a server and the following optional parameters: • key keyid: Configure a text string as the key exchanged between the NTP server and client. • prefer: Enter the keyword to set this NTP server as the preferred server. • version number: Enter a number 1 to 3 as the NTP version.
• • • • • • • • Root Delay (sys.rootdelay, peer.rootdelay, pkt.rootdelay): This is a signed fixed-point number indicating the total roundtrip delay to the primary reference source at the root of the synchronization subnet, in seconds. Note that this variable can take on both positive and negative values, depending on clock precision and skew. Root Dispersion (sys.rootdispersion, peer.rootdispersion, pkt.
www.dell.com | dell.com/support Set the time and date for the switch hardware clock Command Syntax Command Mode calendar set time month day year EXEC Privilege Purpose Set the hardware clock to the current time and date. time: Enter the time in hours:minutes:seconds. For the hour variable, use the 24-hour format, for example, 17:15:00 is 5:15 pm. month: Enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year.
The software clock runs only when the software is up. The clock restarts, based on the hardware clock, when the switch reboots. Command Syntax Command Mode Purpose clock set time month day year EXEC Privilege Set the system software clock to the current time and date. time: Enter the time in hours:minutes:seconds. For the hour variable, use the 24-hour format, for example, 17:15:00 is 5:15 pm. month: Enter the name of one of the 12 months in English.
www.dell.com | dell.com/support 796 Command Syntax Command Mode Purpose FTOS#conf FTOS(conf)#clock timezone Pacific -8 FTOS(conf)#01:40:19: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Timezone configuration changed from "UTC 0 hrs 0 mins" to "Pacific -8 hrs 0 mins" FTOS# Set daylight savings time FTOS supports setting the system to daylight savings time once or on a recurring basis every year.
Set Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight savings time on a one-time basis. Command Syntax clock summer-time time-zone date start-month start-day start-year start-time end-month end-day end-year end-time [offset] Command Mode Purpose CONFIGURATION Set the clock to the appropriate timezone and daylight savings time. time-zone: Enter the three-letter name for the time zone. This name is displayed in the show clock output.
www.dell.com | dell.
Command Syntax Command Mode Purpose start-year: Enter a four-digit number as the year. Range: 1993 to 2035 start-time: Enter the time in hours:minutes. For the hour variable, use the 24-hour format, example, 17:15 is 5:15 pm. end-week: If you entered a start-week, Enter the one of the following as the week that daylight savings ends: • week-number: enter a number from 1-4 as the number of the week to end daylight savings time.
www.dell.com | dell.
45 Uplink Failure Detection (UFD) Uplink Failure Detection (UFD) is supported on the following platforms: s (S50, S60 only), MXL, Feature Description Uplink Failure Detection (UFD) provides detection of the loss of upstream connectivity and, if used with NIC teaming, automatic recovery from a failed link. A switch provides upstream connectivity for devices, such as servers. If a switch loses its upstream connectivity, downstream devices also lose their connectivity.
www.dell.com | dell.com/support Figure 45-1. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group. An interface in an uplink-state group can be a physical interface or a port-channel (LAG) aggregation of physical interfaces. An enabled uplink-state group tracks the state of all assigned upstream interfaces.
Figure 45-2. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a link-down state. This number is user-configurable and is calculated by the ratio of upstream port bandwidth to downstream port bandwidth in the same uplink-state group.
www.dell.com | dell.com/support Important Points to Remember When you configure Uplink Failure Detection, the following conditions apply: • You can configure up to sixteen uplink-state groups. By default, no uplink-state groups are created. An uplink-state group is considered to be operationally up if it has at least one upstream interface in the link-up state. An uplink-state group is considered to be operationally down if it has no upstream interfaces in the link-up state.
Configuring Uplink Failure Detection To configure Uplink Failure Detection, follow these steps: Step 1 Command Syntax and Mode Description uplink-state-group group-id Creates an uplink-state group and enabling the tracking of upstream links on the switch/router. Valid group-id values are 1 to 16. To delete an uplink-state group, enter the no uplink-state-group group-id command.
www.dell.com | dell.com/support Step 5 Command Syntax and Mode Description description text (Optional) Enters a text description of the uplink-state group. Maximum length: 80 alphanumeric characters. Command Mode: UPLINK-STATE-GROUP 6 no enable Command Mode: UPLINK-STATE-GROUP (Optional) Disables upstream-link tracking without deleting the uplink-state group. Default: Upstream-link tracking is automatically enabled in an uplink-state group.
Message 1 shows the Syslog messages displayed when you clear the UFD-disabled state from all disabled downstream interfaces in an uplink-state group by entering the clear ufd-disable uplink-state-group group-id command. All downstream interfaces return to an operationally up state.
www.dell.com | dell.com/support 808 | Show Command Syntax Description show interfaces interface Command Mode: EXEC Displays the current status of a port or port-channel interface assigned to an uplink-state group. interface specifies one of the following interface types: Fast Ethernet: Enter fastethernet slot/port. 1-Gigabit Ethernet: Enter gigabitethernet slot/port. 10-Gigabit Ethernet: Enter tengigabitethernet slot/port. Port channel: Enter port-channel {1-512}.
Figure 45-3.
www.dell.com | dell.com/support Figure 45-4.
Sample Configuration: Uplink Failure Detection Figure 45-7 shows a sample configuration of Uplink Failure Detection on a switch/router in which you: • • • • • • Configure uplink-state group 3. Add downstream links Gigabitethernet 0/1, 0/2, 0/5, 0/9, 0/11, and 0/12. Configure two downstream links to be disabled if an upstream link fails. Add upstream links Gigabitethernet 0/3 and 0/4. Add a text description for the group. Verify the configuration with various show commands. Figure 45-7.
www.dell.com | dell.
46 Upgrade Procedures Find the upgrade procedures Go to the FTOS Release Notes for your system type to see all the requirements to upgrade to the desired FTOS version. Follow the procedures in the FTOS Release Notes for the software version you wish to upgrade to. Get Help with upgrades Direct any questions or concerns about FTOS Upgrade Procedures to the Dell Networking Technical Support Center. You can reach Technical Support: • • • On the Web: http://support.dell.
| Upgrade Procedures www.dell.com | dell.
47 Virtual LANs (VLAN) VLANs are supported on platforms ces This section contains the following subsections: • • • • • Default VLAN Port-Based VLANs VLANs and Port Tagging Configuration Task List for VLANs Enable Null VLAN as the Default VLAN Virtual LANs, or VLANs, are a logical broadcast domain, or logical grouping of interfaces in a LAN, in which all data received is kept locally and broadcast to all members of the group.
www.dell.com | dell.com/support Table 47-1 displays the defaults for VLANs in FTOS. Table 47-1. VLAN Defaults on FTOS Feature Default Spanning Tree group ID All VLANs are part of Spanning Tree group 0 Mode Layer 2 (no IP address is assigned) Default VLAN ID VLAN 1 Default VLAN When interfaces are configured for Layer 2 mode, they are automatically placed in the Default VLAN as untagged interfaces. Only untagged interfaces can belong to the Default VLAN. Note: In FTOS software version 8.3.3.
By default, VLAN 1 is the Default VLAN. To change that designation, use the default vlan-id command in the CONFIGURATION mode. You cannot delete the Default VLAN. Note: An IP address cannot be assigned to the Default VLAN. To assign an IP address to a VLAN that is currently the Default VLAN, create another VLAN and assign it to be the Default VLAN. For details on assigning IP addresses, see Assign an IP address to a VLAN. Untagged interfaces must be part of a VLAN.
www.dell.com | dell.com/support Figure 47-2. Tagged Frame Format Ethernet Preamble Source Address Tag Header Protocol Type Data 6 octets 6 octets 4 octets 2 octets 45 - 1500 octets Frame Check Sequence 4 octets FN00001B Destination Address The tag header contains some key information used by FTOS: • • The VLAN protocol identifier identifies the frame as tagged according to the IEEE 802.1Q specifications (2 bytes). Tag Control Information (TCI) includes the VLAN ID (2 bytes total).
Use the show vlan command (Figure 47-3) in the EXEC privilege mode to view the configured VLANs. Figure 47-3. show vlan Command Example FTOS#show vlan Codes: * - Default VLAN, G - GVRP VLANs * NUM 1 2 3 4 5 6 Status Inactive Active Active Active Active Active Q U U U T U U U Ports So 9/4-11 Gi 0/1,18 Gi 0/2,19 Gi 0/3,20 Po 1 Gi 0/12 So 9/0 FTOS# A VLAN is active only if the VLAN contains interfaces and those interfaces are operationally up.
www.dell.com | dell.com/support To tag frames leaving an interface in Layer 2 mode, you must assign that interface to a port-based VLAN to tag it with that VLAN ID. To tag interfaces, use these commands in the following sequence: Step 1 2 Command Syntax Command Mode Purpose interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode of the VLAN to which you want to assign the interface. tagged interface INTERFACE Enable an interface to include the IEEE 802.1Q tag header.
Use the untagged command to move untagged interfaces from the Default VLAN to another VLAN: Step 1 2 Command Syntax Command Mode Purpose interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode of the VLAN to which you want to assign the interface. untagged interface INTERFACE Configure an interface as untagged. This command is available only in VLAN interfaces.
www.dell.com | dell.com/support Assign an IP address to a VLAN VLANs are a Layer 2 feature. For two physical interfaces on different VLANs to communicate, you must assign an IP address to the VLANs to route traffic between the two interfaces. The shutdown command in INTERFACE mode does not affect Layer 2 traffic on the interface; the shutdown command only prevents Layer 3 traffic from traversing over the interface. Note: An IP address cannot be assigned to the Default VLAN, which, by default, is VLAN 1.
Native VLAN support breaks this barrier so that a port can be connected to both VLAN-aware and VLAN-unaware stations. Such ports are referred to as hybrid ports. Physical and port-channel interfaces may be hybrid ports. Native VLAN is useful in deployments where a Layer 2 port can receive both tagged and untagged traffic on the same physical port. The classic example is connecting a VOIP phone and a PC to the same port of the switch.
| Virtual LANs (VLAN) www.dell.com | dell.
48 Virtual Router Redundancy Protocol (VRRP) Virtual Router Redundancy Protocol (VRRP) is supported on platforms ces This chapter covers the following information: • • • • • VRRP Overview VRRP Benefits VRRP Implementation VRRP Configuration Sample Configurations Virtual Router Redundancy Protocol (VRRP) is designed to eliminate a single point of failure in a statically routed network. This protocol is defined in RFC 2338 and RFC 3768.
www.dell.com | dell.com/support In Figure 48-1 below, Router A is configured as the MASTER router. It is configured with the IP address of the virtual router and sends any packets addressed to the virtual router through interface GigabitEthernet 1/1 to the Internet. As the BACKUP router, Router B is also configured with the IP address of the virtual router. If for any reason Router A becomes unavailable, VRRP elects a new MASTER Router. Router B assumes the duties of Router A and becomes the MASTER router.
VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and they are not dependent on IGP protocols to converge or update routing tables. VRRP Implementation E-Series supports an unlimited total number of VRRP groups on the router while supporting up to 255 VRRP groups on a single interface (Table 48-1).
www.dell.com | dell.com/support Note: The 1500 VRRP groups are supported in FTOS Release 6.3.1.0 and later. The recommendations in Table 48-1 may vary depending on various factors like ARP broadcasts, IP broadcasts, or STP before changing the advertisement interval. When the number of packets processed by RP2/CP/FP processor increases or decreases based on the dynamics of the network, the advertisement intervals in may increase or decrease accordingly.
Task Command Syntax Command Mode Note: The interface must already have a Primary IP Address defined, and be enabled. Figure 48-2. Command Example: vrrp-group FTOS(conf)#int gi 1/1 FTOS(conf-if-gi-1/1)#vrrp-group 111 FTOS(conf-if-gi-1/1-vrid-111)# Figure 48-3. Virtual Router ID and VRRP Group identifier Command Example Display: show config for the Interface FTOS(conf-if-gi-1/1)#show conf ! interface GigabitEthernet 1/1 ip address 10.10.10.
www.dell.com | dell.com/support For example, an interface (on which VRRP is to be enabled) contains a primary IP address of 50.1.1.1/24 and a secondary IP address of 60.1.1.1/24. The VRRP Group (VRID 1) must contain virtual addresses belonging to either subnet 50.1.1.0/24 or subnet 60.1.1.0/24, but not from both subnets (though FTOS allows the same). • • If the virtual IP address and the interface’s primary/secondary IP address are the same, the priority on that VRRP group MUST be set to 255.
Figure 48-6. Command Example Display: show vrrp Same VRRP Group (VRID) FTOS#do show vrrp -----------------GigabitEthernet 1/1, VRID: 111, Net: 10.10.10.1 State: Master, Priority: 255, Master: 10.10.10.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 1768, Gratuitous ARP sent: 5 Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.10.1 10.10.10.2 10.10.10.3 10.10.10.
www.dell.com | dell.com/support Configure the VRRP Group’s priority with the following command in the VRRP mode: Task Command Syntax Command Mode Configure the priority for the VRRP group. INTERFACE -VRID priority priority Range: 1-255 Default: 100 Figure 48-7. Command Example: priority in Interface VRRP mode FTOS(conf-if-gi-1/2)#vrrp-group 111 FTOS(conf-if-gi-1/2-vrid-111)#priority 125 Figure 48-8.
Configure simple authentication with the following command in the VRRP mode: Task Command Syntax Command Mode Configure a simple text password. authentication-type simple [encryption-type] password INTERFACE-VRID Parameters: encryption-type: 0 indicates unencrypted; 7 indicates encrypted password: plain text Figure 48-9.
www.dell.com | dell.com/support Since preempt is enabled by default, disable the preempt function with the following command in the VRRP mode. Re-enable preempt by entering the preempt command. When preempt is enabled, it does not display in the show commands, because it is a default setting., Task Command Syntax Command Mode Prevent any BACKUP router with a higher priority from becoming the MASTER router. no preempt INTERFACE-VRID Figure 48-11.
Figure 48-13. Command Example: advertise-interval FTOS(conf-if-gi-1/1)#vrrp-group 111 FTOS(conf-if-gi-1/1-vrid-111)#advertise-interval 10 FTOS(conf-if-gi-1/1-vrid-111)# Figure 48-14. Command Example Display: advertise-interval in VRID mode FTOS(conf-if-gi-1/1-vrid-111)#show conf ! vrrp-group 111 advertise-interval 10 authentication-type simple 7 387a7f2df5969da4 no preempt priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.
www.dell.com | dell.com/support Figure 48-15. Command Example: track FTOS(conf-if-gi-1/1)#vrrp-group 111 FTOS(conf-if-gi-1/1-vrid-111)#track gigabitethernet 1/2 FTOS(conf-if-gi-1/1-vrid-111)# Figure 48-16. Command Example Display: track in VRID mode FTOS(conf-if-gi-1/1-vrid-111)#show conf ! vrrp-group 111 advertise-interval 10 authentication-type simple 7 387a7f2df5969da4 no preempt priority 255 track GigabitEthernet 1/2 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.
Figure 48-17. Configure VRRP Router 2 R2(conf)#int gi 2/31 R2(conf-if-gi-2/31)#ip address 10.1.1.1/24 R2(conf-if-gi-2/31)#no shut R2(conf-if-gi-2/31)#vrrp-group 99 R2(conf-if-gi-2/31-vrid-99)#virtual 10.1.1.2 R2(conf-if-gi-2/31-vrid-99)#no shut R2(conf-if-gi-2/31)#show conf ! interface GigabitEthernet 2/31 ip address 10.1.1.1/24 ! vrrp-group 99 virtual-address 10.1.1.3 no shutdown R2(conf-if-gi-2/31)#end R2#show vrrp -----------------GigabitEthernet 2/31, VRID: 99, Net: 10.1.1.
www.dell.com | dell.com/support Figure 48-18. VRRP Topography Illustration State Master: R2 was the first interface configured with VRRP Virtual MAC is automatically assigned and is the same on both Routers State Backup: R3 was the second interface configured with VRRP R2#show vrrp -----------------GigabitEthernet 2/31, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 100, Master: 10.1.1.
49 Standards Compliance This appendix contains the following sections: • • • IEEE Compliance RFC and I-D Compliance MIB Location Note: Unless noted, when a standard cited here is listed as supported by FTOS, FTOS also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website. Click on “Browse and search IETF documents”, enter an RFC number, and inspect the top of the resulting document for obsolescence citations to related RFCs.
www.dell.com | dell.com/support • • • Force10 — PVST+ SFF-8431 — SFP+ Direct Attach Cable (10GSFP+Cu) MTU — 9,252 bytes RFC and I-D Compliance The following standards are supported by FTOS, and are grouped by related protocol. The columns showing support by platform indicate which version of FTOS first supports the standard. Note: Checkmarks () in the E-Series column indicate that FTOS support was added before FTOS version 7.5.1.
General IPv4 Protocols FTOS support, per platform RFC# Full Name E-Series E-Series S-Series C-Series TeraScale ExaScale 791 Internet Protocol 7.6.1 7.5.1 8.1.1 792 Internet Control Message Protocol 7.6.1 7.5.1 8.1.1 826 An Ethernet Address Resolution Protocol 7.6.1 7.5.1 8.1.1 1027 Using ARP to Implement Transparent Subnet Gateways 7.6.1 7.5.1 8.1.1 1035 DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION (client) 7.6.1 7.5.1 8.1.
www.dell.com | dell.com/support General IPv6 Protocols 842 FTOS support, per platform | RFC# Full Name 1886 E-Series E-Series TeraScale ExaScale S-Series C-Series DNS Extensions to support IP version 6 7.8.1 7.8.1 8.2.1 1981 (Partial) Path MTU Discovery for IP version 6 7.8.1 7.8.1 8.2.1 2460 Internet Protocol, Version 6 (IPv6) Specification 7.8.1 7.8.1 8.2.1 2461 (Partial) Neighbor Discovery for IP Version 6 (IPv6) 7.8.1 7.8.1 8.2.
Border Gateway Protocol (BGP) FTOS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale RFC# Full Name 1997 BGP Communities Attribute 7.8.1 7.7.1 8.1.1 2385 Protection of BGP Sessions via the TCP MD5 Signature Option 7.8.1 7.7.1 8.1.1 2439 BGP Route Flap Damping 7.8.1 7.7.1 8.1.1 2545 Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing 7.8.1 8.2.1 2796 BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP) 7.8.
www.dell.com | dell.com/support Open Shortest Path First (OSPF) 844 FTOS support, per platform | Full Name 1587 The OSPF Not-So-Stubby Area (NSSA) Option 7.6.1 7.5.1 8.1.1 2154 OSPF with Digital Signatures 7.6.1 7.5.1 8.1.1 2328 OSPF Version 2 7.6.1 7.5.1 8.1.1 2370 The OSPF Opaque LSA Option 7.6.1 7.5.1 8.1.1 2740 OSPF for IPv6 7.8.1 8.2.1 3623 Graceful OSPF Restart 7.8.1 7.5.1 8.1.
Intermediate System to Intermediate System (IS-IS) FTOS support, per platform E-Series TeraScale E-Series ExaScale OSI IS-IS Intra-Domain Routing Protocol (ISO DP 10589) 8.1.1 1195 Use of OSI IS-IS for Routing in TCP/IP and Dual Environments 8.1.1 2763 Dynamic Hostname Exchange Mechanism for IS-IS 8.1.1 2966 Domain-wide Prefix Distribution with Two-Level IS-IS 8.1.1 3373 Three-Way Handshake for Intermediate System to Intermediate System (IS-IS) Point-to-Point Adjacencies 8.1.
www.dell.com | dell.com/support Routing Information Protocol (RIP) FTOS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale Routing Information Protocol 7.8.1 7.6.1 8.1.1 RIP Version 2 7.8.1 7.6.1 8.1.1 RFC# Full Name 1058 2453 Multiprotocol Label Switching (MPLS) FTOS support, per platform 846 | C-Series E-Series ExaScale Full Name 2702 Requirements for Traffic Engineering Over MPLS 8.3.1 3031 Multiprotocol Label Switching Architecture 8.3.
Multicast FTOS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale Host Extensions for IP Multicasting 7.8.1 7.7.1 8.1.1 2236 Internet Group Management Protocol, Version 2 7.8.1 7.7.1 8.1.1 2710 Multicast Listener Discovery (MLD) for IPv6 8.2.1 3376 Internet Group Management Protocol, Version 3 8.1.1 3569 An Overview of Source-Specific Multicast (SSM) 7.5.1 SSM for IPv4/ IPv6 8.2.
www.dell.com | dell.com/support Network Management 848 FTOS support, per platform | S-Series C-Series E-Series TeraScale E-Series ExaScale Structure and Identification of Management Information for TCP/IP-based Internets 7.6.1 7.5.1 8.1.1 1156 Management Information Base for Network Management of TCP/IP-based internets 7.6.1 7.5.1 8.1.1 1157 A Simple Network Management Protocol (SNMP) 7.6.1 7.5.1 8.1.1 1212 Concise MIB Definitions 7.6.1 7.5.1 8.1.
Network Management (continued) FTOS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) 7.6.1 7.5.1 8.1.1 2574 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) 7.6.1 7.5.1 8.1.1 2575 View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP) 7.6.1 7.5.1 8.1.
www.dell.com | dell.com/support Network Management (continued) FTOS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale Remote Network Monitoring Management Information Base for High Capacity Networks (64 bits): Ethernet Statistics High-Capacity Table, Ethernet History High-Capacity Table 7.6.1 7.5.1 8.1.1 3416 Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP) 7.6.1 7.5.1 8.1.
Network Management (continued) FTOS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale The LLDP Management Information Base extension module for IEEE 802.1 organizationally defined discovery information. (LLDP DOT1 MIB and LLDP DOT3 MIB) 7.7.1 7.6.1 7.6.1 8.1.1 The LLDP Management Information Base extension module for IEEE 802.3 organizationally defined discovery information. (LLDP DOT1 MIB and LLDP DOT3 MIB) 7.7.1 7.6.1 7.6.1 8.1.
www.dell.com | dell.com/support Network Management (continued) FTOS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale FORCE10-PRO Force10 Product Object Identifier MIB DUCTS-MIB 7.6.1 7.5.1 8.1.1 FORCE10-SS- Force10 S-Series Enterprise Chassis MIB CHASSIS-MIB 7.6.1 FORCE10-SMI Force10 Structure of Management Information 7.6.1 7.5.1 8.1.1 FORCE10-SYS Force10 System Component MIB (enables the TEM-COMPO user to view CAM usage information) NENT-MIB 7.6.1 7.5.
MIB Location Force10 MIBs are under the Force10 MIBs subhead on the Documentation page of iSupport: https://www.force10networks.com/csportal20/KnowledgeBase/Documentation.aspx You also can obtain a list of selected MIBs and their OIDs at the following URL: https://www.force10networks.com/csportal20/MIBs/MIB_OIDs.aspx Some pages of iSupport require a login. To request an iSupport account, go to: https://www.force10networks.com/CSPortal20/Support/AccountRequest.
| Standards Compliance www.dell.com | dell.
