Quick Reference Guide

ManualsBrandsDell ManualsserversDell Networking N4000 Series

Dell Networking

2024/2048/3024/3048/4032/4064

CLI Reference Guide

Regulatory Model: N2024/N2024P/N2048/

N2048P/N3024/N3024F/N3024P/N3048/

N3048P/N4032/N4032F/N4064/N4064F

2CSNXXX_SWUM200.book Page 1 Tuesday, December 10, 2013 1:22 PM

Summary of content (1823 pages)

PAGE 1
2CSNXXX_SWUM200.
PAGE 2
CSNXXX_SWUM200.book Page 2 Tuesday, December 10, 2013 1:22 PM Notes NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ____________________ Information in this publication is subject to change without notice. © 2013 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc.
PAGE 3
2CSNXXX_SWUM200.book Page 3 Tuesday, December 10, 2013 1:22 PM Contents 1 Command Groups Introduction . . . . . . . . . . . . . . . . . . 83 . . . . . . . . . . . . . . . . . . . . . . . 83 Command Groups Mode Types . . . . . . . . . . . . . . . . . . . . 83 . . . . . . . . . . . . . . . . . . . . . . . 87 Layer 2 Commands . . . . . . . . . . . . . . . . . . . . 89 Layer 3 Commands . . . . . . . . . . . . . . . . . . . . 127 . . . . . . . . . . . . . . . . . . . .
PAGE 4
2CSNXXX_SWUM200.book Page 4 Tuesday, December 10, 2013 1:22 PM 3 Layer 2 Switching Commands . . . . . . . . 215 4 AAA Commands . . . . . . . . . . . . . . . . . . . 217 TACACS+ Accounting . . . . . . . . . . . . . . . . . . Commands in this Chapter . . . . . . . . . . . . . . . . aaa authentication dot1x default 220 . . . . . . . . . . . . . . . 221 . . . . . . . . . . . . . . . . 223 . . . . . . . . . . . . . . . . . . . . 224 aaa authentication login .
PAGE 5
2CSNXXX_SWUM200.book Page 5 Tuesday, December 10, 2013 1:22 PM password (User EXEC) . . . . . . . . . . . . . . . . . . 238 show aaa ias-users . . . . . . . . . . . . . . . . . . . 238 show aaa statistics . . . . . . . . . . . . . . . . . . . 239 show authentication methods . . . . . . . . . . . . . . 240 . . . . . . . . . . . . . . 241 . . . . . . . . . . . . . . . . . . 242 show authorization methods show users accounts show users login-history username . . . . . . . . . . . . . . . . .
PAGE 6
2CSNXXX_SWUM200.book Page 6 Tuesday, December 10, 2013 1:22 PM Commands in this Chapter . ip access-list . . . . . . . . . . . . . . . . 260 . . . . . . . . . . . . . . . . . . . . . . 260 deny | permit (IP ACL) deny | permit (Mac-Access-List-Configuration) ip access-group . . . . 266 . . . . . . . . . . . . . . . . . . . . . 268 mac access-group . . . . . . . . . . . . 272 . . . . . . . . . . . . . . . . . . . . 273 show service-acl interface show ip access-lists . 274 . . . . . . . . .
PAGE 7
2CSNXXX_SWUM200.book Page 7 Tuesday, December 10, 2013 1:22 PM show mac address-table multicast show mac address-table . . . . . . . . . . . 285 . . . . . . . . . . . . . . . . 287 show mac address-table address . show mac address-table count . . . . . . . . . . . . . 288 . . . . . . . . . . . 289 show mac address-table interface . . . . . . . . . . . 290 show mac address-table static . . . . . . . . . . . . . 291 show mac address-table vlan . . . . . . . . . . . . . . 292 . . . . . . .
PAGE 8
2CSNXXX_SWUM200.book Page 8 Tuesday, December 10, 2013 1:22 PM isdp holdtime. . . . . . . . . . . . . . . . . . . . . . . 304 isdp timer . . . . . . . . . . . . . . . . . . . . . . . . 304 show isdp . . . . . . . . . . . . . . . . . . . . . . . . 305 show isdp entry 306 . . . . . . . . . . . . . . . . . . . . . show isdp interface show isdp neighbors. show isdp traffic . 307 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308 . . . . . . . . . . . . . . . . . . .
PAGE 9
2CSNXXX_SWUM200.book Page 9 Tuesday, December 10, 2013 1:22 PM show dhcp l2relay circuit-id vlan . . . . . . . . . . . . 320 show dhcp l2relay remote-id vlan . . . . . . . . . . . . 321 clear dhcp l2relay statistics interface 322 . . . . . . . . . 11 DHCP Management Interface Commands 323 Commands in this Chapter . . . . . . . . . . . . . . . . 323 . . . . . . . . . . . . . . . . . . . . . . 324 . . . . . . . . . . . . . . . . . . . . . . . 325 release dhcp .
PAGE 10
2CSNXXX_SWUM200.book Page 10 Tuesday, December 10, 2013 1:22 PM ip dhcp snooping verify mac-address . show ip dhcp snooping . . . . . . . . . 338 . . . . . . . . . . . . . . . . . 338 show ip dhcp snooping binding . 339 . . . . . . . . . . . . show ip dhcp snooping database . . . . . . . . . . . . 340 show ip dhcp snooping interfaces . . . . . . . . . . . 341 show ip dhcp snooping statistics . . . . . . . . . . . . 342 13 Dynamic ARP Inspection Commands Commands in this Chapter .
PAGE 11
2CSNXXX_SWUM200.book Page 11 Tuesday, December 10, 2013 1:22 PM 14 E-mail Alerting Commands Commands in this Chapter . logging email 358 . . . . . . . . . . . . . . . . . . . . . . 358 . . . . . . . . . . . . . . . . . . 359 . . . . . . . . . . . . . . . . . . . . . . 360 logging email message-type to-addr logging email from-addr . . . . . . . . . . . 361 . . . . . . . . . . . . . . . . 362 logging email message-type subject logging email logtime . . . . . . . . . . 363 . . . . . . . . . .
PAGE 12
2CSNXXX_SWUM200.book Page 12 Tuesday, December 10, 2013 1:22 PM clear counters . . . . . . . . . . . . . . . . . . . . . . 372 . . . . . . . . . . . . . . . . . . . . . . . 373 . . . . . . . . . . . . . . . . . . . . . . . . . . 374 description . duplex flowcontrol receive interface . . . . . . . . . . . . . . . . . . . 374 . . . . . . . . . . . . . . . . . . . . . . . . . 375 interface range . . . . . . . . . . . . . . . . . . . . . . monitor capture (Global Configuration) . . . . . . . .
PAGE 13
2CSNXXX_SWUM200.book Page 13 Tuesday, December 10, 2013 1:22 PM speed . 404 . . . . . . . . . . . . . . . . . . . . . . . . . . storm-control broadcast . . . . . . . . . . . . . . . . . 406 . . . . . . . . . . . . . . . . . 406 storm-control unicast . . . . . . . . . . . . . . . . . . 407 switchport protected . . . . . . . . . . . . . . . . . . 408 storm-control multicast switchport protected name . . . . . . . . . . . . . . . 409 show switchport protected . . . . . . . . . . . . . . .
PAGE 14
2CSNXXX_SWUM200.book Page 14 Tuesday, December 10, 2013 1:22 PM traceroute ethernet cfm show ethernet cfm errors 424 . . . . . . . . . . . . . . . . show ethernet cfm domain 424 . . . . . . . . . . . . . . . show ethernet cfm maintenance-points local 425 . . . . . show ethernet cfm maintenance-points remote . . . . 426 . . . . . . . . . . . . . . 427 . . . . . . . . . . . . . . . . . . . . . . . . 428 show ethernet cfm statistics debug cfm 423 . . . . . . . . . . . . . . . . .
PAGE 15
2CSNXXX_SWUM200.book Page 15 Tuesday, December 10, 2013 1:22 PM clear gvrp statistics garp timer . . . . . . . . . . . . . . . . . . . 443 . . . . . . . . . . . . . . . . . . . . . . . . 444 gvrp enable (global) 445 . . . . . . . . . . . . . . . . . . . gvrp enable (interface) . . . . . . . . . . . . . . . . . 446 gvrp registration-forbid . . . . . . . . . . . . . . . . . 447 gvrp vlan-creation-forbid . . . . . . . . . . . . . . . . 448 show gvrp configuration . . . . . . . . . . . . . .
PAGE 16
2CSNXXX_SWUM200.book Page 16 Tuesday, December 10, 2013 1:22 PM ip igmp snooping vlan mrouter 20 IGMP Snooping Querier Commands Commands in this Chapter . ip igmp snooping querier . . . 467 . . . . . . . . . . . . . . . 467 . . . . . . . . . . . . . . . . 468 ip igmp snooping querier election participate . . . . . 469 . . . . . . . . 470 . . . . . . . . . 471 . . . . . . . . . . . 472 . . . . . . . . . . . . .
PAGE 17
2CSNXXX_SWUM200.book Page 17 Tuesday, December 10, 2013 1:22 PM ip host 485 . . . . . . . . . . . . . . . . . . . . . . . . . . ip name-server . ipv6 address (Interface Configuration) . . . . . . . . . 487 . . . . . . . . . . . . . . . . . 488 . . . . . . . . . . . . . . . . . . . . 489 ipv6 address (OOB Port) ipv6 address dhcp ipv6 enable (Interface Configuration) . ipv6 enable (OOB Configuration) . . . . . . . . . 490 . . . . . . . . . . . .
PAGE 18
2CSNXXX_SWUM200.book Page 18 Tuesday, December 10, 2013 1:22 PM 23 IPv6 MLD Snooping Commands . Commands in this Chapter . . . . . . . . . . . . . . . . . . . . . . ipv6 mld snooping vlan groupmembership-interval ipv6 mld snooping vlan immediate-leave . 509 . . 510 . . . . . . . 510 ipv6 mld snooping listener-message-suppression . . . ipv6 mld snooping vlan last-listener-query-interval 511 . . 512 . . . . . . . . 513 . . . . . . . . . . . . 514 . . . . . . . . . . . . . . . 514 . . . .
PAGE 19
2CSNXXX_SWUM200.book Page 19 Tuesday, December 10, 2013 1:22 PM show ipv6 mld snooping querier 25 IP Source Guard Commands Commands in this Chapter . ip verify source . . . . . . . . . 529 . . . . . . . . . . . . . . . . . . . . . 529 . . . . . . . . . . . . . . 531 . . . . . . . . . . . . . . . . . . . . . 531 . . . . . . . . . . . . . . . . . . . . . . 532 ip verify binding show ip verify source 533 . . . . . . . . . . . . . . . . . . show ip source binding 534 . . . . . . . . . . . . .
PAGE 20
2CSNXXX_SWUM200.book Page 20 Tuesday, December 10, 2013 1:22 PM action . link-dependency group add 545 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547 depends-on. show link-dependency 28 LLDP Commands 548 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Commands in this Chapter . 551 . . . . . . . . . . . . . . . 552 . . . . . . . . . . . . . . . . . 552 . . . . . .
PAGE 21
2CSNXXX_SWUM200.book Page 21 Tuesday, December 10, 2013 1:22 PM show lldp . . . . . . . . . . . . . . . . . . . . . . . . . show lldp interface . . . . . . . . . . . . . . . . . . . show lldp local-device show lldp med 562 563 . . . . . . . . . . . . . . . . . 564 . . . . . . . . . . . . . . . . . . . . . . 565 show lldp med interface . . . . . . . . . . . . . . . . . show lldp med local-device detail . . . . . . . . . . . 567 . . . . . . . . . . . . . 568 . . . . . . . . . . . . . . . .
PAGE 22
2CSNXXX_SWUM200.book Page 22 Tuesday, December 10, 2013 1:22 PM show mvr interface show mvr traffic . . . . . . . . . . . . . . . . . . . 585 . . . . . . . . . . . . . . . . . . . . . 587 30 Port Channel Commands Static LAGS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . VLANs and LAGs . LAG Hashing . 590 . . . . . . . . . . . . . . . . . . . . . 590 . . . . . . . . . . . . . . . . . . . . . . 591 Enhanced LAG Hashing . . . . . . . . . . . . . . . . .
PAGE 23
2CSNXXX_SWUM200.book Page 23 Tuesday, December 10, 2013 1:22 PM show lacp show statistics port-channel 31 MLAG . Commands in this Chapter . 607 . . . . . . . . . . . . . . . . . . . 607 . . . . . . . . . . . . . . . . . . . . . . . . 608 feature vpc . . . . . . . . . . . . . . . . . . . . . . . . peer-detection enable . . . . . . . . . . . . . . . . . . peer-keepalive destination 609 610 . . . . . . . . . . . . . . . 611 . . . . . . . . . . . . . . . . . 612 . . . . . . . . . . . . . . .
PAGE 24
2CSNXXX_SWUM200.book Page 24 Tuesday, December 10, 2013 1:22 PM 32 Port Monitor Commands Commands in this Chapter . 628 . . . . . . . . . . . . . . . . . . . . . 628 . . . . . . . . . . . . . . . . . . . . . . . 630 show monitor session 33 QoS Commands 635 . . . . . . . . . . . . . . . . . . 635 . . . . . . . . . . . . . . . . . . . . . . . 636 Layer 3/4 IPv4 ACLs . . . . . . . . . . . . . . . . . . . Class of Service (CoS) . Queue Mapping 636 . . . . . . . . . . . . . . . . . 636 . . .
PAGE 25
2CSNXXX_SWUM200.book Page 25 Tuesday, December 10, 2013 1:22 PM conform-color . . . . . . . . . . . . . . . . . . . . . . 647 cos-queue min-bandwidth . . . . . . . . . . . . . . . 649 cos-queue random-detect . . . . . . . . . . . . . . . . 650 . . . . . . . . . . . . . . . . . . . . . 652 . . . . . . . . . . . . . . . . . . . . . . . . . 653 . . . . . . . . . . . . . . . . . . . . . . . . . . . 653 cos-queue strict diffserv . drop. mark cos . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 26
2CSNXXX_SWUM200.book Page 26 Tuesday, December 10, 2013 1:22 PM match source-address mac . . . . . . . . . . . . . . . 666 match srcip. . . . . . . . . . . . . . . . . . . . . . . . 667 match srcip6 . . . . . . . . . . . . . . . . . . . . . . . 667 match srcl4port . . . . . . . . . . . . . . . . . . . . . 668 . . . . . . . . . . . . . . . . . . . . . . . . 669 . . . . . . . . . . . . . . . . . . . . . . . . . . 670 match vlan mirror . police-simple . . . . . . . . . . . . . . . . . . . .
PAGE 27
2CSNXXX_SWUM200.book Page 27 Tuesday, December 10, 2013 1:22 PM show diffserv service brief . . . . . . . . . . . . . . . 688 show interfaces cos-queue . . . . . . . . . . . . . . . 689 show interfaces random-detect . show policy-map . . . . . . . . . . . . 691 . . . . . . . . . . . . . . . . . . . . 691 show policy-map interface . . . . . . . . . . . . . . . 692 . . . . . . . . . . . . . . . . . . 693 traffic-shape . . . . . . . . . . . . . . . . . . . . . . . 694 vlan priority . . . .
PAGE 28
2CSNXXX_SWUM200.book Page 28 Tuesday, December 10, 2013 1:22 PM priority 710 . . . . . . . . . . . . . . . . . . . . . . . . . . radius-server attribute 4 . . . . . . . . . . . . . . . . . 711 . . . . . . . . . . . . . . . . . 712 radius-server host . . . . . . . . . . . . . . . . . . . . 713 radius-server key . . . . . . . . . . . . . . . . . . . . 714 radius-server deadtime radius-server key encrypted. . . . . . . . . . . . . . . 715 . . . . . . . . . . . . . . . . 715 . . . . . . . .
PAGE 29
2CSNXXX_SWUM200.book Page 29 Tuesday, December 10, 2013 1:22 PM name (mst) . . . . . . . . . . . . . . . . . . . . . . . . revision (mst). . . . . . . . . . . . . . . . . . . . . . . show spanning-tree . . . . . . . . . . . . . . . . . . . show spanning-tree summary . 735 735 . . . . . . . . . . . . . 740 . . . . . . . . . . . . . . . . 741 . . . . . . . . . . . . . . . . . . . . . . 743 show spanning-tree vlan spanning-tree 734 spanning-tree auto-portfast . . . . . . . . . . . . . . .
PAGE 30
2CSNXXX_SWUM200.book Page 30 Tuesday, December 10, 2013 1:22 PM spanning-tree mst priority . spanning-tree portfast . . . . . . . . . . . . . . . . 757 . . . . . . . . . . . . . . . . . 758 spanning-tree portfast bpdufilter default spanning-tree portfast default . . . . . . . . . 759 . . . . . . . . . . . . . 759 spanning-tree port-priority (Interface Configuration). spanning-tree priority . 760 . . . . . . . . . . . . . . . . . .
PAGE 31
2CSNXXX_SWUM200.book Page 31 Tuesday, December 10, 2013 1:22 PM show tacacs tacacs-server host . tacacs-server key . . . . . . . . . . . . . . . . . . . 775 . . . . . . . . . . . . . . . . . . . . 776 tacacs-server key encrypted . . . . . . . . . . . . . . 777 . . . . . . . . . . . . . . . . . . 778 . . . . . . . . . . . . . . . . . . . . . . . . . 778 tacacs-server timeout timeout . 774 . . . . . . . . . . . . . . . . . . . . . . . 37 UDLD Commands . . . . . . . . . . . . . . . . . .
PAGE 32
2CSNXXX_SWUM200.book Page 32 Tuesday, December 10, 2013 1:22 PM 38 VLAN Commands . Double VLAN Mode . . . . . . . . . . . . . . . . . 791 . . . . . . . . . . . . . . . . . . . Independent VLAN Learning . 791 . . . . . . . . . . . . . . 792 Protocol Based VLANs . . . . . . . . . . . . . . . . . . 792 IP Subnet Based VLANs . . . . . . . . . . . . . . . . . 793 . . . . . . . . . . . . . . . . . . . 793 MAC-Based VLANs Private VLAN Commands . . . . . . . . . . . . . . . .
PAGE 33
2CSNXXX_SWUM200.book Page 33 Tuesday, December 10, 2013 1:22 PM show vlan association mac . . . . . . . . . . . . . . . show vlan association subnet . switchport access vlan 813 . . . . . . . . . . . . . 814 . . . . . . . . . . . . . . . . . 815 switchport general forbidden vlan . . . . . . . . . . . 816 switchport general acceptable-frame-type tagged-only 817 switchport general allowed vlan . . . . . . . . . . . . switchport general ingress-filtering disable . 817 . . . . . 818 . . . . .
PAGE 34
2CSNXXX_SWUM200.book Page 34 Tuesday, December 10, 2013 1:22 PM show vlan private-vlan 39 Voice VLAN Commands . Commands in this Chapter . voice vlan 833 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 835 . . . . . . . . . . . . . . . 836 . . . . . . . . . . . . . . . . . . . . . . . . 836 voice vlan (Interface) voice vlan data priority show voice vlan . . . . . . . . . . . . . . . . . 837 . . . . . . . . . . . . . . . . . . . . . 838 40 802.1x Commands . . . . . . . . . . . . .
PAGE 35
2CSNXXX_SWUM200.book Page 35 Tuesday, December 10, 2013 1:22 PM dot1x port-control . . . . . . . . . . . . . . . . . . . . dot1x re-authenticate . . . . . . . . . . . . . . . . . . dot1x reauthentication . . . . . . . . . . . . . . . . . . dot1x system-auth-control . . . . . . . . . . . . . . . . dot1x system-auth-control monitor 851 851 852 . . . . . . . . . . . 853 . . . . . . . . . . . . 853 . . . . . . . . . . . . . . .
PAGE 36
2CSNXXX_SWUM200.book Page 36 Tuesday, December 10, 2013 1:22 PM show dot1x clients . show dot1x interface 870 . . . . . . . . . . . . . . . . . . show dot1x interface statistics show dot1x users 868 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 871 . . . . . . . . . . . . . . . . . . . . 873 clear dot1x authentication–history . . . . . . . . . . . 874 dot1x guest-vlan . . . . . . . . . . . . . . . . . . . . . 875 dot1x unauth-vlan . . . . . . . . . . . . . . . . . . . .
PAGE 37
2CSNXXX_SWUM200.book Page 37 Tuesday, December 10, 2013 1:22 PM show lldp dcbx . 895 . . . . . . . . . . . . . . . . . . . . . Enhanced Transmission Selection (ETS) Commands . classofservice traffic-class-group . 899 . . . . . . . . . . . 899 traffic-class-group max-bandwidth . . . . . . . . . . . 901 . . . . . . . . . . . 902 . . . . . . . . . . . . . . . . 903 traffic-class-group min-bandwidth traffic-class-group strict traffic-class-group weight 905 . . . . . . . . . . . . . . .
PAGE 38
2CSNXXX_SWUM200.book Page 38 Tuesday, December 10, 2013 1:22 PM arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . arp cachesize . . . . . . . . . . . . . . . . . . . . . . arp dynamicrenew . arp purge . 922 . . . . . . . . . . . . . . . . . . . . . . . . 923 . . . . . . . . . . . . . . . . . . . . . . . 924 . . . . . . . . . . . . . . . . . . . . . . . . 925 arp timeout . . . . . . . . . . . . . . . . . . . . . . . . clear arp-cache . . . . . . . . . . . . . . . . . . . . .
PAGE 39
2CSNXXX_SWUM200.book Page 39 Tuesday, December 10, 2013 1:22 PM dns-server (IP DHCP Pool Config) . . . . . . . . . . . . domain-name (IP DHCP Pool Config) . . . . . . . . . . 940 . . . . . . . . . . . . . . . . . . . 940 . . . . . . . . . . . . . . . . . . . . . . . . . . . 941 hardware-address . host . ip dhcp bootp automatic . ip dhcp conflict logging . . . . . . . . . . . . . . . . 942 . . . . . . . . . . . . . . . . . 943 ip dhcp excluded-address . . . . . . . . . . . . . . . . 943 .
PAGE 40
2CSNXXX_SWUM200.book Page 40 Tuesday, December 10, 2013 1:22 PM 47 DHCPv6 Commands clear ipv6 dhcp . . . . . . . . . . . . . . . . . 959 . . . . . . . . . . . . . . . . . . . . . dns-server (IPv6 DHCP Pool Config) . 960 . . . . . . . . . . domain-name (IPv6 DHCP Pool Config) ipv6 dhcp pool 959 . . . . . . . . . 960 . . . . . . . . . . . . . . . . . . . . . . 961 ipv6 dhcp relay . . . . . . . . . . . . . . . . . . . . . . 962 ipv6 dhcp server . . . . . . . . . . . . . . . . . . . . .
PAGE 41
2CSNXXX_SWUM200.book Page 41 Tuesday, December 10, 2013 1:22 PM ipv6 dhcp snooping binding . . . . . . . . . . . . . . . 978 ipv6 dhcp snooping database . . . . . . . . . . . . . . 979 ipv6 dhcp snooping database write-delay ipv6 dhcp snooping limit . . . . . . . . 980 . . . . . . . . . . . . . . . . 981 ipv6 dhcp snooping log-invalid ipv6 dhcp snooping trust . . . . . . . . . . . . . . 982 . . . . . . . . . . . . . . . . 983 ipv6 dhcp snooping verify mac-address . . . . . . . . 983 . .
PAGE 42
2CSNXXX_SWUM200.book Page 42 Tuesday, December 10, 2013 1:22 PM show ip dvmrp 997 . . . . . . . . . . . . . . . . . . . . . . show ip dvmrp interface . . . . . . . . . . . . . . . . . 998 show ip dvmrp neighbor . . . . . . . . . . . . . . . . . 998 . . . . . . . . . . . . . . . . . 999 show ip dvmrp nexthop show ip dvmrp prune . . . . . . . . . . . . . . . . . 1000 show ip dvmrp route . . . . . . . . . . . . . . . . . . 1000 50 GMRP Commands . . . . . . . . . . . . . . . .
PAGE 43
2CSNXXX_SWUM200.book Page 43 Tuesday, December 10, 2013 1:22 PM ip igmp version . show ip igmp . . . . . . . . . . . . . . . . . . . . . 1015 . . . . . . . . . . . . . . . . . . . . . 1016 show ip igmp groups. . . . . . . . . . . . . . . . . . show ip igmp interface . . . . . . . . . . . . . . . . show ip igmp membership . . . . . . . . . . . . . . show ip igmp interface stats . . . . . . . . . . . . . 52 IGMP Proxy Commands . Commands in this Chapter . ip igmp proxy-service . . . . . . . . .
PAGE 44
2CSNXXX_SWUM200.book Page 44 Tuesday, December 10, 2013 1:22 PM ip dhcp relay information check . . . . . . . . . . . ip dhcp relay information check-reply ip dhcp relay information option 1033 . . . . . . . . 1034 . . . . . . . . . . . 1035 ip dhcp relay information option-insert . . . . . . . . 1036 ip helper-address (global configuration) . . . . . . . 1037 ip helper-address (interface configuration). ip helper enable . . . . . 1038 . . . . . . . . . . . . . . . . . . . .
PAGE 45
2CSNXXX_SWUM200.book Page 45 Tuesday, December 10, 2013 1:22 PM ip route distance . ip routing . . . . . . . . . . . . . . . . . . . . 1053 . . . . . . . . . . . . . . . . . . . . . . . 1053 match ip address . match length . . . . . . . . . . . . . . . . . . . . 1054 . . . . . . . . . . . . . . . . . . . . . 1056 match mac-list . route-map . . . . . . . . . . . . . . . . . . . . 1057 . . . . . . . . . . . . . . . . . . . . . . . 1058 set interface null0 . . . . . . . . . . . . . . . . . . .
PAGE 46
2CSNXXX_SWUM200.book Page 46 Tuesday, December 10, 2013 1:22 PM 55 IPv6 Routing Commands IPv6 Limitations & Restrictions . . . . . . . . . . . 1081 . . . . . . . . . . . . 1081 . . . . . . . . . . . . . . 1081 . . . . . . . . . . . . . . . . . 1082 . . . . . . . . . . . . . . . . . . 1083 ipv6 address . . . . . . . . . . . . . . . . . . . . . . 1083 ipv6 enable . . . . . . . . . . . . . . . . . . . . . . . 1085 Commands in this Chapter . clear ipv6 neighbors .
PAGE 47
2CSNXXX_SWUM200.book Page 47 Tuesday, December 10, 2013 1:22 PM ipv6 nd ra-interval . . . . . . . . . . . . . . . . . . . 1096 ipv6 nd ra-lifetime . . . . . . . . . . . . . . . . . . . 1097 ipv6 nd reachable-time . . . . . . . . . . . . . . . . 1098 . . . . . . . . . . . . . . . . . . 1099 . . . . . . . . . . . . . . . . . . . . . . . 1099 ipv6 nd suppress-ra ipv6 route . ipv6 route distance. . . . . . . . . . . . . . . . . . . 1101 ipv6 unicast-routing . . . . . . . . . . . . . . . . . .
PAGE 48
2CSNXXX_SWUM200.book Page 48 Tuesday, December 10, 2013 1:22 PM show ipv6 neighbors . show ipv6 route . . . . . . . . . . . . . . . . . 1123 . . . . . . . . . . . . . . . . . . . . 1124 show ipv6 route preferences . . . . . . . . . . . . . 1125 . . . . . . . . . . . . . . . 1126 . . . . . . . . . . . . . . . . . . . 1127 show ipv6 vlan . . . . . . . . . . . . . . . . . . . . . 1129 traceroute ipv6 . . . . . . . . . . . . . . . . . . . . . 1129 show ipv6 route summary show ipv6 traffic .
PAGE 49
2CSNXXX_SWUM200.book Page 49 Tuesday, December 10, 2013 1:22 PM ip pim bsr-candidate . . . . . . . . . . . . . . . . . . 1145 . . . . . . . . . . . . . . . . . . 1146 . . . . . . . . . . . . . . . . . . . 1146 ip pim dense-mode. ip pim dr-priority . ip pim hello-interval . . . . . . . . . . . . . . . . . . ip pim join-prune-interval . ip pim rp-address 1147 . . . . . . . . . . . . . . 1148 . . . . . . . . . . . . . . . . . . . 1149 ip pim rp-candidate . . . . . . . . . . . . . . . . . .
PAGE 50
2CSNXXX_SWUM200.book Page 50 Tuesday, December 10, 2013 1:22 PM show ip pim rp mapping . . . . . . . . . . . . . . . . 58 IPv6 Multicast Commands . clear ipv6 mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . ipv6 pim (VLAN Interface config) ipv6 pim bsr-border 1167 1168 . . . . . . . . . . . . . . . . . . 1169 . . . . . . . . . . . . . . . . 1170 . . . . . . . . . . . . . . . . . 1171 . . . . . . . . . . . . . . . . . . 1171 ipv6 pim dense-mode ipv6 pim hello-interval . . . .
PAGE 51
2CSNXXX_SWUM200.book Page 51 Tuesday, December 10, 2013 1:22 PM show ipv6 pim rp-hash . . . . . . . . . . . . . . . . . show ipv6 pim rp mapping . 59 OSPF Commands Route Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OSPF Equal Cost Multipath (ECMP) . . . . . . . . . . 1186 1186 1191 1192 1192 Forwarding of OSPF Opaque LSAs Enabled by Default 1193 Passive Interfaces . Graceful Restart . . . . . . . . . . . . . . . . . . 1194 . .
PAGE 52
2CSNXXX_SWUM200.book Page 52 Tuesday, December 10, 2013 1:22 PM area virtual-link dead-interval . . . . . . . . . . . . 1210 area virtual-link hello-interval . . . . . . . . . . . . 1211 area virtual-link retransmit-interval . . . . . . . . . 1212 . . . . . . . . . . . 1213 auto-cost . . . . . . . . . . . . . . . . . . . . . . . . 1213 bandwidth . . . . . . . . . . . . . . . . . . . . . . . 1214 area virtual-link transmit-delay . capability opaque clear ip ospf . . . . . . . . . . . . .
PAGE 53
2CSNXXX_SWUM200.book Page 53 Tuesday, December 10, 2013 1:22 PM ip ospf dead-interval . . . . . . . . . . . . . . . . . . 1228 ip ospf hello-interval. . . . . . . . . . . . . . . . . . 1228 . . . . . . . . . . . . . . . . . . . 1229 . . . . . . . . . . . . . . . . . . . . 1230 . . . . . . . . . . . . . . . . . . . . . 1231 ip ospf mtu-ignore ip ospf network ip ospf priority ip ospf retransmit-interval . ip ospf transmit-delay . . . . . . . . . . . . . . 1232 . . . . . . . . . . . . . . . .
PAGE 54
2CSNXXX_SWUM200.book Page 54 Tuesday, December 10, 2013 1:22 PM show ip ospf abr . . . . . . . . . . . . . . . . . . . . 1251 show ip ospf area . . . . . . . . . . . . . . . . . . . 1252 show ip ospf asbr . . . . . . . . . . . . . . . . . . . 1254 show ip ospf database . . . . . . . . . . . . . . . . . show ip ospf database database-summary . show ip ospf interface . 1254 . . . . . 1257 . . . . . . . . . . . . . . . . 1259 show ip ospf interface brief . . . . . . . . . . . . . .
PAGE 55
2CSNXXX_SWUM200.book Page 55 Tuesday, December 10, 2013 1:22 PM area nssa default-info-originate (Router OSPFv3 Config) 1280 area nssa no-redistribute area nssa no-summary . . . . . . . . . . . . . . . . 1281 . . . . . . . . . . . . . . . . 1282 area nssa translator-role . . . . . . . . . . . . . . . area nssa translator-stab-intv . . . . . . . . . . . . . 1284 . . . . . . . . . . . . . 1285 . . . . . . . . . . . . . . . . . . . . . . . 1286 area range (Router OSPFv3) . area stub .
PAGE 56
2CSNXXX_SWUM200.book Page 56 Tuesday, December 10, 2013 1:22 PM ipv6 ospf cost . . . . . . . . . . . . . . . . . . . . . 1299 ipv6 ospf dead-interval . . . . . . . . . . . . . . . . 1300 ipv6 ospf hello-interval . . . . . . . . . . . . . . . . 1300 . . . . . . . . . . . . . . . . . 1301 ipv6 ospf network . . . . . . . . . . . . . . . . . . . 1302 ipv6 ospf priority . . . . . . . . . . . . . . . . . . . . 1303 ipv6 ospf mtu-ignore . ipv6 ospf retransmit-interval . . . . . . . . . . . . .
PAGE 57
2CSNXXX_SWUM200.book Page 57 Tuesday, December 10, 2013 1:22 PM show ipv6 ospf asbr . . . . . . . . . . . . . . . . . . show ipv6 ospf border-routers. show ipv6 ospf database . . . . . . . . . . . . 1319 . . . . . . . . . . . . . . . 1320 show ipv6 ospf database database-summary . show ipv6 ospf interface 1319 . . . . 1322 . . . . . . . . . . . . . . . 1323 show ipv6 ospf interface brief . . . . . . . . . . . . . 1324 show ipv6 ospf interface stats. . . . . . . . . . . . .
PAGE 58
2CSNXXX_SWUM200.book Page 58 Tuesday, December 10, 2013 1:22 PM show ip irdp . . . . . . . . . . . . . . . . . . . . . . 1339 62 Routing Information Protocol Commands 1341 Commands in this Chapter . auto-summary . . . . . . . . . . . . . . 1341 . . . . . . . . . . . . . . . . . . . . . 1341 default-information originate (Router RIP Configuration) 1342 default-metric distance rip . . . . . . . . . . . . . . . . . . . . . 1343 . . . . . . . . . . . . . . . . . . . . . .
PAGE 59
2CSNXXX_SWUM200.book Page 59 Tuesday, December 10, 2013 1:22 PM 63 Tunnel Interface Commands Commands in this Chapter . interface tunnel 1357 . . . . . . . . . . . . . . 1357 . . . . . . . . . . . . . . . . . . . . 1358 show interfaces tunnel tunnel destination . . . . . . . . . . . . . . . . 1358 . . . . . . . . . . . . . . . . . . . 1359 tunnel mode ipv6ip . tunnel source . . . . . . . . . . . . . . . . . . . . . . . . . . 1360 . . . . . . . . . . . . . . . . . . . . .
PAGE 60
2CSNXXX_SWUM200.book Page 60 Tuesday, December 10, 2013 1:22 PM vrrp priority. . . . . . . . . . . . . . . . . . . . . . . vrrp timers advertise . vrrp timers learn . . . . . . . . . . . . . . . . . . 1372 . . . . . . . . . . . . . . . . . . . 1373 vrrp track interface . . . . . . . . . . . . . . . . . . 1374 . . . . . . . . . . . . . . . . . . . 1375 . . . . . . . . . . . . . . . . . . . . . . . 1376 vrrp track ip route show vrrp 1372 show vrrp interface . . . . . . . . . . . . . . . . .
PAGE 61
2CSNXXX_SWUM200.book Page 61 Tuesday, December 10, 2013 1:22 PM show auto-copy-sw show boot . . . . . . . . . . . . . . . . . . 1393 . . . . . . . . . . . . . . . . . . . . . . . 1393 67 Captive Portal Commands Commands in this Chapter . 1395 . . . . . . . . . . . . . . . . 1397 . . . . . . . . . . . . . . . . . . . . . 1397 . . . . . . . . . . . . . . . . . . . . . . . . . 1398 captive-portal http port . . . . . . . . . . . . . . . . . . . . . . . . https port . . . . . . . . . . . . . .
PAGE 62
2CSNXXX_SWUM200.book Page 62 Tuesday, December 10, 2013 1:22 PM session-timeout verification . . . . . . . . . . . . . . . . . . . . . 1408 . . . . . . . . . . . . . . . . . . . . . . 1409 captive-portal client deauthenticate show captive-portal client status . . . . . . . . . . 1410 . . . . . . . . . . 1410 show captive-portal configuration client status show captive-portal interface client status . . . 1411 . . . . . 1412 show captive-portal interface configuration status . 1413 . . . .
PAGE 63
2CSNXXX_SWUM200.book Page 63 Tuesday, December 10, 2013 1:22 PM user group name . . . . . . . . . . . . . . . . . . . . 68 CLI Macro Commands Commands in this Chapter . macro name . . . . . . . . . . . . . 1425 1427 . . . . . . . . . . . . . . 1428 . . . . . . . . . . . . . . . . . . . . . . 1428 macro global apply . . . . . . . . . . . . . . . . . . 1429 macro global trace . . . . . . . . . . . . . . . . . . . 1430 macro global description . . . . . . . . . . . . . . .
PAGE 64
2CSNXXX_SWUM200.book Page 64 Tuesday, December 10, 2013 1:22 PM sntp broadcast client enable . . . . . . . . . . . . . 1441 . . . . . . . . . . . . . . . . . 1441 . . . . . . . . . . . . . . . . . . . . . . 1442 sntp client poll timer . sntp server . sntp trusted-key . . . . . . . . . . . . . . . . . . . . sntp unicast client enable . . . . . . . . . . . . . . . clock timezone hours-offset . no clock timezone 1444 . . . . . . . . . . . . . 1444 . . . . . . . . . . . . . . . . . . .
PAGE 65
2CSNXXX_SWUM200.book Page 65 Tuesday, December 10, 2013 1:22 PM 71 Configuration and Image File Commands 1457 File System Commands . . . . . . . . . . . . . . . . Command Line Interface Scripting 1457 . . . . . . . . . . 1457 . . . . . . . . . . . . . . 1457 boot system . . . . . . . . . . . . . . . . . . . . . . 1458 clear config . . . . . . . . . . . . . . . . . . . . . . 1459 . . . . . . . . . . . . . . . . . . . . . . . . . . 1460 Commands in this Chapter . copy delete . . . . . . .
PAGE 66
2CSNXXX_SWUM200.book Page 66 Tuesday, December 10, 2013 1:22 PM 72 Denial of Service Commands Commands in this Chapter . . . . . . . . 1477 . . . . . . . . . . . . . . 1478 . . . . . . . . . . . . . . . . . . 1479 dos-control icmp . . . . . . . . . . . . . . . . . . . . 1479 dos-control l4port . . . . . . . . . . . . . . . . . . . 1480 dos-control sipdip . . . . . . . . . . . . . . . . . . . 1481 dos-control tcpflag . . . . . . . . . . . . . . . . . . 1482 dos-control tcpfrag . . . . .
PAGE 67
2CSNXXX_SWUM200.book Page 67 Tuesday, December 10, 2013 1:22 PM show line . speed . . . . . . . . . . . . . . . . . . . . . . . . 1492 . . . . . . . . . . . . . . . . . . . . . . . . . 1493 74 Management ACL Commands Commands in this Chapter . deny (management) . . . . . . . . . . . . . . . . . . . . . 1495 . . . . . . . . . . . . . . . . . . 1496 management access-class . . . . . . . . . . . . . . 1497 . . . . . . . . . . . . . . . 1498 . . . . . . . . . . . . . . . . .
PAGE 68
2CSNXXX_SWUM200.book Page 68 Tuesday, December 10, 2013 1:22 PM passwords min-length . . . . . . . . . . . . . . . . . passwords strength-check . . . . . . . . . . . . . . 1508 1509 passwords strength minimum uppercase-letters . . . 1510 passwords strength minimum lowercase-letters . . . 1510 passwords strength minimum numeric-characters passwords strength minimum special-characters . 1511 . .
PAGE 69
2CSNXXX_SWUM200.book Page 69 Tuesday, December 10, 2013 1:22 PM power inline . . . . . . . . . . . . . . . . . . . . . . power inline detection . . . . . . . . . . . . . . . . power inline high-power power inline limit 1527 . . . . . . . . . . . . . . . . . . . 1528 . . . . . . . . . . . . . . power inline powered-device . power inline reset . 1533 . . . . . . . . . . . . . . . . . 1533 . . . . . . . . . . . . . . . . . . 1534 power inline usage-threshold . . . . . . . . . . . . . 1535 .
PAGE 70
2CSNXXX_SWUM200.book Page 70 Tuesday, December 10, 2013 1:22 PM show rmon events . . . . . . . . . . . . . . . . . . . 1549 show rmon hcalarm . . . . . . . . . . . . . . . . . . 1550 show rmon history . . . . . . . . . . . . . . . . . . . 1551 . . . . . . . . . . . . . . . . . . . . 1554 show rmon log . show rmon statistics. . . . . . . . . . . . . . . . . . 79 SDM Templates Commands . Commands in this Chapter . sdm prefer . . . . . . . . 1555 1559 . . . . . . . . . . . . . . 1559 . . .
PAGE 71
2CSNXXX_SWUM200.book Page 71 Tuesday, December 10, 2013 1:22 PM debug ip dvmrp . debug ip igmp . . . . . . . . . . . . . . . . . . . . 1573 . . . . . . . . . . . . . . . . . . . . . 1573 debug ip mcache . . . . . . . . . . . . . . . . . . . . 1574 debug ip pimdm packet . . . . . . . . . . . . . . . . 1575 debug ip pimsm packet . . . . . . . . . . . . . . . . 1576 . . . . . . . . . . . . . . . . . . . . . 1576 debug ip vrrp . debug ipv6 dhcp . . . . . . . . . . . . . . . . . . . .
PAGE 72
2CSNXXX_SWUM200.book Page 72 Tuesday, December 10, 2013 1:22 PM exception core-file exception dump . . . . . . . . . . . . . . . . . . 1587 . . . . . . . . . . . . . . . . . . . . 1588 exception protocol . . . . . . . . . . . . . . . . . . . exception switch-chip-register . . . . . . . . . . . 1591 . . . . . . . . . . . . . . . . . . . 1591 . . . . . . . . . . . . . . . . . . . . 1592 . . . . . . . . . . . . . . . . . . . . . . . 1593 show debugging .
PAGE 73
2CSNXXX_SWUM200.book Page 73 Tuesday, December 10, 2013 1:22 PM show snmp . . . . . . . . . . . . . . . . . . . . . . . show snmp engineID 1610 . . . . . . . . . . . . . . . . . 1611 show snmp filters . . . . . . . . . . . . . . . . . . . 1611 show snmp group . . . . . . . . . . . . . . . . . . . 1612 . . . . . . . . . . . . . . . . . . . . 1614 show snmp user show snmp views show trapflags . . . . . . . . . . . . . . . . . . . . 1615 . . . . . . . . . . . . . . . . . . . .
PAGE 74
2CSNXXX_SWUM200.book Page 74 Tuesday, December 10, 2013 1:22 PM cryptho key generate dsa crypto key generate rsa . . . . . . . . . . . . . . . 1635 . . . . . . . . . . . . . . . . 1636 crypto key pubkey-chain ssh . . . . . . . . . . . . . crypto key zeroize pubkey-chain . . . . . . . . . . . 1638 . . . . . . . . . . . . . . 1638 . . . . . . . . . . . . . . . . . . . . . . . 1639 crypto key zeroize {rsa|dsa} ip ssh port ip ssh pubkey-auth . . . . . . . . . . . . . . . . . . . 1640 . . . .
PAGE 75
2CSNXXX_SWUM200.book Page 75 Tuesday, December 10, 2013 1:22 PM logging . . . . . . . . . . . . . . . . . . . . . . . . . logging audit . . . . . . . . . . . . . . . . . . . . . . 1652 1654 logging buffered . . . . . . . . . . . . . . . . . . . . 1655 logging console . . . . . . . . . . . . . . . . . . . . 1656 logging facility . . . . . . . . . . . . . . . . . . . . . 1657 . . . . . . . . . . . . . . . . . . . . . . 1658 logging file . logging monitor logging on . . . . . . . . . . . . .
PAGE 76
2CSNXXX_SWUM200.book Page 76 Tuesday, December 10, 2013 1:22 PM banner motd acknowledge . . . . . . . . . . . . . . 1673 clear checkpoint statistics . . . . . . . . . . . . . . 1675 clear counters stack-ports . . . . . . . . . . . . . . . 1676 . . . . . . . . . . . . . . . . . . . . . . . . 1676 connect . cut-through mode . . . . . . . . . . . . . . . . . . . 1678 . . . . . . . . . . . . . . . . . . . . . . 1678 . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 77
2CSNXXX_SWUM200.book Page 77 Tuesday, December 10, 2013 1:22 PM set description . slot . . . . . . . . . . . . . . . . . . . . 1693 . . . . . . . . . . . . . . . . . . . . . . . . . . . 1694 show banner . . . . . . . . . . . . . . . . . . . . . . show checkpoint statistics 1696 . . . . . . . . . . . . . . 1697 show cut-through mode . . . . . . . . . . . . . . . . 1698 show hardware profile . . . . . . . . . . . . . . . . 1698 show idprom interface interface-id . . . . . . . . . .
PAGE 78
2CSNXXX_SWUM200.book Page 78 Tuesday, December 10, 2013 1:22 PM show system id . . . . . . . . . . . . . . . . . . . . show system power . . . . . . . . . . . . . . . . . . show system temperature . 1726 . . . . . . . . . . . . . . . . . . 1727 . . . . . . . . . . . . . . . . . . . . . . 1729 show version . stack 1725 . . . . . . . . . . . . . . show tech-support . show users . 1724 . . . . . . . . . . . . . . . . . . . . . 1730 . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 79
2CSNXXX_SWUM200.book Page 79 Tuesday, December 10, 2013 1:22 PM 87 Terminal Length Commands terminal length . . . . . . . . . . . . . . . . . . . . . 88 Time Ranges Commands time-range . . . . . . . . . . . . . . . . . . . 1749 1749 1751 . . . . . . . . . . . . . . . . . . . . . . . 1751 absolute . . . . . . . . . . . . . . . . . . . . . . . . 1752 periodic . . . . . . . . . . . . . . . . . . . . . . . . 1753 show time-range . . . . . . . . . . . . . . . . . . . .
PAGE 80
2CSNXXX_SWUM200.book Page 80 Tuesday, December 10, 2013 1:22 PM end . . . . . . . . . . . . . . . . . . . . . . . . . . . 1766 exit . . . . . . . . . . . . . . . . . . . . . . . . . . . 1767 quit . . . . . . . . . . . . . . . . . . . . . . . . . . . 1768 91 Web Server Commands . Web Sessions . . . . . . . . . . . . . . . . . . . . . Commands in this Chapter . 1769 1769 . . . . . . . . . . . . . . 1770 . . . . . . . . . . . . . . . . . . . . 1770 . . . . . . . . . . . . . . . . . . . . . .
PAGE 81
2CSNXXX_SWUM200.book Page 81 Tuesday, December 10, 2013 1:22 PM show ip http server status . . . . . . . . . . . . . . . show ip http server secure status . state 1782 . . . . . . . . . . 1783 . . . . . . . . . . . . . . . . . . . . . . . . . . 1784 A Appendix A: List of Commands . . . . . .
PAGE 82
2CSNXXX_SWUM200.
PAGE 83
2CSNXXX_SWUM200.book Page 83 Tuesday, December 10, 2013 1:22 PM 1 Command Groups Dell Networking N2000/N3000/N4000 Series Switches Introduction The Command Line Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, the user has greater configuration flexibility. The CLI is a basic command-line interpreter similar to the UNIX C shell.
PAGE 84
2CSNXXX_SWUM200.book Page 84 Tuesday, December 10, 2013 1:22 PM Table 1-1. System Command Groups (continued) Command Group Description Administrative Profiles Commands Group commands into a profile and assign a profile to a user upon authentication. Administrative Profiles Configures and displays ACL information. Address Table Configures bridging address tables. Auto-VoIP Configures Auto VoIP for IP phones on a switch. CDP Interoperability Configures Cisco® Discovery Protocol (CDP).
PAGE 85
2CSNXXX_SWUM200.book Page 85 Tuesday, December 10, 2013 1:22 PM Table 1-1. System Command Groups (continued) Command Group Description QoS Configures and displays QoS information. Radius Configures and displays RADIUS information. Spanning Tree Configures and reports on Spanning Tree protocol. TACACS+ Configures and displays TACACS+ information. VLAN Configures VLANs and displays VLAN information. Voice VLAN Configures voice VLANs and displays voice VLAN information. 802.
PAGE 86
2CSNXXX_SWUM200.book Page 86 Tuesday, December 10, 2013 1:22 PM Table 1-1. System Command Groups (continued) Command Group Description Router Discovery Protocol Manages router discovery operations. (IPv4) Routing Information Protocol (IPv4) Configures RIP activities. Tunnel Interface (IPv6) Managing tunneling operations. Virtual Router Redundancy (IPv4) Controls virtual LAN routing. Virtual Router Redundancy (IPv4) Manages router redundancy on the system.
PAGE 87
2CSNXXX_SWUM200.book Page 87 Tuesday, December 10, 2013 1:22 PM Table 1-1. System Command Groups (continued) Command Group Description SNMP Configures SNMP communities, traps and displays SNMP information. SSH Configures SSH authentication. Syslog Manages and displays syslog messages. System Management Configures the switch clock, name and authorized users. Telnet Server Configures Telnet service on the switch and displays Telnet information.
PAGE 88
2CSNXXX_SWUM200.
PAGE 89
2CSNXXX_SWUM200.book Page 89 Tuesday, December 10, 2013 1:22 PM • v6DP — IPv6 DHCP Pool Configuration Layer 2 Commands AAA Command Description Modea aaa authentication dot1x default Specifies an authentication method for 802.1x clients. GC aaa authentication enable Defines authentication method lists for accessing higher privilege levels. GC aaa authentication login Defines login authentication.
PAGE 90
2CSNXXX_SWUM200.book Page 90 Tuesday, December 10, 2013 1:22 PM Command Description Modea show authentication methods Shows information about authentication methods. PE show users accounts Displays information about the local user database. PE show users login-history Displays information about login histories of users. PE username Establishes a username-based authentication GC system. Optionally allows the specification of an Administrative Profile for a local user.
PAGE 91
2CSNXXX_SWUM200.book Page 91 Tuesday, December 10, 2013 1:22 PM ACL Command Description Modea ip access-list Creates an Access Control List (ACL) that is identified by the parameter accesslistnumber. GC deny | permit (IP ACL) The deny command denies traffic if the ML conditions defined in the deny statement are matched. The permit command allows traffic if the conditions defined in the permit statement are matched. ip access-group Attaches a specified access-control list to an interface.
PAGE 92
2CSNXXX_SWUM200.book Page 92 Tuesday, December 10, 2013 1:22 PM Address Table Command Description Modea clear mac address-table Removes any learned entries from the forwarding database. PE mac address-table agingtime Sets the address table aging time. GC mac address-table multicast Forbids adding a specific multicast address to forbidden address specific ports.
PAGE 93
2CSNXXX_SWUM200.book Page 93 Tuesday, December 10, 2013 1:22 PM Command Description Modea show ports security Displays the port-lock status. PE show ports security addresses Displays current dynamic addresses in locked ports. PE a. For the meaning of each Mode abbreviation, see Mode Typeson page 87. Auto-VoIP Command Modea Description switchport voice detect auto Enables the VoIP Profile on all the interfaces of GC or the switch. IC show switchport voice a.
PAGE 94
2CSNXXX_SWUM200.book Page 94 Tuesday, December 10, 2013 1:22 PM Command Description Modea show isdp traffic Displays ISDP statistics. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 87. DHCP L2 Relay Command Description Modea dhcp l2relay (Global Configuration) Enables the Layer 2 DHCP Relay agent for an interface or globally. GC or IC dhcp l2relay circuit-id Enables user to set the DHCP Option 82 Circuit ID for a VLAN.
PAGE 95
2CSNXXX_SWUM200.book Page 95 Tuesday, December 10, 2013 1:22 PM DHCP Snooping Command Description Modea clear ip dhcp snooping binding Clears all DHCP Snooping entries. PE clear ip dhcp snooping statistics Clears all DHCP Snooping statistics. PE ip dhcp snooping Enables DHCP snooping globally or on a specific VLAN. GC or IC ip dhcp snooping binding Configures a static DHCP Snooping binding. GC ip dhcp snooping database Configures the persistent location of the DHCP GC snooping database.
PAGE 96
2CSNXXX_SWUM200.book Page 96 Tuesday, December 10, 2013 1:22 PM Dynamic ARP Inspection Command Description Modea arp access-list Creates an ARP ACL. GC clear ip arp inspection statistics Resets the statistics for Dynamic ARP Inspection on all VLANs. PE ip arp inspection filter Configures the ARP ACL to be used for a single GC VLAN or a range of VLANs to filter invalid ARP packets. ip arp inspection limit Configures the rate limit and burst interval values for an interface.
PAGE 97
2CSNXXX_SWUM200.book Page 97 Tuesday, December 10, 2013 1:22 PM E-mail Alerting Command Description Modea logging email Enables e-mail alerting and sets the lowest severity level for which log messages are emailed. GC logging email urgent Sets the lowest severity level at which log messages are e-mailed in an urgent manner. GC logging traps Sets the lowest severity level at which SNMP traps are logged. GC logging email message-type Configures the To address field of the e-mail.
PAGE 98
2CSNXXX_SWUM200.book Page 98 Tuesday, December 10, 2013 1:22 PM Modea Command Description show mail-server Displays the configuration of all the mail servers PE or a particular mail server. a. For the meaning of each Mode abbreviation, see Mode Types on page 87. Ethernet Configuration Command Description Modea clear counters Clears statistics on an interface. PE description Adds a description to an interface. IC flowcontrol receive Configures the flow control on a given interface.
PAGE 99
2CSNXXX_SWUM200.book Page 99 Tuesday, December 10, 2013 1:22 PM Modea Command Description show interfaces detail Displays the detail for all configured interfaces. UE show interfaces status Displays the status for all configured interfaces. UE show interfaces transceiver Display the optic static parameters as well PE as the Dell qualification. show monitor capture Displays captured packets transmitted or received from the CPU.
PAGE 100
2CSNXXX_SWUM200.book Page 100 Tuesday, December 10, 2013 1:22 PM Ethernet CFM Modea Command Description ethernet cfm domain Enters into maintenance domain Configuration GC mode for an existing domain. Use the optional level parameter to create a domain and enter into maintenance domain Configuration mode. service Associates a VLAN with a maintenance domain.
PAGE 101
2CSNXXX_SWUM200.book Page 101 Tuesday, December 10, 2013 1:22 PM Green Ethernet Command Description Modea green-mode energy-detect Enables a Dell proprietary mode of power reduction on ports that are not connected to another interface. IC green-mode eee Enables EEE low power idle mode on an interface or all the interfaces.
PAGE 102
2CSNXXX_SWUM200.book Page 102 Tuesday, December 10, 2013 1:22 PM Command Description Modea garp timer Adjusts the GARP application join, leave, and leaveall GARP timer values. IC gvrp enable (global) Enables GVRP globally. GC gvrp enable (interface) Enables GVRP on an interface. IC gvrp registration-forbid Deregisters all VLANs, and prevents dynamic VLAN registration on the port. IC gvrp vlan-creation-forbid Enables or disables dynamic VLAN creation.
PAGE 103
2CSNXXX_SWUM200.book Page 103 Tuesday, December 10, 2013 1:22 PM Command Description Modea ip igmp snooping vlan lastmember-query-interval Sets the IGMP Maximum Response time on a particular VLAN. VC ip igmp snooping vlan mcrtrexpiretime Sets the Multicast Router Present Expiration time. VC ip igmp snooping reportsuppression Enables IGMP report suppression on a specific VLAN. GC ip igmp snooping unregistered floodall Enables flooding of unregistered multicast traffic to all ports in the VLAN.
PAGE 104
2CSNXXX_SWUM200.book Page 104 Tuesday, December 10, 2013 1:22 PM IP Addressing Command Description Modea clear host Deletes entries from the host name-to-address cache. PE clear ip address-conflictdetect Clears the address conflict detection status in the switch. PE ip address (Out-of-Band) Sets an IP address for the out-of-band interface.
PAGE 105
2CSNXXX_SWUM200.book Page 105 Tuesday, December 10, 2013 1:22 PM Modea Command Description show hosts Displays the default domain name, a list of UE name server hosts, static and cached list of host names and addresses. show ip address-conflict Displays the status information corresponding to the last detected address conflict. UE or PE show ip helper-address Displays the ip helper addresses configuration.
PAGE 106
2CSNXXX_SWUM200.book Page 106 Tuesday, December 10, 2013 1:22 PM Command Description Modea ipv6 mld snooping vlan groupmembership-interval Sets the MLD Group Membership Interval time on a VLAN or interface. VC ipv6 mld snooping vlan last- Sets the MLD Maximum Response time for an IC or listener-query-interval interface or VLAN. VC ipv6 mld snooping listenermessage-suppression Enables MLD listener message suppression on a GC specific VLAN.
PAGE 107
2CSNXXX_SWUM200.book Page 107 Tuesday, December 10, 2013 1:22 PM IP Source Guard Command Description Modea ip verify source Enables IP Source Guard on an interface. IC ip verify source port-security Enables IP Source Guard using both the IP address and MAC address as filtering criteria. IC ip verify binding Configures IPSG static bindings. GC show ip verify Displays IPSG interface configuration. PE show ip verify source Displays the bindings configured on a particular PE interface.
PAGE 108
2CSNXXX_SWUM200.book Page 108 Tuesday, December 10, 2013 1:22 PM Modea Command Description link-dependency group Enters the link-dependency mode to configure GC a link-dependency group. add Adds member gigabit Ethernet port(s) to the dependency list. LD depends-on Adds the dependent Ethernet ports or port channels list. LD show link-dependency Shows the link dependencies configured on a particular group. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 87.
PAGE 109
2CSNXXX_SWUM200.book Page 109 Tuesday, December 10, 2013 1:22 PM Modea Command Description lldp transmit-tlv Specifies which optional TLVs in the 802.1AB IC basic management set will be transmitted in the LLDPDUs. show lldp Displays the current LLDP configuration summary. PE show lldp interface Displays the current LLDP interface state. PE show lldp local-device Displays the LLDP local data. PE show lldp med Displays a summary of the current LLDP MED PE configuration.
PAGE 110
2CSNXXX_SWUM200.book Page 110 Tuesday, December 10, 2013 1:22 PM Modea Command Description peer-keepalive destination Enables the Dual Control Plane Detection MD Protocol with the configured IP address of the peer MLAG, the local source address and the peer timeout value. peer-keepalive enable Enables the peer keep-alive protocol. MD role priority Configures the priority value used on a switch for primary/secondary role selection. MD show vpc Displays information about an MLAG.
PAGE 111
2CSNXXX_SWUM200.book Page 111 Tuesday, December 10, 2013 1:22 PM Multicast VLAN Registration Command Description Modea mvr Enables MVR. GC or IC mvr group Adds an MVR membership group. GC mvr mode Changes the MVR mode type. GC mvr querytime Sets the MVR query response time. GC mvr vlan Sets the MVR multicast VLAN. GC mvr immediate Enables MVR Immediate Leave mode. IC mvr type Sets the MVR port type. IC mvr vlan group Use to participate in the specific MVR group.
PAGE 112
2CSNXXX_SWUM200.book Page 112 Tuesday, December 10, 2013 1:22 PM Command Description Modea lacp port-priority Configures the priority value for physical ports. IC lacp system-priority Configures the system LACP priority. GC lacp timeout Assigns an administrative LACP timeout. IC port-channel min-links Sets the minimum number of links that must IC be up in order for the port channel interface to be declared up. show interfaces portchannel Displays port-channel information.
PAGE 113
2CSNXXX_SWUM200.book Page 113 Tuesday, December 10, 2013 1:22 PM Modea Command Description class-map Defines a new DiffServ class of type match-all, GC match-any, or match-access-group. For now, only match-all is available in the CLI. class-map rename Changes the name of a DiffServ class. GC classofservice dot1pmapping Maps an 802.1p priority to an internal traffic class for a switch. GC or IC classofservice ip-dscpmapping Maps an IP DSCP value to an internal traffic class.
PAGE 114
2CSNXXX_SWUM200.book Page 114 Tuesday, December 10, 2013 1:22 PM Command Description Modea match class-map Adds add to the specified class definition the set of match conditions defined for another class. CMC match cos Adds to the specified class definition a match condition for the Class of Service value. CMC match destination-address mac Adds to the specified class definition a match condition based on the destination MAC address of a packet.
PAGE 115
2CSNXXX_SWUM200.book Page 115 Tuesday, December 10, 2013 1:22 PM Modea Command Description match source-address mac Adds to the specified class definition a match CMC condition based on the source MAC address of the packet. match srcip Adds to the specified class definition a match condition based on the source IP address of a packet. match srcip6 Adds to the specified class definition a match v6CMC condition based on the source IPv6 address of a packet.
PAGE 116
2CSNXXX_SWUM200.book Page 116 Tuesday, December 10, 2013 1:22 PM Modea Command Description redirect Specifies that all incoming packets for the PCMC associated traffic stream are redirected to a specific egress interface (physical port or portchannel). service-policy Attaches a policy to an interface in a particular GC or direction. IC show class-map Displays all configuration information for the specified class. show classofservice dot1pmapping Displays the current Dot1p (802.
PAGE 117
2CSNXXX_SWUM200.book Page 117 Tuesday, December 10, 2013 1:22 PM Command Description Modea traffic-shape Specifies the maximum transmission bandwidth limit for the interface as a whole. GC or IC vlan priority Assigns a default VLAN priority tag for untagged frames ingressing an interface. IC a. For the meaning of each Mode abbreviation, see Mode Types on page 87.
PAGE 118
2CSNXXX_SWUM200.book Page 118 Tuesday, December 10, 2013 1:22 PM Modea Command Description priority Specifies the order in which the servers are to be R used, with 0 being the highest priority. radius-server attribute 4 Sets the network access server (NAS) IP address GC for the RADIUS server. radius-server deadtime Improves RADIUS response times when servers GC are unavailable. Causes the unavailable servers to be skipped. radius-server host Specifies a RADIUS server host.
PAGE 119
2CSNXXX_SWUM200.book Page 119 Tuesday, December 10, 2013 1:22 PM Command Description Modea usage Specifies the usage type of the server. R a. For the meaning of each Mode abbreviation, see Mode Types on page 87. Spanning Tree Command Description Modea clear spanning-tree detected-protocols Restarts the protocol migration process on all interfaces or on the specified interface. PE exit (mst) Exits the MST configuration mode and applies MC configuration changes.
PAGE 120
2CSNXXX_SWUM200.book Page 120 Tuesday, December 10, 2013 1:22 PM Command Description Modea spanning-tree cost Configures the spanning tree path cost for a port. IC spanning-tree disable Disables spanning tree on a specific port. IC spanning-tree forward-time Configures the spanning tree bridge forward time. GC spanning-tree guard Selects whether loop guard or root guard is enabled on an interface. IC spanning-tree loopguard Enables loop guard on all ports.
PAGE 121
2CSNXXX_SWUM200.book Page 121 Tuesday, December 10, 2013 1:22 PM Command Modea Description spanning-tree transmit hold- Set the maximum number of BPDUs that a count bridge is allowed to send within a hello time window (2 seconds). GC spanning-tree uplinkfast Configures the rate at which gratuitous frames are sent after a switchover to an alternate port and enables Direct Rapid Convergence. GC spanning-tree vlan Enables per VLAN spanning tree on a VLAN.
PAGE 122
2CSNXXX_SWUM200.book Page 122 Tuesday, December 10, 2013 1:22 PM Command Description Modea show tacacs Displays TACACS+ server settings and statistics. PE tacacs-server host Specifies a TACACS+ server host. GC tacacs-server key Sets the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ daemon. GC tacacs-server key Sets the authentication and encryption key for GC all communication between the switch and the TACACS serve.
PAGE 123
2CSNXXX_SWUM200.book Page 123 Tuesday, December 10, 2013 1:22 PM Command Description Modea show dvlan-tunnel Displays all interfaces enabled for Double VLAN Tunneling. PE show dvlan-tunnel interface Displays detailed information about Double VLAN Tunneling for the specified interface. PE show interfaces switchport PE, Displays switchport configuration. IC show port protocol Displays the Protocol-Based VLAN information PE for either the entire system or for the indicated group.
PAGE 124
2CSNXXX_SWUM200.book Page 124 Tuesday, December 10, 2013 1:22 PM Command Description Modea switchport mode privatevlan Defines a private VLAN association for an isolated or community port or a mapping for a promiscuous port. IC switchport private-vlan Defines a private-VLAN association for an isolated or community port or a mapping for a promiscuous port. IC switchport trunk Adds or removes VLANs from a trunk port. IC vlan Configures a VLAN.
PAGE 125
2CSNXXX_SWUM200.book Page 125 Tuesday, December 10, 2013 1:22 PM a. For the meaning of each Mode abbreviation, see Mode Types on page 87. 802.1x Command Description Modea dot1x dynamic-vlan enable Enables the capability of creating VLANs dynamically when a RADIUS-assigned VLAN does not exist in the switch. GC dot1x initialize Begins the initialization sequence on the specified port. PE dot1x mac-auth-bypass Enables MAB on an interface.
PAGE 126
2CSNXXX_SWUM200.book Page 126 Tuesday, December 10, 2013 1:22 PM Modea Command Description dot1x timeout servertimeout Sets the number of seconds the switch waits for IC a response from the authentication server before resending the request. dot1x timeout tx-period Sets the number of seconds the switch waits for IC a response to an EAP-request/identify frame from the client before resending the request. authentication enable Enables the Authentication Manager.
PAGE 127
2CSNXXX_SWUM200.book Page 127 Tuesday, December 10, 2013 1:22 PM Command Description Modea show dot1x interface statistics Displays 802.1X statistics for the specified interface. PE show dot1x users Displays active 802.1X authenticated users for the switch. PE clear dot1x authentication–history Clears the authentication history table captured PE during successful and unsuccessful authentication. dot1x guest-vlan Sets the guest VLAN on a port.
PAGE 128
2CSNXXX_SWUM200.book Page 128 Tuesday, December 10, 2013 1:22 PM Command Modea Description clear arp-cache management Removes all entries from the ARP cache learned PE from the management port. ip local-proxy-arp Enables proxying of ARP requests. IC ip proxy-arp Enables proxy ARP on a router interface. IC show arp Displays the Address Resolution Protocol (ARP) PE cache. show arp brief Displays the brief Address Resolution Protocol (ARP) table information. a.
PAGE 129
2CSNXXX_SWUM200.book Page 129 Tuesday, December 10, 2013 1:22 PM Command Description Modea host Specifies a manual binding for a DHCP client host. DP ip dhcp bootp automatic Enables automatic BOOTP address assignments. GC ip dhcp conflict logging Enables DHCP address conflict detection. GC ip dhcp excluded-address Excludes one or more DHCP addresses from automatic assignment.
PAGE 130
2CSNXXX_SWUM200.book Page 130 Tuesday, December 10, 2013 1:22 PM Command Modea Description show ip dhcp server statistics Displays the DHCP server binding and message PE counters. a. For the meaning of each Mode abbreviation, see Mode Types on page 87. DHCPv6 Modea Command Description clear ipv6 dhcp Clears DHCPv6 statistics for all interfaces or for PE a specific interface.
PAGE 131
2CSNXXX_SWUM200.book Page 131 Tuesday, December 10, 2013 1:22 PM DHCPv6 Snooping Command Description Modea clear ipv6 dhcp snooping binding Clears all IPv6 DHCP snooping entries. UE or PE clear ipv6 dhcp snooping statistics Clears all IPv6 DHCP snooping statistics. UE or PE ipv6 dhcp snooping Globally enables IPv6 DHCP snooping. GC ipv6 dhcp snooping vlan Enables IPv6 DHCP snooping on a set of VLANs. GC ipv6 dhcp snooping binding Configures a static IPv6 DHCP snooping binding.
PAGE 132
2CSNXXX_SWUM200.book Page 132 Tuesday, December 10, 2013 1:22 PM Command Description Modea show ipv6 dhcp snooping database Displays IPv6 DHCP snooping configurations related to database persistency. UE or PE show ipv6 dhcp snooping statistics Displays IPv6 DHCP snooping filtration statistics. UE or PE show ipv6 source binding Displays the IPv6 source guard configurations on all ports, an individual port, or on a VLAN.
PAGE 133
2CSNXXX_SWUM200.book Page 133 Tuesday, December 10, 2013 1:22 PM GMRP Command Description Modea gmrp enable Enables GMRP globally or on a port. GC or IC show gmrp configuration Displays GMRP configuration. GC or IC a. For the meaning of each Mode abbreviation, see Mode Types on page 87. IGMP Command Description Modea ip igmp last-member-querycount Sets the number of Group-Specific Queries sent before the router assumes that there are no local members on the interface.
PAGE 134
2CSNXXX_SWUM200.book Page 134 Tuesday, December 10, 2013 1:22 PM Modea Command Description show ip igmp groups Displays the registered multicast groups on the PE interface. show ip igmp interface Displays the IGMP information for the specified interface. PE show ip igmp membership Displays the list of interfaces that have registered in the multicast group. PE show ip igmp interface stats Displays the IGMP statistical information for the interface. PE a.
PAGE 135
2CSNXXX_SWUM200.book Page 135 Tuesday, December 10, 2013 1:22 PM Modea Command Description bootpdhcprelay minwaittime Configures the minimum wait time in seconds GC for BootP/DHCP Relay on the system. clear ip helper statistics Resets (to 0) the statistics displayed in show ip PE helper statistics. ip dhcp relay information check Enables DHCP Relay to check that the relay agent information option in forwarded BOOTREPLY messages is valid.
PAGE 136
2CSNXXX_SWUM200.book Page 136 Tuesday, December 10, 2013 1:22 PM IP Routing Modea Command Description encapsulation Configures the link layer encapsulation type for IC the packet. ip address Configures an IP address on an interface. IC ip netdirbcast Enables the forwarding of network-directed IC ip policy route-map Applies a route map on an interface. IC ip route Configures a static route. Use the no form of the command to delete the static route.
PAGE 137
2CSNXXX_SWUM200.book Page 137 Tuesday, December 10, 2013 1:22 PM Modea Command Description show ip interface Displays all pertinent information about the IP PE interface. show ip policy Displays the route maps used for policy based routing on the router interfaces. show ip protocols Displays the parameters and current state of the PE active routing protocols. show ip route Displays the routing table. PE show ip route preferences Displays detailed information about the route preferences.
PAGE 138
2CSNXXX_SWUM200.book Page 138 Tuesday, December 10, 2013 1:22 PM Modea Command Description ipv6 enable Enables IPv6 routing on an interface IC (including tunnel and loopback interfaces) that has not been configured with an explicit IPv6 address. ipv6 hop-limit Configures the hop limit used in IPv6 PDUs GC originated by the router. ipv6 host Defines static host name-to- ipv6 address mapping in the host cache.
PAGE 139
2CSNXXX_SWUM200.book Page 139 Tuesday, December 10, 2013 1:22 PM Command Description Modea ipv6 nd other-config-flag Sets the other stateful configuration flag in router advertisements sent from the interface. IC ipv6 nd prefix Sets the IPv6 prefixes to include in the router IC advertisement. ipv6 nd ra-interval Sets the transmission interval between router IC advertisements.
PAGE 140
2CSNXXX_SWUM200.book Page 140 Tuesday, December 10, 2013 1:22 PM Modea Command Description show ipv6 mld groups Displays information about multicast groups PE that MLD reported. show ipv6 mld interface Displays MLD related information for an interface. PE show ipv6 mld host-proxy Displays a summary of the host interface status parameters. PE show ipv6 mld host-proxy groups Displays information about multicast groups PE that the MLD Proxy reported.
PAGE 141
2CSNXXX_SWUM200.book Page 141 Tuesday, December 10, 2013 1:22 PM Command Description Modea show interfaces loopback Displays information about configured loopback interfaces. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 87. Multicast Command Description Modea ip mcast boundary Adds an administrative scope multicast boundary. IC ip mroute Creates a static multicast route for a source range.
PAGE 142
2CSNXXX_SWUM200.book Page 142 Tuesday, December 10, 2013 1:22 PM Command Description Modea ip pim rp-candidate Configures the router to advertise itself to the bootstrap router (BSR) as a PIM candidate rendezvous point (RP) for a specific multicast group range. IC ip pim sparse-mode Administratively configures PIM sparse mode for IP multicast routing. GC ip pim ssm Administratively configures PIM Source GC Specific Multicast (SSM) range of addresses for IP multicast routing.
PAGE 143
2CSNXXX_SWUM200.book Page 143 Tuesday, December 10, 2013 1:22 PM Modea Command Description show ip pim rp mapping Displays the mappings for the PIM group to the UE or active rendezvous points (RPs). PE a. For the meaning of each Mode abbreviation, see Mode Types on page 87. IPv6 Multicast Command Description Modea ipv6 pim (VLAN Interface config) Administratively enables PIM-SM multicast routing mode on a particular IPv6 router interface.
PAGE 144
2CSNXXX_SWUM200.book Page 144 Tuesday, December 10, 2013 1:22 PM Command Description Modea show ipv6 pim Displays global status of IPv6 PIMSM and its IPv6 routing interfaces. PE or GC show ipv6 pim bsr-router Display the bootstrap router (BSR) information. UE, PE, or GC show ipv6 pim interface Displays interface config parameters. PE or GC show ipv6 pim neighbor Displays IPv6 PIMSM neighbors learned on the PE or routing interfaces.
PAGE 145
2CSNXXX_SWUM200.book Page 145 Tuesday, December 10, 2013 1:22 PM Command Modea Description area range (Router OSPF) Creates a specified area range for a specified NSSA. ROSPF area stub Creates a stub area for the specified area ID. ROSPF area stub no-summary Prevents Summary LSAs from being advertised into the NSSA. ROSPF area virtual-link Creates the OSPF virtual interface for the specified area-id and neighbor router.
PAGE 146
2CSNXXX_SWUM200.book Page 146 Tuesday, December 10, 2013 1:22 PM Command Description Modea distance ospf Sets the route preference value of OSPF in the router. ROSPF distribute-list out Specifies the access list to filter routes received from the source protocol. ROSPF enable Resets the default administrative mode of OSPF ROSPF in the router (active). exit-overflow-interval Configures the exit overflow interval for OSPF. ROSPF external-lsdb-limit Configures the external LSDB limit for OSPF.
PAGE 147
2CSNXXX_SWUM200.book Page 147 Tuesday, December 10, 2013 1:22 PM Command Description Modea nsf helper strict-lsachecking Set an OSPF helpful neighbor exit helper mode whenever a topology change occurs. ROSPF nsf restart-interval Configures the length of the grace period on the ROSPF restarting router. network area Enables OSPFv2 on an interface and sets its area ROSPF ID if the IP address of an interface is covered by this network command.
PAGE 148
2CSNXXX_SWUM200.book Page 148 Tuesday, December 10, 2013 1:22 PM Command Description Modea show ip ospf interface brief Displays brief information for the IFO object or virtual interface tables. PE show ip ospf interface stats Displays the statistics for a specific interface. PE show ip ospf neighbor Displays information about OSPF neighbors. PE show ip ospf range Displays information about the area ranges for the specified area-id.
PAGE 149
2CSNXXX_SWUM200.book Page 149 Tuesday, December 10, 2013 1:22 PM Command Description Modea area nssa no-redistribute Configures the NSSA ABR so that learned external routes will not be redistributed to the NSSA. ROSV3 area nssa no-summary Configures the NSSA so that summary LSAs are ROSV3 not advertised into the NSSA. area nssa translator-role Configures the translator role of the NSSA. area nssa translator-stabintv Configures the translator stability interval of the ROSV3 NSSA.
PAGE 150
2CSNXXX_SWUM200.book Page 150 Tuesday, December 10, 2013 1:22 PM Modea Command Description enable Resets the default administrative mode of OSPF ROSV3 in the router (active). exit-overflow-interval Configures the exit overflow interval for OSPF. ROSV3 external-lsdb-limit Configures the external LSDB limit for OSPF. ROSV3 ipv6 ospf Enables OSPF on a router interface or loopback interface. IC ipv6 ospf area Sets the OSPF area to which the specified router IC interface belongs.
PAGE 151
2CSNXXX_SWUM200.book Page 151 Tuesday, December 10, 2013 1:22 PM Modea Command Description nsf restart-interval Configures the length of the grace period on the ROSV3 restarting router. passive-interface Sets the interface or tunnel as passive. passive-interface default Enables the global passive mode by default for all ROSV3 interfaces. redistribute Configures the OSPFv3 protocol to allow ROSV3 redistribution of routes from the specified source protocol/routers.
PAGE 152
2CSNXXX_SWUM200.book Page 152 Tuesday, December 10, 2013 1:22 PM Command Description Modea show ipv6 ospf neighbor Displays information about OSPF neighbors. PE show ipv6 ospf range Displays information about the area ranges for the specified area identifier. PE show ipv6 ospf stub table Displays the OSPF stub table. PE show ipv6 ospf virtuallinks Displays the OSPF Virtual Interface information PE for a specific area and neighbor.
PAGE 153
2CSNXXX_SWUM200.book Page 153 Tuesday, December 10, 2013 1:22 PM Routing Information Protocol Command Description Modea auto-summary Enables the RIP auto-summarization mode. RIP default-information originate (Router RIP Configuration) Controls the advertisement of default routes. RIP default-metric Sets a default for the metric of distributed routes. RIP distance rip Sets the route preference value of RIP in the router.
PAGE 154
2CSNXXX_SWUM200.book Page 154 Tuesday, December 10, 2013 1:22 PM a. For the meaning of each Mode abbreviation, see Mode Types on page 87. Tunnel Interface Modea Command Description interface tunnel Enables the interface configuration mode for a GC tunnel. show interfaces tunnel Displays the parameters related to tunnel such as tunnel mode, tunnel source address and tunnel destination address. PE tunnel destination Specifies the destination transport address of the tunnel.
PAGE 155
2CSNXXX_SWUM200.book Page 155 Tuesday, December 10, 2013 1:22 PM Command Description Modea vrrp mode Enables the virtual router configured on an interface. Enabling the status field starts a virtual router. IC vrrp preempt Sets the preemption mode value for the virtual IC router configured on a specified interface. vrrp priority Sets the priority value for the virtual router configured on a specified interface.
PAGE 156
2CSNXXX_SWUM200.book Page 156 Tuesday, December 10, 2013 1:22 PM Utility Commands Auto-Install Command Description Modea boot auto-copy-sw Enables or disables Stack Firmware Synchronization. GC boot auto-copy-sw allowdowngrade Enables downgrading the firmware version on GC the stack member if the firmware version on the manager is older than the firmware version on the member.
PAGE 157
2CSNXXX_SWUM200.book Page 157 Tuesday, December 10, 2013 1:22 PM Command Description Modea https port Configures an additional HTTPS port for captive portal to monitor. CP show captive-portal Displays the status of captive portal. PE show captive-portal status Reports the status of all captive portal instances PE in the system. block Blocks all traffic for a captive portal configuration. CPI configuration Enables the captive portal instance mode.
PAGE 158
2CSNXXX_SWUM200.book Page 158 Tuesday, December 10, 2013 1:22 PM Modea Command Description show captive-portal configuration client status Displays the clients authenticated to all captive PE portal configurations or a to specific configuration. show captive-portal interface client status Displays information about clients authenticated on all interfaces or a specific interface.
PAGE 159
2CSNXXX_SWUM200.book Page 159 Tuesday, December 10, 2013 1:22 PM Command Description Modea user group Creates a user group. CP user group moveusers Moves a group's users to a different group. CP user group name Configures a group name. CP a. For the meaning of each Mode abbreviation, see Mode Types on page 87. CLI Macro Command Description Modea macro name Creates a user-defined macro. GC macro global apply Use to apply a macro. GC macro global trace Applies and traces a macro.
PAGE 160
2CSNXXX_SWUM200.book Page 160 Tuesday, December 10, 2013 1:22 PM Command Description Modea sntp server Configures the SNTP server to use SNTP to request and accept NTP traffic from it. GC sntp trusted-key Authenticates the identity of a system to which GC Simple Network Time Protocol (SNTP) will synchronize. sntp unicast client enable Enables clients to use Simple Network Time Protocol (SNTP) predefined Unicast clients.
PAGE 161
2CSNXXX_SWUM200.book Page 161 Tuesday, December 10, 2013 1:22 PM Command Description Modea delete Deletes a file from a flash memory. PE delete backup-image Deletes a file from a flash memory device. PE delete backup-config Deletes the backup configuration file. PE delete startup-config Deletes the startup configuration file. PE dir Prints the contents of the flash file system. PE erase Erases the startup configuration, the backup configuration, or the backup image.
PAGE 162
2CSNXXX_SWUM200.book Page 162 Tuesday, December 10, 2013 1:22 PM Command Description Modea dos-control tcpfrag Enables TCP Fragment Denial of Service protection. GC ip icmp echo-reply Enables or disables the generation of ICMP Echo GC Reply messages. ip icmp error-interval Limits the rate at which IPv4 ICMP error messages are sent. GC ip unreachables Enables the generation of ICMP Destination Unreachable messages. IC ip redirects Enables the generation of ICMP Redirect messages.
PAGE 163
2CSNXXX_SWUM200.book Page 163 Tuesday, December 10, 2013 1:22 PM Management ACL Command Description Modea deny (management) Defines a deny rule. MA management access-class Defines which management access-list is used. GC management access-list Defines a management access-list, and enters the access-list for configuration. GC permit (management) Defines a permit rule. MA show management accessclass Displays the active management access-list.
PAGE 164
2CSNXXX_SWUM200.book Page 164 Tuesday, December 10, 2013 1:22 PM Command Description Modea passwords strength minimum lowercase-letters Enforces a minimum number of lowercase letters that a password must contain. GC passwords strength minimum numericcharacters Enforces a minimum number of numeric numbers that a password should contain. GC passwords strength Enforces a minimum number of special minimum special-characters characters that a password may contain.
PAGE 165
2CSNXXX_SWUM200.book Page 165 Tuesday, December 10, 2013 1:22 PM Command Description Modea test copper-port tdr Diagnoses with TDR (Time Domain Reflectometry) technology the quality and characteristics of a copper cable attached to a port. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 87. Power Over Ethernet (PoE) Command Description Modea power inline Enables/disables the ability of the port to deliver power.
PAGE 166
2CSNXXX_SWUM200.book Page 166 Tuesday, December 10, 2013 1:22 PM RMON Command Description Modea rmon alarm Configures alarm conditions. GC rmon collection history Enables a Remote Monitoring (RMON) MIB history statistics group on an interface. IC rmon event Configures an RMON event. GC rmon hcalarm Configures high capacity alarms. GC show rmon alarm Displays alarm configurations. UE show rmon alarms Displays the alarms summary table.
PAGE 167
2CSNXXX_SWUM200.book Page 167 Tuesday, December 10, 2013 1:22 PM Serviceability Tracing Command Description Modea debug arp Enables tracing of ARP packets. PE debug auto-voip Enables Auto VOIP debug messages. PE debug clear Disables all debug traces. PE debug console Enables the display of debug trace output on the login session in which it is executed. PE debug dot1ag Enable the tracing of CFM components for events and CFM PDUs based on the type of packet for reception and transmission.
PAGE 168
2CSNXXX_SWUM200.book Page 168 Tuesday, December 10, 2013 1:22 PM Command Description Modea debug ipv6 pimdm Traces PIMDMv6 packet reception and transmission. PE debug ipv6 pimsm Traces PIMSMv6 packet reception and transmission. PE debug isdp Traces ISDP packet reception and transmission. PE debug lacp Traces of LACP packets received and transmitted by the switch. PE debug mldsnooping Traces MLD snooping packet reception and transmission.
PAGE 169
2CSNXXX_SWUM200.book Page 169 Tuesday, December 10, 2013 1:22 PM sFlow Command Description Modea sflow destination Configures sFlow collector parameters (owner string, receiver timeout, ip address, and port). GC sflow polling Enables a new sflow poller instance for the data GC source if rcvr_idx is valid. sflow polling (Interface Mode) Enable a new sflow poller instance for this data IC source if rcvr_idx is valid.
PAGE 170
2CSNXXX_SWUM200.book Page 170 Tuesday, December 10, 2013 1:22 PM Command Description Modea snmp-server community Sets up the community access string to permit access to SNMP protocol. GC snmp-server communitygroup Maps SNMP v1 and v2 security models to the group name. GC snmp-server contact Sets up a system contact (sysContact) string. GC snmp-server enable traps Enables SNMP traps globally or enables specific GC SNMP traps.
PAGE 171
2CSNXXX_SWUM200.book Page 171 Tuesday, December 10, 2013 1:22 PM Command Modea Description crypto key zeroize {rsa|dsa} Deletes the RSA or DSA keys from the GC switch. ip ssh port Specifies the port to be used by the SSH server. GC ip ssh pubkey-auth Enables public key authentication for incoming GC SSH sessions. ip ssh server Enables the switch to be configured from a SSH GC server connection. key-string Manually specifies a SSH public key.
PAGE 172
2CSNXXX_SWUM200.book Page 172 Tuesday, December 10, 2013 1:22 PM Modea Command Description logging console Limits messages logged to the console based on GC severity. logging facility Configures the facility to be used in log messages. GC logging file Limits syslog messages sent to the logging file based on severity. GC logging on Controls error messages logging. GC logging protocol Logs messages in RFC5424 format. GC logging snmp Enables SNMP Set command logging.
PAGE 173
2CSNXXX_SWUM200.book Page 173 Tuesday, December 10, 2013 1:22 PM Command Description Modea clear checkpoint statistics Clears the statistics for the checkpointing process. GC clear counters stackports Clears the statistics for all stack-ports. PE connect Connects to the serial console of a different stack member. PE cut-through mode Enables the cut-through mode on the switch. GC exec-banner Enables exec banner on the console, telnet or SSH connection.
PAGE 174
2CSNXXX_SWUM200.book Page 174 Tuesday, December 10, 2013 1:22 PM Command Description Modea slot Configures a slot in the system. GC show banner Displays banner information. PE show checkpoint statistics Displays the statistics for the checkpointing process. PE show cut-through mode Show the cut-through mode on the switch. PE show idprom interface interface-id Displays the optics EEPRM contents in a user- UE or PE readable format.
PAGE 175
2CSNXXX_SWUM200.book Page 175 Tuesday, December 10, 2013 1:22 PM Command Description Modea show system id Displays the service ID information. UE show system power Displays information about the system level power consumption. UE or PE show system temperature Displays information about the system temperature and fan status. UE or PE show tech-support Displays system and configuration information PE (for debugging/calls to technical support).
PAGE 176
2CSNXXX_SWUM200.book Page 176 Tuesday, December 10, 2013 1:22 PM Modea Command Description show ip telnet Displays the status of the Telnet server and the PE Telnet TCP port number. a. For the meaning of each Mode abbreviation, see Mode Types on page 87. Terminal Length Command Description Modea terminal length Sets the terminal length. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 87.
PAGE 177
2CSNXXX_SWUM200.book Page 177 Tuesday, December 10, 2013 1:22 PM User Interface Command Description Modea enable Enters the privileged EXEC mode. UE end Gets the CLI user control back to the privileged Any execution mode or user execution mode. exit Exits any configuration mode to the previously (All) highest mode in the CLI mode hierarchy. exit (EXEC) Closes an active terminal session by logging off UE the switch. quit Closes an active terminal session by logging off UE the switch. a.
PAGE 178
2CSNXXX_SWUM200.book Page 178 Tuesday, December 10, 2013 1:22 PM Command Description Modea key-generate Specifies the key-generate. CC location Specifies the location or city name. CC organization-unit Specifies the organization-unit or department name. CC show crypto certificate mycertificate Displays the SSL certificates of your switch. PE show ip http server status Displays the HTTP server status information.
PAGE 179
2CSNXXX_SWUM200.book Page 179 Tuesday, December 10, 2013 1:22 PM 2 Using the CLI Dell Networking N2000/N3000/N4000 Series Switches Introduction This chapter describes the basics of entering and editing the Dell Networking N2000/N3000/N4000 Series Command Line Interface (CLI) commands and defines the command hierarchy. It also explains how to activate the CLI and implement its major functions.
PAGE 180
2CSNXXX_SWUM200.book Page 180 Tuesday, December 10, 2013 1:22 PM Two instances where the help information can be displayed are: • Keyword lookup — The key is entered in place of a command. A list of all valid commands and corresponding help messages is displayed. • Partial keyword lookup — A command is incomplete and the key is entered in place of a parameter. The matched parameters for this command are displayed.
PAGE 181
2CSNXXX_SWUM200.book Page 181 Tuesday, December 10, 2013 1:22 PM Table 2-1. History Buffer Keyword Source or Destination Up-arrow key Recalls commands in the history buffer, beginning with the most recent command. Repeats the key sequence to recall successively older commands. +
Down-arrow key + Returns to more recent commands in the history buffer after recalling commands with the up-arrow key. Repeating the key sequence recalls more recent commands in succession.
PAGE 182
2CSNXXX_SWUM200.
PAGE 183
2CSNXXX_SWUM200.book Page 183 Tuesday, December 10, 2013 1:22 PM Table 2-2. CLI Shortcuts Keyboard Key Description Delete previous character + Go to beginning of line + Go to end of line + Go forward one character + Go backward one character + Delete current character + Delete to beginning of line + Delete to the end of the line.
PAGE 184
2CSNXXX_SWUM200.book Page 184 Tuesday, December 10, 2013 1:22 PM Operating on Multiple Objects (Range) The CLI allows the user to operate on the set of objects at the same time. The guidelines are as follows for range operation: • Operations on objects with four or more instances support the range operation, unless noted otherwise in the specific command documentation. • The range key word is used to identify the range of objects on which to operate.
PAGE 185
2CSNXXX_SWUM200.book Page 185 Tuesday, December 10, 2013 1:22 PM • Some parameters must be configured individually for each port or interface. Command Scripting The CLI can be used as a programmable management interface. To facilitate this function, any characters entered after the character are treated as a comment and ignored by the CLI. Also, the CLI allows the user to disable session timeouts.
PAGE 186
2CSNXXX_SWUM200.book Page 186 Tuesday, December 10, 2013 1:22 PM Table 2-3. CLI Command Notation Conventions Convention Description [] In a command line, square brackets indicate an optional entry. {} In a command line inclusive brackets indicate a selection of compulsory parameters separated by the | character. One option must be selected. For example: flowcontrol {auto | on | off} means that for the flowcontrol command either auto, on or off must be selected. Italic Indicates a variable.
PAGE 187
2CSNXXX_SWUM200.book Page 187 Tuesday, December 10, 2013 1:22 PM • Port # — The port number is an integer number assigned to the physical port on the switch and corresponds to the lexan printed next to the port on the front or back panel. Ports are numbered from 1 to the maximum number of ports available on the switch, typically 24 or 48. Within this document, the tag interface–id refers to an interface identifier that follows the naming convention above. Table 2-4.
PAGE 188
2CSNXXX_SWUM200.book Page 188 Tuesday, December 10, 2013 1:22 PM Port Channel Interfaces Port-channel (or LAG) interfaces are represented in the CLI by the variable port-channel-number., which can assume values from 1-128 on most Dell Networking switches. When listed in command line output, port channel interfaces are preceded by the characters Po. Tunnel Interfaces Tunnel interfaces are represented in the CLI by the variable tunnel-id, which can assume values from 0–7.
PAGE 189
2CSNXXX_SWUM200.book Page 189 Tuesday, December 10, 2013 1:22 PM console(config-if-Gi1/0/23)#show slot 2/0 Slot.............................. Slot Status....................... Admin State....................... Power State....................... Configured Card: Model Identifier............... Card Description............... Pluggable.........................
PAGE 190
2CSNXXX_SWUM200.book Page 190 Tuesday, December 10, 2013 1:22 PM CLI Command Modes Since the set of CLI commands is very large, the CLI is structured as a command-tree hierarchy, where related command sets are assigned to command modes for easier access. At each level, only the commands related to that level are available to the user and only those commands are shown in the context sensitive help for that level. In this guide, commands are organized into three categories: • Layer 2 (IEEE 802.
PAGE 191
2CSNXXX_SWUM200.book Page 191 Tuesday, December 10, 2013 1:22 PM The Privileged EXEC mode provides access to commands that can not be executed in the User EXEC mode and permits access to the switch Configuration mode. The Global Configuration mode manages switch configuration on a global level. For specific interface configurations, command modes exist at a sublevel. Entering a at the system prompt displays a list of commands available for that particular command mode.
PAGE 192
2CSNXXX_SWUM200.book Page 192 Tuesday, December 10, 2013 1:22 PM console(config)# The following are the Global Configuration modes: • SNMP v3 Host Configuration — Configures the parameters for the SNMP v3 server host. • SNMP Community Configuration — Configures the parameters for the SNMP server community. Preconfiguration Nearly all switch features support a preconfiguration capability, even when the feature is not enabled or the required hardware is not present.
PAGE 193
2CSNXXX_SWUM200.book Page 193 Tuesday, December 10, 2013 1:22 PM • Router OSPFv3 Configuration — Global configuration mode command ipv6 router ospf is used to enter into the Router OSPFv3 Configuration mode. • IPv6 DHCP Pool Mode — Global configuration mode command ipv6 dhcp pool is used to enter into the IPv6 DHCP Pool mode. • Management Access List — Contains commands to define management access administration lists.
PAGE 194
2CSNXXX_SWUM200.book Page 194 Tuesday, December 10, 2013 1:22 PM • SSH Public Key-chain — Contains commands to manually specify other switch SSH public keys. The Global Configuration mode command crypto key pub-key chain ssh is used to enter the SSH Public Key-chain configuration mode. • SSH Public Key-string — Contains commands to manually specify the SSH Public-key of a remote SSH Client.
PAGE 195
2CSNXXX_SWUM200.book Page 195 Tuesday, December 10, 2013 1:22 PM For example, if the current configuration mode is config-if and the object being operated on is gigabit ethernet 1 on unit 1, the prompt displays the object type and unit (for example, 1/0/1). [# | >] — The # sign is used to indicate that the system is in the Privileged EXEC mode. The > symbol indicates that the system is in the User EXEC mode, which is a read-only mode in which the system does not allow configuration.
PAGE 196
2CSNXXX_SWUM200.book Page 196 Tuesday, December 10, 2013 1:22 PM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Line Interface From Global Configuration mode, use the line command. console(config-line)# To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode. Management Access-List From Global Configuration mode, use the management access-list command.
PAGE 197
2CSNXXX_SWUM200.book Page 197 Tuesday, December 10, 2013 1:22 PM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method MAC Access List From Global Configuration mode, use the mac access-list command. Command Prompt Exit or Access Previous Mode console(config-mac-accesslist)# To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode.
PAGE 198
2CSNXXX_SWUM200.book Page 198 Tuesday, December 10, 2013 1:22 PM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Radius From Global Configuration mode, use the radius-server host command. console(Config-authradius)# To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode. SNMP Host Configuration From Global Configuration mode, use the snmp-server command.
PAGE 199
2CSNXXX_SWUM200.book Page 199 Tuesday, December 10, 2013 1:22 PM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Crypto Certificate Generation From Global Configuration mode, use the crypto certificate number generate command. console(config-crypto-cert)# To exit to Global Crypto Certificate Request From Privileged EXEC mode, use the crypto certificate number request command.
PAGE 200
2CSNXXX_SWUM200.book Page 200 Tuesday, December 10, 2013 1:22 PM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode MST From Global Configuration mode, use the spanning-tree mst configuration command. console(config-mst)# To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode. VLAN Config From Global Configuration mode, use the vlan command.
PAGE 201
2CSNXXX_SWUM200.book Page 201 Tuesday, December 10, 2013 1:22 PM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Router OSPFv3 Config console(config-rtr)# From Global Configuration mode, use the ipv6 router ospf command.
PAGE 202
2CSNXXX_SWUM200.book Page 202 Tuesday, December 10, 2013 1:22 PM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode 40 Gigabit Ethernet console (config-ifFrom Global Founit/slot/port# Configuration mode, use the interface fortygigabitetherne t command. Or, use the abbreviation interface fo. To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode.
PAGE 203
2CSNXXX_SWUM200.book Page 203 Tuesday, December 10, 2013 1:22 PM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Loopback console(configFrom Global configuration mode, loopbackloopback-id)# use the interface loopback command. Or, use the abbreviation interface lo. To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode.
PAGE 204
2CSNXXX_SWUM200.book Page 204 Tuesday, December 10, 2013 1:22 PM Configuration Management All managed systems have software images and databases that must be configured, backed up and restored. Two software images may be stored on the system, but only one of them is active. The other one is a backup image. The same is true for configuration files, which store the configuration parameters for the switch. The system has three configuration files.
PAGE 205
2CSNXXX_SWUM200.book Page 205 Tuesday, December 10, 2013 1:22 PM Refer to the copy command description on page 1460 in the Layer 2 commands section of the guide for command details. Referencing External/Internal File systems Configuration or software images are copied to or retrieved from remote file systems using the TFTP protocol. • tftp://server-name/path/filename — identifies a file on a remote file system accessible through the server-name.
PAGE 206
2CSNXXX_SWUM200.book Page 206 Tuesday, December 10, 2013 1:22 PM Management Interface Security This section describes the minimum set of management interface security measures implemented by the CLI. Management interface security consists of user account management, user access control and remote network/host access controls. CLI through Telnet, SSH, Serial Interfaces The CLI is accessible through a local serial interface/console port, the out-ofband interface, or in-band interfaces.
PAGE 207
2CSNXXX_SWUM200.book Page 207 Tuesday, December 10, 2013 1:22 PM • The user password is saved internally in encrypted format and never appears in clear text anywhere on the CLI. • The CLI supports TACACS+ and Radius authentication servers. • The CLI allows the user to configure primary and secondary authentication servers. If the primary authentication server fails to respond within a configurable period, the CLI automatically tries the secondary authentication server.
PAGE 208
2CSNXXX_SWUM200.book Page 208 Tuesday, December 10, 2013 1:22 PM • If authentication servers are used, the user can identify at least two remote servers (the user may choose to configure only one server) and what protocol to use with the server, TACACS+ or Radius. One of the servers is primary and the other is the secondary server (the user is not required to specify a secondary server).
PAGE 209
2CSNXXX_SWUM200.book Page 209 Tuesday, December 10, 2013 1:22 PM The security log record contains the following information: • The user name, if available, or the protocol being accessed if the event is related to a remote management system. • The IP address from which the user is connecting or the IP address of the remote management system. • A description of the security event. • A timestamp of the event If syslog is available, the CLI sends security records to the syslog server.
PAGE 210
2CSNXXX_SWUM200.book Page 210 Tuesday, December 10, 2013 1:22 PM the user to press either or any other key. If the user presses any key except , the CLI shows the next page. A key stops the display and returns to the CLI prompt. Boot Message The boot message is a system message that is not user-configurable and is displayed when the system is booting. To start the normal booting process, select item 1 in the Boot Menu. The following is a sample log for booting information.
PAGE 211
2CSNXXX_SWUM200.book Page 211 Tuesday, December 10, 2013 1:22 PM Boot Utility Menu If a user is connected through the serial interface during the boot sequence, the operator is presented with the option to enter the Boot Utility Menu during the boot sequence. Selecting item 2 displays the menu and may be typed only during the initial boot up sequence. Select startup option within 5 seconds, else Operational Code will start automatically...
PAGE 212
2CSNXXX_SWUM200.book Page 212 Tuesday, December 10, 2013 1:22 PM Bringing up eth0 interface...done. Adding default gateway 10.27.20.1 to the Routing Table...done. Bringing down eth0 interface...done. Erasing /dev/mtd6!!! Erasing 128 Kibyte @ 17e0000 -- 99 % complete. Updating code file...
PAGE 213
2CSNXXX_SWUM200.book Page 213 Tuesday, December 10, 2013 1:22 PM Enter Choice# 11 Current Active Image# /dev/mtd7 Checking for valid back-up image at /dev/mtd6...done. Activating Back-Up Image /dev/mtd6...done. Code Update Instructions Found! Back-Up Image on /dev/mtd6 Activated -- System Reboot Recommended! Reboot? (Y/N): Enter Choice# 12 Starting Operational Code for Password Recovery... active = /dev/mtd6 Extracting Operational Code from .stk file...done. Loading Operational Code...done.
PAGE 214
2CSNXXX_SWUM200.book Page 214 Tuesday, December 10, 2013 1:22 PM Thank you for using the Dell Easy Setup Wizard. You will now enter CLI mode. usbMount took 1 milliseconds Applying Interface configuration, please wait ... Monitoring Traps from CLI It is possible to connect to the CLI session and monitor the events or faults that are being sent as traps from the system. This feature is equivalent to the alarm-monitoring window in a typical network management system.
PAGE 215
2CSNXXX_SWUM200.book Page 215 Tuesday, December 10, 2013 1:22 PM Layer 2 Switching Commands 3 The chapters that follow describe commands that conform to the OSI model data link layer (Layer 2). Layer 2 commands provide a logical organization for transmitting data bits on a particular medium. This layer defines the framing, addressing, and checksum functions for Ethernet packets.
PAGE 216
2CSNXXX_SWUM200.
PAGE 217
2CSNXXX_SWUM200.book Page 217 Tuesday, December 10, 2013 1:22 PM 4 AAA Commands Dell Networking N2000/N3000/N4000 Series Switches Management access to the switch is via telnet, HTTP, SSH, or the serial console (SNMP access is discussed in SNMP Commands). To ensure that only authorized users can access and change the configuration of the switch, users must be authenticated.
PAGE 218
2CSNXXX_SWUM200.book Page 218 Tuesday, December 10, 2013 1:22 PM support the concept of time-out, subsequent entries in the list are never attempted. For example, the local authentication method implementation does not supply a time-out value. If a list contains the local method, followed by the RADIUS authentication method, the RADIUS method is not attempted.
PAGE 219
2CSNXXX_SWUM200.book Page 219 Tuesday, December 10, 2013 1:22 PM Accounting Method Lists An Accounting Method List (AML) is an ordered list of accounting methods that can be applied to the accounting types (exec or commands). Accounting Method Lists are identified by the default keyword or by a user-defined name. TACACS+ and RADIUS are supported as accounting methods. TACACS+ accounts all accounting types. RADIUS only accounts exec sessions.
PAGE 220
2CSNXXX_SWUM200.
PAGE 221
2CSNXXX_SWUM200.book Page 221 Tuesday, December 10, 2013 1:22 PM Example The following example configures 802.1x authentication to use no authentication. Absent any other configuration, this command allows all 802.1x users to pass traffic through the switch. console(config)# aaa authentication dot1x default none The following example configures 802.1x authentication to use a RADIUS server. A RADIUS server must be configured using the radius-server host auth command for the radius method to succeed.
PAGE 222
2CSNXXX_SWUM200.book Page 222 Tuesday, December 10, 2013 1:22 PM Default Configuration The default enable list is enableList. It is used by console, telnet, and SSH and only contains the method none. Command Mode Global Configuration mode User Guidelines The default and optional list names created with the aaa authentication enable command are used with the enable authentication command.
PAGE 223
2CSNXXX_SWUM200.book Page 223 Tuesday, December 10, 2013 1:22 PM aaa authentication login Use the aaa authentication login command in Global Configuration mode to set the authentication method required for user at login. To return to the default configuration, use the no form of this command. Syntax aaa authentication login {default | list-name} method1 [method2...
PAGE 224
2CSNXXX_SWUM200.book Page 224 Tuesday, December 10, 2013 1:22 PM User Guidelines The default and optional list names created with the aaa authentication login command are used with the login authentication command. Create a list by entering the aaa authentication login list-name method command for a particular protocol, where list-name is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries, in the given sequence.
PAGE 225
2CSNXXX_SWUM200.book Page 225 Tuesday, December 10, 2013 1:22 PM • exec—Provides EXEC authorization. All methods are supported. • commands—Performs authorization of user commands. Only none and TACACs methods are supported. • network—Performs RADIUS authorization. Only the default list is supported. • default—The default list of methods for authorization services.
PAGE 226
2CSNXXX_SWUM200.book Page 226 Tuesday, December 10, 2013 1:22 PM User Guidelines A maximum of five authorization method lists may be created for command types. Command authorization attempts authorization for all EXEC mode commands associated with a privilege level, including global configuration commands. EXEC authorization attempts authorization when a user attempts to enter Privileged EXEC mode.
PAGE 227
2CSNXXX_SWUM200.book Page 227 Tuesday, December 10, 2013 1:22 PM console(config)#aaa authorization exec "qwerty" radius aaa authorization network default radius Use the aaa authorization network default radius command in Global Configuration mode to enable the switch to accept VLAN assignment by the RADIUS server. Syntax aaa authorization network default radius no aaa authorization network default radius Default Configuration By default, the switch does not accept VLAN assignments by the RADIUS server.
PAGE 228
2CSNXXX_SWUM200.book Page 228 Tuesday, December 10, 2013 1:22 PM Syntax aaa ias-user username user no aaa ias-user username user Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines This command has no user guidelines.
PAGE 229
2CSNXXX_SWUM200.book Page 229 Tuesday, December 10, 2013 1:22 PM Example The following example configures the switch to use the new model command set. (config)# aaa new-model clear (IAS) Use the clear aaa ias-users command in Privileged EXEC mode to delete all IAS users. Syntax clear aaa ias-users Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
PAGE 230
2CSNXXX_SWUM200.book Page 230 Tuesday, December 10, 2013 1:22 PM • commands—Perform authorization for each command entered by the user. • exec—Perform EXEC authorization for the user (authorization required to enter privileged EXEC mode). • default—The default list of methods for command authorization (cmdAuthList). • list_name—Character string used to name the list of authorization methods. The list name can consist of any printable character.
PAGE 231
2CSNXXX_SWUM200.book Page 231 Tuesday, December 10, 2013 1:22 PM Syntax enable authentication {default | list-name} no enable authentication • default — Uses the default list created with the aaa authentication enable command. • list-name — Uses the indicated list created with the aaa authentication enable command. (Range: 1-12 characters) Default Configuration Uses the default set with the command aaa authentication enable.
PAGE 232
2CSNXXX_SWUM200.book Page 232 Tuesday, December 10, 2013 1:22 PM • password — Password for this level (Range: 8- 64 characters). The special characters allowed in the password include ! # $ % & ‘ ( ) * + , - . / : ; < = > @ [ \ ] ^ _ ` { | } ~. User names can contain blanks if the name is surrounded by double quotes. • encrypted — Encrypted password entered, copied from another switch configuration. Default Configuration This command has no default configuration.
PAGE 233
2CSNXXX_SWUM200.book Page 233 Tuesday, December 10, 2013 1:22 PM Syntax ip http authentication method1 [method2...] no ip http authentication • method1 [method2...] — Specify at least one from the following table: Keyword Source or destination local Uses the local username database for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication.
PAGE 234
2CSNXXX_SWUM200.book Page 234 Tuesday, December 10, 2013 1:22 PM Syntax ip https authentication method1 [method2...] no ip https authentication • method1 [method2...] — Specify at least one from the following table: Keyword Source or destination local Uses the local username database for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication.
PAGE 235
2CSNXXX_SWUM200.book Page 235 Tuesday, December 10, 2013 1:22 PM login authentication Use the login authentication command in Line Configuration mode to specify the login authentication method list for a line (console, telnet, or SSH). To return to the default specified by the authentication login command, use the no form of this command. Syntax login authentication {default | list-name} no login authentication • default — Uses the default list created with the aaa authentication login command.
PAGE 236
2CSNXXX_SWUM200.book Page 236 Tuesday, December 10, 2013 1:22 PM password (aaa IAS User Configuration) Use the password command in aaa IAS User Configuration mode to configure a password for a user. The password is composed of up to 64 alphanumeric characters. An optional parameter [encrypted] is provided to indicate that the password given to the command is already pre-encrypted. To clear the user’s password, use the no form of this command.
PAGE 237
2CSNXXX_SWUM200.book Page 237 Tuesday, December 10, 2013 1:22 PM password (Line Configuration) Use the password command in Line Configuration mode to specify a password on a line. To remove the password, use the no form of this command. NOTE: For commands that configure password properties, see Password Management Commands on page 1503. Syntax password password [encrypted] no password • password — Password for this level.
PAGE 238
2CSNXXX_SWUM200.book Page 238 Tuesday, December 10, 2013 1:22 PM password (User EXEC) Use the password command in User EXEC mode to allow a currently logged in user to change the password for only that user without having read/write privileges. This command should be used after the password has aged. The user is prompted to enter the old password and the new password. The special characters allowed in the password include ! # $ % & ‘ ( ) * + , - . / : ; < = > @ [ \ ] ^ _ ` { | } ~.
PAGE 239
2CSNXXX_SWUM200.book Page 239 Tuesday, December 10, 2013 1:22 PM Syntax show aaa ias-users Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show aaa ias-users UserName ------------------Client-1 Client-2 show aaa statistics Use the show aaa statistics command in Privileged EXEC mode to display accounting statistics.
PAGE 240
2CSNXXX_SWUM200.
PAGE 241
2CSNXXX_SWUM200.
PAGE 242
2CSNXXX_SWUM200.
PAGE 243
2CSNXXX_SWUM200.book Page 243 Tuesday, December 10, 2013 1:22 PM Parameter Description Lockout Displays the user’s lockout status (True or False). Example The following example displays information about the local user database.
PAGE 244
2CSNXXX_SWUM200.book Page 244 Tuesday, December 10, 2013 1:22 PM Example The following example show user login history outputs. console#show users login-history Login Time Username Protocol -------------------- --------- --------Jan 19 2005 08:23:48 Bob Serial Jan 19 2005 08:29:29 Robert HTTP Jan 19 2005 08:42:31 John SSH Jan 19 2005 08:49:52 Betty Telnet Location ----------172.16.0.8 172.16.0.1 172.16.1.
PAGE 245
2CSNXXX_SWUM200.book Page 245 Tuesday, December 10, 2013 1:22 PM • encrypted—Encrypted password entered, copied from another switch configuration. Password strength checking is not applied to the encrypted string. Default Configuration The default privilege level is 1. Command Mode Global Configuration mode User Guidelines To use the ! character as part of the username or password string, it should be enclosed within quotation marks.
PAGE 246
2CSNXXX_SWUM200.book Page 246 Tuesday, December 10, 2013 1:22 PM Message Type Reason behind the failure Message Description 1 Exceeds Minimum Length of a Password. Password should be in the range of 8-64 characters in length. Set minimum password length to 0 by using the passwords min-length 0 command.
PAGE 247
2CSNXXX_SWUM200.book Page 247 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
PAGE 248
2CSNXXX_SWUM200.
PAGE 249
2CSNXXX_SWUM200.book Page 249 Tuesday, December 10, 2013 1:22 PM 5 Administrative Profiles Commands Dell Networking N2000/N3000/N4000 Series Switches Overview The administrative profiles capability provides the network administrator control over which commands a user is allowed to execute. The administrator is able to group commands into a “profile” and assign a profile to a user upon authentication. This provides more granularity than simply allowing readonly and read-write users.
PAGE 250
2CSNXXX_SWUM200.book Page 250 Tuesday, December 10, 2013 1:22 PM If the successful authentication method does not provide an Administrative Profile for a user, then the user is permitted access based upon the user’s privilege level (as in previous releases). This means that if a user successfully passes enable authentication, the user is permitted access to all commands. This is also true if none of the Administrative Profiles provided are configured on the switch.
PAGE 251
2CSNXXX_SWUM200.book Page 251 Tuesday, December 10, 2013 1:22 PM admin-profile Use the admin-profile command in Global Configuration mode to create an administrative profile. The system-defined administrative profiles cannot be deleted. When creating a profile, the user is placed into Administrative Profile Configuration mode. Use the no form of the command to delete an administrative profile and all its rules.
PAGE 252
2CSNXXX_SWUM200.book Page 252 Tuesday, December 10, 2013 1:22 PM no description • text—A description of, or comment about, the administrative profile. To include white space, enclose the description in quotes. Range: 1 to 128 printable characters. Default Configuration This command has no default configuration. Command Mode Administrative Profile Configuration mode User Guidelines The description string is required to be enclosed in quotes if it contains embedded white space.
PAGE 253
2CSNXXX_SWUM200.book Page 253 Tuesday, December 10, 2013 1:22 PM • mode-name—The name of the CLI mode to which the profile will permit or deny access. Default Configuration This command has no default configuration. Command Mode Administrative Profile Configuration mode User Guidelines This command has no user guidelines.
PAGE 254
2CSNXXX_SWUM200.book Page 254 Tuesday, December 10, 2013 1:22 PM • Profile: network-security • Profile: router-admin • Profile: multicast-admin • Profile: dhcp-admin • Profile: CP-admin • Profile: network-operator. Example console#show admin-profiles name qos Profile: qos Description: This profile allows access to QoS commands.
PAGE 255
2CSNXXX_SWUM200.book Page 255 Tuesday, December 10, 2013 1:22 PM Example console#show admin-profiles brief Profile: Profile: Profile: Profile: Profile: Profile: Profile: network-admin network-security router-admin multicast-admin dhcp-admin CP-admin network-operator show cli modes Use the show cli modes command in Privileged EXEC mode to list the names of all the CLI modes. Syntax show cli modes Default Configuration This command has no default configuration.
PAGE 256
2CSNXXX_SWUM200.
PAGE 257
2CSNXXX_SWUM200.book Page 257 Tuesday, December 10, 2013 1:22 PM 6 ACL Commands Dell Networking N2000/N3000/N4000 Series Switches Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria.
PAGE 258
2CSNXXX_SWUM200.book Page 258 Tuesday, December 10, 2013 1:22 PM classifier rule. The ACL logging feature allows these hardware hit counts to be collected on a per-rule basis and reported periodically to the network administrator using the system logging facility and an SNMP trap. The Dell Networking ACL permit/deny rule specification supports a log parameter that enables hardware hit count collection and reporting.
PAGE 259
2CSNXXX_SWUM200.book Page 259 Tuesday, December 10, 2013 1:22 PM Table 6-1. Common Ethertypes EtherType Protocol 0x0800 Internet Protocol version 4 (IPv4) 0x0806 Address Resolution Protocol (ARP) 0x0842 Wake-on LAN Packet 0x8035 Reverse Address Resolution Protocol (RARP) 0x8100 VLAN tagged frame (IEEE 802.1Q) 0x86DD Internet Protocol version 6 (IPv6) 0x8808 MAC Control 0x8809 Slow Protocols (IEEE 802.3) 0x8870 Jumbo frames 0x888E EAP over LAN (EAPOL – 802.
PAGE 260
2CSNXXX_SWUM200.
PAGE 261
2CSNXXX_SWUM200.book Page 261 Tuesday, December 10, 2013 1:22 PM ACL names are global. An IPv6 access list cannot have the same name as an IPv4 access list. Access list names can consist of any printable character. Names can be up to 31 characters in length. deny | permit (IP ACL) Use this command in Ipv4-Access-List Configuration mode to create a new rule for the current IP access list. Each rule is appended to the list of configured rules for the list.
PAGE 262
2CSNXXX_SWUM200.book Page 262 Tuesday, December 10, 2013 1:22 PM a portkey, which can be one of the following keywords: domain, echo, ftp, ftp-data, http, smtp, snmp, telnet, tftp, and www. Each of these keywords translates into its equivalent destination port number. • • 262 – When “range” is specified, IP ACL rule matches only if the layer 4 port number falls within the specified portrange. The startport and endport parameters identify the first and last ports that are part of the port range.
PAGE 263
2CSNXXX_SWUM200.book Page 263 Tuesday, December 10, 2013 1:22 PM • flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack] [+urg | -urg] [established]—Specifies that the IP/TCP/UDP ACL rule matches on the TCP flags. • • – Ack – Acknowledgement bit – Fin – Finished bit – Psh – push bit – Rst – reset bit – Syn – Synchronize bit – Urg – Urgent bit – When “+” is specified, a match occurs if specified flag is set in the TCP header.
PAGE 264
2CSNXXX_SWUM200.book Page 264 Tuesday, December 10, 2013 1:22 PM • fragments—Specifies the rule matches packets that are non-initial fragments (fragment bit asserted). Not valid for rules that match L4 information such as TCP port number since that information is carried in the initial packet. This keyword is visible only if the protocol is IP, TCP, or UDP. • log—Specifies that this rule is to be logged.
PAGE 265
2CSNXXX_SWUM200.book Page 265 Tuesday, December 10, 2013 1:22 PM subnets. In general, any rule that specifies matching on an upper layer protocol field should also include matching constraints for lower layer protocol fields. For example, a rule to match packets directed to the wellknown UDP port number 22 (SSH) should also include constraints on the IP protocol field (UDP).
PAGE 266
2CSNXXX_SWUM200.book Page 266 Tuesday, December 10, 2013 1:22 PM The rate-limit command is not supported for ACLs configured in egress (out) IPv4 access-groups. Any – is equivalent to 0.0.0.0 255.255.255.255 for IPv4 access lists Host – indicates specified address with mask equal to 255.255.255.255 and address 0.0.0.0 for IPv4. The command accepts the optional time-range parameter. The time-range parameter allows imposing a time limitation on the IP ACL rule as defined by the parameter time-range-name.
PAGE 267
2CSNXXX_SWUM200.book Page 267 Tuesday, December 10, 2013 1:22 PM then the ACL rule is applied when the time-range with a specified name becomes active. The ACL rule is removed when the time-range with a specified name becomes inactive.
PAGE 268
2CSNXXX_SWUM200.book Page 268 Tuesday, December 10, 2013 1:22 PM • interface—Valid physical interface in unit/slot/port format, for example 1/0/12. Default Configuration This command has no default configuration. Command Mode Mac-Access-List Configuration mode User Guidelines The no form of this command is not supported, as the rules within an ACL cannot be deleted individually. Rather the entire ACL must be deleted and respecified.
PAGE 269
2CSNXXX_SWUM200.book Page 269 Tuesday, December 10, 2013 1:22 PM • in — The access list is applied to ingress packets. • out—The access list is applied to egress packets. • control-plane—The access list is applied to egress control plane packets only. This is only available in Global Configuration mode. • seqnum — Precedence for this interface and direction. A lower sequence number has higher precedence. Range: 1 – 4294967295. Default is1.
PAGE 270
2CSNXXX_SWUM200.book Page 270 Tuesday, December 10, 2013 1:22 PM mac access-group Use the mac access-group command in Global Configuration or Interface Configuration mode to attach a specific MAC Access Control List (ACL) to an interface. Syntax mac access-group name [in | out | control-plane] [sequence] no mac access-group name • name — Name of the existing MAC access list. (Range: 1-31 characters) • [in | out | control-plane]— The packet direction. in applies the access-list to ingress packets.
PAGE 271
2CSNXXX_SWUM200.book Page 271 Tuesday, December 10, 2013 1:22 PM This command specified in Interface Configuration mode only affects a single interface. Example This example rate limits multicast traffic ingressing the internal CPU port to 8 kbps and a maximum burst of 4 kilobytes. This affects both unknown multicast data plane traffic as well as control plane traffic.
PAGE 272
2CSNXXX_SWUM200.book Page 272 Tuesday, December 10, 2013 1:22 PM User Guidelines Use this command to create a mac access control list. The CLI mode is changed to Mac-Access-List Configuration when this command is successfully executed. Example The following example creates MAC ACL and enters MAC-Access-ListConfiguration mode.
PAGE 273
2CSNXXX_SWUM200.book Page 273 Tuesday, December 10, 2013 1:22 PM service-acl input Use the service-acl input command in Interface Configuration mode to block Link Local Protocol Filtering (LLPF) protocol(s) on a given port. Use the no form of this command to unblock link-local protocol(s) on a given port. Syntax service-acl input {blockcdp | blockvtp | blockdtp | blockudld | blockpagp | blocksstp | blockall} no service-acl input • blockcdp—To block CDP PDU’s from being forwarded.
PAGE 274
2CSNXXX_SWUM200.book Page 274 Tuesday, December 10, 2013 1:22 PM show service-acl interface This command displays the status of LLPF rules configured on a particular port or on all the ports. Syntax show service-acl interface {interface-id | all} • interface-id—Any physical or logical interface. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration.
PAGE 275
2CSNXXX_SWUM200.book Page 275 Tuesday, December 10, 2013 1:22 PM • in—Show the ingress ACLs. • out—Show the egress ACLs. • control-plane—Show the control plane ACLs. Default Configuration No ACLs are configured by default. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
PAGE 276
2CSNXXX_SWUM200.book Page 276 Tuesday, December 10, 2013 1:22 PM User Guidelines There are no user guidelines for this command. Examples The following example displays IP ACLs configured on a device. console#show ip access-lists ACL Name: ip1 Inbound Interface(s): gi1/0/30 Rule Number: 1 Action......................................... Match All...................................... Protocol....................................... Committed Rate................................. Committed Burst Size.......
PAGE 277
2CSNXXX_SWUM200.book Page 277 Tuesday, December 10, 2013 1:22 PM MAC ACL Name: unkn-multicast Inbound Interface(s): control-plane Rule Number: 1 Action......................................... Source MAC Address............................. Source MAC Mask................................ Committed Rate................................. Committed Burst Size........................... Rule Number: 2 Action......................................... Match All...................................... permit 0100.
PAGE 278
2CSNXXX_SWUM200.
PAGE 279
2CSNXXX_SWUM200.book Page 279 Tuesday, December 10, 2013 1:22 PM Address Table Commands 7 Dell Networking N2000/N3000/N4000 Series Switches Static MAC Filtering allows the administrator to add a number of unicast or multicast MAC addresses directly to the forwarding database. This is typically a small number relative to the total size of the database. Associated with each static MAC address is a set of source ports, a set of destination ports and VLAN information.
PAGE 280
2CSNXXX_SWUM200.
PAGE 281
2CSNXXX_SWUM200.book Page 281 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example In this example, the mac address-table tables are cleared. console#clear mac address-table dynamic mac address-table aging-time Use the mac address-table aging-time command in Global Configuration mode to set the aging time of the address. To restore the default, use the no form of the mac address table aging-time command.
PAGE 282
2CSNXXX_SWUM200.book Page 282 Tuesday, December 10, 2013 1:22 PM console(config)#mac address-table aging-time 400 mac address-table multicast forbidden address Use the mac address-table multicast forbidden address command in Global Configuration mode to forbid adding a specific Multicast address to specific ports. To return to the system default, use the no form of this command. If routers exist on the VLAN, do not change the unregistered multicast addresses state to drop on the routers ports.
PAGE 283
2CSNXXX_SWUM200.book Page 283 Tuesday, December 10, 2013 1:22 PM Examples In this example the MAC address 0100.5e02.0203 is forbidden on port 2/0/9 within VLAN 8. console(config)#mac address-table multicast forbidden address vlan 8 0100.5e02.0203 add gigabitethernet 2/0/9 mac address-table static vlan Use the mac address table static vlan command in Global Configuration mode to add a static MAC-layer station source address to the bridge table.
PAGE 284
2CSNXXX_SWUM200.book Page 284 Tuesday, December 10, 2013 1:22 PM Example The following example adds a permanent static MAC-layer station source address c2f3.220a.12f4 to the MAC address table. console(config)# mac address-table static c2f3.220a.12f4 vlan 4 interface gigabitethernet6/0/1 port security Use the port security command in Interface Configuration mode to disable the learning of new addresses on an interface. To enable new address learning, use the no form of the port security command.
PAGE 285
2CSNXXX_SWUM200.book Page 285 Tuesday, December 10, 2013 1:22 PM console(config)#interface gigabitethernet te1/0/1 console(config-if-Te1/0/1)#port security trap 100 port security max Use the port security max command in Interface Configuration mode to configure the maximum addresses that can be learned on the port while the port is in port security mode. To return to the system default, use the no form of this command.
PAGE 286
2CSNXXX_SWUM200.book Page 286 Tuesday, December 10, 2013 1:22 PM Syntax show mac address-table multicast [vlan vlan-id] [address {mac-multicastaddress | ip-multicast-address}] [format {ip | mac}] • vlan_id — A valid VLAN ID value. • mac-multicast-address — A valid MAC Multicast address. • ip- multicast-address — A valid IP Multicast address. • format — Multicast address format. Can be ip or mac. Default Configuration If format is unspecified, the default is mac.
PAGE 287
2CSNXXX_SWUM200.book Page 287 Tuesday, December 10, 2013 1:22 PM show mac address-table Use the show mac address-table command in User EXEC or Privileged EXEC mode to display all entries in the bridge-forwarding database. Syntax show mac address-table Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 288
2CSNXXX_SWUM200.book Page 288 Tuesday, December 10, 2013 1:22 PM Syntax show mac address-table address mac-address [interface interface-id] [vlan vlan-id] • mac-address—A MAC address with the format xxxx.xxxx.xxxx. • interface-id—Display information for a specific interface. Valid interfaces include physical ports and port channels. • vlan-id—Display entries for the specific VLAN only. The range is 1 to 4093. Default Configuration This command has no default configuration.
PAGE 289
2CSNXXX_SWUM200.book Page 289 Tuesday, December 10, 2013 1:22 PM • interface-id—Specify an interface type; valid interfaces include physical ports and port channels. • vlan-id—Specify a valid VLAN, the range is 1 to 4093. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 290
2CSNXXX_SWUM200.book Page 290 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example In this example, all dynamic entries in the mac address-table are displayed. console#show mac address-table dynamic Aging time is 300 Sec Vlan Mac Address Type Port ---- -------------- ------- ------------1 0000.0001.
PAGE 291
2CSNXXX_SWUM200.book Page 291 Tuesday, December 10, 2013 1:22 PM Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example In this example, all classes of entries in the bridge-forwarding database for gigabit Ethernet interface 1/0/1 are displayed. console#show mac address-table interface gigabitethernet 1/0/1 Aging time is 300 Sec Vlan Mac Address Type Port ---- -------------- ---------------1 0000.0001.
PAGE 292
2CSNXXX_SWUM200.book Page 292 Tuesday, December 10, 2013 1:22 PM Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example In this example, all static entries in the bridge-forwarding database are displayed. console#show mac address-table static Vlan Mac Address Type ---- -------------- ----1 0001.0001.
PAGE 293
2CSNXXX_SWUM200.book Page 293 Tuesday, December 10, 2013 1:22 PM Example In this example, all classes of entries in the bridge-forwarding database are displayed. console#show mac address-table vlan 1 Mac Address Table ------------------------------------Vlan Mac Address Type Ports ---- --------------- ------- ------1 0000.0001.0000 Dynamic gi1/0/1 1 0000.8420.5010 Dynamic gi1/0/1 1 0000.E26D.2C2A Dynamic gi1/0/1 1 0000.E89A.596E Dynamic gi1/0/1 1 0001.02F1.
PAGE 294
2CSNXXX_SWUM200.book Page 294 Tuesday, December 10, 2013 1:22 PM Port ---1/0/1 1/0/2 1/0/3 Status Action ------ ---------Locked Discard Unlocked Locked Discard Maximum Trap Frequency -------- ------- ------3 Enable 100 28 8 Disable - The following table describes the fields in this example. Field Description Port The port number. Status The status can be one of the following: Locked or Unlocked. Actions Action on violations.
PAGE 295
2CSNXXX_SWUM200.book Page 295 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Examples The following example displays dynamic addresses for port channel number 1/0/1.
PAGE 296
2CSNXXX_SWUM200.
PAGE 297
2CSNXXX_SWUM200.book Page 297 Tuesday, December 10, 2013 1:22 PM 8 Auto-VoIP Commands Dell Networking N2000/N3000/N4000 Series Switches Voice over Internet Protocol (VoIP) allows network users to make telephone calls using a computer network over a data network like the Internet. With the increased prominence of delay-sensitive applications (voice, video, and other multimedia applications) deployed in networks today, proper QoS configuration ensures high-quality application performance.
PAGE 298
2CSNXXX_SWUM200.book Page 298 Tuesday, December 10, 2013 1:22 PM show switchport voice Use the show switchport voice command to show the status of Auto-VoIP on an interface or all interfaces. Syntax show switchport voice [gigabitethernet unit/slot/port| port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port] Default Configuration There is no default configuration for this command.
PAGE 299
2CSNXXX_SWUM200.
PAGE 300
2CSNXXX_SWUM200.book Page 300 Tuesday, December 10, 2013 1:22 PM switchport voice detect auto The switchport voice detect auto command is used to enable the VoIP Profile on all the interfaces of the switch (global configuration mode) or for a specific interface (interface configuration mode).Use the no form of the command to disable the VoIP Profile. Syntax switchport voice detect auto no switchport voice detect auto Default Configuration This feature is disabled by default.
PAGE 301
2CSNXXX_SWUM200.book Page 301 Tuesday, December 10, 2013 1:22 PM CDP Interoperability Commands 9 Dell Networking N2000/N3000/N4000 Series Switches Industry Standard Discovery Protocol (ISDP) is a proprietary Layer 2 network protocol which inter-operates with Cisco network equipment and is used to share information between neighboring devices.
PAGE 302
2CSNXXX_SWUM200.book Page 302 Tuesday, December 10, 2013 1:22 PM User Guidelines There are no user guidelines for this command. Example console#clear isdp counters clear isdp table The clear isdp table command clears entries in the ISDP table. Syntax clear isdp table Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
PAGE 303
2CSNXXX_SWUM200.book Page 303 Tuesday, December 10, 2013 1:22 PM Default Configuration ISDP sends version 2 packets by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#isdp advertise-v2 isdp enable The isdp enable command enables ISDP on the switch. User the “no” form of this command to disable ISDP. Use this command in global configuration mode to enable the ISDP function on the switch.
PAGE 304
2CSNXXX_SWUM200.book Page 304 Tuesday, December 10, 2013 1:22 PM console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#isdp enable isdp holdtime The isdp holdtime command configures the hold time for ISDP packets that the switch transmits. The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it. The range is given in seconds. Use the no form of this command to reset the holdtime to the default.
PAGE 305
2CSNXXX_SWUM200.book Page 305 Tuesday, December 10, 2013 1:22 PM Syntax isdp timer time no isdp timer • time—The time in seconds (range: 5–254 seconds). Default Configuration The default timer is 30 seconds. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example sets the isdp timer value to 40 seconds. console(config)#isdp timer 40 show isdp The show isdp command displays global ISDP settings.
PAGE 306
2CSNXXX_SWUM200.book Page 306 Tuesday, December 10, 2013 1:22 PM Example console#show isdp Timer................................ Hold Time............................ Version 2 Advertisements............. Neighbors table last time changed.... Device ID............................ Device ID format capability.......... Device ID format..................... 30 180 Enabled 0 days 00:06:01 QTFMPW82400020 Serial Number Serial Number show isdp entry The show isdp entry command displays ISDP entries.
PAGE 307
2CSNXXX_SWUM200.book Page 307 Tuesday, December 10, 2013 1:22 PM Port ID GigabitEthernet1/1 Holdtime 64 Advertisement Version 2 Entry last changed time 0 days 00:13:50 Version : Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000 I9K91S-M), Version 12.2(25)EWA9, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc.
PAGE 308
2CSNXXX_SWUM200.
PAGE 309
2CSNXXX_SWUM200.book Page 309 Tuesday, December 10, 2013 1:22 PM Example console#show isdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route, S - Switch, H - Host, I - IGMP, r - Repeater Device ID Intf Hold Cap. Platform Port ID ------------- ----- ---- --------------Switch1/0/1 165 RI cisco WS-C4948 GigabitEthernet1/1 console#show isdp neighbors detail Device ID Switch Address(es): IP Address: 172.20.1.18 IP Address: 172.20.1.
PAGE 310
2CSNXXX_SWUM200.book Page 310 Tuesday, December 10, 2013 1:22 PM User Guidelines There are no user guidelines for this command. Example console#show isdp traffic ISDP Packets Received.......................... ISDP Packets Transmitted....................... ISDPv1 Packets Received........................ ISDPv1 Packets Transmitted..................... ISDPv2 Packets Received........................ ISDPv2 Packets Transmitted..................... ISDP Bad Header................................
PAGE 311
2CSNXXX_SWUM200.book Page 311 Tuesday, December 10, 2013 1:22 PM 10 DHCP Layer 2 Relay Commands Dell Networking N2000/N3000/N4000 Series Switches In the majority of network configurations, DHCP clients and their associated servers do not reside on the same IP network or subnet. Therefore, some kind of third-party agent is required to transfer DHCP messages between clients and servers. Such an agent is known as a DHCP Relay agent.
PAGE 312
2CSNXXX_SWUM200.book Page 312 Tuesday, December 10, 2013 1:22 PM dhcp l2relay (Global Configuration) Use the dhcp l2relay command to enable Layer 2 DHCP Relay functionality. The subsequent commands mentioned in this section can only be used when the L2-DHCP Relay is enabled. Use the no form of this command to disable L2-DHCP Relay. Syntax dhcp l2relay no dhcp l2relay Default Configuration DHCP L2 Relay is disabled by default. Command Mode Global Configuration.
PAGE 313
2CSNXXX_SWUM200.book Page 313 Tuesday, December 10, 2013 1:22 PM Command Mode Interface Configuration (Ethernet, Port-channel). User Guidelines There are no user guidelines for this command. Example console(config-if-Gi1/0/1)#dhcp l2relay dhcp l2relay circuit-id Use the dhcp l2relay circuit-id command to enable setting the DHCP Option 82 Circuit ID for a VLAN. When enabled, the interface number is added as the Circuit ID in DHCP option 82.
PAGE 314
2CSNXXX_SWUM200.book Page 314 Tuesday, December 10, 2013 1:22 PM dhcp l2relay remote-id Use the dhcp l2relay remote-id command to enable setting the DHCP Option 82 Remote ID for a VLAN. When enabled, the supplied string is used for the Remote ID in DHCP Option 82. Use the no form of this command to disable setting the DHCP Option 82 Remote ID.
PAGE 315
2CSNXXX_SWUM200.book Page 315 Tuesday, December 10, 2013 1:22 PM Default Configuration DHCP Option 82 is discarded by default. Configuration Mode Interface Configuration (Ethernet, Port-channel). User Guidelines There are no user guidelines for this command. Example console(config-if-Gi1/0/1)#dhcp l2relay trust dhcp l2relay vlan Use the dhcp l2relay vlan command to enable the L2 DHCP Relay agent for a set of VLANs.
PAGE 316
2CSNXXX_SWUM200.book Page 316 Tuesday, December 10, 2013 1:22 PM show dhcp l2relay all Use the show dhcp l2relay all command in Privileged EXEC mode to display the summary of DHCP L2 Relay configuration. Syntax show dhcp l2relay all Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
PAGE 317
2CSNXXX_SWUM200.book Page 317 Tuesday, December 10, 2013 1:22 PM Syntax show dhcp l2relay interface {all | interface-id} • all—Show all interfaces. • interface-id—A physical interface. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay interface all DHCP L2 Relay is Enabled.
PAGE 318
2CSNXXX_SWUM200.book Page 318 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay stats interface all DHCP L2 Relay is Enabled.
PAGE 319
2CSNXXX_SWUM200.book Page 319 Tuesday, December 10, 2013 1:22 PM show dhcp l2relay agent-option vlan Use the show dhcp l2relay agent-option vlan command in Privileged EXEC mode to display DHCP L2 Relay Option-82 configuration specific to VLANs. Syntax show dhcp l2relay agent-option vlan vlan-range • vlan-range—Show information for the specified VLAN range. A range may be a single VLAN ID or two VLAN IDs separated by a single dash with no embedded spaces.
PAGE 320
2CSNXXX_SWUM200.book Page 320 Tuesday, December 10, 2013 1:22 PM Syntax show dhcp l2relay vlan vlan-range • vlan-range—Show information for the specified VLAN range. A range may be a single VLAN ID or two VLAN IDs separated by a single dash with no embedded spaces. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
PAGE 321
2CSNXXX_SWUM200.book Page 321 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay circuit-id vlan 300 DHCP L2 Relay is Enabled.
PAGE 322
2CSNXXX_SWUM200.book Page 322 Tuesday, December 10, 2013 1:22 PM --------------------200remote_22 clear dhcp l2relay statistics interface Use the show dhcp l2relay statistics interface command in Privileged EXEC mode to reset the DHCP L2 Relay counters to zero. Specify the port with the counters to clear, or use the all keyword to clear the counters on all ports. Syntax clear dhcp l2relay statistics interface {all | interface-id} • all—Show all interfaces. • interface-id—A physical interface.
PAGE 323
2CSNXXX_SWUM200.book Page 323 Tuesday, December 10, 2013 1:22 PM DHCP Management Interface Commands 11 Dell Networking N2000/N3000/N4000 Series Switches Dell Networking switches support an embedded DHCP client. Any IP interface can use DHCP to obtain an IP address. The DHCP client can run on multiple interfaces simultaneously. For IPv4, an IP interface can either use manually configured addresses or be enabled for DHCP. The options are mutually exclusive.
PAGE 324
2CSNXXX_SWUM200.book Page 324 Tuesday, December 10, 2013 1:22 PM release dhcp debug dhcp packet renew dhcp show dhcp lease release dhcp Use the release dhcp command in Privileged EXEC mode to force the DHCPv4 client to release a leased address. Syntax release dhcp interface-id • interface-id—Any valid VLAN interface. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration.
PAGE 325
2CSNXXX_SWUM200.book Page 325 Tuesday, December 10, 2013 1:22 PM renew dhcp Use the renew dhcp command in Privileged EXEC mode to force the DHCP client to immediately renew an IPv4 address lease. Syntax renew dhcp {interface-id | out-of-band} • interface-id—Any valid routing interface. See Interface Naming • out-of-band—Keyword to identify the out-of-band interface. The DHCP client renews the leased address on this interface. Conventions for interface representation.
PAGE 326
2CSNXXX_SWUM200.book Page 326 Tuesday, December 10, 2013 1:22 PM debug dhcp packet Use the debug dhcp packet command in Privileged EXEC mode to display debug information about DHCPv4 client activities and to trace DHCPv4 packets to and from the local DHCPv4 client. To disable debugging, use the no form of this command. Syntax debug dhcp packet [transmit | receive] no debug dhcp packet [transmit | receive] Default Configuration This command has no default configuration.
PAGE 327
2CSNXXX_SWUM200.book Page 327 Tuesday, December 10, 2013 1:22 PM Syntax show dhcp lease [interface { out-of-band | vlan vlan-id } ] • out-of-band—The out-of-band interface. • vlan—The VLAN and VLAN ID. Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines This command lists all IPv4 addresses currently leased from a DHCP server on a routing interface.
PAGE 328
2CSNXXX_SWUM200.book Page 328 Tuesday, December 10, 2013 1:22 PM Examples The following example shows the output from this command when the device has leased two IPv4 addresses from the DHCP server. console#show dhcp lease IP address: 10.1.20.1 on interface VLAN10 Subnet mask: 255.255.255.0 DHCP Lease server: 10.1.20.3, state: 5 Bound DHCP transaction id: 0x7AD Lease: 86400 secs, Renewal: 43200 secs, Rebind: 75600 secs Retry count: 0 IP address: 10.1.1.2 on interface VLAN20 Subnet mask: 255.255.255.
PAGE 329
2CSNXXX_SWUM200.book Page 329 Tuesday, December 10, 2013 1:22 PM DHCP Snooping Commands 12 Dell Networking N2000/N3000/N4000 Series Switches DHCP Snooping is a security feature that monitors DHCP messages between DHCP clients and DHCP server to filter harmful DHCP messages and build a bindings database of {MAC address, IP address, VLAN ID, interface} tuples that are considered authorized. The DHCP snooping application processes incoming DHCP messages.
PAGE 330
2CSNXXX_SWUM200.
PAGE 331
2CSNXXX_SWUM200.book Page 331 Tuesday, December 10, 2013 1:22 PM clear ip dhcp snooping statistics Use the clear ip dhcp snooping statistics command to clear all DHCP Snooping statistics. Syntax clear ip dhcp snooping statistics Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC User Guidelines There are no user guidelines for this command.
PAGE 332
2CSNXXX_SWUM200.book Page 332 Tuesday, December 10, 2013 1:22 PM User Guidelines To enable DHCP snooping, do the following: 1 Enable DHCP Snooping globally. 2 Enable DHCP Snooping per VLAN. 3 Set DHCP Snooping trusted port on the port in the DHCP server direction. The bindings database populated by DHCP snooping is used by several other services, including IP source guard and dynamic ARP inspection. DHCP snooping must be enabled for these services to operate.
PAGE 333
2CSNXXX_SWUM200.book Page 333 Tuesday, December 10, 2013 1:22 PM Default Configuration There are no static or dynamic DHCP snooping bindings by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ip dhcp snooping binding 00:00:00:00:00:01 vlan 10 10.131.12.134 interface 1/0/1 ip dhcp snooping database Use the ip dhcp snooping database command to configure the persistent storage location of the DHCP snooping database.
PAGE 334
2CSNXXX_SWUM200.book Page 334 Tuesday, December 10, 2013 1:22 PM Example The following example configures the storage location of the snooping database as local. console(config)#ip dhcp snooping database local The following example configures the storage location of the snooping database as remote. console(config)#ip dhcp snooping database tftp://10.131.11.1/db.
PAGE 335
2CSNXXX_SWUM200.book Page 335 Tuesday, December 10, 2013 1:22 PM ip dhcp snooping limit Use the ip dhcp snooping limit command to diagnostically disable itself if the rate of received DHCP messages exceeds the configured limit. Use the no shutdown command to re-enable the interface. Use the no form of this command to disable automatic shutdown of the interface.
PAGE 336
2CSNXXX_SWUM200.book Page 336 Tuesday, December 10, 2013 1:22 PM range of 0-300 packets per second and the burst interval in the range of 1-15 seconds. In general, a rate limit of under 100 pps is valid for untrusted interfaces.
PAGE 337
2CSNXXX_SWUM200.book Page 337 Tuesday, December 10, 2013 1:22 PM ip dhcp snooping trust Use the ip dhcp snooping trust command to configure a port as trusted. Use the no form of this command to configure a port as untrusted. Syntax ip dhcp snooping trust no ip dhcp snooping trust Default Configuration Ports are untrusted by default.
PAGE 338
2CSNXXX_SWUM200.book Page 338 Tuesday, December 10, 2013 1:22 PM ip dhcp snooping verify mac-address Use the ip dhcp snooping verify mac-address command to enable the verification of the source MAC address with the client MAC address in the received DHCP message. Use the “no” form of this command to disable verification of the source MAC address. Syntax ip dhcp snooping verify mac-address no ip dhcp snooping verify mac-address Default Configuration Source MAC address verification is enabled by default.
PAGE 339
2CSNXXX_SWUM200.book Page 339 Tuesday, December 10, 2013 1:22 PM Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
PAGE 340
2CSNXXX_SWUM200.book Page 340 Tuesday, December 10, 2013 1:22 PM Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show ip dhcp snooping binding Total number of bindings: 2 MAC Address ----------------00:02:B3:06:60:80 00:02:FE:06:13:04 IP Address --------------210.1.1.3 210.1.1.
PAGE 341
2CSNXXX_SWUM200.book Page 341 Tuesday, December 10, 2013 1:22 PM agent url: write-delay: /10.131.13.79:/sai1.txt 5000 show ip dhcp snooping interfaces Use the show ip dhcp snooping interfaces command to show the DHCP Snooping status of the interfaces. Syntax show ip dhcp snooping interfaces [interface] • interface—A valid physical interface. Default Configuration There is no default configuration for this command.
PAGE 342
2CSNXXX_SWUM200.book Page 342 Tuesday, December 10, 2013 1:22 PM show ip dhcp snooping statistics Use the show ip dhcp snooping statistics command to display the DHCP snooping filtration statistics. Syntax show ip dhcp snooping statistics Default Configuration There is no default configuration for this command.
PAGE 343
2CSNXXX_SWUM200.
PAGE 344
2CSNXXX_SWUM200.
PAGE 345
2CSNXXX_SWUM200.book Page 345 Tuesday, December 10, 2013 1:22 PM Dynamic ARP Inspection Commands 13 Dell Networking N2000/N3000/N4000 Series Switches Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. The feature prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its neighbors.
PAGE 346
2CSNXXX_SWUM200.book Page 346 Tuesday, December 10, 2013 1:22 PM • acl-name — A valid ARP ACL name (Range: 1–31 characters). Default Configuration There are no ARP ACLs created by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
PAGE 347
2CSNXXX_SWUM200.book Page 347 Tuesday, December 10, 2013 1:22 PM ip arp inspection filter Use the ip arp inspection filter command to configure the ARP ACL to be used for a single VLAN or a range of VLANs to filter invalid ARP packets. If the static keyword is given, packets that do not match a permit statement are dropped without consulting the DHCP snooping bindings. Use the “no” form of this command to unconfigure the ARP ACL.
PAGE 348
2CSNXXX_SWUM200.book Page 348 Tuesday, December 10, 2013 1:22 PM no ip arp inspection limit • none — To set no rate limit. • pps — The number of packets per second (Range: 0–300). • seconds — The number of seconds (Range: 1–15). Default Configuration The default rate limit is 15 packets per second. The default burst interval is 1 second.
PAGE 349
2CSNXXX_SWUM200.book Page 349 Tuesday, December 10, 2013 1:22 PM Default Configuration Interfaces are configured as untrusted by default. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines There are no user guidelines for this command.
PAGE 350
2CSNXXX_SWUM200.
PAGE 351
2CSNXXX_SWUM200.book Page 351 Tuesday, December 10, 2013 1:22 PM permit ip host mac host Use the permit ip host mac host command to configure a rule for a valid IP address and MAC address combination used in ARP packet validation. Use the “no” form of this command to delete an ARP ACL rule. Syntax permit ip host sender-ip mac host sender-mac no permit ip host sender-ip mac host sender-mac • sender-ip — Valid IP address used by a host.
PAGE 352
2CSNXXX_SWUM200.book Page 352 Tuesday, December 10, 2013 1:22 PM Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show arp access-list ARP access list H2 permit ip host 1.1.1.1 mac host 00:01:02:03:04:05 permit ip host 1.1.1.2 mac host 00:03:04:05:06:07 ARP access list H3 ARP access list H4 permit ip host 2.1.1.
PAGE 353
2CSNXXX_SWUM200.book Page 353 Tuesday, December 10, 2013 1:22 PM Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines The following information is displayed for each VLAN when a VLAN range is supplied: Field Description VLAN The VLAN-ID for each displayed row. Forwarded The total number of valid ARP packets forwarded in this VLAN.
PAGE 354
2CSNXXX_SWUM200.book Page 354 Tuesday, December 10, 2013 1:22 PM ----------------------------------------------1 Disabled Enabled console# Following is an example of the show ip arp inspection interfaces command. console#show ip arp inspection interfaces Interface Trust State --------------1/0/1 1/0/2 ----------Untrusted Untrusted Rate Limit Burst Interval (pps) (seconds) ---------- --------------15 1 10 10 Following is an example of the show ip arp inspection statistics command.
PAGE 355
2CSNXXX_SWUM200.book Page 355 Tuesday, December 10, 2013 1:22 PM Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines The following global parameters are displayed: Parameter Description Source Mac Validation If Source Mac validation of ARP frame is enabled. Destination Mac Validation If Destination Mac validation of ARP Response frame is enabled.
PAGE 356
2CSNXXX_SWUM200.
PAGE 357
2CSNXXX_SWUM200.book Page 357 Tuesday, December 10, 2013 1:22 PM 14 E-mail Alerting Commands Dell Networking N2000/N3000/N4000 Series Switches E-mail Alerting is an extension of the logging system. The Dell Networking logging system allows the user to configure a variety of destinations for log messages. This feature adds e-mail configuration capabilities, by which the log messages are sent to a configured SMTP server such that an operator may receive the log in an e-mail account of their choice.
PAGE 358
2CSNXXX_SWUM200.
PAGE 359
2CSNXXX_SWUM200.book Page 359 Tuesday, December 10, 2013 1:22 PM – notice (5) – info (6) – debug (7) Default Configuration E-mail alerting is disabled by default. When e-mail alerting is enabled, log messages at or above severity Warning are e-mailed. Command Mode Global Configuration mode User Guidelines The logging email command with no arguments enables e-mail alerting. Specify a severity to set the severity level of log messages that are e-mailed in a non-urgent manner.
PAGE 360
2CSNXXX_SWUM200.book Page 360 Tuesday, December 10, 2013 1:22 PM • – emergency (0) – alert (1) – critical (2) – error (3) – warning (4) – notice (5) – info (6) – debug (7) none—If you specify this keyword, no log messages are e-mailed urgently. All log messages at or above the non-urgent level (configured with the logging email command) are e-mailed in batch. Default Configuration The default severity level is alert.
PAGE 361
2CSNXXX_SWUM200.book Page 361 Tuesday, December 10, 2013 1:22 PM • severity—If you specify a severity level, log messages at or above the severity level are e-mailed. The severity level may either be specified by keyword or as an integer from 0 to 7. The accepted keywords, and the numeric severity level each represents, are as follows.
PAGE 362
2CSNXXX_SWUM200.book Page 362 Tuesday, December 10, 2013 1:22 PM Syntax logging email message-type {urgent | non-urgent | both} to-addr to-email- addr no logging email to-addr to-addr message-type no logging email message-type {urgent | non-urgent | both} to-addr to- email-addr Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines This command removes the configured to-addr field of e-mail.
PAGE 363
2CSNXXX_SWUM200.book Page 363 Tuesday, December 10, 2013 1:22 PM logging email message-type subject Use the logging email message-type subject command in Global Configuration mode to configures subject of the e-mail. Use the no form of this command to remove the existing subject and return to the default subject. Syntax logging email message-type message-type subject subject no logging email message-type message-type subject Default Configuration This command has no default configuration.
PAGE 364
2CSNXXX_SWUM200.book Page 364 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration User Guidelines This command has no user guidelines. logging email test message-type Use the logging email test message-type command in Global Configuration mode to test whether or not an e-mail is being sent to an SMTP server. Syntax logging email test message-type message-type message-body message-body • message-type—Urgent, non-urgent, or both • message-body—The message to log.
PAGE 365
2CSNXXX_SWUM200.book Page 365 Tuesday, December 10, 2013 1:22 PM Syntax show logging email statistics Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines This command has no user guidelines. clear logging email statistics Use the clear logging email statistics command in Privileged EXEC mode to clear the e-mail alerting statistics. Syntax clear logging email statistics Default Configuration This command has no default configuration.
PAGE 366
2CSNXXX_SWUM200.book Page 366 Tuesday, December 10, 2013 1:22 PM security Use the security command in Mail Server Configuration mode to set the email alerting security protocol. This enables and disables the switch to use TLS authentication with the SMTP Server. If the administrator sets the TLS mode and, if the SMTP sever does not support TLS mode, then no e-mail goes to the SMTP server. Syntax security {tls | none} Default Configuration The default value is disabled.
PAGE 367
2CSNXXX_SWUM200.book Page 367 Tuesday, December 10, 2013 1:22 PM Default Configuration The default configuration for a mail server is shown in the table below. Field Default Email Alert Mail Server Port 25 Email Alert Security Protocol none Email Alert Username admin Email Alert Password admin Command Mode Global Configuration User Guidelines This command has no user guidelines.
PAGE 368
2CSNXXX_SWUM200.book Page 368 Tuesday, December 10, 2013 1:22 PM User Guidelines Port 25 is the standard SMTP port for cleartext messages. Port 465 is the standard port for messages sent using TLSv1. Messages are always sent in plain text mode. username (Mail Server Configuration Mode) Use the username command in Mail Server Configuration mode to configure the username required by the authentication. Use the no form of the command to revert the username to the default value.
PAGE 369
2CSNXXX_SWUM200.book Page 369 Tuesday, December 10, 2013 1:22 PM Default Configuration The default value for password is admin. Command Mode Mail Server Configuration User Guidelines This command has no user guidelines. show mail-server Use the show mail-server command in Privileged EXEC mode to display the configuration of all the mail servers or a particular mail server. Syntax show mail-server {ip-address | hostname | all} Default Configuration This command has no default configuration.
PAGE 370
2CSNXXX_SWUM200.book Page 370 Tuesday, December 10, 2013 1:22 PM SMTP server authentication details: Username: Mail server2 configuration: SMTP server IP Address: SMTP server Port: SMTP server security protocol: SMTP server authentication details: Username: admin 10.131.1.31 465 tls admin console#show mail-server ip-address 10.131.1.11 SMTP server SMTP server SMTP server SMTP server Username: 370 IP Address: Port: security protocol: authentication details: E-mail Alerting Commands 10.131.1.
PAGE 371
2CSNXXX_SWUM200.book Page 371 Tuesday, December 10, 2013 1:22 PM 15 Ethernet Configuration Commands Dell Networking N2000/N3000/N4000 Series Switches Dell Networking switches support a variety of configuration options to optimize network operations. Features such as flow-control and jumbo frames are supported along with a variety of commands to display traffic statistics as well as limit the effects of network loops or other network issues.
PAGE 372
2CSNXXX_SWUM200.book Page 372 Tuesday, December 10, 2013 1:22 PM On a storm control enabled interface, if the ingress rate of that type of packet (L2 broadcast, multicast, or unicast) is greater than the configured threshold level (as a percentage of port speed or as an absolute packets-per-second rate), the switch forwarding-plane discards the excess traffic. The speed command controls interface link speeds and auto-negotiation.
PAGE 373
2CSNXXX_SWUM200.book Page 373 Tuesday, December 10, 2013 1:22 PM Syntax clear counters [{gigabitethernet unit/slot/port | port-channel port-channelnumber | switchport | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines Use of the clear counters command with no parameters indicates that both switch and all interface statistics are to be cleared.
PAGE 374
2CSNXXX_SWUM200.book Page 374 Tuesday, December 10, 2013 1:22 PM Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command has no user guidelines. Example The following example adds a description to the Ethernet port 5. console(config)#interface gigabitethernet 1/0/5 console(config-if-Gi1/0/5)# description RD_SW#3 duplex The duplex command is deprecated.
PAGE 375
2CSNXXX_SWUM200.book Page 375 Tuesday, December 10, 2013 1:22 PM Interface specific configuration overrides any global configuration. Changing the flow control setting on a copper port restarts auto-negotiation and causes a brief link-flap while auto-negotiation occurs. Changing the flow control setting on a fiber port may cause a brief link flap as the PHY is reset.
PAGE 376
2CSNXXX_SWUM200.book Page 376 Tuesday, December 10, 2013 1:22 PM User Guidelines Dell Networking switches implement receive flow control only. They never issue a flow control PAUSE frame when congested, but will respect received flow control PAUSE frames received from other switches. Disabling flow control causes the switch to ignore received PAUSE frames. Interface specific configuration overrides any global configuration.
PAGE 377
2CSNXXX_SWUM200.book Page 377 Tuesday, December 10, 2013 1:22 PM • port-type—Shows all interfaces of the specified type. Default Configuration This command has no default configuration. Command Mode Global Configuration, Interface Range and Interface modes User Guidelines Commands under the interface range context are executed independently on each active interface in the range.
PAGE 378
2CSNXXX_SWUM200.book Page 378 Tuesday, December 10, 2013 1:22 PM No monitor capture stops the capture and returns the configuration to the defaults. No monitor capture file size returns the capture file size to the defaults. No monitor capture remote port returns the TCP port to the default. Syntax monitor capture [file [size max-size] | remote [port id] | line [wrap]] no monitor capture [file size] [remote port] [line wrap] • max-size—The size of the capture file in bytes.
PAGE 379
2CSNXXX_SWUM200.book Page 379 Tuesday, December 10, 2013 1:22 PM display only the captured packets that were not previously displayed as the show command empties the capture buffer. When a capture session is stopped, it is possible to display all saved packets as often as is desired. The command show monitor capture packets always displays the captured packets in chronological order. The memory buffer only stores the first 128 bytes of each packet captured.
PAGE 380
2CSNXXX_SWUM200.book Page 380 Tuesday, December 10, 2013 1:22 PM packets that have been already displayed during capturing session are overwritten in RAM by new captured packets if capturing is still in progress. In this manner, the limit of displaying 128 packets per session can be overcome (but only in monitor capture line wrap mode). Packets that have not been displayed are not overwritten.
PAGE 381
2CSNXXX_SWUM200.book Page 381 Tuesday, December 10, 2013 1:22 PM NVRAM Capture: After packet capture is activated, packets are stored in NVRAM until the capture file reaches its maximum size, or until the capture is stopped manually. When the capture is started, the capture file from the previous capture is deleted. The captured file can be uploaded via TFTP, SFTP, SCP via CLI and SNMP using the copy command. The name of the capture file is cpuPktCapture.pcap.
PAGE 382
2CSNXXX_SWUM200.
PAGE 383
2CSNXXX_SWUM200.book Page 383 Tuesday, December 10, 2013 1:22 PM Default Configuration Capture is not enabled by default. By default, both transmitted and received packets are captured. Command Modes Privileged EXEC mode User Guidelines In general, starting packet capture erases the previous capture buffer contents. Example console# monitor capture start all rate-limit cpu Use the rate-limit cpu command to reduce the amount of unknown unicast/multicast packets forwarded to the CPU.
PAGE 384
2CSNXXX_SWUM200.book Page 384 Tuesday, December 10, 2013 1:22 PM User Guidelines Unknown unicast and multicast packets are copied to the CPU on the lowest priority QoS queue. Unknown packets are those that do not have hardware forwarding entries. Known unicast/multicast packets are hardware forwarded and are not queued to the CPU. Control plane packets (e.g. spanning tree BPDUs) are copied or forwarded to the CPU on higher priority queues.
PAGE 385
2CSNXXX_SWUM200.book Page 385 Tuesday, December 10, 2013 1:22 PM ------ ---------free 1053933568 alloc 673873920 CPU Utilization: PID Name 5 Secs 60 Secs 300 Secs ---------- ------------------- -------- -------- -------1129 osapiTimer 0.00% 0.00% 0.01% 1133 _interrupt_thread 0.09% 0.01% 0.00% 1137 bcmCNTR.0 0.24% 0.31% 0.31% 1142 bcmRX 23.00% 27.01% 18.01% 1147 ipMapForwardingTas 32.97% 37.11% 29.92% 1155 bcmLINK.0 0.34% 0.36% 0.36% 1156 cpuUtilMonitorTask 0.09% 0.05% 0.04% 1170 nim_t 0.09% 0.08% 0.
PAGE 386
2CSNXXX_SWUM200.book Page 386 Tuesday, December 10, 2013 1:22 PM User Guidelines The priority resolution field indicates the auto-negotiated link speed and duplex. The clock field indicates whether the local interface has autonegotiated to clock master or clock slave. When the link is down, the field will show No link. When the link is down, the Oper Peer Advertisement and Priority Resolution fields will show dashes. Examples The following examples display information about auto negotiation advertisement.
PAGE 387
2CSNXXX_SWUM200.book Page 387 Tuesday, December 10, 2013 1:22 PM show interfaces configuration Use the show interfaces configuration command in User EXEC mode to display the configuration for all configured interfaces. Syntax show interfaces configuration [{gigabitethernet unit/slot/port| port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
PAGE 388
2CSNXXX_SWUM200.book Page 388 Tuesday, December 10, 2013 1:22 PM Port Description Duplex Speed Neg MTU Admin State --------- ------------------------------ ------ ------- ---- ----- ----Gi1/0/1 Full 1000 Auto 1518 Up show interfaces counters Use the show interfaces counters command in User EXEC mode to display traffic seen by the interface.
PAGE 389
2CSNXXX_SWUM200.book Page 389 Tuesday, December 10, 2013 1:22 PM Field Description InUcastPkts Counted received Unicast packets. InMcastPkts Counted received Multicast packets. InBcastPkts Counted received Broadcast packets. OutOctets Counted transmitted octets. OutUcastPkts Counted transmitted Unicast packets. OutMcastPkts Counted transmitted Multicast packets. OutBcastPkts Counted transmitted Broadcast packets.
PAGE 390
2CSNXXX_SWUM200.book Page 390 Tuesday, December 10, 2013 1:22 PM Field Description Transmitted PFC Frames A count of the transmitted PFC frames.
PAGE 391
2CSNXXX_SWUM200.book Page 391 Tuesday, December 10, 2013 1:22 PM FCS Errors: ................................... Single Collision Frames: ...................... Late Collisions: .............................. Excessive Collisions: ......................... Multiple Collisions: .......................... Received packets dropped > MTU: ............... Transmitted packets dropped > MTU: ............ Internal MAC Rx Errors: ....................... Received Pause Frames: ........................
PAGE 392
2CSNXXX_SWUM200.book Page 392 Tuesday, December 10, 2013 1:22 PM 2/0/1 2/0/2 Ch ---1 Description ----------Output show interfaces detail Use the show interfaces detail command in Privileged EXEC mode to display detailed status and configuration of the specified interface. Syntax show interfaces detail • interface-id—A physical interface or port channel identifier. Default Configuration This command has no default configuration.
PAGE 393
2CSNXXX_SWUM200.
PAGE 394
2CSNXXX_SWUM200.book Page 394 Tuesday, December 10, 2013 1:22 PM Syntax show interfaces status Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines Port channels are only displayed if configured. Use the show interfaces portchannel command to display configured and unconfigured port channels.
PAGE 395
2CSNXXX_SWUM200.
PAGE 396
2CSNXXX_SWUM200.book Page 396 Tuesday, December 10, 2013 1:22 PM show interfaces transceiver Use the show interfaces transceiver command to display the optic static parameters as well as the Dell qualification. Syntax show interfaces transceiver [properties] • properties—Displays the static parameters for the optics. Default Configuration This command has no default configuration. Command Modes User EXEC, Privileged EXEC modes.
PAGE 397
2CSNXXX_SWUM200.book Page 397 Tuesday, December 10, 2013 1:22 PM Te1/0/9 Te1/0/11 Te1/0/13 Te1/0/15 Te1/0/17 SFP+ SFP+ SFP SFP+ SFP+ 10GBASE-LRM 10GBASE-LRM 1GBASE-SX 10GBASE-SR 10GBASE-SR ANF0L5J ANF0L5R PCC1PT5 AD1125A002R AD0815E00PC Yes Yes N/A No No show monitor capture Use this command to display captured packets transmitted or received from the CPU. Syntax show monitor capture [packets] Default Configuration This command has no default configuration.
PAGE 398
2CSNXXX_SWUM200.book Page 398 Tuesday, December 10, 2013 1:22 PM 0030 00 00 00 00 00 00 00 00 00 01 3a 00 05 02 00 00 0040 01 00 82 00 43 62 27 10 00 00 00 00 00 00 00 00 0050 00 00 00 00 00 00 00 00 00 00 ff ff 00 00 =================== 1/0/1 Length = 94 =================== 02:29:24.0000 0000 33 33 00 00 00 0010 86 dd 60 00 00 0020 00 00 00 00 88 0030 00 00 00 00 00 0040 01 00 82 00 43 0050 00 00 00 00 00 =================== 1/0/1 Length = 94 =================== 02:29:25.
PAGE 399
2CSNXXX_SWUM200.book Page 399 Tuesday, December 10, 2013 1:22 PM Syntax show statistics {gigabitethernet unit/slot/port |switchport | port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port} • unit/slot/port—A valid interface. See Interface Naming Conventions for interface representation. • switchport—Displays statistics for the entire switch. Default Configuration This command has no default configuration.
PAGE 400
2CSNXXX_SWUM200.book Page 400 Tuesday, December 10, 2013 1:22 PM Total Packets Received Without Errors.......... Unicast Packets Received....................... Multicast Packets Received..................... Broadcast Packets Received..................... 0 0 0 0 Total Packets Received with MAC Errors......... Jabbers Received............................... Fragments/Undersize Received................... Alignment Errors............................... FCS Errors.....................................
PAGE 401
2CSNXXX_SWUM200.book Page 401 Tuesday, December 10, 2013 1:22 PM Time Since Counters Last Cleared............... 0 day 13 hr 20 min 24 sec show statistics switchport Use the show statistics command in Privileged EXEC mode to display detailed statistics for a specific port or for the entire switch. Syntax show statistics {interface-id |switchport} • interface-id—The interface ID. See Interface Naming Conventions for interface representation. • switchport—Displays statistics for the entire switch.
PAGE 402
2CSNXXX_SWUM200.book Page 402 Tuesday, December 10, 2013 1:22 PM Unicast Packets Transmitted ifHCOutUcastPkts Multicast Packets Transmitted ifHCOutMulticastPkts Broadcast Packets Transmitted ifHCOutBroadcastPkts Transmit Packets Discarded ifOutDiscards Example The following example shows statistics for the entire switch. console#show statistics switchport Total Packets Received (Octets)................ Packets Received Without Error................. Unicast Packets Received.......................
PAGE 403
2CSNXXX_SWUM200.book Page 403 Tuesday, December 10, 2013 1:22 PM show storm-control Use the show storm-control command in Privileged EXEC mode to display the configuration of storm control. Syntax show storm-control [all | {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
PAGE 404
2CSNXXX_SWUM200.book Page 404 Tuesday, December 10, 2013 1:22 PM Syntax shutdown no shutdown Default Configuration The interface is enabled. Command Mode Interface Configuration (Ethernet, Port-Channel, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Examples The following example disables gigabit Ethernet port 1/0/5. console(config)#interface gigabitethernet 1/0/5 console(config-if-Gi1/0/5)# shutdown The following example reenables gigabit ethernet port 1/0/5.
PAGE 405
2CSNXXX_SWUM200.book Page 405 Tuesday, December 10, 2013 1:22 PM • 40000—Configures the port to 40 Gbps operation. • auto—The port automatically detects the speed it should run based on the port at the other end of the link. If you use the 10, 100, or 1000 keywords with the auto keyword, the port only negotiates at the specified speeds. Default Configuration Auto-negotiation is enabled by default on copper ports.
PAGE 406
2CSNXXX_SWUM200.book Page 406 Tuesday, December 10, 2013 1:22 PM storm-control broadcast Use the storm-control broadcast command in Interface Configuration mode to enable broadcast storm recovery mode for a specific interface. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of broadcast traffic will be limited to the configured threshold.
PAGE 407
2CSNXXX_SWUM200.book Page 407 Tuesday, December 10, 2013 1:22 PM When you use the no storm-control multicast command to "disable" stormcontrol after having set the level or rate to a non-default value, that value is still set but is not active until you reenable storm-control. Syntax storm-control multicast [level | rate] no storm-control multicast • level— The configured rate as a percentage of link-speed. • rate — The configured rate in kilobits per second (Kbps).
PAGE 408
2CSNXXX_SWUM200.book Page 408 Tuesday, December 10, 2013 1:22 PM Syntax storm-control unicast [level | rate] no storm-control unicast • level— The configured rate as a percentage of link-speed. • rate — The configured rate in kilobits per second (Kbps). (Range: 0-100) Default Configuration The default value is 5. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines.
PAGE 409
2CSNXXX_SWUM200.book Page 409 Tuesday, December 10, 2013 1:22 PM Default Configuration No protected switchports are defined. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example configures Ethernet port 1/0/1 as a member of protected group 1.
PAGE 410
2CSNXXX_SWUM200.book Page 410 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example assigns the name "protected" to group 1. console(config-if-Gi1/0/1)#switchport protected 1 name protected show switchport protected Use the show switchport protected command in Privileged EXEC mode to display the status of all the interfaces, including protected and unprotected interfaces.
PAGE 411
2CSNXXX_SWUM200.book Page 411 Tuesday, December 10, 2013 1:22 PM Syntax show system internal pktmgr internal control sw-rate-limit Default Configuration This command has no default configuration. Command Modes Privileged EXEC mode User Guidelines See the rate-limit cpu command for further information on the output of this command.
PAGE 412
2CSNXXX_SWUM200.book Page 412 Tuesday, December 10, 2013 1:22 PM Example a11-39#show system mtu System Jumbo MTU size is 9216 bytes system jumbo mtu Use the system jumbo mtu command to globally configure the Maximum Transmission Unit (MTU) on all interfaces, IP/IPv6 interfaces, VLAN interfaces, and port channel interfaces for forwarded and system-generated frames. The MTU is the size of the largest Ethernet frame that can be transmitted on an interface without fragmentation.
PAGE 413
2CSNXXX_SWUM200.book Page 413 Tuesday, December 10, 2013 1:22 PM advertise different IP MTUs, they will not form an adjacency (unless OSPF has been instructed to ignore differences in IP MTU with the ip ospf mtuignore command).
PAGE 414
2CSNXXX_SWUM200.
PAGE 415
2CSNXXX_SWUM200.book Page 415 Tuesday, December 10, 2013 1:22 PM Ethernet CFM Commands 16 Dell Networking N4000 Series Switches Connectivity Fault Management (CFM) is the OAM Protocol provision for end-to-end service layer OAM in carrier Ethernet networks. CFM provides mechanisms to support the operator in performing connectivity checks, fault detection, fault verification and isolation, and fault notification per service in the network domain of interest. Unlike Ethernet OAM defined in IEEE 802.
PAGE 416
2CSNXXX_SWUM200.book Page 416 Tuesday, December 10, 2013 1:22 PM ethernet cfm mep enable show ethernet cfm maintenance-points local ethernet cfm mep active show ethernet cfm maintenance-points remote ethernet cfm mep archive-hold-time show ethernet cfm statistics ethernet cfm mip level debug cfm ethernet cfm domain Use the ethernet cfm domain command in Global Configuration mode to enter into maintenance domain Configuration mode for an existing domain.
PAGE 417
2CSNXXX_SWUM200.book Page 417 Tuesday, December 10, 2013 1:22 PM Example In this example, a domain vin is created at level 1. console(config)#ethernet cfm domain vin level 1 console(config-cfm-mdomain)# service Use the service command in maintenance domain Configuration mode to associate a VLAN with a maintenance domain. Use the no form of the command to remove the association. Syntax service service-name vlan vlanid • service-name—Unique service identifier.
PAGE 418
2CSNXXX_SWUM200.book Page 418 Tuesday, December 10, 2013 1:22 PM Syntax ethernet cfm cc level 0-7 vlan vlan-list interval secs • vlanid—VLAN ID representing a service instance that is monitored by this maintenance association. The range is 1-4093. • secs—Time interval between successive transmissions. The range is 1, 10, 60, and 600 seconds. The default is 1 second. Default Configuration CCMs are not sent by default.
PAGE 419
2CSNXXX_SWUM200.book Page 419 Tuesday, December 10, 2013 1:22 PM Default Configuration No MEPs are preconfigured. Command Mode Interface Configuration User Guidelines This command has no user guidelines. Example The following example creates a maintenance endpoint at level 1 with mpid 1010 on vlan 10.
PAGE 420
2CSNXXX_SWUM200.book Page 420 Tuesday, December 10, 2013 1:22 PM Example The following example enables a maintenance endpoint at level 1 with mpid 1010 on vlan 10. console(config-if-Gi1/0/3)#ethernet cfm mep enable level 1 vlan 10 mpid 1010 ethernet cfm mep active Use the ethernet cfm mep active command in Interface Configuration mode to activate a MEP at the specified level and direction. Use the no form of the command to deactivate the MEP.
PAGE 421
2CSNXXX_SWUM200.book Page 421 Tuesday, December 10, 2013 1:22 PM • hold-time—The time in seconds to maintain the data for a missing MEP before removing the data. The default value is 600 seconds. Default Configuration No MEPs are preconfigured. Command Mode Interface Configuration User Guidelines The hold time should generally be less than the CCM message interval. Example The following example sets the hold time for maintaining internal information regarding a missing MEP.
PAGE 422
2CSNXXX_SWUM200.book Page 422 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example console(config-if-gi1/0/1)# ethernet cfm mip level <7> ping ethernet cfm Use the ping ethernet cfm command in Privileged EXEC mode to generate a loopback message (LBM) from the configured MEP.
PAGE 423
2CSNXXX_SWUM200.book Page 423 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example console #ping ethernet cfm mac 00:11:22:33:44:55 level 1 vlan 10 mpid 1 count 10 traceroute ethernet cfm Use the traceroute ethernet command in Privileged EXEC mode to generate a link trace message (LTM) from the configured MEP.
PAGE 424
2CSNXXX_SWUM200.book Page 424 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example console # linktrace src-mep 200 target-mep 400 ttl 64 show ethernet cfm errors Use the show ethernet cfm errors command in Privileged EXEC mode to display the cfm errors. Syntax show ethernet cfm errors {domain domain-id | level 0-7} • level—Maintenance association level • domain—Name of the maintenance domain (an alphanumeric string of up to 43 characters in length).
PAGE 425
2CSNXXX_SWUM200.book Page 425 Tuesday, December 10, 2013 1:22 PM Syntax show ethernet cfm domain {brief |domain-id} • domain—Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 426
2CSNXXX_SWUM200.book Page 426 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 427
2CSNXXX_SWUM200.book Page 427 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 428
2CSNXXX_SWUM200.
PAGE 429
2CSNXXX_SWUM200.book Page 429 Tuesday, December 10, 2013 1:22 PM • event—CFM events • pdu—CFM PDUs • ccm—Continuity check messages • ltm—Link trace messages • lbm—Loopback messages • tx—Transmit only • rx—Receive only • all—Everything Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines This command has no user guidelines.
PAGE 430
2CSNXXX_SWUM200.
PAGE 431
2CSNXXX_SWUM200.book Page 431 Tuesday, December 10, 2013 1:22 PM Green Ethernet Commands 17 Dell Networking switches support various Green Ethernet modes, i.e., power saving modes, namely: • Energy-Detect Mode • Energy Efficient Ethernet These modes can enable significant operational cost reductions through direct power savings and reducing cooling costs.
PAGE 432
2CSNXXX_SWUM200.book Page 432 Tuesday, December 10, 2013 1:22 PM clear green-mode statistics show green-mode eee-lpi-history interface green-mode eee-lpi-history – green-mode energy-detect This command enables a Dell proprietary mode of power reduction on ports that are not connected to another interface. Use the green-mode energydetect command in Interface Configuration mode to enable energy-detect mode on an interface or all the interfaces.
PAGE 433
2CSNXXX_SWUM200.book Page 433 Tuesday, December 10, 2013 1:22 PM be disabled. An error message (Unable to set energy-detect mode) will be displayed if the user attempts to configure energy-detect on a 10G port on a N2000/N3000 series switch. green-mode eee Use the green-mode eee command in Interface Configuration mode to enable EEE low power idle mode on an interface. The command enables both send and receive sides of a link to disable some functionality for power savings when lightly loaded.
PAGE 434
2CSNXXX_SWUM200.book Page 434 Tuesday, December 10, 2013 1:22 PM clear green-mode statistics Use the clear green-mode statistics command in Privileged EXEC mode to clear: • The EEE LPI event count, and LPI duration • The EEE LPI history table entries • The Cumulative Power savings estimates for a specified interface or for all the interfaces based upon the argument. Syntax clear green-mode statistics {interface-id | all} • interface-id—Any valid interface.
PAGE 435
2CSNXXX_SWUM200.book Page 435 Tuesday, December 10, 2013 1:22 PM Syntax green-mode eee-lpi-history {sampling-interval 30 sec – 36000 sec| maxsamples 1 - 168} • sampling-interval—The interval in seconds at which power consumption data needs to be collected. • max-samples—Maximum number of samples to keep. Default Configuration The sampling-interval default value is 3600 seconds and the max-samples default value is 168.
PAGE 436
2CSNXXX_SWUM200.book Page 436 Tuesday, December 10, 2013 1:22 PM Syntax show green-mode interface-id • interface-id—Any valid interface. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines This command output provides the following information. Term Description Energy Detect Energy-detect admin mode Energy-detect mode is enabled or disabled.
PAGE 437
2CSNXXX_SWUM200.book Page 437 Tuesday, December 10, 2013 1:22 PM Term Description Rx Low Power Idle Duration (μSec) This field indicates duration of Rx LPI state in 10us increments. Shows the total duration of Rx LPI since the EEE counters are last cleared. Tx Low Power Idle Event Count This field is incremented each time MAC TX enters LP IDLE state. Shows the total number of Tx LPI Events since EEE counters are last cleared.
PAGE 438
2CSNXXX_SWUM200.book Page 438 Tuesday, December 10, 2013 1:22 PM Term Description Remote Tw_sys_rx (μSec) Integer that indicates the value of Tw_sys that the remote system requests from the local system. This value maps from the aLldpXdot3RemRxTwSys attribute. Remote Tw_sys_rx Echo (μSec) Integer that indicates the value of Receive Tw_sys echoed back by the remote system. This value maps from the aLldpXdot3RemRxTwSysEcho attribute.
PAGE 439
2CSNXXX_SWUM200.book Page 439 Tuesday, December 10, 2013 1:22 PM Tx Low Power Idle Event Count......... 0 Tx Low Power Idle Duration (uSec)......0 Tw_sys_tx (usec)..................... 17 Tw_sys_tx Echo(usec)................. 17 Tw_sys_rx (usec)..................... 17 Tw_sys_tx Echo(usec)................. 17 Fallback Tw_sys (usec)............... 17 Remote Tw_sys_tx (usec).............. 21 Remote Tw_sys_tx Echo(usec).......... 21 Remote Tw_sys_rx (usec)............... 21 Remote Tw_sys_tx Echo(usec)........
PAGE 440
2CSNXXX_SWUM200.book Page 440 Tuesday, December 10, 2013 1:22 PM Term Description Energy Detect Energy-detect Config Energy-detect Admin mode is enabled or disabled. Energy-detect Opr Energy detect mode is currently active or inactive. The energy detect mode may be administratively enabled, but the operational status may be inactive. EEE EEE Config EEE Admin Mode is enabled or disabled. Example console#show green-mode Current Power Consumption (mW)................. 11545 Power Saving /Stack (%)....
PAGE 441
2CSNXXX_SWUM200.book Page 441 Tuesday, December 10, 2013 1:22 PM Syntax show green-mode eee-lpi-history interface interface-id • interface-id—Any valid interface. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines On combo ports, samples are only collected on the copper ports when enabled. The following fields are displayed by this command.
PAGE 442
2CSNXXX_SWUM200.book Page 442 Tuesday, December 10, 2013 1:22 PM Percentage of Percentage of SampleTime Since Time Spent in Time Spent in No.
PAGE 443
2CSNXXX_SWUM200.book Page 443 Tuesday, December 10, 2013 1:22 PM 18 GVRP Commands Dell Networking N2000/N3000/N4000 Series Switches GARP VLAN Registration Protocol (GVRP) is used to propagate VLAN membership information throughout the network. GVRP is based on the Generic Attribute Registration Protocol (GARP), which defines a method of propagating a defined attribute (that is, VLAN membership) throughout the network.
PAGE 444
2CSNXXX_SWUM200.book Page 444 Tuesday, December 10, 2013 1:22 PM Syntax clear gvrp statistics [{gigabitethernet unit/slot/port | port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example clears all the GVRP statistics information on port 1/0/8.
PAGE 445
2CSNXXX_SWUM200.book Page 445 Tuesday, December 10, 2013 1:22 PM • timer_value — Timer values in centiseconds. The range is 10-100 for join, 20-600 for leave, and 200-6000 for leaveall.
PAGE 446
2CSNXXX_SWUM200.book Page 446 Tuesday, December 10, 2013 1:22 PM Syntax gvrp enable no gvrp enable Default Configuration GVRP is globally disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example globally enables GVRP on the device. console(config)#gvrp enable gvrp enable (interface) Use the gvrp enable command in Interface Configuration mode to enable GVRP on an interface.
PAGE 447
2CSNXXX_SWUM200.book Page 447 Tuesday, December 10, 2013 1:22 PM User Guidelines An Access port cannot join dynamically to a VLAN because it is always a member of only one VLAN. Membership in untagged VLAN would be propagated in a same way as a tagged VLAN. In such cases it is the administrator’s responsibility to set the PVID to be the untagged VLAN VID. Example The following example enables GVRP on gigabit ethernet 1/0/8.
PAGE 448
2CSNXXX_SWUM200.book Page 448 Tuesday, December 10, 2013 1:22 PM Example The following example shows how default dynamic registering and deregistering is forbidden for each VLAN on port 1/0/8. console(config)#interface gigabitethernet 1/0/8 console(config-if-Gi1/0/8)#gvrp registration-forbid gvrp vlan-creation-forbid Use the gvrp vlan-creation-forbid command in Interface Configuration mode to disable dynamic VLAN creation. To enable dynamic VLAN creation, use the no form of this command.
PAGE 449
2CSNXXX_SWUM200.book Page 449 Tuesday, December 10, 2013 1:22 PM Syntax show gvrp configuration [{gigabitethernet unit/slot/port | port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 450
2CSNXXX_SWUM200.book Page 450 Tuesday, December 10, 2013 1:22 PM show gvrp error-statistics Use the show gvrp error-statistics command in User EXEC mode to display GVRP error statistics. Syntax show gvrp error-statistics [{gigabitethernet unit/slot/port| port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
PAGE 451
2CSNXXX_SWUM200.book Page 451 Tuesday, December 10, 2013 1:22 PM show gvrp statistics Use the show gvrp statistics command in User EXEC mode to display GVRP statistics. Syntax show gvrp statistics [{gigabitethernet unit/slot/port| port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
PAGE 452
2CSNXXX_SWUM200.
PAGE 453
2CSNXXX_SWUM200.book Page 453 Tuesday, December 10, 2013 1:22 PM IGMP Snooping Commands 19 Dell Networking N2000/N3000/N4000 Series Switches Snooping of Internet Group Management Protocol (IGMP) messages is a feature that allows Dell Networking switches to forward multicast traffic intelligently on the switch. Multicast traffic is traffic that is destined to a host group. Host groups are identified by the destination MAC address, i.e.
PAGE 454
2CSNXXX_SWUM200.book Page 454 Tuesday, December 10, 2013 1:22 PM mechanism. This means that all other routers on the network are suppressed and thus not detectable by the switch. If a query is not received on an interface within a specified length of time (multicast router present expiration time), that interface is removed from the list of interfaces with multicast routers attached. The multicast router present expiration time is configurable using management.
PAGE 455
2CSNXXX_SWUM200.book Page 455 Tuesday, December 10, 2013 1:22 PM Default Configuration IGMP snooping is enabled globally and on all VLANs by default. Command Mode Global Configuration mode User Guidelines Use this command without parameters to globally enable IGMP snooping. Use the no form of the command to disable IGMP snooping. Use the vlan parameter to enable IGMP snooping on a specific VLAN. GMRP is incompatible with IGMP snooping and should be disabled on any VLANs on which IGMP snooping is enabled.
PAGE 456
2CSNXXX_SWUM200.book Page 456 Tuesday, December 10, 2013 1:22 PM show ip igmp snooping Use the show ip igmp snooping command in Privileged EXEC mode to display the IGMP snooping configuration and SSM statistics. Syntax show ip igmp snooping [vlan vlan-id] • vlan-id—Specifies a VLAN ID value. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 457
2CSNXXX_SWUM200.book Page 457 Tuesday, December 10, 2013 1:22 PM show ip igmp snooping groups Use the show ip igmp snooping groups command in User EXEC mode to display the Multicast groups learned by IGMP snooping and IGMP SSM entries. Syntax show ip igmp snooping groups [vlan vlan-id] [address ip-multicast-address] • vlan_id — Specifies a VLAN ID value. • ip-multicast-address — Specifies an IP Multicast address. Default Configuration This command has no default configuration.
PAGE 458
2CSNXXX_SWUM200.book Page 458 Tuesday, December 10, 2013 1:22 PM VLAN Group Reporter Filter IIF Source Address ---- --------------------- ----------------- ------- ---------- ----------1 224.2.2.2 192.168.10.2 include Te1/0/1 1.1.1.2 console(config)#show ip igmp snooping Admin Mode..................................... IGMP Router-Alert check........................ Multicast Control Frame Count.................. SSM FDB Capacity............................... SSM FDB High Water Mark........................
PAGE 459
2CSNXXX_SWUM200.book Page 459 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example shows IGMP snooping mrouter information. console#show ip igmp snooping mrouter VLAN ID Port ----------------10 Gi2/0/1 ip igmp snooping vlan immediate-leave This command enables or disables IGMP Snooping immediate-leave mode on a selected VLAN.
PAGE 460
2CSNXXX_SWUM200.book Page 460 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example enables IGMP snooping immediate-leave mode on VLAN 2. console(config)#ip igmp snooping vlan 2 immediate-leave ip igmp snooping vlan groupmembership-interval This command sets the IGMP Group Membership Interval time on a VLAN.
PAGE 461
2CSNXXX_SWUM200.book Page 461 Tuesday, December 10, 2013 1:22 PM Example The following example configures an IGMP snooping group membership interval of 1500 seconds on VLAN 2. console(config)#ip igmp snooping vlan 2 groupmembership-interval 1500 ip igmp snooping vlan last-member-queryinterval This command sets the last-member-query interval on a particular VLAN. The last-member-query-interval is the amount of time in seconds after which a host is considered to have left the group.
PAGE 462
2CSNXXX_SWUM200.book Page 462 Tuesday, December 10, 2013 1:22 PM console(config)#ip igmp snooping vlan 2 last-member-query-interval 7 ip igmp snooping vlan mcrtrexpiretime This command sets the Multicast Router Present Expiration time. The time is set on a particular VLAN. This is the amount of time in seconds that a switch waits for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached. The range is 1–2147483647 seconds.
PAGE 463
2CSNXXX_SWUM200.book Page 463 Tuesday, December 10, 2013 1:22 PM Syntax ip igmp snooping vlan vlan-id report-suppression no ip igmp report-suppression • vlan id — Number assigned to the VLAN Default Configuration Report suppression is enabled by default. Command Mode Global Configuration mode User Guidelines When IGMP report suppression is enabled, the switch only sends the first report received for a group in response to a query. Report suppression is only applicable to IGMPv1 and IGMPv2.
PAGE 464
2CSNXXX_SWUM200.book Page 464 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration mode. User Guidelines There is no equivalent MLD command since this setting applies to both protocols. Example console(config)#ip igmp snooping unregistered floodall ip igmp snooping vlan mrouter This command statically configures a port as connected to a multicast router for a specified VLAN. Use the no form of this command to remove the static binding.
PAGE 465
2CSNXXX_SWUM200.
PAGE 466
2CSNXXX_SWUM200.
PAGE 467
2CSNXXX_SWUM200.book Page 467 Tuesday, December 10, 2013 1:22 PM 20 IGMP Snooping Querier Commands Dell Networking N2000/N3000/N4000 Series Switches The IGMP Snooping Querier is an extension to the IGMP Snooping feature. IGMP Snooping Querier allows the switch to simulate an IGMP router in a Layer 2-only network, thus removing the need to have an IGMP Router to collect and refresh the multicast group membership information. The querier function simulates a small subset of the IGMP router functionality.
PAGE 468
2CSNXXX_SWUM200.book Page 468 Tuesday, December 10, 2013 1:22 PM ip igmp snooping querier This command enables IGMP Snooping Querier on the system (Global Configuration mode) or on a VLAN. Using this command, you can specify the IP address that the snooping querier switch should use as the source address when generating periodic queries. The no form of this command disables IGMP Snooping Querier on the system. Use the optional address parameter to set or reset the querier address.
PAGE 469
2CSNXXX_SWUM200.book Page 469 Tuesday, December 10, 2013 1:22 PM User Guidelines When using the command in Global Configuration mode to configure a snooping querier source address, the IPv4 address is the global querier address. When using the command in VLAN Configuration mode to configure a snooping querier source address, the IPv4 address is the querier address for the VLAN.
PAGE 470
2CSNXXX_SWUM200.book Page 470 Tuesday, December 10, 2013 1:22 PM Syntax ip igmp snooping querier election participate vlan-id no ip igmp snooping querier election participate vlan-id Default Configuration The snooping querier is configured to not participate in the querier election by default. If the switch detects another querier in the VLAN, it will cease sending queries for the querier timeout period. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
PAGE 471
2CSNXXX_SWUM200.book Page 471 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration mode User Guidelines The value of this parameter should be larger than the IGMP Max Response Time value inserted into general query messages by the querier. The default IGMP Max Response Time is defined in RFC 3376 as 10 seconds. DNOS queriers use this value when sending general query messages. Use the show ip igmp snooping querier vlan command to display the operational max response time value.
PAGE 472
2CSNXXX_SWUM200.book Page 472 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example sets the querier timer expiry time to 100 seconds. console(config)#ip igmp snooping querier timer expiry 100 ip igmp snooping querier version This command sets the IGMP version of the query that the snooping switch is going to send periodically. The no form of this command sets the IGMP Querier Version to its default value.
PAGE 473
2CSNXXX_SWUM200.book Page 473 Tuesday, December 10, 2013 1:22 PM show ip igmp snooping querier This command displays IGMP Snooping Querier information. Configured information is displayed whether or not IGMP Snooping Querier is enabled. If a querier is active in the network and IGMP snooping querier is enabled, the querier’s IP address is shown in the Last Querier Address field. Syntax show ip igmp snooping querier [detail | vlan vlan_id] • vlan_id —Specifies a VLAN ID value.
PAGE 474
2CSNXXX_SWUM200.book Page 474 Tuesday, December 10, 2013 1:22 PM Parameter Description VLAN Admin Mode Indicates whether IGMP Snooping Querier is active on the VLAN. VLAN Operational State Indicates whether IGMP Snooping Querier is in the Querier or Non-Querier state. When the switch is in Querier state it sends out periodic general queries. When in Non-Querier state it waits for moving to Querier state and does not send out any queries.
PAGE 475
2CSNXXX_SWUM200.book Page 475 Tuesday, December 10, 2013 1:22 PM Operational State........................ Querier Last Querier Address..................... 2.2.2.2 Operational version.................... 2 Operational Max Resp Time..............
PAGE 476
2CSNXXX_SWUM200.
PAGE 477
2CSNXXX_SWUM200.book Page 477 Tuesday, December 10, 2013 1:22 PM IP Addressing Commands 21 Dell Networking N2000/N3000/N4000 Series Switches Interfaces on the Dell Networking switches support a variety of capabilities to support management of the switch. In addition to performing switching and routing of network traffic, Dell Networking switches act as a host for management of the switch.
PAGE 478
2CSNXXX_SWUM200.book Page 478 Tuesday, December 10, 2013 1:22 PM clear host Use the clear host command in Privileged EXEC mode to delete entries from the host name-to-address cache. Syntax clear host {name | *} • name — Host name to be deleted from the host name-to-address cache. (Range: 1-255 characters) • * — Deletes all entries in the host name-to-address cache. Default Configuration This command has no default configuration.
PAGE 479
2CSNXXX_SWUM200.book Page 479 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console# console#configure console(config)#clear ip address-conflict-detect interface out-of-band Use the interface out-of-band command to enter into OOB interface configuration mode. Syntax interface out-of-band Default Configuration This command has no default configuration.
PAGE 480
2CSNXXX_SWUM200.book Page 480 Tuesday, December 10, 2013 1:22 PM Syntax ip address {ip-address {mask | prefix-length} | dhcp} no ip address • ip-address—Specifies a valid IP address. • mask—Specifies a valid subnet (network) mask IP address. • prefix-length—The number of bits that comprise the IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 1-30 bits) • dhcp—Obtain the out-of-band interface address via DHCPv4.
PAGE 481
2CSNXXX_SWUM200.book Page 481 Tuesday, December 10, 2013 1:22 PM ip address-conflict-detect run Use the ip address-conflict-detect run command in Global Configuration mode to trigger the switch to run active address conflict detection by sending gratuitous ARP packets for IPv4 addresses on the switch. Syntax ip address–conflict–detect run Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines This command has no user guidelines.
PAGE 482
2CSNXXX_SWUM200.book Page 482 Tuesday, December 10, 2013 1:22 PM Command Mode Interface (VLAN) Configuration mode User Guidelines This command only applies to routing interfaces. When DHCP is enabled on a routing interface, the system automatically deletes all manually configured IPv4 addresses on the interface. • The command no ip address removes the interface’s primary address (Manual/DHCP) including the secondary addresses, if configured, and sets the Interface method to None.
PAGE 483
2CSNXXX_SWUM200.book Page 483 Tuesday, December 10, 2013 1:22 PM ip default-gateway Use the ip default-gateway command in Global Configuration mode to configure a default gateway (router). Syntax ip default-gateway ip-address no ip default-gateway ip-address • ip-address—Valid IPv4 address of an attached router. Default Configuration No default gateway is defined.
PAGE 484
2CSNXXX_SWUM200.book Page 484 Tuesday, December 10, 2013 1:22 PM ip domain-lookup Use the ip domain-lookup command in Global Configuration mode to enable IP Domain Naming System (DNS)-based host name-to-address translation. To disable the DNS, use the no form of this command. Syntax ip domain-lookup no ip domain-lookup Default Configuration DNS name resolution is enabled by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
PAGE 485
2CSNXXX_SWUM200.book Page 485 Tuesday, December 10, 2013 1:22 PM • name — Default domain name used to complete an unqualified host name. Do not include the initial period that separates the unqualified host name from the domain name (Range: 1-255 characters). Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines a default domain name of dell.com.
PAGE 486
2CSNXXX_SWUM200.book Page 486 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example defines a static host name-to-address mapping in the host cache. console(config)#ip host accounting.dell.com 176.10.23.1 ip name-server Use the ip name-server command in Global Configuration mode to define available IPv4 or IPv6 name servers. To delete a name server, use the no form of this command.
PAGE 487
2CSNXXX_SWUM200.book Page 487 Tuesday, December 10, 2013 1:22 PM ipv6 address (Interface Configuration) Use the ipv6 address command to set the IPv6 address of the management interface. Use the no form of this command to reset the IPv6 address to the default. Syntax ipv6 address {prefix/prefix-length [eui64] | autoconfig | dhcp} no ipv6 address • prefix —Consists of the bits of the address to be configured.
PAGE 488
2CSNXXX_SWUM200.book Page 488 Tuesday, December 10, 2013 1:22 PM console(config-if-vlan10)#ipv6 enable console(config-if-vlan10)#ipv6 address dhcp Configure a default gateway on vlan 10 console(config)#no ipv6 address autoconfig console(config)#no ipv6 address 2003::6/64 console(config)#no ipv6 address 2001::/64 eui64 console(config)#no ipv6 address ipv6 address (OOB Port) Use the ipv6 address command in Interface (out-of-band) Configuration mode to set the IPv6 prefix on the out-of-band port.
PAGE 489
2CSNXXX_SWUM200.book Page 489 Tuesday, December 10, 2013 1:22 PM Command Mode Interface (out-of-band) Configuration mode User Guidelines When DHCPv6 is enabled on the Out-of-Band interface, the system automatically deletes all manually configured IPv6 addresses on the interface. DHCPv6 can be enabled on the Out-of-Band interface only when IPv6 auto configuration or DHCPv6 is not enabled on any of the in-band management interfaces.
PAGE 490
2CSNXXX_SWUM200.book Page 490 Tuesday, December 10, 2013 1:22 PM This command will fail if DHCPv6 server has been configured on the interface. Examples In the following example, DHCPv6 is enabled on interface vlan2. console#config console(config)#interface vlan2 console(config-if-vlan2)#ipv6 address dhcp ipv6 enable (Interface Configuration) Use the ipv6 enable command in Interface Configuration mode to enable IPv6 on a routing interface.
PAGE 491
2CSNXXX_SWUM200.book Page 491 Tuesday, December 10, 2013 1:22 PM ipv6 enable (OOB Configuration) Use the ipv6 enable command in Interface (out-of-band) Configuration mode to enable IPv6 operation on the out-of-band interface. Prefixes configured by the ipv6 address command are not configured until the interface is enabled. Syntax ipv6 enable no ipv6 enable Default Configuration By default, IPv6 is not enabled on the out-of-band port.
PAGE 492
2CSNXXX_SWUM200.book Page 492 Tuesday, December 10, 2013 1:22 PM Command Mode Interface (out-of-band) Configuration mode User Guidelines There are no user guidelines for this command. show hosts Use the show hosts command in User EXEC mode to display the default domain name, a list of name server hosts, and the static and cached list of host names and addresses. Syntax shows hosts [hostname]. • hostname—(Range: 1–255 characters).
PAGE 493
2CSNXXX_SWUM200.book Page 493 Tuesday, December 10, 2013 1:22 PM ----------------------------------------------------accounting.gm.com 176.16.8.8 Cache: TTL (Hours) Host Total Elapsed Type Addresses -------------------------------------------www.stanford.edu 72 3 IP 171.64.14.203 show ip address-conflict Use the show ip address-conflict command in User EXEC or Privileged EXEC mode to display the status information corresponding to the last detected address conflict.
PAGE 494
2CSNXXX_SWUM200.book Page 494 Tuesday, December 10, 2013 1:22 PM Example console#show ip address-conflict Address Conflict Detection Status...Conflict Detected Last Conflicting IP Address.........10.131.12.56 Last Conflicting MAC Address........00:01:02:04:5A:BC Time Since Conflict Detected........5 days 2 hrs 6 mins 46 secs console#show ip address-conflict Address Conflict Detection Status..
PAGE 495
2CSNXXX_SWUM200.book Page 495 Tuesday, December 10, 2013 1:22 PM vlan 30 vlan 30 Any dhcp 162 dhcp Yes No No 0 0 192.168.23.1 0 192.168.40.1 show ipv6 dhcp interface out-of-band statistics Use the show ipv6 dhcp interface out-of-band statistics command in Privileged EXEC mode to display IPv6 DHCP statistics for the out-of-band interface. Syntax show ipv6 dhcp interface out-of-band statistics Default Configuration This command has no default configuration.
PAGE 496
2CSNXXX_SWUM200.book Page 496 Tuesday, December 10, 2013 1:22 PM show ipv6 interface out-of-band Use the show ipv6 interface out-of-band command in Privileged EXEC mode to show the IPv6 out-of-band port configuration. Syntax show ipv6 interface out-of-band Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 497
2CSNXXX_SWUM200.book Page 497 Tuesday, December 10, 2013 1:22 PM IPv6 Access List Commands 22 Dell Networking N2000/N3000/N4000 Series Switches Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria.
PAGE 498
2CSNXXX_SWUM200.book Page 498 Tuesday, December 10, 2013 1:22 PM ipv6 access-list rename – deny | permit (IPv6 ACL) This command creates a new rule for the current IPv6 access list. Each rule is appended to the list of configured rules for the list. A rule may either deny or permit traffic according to the specified classification fields. At a minimum, either the every keyword or the protocol, source address, and destination address values must be specified.
PAGE 499
2CSNXXX_SWUM200.book Page 499 Tuesday, December 10, 2013 1:22 PM type icmp-type [icmp-code icmp-code] | icmp-message icmp-message] [routing] [fragments] [dscp dscp]}} [log] [assign-queue queue-id] [{mirror | redirect} unit/slot/port] [rate-limit rate burst-size] • {deny | permit}–Specifies whether the IP ACL rule permits or denies the matching traffic. • {ipv6-protocol | number| every }—Specifies the protocol to match for the IP ACL rule.
PAGE 500
2CSNXXX_SWUM200.book Page 500 Tuesday, December 10, 2013 1:22 PM • 500 – When “gt” is specified, IPv6 ACL rule matches if the layer 4 destination port number is greater than the specified port number or portkey. It is equivalent to specifying the range as to 65535. – When “neq” is specified, IPv6 ACL rule matches only if the layer 4 destination port number is not equal to the specified port number or portkey.
PAGE 501
2CSNXXX_SWUM200.book Page 501 Tuesday, December 10, 2013 1:22 PM – • Urg – Urgent bit [icmp-type icmp-type [icmp-code icmp-code] | icmp-message icmpmessage]—Specifies a match condition for ICMP packets. – When icmp-type is specified, IP ACL rule matches on the specified ICMP message type, a number from 0 to 255. – When icmp-code is specified, IP ACL rule matches on the specified ICMP message code, a number from 0 to 255. – Specifying icmp-message implies both icmp-type and icmp-code are specified.
PAGE 502
2CSNXXX_SWUM200.book Page 502 Tuesday, December 10, 2013 1:22 PM • assign-queue queue-id—Specifies the assign-queue, which is the queue identifier to which packets matching this rule are assigned. • {mirror | redirect} unit/slot/ port—Specifies the mirror or redirect interface which is the unit/slot/port to which packets matching this rule are copied or forwarded, respectively.
PAGE 503
2CSNXXX_SWUM200.book Page 503 Tuesday, December 10, 2013 1:22 PM Since ACLs have an implicit deny all at the end of the last access-group, IPv6 ACLs need an explicit permit icmp any any nd-na and permit icmp any any nd-ns statements as match conditions. These additional conditions allow for ICMPv6 neighbor discovery to occur. The 'no' form of this command is not supported, since the rules within an IPv6 ACL cannot be deleted individually. Rather, the entire IPv6 ACL must be deleted and reentered.
PAGE 504
2CSNXXX_SWUM200.book Page 504 Tuesday, December 10, 2013 1:22 PM ipv6 access-list The ipv6 access-list command creates an IPv6 Access Control List (ACL) consisting of classification fields defined for the IP header of an IPv6 frame. The name parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the IPv6 access list. If an IPv6 ACL with this name already exists, this command enters Ipv6Access-List Configuration mode to update the existing IPv6 ACL.
PAGE 505
2CSNXXX_SWUM200.book Page 505 Tuesday, December 10, 2013 1:22 PM Syntax ipv6 access-list rename name newname • name — the name of an existing IPv6 ACL. • newname — alphanumeric string from 1 to 31 characters uniquely identifying the IPv6 access list. Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
PAGE 506
2CSNXXX_SWUM200.book Page 506 Tuesday, December 10, 2013 1:22 PM Syntax ipv6 traffic-filter name [in | out | control-plane][seq-num] no ipv6 traffic-filter name • name — Alphanumeric string of 1 to 31 characters uniquely identifying the IPv6 access list. • in — The access list is applied to ingress packets. • out—The access list is applied to egress packets. • control-plane—The access list is applied to ingress control plane pakcets.
PAGE 507
2CSNXXX_SWUM200.book Page 507 Tuesday, December 10, 2013 1:22 PM show ipv6 access-lists Use the show ipv6 access-lists command in User EXEC and Privileged EXEC mode to display an IPv6 access list and all of the rules that are defined for the IPv6 ACL. Use the [name] parameter to identify a specific IPv6 ACL to display. Syntax show ipv6 access-lists [name] • name—The name used to identify the IPv6 ACL. Default Configuration There is no default configuration for this command.
PAGE 508
2CSNXXX_SWUM200.
PAGE 509
2CSNXXX_SWUM200.book Page 509 Tuesday, December 10, 2013 1:22 PM 23 IPv6 MLD Snooping Commands Dell Networking N2000/N3000/N4000 Series Switches In IPv6, Multicast Listener Discover (MLD) snooping performs functions similar to IGMP snooping in IPv4. With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data, instead of being flooded to all ports in a VLAN. This list is constructed by snooping IPv6 multicast control packets.
PAGE 510
2CSNXXX_SWUM200.book Page 510 Tuesday, December 10, 2013 1:22 PM ipv6 mld snooping vlan groupmembershipinterval The ipv6 mld snooping vlan groupmembership-interval command sets the MLD Group Membership Interval time on a VLAN or interface. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a particular interface before deleting the interface from the entry. This value must be greater than the MLDv2 Maximum Response time value.
PAGE 511
2CSNXXX_SWUM200.book Page 511 Tuesday, December 10, 2013 1:22 PM You should enable immediate-leave admin mode only on VLANs where only one host is connected to each layer 2 LAN port. This prevents the inadvertent dropping of the other hosts that were connected to the same layer 2 LAN port, but were still interested in receiving multicast traffic directed to that group. Also, immediate-leave processing is supported only with MLD version 1 hosts.
PAGE 512
2CSNXXX_SWUM200.book Page 512 Tuesday, December 10, 2013 1:22 PM Default Configuration Listener message suppression is enabled by default. Command Mode Global Configuration mode. User Guidelines MLD listener message suppression is equivalent to IGMP report suppression. When MLD listener message suppression is enabled, the switch only sends the first report received for a group in response to a query. Listener message suppression is only applicable to MLDv1.
PAGE 513
2CSNXXX_SWUM200.book Page 513 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example console(config)#ipv6 mld snooping vlan 2 last-listener-query-interval 7 ipv6 mld snooping vlan mcrtexpiretime The ipv6 mld snooping mcrtexpiretime command sets the Multicast Router Present Expiration time. The time is set for a particular interface or VLAN.
PAGE 514
2CSNXXX_SWUM200.book Page 514 Tuesday, December 10, 2013 1:22 PM ipv6 mld snooping vlan mrouter This command statically configures a port as connected to a multicast router for a specified VLAN. The no form of this command removes the static binding. Syntax ipv6 mld snooping vlan vlan-id mrouter interface interface no ipv6 mld snooping vlan vlan-id mrouter interface interface • vlan-id — Specifies a valid VLAN ID. • interface-id— The next-hop interface to the Multicast router.
PAGE 515
2CSNXXX_SWUM200.book Page 515 Tuesday, December 10, 2013 1:22 PM Default Configuration MLD Snooping is enabled globally and on all VLANs by default. Command Mode Global Configuration mode. User Guidelines Use this command without parameters to globally enable MLD Snooping. Use the no form of the command to disable MLD Snooping. Use the vlan parameter to enable MLD Snooping on a specific VLAN.
PAGE 516
2CSNXXX_SWUM200.
PAGE 517
2CSNXXX_SWUM200.book Page 517 Tuesday, December 10, 2013 1:22 PM • Group Membership Interval — Shows the amount of time in seconds that a switch will wait for a report from a particular group on a particular interface, which is participating in the VLAN, before deleting the interface from the entry. This value may be configured.
PAGE 518
2CSNXXX_SWUM200.book Page 518 Tuesday, December 10, 2013 1:22 PM Syntax show ipv6 mld snooping groups [{vlan vlan-id | address ipv6-multicastaddress}] • vlan_id — Specifies a VLAN ID value. • ipv6-multicast-address — Specifies an IPv6 Multicast address. Default configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This user guideline applies to all switch models.
PAGE 519
2CSNXXX_SWUM200.book Page 519 Tuesday, December 10, 2013 1:22 PM show ipv6 mld snooping mrouter Use the show ipv6 mld snooping mrouter command in Privileged EXEC mode to display information on dynamically learned Multicast router interfaces. Syntax show ipv6 mld snooping mrouter Default configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 520
2CSNXXX_SWUM200.
PAGE 521
2CSNXXX_SWUM200.book Page 521 Tuesday, December 10, 2013 1:22 PM IPv6 MLD Snooping Querier Commands 24 Dell Networking N2000/N3000/N4000 Series Switches The MLD Snooping Querier is an extension of the MLD Snooping feature. MLD Snooping Querier allows the switch to simulate an MLD router in a Layer 2-only network, thus removing the need to have an MLD Router to collect the multicast group membership information. The querier function simulates a small subset of the MLD router functionality.
PAGE 522
2CSNXXX_SWUM200.book Page 522 Tuesday, December 10, 2013 1:22 PM Syntax ipv6 mld snooping querier no ipv6 mld snooping querier Default Configuration MLD Snooping Querier is disabled by default. Command Mode Global Configuration mode User Guidelines It is not recommended the MLD Snooping Querier be enabled on a switch enabled for IPv6 multicast routing.
PAGE 523
2CSNXXX_SWUM200.book Page 523 Tuesday, December 10, 2013 1:22 PM User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 mld snooping querier vlan 10 ipv6 mld snooping querier address Use the ipv6 mld snooping querier address command to set the global MLD Snooping Querier address. Use the no form of this command to reset the global MLD Snooping Querier address to the default.
PAGE 524
2CSNXXX_SWUM200.book Page 524 Tuesday, December 10, 2013 1:22 PM enabled, if the Snooping Querier finds that the other Querier's source address is numerically lower than the Snooping Querier's address, it stops sending periodic queries. If the Snooping Querier wins the election then it will continue sending periodic queries. Use the no form of this command to disable election participation on a VLAN.
PAGE 525
2CSNXXX_SWUM200.book Page 525 Tuesday, December 10, 2013 1:22 PM • interval — Amount of time that the switch waits before sending another general query. (Range: 1–1800 seconds) Default Configuration The default query interval is 60 seconds.
PAGE 526
2CSNXXX_SWUM200.book Page 526 Tuesday, December 10, 2013 1:22 PM User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 mld snooping querier timer expiry 222 show ipv6 mld snooping querier Use the show ipv6 mld snooping querier command to display MLD Snooping Querier information. Configured information is displayed whether or not MLD Snooping Querier is enabled. Syntax show ipv6 mld snooping querier [detail | vlan vlan-id] • vlan-id — A valid VLAN ID.
PAGE 527
2CSNXXX_SWUM200.book Page 527 Tuesday, December 10, 2013 1:22 PM Querier Query Interval Shows the amount of time that a Snooping Querier waits before sending out a periodic general query. Querier Expiry Interval Displays the amount of time to wait in the Non-Querier operational state before moving to a Querier state.
PAGE 528
2CSNXXX_SWUM200.
PAGE 529
2CSNXXX_SWUM200.book Page 529 Tuesday, December 10, 2013 1:22 PM IP Source Guard Commands 25 Dell Networking N2000/N3000/N4000 Series Switches IP Source Guard (IPSG) is a security feature that filters IP packets based on source ID. The source ID may either be source IP address or a {source IP address, source MAC address} pair. The network administrator configures whether enforcement includes the source MAC address. The network administrator can configure static authorized source IDs.
PAGE 530
2CSNXXX_SWUM200.book Page 530 Tuesday, December 10, 2013 1:22 PM Use the no form of the command to enable unverified traffic to flow over the interfaces. Syntax ip verify source {port-security} no ip verify source • port-security—Enables filtering based on IP address, VLAN, and MAC address. Default Configuration By default, no sources are blocked. Command Mode Interface Configuration mode User Guidelines DHCP snooping should be enabled on any ports for which ip verify source is configured.
PAGE 531
2CSNXXX_SWUM200.book Page 531 Tuesday, December 10, 2013 1:22 PM ip verify source port-security Use the ip verify source port-security command in Interface Configuration mode to enable filtering of IP packets that do not match the source IP address and the source MAC address bindings in the DHCP snooping database.. Syntax ip verify source port-security Default Configuration By default, IPSG is disabled on all interfaces.
PAGE 532
2CSNXXX_SWUM200.book Page 532 Tuesday, December 10, 2013 1:22 PM User Guidelines The configured IP address and MAC address are used to match the source IP address and source MAC address for packets received on the interface. Hosts sending packets using the configured source IP address and source MAC address are trusted on the interface. Example console(config)#ip verify binding 00:11:22:33:44:55 vlan 1 1.2.3.
PAGE 533
2CSNXXX_SWUM200.book Page 533 Tuesday, December 10, 2013 1:22 PM ----------Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Gi1/0/9 ----------ipv4 ipv4-mac N/A N/A ipv4-mac N/A N/A N/A N/A console(config-if-Gi1/0/5)#show ip verify interface gi1/0/5 Interface ----------Gi1/0/5 Filter Type ----------ipv6-mac show ip verify source Use the show ip verify source command in Privileged EXEC mode to display the bindings configured on a particular interface or all interfaces.
PAGE 534
2CSNXXX_SWUM200.book Page 534 Tuesday, December 10, 2013 1:22 PM show ip source binding Use the show ip source binding command in Privileged EXEC mode to display all bindings (static and dynamic). Syntax show ip source binding Default Configuration There is no default configuration for this command. Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 535
2CSNXXX_SWUM200.book Page 535 Tuesday, December 10, 2013 1:22 PM 26 iSCSI Optimization Commands Dell Networking N2000/N3000/N4000 Series Switches iSCSI Optimization provides a means of performing configuration specific to storage traffic and optionally giving traffic between iSCSI initiator and target systems special Quality of Service (QoS) treatment. iSCSI Optimization is best applied to mixed-traffic networks where iSCSI packets constitutes a portion of overall traffic.
PAGE 536
2CSNXXX_SWUM200.book Page 536 Tuesday, December 10, 2013 1:22 PM In addition, if configured, the packets can be updated with IEEE 802.1p or IP-DSCP values. This is done by enabling remark. Remarking packets with priority data provides special QoS treatment as the packets continue through the network. iSCSI Optimization borrows ACL lists from the global system pool. ACL lists allocated by iSCSI Optimization reduce the total number of ACLs available for use by the network operator.
PAGE 537
2CSNXXX_SWUM200.book Page 537 Tuesday, December 10, 2013 1:22 PM User Guidelines Changing the aging time has the following behavior: • When aging time is increased, current sessions will be timed out according to the new value. • When aging time is decreased, any sessions that have been dormant for a time exceeding the new setting will be immediately deleted from the table. All other sessions will continue to be monitored against the new time out value.
PAGE 538
2CSNXXX_SWUM200.book Page 538 Tuesday, December 10, 2013 1:22 PM Default Configuration By default, frames are not remarked. The default vpt setting for iSCSI is 4, which the default class of service dot1p mapping assigns to queue 2. Command Mode Global Configuration mode. User Guidelines The remark option only applies to DSCP values. Remarking is not available for vpt values. In general, the use of iSCSI CoS is not required.
PAGE 539
2CSNXXX_SWUM200.book Page 539 Tuesday, December 10, 2013 1:22 PM console(config)#iscsi cos dscp 10 remark iscsi enable The iscsi enable command globally enables iSCSI optimization. To disable iSCSI optimization, use the no form of this command. Syntax iscsi enable no iscsi enable Default Configuration iSCSI is enabled by default. Command Mode Global Configuration mode User Guidelines This command modifies the running config to enable flow control on all interfaces.
PAGE 540
2CSNXXX_SWUM200.book Page 540 Tuesday, December 10, 2013 1:22 PM AE Selector = 1 AE Protocol = 3260 AE Priority = priority configured for iSCSI PFC (the VPT value above). This TLV is sent in addition to any Application Priority TLV information received from the configuration source. If the configuration source is sending iSCSI or FCoE application priority information, it is not necessary to enable iscsi cos to send the iSCSI Application Priority TLV.
PAGE 541
2CSNXXX_SWUM200.book Page 541 Tuesday, December 10, 2013 1:22 PM the first character. A question mark may not appear anywhere in the target name. The name can contain embedded blanks if enclosed in double quotes. Default Configuration iSCSI well-known ports 3260 and 860 are configured by default but can be removed as any other configured target. Command Mode Global Configuration mode.
PAGE 542
2CSNXXX_SWUM200.book Page 542 Tuesday, December 10, 2013 1:22 PM show iscsi Use the show iscsi command in Privileged EXEC mode to display the iSCSI configuration. Syntax show iscsi Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example The following example displays the iSCSI configuration.
PAGE 543
2CSNXXX_SWUM200.book Page 543 Tuesday, December 10, 2013 1:22 PM show iscsi sessions Use the show iscsi sessions command in Privileged EXEC mode to display the iSCSI status. Syntax show iscsi sessions [detailed] • detailed — Displayed list has additional data when this option is used. Default Configuration If not specified, sessions are displayed in short mode (not detailed).
PAGE 544
2CSNXXX_SWUM200.book Page 544 Tuesday, December 10, 2013 1:22 PM ----------------------------------------------------Session 1: Initiator: iqn.1992-04.com.os vendor.plan9:cdrom.12.storage:sys1.xyz ----------------------------------------------------Time started: 17-Jul-2008 10:04:50 Time for aging out: 10 min ISID: 11 Initiator Initiator Target Target IP address TCP port IP address IP port 172.16.1.3 49154 172.16.1.20 30001 172.16.1.4 49155 172.16.1.21 30001 172.16.1.5 49156 172.16.1.
PAGE 545
2CSNXXX_SWUM200.book Page 545 Tuesday, December 10, 2013 1:22 PM Link Dependency Commands 27 Dell Networking N2000/N3000/N4000 Series Switches Link dependency allows the link status of a group of interfaces to be made dependent on the link status of other interfaces. The effect is that the link status of a group that depends on another interface either mirrors or inverts the link status of the depended-on interface.
PAGE 546
2CSNXXX_SWUM200.book Page 546 Tuesday, December 10, 2013 1:22 PM Command Mode Link Dependency mode User Guidelines The action up command will cause the group members to be up when no depended-on interfaces are up. Example console(config-depend-1)#action up link-dependency group Use the link-dependency group command to enter the link-dependency mode to configure a link-dependency group. Syntax link-dependency group GroupId no link-dependency group GroupId • GroupId — Link dependency group identifier.
PAGE 547
2CSNXXX_SWUM200.book Page 547 Tuesday, December 10, 2013 1:22 PM add Use this command to add member ten gigabit or gigabit Ethernet port(s) or port channels to the dependency list. Syntax add {gigabitethernet | tengigabitethernet | port-channel} intf-list • intf-list — List of Ethernet interfaces in unit/slot/port format. Separate nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports.
PAGE 548
2CSNXXX_SWUM200.book Page 548 Tuesday, December 10, 2013 1:22 PM Syntax depends-on {gigabitethernet | port-channel | tengigabitethernet | fortygigabitethernet}intf-list no depends-on {gigabitethernet | port-channel | tengigabitethernet | fortygigabitethernet}intf-list • intf-list — List of ports in unit/slot/port format or port-channel numbers. Separate nonconsecutive items with a comma and no spaces. Use a hyphen to designate the range of ports or port-channel numbers.
PAGE 549
2CSNXXX_SWUM200.book Page 549 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines No specific guidelines. Example The following command shows link dependencies for all groups.
PAGE 550
2CSNXXX_SWUM200.
PAGE 551
2CSNXXX_SWUM200.book Page 551 Tuesday, December 10, 2013 1:22 PM 28 LLDP Commands Dell Networking N2000/N3000/N4000 Series Switches The IEEE 802.1AB standard defines the Link Layer Discovery Protocol (LLDP). This protocol allows stations residing on an 802 LAN to advertise major capabilities, physical descriptions, and management information to physically adjacent devices, allowing a network management system (NMS) to access and display this information.
PAGE 552
2CSNXXX_SWUM200.book Page 552 Tuesday, December 10, 2013 1:22 PM The receive function accepts incoming LLDPDU frames and stores information about the remote stations. Both local and remote data may be displayed by the user interface and retrieved using SNMP as defined in the LLDP MIB definitions. The component maintains one remote entry per physical network connection.
PAGE 553
2CSNXXX_SWUM200.book Page 553 Tuesday, December 10, 2013 1:22 PM Default Configuration By default, data is removed only on system reset. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays how to clear the LLDP remote data. console#clear lldp remote-data clear lldp statistics Use the clear lldp statistics command in Privileged EXEC mode to reset all LLDP statistics.
PAGE 554
2CSNXXX_SWUM200.book Page 554 Tuesday, December 10, 2013 1:22 PM dcb enable This command enables the sending of DCBX information in LLDP frames. Syntax dcb enable no dcb enable Command Mode Global Configuration mode Default Value The sending of DCBX information in enabled by default. User Guidelines Use this command to disable the sending of DCBX information when it is desirable to utilize legacy QoS and disable the automatic configuration of CNAs based on transmitted DCBX information.
PAGE 555
2CSNXXX_SWUM200.book Page 555 Tuesday, December 10, 2013 1:22 PM Default Value LLDP-MED is disabled on all supported interfaces. User Guidelines No specific guidelines. Example console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#lldp med lldp med confignotification This command is used to enable sending the topology change notification.
PAGE 556
2CSNXXX_SWUM200.book Page 556 Tuesday, December 10, 2013 1:22 PM no lldp med faststartrepeatcount • count — Number of LLDPPDUs that are transmitted when the protocol is enabled. (Range 1–10) Command Mode Global Configuration Default Value 3 User Guidelines No specific guidelines. Example console(config)# lldp med faststartrepeatcount 2 lldp med transmit-tlv This command is used to specify which optional TLVs in the LLDP MED set are transmitted in the LLDPDUs.
PAGE 557
2CSNXXX_SWUM200.book Page 557 Tuesday, December 10, 2013 1:22 PM Example console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#lldp med transmit-tlv capabilities console(config-if-Gi1/0/1)#lldp med transmit-tlv network-policies lldp notification Use the lldp notification command in Interface Configuration mode to enable remote data change notifications. To disable notifications, use the no form of this command.
PAGE 558
2CSNXXX_SWUM200.book Page 558 Tuesday, December 10, 2013 1:22 PM Syntax lldp notification-interval interval no lldp notification-interval • interval — The smallest interval in seconds at which to send remote data change notifications. (Range: 5–3600 seconds) Default Configuration The default value is 5 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to set the interval value to 10 seconds.
PAGE 559
2CSNXXX_SWUM200.book Page 559 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example displays how to enable the LLDP receive capability. console(config-if-Gi1/0/3)#lldp receive lldp timers Use the lldp timers command in Global Configuration mode to set the timing parameters for local data transmission on ports enabled for LLDP. To return any or all parameters to factory default, use the no form of this command.
PAGE 560
2CSNXXX_SWUM200.book Page 560 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Examples The following example displays how to configure LLDP to transmit local information every 1000 seconds. console(config)#lldp timers interval 1000 The following example displays how to set the timing parameter at 1000 seconds with a hold multiplier of 8 and a 5 second delay before reinitialization.
PAGE 561
2CSNXXX_SWUM200.book Page 561 Tuesday, December 10, 2013 1:22 PM lldp transmit-mgmt Use the lldp transmit-mgmt command in Interface Configuration mode to include transmission of the local system management address information in the LLDPDUs. To cancel inclusion of the management information, use the no form of this command. Syntax lldp transmit-mgmt no lldp transmit-mgmt Default Configuration By default, management address information is not included.
PAGE 562
2CSNXXX_SWUM200.book Page 562 Tuesday, December 10, 2013 1:22 PM • sys-name — Transmits the system name TLV • sys-desc — Transmits the system description TLV • sys-cap — Transmits the system capabilities TLV • port desc — Transmits the port description TLV Default Configuration By default, no optional TLVs are included. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines.
PAGE 563
2CSNXXX_SWUM200.book Page 563 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example displays the current LLDP configuration summary.
PAGE 564
2CSNXXX_SWUM200.
PAGE 565
2CSNXXX_SWUM200.
PAGE 566
2CSNXXX_SWUM200.book Page 566 Tuesday, December 10, 2013 1:22 PM Fast Start Repeat Count: 3 Device Class: Network Connectivity show lldp med interface This command displays a summary of the current LLDP MED configuration for a specific interface. Syntax show lldp med interface {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port| all} • all — Shows information for all valid LLDP interfaces.
PAGE 567
2CSNXXX_SWUM200.book Page 567 Tuesday, December 10, 2013 1:22 PM show lldp med local-device detail This command displays the advertised LLDP local data in detail.
PAGE 568
2CSNXXX_SWUM200.book Page 568 Tuesday, December 10, 2013 1:22 PM Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE Available: 0.3 watts Source: primary Priority: critical Extended POE PD Required: 0.2 watts Source: local Priority: low show lldp med remote-device This command displays the current LLDP MED remote data. This command can display summary information or detail for each interface.
PAGE 569
2CSNXXX_SWUM200.
PAGE 570
2CSNXXX_SWUM200.book Page 570 Tuesday, December 10, 2013 1:22 PM Model Name: xxx xxx xxx Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE Available: 0.3 Watts Source: primary Priority: critical Extended POE PD Required: 0.2 Watts Source: local Priority: low show lldp remote-device Use the lldp remote-device command in Privileged EXEC mode to display the current LLDP remote data.
PAGE 571
2CSNXXX_SWUM200.book Page 571 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Examples These examples show current LLDP remote data, including a detailed version.
PAGE 572
2CSNXXX_SWUM200.book Page 572 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Examples The following examples shows an example of the display of current LLDP traffic statistics. console#show lldp statistics all LLDP Device Statistics Last Update.................................. 0 days 22:58:29 Total Inserts................................ 1 Total Deletes................................ 0 Total Drops.................................. 0 Total Ageouts.................
PAGE 573
2CSNXXX_SWUM200.book Page 573 Tuesday, December 10, 2013 1:22 PM Fields Description Total Ageouts Number of times any remote data entry has been deleted due to time-to-live (TTL) expiration. Transmit Total Total number of LLDP frames transmitted on the indicated port. Receive Total Total number of valid LLDP frames received on the indicated port. Discards Number of LLDP frames received on the indicated port and discarded for any reason.
PAGE 574
2CSNXXX_SWUM200.
PAGE 575
2CSNXXX_SWUM200.book Page 575 Tuesday, December 10, 2013 1:22 PM Multicast VLAN Registration Commands 29 Dell Networking N2000/N3000/N4000 Series Switches Multicast VLAN registration (MVR) is a method for consolidating multicast traffic from multiple VLANs onto a single VLAN. A typical usage scenario would be the distribution of a multicast group to a switch using a single VLAN where the switch has users in different VLANs subscribing to the multicast group.
PAGE 576
2CSNXXX_SWUM200.book Page 576 Tuesday, December 10, 2013 1:22 PM Commands in this Chapter This chapter explains the following commands: mvr mvr type mvr group mvr vlan group mvr mode show mvr mvr querytime show mvr members mvr vlan show mvr interface mvr immediate show mvr traffic mvr Use the mvr command in Global Configuration and Interface Configuration modes to enable MVR. Use the no form of this command to disable MVR. Syntax mvr no mvr Default Configuration The default value is Disabled.
PAGE 577
2CSNXXX_SWUM200.book Page 577 Tuesday, December 10, 2013 1:22 PM Syntax mvr group A.B.C.D [count] no mvr group A.B.C.D [count] • A.B.C.D—Specify a multicast group. • count—Specifies the number of multicast groups to configure. Groups are configured contiguously by incrementing the first group specified. Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The following table lists the completion messages.
PAGE 578
2CSNXXX_SWUM200.book Page 578 Tuesday, December 10, 2013 1:22 PM no mvr mode • compatible—Do not allow membership joins on source ports. • dynamic—Send IGMP joins to the multicast source when IGMP joins are received on receiver ports. Default Configuration The default mode is compatible. Command Mode Global Configuration User Guidelines This command has no user guidelines. mvr querytime Use the mvr querytime command in Global Configuration mode to set the MVR query response time.
PAGE 579
2CSNXXX_SWUM200.book Page 579 Tuesday, December 10, 2013 1:22 PM User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message Defaulting MVR query response time.
PAGE 580
2CSNXXX_SWUM200.book Page 580 Tuesday, December 10, 2013 1:22 PM Message Type Message Description Successful Completion Message MVR multicast VLAN ID is set to the default value which is equal to 1. Error Completion Message Receiver port in mVLAN, operation failed. mvr immediate Use the mvr immediate command in Interface Configuration mode to enable MVR Immediate Leave mode. Use the no form of this command to set the MVR multicast VLAN to the default value.
PAGE 581
2CSNXXX_SWUM200.book Page 581 Tuesday, December 10, 2013 1:22 PM mvr type Use the mvr type command in Interface Configuration mode to set the MVR port type. Use the no form of this command to set the MVR port type to None. Syntax mvr type {receiver | source} no mvr type • receiver—Configure the port as a receiver port. Receiver ports are ports over which multicast data will be sent but not received. • source—Configure the port as a source port.
PAGE 582
2CSNXXX_SWUM200.
PAGE 583
2CSNXXX_SWUM200.book Page 583 Tuesday, December 10, 2013 1:22 PM console(config-if-Gi1/0/24)#switchport trunk native vlan 2000 console(config-if-Gi1/0/24)#switchport trunk allowed vlan add 2000 console(config-if-Gi1/0/24)#mvr console(config-if-Gi1/0/24)#mvr type source console(config-if-Gi1/0/24)#mvr vlan 2000 group 239.1.1.1 show mvr Use the show mvr command in Privileged EXEC mode to display global MVR settings. Syntax show mvr Default Configuration This command has no default configuration.
PAGE 584
2CSNXXX_SWUM200.book Page 584 Tuesday, December 10, 2013 1:22 PM Parameter Description MVR Current Multicast groups The current number of MVR groups allocated. MVR Query Response Time The current MVR query response time. MVR Mode The current MVR mode. It can be compatible or dynamic. Example console #show mvr MVR Running.............................. MVR multicast VLAN....................... MVR Max Multicast Groups................. MVR Current multicast groups.............
PAGE 585
2CSNXXX_SWUM200.book Page 585 Tuesday, December 10, 2013 1:22 PM Message Type Message Description Error Completion Message MVR disabled The following table explains the output parameters. Parameter Description MVR Group IP MVR group multicast IP address. Status The status of the specific MVR group. It can be active or inactive. Members The list of ports which participates in the specific MVR group. Examples console#show mvr members MVR Group IP Status -------------------------------224.1.1.
PAGE 586
2CSNXXX_SWUM200.book Page 586 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message None Error Completion Message MVR disabled The following table explains the output parameters. Parameter Description Port Interface number Type The MVR port type. It can be None, Receiver, or Source type.
PAGE 587
2CSNXXX_SWUM200.book Page 587 Tuesday, December 10, 2013 1:22 PM console#show mvr interface Fa1/0/23 members vlan 12 235.0.0.1 STATIC ACTIVE 235.1.1.1 STATIC ACTIVE show mvr traffic Use the show mvr traffic command in Privileged EXEC mode to display global MVR statistics. Syntax show mvr traffic Default Configuration This command has no default configuration.
PAGE 588
2CSNXXX_SWUM200.book Page 588 Tuesday, December 10, 2013 1:22 PM Parameter Description IGMP Report V1 Transmitted Number of transmitted IGMP Reports V1. IGMP Report V2 Transmitted Number of transmitted IGMP Reports V2. IGMP Leave Transmitted Number of transmitted IGMP Leaves. IGMP Packet Receive Failures Number of failures on receiving the IGMP packets. IGMP Packet Transmit Failures Number of failures on transmitting the IGMP packets.
PAGE 589
2CSNXXX_SWUM200.book Page 589 Tuesday, December 10, 2013 1:22 PM Port Channel Commands 30 Dell Networking N2000/N3000/N4000 Series Switches A port channel is a set of one or more links that can be aggregated together to form a bonded channel (Link Aggregation Group or LAG or port channel). Individual conversations in a particular direction always travel over a single link in the port channel, however, in aggregate, the bandwidth usage of all of the links is fairly evenly distributed.
PAGE 590
2CSNXXX_SWUM200.book Page 590 Tuesday, December 10, 2013 1:22 PM Static LAGS A static LAG is fundamentally no different from a dynamically configured LAG. All the requirements for the member ports hold true (member ports must be physical, same speed, and so on). The only difference is this LAG has an additional parameter static which makes this LAG not require a partner system running Link Aggregation Control Protocol (LACP) to be able to aggregate it's member ports.
PAGE 591
2CSNXXX_SWUM200.book Page 591 Tuesday, December 10, 2013 1:22 PM LAG Hashing The purpose of link aggregation is to increase bandwidth between two switches. It is achieved by aggregating multiple ports in one logical group. A common problem of port channels is the possibility of changing packets order in a particular TCP session. The resolution of this problem is correct selection of a physical port within the port channel for transmitting the packet to keep original packets order.
PAGE 592
2CSNXXX_SWUM200.book Page 592 Tuesday, December 10, 2013 1:22 PM • MODULO-N operation based on the number of ports in the LAG. • Packet attributes selection based on the packet type. For L2 packets, Source and Destination MAC address are used for hash computation. For IP packets, Source IP, Destination IP address, TCP/UDP ports are used. • Non-Unicast traffic and Unicast traffic is hashed using a common hash algorithm. • Excellent load balancing performance.
PAGE 593
2CSNXXX_SWUM200.book Page 593 Tuesday, December 10, 2013 1:22 PM hashing-mode show lacp lacp port-priority show statistics port-channel lacp system-priority – channel-group Use the channel-group command in Interface Configuration mode to associate a port with a port channel. To remove the channel-group configuration from the interface, use the no form of this command.
PAGE 594
2CSNXXX_SWUM200.book Page 594 Tuesday, December 10, 2013 1:22 PM console(config-if-Gi1/0/6)# channel-group 1 mode active interface port-channel Use the interface port-channel command in Global Configuration mode to enter port-channel configuration mode. Syntax interface port-channel port-channel-number Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Port channel numbers range from 1 to 128.
PAGE 595
2CSNXXX_SWUM200.book Page 595 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Commands in the interface range context are executed independently on each interface in the range. If the command returns an error on one of the interfaces, it stops the execution of the command on subsequent interfaces.
PAGE 596
2CSNXXX_SWUM200.book Page 596 Tuesday, December 10, 2013 1:22 PM • 7 — Enhanced hashing mode Default Configuration The default hashing mode is 7—Enhanced hashing mode. Command Mode Interface Configuration (port-channel) User Guidelines No specific guidelines. Example console(config)#interface port-channel l console(config-if-po1)#hashing-mode 4 console(config-if-po1)#no hashing mode lacp port-priority Use the lacp port-priority command to configure the priority value for physical ports.
PAGE 597
2CSNXXX_SWUM200.book Page 597 Tuesday, December 10, 2013 1:22 PM User Guidelines Per IEEE 802.1AX-2008 Section 5.6, ports are selected for aggregation by each switch based upon the port priority assigned by the switch with the higher system priority, starting with the highest priority port of the switch with the higher switch priority, and working downward through the ordered list of port priority values for the ports.
PAGE 598
2CSNXXX_SWUM200.book Page 598 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration mode User Guidelines Per IEEE 802.1AX-2008 Section 5.6, ports are selected for aggregation by each switch based upon the port priority assigned by the switch with the higher system priority, starting with the highest priority port of the switch with the higher switch priority, and working downward through the ordered list of port priority values for the ports.
PAGE 599
2CSNXXX_SWUM200.book Page 599 Tuesday, December 10, 2013 1:22 PM Default Configuration The default port timeout value is long. Command Mode Interface Configuration (Ethernet) mode Interface Range mode User Guidelines The LACP time-out setting indicates a local preference for the rate of LACPDU transmission and the period of time before invalidating received LACPDU information. This setting is negotiated with the link partner.
PAGE 600
2CSNXXX_SWUM200.book Page 600 Tuesday, December 10, 2013 1:22 PM Command Mode Interface Configuration (port-channel) mode User Guidelines For a LAG that contains links distributed across stacking units, the default behavior is to distribute locally received ingress traffic across all LAG links in the stack per the selected hashing algorithm. When enabled, this command disables forwarding of ingress unicast traffic across stacking links for a LAG that is comprised of links on multiple stack units.
PAGE 601
2CSNXXX_SWUM200.book Page 601 Tuesday, December 10, 2013 1:22 PM Command Mode Interface Configuration (port-channel) mode User Guidelines This command has no user guidelines. show interfaces port-channel Use the show interfaces port-channel command to show port-channel information. Syntax show interfaces port-channel [port-channel-number] Default Configuration This command has no default configuration.
PAGE 602
2CSNXXX_SWUM200.
PAGE 603
2CSNXXX_SWUM200.book Page 603 Tuesday, December 10, 2013 1:22 PM Example The following example shows how to display LACP Ethernet interface information.
PAGE 604
2CSNXXX_SWUM200.book Page 604 Tuesday, December 10, 2013 1:22 PM show statistics port-channel Use the show statistics port-channel command in Privileged EXEC mode to display statistics about a specific port-channel. Syntax show statistics port-channel port-channel-number Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 605
2CSNXXX_SWUM200.book Page 605 Tuesday, December 10, 2013 1:22 PM --More-- or (q)uit FCS Errors..................................... Overruns....................................... Total Received Packets Not Forwarded........... Local Traffic Frames........................... 802.3x Pause Frames Received................... Unacceptable Frame Type........................ Multicast Tree Viable Discards................. Reserved Address Discards...................... Broadcast Storm Recovery...................
PAGE 606
2CSNXXX_SWUM200.
PAGE 607
2CSNXXX_SWUM200.book Page 607 Tuesday, December 10, 2013 1:22 PM 31 MLAG Dell Networking N2000/N3000/N4000 Series Switches MLAG enables a LAG to be created across two independent switches, so that some member ports of a MLAG can reside on one switch and the other members of a MLAG can reside on another switch. The partner switch on the remote side can be a MLAG-unaware unit. To the MLAG unaware switch, the MLAG appears to be a single LAG connected to a single switch.
PAGE 608
2CSNXXX_SWUM200.book Page 608 Tuesday, December 10, 2013 1:22 PM Default Configuration There is no default configuration for this command. Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#clear vpc statistics debug vpc Use the debug vpc command to enable debug traces for the specified protocols. Use the no form of the command to disable all or some of the debug trace display.
PAGE 609
2CSNXXX_SWUM200.book Page 609 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Modes Global Configuration mode User Guidelines This command has no user guidelines. Example console#debug vpc peer-link data-message VPC peer link data message tracing enabled. feature vpc The feature vpc command globally enables MLAG. Use the no form of the command to globally disable MLAG.
PAGE 610
2CSNXXX_SWUM200.book Page 610 Tuesday, December 10, 2013 1:22 PM Example console#configure terminal console(config)#feature vpc peer-detection enable Use the peer-detection enable command to enable the Dual Control Plane Detection Protocol. This enables the detection of peer MLAG switches and suppresses state transitions out of the secondary state in the presence of peer link failures. Use the no form of the command to disable the dual control plane detection protocol.
PAGE 611
2CSNXXX_SWUM200.book Page 611 Tuesday, December 10, 2013 1:22 PM peer-keepalive destination Use the peer-keepalive destination command to enable the Dual Control Plane Detection Protocol with the configured IP address of the peer MLAG, the local source address and the peer timeout value. The UDP port on which the MLAG switch listens to the Dual Control Plane Detection Protocol messages is also configurable with this command. Use the no form of the command to return the configuration to the default.
PAGE 612
2CSNXXX_SWUM200.book Page 612 Tuesday, December 10, 2013 1:22 PM The Dual Control Plane Detection Protocol is a UDP-based protocol. The administrator must configure this protocol on an IP interface with a VLAN that is not shared with any of the MLAG interfaces. This can include the outof-band port. When enabled, the dual-control plane detection protocol sends a control plane detection message to the peer once every second. The message is unidirectional and contains the sender’s MAC address.
PAGE 613
2CSNXXX_SWUM200.book Page 613 Tuesday, December 10, 2013 1:22 PM User Guidelines MLAG will not become operational until the peer keepalive protocol detects a peer and syncs the peer information. Peer keepalive timeout state transitions are suppressed if the Dual Control Plan Detection (DCPDP) is enabled and detects that the peer is still alive. Two failure situations cause state transitions: • • The peer device fails: A peer does not receive any more advertisements and the timeout timer expires.
PAGE 614
2CSNXXX_SWUM200.book Page 614 Tuesday, December 10, 2013 1:22 PM role priority Use the role priority command to configure the priority value used on a switch for primary/secondary role selection. The primary switch is responsible for maintaining and propagating spanning-tree and link-aggregation to the secondary switch. Use the no form of the command to return the switch priority to the default value. Syntax role priority value no role priority • Value—The local switch priority value.
PAGE 615
2CSNXXX_SWUM200.book Page 615 Tuesday, December 10, 2013 1:22 PM show vpc Use the show vpc command to display MLAG information. The configuration and operational modes of the MLAG are displayed. The MLAG is operationally enabled if all preconditions are met. The port channel configured as an MLAG interface is also displayed along with the member ports on the current switch and peer switch (plus their link status). Syntax show vpc id • id—A valid MLAG identifier.
PAGE 616
2CSNXXX_SWUM200.book Page 616 Tuesday, December 10, 2013 1:22 PM show vpc brief Use the show vpc brief command to display the MLAG global status. The command displays the current MLAG operational mode as well as the peerlink and keepalive status is also displayed. The number of configured and operational MLAGs along with the system MAC and role are also displayed. Syntax show vpc brief Default Configuration There is no default configuration for this command.
PAGE 617
2CSNXXX_SWUM200.book Page 617 Tuesday, December 10, 2013 1:22 PM Peer detection................................. Peer detected, VPC Operational Peer-Link details ----------------Interface...................................... Peer link status............................... Peer-link STP Mode............................. Configured Vlans............................... Egress tagging.................................
PAGE 618
2CSNXXX_SWUM200.book Page 618 Tuesday, December 10, 2013 1:22 PM VPC id# 1 ----------------Config mode.................................... Enabled Operational mode............................... Enabled Port channel...................................
PAGE 619
2CSNXXX_SWUM200.book Page 619 Tuesday, December 10, 2013 1:22 PM show vpc consistency-features Use the show vpc consistency parameters on both MLAG peers to display MLAG related configuration information in a format suitable for comparison with the other MLAG peer. Syntax show vpc consistency-features { global | interface port-channel-number } • port-channel-number—A valid port-channel identifier (range 1-128). Default Configuration There is no default configuration for this command.
PAGE 620
2CSNXXX_SWUM200.book Page 620 Tuesday, December 10, 2013 1:22 PM User Guidelines There are no user guidelines for this command. Example (console) # show vpc peer-keepalive Peer IP address …………………………………10.130.14.55 UDP port ……………………………………………………50000 Peer detection ……………………………………Enabled Peer is detected ………………………………True show vpc role Use the show vpc role command to display information about the keepalive status and parameters. The role of the MLAG switch and the system MAC and priority are displayed.
PAGE 621
2CSNXXX_SWUM200.book Page 621 Tuesday, December 10, 2013 1:22 PM show vpc statistics Use the show vpc statistics command to display the counters for the keepalive messages trasmitted and received by the MLAG switch. Syntax show vpc statistics {peer-keepalive | peer-link} Default Configuration There is no default configuration for this command. Command Modes Privileged EXEC mode and above User Guidelines There are no user guidelines for this command.
PAGE 622
2CSNXXX_SWUM200.book Page 622 Tuesday, December 10, 2013 1:22 PM Peer Peer Peer Peer Peer Peer Peer link link link link link link link (console) Peer link Peer link Peer link Peer link Peer link Peer link Peer link Peer link Peer link Peer link Peer link Peer link Peer link Peer link Peer link Peer link Peer link Peer link BPDU’s Tx error.............................. BPDU’s received from peer.................... BPDU’s Rx error.............................. LACPDU’s tranmsitted to peer.................
PAGE 623
2CSNXXX_SWUM200.book Page 623 Tuesday, December 10, 2013 1:22 PM Default Configuration LAGs are not members of an MLAG domain by default. It is expected that all links belonging to an MLAG instance are connected to switch (or switches) which consider the links to be members of a single LAG. This configuration must be present on both the primary and secondary switches.
PAGE 624
2CSNXXX_SWUM200.book Page 624 Tuesday, December 10, 2013 1:22 PM Default Configuration By default, no MLAG domains are configured. Command Modes Global Configuration mode User Guidelines Only one MLAG domain (domain 1) is supported. Example console(config)#vpc domain 1 console(config-vpc 1)#peer-keepalive enable console(config-vpc 1)#peer-keepalive destination 192.168.0.2 source 192.168.0.
PAGE 625
2CSNXXX_SWUM200.book Page 625 Tuesday, December 10, 2013 1:22 PM User Guidelines This configuration must the present on both the primary and secondary switches. The peer keep-alive protocol is required for MLAG operation. Configure and enable a LAG between the two MLAG peers as an MLAG peer link before executing this command.
PAGE 626
2CSNXXX_SWUM200.
PAGE 627
2CSNXXX_SWUM200.book Page 627 Tuesday, December 10, 2013 1:22 PM Port Monitor Commands 32 Dell Networking N2000/N3000/N4000 Series Switches Dell Networking switches allow the user to monitor traffic with an external network analyzer. The external network analyzer can use any of the Ethernet ports as a probe port. The probe port transmits a mirror copy of the traffic being probed. Network traffic transmission is always disrupted whenever a configuration change is made for port monitoring.
PAGE 628
2CSNXXX_SWUM200.book Page 628 Tuesday, December 10, 2013 1:22 PM Commands in this Chapter This chapter explains the following commands: monitor session show monitor session remote-span show vlan remote-span monitor session Use the monitor session command in Global Configuration mode to configure a probe port and a monitored port for monitor session (port monitoring). Use the src-interface parameter to specify the interface to monitor.
PAGE 629
2CSNXXX_SWUM200.book Page 629 Tuesday, December 10, 2013 1:22 PM • vlan vlan-id— The source VLAN identifier. All the ports in this VLAN are mirrored. The source VLAN must not be the RSPAN VLAN. • acl-name— An IP or MAC ACL name. • remote vlan rspan-vlan-id— An RSPAN VLAN. • reflector-port interface-id— Any physical interface on the destination switch. It is required that the reflector port be configured as a trunk port or otherwise have VLAN tagging enabled.
PAGE 630
2CSNXXX_SWUM200.book Page 630 Tuesday, December 10, 2013 1:22 PM Example This example shows how to configure a source switch using VLAN 723 as the destination RSPAN VLAN and Gi1/0/3 as the source interface. Gi1/0/10 is configured as the reflector port. It is recommended that interface gi1/0/10 be configured as a trunk port. Interface gi1/0/10 must be configured as a member of VLAN 723.
PAGE 631
2CSNXXX_SWUM200.book Page 631 Tuesday, December 10, 2013 1:22 PM User Guidelines Traffic in a RSPAN VLAN is always flooded as MAC address learning is disabled on RSPAN VLANs. VLANs on transit switches should be configured as remote-span VLANs in order to ensure delivery of all mirrored packets.
PAGE 632
2CSNXXX_SWUM200.book Page 632 Tuesday, December 10, 2013 1:22 PM Type Source ports Both Destination ports IP access-group : : : : : Local session Te1/0/10 Te2/0/20 a1 The following example shows the detailed status of the port based mirroring session that is constrained to a local switch.
PAGE 633
2CSNXXX_SWUM200.book Page 633 Tuesday, December 10, 2013 1:22 PM console# show monitor session 1 detail Session : 1 Type : Remote Destination Session Source Ports : RX Only : None TX Only : None Both : None Source VLANs : RX Only : None Source RSPAN VLAN : 999 Destination Ports : Gi1/0/15 Dest RSPAN VLAN : None show vlan remote-span Use this command to display the RSPAN VLAN IDs. Syntax show vlan remote-span Default Configuration This command has no default configuration.
PAGE 634
2CSNXXX_SWUM200.
PAGE 635
2CSNXXX_SWUM200.book Page 635 Tuesday, December 10, 2013 1:22 PM 33 QoS Commands Dell Networking N2000/N3000/N4000 Series Switches Quality of Service (QoS) technologies are intended to provide guaranteed timely delivery of specific application data to a particular destination. In contrast, standard IP-based networks are designed to provide best effort data delivery service. Best effort service implies that the network delivers the data in a timely fashion, although there is no guarantee.
PAGE 636
2CSNXXX_SWUM200.book Page 636 Tuesday, December 10, 2013 1:22 PM A user configures an ACL permit rule to force its matching traffic stream to a specific egress interface, bypassing any forwarding decision normally performed by the device. The interface can be a physical port or a LAG. The redirect interface rule action is independent of, but compatible with, the assign queue rule action. ACLs can be configured to apply to a VLAN instead of an interface.
PAGE 637
2CSNXXX_SWUM200.book Page 637 Tuesday, December 10, 2013 1:22 PM – • Untrusted Port Default Priority Queue Configuration This enables Dell Networking switches to support a wide variety of delay sensitive video and audio multicast applications. CoS mapping tables, port default priority, and hardware queue parameters may be configured on LAG interfaces as well as physical port interfaces.
PAGE 638
2CSNXXX_SWUM200.book Page 638 Tuesday, December 10, 2013 1:22 PM process is also used for cases where a trusted port mapping is unable to be honored, such as when a nonIP packet arrives at a port configured to trust the IP precedence or IP DSCP value.
PAGE 639
2CSNXXX_SWUM200.book Page 639 Tuesday, December 10, 2013 1:22 PM – – show class-map – assign-queue Use the assign-queue command in Policy-Class-Map Configuration mode to modify the queue ID to which the associated traffic stream is assigned. Syntax assign-queue queueid • queueid — Specifies a valid queue ID. (Range: integer from 0–6.) Default Configuration This command has no default configuration.
PAGE 640
2CSNXXX_SWUM200.book Page 640 Tuesday, December 10, 2013 1:22 PM • classname — Specifies the name of an existing DiffServ class. (Range: 1–31 characters) Default Configuration This command has no default configuration. Command Mode Policy Map Configuration mode User Guidelines This command causes the specified policy to create a reference to the class definition. The command mode is changed to Policy-Class-Map Configuration when this command is executed successfully.
PAGE 641
2CSNXXX_SWUM200.book Page 641 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example creates a class-map named "DELL" which requires all ACE’s to be matched. console(config)#class-map DELL console(config-cmap)# class-map rename Use the class-map rename command in Global Configuration mode to change the name of a DiffServ class.
PAGE 642
2CSNXXX_SWUM200.book Page 642 Tuesday, December 10, 2013 1:22 PM Example The following example displays how to change the name of a DiffServ class from "DELL" to "DELL1." console(config)#class-map rename DELL DELL1 console(config)# classofservice dot1p-mapping Use the classofservice dot1p-mapping command in Global Configuration mode to map an 802.1p priority to an internal traffic class. In Interface Configuration mode, the mapping is applied only to packets received on that interface.
PAGE 643
2CSNXXX_SWUM200.book Page 643 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration or Interface Configuration (Ethernet, Port-channel) mode User Guidelines None Example The following example configures mapping for user priority 1 and traffic class 2. console(config)#classofservice dot1p-mapping 1 2 classofservice ip-dscp-mapping Use the classofservice ip-dscp-mapping command in Global Configuration mode to map an IP DSCP value to an internal traffic class.
PAGE 644
2CSNXXX_SWUM200.
PAGE 645
2CSNXXX_SWUM200.
PAGE 646
2CSNXXX_SWUM200.book Page 646 Tuesday, December 10, 2013 1:22 PM IP DSCP Traffic Class 57 3 58 3 59 3 60 3 61 3 62 3 63 3 Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays mapping for IP DSCP 1 and traffic class 2.
PAGE 647
2CSNXXX_SWUM200.book Page 647 Tuesday, December 10, 2013 1:22 PM • ip-dscp — Specifies that the mode be set to trust IP DSCP packet markings. Default Configuration This command has no default configuration. Command Mode Global Configuration mode or Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command has no user guidelines.
PAGE 648
2CSNXXX_SWUM200.book Page 648 Tuesday, December 10, 2013 1:22 PM Syntax conform-color {class-map-name} [exceed-color { class-map-name } ] Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines Color conforming classes must be one of the following types: • Primary COS • Secondary COS • DSCP • IP Precedence This includes both the input and color aware classes.
PAGE 649
2CSNXXX_SWUM200.book Page 649 Tuesday, December 10, 2013 1:22 PM console(config-policy-classmap)#conform-color class-cos1 console(config-policy-classmap)#exit console(config-policy-map)#exit console(config)# cos-queue min-bandwidth Use the cos-queue min-bandwidth command in either Global Configuration mode or Interface Configuration mode to specify the minimum transmission bandwidth for each interface queue. To restore the default for each queue’s minimum bandwidth value, use the no form of this command.
PAGE 650
2CSNXXX_SWUM200.book Page 650 Tuesday, December 10, 2013 1:22 PM When ETS is operational on a switch, this command overrides the ETS assignments and assigns minimum bandwidth constraints across traffic class groups. This allows the administrator to ensure that the frame scheduler does not completely starve lower priority groups when strict priority is enabled on a high numbered TCG.
PAGE 651
2CSNXXX_SWUM200.book Page 651 Tuesday, December 10, 2013 1:22 PM Command Mode Interface Configuration (physical or port-channel) mode or Global Configuration mode User Guidelines When used on a port-channel, this command will override the settings on the individual interfaces that are part of the port channel. Removing an interface from the port channel restores the individual interface settings. This command can be used in Interface Range mode.
PAGE 652
2CSNXXX_SWUM200.book Page 652 Tuesday, December 10, 2013 1:22 PM cos-queue strict Use the cos-queue strict command in either Global Configuration mode or Interface Configuration mode to activate the strict priority scheduler mode for each specified queue. To restore the default weighted scheduler mode for each specified queue, use the no form of this command.
PAGE 653
2CSNXXX_SWUM200.book Page 653 Tuesday, December 10, 2013 1:22 PM diffserv Use the diffserv command in Global Configuration mode to set the DiffServ operational mode to active. While disabled, the DiffServ configuration is retained and can be changed, but it is not activated. When enabled, DiffServ services are activated. To set the DiffServ operational mode to inactive, use the no form of this command. Syntax diffserv no diffserv Default Configuration This command default is enabled.
PAGE 654
2CSNXXX_SWUM200.book Page 654 Tuesday, December 10, 2013 1:22 PM Command Mode Policy-Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to specify that matching packets are to be dropped at ingress.
PAGE 655
2CSNXXX_SWUM200.book Page 655 Tuesday, December 10, 2013 1:22 PM mark ip-dscp Use the mark ip-dscp command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified IP DSCP value.
PAGE 656
2CSNXXX_SWUM200.book Page 656 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines. This command has no user guidelines.
PAGE 657
2CSNXXX_SWUM200.book Page 657 Tuesday, December 10, 2013 1:22 PM User Guidelines • The parameters refclassname and class-map-name can not be the same. • Only one other class may be referenced by a class. • Any attempts to delete the refclassname class while the class is still referenced by any class-map-name fails. • The combined match criteria of class-map-name and refclassname must be an allowed combination based on the class type.
PAGE 658
2CSNXXX_SWUM200.book Page 658 Tuesday, December 10, 2013 1:22 PM Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays adding a match condition to the specified class. console(config-classmap)#match cos 1 match destination-address mac Use the match destination-address mac command in Class-Map Configuration mode to add a match condition based on the destination MAC address of a packet.
PAGE 659
2CSNXXX_SWUM200.book Page 659 Tuesday, December 10, 2013 1:22 PM Example The following example displays adding a match condition for the specified MAC address and bit mask. console(config-classmap)#match destination-address mac AA:ED:DB:21:11:06 FF:FF:FF:EF:EE:EE match dstip Use the match dstip command in Class-Map Configuration mode to add a match condition based on the destination IP address of a packet. Syntax match dstip ipaddr ipmask • ipaddr — Specifies a valid IP address.
PAGE 660
2CSNXXX_SWUM200.book Page 660 Tuesday, December 10, 2013 1:22 PM Syntax match dstip6 destination-ipv6-prefix/prefix-length • destination-ipv6-prefix —IPv6 prefix in IPv6 global address format. • prefix-length —IPv6 prefix length value. Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command.
PAGE 661
2CSNXXX_SWUM200.book Page 661 Tuesday, December 10, 2013 1:22 PM Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays adding a match condition based on the destination layer 4 port of a packet using the "echo" port name keyword. console(config-classmap)#match dstl4port echo match ethertype Use the match ethertype command in Class-Map Configuration mode to add a match condition based on the value of the ethertype.
PAGE 662
2CSNXXX_SWUM200.book Page 662 Tuesday, December 10, 2013 1:22 PM console(config-classmap)#match ethertype arp match ip6flowlbl The match ip6flowlbl command adds to the specified class definition a match condition based on the IPv6 flow label of a packet. Syntax match ip6flowlbl label • label - The value to match in the Flow Label field of the IPv6 header (Range 0-1048575). Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode.
PAGE 663
2CSNXXX_SWUM200.book Page 663 Tuesday, December 10, 2013 1:22 PM • dscpval — Specifies an integer value or a keyword value for the DSCP field. (Integer Range: 0–63) (Keyword Values: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef) Default Configuration This command has no default configuration.
PAGE 664
2CSNXXX_SWUM200.book Page 664 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation.
PAGE 665
2CSNXXX_SWUM200.book Page 665 Tuesday, December 10, 2013 1:22 PM Command Mode Class-Map Configuration mode User Guidelines The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation.
PAGE 666
2CSNXXX_SWUM200.book Page 666 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example displays adding a match condition based on the "ip" protocol name keyword. console(config-classmap)#match protocol ip match source-address mac Use the match source-address mac command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source MAC address of the packet.
PAGE 667
2CSNXXX_SWUM200.book Page 667 Tuesday, December 10, 2013 1:22 PM console(config-classmap)# match source-address mac 10:10:10:10:10:10 11:11:11:11:11:11 match srcip Use the match srcip command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source IP address of a packet. Syntax match srcip ipaddr ipmask • ipaddr — Specifies a valid IP address. • ipmask — Specifies a valid IP address bit mask.
PAGE 668
2CSNXXX_SWUM200.book Page 668 Tuesday, December 10, 2013 1:22 PM Syntax match srcip6 source-ipv6-prefix/prefix-length • source-ipv6-prefix —IPv6 prefix in IPv6 global address format. • prefix-length —IPv6 prefix length value. Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command.
PAGE 669
2CSNXXX_SWUM200.book Page 669 Tuesday, December 10, 2013 1:22 PM Command Mode Class-Map Configuration mode User Guidelines Only one srcl4port matching criteria can be specified. To remove the matching criteria, delete the class map. Example The following example displays how to add a match condition using the "snmp" port name keyword.
PAGE 670
2CSNXXX_SWUM200.book Page 670 Tuesday, December 10, 2013 1:22 PM Example The following example displays adding a match condition for the VLAN ID "2." console(config-classmap)#match vlan 2 mirror Use the mirror command in Policy-Class-Map Configuration mode to mirror all the data that matches the class defined to the destination port specified. Syntax mirror interface • interface — Specifies the Ethernet port to which data needs to be copied.
PAGE 671
2CSNXXX_SWUM200.book Page 671 Tuesday, December 10, 2013 1:22 PM Syntax police-simple {datarate burstsize conform-action {drop | set-prectransmit cos | set-dscp-transmit dscpval | transmit} [violate-action {drop | set-costransmit cos | set-prec-transmit cos | set-dscp-transmit dscpval | transmit}]} • datarate — Data rate in kilobits per second (kbps).
PAGE 672
2CSNXXX_SWUM200.book Page 672 Tuesday, December 10, 2013 1:22 PM console(config-policy-classmap)#police-simple 1000 64 conform-action transmit violate-action drop police-single-rate Use the police-single-rate command to implement a single-rate Three Color Market (srTCM) per RFC 2697. An srTCM meters a traffic stream and colors packets according to three parameters: Committed Information Rate (CIR), Committed Burst Size (CBS), and Peak Burst Size (PBS).
PAGE 673
2CSNXXX_SWUM200.book Page 673 Tuesday, December 10, 2013 1:22 PM User Guidelines The CIR is measured in Kbps, the CBS in Kbytes, and the PBS in Kbytes. It is recommended that the CBS and PBS be configured to be larger than the largest expected IP packet. A class command in policy-map mode must be issued for an existing class-map before entering this command.
PAGE 674
2CSNXXX_SWUM200.book Page 674 Tuesday, December 10, 2013 1:22 PM – set-prec-transmit ip-prec— Remark the IP precedence in the packet to ip-prec and transmit. (Range 0-7) – set-dscp-transmit dscp-val— Remark the DSCP in the packet to dscpval and transmit. (Range 0-63) – set-cos-transmit 802.1p-priority— Remark the 802.1p priority in the packet to 802.1p-priority and transmit. (Range 0-7) – transmit— Transmit the packet unmodified. Default Configuration This command has no default configuration.
PAGE 675
2CSNXXX_SWUM200.book Page 675 Tuesday, December 10, 2013 1:22 PM • policyname— Specifies the DiffServ policy name as a unique casesensitive alphanumeric string of characters. (Range: 1–31 alphanumeric characters.) • in—The policy is applied on ingress. Must be specified to create new DiffServ policies. An existing policy can be selected without specifying "in" or "out". • out—The policy is applied on egress. Either "in" or "out" must be specified to create a new DiffServ policy.
PAGE 676
2CSNXXX_SWUM200.book Page 676 Tuesday, December 10, 2013 1:22 PM Syntax random-detect queue-parms queue-id [queue-id] ... min-thresh minthreshgreen minthresh-yellow minthresh-red minthresh-nontcp max-thresh maxthresh-green max-thresh-yellow max-thresh-red maxthresh-nontcp no random-detect queue-parms queue-id [queue-id] ... • queue-id—The class of service queue. Range 0 to 6.
PAGE 677
2CSNXXX_SWUM200.book Page 677 Tuesday, December 10, 2013 1:22 PM User Guidelines The Green/Yellow/Red Ranges may overlap and are applied to each color independently. Within a color, the range from minimum to maximum is divided into eight (0...7) fixed probabilities at which packets are dropped based on the instantaneous egress queue size: 0 - 6.25% of maximum drop probability 1 - 18.75% of maximum drop probability 2 - 30.25% of maximum drop probability 3 - 43.75% of maximum drop probability 4 - 56.
PAGE 678
2CSNXXX_SWUM200.book Page 678 Tuesday, December 10, 2013 1:22 PM random-detect exponential-weighting-constant Use the random-detect exponential-weighting-constant command to configure the decay in the calculation of the average queue size user for WRED on an interface or all interfaces.
PAGE 679
2CSNXXX_SWUM200.book Page 679 Tuesday, December 10, 2013 1:22 PM • interface — Specifies any valid interface. Interface is Ethernet port or port-channel (Range: po1-po32 or gi1/0/1-gi1/0/24) Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example shows how to redirect incoming packets to port 1/0/1.
PAGE 680
2CSNXXX_SWUM200.book Page 680 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration mode (for all system interfaces) Interface Configuration (Ethernet, Port-channel) mode (for a specific interface) User Guidelines This command enables DiffServ on an interface. No separate interface administrative mode command for DiffServ is available. Use the policy-map command to configure the DiffServ policy. The service-policy direction must catch the direction given for the policy map.
PAGE 681
2CSNXXX_SWUM200.book Page 681 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays all the configuration information for the class named "Dell".
PAGE 682
2CSNXXX_SWUM200.book Page 682 Tuesday, December 10, 2013 1:22 PM show classofservice dot1p-mapping Use the show classofservice dot1p-mapping command in Privileged EXEC mode to display the current Dot1p (802.1p) priority mapping to internal traffic classes for a specific interface.
PAGE 683
2CSNXXX_SWUM200.book Page 683 Tuesday, December 10, 2013 1:22 PM 1 2 3 4 5 6 7 1 6 4 3 4 5 6 show classofservice ip-dscp-mapping Use the show classofservice ip-dscp-mapping command in Privileged EXEC mode to display the current IP DSCP mapping to internal traffic classes for a specific interface. Syntax show classofservice ip-dscp-mapping Default Configuration This command has no default configuration.
PAGE 684
2CSNXXX_SWUM200.
PAGE 685
2CSNXXX_SWUM200.book Page 685 Tuesday, December 10, 2013 1:22 PM 55 56(cs7) 57 58 59 60 61 62 63 console# 3 3 3 3 3 3 3 3 3 show classofservice trust Use the show classofservice trust command in Privileged EXEC mode to display the current trust mode setting for a specific interface.
PAGE 686
2CSNXXX_SWUM200.book Page 686 Tuesday, December 10, 2013 1:22 PM show diffserv Use the show diffserv command in Privileged EXEC mode to display the DiffServ general information, which includes the current administrative mode setting as well as the current and maximum number of DiffServ components. Syntax show diffserv Default Configuration This command has no default configuration.
PAGE 687
2CSNXXX_SWUM200.book Page 687 Tuesday, December 10, 2013 1:22 PM Syntax show diffserv service interface {gigabitethernet unit/slot/port| tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port} {in|out} • in—Show ingress policies. • out—Show egress policies. Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 688
2CSNXXX_SWUM200.book Page 688 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines Not applicable Example console#show diffserv service interface port-channel 1 in DiffServ Admin Mode........................... Enable Interface..................................... po1 Direction.....................................
PAGE 689
2CSNXXX_SWUM200.book Page 689 Tuesday, December 10, 2013 1:22 PM ----------1/0/1 ----------- ------------ ------------------in Down DELL show interfaces cos-queue Use the show interfaces cos-queue command in Privileged EXEC mode to display the class-of-service queue configuration for the specified interface.
PAGE 690
2CSNXXX_SWUM200.book Page 690 Tuesday, December 10, 2013 1:22 PM 5 6 0 0 Weighted Weighted Tail Drop Tail Drop This example displays the COS configuration for the specified interface 1/0/1. console#show interfaces cos-queue gigabitethernet 1/0/1 Interface...................................... 1/0/1 Interface Shaping Rate......................... 0 Queue Id -------0 1 2 3 4 5 6 Min.
PAGE 691
2CSNXXX_SWUM200.book Page 691 Tuesday, December 10, 2013 1:22 PM Parameter Description Scheduler Type Indicates whether this queue is scheduled for transmission using a strict priority or a weighted scheme. This value is a configured value. show interfaces random-detect Use the show interfaces random-detect command in Privileged EXEC mode to display WRED policy on an interface. Syntax show interfaces random-detect interface-id • interface-id—Specify an interface type.
PAGE 692
2CSNXXX_SWUM200.book Page 692 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the DiffServ information.
PAGE 693
2CSNXXX_SWUM200.book Page 693 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the statistics information for port te1/0/1. console#show policy-map interface te1/0/1 in Interface..................................... Operational Status............................ Policy Name................................... Interface Summary: Class Name.......
PAGE 694
2CSNXXX_SWUM200.book Page 694 Tuesday, December 10, 2013 1:22 PM Example The following example displays a summary of policy-oriented statistics information.
PAGE 695
2CSNXXX_SWUM200.book Page 695 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration mode, Interface Configuration (gigabitethernet, portchannel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command implements a true shaper where bursts of traffic are buffered and smoothed. Shaping occurs if the average rate exceeds the configured limit or a burst exceeds 2% of the configured limit.
PAGE 696
2CSNXXX_SWUM200.book Page 696 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example configures the default VLAN priority to 1 for untagged frames ingressing interface Te1/0/1.
PAGE 697
2CSNXXX_SWUM200.book Page 697 Tuesday, December 10, 2013 1:22 PM 34 RADIUS Commands Dell Networking N2000/N3000/N4000 Series Switches Managing and determining the validity of users in a large network can be significantly simplified by making use of a single database of accessible information supplied by an Authentication Server. These servers commonly use the Remote Authentication Dial In User Service (RADIUS) protocol as defined by RFC 2865.
PAGE 698
2CSNXXX_SWUM200.book Page 698 Tuesday, December 10, 2013 1:22 PM Table 34-1. RADIUS Attributes Supported by Dell Networking Switch Service Type RADIUS Attribute Name 802.
PAGE 699
2CSNXXX_SWUM200.book Page 699 Tuesday, December 10, 2013 1:22 PM Table 34-1. RADIUS Attributes Supported by Dell Networking Switch Service Type RADIUS Attribute Name 802.
PAGE 700
2CSNXXX_SWUM200.book Page 700 Tuesday, December 10, 2013 1:22 PM • FILTER-ID – • TUNNEL-TYPE – • Used to indicate that a VLAN is to be assigned to the user when set to tunnel type VLAN (13). TUNNEL-MEDIUM-TYPE – • Name of the filter list for this user. Used to indicate the tunnel medium type. Must be set to medium type 802 (6) to enable VLAN assignment. TUNNEL-PRIVATE-GROUP-ID – Used to indicate the VLAN to be assigned to the user.
PAGE 701
2CSNXXX_SWUM200.book Page 701 Tuesday, December 10, 2013 1:22 PM aaa accounting dot1x default start-stop The aaa accounting network default start-stop group radius command has been migrated to the aaa accounting dot1x default start-stop {radius|none} command. Use the aaa accounting dot1x default start-stop command in Global Configuration mode to create an accounting method list. Use the no form of the command to delete a list. A list may be identified by the default keyword or a user-specified listname.
PAGE 702
2CSNXXX_SWUM200.book Page 702 Tuesday, December 10, 2013 1:22 PM User Guidelines Accounting records, when enabled for a line mode, are sent at both the beginning and at the end (start-stop) of command execution or only at the end (stop-only) of command execution. If none is specified, then accounting is disabled for RADIUS. If radius is the specified accounting method, accounting records are forwarded to the list of RADIUS servers.
PAGE 703
2CSNXXX_SWUM200.book Page 703 Tuesday, December 10, 2013 1:22 PM • list_name—Character string of not more than 15 characters used to name the list of accounting methods. The list name can consist of any printable character. Use quotes around the list name if embedded blanks are contained in the list name. Default Configuration Accounting is not enabled by default.
PAGE 704
2CSNXXX_SWUM200.book Page 704 Tuesday, December 10, 2013 1:22 PM Command Mode Radius (accounting) mode User Guidelines There are no user guidelines for this command. Example The following example sets port number 56 for accounting requests. console(config)#radius-server host acct 3.2.3.2 console(Config-acct-radius)#acct-port 56 auth-port Use the auth-port command in Radius mode to set the port number on which the RADIUS server listens for authentication requests.
PAGE 705
2CSNXXX_SWUM200.book Page 705 Tuesday, December 10, 2013 1:22 PM console(config-radius)#auth-port 2412 deadtime Use the deadtime command in Radius mode to configure the minimum amount of time to wait before attempting to recontact an unresponsive RADIUS server. If a RADIUS server is currently active and responsive, that server will be used until it no longer responds. RADIUS servers whose deadtime interval has not expired are skipped when searching for a new RADIUS server to contact.
PAGE 706
2CSNXXX_SWUM200.book Page 706 Tuesday, December 10, 2013 1:22 PM Syntax debug aaa accounting no debug aaa accounting Default Configuration Debugging is disabled by default. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. key Use the key command to specify the encryption key which is shared with the RADIUS server. Use the no form of this command to remove the key.
PAGE 707
2CSNXXX_SWUM200.book Page 707 Tuesday, December 10, 2013 1:22 PM Example The following example specifies an authentication and encryption key of “lion-king”. console(config)#radius-server host acct 3.2.3.2 console(Config-acct-radius)#key keyacct key encrypted Use the key encrypted command to configure an encrypted key that is shared with the RADIUS server. Use the no form of the command to remove the key. Syntax key encrypted key-string • key-string — The key string in encrypted form.
PAGE 708
2CSNXXX_SWUM200.book Page 708 Tuesday, December 10, 2013 1:22 PM msgauth Use the msgauth command to enable the message authenticator attribute to be used for the RADIUS Authenticating server being configured. Use the “no” form of this command to disable the message authenticator attribute. Syntax msgauth no msgauth Default Configuration The message authenticator attribute is enabled by default. Command Mode Radius mode User Guidelines There are no user guidelines for this command.
PAGE 709
2CSNXXX_SWUM200.book Page 709 Tuesday, December 10, 2013 1:22 PM Default Configuration The default RADIUS server name is Default-RADIUS-Server. Command Mode Radius Configuration mode User Guidelines Names may only be set for authentication servers, not for accounting servers. Names may consist of alphanumeric characters and the underscore, dash and blanks.Embed the name in double quotes to use a name with blanks. NOTE: When multiple RADIUS servers are configured with different names, e.g.
PAGE 710
2CSNXXX_SWUM200.book Page 710 Tuesday, December 10, 2013 1:22 PM to communicate with the primary server for any reason, it uses the backup servers configured with the same server name. These backup servers are identified as the “Secondary” type. Syntax primary Default Configuration There is no primary authentication server by default. Command Mode Radius mode User Guidelines There are no user guidelines for this command.
PAGE 711
2CSNXXX_SWUM200.book Page 711 Tuesday, December 10, 2013 1:22 PM User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command. Example The following example specifies a priority of 10 for the designated server. console(config)#radius-server host 192.143.120.
PAGE 712
2CSNXXX_SWUM200.book Page 712 Tuesday, December 10, 2013 1:22 PM Example The following example sets the NAS IP address in RADIUS attribute 4 to 192.168.10.22. console(config)#radius-server attribute 4 192.168.10.22 radius-server deadtime Use the radius-server deadtime command in Global Configuration mode to configure the minimum amount of time to wait before attempting to recontact an unresponsive RADIUS server.
PAGE 713
2CSNXXX_SWUM200.book Page 713 Tuesday, December 10, 2013 1:22 PM Example The following example sets the minimum interval for a RADIUS server will not be contacted after becoming unresponsive. console(config)#radius-server deadtime 10 radius-server host Use the radius-server host command in Global Configuration mode to specify a RADIUS server host and enter RADIUS Configuration mode. To delete the specified Radius host, use the no form of this command.
PAGE 714
2CSNXXX_SWUM200.book Page 714 Tuesday, December 10, 2013 1:22 PM Server host IP address — 192.168.10.1 console(config)#radius-server host 192.168.10.1 radius-server key Use the radius-server key command in Global Configuration mode to set the authentication and encryption key for all Radius communications between the switch and the Radius server. To reset to the default, use the no form of this command.
PAGE 715
2CSNXXX_SWUM200.book Page 715 Tuesday, December 10, 2013 1:22 PM radius-server key encrypted Use the radius-server key encrypted command to set the authentication and encryption key for the communication between the switch and radius server. Use the no form of the command to disable the key. Syntax radius-server key encrypted key-string • key-string — The key string in encrypted form. It should be 256 characters in length. Default Configuration There is no default configuration for this command.
PAGE 716
2CSNXXX_SWUM200.book Page 716 Tuesday, December 10, 2013 1:22 PM no radius-server retransmit • retries — Specifies the retransmit value. (Range: 1–10) Default Configuration The default is 3 attempts. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the number of times the Radius client attempts to retransmit requests to the Radius server to 5 attempts.
PAGE 717
2CSNXXX_SWUM200.book Page 717 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example configures the source IP address used for communication with Radius servers to 10.1.1.1. console(config)#radius-server source-ip 10.1.1.1 radius-server timeout Use the radius-server timeout command in Global Configuration mode to set the interval for which a switch waits for a server host to reply. To restore the default, use the no form of this command.
PAGE 718
2CSNXXX_SWUM200.book Page 718 Tuesday, December 10, 2013 1:22 PM retransmit Use the retransmit command in Radius mode to specify the number of times the Radius client retransmits requests to the Radius server. Syntax retransmit retries • retries — Specifies the retransmit value. (Range: 1-10 attempts) Default Configuration The default number for attempts is 3. Command Mode Radius mode User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command.
PAGE 719
2CSNXXX_SWUM200.book Page 719 Tuesday, December 10, 2013 1:22 PM • authentication—This optional parameter will cause authentication servers to be displayed. • name—This optional parameter will cause the server names to be displayed instead of the server configuration parameters. • servername—Will cause only the server(s) with server-name name to be displayed. There are no global parameters displayed when this parameter is specified.
PAGE 720
2CSNXXX_SWUM200.book Page 720 Tuesday, December 10, 2013 1:22 PM Field Description RADIUS Accounting Mode A Global parameter to indicate whether the accounting mode for all the servers is enabled or not. RADIUS Attribute 4 Mode A Global parameter to indicate whether the NAS-IPAddress attribute has been enabled to use in RADIUS requests. RADIUS Attribute 4 Value A Global parameter that specifies the IP address to be used in NAS-IP-Address attribute to be used in RADIUS requests.
PAGE 721
2CSNXXX_SWUM200.book Page 721 Tuesday, December 10, 2013 1:22 PM Default-RADIUS-Server test 4.4.4.4 6.6.6.6 1812 1812 No No show accounting methods Use the show accounting methods command in Privileged EXEC mode to display the configured accounting method lists. Syntax show accounting methods Default Configuration This command has no default setting. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 722
2CSNXXX_SWUM200.book Page 722 Tuesday, December 10, 2013 1:22 PM Syntax show radius statistics [accounting | authentication] [{ipaddress | hostname | name servername}] • accounting | authentication—The type of server (accounting or authentication). • ipaddress—The RADIUS server host IP address. • hostname—Host name of the Radius server host. (Range: 1–158 characters). The command allows spaces in the host name when specified in double quotes.
PAGE 723
2CSNXXX_SWUM200.book Page 723 Tuesday, December 10, 2013 1:22 PM Field Description Retransmissions The number of RADIUS Accounting Request packets retransmitted to this RADIUS accounting server. Responses The number of RADIUS packets received on the accounting port from this server. Malformed Responses The number of malformed RADIUS Accounting Response packets received from this server. Malformed packets include packets with an invalid length.
PAGE 724
2CSNXXX_SWUM200.book Page 724 Tuesday, December 10, 2013 1:22 PM Field Description Access Rejects The number of RADIUS Access Reject packets, including both valid and invalid packets, that were received from this server. Access Challenges The number of RADIUS Access Challenge packets, including both valid and invalid packets, that were received from this server. Malformed Access The number of malformed RADIUS Access Response packets Responses received from this server.
PAGE 725
2CSNXXX_SWUM200.book Page 725 Tuesday, December 10, 2013 1:22 PM RADIUS Server Name............................ Server Host Address........................... Access Requests............................... Access Retransmissions........................ Access Accepts................................ Access Rejects................................ Access Challenges............................. Malformed Access Responses.................... Bad Authenticators............................ Pending Requests.......
PAGE 726
2CSNXXX_SWUM200.book Page 726 Tuesday, December 10, 2013 1:22 PM timeout Use the timeout command in Radius mode to set the timeout value in seconds for the designated Radius server. Syntax timeout timeout • timeout — Timeout value in seconds for the specified server. (Range: 1-30 seconds.) Default Configuration The default value is 3 seconds. Command Mode Radius mode User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command.
PAGE 727
2CSNXXX_SWUM200.book Page 727 Tuesday, December 10, 2013 1:22 PM Default Configuration The default variable setting is all. Command Mode Radius mode User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command. Example The following example specifies usage type login. console(config)#radius-server host 192.143.120.
PAGE 728
2CSNXXX_SWUM200.
PAGE 729
2CSNXXX_SWUM200.book Page 729 Tuesday, December 10, 2013 1:22 PM Spanning Tree Commands 35 Dell Networking N2000/N3000/N4000 Series Switches The Multiple Spanning Tree Protocol (MSTP) component complies with IEEE 802.1s by efficiently navigating VLAN traffic over separate interfaces for multiple instances of Spanning Tree. IEEE 802.1D, Spanning Tree and IEEE 802.1w, Rapid Spanning Tree are supported through the IEEE 802.1s implementation. The difference between the RSTP and STP (IEEE 802.
PAGE 730
2CSNXXX_SWUM200.book Page 730 Tuesday, December 10, 2013 1:22 PM port. In this way, the root guard enforces the position of the root bridge. In MSTP scenario the port may be designated in one of the instances while being alternate in the CIST, and so on. Root guard is a per port (not a per port per instance command) configuration so all the MSTP instances this port participates in should not be in root role. STP BPDU Filtering - STP BPDU filtering applies to all operational edge ports.
PAGE 731
2CSNXXX_SWUM200.
PAGE 732
2CSNXXX_SWUM200.book Page 732 Tuesday, December 10, 2013 1:22 PM Example The following example restarts the protocol migration process (forces the renegotiation with neighboring switches) on 1/0/1. console#clear spanning-tree detected-protocols gigabitethernet 1/0/1 exit (mst) Use the exit command in MST mode to exit the MST configuration mode and apply all configuration changes. Syntax exit Default Configuration MST configuration.
PAGE 733
2CSNXXX_SWUM200.book Page 733 Tuesday, December 10, 2013 1:22 PM • vlan-range — VLANs to be added to the existing MST instance. To specify a range of VLANs, use a hyphen. To specify a series of VLANs, use a comma. (Range: 1-4093) Default Configuration VLANs are mapped to the common and internal spanning tree (CIST) instance (instance 0). Command Mode MST mode User Guidelines Before mapping VLANs to an instance use the spanning-tree mst enable command to enable the instance.
PAGE 734
2CSNXXX_SWUM200.
PAGE 735
2CSNXXX_SWUM200.book Page 735 Tuesday, December 10, 2013 1:22 PM Example The following example sets the configuration name to “region1”. console(config)#spanning-tree mst configuration console(config-mst)#name region1 revision (mst) Use the revision command in MST mode to identify the configuration revision number. To return to the default setting, use the no form of this command. Syntax revision version no revision • version — Configuration revision number.
PAGE 736
2CSNXXX_SWUM200.book Page 736 Tuesday, December 10, 2013 1:22 PM Syntax show spanning-tree [{gigabitethernet unit/slot/port | port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] [instance instance-id] show spanning-tree [detail] [active | blockedports] | [instance instance-id] show spanning-tree mst-configuration show spanning-tree {uplinkfast | backbonefast} • detail—Displays detailed information. • active—Displays active ports only.
PAGE 737
2CSNXXX_SWUM200.book Page 737 Tuesday, December 10, 2013 1:22 PM Root Port Gi1/0/1 Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec TxHoldCount 6 sec Bridge ID Priority 32768 Address 001E.C9AA.AD1B Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Interfaces Name -----Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 State -------Enabled Enabled Enabled Enabled Prio.Nbr --------128.1 128.2 128.3 128.
PAGE 738
2CSNXXX_SWUM200.book Page 738 Tuesday, December 10, 2013 1:22 PM Priority 32768 Address 001E.C9AA.AD1B Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Number of topology changes 1 last change occurred 0d0h17m7s ago Times: hold 6, hello 2, max age 20, forward delay 15 Port Gi1/0/1 Enabled State: Forwarding Port id: 128.1 Root Protection: No Designated bridge Priority: 32768 Designated port id: 128.
PAGE 739
2CSNXXX_SWUM200.book Page 739 Tuesday, December 10, 2013 1:22 PM Root Protection: No Designated bridge Priority: 32768 Designated port id: 128.5 CST Regional Root: 80:00:00:1E:C9:AA:AD:1B BPDU: sent 524, received 0 Address: 001E.C9AA.
PAGE 740
2CSNXXX_SWUM200.book Page 740 Tuesday, December 10, 2013 1:22 PM show spanning-tree summary Use the show spanning-tree summary command to display spanning tree settings and parameters for the switch. Syntax show spanning-tree summary Default Configuration There is no default configuration for this command.
PAGE 741
2CSNXXX_SWUM200.book Page 741 Tuesday, December 10, 2013 1:22 PM MST Instances List of all multiple spanning tree instances configured on the switch. Example console#show spanning-tree summary Spanning Tree Adminmode........... Spanning Tree Version............. BPDU Guard Mode................... BPDU Flood Mode................... BPDU Filter Mode.................. Configuration Name................ Configuration Revision Level...... Configuration Digest Key.......... Configuration Format Selector.....
PAGE 742
2CSNXXX_SWUM200.book Page 742 Tuesday, December 10, 2013 1:22 PM VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 32768 Address 0000.0000.0001 Cost 4 Port 1 (1/0/1) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Aging Time Interface ------------------Gi1/0/1 Gi1/0/2 Role ---Desg Desg 32769 (priority 32768 sys-id-ext 1) 0000.0000.0003 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Sts --FWD FWD Cost --------4 4 Prio.Nbr -------- ---------------------------128.
PAGE 743
2CSNXXX_SWUM200.book Page 743 Tuesday, December 10, 2013 1:22 PM Hello Time Aging Time Interface ------------------Gi1/0/5 Gi1/0/6 Role ---Desg Desg 2 sec Max Age 20 sec 300 sec Sts --FWD FWD Cost --------4 4 Forward Delay 15 sec Prio.Nbr -------- ---------------------------128.19 128.21 spanning-tree Use the spanning-tree command in Global Configuration mode to enable spanning-tree functionality. To disable spanning-tree functionality, use the no form of this command.
PAGE 744
2CSNXXX_SWUM200.book Page 744 Tuesday, December 10, 2013 1:22 PM Syntax spanning-tree auto-portfast no spanning-tree auto-portfast Default Configuration Auto portfast mode is enabled by default. Command Mode Interface Configuration (Ethernet, Port Channel) mode User Guidelines There are no user guidelines for this command. Example The following example enables spanning-tree functionality on gigabit ethernet interface 4/0/1.
PAGE 745
2CSNXXX_SWUM200.book Page 745 Tuesday, December 10, 2013 1:22 PM Command Modes Global Configuration Mode User Guidelines IRC can be configured even if the switch is configured for MST(RSTP) or RSTP-PV mode. It only has an effect when the switch is configured for STP-PV mode.
PAGE 746
2CSNXXX_SWUM200.book Page 746 Tuesday, December 10, 2013 1:22 PM Example console#spanning-tree bpdu flooding spanning-tree bpdu-protection Use the spanning-tree bpdu-protection command in Global Configuration mode to enable BPDU protection on a switch. Use the no form of this command to resume the default status of BPDU protection function.
PAGE 747
2CSNXXX_SWUM200.book Page 747 Tuesday, December 10, 2013 1:22 PM spanning-tree cost Use the spanning-tree cost command in Interface Configuration mode to configure the externally advertised spanning-tree path cost for a port. To return to the default port path cost, use the no form of this command. The path cost is used in the selection of an interface for the forwarding or blocking states. Use the no form of the command to automatically select the path cost based upon the speed of the interface.
PAGE 748
2CSNXXX_SWUM200.book Page 748 Tuesday, December 10, 2013 1:22 PM If an interface is configured with both the spanning-tree vlan vlan-id cost cost command and the spanning-tree cost cost command, the spanning-tree vlan vlan-id cost cost value is used in the spanning tree calculation. Example The following example configures the external path cost to be 8192 for VLANs 12, 13, 24, 25, and 26.
PAGE 749
2CSNXXX_SWUM200.book Page 749 Tuesday, December 10, 2013 1:22 PM spanning-tree forward-time Use the spanning-tree forward-time command in Global Configuration mode to configure the spanning-tree bridge forward time, which is the amount of time a port remains in the listening and learning states before entering the forwarding state. To reset the default forward time, use the no form of this command. Syntax spanning-tree forward-time seconds no spanning-tree forward-time • seconds — Time in seconds.
PAGE 750
2CSNXXX_SWUM200.book Page 750 Tuesday, December 10, 2013 1:22 PM spanning-tree guard The spanning-tree guard command selects whether loop guard or root guard is enabled on an interface. If neither is enabled, the port operates in accordance with the multiple spanning tree protocol. Use the “no” form of this command to disable loop guard or root guard on the interface. Syntax spanning-tree guard {root | loop | none} • root — Enables root guard.
PAGE 751
2CSNXXX_SWUM200.book Page 751 Tuesday, December 10, 2013 1:22 PM no spanning-tree loopguard default Default Configuration Loop guard is disabled by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables spanning-tree loopguard functionality on all ports.
PAGE 752
2CSNXXX_SWUM200.book Page 752 Tuesday, December 10, 2013 1:22 PM User Guidelines When configuring the Max-Age the following relationships should be satisfied: 2*(Forward-Time - 1) >= Max-Age Max-Age >= 2*(Hello-Time + 1) Example The following example configures the spanning-tree bridge maximum-age to 10 seconds. console(config)#spanning-tree max-age 10 spanning-tree max-hops Use the spanning-tree max-hops command to set the MSTP Max Hops parameter to a new value for the common and internal spanning tree.
PAGE 753
2CSNXXX_SWUM200.book Page 753 Tuesday, December 10, 2013 1:22 PM spanning-tree mode Use the spanning-tree mode command in Global Configuration mode to configure the spanning-tree protocol. To return to the default configuration, use the no form of this command. Syntax spanning-tree mode {stp | rstp | mst | pvst | rapid-pvst} no spanning-tree mode • stp — Spanning Tree Protocol (STP) is enabled. • rstp — Rapid Spanning Tree Protocol (RSTP) is enabled.
PAGE 754
2CSNXXX_SWUM200.book Page 754 Tuesday, December 10, 2013 1:22 PM RSTP-PV maintains independent spanning tree information about each configured VLAN. RSTP-PV uses IEEE 802.1Q trunking and allows a trunked VLAN to maintain blocked or forwarding state per port on a per VLAN basis. This allows a trunk port to be forwarding for some VLANs and blocked on other VLANs. RSTP-PV extends the IEEE 802.1w standard. It supports faster convergence than IEEE 802.1D. RSTP-PV is compatible with IEEE 802.1D spanning tree.
PAGE 755
2CSNXXX_SWUM200.book Page 755 Tuesday, December 10, 2013 1:22 PM User Guidelines For two or more switches to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number and the same name. Example The following example configures an MST region.
PAGE 756
2CSNXXX_SWUM200.book Page 756 Tuesday, December 10, 2013 1:22 PM Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines MST instance id 0 is the common internal spanning tree instance (CIST). Example The following example configures the MSTP instance 1 path cost for interface 1/0/9 to 4.
PAGE 757
2CSNXXX_SWUM200.book Page 757 Tuesday, December 10, 2013 1:22 PM User Guidelines The priority will be set to the nearest multiple of 4096 if not an exact multiple of 4096. Example The following example configures the port priority of gigabit Ethernet interface 1/0/5 to 144.
PAGE 758
2CSNXXX_SWUM200.book Page 758 Tuesday, December 10, 2013 1:22 PM Example The following example configures the spanning tree priority of instance 1 to 4096. console(config)#spanning-tree mst 1 priority 4096 spanning-tree portfast Use the spanning-tree portfast command in Interface Configuration mode to enable PortFast mode. In PortFast mode, the interface is immediately put into the forwarding state upon linkup, without waiting for the timer to expire.
PAGE 759
2CSNXXX_SWUM200.book Page 759 Tuesday, December 10, 2013 1:22 PM spanning-tree portfast bpdufilter default The spanning-tree portfast bpdufilter default command discards BPDUs received on spanning-tree ports in portfast mode. Use the “no” form of the command to disable discarding. Syntax spanning-tree portfast bpdufilter default no spanning-tree portfast bpdufilter default Default Configuration This feature is disabled by default.
PAGE 760
2CSNXXX_SWUM200.book Page 760 Tuesday, December 10, 2013 1:22 PM Default Configuration Portfast mode is disabled by default. Command Mode Global Configuration mode User Guidelines This command only applies to access ports. NOTE: This command should be used with care. An interface with PortFast mode enabled is moved directly to the spanning tree forwarding state when linkup occurs without waiting for the standard forward-time delay.
PAGE 761
2CSNXXX_SWUM200.book Page 761 Tuesday, December 10, 2013 1:22 PM Default Configuration The default port-priority for IEEE STP is 128. Command Mode Interface Configuration mode User Guidelines If the VLAN parameter is given, the priority is configured only for the selected VLANs (applies only when pvst or rapid-pvst mode is selected). Configuration without the VLAN parameter configures the port priority for RSTP, STP-PV, and RSTP-PV.
PAGE 762
2CSNXXX_SWUM200.book Page 762 Tuesday, December 10, 2013 1:22 PM Example The following example configures a port connected to a host to be least likely to be selected for forwarding to the root bridge, even if the host begins to send BPDUs. console(config-if-Gi1/0/1)#spanning-tree port-priority 240 console(config-if-Gi1/0/1)#spanning-tree vlan 10 port-priority 240 spanning-tree priority Use the spanning-tree priority command in Global Configuration mode to configure the spanning-tree priority.
PAGE 763
2CSNXXX_SWUM200.book Page 763 Tuesday, December 10, 2013 1:22 PM spanning-tree tcnguard Use the spanning-tree tcnguard command to prevent a port from propagating topology change notifications. Use the “no” form of the command to enable TCN propagation. Syntax spanning-tree tcnguard no spanning-tree tcnguard Default Configuration TCN propagation is disabled by default. Command Mode Interface Configuration (Ethernet, Port Channel) mode User Guidelines There are no user guidelines for this command.
PAGE 764
2CSNXXX_SWUM200.book Page 764 Tuesday, December 10, 2013 1:22 PM Default Configuration The default hold count is 6 BPDUs. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example sets the maximum number of BPDUs sent to 6.
PAGE 765
2CSNXXX_SWUM200.book Page 765 Tuesday, December 10, 2013 1:22 PM User Guidelines DirectLink Rapid Convergence (DRC) can be configured even if the switch is configured for MST(RSTP) mode. It only has an effect when the switch is configured for STP-PV or RSTP-PV modes. Enabling DRC sets the switch priority to 49152. Path costs less than 3000 have an additional 3000 added when DRC is enabled. This reduces the probability that the switch will become the root switch.
PAGE 766
2CSNXXX_SWUM200.book Page 766 Tuesday, December 10, 2013 1:22 PM To change the allocation of spanning-tree instances to VLANs, use the no spanning-tree vlan command to disassociate a VLAN from a per VLAN spanning-tree instance and use the spanning-tree vlan command to associate the spanning-tree instance with the desired VLAN. Command Modes Global Configuration mode User Guidelines This command can be configured even if the switch is configured for MST(RSTP) mode.
PAGE 767
2CSNXXX_SWUM200.book Page 767 Tuesday, December 10, 2013 1:22 PM Command Modes Global Configuration Mode User Guidelines Set this value to a lower number to accelerate the transition to forwarding. The network operator should take into account the end to end BPDU propagation delay, the maximum frame lifetime, the maximum transmission halt delay and the message age overestimate values specific to their network when configuring this parameter.
PAGE 768
2CSNXXX_SWUM200.book Page 768 Tuesday, December 10, 2013 1:22 PM Use the no form of the command to return the hello time to its default value. Example console(config)#spanning-tree vlan 3 hello-time 1 spanning-tree vlan max-age Use the spanning-tree vlan max-age command to configure the spanning tree maximum age time for a set of VLANs. Use the no form of the command to return the maximum age timer to the default value.
PAGE 769
2CSNXXX_SWUM200.book Page 769 Tuesday, December 10, 2013 1:22 PM spanning-tree vlan root Use the spanning-tree vlan root primary command to configure the switch to become the root bridge or standby root bridge by modifying the bridge priority from the default value to a lower value calculated to ensure the bridge is the root (or standby) bridge. Use the no form of the command to let the network elect the root bridge.
PAGE 770
2CSNXXX_SWUM200.book Page 770 Tuesday, December 10, 2013 1:22 PM Syntax spanning-tree vlan {vlan-list} priority priority no spanning-tree vlan {vlan-list} priority • vlan-list–A single VLAN ID or a list of VLAN IDs in comma delineated or range format with no embedded blanks. Range 1-4094. • priority –The bridge priority advertised when combined with the switch MAC address. Range 0-61440. Default Configuration The default bridge priority is 32768.
PAGE 771
2CSNXXX_SWUM200.book Page 771 Tuesday, December 10, 2013 1:22 PM 36 TACACS+ Commands Dell Networking N2000/N3000/N4000 Series Switches TACACS+ provides access control for networked devices via one or more centralized servers, similar to RADIUS this protocol simplifies authentication by making use of a single database that can be shared by many clients on a large network.
PAGE 772
2CSNXXX_SWUM200.book Page 772 Tuesday, December 10, 2013 1:22 PM port tacacs-server key encrypted priority tacacs-server timeout show tacacs timeout key Use the key command in TACACS Configuration mode to specify the authentication and encryption key for all TACACS communications between the device and the TACACS server. This key must match the key used on the TACACS daemon. Syntax key [key-string] • key-string — To specify the key name.
PAGE 773
2CSNXXX_SWUM200.book Page 773 Tuesday, December 10, 2013 1:22 PM • key-string — The key string in encrypted form. It should be 256 characters in length. Default Configuration There is no default configuration for this command. Command Modes TACACS Configuration mode. Usage Guidelines This command has no user guidelines.
PAGE 774
2CSNXXX_SWUM200.book Page 774 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example displays how to specify TACACS server port number 1200. console(tacacs)#port 1200 priority Use the priority command in TACACS Configuration mode to specify the order in which servers are used, where 0 (zero) is the highest priority. Syntax priority [priority] • priority — Specifies the priority for servers. 0 (zero) is the highest priority.
PAGE 775
2CSNXXX_SWUM200.book Page 775 Tuesday, December 10, 2013 1:22 PM Syntax show tacacs [ip-address] • ip-address — The name or IP address of the host. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following example displays TACACS+ server settings. console#show tacacs Global Timeout: 5 IP address --------------10.254.24.
PAGE 776
2CSNXXX_SWUM200.book Page 776 Tuesday, December 10, 2013 1:22 PM • hostname — The hostname of the TACACS+ server. (Range: 1-255 characters). Default Configuration No TACACS+ host is specified. Command Mode Global Configuration mode User Guidelines To specify multiple hosts, multiple tacacs-server host commands can be used. TACACS servers are keyed by the host name, therefore it is advisable to use unique host names. Example The following example specifies a TACACS+ host.
PAGE 777
2CSNXXX_SWUM200.book Page 777 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration mode User Guidelines The tacacs-server key command accepts any printable characters for the key except a double quote or question mark. Enclose the string in double quotes to include spaces within the key. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may accept entries up to the first illegal character or reject the entry entirely.
PAGE 778
2CSNXXX_SWUM200.
PAGE 779
2CSNXXX_SWUM200.book Page 779 Tuesday, December 10, 2013 1:22 PM Syntax timeout [timeout] • timeout — The timeout value in seconds. (Range: 1–30) Default Configuration If left unspecified, the timeout defaults to the global value. Command Mode TACACS Configuration mode User Guidelines This command has no user guidelines. Example This example shows how to specify the timeout value.
PAGE 780
2CSNXXX_SWUM200.
PAGE 781
2CSNXXX_SWUM200.book Page 781 Tuesday, December 10, 2013 1:22 PM UDLD Commands 37 The UDLD feature detects unidirectional links on physical ports. A unidirectional link is a forwarding anomaly in a Layer 2 communication channel in which a bi-directional link stops passing traffic in one direction. UDLD must be enabled on the both sides of the link in order to detect a unidirectional link. The UDLD protocol operates by exchanging packets containing information about neighboring devices.
PAGE 782
2CSNXXX_SWUM200.book Page 782 Tuesday, December 10, 2013 1:22 PM recognize only the sending failures on unidirectional links. If all devices in the network support UDLD, this functionality is enough to detect all unidirectional links. Processing UDLD Traffic from Neighbors Every UDLD-capable device collects information about all other UDLDcapable devices. Each device populates UDLD echo packets with collected neighbor information to help neighbors identify unidirectional links.
PAGE 783
2CSNXXX_SWUM200.book Page 783 Tuesday, December 10, 2013 1:22 PM UDLD will put the port into the diagnostically disabled state in the following cases: a When there is a loopback. The device ID and port ID sent out on a port is received back. b UDLD PDU is received from a partner does not have its own details (echo). c Bidirectional connection is established and no UDLD packets are received from the partner device within three times the message interval.
PAGE 784
2CSNXXX_SWUM200.book Page 784 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration mode User Guidelines This command globally enables UDLD. Interfaces which are not connected or enabled at the Ethernet layer at the time the command is issued will be enabled for UDLD when connected or enabled. udld reset Use the udld reset command in Privileged EXEC mode to reset (enable) all interfaces disabled by UDLD. Syntax udld reset Default Configuration This command has no default configuration.
PAGE 785
2CSNXXX_SWUM200.book Page 785 Tuesday, December 10, 2013 1:22 PM udld message time Use the udld message time command in Global Configuration mode to configure the interval between the transmission of UDLD probe messages on ports that are in the advertisement phase. Use the no form of the command to return the message transmission interval to the default value. Syntax udld message time message-interval no udld message time • message-interval—UDLD message transmit interval in seconds.
PAGE 786
2CSNXXX_SWUM200.book Page 786 Tuesday, December 10, 2013 1:22 PM no udld timeout interval • timeout-interval—UDLD timeout interval. Range is 5 to 60 seconds. Default Configuration The default timeout interval is 5 seconds. Command Mode Global Configuration mode User Guidelines This command sets the time interval used to determine if the link has bidirectional or unidirectional connectivity.
PAGE 787
2CSNXXX_SWUM200.book Page 787 Tuesday, December 10, 2013 1:22 PM udld port Use the udld port command in Interface (physical) Configuration mode to select the UDLD operating mode on a specific interface. Use the no form of the command to reset the operating mode to the default (normal). Syntax udld port aggressive no udld port • aggressive—Sets the port to discover peers in aggressive mode. Default Configuration Normal mode is configured by default when UDLD is enabled on an interface.
PAGE 788
2CSNXXX_SWUM200.book Page 788 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC or User EXEC mode, Configuration mode and all Configuration submodes User Guidelines When no interface is specified, the following fields are shown: Field Description Admin Mode The global administrative mode of UDLD. Message Interval The time period (in seconds) between the transmission of UDLD probe packets. Timeout Interval The time period (in seconds) before making decision that link is unidirectional.
PAGE 789
2CSNXXX_SWUM200.book Page 789 Tuesday, December 10, 2013 1:22 PM Field Description UDLD Status The status of the link as determined by UDLD. The options are: • Undetermined – UDLD has not collected enough information to determine the state of the port. • Not applicable – UDLD is disabled, either globally or on the port. • Shutdown – UDLD has detected a unidirectional link and shutdown the port. That is, the port is in an errDisabled state. • Bidirectional - UDLD has detected a bidirectional link.
PAGE 790
2CSNXXX_SWUM200.book Page 790 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines.
PAGE 791
2CSNXXX_SWUM200.book Page 791 Tuesday, December 10, 2013 1:22 PM 38 VLAN Commands Dell Networking N2000/N3000/N4000 Series Switches Dell Networking 802.1Q VLANs are an implementation of the Virtual Local Area Network, specification 802.1Q. Operating at Layer 2 of the OSI model, the VLAN is a means of parsing a single network into logical user groups or organizations as if they physically resided on a dedicated LAN segment of their own.
PAGE 792
2CSNXXX_SWUM200.book Page 792 Tuesday, December 10, 2013 1:22 PM The Dell Networking switching component can be configured to enable the port in double-VLAN (DVLAN) mode. In this mode switch looks for 12th, 13th, 16th, and 17th bytes for the tag status in the incoming frame. The outer tag (S-TAG) TPID is identified with the 12th and 13th bytes values. The inner tag (C-TAG) TPID is identified with 16th and 17th bytes values. These two TPID values can be different or the same.
PAGE 793
2CSNXXX_SWUM200.book Page 793 Tuesday, December 10, 2013 1:22 PM In PBVLANs, the VLAN classification of a packet is based on its protocol (IP, IPX, NetBIOS, and so on). PBVLANs help optimize network traffic because protocol-specific broadcast messages are sent only to end stations using that protocol. End stations do not receive unnecessary traffic, and bandwidth is used more efficiently. It is a flexible method that provides a logical grouping of users.
PAGE 794
2CSNXXX_SWUM200.book Page 794 Tuesday, December 10, 2013 1:22 PM • Primary VLAN Forwards the traffic from the promiscuous ports to isolated ports, community ports and other promiscuous ports in the same private VLAN. Only one primary VLAN can be configured per private VLAN. All ports within a private VLAN share the same primary VLAN. • Isolated VLAN Is a secondary VLAN. It carries traffic from isolated ports to promiscuous ports. Only one isolated VLAN can be configured per private VLAN.
PAGE 795
2CSNXXX_SWUM200.book Page 795 Tuesday, December 10, 2013 1:22 PM Figure 38-1. Private VLANs Isolated VLAN An endpoint connected over an isolated VLAN is allowed to communicate with endpoints connected to promiscuous ports only. Endpoints connected to adjacent endpoints over an isolated VLAN cannot communicate with each other.
PAGE 796
2CSNXXX_SWUM200.book Page 796 Tuesday, December 10, 2013 1:22 PM In order to enable Private VLAN operation across multiple switches which are not stacked, the inter-switch links should carry VLANs which belong to a private VLAN. The trunk ports which connect neighbor switches have to be assigned to the primary, isolated, and community VLANs of a private VLAN. In regular VLANs, ports in the same VLAN switch traffic at L2.
PAGE 797
2CSNXXX_SWUM200.
PAGE 798
2CSNXXX_SWUM200.book Page 798 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration, Interface Configuration, Interface Range, and PortChannel Range modes User Guidelines This command configures the outer VLAN tag type (primary TPID) for double VLAN tagging when used in global CONFIG mode with the primarytpid parameter. Only one outer tag type can be configured for the switch. The outer tag is added on egress and removed on ingress on uplink (service provider) ports.
PAGE 799
2CSNXXX_SWUM200.
PAGE 800
2CSNXXX_SWUM200.book Page 800 Tuesday, December 10, 2013 1:22 PM • vlan-id—The ID of a valid VLAN (Range 1–4093). Default Configuration By default, routing is enabled on VLAN 1. However, VLAN 1 does not route packets until an IP address is assigned to the VLAN. DHCP is not enabled on VLAN 1 by default. Command Mode VLAN Configuration or Global Configuration modes User Guidelines Assigning an IP address to a VLAN interface enables routing on the VLAN interface.
PAGE 801
2CSNXXX_SWUM200.book Page 801 Tuesday, December 10, 2013 1:22 PM User Guidelines Commands used in the interface range context are executed independently on each interface in the range. If the command returns an error on one of the interfaces, an error message is displayed and execution continues on other interfaces. Example The following example groups VLAN 221 through 228 and VLAN 889 to execute the commands entered in interface range mode.
PAGE 802
2CSNXXX_SWUM200.book Page 802 Tuesday, December 10, 2013 1:22 PM Uplink Port Behavior If a single-tagged (SP tagged) or double-tagged (SP tag as outer tag) packet ingresses an uplink port, the switch strips the outer tag prior to forwarding it to the respective access ports. If an untagged or single tagged (802.1Q tagged) packet egresses an uplink port, the switch tags it with the configured ethertype and service provider VLAN ID taken from the service port PVID.
PAGE 803
2CSNXXX_SWUM200.book Page 803 Tuesday, December 10, 2013 1:22 PM Command Mode VLAN Configuration mode User Guidelines The VLAN name may include any alphanumeric characters including a space, underscore, or dash. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may truncate entries at the first illegal character or reject the entry entirely. The name of VLAN 1 cannot be changed.
PAGE 804
2CSNXXX_SWUM200.book Page 804 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode VLAN Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to attach the VLAN ID "100" to the protocol-based VLAN group "3.
PAGE 805
2CSNXXX_SWUM200.book Page 805 Tuesday, December 10, 2013 1:22 PM • groupid — The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command. To see the group ID associated with the name of a protocol group, use the show port protocol all command. Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines.
PAGE 806
2CSNXXX_SWUM200.book Page 806 Tuesday, December 10, 2013 1:22 PM • groupid — The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command. To see the group ID associated with the name of a protocol group, use the show port protocol all command. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
PAGE 807
2CSNXXX_SWUM200.book Page 807 Tuesday, December 10, 2013 1:22 PM Example The following example shows how to display all interfaces for Double VLAN Tunneling. console#show dvlan-tunnel Interfaces Enabled for DVLAN Tunneling......... 1/0/1 show dvlan-tunnel interface Use the show dvlan-tunnel interface command in Privileged EXEC mode to display detailed information about Double VLAN Tunneling for the specified interface or all interfaces.
PAGE 808
2CSNXXX_SWUM200.book Page 808 Tuesday, December 10, 2013 1:22 PM EtherType This field represents a 2-byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel. The three different EtherType tags are: (1) 802.1Q, which represents the commonly used value of 0x8100. (2) vMAN, which represents the commonly used value of 0x88A8. (3) If EtherType is not one of these two values, it is a custom tunnel value, representing any value in the range of 0 to 65535.
PAGE 809
2CSNXXX_SWUM200.book Page 809 Tuesday, December 10, 2013 1:22 PM • Voice VLAN It is recommended that the private VLAN host ports be configured as spanning-tree portfast. The command displays the following information. Parameter Description private-vlan hostassociation Displays VLAN association for the private-VLAN host ports. private-vlan mapping Displays VLAN mapping for the private-VLAN promiscuous ports. Examples The following example displays switchport configuration individually for gi1/0/1.
PAGE 810
2CSNXXX_SWUM200.book Page 810 Tuesday, December 10, 2013 1:22 PM Forbidden VLANS: VLAN Name -----------73 Out The following example displays switchport configuration individually for 1/0/2.
PAGE 811
2CSNXXX_SWUM200.
PAGE 812
2CSNXXX_SWUM200.book Page 812 Tuesday, December 10, 2013 1:22 PM Group Name --------------test Group ID ----1 Protocol(s ---------IP VLAN ---1 Interface(s) -----------1/0/1 show vlan Use the show vlan command in Privileged EXEC mode to display detailed information, including interface information and dynamic VLAN type, for a specific VLAN or RSPAN VLAN. The ID is a valid VLAN identification number.
PAGE 813
2CSNXXX_SWUM200.book Page 813 Tuesday, December 10, 2013 1:22 PM 10 This example shows information for a specific VLAN ID. console#show vlan id 10 VLAN ----10 Name --------------- Ports Type ------------- -------------Te1/0/1 Static RSPAN Vlan -----------------------------------------------------------------Enabled This example shows information for a specific VLAN name.
PAGE 814
2CSNXXX_SWUM200.book Page 814 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example shows no entry in MAC address to VLAN crossreference. console#show vlan association mac MAC Address VLAN ID ----------------------- ------0001.0001.0001.0001 1 console# show vlan association subnet Use the show vlan association subnet command in Privileged EXEC mode to display the VLAN associated with a specific configured IP-Address and netmask.
PAGE 815
2CSNXXX_SWUM200.book Page 815 Tuesday, December 10, 2013 1:22 PM Example The following example shows the case if no IP Subnet to VLAN association exists. console#show vlan association subnet IP Address IP Mask VLAN ID ---------------- ---------------- ------The IP Subnet to VLAN association does not exist. switchport access vlan Use the switchport access vlan command in Interface Configuration mode to configure the VLAN ID when the interface is in access mode.
PAGE 816
2CSNXXX_SWUM200.book Page 816 Tuesday, December 10, 2013 1:22 PM console(config)#interface gigabitethernet 1/0/8 console(config-if-Gi1/0/8)#switchport access vlan 23 switchport general forbidden vlan Use the switchport general forbidden vlan command in Interface Configuration mode to forbid adding specific VLANs to a general mode port. To revert to allowing the addition of specific VLANs to the port, use the remove parameter of this command.
PAGE 817
2CSNXXX_SWUM200.book Page 817 Tuesday, December 10, 2013 1:22 PM switchport general acceptable-frame-type tagged-only Use the switchport general acceptable-frame-type tagged-only command in Interface Configuration mode to discard untagged frames at ingress. To enable untagged frames at ingress, use the no form of this command. Syntax switchport general acceptable-frame-type tagged-only no switchport general acceptable-frame-type tagged-only Default Configuration All frame types are accepted at ingress.
PAGE 818
2CSNXXX_SWUM200.book Page 818 Tuesday, December 10, 2013 1:22 PM • add vlan-list — List of VLAN IDs to add. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs. • remove vlan-list — List of VLAN IDs to remove. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs. • tagged — Sets the port to transmit tagged packets for the VLANs.
PAGE 819
2CSNXXX_SWUM200.book Page 819 Tuesday, December 10, 2013 1:22 PM no switchport general ingress-filtering disable Default Configuration Ingress filtering is enabled. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines Ingress filtering, when enabled, discards received frames that are not tagged with a VLAN for which the port is a member.
PAGE 820
2CSNXXX_SWUM200.book Page 820 Tuesday, December 10, 2013 1:22 PM Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines Setting a new PVID does NOT remove the previously configured PVID VLAN from the port membership. Example The following example shows how to configure the PVID for 1/0/8, when the interface is in general mode.
PAGE 821
2CSNXXX_SWUM200.book Page 821 Tuesday, December 10, 2013 1:22 PM • general—Full 802.1q support VLAN interface. A general mode port is a combination of both trunk and access ports capabilities. It is possible to fully configure all VLAN features on a general mode port. Both tagged and untagged packets may be accepted and transmitted. Default Configuration The default switchport mode is access.
PAGE 822
2CSNXXX_SWUM200.book Page 822 Tuesday, December 10, 2013 1:22 PM • – all specifies all VLANs from 1 to 4093. This keyword is not allowed on commands that do not permit all VLANs in the list to be set at the same time. – add adds the defined list of VLANs to those currently set instead of replacing the list. – remove removes the defined list of VLANs from those currently set instead of replacing the list.
PAGE 823
2CSNXXX_SWUM200.book Page 823 Tuesday, December 10, 2013 1:22 PM It is possible to exclude VLANs that have not yet been created from trunk port membership. Example console(config-if-Gi1/0/1)#switchport trunk allowed vlan 1-1024 console(config-if-Gi1/0/1)#switchport trunk allowed vlan except 1,2,3,5,7,11,13 vlan Use the vlan command in Global Configuration mode to configure a VLAN. To delete a VLAN, use the no form of this command.
PAGE 824
2CSNXXX_SWUM200.book Page 824 Tuesday, December 10, 2013 1:22 PM Example The following example shows how to create (add) VLAN IDs 22, 23, and 56. console(config)#vlan 22,23,56 console(config-vlan)# vlan association mac Use the vlan association mac command in VLAN Configuration mode to associate a MAC address to a VLAN. The maximum number of MAC-based VLANs is 256. Only packets with a matching source IP address are placed in the VLAN.
PAGE 825
2CSNXXX_SWUM200.book Page 825 Tuesday, December 10, 2013 1:22 PM vlan association subnet Use the vlan association subnet command in VLAN Configuration mode to associate a VLAN to a specific IP-subnet. Only packets with a matching source IP address are placed into the VLAN. Syntax vlan association subnet ip-address subnet-mask no vlan association subnet ip-address subnet-mask • ip-address — Source IP address. (Range: Any valid IP address) • subnet-mask — Subnet mask.
PAGE 826
2CSNXXX_SWUM200.book Page 826 Tuesday, December 10, 2013 1:22 PM Syntax vlan makestatic vlan-id • vlan-id — Valid vlan ID. Range is 2–4093. Default Configuration This command has no default configuration. Command Mode Global Configuration Mode User Guidelines The dynamic VLAN (created via GRVP) should exist prior to executing this command. See the Type column in output from the show vlan command to determine that the VLAN is dynamic. Example The following changes vlan 3 to a static VLAN.
PAGE 827
2CSNXXX_SWUM200.book Page 827 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console(config)# vlan protocol group 1 vlan protocol group add protocol Use the vlan protocol group add protocol command in Global Configuration mode to add a protocol to the protocol-based VLAN groups identified by groupid.
PAGE 828
2CSNXXX_SWUM200.book Page 828 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to add the "ip" protocol to the protocol based VLAN group identified as "2.
PAGE 829
2CSNXXX_SWUM200.book Page 829 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example console(config)# vlan protocol group name 1 usergroup vlan protocol group remove Use the vlan protocol group remove command in Global Configuration mode to remove the protocol-based VLAN group identified by groupid.
PAGE 830
2CSNXXX_SWUM200.book Page 830 Tuesday, December 10, 2013 1:22 PM switchport private-vlan Use the switchport private-vlan command in Interface Configuration mode to define a private VLAN association for an isolated or community port or a mapping for a promiscuous port. Use the no form of the command to remove the private VLAN association or mapping from the interface.
PAGE 831
2CSNXXX_SWUM200.book Page 831 Tuesday, December 10, 2013 1:22 PM switchport mode private-vlan Use the switchport mode private-vlan command in Interface Configuration mode to define a private VLAN association for an isolated or community interface or a mapping for a promiscuous interface. Use the no form of the command to remove the private VLAN association or mapping from the interface.
PAGE 832
2CSNXXX_SWUM200.book Page 832 Tuesday, December 10, 2013 1:22 PM private-vlan Use the private-vlan command in VLAN Configuration mode to define a private VLAN association between the primary and secondary VLANs. Use the no form of the command to remove the private VLAN association. Syntax private-vlan {primary|isolated|community|association [add|remove] vlan- list} no private-vlan [association] • association—Defines an association between the primary VLAN and secondary VLANs.
PAGE 833
2CSNXXX_SWUM200.book Page 833 Tuesday, December 10, 2013 1:22 PM An isolated VLAN is used by isolated ports to communicate with promiscuous ports. It does not carry traffic to other community ports or other isolated ports with the same primary VLAN. The primary VLAN is the VLAN that carries traffic from a promiscuous port to the private ports. VLAN 1 cannot be configured in a private VLAN configuration.
PAGE 834
2CSNXXX_SWUM200.book Page 834 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines Do not configure private VLANs on ports configured with any of these features: • Link Aggregation Control Protocol (LACP) • Multicast VLAN Registration (MVR) • Voice VLAN It is recommended that the private VLAN host ports be configured as spanning-tree portfast. The command displays the following information.
PAGE 835
2CSNXXX_SWUM200.book Page 835 Tuesday, December 10, 2013 1:22 PM Voice VLAN Commands 39 Dell Networking N2000/N3000/N4000 Series Switches The Voice VLAN feature enables switch ports to carry voice traffic with an administrator-defined priority so as to enable prioritization of voice traffic over data traffic. Using Voice VLAN helps to ensure that the sound quality of an IP phone is protected from deterioration when the data traffic utilization on the port is high.
PAGE 836
2CSNXXX_SWUM200.book Page 836 Tuesday, December 10, 2013 1:22 PM Commands in this Chapter This chapter explains the following commands: voice vlan voice vlan data priority voice vlan (Interface) show voice vlan voice vlan This command is used to enable the voice VLAN capability on the switch. Syntax voice vlan no voice vlan Command Mode Global Configuration User Guidelines Not applicable Default Value This feature is disabled by default.
PAGE 837
2CSNXXX_SWUM200.book Page 837 Tuesday, December 10, 2013 1:22 PM • auth—Enables/disables authentication on the voice vlan port. • data—Observe the priority on received voice vlan traffic (trusted mode). • dot1p—Configure Voice VLAN 802.1p priority tagging for voice traffic. • dscp—Configure DSCP value for voice traffic on the voice vlan port. (Range: 0–64).
PAGE 838
2CSNXXX_SWUM200.book Page 838 Tuesday, December 10, 2013 1:22 PM Syntax voice vlan data priority {trust | untrust} • trust —Trust the dot1p priority or DSCP values contained in packets arriving on the voice vlan port. • untrust —Do not trust the dot1p priority or DSCP values contained in packets arriving on the voice vlan port.
PAGE 839
2CSNXXX_SWUM200.book Page 839 Tuesday, December 10, 2013 1:22 PM When the interface parameter is specified: Voice VLAN Mode The admin mode of the voice VLAN on the interface. Voice VLAN ID The voice VLAN ID. Voice VLAN Priority The Dot1p priority for the voice VLAN on the port. Voice VLAN Untagged The tagging option for the voice VLAN traffic. Voice VLAN COS Override The Override option for the voice traffic arriving on the port. Voice VLAN Status The operational status of voice VLAN on the port.
PAGE 840
2CSNXXX_SWUM200.
PAGE 841
2CSNXXX_SWUM200.book Page 841 Tuesday, December 10, 2013 1:22 PM 40 802.1x Commands Dell Networking N2000/N3000/N4000 Series Switches Local Area Networks (LANs) are often deployed in environments that permit the attachment of unauthorized devices. The networks also permit unauthorized users to attempt to access the LAN through existing equipment. In such environments, the administrator may desire to restrict access to the services offered by the LAN.
PAGE 842
2CSNXXX_SWUM200.book Page 842 Tuesday, December 10, 2013 1:22 PM Whenever an operator configures a port in Dot1x authentication mode and selects the authentication method as internal, then the user credentials received from the Dot1x supplicant is validated against the IDAS by Dot1x component. The Dot1x application accesses the Dot1x user database to check whether the user credentials present in the authentication message corresponds to a valid user or not.
PAGE 843
2CSNXXX_SWUM200.book Page 843 Tuesday, December 10, 2013 1:22 PM Guest VLAN The Guest VLAN feature allows a Dell Networking switch to provide a distinguished service to unauthenticated users (not rogue users who fail authentication). This feature provides a mechanism to allow visitors and contractors to have network access to reach external network with no ability to surf internal LAN. When a client that does not support 802.1X is connected to an unauthorized port that is 802.
PAGE 844
2CSNXXX_SWUM200.book Page 844 Tuesday, December 10, 2013 1:22 PM client is authenticated and is undisturbed by the failure condition(s). The reasons for failure are logged and buffered into the local logging database such that the operator can track the failure conditions. Clients authenticated when monitor mode is enabled are always assigned to the default VLAN, regardless of the RADIUS assignment.
PAGE 845
2CSNXXX_SWUM200.book Page 845 Tuesday, December 10, 2013 1:22 PM dot1x system-auth-control monitor clear authentication authentication-history dot1x unauth-vlan dot1x timeout guest-vlanperiod show authentication show dot1x advanced dot1x timeout quiet-period show authenticaton authentication-history – 802.
PAGE 846
2CSNXXX_SWUM200.book Page 846 Tuesday, December 10, 2013 1:22 PM dot1x initialize This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is auto or mac-based. If the control mode is not auto or mac-based, an error will be returned. Syntax dot1x initialize [interface interface-id] • interface-id—The port to be initialized. Default Configuration This command has no default configuration.
PAGE 847
2CSNXXX_SWUM200.book Page 847 Tuesday, December 10, 2013 1:22 PM User Guidelines Local processing of IEEE 802.1x frames must be disabled (no dot1x systemauth-control) for this capability to be enabled. This capability is useful in situations where the authenticator device is placed one or more hops away from the authenticating host. The intervening switch will flood all received IEEE 802.1x frames in the VLAN. Flooding of IEEE 802.
PAGE 848
2CSNXXX_SWUM200.book Page 848 Tuesday, December 10, 2013 1:22 PM dot1x max-req Use the dot1x max-req command in Interface Configuration mode to set the maximum number of times that the switch sends an Extensible Authentication Protocol (EAP)-request frame (assuming that no response is received) to the client before restarting the authentication process. To return to the default setting, use the no form of this command.
PAGE 849
2CSNXXX_SWUM200.book Page 849 Tuesday, December 10, 2013 1:22 PM dot1x max-users Use the dot1x max-users command in Interface Configuration mode to set the maximum number of clients supported on the port when MAC-based 802.1X authentication is enabled on the port. Use the no version of the command to reset the maximum number of clients supported on the port when MAC-based 802.1X authentication is enabled on the port.
PAGE 850
2CSNXXX_SWUM200.book Page 850 Tuesday, December 10, 2013 1:22 PM Syntax dot1x port-control {force-authorized | force-unauthorized | auto | macbased} no dot1x port-control • auto — Enables 802.1x authentication on the interface and causes the port to transition to the authorized or unauthorized state based on the 802.1x authentication exchange between the switch and the client. • force-authorized — Disables 802.
PAGE 851
2CSNXXX_SWUM200.book Page 851 Tuesday, December 10, 2013 1:22 PM console(config)# interface gigabitethernet 1/0/2 console(config-if-Gi1/0/2)# dot1x port-control mac-based dot1x re-authenticate Use the dot1x re-authenticate command in Privileged EXEC mode to enable manually initiating a re-authentication of all 802.1x-enabled ports or the specified 802.1x-enabled port.
PAGE 852
2CSNXXX_SWUM200.book Page 852 Tuesday, December 10, 2013 1:22 PM Default Configuration Periodic reauthentication is disabled. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example enables periodic reauthentication of the client.
PAGE 853
2CSNXXX_SWUM200.book Page 853 Tuesday, December 10, 2013 1:22 PM Example The following example enables 802.1x globally. console(config)# dot1x system-auth-control dot1x system-auth-control monitor Use the dot1x system-auth-control monitor command in Global Configuration mode to enable 802.1x monitor mode globally. To disable this function, use the no form of this command. Syntax dot1x system-auth-control monitor no dot1x system-auth-control monitor Default Configuration Dot1x monitor mode is disabled.
PAGE 854
2CSNXXX_SWUM200.book Page 854 Tuesday, December 10, 2013 1:22 PM Syntax dot1x timeout guest-vlan-period seconds no dot1x timeout guest-vlan-period • seconds — Time in seconds that the switch waits before authorizing the client if the client is a dot1x unaware client. Range 1-300. Default Configuration The switch remains in the quiet state for 90 seconds.
PAGE 855
2CSNXXX_SWUM200.book Page 855 Tuesday, December 10, 2013 1:22 PM • seconds — Time in seconds that the switch remains in the quiet state following a failed authentication exchange with the client. (Range: 0–65535 seconds) Default Configuration The switch remains in the quiet state for 60 seconds. Command Mode Interface Configuration (Ethernet) mode User Guidelines During the quiet period, the switch does not accept or initiate any authentication requests.
PAGE 856
2CSNXXX_SWUM200.book Page 856 Tuesday, December 10, 2013 1:22 PM • seconds — Number of seconds between re-authentication attempts. (Range: 300–4294967295) Default Configuration Re-authentication period is 3600 seconds. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example sets the number of seconds between re-authentication attempts to 300.
PAGE 857
2CSNXXX_SWUM200.book Page 857 Tuesday, December 10, 2013 1:22 PM Command Mode Interface Configuration (Ethernet) mode User Guidelines The actual timeout is this parameter or the product of the Radius transmission times the Radius timeout, whichever is smaller. Example The following example sets the time for the retransmission to the authentication server to 3600 seconds.
PAGE 858
2CSNXXX_SWUM200.book Page 858 Tuesday, December 10, 2013 1:22 PM User Guidelines Change the default value of this command only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. Example The following command sets the number of seconds that the switch waits for a response to an EAP-request/identity frame to 3600 seconds.
PAGE 859
2CSNXXX_SWUM200.book Page 859 Tuesday, December 10, 2013 1:22 PM authentication order This command sets the order of authentication methods used on a port. The available authentication methods are Dot1x, MAB, and captive portal. Ordering sets the order of methods that the switch attempts when trying to authenticate a new device connected to a port. If one method is unsuccessful or timed out, the next method is attempted.
PAGE 860
2CSNXXX_SWUM200.book Page 860 Tuesday, December 10, 2013 1:22 PM Use the no form of this command to return the port to the default order of priority for the authentication methods. Syntax authentication priority [mab | dot1x | captive-portal] [mab | dot1x | captive-portal] [mab | dot1x | captive-portal] no authentication priority Default Configuration There is no default configuration for this command. Command Modes Interface VLAN Configuration mode.
PAGE 861
2CSNXXX_SWUM200.book Page 861 Tuesday, December 10, 2013 1:22 PM Default Configuration The default timer value is 300 seconds. Command Modes Interface VLAN Configuration mode User Guidelines None Example console(config-if-Gi1/0/1)# authentication timer restart 1800 console(config-if-Gi1/0/1)# no authentication timer restart clear authentication statistics Use this command to clear the authentication statistics.
PAGE 862
2CSNXXX_SWUM200.book Page 862 Tuesday, December 10, 2013 1:22 PM clear authentication authentication-history Use this command to clear the authentication history logs. Syntax clear authentication authentication-history {interface-id | all} • interface-id—The interface. • all—All interfaces. Default Configuration There is no default configuration for this command.
PAGE 863
2CSNXXX_SWUM200.book Page 863 Tuesday, December 10, 2013 1:22 PM Command Modes Privileged EXEC mode User Guidelines This command has no user guidelines. Example console# show authentication Tiered Authentication.......................... Enabled console# show authentication interface Gi1/0/1 Port........................................... Authentication Restart timer................... Configured method order........................ Enabled method order...........................
PAGE 864
2CSNXXX_SWUM200.book Page 864 Tuesday, December 10, 2013 1:22 PM Command Modes Privileged EXEC mode User Guidelines This command has no user guidelines. Example console#show authentication authentication-history Gi1/0/1 Time Stamp Interface MAC-Address Auth Status Method --------------------- --------- ----------------- ------------ -----Jul 21 1919 15:06:15 Gi1/0/1 00:00:00:00:00:01 Authorized 802.
PAGE 865
2CSNXXX_SWUM200.book Page 865 Tuesday, December 10, 2013 1:22 PM Mab attempts................................... Mab failed attempts............................ Captive-portal attempts........................ Captive-Portal failed attempts................. 0 0 0 0 show dot1x Use the show dot1x command in Privileged EXEC mode to display: • A summary of the global dot1x configuration. • Summary information of the dot1x configuration for a specified port or all ports.
PAGE 866
2CSNXXX_SWUM200.book Page 866 Tuesday, December 10, 2013 1:22 PM Field Description Monitor Mode Indicates whether the Dot1x Monitor mode on the switch is enabled or disabled. Dynamic VLAN Creation Mode Indicates if VLANs assigned by the RADIUS server are dynamically created by the dot1x client. EAPOL flood mode Indicates whether EAPOL frames are flooded on the interface or are processed locally by the switch. Example console(config-if-Gi1/0/1)#show dot1x Administrative Mode...............
PAGE 867
2CSNXXX_SWUM200.book Page 867 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines The following table explains the output parameters. Parameter Description Time Stamp Exact time at which the event occurs. Interface Physical Port on which the event occurs.
PAGE 868
2CSNXXX_SWUM200.
PAGE 869
2CSNXXX_SWUM200.book Page 869 Tuesday, December 10, 2013 1:22 PM Field Description Clients Indicates the number of Dot1x clients authenticated using Authenticated using Monitor mode. Monitor Mode Clients Indicates the number of Dot1x clients authenticated using Authenticated using 802.1x authentication process. Dot1x The following table describes the significant fields shown in the display. Field Description Interface The port number.
PAGE 870
2CSNXXX_SWUM200.book Page 870 Tuesday, December 10, 2013 1:22 PM User Name...................................... Supp MAC Address............................... Session Time................................... Filter Id...................................... VLAN Id........................................ VLAN Assigned.................................. Session Timeout................................ Session Termination Action..................... 000102030405 00:01:02:03:04:05 518 Logical Interface........
PAGE 871
2CSNXXX_SWUM200.book Page 871 Tuesday, December 10, 2013 1:22 PM Example console#show dot1x interface gigabitethernet 1/0/10 Administrative Mode............... Disabled Dynamic VLAN Creation Mode........ Disabled Monitor Mode...................... Disabled Port Admin Mode ------- -----------------Gi1/0/10 auto Oper Mode -----------N/A Reauth Control -------FALSE Quiet Period................................... Transmit Period................................ Maximum Requests..............................
PAGE 872
2CSNXXX_SWUM200.book Page 872 Tuesday, December 10, 2013 1:22 PM User Guidelines The following table describes the significant fields shown in the display. Field Description EAPOL Frames Received The number of valid EAPOL frames of any type that have been received by this Authenticator. EAPOL Frames Transmitted The number of EAPOL frames of any type that have been transmitted by this Authenticator.
PAGE 873
2CSNXXX_SWUM200.book Page 873 Tuesday, December 10, 2013 1:22 PM console#show dot1x interface gigabitethernet 1/0/2 statistics Port......................................... gi1/0/2 EAPOL Frames Received.......................... 0 EAPOL Frames Transmitted....................... 0 EAPOL Start Frames Received.................... 0 EAPOL Logoff Frames Received................... 0 Last EAPOL Frame Version....................... 0 Last EAPOL Frame Source........................ 0000.0000.
PAGE 874
2CSNXXX_SWUM200.book Page 874 Tuesday, December 10, 2013 1:22 PM 1/0/1 Bob 1/0/2 John Switch# show dot1x users username Bob Port Username --------- --------1/0/1 Bob The following table describes the significant fields shown in the display: Field Description Username The username representing the identity of the Supplicant. Port The port that the user is using.
PAGE 875
2CSNXXX_SWUM200.book Page 875 Tuesday, December 10, 2013 1:22 PM 802.1x Advanced Features dot1x guest-vlan Use the dot1x guest-vlan command in Interface Configuration mode to set the guest VLAN on a port. The VLAN must already have been defined. The no form of this command sets the guest VLAN id to zero, which disables the guest VLAN on a port. Syntax dot1x guest-vlan vlan-id no dot1x guest-vlan • vlan-id — The ID of a valid VLAN to use as the guest VLAN (Range: 04093).
PAGE 876
2CSNXXX_SWUM200.book Page 876 Tuesday, December 10, 2013 1:22 PM Syntax dot1x unauth-vlan vlan-id no dot1x unauth-vlan • vlan-id — The ID of a valid VLAN to use for unauthenticated clients (Range: 0-4093). Default Configuration The unauthenticated VLAN is disabled on the interface by default. Command Mode Interface Configuration (Ethernet) mode User Guidelines Configure the unauthenticated VLAN before using this command.
PAGE 877
2CSNXXX_SWUM200.book Page 877 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays 802.1x advanced features for the switch.
PAGE 878
2CSNXXX_SWUM200.book Page 878 Tuesday, December 10, 2013 1:22 PM 878 802.
PAGE 879
2CSNXXX_SWUM200.book Page 879 Tuesday, December 10, 2013 1:22 PM 41 Data Center Technology Commands The data center commands allow network operators to deploy lossless Ethernet capabilities in support of a converged network with Fibre Channel and Ethernet data, as specified by the FC-BB-5 working group of ANSI T11. This capability allows operators to deploy networks at a lower cost while still maintaining the same SAN network management operations that exists today.
PAGE 880
2CSNXXX_SWUM200.
PAGE 881
2CSNXXX_SWUM200.book Page 881 Tuesday, December 10, 2013 1:22 PM 42 Data Center Bridging Commands Dell Networking N2000/N3000/N4000 Series Switches NOTE: Enhanced Transmission Selection commands are only supported on N4000 series switches. CLI commands and Dell OpenManage Switch Administrator pages are not available for other switch models.
PAGE 882
2CSNXXX_SWUM200.book Page 882 Tuesday, December 10, 2013 1:22 PM Overview In a typical switch or router, each physical port supports one or more queues for transmitting packets on the attached network. Multiple queues per port are often provided to give preference to certain packets over others based on user-defined criteria.
PAGE 883
2CSNXXX_SWUM200.book Page 883 Tuesday, December 10, 2013 1:22 PM guaranteed bandwidth allocation and a scheduling algorithm similar to the CoS queue configuration. The TCG scheduling and bandwidth enforcement occurs after the CoS queue scheduling and bandwidth enforcement is performed. Therefore all CoS queues mapped to the same TCG share the scheduling and bandwidth properties of the TCG.
PAGE 884
2CSNXXX_SWUM200.book Page 884 Tuesday, December 10, 2013 1:22 PM • Traffic Class Group map defining the CoS queue to TCG mapping. The indirect mapping between the 802.1p priorities and the associated Traffic Class Group mapping is advertised by DCBX as part of ETS TLVs. For this indirect mapping to be valid, the following parameters need to be configured in addition to the configuration of the TCGs. 1 Configure 8021.p priority to CoS mapping for the ingress ports.
PAGE 885
2CSNXXX_SWUM200.book Page 885 Tuesday, December 10, 2013 1:22 PM DCBX can be used to detect misconfiguration of a feature between the peers on a link. Misconfiguration detection is feature-specific because some features may allow asymmetric configuration. • Peer configuration of DCB features DCBX can be used by a device to perform configuration of DCB features in its peer device if the peer device is willing to accept configuration.
PAGE 886
2CSNXXX_SWUM200.book Page 886 Tuesday, December 10, 2013 1:22 PM Manual Ports operating in the Manual role do not have their configuration affected by peer devices or by internal propagation of configuration. These ports have their operational mode and TC and bandwidth information specified explicitly by the operator. These ports will advertise their configuration to their peer if DCBX is enabled on that port. Incompatible peer configurations will be logged and counted with an error counter.
PAGE 887
2CSNXXX_SWUM200.book Page 887 Tuesday, December 10, 2013 1:22 PM 1 If the configuration is compatible with the configuration source, then the DCBX client becomes operationally active on the upstream port. 2 If the configuration is not compatible with the configuration source, then a message is logged indicating an incompatible configuration, an error counter is incremented, and the DCBX client is operationally disabled on the port.
PAGE 888
2CSNXXX_SWUM200.book Page 888 Tuesday, December 10, 2013 1:22 PM Configuration Source Port Selection Process When an auto-upstream or auto-downstream port receives a configuration from a peer, the DCBX client first checks if there is an active configuration source.
PAGE 889
2CSNXXX_SWUM200.book Page 889 Tuesday, December 10, 2013 1:22 PM In order to reduce flapping of configuration information, if the configuration source port is disabled, disconnected or loses LLDP connectivity, the system clears the selection of configuration source port (if not manually selected) and enables the willing bit on all auto-upstream ports. The configuration on the auto-configuration ports is not cleared (configuration holdover).
PAGE 890
2CSNXXX_SWUM200.book Page 890 Tuesday, December 10, 2013 1:22 PM Syntax datacenter-bridging Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet) mode User Guidelines NOTE: This command is only available on N40xx series switches. Datacenter bridging mode is only available on physical interfaces, not on port-channel interfaces.
PAGE 891
2CSNXXX_SWUM200.book Page 891 Tuesday, December 10, 2013 1:22 PM Syntax lldp dcbx version {auto | cin | cee | ieee} no lldp dcbx version • auto—Automatically select the version based on the peer response. • CIN—Force the mode to Cisco-Intel-Nuova. (DCBX 1.0) • CEE—Force the mode to CEE (DCBX 1.06) • IEEE—Force the mode to IEEE 802.1Qaz Default Configuration The default version is auto. Command Mode Global Config User Guidelines NOTE: This command is only available on N40xx series switches.
PAGE 892
2CSNXXX_SWUM200.book Page 892 Tuesday, December 10, 2013 1:22 PM for transmission. If executed in Interface mode, the interface configuration overrides the global configuration for that interface. Entering the command with no parameters enables transmission of all TLVs. Use the no form of the command to return the configuration to the default settings.
PAGE 893
2CSNXXX_SWUM200.book Page 893 Tuesday, December 10, 2013 1:22 PM The following example globally configures all ports to not transmit any DCBX TLVs. console(config)#no dcb enable lldp dcbx port-role Use the lldp dcbx port-role command in Interface Configuration mode to configure the port role to manual, auto-upstream, auto-downstream and configuration source. The default port role is manual.
PAGE 894
2CSNXXX_SWUM200.book Page 894 Tuesday, December 10, 2013 1:22 PM Default Configuration The default port role is manual. Command Mode Interface Config User Guidelines NOTE: This command is only available on N40xx series switches. In order to reduce configuration flapping, ports that obtain configuration information from a configuration source port will maintain that configuration for 2x the LLDP time out, even if the configuration source port becomes operationally disabled.
PAGE 895
2CSNXXX_SWUM200.book Page 895 Tuesday, December 10, 2013 1:22 PM User Guidelines NOTE: This command is only available on N40xx series switches. This command has no user guidelines.
PAGE 896
2CSNXXX_SWUM200.book Page 896 Tuesday, December 10, 2013 1:22 PM This command has no user guidelines. Example #1 DCBX Status: console# show lldp dcbx interface all status Config DCBX DCBX Frame TLV Interface Status Role Version Rx Tx Errors Dscrd Dscrd ---------- ------- -------- -------- ------ ------ ------ ------ ----te1/0/1 Enabled Auto-up CEE 1.06 Yes 32 37 0 0 te1/0/2 Enabled Auto-up IEEE 32 37 0 0 te2/0/1 Enabled Auto-dn CIN 1.
PAGE 897
2CSNXXX_SWUM200.
PAGE 898
2CSNXXX_SWUM200.book Page 898 Tuesday, December 10, 2013 1:22 PM Example #4 DCBX enabled – IEEE device (DCBX Version Forced): console# show lldp dcbx interface te1/0/1 Interface te1/0/1 DCBX Admin Status: Enabled Configured DCBX Version: CIN 1.0 Peer DCBX Version: CEE 1.6 Peer MAC: 00:23:24:A4:21:03 Peer Description: Cisco Nexus 5020 IOS Version 5.
PAGE 899
2CSNXXX_SWUM200.
PAGE 900
2CSNXXX_SWUM200.book Page 900 Tuesday, December 10, 2013 1:22 PM Default Configuration By default, all the traffic classes are mapped to TCG 0. In the default configuration, all the Traffic Classes are grouped as one Traffic Class Group and TCG0 is configured as weighted round robin. Command Mode Global Config, Interface Configuration modes User Guidelines NOTE: This command is only available on N40xx series switches.
PAGE 901
2CSNXXX_SWUM200.book Page 901 Tuesday, December 10, 2013 1:22 PM traffic-class-group max-bandwidth Use this command in Global Config or Interface Configuration mode to specify the maximum transmission bandwidth limit for each TCG as a percentage of the interface rate. Also known as rate shaping, this has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bound.
PAGE 902
2CSNXXX_SWUM200.book Page 902 Tuesday, December 10, 2013 1:22 PM If a non-zero value is specified for any bw-x maximum bandwidth parameter, it must not be less than the current minimum bandwidth value for the corresponding queue. A bw-x maximum bandwidth parameter value of 0 may be specified at any time without restriction. The maximum bandwidth limits may be used with either a weighted or strict priority scheduling scheme.
PAGE 903
2CSNXXX_SWUM200.book Page 903 Tuesday, December 10, 2013 1:22 PM User Guidelines NOTE: This command is only available on N40xx series switches. This command specified in Interface Configuration mode only affects a single interface, whereas the Global Configuration mode setting is applied to all interfaces. The Interface Configuration mode command is only available on the N4000 series switches. Each bw-x value is a percentage that ranges from 0 to 100 in increments of 1.
PAGE 904
2CSNXXX_SWUM200.book Page 904 Tuesday, December 10, 2013 1:22 PM Syntax traffic-class-group strict [ … ] no traffic-class-group strict • tcg-id—The TCG identifier. Range is 0 to 2 Default Configuration The default scheduling mode for all TCGs is weighted scheduling. Command Mode Global Configuration mode, Interface Configuration mode User Guidelines NOTE: This command is only available on N40xx series switches.
PAGE 905
2CSNXXX_SWUM200.book Page 905 Tuesday, December 10, 2013 1:22 PM Example The following example demonstrates how to set TCGs 1 and 2 to strict priority scheduling. console(config)# traffic-class-group strict 1 2 traffic-class-group weight Use the traffic-class-group weight command in Global Config or Interface Configuration mode to specify the scheduling weight for each TCG.
PAGE 906
2CSNXXX_SWUM200.book Page 906 Tuesday, December 10, 2013 1:22 PM The weight percentage is not considered for Traffic Class Groups that are configured for strict priority scheduling. Auto-configuration ports utilize the weights received from the auto-configuration source but do no alter the manual settings. Manually configured ports enabled for DCBX transmit the manually configured weights in the TC Bandwidth table in the ETS TLVs.
PAGE 907
2CSNXXX_SWUM200.book Page 907 Tuesday, December 10, 2013 1:22 PM Traffic class group 7 is reserved by the system and is not shown. Auto-configuration ports utilize the traffic class group mappings received from the auto-configuration source. Manually configured ports enabled for DCBX transmit the traffic class groups in the ETS TLVs.
PAGE 908
2CSNXXX_SWUM200.book Page 908 Tuesday, December 10, 2013 1:22 PM The parameter is optional. If specified, the TCG mapping table of the interface is displayed. If omitted, the global configuration settings are displayed (these may have been subsequently overridden by per-port configuration). The following information is displayed: Field Description Interface Displays the slot/port of the interface.
PAGE 909
2CSNXXX_SWUM200.book Page 909 Tuesday, December 10, 2013 1:22 PM 43 Priority Flow Control Commands Dell Networking N4000 Series Switches Priority Flow Control (PFC) provides a means of pausing frames based on individual priorities on a single physical link. By pausing the congested priority or priorities independently, protocols that are highly loss sensitive can share the same link with traffic that has different loss tolerances with less congestion spreading than standard flow control.
PAGE 910
2CSNXXX_SWUM200.book Page 910 Tuesday, December 10, 2013 1:22 PM The effective default behavior on an interface enabled for PFC without a nodrop priority is that no flow control (legacy or PFC) is enabled. If the user enables PFC but does not create any no-drop priorities, the interface will not be lossless. Changing the drop and no-drop capabilities on an interface, either in flow control or priority flow control, may require that all ports briefly drop link.
PAGE 911
2CSNXXX_SWUM200.book Page 911 Tuesday, December 10, 2013 1:22 PM Default Configuration Priority-flow-control mode is off (disabled) by default. Command Mode Datacenter-Bridging Configuration mode User Guidelines NOTE: This command is only available on N40xx series switches. PFC must be enabled before FIP snooping can operate over the interface. Use the no form of the command to return the mode to the default (off).
PAGE 912
2CSNXXX_SWUM200.book Page 912 Tuesday, December 10, 2013 1:22 PM Syntax priority-flow-control priority priority-list {drop | no-drop} no priority-flow-control priority • drop—Disable lossless behavior on the selected priorities. • no-drop—Enable lossless behavior on the selected priorities. Default Configuration The default behavior for all priorities is drop. Command Mode Datacenter-Bridging Configuration mode User Guidelines NOTE: This command is only available on N40xx series switches.
PAGE 913
2CSNXXX_SWUM200.book Page 913 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example #1 console#clear priority-flow-control statistics tengigabitethernet 1/0/1 Example #2 console#clear priority-flow-control statistics show interfaces priority-flow-control Use the show interfaces priority-flow-control command in Privileged EXEC mode to display the global or interface priority flow control status and statistics.
PAGE 914
2CSNXXX_SWUM200.
PAGE 915
2CSNXXX_SWUM200.
PAGE 916
2CSNXXX_SWUM200.
PAGE 917
2CSNXXX_SWUM200.book Page 917 Tuesday, December 10, 2013 1:22 PM 44 Layer 3 Commands The chapters that follow describe commands that conform to the OSI model’s Network Layer (Layer 3). Layer 3 commands perform a series of exchanges over various data links to deliver data between any two nodes in a network. These commands define the addressing and routing structure of the Internet.
PAGE 918
2CSNXXX_SWUM200.
PAGE 919
2CSNXXX_SWUM200.book Page 919 Tuesday, December 10, 2013 1:22 PM 45 ARP Commands Dell Networking N2000/N3000/N4000 Series Switches When a host has an IP packet to send on an Ethernet network, it must encapsulate the IP packet in an Ethernet frame. The Ethernet header requires a destination MAC address. If the destination IP address is on the same network as the sender, the sender uses the Address Resolution Protocol (ARP) to determine the MAC address associated with destination IP address.
PAGE 920
2CSNXXX_SWUM200.book Page 920 Tuesday, December 10, 2013 1:22 PM ARP Aging Dynamic entries in the ARP cache are aged. When an entry for a neighbor router reaches its maximum age, the system sends an ARP request to the neighbor router to renew the entry. Entries for neighbor routers should remain in the ARP cache as long as the neighbor continues to respond to ARP requests. ARP cache entries for neighbor hosts are renewed more selectively.
PAGE 921
2CSNXXX_SWUM200.book Page 921 Tuesday, December 10, 2013 1:22 PM Syntax arp ip-address hardware-address no arp ip-address • ip-address — IP address of a device on a subnet attached to an existing routing interface. • hardware-address — A unicast MAC address for that device. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
PAGE 922
2CSNXXX_SWUM200.book Page 922 Tuesday, December 10, 2013 1:22 PM Default Configuration The switch defaults to using the maximum allowed cache size. Command Mode Global Configuration mode User Guidelines The ARP cache size is dependant on the switching hardware used. Values different from the default given above may exist in a given switch model. Example The following example defines an arp cachesize of 500.
PAGE 923
2CSNXXX_SWUM200.book Page 923 Tuesday, December 10, 2013 1:22 PM request to the neighbor. If the neighbor responds, the age of the ARP cache entry is reset to 0 without removing the entry from the hardware. Traffic to the host continues to be forwarded in hardware without interruption. If the entry is not being used to forward data packets, then the entry is deleted from the ARP cache, unless the dynamic renew option is enabled.
PAGE 924
2CSNXXX_SWUM200.book Page 924 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example removes the specified IP address from arp cache. console#arp purge 192.168.1.10 arp resptime Use the arp resptime command in Global Configuration mode to configure the ARP request response time-out. To return the response time-out to the default value, use the no form of this command.
PAGE 925
2CSNXXX_SWUM200.book Page 925 Tuesday, December 10, 2013 1:22 PM arp retries Use the arp retries command in Global Configuration mode to configure the ARP count of maximum requests for retries. To return to the default value, use the no form of this command. Syntax arp retries integer no arp retries • integer — The maximum number of requests for retries. (Range: 0-10) Default Configuration The default value is 4 retries.
PAGE 926
2CSNXXX_SWUM200.book Page 926 Tuesday, December 10, 2013 1:22 PM Default Configuration The default value is 1200 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines 900 seconds as the timeout. console(config)#arp timeout 900 clear arp-cache Use the clear arp-cache command in Privileged EXEC mode to remove all ARP entries of type dynamic from the ARP cache.
PAGE 927
2CSNXXX_SWUM200.book Page 927 Tuesday, December 10, 2013 1:22 PM console#clear arp-cache gateway clear arp-cache management Use the clear arp-cache management command to clear all entries that show as management arp entries in the show arp command. Syntax clear arp-cache management Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
PAGE 928
2CSNXXX_SWUM200.book Page 928 Tuesday, December 10, 2013 1:22 PM ip local-proxy-arp Use the ip local proxy-arp command in Interface Configuration mode to enable proxying of ARP requests. This allows the switch to respond to ARP requests within a subnet where routing is not enabled. Syntax ip local-proxy-arp no ip local-proxy-arp Default Configuration Proxy arp is disabled by default. Command Mode Interface (VLAN) Configuration User Guidelines This command has no user guidelines.
PAGE 929
2CSNXXX_SWUM200.book Page 929 Tuesday, December 10, 2013 1:22 PM Command Mode Interface Configuration (VLAN) mode User Guidelines The ip proxy-arp command is not available in interface range mode. Example The following example enables proxy arp for VLAN 15. (config)#interface vlan 15 console(config-if-vlan15)#ip proxy-arp show arp Use the show arp command in Privileged EXEC mode to display all entries in the Address Resolution Protocol (ARP) cache. The displayed results are not the total ARP entries.
PAGE 930
2CSNXXX_SWUM200.book Page 930 Tuesday, December 10, 2013 1:22 PM console#show arp Static ARP entries are only active when the IP address is reachable on a local subnet Age Time (seconds)............................. 1200 Response Time (seconds)........................ 1 Retries........................................ 4 Cache Size..................................... 6144 Dynamic Renew Mode............................ Disable Total Entry Count Current / Peak..............
PAGE 931
2CSNXXX_SWUM200.book Page 931 Tuesday, December 10, 2013 1:22 PM 46 DHCP Server and Relay Agent Commands Dell Networking N2000/N3000/N4000 Series Switches DHCP is based on the Bootstrap Protocol (BOOTP). It also captures the behavior of BOOTP relay agents and DHCP participants can inter operate with BOOTP participants. The host RFC’s standardize the configuration parameters which can be supplied by the DHCP server to the client.
PAGE 932
2CSNXXX_SWUM200.book Page 932 Tuesday, December 10, 2013 1:22 PM • Internet access cost is greatly reduced by using automatic assignment as Static IP addresses are considerably more expensive to purchase than are automatically allocated IP addresses. • Using DHCP a centralized management policy can be implemented as the DHCP server keeps information about all the subnets. This allows a system operator to update a single server when configuration changes take place.
PAGE 933
2CSNXXX_SWUM200.book Page 933 Tuesday, December 10, 2013 1:22 PM Syntax ip dhcp pool [pool-name] no ip dhcp pool [pool-name] • pool-name—The name of an existing or new DHCP address pool. The pool name can be up to 31 characters in length and can contain the following characters: a-z, A-Z, 0-9, ’-’, ’_’, ’ ’. Enclose the entire pool name in quotes if an embedded blank is to appear in the pool name. Default Configuration The command has no default configuration.
PAGE 934
2CSNXXX_SWUM200.book Page 934 Tuesday, December 10, 2013 1:22 PM • NetBIOS Node Type – netbios-node-type • Client default router – default-router • Client address lease time – lease Administrators may also configure manual bindings for clients using the host command in DHCP Pool Configuration mode. This is the most often used for DHCP clients for which the administrator wishes to reserve an ip address, for example a computer server or a printer.
PAGE 935
2CSNXXX_SWUM200.book Page 935 Tuesday, December 10, 2013 1:22 PM bootfile Use the bootfile command in DHCP Pool Configuration mode to set the name of the image for the DHCP client to load. Use the no form of the command to remove the bootfile configuration. Use the show ip dhcp pool command to display pool configuration parameters. Syntax bootfile filename no bootfile • filename—The name of the file for the DHCP client to load. Default Configuration There is no default bootfile filename.
PAGE 936
2CSNXXX_SWUM200.book Page 936 Tuesday, December 10, 2013 1:22 PM Default Configuration The command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console#clear ip dhcp binding 1.2.3.4 clear ip dhcp conflict Use the clear ip dhcp conflict command in Privileged EXEC mode to remove DHCP server address conflicts. Use the show ip dhcp conflict command to display address conflicts detected by the DHCP server.
PAGE 937
2CSNXXX_SWUM200.book Page 937 Tuesday, December 10, 2013 1:22 PM client-identifier Use the client-identifier command in DHCP Pool Configuration mode to identify a Microsoft DHCP client to be manually assigned an address. Use the no form of the command to remove the client identifier configuration. Syntax client-identifier unique-identifier no client-identifier • unique-identifier—The identifier of the Microsoft DHCP client.
PAGE 938
2CSNXXX_SWUM200.book Page 938 Tuesday, December 10, 2013 1:22 PM Syntax client-name name no client-name • name—The name of the DHCP client. The client name is specified as up to 31 printable characters. Default Configuration There is no default client name. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters.
PAGE 939
2CSNXXX_SWUM200.book Page 939 Tuesday, December 10, 2013 1:22 PM • ip-address2—The IPv4 address of the second default router for the DHCP client. Default Configuration No default router is configured. Command Mode DHCP Pool Configuration mode User Guidelines This command has no user guidelines. Example console(config-dhcp-pool)#default-router 192.168.22.1 192.168.23.
PAGE 940
2CSNXXX_SWUM200.book Page 940 Tuesday, December 10, 2013 1:22 PM domain-name (IP DHCP Pool Config) Use the domain-name command in IP DHCP Pool Configuration mode to set the DNS domain name which is provided to a DHCP client by the DHCP server. The DNS name is an alphanumeric string up to 255 characters in length. Use the no form of the command to remove the domain name. Syntax domain-name domain no domain-name domain • domain — DHCP domain name.
PAGE 941
2CSNXXX_SWUM200.book Page 941 Tuesday, December 10, 2013 1:22 PM Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. It may be necessary to use the no host command prior to executing the no hardware-address command. Example console(config-dhcp-pool)#hardware-address 00:23:12:43:23:54 console(config-dhcp-pool)#host 192.168.21.
PAGE 942
2CSNXXX_SWUM200.book Page 942 Tuesday, December 10, 2013 1:22 PM User Guidelines Use the client-identifier or hardware-address command prior to using this command for an address pool. Use the show ip dhcp pool command to display pool configuration parameters. Example console(config-dhcp-pool)#client-identifier 00:23:12:43:23:54 console(config-dhcp-pool)#host 192.168.21.
PAGE 943
2CSNXXX_SWUM200.book Page 943 Tuesday, December 10, 2013 1:22 PM ip dhcp conflict logging Use the ip dhcp conflict logging command in Global Configuration mode to enable DHCP address conflict detection. Use the no form of the command to disable DHCP conflict logging. Syntax ip dhcp conflict logging no ip dhcp conflict logging Default Configuration Conflict logging is enabled by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
PAGE 944
2CSNXXX_SWUM200.book Page 944 Tuesday, December 10, 2013 1:22 PM • high-address—An IPv4 address indicating the ending range for exclusion from automatic DHCP address assignment. The high-address must be numerically greater than the low-address. Default Configuration By default, no IP addresses are excluded from the lists configured by the IP DHCP pool configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console#ip dhcp excluded-address 192.
PAGE 945
2CSNXXX_SWUM200.book Page 945 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console#ip dhcp ping packets 5 lease Use the lease command in DHCP Pool Configuration mode to set the period for which a dynamically assigned DHCP address is valid. Use the infinite parameter to indicate that addresses are to be automatically assigned. Use the no form of the command to return the lease configuration to the default.
PAGE 946
2CSNXXX_SWUM200.book Page 946 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example console(config-dhcp-pool)#lease 1 12 59 netbios-name-server Use the netbios-name-server command in DHCP Pool Configuration mode to configure the IPv4 address of the Windows Internet Naming Service (WINS) for a Microsoft DHCP client. Use the no form of the command to remove the NetBIOS name server configuration. Syntax netbios-name-server ip-address [ip-address2...
PAGE 947
2CSNXXX_SWUM200.book Page 947 Tuesday, December 10, 2013 1:22 PM netbios-node-type Use the netbios-node-type command in DHCP Pool Configuration mode to set the NetBIOS node type for a Microsoft DHCP client. Use the no form of the command to remove the netbios node configuration. Syntax netbios-node-type type no netbios-node-type • type—The NetBIOS node type can be b-node, h-node, m-node or p-node. Default Configuration There is no default NetBIOS node type configured.
PAGE 948
2CSNXXX_SWUM200.book Page 948 Tuesday, December 10, 2013 1:22 PM Syntax network network-number [mask | prefix-length] • network-number—A valid IPv4 address • mask—A valid IPv4 network mask with contiguous left-aligned bits. • prefix-length—An integer indicating the number of leftmost bits in the network-number to use as a prefix for allocating cells. Default Configuration This command has no default configuration.
PAGE 949
2CSNXXX_SWUM200.book Page 949 Tuesday, December 10, 2013 1:22 PM User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. The IPv4 address is conveyed in the SIADDR field of the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages. Example console(config-dhcp-pool)#next-server 192.168.21.2 option Use the option command in DHCP Pool Configuration mode to supply arbitrary configuration information to a DHCP client.
PAGE 950
2CSNXXX_SWUM200.book Page 950 Tuesday, December 10, 2013 1:22 PM User Guidelines The option information must match the selected option type and length. Options cannot be longer than 255 characters in length. The option information is conveyed in the TLV specified by the code parameter in the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages. Figure 46-1 lists the options that can be configured and their fixed length, minimum length, and length multiple requirements. Figure 46-1.
PAGE 951
2CSNXXX_SWUM200.book Page 951 Tuesday, December 10, 2013 1:22 PM Figure 46-1.
PAGE 952
2CSNXXX_SWUM200.book Page 952 Tuesday, December 10, 2013 1:22 PM Figure 46-1.
PAGE 953
2CSNXXX_SWUM200.book Page 953 Tuesday, December 10, 2013 1:22 PM console(config-dhcp-pool)#option 29 hex 01 console(config-dhcp-pool)#option 59 hex 00 00 10 01 console(config-dhcp-pool)#option 25 hex 01 ff service dhcp Use the service dhcp command in Global Configuration mode to enable local IPv4 DHCP server on the switch. Use the no form of the command to disable the DHCPv4 service. Syntax service dhcp no service dhcp Default Configuration The service is disabled by default.
PAGE 954
2CSNXXX_SWUM200.book Page 954 Tuesday, December 10, 2013 1:22 PM Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. The IPv4 address of the NTP server is conveyed in the Option 42 TLV of the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages. Example console(config-dhcp-pool)#sntp 192.168.21.
PAGE 955
2CSNXXX_SWUM200.book Page 955 Tuesday, December 10, 2013 1:22 PM show ip dhcp conflict Use the show ip dhcp conflict command in User EXEC mode to display DHCP address conflicts for all relevant interfaces or a specified interface. If an interface is specified, the optional statistics parameter is available to view statistics for the specified interface. Syntax show ip dhcp conflict [address] • address—A valid IPv4 address for which the conflict information is desired.
PAGE 956
2CSNXXX_SWUM200.book Page 956 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example console#show ip dhcp server statistics show ip dhcp pool Use the show ip dhcp pool command in User EXEC or Privileged EXEC mode to display the configured DHCP pool or pools. If no pool name is specified, information about all pools is displayed. Syntax show ip dhcp pool [all | poolname] • poolname—Name of the pool.
PAGE 957
2CSNXXX_SWUM200.book Page 957 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show ip dhcp server statistics Automatic Bindings............................. 100 Expired Bindings............................... 32 Malformed Bindings............................. 0 Messages Received ------------------DHCP DISCOVER.................................. 132 DHCP REQUEST......
PAGE 958
2CSNXXX_SWUM200.
PAGE 959
2CSNXXX_SWUM200.
PAGE 960
2CSNXXX_SWUM200.book Page 960 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Examples The following examples clears DHCPv6 statistics for VLAN 11. console#clear ipv6 dhcp interface vlan 11 statistics\ dns-server (IPv6 DHCP Pool Config) Use the dns-server command in IPv6 DHCP Pool Configuration mode to set the IPv6 DNS server address which is provided to a DHCPv6 client by the DHCPv6 server. DNS server address is configured for stateless server support.
PAGE 961
2CSNXXX_SWUM200.book Page 961 Tuesday, December 10, 2013 1:22 PM no domain-name domain • domain — DHCPv6 domain name. (Range: 1–255 characters) Default Configuration This command has no default configuration. Command Mode IPv6 DHCP Pool Configuration mode User Guidelines DHCPv6 pool can have multiple number of domain names with maximum of 8. Example The following example sets the DNS domain name "test", which is provided to a DHCPv6 client by the DHCPv6 server.
PAGE 962
2CSNXXX_SWUM200.book Page 962 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enters IPv6 DHCP Pool Configuration mode.
PAGE 963
2CSNXXX_SWUM200.book Page 963 Tuesday, December 10, 2013 1:22 PM Command Mode Interface Configuration (VLAN, Tunnel) mode User Guidelines The IPv6 DHCP service must be enavbled to use this feature. Enable the IPv6 DHCP service using the service dhcpv6 command. If relay-address is an IPv6 global address, then relay-interface is not required. If relay-address is a link-local or multicast address, then relay-interface is required.
PAGE 964
2CSNXXX_SWUM200.book Page 964 Tuesday, December 10, 2013 1:22 PM • pref-value — Preference value —used by clients to determine preference between multiple DHCPv6 servers. (Range: 0-4294967295) Default Configuration The default preference value is 20. Rapid commit is not enabled by default. Command Mode Interface Configuration (VLAN, Tunnel) mode User Guidelines This feature requires the IPv6 DHCP service. Enable the IPv6 DHCP service using the service dhcpv6 command.
PAGE 965
2CSNXXX_SWUM200.book Page 965 Tuesday, December 10, 2013 1:22 PM console(config-dhcp6s-pool)# address prefix-delegation 2001::/64 00:01:32:00:32:00 console(config-dhcp6s-pool)# exit console(config)#interface vlan 10 console(config-if-vlan10)#ipv6 dhcp server pool1 console(config-if-vlan10)# prefix-delegation Use the prefix-delegation command in IPv6 DHCP Pool Configuration mode to define multiple IPv6 prefixes within a pool for distributing to specific DHCPv6 Prefix delegation clients.
PAGE 966
2CSNXXX_SWUM200.book Page 966 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example defines a Multiple IPv6 prefix and client DUID within a pool for distributing to specific DHCPv6 Prefix delegation clients.
PAGE 967
2CSNXXX_SWUM200.book Page 967 Tuesday, December 10, 2013 1:22 PM Example The following example enables DHCPv6 globally. console#configure console(config)#service dhcpv6 console(config)#no service dhcpv6 show ipv6 dhcp Use the show ipv6 dhcp command in Privileged EXEC mode to display the DHCPv6 server name and status. Syntax show ipv6 dhcp Default Configuration This command has no default configuration.
PAGE 968
2CSNXXX_SWUM200.book Page 968 Tuesday, December 10, 2013 1:22 PM Syntax show ipv6 dhcp binding [ipv6-address] • ipv6-address — Valid IPv6 address. Default Configuration This command has no default configuration. Command Mode Privileged EXEC and User EXEC modes, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the configured DHCP pool based on the entered IPv6 address.
PAGE 969
2CSNXXX_SWUM200.book Page 969 Tuesday, December 10, 2013 1:22 PM Command Mode User EXEC, Privileged EXEC modes, Configuration mode and all Configuration submodes User Guidelines Statistics are shown depending on the interface mode (relay, server, or client). Examples The following examples display DHCPv6 information for VLAN 11 when configured in relay mode. console> show ipv6 dhcp interface vlan 11 IPv6 Interface................................. Mode...........................................
PAGE 970
2CSNXXX_SWUM200.book Page 970 Tuesday, December 10, 2013 1:22 PM show ipv6 dhcp interface (Privileged EXEC) Use the show ipv6 dhcp interface command in Privileged EXEC mode to display configuration and status information about an IPv6 DHCP interface or all interfaces. Syntax show ipv6 dhcp interface [interface-id]{statistics} • interface-id—Any valid IP interface. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration.
PAGE 971
2CSNXXX_SWUM200.book Page 971 Tuesday, December 10, 2013 1:22 PM Term Description T2 Time The T2 (in seconds) time as indicated by the DHCPv6 Server. T2 value indicates the time interval after which the Client sends Rebind message to the Server in case there are no replies to the Renew messages. Interface IAID An identifier for an identity association chosen by this Client. Leased Address The IPv6 address leased by the DHCPv6 Server for this interface.
PAGE 972
2CSNXXX_SWUM200.book Page 972 Tuesday, December 10, 2013 1:22 PM IPv6 Interface................................. Mode........................................... Relay Address.................................. Relay Interface Number......................... Relay Remote ID................................ Option Flags................................... Vl10 Relay 3030::3 Relay console#show ipv6 dhcp interface vlan 10 IPv6 Interface................................. Mode......................................
PAGE 973
2CSNXXX_SWUM200.book Page 973 Tuesday, December 10, 2013 1:22 PM DHCPv6 Malformed Packets Received..................... 0 Total DHCPv6 Packets Received......................... 0 DHCPv6 DHCPv6 DHCPv6 DHCPv6 DHCPv6 Total Solicit Packets Transmitted.................... 0 Request Packets Transmitted.................... 0 Renew Packets Transmitted...................... 0 Rebind Packets Transmitted..................... 0 Release Packets Transmitted.................... 0 DHCPv6 Packets Transmitted..............
PAGE 974
2CSNXXX_SWUM200.book Page 974 Tuesday, December 10, 2013 1:22 PM Syntax show ipv6 dhcp statistics Default Configuration This command has no default configuration. Command Mode User EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the DHCPv6 server name and status. console> show ipv6 dhcp statistics DHCPv6 Interface Global Statistics -----------------------------------DHCPv6 Solicit Packets Received..
PAGE 975
2CSNXXX_SWUM200.
PAGE 976
2CSNXXX_SWUM200.book Page 976 Tuesday, December 10, 2013 1:22 PM Command Modes User EXEC, Privileged EXEC User Guidelines This command has no user guidelines. Example (console) #clear ipv6 dhcp snooping binding clear ipv6 dhcp snooping statistics Use the clear ipv6 dhcp snooping statistics command to clear all IPv6 DHCP Snooping statistics. Syntax clear ipv6 dhcp snooping statistics Default Configuration This command has no default configuration.
PAGE 977
2CSNXXX_SWUM200.book Page 977 Tuesday, December 10, 2013 1:22 PM Syntax ipv6 dhcp snooping no ipv6 dhcp snooping Default Configuration By default, DHCP snooping is not enabled. Command Modes Global Configuration mode User Guidelines The DHCP snooping application processes incoming DHCP messages.
PAGE 978
2CSNXXX_SWUM200.book Page 978 Tuesday, December 10, 2013 1:22 PM Syntax ipv6 dhcp snooping vlan vlan-range no ipv6 dhcp snooping vlan-range • vlan-range —A single VLAN, one or more VLANs separated by commas, or two VLANs separated by a single dash indicating all VLANs between the first and second inclusive. Multiple VLAN identifiers can be entered provided that no embedded spaces are contained within the vlan-range. Default Configuration By default, DHCP snooping is not enabled on any VLANs.
PAGE 979
2CSNXXX_SWUM200.book Page 979 Tuesday, December 10, 2013 1:22 PM • mac-address—A valid mac address in standard format. • vlan-id —A configured VLAN id. (Range 1-4093) • ip-address—A valid IPv6 address. • interface-id—A valid interface ID in short or long format. Physical interfaces and port channels are supported. Default Configuration By default, no static DHCP bindings are configured.
PAGE 980
2CSNXXX_SWUM200.book Page 980 Tuesday, December 10, 2013 1:22 PM User Guidelines The DHCP binding database is persistently stored on a configured external server or locally in flash, depending on the user configuration. A row-wise checksum is placed in the text file that is stored on the configured TFTP server. On switch startup, the switch reads the text file and uses the contents to build the DHCP snooping database.
PAGE 981
2CSNXXX_SWUM200.book Page 981 Tuesday, December 10, 2013 1:22 PM ipv6 dhcp snooping limit Use the ipv6 dhcp snooping limit command configures an interface to be diagnostically disabled if the rate of received DHCP messages exceeds the configured limit. Use the no shutdown command to reenable the interface. Use the no form of the command to disable diagnostic disabling of the interface.
PAGE 982
2CSNXXX_SWUM200.book Page 982 Tuesday, December 10, 2013 1:22 PM The administrator can configure the rate and burst interval. Rate limiting is configured independently on each physical interface and may be enabled on both trusted and untrusted interfaces. The rate limit is configurable in the range of 0-300 packets per second and the burst interval in the range of 1-15 seconds.
PAGE 983
2CSNXXX_SWUM200.book Page 983 Tuesday, December 10, 2013 1:22 PM ipv6 dhcp snooping trust Use the ipv6 dhcp snooping trust command to configure an interface as trusted. Use the no form of the command to return the interface to the default configuration. Syntax ipv6 dhcp snooping trust no ipv6 dhcp snooping trust Default Configuration By default, interfaces are untrusted.
PAGE 984
2CSNXXX_SWUM200.book Page 984 Tuesday, December 10, 2013 1:22 PM no ipv6 dhcp snooping verify mac-address Default Configuration By default, MAC address verification is not enabled. Command Modes Global Configuration mode User Guidelines DHCP MAC address verification operates on DHCP messages received over untrusted interfaces. The source MAC address of DHCP packet is different from the client hardware if: • A DHCP discovery/request broadcast packet that was forwarded by the relay agent.
PAGE 985
2CSNXXX_SWUM200.book Page 985 Tuesday, December 10, 2013 1:22 PM Syntax ipv6 verify binding mac-address vlan vlan-id ip-address interface interface id no ipv6 verify binding mac-address vlan vlan-id ip-address interface interface id • mac-address —A valid mac address in standard format. • vlan-id —A configured VLAN id. (Range 1-4093. • ip-address —A valid IPv6 address. • interface-id—A valid interface ID in short or long format.
PAGE 986
2CSNXXX_SWUM200.book Page 986 Tuesday, December 10, 2013 1:22 PM Default Configuration By default, no sources are blocked. Command Modes Interface Configuration mode (physical and port-channel) User Guidelines DHCP snooping should be enabled on any interfaces for which ipv6 verify source is configured. If ipv6 verify source is configured on an interface for which DHCP snooping is disabled, or for which DHCP snooping is enabled and the interface is trusted, incoming traffic on the interface is dropped.
PAGE 987
2CSNXXX_SWUM200.book Page 987 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has not user guidelines.
PAGE 988
2CSNXXX_SWUM200.book Page 988 Tuesday, December 10, 2013 1:22 PM User Guidelines There are no user guidelines for this command.
PAGE 989
2CSNXXX_SWUM200.book Page 989 Tuesday, December 10, 2013 1:22 PM show ipv6 dhcp snooping interfaces Use the show ipv6 dhcp snooping interfaces command to show the DHCP Snooping status of IPv6 interfaces. Syntax show ipv6 dhcp snooping interfaces [interface id] • interface id—A valid physical interface. Default Configuration There is no default configuration for this command. Command Modes User EXEC, Privileged EXEC (all show modes) User Guidelines If no parameter is given, all interfaces are shown.
PAGE 990
2CSNXXX_SWUM200.book Page 990 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Modes User EXEC, Privileged EXEC (all show modes) User Guidelines The following statistics are displayed. Parameter Description MAC Verify Failures The number of DHCP messages that got filtered on an untrusted interface because of the source MAC address and client hardware address mismatch.
PAGE 991
2CSNXXX_SWUM200.book Page 991 Tuesday, December 10, 2013 1:22 PM Syntax show ipv6 source binding [{dhcp-snooping | static}] [interface interface-id] [vlan vlan-id] • dhcp-snooping — Displays the DHCP snooping bindings. • static —Displays the statically configured bindings. Default Configuration This command has no default configuration. Command Modes User EXEC, Privileged EXEC (all show modes) User Guidelines This command has no user guidelines.
PAGE 992
2CSNXXX_SWUM200.
PAGE 993
2CSNXXX_SWUM200.book Page 993 Tuesday, December 10, 2013 1:22 PM Default Configuration There is no default configuration for this command. Command Modes User EXEC, Privileged EXEC (all show modes) User Guidelines If MAC address filtering is not configured on the interface, the MAC Address field is empty. If port security is disabled on the interface, the MAC Address field displays permit-all.
PAGE 994
2CSNXXX_SWUM200.
PAGE 995
2CSNXXX_SWUM200.book Page 995 Tuesday, December 10, 2013 1:22 PM 49 DVMRP Commands Dell Networking N3000/N4000 Series Switches Distance Vector Multicast Routing Protocol (DVMRP) is a dense mode multicast protocol and is most appropriate for use in networks where bandwidth is relatively plentiful and there is at least one multicast group member in each subnet. DVMRP assumes that all hosts are part of a multicast group until it is informed of multicast group changes.
PAGE 996
2CSNXXX_SWUM200.book Page 996 Tuesday, December 10, 2013 1:22 PM Default Configuration Disabled is the default configuration. Command Mode Global Configuration Interface Configuration (VLAN) mode User Guidelines PIM must be disabled before DVMRP can be enabled. Example The following example sets VLAN 15’s administrative mode of DVMRP to active.
PAGE 997
2CSNXXX_SWUM200.book Page 997 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example configures a metric of 5 for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip dvmrp metric 5 show ip dvmrp Use the show ip dvmrp command in Privileged EXEC mode to display the system-wide information for DVMRP. Syntax show ip dvmrp Default Configuration This command has no default condition.
PAGE 998
2CSNXXX_SWUM200.book Page 998 Tuesday, December 10, 2013 1:22 PM show ip dvmrp interface Use the show ip dvmrp interface command in Privileged EXEC mode to display the interface information for DVMRP on the specified interface. Syntax show ip dvmrp interface vlan vlan-id • vlan-id — Valid VLAN ID. Default Configuration This command has no default condition. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 999
2CSNXXX_SWUM200.book Page 999 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the neighbor information for DVMRP. console(config)#show ip dvmrp neighbor No neighbors available.
PAGE 1000
2CSNXXX_SWUM200.book Page 1000 Tuesday, December 10, 2013 1:22 PM show ip dvmrp prune Use the show ip dvmrp prune command in Privileged EXEC mode to display the table that lists the router’s upstream prune information. Syntax show ip dvmrp prune Default Configuration This command has no default condition. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 1001
2CSNXXX_SWUM200.book Page 1001 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the multicast routing information for DVMRP.
PAGE 1002
2CSNXXX_SWUM200.
PAGE 1003
2CSNXXX_SWUM200.book Page 1003 Tuesday, December 10, 2013 1:22 PM 44 GMRP Commands Dell Networking N2000/N3000/N4000 Series Switches The GARP Multicast Registration Protocol provides a mechanism that allows networking devices to dynamically register (and deregister) Group membership information with the MAC networking devices attached to the same segment, and for that information to be disseminated across all networking devices in the bridged LAN that support Extended Filtering Services.
PAGE 1004
2CSNXXX_SWUM200.book Page 1004 Tuesday, December 10, 2013 1:22 PM NOTE: The Group Service capability is not supported. The registration and deregistration of membership results in the multicast table being updated with a new entry or the existing entry modified. This ensures that the networking device receives multicast frames from all ports but forwards them through only those ports for which GMRP has created Group registration entry (for that multicast address).
PAGE 1005
2CSNXXX_SWUM200.book Page 1005 Tuesday, December 10, 2013 1:22 PM Example In this example, GMRP is globally enabled. console(config)#gmrp enable show gmrp configuration Use the show gmrp configuration command in Global Configuration mode and Interface Configuration mode to display GMRP configuration. Syntax show gmrp configuration Default Configuration GMRP is disabled by default. Command Mode Global Configuration and Interface Configuration modes User Guidelines This command has no user guidelines.
PAGE 1006
2CSNXXX_SWUM200.
PAGE 1007
2CSNXXX_SWUM200.book Page 1007 Tuesday, December 10, 2013 1:22 PM 45 IGMP Commands Dell Networking N3000/N4000 Series Switches The Dell Network N2000 series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. Internet Group Management Protocol (IGMP) is the multicast group membership discovery protocol used for IPv4 multicast groups. Three versions of IGMP exist.
PAGE 1008
2CSNXXX_SWUM200.book Page 1008 Tuesday, December 10, 2013 1:22 PM IGMPv3 is a major revision of the protocol and provides improved group membership latency. When a host joins a new multicast group on an interface, it immediately sends an unsolicited IGMP Report message for that group. IGMPv2 introduced a Leave Group message, which is sent by a host when it leaves a multicast group for which it was the last host to send an IGMP Report message.
PAGE 1009
2CSNXXX_SWUM200.book Page 1009 Tuesday, December 10, 2013 1:22 PM ip igmp last-member-query-count Use the ip igmp last-member-query-count command in Interface Configuration mode to set the number of Group-Specific Queries sent before the router assumes that there are no local members on the interface. Syntax ip igmp last-member-query-count Imqc no ip igmp last-member-query-count • Imqc — Query count. (Range: 1-20) Default Configuration The default last member query count is 2.
PAGE 1010
2CSNXXX_SWUM200.book Page 1010 Tuesday, December 10, 2013 1:22 PM no ip igmp last-member-query-interval • tenthsofseconds — Maximum Response Time in tenths of a second (Range: 0-255) Default Configuration The default Maximum Response Time value is ten (in tenths of a second). Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example configures 2 seconds as the Maximum Response Time inserted in VLAN 15’s Group-Specific Queries.
PAGE 1011
2CSNXXX_SWUM200.book Page 1011 Tuesday, December 10, 2013 1:22 PM Syntax ip igmp mroute-proxy no ip igmp mroute-proxy Default Configuration Disabled is the default state. Command Mode Interface VLAN Configuration mode User Guidelines IGMP is enabled when ip pim sparse-mode, ip pim dense-mode, ip dvmrp, or ip igmp-proxy are enabled. A multicast routing protocol (e.g. PIM) should be enabled whenever IGMP is enabled. L3 IP multicast must be enabled for IGMP to operate.
PAGE 1012
2CSNXXX_SWUM200.book Page 1012 Tuesday, December 10, 2013 1:22 PM • seconds — Query interval. (Range: 1-3600) Default Configuration The default query interval value is 125 seconds. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example configures a 10-second query interval for VLAN 15.
PAGE 1013
2CSNXXX_SWUM200.book Page 1013 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example configures a maximum response time interval of one second for VLAN 15.
PAGE 1014
2CSNXXX_SWUM200.book Page 1014 Tuesday, December 10, 2013 1:22 PM ip igmp startup-query-count Use the ip igmp startup-query-count command in Interface VLAN Configuration mode to set the number of queries sent out on startup —at intervals equal to the startup query interval for the interface. Syntax ip igmp startup-query-count count no ip igmp startup-query-count • count — The number of startup queries. (Range: 1-20) Default Configuration The default count value is 2.
PAGE 1015
2CSNXXX_SWUM200.book Page 1015 Tuesday, December 10, 2013 1:22 PM • seconds — Startup query interval. (Range: 1-300 seconds) Default Configuration The default interval value is 31 seconds. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets at 10 seconds the interval between general queries sent at startup for VLAN 15.
PAGE 1016
2CSNXXX_SWUM200.book Page 1016 Tuesday, December 10, 2013 1:22 PM Example The following example configures version 2 of IGMP for VLAN 15. console#interface vlan 15 console(config-if-vlan15)#ip igmp version 2 show ip igmp Use the show ip igmp command in Privileged EXEC mode to display systemwide IGMP information. Syntax show ip igmp Default Configuration This command has no default configuration.
PAGE 1017
2CSNXXX_SWUM200.book Page 1017 Tuesday, December 10, 2013 1:22 PM show ip igmp groups Use the show ip igmp groups command in User EXEC or Privileged EXEC modes to display the registered multicast groups on the interface. If detail is specified, this command displays the registered multicast groups on the interface in detail.
PAGE 1018
2CSNXXX_SWUM200.book Page 1018 Tuesday, December 10, 2013 1:22 PM Syntax show ip igmp interface [stats][interface-type interface-number] • interface-type interface-number—Interface type of VLAN and a valid VLAN ID • stats—Displays IGMP statistics for the specified VLAN. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 1019
2CSNXXX_SWUM200.book Page 1019 Tuesday, December 10, 2013 1:22 PM Syntax show ip igmp membership [groupaddr] [detail] • groupaddr — Group IP address Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following examples display the list of interfaces that have registered in the multicast group at IP address 224.5.5.
PAGE 1020
2CSNXXX_SWUM200.book Page 1020 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following example displays the IGMP statistical information for VLAN 7. console#show ip igmp interface stats vlan 7 Querier Status............................... Querier Querier IP Address........................... 7.7.7.7 Querier Up Time (secs)......................
PAGE 1021
2CSNXXX_SWUM200.book Page 1021 Tuesday, December 10, 2013 1:22 PM IGMP Proxy Commands 46 Dell Networking N3000/N4000 Series Switches IGMP Proxy is used by the router on IPv4 systems to enable the system to issue IGMP host messages on behalf of hosts that the system discovered through standard IGMP router interfaces, thus acting as proxy to all its hosts residing on its router interfaces. Dell Networking supports IGMP Version 3, Version 2 and Version 1.
PAGE 1022
2CSNXXX_SWUM200.book Page 1022 Tuesday, December 10, 2013 1:22 PM Syntax ip igmp proxy-service no ip igmp proxy-service Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines This command enables IGMP proxy on the VLAN interface. Use this command to enable sending of IGMP messages received on interfaces configured with the ip igmp mroute-proxy command to an attached multicast router. PIM and DVMRP are not compatible with IGMP proxy.
PAGE 1023
2CSNXXX_SWUM200.book Page 1023 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example resets the host interface status parameters of the IGMP Proxy router.
PAGE 1024
2CSNXXX_SWUM200.book Page 1024 Tuesday, December 10, 2013 1:22 PM Example The following example sets 10 seconds as the unsolicited report interval for the IGMP Proxy router. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp proxy-service unsolicit-rpt-interval 10 show ip igmp proxy-service Use the show ip igmp proxy-service command in Privileged EXEC mode to display a summary of the host interface status parameters. It displays status parameters only when IGMP Proxy is enabled.
PAGE 1025
2CSNXXX_SWUM200.book Page 1025 Tuesday, December 10, 2013 1:22 PM Proxy Start Frequency........................ 1 show ip igmp proxy-service interface Use the show ip igmp proxy-service interface command in Privileged EXEC mode to display a detailed list of the host interface status parameters. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp proxy-service interface Default Configuration This command has no default configuration.
PAGE 1026
2CSNXXX_SWUM200.book Page 1026 Tuesday, December 10, 2013 1:22 PM Syntax show ip igmp proxy-service groups Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example attempts to display a table of information about multicast groups that IGMP Proxy reported. console#show ip igmp proxy-service groups Interface Index..................
PAGE 1027
2CSNXXX_SWUM200.book Page 1027 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays complete information about multicast groups that IGMP Proxy has reported. console#show ip igmp proxy-service groups detail Interface Index................................
PAGE 1028
2CSNXXX_SWUM200.
PAGE 1029
2CSNXXX_SWUM200.book Page 1029 Tuesday, December 10, 2013 1:22 PM 47 IP Helper/DHCP Relay Commands Dell Networking N2000/N3000/N4000 Series Switches The IP Helper feature provides the ability for a router to forward configured UDP broadcast packets to a particular IP address. This allows applications to reach servers on non-local subnets.
PAGE 1030
2CSNXXX_SWUM200.book Page 1030 Tuesday, December 10, 2013 1:22 PM Table 47-1. UDP Destination Ports Protocol UDP Port Number IEN-116 Name Service 42 DNS 53 NetBIOS Name Server 137 NetBIOS Datagram Server 138 TACACS Server 49 Time Service 37 DHCP 67 Trivial File Transfer Protocol 69 Certain preexisting configurable DHCP relay options do not apply to relay of other protocols. These options are unchanged. The user may optionally set a DHCP maximum hop count or minimum wait time.
PAGE 1031
2CSNXXX_SWUM200.book Page 1031 Tuesday, December 10, 2013 1:22 PM • The destination IP address must be the limited broadcast address (255.255.255.255) or a directed broadcast address for the receive interface. • The IP time-to-live (TTL) must be greater than 1. • The protocol field in the IP header must be UDP (17). • The destination UDP port must match a configured relay entry. DHCP relay cannot be enabled and disabled globally. IP helper can be enabled or disabled globally.
PAGE 1032
2CSNXXX_SWUM200.book Page 1032 Tuesday, December 10, 2013 1:22 PM Default Configuration The default integer configuration is 4. Command Mode Global Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. Example The following example defines a maximum hopcount of 6.
PAGE 1033
2CSNXXX_SWUM200.book Page 1033 Tuesday, December 10, 2013 1:22 PM User Guidelines Enable DHCP Relay using the ip helper enable command. Example The following example defines a minimum wait time of 10 seconds. console(config)#bootpdhcprelay minwaittime 10 clear ip helper statistics Use the clear ip helper statistics command to reset to 0 the statistics displayed in show ip helper statistics. Syntax clear ip helper statistics Default Configuration There is no default configuration for this command.
PAGE 1034
2CSNXXX_SWUM200.book Page 1034 Tuesday, December 10, 2013 1:22 PM Syntax ip dhcp relay information check no ip dhcp relay information check Default Configuration This is enabled by default for a DHCP relay agent. Command Mode Global Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. Interface configuration takes precedence over global configuration. However if there is no interface configuration then global configuration is followed.
PAGE 1035
2CSNXXX_SWUM200.book Page 1035 Tuesday, December 10, 2013 1:22 PM Default Configuration This check is enabled by default. Command Mode Interface Configuration (VLAN) mode User Guidelines Enable DHCP Relay using the ip helper enable command. Use the global configuration command ip dhcp relay information option command to enable processing of DHCP circuit ID and remote agent ID options. DHCP replies are checked by default.
PAGE 1036
2CSNXXX_SWUM200.book Page 1036 Tuesday, December 10, 2013 1:22 PM User Guidelines Enable DHCP Relay using the ip helper enable command. Example The following example enables the circuit ID and remote agent ID options.
PAGE 1037
2CSNXXX_SWUM200.book Page 1037 Tuesday, December 10, 2013 1:22 PM console(config)#interface vlan 10 console(config-if-vlan10)#ip dhcp relay information option-insert ip helper-address (global configuration) Use the ip helper-address (global configuration) command to configure the relay of certain UDP broadcast packets received on any interface. To delete an IP helper entry, use the no form of this command.
PAGE 1038
2CSNXXX_SWUM200.book Page 1038 Tuesday, December 10, 2013 1:22 PM User Guidelines This command can be invoked multiple times, either to specify multiple server addresses for a given port number or to specify multiple port numbers handled by a specific server. The command no ip helper-address with no arguments clears all global IP helper addresses. Example To relay DHCP packets received on any interface to two DHCP servers, 10.1.1.1 and 10.1.2.
PAGE 1039
2CSNXXX_SWUM200.book Page 1039 Tuesday, December 10, 2013 1:22 PM • discard — Matching packets should be discarded rather than relayed, even if a global ip helper-address configuration matches the packet. • dest-udp-port — A destination UDP port number from 0 to 65535. • port-name — The destination UDP port may be optionally specified by its name. Whether a port is specified by its number or its name has no effect on behavior.
PAGE 1040
2CSNXXX_SWUM200.book Page 1040 Tuesday, December 10, 2013 1:22 PM This command takes precedence over an ip helper-address command given in global configuration mode. With the following configuration, the relay agent relays DHCP packets received on any interface other than vlan 5 and vlan 6 to 192.168.40.1, relays DHCP and DNS packets received on vlan 5 to 192.168.40.2, relays SNMP traps (port 162) received on interface vlan 6 to 192.168.23.
PAGE 1041
2CSNXXX_SWUM200.book Page 1041 Tuesday, December 10, 2013 1:22 PM Example console(config)#ip helper enable show ip helper-address Use the show ip helper-address command to display the IP helper address configuration. Syntax show ip helper-address [interface] • interface — Optionally specify an interface to limit the output to the configuration of a single interface. The interface is identified as vlan vlanid. Default Configuration This command has no default configuration.
PAGE 1042
2CSNXXX_SWUM200.book Page 1042 Tuesday, December 10, 2013 1:22 PM Example show ip helper-address IP helper is enabled Interface UDP Port Discard Hit Count Server Address --------------- ----------- -------- ---------- --------------vlan 100 dhcp No 10 10.100.1.254 10.100.2.254 vlan 101 any Yes 2 any dhcp No 0 10.200.1.254 show ip dhcp relay Use the show ip dhcp relay command in User EXEC mode to display the BootP/DHCP Relay information.
PAGE 1043
2CSNXXX_SWUM200.book Page 1043 Tuesday, December 10, 2013 1:22 PM show ip helper statistics Use the show ip helper statistics command to display the number of DHCP and other UDP packets processed and relayed by the UDP relay agent. Syntax show ip helper statistics Default Configuration This command has no default configuration.
PAGE 1044
2CSNXXX_SWUM200.book Page 1044 Tuesday, December 10, 2013 1:22 PM DHCP message hop count exceeded max The number of DHCP client messages received whose hop count is larger than the maximum allowed. The maximum hop count is a configurable value listed in show ip dhcp relay. A log message is written for each such failure. The DHCP relay agent does not relay these packets.
PAGE 1045
2CSNXXX_SWUM200.book Page 1045 Tuesday, December 10, 2013 1:22 PM 48 IP Routing Commands Dell Networking N2000/N3000/N4000 Series Switches The Dell Network N2000 series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. The Routing Module provides the base Layer 3 support for Local Area Network (LAN) and Wide Area Network (WAN) environments.
PAGE 1046
2CSNXXX_SWUM200.book Page 1046 Tuesday, December 10, 2013 1:22 PM In Dell Networking, the operator deletes an individual next hop from a static route or deletes an entire static route at once. The cost of a static route is always 1 unless configured otherwise by the operator. The addition of a preference option has a side benefit. The preference option allows the operator to control the preference of individual static routes relative to routes learned from other sources (such as OSPF).
PAGE 1047
2CSNXXX_SWUM200.book Page 1047 Tuesday, December 10, 2013 1:22 PM ip routing show ip brief show route-map match ip address show ip interface show routing heap summary encapsulation Use the encapsulation command in Interface Configuration (VLAN) mode to configure the Link Layer encapsulation type for the packet. Routed frames are always Ethernet-encapsulated when a frame is routed to a VLAN. Syntax encapsulation {ethernet | snap} • ethernet — Specifies Ethernet encapsulation.
PAGE 1048
2CSNXXX_SWUM200.book Page 1048 Tuesday, December 10, 2013 1:22 PM currently assigned IPv4 address sets the IP address configuration method to the default (whatever the default is). Use the show ip interface command to display the configured IP addresses. Syntax ip address ip-address {subnet-mask | prefix-length} [secondary] no ip address ip-address {subnet-mask | prefix-length} [secondary] • ip-address — IP address of the interface.
PAGE 1049
2CSNXXX_SWUM200.book Page 1049 Tuesday, December 10, 2013 1:22 PM ip netdirbcast Use the ip netdirbcast command in Interface Configuration mode to enable the forwarding of network-directed broadcasts. When enabled, network directed broadcasts are forwarded. When disabled they are dropped. Use the no form of the command to disable the broadcasts. Syntax ip netdirbcast no ip netdirbcast Default Configuration Disabled is the default configuration.
PAGE 1050
2CSNXXX_SWUM200.book Page 1050 Tuesday, December 10, 2013 1:22 PM Default Configuration No route maps are configured by default. Command Mode Interface Configuration (VLAN) mode User Guidelines Policy-based routing must be configured on the VLAN interface that receives the packets, not on the VLAN interface from which the packets are sent. Packets matching a deny route map are routed using the routing table. Policy maps with no set clause are ignored.
PAGE 1051
2CSNXXX_SWUM200.book Page 1051 Tuesday, December 10, 2013 1:22 PM • prefix-length — Length of prefix. Must be preceded with a forward slash (/). (Range: 0-32 bits) • nexthopip — IP address of the next hop router. • preference — Specifies the preference value, a.k.a. administrative distance, of an individual static route. (Range: 1-255) Default Configuration Default value of preference is 1.
PAGE 1052
2CSNXXX_SWUM200.book Page 1052 Tuesday, December 10, 2013 1:22 PM • preference — Specifies the preference value, a.k.a administrative distance, of an individual static route. (Range: 1-255) Default Configuration Default value of preference is 1. Command Mode Global Configuration mode User Guidelines For routed management traffic: 1 Router entries are checked for applicable destinations. 2 The globally assigned default-gateway is consulted.
PAGE 1053
2CSNXXX_SWUM200.book Page 1053 Tuesday, December 10, 2013 1:22 PM ip route distance Use the ip route distance command in Global Configuration mode to set the default distance (preference) for static routes. Lower route preference values are preferred when determining the best route. The ip route and ip route default commands allow optional setting of the distance of an individual static route. The default distance is used when no distance is specified in these commands.
PAGE 1054
2CSNXXX_SWUM200.book Page 1054 Tuesday, December 10, 2013 1:22 PM Syntax ip routing no ip routing Default Configuration Disabled is the default configuration. Command Mode Global Configuration mode User Guidelines Use the show ip brief command to determine if routing is enabled or disabled. Example The following example enables IPv4 and IPv6 routing for VLAN 15 console(config)#ip routing match ip address Use this command to specify IP address match criteria for a route map.
PAGE 1055
2CSNXXX_SWUM200.book Page 1055 Tuesday, December 10, 2013 1:22 PM User Guidelines The IP ACL must be configured before it can be linked to a route-map. Specifying an unconfigured IP ACL causes an error. Actions in the IP ACL configuration are applied with other actions present in the route-map. If an IP ACL referenced by a route-map is removed, the routemap rule is also removed.
PAGE 1056
2CSNXXX_SWUM200.book Page 1056 Tuesday, December 10, 2013 1:22 PM console(config-ip-acl)#permit ip 10.1.0.0 0.0.255.255 any console(config-ip-acl)#exit console(config)#ip access-list R2 console(config-ip-acl)#permit ip 10.2.0.0 0.0.255.255 any console(config-ip-acl)#exit console(config)#route-map equal-access permit 10 console(config-route-map)#match ip address R1 console(config-route-map)#set ip default next-hop 192.168.6.
PAGE 1057
2CSNXXX_SWUM200.book Page 1057 Tuesday, December 10, 2013 1:22 PM Default Configuration There is no default configuration for this command. Command Mode Route Map mode User Guidelines The match criteria specified by this command acts on the packet length as it appears in the IP header and is not necessarily correlated with the frame length as it appears on the wire.
PAGE 1058
2CSNXXX_SWUM200.book Page 1058 Tuesday, December 10, 2013 1:22 PM Actions in the MAC ACL configuration are applied with other actions configured in the route map. When a MAC ACL referenced by a route map is removed, the route map rule is also removed. Example console(config-route-map)#match mac-list mac-test route-map Use this command to create a policy based route map. Use the no form of this command to delete a route map or one of its statements.
PAGE 1059
2CSNXXX_SWUM200.book Page 1059 Tuesday, December 10, 2013 1:22 PM User Guidelines Apply an ACL rule on the VLAN interface to perform policy based routing based on the VLAN ID as a matching criteria for incoming packets. Packets matching a deny rule or a deny route-map are routed using the routing table. There is no implicit deny all at the end of a route map. Packets not matching any clause are routed using the routing table. Route maps with no set clause are ignored.
PAGE 1060
2CSNXXX_SWUM200.book Page 1060 Tuesday, December 10, 2013 1:22 PM User Guidelines A route-map statement used for policy based routing is configured as permit or deny. If the statement is marked as deny, traditional destination-based routing is performed on the packet meeting the match criteria. If the statement is marked as permit and the packet meets all the match criteria, the set clauses in the route-map statement are applied.
PAGE 1061
2CSNXXX_SWUM200.book Page 1061 Tuesday, December 10, 2013 1:22 PM Command Mode Route Map mode User Guidelines A packet is routed to the next hop specified by this command only if there is no active explicit route for the packet’s destination address in the routing table. A default route in the routing table is not considered an explicit route for an unknown destination address. Only one of set ip next-hop, set ip default next-hop, or set interface null0 may be specified in a route map.
PAGE 1062
2CSNXXX_SWUM200.book Page 1062 Tuesday, December 10, 2013 1:22 PM User Guidelines Use this route map clause to override active routes in the routing table. This command affects all matching packet types and is used if an active route for the next hop exists in the routing table. The next hop IP address must be associated with a directly connected subnet on the router. If no resolvable active interface is present in the route table, the packet is routed using the default routing table.
PAGE 1063
2CSNXXX_SWUM200.book Page 1063 Tuesday, December 10, 2013 1:22 PM Default Configuration There is no default configuration for this command. Command Mode Route Map mode User Guidelines The set ip precedence clause may be combined with set ip next-hop or set ip default next-hop clause in a route map. Example console(config-route-map)#set ip precedence 5 show ip brief Use the show ip brief command in Privileged EXEC mode to display all the summary information of the IP.
PAGE 1064
2CSNXXX_SWUM200.book Page 1064 Tuesday, December 10, 2013 1:22 PM Maximum Next Hops.......................... 2 show ip interface Use the show ip interface command in Privileged EXEC mode to display information about one or more IP interfaces. The output shows how each IP address was assigned. Syntax show ip interface [type number] • type—Interface type (loopback, out-of-band, or vlan) • number—Interface number. Valid only for loopback and VLAN types.
PAGE 1065
2CSNXXX_SWUM200.book Page 1065 Tuesday, December 10, 2013 1:22 PM Vl1 Down 0.0.0.0 0.0.0.0 None The following examples display all IP information and information specific to VLAN 2. console#show ip interface Default Gateway....................... 0.0.0.0 L3 MAC Address................. 001E.C9AA.AC84 Routing Interfaces: Interface ---------Vl1 State ----Down IP Address IP Mask Method --------------- --------------- ------0.0.0.0 0.0.0.0 None console#show ip interface vlan2 Routing Interface Status..
PAGE 1066
2CSNXXX_SWUM200.book Page 1066 Tuesday, December 10, 2013 1:22 PM Syntax show ip policy map-name • map-name—The name of a specific route map. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
PAGE 1067
2CSNXXX_SWUM200.book Page 1067 Tuesday, December 10, 2013 1:22 PM User Guidelines The command displays the following information. Parameter Description BGP Section: Routing Protocol BGP. Router ID The router ID configured for BGP. Local AS Number The AS number that the local router is in. BGP Admin Mode Whether BGP is globally enabled or disabled. Maximum Paths The maximum number of next hops in an internal or external BGP route.
PAGE 1068
2CSNXXX_SWUM200.book Page 1068 Tuesday, December 10, 2013 1:22 PM Parameter Description Distance The administrative distance (or “route preference”) for intraarea, inter-area, and external routes. Default Route Advertise Whether OSPF is configured to originate a default route. Always Whether default advertisement depends on having a default route in the common routing table. Metric The metric configured to be advertised with the default route.
PAGE 1069
2CSNXXX_SWUM200.book Page 1069 Tuesday, December 10, 2013 1:22 PM Parameter Description Interface The interfaces where RIP is enabled and the version sent and accepted on each interface. Example The following shows example CLI display output for the command. console# show ip protocols Routing Protocol.......................... Router ID................................. Local AS Number........................... BGP Admin Mode............................ Maximum Paths.............................
PAGE 1070
2CSNXXX_SWUM200.book Page 1070 Tuesday, December 10, 2013 1:22 PM Default Route Advertise................... Always.................................... Metric.................................... Metric Type............................... Redist Source --------static connected Metric ------default 10 Metric Type ----------2 2 Disabled FALSE Not configured External Type 2 Subnets ------Yes Yes Dist List --------None 1 Number of Active Areas.................... 3 (3 normal, 0 stub, 0 nssa) ABR Status...
PAGE 1071
2CSNXXX_SWUM200.book Page 1071 Tuesday, December 10, 2013 1:22 PM • prefix-length—Length of prefix, in bits. Must be preceded with a forward slash (/). (Range: 0-32 bits.) • longer-prefixes—Indicates that the ip-address and subnet-mask pair becomes the prefix, and the command displays the routes to the addresses that match that prefix. Default Configuration This command has no default configuration.
PAGE 1072
2CSNXXX_SWUM200.book Page 1072 Tuesday, December 10, 2013 1:22 PM S 0.0.0.0/0 [254/0] via 10.1.20.1 C *10.1.20.0/24 [0/1] directly connected, Vl2 C *4.4.0.0/16 [0/1] directly connected, Lo1 C *20.1.20.0/24 [0/1] directly connected, Vl4 console# show ip route 10.2.0.0 Routing entry for 10.2.0.0 (mask 255.255.0.0) Known via "ospf", distance 100, metric 0 Redistributing via rip Last update from 10.2.35.13, 0:0:23 ago Routing Descriptor Blocks: * 10.2.35.13, from 10.2.35.
PAGE 1073
2CSNXXX_SWUM200.book Page 1073 Tuesday, December 10, 2013 1:22 PM Example The following example displays IP route preferences. console#show ip route preferences Local.......................................... Static......................................... OSPF Intra..................................... OSPF Inter..................................... OSPF External.................................. RIP............................................ Configured Default Gateway.....................
PAGE 1074
2CSNXXX_SWUM200.book Page 1074 Tuesday, December 10, 2013 1:22 PM RIP Routes..................................... OSPF Routes.................................... Intra Area Routes.............................. Inter Area Routes.............................. External Type-1 Routes......................... External Type-2 Routes......................... Total routes...................................
PAGE 1075
2CSNXXX_SWUM200.book Page 1075 Tuesday, December 10, 2013 1:22 PM IpOutDiscards.................................. IpOutNoRoutes.................................. IpReasmTimeout................................. IpReasmReqds................................... IpReasmOKs..................................... IpReasmFails................................... IpFragOKs...................................... IpFragFails.................................... IpFragCreates..................................
PAGE 1076
2CSNXXX_SWUM200.book Page 1076 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays VLAN routing information. console#show ip vlan MAC Address used by Routing VLANs: 00:00:00:01:00:02 VLAN ID IP Address Subnet Mask ------- --------------- --------------10 0.0.0.0 0.0.0.0 20 0.0.0.
PAGE 1077
2CSNXXX_SWUM200.book Page 1077 Tuesday, December 10, 2013 1:22 PM Example For each sequence number, the match count is shown in terms of number of packets and number of bytes. This counter displays the match count in packets and bytes when a route map is applied. When a route map is created/removed from interface, this count is shown as zero.
PAGE 1078
2CSNXXX_SWUM200.book Page 1078 Tuesday, December 10, 2013 1:22 PM Policy routing matches: 5387983 packets, 344831232 bytes route-map simplest permit 20 Match clauses: ip address (access-lists) : 1 Set clauses: ip default next-hop 4.4.4.
PAGE 1079
2CSNXXX_SWUM200.book Page 1079 Tuesday, December 10, 2013 1:22 PM Syntax show routing heap summary Default Configuration This command has no default setting. Command Mode Privileged EXEC mode User Guidelines The command displays the following information. Parameter Description Heap Size The amount of memory, in bytes, allocated at startup for the routing heap. Memory In Use The number of bytes currently allocated. Memory on Free List The number of bytes currently on the free list.
PAGE 1080
2CSNXXX_SWUM200.
PAGE 1081
2CSNXXX_SWUM200.book Page 1081 Tuesday, December 10, 2013 1:22 PM 49 IPv6 Routing Commands Dell Networking N2000/N3000/N4000 Series Switches The Dell Network N2000 series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. The IPv6 version of the routing table manager provides a repository for IPv6 routes learned by dynamic routing protocols or static configuration.
PAGE 1082
2CSNXXX_SWUM200.
PAGE 1083
2CSNXXX_SWUM200.book Page 1083 Tuesday, December 10, 2013 1:22 PM Example The following example clears all entries in the IPv6 neighbor table. console(config)#clear ipv6 neighbors clear ipv6 statistics Use the clear ipv6 statistics command in Privileged EXEC mode to clear IPv6 statistics for all interfaces or for a specific interface, including loopback and tunnel interfaces. IPv6 statistics display in the output of the show ipv6 traffic command.
PAGE 1084
2CSNXXX_SWUM200.book Page 1084 Tuesday, December 10, 2013 1:22 PM addresses can be assigned to an interface by using this command. There is no need to assign a link-local address by using this command since one is automatically created. IPv6 addresses can be expressed in eight blocks. Also of note is that instead of a period, a colon separates each block. For simplification, leading zeros of each 16-bit block can be omitted.
PAGE 1085
2CSNXXX_SWUM200.book Page 1085 Tuesday, December 10, 2013 1:22 PM Example The following example configures an IPv6 address and enables IPv6 processing. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 address 2020:1::1/64 ipv6 enable Use the ipv6 enable command in Interface Configuration mode to enable IPv6 routing on an interface (including tunnel and loopback interfaces) that has not been configured with an explicit IPv6 address.
PAGE 1086
2CSNXXX_SWUM200.book Page 1086 Tuesday, December 10, 2013 1:22 PM ipv6 hop-limit Use the ipv6 hop-limit command to configure the hop limit used in IPv6 PDUs originated by the router. Use the no form of the command to return the hop limit to the default setting. Syntax ipv6 hop-limit count no ipv6 hop-limit • count—The number of hops before the PDU expires (Range 0-255). Default Configuration The default count is 64 hops.
PAGE 1087
2CSNXXX_SWUM200.book Page 1087 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example console(config)#ipv6 host Dell 2001:DB8::/32 ipv6 mld last-member-query-count The ipv6 mld last-member-query-count command sets the number of listener-specific queries sent before the router assumes that there are no local members on the interface. Use the “no” form of this command to set the last member query count to the default.
PAGE 1088
2CSNXXX_SWUM200.book Page 1088 Tuesday, December 10, 2013 1:22 PM ipv6 mld last-member-query-interval The ipv6 mld last-member-query-interval command sets the last member query interval for the MLD interface, which is the value of the maximum response time parameter in the group-specific queries sent out of this interface. Use the “no” form of this command to set the last member query interval to the default.
PAGE 1089
2CSNXXX_SWUM200.book Page 1089 Tuesday, December 10, 2013 1:22 PM Syntax ipv6 mld host-proxy [interface vlan-id] no ipv6 mld host-proxy [interface vlan-id] Default Configuration MLD Proxy is disabled by default. Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command.
PAGE 1090
2CSNXXX_SWUM200.book Page 1090 Tuesday, December 10, 2013 1:22 PM Example console(config-if-vlan3)#ipv6 mld host-proxy reset-status ipv6 mld host-proxy unsolicit-rprt-interval Use the ipv6 mld host-proxy unsolicit-rprt-interval command to set the unsolicited report interval for the MLD Proxy router. This command is only valid when MLD Proxy is enabled on the interface. Use the “no” form of this command to reset the MLD Proxy router's unsolicited report interval to the default value.
PAGE 1091
2CSNXXX_SWUM200.book Page 1091 Tuesday, December 10, 2013 1:22 PM Syntax ipv6 mld query-interval query-interval no ipv6 mld query-interval • query-interval — Query interval (Range: 1–3600). Default Configuration The default query interval is 125 seconds. Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command.
PAGE 1092
2CSNXXX_SWUM200.book Page 1092 Tuesday, December 10, 2013 1:22 PM Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld query-max-response-time 4500 ipv6 nd dad attempts Use the ipv6 nd dad attempts command in Interface Configuration mode to set the number of duplicate address detection probes transmitted while doing neighbor discovery.
PAGE 1093
2CSNXXX_SWUM200.book Page 1093 Tuesday, December 10, 2013 1:22 PM ipv6 nd managed-config-flag Use the ipv6 nd managed-config-flag command in Interface Configuration mode to set the “managed address configuration” flag in router advertisements. When the value is true, end nodes use DHCPv6. When the value is false, end nodes automatically configure addresses. Syntax ipv6 nd managed-config-flag no ipv6 nd managed-config-flag Default Configuration False is the default configuration.
PAGE 1094
2CSNXXX_SWUM200.book Page 1094 Tuesday, December 10, 2013 1:22 PM • milliseconds — Interval duration. (Range: 0, 1000–4294967295) Default Configuration 0 is the default value for milliseconds. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example sets the interval between router advertisements for advertised neighbor solicitations at 5000 ms.
PAGE 1095
2CSNXXX_SWUM200.book Page 1095 Tuesday, December 10, 2013 1:22 PM Example The following example sets to true the “other stateful configuration” flag in router advertisements console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd other-config-flag ipv6 nd prefix Use the ipv6 nd prefix command to configure parameters associated with prefixes that the router advertises in its router advertisements.
PAGE 1096
2CSNXXX_SWUM200.book Page 1096 Tuesday, December 10, 2013 1:22 PM User Guidelines The router advertises its global IPv6 prefixes in its router advertisements (RAs). An RA only includes the prefixes of the IPv6 addresses configured on the interface where the RA is transmitted. Addresses are configured using the ipv6 address interface configuration command.
PAGE 1097
2CSNXXX_SWUM200.book Page 1097 Tuesday, December 10, 2013 1:22 PM Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines The minimum interval cannot be larger than 75% of the maximum interval. Example The following example sets the transmission interval between router advertisements at 1000 seconds.
PAGE 1098
2CSNXXX_SWUM200.book Page 1098 Tuesday, December 10, 2013 1:22 PM Example The following example sets at 1000 seconds the value that is placed in the Router Lifetime field of the router advertisements. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd ra-lifetime 1000 ipv6 nd reachable-time Use the ipv6 nd reachable-time command in Interface Configuration mode to set the router advertisement time to consider a neighbor reachable after neighbor discovery confirmation.
PAGE 1099
2CSNXXX_SWUM200.book Page 1099 Tuesday, December 10, 2013 1:22 PM ipv6 nd suppress-ra Use the ipv6 nd suppress-ra command in Interface Configuration mode to suppress router advertisement transmission on an interface. Syntax ipv6 nd suppress-ra no ipv6 nd suppress-ra Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines.
PAGE 1100
2CSNXXX_SWUM200.book Page 1100 Tuesday, December 10, 2013 1:22 PM no ipv6 route ipv6-prefix/prefix-length ipv6-address preference no ipv6 route ipv6-prefix/prefix-length interface-type ipv6-address no ipv6 route ipv6-prefix/prefix-length interface • distance—The default administrative distance for static routes. (Range 1- 255) • ipv6-prefix—An IPv6 prefix representing the subnet that can be reached via the next-hop neighbor.
PAGE 1101
2CSNXXX_SWUM200.book Page 1101 Tuesday, December 10, 2013 1:22 PM ipv6 route distance Use the ipv6 route distance command in Global Configuration mode to set the default distance (preference) for static routes. Lower route preference values are preferred when determining the best route. The ipv6 route and ipv6 route default commands allow optional setting of the distance of an individual static route. The default distance is used when no distance is specified in these commands.
PAGE 1102
2CSNXXX_SWUM200.book Page 1102 Tuesday, December 10, 2013 1:22 PM Syntax ipv6 unicast-routing no ipv6 unicast-routing Default Configuration Disabled is the default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example globally enables Ipv6 unicast datagram forwarding.
PAGE 1103
2CSNXXX_SWUM200.book Page 1103 Tuesday, December 10, 2013 1:22 PM • source—Use the specified source IP address, loopback address, VLAN address, tunnel, or out-of-band interface address in the transmitted packets • loopback—Use the source address from the loopback port index. • VLAN—The source VLAN over which to send the echo request. • out-of-band—Sends the ping over the out-of-band interface.
PAGE 1104
2CSNXXX_SWUM200.book Page 1104 Tuesday, December 10, 2013 1:22 PM interface sends three pings to the target station. Use the interface keyword to ping an interface by using the link-local address or the global IPv6 address of the interface. The source can be a loopback, tunnel, or logical interface.
PAGE 1105
2CSNXXX_SWUM200.book Page 1105 Tuesday, December 10, 2013 1:22 PM rate-limit cpu Use the rate-limit cpu command to reduce the amount of unknown unicast/multicast packets forwarded to the CPU on CoS queues 0 and 1. This command also configures the rate in packets-per-second for the number of IPv4 and IPv6 data packets trapped to CPU when the packet fails to be forwarded in the hardware due to unresolved MAC address of the destination IPv6 node. Packets exceeeding the rate limit are silently discarded.
PAGE 1106
2CSNXXX_SWUM200.book Page 1106 Tuesday, December 10, 2013 1:22 PM Receiving large numbers unresolved packets spikes the CPU usage to high levels at no benefit. For Ipv6, it also results in delayed processing of the NUD packets (NS/NA) for the existing neighbor entries leading to NUD anomalies and deletions of existing neighbor entries.
PAGE 1107
2CSNXXX_SWUM200.book Page 1107 Tuesday, December 10, 2013 1:22 PM 1293 boxs Req 0.00% 0.01% 0.01% ------------------------------ -------- -------- -------Total CPU Utilization 55.91% 45.40% 48.02% show ipv6 brief Use the show ipv6 brief command in Privileged EXEC mode to display the IPv6 status of forwarding mode and IPv6 unicast routing mode. Syntax show ipv6 brief Default Configuration This command has no default configuration.
PAGE 1108
2CSNXXX_SWUM200.book Page 1108 Tuesday, December 10, 2013 1:22 PM Syntax show ipv6 interface [brief] [loopback loopback-id | tunnel tunnel-id | vlan vlan-id [prefix]] • loopback-id—Valid loopback interface ID • tunnel-id—Valid tunnel interface ID • vlan-id—Valid VLAN ID • prefix—Display IPv6 Interface Prefix Information. Default Configuration Displays all IPv6 interfaces.
PAGE 1109
2CSNXXX_SWUM200.book Page 1109 Tuesday, December 10, 2013 1:22 PM Oper.
PAGE 1110
2CSNXXX_SWUM200.book Page 1110 Tuesday, December 10, 2013 1:22 PM IPv6 Destination Unreachables.................. Enabled IPv6 Default Router............................ fe80::213:c4ff:fedb:6c42 show ipv6 interface management statistics Use the show ipv6 interface management statistics command in Privileged EXEC mode to show the DCHPv6 client statistics. Syntax show ipv6 interface management statistics Default Configuration This command has no default configuration.
PAGE 1111
2CSNXXX_SWUM200.book Page 1111 Tuesday, December 10, 2013 1:22 PM show ipv6 mld groups The show ipv6 mld groups command is used to display information about multicast groups that MLD reported. The information is displayed only when MLD is enabled on at least one interface. If MLD was not enabled on any interfaces, there is no group information to be displayed. Syntax show ipv6 mld groups {group-address | vlan vlan-id} • group-address — The group address to display. • vlan-id — A valid VLAN id.
PAGE 1112
2CSNXXX_SWUM200.book Page 1112 Tuesday, December 10, 2013 1:22 PM If vlan vlan-id is not specified, the following fields are displayed for each multicast group and each interface: Field Description Group Address The address of the multicast group. Interface Interface through which the multicast group is reachable. Uptime Time elapsed in seconds since the multicast group has been known. Expiry Time Time left in seconds before the entry is removed from the MLD membership table of this interface.
PAGE 1113
2CSNXXX_SWUM200.book Page 1113 Tuesday, December 10, 2013 1:22 PM Version1 Host Timer............................ ----Group compat mode.............................. v2 Source Address ExpiryTime ----------------- ----------4001::6 00:03:15 4001::7 00:03:15 4001::8 00:03:15 console#show ipv6 mld groups vlan 6 Group Address................................ FF1E::1 Interface..................................... vlan 6 Up Time (hh:mm:ss).......................... 00:04:23 Expiry Time (hh:mm:ss).................
PAGE 1114
2CSNXXX_SWUM200.book Page 1114 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show ipv6 mld host-proxy Admin Mode..................................... Disabled show ipv6 mld interface The show ipv6 mld interface command is used to display MLD related information for an interface.
PAGE 1115
2CSNXXX_SWUM200.book Page 1115 Tuesday, December 10, 2013 1:22 PM MLD Operational The operational status of MLD on the interface. Mode MLD Version This field indicates the version of MLD configured on the interface. Query Interval This field indicates the configured query interval for the interface. Query Max Response Time This field indicates the configured maximum query response time (in seconds) advertised in MLD queries on this interface.
PAGE 1116
2CSNXXX_SWUM200.book Page 1116 Tuesday, December 10, 2013 1:22 PM Number of Joins The number of times a group membership has been added on this interface. Number of Leaves The number of times a group membership has been removed on this interface. Number of Groups The current number of membership entries for this interface. Example console#show ipv6 mld interface vlan 2 Interface................................... vlan 2 MLD Global Admin Mode....................... Enabled MLD Interface Admin Mode.....
PAGE 1117
2CSNXXX_SWUM200.book Page 1117 Tuesday, December 10, 2013 1:22 PM User Guidelines The command displays the following parameters only when you enable MLD Proxy: Field Description Interface Index The interface number of the MLD Proxy interface. Admin Mode Indicates whether MLD Proxy is enabled or disabled. This is a configured value. Operational Mode Indicates whether MLD Proxy is operationally enabled or disabled. This is a status parameter.
PAGE 1118
2CSNXXX_SWUM200.book Page 1118 Tuesday, December 10, 2013 1:22 PM show ipv6 mld host-proxy groups Use the show ipv6 mld host-proxy groups command to display information about multicast groups that the MLD Proxy reported. Syntax show ipv6 mld host-proxy groups Default Configuration There is no default configuration for this command.
PAGE 1119
2CSNXXX_SWUM200.book Page 1119 Tuesday, December 10, 2013 1:22 PM Example console#show ipv6 mld host-proxy groups Interface................................ vlan 10 Group Address Last Reporter Up Time Member State Filter Mode Sources ------------- -------------- ---------- ----------------- ------------ -----FF1E::1 FE80::100:2.3 00:01:40 DELAY_MEMBER Exclude 2 FF1E::2 FE80::100:2.3 00:02:40 DELAY_MEMBER Include 1 FF1E::3 FE80::100:2.3 00:01:40 DELAY_MEMBER Exclude 0 FF1E::4 FE80::100:2.
PAGE 1120
2CSNXXX_SWUM200.book Page 1120 Tuesday, December 10, 2013 1:22 PM Member State Possible values are: • Idle_Member—The interface has responded to the latest group membership query for this group. • Delay_Member—The interface is going to send a group membership report to respond to a group membership query for this group. Filter Mode Possible values are Include or Exclude. Sources The number of sources attached to the multicast group.
PAGE 1121
2CSNXXX_SWUM200.book Page 1121 Tuesday, December 10, 2013 1:22 PM show ipv6 mld host-proxy interface Use the show ipv6 mld-proxy interface command to display a detailed list of the host interface status parameters. Syntax show ipv6 mld host-proxy interface Default Configuration There is no default configuration for this command.
PAGE 1122
2CSNXXX_SWUM200.book Page 1122 Tuesday, December 10, 2013 1:22 PM Ver Query Rcvd Report Rcvd Report Sent Leave Rcvd Leave Sent ----------------------------------------------------------1 2 0 0 0 2 2 3 0 4 --------- show ipv6 mld traffic The show ipv6 mld traffic command is used to display MLD statistical information for the router. Syntax show ipv6 mld traffic Default Configuration There is no default configuration for this command.
PAGE 1123
2CSNXXX_SWUM200.book Page 1123 Tuesday, December 10, 2013 1:22 PM Bad Checksum MLD Packets The number of bad checksum MLD packets received by the router. Malformed MLD Packets The number of malformed MLD packets received by the router. Example console#show ipv6 mld traffic Valid MLD Packets Received..................... Valid MLD Packets Sent......................... Queries Received............................... Queries Sent................................... Reports Received.........................
PAGE 1124
2CSNXXX_SWUM200.book Page 1124 Tuesday, December 10, 2013 1:22 PM Neighbor Last IPv6 Address MAC Address isRtr -------------------- ----------------- ----- State Updated Interface ------- --------- show ipv6 route Use the show ipv6 route command in User EXEC or Privileged EXEC mode to display the IPv6 routing table. The output of the command also displays the IPv6 address of the default gateway and the default route associated with the gateway.
PAGE 1125
2CSNXXX_SWUM200.book Page 1125 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example displays the IPv6 address of the default gateway and the default route associated with the gateway. console(config)#show ipv6 route IPv6 Routing Table - 0 entries Route Codes: C - connected, S - static O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF Ext 1, OE2 - OSPF Ext 2 ON1 - OSPF NSSA Ext Type 1, ON2 - OSPF NSSA Ext Type 2 Default gateway is 10.1.20.
PAGE 1126
2CSNXXX_SWUM200.book Page 1126 Tuesday, December 10, 2013 1:22 PM Example The following example shows the preference value associated with the type of route. console#show ipv6 route preferences Local.......................................... Static......................................... OSPF Intra-area routes......................... OSPF Inter-area routes......................... OSPF External routes...........................
PAGE 1127
2CSNXXX_SWUM200.book Page 1127 Tuesday, December 10, 2013 1:22 PM OSPF Routes.................................. Intra Area Routes............................ Inter Area Routes............................ External Type-1 Routes....................... External Type-2 Routes....................... Total routes................................. Number of Prefixes: 0 0 0 0 0 0 show ipv6 traffic Use the show ipv6 traffic command in User EXEC mode to show traffic and statistics for IPv6 and ICMPv6.
PAGE 1128
2CSNXXX_SWUM200.book Page 1128 Tuesday, December 10, 2013 1:22 PM Received Datagrams Discarded Due To Header Errors.. 0 Received Datagrams Discarded Due To MTU............ 0 Received Datagrams Discarded Due To No Route....... 0 Received Datagrams With Unknown Protocol........... 0 Received Datagrams Discarded Due To Invalid Address.0 Received Datagrams Discarded Due To Truncated Data. 0 Received Datagrams Discarded Other................. 0 Received Datagrams Reassembly Required.............
PAGE 1129
2CSNXXX_SWUM200.book Page 1129 Tuesday, December 10, 2013 1:22 PM show ipv6 vlan Use the show ipv6 vlan command in Privileged EXEC mode to display IPv6 VLAN routing interface addresses. Syntax show ipv6 vlan Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays IPv6 VLAN routing interface addresses.
PAGE 1130
2CSNXXX_SWUM200.book Page 1130 Tuesday, December 10, 2013 1:22 PM • out-of-band—Send the ping over the out-of-band interface. • vlan—The source vlan over which to send the echo request. • count—The number of echo request packets to send for each ttl value. (Range 1-10. Default 3). • interval—The time (in seconds) between successive echo requests. Default 3. • init-ttl—The initial TTL sent in the ICMP echo request packets (Range 1255. Default 1).
PAGE 1131
2CSNXXX_SWUM200.
PAGE 1132
2CSNXXX_SWUM200.
PAGE 1133
2CSNXXX_SWUM200.book Page 1133 Tuesday, December 10, 2013 1:22 PM 50 Loopback Interface Commands Dell Networking N2000/N3000/N4000 Series Switches Dell Networking provides for the creation, deletion, and management of loopback interfaces. They are dynamic interfaces that are created and deleted by user configuration. A loopback interface is always expected to be up. As such, it provides a means to configure a stable IP address on the device which may be referred to by other switches in the network.
PAGE 1134
2CSNXXX_SWUM200.book Page 1134 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example The following example enters the Interface Loopback 1 configuration mode. console(config)#interface loopback 1 console(config-if-loopback0)#ip address 192.168.22.1 255.255.255.255 console(config-if-loopback0)#exit console(config)#ex console#ping 192.168.22.1 Pinging 192.168.22.
PAGE 1135
2CSNXXX_SWUM200.book Page 1135 Tuesday, December 10, 2013 1:22 PM Examples The following examples display information about configured loopback interfaces. console# show interfaces loopback Loopback Id Interface IP Address ----------- --------- ---------1 loopback 1 0.0.0.0 Received Packets ---------------0 Sent Packets -----------0 console# show interfaces loopback 1 Interface Link Status.......................... Up IP Address..................................... 0.0.0.0 0.0.0.0 MTU size..............
PAGE 1136
2CSNXXX_SWUM200.
PAGE 1137
2CSNXXX_SWUM200.book Page 1137 Tuesday, December 10, 2013 1:22 PM 51 Multicast Commands Dell Networking N3000/N4000 Series Switches The Dell Network N2000 series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. The Dell Networking Multicast component is best suited for video and audio traffic requiring multicast packet control for optimal operation.
PAGE 1138
2CSNXXX_SWUM200.book Page 1138 Tuesday, December 10, 2013 1:22 PM mandatory. Discovering the local domain-name server is the intended use of multicast messages on remote networks when there is less than one server per network. • Applications used for datacasting: Since multimedia transmission has become increasingly popular, multicast transmission use has increased. Multicast transmission may be used to efficiently accommodate this type of communication.
PAGE 1139
2CSNXXX_SWUM200.book Page 1139 Tuesday, December 10, 2013 1:22 PM Syntax clear ip mroute { * | group-address [ source-address ] } • * —Deletes all IPv4 entries from the IP multicast routing table. • group-address— IP address of the multicast group. • source-address—IP address of a multicast srouce that is sending multicast traffic to the group. Default configuration There is no default configuration for this command.
PAGE 1140
2CSNXXX_SWUM200.book Page 1140 Tuesday, December 10, 2013 1:22 PM ip mcast boundary Use the ip multicast boundary command in Interface Configuration mode to add an administrative scope multicast boundary specified by groupipaddr and mask for which this multicast administrative boundary is applicable. groupipaddr is a group IP address and mask is a group IP mask. Syntax ip multicast boundary groupipaddr mask no ip multicast boundary groupipaddr • groupipaddr — IP address of multicast group.
PAGE 1141
2CSNXXX_SWUM200.book Page 1141 Tuesday, December 10, 2013 1:22 PM no ip mroute source-address mask • source-address — The IP address of the multicast data source. • mask — The IP subnet mask of the multicast data source. • rpf-address — The IP address of the next hop towards the source. • preference — The cost of the route (Range: 1 - 255). Default Configuration There is no default configuration for this command.
PAGE 1142
2CSNXXX_SWUM200.book Page 1142 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Use of a multicast routing protocol is recommended (e.g., PIM, when ip multicast is enabled). Unless required, IGMP/MLD snooping should be disabled when ip multicast is enabled.
PAGE 1143
2CSNXXX_SWUM200.book Page 1143 Tuesday, December 10, 2013 1:22 PM Syntax ip multicast ttl-threshold ttlvalue no ip multicast ttl-threshold • ttlvalue — Specifies TTL threshold. (Range: 0-255) Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example applies a ttlvalue of 5 to the VLAN 15 routing interface.
PAGE 1144
2CSNXXX_SWUM200.book Page 1144 Tuesday, December 10, 2013 1:22 PM Command Mode Interface (VLAN) Configuration mode User Guidelines PIM requires that routing, multicast, and IGMP be enabled. Example console(config)#ip routing console(config)#ip multicast console(config)#interface vlan 10 console(if-vlan-10)#ip pim ip pim bsr-border The ip pim bsr-border command is used in Interface (VLAN) Configuration mode to administratively disable bootstrap router (BSR) messages on the interface.
PAGE 1145
2CSNXXX_SWUM200.book Page 1145 Tuesday, December 10, 2013 1:22 PM ip pim bsr-candidate The ip pim bsr-candidate command is used to configure the router to advertise itself as a bootstrap router (BSR). Use the no form of this command to return to the default configuration. This command replaces the ip pimsm bsr-candidate, ip pimsm cbsrhaskmasklength and ip pimsm cbsrpreference commands.
PAGE 1146
2CSNXXX_SWUM200.book Page 1146 Tuesday, December 10, 2013 1:22 PM ip pim dense-mode Use the ip pim dense-mode command in Global Configuration mode to administratively configure PIM dense mode for IP multicast routing. Use the no form of this command to disable PIM. Syntax ip pim dense-mode no ip pim Default Configuration PIM is not enabled by default. Command Mode Global Configuration mode User Guidelines Only one of sparse or dense mode can be configured on a router.
PAGE 1147
2CSNXXX_SWUM200.book Page 1147 Tuesday, December 10, 2013 1:22 PM no ip pim dr-priority • priority — The administratively configured priority (Range: 0–2147483647). Default Configuration The default election priority is 1. Command Mode Interface (VLAN) Configuration mode User Guidelines This command only has an effect if sparse mode is enabled. Lower values are preferred.
PAGE 1148
2CSNXXX_SWUM200.book Page 1148 Tuesday, December 10, 2013 1:22 PM User Guidelines There are no user guidelines for this command. Example console(config-if-vlan10)#ip pim hello-interval 20 ip pim join-prune-interval The ip pim join-prune-interval command in Interface (VLAN) Configuration mode to administratively configure the frequency of join/prune messages on the specified interface. Use the no form of this command to return the configuration to the default.
PAGE 1149
2CSNXXX_SWUM200.book Page 1149 Tuesday, December 10, 2013 1:22 PM ip pim rp-address Use the ip pim rp-address command in Global Configuration mode to define the address of a PIM Rendezvous point (RP) for a specific multicast group range. Use the no form of this command to remove a configured RP. This command replaces the ip pimsm rp-address command.
PAGE 1150
2CSNXXX_SWUM200.book Page 1150 Tuesday, December 10, 2013 1:22 PM ip pim rp-candidate Use the ip pim rp-candidate command in Global Configuration mode to configure the router to advertise itself to the bootstrap router (BSR) router as a PIM candidate rendezvous point (RP) for a specific multicast group range. Use the no form of this command to return to the default configuration. This command replaces the ip pimsm rp-candidate command.
PAGE 1151
2CSNXXX_SWUM200.book Page 1151 Tuesday, December 10, 2013 1:22 PM Syntax ip pim sparse-mode no ip pim Default Configuration PIM not enabled by default. Command Mode Global Configuration mode User Guidelines Only one of sparse or dense mode can be configured on a router.IGMP is automatically enabled if PIM is enabled and disabled when PIM is disabled. IP multicast must be enabled for PIM to operate. ip multicast-routing is not disabled or enabled by this command.
PAGE 1152
2CSNXXX_SWUM200.book Page 1152 Tuesday, December 10, 2013 1:22 PM • group-address—An IP multicast group address. • group-mask—An IPv4 mask in a.b.c.d form where a, b, c and d range from 0-255. Default Configuration There are no group addresses configured by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ip pim ssm 239.0.10.0 255.255.255.
PAGE 1153
2CSNXXX_SWUM200.book Page 1153 Tuesday, December 10, 2013 1:22 PM Example The following example displays system-wide multicast information. console#show ip multicast Admin Mode........................... Protocol State....................... Table Max Size....................... Protocol.............................
PAGE 1154
2CSNXXX_SWUM200.book Page 1154 Tuesday, December 10, 2013 1:22 PM show ip multicast interface Use the show ip multicast interface command in Privileged EXEC mode to display the multicast information for the specified interface. Syntax show ip multicast interface [type number] • type number—Interface type and number for which to display IP multicast information. VLAN Vlan-ID is the only supported type and number. Default Configuration Show information for all multicast interfaces.
PAGE 1155
2CSNXXX_SWUM200.book Page 1155 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show ip mroute Multicast route table Expiry Up Time Source IP Group IP (mm:ss) (hh:mm:ss) RPF Neighbor Flags --------------- --------------- -------- ----------- --------------- ----192.168.0.11 239.0.5.7 3:03 15:54:12 192.
PAGE 1156
2CSNXXX_SWUM200.book Page 1156 Tuesday, December 10, 2013 1:22 PM Example The following example displays the multicast configuration settings such as flags, timer settings, incoming and outgoing interfaces. console#show ip mroute group 224.5.5.5 summary console#show ip mroute group 224.5.5.
PAGE 1157
2CSNXXX_SWUM200.book Page 1157 Tuesday, December 10, 2013 1:22 PM show ip mroute static Use the show ip mroute static command in Privileged EXEC mode to display all the static routes configured in the static mcast table if it is specified or display the static route associated with the particular sourceipaddr. Syntax show ip mroute static [sourceipaddr] • sourceipaddr — IP address of source. Default Configuration This command has no default configuration.
PAGE 1158
2CSNXXX_SWUM200.book Page 1158 Tuesday, December 10, 2013 1:22 PM Default Configuration There is no default configuration for this command. Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines The following information is displayed: Field Description PIM Mode The routers that are enabled for PIM. Example console#show ip pim PIM Mode............................. None If no routers are enabled for PIM, the following message is displayed.
PAGE 1159
2CSNXXX_SWUM200.book Page 1159 Tuesday, December 10, 2013 1:22 PM Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines The following information is displayed: Field Description BSR address IP address of the BSR. BSR Priority The configured BSR priority. BSR Hash Mask Length The configured hash mask length (32 bits maximum). Next Bootstrap Message Time remaining (in hours, minutes, and seconds) until a in BSR message is sent.
PAGE 1160
2CSNXXX_SWUM200.book Page 1160 Tuesday, December 10, 2013 1:22 PM • vlan-id — A valid VLAN ID for which multicast routing has been enabled.
PAGE 1161
2CSNXXX_SWUM200.book Page 1161 Tuesday, December 10, 2013 1:22 PM ModeSparse Hello Interval (secs)30 Join Prune Interval (secs)60 DR Priority1 BSR BorderDisabled Neighbor Count1 Designated Router192.168.10.1 If none of the interfaces are enabled for PIM, the following message is displayed: None of the routing interfaces are enabled for PIM show ip pim neighbor Use the show ip pim neighbor command in User EXEC or Privileged EXEC modes to display PIM neighbors discovered by PIMv2 Hello messages.
PAGE 1162
2CSNXXX_SWUM200.book Page 1162 Tuesday, December 10, 2013 1:22 PM Field Description Expiry Time Time remaining for the neighbor to expire Example (console)#show ip pim neighbor vlan 10 Up Time Expiry Time Neighbor Addr Interface hh:mm:ss hh:mm:ss --------------- ---------- --------- ----------192.168.10.2 VLAN0010 00:02:55 00:01:15 (console) #show ip pim neighbor Neighbor Addr Interface --------------- --------192.168.10.2 VLAN0001 192.168.20.
PAGE 1163
2CSNXXX_SWUM200.book Page 1163 Tuesday, December 10, 2013 1:22 PM User Guidelines The following fields are displayed: Field Description RP Address Address of the RP Type Origin from where this group mapping was learned. Example console#show ip pim rp hash 224.1.2.0 RP Address192.168.10.1 TypeStatic If no RP Group mapping exists on the router, the following message is displayed: No RP-Group mappings exist/learned on this router.ny interface.
PAGE 1164
2CSNXXX_SWUM200.book Page 1164 Tuesday, December 10, 2013 1:22 PM Field Description RP Address Address of the RP Group Address Address of the multicast group. Group Mask Mask for the group address. Origin Origin from where this group mapping is learned. Example console#show ip pim rp mapping candidate RP Address.................................... Group Address.............................. Group Mask................................. Origin.....................................
PAGE 1165
2CSNXXX_SWUM200.
PAGE 1166
2CSNXXX_SWUM200.
PAGE 1167
2CSNXXX_SWUM200.book Page 1167 Tuesday, December 10, 2013 1:22 PM IPv6 Multicast Commands 52 Dell Networking N3000/N4000 Series Switches The Dell Network N2000 series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities.
PAGE 1168
2CSNXXX_SWUM200.book Page 1168 Tuesday, December 10, 2013 1:22 PM Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command does not clear static multicast route entries. When a * entry is deleted through this command, it cannot be formed again until it is expired in MLD and started again via the host. The default mcache time-out is 210 seconds.
PAGE 1169
2CSNXXX_SWUM200.book Page 1169 Tuesday, December 10, 2013 1:22 PM Default Configuration PIM is disabled by default. Command Mode Interface Configuration (VLAN) mode User Guidelines Either PIM-SM or PIM-DM are enabled by this command depending on the globally configured mode. Refer to the ip pim sparse-mode and ip pim dense-mode commands for further information.
PAGE 1170
2CSNXXX_SWUM200.book Page 1170 Tuesday, December 10, 2013 1:22 PM ipv6 pim bsr-candidate Use the ipv6 pim bsr-candidate command to configure the router to announce its candidacy as a bootstrap router (BSR). Use the no form of this command to stop the router from announcing its candidacy as a bootstrap router. Syntax ipv6 pim bsr-candidate vlan vlan-id hash-mask-len [priority][interval] no ipv6 pim bsr-candidate vlan vlan-id • vlan-id — A valid VLAN ID value.
PAGE 1171
2CSNXXX_SWUM200.book Page 1171 Tuesday, December 10, 2013 1:22 PM Example console(config)#ipv6 pim bsr-candidate vlan 9 10 34 ipv6 pim dense-mode Use the ipv6 pim dense-mode command in Global configuration mode to administratively configure PIM dense mode for IPv6 multicast routing. This command also enables MLD. Use the no form of this command to disable PIM and MLD. This command does not affect ip multicast-routing.
PAGE 1172
2CSNXXX_SWUM200.book Page 1172 Tuesday, December 10, 2013 1:22 PM • priority —The election priority (Range: 0–2147483647). Default Configuration The default election priority is 1. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 pim dr-priority 10 ipv6 pim hello-interval Use the ipv6 pim hello-interval command to configure the PIM-SM Hello Interval for the specified interface.
PAGE 1173
2CSNXXX_SWUM200.book Page 1173 Tuesday, December 10, 2013 1:22 PM Example console(config-if-vlan3)#ipv6 pim hello-interval 45 ipv6 pim join-prune-interval Use the ipv6 pim join-prune-interval command to configure the interface join/prune interval for the PIM-SM router. Use the no form of this command to set the join/prune interval to the default. Syntax ipv6 pim join-prune-interval interval no ipv6 pim join-prune-interval • interval— The join/prune interval (Range: 0–18000 seconds).
PAGE 1174
2CSNXXX_SWUM200.book Page 1174 Tuesday, December 10, 2013 1:22 PM Default Configuration The default threshold rate is 0. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 pim register-threshold 250 ipv6 pim rp-address Use the ipv6 pim rp-address command to statically configure the RP address for one or more multicast groups.
PAGE 1175
2CSNXXX_SWUM200.book Page 1175 Tuesday, December 10, 2013 1:22 PM User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 pim rp-address 2001::1 ff1e::/64 ipv6 pim rp-candidate Use the ipv6 pim rp-candidate command to configure the router to advertise itself as a PIM candidate rendezvous point (RP) to the bootstrap router (BSR).
PAGE 1176
2CSNXXX_SWUM200.book Page 1176 Tuesday, December 10, 2013 1:22 PM Example console(config)#ipv6 pim rp-candidate vlan 6 ff1e::/64 ipv6 pim sparse-mode Use the ipv6 pim sparse-mode command to administratively configure PIM sparse mode for multicast routing. This command also enables MLD. Use the no form of this command to disable PIM and MLD. Syntax ipv6 pim sparse-mode no ipv6 pim Default Configuration IPv6 PIM sparse mode is disabled by default.
PAGE 1177
2CSNXXX_SWUM200.book Page 1177 Tuesday, December 10, 2013 1:22 PM • prefixlength —This parameter specifies the prefix length of the IP address for the media gateway. (Range: 1–32) Default Configuration The default range is FF3x::/32. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 pim ssm ff1e::/64 show ipv6 pim Use the show ipv6 pim command to display global status of IPv6 PIMSM and its IPv6 routing interfaces.
PAGE 1178
2CSNXXX_SWUM200.book Page 1178 Tuesday, December 10, 2013 1:22 PM Interface --------Vl1 Interface-Mode -------------Enabled Operational-Status -----------------Operational show ipv6 pim bsr-router Use the show ipv6 pim bsr-router command to display the bootstrap router (BSR) information. Syntax show ipv6 pim bsr-router { candidate | elected } • candidate—Show the IPv6 PIM candidate bootstrap router information. • elected—Show the IPv6 elected PIM bootstrap router information.
PAGE 1179
2CSNXXX_SWUM200.book Page 1179 Tuesday, December 10, 2013 1:22 PM Example console(config)#show ipv6 pim bsr-router candidate BSR Address.................................... 2001:0db8:0:badc::1 BSR Priority................................. 0 BSR Hash Mask Length......................... 64 C-BSR Advertisement Interval (secs).......... 60 Next Bootstrap message (hh:mm:ss)............
PAGE 1180
2CSNXXX_SWUM200.book Page 1180 Tuesday, December 10, 2013 1:22 PM show ipv6 mroute Use the show ipv6 mroute command in Privileged EXEC mode to display a summary or all the details of the multicast table. Syntax show ipv6 mroute [group groupip [summary] | source sourceip [summary] | static summary] • group—Show the multicast route information for the specified multicast group. • source—Show the multicast route information for the specified multicast source.
PAGE 1181
2CSNXXX_SWUM200.book Page 1181 Tuesday, December 10, 2013 1:22 PM Multicast Route Table Summary Source IP Group IP Protocol IIF OIF Expiry --------------- --------------- -------- --------- --------- ------* FF43::5 PIMSM Vl11 Vl13 2001::5 FF43::5 PIMSM Vl12 Vl11 Vl13 console#show ipv6 mroute source 2001::5 ? | summary Press enter to execute the command. Output filter options. Display the IPV6 multicast routing table summary.
PAGE 1182
2CSNXXX_SWUM200.
PAGE 1183
2CSNXXX_SWUM200.
PAGE 1184
2CSNXXX_SWUM200.book Page 1184 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example console#show ipv6 mroute source 2001::5 ? | summary Press enter to execute the command. Output filter options. Display the IPV6 multicast routing table summary.
PAGE 1185
2CSNXXX_SWUM200.book Page 1185 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show ipv6 pim interface vlan 6 Slot/Port...................................... IP Address..................................... Hello Interval (secs).......................... Join Prune Interval (secs)..................... Neighbor Count ................................
PAGE 1186
2CSNXXX_SWUM200.book Page 1186 Tuesday, December 10, 2013 1:22 PM Slot/Port...................................... Neighbor Address............................... Up Time (hh:mm:ss)............................. Expiry Time (hh:mm:ss)......................... DR Priority.................................... vlan 6 FE80::200:FF:FE00:33 00:00:12 00:01:34 0 show ipv6 pim rp-hash Use the show ipv6 pim rp-hash command to display which rendezvous point (RP) is being selected for a specified group.
PAGE 1187
2CSNXXX_SWUM200.book Page 1187 Tuesday, December 10, 2013 1:22 PM Syntax show ipv6 pim rp mapping [ rp-address | candidate | static ] • rp-address — IP address of RP. • candidate—Show candidate rendezvous point mappings. • static—Show static rendezvous point mappings. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
PAGE 1188
2CSNXXX_SWUM200.
PAGE 1189
2CSNXXX_SWUM200.
PAGE 1190
2CSNXXX_SWUM200.
PAGE 1191
2CSNXXX_SWUM200.book Page 1191 Tuesday, December 10, 2013 1:22 PM 53 OSPF Commands Dell Networking N3000/N4000 Series Switches The Dell Network N2000 series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. OSPF is a link-state protocol. Dell Networking OSPF supports variablelength subnet masks. Dell Networking OSPF only operates over VLAN interfaces. OSPF operates within a hierarchy.
PAGE 1192
2CSNXXX_SWUM200.book Page 1192 Tuesday, December 10, 2013 1:22 PM The Dell Networking routing OSPF NSSA feature supports RFC 3101, The OSPF Not-So-Stubby Area (NSSA) Option.
PAGE 1193
2CSNXXX_SWUM200.book Page 1193 Tuesday, December 10, 2013 1:22 PM • Configured Statically: If an operator configures multiple static routes to the exact same destination but with different next hops, those routes are treated as a single route with two next hops. • Learned Dynamically: Routing protocols can learn ECMP routes. For example, if OSPF is configured on both links connecting Router A to Router B with interface addresses 10.1.1.2 and 10.1.2.
PAGE 1194
2CSNXXX_SWUM200.book Page 1194 Tuesday, December 10, 2013 1:22 PM Passive Interfaces The passive interface feature is used to disable sending OSPF routing updates on an interface. An OSPF adjacency will not be formed on such an interface. On a passive interface, subnet prefixes for IP addresses configured on the interface will continue to be advertised as stub networks. Graceful Restart The Dell Networking implementation of OSPFv2 supports graceful restart as specified in RFC 3623.
PAGE 1195
2CSNXXX_SWUM200.
PAGE 1196
2CSNXXX_SWUM200.book Page 1196 Tuesday, December 10, 2013 1:22 PM area default-cost (Router OSPF) Use the area default-cost command in Router OSPF Configuration mode to configure the advertised default cost for the stub area. Use the no form of the command to return the cost to the default value. Syntax area area-id default-cost integer no area area-id default-cost • area-id — Identifies the OSPF stub area to configure.
PAGE 1197
2CSNXXX_SWUM200.book Page 1197 Tuesday, December 10, 2013 1:22 PM Syntax area area-id nssa [no-redistribution] [default-information-originate [metric metric-value] [metric-type metric-type-value]] [no-summary] [translator- role role] [translator-stab-intv interval] no area area-id nssa [no-redistribution] [default-information-originate] [nosummary] [translator-role] [translator-stab-intv] • area-id—Identifies the OSPF stub area to configure.
PAGE 1198
2CSNXXX_SWUM200.book Page 1198 Tuesday, December 10, 2013 1:22 PM Example The following example configures not-so-stubby-area 10 as an NSSA. console(config)#router ospf console(config-router)#area 10 nssa The following example configures the metric value and type for the default route advertised into the NSSA and configures the NSSA so that summary LSAs are not advertised into the NSSA.
PAGE 1199
2CSNXXX_SWUM200.book Page 1199 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example configures the metric value and type for the default route advertised into the NSSA.
PAGE 1200
2CSNXXX_SWUM200.book Page 1200 Tuesday, December 10, 2013 1:22 PM area nssa no-summary Use the area nssa no-summary command in Router OSPF Configuration mode to configure the NSSA so that summary LSAs are not advertised into the NSSA. Syntax area area-id nssa no-summary no area area-id nssa no-summary • area-id — Identifies the OSPF NSSA to configure. (Range: 0–4294967295) Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode.
PAGE 1201
2CSNXXX_SWUM200.book Page 1201 Tuesday, December 10, 2013 1:22 PM • always — The router assumes the role of the translator when it becomes a border router. • candidate — The router to participate in the translator election process when it attains border router status. Default Configuration The default role is candidate. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the translator role of the NSSA.
PAGE 1202
2CSNXXX_SWUM200.book Page 1202 Tuesday, December 10, 2013 1:22 PM Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the translator stability interval of the area 20 NSSA. console(config-router)#area 20 nssa translator-stab-intv 2000 area range (Router OSPF) Use the area range command in Router OSPF Configuration mode to configure a summary prefix that an area border router advertises for a specific area.
PAGE 1203
2CSNXXX_SWUM200.book Page 1203 Tuesday, December 10, 2013 1:22 PM • advertise—[Optional] When this keyword is given, the summary prefix is advertised when the area range is active. This is the default. • not-advertise—[Optional] When this keyword is given, neither the summary prefix nor the contained prefixes are advertised when the area range is active. Then the not-advertise option is given, any static cost previously configured is removed from the system configuration.
PAGE 1204
2CSNXXX_SWUM200.book Page 1204 Tuesday, December 10, 2013 1:22 PM console (config-router)#area 1 range 10.0.0.0 255.0.0.0 summarylink notadvertise !! Advertise summary. console (config-router)#no area 1 range 10.0.0.0 255.0.0.0 summarylink notadvertise The no form may be use to remove a static area range cost, so that OSPF sets the cost to the largest cost among the contained routes. For example: !! Create area range with static cost. console (config-router)#area 1 range 10.0.0.0 255.0.0.
PAGE 1205
2CSNXXX_SWUM200.book Page 1205 Tuesday, December 10, 2013 1:22 PM Example The following example defines an area range for the area 20. console(config-router)#area 20 range 192.168.6.0 255.255.255.0 summarylink advertise area stub Use the area stub command in Router OSPF Configuration mode to create a stub area for the specified area ID. A stub area is characterized by the fact that AS External LSAs are not propagated into the area.
PAGE 1206
2CSNXXX_SWUM200.book Page 1206 Tuesday, December 10, 2013 1:22 PM area stub no-summary Use the area stub no-summary command in Router OSPF Configuration mode to prevent Summary LSAs from being advertised into the NSSA. Use the no form of the command to return the Summary LSA mode to the default value. Syntax area area-id stub no-summary no area area-id stub no-summary • area-id — Identifies the OSPF area to configure.
PAGE 1207
2CSNXXX_SWUM200.
PAGE 1208
2CSNXXX_SWUM200.book Page 1208 Tuesday, December 10, 2013 1:22 PM Default Configuration Parameter Default area-id No area ID is predefined. router-id No router ID is predefined. hello-interval seconds 10 seconds retransmit-interval seconds 5 seconds transmit-delay seconds 1 second dead-interval seconds 40 seconds authentication-key key No key is predefined. message-digest-key key-id md5 key No key is predefined. Command Mode Router OSPF Configuration mode.
PAGE 1209
2CSNXXX_SWUM200.book Page 1209 Tuesday, December 10, 2013 1:22 PM network 10.50.50.0 0.0.0.255 area 10 area 10.0.0.0 virtual-link 10.3.4.5 message-digest-key 100 md5 test123 area virtual-link authentication Use the area virtual-link authentication command in Router OSPF Configuration mode to configure the authentication type and key for the OSPF virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the authentication type to the default value.
PAGE 1210
2CSNXXX_SWUM200.book Page 1210 Tuesday, December 10, 2013 1:22 PM Example The following example configures the authentication type and key for the area 10 OSPF virtual interface and neighbor ID. console(config-router)#area 10 virtual-link 192.168.2.7 authentication console(config-router)#area 10 virtual-link 192.168.2.
PAGE 1211
2CSNXXX_SWUM200.book Page 1211 Tuesday, December 10, 2013 1:22 PM Example The following example configures the dead interval for the area 10 OSPF virtual interface on the virtual interface and neighbor router. console(config-router)#area 10 virtual-link 192.168.2.
PAGE 1212
2CSNXXX_SWUM200.book Page 1212 Tuesday, December 10, 2013 1:22 PM area virtual-link retransmit-interval Use the area virtual-link retransmit-interval command in Router OSPF Configuration mode to configure the retransmit interval for the OSPF virtual interface on the virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the retransmit interval to the default value.
PAGE 1213
2CSNXXX_SWUM200.book Page 1213 Tuesday, December 10, 2013 1:22 PM area virtual-link transmit-delay Use the area virtual-link transmit-delay command in Router OSPF Configuration mode to configure the transmit delay for the OSPF virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the transmit delay to the default value.
PAGE 1214
2CSNXXX_SWUM200.book Page 1214 Tuesday, December 10, 2013 1:22 PM bandwidth is defined by the “bandwidth” command. Because the default reference bandwidth is 100 Mbps, OSPF uses the same default link cost for all interfaces whose bandwidth is 100 Mbps or greater. To change the reference bandwidth, use the auto-cost command, specifying the reference bandwidth in megabits per second. The different reference bandwidth can be independently configured for OSPFv2 and OSPFv3.
PAGE 1215
2CSNXXX_SWUM200.book Page 1215 Tuesday, December 10, 2013 1:22 PM Syntax bandwidth bw • bw — Interface bandwidth in Kbps (Range: 1–10000000). Default Configuration The default reference bandwidth is 10 Mbps Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example The following example configures the interface bandwidth to 500000 Kbps.
PAGE 1216
2CSNXXX_SWUM200.book Page 1216 Tuesday, December 10, 2013 1:22 PM Example console(config-router)#capability opaque clear ip ospf Use the clear ip ospf command to reset specific OSPF states. If no parameters are specified, OSPF is disabled and then reenabled. Syntax clear ip ospf [{configuration | redistribution | counters | neighbor [interface vlan vlan id [neighbor id]]}] • configuration — Reset the OSPF configuration to factory defaults. • redistribution — Flush all self-originated external LSAs.
PAGE 1217
2CSNXXX_SWUM200.book Page 1217 Tuesday, December 10, 2013 1:22 PM Press enter to execute the command. configuration Restore OSPF configuration to defaults counters Clear OSPF counters neighbor Bounce all OSPF neighbors redistribution Flush and reoriginate external LSAs clear ip ospf stub-router Use the clear ip ospf stub-router command in Privileged EXEC mode to force OSPF to exit stub router mode when it has automatically entered stub router mode because of a resource limitation.
PAGE 1218
2CSNXXX_SWUM200.book Page 1218 Tuesday, December 10, 2013 1:22 PM Syntax Description This command has no arguments or keywords. Default Configuration Compatible with RFC 1583. Command Mode Router OSPF Configuration mode. User Guidelines If all OSPF routers in the routing domain are capable of operating according to RFC 2328, OSPF 1583 compatibility mode should be disabled. Example The following example enables 1583 compatibility.
PAGE 1219
2CSNXXX_SWUM200.book Page 1219 Tuesday, December 10, 2013 1:22 PM 2 External type-2 route. Default Configuration The default configuration is no default-information originate. The default metric is none and the default type is 2. Command Mode Router OSPF Configuration mode. User Guidelines The only routers that actually have Internet connectivity should advertise a default route. All other routers in the network should learn the default route from the routers that have connections to the Internet.
PAGE 1220
2CSNXXX_SWUM200.book Page 1220 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets a value of 50 for the default metric. console(config-router)#default-metric 50 distance ospf The distance ospf command sets the preference values of OSPF route types in the router.
PAGE 1221
2CSNXXX_SWUM200.book Page 1221 Tuesday, December 10, 2013 1:22 PM Default Configuration The default preference value is 110 for dist1, dist2 and dist3. Command Mode Router OSPF Configuration mode. Router OSPFv3 Configuration mode. User Guidelines There are no user guidelines for this command. Examples The following examples set route preference values of OSPF in the router.
PAGE 1222
2CSNXXX_SWUM200.book Page 1222 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example specifies the access list to filter routes received from the RIP source protocol. console(config-router)#distribute-list ACL40 out rip enable This command has been deprecated.
PAGE 1223
2CSNXXX_SWUM200.book Page 1223 Tuesday, December 10, 2013 1:22 PM Example The following example enables OSPF router mode. console(config-router)#enable exit-overflow-interval Use the exit-overflow-interval command in Router OSPF Configuration mode to configure the exit overflow interval for OSPF. When a router leaves the overflow state it can originate non-default AS-external-LSAs. When set to 0, the router will not leave Overflow State until restarted.
PAGE 1224
2CSNXXX_SWUM200.book Page 1224 Tuesday, December 10, 2013 1:22 PM external-lsdb-limit Use the external-lsdb-limit command in Router OSPF Configuration mode to configure the external LSDB limit for OSPF. If the value is -1, then there is no limit. When the number of non-default AS-external-LSAs in a router's link-state database reaches the external LSDB limit, the router enters overflow state. The router never holds more than the external LSDB limit non-default AS-external-LSAs in it database.
PAGE 1225
2CSNXXX_SWUM200.book Page 1225 Tuesday, December 10, 2013 1:22 PM ip ospf area The ip ospf area command enables OSPFv2 and sets the area ID of an interface. This command supersedes the effects of network area command. It can also configure the advertisability of the secondary addresses on this interface into OSPFv2 domain. Use the “no” form of this command to disable OSPFv2 on an interface.
PAGE 1226
2CSNXXX_SWUM200.book Page 1226 Tuesday, December 10, 2013 1:22 PM no ip ospf authentication • encrypt — MD5 encrypted authentication key. • key — Authentication key for the specified interface. (Range: 8 bytes or less if the authentication type is simple and 16 bytes or less if the type is encrypt.) • key-id — Authentication key identifier for the authentication type encrypt. (Range: 0–25) Default Configuration This command has no default configuration.
PAGE 1227
2CSNXXX_SWUM200.book Page 1227 Tuesday, December 10, 2013 1:22 PM Default Configuration 10 is the default link-state metric configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example configures the cost on the OSPF interface at 5.
PAGE 1228
2CSNXXX_SWUM200.book Page 1228 Tuesday, December 10, 2013 1:22 PM ip ospf dead-interval Use the ip ospf dead-interval command in Interface Configuration to set the OSPF dead interval for the specified interface. Use the no form of the command to return the interval to the default value. Syntax ip ospf dead-interval seconds no ip ospf dead-interval • seconds — Number of seconds that a router's Hello packets have not been seen before its neighbor routers declare that the router is down.
PAGE 1229
2CSNXXX_SWUM200.book Page 1229 Tuesday, December 10, 2013 1:22 PM no ip ospf hello-interval • seconds — Number of seconds to wait before sending Hello packets from the interface. (Range: 1–65535) Default Configuration 10 is the default number of seconds. Command Mode Interface Configuration (VLAN) mode. User Guidelines The value for the length of time must be the same for all routers attached to a network. Example The following example sets the OSPF hello interval at 30 seconds.
PAGE 1230
2CSNXXX_SWUM200.book Page 1230 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example disables OSPF MTU mismatch detection on VLAN interface 15. console(config-if-vlan1)#ip ospf mtu-ignore ip ospf network Use the ip ospf network command to configure OSPF to treat an interface as a point-to-point rather than broadcast interface.
PAGE 1231
2CSNXXX_SWUM200.book Page 1231 Tuesday, December 10, 2013 1:22 PM User Guidelines OSPF treats interfaces as broadcast interfaces by default. Loopback interfaces have a special loopback network type, which cannot be changed. When there are only two routers on the network, OSPF can operate more efficiently by treating the network as a point-to-point network. For point-to-point networks, OSPF does not elect a designated router or generate a network link state advertisement (LSA).
PAGE 1232
2CSNXXX_SWUM200.book Page 1232 Tuesday, December 10, 2013 1:22 PM User Guidelines A value of 1 is the highest router priority. A value of 0 indicates that the interface is not eligible to become the designated router on this network. Example The following example sets the OSPF priority for the VLAN 15 router at 100.
PAGE 1233
2CSNXXX_SWUM200.book Page 1233 Tuesday, December 10, 2013 1:22 PM console(config-if-vlan1)#ip ospf retransmit-interval 50 ip ospf transmit-delay Use the ip ospf transmit-delay command in Interface Configuration mode to set the OSPF Transit Delay for the specified interface. Use the no form of the command to return the delay to the default value.
PAGE 1234
2CSNXXX_SWUM200.book Page 1234 Tuesday, December 10, 2013 1:22 PM Syntax log-adjacency-changes [detail] no log-adjacency-changes [detail] • detail—(Optional) When this keyword is specified, all adjacency state changes are logged. Otherwise, OSPF only logs transitions to FULL state and when a backwards transition occurs. Default Configuration Adjacency changes are not logged by default. Command Mode OSPFv2 Router Configuration mode User Guidelines State changes are logged with INFORMATIONAL severity.
PAGE 1235
2CSNXXX_SWUM200.book Page 1235 Tuesday, December 10, 2013 1:22 PM Default Configuration By default, OSPF is not in stub router mode. Command Mode OSPFv2 Global Configuration mode User Guidelines When OSPF is in stub router mode, as defined by RFC 3137, OSPF sets the metric in the non-stub links in its router LSA to LsInfinity. Other routers therefore compute very long paths through the stub router, and prefer any alternate path.
PAGE 1236
2CSNXXX_SWUM200.book Page 1236 Tuesday, December 10, 2013 1:22 PM maximum-paths Use the maximum-paths command in Router OSPF Configuration mode to set the number of paths that OSPF can report for a given destination. Use the no form of the command to reset the number to the default value. Syntax maximum-paths integer no maximum-paths • integer — Number of paths that OSPF can report for a given destination. (Range: 1–4.) Default Configuration 4 is the integer default value.
PAGE 1237
2CSNXXX_SWUM200.book Page 1237 Tuesday, December 10, 2013 1:22 PM network area The network area command enables OSPFv2 on an interface and sets its area ID if the ip-address of an interface is covered by this network command. Use the “no” form of this command to disable OSPFv2 on an interface. Syntax network ip-address wildcard-mask area area-id no network ip-address wildcard-mask area area-id • ip-address — Base IPv4 address of the network area.
PAGE 1238
2CSNXXX_SWUM200.book Page 1238 Tuesday, December 10, 2013 1:22 PM nsf Use this command to enable OSPF graceful restart. Use the no form of this command to disable graceful restart. Syntax nsf [ietf] [planned-only] no nsf [ietf] • ietf — This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations. Since the IETF implementation is the only one supported, this keyword is optional.
PAGE 1239
2CSNXXX_SWUM200.book Page 1239 Tuesday, December 10, 2013 1:22 PM nsf helper Use the nsf-helper to allow OSPF to act as a helpful neighbor for a restarting router. Use the “no” form of this command to prevent OSPF from acting as a helpful neighbor. Syntax nsf [ietf] helper[planned-only] no nsf [ietf] helper • planned-only — This keyword indicates that OSPF should only help a restarting router performing a planned restart.
PAGE 1240
2CSNXXX_SWUM200.book Page 1240 Tuesday, December 10, 2013 1:22 PM no nsf [ietf] helper strict-lsa-checking • ietf —This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations. Since the IETF implementation is the only one supported, this keyword is optional. Default Configuration A helpful neighbor exits helper mode when a topology change occurs.
PAGE 1241
2CSNXXX_SWUM200.book Page 1241 Tuesday, December 10, 2013 1:22 PM • seconds — The number of seconds that the restarting router asks its neighbors to wait before exiting helper mode. The restarting router includes the restart interval in its grace LSAs (range 1–1800 seconds). Default Configuration The default restart interval is 120 seconds.
PAGE 1242
2CSNXXX_SWUM200.book Page 1242 Tuesday, December 10, 2013 1:22 PM User Guidelines There are no user guidelines for this command. Example console(config-router)#passive-interface passive-interface Use the passive-interface command to set the interface as passive. It overrides the global passive mode that is currently effective on the interface. Use the “no” form of this command to set the interface as non-passive.
PAGE 1243
2CSNXXX_SWUM200.book Page 1243 Tuesday, December 10, 2013 1:22 PM Syntax redistribute protocol [metric metric-value] [metric-type type-value] [tag tag-value] [subnets] no redistribute protocol [metric] [metric-type] [tag] [subnets] • protocol —One of the following: – rip - Specifies RIP as the source protocol. – static - Specifies that the source is a static route. – connected - Specifies that the source is a directly connected route. • static—Specifies that the source is a static route.
PAGE 1244
2CSNXXX_SWUM200.book Page 1244 Tuesday, December 10, 2013 1:22 PM console(config-router)#redistribute rip metric 90 metric-type 1 tag 555 subnets router-id Use the router-id command in Router OSPF Configuration mode to set a 32bit integer in 4-digit dotted-decimal number uniquely identifying the router ID. Syntax router-id router-id • router-id— A 32-bit interface (in IPv4 address format) that uniquely identifies the router ID. Default Configuration There is no default router ID.
PAGE 1245
2CSNXXX_SWUM200.book Page 1245 Tuesday, December 10, 2013 1:22 PM Syntax router ospf no router ospf Default Configuration OSPF routing is not enabled by default Command Mode Global Configuration mode. User Guidelines The command prompt changes when the router ospf command executes. Example The following example enters into router OSPF mode. console(config)#router ospf console(config-router)# show ip ospf Use the show ip ospf command to display information relevant to the OSPF router.
PAGE 1246
2CSNXXX_SWUM200.book Page 1246 Tuesday, December 10, 2013 1:22 PM User Guidelines Some of the information below displays only if you enable OSPF and configure certain features. The following fields may be displayed: Field Description Router ID A 32-bit integer in dotted decimal format identifying the router about which information is displayed. This is a configured value. OSPF Admin Mode Shows whether OSPF is administratively enabled or disabled.
PAGE 1247
2CSNXXX_SWUM200.book Page 1247 Tuesday, December 10, 2013 1:22 PM Default Passive Setting When enabled, OSPF interfaces are passive by default. Maximum Paths Shows the maximum number of paths that OSPF can report for a given destination. Default Metric Default metric for redistributed routes. Stub Router Configuration One of Always, Startup, or None. Stub Router Startup Time Configured value in seconds. This row is only listed if OSPF is configured to be a stub router at startup.
PAGE 1248
2CSNXXX_SWUM200.book Page 1248 Tuesday, December 10, 2013 1:22 PM External LSDB Overflow OSPF enters this state when the number of external LSAs exceeds a configured limit, as described in RFC 1765. External LSA Count Shows the number of external (LS type 5) link-state advertisements in the link-state database. External LSA Checksum Shows the sum of the LS checksums of external link-state advertisements contained in the link-state database. AS_OPAQUE LSA Shows the number of AS Opaque LSAs received.
PAGE 1249
2CSNXXX_SWUM200.book Page 1249 Tuesday, December 10, 2013 1:22 PM NSF Restart Status Whether the router is currently performing a graceful restart. NSF Restart Age The number of seconds until a graceful restart expires. Only non-zero when the router is in graceful restart. NSF Restart Exit Reason The reason the previous graceful restart ended. Possible values are Not attempted, In progress, Completed, Timed out, Topology change, and Manual clear.
PAGE 1250
2CSNXXX_SWUM200.book Page 1250 Tuesday, December 10, 2013 1:22 PM Default Route Advertise.............. Always............................... Metric............................... Metric Type.......................... Disabled FALSE Not configured External Type 2 Number of Active Areas... 1 (1 normal, 0 stub, 0 nssa) ABR Status........................... Disable ASBR Status.......................... Disable Stub Router.......................... FALSE External LSDB Overflow...............
PAGE 1251
2CSNXXX_SWUM200.book Page 1251 Tuesday, December 10, 2013 1:22 PM Flood Pacing Interval.......................... LSA Refresh Group Pacing Time.................. Opaque Capability.............................. AutoCost Ref BW................................ Default Passive Setting........................ Maximum Paths.................................. Default Metric................................. Stub Router Configuration...................... Stub Router Startup Time....................
PAGE 1252
2CSNXXX_SWUM200.book Page 1252 Tuesday, December 10, 2013 1:22 PM Syntax show ip ospf abr Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show ip ospf abr Type Router Id Cost Area ID ----- --------INTRA 3.3.3.3 INTRA 4.4.4.4 Next Hop ----- --------------- --------1 0.0.0.1 10.1.23.3 10 0.0.0.1 10.1.24.
PAGE 1253
2CSNXXX_SWUM200.book Page 1253 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example #1 The following example displays OSPF router information. console#show ip ospf area 10 AreaID......................................... External Routing............................... Spf Runs....................................... Area Border Router Count....................... Area LSA Count................................. Area LSA Checksum..............................
PAGE 1254
2CSNXXX_SWUM200.book Page 1254 Tuesday, December 10, 2013 1:22 PM Area LSA Checksum.............................. 0x5e0abed Flood List Length.............................. 0 Import Summary LSAs............................ Enable show ip ospf asbr The show ip ospf asbr command displays the internal OSPF routing table entries to Autonomous System Boundary Routes (ASBR). This command takes no options. Syntax show ip ospf asbr Default Configuration This command has no default configuration.
PAGE 1255
2CSNXXX_SWUM200.book Page 1255 Tuesday, December 10, 2013 1:22 PM Syntax show ip ospf [area-id] database [{asbr-summary | external | network | nssaexternal | router | summary}][ls-id] [adv-router [ip-address] | self-originate] [opaque-area] [opaque-as] [opaque-link] • area-id — Identifies a specific OSPF area for which link state database information will be displayed. • asbr-summary — Display the autonomous system boundary router (ASBR) summary LSAs. • external — Display the external LSAs.
PAGE 1256
2CSNXXX_SWUM200.book Page 1256 Tuesday, December 10, 2013 1:22 PM Example The following example displays information about the link state database when OSPF is enabled. console#show ip ospf database Router Link States (Area 0.0.0.0) Link Id --------------5.2.0.0 5.2.0.0 20.20.20.20 Adv Router --------------0.0.0.0 5.2.0.0 20.20.20.
PAGE 1257
2CSNXXX_SWUM200.book Page 1257 Tuesday, December 10, 2013 1:22 PM Link Id Adv Router Age Sequence Chksm Options Rtr Opt --------------- --------------- ----- -------- ------ ------- ----5.2.0.0 0.0.0.0 1362 80000005 e166 ------ AS External States Link Id Adv Router Age Sequence Chksm Options Rtr Opt --------------- --------------- ----- -------- ------ ------- ----6.0.0.0 5.2.0.
PAGE 1258
2CSNXXX_SWUM200.book Page 1258 Tuesday, December 10, 2013 1:22 PM Field Description Router Shows Total number of router LSAs in the OSPF link state database. Network Shows Total number of network LSAs in the OSPF link state database. Summary Net Shows Total number of summary network LSAs in the database. Summary ASBR Shows Number of summary ASBR LSAs in the database. Type-7 Ext Shows Total number of Type-7 external LSAs in the database.
PAGE 1259
2CSNXXX_SWUM200.book Page 1259 Tuesday, December 10, 2013 1:22 PM Summary ASBR................................... Type-7 Ext..................................... Self Originated Type-7......................... Opaque Link.................................... Opaque Area.................................... Subtotal....................................... Router database summary Router......................................... Network........................................ Summary Net..........................
PAGE 1260
2CSNXXX_SWUM200.book Page 1260 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example #1 The following example displays the information for the IFO object or virtual interface tables associated with VLAN 10. console#show ip ospf interface vlan 10 IP Address..................................... Subnet Mask.................................... Secondary IP Address(es)....................... OSPF Admin Mode................................ OSPF Area ID..................
PAGE 1261
2CSNXXX_SWUM200.book Page 1261 Tuesday, December 10, 2013 1:22 PM LSA Ack Interval..................... Transmit Delay....................... Authentication Type.................. Metric Cost.......................... Passive Status....................... OSPF Mtu-ignore...................... Flood Blocking....................... State................................ Number of Link Events................ Local Link LSAs...................... Local Link LSA Checksum..............
PAGE 1262
2CSNXXX_SWUM200.book Page 1262 Tuesday, December 10, 2013 1:22 PM show ip ospf interface stats Use the show ip ospf interface stats command in User EXEC mode to display the statistics for a specific interface. The information is only displayed if OSPF is enabled. Syntax show ip ospf interface stats vlan vlan-id • vlan-id — Valid VLAN ID. Default Configuration This command has no default configuration.
PAGE 1263
2CSNXXX_SWUM200.book Page 1263 Tuesday, December 10, 2013 1:22 PM Syntax show ip ospf neighbor [interface-type interface-number] [neighbor-id] • interface-type—Interface type – only supported type is vlan. • interface-number—A valid interface number. • neighbor-id—Valid IP address of the neighbor. Default Configuration This command has no default configuration.
PAGE 1264
2CSNXXX_SWUM200.book Page 1264 Tuesday, December 10, 2013 1:22 PM Field Description Retransmitted LSAs The number of LSAs retransmitted to a given neighbor. Retransmission Queue Length The number of LSAs on the neighbor's retransmit queue waiting for the neighbor to acknowledge. Restart Helper Status One of two values: • Helping — This router is acting as a helpful neighbor to this neighbor.
PAGE 1265
2CSNXXX_SWUM200.book Page 1265 Tuesday, December 10, 2013 1:22 PM Field Description Restart Helper Exit Reason One of the following values: • Restart Reason — When the router is in helpful neighbor mode, the output includes the restart reason the restarting router sent in its grace LSA. The Restart Reason is the value in the Graceful Restart Reason TLV in the grace LSA sent by the restarting router.
PAGE 1266
2CSNXXX_SWUM200.book Page 1266 Tuesday, December 10, 2013 1:22 PM console#show ip ospf neighbor 3.3.3.3 Interface...................................... 0/25 Neighbor IP Address............................ 172.20.25.3 Interface Index................................ 25 Area Id........................................ 0.0.0.0 Options........................................ 0x2 Router Priority................................ 1 Dead timer due in (secs)....................... 10 Up Time...........................
PAGE 1267
2CSNXXX_SWUM200.book Page 1267 Tuesday, December 10, 2013 1:22 PM Field Description Prefix The summary prefix. Subnet Mask The subnetwork mask of the summary prefix. Type S (Summary Link) or E (External Link) Action Advertise or Suppress Cost Metric to be advertised when the range is active. If a static cost is not configured, the field displays Auto. If the action is Suppress, the field displays N/A. Active Whether the range is currently active (Y) or not (N).
PAGE 1268
2CSNXXX_SWUM200.book Page 1268 Tuesday, December 10, 2013 1:22 PM Command Mode User EXEC, Privileged EXEC modes, Configuration mode and all Configuration submodes User Guidelines This command outputs the following. Field Description Delta T The time since the routing table was computed, in hours, minutes, and seconds (hh:mm:ss). Intra The time taken to compute intra-area routes, in milliseconds. Summ The time taken to compute inter-area routes, in milliseconds.
PAGE 1269
2CSNXXX_SWUM200.
PAGE 1270
2CSNXXX_SWUM200.book Page 1270 Tuesday, December 10, 2013 1:22 PM show ip ospf traffic Use the show ip ospf traffic command in Privileged EXEC mode to display OSPFv2 packet and LSA statistics and OSPFv2 message queue statistics. Packet statistics count packets and LSAs since OSPFv2 counters were last cleared (using the clear ip ospf counters command.) NOTE: Note that the clear ip ospf counters command does not clear the message queue high water marks.
PAGE 1271
2CSNXXX_SWUM200.book Page 1271 Tuesday, December 10, 2013 1:22 PM Parameter Description Number of LSAs Received The number of LSAs of each type received since OSPF counters were last cleared. OSPFv2 Queue Statistics For each OSPFv2 message queue, the current count, the high water mark, the number of packets that failed to be enqueued, and the queue limit. The high water marks are not cleared when OSPF counters are cleared.
PAGE 1272
2CSNXXX_SWUM200.book Page 1272 Tuesday, December 10, 2013 1:22 PM show ip ospf virtual-link Use the show ip ospf virtual-link command in Privileged EXEC mode to display the OSPF Virtual Interface information for a specific area and neighbor or for all. Syntax show ip ospf virtual-link [area-id neighbor-id] • area-id — Identifies the OSPF area whose ranges are being displayed. (Range: IP address or decimal from 0–4294967295) • neighbor-id — Identifies the neighbor’s router ID.
PAGE 1273
2CSNXXX_SWUM200.book Page 1273 Tuesday, December 10, 2013 1:22 PM Authentication Key ID.......................... 100 show ip ospf virtual-links brief Use the show ip ospf virtual-link brief command in Privileged EXEC mode to display the OSPF Virtual Interface information for all areas in the system in table format. Syntax show ip ospf virtual-link brief Default Configuration This command has no default configuration.
PAGE 1274
2CSNXXX_SWUM200.book Page 1274 Tuesday, December 10, 2013 1:22 PM Syntax timers pacing flood milliseconds no timers pacing flood • milliseconds—The average time between transmission of LS Update packets. The range is from 5 ms to 100 ms. The default is 33 ms. Default Configuration The default pacing between LS Update packets is 33 ms.
PAGE 1275
2CSNXXX_SWUM200.book Page 1275 Tuesday, December 10, 2013 1:22 PM User Guidelines OSPF refreshes self-originated LSAs approximately once every 30 minutes. When OSPF refreshes LSAs, it considers all self-originated LSAs whose age is from 1800 to 1800 plus the pacing group size. Grouping LSAs for refresh allows OSPF to combine refreshed LSAs into a minimal number of LS Update packets. Minimizing the number of Update packets makes LSA distribution more efficient.
PAGE 1276
2CSNXXX_SWUM200.
PAGE 1277
2CSNXXX_SWUM200.book Page 1277 Tuesday, December 10, 2013 1:22 PM 54 OSPFv3 Commands Dell Networking N3000/N4000 Series Switches The Dell Network N2000 series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities.
PAGE 1278
2CSNXXX_SWUM200.
PAGE 1279
2CSNXXX_SWUM200.book Page 1279 Tuesday, December 10, 2013 1:22 PM Example The following example configures the monetary default cost at 100 for stub area 1. console(config)#ipv6 router ospf console(config-rtr)#area 1 default-cost 100 area nssa (Router OSPFv3) Use the area nssa command in Router OSPF Configuration mode to configure the specified area ID to function as an NSSA. If the area has not been previously created, this command creates the area and then applies the NSSA distinction.
PAGE 1280
2CSNXXX_SWUM200.book Page 1280 Tuesday, December 10, 2013 1:22 PM • interval—The period of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router. (Range: 0–3600) Default Configuration If no metric is defined, 10 is the default configuration. The default role is candidate. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines.
PAGE 1281
2CSNXXX_SWUM200.book Page 1281 Tuesday, December 10, 2013 1:22 PM Syntax area areaid nssa default-info-originate [metric [comparable | noncomparable]] no area areaid nssa default-info-originate • areaid — Valid OSPFv3 area identifier. • metric — Metric value for default route. (Range: 1-16777214) • comparable — Metric Type (nssa-external 1). • non-comparable — Metric Type (nssa-external 2). Default Configuration If no metric is defined, 10 is the default configuration.
PAGE 1282
2CSNXXX_SWUM200.book Page 1282 Tuesday, December 10, 2013 1:22 PM • areaid — Valid OSPF area identifier. Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the area 1 NSSA ABR so that learned external routes will not be redistributed to the NSSA.
PAGE 1283
2CSNXXX_SWUM200.book Page 1283 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example configures the area 1 NSSA so that summary LSAs are not advertised into the NSSA. console(config)#ipv6 router ospf console(config-rtr)#area 1 nssa no-summary area nssa translator-role Use the area nssa translator-role command in Router OSPFv3 Configuration mode to configure the translator role of the NSSA.
PAGE 1284
2CSNXXX_SWUM200.book Page 1284 Tuesday, December 10, 2013 1:22 PM Example The following example configures the always translator role of the area 1 NSSA. console(config)#ipv6 router ospf console(config-rtr)#area 1 nssa translator-role always area nssa translator-stab-intv Use the area nssa translator-stab-intv command in Router OSPFv3 Configuration mode to configure the translator stability interval of the NSSA.
PAGE 1285
2CSNXXX_SWUM200.book Page 1285 Tuesday, December 10, 2013 1:22 PM area range (Router OSPFv3) Use the area range command in Router OSPF Configuration mode to configure a summary prefix for routes learned in a given area. If the area has not been previously created, this command creates the area and then applies the range parameters. There are two types of area ranges. An area range can be configured to summarize intra-area routes.
PAGE 1286
2CSNXXX_SWUM200.book Page 1286 Tuesday, December 10, 2013 1:22 PM Example The following example creates an area range for the area 1 NSSA. console(config)#ipv6 router ospf console(config-rtr)#area 1 range 2020:1::1/64 summarylink area stub Use the area stub command in Router OSPFv3 Configuration mode to create a stub area for the specified area ID. If the area has not been previously created, this command creates the area and then applies the stub distinction.
PAGE 1287
2CSNXXX_SWUM200.book Page 1287 Tuesday, December 10, 2013 1:22 PM area stub no-summary Use the area stub no-summary command in Router OSPFv3 Configuration mode disable the import of Summary LSAs for the stub area identified by area-id. Syntax area area-id stub no-summary no area area-id stub no-summary • area-id — Valid OSPFv3 area identifier. • so-summary — Disable the import of Summary LSAs for the stub area identified by area-id. Default Configuration This command has no default configuration.
PAGE 1288
2CSNXXX_SWUM200.book Page 1288 Tuesday, December 10, 2013 1:22 PM Syntax area area-id virtual-link router-id [hello-interval seconds] [retransmitinterval seconds] [transmit-delay seconds] [dead-interval seconds] no area area-id virtual-link router-id id [hello-interval] [retransmit-interval] [transmit-delay] [dead-interval] • area-id—Valid OSPFv3 area identifier (or decimal value in the range of 04294967295). • router-id—Identifies the Router ID or valid IP address of the neighbor.
PAGE 1289
2CSNXXX_SWUM200.book Page 1289 Tuesday, December 10, 2013 1:22 PM Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example creates the OSPF virtual interface for area 1 and its neighbor router.
PAGE 1290
2CSNXXX_SWUM200.book Page 1290 Tuesday, December 10, 2013 1:22 PM Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures a 20-second dead interval for the OSPF virtual interface on the virtual interface identified by area 1 and its neighbor.
PAGE 1291
2CSNXXX_SWUM200.book Page 1291 Tuesday, December 10, 2013 1:22 PM Example The following example configures a hello interval of 20 seconds for the OSPF virtual interface on the virtual interface identified by area 1 and its neighbor.
PAGE 1292
2CSNXXX_SWUM200.book Page 1292 Tuesday, December 10, 2013 1:22 PM area virtual-link transmit-delay Use the area virtual-link transmit-delay command in Router OSPFv3 Configuration mode to configure the transmit delay for the OSPF virtual interface on the virtual interface identified by areaid and neighbor. Syntax area areaid virtual-link neighbor transmit-delay seconds no area areaid virtual-link neighbor transmit-delay • areaid — Valid OSPFv3 area identifier. • neighbor — Router ID of neighbor.
PAGE 1293
2CSNXXX_SWUM200.book Page 1293 Tuesday, December 10, 2013 1:22 PM Syntax default-information originate [always] [metric metric-value] [metric-type type-value] no default-information originate [metric] [metric-type] • always—Always advertise default routes. • metric-value— • type-value—The metric (or preference) value of the default route. (Range: 1–16777214) • One of the following: 1 External type-1 route. 2 External type-2 route.
PAGE 1294
2CSNXXX_SWUM200.book Page 1294 Tuesday, December 10, 2013 1:22 PM Syntax default-metric metric-value no default-metric • metric-value — The metric (or preference) value of the default route. (Range: 1–16777214) Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets a default of 100 for the metric of distributed routes.
PAGE 1295
2CSNXXX_SWUM200.book Page 1295 Tuesday, December 10, 2013 1:22 PM Default Configuration The default preference value is 110. Command Mode Router OSPF Configuration mode. Router OSPFv3 Configuration mode. User Guidelines There are no user guidelines for this command. Example The following example sets a route preference value of 100 for intra OSPF in the router.
PAGE 1296
2CSNXXX_SWUM200.book Page 1296 Tuesday, December 10, 2013 1:22 PM Example The following example enables administrative mode of OSPF in the router (active). console(config)#ipv6 router ospf console(config-rtr)#enable exit-overflow-interval Use the exit-overflow-interval command in Router OSPFv3 Configuration mode to configure the exit overflow interval for OSPF. It describes the number of seconds after entering Overflow state that a router will wait before attempting to leave the Overflow State.
PAGE 1297
2CSNXXX_SWUM200.book Page 1297 Tuesday, December 10, 2013 1:22 PM external-lsdb-limit Use the external-lsdb-limit command in Router OSPFv3 Configuration mode to configure the external LSDB limit for OSPF. If the value is -1, then there is no limit. When the number of non-default AS-external-LSAs in a router's link-state database reaches the external LSDB limit, the router enters overflow state. The router never holds more than the external LSDB limit non-default AS-external- LSAs in it database.
PAGE 1298
2CSNXXX_SWUM200.book Page 1298 Tuesday, December 10, 2013 1:22 PM Syntax ipv6 ospf no ipv6 ospf Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example enables OSPF on VLAN 15.
PAGE 1299
2CSNXXX_SWUM200.book Page 1299 Tuesday, December 10, 2013 1:22 PM Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines This command has no user guidelines. Example The following example defines the OSPF area to which VLAN 15 belongs. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf area 100 ipv6 ospf cost Use the ipv6 ospf cost command in Interface Configuration mode to configure the cost on an OSPF interface.
PAGE 1300
2CSNXXX_SWUM200.book Page 1300 Tuesday, December 10, 2013 1:22 PM console(config-if-vlan15)#ipv6 ospf cost 100 ipv6 ospf dead-interval Use the ipv6 ospf dead-interval command in Interface Configuration mode to set the OSPF dead interval for the specified interface.
PAGE 1301
2CSNXXX_SWUM200.book Page 1301 Tuesday, December 10, 2013 1:22 PM Syntax ipv6 ospf hello-interval seconds no ipv6 ospf hello-interval • seconds — A valid positive integer which represents the length of time of the OSPF hello interval. The value must be the same for all routers attached to a network. (Range: 1-65535 seconds) Default Configuration 10 seconds is the default value of seconds. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode.
PAGE 1302
2CSNXXX_SWUM200.book Page 1302 Tuesday, December 10, 2013 1:22 PM Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines OSPF Database Description packets specify the size of the largest IP packet that can be sent without fragmentation on the interface. When a router receives a Database Description packet, it examines the MTU advertised by the neighbor.
PAGE 1303
2CSNXXX_SWUM200.book Page 1303 Tuesday, December 10, 2013 1:22 PM User Guidelines Normally, the network type is determined from the physical IP network type. By default all Ethernet networks are OSPF-type broadcast. Similarly, tunnel interfaces default to point-to-point. When an Ethernet port is used as a single large bandwidth IP network between two routers, the network type can be point-to-point since there are only two routers.
PAGE 1304
2CSNXXX_SWUM200.book Page 1304 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example sets the OSPF priority at 50 for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf priority 50 ipv6 ospf retransmit-interval Use the ipv6 ospf retransmit-interval command in Interface Configuration mode to set the OSPF retransmit interval for the specified interface.
PAGE 1305
2CSNXXX_SWUM200.book Page 1305 Tuesday, December 10, 2013 1:22 PM ipv6 ospf transmit-delay Use the ipv6 ospf transmit-delay command in Interface Configuration mode to set the OSPF Transmit Delay for the specified interface. Syntax ipv6 ospf transmit-delay seconds no ipv6 ospf transmit-delay • seconds — OSPF transmit delay for the specified interface. In addition, it sets the estimated number of seconds it takes to transmit a link state update packet over this interface.
PAGE 1306
2CSNXXX_SWUM200.book Page 1306 Tuesday, December 10, 2013 1:22 PM no ipv6 router ospf Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example Use the following command to enable OSPFv3. console(config)#ipv6 router ospf maximum-paths Use the maximum-paths command in Router OSPFv3 Configuration mode to set the number of paths that OSPF can report for a given destination.
PAGE 1307
2CSNXXX_SWUM200.book Page 1307 Tuesday, December 10, 2013 1:22 PM Example The following example sets the number of paths that OSPF can report for a destination to 1. console(config)#ipv6 router ospf console(config-rtr)#maximum-paths 1 nsf Use this command to enable OSPF graceful restart. Use the no form of this command to disable graceful restart.
PAGE 1308
2CSNXXX_SWUM200.book Page 1308 Tuesday, December 10, 2013 1:22 PM everything that goes with that (i.e., flooding of LSAs, SPF runs). Helpful neighbors continue to forward packets through the restarting router. The restarting router relearns the network topology from its helpful neighbors. This implementation of graceful restart restarting router behavior is only useful with a router stack. Graceful restart does not work on a standalone, single-unit router.
PAGE 1309
2CSNXXX_SWUM200.book Page 1309 Tuesday, December 10, 2013 1:22 PM nsf helper strict-lsa-checking Use the nsf-helper strict-lsa-checking command to require that an OSPF helpful neighbor exit helper mode whenever a topology change occurs. Use the “no” form of this command to allow OSPF to continue as a helpful neighbor in spite of topology changes.
PAGE 1310
2CSNXXX_SWUM200.book Page 1310 Tuesday, December 10, 2013 1:22 PM Syntax nsf [ietf] restart-interval seconds no nsf [ietf] restart-interval • ietf — This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations. Since the IETF implementation is the only one supported, this keyword is optional. • seconds — The number of seconds that the restarting router asks its neighbors to wait before exiting helper mode.
PAGE 1311
2CSNXXX_SWUM200.book Page 1311 Tuesday, December 10, 2013 1:22 PM Default Configuration Passive interface mode is disabled by default. Command Mode Router OSPFv3 Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-router)#passive-interface vlan 1 passive-interface default The passive-interface default command enables the global passive mode by default for all interfaces. It overrides any interface level passive mode.
PAGE 1312
2CSNXXX_SWUM200.book Page 1312 Tuesday, December 10, 2013 1:22 PM redistribute Use the redistribute command in Router OSPFv3 Configuration mode to configure the OSPFv3 protocol to allow redistribution of routes from the specified source protocol/routers. Syntax redistribute {static | connected} [metric metric] [metric-type {1 | 2}] [tag tag] no redistribute {static | connected} [metric] [metric-type] [tag] • metric — Metric value used for default routes. (Range: 0-16777214) • tag — Tag.
PAGE 1313
2CSNXXX_SWUM200.book Page 1313 Tuesday, December 10, 2013 1:22 PM • router-id — Router OSPF identifier. (Range: 0-4294967295) Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets a 4-digit dotted-decimal number identifying the Router OSPF ID as 2.3.4.5. console(config)#ipv6 router ospf console(config-rtr)#router-id 2.3.4.
PAGE 1314
2CSNXXX_SWUM200.book Page 1314 Tuesday, December 10, 2013 1:22 PM User Guidelines Some of the information below displays only if you enable OSPF and configure certain features. The following fields may be displayed: Field Description Router ID A 32-bit integer in dotted decimal format identifying the router about which information is displayed. This is a configured value. OSPF Admin Mode Shows whether OSPF is administratively enabled or disabled.
PAGE 1315
2CSNXXX_SWUM200.book Page 1315 Tuesday, December 10, 2013 1:22 PM ABR Status Shows whether the router is an OSPF Area Border Router. ASBR Status Indicates whether the router is an autonomous system border router. Router automatically becomes an ASBR when it is configured to redistribute routes learned from another protocol.
PAGE 1316
2CSNXXX_SWUM200.book Page 1316 Tuesday, December 10, 2013 1:22 PM Maximum Number The maximum number of entries that can be on neighbors’ of Retransmit retransmit lists at any given time. This is the sum for all Entries neighbors. When OSPF receives an LSA and cannot allocate a new retransmit list entry, the router does not acknowledge the LSA, expecting the sender to retransmit.
PAGE 1317
2CSNXXX_SWUM200.book Page 1317 Tuesday, December 10, 2013 1:22 PM console#show ipv6 ospf Router ID...................................... OSPF Admin Mode................................ ASBR Mode...................................... ABR Status..................................... Exit Overflow Interval......................... External LSA Count............................. External LSA Checksum.......................... New LSAs Originated............................ LSAs Received.........................
PAGE 1318
2CSNXXX_SWUM200.book Page 1318 Tuesday, December 10, 2013 1:22 PM Type ---INTRA INTRA Router Id Cost Area ID Next Hop Next Hop Intf -------- ---- -------- ----------------------- ----3.3.3.3 10 0.0.0.1 FE80::211:88FF:FE2A:3CB3 vlan11 4.4.4.4 10 0.0.0.1 FE80::210:18FF:FE82:8E1 vlan12 show ipv6 ospf area Use the show ipv6 ospf area command in Privileged EXEC mode to display information about the area. Syntax show ipv6 ospf area areaid • areaid — Identifier for the OSPF area being displayed.
PAGE 1319
2CSNXXX_SWUM200.book Page 1319 Tuesday, December 10, 2013 1:22 PM show ipv6 ospf asbr The show ipv6 ospf asbr command displays the internal OSPFv3 routes to reach Autonomous System Boundary Routes (ASBR). This command takes no options. Syntax show ipv6 ospf asbr Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 1320
2CSNXXX_SWUM200.book Page 1320 Tuesday, December 10, 2013 1:22 PM Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes show ipv6 ospf database Use the show ipv6 ospf database command in Privileged EXEC mode to display information about the link state database when OSPFv3 is enabled. If no parameters are entered, the command displays the LSA headers. Optional parameters specify the type of link state advertisements to display.
PAGE 1321
2CSNXXX_SWUM200.book Page 1321 Tuesday, December 10, 2013 1:22 PM Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays information about the link state database when OSPFv3 is enabled. console#show ipv6 ospf database Router Link States (Area 0.0.0.0) Adv Router Link Id Age Sequence Csum Options Rtr Opt -------------- --------------- ----- -------- ---- ------- ------1.1.
PAGE 1322
2CSNXXX_SWUM200.book Page 1322 Tuesday, December 10, 2013 1:22 PM Router Link States (Area 0.0.0.1) Adv Router Link Id Age Sequence Csum Options Rtr Opt -------------- --------------- ----- -------- ---- ------- ------1.1.1.1 0 1 8000002E 35AD V6E--R- --V-B 2.2.2.2 0 0 8000004A D2F3 V6E--R- ----B Network Link States (Area 0.0.0.1) Adv Router Link Id Age Sequence Csum Options Rtr Opt -------------- --------------- ----- -------- ---- ------- ------1.1.1.
PAGE 1323
2CSNXXX_SWUM200.book Page 1323 Tuesday, December 10, 2013 1:22 PM Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the number of each type of LSA in the database and the total number of LSAs in the database. console#show ipv6 ospf database database-summary OSPF Router with ID (0.0.0.2) Router database summary Router......................................... 0 Network..
PAGE 1324
2CSNXXX_SWUM200.book Page 1324 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the information in VLAN 11’s virtual interface tables. console#show ipv6 ospf interface vlan 11 IP Address..................................... ifIndex......................................
PAGE 1325
2CSNXXX_SWUM200.book Page 1325 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays brief ospf interface information. console#show ipv6 ospf interface brief Admin Interface Mode Area ID --------- -------- -------- Hello Dead Retrax LSA Router Int. Int. Int. Retrax Ack Prior.
PAGE 1326
2CSNXXX_SWUM200.book Page 1326 Tuesday, December 10, 2013 1:22 PM Example The following example displays the interface statistics for VLAN 5. console>show ipv6 ospf interface stats vlan 5 OSPFv3 Area ID................................. 0.0.0.1 Spf Runs....................................... 265 Area Border Router Count....................... 1 AS Border Router Count......................... 0 Area LSA Count................................. 6 IPv6 Address...................................
PAGE 1327
2CSNXXX_SWUM200.book Page 1327 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays ospf interface vlan information. console#show ipv6 ospf interface vlan 10 IPv6 Address............................. ifIndex.................................. OSPF Admin Mode..........................
PAGE 1328
2CSNXXX_SWUM200.book Page 1328 Tuesday, December 10, 2013 1:22 PM Syntax show ipv6 ospf neighbor [interface-type interface-number] [neighbor-id] • interface-type—Interface type, vlan or tunnel. • interface-number—A valid interface number, a valid VLAN ID or tunnel identifier. (Range is 0-7). • neighbor-id—Valid IP address of the neighbor about which information is displayed. Default Configuration This command has no default configuration.
PAGE 1329
2CSNXXX_SWUM200.book Page 1329 Tuesday, December 10, 2013 1:22 PM Metric Cost.................................... 1 (computed) OSPF Mtu-ignore................................ Disable OSPF cannot be initialized on this interface. show ipv6 ospf range Use the show ipv6 ospf range command in Privileged EXEC mode to display information about the area ranges for the specified area identifier. Syntax show ipv6 ospf range areaid • areaid — Identifies the OSPF area whose ranges are being displayed.
PAGE 1330
2CSNXXX_SWUM200.book Page 1330 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the OSPF stub table. console#show ipv6 ospf stub table AreaId TypeofService Metric Val ------------ ---------------------0.0.0.
PAGE 1331
2CSNXXX_SWUM200.book Page 1331 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example displays the OSPF Virtual Interface information for area 1 and its neighbor. console#show ipv6 ospf virtual-link 1 1.1.1.1 Area ID........................................ Neighbor Router ID............................. Hello Interval................................. Dead Interval.................................. Iftransit Delay Interval......................
PAGE 1332
2CSNXXX_SWUM200.
PAGE 1333
2CSNXXX_SWUM200.book Page 1333 Tuesday, December 10, 2013 1:22 PM Router Discovery Protocol Commands 55 Dell Networking N3000/N4000 Series Switches Routers can be configured to periodically send router discovery messages to announce their presence to locally attached hosts. The router discovery message advertises one or more IP addresses on the router that hosts can use as their default gateway.
PAGE 1334
2CSNXXX_SWUM200.book Page 1334 Tuesday, December 10, 2013 1:22 PM no ip irdp holdtime • multicast—Configure the address that the interface uses to send the router discovery advertisements to be 224.0.0.1, the all-hosts IP multicast address. Use the no form of the command to use 255.255.255.255, the limited broadcast address. • holdtime seconds—Integer value in seconds of the holdtime field of the router advertisement sent from this interface.
PAGE 1335
2CSNXXX_SWUM200.book Page 1335 Tuesday, December 10, 2013 1:22 PM Example The following example enables router discovery on the selected interface. console(config)#interface vlan 15 console(config-if-vlan15)#ip irdp ip irdp holdtime Use the ip irdp holdtime command in Interface Configuration mode to configure the value, in seconds, of the holdtime field of the router advertisement sent from this interface. Use the no form of the command to set the time to the default value.
PAGE 1336
2CSNXXX_SWUM200.book Page 1336 Tuesday, December 10, 2013 1:22 PM ip irdp maxadvertinterval Use the ip irdp maxadvertinterval command in Interface Configuration mode to configure the maximum time, in seconds, allowed between sending router advertisements from the interface. Use the no form of the command to set the time to the default value.
PAGE 1337
2CSNXXX_SWUM200.book Page 1337 Tuesday, December 10, 2013 1:22 PM console(config-if-vlan15)#ip irdp maxadvertinterval 600 ip irdp minadvertinterval Use the ip irdp minadvertinterval command in Interface Configuration mode to configure the minimum time, in seconds, allowed between sending router advertisements from the interface. Use the no form of the command to set the time to the default value.
PAGE 1338
2CSNXXX_SWUM200.book Page 1338 Tuesday, December 10, 2013 1:22 PM ip irdp multicast To send router advertisements as IP multicast packets, use the ip irdp multicast command in Interface Configuration mode. To send router advertisements to the limited broadcast address (255.255.255.255), use the no form of this command. Syntax ip irdp multicast no ip irdp multicast Default Configuration Router discovery packets are sent to the all hosts IP multicast address (224.0.0.1) by default.
PAGE 1339
2CSNXXX_SWUM200.book Page 1339 Tuesday, December 10, 2013 1:22 PM Syntax ip irdp preference integer no ip irdp preference • integer — Preference of the address as a default router address, relative to other router addresses on the same subnet. (Range: -2147483648 to 2147483647) Default Configuration 0 is the default value. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example sets the ip irdp preference to 1000 for VLAN 15.
PAGE 1340
2CSNXXX_SWUM200.book Page 1340 Tuesday, December 10, 2013 1:22 PM Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows router discovery information for VLAN 15. console#show ip irdp vlan 15 Interface Ad Mode Advertise Address Max Int Min Int Hold Time Preference --------- ------- ----------------- ------- ------- -------- ---------vlan15 Enable 224.0.0.
PAGE 1341
2CSNXXX_SWUM200.book Page 1341 Tuesday, December 10, 2013 1:22 PM Routing Information Protocol Commands 56 Dell Networking N2000/N3000/N4000 Series Switches The Routing Information Protocol (RIP) has been a long-standing protocol used by routers for exchanging route information. RIP is a distance vector protocol whereby each route is characterized by the number of gateways, or hops, a packet must traverse to reach its intended destination.
PAGE 1342
2CSNXXX_SWUM200.book Page 1342 Tuesday, December 10, 2013 1:22 PM Syntax auto-summary no auto-summary Default Configuration Disabled is the default configuration. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example console(config-router)#auto-summary default-information originate (Router RIP Configuration) Use the default-information originate command in Router RIP Configuration mode to control the advertisement of default routes.
PAGE 1343
2CSNXXX_SWUM200.book Page 1343 Tuesday, December 10, 2013 1:22 PM User Guidelines Only routers that actually have Internet connectivity should advertise a default route. All other routers in the network should learn the default route from routers that have connections out to the Internet. Example console(config-router)#default-information originate default-metric Use the default-metric command in Router RIP Configuration mode to set a default for the metric of distributed routes.
PAGE 1344
2CSNXXX_SWUM200.book Page 1344 Tuesday, December 10, 2013 1:22 PM distance rip Use the distance rip command in Router RIP Configuration mode to set the route preference value of RIP in the router. Lower route preference values are preferred when determining the best route. Use the no form of the command to return the preference to the default value. Syntax distance rip integer no distance rip • integer — RIP route preference. (Range: 1-255) Default Configuration 15 is the default configuration.
PAGE 1345
2CSNXXX_SWUM200.book Page 1345 Tuesday, December 10, 2013 1:22 PM no distribute-list accesslistname out {ospf | static | connected} • accesslistname — The name used to identify the existing ACL. The range is 1-31 characters. • ospf — Apply the specific access list when OSPF is the source protocol. • static — Apply the specified access list when packets come through a static route. • connected — Apply the specified access list when packets come from a directly connected route.
PAGE 1346
2CSNXXX_SWUM200.book Page 1346 Tuesday, December 10, 2013 1:22 PM Default Configuration Enabled is the default configuration. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example console(config-router)#enable hostroutesaccept Use the hostroutesaccept command in Router RIP Configuration mode to enable the RIP hostroutesaccept mode. Use the no form of the command to disable the RIP hostroutesaccept mode.
PAGE 1347
2CSNXXX_SWUM200.book Page 1347 Tuesday, December 10, 2013 1:22 PM ip rip Use the ip rip command in Interface Configuration mode to enable RIP on a router interface. Use the no form of the command to disable RIP on the interface. Syntax ip rip no ip rip Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines.
PAGE 1348
2CSNXXX_SWUM200.book Page 1348 Tuesday, December 10, 2013 1:22 PM • key — Authentication key for the VLAN. (Range: 16 bytes or less) • encrypt — Use MD5 encryption for the RIP interface. • key-id — Authentication key identifier for authentication type encrypt. (Range: 0-255) Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines.
PAGE 1349
2CSNXXX_SWUM200.book Page 1349 Tuesday, December 10, 2013 1:22 PM Default Configuration Both is the default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example allows no RIP control packets to be received by VLAN 11.
PAGE 1350
2CSNXXX_SWUM200.book Page 1350 Tuesday, December 10, 2013 1:22 PM Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example allows no RIP control packets to be sent by VLAN 11. console(config-if-vlan11)#ip rip send version none redistribute The redistribute command configures RIP protocol to redistribute routes from the specified source protocol/routers. If the source protocol is OSPF, there are five possible match options.
PAGE 1351
2CSNXXX_SWUM200.book Page 1351 Tuesday, December 10, 2013 1:22 PM • connected — Redistributes directly-connected routes. Default Configuration metric integer — not configured match — internal Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines.
PAGE 1352
2CSNXXX_SWUM200.book Page 1352 Tuesday, December 10, 2013 1:22 PM console(config-router)# show ip rip Use the show ip rip command in Privileged EXEC mode to display information relevant to the RIP router. Syntax show ip rip Default Configuration The command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays information relevant to the RIP router.
PAGE 1353
2CSNXXX_SWUM200.book Page 1353 Tuesday, December 10, 2013 1:22 PM show ip rip interface Use the show ip rip interface command in Privileged EXEC mode to display information related to a particular RIP interface. Syntax show ip rip interface vlan vlan-id • vlan-id — Valid VLAN ID. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 1354
2CSNXXX_SWUM200.book Page 1354 Tuesday, December 10, 2013 1:22 PM show ip rip interface brief Use the show ip rip interface brief command in Privileged EXEC mode to display general information for each RIP interface. For this command to display successful results routing must be enabled per interface (i.e. ip rip). Syntax show ip rip interface brief Default Configuration This command has no default configuration.
PAGE 1355
2CSNXXX_SWUM200.book Page 1355 Tuesday, December 10, 2013 1:22 PM • none — RIP does not use split horizon to avoid routing loops. • simple — RIP uses split horizon to avoid routing loops. • poison — RIP uses split horizon with poison reverse (increases routing packet update size). Default Configuration Simple is the default configuration. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example The following example does not use split horizon.
PAGE 1356
2CSNXXX_SWUM200.
PAGE 1357
2CSNXXX_SWUM200.book Page 1357 Tuesday, December 10, 2013 1:22 PM Tunnel Interface Commands 57 Dell Networking N3000/N4000 Series Switches Dell Networking provides for the creation, deletion, and management of tunnel interfaces. They are dynamic interfaces that are created and deleted by user configuration. Tunnel interfaces are used for the following purposes. • IPv4 tunnels • IPv6 tunnels Each router interface (port or VLAN interface) may have associated tunnel interfaces.
PAGE 1358
2CSNXXX_SWUM200.book Page 1358 Tuesday, December 10, 2013 1:22 PM interface tunnel Use the interface tunnel command in Global Configuration mode to enter the interface configuration mode for a tunnel. Syntax interface tunnel tunnel-id no interface tunnel tunnel-id • tunnel-id — Tunnel identifier. (Range: 0–7) Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines.
PAGE 1359
2CSNXXX_SWUM200.book Page 1359 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following examples show the parameters related to an individual tunnel and to all tunnel interfaces. console#show interfaces tunnel 1 Interface Link Status.......................... down MTU size...............................
PAGE 1360
2CSNXXX_SWUM200.book Page 1360 Tuesday, December 10, 2013 1:22 PM Command Mode Interface Configuration (Tunnel) mode. User Guidelines This command has no user guidelines. Example The following example specifies the destination transport address of tunnel 1. console(config)#interface tunnel 1 console(config-if-tunnel1)#tunnel destination 10.1.1.1 tunnel mode ipv6ip Use the tunnel mode ipv6ip command in Interface Configuration mode to specify the mode of the tunnel.
PAGE 1361
2CSNXXX_SWUM200.book Page 1361 Tuesday, December 10, 2013 1:22 PM tunnel source Use the tunnel source command in Interface Configuration mode to specify the source transport address of the tunnel, either explicitly or by reference to an interface. Syntax tunnel source {ip-address | interface-type interface-number} no tunnel source • ip-address—Valid IPv4 address. • interface-type—Valid interface type. VLAN is the only type supported. • interface-number—Valid interface number.
PAGE 1362
2CSNXXX_SWUM200.
PAGE 1363
2CSNXXX_SWUM200.book Page 1363 Tuesday, December 10, 2013 1:22 PM 58 Virtual Router Redundancy Protocol Commands Dell Networking N3000/N4000 Series Switches An end station running IP needs to know the address of its first hop router. While some network administrators choose to install dynamic router discovery protocols such as DHCP, others prefer to statically allocate router addresses. If the router identified by such a statically allocated address goes down, the end station loses connectivity.
PAGE 1364
2CSNXXX_SWUM200.book Page 1364 Tuesday, December 10, 2013 1:22 PM RFC defines a new configuration option that allows the router to accept any packet sent to a VRRP address, regardless of whether the VRRP Master is the address owner. The Pingable VRRP Interface feature, when enabled, allows the VRRP master to respond to both fragmented and unfragmented ICMP echo requests packets destined to a VRRP address (or addresses). A virtual router in backup state discards these.
PAGE 1365
2CSNXXX_SWUM200.book Page 1365 Tuesday, December 10, 2013 1:22 PM Interface Tracking For interface tracking, VRRP is a routing event client. When a routing interface goes up or down (or routing is disabled globally, implying all routing interfaces are down), VRRP checks if the interface is tracked. If so, it adjusts the priority. Interface tracking is useful for tracking interfaces that are not configured for VRRP. Only IP interfaces are tracked.
PAGE 1366
2CSNXXX_SWUM200.book Page 1366 Tuesday, December 10, 2013 1:22 PM Virtual Router Redundancy Protocol Commands ip vrrp Use the ip vrrp command in Global Configuration mode to enable the administrative mode of VRRP for the router. Use the no form of the command to disable the administrative mode of VRRP for the router. Syntax ip vrrp no ip vrrp Default Configuration VRRP is disabled by default. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines.
PAGE 1367
2CSNXXX_SWUM200.book Page 1367 Tuesday, December 10, 2013 1:22 PM • vrid — Virtual router identification. (Range: 1-255) Default Configuration The default configuration is disabled. Command Mode Interface Configuration (VLAN) mode. User Guidelines The VRRP IP address is not pingable from within the switch. vrrp authentication Use the vrrp authentication command in Interface Configuration mode to set the authentication details value for the virtual router configured on a specified interface.
PAGE 1368
2CSNXXX_SWUM200.book Page 1368 Tuesday, December 10, 2013 1:22 PM Example The following example sets the authorization details value for VRRP router group 5 on VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#vrrp 2 authentication simple test123 vrrp description Use the vrrp description command in Interface Configuration mode to assign a description to the Virtual Router Redundancy Protocol (VRRP) group. To remove the description, use the no form of the command.
PAGE 1369
2CSNXXX_SWUM200.book Page 1369 Tuesday, December 10, 2013 1:22 PM vrrp ip Use the vrrp ip command in Interface Configuration mode to enable VRRP and set the virtual router IP address value for an interface. Use the no form of the command remove the secondary IP address. It is not possible to remove the primary IP address once assigned. Remove the VRRP group instead. Syntax vrrp group ip ip-address [secondary] no vrrp group ip ip-address vlan secondary • group—The virtual router identifier.
PAGE 1370
2CSNXXX_SWUM200.book Page 1370 Tuesday, December 10, 2013 1:22 PM Example The following example configures VRRP on VLAN 15. console#configure console(config)#ip routing console(config)#ip vrrp console(config-vlan)#vlan 15 console(config-vlan)#vlan routing 15 console(config-vlan)#exit console(config)#interface vlan 15 console(config-if-vlan15)#ip address 192.168.5.1 255.255.255.0 console(config-if-vlan15)#vrrp 20 console(config-if-vlan15)#vrrp 20 ip 192.168.5.
PAGE 1371
2CSNXXX_SWUM200.book Page 1371 Tuesday, December 10, 2013 1:22 PM console(config-if-vlan15)#vrrp 5 mode vrrp preempt Use the vrrp preempt command in Interface Configuration mode to set the preemption mode value for the virtual router configured on a specified interface. Use the no form of the command to disable preemption mode. Syntax vrrp group preempt [delay seconds] no vrrp group preempt • group—The virtual router identifier.
PAGE 1372
2CSNXXX_SWUM200.book Page 1372 Tuesday, December 10, 2013 1:22 PM vrrp priority Use the vrrp priority command in Interface Configuration mode to set the priority value for the virtual router configured on a specified interface. Use the no form of the command to return the priority to the default value. Syntax vrrp group priority level no vrrp group priority level • group — The virtual router identifier. (Range: 1-255) • level — Priority value for the interface.
PAGE 1373
2CSNXXX_SWUM200.book Page 1373 Tuesday, December 10, 2013 1:22 PM Syntax vrrp group timers advertise interval no vrrp group timers advertise interval • group — The virtual router identifier. (Range: 1-255) • interval — The frequency at which an interface on the specified virtual router sends a virtual router advertisement. (Range: 1-255 seconds) Default Configuration Interval has a default value of 1. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines.
PAGE 1374
2CSNXXX_SWUM200.book Page 1374 Tuesday, December 10, 2013 1:22 PM Default Configuration Timer learning is disabled by default and the router uses the configured advertisement. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following configures VLAN 15 virtual router to learn the advertisement interval used by the master virtual router.
PAGE 1375
2CSNXXX_SWUM200.book Page 1375 Tuesday, December 10, 2013 1:22 PM Use the no form of this command to remove the interface from the tracked list or to restore the priority decrement to its default. When removing an interface from the tracked list, the priority is incremented by the decrement value if that interface is down. Syntax vrrp group track interface vlan vlan-id [decrement priority] no vrrp group track interface vlan vlan-id • group—The virtual router identifier.
PAGE 1376
2CSNXXX_SWUM200.book Page 1376 Tuesday, December 10, 2013 1:22 PM route. By default no routes are tracked. If we specify just the route to be tracked without specifying the optional parameter, then the default priority will be set. Use the no form of this command to remove the route from the tracked list or to restore the priority decrement to its default. When removing a tracked IP route from the tracked list, priority should be incremented by the decrement value if the route is not reachable.
PAGE 1377
2CSNXXX_SWUM200.book Page 1377 Tuesday, December 10, 2013 1:22 PM Syntax show vrrp [brief | group] • group—The virtual router group identifier. Range 1-255. • brief—Provide a summary view of the VRRP group information. Default Configuration Show information on all VRRP groups. Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays detailed VRRP status.
PAGE 1378
2CSNXXX_SWUM200.book Page 1378 Tuesday, December 10, 2013 1:22 PM Track Track Track Track Track Interface State ......................... Interface DecrementPriority ............. Route (pfx/len) ......................... Route Reachable ......................... Route DecrementPriority ................. Vlan 7 – Group 2 Primary IP Address............................. VMAC Address................................... Authentication Type............................ Priority..................................
PAGE 1379
2CSNXXX_SWUM200.book Page 1379 Tuesday, December 10, 2013 1:22 PM • stats—Display the statistical information about each virtual router configured on the VLAN. • vlan-id—Display information about each virtual router configured on the VLAN. Valid interface type (VLAN) and interface number (vlan-id). Default Configuration Show information for each group in the specified interface.
PAGE 1380
2CSNXXX_SWUM200.book Page 1380 Tuesday, December 10, 2013 1:22 PM vlan2 5 192.168.5.55 Enable Initialize The following example displays all statistical information about the VLAN 15 virtual router. console#show vrrp interface vlan 15 stats Vlan 15 – Group 5 UpTime........................... 0 days 0 hrs 0 mins 0 secs Protocol....................................... IP State Transitioned to Master................... 0 Advertisement Received......................... 0 Advertisement Interval Errors.......
PAGE 1381
2CSNXXX_SWUM200.book Page 1381 Tuesday, December 10, 2013 1:22 PM Example The following example displays all configuration information about the virtual router on the selected interface. console#show vrrp interface brief Interface VRID IP Address Mode State --------- ---- -------------- ------ -----------vlan1 2 0.0.0.0 Disable Initialize vlan2 5 192.168.5.
PAGE 1382
2CSNXXX_SWUM200.book Page 1382 Tuesday, December 10, 2013 1:22 PM Authentication Failure......................... IP TTL Errors.................................. Zero Priority Packets Received................. Zero Priority Packets Sent..................... Invalid Type Packets Received.................. Address List Errors ........................... Invalid Authentication Type.................... Authentication Type Mismatch................... Packet Length Errors...........................
PAGE 1383
2CSNXXX_SWUM200.book Page 1383 Tuesday, December 10, 2013 1:22 PM Syntax show ip vrrp interface interface-id vrid • interface-id—Any valid routing interface. See Interface Naming Conventions for interface representation. • vrid—The virtual router identifier. (Range: 1-255) Default Configuration The command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 1384
2CSNXXX_SWUM200.
PAGE 1385
2CSNXXX_SWUM200.
PAGE 1386
2CSNXXX_SWUM200.
PAGE 1387
2CSNXXX_SWUM200.book Page 1387 Tuesday, December 10, 2013 1:22 PM Auto-Install Commands 60 Dell Networking N2000/N3000/N4000 Series Switches Auto-Install provides automatic update of the image and configuration of Dell Networking devices on boot up from a TFTP server as controlled by received DHCP options. It plays a critical role in the Dell Networking offering of touchless or low-touch provisioning, in which configuration and imaging of a device is greatly simplified.
PAGE 1388
2CSNXXX_SWUM200.book Page 1388 Tuesday, December 10, 2013 1:22 PM 4 Support for the Auto-Install process from a TFTP server operationally enabling the DHCP client on designated management interfaces during the Auto-Install process. The end user configuration remains unchanged. Management interfaces include the out-of-band interface or routing interfaces in a saved config.
PAGE 1389
2CSNXXX_SWUM200.book Page 1389 Tuesday, December 10, 2013 1:22 PM User Guidelines The configuration on the master switch controls the stack as if it is a single switch. No configuration steps need to be taken on the member switches to synchronize the firmware.
PAGE 1390
2CSNXXX_SWUM200.book Page 1390 Tuesday, December 10, 2013 1:22 PM boot host autoreboot Use the boot host autoreboot command in Global Configuration mode to enable rebooting the device (no administrative intervention) when the autoimage is successfully downloaded. Use the no form of this command to disable rebooting the device (no administrative intervention) when the autoimage is successfully downloaded.
PAGE 1391
2CSNXXX_SWUM200.book Page 1391 Tuesday, December 10, 2013 1:22 PM Syntax boot host autosave no boot host autosave Default Configuration The default value is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example console# console#configure console(config)#boot host auto-save console(config)#no boot host auto-save boot host dhcp Use the boot host dhcp command in Global Configuration mode to enable Auto-Install and Auto Configuration on the switch.
PAGE 1392
2CSNXXX_SWUM200.book Page 1392 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration. User Guidelines This command has no user guidelines Example console# console#configure console(config)#boot host dhcp console(config)#no boot host dhcp boot host retrycount The boot host retrycount command sets the number of attempts to download a configuration. Use the no form of this command to reset the number of attempts to download a configuration to the default.
PAGE 1393
2CSNXXX_SWUM200.book Page 1393 Tuesday, December 10, 2013 1:22 PM console(config)#no boot host retrycount show auto-copy-sw Use the show auto-copy-sw command in Privileged EXEC mode to display Stack Firmware Synchronization configuration status. Syntax show auto-copy-sw Default Configuration This command has no default configuration.
PAGE 1394
2CSNXXX_SWUM200.book Page 1394 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 1395
2CSNXXX_SWUM200.book Page 1395 Tuesday, December 10, 2013 1:22 PM Captive Portal Commands 61 Dell Networking N2000/N3000/N4000 Series Switches The Captive Portal feature is a software implementation that blocks both wired and wireless clients from accessing the network until user verification has been established. Verification can be configured to allow access for both guest and authenticated users.
PAGE 1396
2CSNXXX_SWUM200.
PAGE 1397
2CSNXXX_SWUM200.book Page 1397 Tuesday, December 10, 2013 1:22 PM Captive Portal Global Commands authentication timeout Use the authentication timeout command to configure the authentication timeout. If the user does not enter valid credentials within this time limit, the authentication page needs to be served again in order for the client to gain access to the network. Use the “no” form of this command to reset the authentication timeout to the default.
PAGE 1398
2CSNXXX_SWUM200.book Page 1398 Tuesday, December 10, 2013 1:22 PM Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#captive-portal console(config-CP)# enable Use the enable command to globally enable captive portal. Use the “no” form of this command to globally disable captive portal.
PAGE 1399
2CSNXXX_SWUM200.book Page 1399 Tuesday, December 10, 2013 1:22 PM http port Use the http port command to configure an additional HTTP port for captive portal to listen for connections. Use the “no” form of this command to remove the additional HTTP port from monitoring. Syntax http port port-num no http port • port-num —The port number on which the HTTP server listens for connections (Range: 1025–65535). Default Configuration Captive portal only monitors port 80 by default.
PAGE 1400
2CSNXXX_SWUM200.book Page 1400 Tuesday, December 10, 2013 1:22 PM • port-num —The port number on which the HTTPS server listens for connections (Range: 1025–65535). Default Configuration Captive portal listens on port 443 by default. Command Mode Captive Portal Configuration mode. User Guidelines The port number should not be set to a value that might conflict with other wellknown protocol port numbers used on this switch.
PAGE 1401
2CSNXXX_SWUM200.book Page 1401 Tuesday, December 10, 2013 1:22 PM Administrative Mode....................... Disabled Operational Status........................ Disabled Disable Reason................ Administrator Disabled Captive Portal IP Address................. 1.2.3.4 show captive-portal status Use the show captive-portal status command to report the status of all captive portal instances in the system.
PAGE 1402
2CSNXXX_SWUM200.book Page 1402 Tuesday, December 10, 2013 1:22 PM block Use the block command to block all traffic for a captive portal configuration. Use the “no” form of this command to unblock traffic. Syntax block no block Default Configuration Traffic is not blocked by default. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command.
PAGE 1403
2CSNXXX_SWUM200.book Page 1403 Tuesday, December 10, 2013 1:22 PM Default Configuration Configuration 1 is enabled by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-CP)#configuration 2 console(config-CP 2)# enable Use the enable command to enable a captive portal configuration. Use the no form of this command to disable a configuration.
PAGE 1404
2CSNXXX_SWUM200.book Page 1404 Tuesday, December 10, 2013 1:22 PM group Use the group command to configure the group number for a captive portal configuration. If a group number is configured, the user entry (Local or RADIUS) must be configured with the same name and the group to authenticate to this captive portal instance. Use the no form of this command to reset the group number to the default.
PAGE 1405
2CSNXXX_SWUM200.book Page 1405 Tuesday, December 10, 2013 1:22 PM Default Configuration No interfaces are associated with a configuration by default. Command Mode Captive Portal Instance Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-CP 2)#interface 1/0/2 locale The locale command is not intended to be a user command. The administrator must use the Web UI to create and customize captive portal web content.
PAGE 1406
2CSNXXX_SWUM200.book Page 1406 Tuesday, December 10, 2013 1:22 PM name (Captive Portal) Use the name command to configure the name for a captive portal configuration. Use the no form of this command to remove a configuration name. Syntax name cp-name no name • cp-name — CP configuration name (Range: 1–32 characters). Default Configuration Configuration 1 has the name “Default” by default. All other configurations have no name by default. Command Mode Captive Portal Instance mode.
PAGE 1407
2CSNXXX_SWUM200.book Page 1407 Tuesday, December 10, 2013 1:22 PM Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-CP 2)#protocol http redirect Use the redirect command to enable the redirect mode for a captive portal configuration. Use the “no” form of this command to disable redirect mode. Syntax redirect no redirect Default Configuration Redirect mode is disabled by default. Command Mode Captive Portal Instance mode.
PAGE 1408
2CSNXXX_SWUM200.book Page 1408 Tuesday, December 10, 2013 1:22 PM Syntax redirect-url url • url —The URL for redirection (Range: 1–512 characters). Default Configuration There is no redirect URL configured by default. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-CP 2)#redirect-url www.dell.com session-timeout Use the session-timeout command to configure the session timeout for a captive portal configuration.
PAGE 1409
2CSNXXX_SWUM200.book Page 1409 Tuesday, December 10, 2013 1:22 PM User Guidelines There are no user guidelines for this command. Example console(config-CP 2)#session-timeout 86400 console(config-CP 2)#no session-timeout verification Use the verification command to configure the verification mode for a captive portal configuration. Syntax verification { guest | local | radius } • guest—Allows access for unauthenticated users (users that do not have assigned user names and passwords).
PAGE 1410
2CSNXXX_SWUM200.book Page 1410 Tuesday, December 10, 2013 1:22 PM Captive Portal Client Connection Commands captive-portal client deauthenticate Use the captive-portal client deauthenticate command to deauthenticate a specific captive portal client. Syntax captive-portal client deauthenticate macaddr • macaddr — Client MAC address. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command.
PAGE 1411
2CSNXXX_SWUM200.book Page 1411 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal client status Client MAC Address Client IP Address Protocol ------------------ ----------------- -------0002.BC00.1290 10.254.96.47 https 0002.BC00.1291 10.254.96.48 https 0002.BC00.1292 10.254.96.
PAGE 1412
2CSNXXX_SWUM200.book Page 1412 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal configuration client status CP ID CP Name Client MAC Address Client IP Address ----- --------------- ------------------ ----------------1 cp1 0002.BC00.1290 10.254.96.47 0002.BC00.1291 10.254.96.48 2 cp2 0002.BC00.1292 10.254.96.49 3 cp3 0002.BC00.1293 10.
PAGE 1413
2CSNXXX_SWUM200.book Page 1413 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal interface client status Client Client Intf Intf Description MAC Address IP Address ------ ----------------------------------- ----------------- --------------1/0/1 Unit: 1 Slot: 0 Port: 1 Gigabit 0002.BC00.1290 10.254.96.47 0002.BC00.1291 10.254.96.
PAGE 1414
2CSNXXX_SWUM200.book Page 1414 Tuesday, December 10, 2013 1:22 PM Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
PAGE 1415
2CSNXXX_SWUM200.book Page 1415 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command. Example console#clear captive-portal users no user Use the no user command to delete a user from the local user database. If the user has an existing session, it is disconnected. Syntax no user user-id • user-id — User ID (Range: 1–128). Default Configuration There is no default configuration for this command.
PAGE 1416
2CSNXXX_SWUM200.book Page 1416 Tuesday, December 10, 2013 1:22 PM Syntax show captive-portal user [user-id] • user-id — User ID (Range: 1–128). Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
PAGE 1417
2CSNXXX_SWUM200.book Page 1417 Tuesday, December 10, 2013 1:22 PM Syntax user user-id group group-id • user-id — User ID (Range: 1–128). • group-id —Group ID (Range: 1–10). Default Configuration A user is associated with group 1 by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command.
PAGE 1418
2CSNXXX_SWUM200.book Page 1418 Tuesday, December 10, 2013 1:22 PM User Guidelines There are no user guidelines for this command. Example In this example, all classes of entries in the mac address-table are displayed. console(config)#captive-portal console(config-CP)#user 1 name asd console(config-CP)#configuration 1 console(config-CP 1)#user-logout console(config-CP 1)#no user-logout user name Use the user name command to modify the user name for a local captive portal user.
PAGE 1419
2CSNXXX_SWUM200.book Page 1419 Tuesday, December 10, 2013 1:22 PM user password Use the user password command to create a local user or change the password for an existing user. Syntax user user-id password {password | encrypted enc-password} • user-id — User ID (Range: 1–128). • password —User password (Range: 8–64 characters). • enc-password —User password in encrypted form. Default Configuration There are no users configured by default. Command Mode Captive Portal Configuration mode.
PAGE 1420
2CSNXXX_SWUM200.book Page 1420 Tuesday, December 10, 2013 1:22 PM • timeout —Session timeout. 0 indicates use global configuration (Range: 0–86400 seconds). Default Configuration The global session timeout is used by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command.
PAGE 1421
2CSNXXX_SWUM200.book Page 1421 Tuesday, December 10, 2013 1:22 PM Example console#show captive-portal configuration 1 CP ID..................................... 1 CP Name................................... cp1 Operational Status........................ Disabled Disable Reason............................ Administrator Disabled Blocked Status............................ Not Blocked Configured Locales........................ 1 Authenticated Users.......................
PAGE 1422
2CSNXXX_SWUM200.book Page 1422 Tuesday, December 10, 2013 1:22 PM 1/0/1 Unit: 1 Slot: 0 Port: 1 Gigabit - Level Disabled Blocked console#show captive-portal configuration 1 interface 1/0/1 CP ID..................................... 1 CP Name................................... cp1 Interface................................. 1/0/1 Interface Description..................... Unit: 1 Slot: 0 Port: 1 Gigab... Operational Status........................ Disabled Disable Reason............................
PAGE 1423
2CSNXXX_SWUM200.book Page 1423 Tuesday, December 10, 2013 1:22 PM show captive-portal configuration status Use the show captive-portal configuration status command to display information about all configured captive portal configurations or about a specific captive portal configuration. Syntax show captive-portal configuration [ cp-id ] status • cp-id —Captive Portal ID. Default Configuration There is no default configuration for this command.
PAGE 1424
2CSNXXX_SWUM200.book Page 1424 Tuesday, December 10, 2013 1:22 PM Captive Portal User Group Commands user group Use the user group command to create a user group. Use the no form of this command to delete a user group. The default user group (1) cannot be deleted. Syntax user group group-id no user group group-id group-id —Group ID (Range: 1–10). Default Configuration User group 1 is created by default and cannot be deleted. Command Mode Captive Portal Configuration mode.
PAGE 1425
2CSNXXX_SWUM200.book Page 1425 Tuesday, December 10, 2013 1:22 PM Default Configuration There is no default configuration for this command. Command Mode Captive Portal Configuration mode User Guidelines The new group-id must already exist. Example console(config-CP)#user group 2 moveusers 3 user group name Use the user group name command to configure a group name. Syntax user group group-id name name • group-id —Group ID (Range: 1–10). • name — Group name (Range: 1–32 characters).
PAGE 1426
2CSNXXX_SWUM200.
PAGE 1427
2CSNXXX_SWUM200.book Page 1427 Tuesday, December 10, 2013 1:22 PM 62 CLI Macro Commands Dell Networking N2000/N3000/N4000 Series Switches CLI Macros provides a convenient way to save and distribute common configurations. A CLI macro is a set of the CLI commands having a unique name. When a CLI macro is applied, the CLI commands contained within the macro are executed and added to the Running Configuration File.
PAGE 1428
2CSNXXX_SWUM200.book Page 1428 Tuesday, December 10, 2013 1:22 PM • profile-wireless, the interface configuration, used when connecting the switch and a wireless access point. • profile-compellent-nas, the interface configuration, used when connecting the switch to a Dell Compellent NAS.
PAGE 1429
2CSNXXX_SWUM200.book Page 1429 Tuesday, December 10, 2013 1:22 PM Macro Default Definition default interface :profile-phone default interface :profile-switch default interface :profile-router default interface :profile-wireless default global :profile-compellent-nas Command Mode Global Configuration mode User Guidelines Macros consist of text commands with one command per line. Enter the commands and terminate macro input mode by entering a single at sign (@) on a line by itself.
PAGE 1430
2CSNXXX_SWUM200.book Page 1430 Tuesday, December 10, 2013 1:22 PM Default Configuration No parameters are substituted unless supplied on the command line. Command Mode Global Configuration mode User Guidelines Commands applied are additive in nature. That is, they do not remove existing configuration information by default. macro global trace Use the macro global trace command in Global Configuration mode to apply and trace a macro.
PAGE 1431
2CSNXXX_SWUM200.book Page 1431 Tuesday, December 10, 2013 1:22 PM Commands applied are additive in nature. That is, they do not remove existing configuration information by default. macro global description Use the macro global description command in Global Configuration mode to append a line to the global macro description. Use the no form of the command to clear the description. Syntax macro global description line • line—The macro description.
PAGE 1432
2CSNXXX_SWUM200.book Page 1432 Tuesday, December 10, 2013 1:22 PM • value—The string to be substituted within the macro for the specified parameter name. Default Configuration No parameters are substituted unless supplied on the command line. Command Mode Interface Configuration mode User Guidelines Commands applied are additive in nature. That is, they do not remove existing configuration information by default.
PAGE 1433
2CSNXXX_SWUM200.book Page 1433 Tuesday, December 10, 2013 1:22 PM User Guidelines The line number of the first error encountered is printed. The script is aborted after the first error. Commands applied are additive in nature. That is, they do not remove existing configuration information by default. macro description Use the macro description command in Interface Configuration mode to append a line to the macro description. Use the no form of the command to clear the description.
PAGE 1434
2CSNXXX_SWUM200.book Page 1434 Tuesday, December 10, 2013 1:22 PM • brief—Shows the list of defined macros and their type. • description—Shows the macro descriptions. • name—Shows an individual macro, including its contents. • macro—The name of the macro to display. • interface-id—The interface for which to show the macro description. Default Configuration No parameters are substituted unless supplied on the command line.
PAGE 1435
2CSNXXX_SWUM200.book Page 1435 Tuesday, December 10, 2013 1:22 PM 63 Clock Commands Dell Networking N2000/N3000/N4000 Series Switches Real-time Clock The Dell Networking supports a real-time clock that maintains the system time across reboots. The system time is used to timestamp messages in the logging subsystem as well as for the application of time based ACLs. The administrator has the ability to configure and view the current time, time zone, and summer time settings.
PAGE 1436
2CSNXXX_SWUM200.book Page 1436 Tuesday, December 10, 2013 1:22 PM multicast address ff02::101 (reserved for SNTP) for server packets on port number 123. The client logic to handle packet contents doesn’t change with support for IPv6 networks.
PAGE 1437
2CSNXXX_SWUM200.book Page 1437 Tuesday, December 10, 2013 1:22 PM Example The following example displays the current SNTP configuration of the device. console#show sntp configuration Polling interval: 64 seconds MD5 Authentication keys: Authentication is not required for synchronization. Trusted keys: No trusted keys. Unicast clients: Disable Unicast servers: Server Key ------------------10.27.128.
PAGE 1438
2CSNXXX_SWUM200.book Page 1438 Tuesday, December 10, 2013 1:22 PM Server Server Server Server Server Server Type: Stratum: Reference Id: Mode: Maximum Entries: Current Entries: IPv6 2 NTP Srv: 158.108.96.
PAGE 1439
2CSNXXX_SWUM200.book Page 1439 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following example shows the status of the SNTP. console#show sntp status Client Mode: Last Update Time: Unicast servers: Server Status ------------------192.168.0.
PAGE 1440
2CSNXXX_SWUM200.book Page 1440 Tuesday, December 10, 2013 1:22 PM User Guidelines The command is relevant for both Unicast and Broadcast. Example The following example, after defining the authentication key for SNTP, grants authentication.
PAGE 1441
2CSNXXX_SWUM200.book Page 1441 Tuesday, December 10, 2013 1:22 PM console(config)# sntp authenticate sntp broadcast client enable Use the sntp broadcast client enable command in Global Configuration mode to enable a Simple Network Time Protocol (SNTP) Broadcast client. To disable an SNTP Broadcast client, use the no form of this command. Syntax sntp broadcast client enable no sntp broadcast client enable Default Configuration The SNTP Broadcast client is disabled.
PAGE 1442
2CSNXXX_SWUM200.book Page 1442 Tuesday, December 10, 2013 1:22 PM • seconds — Polling interval. (Range: 64-1024 seconds, in powers of 2) Default Configuration The polling interval is 64 seconds. Command Mode Global Configuration mode User Guidelines If a user enters a value which is not an exact power of two, the nearest powerof-two value is applied. Example The following example sets the polling time for the Simple Network Time Protocol (SNTP) client to 1024 seconds.
PAGE 1443
2CSNXXX_SWUM200.book Page 1443 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example configures the device to accept Simple Network Time Protocol (SNTP) traffic from the server at IP address 192.1.1.1. console(config)# sntp server 192.1.1.1 sntp trusted-key Use the sntp trusted-key command in Global Configuration mode to authenticate the identity of a system to which Simple Network Time Protocol (SNTP) will synchronize.
PAGE 1444
2CSNXXX_SWUM200.book Page 1444 Tuesday, December 10, 2013 1:22 PM sntp unicast client enable Use the sntp unicast client enable command in Global Configuration mode to enable a client to use Simple Network Time Protocol (SNTP) predefined Unicast clients. To disable an SNTP Unicast client, use the no form of this command. Syntax sntp unicast client enable no sntp unicast client enable Default Configuration The SNTP Unicast client is disabled.
PAGE 1445
2CSNXXX_SWUM200.book Page 1445 Tuesday, December 10, 2013 1:22 PM • minutes-offset — Minutes difference from UTC. (Range: 0–59) • acronym — The acronym for the time zone. (Range: Up to four characters) Command Mode Global Configuration Default Value No default setting User Guidelines No specific guidelines Example console(config)#clock timezone -5 minutes 30 zone IST no clock timezone Use the no clock timezone command to reset the time zone settings.
PAGE 1446
2CSNXXX_SWUM200.book Page 1446 Tuesday, December 10, 2013 1:22 PM clock summer-time recurring Use the clock summer-time recurring {usa | eu | {week day month hh:mm week day month hh:mm}} [offset offset] [zone acronym] command to set the summertime offset to UTC recursively every year. If the optional parameters are not specified, they are read as either '0' or '\0', as appropriate.
PAGE 1447
2CSNXXX_SWUM200.book Page 1447 Tuesday, December 10, 2013 1:22 PM clock summer-time date Use the clock summer-time date {date | month} {month | date} year hh:mm {date | month} {month | date} year hh:mm [offset offset] [zone acronym] command to set the summertime offset to UTC. If the optional parameters are not specified, they are read as either '0' or '\0', as appropriate.
PAGE 1448
2CSNXXX_SWUM200.book Page 1448 Tuesday, December 10, 2013 1:22 PM no clock summer-time Use the no clock summer-time command to reset the summertime configuration. Syntax no clock summer-time Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines No specific guidelines Example console(config)#no clock summer-time show clock Use the show clock command in Privileged EXEC or User EXEC mode to display the time and date from the system clock.
PAGE 1449
2CSNXXX_SWUM200.book Page 1449 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example shows the time and date only. console# show clock 15:29:03 PDT(UTC-7) Jun 17 2005 Time source is SNTP The following example shows the time, date, timezone, and summertime configuration. console# show clock detail 15:29:03 PDT(UTC-7) Jun 17 2005 Time source is SNTP Time zone: Acronym is PST Offset is UTC-7 Summertime: Acronym is PDT Recurring every year.
PAGE 1450
2CSNXXX_SWUM200.
PAGE 1451
2CSNXXX_SWUM200.book Page 1451 Tuesday, December 10, 2013 1:22 PM Command Line Configuration Scripting Commands 64 Dell Networking N2000/N3000/N4000 Series Switches The Configuration Scripting feature allows the user to generate textformatted files representing the current system configuration. These configuration script files can be uploaded to a computer and edited, then downloaded to the system and applied to the system.
PAGE 1452
2CSNXXX_SWUM200.book Page 1452 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example applies the config.scr script to the switch. console#script apply config.scr script delete Use the script delete command in Privileged EXEC mode to delete a specified script.
PAGE 1453
2CSNXXX_SWUM200.book Page 1453 Tuesday, December 10, 2013 1:22 PM console#script delete all script list Use the script list command in Privileged EXEC mode to list all scripts present on the switch as well as the remaining available space. Syntax script list Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays all scripts present on the switch.
PAGE 1454
2CSNXXX_SWUM200.book Page 1454 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the contents of the script file config.scr. console#script show config.scr interface gigabitethernet 1/0/1 ip address 176.242.100.100 255.255.255.
PAGE 1455
2CSNXXX_SWUM200.book Page 1455 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example validates the contents of the script file config.scr. console#script validate config.
PAGE 1456
2CSNXXX_SWUM200.
PAGE 1457
2CSNXXX_SWUM200.book Page 1457 Tuesday, December 10, 2013 1:22 PM Configuration and Image File Commands 65 Dell Networking N2000/N3000/N4000 Series Switches File System Commands CLI commands allow the user to show the contents of the current directory in the flash file system (dir command). These files may also be deleted from the flash using the delete command or renamed with the rename command.
PAGE 1458
2CSNXXX_SWUM200.book Page 1458 Tuesday, December 10, 2013 1:22 PM delete show backup-config delete backup-config show bootvar delete backup-image show running-config delete startup-config show startup-config dir write boot system Use the boot system command in Privileged EXEC mode to specify the system image that the device loads at startup. Syntax boot system [unit-id][active|backup] • unit-id—Unit to be used for this operation. If absent, command executes on this node.
PAGE 1459
2CSNXXX_SWUM200.book Page 1459 Tuesday, December 10, 2013 1:22 PM console#show version Machine Description............... System Model ID................... Machine Type...................... Serial Number..................... Manufacturer...................... Operating System.................. Burned In MAC Address............. System Object ID.................. CPU Version....................... SOC Version....................... HW Version........................ CPLD Version......................
PAGE 1460
2CSNXXX_SWUM200.book Page 1460 Tuesday, December 10, 2013 1:22 PM copy Use the copy command in Privileged EXEC mode to copy files within the switch and to upload and download files from and to the switch. Syntax copy source-url destination-url Parameter Description source-url The location URL or or reserved keyword of the source file being copied. (Range: 1-160 characters.) List of valid source parameters for uploading from the switch: backup-config Uploads Backup Config file.
PAGE 1461
2CSNXXX_SWUM200.book Page 1461 Tuesday, December 10, 2013 1:22 PM Parameter Description destination-url The URL or reserved keyword of the destination file. (Range: 1-160 characters. List of valid destination parameters for downloading to the switch: backup-config Downloads config file using sftp or tftp. image Downloads code file by ftp, sftp, or tftp. script Downloads configuration script by sftp or tftp. startup-config Downloads config file using tftp.
PAGE 1462
2CSNXXX_SWUM200.book Page 1462 Tuesday, December 10, 2013 1:22 PM Reserved Keyword Description running-config Represents the current running configuration file. startup-config Represents the startup configuration file. startup-log Represents the startup syslog file. This can only be the source of a copy operation. operational-log Represents the operational syslog file. This can only be the source of a copy operation. script scriptname Represents a CLI script file.
PAGE 1463
2CSNXXX_SWUM200.book Page 1463 Tuesday, December 10, 2013 1:22 PM User Guidelines When copying files from the switch, match a source parameter with a destination URL. When copying to the switch, match a source URL to a destination parameter. FTP is only supported for image download to the switch. URLs may not exceed 160 characters in length, including filename, file path, hostname, ip address, user, and reserved keywords. Script download performs syntax checking of downloaded scripts.
PAGE 1464
2CSNXXX_SWUM200.book Page 1464 Tuesday, December 10, 2013 1:22 PM Management access will be blocked for the duration of the transfer Are you sure you want to start? (y/n) y File transfer in progress. Management access will be blocked for the duration of the transfer. please wait... TFTP Code transfer starting... 17128797 bytes transferred... File contents are valid. Copying file to flash... Attempting to send the STK file to other units in the stack... File transfer operation completed successfully.
PAGE 1465
2CSNXXX_SWUM200.book Page 1465 Tuesday, December 10, 2013 1:22 PM Validating and updating the users to the IAS users database. Updated IAS users database successfully. Example – Script Download copy tftp://10.27.9.99/jmclendo/max-acl.scr script maxacl.scr Example – USB copy operations console#copy console#copy console#copy console#copy console#copy usb:/start-config startup-config operational-log usb://olog.txt usb://backup-config.txt backup-config active usb://image1.stk flash://crashdump.
PAGE 1466
2CSNXXX_SWUM200.book Page 1466 Tuesday, December 10, 2013 1:22 PM delete backup-config Use the delete backup-config command in Privileged EXEC mode to delete the backup-config file. Syntax delete backup-config Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example deletes the backup-config file.
PAGE 1467
2CSNXXX_SWUM200.book Page 1467 Tuesday, December 10, 2013 1:22 PM User Guidelines NOTE: The active image cannote be deleted. Example The following example deletes test file in Flash memory. console#delete backup-image Delete: image2 (y/n)? delete startup-config Use the delete startup-config command in Privileged EXEC mode to delete the startup-config file. Syntax delete startup-config Default Configuration This command has no default configuration.
PAGE 1468
2CSNXXX_SWUM200.book Page 1468 Tuesday, December 10, 2013 1:22 PM Syntax dir Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
PAGE 1469
2CSNXXX_SWUM200.book Page 1469 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command is not supported on USB drives. filedescr Use the filedescr command in Privileged EXEC mode to add a description to a file. Use the no version of this command to remove the description from the filename.
PAGE 1470
2CSNXXX_SWUM200.book Page 1470 Tuesday, December 10, 2013 1:22 PM Example The following example attaches a file description to image2. console#filedescr image2 "backedup on 03-22-05" rename Use the rename command in Privileged EXEC mode to rename a file present in flash. Syntax rename source dest • source — Source file name • dest — Destination file name Default Configuration This command has no default configuration.
PAGE 1471
2CSNXXX_SWUM200.book Page 1471 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows backup-config data. console#show backup-config !Current Configuration: !System Description "Dell Networking N4032, 6.0.0.0, Linux 2.6.32.9" !System Software Version 6.0.0.
PAGE 1472
2CSNXXX_SWUM200.book Page 1472 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode User EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the active system image file that the device loads at startup.
PAGE 1473
2CSNXXX_SWUM200.book Page 1473 Tuesday, December 10, 2013 1:22 PM Syntax show running-config [all | scriptname] • all—To display or capture the commands with settings and configuration that are equal to the default value, include the all option. • scriptname—If the optional scriptname is provided, the output is redirected to a script file.
PAGE 1474
2CSNXXX_SWUM200.book Page 1474 Tuesday, December 10, 2013 1:22 PM Syntax show startup-config Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the contents of the startup-config file. console#show startup-config !Current Configuration: !System Description "Dell Networking 7048R, 10.0.0.0, Linux 6.
PAGE 1475
2CSNXXX_SWUM200.book Page 1475 Tuesday, December 10, 2013 1:22 PM Syntax write Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command is equivalent to the copy running-config startup-config command functionally.
PAGE 1476
2CSNXXX_SWUM200.
PAGE 1477
2CSNXXX_SWUM200.book Page 1477 Tuesday, December 10, 2013 1:22 PM Denial of Service Commands 66 Dell Networking N2000/N3000/N4000 Series Switches The following list shows the DoS attack detection Dell Networking supports. • SIP=DIP: – • First Fragment: – • • – TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and – TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and – TCP Sequence Number = 0 or TCP Flags SYN and FIN set.
PAGE 1478
2CSNXXX_SWUM200.book Page 1478 Tuesday, December 10, 2013 1:22 PM • – TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and – TCP Sequence Number = 0 or TCP Flags SYN and FIN set. TCP Offset: – • TCP SYN: – • TCP Flags FIN and URG and PSH set and TCP Sequence Number = 0. ICMP V6: – • TCP Flags SYN and FIN set. TCP FIN & URG & PSH: – • TCP Flag SYN set. TCP SYN & FIN: – • Checks for TCP header offset =1. Limiting the size of ICMPv6 Ping packets.
PAGE 1479
2CSNXXX_SWUM200.book Page 1479 Tuesday, December 10, 2013 1:22 PM dos-control firstfrag Use the dos-control firstfrag command in Global Configuration mode to enable Minimum TCP Header Size Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having a TCP Header Size smaller than the configured value, the packets are dropped. Syntax dos-control firstfrag [size] no dos-control firstfrag • size —TCP header size.
PAGE 1480
2CSNXXX_SWUM200.book Page 1480 Tuesday, December 10, 2013 1:22 PM Syntax dos-control icmp [size ] no dos-control icmp • size — Maximum ICMP packet size. (Range: 0-16376). If size is unspecified, the value is 512. Default Configuration Denial of Service is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example activates the Maximum ICMP Packet Denial of Service protection with a maximum packet size of 1023.
PAGE 1481
2CSNXXX_SWUM200.book Page 1481 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example activates L4 Port Denial of Service protection. console(config)#dos-control l4port dos-control sipdip Use the dos-control sipdip command in Global Configuration mode to enable Source IP Address = Destination IP Address (SIP=DIP) Denial of Service protection.
PAGE 1482
2CSNXXX_SWUM200.book Page 1482 Tuesday, December 10, 2013 1:22 PM dos-control tcpflag Use the dos-control tcpflag command in Global Configuration mode to enable TCP Flag Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack.
PAGE 1483
2CSNXXX_SWUM200.book Page 1483 Tuesday, December 10, 2013 1:22 PM no dos-control tcpfrag Default Configuration Denial of Service is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example activates TCP Fragment Denial of Service protection. console(config)#dos-control tcpfrag ip icmp echo-reply Use the ip icmp echo-reply command to enable or disable the generation of ICMP Echo Reply messages.
PAGE 1484
2CSNXXX_SWUM200.book Page 1484 Tuesday, December 10, 2013 1:22 PM Example console(config)#ip icmp echo-reply ip icmp error-interval Use the ip icmp error-interval command to limit the rate at which IPv4 ICMP error messages are sent. The rate limit is configured as a token bucket with two configurable parameters: Burst-size and burst-interval. To disable ICMP rate limiting, set burst-interval to zero. Use the no form of this command to return burst-interval and burst-size to their default values.
PAGE 1485
2CSNXXX_SWUM200.book Page 1485 Tuesday, December 10, 2013 1:22 PM ip unreachables Use the ip unreachables command to enable the generation of ICMP Destination Unreachable messages. Use the no form of this command to prevent the generation of ICMP Destination Unreachable messages. Syntax ip unreachables no ip unreachables Default Configuration ICMP Destination Unreachable messages are enabled. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command.
PAGE 1486
2CSNXXX_SWUM200.book Page 1486 Tuesday, December 10, 2013 1:22 PM Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan10)#ip redirects ipv6 icmp error-interval Use the icmp error-interval command to limit the rate at which ICMP error messages are sent. The rate limit is configured as a token bucket with two configurable parameters: Burst-size and burst interval.
PAGE 1487
2CSNXXX_SWUM200.book Page 1487 Tuesday, December 10, 2013 1:22 PM Example console(config)#ipv6 icmp error-interval 2000 20 ipv6 unreachables Use the ipv6 unreachables command to enable the generation of ICMPv6 Destination Unreachable messages. Use the no form of this command to prevent the generation of ICMPv6 Destination Unreachable messages. Syntax ipv6 unreachables no ipv6 unreachables Default Configuration ICMPv6 Destination Unreachable messages are enabled by default.
PAGE 1488
2CSNXXX_SWUM200.book Page 1488 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays Denial of Service configuration information. console#show dos-control SIPDIP Mode...............................Disable First Fragment Mode.......................Disable Min TCP Hdr Size..........................20 TCP Fragment Mode........................
PAGE 1489
2CSNXXX_SWUM200.book Page 1489 Tuesday, December 10, 2013 1:22 PM 67 Line Commands Dell Networking N2000/N3000/N4000 Series Switches This chapter explains the following commands: exec-timeout line history show line history size speed Authentication commands related to line configuration mode are in AAA Commands. exec-timeout Use the exec-timeout command in Line Configuration mode to set the interval that the system waits for user input before timeout.
PAGE 1490
2CSNXXX_SWUM200.book Page 1490 Tuesday, December 10, 2013 1:22 PM User Guidelines To specify no timeout, enter the exec-timeout 0 command. Example The following example configures the interval that the system waits until user input is detected to 20 minutes. console(config)#line console console(config-line)#exec-timeout 20 history Use the history command in Line Configuration mode to enable the command history function. To disable the command history function, use the no form of this command.
PAGE 1491
2CSNXXX_SWUM200.book Page 1491 Tuesday, December 10, 2013 1:22 PM history size Use the history size command in Line Configuration mode to change the command history buffer size for a particular line. To reset the command history buffer size to the default setting, use the no form of this command. Syntax history size number-of-commands no history size • number-of-commands—Specifies the number of commands the system may record in its command history buffer.
PAGE 1492
2CSNXXX_SWUM200.book Page 1492 Tuesday, December 10, 2013 1:22 PM • ssh — Virtual terminal for secured remote console access (SSH). Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The default authentication list for telnet and SSH is enableNetList. The enableNetList uses a single method: enable. This implies that users accessing the switch via telnet or SSH must have an enable password defined in order to access privileged mode.
PAGE 1493
2CSNXXX_SWUM200.book Page 1493 Tuesday, December 10, 2013 1:22 PM • telnet — Virtual terminal for remote console access (Telnet). • ssh — Virtual terminal for secured remote console access (SSH). Default Configuration This command has no default configuration. Command Mode User EXEC and Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the line configuration.
PAGE 1494
2CSNXXX_SWUM200.book Page 1494 Tuesday, December 10, 2013 1:22 PM • bps — Baud rate in bits per second (bps). The options are 2400, 9600, 19200, 38400, 57600, and 115200. Default Configuration This default speed is 9600. Command Mode Line Interface (console) mode User Guidelines This configuration applies only to the current session. Example The following example configures the console baud rate to 9600.
PAGE 1495
2CSNXXX_SWUM200.book Page 1495 Tuesday, December 10, 2013 1:22 PM Management ACL Commands 68 Dell Networking N2000/N3000/N4000 Series Switches In order to ensure the security of the switch management features, the administrator may elect to configure a management access control list. The Management Access Control and Administration List (ACAL) component is used to ensure that only known and trusted devices are allowed to remotely manage the switch via TCP/IP.
PAGE 1496
2CSNXXX_SWUM200.book Page 1496 Tuesday, December 10, 2013 1:22 PM management access-list show management access-list deny (management) Use the deny command in Management Access-List Configuration mode to set conditions for the management access list.
PAGE 1497
2CSNXXX_SWUM200.book Page 1497 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Management Access-list Configuration mode User Guidelines Rules with gigabitethernet, tengigabitethernet, fortygigabitethernet, vlan, and port-channel parameters are valid only if an IP address is defined on the appropriate interface. Ensure that each rule has a unique priority.
PAGE 1498
2CSNXXX_SWUM200.book Page 1498 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example configures an access-list called mlist as the management access-list. console(config)# management access-class mlist management access-list Use the management access-list command in Global Configuration mode to define an access list for management, and enter the access-list for configuration.
PAGE 1499
2CSNXXX_SWUM200.book Page 1499 Tuesday, December 10, 2013 1:22 PM Use the management access-class command to select the active access-list. The active management list cannot be updated or removed. Management access list names can consist of any printable character, including blanks. Enclose the name in quotes to embed blanks in the name. Examples The following example shows how to configure two management interfaces, gigabit Ethernet 1/0/1 and gigabit Ethernet 2/0/9.
PAGE 1500
2CSNXXX_SWUM200.book Page 1500 Tuesday, December 10, 2013 1:22 PM permit priority priority-value • gigabitethernet unit/slot/port — A valid 1-gigabit Ethernet-routed port number. • vlan vlan-id — A valid VLAN number. • port-channel port-channel-number — A valid port channel number. • tengigabitethernet unit/slot/port — A valid 10-gigabit Ethernet-routed port number. • fortygigabitethernet unit/slot/port – A valid 40-gigabit Ethernet-routed port number. • ip-address — Source IP address.
PAGE 1501
2CSNXXX_SWUM200.book Page 1501 Tuesday, December 10, 2013 1:22 PM console(config-macal)# permit gigabitethernet 1/0/1 priority 1 console(config-macal)# permit gigabitethernet 2/0/9 priority 1 console(config-macal)# exit console(config)# management access-class mlist The following example shows how to configure all the interfaces to be management interfaces except for two interfaces, gigabit Ethernet 1/0/1 and 2/0/9.
PAGE 1502
2CSNXXX_SWUM200.book Page 1502 Tuesday, December 10, 2013 1:22 PM show management access-list Use the show management access-list command in Privileged EXEC mode to display management access-lists. Syntax show management access-list [name] • name — A valid access list name. (Range: 1–32 characters) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 1503
2CSNXXX_SWUM200.book Page 1503 Tuesday, December 10, 2013 1:22 PM 69 Password Management Commands Dell Networking N2000/N3000/N4000 Series Switches The Password Management component supports the features below. Passwords are masked when entered by the user and in the running config. Configurable Minimum Password Length The administrator has the option of requiring user passwords to be a minimum length. The administrator can choose to have the switch enforce a minimum length between 8 and 64 characters.
PAGE 1504
2CSNXXX_SWUM200.book Page 1504 Tuesday, December 10, 2013 1:22 PM disabled by default. The user lockout feature applies to all users on all ports. The administrator can access the serial port even if he/she is locked out and reset the password or clear the config to regain control of the switch. This ensures that if a hacker tries to log in as admin and causes the account to be locked out, then the administrator with physical access to the switch can still log in and reactivate the admin account.
PAGE 1505
2CSNXXX_SWUM200.book Page 1505 Tuesday, December 10, 2013 1:22 PM • Maximum number of repetition of characters or numbers (such as 1111 or aaaa). Configuring minimum value of 0 for the above parameters means no restriction on that set of characters and configuring maximum of 0 means disabling the restriction (or no limit on the maximum number of course limited by minimum password length). The Password strength feature applies to all login passwords (user, line and enable).
PAGE 1506
2CSNXXX_SWUM200.book Page 1506 Tuesday, December 10, 2013 1:22 PM passwords aging Use the passwords aging command in Global Configuration mode to implement aging on passwords for local users. When a user’s password expires, the user is prompted to change it before logging in again. Use the no form of this command to set the password aging to the default value. Syntax passwords aging 1-365 no passwords aging Default Configuration The default value is 0.
PAGE 1507
2CSNXXX_SWUM200.book Page 1507 Tuesday, December 10, 2013 1:22 PM no passwords history Default Configuration The default value is 0. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the number of previous passwords remembered by the system at 10.
PAGE 1508
2CSNXXX_SWUM200.book Page 1508 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration mode. User Guidelines Password lockout only applies to users with authentication configured to local. RADIUS or TACACS authenticated users will use policies configured on the respective RADIUS/TACACS servers. Example The following example sets the number of user attempts before lockout at 2.
PAGE 1509
2CSNXXX_SWUM200.book Page 1509 Tuesday, December 10, 2013 1:22 PM Example The following example configures user bob with password xxxyymmmm and user level 15. (config)# username bob password xxxyyymmm level 15 passwords strength-check Use the passwords strength-check command in Global Configuration mode to enable the Password Strength feature. The command is used to enable the checking of password strength during user configuration. Use the no form of the command to disable the Password Strength feature.
PAGE 1510
2CSNXXX_SWUM200.book Page 1510 Tuesday, December 10, 2013 1:22 PM passwords strength minimum uppercase-letters Use this command to enforce a minimum number of uppercase letters that a password must contain. The valid range is 0–16. The default is 1. A minimum of 0 means no restriction on that set of characters. Use the no form of the command to reset the minimum uppercase letters to the default value.
PAGE 1511
2CSNXXX_SWUM200.book Page 1511 Tuesday, December 10, 2013 1:22 PM Default Configuration The default value is 1. Command Mode Global Configuration User Guidelines This command has no effect unless enabled by the passwords strength minimum character-classes command. This limit is not enforced unless the passwords strength minimum character-classes command is configured with a value greater than 0.
PAGE 1512
2CSNXXX_SWUM200.book Page 1512 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no effect unless the passwords strength minimum character-classes command has been enabled. Example console(config)#passwords strength minimum numeric–characters 6 passwords strength minimum special-characters Use this command to enforce a minimum number of special characters that a password may contain. The valid range is 0–16. The default is 1. A setting of 0 means no restriction.
PAGE 1513
2CSNXXX_SWUM200.book Page 1513 Tuesday, December 10, 2013 1:22 PM passwords strength max-limit consecutivecharacters Use this command to enforce a maximum number of consecutive characters that a password can contain. If a user enters a password that has more consecutive characters than the configured limit, the system rejects the password. The valid range of consecutive characters is 0–15. The default is 0. A maximum of 0 means there is no restriction on consecutive characters.
PAGE 1514
2CSNXXX_SWUM200.book Page 1514 Tuesday, December 10, 2013 1:22 PM default is 0. A maximum of 0 means again disabling the restriction. Use the no form of this command to reset the maximum repeated characters to the default value. Syntax passwords strength max-limit repeated-characters 0-15 no passwords strength max-limit repeated-characters Default Configuration The default value is 0. Command Mode Global Configuration User Guidelines This command has no user guidelines.
PAGE 1515
2CSNXXX_SWUM200.book Page 1515 Tuesday, December 10, 2013 1:22 PM Default Configuration The default value is 0. This limit is not enforced unless the passwords strength minimum character-classes command is configured with a value greater than 0.
PAGE 1516
2CSNXXX_SWUM200.book Page 1516 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines This command has no user guidelines. Example console(config)#passwords strength exclude-keyword brcm enable password encrypted This command is used by an Administrator to transfer the enable password between devices without having to know the password. The password parameter must be exactly 128 hexadecimal characters.
PAGE 1517
2CSNXXX_SWUM200.book Page 1517 Tuesday, December 10, 2013 1:22 PM Syntax show passwords configuration Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines The following fields are displayed by this command. Parameter Description Minimum Password Length Minimum number of characters required when changing passwords. Password History Number of passwords to store for reuse prevention.
PAGE 1518
2CSNXXX_SWUM200.book Page 1518 Tuesday, December 10, 2013 1:22 PM Parameter Description Minimum Password Character Classes Minimum number of character classes (uppercase, lowercase, numeric and special) required when configuring passwords. Password Exclude-Keywords Minimum number of character classes (uppercase, lowercase, numeric and special) required when configuring passwords. Example The following example displays the command output.
PAGE 1519
2CSNXXX_SWUM200.book Page 1519 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the command output. console#show passwords result Last User whose password is set ...................... brcm Password strength check ...........................
PAGE 1520
2CSNXXX_SWUM200.
PAGE 1521
2CSNXXX_SWUM200.book Page 1521 Tuesday, December 10, 2013 1:22 PM PHY Diagnostics Commands 70 Dell Networking N2000/N3000/N4000 Series Switches This chapter explains the following commands: show copper-ports tdr test copper-port tdr show fiber-ports optical-transceiver – show copper-ports tdr Use the show copper-ports tdr command in Privileged EXEC mode to display the stored information regarding cable lengths. Syntax show copper-ports tdr [interface] • interface — A valid Ethernet port.
PAGE 1522
2CSNXXX_SWUM200.book Page 1522 Tuesday, December 10, 2013 1:22 PM console#show copper-ports tdr Port Result Length [meters] Date ----------- ----------------------------1/0/1 OK 1/0/2 Short 50 13:32:00 23 July 2004 1/0/3 Test has not been performed 1/0/4 Open 128 13:32:08 23 July 2004 1/0/5 Fiber - show fiber-ports optical-transceiver Use the show fiber-ports optical-transceiver command in Privileged EXEC mode to display the optical transceiver diagnostics.
PAGE 1523
2CSNXXX_SWUM200.
PAGE 1524
2CSNXXX_SWUM200.book Page 1524 Tuesday, December 10, 2013 1:22 PM The following example results in a failure to report on the cable attached to port te2/0/3.
PAGE 1525
2CSNXXX_SWUM200.book Page 1525 Tuesday, December 10, 2013 1:22 PM 71 Power Over Ethernet Commands Dell Networking N2000/N3000 Series Switches The Dell Networking PoE solution implements the PoE+ specification (IEEE 802.3at). IEEE 802.3at allows power to be supplied to Class 4 PD devices that require power greater than 15.4 Watts and up to 34.2 Watts. This allows the PoE+ enabled network switches and routers to be used for deployment with devices that require more power than the 802.
PAGE 1526
2CSNXXX_SWUM200.
PAGE 1527
2CSNXXX_SWUM200.book Page 1527 Tuesday, December 10, 2013 1:22 PM Default Value auto Examples console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)# power inline auto power inline detection Use the power inline detection command in Interface Configuration mode to configure the detection type that tells which types of PD’s will be detected and powered by the switch. Use the no form of this command to set the detection type to the default.
PAGE 1528
2CSNXXX_SWUM200.book Page 1528 Tuesday, December 10, 2013 1:22 PM Syntax power inline high-power no power inline high-power Default Configuration The default value is disabled. Command Mode Interface Configuration. User Guidelines The system does not apply high power to the interface until an LLDP-MED packet is received from the link partner requesting the application of high power. power inline limit Use the power inline limit command to configure the type of power limit.
PAGE 1529
2CSNXXX_SWUM200.book Page 1529 Tuesday, December 10, 2013 1:22 PM User Guidelines User defined limits are only operational if the power management mode is configured as static. By default, the power management mode is dynamic. If the operator attempts to set the limit to user defined and the power management mode is not configured as static, a warning is issued and the command has no effect.
PAGE 1530
2CSNXXX_SWUM200.book Page 1530 Tuesday, December 10, 2013 1:22 PM Dynamic Power Management Available Power = Power limit of the Sources – Total Allocated power Where Total Allocated Power is calculated as the sum of the power consumed by each port. Class-Based Power Management Available Power = Power limit of the Sources – Total Class Configured power Where Total Class Configured Power is calculated as the sum of the class based power allocation for each port.
PAGE 1531
2CSNXXX_SWUM200.book Page 1531 Tuesday, December 10, 2013 1:22 PM Model Name System Power Maximum Dissipation PoE Power Budget Limit One PSU Maximum PSU output ability N3024P 110W 715W POE+ power turn on limitation Power budget is 550W Two PSUs Maximum PSUs output ability 715W The total POE supplied power cannot exceed 950W. N3048P 140W 1100W Power budget is 950W 1000W Power budget is 850W 2200W 1000W Power budget is 850W The total POE supplied power cannot exceed 850W.
PAGE 1532
2CSNXXX_SWUM200.book Page 1532 Tuesday, December 10, 2013 1:22 PM The default guard band is 90% of maximum power supplied to the system. Assuming a maximum current draw of 31.2W per device and the default settings for PoE, the N2024P can power 32 devices using a single power supply and the N2048P can power 31 devices with a single power supply and 48 devices when using two power supplies.
PAGE 1533
2CSNXXX_SWUM200.book Page 1533 Tuesday, December 10, 2013 1:22 PM power inline powered-device The power inline powered-device command adds a comment or description of the powered device type to enable the user to remember what is attached to the interface. To remove the description, use the no form of this command. Syntax power inline powered-device pd-type no power inline powered-device • pd-type — Specifies the type of powered device attached to the interface.
PAGE 1534
2CSNXXX_SWUM200.book Page 1534 Tuesday, December 10, 2013 1:22 PM no power inline priority Command Mode Interface Configuration (Ethernet). User Guidelines Priority is always enabled for all ports. If all ports have equal priority in an overload condition, the switch will shut down the lowest numbered ports first.
PAGE 1535
2CSNXXX_SWUM200.book Page 1535 Tuesday, December 10, 2013 1:22 PM power inline usage-threshold The power inline usage-threshold command configures the system power usage threshold level at which lower priority ports are disconnected. The threshold is configured as a percentage of the total available power. Use the no form of the command to set the threshold to the default value.
PAGE 1536
2CSNXXX_SWUM200.book Page 1536 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Modes Privileged EXEC User Guidelines This command has no user guidelines. show power inline Use the show power inline command to report current PoE configuration and status. If no port is specified, the command displays global configuration and status of all the ports. If a port is specified, then the command displays the details for the single port.
PAGE 1537
2CSNXXX_SWUM200.book Page 1537 Tuesday, December 10, 2013 1:22 PM Overload Counter............................... Short Counter ................................. Denied Counter................................. Absent Counter................................. Invalid Signature Counter...................... Output Volts................................... Output Current................................. Temperature....................................
PAGE 1538
2CSNXXX_SWUM200.
PAGE 1539
2CSNXXX_SWUM200.book Page 1539 Tuesday, December 10, 2013 1:22 PM 72 RMON Commands Dell Networking N2000/N3000/N4000 Series Switches The Dell Networking SNMP component includes an RMON (remote monitoring) agent. RMON is a base technology used by network management applications to manage a network. Troubleshooting and network planning can be accomplished through the network management applications.
PAGE 1540
2CSNXXX_SWUM200.book Page 1540 Tuesday, December 10, 2013 1:22 PM Syntax rmon alarm number variable interval {delta | absolute} rising-threshold value [event-number] falling-threshold value [event-number] [owner string] [startup direction] no rmon alarm number • number—The alarm index. (Range: 1–65535) • variable—A fully qualified SNMP object identifier that resolves to a particular instance of a MIB object.
PAGE 1541
2CSNXXX_SWUM200.book Page 1541 Tuesday, December 10, 2013 1:22 PM Default Configuration No alarms are configured. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the following alarm conditions: • Alarm index — 1 • Variable identifier — 1.3.6.1.2.1.2.2.1.10.
PAGE 1542
2CSNXXX_SWUM200.book Page 1542 Tuesday, December 10, 2013 1:22 PM • owner ownername — Records the RMON statistics group owner name. If unspecified, the name is an empty string. • buckets bucket-number — A value associated with the number of buckets specified for the RMON collection history group of statistics. If unspecified, defaults to 50. (Range: 1 - 65535) • interval seconds — The number of seconds in each polling cycle. If unspecified, defaults to 1800.
PAGE 1543
2CSNXXX_SWUM200.book Page 1543 Tuesday, December 10, 2013 1:22 PM no rmon event number • number—The event index. (Range: 1–65535) • log—An entry is made in the log table for each event. • trap—An SNMP trap is sent to one or more management stations. • community—If an SNMP trap is to be sent, it is sent to the SNMP community specified by this octet string. (Range: 0-127 characters) • description—A comment describing this event.
PAGE 1544
2CSNXXX_SWUM200.book Page 1544 Tuesday, December 10, 2013 1:22 PM • alarmnumber—An alarm number that uniquely identifies the alarm entry. (Range: 1-65536). Each entry defines a diagnostic sampler at a particular interval for an object on the device. • variable—The MIB object to monitor. May be fully qualified or relative. Only variables that resolve to an ASN.1 primitive type of INTEGER are allowed.
PAGE 1545
2CSNXXX_SWUM200.book Page 1545 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example console(config)# rmon hcalarm 2 ifInOctets.1 30 absolute rising-threshold high 2147483648 falling-threshold high -2147483648 startup rising owner "dell-owner" show rmon alarm Use the show rmon alarm command in User EXEC mode to display alarm configuration. Also see the rmon alarm command. Syntax show rmon alarm number • number — Alarm index.
PAGE 1546
2CSNXXX_SWUM200.book Page 1546 Tuesday, December 10, 2013 1:22 PM Rising Event: 1 Falling Event: 1 Owner: CLI The following table describes the significant fields shown in the display: Field Description Alarm Alarm index. OID Monitored variable OID. Last Sample Value The statistic value during the last sampling period. For example, if the sample type is delta, this value is the difference between the samples at the beginning and end of the period.
PAGE 1547
2CSNXXX_SWUM200.book Page 1547 Tuesday, December 10, 2013 1:22 PM Field Description Owner The entity that configured this entry. show rmon alarms Use the show rmon alarms command in User EXEC mode to display the alarms summary table. Syntax show rmon alarms Default Configuration This command has no arguments or keywords. Command Mode User EXEC, Privileged EXEC modes, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 1548
2CSNXXX_SWUM200.book Page 1548 Tuesday, December 10, 2013 1:22 PM Owner The entity that configured this entry. show rmon collection history Use the show rmon collection history command in User EXEC mode to display the requested group of statistics. Also see the rmon collection history command.
PAGE 1549
2CSNXXX_SWUM200.book Page 1549 Tuesday, December 10, 2013 1:22 PM Samples Samples ---------------------------------------------------------1 1/0/1 30 50 50 CLI 2 1/0/1 1800 50 50 Manager show rmon events Use the show rmon events command in User EXEC mode to display the RMON event table. Also see the rmon event command. Syntax show rmon events Default Configuration This command has no default configuration.
PAGE 1550
2CSNXXX_SWUM200.book Page 1550 Tuesday, December 10, 2013 1:22 PM Example The following example displays the RMON event table. console> show rmon events Index Description Type Community ----- ---------------------1 Errors Log CLI 2 High Broadcast Log-Trap switch Owner ------ Last time sent ------------------Jan 18 2005 23:58:17 Manager Jan 18 2005 23:59:48 show rmon hcalarm Use the show rmon hcalarm command to display high capacity (64-bit) alarms configured with the rmon hcalarm command.
PAGE 1551
2CSNXXX_SWUM200.book Page 1551 Tuesday, December 10, 2013 1:22 PM Rising Threshold Status: Positive Falling Threshold High: 20 Falling Threshold Low: 10 Falling Threshold Status: Positive Rising Event: 1 Falling Event: 2 Startup Alarm: Rising Owner: dell-owner console#show rmon hcalarms Index OID Owner ---------------------------------------------2 ifInOctets.1 dell-owner show rmon history Use the show rmon history command in User EXEC mode to display RMON Ethernet Statistics history.
PAGE 1552
2CSNXXX_SWUM200.book Page 1552 Tuesday, December 10, 2013 1:22 PM Field Description Time Date and Time the entry is recorded. Octets The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). Packets The number of packets (including bad packets) received during this sampling interval. Broadcast The number of good packets received during this sampling interval that were directed to the Broadcast address.
PAGE 1553
2CSNXXX_SWUM200.book Page 1553 Tuesday, December 10, 2013 1:22 PM Field Description Jabbers The number of packets received during this sampling interval that were longer than 1518 octets (excluding framing bits but including FCS octets), and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).
PAGE 1554
2CSNXXX_SWUM200.book Page 1554 Tuesday, December 10, 2013 1:22 PM The following example displays RMON Ethernet Statistics history for "other" on index number 1.
PAGE 1555
2CSNXXX_SWUM200.book Page 1555 Tuesday, December 10, 2013 1:22 PM Example The following examples display the RMON logging table.
PAGE 1556
2CSNXXX_SWUM200.book Page 1556 Tuesday, December 10, 2013 1:22 PM Field Description Dropped The total number of events in which packets are dropped by the probe due to lack of resources. This number is not always the number of packets dropped; it is the number of times this condition has been detected. Octets The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets).
PAGE 1557
2CSNXXX_SWUM200.book Page 1557 Tuesday, December 10, 2013 1:22 PM Field Description Collisions The best estimate of the total number of collisions on this Ethernet segment. 64 Octets The total number of packets (including bad packets) received that are 64 octets in length (excluding framing bits but including FCS octets).
PAGE 1558
2CSNXXX_SWUM200.
PAGE 1559
2CSNXXX_SWUM200.book Page 1559 Tuesday, December 10, 2013 1:22 PM SDM Templates Commands 73 Dell Networking N2000/N3000/N4000 Series Switches On Dell Networking devices, the total available H/W route entries are divided statically (at compile-time) among IPV4 and IPv6 routes. If a switch is deployed in network environments where no IPv6 routes are needed, then H/W resources allocated for IPv6 routes are unused.
PAGE 1560
2CSNXXX_SWUM200.book Page 1560 Tuesday, December 10, 2013 1:22 PM • ipv4-routing—This keyword filters subsequent template choices to those that support IPv4 and not IPv6. The default IPv4-only template maximizes the number of IPv4 unicast routes, while limiting the number of ECMP next hops in each route to 4. The data-center template supports increases the number of ECMP next hops to 16 and reduces the number of routes. Default Configuration The system defaults to the dual IPv4 and IPv6 template.
PAGE 1561
2CSNXXX_SWUM200.book Page 1561 Tuesday, December 10, 2013 1:22 PM Syntax show sdm prefer {dual-ipv4-and-ipv6 |ipv4-routing} {default|data-center} • dual-ipv4-and-ipv6 default—List the scaling parameters for the template supporting IPv4 and IPv6. • ipv4-routing default—List the scaling parameters for the IPv4-only template maximizing the number of unicast routes. • ipv4-routing data-center—List the scaling parameters for the IPv4-only template supporting more ECMP next hops.
PAGE 1562
2CSNXXX_SWUM200.book Page 1562 Tuesday, December 10, 2013 1:22 PM Message Type Message Description Successful Completion Message Changes to the running SDM preferences have been stored, but cannot take effect until the next reload. Error Completion Message None Use the show sdm prefer command to see what SDM preference is currently active. The following table explains the output parameters.
PAGE 1563
2CSNXXX_SWUM200.book Page 1563 Tuesday, December 10, 2013 1:22 PM IPv6 Multicast Routes........................512 Now the user sets the next active SDM template for optimal performance for IPv4 routing. console# configure console(config)#sdm prefer ipv4-routing default Changes to the running SDM preferences have been stored, but cannot take effect until the next reload. Use 'show sdm prefer' to see what SDM preference is currently active.
PAGE 1564
2CSNXXX_SWUM200.
PAGE 1565
2CSNXXX_SWUM200.book Page 1565 Tuesday, December 10, 2013 1:22 PM 74 Serviceability Tracing Packet Commands Dell Networking N2000/N3000/N4000 Series Switches Debug commands cause the output of the enabled trace to display on a serial port or telnet console. Note that the output resulting from enabling a debug trace always displays on the serial port. The output resulting from enabling a debug trace displays on all login sessions for which any debug trace has been enabled.
PAGE 1566
2CSNXXX_SWUM200.
PAGE 1567
2CSNXXX_SWUM200.book Page 1567 Tuesday, December 10, 2013 1:22 PM User Guidelines There are no user guidelines for this command. Example console#debug arp debug authentication interface Use this command to enable Authentication Manager debug traces for the interface.Use the no form of this command to set the debug trace to factory default value. Syntax debug authentication {event | all} interface-id no debug authentication {event | all} interface-id • event—Traces Authentication Manager debug events.
PAGE 1568
2CSNXXX_SWUM200.book Page 1568 Tuesday, December 10, 2013 1:22 PM debug auto-voip Use the debug auto-voip command to enable Auto VOIP debug messages. se the optional parameters to trace H323, SCCP, or SIP packets respectively. Use the “no” form of this command to disable Auto VOIP debug messages. Syntax debug auto-voip [ H323 | SCCP | SIP ] no debug auto-voip [ H323 | SCCP | SIP ] Default Configuration Auto VOIP tracing is disabled by default. Command Mode Privileged EXEC mode.
PAGE 1569
2CSNXXX_SWUM200.book Page 1569 Tuesday, December 10, 2013 1:22 PM User Guidelines There are no user guidelines for this command. Example console#debug clear debug console Use the debug console to enable the display of “debug” trace output on the login session in which it is executed. Debug console display must be enabled in order to view any trace output. The output of debug trace commands appears on all login sessions for which debug console has been enabled.
PAGE 1570
2CSNXXX_SWUM200.book Page 1570 Tuesday, December 10, 2013 1:22 PM Syntax debug dot1ag {all | ccm | events | lbm | lbr | ltm | ltr | pdu} no debug dot1ag {all | ccm | events | lbm | lbr | ltm | ltr | pdu} • all—Traces CCM, LBM, LBR, LTM, LTRs. • ccm—Traces CCMs • events—Traces CFM events • lbm—Traces LBMs • lbr—Traces LBRs • ltm—Traces LTMs • ltr—Traces LTRs • pdu—Traces specific PDUs Default Configuration Tracing is disabled by default.
PAGE 1571
2CSNXXX_SWUM200.book Page 1571 Tuesday, December 10, 2013 1:22 PM Dot1ag CCM tracing enabled. console# console#no debug dot1ag ccm Dot1ag CCM tracing disabled. debug dot1x Use the debug dot1x command to enable dot1x packet tracing. Use the “no” form of this command to disable dot1x packet tracing. Syntax debug dot1x packet [ receive | transmit ] no debug dot1x packet [ receive | transmit ] Default Configuration Display of dot1x traces is disabled by default. Command Mode Privileged EXEC mode.
PAGE 1572
2CSNXXX_SWUM200.book Page 1572 Tuesday, December 10, 2013 1:22 PM no debug igmpsnooping packet [ receive | transmit ] Default Configuration Display of IGMP Snooping traces is disabled by default. Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command. Example console#debug igmpsnooping packet debug ip acl Use the debug ip acl command to enable debug of IP Protocol packets matching the ACL criteria. Use the “no” form of this command to disable IP ACL debugging.
PAGE 1573
2CSNXXX_SWUM200.book Page 1573 Tuesday, December 10, 2013 1:22 PM Example console#debug ip acl 1 debug ip dvmrp Use the debug ip dvmrp to trace DVMRP packet reception and transmission. The receive option traces only received DVMRP packets and the transmit option traces only transmitted DVMRP packets. When neither keyword is used in the command, all DVMRP packet traces are dumped.
PAGE 1574
2CSNXXX_SWUM200.book Page 1574 Tuesday, December 10, 2013 1:22 PM type, packet length, and the interface on which the packet is received or transmitted is displayed on the console. Use the “no” form of this command to disable IGMP traces. Syntax debug ip igmp packet [ receive | transmit ] no debug ip igmp packet [ receive | transmit ] Default Configuration Display of IGMP traces is disabled by default. Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command.
PAGE 1575
2CSNXXX_SWUM200.book Page 1575 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command. Example console#debug ip mcache packet debug ip pimdm packet Use the debug ip pimdm packet command to trace PIMDM packet reception and transmission. The receive option traces only received PIMDM packets and the transmit option traces only transmitted PIMDM packets.
PAGE 1576
2CSNXXX_SWUM200.book Page 1576 Tuesday, December 10, 2013 1:22 PM debug ip pimsm packet Use the debug ip pimsm command to trace PIMSM packet reception and transmission. The receive option traces only received PIMSM packets and the transmit option traces only transmitted PIMSM packets. When neither keyword is used in the command, then all PIMSM packet traces are dumped.
PAGE 1577
2CSNXXX_SWUM200.book Page 1577 Tuesday, December 10, 2013 1:22 PM Default Configuration Display of VRRP traces is disabled by default. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example console#debug ip vrrp debug ipv6 dhcp Use the debug ipv6 dhcp command in Privileged EXEC mode to display debug information about DHCPv6 client activities and to trace DHCPv6 packets to and from the local DHCPv6 client. To disable debugging, use the no form of the command.
PAGE 1578
2CSNXXX_SWUM200.book Page 1578 Tuesday, December 10, 2013 1:22 PM debug ipv6 mcache Use the debug ipv6 mcache command to trace MDATAv6 packet reception and transmission. The receive option traces only received data packets and the transmit option traces only transmitted data packets. When neither keyword is used in the command, then all data packet traces are dumped.
PAGE 1579
2CSNXXX_SWUM200.book Page 1579 Tuesday, December 10, 2013 1:22 PM Syntax debug ipv6 mld packet [ receive | transmit ] no debug ipv6 mld packet [ receive | transmit ] Default Configuration Display of MLD traces is disabled by default. Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command. Example console#debug ipv6 mld packet debug ipv6 pimdm Use the debug ipv6 pimdm command to trace PIMDMv6 packet reception and transmission.
PAGE 1580
2CSNXXX_SWUM200.book Page 1580 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command. Example console#debug ipv6 pimdm packet debug ipv6 pimsm Use the debug ipv6 pimsm command to trace PIMSMv6 packet reception and transmission. The receive option traces only received PIMSMv6 packets and the transmit option traces only transmitted PIMSMv6 packets.
PAGE 1581
2CSNXXX_SWUM200.book Page 1581 Tuesday, December 10, 2013 1:22 PM debug isdp Use the debug isdp command to trace ISDP packet reception and transmission. The receive option traces only received ISDP packets and the transmit option traces only transmitted ISDP packets. When neither keyword is used in the command, then all ISDP packet traces are dumped.
PAGE 1582
2CSNXXX_SWUM200.book Page 1582 Tuesday, December 10, 2013 1:22 PM Default Configuration Display of LACP traces is disabled by default. Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command. Example console#debug lacp packet debug mldsnooping Use the debug mldsnooping command to trace MLD snooping packet reception and transmission. The receive option traces only received MLD snooping packets and the transmit option traces only transmitted MLD snooping packets.
PAGE 1583
2CSNXXX_SWUM200.book Page 1583 Tuesday, December 10, 2013 1:22 PM Example console#debug mldsnooping debug ospf Use the debug ospf command to enable tracing of OSPF packets received and transmitted by the switch. Use the “no” form of this command to disable tracing of OSPF packets. Syntax debug ospf packet no debug ospf packet Default Configuration Display of OSPF traces is disabled by default. Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command.
PAGE 1584
2CSNXXX_SWUM200.book Page 1584 Tuesday, December 10, 2013 1:22 PM Default Configuration Display of OSPFv3 traces is disabled by default. Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command. Example console#debug ospfv3 packet debug ping Use the debug ping command to enable tracing of ICMP echo requests and responses. This command traces pings on the network port and on the routing interfaces.
PAGE 1585
2CSNXXX_SWUM200.book Page 1585 Tuesday, December 10, 2013 1:22 PM debug rip Use the debug rip command to enable tracing of RIP requests and responses. Use the no form of this command to disable tracing of RIP requests and responses. Syntax debug rip packet no debug rip packet Default Configuration Display of RIP traces is disabled by default. Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command.
PAGE 1586
2CSNXXX_SWUM200.book Page 1586 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command. Example console#debug sflow packet debug spanning-tree Use the debug spanning-tree command to trace spanning tree BPDU packet reception and transmission. The receive option traces only received spanning tree BPDUs and the transmit option traces only transmitted BPDUs.
PAGE 1587
2CSNXXX_SWUM200.book Page 1587 Tuesday, December 10, 2013 1:22 PM debug vrrp Use the debug vrrp command in Privileged EXEC mode to enable VRRP debug protocol messages. Use the no form of this command to disable VRRP debug protocol messages. Syntax debug vrrp all no debug vrrp all Default Configuration The display of VRRP traces is disabled by default. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines.
PAGE 1588
2CSNXXX_SWUM200.book Page 1588 Tuesday, December 10, 2013 1:22 PM Default Configuration By default, the core file name has no prefix and no host name and uses the time stamp of the switch in the core file name. Command Modes Global Configuration mode User Guidelines The configuration parameters are not validated when this command is entered. Use the write core test command to validate the configured parameters and that the core dump is likely to succeed. An average core file is around 450 MB.
PAGE 1589
2CSNXXX_SWUM200.book Page 1589 Tuesday, December 10, 2013 1:22 PM Default Configuration Full core dumps are not enabled by default. Command Modes Global Configuration mode User Guidelines This option should only be used under the direction of Dell support personnel. The file-path parameter is used by both the USB and TFTP core dumps. The TFTP server must be reachable over the out-of-band interface. Front panel ports cannot be used for TFTP during exception processing.
PAGE 1590
2CSNXXX_SWUM200.book Page 1590 Tuesday, December 10, 2013 1:22 PM • usb — Store the core dump on an un-mounted USB device • none — Core dumps are disabled Default Configuration Full core dumps are disabled by default. Command Modes Global Configuration mode User Guidelines The TFTP server must be reachable over the out-of-band port. Configuring a TFTP server reachable over a front panel port is unreliable during exception processing.
PAGE 1591
2CSNXXX_SWUM200.book Page 1591 Tuesday, December 10, 2013 1:22 PM console(config)#exception protocol usb console(config)#do dir usb Filename Filesize Modification Time . 16384 01/01/1970 00:00:00 .. 0 06/24/2013 17:14:30 test.bin 11 01/01/1980 00:00:00 Total Size: 1002160128 Bytes Used: 16384 Bytes Free: 1002143744 exception switch-chip-register Use the exception switch-chip-register command to enable dumping the switch chip registers in case of an exception.
PAGE 1592
2CSNXXX_SWUM200.book Page 1592 Tuesday, December 10, 2013 1:22 PM Syntax show debugging no show debugging Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines Enabled packet tracing configurations are displayed.
PAGE 1593
2CSNXXX_SWUM200.book Page 1593 Tuesday, December 10, 2013 1:22 PM Parameter Default Coredump file name core Coredump filename uses hostname FALSE Coredump filename uses time-stamp True TFTP server IP File path ./. Protocol none Switch-chip-register FALSE Example console(config)#show exception Coredump file name............................. Coredump filename uses hostname................ Coredump filename uses time-stamp.............. TFTP server IP................................. File path..
PAGE 1594
2CSNXXX_SWUM200.book Page 1594 Tuesday, December 10, 2013 1:22 PM Command Modes Privileged EXEC mode User Guidelines Using the write core command reboots the switch. The write core command is useful when the device malfunctions, but has not crashed. The write core test command is useful for validating the core dump setup. For example, if the protocol is configured as tftp, the command write core test communicates with the tftp server and informs the administrator if the tftp server can be contacted.
PAGE 1595
2CSNXXX_SWUM200.book Page 1595 Tuesday, December 10, 2013 1:22 PM This build was configured to copy this crash information to a file. . . . (Unit 1 - Waiting to select management unit)> Applying Global configuration, please wait ... Applying Interface configuration, please wait ... console>en console#dir usb Filename Filesize Modification Time . 16384 01/01/1970 00:00:00 .. 0 06/24/2013 17:14:30 test.bin 11 01/01/1980 00:00:00 syncdb_hostname_1055.
PAGE 1596
2CSNXXX_SWUM200.
PAGE 1597
2CSNXXX_SWUM200.book Page 1597 Tuesday, December 10, 2013 1:22 PM 75 Sflow Commands Dell Networking N2000/N3000/N4000 Series Switches sFlow® is the standard for monitoring high-speed switched and routed networks. sFlow technology is built into network equipment and gives complete visibility into network activity, enabling effective management and control of network resources.
PAGE 1598
2CSNXXX_SWUM200.book Page 1598 Tuesday, December 10, 2013 1:22 PM Syntax sflow rcvr_index destination { ip-address [ port ] | maxdatagram size | owner "owner_string" {notimeout|timeout rcvr_timeout} no sflow rcvr_index destination [ip-address | maxdatagram | owner ] • rcvr_index — The index of this sFlow Receiver (Range: 1–8). • ip-address — The sFlow receiver IP address. If set to 0.0.0.0, no sFlow datagrams will be sent.
PAGE 1599
2CSNXXX_SWUM200.book Page 1599 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration mode. User Guidelines An sflow destination entry must have an owner assigned in order for polling or sampling to be operational. The last set of command parameters are optional in the no form of the command. Sflow commands with a timeout value supplied do not show in the running config. Because the timer is actively running, the command is ephemeral and is therefore not shown in the running config.
PAGE 1600
2CSNXXX_SWUM200.book Page 1600 Tuesday, December 10, 2013 1:22 PM Default Configuration There are no pollers configured by default. The default poll interval is 0. Command Mode Global Configuration mode. User Guidelines The sflow instance must be configured using the sflow destination owner command before this command can successfully execute.
PAGE 1601
2CSNXXX_SWUM200.book Page 1601 Tuesday, December 10, 2013 1:22 PM Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example console(config-if-Gi1/0/2)#sflow 1 polling 6055 sflow sampling Use the sflow sampling command to enable a new sflow sampler instance for this data source if rcvr_idx is valid. An sflow sampler collects flow samples to send to the receiver. Use the “no” form of this command to reset sampler parameters to the default.
PAGE 1602
2CSNXXX_SWUM200.book Page 1602 Tuesday, December 10, 2013 1:22 PM The default size is 128. Command Mode Global Configuration mode. User Guidelines Lower sampling numbers cause more samples to be collected and increase the load on the CPU. Setting a sampling rate of 1024 on a large number of ports may tax the CPU beyond it's ability to deliver the packets to the receiver. Lowering the sampling rate (higher numerical value) will help to ensure that all collected samples can be sent to the receiver.
PAGE 1603
2CSNXXX_SWUM200.book Page 1603 Tuesday, December 10, 2013 1:22 PM Default Configuration There are no samplers configured by default. The default sampling rate is 0. The default maximum header size is 128. Command Mode Interface Configuration (Ethernet) mode User Guidelines Lower sampling numbers cause more samples to be collected and increase the load on the CPU. Setting a sampling rate of 1024 on a large number of ports may tax the CPU beyond it's ability to deliver the packets to the receiver.
PAGE 1604
2CSNXXX_SWUM200.book Page 1604 Tuesday, December 10, 2013 1:22 PM sFlow Version Uniquely identifies the version and implementation of this MIB. The version string must have the following structure: MIB Version; Organization; Software Revision where: MIB Version: 1.3, the version of this MIB. Organization: Dell Corp. Revision: 1.0 IP Address The IP address associated with this agent. Example console#show sflow agent sFlow Version.......................... 1.3;Dell Inc.;10.23.18.28 IP Address............
PAGE 1605
2CSNXXX_SWUM200.book Page 1605 Tuesday, December 10, 2013 1:22 PM Time Out The time (in seconds) remaining before the receiver is released and stops sending samples to sFlow receiver. Max Datagram Size The maximum number of bytes that can be sent in a single sFlow datagram. Port The destination Layer4 UDP port for sFlow datagrams. Example console(config)#show sflow 1 destination Receiver Index................................. Owner String................................... Time out...................
PAGE 1606
2CSNXXX_SWUM200.book Page 1606 Tuesday, December 10, 2013 1:22 PM Poller Data Source The sFlowDataSource (unit/slot/port) for this sFlow sampler. This agent will support Physical ports only. Receiver Index The sFlowReceiver associated with this sFlow counter poller. Poller Interval The number of seconds between successive samples of the counters associated with this data source.
PAGE 1607
2CSNXXX_SWUM200.book Page 1607 Tuesday, December 10, 2013 1:22 PM Sampler Data Source The sFlowDataSource (unit/slot/port) for this sFlow sampler. This agent will support Physical ports only. Receiver Index The sFlowReceiver configured for this sFlow sampler. Packet Sampling Rate The statistical sampling rate for packet sampling from this source. Max Header Size The maximum number of bytes that should be copied from a sampled packet to form a flow sample.
PAGE 1608
2CSNXXX_SWUM200.
PAGE 1609
2CSNXXX_SWUM200.book Page 1609 Tuesday, December 10, 2013 1:22 PM 76 SNMP Commands Dell Networking N2000/N3000/N4000 Series Switches The SNMP component provides a machine-to-machine interface for the Dell Networking product family. This includes the ability to configure the network device, view settings and statistics, and upload or download code or configuration images.
PAGE 1610
2CSNXXX_SWUM200.book Page 1610 Tuesday, December 10, 2013 1:22 PM show snmp Use the show snmp command in Privileged EXEC mode to display the SNMP communications status. Syntax show snmp Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the SNMP communications status.
PAGE 1611
2CSNXXX_SWUM200.book Page 1611 Tuesday, December 10, 2013 1:22 PM Version 3 notifications Target Address Type Username Security Level -------------- ----- -------- -------192.122.173.42 Inform Bob Priv System Contact: Robert System Location: Marketing UDP Port ---162 Filter name -----filt31 TO Retries Sec --- -----15 3 show snmp engineID Use the show snmp engineID command in Privileged EXEC mode to display the ID of the local Simple Network Management Protocol (SNMP) engine.
PAGE 1612
2CSNXXX_SWUM200.book Page 1612 Tuesday, December 10, 2013 1:22 PM • filtername — Specifies the name of the filter. (Range: 1-30) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines Per RFC 2573, an implicit exclude all filter is present at the beginning of every filter list. This implicit filter is not shown in the output of this command.
PAGE 1613
2CSNXXX_SWUM200.book Page 1613 Tuesday, December 10, 2013 1:22 PM • groupname — Specifies the name of the group. (Range: 1-30) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines The group name accepts any printable characters except a double quote or question mark. Enclose the string in double quotes to include spaces within the name.
PAGE 1614
2CSNXXX_SWUM200.
PAGE 1615
2CSNXXX_SWUM200.
PAGE 1616
2CSNXXX_SWUM200.book Page 1616 Tuesday, December 10, 2013 1:22 PM ----------- ----------------------- --------- user-view1 1.3.6.1.2.1.1 Included user-view1 1.3.6.1.2.1.1.7 Excluded user-view2 1.3.6.1.2.1.2.2.1.*.1 Included show trapflags Use the show trapflags command in Privileged EXEC mode to display the trap settings. Syntax show trapflags [ospf|ospfv3|captive-portal] • ospf—Display OSPFv2 specific trap settings. • ospfv3—Display OSPFv3 specific trap settings.
PAGE 1617
2CSNXXX_SWUM200.book Page 1617 Tuesday, December 10, 2013 1:22 PM DVMRP Traps................................. OSPFv2 Traps................................ PIM Traps................................... OSPFv3 Traps................................ FIP snooping Traps.......................... Disable Disable Disable Disable Enable Example #2 console#show trapflags ospf OSPF Traps: errors: all..............................Disabled authentication failure...........Enabled bad packet.......................
PAGE 1618
2CSNXXX_SWUM200.book Page 1618 Tuesday, December 10, 2013 1:22 PM • string—Permits access to the SNMP protocol. (Range: 1-20 characters) • ro—Indicates read-only access. • rw—Indicates read-write access. • su—Indicates SNMP administrator access. • ipaddress—Specifies the IP address of the management station. If no IP address is specified, all management stations are permitted. • view-name—Specifies the name of a previously defined view. For information on views, see the User Guidelines below.
PAGE 1619
2CSNXXX_SWUM200.book Page 1619 Tuesday, December 10, 2013 1:22 PM Example The following example configures community access string public to permit administrative access to SNMP at an administrative station with IP address 192.168.1.20. console(config)# snmp-server community public su ipaddress 192.168.1.20 snmp-server community-group Use the snmp-server community-group command in Global Configuration mode to map the internal security name for SNMP v1 and SNMP v2 security models to the group name.
PAGE 1620
2CSNXXX_SWUM200.book Page 1620 Tuesday, December 10, 2013 1:22 PM Example The following example maps a community access string dell_community to group dell_group. console(config)# snmp-server community-group dell_community dell_group 192.168.29.1 snmp-server contact Use the snmp-server contact command in Global Configuration mode to set up a system contact (sysContact) string. To remove the system contact information, use the no form of the command.
PAGE 1621
2CSNXXX_SWUM200.book Page 1621 Tuesday, December 10, 2013 1:22 PM snmp-server enable traps Use the snmp-server enable traps command in Global Configuration mode to enable sending SNMP traps globally or to enable sending individual SNMP traps. Use the no form of this command to disable sending SNMP traps individually or globally.
PAGE 1622
2CSNXXX_SWUM200.book Page 1622 Tuesday, December 10, 2013 1:22 PM • ospf—Enable OSPF event traps. • ospfv3—Enable OSPFv3 event traps. • pim—Enable pim traps (pim-sm and pim-dm). • poe —Enable poe traps. • snmp authentication —Enable snmp authentication traps. • spanning-tree—Enable traps on topology changes. • stack—Enable stack firmware synchronization traps. • vrrp —Enable vrrp traps.
PAGE 1623
2CSNXXX_SWUM200.book Page 1623 Tuesday, December 10, 2013 1:22 PM vrrpEnable/Disable VRRP trap. snmp-server engineID local Use the snmpserver engineID local command in Global Configuration mode to specify the Simple Network Management Protocol (SNMP) engine ID on the local device. To remove the configured engine ID, use the no form of this command.
PAGE 1624
2CSNXXX_SWUM200.book Page 1624 Tuesday, December 10, 2013 1:22 PM 2 For stackable systems, configure your own EngineID, and verify that is unique within your administrative domain. Changing the value of snmpEngineID has important side-effects. A user's password (entered on the command line) is converted to an MD5 or SHA security digest. This digest is based on both the password and the local engine ID. The command line password is then destroyed, as required by RFC 2274.
PAGE 1625
2CSNXXX_SWUM200.book Page 1625 Tuesday, December 10, 2013 1:22 PM Default Configuration No filter entry exists. Command Mode Global Configuration mode User Guidelines An SNMP server filter identifies the objects to be included or excluded from notifications sent to a server per RFC 2573 Section 6 "Notification Filtering." This command can be entered multiple times for the same filter record. Later lines take precedence when an object identifier is included in two or more lines.
PAGE 1626
2CSNXXX_SWUM200.book Page 1626 Tuesday, December 10, 2013 1:22 PM Syntax snmp-server group groupname { v1 | v2 | v3 { noauth | auth | priv } [ notify notifyview ] } [ context contextname ] [ read readview ] [ write writeview ] no snmp-server group groupname { v1 | v2 | v3 { noauth | auth | priv } } [ context contextname ] • groupname — Specifies the name of the group. (Range: 1-30 characters.) • v1 — Indicates the SNMP Version 1 security model. • v2 — Indicates the SNMP Version 2 security model.
PAGE 1627
2CSNXXX_SWUM200.book Page 1627 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration Mode User Guidelines View-name should be an existing view created using the snmp-server view command. If there are multiple records with the same view-name, then the argument specified in this command points to first view-name in the table.
PAGE 1628
2CSNXXX_SWUM200.book Page 1628 Tuesday, December 10, 2013 1:22 PM • seconds—Number of seconds to wait for an acknowledgment before resending informs. The default is 15 seconds. (Range: 1-300.) • retries—Maximum number of times to resend an inform request. The default is 3 attempts. (Range: 0-255 characters.) • port—UDP port of the host to use. The default is 162. (Range: 1-65535.) • filtername— A string that is the name of the filter that defines the filter for this host.
PAGE 1629
2CSNXXX_SWUM200.book Page 1629 Tuesday, December 10, 2013 1:22 PM Syntax snmp-server location text no snmp-server location • text — Character string describing the system location. (Range: 1 to 255 characters.) Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the device location as "New_York".
PAGE 1630
2CSNXXX_SWUM200.book Page 1630 Tuesday, December 10, 2013 1:22 PM • engineid-string — Specifies the engine ID of the remote SNMP entity to which the user belongs. The engine ID is a concatenated hexadecimal string. Each byte in the hexadecimal character string is two hexadecimal digits. The remote engine id designates the remote management station, and should be defined to enable the device to receive acknowledgements to "informs." (Range: 5-32 characters.
PAGE 1631
2CSNXXX_SWUM200.book Page 1631 Tuesday, December 10, 2013 1:22 PM Example The following example configures an SNMPv3 user "John" in group "usergroup". console(config)# snmp-server user John user-group snmp-server view Use the snmp-server view command in Global Configuration mode to create or update a Simple Network Management Protocol (SNMP) server view entry. To delete a specified SNMP server view entry, use the no form of this command.
PAGE 1632
2CSNXXX_SWUM200.book Page 1632 Tuesday, December 10, 2013 1:22 PM The view name accepts any printable characters except a double quote or question mark. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name. The CLI does not filter illegal combinations of characters on entry and may accept entries up to the first illegal character or reject the entry entirely.
PAGE 1633
2CSNXXX_SWUM200.book Page 1633 Tuesday, December 10, 2013 1:22 PM • auth — Specifies authentication of a packet without encrypting it • priv — Specifies authentication and encryption of a packet. • seconds — Number of seconds to wait for an acknowledgment before resending informs. This is not allowed for hosts configured to send traps. The default is 15 seconds. (Range: 1-300 seconds.) • retries — Maximum number of times to resend an inform request.
PAGE 1634
2CSNXXX_SWUM200.
PAGE 1635
2CSNXXX_SWUM200.book Page 1635 Tuesday, December 10, 2013 1:22 PM 77 SSH Commands Dell Networking N2000/N3000/N4000 Series Switches Management access to the switch is supported via telnet, SSH, or the serial console. The Dell Networking supports secure shell (SSH) and secure sockets layer (SSL) to help ensure the security of network transactions. Keys and certificates can be generated externally (that is, offline) and downloaded to the target or generated directly by the Dell Networking.
PAGE 1636
2CSNXXX_SWUM200.book Page 1636 Tuesday, December 10, 2013 1:22 PM Default Configuration DSA key pairs do not exist. Command Mode Global Configuration mode User Guidelines DSA keys are generated in pairs: one public DSA key and one private DSA key. If your switch already has DSA keys when you issue this command, you are warned and prompted to replace the existing keys. The keys are not saved in the switch configuration; they are saved in the file system and the private key is never displayed to the user.
PAGE 1637
2CSNXXX_SWUM200.book Page 1637 Tuesday, December 10, 2013 1:22 PM User Guidelines RSA keys are generated in pairs: one public RSA key and one private RSA key. If your switch already has RSA keys when you issue this command, you are warned and prompted to replace the existing keys. The keys are not saved in the switch configuration; they are saved in the file system and the private key is never displayed to the user.
PAGE 1638
2CSNXXX_SWUM200.
PAGE 1639
2CSNXXX_SWUM200.book Page 1639 Tuesday, December 10, 2013 1:22 PM Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example console(config)#crypto key zeroize rsa ip ssh port Use the ip ssh port command in Global Configuration mode to specify the TCP port to be used by the SSH server. To use the default port, use the no form of this command.
PAGE 1640
2CSNXXX_SWUM200.book Page 1640 Tuesday, December 10, 2013 1:22 PM Example The following example specifies the port to be used by the SSH server as 8080. console(config)#ip ssh port 8080 ip ssh pubkey-auth Use the ip ssh pubkey-auth command in Global Configuration mode to enable public key authentication for incoming SSH sessions. To disable this function, use the no form of this command. Syntax ip ssh pubkey-auth no ip ssh pubkey-auth Default Configuration The function is disabled.
PAGE 1641
2CSNXXX_SWUM200.book Page 1641 Tuesday, December 10, 2013 1:22 PM Syntax ip ssh server no ip ssh server Default Configuration The SSH server is disabled by default. Command Mode Global Configuration mode User Guidelines To generate SSH server keys, use the commands crypto key generate rsa and crypto key generate dsa. Example The following example enables the switch to be configured using SSH.
PAGE 1642
2CSNXXX_SWUM200.book Page 1642 Tuesday, December 10, 2013 1:22 PM Command Mode SSH Public Key Configuration mode User Guidelines Use the key-string row command to specify which SSH public key you will configure interactively next. To complete the interactive command, you must enter key-string row with no characters. Examples The following example shows how to enter a public key string for a user called "bob.
PAGE 1643
2CSNXXX_SWUM200.book Page 1643 Tuesday, December 10, 2013 1:22 PM • number— The number of the certificate (between 1 to 2). Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console(config)#no crypto certificate 1 show crypto key mypubkey Use the show crypto key mypubkey command in Privileged EXEC mode to display the SSH public keys of the switch.
PAGE 1644
2CSNXXX_SWUM200.
PAGE 1645
2CSNXXX_SWUM200.book Page 1645 Tuesday, December 10, 2013 1:22 PM console#show crypto key pubkey-chain ssh Username Fingerprint -------- ------------------------------------------------bob 9A:CC:01:C5:78:39:27:86:79:CC:23:C5:98:59:F1:86 john 98:F7:6E:28:F2:79:87:C8:18:F8:88:CC:F8:89:87:C8 The following example displays the SSH public called "dana.
PAGE 1646
2CSNXXX_SWUM200.book Page 1646 Tuesday, December 10, 2013 1:22 PM IP Address User Name ------------- -------------------10.240.1.
PAGE 1647
2CSNXXX_SWUM200.book Page 1647 Tuesday, December 10, 2013 1:22 PM 78 Syslog Commands Dell Networking N2000/N3000/N4000 Series Switches The Dell Networking supports a centralized logging subsystem with support for local in memory logs, crash dump logs, and forwarding messages to syslog servers. All switch components use the logging subsystem.
PAGE 1648
2CSNXXX_SWUM200.book Page 1648 Tuesday, December 10, 2013 1:22 PM <190> JAN 10 18:59:17 10.27.21.22-2 CLI_WEB[209809328]: cmd_logger_api.c(260) 369 %% [CLI:----:EIA-232] Access level of user admin has been set to 15 If enabled, the CLI command logger subsystem begins to log commands immediately after the user is authenticated. After authentication, the CLI generates an explicit message and invokes the command logger. The format of the message at login is: <189> JAN 10 18:58:56 10.27.21.
PAGE 1649
2CSNXXX_SWUM200.book Page 1649 Tuesday, December 10, 2013 1:22 PM Syntax clear logging Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example clears messages from the internal syslog message logging buffer. console#clear logging Clear logging buffer [y/n] clear logging file Use the clear logging file command in Privileged EXEC mode to clear messages from the logging file.
PAGE 1650
2CSNXXX_SWUM200.book Page 1650 Tuesday, December 10, 2013 1:22 PM Example The following example shows the clear logging file command and confirmation response. console#clear logging file Clear logging file [y/n] description (Logging) Use the description command in Logging mode to describe the syslog server. Syntax description description • description — Sets the description of the syslog server. (Range: 1-64 characters.) Default Configuration This command has no default value.
PAGE 1651
2CSNXXX_SWUM200.book Page 1651 Tuesday, December 10, 2013 1:22 PM no level • level—The severity level for syslog messages. (Range: emergency, alert, critical, error, warning, notice, info, debug) Default Configuration The default value for level is info. Command Mode Logging mode User Guidelines After entering the view corresponding to a specific syslog server, the command can be executed to set the severity level for syslog messages.
PAGE 1652
2CSNXXX_SWUM200.book Page 1652 Tuesday, December 10, 2013 1:22 PM Example console(config)#logging cli-command console(config)#do show logging Logging is enabled Console Logging: level warnings. Console Messages: 384 Dropped. Buffer Logging: level informational. Buffer Messages: 71 Logged, File Logging: level notActive. File Messages: 385 Dropped.
PAGE 1653
2CSNXXX_SWUM200.book Page 1653 Tuesday, December 10, 2013 1:22 PM no logging {ip-address | hostname} • ip-address — IP address of the host to be used as a syslog server. • hostname — Hostname of the host to be used as a syslog server. (Range: 163 characters) The command allows spaces in the host name when specified in double quotes. For example, #snmp-server v3-host “host name”. Default Configuration No syslog servers defined.
PAGE 1654
2CSNXXX_SWUM200.book Page 1654 Tuesday, December 10, 2013 1:22 PM PRI This consists of the facility code (see RFC 3164) multiplied by 8 and added to the severity. See below for more information on severity. Timestamp The system up time. For systems that use SNTP, this is UTC. When time zones are enabled, local time will be used. Host IP Address The IP address of the local system. Stack ID The assigned stack ID. 1 is used for systems without stacking capability.
PAGE 1655
2CSNXXX_SWUM200.book Page 1655 Tuesday, December 10, 2013 1:22 PM Default Configuration The command default is enabled. Command Mode Global Configuration Example console(config)#logging audit logging buffered Use the logging buffered command in Global Configuration mode to limit syslog messages displayed from an internal buffer based on severity. To cancel the buffer use, use the no form of this command.
PAGE 1656
2CSNXXX_SWUM200.book Page 1656 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration mode User Guidelines All the syslog messages are logged to the internal buffer. This command limits the commands displayed to the user. Example The following example limits syslog messages collected in the internal buffer to those of severity level "error" and above (numerically lower).
PAGE 1657
2CSNXXX_SWUM200.book Page 1657 Tuesday, December 10, 2013 1:22 PM Default Configuration The default value for level is warnings. Command Mode Global Configuration mode User Guidelines Messages at the selected level and above (numerically lower) are displayed on the console. Example The following example limits messages logged to the console based on severity level "alert".
PAGE 1658
2CSNXXX_SWUM200.book Page 1658 Tuesday, December 10, 2013 1:22 PM Example The following example sets the logging facility as local3. console(config)#logging facility local3 logging file Use the logging file command in Global Configuration mode to limit syslog messages sent to the logging file based on severity. To cancel the buffer, use the no form of this command.
PAGE 1659
2CSNXXX_SWUM200.book Page 1659 Tuesday, December 10, 2013 1:22 PM Example The following example limits syslog messages stored in the logging file to severity level "warning" and above (numerically lower). console(config)#logging file warning logging monitor Use the logging monitor command in Global Configuration mode to enable logging messages to telnet and SSH sessions with the default severity level. Use the no logging monitor command to disable logging messages.
PAGE 1660
2CSNXXX_SWUM200.book Page 1660 Tuesday, December 10, 2013 1:22 PM User Guidelines Messages logged to the console are filtered based on severity. Selecting a severity level will log that severity and higher (numerically lower) level messages. logging on Use the logging on command in Global Configuration mode to control error messages logging. This command globally enables the sending of logging messages to the currently configured locations.
PAGE 1661
2CSNXXX_SWUM200.book Page 1661 Tuesday, December 10, 2013 1:22 PM logging protocol Use this command to log messages in RFC5424 format, including time zone and subsecond resolution time stamps. Use the no form of this command to set the logging to the default format.
PAGE 1662
2CSNXXX_SWUM200.book Page 1662 Tuesday, December 10, 2013 1:22 PM console(config)#logging protocol 0 console(config)# <190> DEC 20 20:45:20 10.130.182.151-1 USER_MGR[249300304]: user_mgr.c(1789) 5 %% User abcd Failed to login because of authentication failures <189> DEC 20 20:45:20 10.130.182.151-1 TRAPMGR[249300304]: traputil.c(657) 6 %% Failed User Login with User ID: abcd The following example shows the logging format when logging protocol is set to 1.
PAGE 1663
2CSNXXX_SWUM200.book Page 1663 Tuesday, December 10, 2013 1:22 PM Default Configuration Disabled. Command Mode Global Configuration mode User Guidelines To see SNMP Set command logs use the show logging command. Example console(config)#logging snmp logging web-session Use the logging web-session command in Global Configuration mode to enable web session logging. To disable, use the no form of this command. Syntax logging web-session no logging web-session Default Configuration Disabled.
PAGE 1664
2CSNXXX_SWUM200.book Page 1664 Tuesday, December 10, 2013 1:22 PM port Use the port command in Logging mode to specify the port number of syslog messages. To reset to the default value, use the no form of the command. Syntax port port no port • port—The port number for syslog messages. (Range: 1-65535) Default Configuration The default port number is 514.
PAGE 1665
2CSNXXX_SWUM200.book Page 1665 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the state of logging and the syslog messages stored in the internal buffer. console#show logging Logging is enabled Logging protocol version: 1 Console Logging: Level warnings.
PAGE 1666
2CSNXXX_SWUM200.book Page 1666 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the state of logging and syslog messages sorted in the logging file. console#show logging file Persistent Logging : enabled Persistent Log Count : 1 <186> JAN 01 00:00:05 0.0.0.0-1 UNKN[268434928]: bootos.
PAGE 1667
2CSNXXX_SWUM200.book Page 1667 Tuesday, December 10, 2013 1:22 PM IP address Port Severity Facility Description --------------------------------------------------------192.180.2.275 14 Info local7 7 192.180.2.285 14 Warning local7 7 terminal monitor Use the terminal monitor command in Privileged EXEC mode to enable the display of system messages on the terminal for telnet and SSH sessions.
PAGE 1668
2CSNXXX_SWUM200.
PAGE 1669
2CSNXXX_SWUM200.
PAGE 1670
2CSNXXX_SWUM200.book Page 1670 Tuesday, December 10, 2013 1:22 PM asset-tag Use the asset-tag command in Global Configuration mode to specify the switch asset tag. To remove the existing asset tag, use the no form of the command. Syntax asset-tag [unit] tag no asset-tag [unit] • unit — Switch number. (Range: 1–12) • tag — The switch asset tag. Default Configuration No asset tag is defined by default.
PAGE 1671
2CSNXXX_SWUM200.book Page 1671 Tuesday, December 10, 2013 1:22 PM Syntax banner exec MESSAGE no banner exec • MESSAGE — Quoted text Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The exec message may consist of multiple lines. Enter a quote to complete the message and return to configuration mode. Up to 2000 characters may be entered into a banner.
PAGE 1672
2CSNXXX_SWUM200.book Page 1672 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration User Guidelines The login banner can consist of multiple lines. Enter a quote to end the banner text and return to the configuration prompt. Up to 2000 characters may be entered into a banner. Each line entered will consume an extra two characters to account for the carriage return and line feed. Different terminal emulators will exhibit different behaviors when logging in over SSH.
PAGE 1673
2CSNXXX_SWUM200.book Page 1673 Tuesday, December 10, 2013 1:22 PM The motd banner is usually displayed prior to logging into the switch, although some protocols, for example SSH, may enforce different behavior. See the user guidelines for banner motd acknowledge for some examples. Example console(config)# banner motd “IMPORTANT: There is a power shutdown at 23:00hrs today, duration 1 hr 30 minutes.
PAGE 1674
2CSNXXX_SWUM200.book Page 1674 Tuesday, December 10, 2013 1:22 PM Please be advised this unit is under test by Kevin." and the banner login is "Welcome to the N3024 in the Bottom Chassis 192.168.12.190. This unit is located in A2 and is currently under test." SSH (putty): login as: dellradius If you need to utilize this device or otherwise make changes to the configuration, you may contact Kevin at x911. Please, be advised this unit is under test by Kevin. dellradius@192.168.12.
PAGE 1675
2CSNXXX_SWUM200.book Page 1675 Tuesday, December 10, 2013 1:22 PM Telnet: If you need to utilize this device or otherwise make changes to the configuration, you may contact Kevin at x911. Press 'y' to continue (within 30 seconds) (y/n) y Please, be advised this unit is under test by Kevin. User:root Password:****** Welcome to the N3024 in the Bottom Chassis - 192.168.12.190. This unit is located in A2 and is currently under test.
PAGE 1676
2CSNXXX_SWUM200.book Page 1676 Tuesday, December 10, 2013 1:22 PM User Guidelines When nonstop forwarding is enabled on a stack, the stack's management unit checkpoints operational data to the backup unit. If the backup unit takes over as the management unit, the control plane on the new management unit uses the checkpoint data when initializing its state. Checkpoint statistics track the amount of data checkpointed from the management unit to the backup unit.
PAGE 1677
2CSNXXX_SWUM200.book Page 1677 Tuesday, December 10, 2013 1:22 PM of the stack. The network administrator can use the connect command to access the master unit serial port when presented with a “CLI unavailable message” due to a master switchover. Syntax connect unit • unit—A unit number in the stack. Default Configuration There is no default configuration for this command. Command Modes Privileged EXEC mode on stack master. At Unit Prompt on stack member.
PAGE 1678
2CSNXXX_SWUM200.book Page 1678 Tuesday, December 10, 2013 1:22 PM Example 2: To connect to the stack master (unit 1, below) over a stack member serial port. (Unit 2 - CLI unavailable - please connect to master on Unit 1)>connect 1 Stack-Master# cut-through mode Use the cut-through mode command to enable the cut-through mode on the switch. The mode takes effect on all ports on next reload of the switch. To disable the cut-through mode on the switch, use the no form of this command.
PAGE 1679
2CSNXXX_SWUM200.book Page 1679 Tuesday, December 10, 2013 1:22 PM Syntax exec-banner no exec-banner • MESSAGE — Quoted text Default Configuration This command has no default configuration. Command Mode Line Configuration User Guidelines The exec banner can consist of multiple lines. Enter a quote to complete the message and return to configuration mode. Example console(config-telnet)# no exec-banner exit Use this command to disconnect the serial connection to a remote unit.
PAGE 1680
2CSNXXX_SWUM200.book Page 1680 Tuesday, December 10, 2013 1:22 PM User Guidelines This command is available in privileged exec mode on the master unit serial port and from the Unit prompt on member unit serial ports. The user need not be currently connected over the serial port to connect to another unit. The stack member being connected to must be up and running and connected as part of the stack. Example Example 1: To disconnect a remote session to a stack member established from the stack manager.
PAGE 1681
2CSNXXX_SWUM200.book Page 1681 Tuesday, December 10, 2013 1:22 PM Use the no form of the command to return the port to the default mode (1x40G). Syntax hardware profile portmode {1x40g|4x10g} no hardware profile portmode • 1x40g—Configure the port as a single 40G port using 4 lanes. • 4x10g—Configure the port as four 10G ports, each on a separate lane. This mode requires the use of a suitable 4x10G to 1x40g pigtail cable. Default Configuration By default, 40G ports are configured in 1x40G mode.
PAGE 1682
2CSNXXX_SWUM200.book Page 1682 Tuesday, December 10, 2013 1:22 PM Default Configuration Host name not configured. Command Mode Global Configuration mode User Guidelines The hostname may include any printable characters except a double quote or question mark. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name.
PAGE 1683
2CSNXXX_SWUM200.book Page 1683 Tuesday, December 10, 2013 1:22 PM User Guidelines This command forces a warm restart of the stack. The backup unit takes over as the new management unit without clearing the hardware state on any of the stack members. The original management unit reboots. If the system is not ready for a warm restart, for example because no backup unit has been elected or one or more members of the stack do not support nonstop forwarding, the command fails with a warning message.
PAGE 1684
2CSNXXX_SWUM200.book Page 1684 Tuesday, December 10, 2013 1:22 PM Syntax load-interval time no load-interval • time—The number of seconds after which interface utilization is measured periodically. The time has to be a multiple of 30. (Range 30-600 seconds) Default Configuration The default interval is 300 seconds. Command Modes Interface Configuration mode, Interface Range Configuration mode, Port Channel Configuration mode, Port Channel Range Configuration mode.
PAGE 1685
2CSNXXX_SWUM200.book Page 1685 Tuesday, December 10, 2013 1:22 PM User Guidelines The LED will blink green until it times out. The user may select a new time value while the LED is blinking. The last value selected takes effect immediately. The locate command does not persist across reboots. This command is not supported on Dell Networking N2000/N3000 Series series switches.
PAGE 1686
2CSNXXX_SWUM200.book Page 1686 Tuesday, December 10, 2013 1:22 PM Syntax logout Default Configuration There is no default configuration for this command. Command Modes Unit prompt on the stack member User Guidelines This command is available in privileged exec mode on the master unit serial port and from the Unit prompt on member unit serial ports. The user need not be currently connected over the serial port to connect to another unit.
PAGE 1687
2CSNXXX_SWUM200.book Page 1687 Tuesday, December 10, 2013 1:22 PM member Use the member command in Stack Global Configuration mode to preconfigure a switch stack member. Execute this command on the Management Switch. To remove a stack-member configuration from the stack, use the no form of the command. The no form of the command may not be used if the member is present in the stack.
PAGE 1688
2CSNXXX_SWUM200.book Page 1688 Tuesday, December 10, 2013 1:22 PM motd-banner Use the motd-banner command to enable motd on the console, telnet or SSH connection. To disable, use the no form of the command. Syntax motd-banner no motd-banner • MESSAGE — Quoted text Default Configuration This command has no default configuration. Command Mode Line Configuration User Guidelines This command has no user guidelines.
PAGE 1689
2CSNXXX_SWUM200.book Page 1689 Tuesday, December 10, 2013 1:22 PM Command Mode Stack Global Configuration mode User Guidelines Nonstop forwarding allows the forwarding plane of stack units to continue to forward packets while the control and management planes restart as a result of a power failure, hardware failure, or software fault on the stack management unit. Example console(config)#nsf ping Use the ping command in User EXEC mode to check the accessibility of the desired node on the network.
PAGE 1690
2CSNXXX_SWUM200.book Page 1690 Tuesday, December 10, 2013 1:22 PM • loopbackaddress— The source address from the loopback port index. • vlanid— The VLAN IPv4 or IPv6 address in the transmitted packets. • tunnelid— The tunnel interface IPv4 or IPv6 address in the transmitted packets. • out-of-band— The out-of-band interface IPv4 or IPv6 address in the transmitted packets. Default Configuration The default count is 4. The default interval is 3 seconds. The default size is 0 data bytes.
PAGE 1691
2CSNXXX_SWUM200.book Page 1691 Tuesday, December 10, 2013 1:22 PM Default Configuration There is no default configuration for this command. Command Modes User EXEC mode, Privileged EXEC mode User Guidelines This command is available in privileged exec mode on the master unit serial port and from the Unit prompt on member unit serial ports. The user need not be currently connected over the serial port to connect to another unit.
PAGE 1692
2CSNXXX_SWUM200.book Page 1692 Tuesday, December 10, 2013 1:22 PM Syntax reload [stack–member–number] • stack–member–number—The stack member to be reloaded. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines If no unit is specified, all units are reloaded. Examples Example-Reloading the Stack The following example displays how to reload the stack. console#reload 1 Management switch has unsaved changes.
PAGE 1693
2CSNXXX_SWUM200.book Page 1693 Tuesday, December 10, 2013 1:22 PM Are you sure you want to reload the stack? (y/n) service unsupported-transceiver Use this command to avoid the following on using an unsupported optic. • Logging of a message. • Generation of SNMP trap. Use the no form of this command to set the transceiver support to the factory default.
PAGE 1694
2CSNXXX_SWUM200.book Page 1694 Tuesday, December 10, 2013 1:22 PM Syntax set description unit description • unit — The switch identifier. (Range: 1–12) • description — The text description. (Range: 1–80 alphanumeric characters) Default Configuration This command has no default configuration. Command Mode Stack Global Configuration mode User Guidelines This command has no user guidelines.
PAGE 1695
2CSNXXX_SWUM200.book Page 1695 Tuesday, December 10, 2013 1:22 PM • Dell Networking N3024 • Dell Networking N3024F • Dell Networking N3024P • Dell Networking N3048 • Dell Networking N3048P • Dell Networking N4032 • Dell Networking N4032F • Dell Networking N4064 • Dell Networking N4064F • Dell SFP+ Card • Dell 10GBase-T Card Use the no form of the command to return the unit/slot configuration to the default value.
PAGE 1696
2CSNXXX_SWUM200.book Page 1696 Tuesday, December 10, 2013 1:22 PM Administrators may issue multiple consecutive slot commands addressing a particular unit/slot without issuing an intervening no slot command. Example console(config)#slot 1/3 3 console(config)#slot 1/3 4 show banner Use the show banner command to display banner information. Syntax show banner Default Configuration This command has no default configuration.
PAGE 1697
2CSNXXX_SWUM200.book Page 1697 Tuesday, December 10, 2013 1:22 PM Line SSH.......................... Enable Line Telnet....................... Enable ===motd===== show checkpoint statistics Use the show checkpoint statistics command to display the statistics for the checkpointing process. Syntax show checkpoint statistics Default Configuration This command has no default configuration.
PAGE 1698
2CSNXXX_SWUM200.book Page 1698 Tuesday, December 10, 2013 1:22 PM show cut-through mode Use the show cut-through mode command to show the cut-through mode on the switch. Syntax show cut-through mode Command Mode Privileged EXEC, Configuration mode and all Configuration submodes Default Configuration This command has no default configuration. User Guidelines Not available on N2000 or N3000 switches.
PAGE 1699
2CSNXXX_SWUM200.book Page 1699 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines.
PAGE 1700
2CSNXXX_SWUM200.book Page 1700 Tuesday, December 10, 2013 1:22 PM Example The following example shows the optic parameters in user readable format. console#show idprom interface tengigabitethernet 1/0/9 Type.............................. Media............................. Serial Number..................... Dell Qualified.................... SFP+ 10GBASE-LRM ANF0L5J Yes The following example shows the optic parameters, but not the IDPROM content as the entered activation code in incorrect.
PAGE 1701
2CSNXXX_SWUM200.book Page 1701 Tuesday, December 10, 2013 1:22 PM 0xD0: 34 CE 1B 40 31 00 30 00 0xE0: 00 00 00 00 34 DE 89 50 0xF0: 00 00 00 00 02 2D BE 00 39 00 00 00 00 00 00 00 00 00 00 00 34 DE 89 50 00 00 00 00 02 2D BE 00 show interfaces advanced firmware Use the show interfaces advanced firmware command to display the firmware revision of the PHY for a port. Syntax show interfaces advanced firmware interface • interface—A 10G non-stacking physical interface.
PAGE 1702
2CSNXXX_SWUM200.book Page 1702 Tuesday, December 10, 2013 1:22 PM Syntax show interfaces interface-id [transceiver [properties | detail]] • interface-id—The ID for any valid physical interface. • properties—Displays the optics static parameters. • detail—Displays the optics static and dynamic parameters. Default Configuration This command has no default configuration. Command Modes User EXEC, Privileged EXEC modes. User Guidelines This command has no user guidelines.
PAGE 1703
2CSNXXX_SWUM200.book Page 1703 Tuesday, December 10, 2013 1:22 PM show interfaces utilization Use this command to display interface utilization. Syntax show interfaces utilization [interface-id] • interface-id—The physical or port-channel interface. Default Configuration There is no default configuration for this command. Command Modes Privileged EXEC mode User Guidelines This command displays the interface transmit and receive utilization in bits/sec and packets/sec.
PAGE 1704
2CSNXXX_SWUM200.book Page 1704 Tuesday, December 10, 2013 1:22 PM Syntax show memory cpu Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines No specific guidelines. Example console#show memory cpu Total Memory........................... 262144 KBytes Available Memory Space................. 121181 KBytes show nsf Use the show nsf command to show the status of non-stop forwarding.
PAGE 1705
2CSNXXX_SWUM200.book Page 1705 Tuesday, December 10, 2013 1:22 PM Administrative Status.......................... Operational Status............................. Last Startup Reason............................ Time Since Last Restart........................ Restart In Progress............................ Warm Restart Ready............................. Enable Enable Warm Auto-Restart 0 days 16 hrs 52 mins 55 secs No Yes Copy of Running Configuration to Backup Unit: Status..................................
PAGE 1706
2CSNXXX_SWUM200.book Page 1706 Tuesday, December 10, 2013 1:22 PM Example console#show power-usage-history unit 1 Sampling Interval (sec)........................ 30 Total No. of Samples to Keep................... 168 Current Power Consumption (mWatts)............. 56172 Sample No.
PAGE 1707
2CSNXXX_SWUM200.book Page 1707 Tuesday, December 10, 2013 1:22 PM free alloc 64022608 151568112 CPU Utilization: PID Name 5 Sec 1 Min 5 Min --------------------------------------------------------328bb20 tTffsPTask 0.00% 0.00% 0.02% 3291820 tNetTask 0.00% 0.00% 0.01% 3295410 tXbdService 0.00% 0.00% 0.03% 347dcd0 ipnetd 0.00% 0.00% 0.01% 348a440 osapiTimer 1.20% 1.43% 1.21% 358ee70 bcmL2X.0 0.40% 0.30% 0.12% 359d2e0 bcmCNTR.0 0.80% 0.42% 0.50% 3b5b750 bcmRX 0.00% 0.13% 0.12% 3d3f6d0 MAC Send Task 0.00% 0.
PAGE 1708
2CSNXXX_SWUM200.book Page 1708 Tuesday, December 10, 2013 1:22 PM show sessions Use the show sessions command in Privileged EXEC mode to display a list of the open telnet sessions to remote hosts. Syntax show sessions Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 1709
2CSNXXX_SWUM200.book Page 1709 Tuesday, December 10, 2013 1:22 PM show slot Use the show slot command in User EXEC mode to display information about all the slots in the system or for a specific slot. Syntax show slot [slot/port] Default Configuration This command has no default configuration. Command Mode User EXEC, Configuration mode and all Configuration submodes User Guidelines The following table explains the output parameters.
PAGE 1710
2CSNXXX_SWUM200.book Page 1710 Tuesday, December 10, 2013 1:22 PM Parameter Description Inserted Card Model Identifier The model identifier of the card inserted in the slot. Model identifier is a 32character field used to identify a card. This field is displayed only if the slot is full. Inserted Card Description The card description. This field is displayed only if the slot is full. Configured Card Description The description of the card preconfigured in the slot.
PAGE 1711
2CSNXXX_SWUM200.book Page 1711 Tuesday, December 10, 2013 1:22 PM Command Mode User EXEC, Configuration mode and all Configuration submodes User Guidelines The CID information is used when preconfiguring cards using the slot command. The following table explains the output parameters. Parameter Description Card Index (CID) The index into the database of the supported card types. This index is used when preconfiguring a slot. Card Model Identifier The model identifier for the supported card type.
PAGE 1712
2CSNXXX_SWUM200.book Page 1712 Tuesday, December 10, 2013 1:22 PM 7 Dell 10GBase-T Card show supported switchtype Use the show supported switchtype command in User EXEC mode to display information about all supported switch types. Syntax show supported switchtype [switchindex] • switchindex — Specifies the index into the database of the supported switch types, indicating the type of the switch being preconfigured. The switch index is a 32-bit integer.
PAGE 1713
2CSNXXX_SWUM200.book Page 1713 Tuesday, December 10, 2013 1:22 PM The following table describes the fields in the second example. Field Description Switch Type This field displays the 32-bit numeric switch type for the supported switch. Model Identifier This field displays the model identifier for the supported switch type. Switch Description This field displays the description for the supported switch type. Example The following example displays the information for supported switch types.
PAGE 1714
2CSNXXX_SWUM200.book Page 1714 Tuesday, December 10, 2013 1:22 PM Card Index (CID)............... 7 Model Identifier............... Dell 10GBase-T Card show switch Use the show switch command in User EXEC mode to display information about units in the stack.
PAGE 1715
2CSNXXX_SWUM200.book Page 1715 Tuesday, December 10, 2013 1:22 PM • stack–member–number—The stack member number. • stack–ports—Display summary stack-port information for all interfaces. • counters—Display summary data counter information for all interfaces. • diag—Display front panel stacking diagnostics for each port. • stack-path—Display the active path from one stacking unit to another. • From-unit—The unit from which the packets originate. • All—Displays all unit paths.
PAGE 1716
2CSNXXX_SWUM200.book Page 1716 Tuesday, December 10, 2013 1:22 PM Unit Description Preconfigured Model Identifier This field displays the model identifier for this switch. Model Identifier is a 32-character field assigned by the switch manufacturer to identify the switch. Plugged-in Model Identifier This field displays the model identifier for this switch. Model Identifier is a 32-character field assigned by the switch manufacturer to identify the switch.
PAGE 1717
2CSNXXX_SWUM200.book Page 1717 Tuesday, December 10, 2013 1:22 PM Unit Description Preconfigured Model Identifier This field displays the model identifier of a preconfigured switch ready to join the stack. The Model Identifier is a 32-character field assigned by the switch manufacturer to identify the switch. Plugged-In Model Identifier This field displays the model identifier of the switch in the stack.
PAGE 1718
2CSNXXX_SWUM200.book Page 1718 Tuesday, December 10, 2013 1:22 PM Parameter Description Range Default Last Startup Reason The type of activation that caused the software to start the last time. There are four options. “Power-On” means that the switch rebooted. This could have been caused by a power cycle or an administrative “Reload” command. “Administrative Move” means that the administrator issued a command for the stand-by manager to take over.
PAGE 1719
2CSNXXX_SWUM200.book Page 1719 Tuesday, December 10, 2013 1:22 PM Parameter Description Range Default Time Since Last Copy When the running configuration was last copied from the management unit to the backup unit. Time Stamp Time Until Next Copy The number of seconds until the running configuration will be copied to the backup unit. This line only appears when the running configuration on the backup unit is Stale.
PAGE 1720
2CSNXXX_SWUM200.book Page 1720 Tuesday, December 10, 2013 1:22 PM Configured Stack Interface Mode ---------------- ---------Tw1/0/1 Stack Tw1/0/2 Stack Tw2/0/1 Stack Tw2/0/2 Stack Running Stack Mode ---------Stack Stack Stack Stack Link Status -----------Link Down Link Up Link Down Link Up Link Speed (Gb/s) -----------21 21 21 21 Admin Status ----------Enabled Disabled Disabled Enabled Example – All Units in the Stack This example displays information about all units in the stack.
PAGE 1721
2CSNXXX_SWUM200.book Page 1721 Tuesday, December 10, 2013 1:22 PM Time Until Next Copy........................ 28 seconds Unit ---1 2 3 NSF Support ----------Yes Yes Yes Example – Switch Firmware Stack Status The following example displays the Switch Firmware stack status information for the switch.
PAGE 1722
2CSNXXX_SWUM200.book Page 1722 Tuesday, December 10, 2013 1:22 PM show system Use the show system command in User EXEC mode to display system information. Syntax show system [unit] • unit — The unit number. Default Configuration This command has no default configuration. Command Mode User EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
PAGE 1723
2CSNXXX_SWUM200.book Page 1723 Tuesday, December 10, 2013 1:22 PM Unit Description Temperature (Celsius) ---- ------------------ ----------1 MAC 33 1 PHY 34 Fans: Unit ---1 1 Description ----------Fan-1 Fan-2 Status ------Failure Failure Power Supplies: Unit Description ---1 1 1 ----------System PS-1 PS-2 Status ----------OK Failure No Power Average Power (Watts) ---------39.8 Current Power (Watts) -------39.
PAGE 1724
2CSNXXX_SWUM200.book Page 1724 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example console>show system fan Fans: Unit Description Status ---- ----------- -----1 Fan 1 OK 1 Fan 2 OK 1 Fan 3 OK show system id Use the show system id command in User EXEC mode to display the system identity information. Syntax show system id [unit] • unit — The unit number. Default Configuration This command has no default configuration.
PAGE 1725
2CSNXXX_SWUM200.book Page 1725 Tuesday, December 10, 2013 1:22 PM ---- -----------1 13820M0230LF -------------13820M0230LF -----------none show system power Use the show system power command in User EXEC or Privileged EXEC mode to display information about the system level power consumption. Syntax show system power Default Configuration This command has no default configuration.
PAGE 1726
2CSNXXX_SWUM200.book Page 1726 Tuesday, December 10, 2013 1:22 PM show system temperature Use the show system temperature command in User EXEC or Privileged EXEC mode to display information about the system temperature and fan status. Syntax show system temperature Default Configuration This command has no default configuration.
PAGE 1727
2CSNXXX_SWUM200.book Page 1727 Tuesday, December 10, 2013 1:22 PM ---- ------------------ ----------1 MAC 33 1 PHY 34 show tech-support Use the show tech-support command to display system and configuration information for use in debugging or contacting technical support.
PAGE 1728
2CSNXXX_SWUM200.book Page 1728 Tuesday, December 10, 2013 1:22 PM User Guidelines Not applicable Default Value Not applicable Example console#show tech-support ***************** Show Version ****************** Switch: 1 System Description................ Dell Networking N4032, 6.0.0.0, Linux 2.6.32.9 Machine Description............... System Model ID................... Machine Type...................... Serial Number..................... Manufacturer...................... Operating System................
PAGE 1729
2CSNXXX_SWUM200.book Page 1729 Tuesday, December 10, 2013 1:22 PM System Object ID............................... System Up Time................................. 10/100 Ethernet/802.3 interface(s)............. Gig Ethernet/802.3 interface(s)................ 10Gig Ethernet/802.3 interface(s).............. 40Gig Ethernet/802.3 interface(s).............. Virtual Ethernet/802.3 interface(s)............ 1.3.6.1.4.1.674.10895.
PAGE 1730
2CSNXXX_SWUM200.book Page 1730 Tuesday, December 10, 2013 1:22 PM console#show users accounts UserName Privilege ------admin user Password Password Lockout Aging Expiry date --------- -------- ------------- ------15 ----False Administrative Profile(s): network-admin 1 ----False Administrative Profile(s): network-operator show version Use the show version command in User EXEC mode to displays the system version information. Syntax show version [unit ] • unit — The unit number.
PAGE 1731
2CSNXXX_SWUM200.book Page 1731 Tuesday, December 10, 2013 1:22 PM SOC Version....................... BCM56846_A1 HW Version........................ 3 CPLD Version...................... 14 unit active backup current-active next-active ---- ----------- ----------- -------------- -------------1 6.0.0.1 5.1.0.1 6.0.0.1 5.1.0.1 console#show version 2 CPU Version....................... SOC Version....................... HW Version........................ CPLD Version......................
PAGE 1732
2CSNXXX_SWUM200.book Page 1732 Tuesday, December 10, 2013 1:22 PM Example The following example sets the mode to Stack Global Config. console(config)#stack console(config-stack)# stack-port Use the stack-port command in Stack Configuration mode to configure ports as either Stacking ports or as Ethernet ports. This command is used to configure Ethernet ports to operate as either stacking or Ethernet ports, or to configure stacking modules to operate as Ethernet ports.
PAGE 1733
2CSNXXX_SWUM200.book Page 1733 Tuesday, December 10, 2013 1:22 PM show as detached in the show interfaces status command output. When downgrading switch firmware, Ethernet ports configured as stacking revert to Ethernet ports. It is necessary to configure the Ethernet ports as stacking on each unit in the stack individually after a firmware downgrade. Use the show switch command to display information regarding the switches in a stack.
PAGE 1734
2CSNXXX_SWUM200.book Page 1734 Tuesday, December 10, 2013 1:22 PM Command Modes Stack Configuration mode User Guidelines This command must be used with caution, as disabling a stack port causes the stack to attempt to reconverge. Ensure that the stack is in an active ring topology in order to avoid a stack split. Check the stack ports for errors and also verify that NSF is synced before shutting down any stacking links. Application messages will appear in the logs during stack convergence.
PAGE 1735
2CSNXXX_SWUM200.book Page 1735 Tuesday, December 10, 2013 1:22 PM Default Configuration The default configuration is to allow the software to automatically select a standby unit. Command Mode Stack Global Configuration User Guidelines No specific guidelines. Examples console(config)#stack console(config-stack)#standby 2 switch renumber Use the switch renumber command in Global Configuration mode to change the identifier for a switch in the stack.
PAGE 1736
2CSNXXX_SWUM200.book Page 1736 Tuesday, December 10, 2013 1:22 PM Example The following example displays how to reconfigure switch number “1” to an identifier of “2.” console(config)#switch 1 renumber 2 telnet Use the telnet command in Privileged EXEC mode to log into a host that supports Telnet. Syntax telnet {ip-address | hostname} [port] [keyword1......] • ip-address—Valid IP address of the destination host. • hostname—Hostname of the destination host. (Range: 1–158 characters).
PAGE 1737
2CSNXXX_SWUM200.
PAGE 1738
2CSNXXX_SWUM200.book Page 1738 Tuesday, December 10, 2013 1:22 PM Keyword Description Port Number talk Talk 517 telnet Telnet 23 time Time 37 uucp Unix-to-Unix Copy Program 540 whois Nickname 43 www World Wide Web 80 Default Configuration port — Telnet port (decimal 23) on the host. Command Mode User EXEC, Privileged EXEC mode User Guidelines This command has no user guidelines. Example Following is an example of using the telnet command to connect to 176.213.10.50.
PAGE 1739
2CSNXXX_SWUM200.book Page 1739 Tuesday, December 10, 2013 1:22 PM • hostname—Hostname of the destination host. (Range: 1–158 characters). The command allows spaces in the host name when specified in double quotes. For example, console(config)#snmp-server host "host name" • initTtl—The initial time-to-live (TTL); the maximum number of router hops between the local and remote system (Range: 0–255). • maxTtl—The largest TTL value that can be used (Range:1–255).
PAGE 1740
2CSNXXX_SWUM200.book Page 1740 Tuesday, December 10, 2013 1:22 PM Command Mode User Exec mode and Privileged EXEC mode User Guidelines Traceroute operates by sending a sequence of Internet Control Message Protocol (ICMP) echo request packets. The time-to-live (TTL) value, is used in determining the intermediate routers through which the packet flows toward the destination address. Routers decrement a packet’s TTL value and discard packets whose TTL equals 0.
PAGE 1741
2CSNXXX_SWUM200.book Page 1741 Tuesday, December 10, 2013 1:22 PM • maxTtl—The largest TTL value that can be used (Range:1–255). The default is 30. This must be larger or equal to the value specified in initTtl. • maxFail—Terminate the traceroute after failing to receive a response for this number of consecutive probes (Range: 0–255). • interval—The timeout period.
PAGE 1742
2CSNXXX_SWUM200.book Page 1742 Tuesday, December 10, 2013 1:22 PM User Guidelines Traceroute operates by sending a sequence of Internet Control Message Protocol (ICMP) echo request packets. The time-to-live (TTL) value, is used in determining the intermediate routers through which the packet flows toward the destination address. Routers decrement a packet’s TTL value and discard packets whose TTL equals 0. On discarding a packet, the router returns an ICMP time exceeded message to the source.
PAGE 1743
2CSNXXX_SWUM200.book Page 1743 Tuesday, December 10, 2013 1:22 PM User Guidelines It is not required to update the boot code unless directed to do so in the release notes. Dell networking switches utilize a universal boot loader and do not contain version specific dependencies in the boot loader. If unit is not specified, all units in the stack are updated. Example The following example updates the bootcode on unit 2.
PAGE 1744
2CSNXXX_SWUM200.
PAGE 1745
2CSNXXX_SWUM200.book Page 1745 Tuesday, December 10, 2013 1:22 PM Telnet Server Commands 80 Dell Networking N2000/N3000/N4000 Series Switches The Telnet protocol (outlined in RFC 854) allows users (clients) to connect to multiuser computers (servers) on the network. Telnet is often employed when a user communicates with a remote login service. Telnet is the terminal emulation protocol in the TCP/IP suite. Telnet uses TCP as the transport protocol to initiate a connection between server and client.
PAGE 1746
2CSNXXX_SWUM200.book Page 1746 Tuesday, December 10, 2013 1:22 PM If you need to utilize this device or otherwise make changes to the configuration, you may contact the owner at x38525. Please, be advised this unit is under test. dellradius@192.168.12.84's password: Press 'y' to continue (within 30 seconds) (y/n) Welcome to the N3024 in the Bottom Chassis - 192.168.12.190. This unit is located in A2 and is currently under test. N3024-C1> 2 SSH (Linux Terminal): [root ~]# ssh 192.168.12.
PAGE 1747
2CSNXXX_SWUM200.book Page 1747 Tuesday, December 10, 2013 1:22 PM Commands in this Chapter This chapter explains the following commands: ip telnet server disable show ip telnet ip telnet port – ip telnet server disable The ip telnet server disable command is used to enable/disable the Telnet service on the switch. Syntax ip telnet server disable no ip telnet server disable Command Mode Global Configuration User Guidelines No specific guidelines. Default Value This feature is enabled by default.
PAGE 1748
2CSNXXX_SWUM200.book Page 1748 Tuesday, December 10, 2013 1:22 PM Syntax ip telnet port port number • port number — Telnet TCP port number (Range: 1025–65535) Default Configuration The default value for the Telnet TCP port is 23. Command Mode Global Configuration User Guidelines The Telnet server TCP port should not be set to a value that might conflict with other well-known protocol port numbers used on this switch.
PAGE 1749
2CSNXXX_SWUM200.book Page 1749 Tuesday, December 10, 2013 1:22 PM Terminal Length Commands 81 Dell Networking N2000/N3000/N4000 Series Switches This chapter provides information about terminal length commands. terminal length Use the terminal length command to set the terminal length. Use the no form of the command to reset the terminal length to the default. Syntax terminal length value no terminal length • value — The length in number of lines.
PAGE 1750
2CSNXXX_SWUM200.
PAGE 1751
2CSNXXX_SWUM200.book Page 1751 Tuesday, December 10, 2013 1:22 PM Time Ranges Commands 82 Dell Networking N2000/N3000/N4000 Series Switches Time ranges are used with time-based ACLs to restrict their application due to specific time slots. This chapter explains the following commands: time-range periodic absolute show time-range time-range Use the time-range command in Global Configuration mode to globally enable or disable the event notification service of the time range component.
PAGE 1752
2CSNXXX_SWUM200.book Page 1752 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration User Guidelines The CLI mode changes to Time-Range Configuration mode when you successfully execute this command. Example console(config)#time-range timeRange_1 absolute Use the absolute command in Time Range Configuration mode to add an absolute time entry to a time range. Use the no form of this command to delete the absolute time entry in the time range.
PAGE 1753
2CSNXXX_SWUM200.book Page 1753 Tuesday, December 10, 2013 1:22 PM User Guidelines Only one absolute time entry is allowed per time-range. The time parameter is referenced to the currently configured time zone. Example console#time-range timeRange_1 console(Config-time-range)#absolute end 12:00 16 Dec 2010 periodic Use the periodic command to add a periodic time entry to a time range. The time parameter is based off of the currently configured time zone.
PAGE 1754
2CSNXXX_SWUM200.book Page 1754 Tuesday, December 10, 2013 1:22 PM • time—The first occurrence of this argument is the starting hours:minutes which the configuration that referenced the time range starts going into effect. The second occurrence is the ending hours:minutes at which the configuration that referenced the time range is no longer in effect. The hours:minutes are expressed in a 24-hour clock. For example, 8:00 is 8:00 am and 20:00 is 8:00 pm.
PAGE 1755
2CSNXXX_SWUM200.book Page 1755 Tuesday, December 10, 2013 1:22 PM console(Config-time-range)#periodic wednesday 12:30 to thursday 20:00 console(Config-time-range)#periodic weekend 18:00 to 20:00 show time-range Use the show time-range command in Privileged EXEC mode to display a time range and all the absolute/periodic time entries that are defined for the time range. The [name] parameter is used to identify a specific time range to display.
PAGE 1756
2CSNXXX_SWUM200.book Page 1756 Tuesday, December 10, 2013 1:22 PM Parameter Description Periodic end End time and day for periodic entry.
PAGE 1757
2CSNXXX_SWUM200.book Page 1757 Tuesday, December 10, 2013 1:22 PM USB Flash Drive Commands 83 Dell Networking N2000/N3000/N4000 Series Switches When available, a USB flash drive can be used to configure, upgrade and provide consistency to a switching network. A USB flash drive can be plugged in sequentially to a set of routers/switches to upgrade to newer software versions without depending on the network to upgrade the switches with new firmware.
PAGE 1758
2CSNXXX_SWUM200.book Page 1758 Tuesday, December 10, 2013 1:22 PM Validation for Files Uploaded from Switch to USB Flash Drive • Memory insufficient -Check memory availability on the USB flash drive to upload the file. Files downloaded from USB flash drive are not copied to RAM to perform validations. Instead, the file is directly read from the USB flash device and copied to buffers to perform the necessary validations.
PAGE 1759
2CSNXXX_SWUM200.book Page 1759 Tuesday, December 10, 2013 1:22 PM Command Mode Privileged EXEC User Guidelines Once a flash drive has been unmounted, it must be removed and reinserted in order to be accessed again. Example console#unmount usb show usb Use the show usb command in Privileged EXEC mode to display the USB flash device details. Syntax show usb device Default Configuration This command has no default configuration.
PAGE 1760
2CSNXXX_SWUM200.book Page 1760 Tuesday, December 10, 2013 1:22 PM Parameter Description Serial Number Serial number of the device. USB Version Compliance Version of the USB device. Class Code Device Class. Subclass Code Device SubClass. Protocol Device Protocol. Vendor ID Vendor specific details of device- Vendor ID. Product ID Vendor specific details of device- Product ID. Example The following example is the output if the device is plugged into the USB slot.
PAGE 1761
2CSNXXX_SWUM200.book Page 1761 Tuesday, December 10, 2013 1:22 PM Syntax dir usb Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines Only the first 32 characters of the file name are displayed, even if the file name is longer. The following table explains the output parameters. Parameter Description Filename File name Filesize File size Total Size USB flash device storage size. Bytes Used Indicates size of memory used on the device.
PAGE 1762
2CSNXXX_SWUM200.
PAGE 1763
2CSNXXX_SWUM200.book Page 1763 Tuesday, December 10, 2013 1:22 PM User Interface Commands 84 Dell Networking N2000/N3000/N4000 Series Switches This chapter explains the following commands: configure terminal end do exit enable quit configure terminal Use the configure terminal command to enter global configuration mode. This command is equivalent to the configure command with no terminal argument. Syntax configure [terminal] Default Configuration This command has no default configuration.
PAGE 1764
2CSNXXX_SWUM200.book Page 1764 Tuesday, December 10, 2013 1:22 PM do Use the do command to execute commands available in Privileged EXEC mode, Global Configuration and any config submode with command completion. Command completion using the space bar is not available when using this command. When in modes other than Global Configuration mode, the do command will not appear in the list of commands shown in the help, nor will prompting be available. Syntax do line do ? • line — Command to be executed.
PAGE 1765
2CSNXXX_SWUM200.book Page 1765 Tuesday, December 10, 2013 1:22 PM arp Purge a dynamic or gateway ARP entry. boot Select a boot image for use on the next reload. captive-portal Manage captive portal clients. clear Clear learned configuration or statistics. configure Enter global Configuration mode. copy Copy files to or from the switch. crypto Request a crypto certificate. debug Configure debug flags. delete Delete a file. dir Display directory information.
PAGE 1766
2CSNXXX_SWUM200.book Page 1766 Tuesday, December 10, 2013 1:22 PM enable Use the enable command in User EXEC mode to enter the Privileged EXEC mode. Syntax enable Default Configuration The default privilege level is 15. Command Mode User EXEC and Privileged EXEC modes User Guidelines If there is no authentication method defined for enable, then a level 1 user is not allowed to execute this command. Example The following example shows how to enter privileged mode.
PAGE 1767
2CSNXXX_SWUM200.book Page 1767 Tuesday, December 10, 2013 1:22 PM User Guidelines No specific guidelines. Example console(config)#end console#end console> exit Use the exit command to go to the next lower command prompt or, in User EXEC mode, to close an active terminal session by logging off the switch. Syntax exit Default Configuration This command has no default configuration. Command Mode All command modes. In User EXEC mode, this command behaves identically with the quit command.
PAGE 1768
2CSNXXX_SWUM200.book Page 1768 Tuesday, December 10, 2013 1:22 PM quit Use the quit command in User EXEC mode to close an active terminal session by logging off the switch. Syntax quit Default Configuration This command has no default configuration. Command Mode User EXEC command mode User Guidelines There are no user guidelines for this command. Example The following example closes an active terminal session.
PAGE 1769
2CSNXXX_SWUM200.book Page 1769 Tuesday, December 10, 2013 1:22 PM Web Server Commands 85 Dell Networking N2000/N3000/N4000 Series Switches If enabled, the Dell Networking is manageable via industry standard web browsers. User privilege levels are the same as for the CLI. Over 95% of the management functions are available via the web interface, including configuration and firmware upgrades. Web Sessions The HTTP protocol does not provide support for persistent connections.
PAGE 1770
2CSNXXX_SWUM200.book Page 1770 Tuesday, December 10, 2013 1:22 PM on the server is 15, the user is given read-write permissions. Any other value is read-only. If exec shell feature is not enabled on the server, the user is given read-only permissions.
PAGE 1771
2CSNXXX_SWUM200.book Page 1771 Tuesday, December 10, 2013 1:22 PM Command Mode Crypto Certification mode User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command. Example The following example displays how to specify the name of "router.gm.com." console(config-crypto-cert)#common-name router.gm.com country Use the country command in Crypto Certificate Generation or Crypto Certificate Request mode to specify the country.
PAGE 1772
2CSNXXX_SWUM200.book Page 1772 Tuesday, December 10, 2013 1:22 PM crypto certificate generate Use the crypto certificate generate command in Global Configuration mode to generate a self-signed HTTPS certificate. Syntax crypto certificate number generate • number—Specifies the certificate number. (Range: 1–2) • generate—Regenerates the SSL RSA key. Default Configuration This command has no default configuration.
PAGE 1773
2CSNXXX_SWUM200.book Page 1773 Tuesday, December 10, 2013 1:22 PM crypto certificate import Use the crypto certificate import command in Global Configuration mode to import a certificate signed by the Certification Authority for HTTPS. Syntax crypto certificate number import • number — Specifies the certificate number. (Range: 1–2) Default Configuration This command has no default configuration.
PAGE 1774
2CSNXXX_SWUM200.book Page 1774 Tuesday, December 10, 2013 1:22 PM ZvKBAEL9Ggp+6MIIBNgYDVR0fBIIBLTCCASkwgdKggc+ggcyGgclsZGFwOi8v L0VByb3h5JTIwU29mdHdhcmUlMjBSb290JTIwQ2VydGlmaWVyLENOPXNlcnZl -----END CERTIFICATE----Certificate imported successfully. Issued to: router.gm.com Issued by: www.verisign.com Valid from: 8/9/2005 to 8/9/2005 Subject: CN= router.gm.
PAGE 1775
2CSNXXX_SWUM200.book Page 1775 Tuesday, December 10, 2013 1:22 PM Use the end command to exit Crypto Certificate Request mode without generating a certificate request. Use the exit command to exit Crypto Certificate Request mode and generate a certificate request. duration Use the duration command in Crypto Certificate Generation mode to specify the duration. Syntax duration days • days — Specifies the number of days a certification would be valid.
PAGE 1776
2CSNXXX_SWUM200.book Page 1776 Tuesday, December 10, 2013 1:22 PM Syntax ip http port port-number no ip http port • port-number — Port number on which the switch HTTP server listens for connections.. (Range: 1025–65535) Default Configuration This default port number is 80. Command Mode Global Configuration mode User Guidelines The HTTP TCP port should not be set to a value that might conflict with other well-known protocol port numbers used on this switch.
PAGE 1777
2CSNXXX_SWUM200.book Page 1777 Tuesday, December 10, 2013 1:22 PM Command Mode Global Configuration mode User Guidelines This command enables HTTP access to the switch. Use the ip http secureserver command to enable HTTPS access. It is recommended that administrators enable HTTPS access in preference to HTTP access in order to ensure that management activity is not snooped. Example The following example enables the switch to be configured from a browser.
PAGE 1778
2CSNXXX_SWUM200.book Page 1778 Tuesday, December 10, 2013 1:22 PM Example The following example configures the active certificate for HTTPS. console(config)#ip http secure-certificate 1 ip http secure-port Use the ip http secure-port command in Global Configuration mode to configure a TCP port on which the switch listens for HTTPS connections. To use the default port, use the no form of this command.
PAGE 1779
2CSNXXX_SWUM200.book Page 1779 Tuesday, December 10, 2013 1:22 PM ip http secure-server Use the ip http secure-server command in Global Configuration mode to enable the switch to be accessed via HTTPS clients. To disable HTTPS access,, use the no form of this command. Syntax ip http secure-server no ip http secure-server Default Configuration The default for the switch is disabled.
PAGE 1780
2CSNXXX_SWUM200.book Page 1780 Tuesday, December 10, 2013 1:22 PM Default Configuration This command has no default configuration. Command Mode Crypto Certificate Generation mode User Guidelines This command mode is entered using the crypto certificate request command. You must use the key-generate command prior to exiting the crypto certificate request mode to properly generate a certificate request.
PAGE 1781
2CSNXXX_SWUM200.book Page 1781 Tuesday, December 10, 2013 1:22 PM Example The following example displays how to specify the city location of "austin." console(config-crypto-cert)#location austin organization-unit Use the organization-unit command in Crypto Certificate Generation or Crypto Certificate Request mode to specify the organization unit. Syntax organization-unit organization-unit • organization-unit — Specifies the organization-unit or department name.
PAGE 1782
2CSNXXX_SWUM200.book Page 1782 Tuesday, December 10, 2013 1:22 PM • number — Specifies the certificate number. (Range: 1–2 digits) Default configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes Example The following example displays the SSL certificate of a sample switch.
PAGE 1783
2CSNXXX_SWUM200.book Page 1783 Tuesday, December 10, 2013 1:22 PM User Guidelines This command has no user guidelines. Example The following example displays the HTTP server configuration. console#show ip http server status HTTP server enabled. Port: 80 show ip http server secure status Use the show ip http server secure status command in User EXEC or Privileged EXEC mode to display the HTTP secure server status information.
PAGE 1784
2CSNXXX_SWUM200.book Page 1784 Tuesday, December 10, 2013 1:22 PM Certificate 2 is inactive Issued by: self-signed Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: 1873B936 88DC3411 BC8932EF 782134BA The following example displays the HTTPS server configuration with DH Key exchange disabled. console#show ip https HTTPS server enabled. Port: 443 DH Key exchange disabled, parameters are being generated. Certificate 1 is active Issued by: www.verisign.
PAGE 1785
2CSNXXX_SWUM200.book Page 1785 Tuesday, December 10, 2013 1:22 PM Example The following example shows how to specify the state of "texas.
PAGE 1786
2CSNXXX_SWUM200.
PAGE 1787
2CSNXXX_SWUM200.book Page 1787 Tuesday, December 10, 2013 1:22 PM Appendix A: List of Commands A aaa accounting dot1x default start-stop . . . . . . . . . . . . . . . . . . . . . . . 701 aaa authentication dot1x default . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220 aaa authentication enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 aaa authentication login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 aaa authorization . . . . . . . .
PAGE 1788
2CSNXXX_SWUM200.book Page 1788 Tuesday, December 10, 2013 1:22 PM arp access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345 arp cachesize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 921 arp dynamicrenew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 922 arp purge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 923 arp resptime . . . .
PAGE 1789
2CSNXXX_SWUM200.book Page 1789 Tuesday, December 10, 2013 1:22 PM captive-portal client deauthenticate . . . . . . . . . . . . . . . . . . . . . . . . . 1410 channel-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593 class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 639 class-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 640 class-map rename . . . . .
PAGE 1790
2CSNXXX_SWUM200.book Page 1790 Tuesday, December 10, 2013 1:22 PM clear isdp table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302 clear lldp remote-data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552 clear lldp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553 clear logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1791
2CSNXXX_SWUM200.book Page 1791 Tuesday, December 10, 2013 1:22 PM deadtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705 debug aaa accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705 debug arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1566 debug authentication interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1567 debug auto-voip . . . . . . . . . .
PAGE 1792
2CSNXXX_SWUM200.book Page 1792 Tuesday, December 10, 2013 1:22 PM default-metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1219, 1293, 1343 default-router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 938 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1465 delete backup-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1466 delete backup-image . . . . . .
PAGE 1793
2CSNXXX_SWUM200.book Page 1793 Tuesday, December 10, 2013 1:22 PM dot1x initialize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 846 dot1x mac-auth-bypass . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 847 dot1x max-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 848 dot1x max-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 849 dot1x port-control . . . . . . .
PAGE 1794
2CSNXXX_SWUM200.book Page 1794 Tuesday, December 10, 2013 1:22 PM exec-banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1678 exec-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1489 exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1679, 1767 exit (mst) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1795
2CSNXXX_SWUM200.book Page 1795 Tuesday, December 10, 2013 1:22 PM interface range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 interface range port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 594 interface range vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 800 interface tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1358 interface vlan . . . . . . . . . .
PAGE 1796
2CSNXXX_SWUM200.book Page 1796 Tuesday, December 10, 2013 1:22 PM ip helper-address (global configuration) . . . . . . . . . . . . . . . . . . . . . . 1037 ip helper-address (interface configuration) . . . . . . . . . . . . . . . . . . . 1038 ip host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485 ip http authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 ip http port . . . . . . . . . . . . . . . . . . . . .
PAGE 1797
2CSNXXX_SWUM200.book Page 1797 Tuesday, December 10, 2013 1:22 PM ip irdp holdtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1335 ip irdp maxadvertinterval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1336 ip irdp minadvertinterval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1337 ip irdp multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1338 ip irdp preference . . . . . . . . . . .
PAGE 1798
2CSNXXX_SWUM200.book Page 1798 Tuesday, December 10, 2013 1:22 PM ip rip receive version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1348 ip rip send version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1349 ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1050 ip route default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1051 ip route distance . . . .
PAGE 1799
2CSNXXX_SWUM200.book Page 1799 Tuesday, December 10, 2013 1:22 PM ipv6 mld host-proxy unsolicit-rprt-interval . . . . . . . . . . . . . . . . . . . 1090 ipv6 mld last-member-query-count . . . . . . . . . . . . . . . . . . . . . . . . . 1087 ipv6 mld last-member-query-interval . . . . . . . . . . . . . . . . . . . . . . . . 1088 ipv6 mld query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1090 ipv6 mld query-max-response-time . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1800
2CSNXXX_SWUM200.book Page 1800 Tuesday, December 10, 2013 1:22 PM ipv6 pim bsr-candidate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1170 ipv6 pim dense-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1171 ipv6 pim dr-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1171 ipv6 pim hello-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1172 ipv6 pim join-prune-interval . . . . . . . . .
PAGE 1801
2CSNXXX_SWUM200.book Page 1801 Tuesday, December 10, 2013 1:22 PM link-dependency group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546 lldp dcbx port-role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 893 lldp dcbx version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 890 lldp med . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554 lldp med confignotification .
PAGE 1802
2CSNXXX_SWUM200.book Page 1802 Tuesday, December 10, 2013 1:22 PM logging web-session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1663 login authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 login-banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1685 logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1685 M mac access-group . . . .
PAGE 1803
2CSNXXX_SWUM200.book Page 1803 Tuesday, December 10, 2013 1:22 PM match protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 665 match source-address mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 666 match srcip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667 match srcip6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667 match srcl4port . . . . . .
PAGE 1804
2CSNXXX_SWUM200.book Page 1804 Tuesday, December 10, 2013 1:22 PM nsf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1238, nsf helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . nsf helper strict-lsa-checking . . . . . . . . . . . . . . . . . . . . . . . . . . nsf restart-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1307, 1239, 1239, 1240, 1688 1308 1309 1309 O option . . . . . . . . . . . . . . .
PAGE 1805
2CSNXXX_SWUM200.book Page 1805 Tuesday, December 10, 2013 1:22 PM police-single-rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 672 police-two-rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 673 policy-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 674 port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1806
2CSNXXX_SWUM200.book Page 1806 Tuesday, December 10, 2013 1:22 PM radius-server timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 717 random-detect exponential-weighting-constant . . . . . . . . . . . . . . . . 678 random-detect queue-parms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675 rate-limit cpu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1105 redirect . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1807
2CSNXXX_SWUM200.book Page 1807 Tuesday, December 10, 2013 1:22 PM session-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1408 set description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1693 set interface null0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1059 set ip default next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1060 set ip next-hop . . . . . . . . .
PAGE 1808
2CSNXXX_SWUM200.book Page 1808 Tuesday, December 10, 2013 1:22 PM show captive-portal status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1401 show captive-portal user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1415 show checkpoint statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1697 show class-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 680 show classofservice dot1p-mapping . . . . . .
PAGE 1809
2CSNXXX_SWUM200.book Page 1809 Tuesday, December 10, 2013 1:22 PM show ethernet cfm domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424 show ethernet cfm errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424 show ethernet cfm maintenance-points local . . . . . . . . . . . . . . . . . . 425 show ethernet cfm maintenance-points remote . . . . . . . . . . . . . . . . 426 show ethernet cfm statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1810
2CSNXXX_SWUM200.book Page 1810 Tuesday, December 10, 2013 1:22 PM show ip brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1063 show ip dhcp binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 954 show ip dhcp conflict . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 955 show ip dhcp global configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 955 show ip dhcp pool . . . . . . . . . . . . .
PAGE 1811
2CSNXXX_SWUM200.book Page 1811 Tuesday, December 10, 2013 1:22 PM show ip mroute group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1155 show ip mroute source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1156 show ip multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1152 show ip multicast interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1154 show ip ospf . . . . . . . . . . . . . . . . . .
PAGE 1812
2CSNXXX_SWUM200.book Page 1812 Tuesday, December 10, 2013 1:22 PM show ip verify source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533 show ip vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1075 show ip vrrp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1382 show ipv6 access-lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507 show ipv6 brief . . . . . . . . .
PAGE 1813
2CSNXXX_SWUM200.book Page 1813 Tuesday, December 10, 2013 1:22 PM show ipv6 ospf border-routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1319 show ipv6 ospf database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1320 show ipv6 ospf database database-summary . . . . . . . . . . . . . . . . . . 1322 show ipv6 ospf interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1323 show ipv6 ospf interface brief . . . . . . . . . . . . . . . . . . . . .
PAGE 1814
2CSNXXX_SWUM200.book Page 1814 Tuesday, December 10, 2013 1:22 PM show lldp med . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565 show lldp med interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566 show lldp med local-device detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567 show lldp med remote-device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 568 show lldp remote-device . . . . . . . . . . . . . . .
PAGE 1815
2CSNXXX_SWUM200.book Page 1815 Tuesday, December 10, 2013 1:22 PM show power-usage-history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1705 show process cpu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1706 show radius statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 721 show rmon alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1545 show rmon alarms . . . . . . . . . . . . .
PAGE 1816
2CSNXXX_SWUM200.book Page 1816 Tuesday, December 10, 2013 1:22 PM show storm-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403 show supported cardtype . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1710 show supported switchtype . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1712 show switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1714 show switchport protected . . . . . . . . . . .
PAGE 1817
2CSNXXX_SWUM200.book Page 1817 Tuesday, December 10, 2013 1:22 PM show vrrp interface stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1381 shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403 slot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1694 snmp-server community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1617 snmp-server community-group . .
PAGE 1818
2CSNXXX_SWUM200.book Page 1818 Tuesday, December 10, 2013 1:22 PM spanning-tree mst port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 756 spanning-tree mst priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 757 spanning-tree portfast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 758 spanning-tree portfast bpdufilter default . . . . . . . . . . . . . . . . . . . . . . 759 spanning-tree portfast default . . . . . . . . . . . . . .
PAGE 1819
2CSNXXX_SWUM200.book Page 1819 Tuesday, December 10, 2013 1:22 PM switchport trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 821 switchport voice detect auto . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300 system jumbo mtu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412 T tacacs-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 775 tacacs-server key . . . . . . . .
PAGE 1820
2CSNXXX_SWUM200.book Page 1820 Tuesday, December 10, 2013 1:22 PM user group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1416, 1424 user group moveusers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1424 user group name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1425 user name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1418 user password . . . . . . . . . .
PAGE 1821
2CSNXXX_SWUM200.book Page 1821 Tuesday, December 10, 2013 1:22 PM W write . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1474 write core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1822
2CSNXXX_SWUM200.book Page 1 Tuesday, December 10, 2013 1:22 PM Printed in the U.S.A. w w w. del l . co m | s upp ort . del l .
PAGE 1823
2CSNXXX_SWUM200.