Dell PowerEdge Configuration Guide for the M I/O Aggregator 9.13.0.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2017 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 About this Guide........................................................................................................................................... 15 Audience............................................................................................................................................................................ 15 Conventions...................................................................................................................................................
Viewing the Reason for Last System Reboot...............................................................................................................32 4 Configuration Cloning.................................................................................................................................. 34 Cloning Configuration Output Status............................................................................................................................ 34 5 Data Center Bridging (DCB).........
DHCP Packet Format and Options................................................................................................................................76 Option 82...........................................................................................................................................................................77 Releasing and Renewing DHCP-based IP Addresses..................................................................................................
Configuring a Static Route for a Management Interface.................................................................................... 105 VLAN Membership.........................................................................................................................................................105 Default VLAN ...........................................................................................................................................................106 Port-Based VLANs..........
12 Link Aggregation....................................................................................................................................... 132 Supported Modes...........................................................................................................................................................132 How the LACP is Implemented on an Aggregator......................................................................................................132 Uplink LAG...................
Disabling and Undoing LLDP...................................................................................................................................158 Advertising TLVs.............................................................................................................................................................158 Optional TLVs.................................................................................................................................................................
AAA Authorization..........................................................................................................................................................190 Privilege Levels Overview........................................................................................................................................190 Configuration Task List for Privilege Levels........................................................................................................... 191 RADIUS..........
Standard VLAN MIB...................................................................................................................................................... 227 Enhancements..........................................................................................................................................................227 Fetching the Switchport Configuration and the Logical Interface Configuration ...........................................
Troubleshooting a Switch Stack...................................................................................................................................254 Failure Scenarios......................................................................................................................................................256 Upgrading a Switch Stack............................................................................................................................................
25 PMUX Mode of the IO Aggregator...........................................................................................................285 I/O Aggregator (IOA) Programmable MUX (PMUX) Mode.....................................................................................285 Configuring and Changing to PMUX Mode............................................................................................................... 285 Configuring the Commands without a Separate User Account.....................
NPIV Proxy Gateway: Terms and Definitions....................................................................................................... 320 Configuring an NPIV Proxy Gateway........................................................................................................................... 321 Enabling Fibre Channel Capability on the Switch................................................................................................ 323 Creating a DCB Map ...................................
Enabling Buffer Statistics Tracking .............................................................................................................................353 Restoring the Factory Default Settings...................................................................................................................... 355 Important Points to Remember............................................................................................................................. 355 31 Standards Compliance.....
1 About this Guide This guide describes the supported protocols and software features, and provides configuration instructions and examples, for the Dell Networking M I/O Aggregator running Dell Networking OS version 9.7(0.0). The MI/O Aggregator is installed in a Dell PowerEdge M I/O Aggregator. For information about how to install and perform the initial switch configuration, refer to the Getting Started Guides on the Dell Support website at http://www.dell.
WARNING: The Warning icon signals information about hardware handling that could result in injury. * (Exception). This symbol is a note associated with additional text on the page that is marked with an asterisk.
2 Before You Start To install the Aggregator in a Dell PowerEdge M1000e Enclosure, use the instructions in the Dell PowerEdge M I/O Aggregator Getting Started Guide that is shipped with the product.The I/O Aggregator (also known as Aggregator) installs with zero-touch configuration. After you power it on, an Aggregator boots up with default settings and auto-configures with software features enabled.
For more information on the PMUX mode, see PMUX Mode of the IO Aggregator. Stacking mode stack-unit unit iom-mode stack CONFIGURATION mode Dell(conf)#stack-unit 0 iom-mode stack Select this mode to configure Stacking mode CLI commands. For more information on the Stacking mode, see Stacking.
• Link layer discovery protocol (LLDP): Enabled on all ports to advertise management TLV and system name with neighboring devices. • Internet small computer system interface (iSCSI)optimization. • Internet group management protocol (IGMP) snooping. • Jumbo frames: Ports are set to a maximum MTU of 12,000 bytes by default. • Link tracking: Uplink-state group 1 is automatically configured.
Link Tracking By default, all server-facing ports are tracked by the operational status of the uplink LAG. If the uplink LAG goes down, the aggregator loses its connectivity and is no longer operational; all server-facing ports are brought down after the specified defer-timer interval, which is 10 seconds by default. If you have configured VLAN, you can reduce the defer time by changing the defer-timer value or remove it by using the no defer-timer command.
In case of a Dell upgrade, you can check to see that an Aggregator is running the latest Dell version by entering the show versioncommand. To download Dell version, go to http://support.dell.com For detailed information about how to reconfigure specific software settings, refer to the appropriate chapter. Deploying FN I/O Module This section provides design and configuration guidance for deploying the Dell PowerEdge FN I/O Module (FN IOM). By default the FN IOM is in Standalone Mode.
Configuration Examples Following are the configuration examples for common upstream switches. To establish a functional uplink and bring the network ports on PowerEdge FC-Series servers up (FC830, FC630, FC430, FC 620, and FC420) use the following steps: 1 Ensure that the FN IOM system is in Standalone Mode. 2 Create a LACP LAG on the upstream top of rack switch. 3 Verify the connection.
Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 1 packets/sec, 0.00% of line-rate Time since last interface status change: 00:13:45 In the following, port channel 128 is down. As a result, the downstream ports (TenGigabitEthernet 0/1 – 8) are disabled by UFD.
Configure Interfaces and Port Channel This section provides the commands for configuring port channels on common upstream switches that are connected to the FN IOM system. The previous illustration is applicable to the FN 410S and FN 410T servers. If you are using the FN 2210S server in its default configuration, you can only use the TenGigabitethernet 0/11 and TenGigabitethernet 0/12 in the uplink port channel. Ports TenGigabitethernet 0/9 and TenGigabitethernet 0/10 are Fibre Channel ports.
To verify the status, run the following commands: Dell#show interfaces port-channel 128 Port-channel 128 is up, line protocol is up Dell#show uplink-state-group Uplink State Group: 1 Status: Enabled, Up Before You Start 25
3 Configuration Fundamentals The Dell Networking Operating System (OS) command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels. In Dell Networking OS, after you enable a command, it is entered into the running configuration file.
CLI Modes Different sets of commands are available in each mode. A command found in one mode cannot be executed from another mode (except for EXEC mode commands with a preceding do command (refer to the do Command section). The Dell Networking OS CLI is divided into three major mode levels: • EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level.
Table 1. Dell Command Modes CLI Command Mode Prompt Access Command EXEC Dell> Access the router through the console or Telnet. EXEC Privilege Dell# • • CONFIGURATION Dell(conf)# From EXEC mode, enter the enable command. From any other mode, use the end command. • From EXEC privilege mode, enter the configure command. • From every mode except EXEC and EXEC Privilege, enter the exit command. NOTE: Access all of the following modes from CONFIGURATION mode.
Undoing Commands When you enter a command, the command line is added to the running configuration file (running-config). To disable a command and remove it from the running-config, enter the no command, then the original command. For example, to delete an IP address configured on an interface, use the no ip address ip-address command. NOTE: Use the help or ? command as described in Obtaining Help.
• • • • • Enter the minimum number of letters to uniquely identify a command. For example, you cannot enter cl as a partial keyword because both the clock and class-map commands begin with the letters “cl.” You can enter clo, however, as a partial keyword because only one command begins with those three letters. The TAB key auto-completes keywords in commands. Enter the minimum number of letters to uniquely identify a command.
• show run | grep Ethernet returns a search result with instances containing a capitalized “Ethernet,” such as interface TenGigabitEthernet 0/1. • show run | grep ethernet does not return that search result because it only searches for instances containing a noncapitalized “ethernet.” • show run | grep Ethernet ignore-case returns instances containing both “Ethernet” and “ethernet.” The grep command displays only the lines containing specified text.
Multiple Users in Configuration Mode Dell notifies all users when there are multiple users logged in to CONFIGURATION mode. A warning message indicates the username, type of connection (console or VTY), and in the case of a VTY connection, the IP address of the terminal on which the connection was established.
show reset-reason [stack-unit {unit-number | all}] Enter the stack-unit keyword and the stack unit number to view the reason for the last system reboot for that stack unit. Enter the stack-unit keyword and the keyword all to view the reason for the last system reboot of all stack units in the stack.
4 Configuration Cloning Configuration Cloning enables you to clone the configuration from one aggregator to one or more aggregators. You can identify the source aggregator where running configuration is check-pointed, extracted and downloaded to the target aggregator for further use. The target aggregator checks the compatibilities of the cloning file based on the version, mode and optional modules.
• Failure • Cloning detailed status displays a string that gives detailed description of cloning status. When multiple error or warning messages are present, the status is separated by the ; delimiter. • Cloning status codes are useful when there are multiple warning or failure messages. Each warning or failure message is given a code number; this status can list the message codes that can be decoded when the cloning status string could not accommodate all the errors and warnings.
Cloning state (captured in command output) Cloning status (captured in command output) Applicability Warning IOM modes are changed from <> to <> to complete cloning operation. Target Warning Minor release version mismatch Target If the compatibility check passes through, the target aggregator strips the cloning header and proceeds to parsing actual configuration in the cloning-file. It goes through the configuration one by one and checks if any command or feature requires in reboot.
5 Data Center Bridging (DCB) On an I/O Aggregator, data center bridging (DCB) features are auto-configured in standalone mode. You can display information on DCB operation by using show commands. NOTE: DCB features are not supported on an Aggregator in stacking mode.
Data center bridging satisfies the needs of the following types of data center traffic in a unified fabric: • LAN traffic consists of a large number of flows that are generally insensitive to latency requirements, while certain applications, such as streaming video, are more sensitive to latency. Ethernet functions as a best-effort network that may drop packets in case of network congestion.
• A dynamic threshold handles intermittent traffic bursts and varies based on the number of PFC priorities contending for buffers, while a static threshold places an upper limit on the transmit time of a queue after receiving a message to pause a specified priority. PFC traffic is paused only after surpassing both static and dynamic thresholds for the priority specified for the port. • By default, PFC is enabled when you enabled DCB.
Figure 2. Enhanced Transmission Selection The following table lists the traffic groupings ETS uses to select multiprotocol traffic for transmission. Table 4. ETS Traffic Groupings Traffic Groupings Description Priority group A group of 802.1p priorities used for bandwidth allocation and queue scheduling. All 802.1p priority traffic in a group must have the same traffic handling requirements for latency and frame loss. Group ID A 4-bit identifier assigned to each priority group.
Data Center Bridging Exchange Protocol (DCBx) The data center bridging exchange (DCBx) protocol is disabled by default on any switch on which PFC or ETS are enabled. DCBx allows a switch to automatically discover DCB-enabled peers and exchange configuration information. PFC and ETS use DCBx to exchange and negotiate parameters with peer devices. DCBx capabilities include: • Discovery of DCB capabilities on peer-device connections. • Determination of possible mismatch in DCB configuration on a peer link.
• Enhanced transmission selection • Data center bridging exchange protocol • FCoE initialization protocol (FIP) snooping DCB processes virtual local area network (VLAN)-tagged packets and dot1p priority values. Untagged packets are treated with a dot1p priority of 0. For DCB to operate effectively, you can classify ingress traffic according to its dot1p priority so that it maps to different data queues. The dot1p-queue assignments used are shown in the following table.
priority-group group_num {bandwidth percentage | strict-priority} pfc {on | off} Example: priority-group 0 bandwidth 60 pfc off priority-group 1 bandwidth 20 pfc on priority-group 2 bandwidth 20 pfc on priority-group 4 strict-priority pfc off Repeat this step to configure PFC and ETS traffic handling for each priority group. 3 Specify the dot1p priority-to-priority group mapping for each priority. Priority-group range: 0 to 7. All priorities that map to the same queue must be in the same priority group.
You cannot apply a DCB map on an interface that has been already configured for PFC using thepfc priority command or which is already configured for lossless queues (pfc no-drop queues command). Dell# interface tengigabitEthernet 0/0 Dell(config-if-te-0/0)# dcb-map SAN_A_dcb_map1 Repeat Steps 1 and 2 to apply a DCB map to more than one port.
INTERFACE mode dcb-map name 3 Disable PFC. DCB MAP mode no pfc mode on 4 Return to interface configuration mode. DCB MAP mode exit 5 Apply the DCB map, created to disable the PFC operation, on the interface. INTERFACE mode dcb-map {name | default} 6 Configure the port queues that still function as no-drop queues for lossless traffic. Range: 0-3.
Data Center Bridging: Auto-DCB-Enable Mode On an Aggregator in standalone or VLT modes, the default mode of operation for data center bridging on Ethernet ports is auto-DCBenable mode.
dcbx port-role auto-downstream no shutdown Dell# When no DCBx TLVs are received on a DCB-enabled interface for 180 seconds, DCB is automatically disabled and flow control is reenabled. Lossless Traffic Handling In auto-DCB-enable mode, Aggregator ports operate with the auto-detection of DCBx traffic. At any moment, some ports may operate with link-level flow control while others operate with DCB-based PFC enabled.
To configure PFC and apply a PFC input policy to an interface, follow these steps. 1 Create a DCB input policy to apply pause or flow control for specified priorities using a configured delay time. CONFIGURATION mode dcb-input policy-name The maximum is 32 alphanumeric characters. 2 Configure the link delay used to pause specified priority traffic. DCB INPUT POLICY mode pfc link-delay value One quantum is equal to a 512-bit transmission. The range (in quanta) is from 712 to 65535.
9 Repeat Steps 1 to 8 on all PFC-enabled peer interfaces to ensure lossless traffic service. Dell Networking OS Behavior: As soon as you apply a DCB policy with PFC enabled on an interface, DCBx starts exchanging information with PFC-enabled peers. The IEEE802.1Qbb, CEE, and CIN versions of PFC Type, Length, Value (TLV) are supported. DCBx also validates PFC configurations that are received in TLVs from peer devices.
• All 802.1p priorities are enabled for PFC. Queues to which PFC priority traffic is mapped are lossless by default. Traffic may be interrupted due to an interface flap (going down and coming up). • For PFC to be applied on an Aggregator port, the auto-configured priority traffic must be supported by a PFC peer (as detected by DCBx). • A dcb-map for PFC applied to an interface may become invalid if dot1p-queue mapping is reconfigured.
• • • By default: • All 802.1p priorities are grouped in priority group 0. • 100% of the port bandwidth is assigned to priority group 0. The complete bandwidth is equally assigned to each priority class so that each class has 12 to 13%. The maximum number of priority groups supported in ETS output policies on an interface is equal to the number of data queues (4) on the port. The 802.1p priorities in a priority group can map to multiple queues.
Strict-priority groups: If two priority groups have strict-priority scheduling, traffic assigned from the priority group with the higher priority-queue number is scheduled first. However, when three priority groups are used and two groups have strictpriority scheduling (such as groups 1 and 3 in the example), the strict priority group whose traffic is mapped to one queue takes precedence over the strict priority group whose traffic is mapped to two queues.
network administrator must then reconfigure the peer device so that it advertises a compatible DCB configuration. The configuration received from a DCBx peer or from an internally propagated configuration is not stored in the switch’s running configuration. On a DCBx port in an auto-upstream role, the PFC and application priority TLVs are enabled. ETS recommend TLVs are disabled and ETS configuration TLVs are enabled.
Asymmetric DCB parameters are exchanged between a DCBx-enabled port and a peer port without requiring that a peer port and the local port use the same configured values for the configurations to be compatible. For example, ETS uses an asymmetric exchange of parameters between DCBx peers. Symmetric DCB parameters are exchanged between a DCBx-enabled port and a peer port but requires that each configured parameter value be the same for the configurations in order to be compatible.
• The switch reboots. • The link is reset (goes down and up). • The peer times out. • Multiple peers are detected on the link. DCBx operations on a port are performed according to the auto-configured DCBx version, including fast and slow transmit timers and message formats. If a DCBx frame with a different version is received, a syslog message is generated and the peer version is recorded in the peer status table.
Figure 4. DCBx Sample Topology DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port: • DCBx requires LLDP in both send (TX) and receive (RX) modes to be enabled on a port interface. If multiple DCBx peer ports are detected on a local DCBx interface, LLDP is shut down.
DCBx Error Messages The following syslog messages appear when an error in DCBx operation occurs. LLDP_MULTIPLE_PEER_DETECTED: DCBx is operationally disabled after detecting more than one DCBx peer on the port interface. LLDP_PEER_AGE_OUT: DCBx is disabled as a result of LLDP timing out on a DCBx peer interface. DSM_DCBx_PEER_VERSION_CONFLICT: A local port expected to receive the IEEE, CIN, or CEE version in a DCBx TLV from a remote peer but received a different, conflicting DCBx version.
Command Output show interface port-type slot/port pfc statistics Displays counters for the PFC frames received and transmitted (by dot1p priority class) on an interface. show interface port-type slot/port pfc {summary Displays the PFC configuration applied to ingress traffic on an | detail} interface, including priorities and link delay. To clear PFC TLV counters, use the clear pfc counters {stack-unit unit-number | tengigabitethernet slot/port} command.
Example of the show interfaces pfc summary Command Dell# show interfaces tengigabitethernet 0/4 pfc summary Interface TenGigabitEthernet 0/4 Admin mode is on Admin is enabled Remote is enabled, Priority list is 4 Remote Willing Status is enabled Local is enabled Oper status is Recommended PFC DCBx Oper status is Up State Machine Type is Feature TLV Tx Status is enabled PFC Link Delay 45556 pause quantams Application Priority TLV Parameters : -------------------------------------FCOE TLV Tx Status is disable
Fields Description • Init: Local PFC configuration parameters were exchanged with peer. • Recommend: Remote PFC configuration parameters were received from peer. • Internally propagated: PFC configuration parameters were received from configuration source. PFC DCBx Oper status Operational status for exchange of PFC configuration on local port: match (up) or mismatch (down).
Fields Description Error Appln Priority TLV pkts Number of Application Priority error packets received.
Example of the show interface ets detail Command Dell# show interfaces tengigabitethernet Interface TenGigabitEthernet 0/4 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : -----------------Admin is enabled TC-grp Priority# Bandwidth 0 0,1,2,3,4,5,6,7 100% 1 0% 2 0% 3 0% 4 0% 5 0% 6 0% 7 0% 0/4 ets detail TSA ETS ETS ETS ETS ETS ETS ETS ETS Remote Parameters: ------------------Remote is disabled Local Parameters : -----------------Local is enabled PG-grp Prio
Field Description Remote Parameters ETS configuration on remote peer port, including Admin mode (enabled if a valid TLV was received or disabled), priority groups, assigned dot1p priorities, and bandwidth allocation. If the ETS Admin mode is enabled on the remote port for DCBx exchange, the Willing bit received in ETS TLVs from the remote peer is included.
Admin mode is on Admin Parameters: -------------------Admin is enabled TC-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3,4,5,6,7 100% ETS 1 2 3 4 5 6 7 8 Stack unit 1 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters: -------------------Admin is enabled TC-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3,4,5,6,7 100% ETS 1 2 3 4 5 6 7 8 Example of the show interface DCBx detai
---------------DCBX Operational Version is 0 DCBX Max Version Supported is 255 Sequence Number: 2 Acknowledgment Number: 2 2 Input PFC TLV pkts, 3 Output PFC TLV pkts, 0 Error PFC pkts, 0 PFC Pause Tx pkts, 0 Pause Rx pkts 2 Input PG TLV Pkts, 3 Output PG TLV Pkts, 0 Error PG TLV Pkts 2 Input Appln Priority TLV pkts, 0 Output Appln Priority TLV pkts, 0 Error Appln Priority TLV Pkts Total DCBX Frames transmitted 27 Total DCBX Frames received 6 Total DCBX Frame errors 0 Total DCBX Frames unrecognized 0 The fo
Field Description Peer DCBx Status: DCBx Max Version Supported Highest DCBx version supported in Control TLVs received from peer device. Peer DCBx Status: Sequence Number Sequence number transmitted in Control TLVs received from peer device. Peer DCBx Status: Acknowledgment Number Acknowledgement number transmitted in Control TLVs received from peer device. Total DCBx Frames transmitted Number of DCBx frames sent from local port.
Field Description Appln Priority TLV Pkts QoS dot1p Traffic Classification and Queue Assignment DCB supports PFC, ETS, and DCBx to handle converged Ethernet traffic that is assigned to an egress queue according to the following QoS methods: Honor dot1p dot1p priorities in ingress traffic are used at the port or global switch level. Layer 2 class maps dot1p priorities are used to classify traffic in a class map and apply a service policy to an ingress port to map traffic to egress queues.
Reason Description LLDP Rx/Tx is disabled LLDP is disabled (Admin Mode set to rx or tx only) globally or on the interface. Waiting for Peer Waiting for peer or detected peer connection has aged out. Multiple Peer Detected Multiple peer connections detected on the interface. Version Conflict DCBx version on peer version is different than the local or globally configured DCBx version.
Reason Description • Incompatible TC TSA. Configuring the Dynamic Buffer Method To configure the dynamic buffer capability, perform the following steps: 1 Enable the DCB application. By default, DCB is enabled and link-level flow control is disabled on all interfaces. CONFIGURATION mode S6000-109-Dell(conf)#dcb enable 2 Configure the shared PFC buffer size and the total buffer size. A maximum of 4 lossless queues are supported.
Dell (conf-qos-policy-buffer)# queue 4 pause no-drop buffer-size 128000 pause-threshold 103360 resume-threshold 83520 70 Data Center Bridging (DCB)
6 Dynamic Host Configuration Protocol (DHCP) The Aggregator is auto-configured to operate as a dynamic host configuration protocol (DHCP) client. The DHCP server, DHCP relay agent, and secure DHCP features are not supported. The DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators.
3 The client broadcasts a DHCPREQUEST message in response to the offer, requesting the offered values. 4 After receiving a DHCPREQUEST, the server binds the clients’ unique identifier (the hardware address plus IP address) to the accepted configuration parameters and stores the data in a database called a binding table. The server then broadcasts a DHCPACK message, which signals to the client that it may begin using the assigned parameters.
Dell Networking OS Behavior: DHCP is implemented in Dell Networking OS based on RFC 2131 and 3046. Debugging DHCP Client Operation To enable debug messages for DHCP client operation, enter the following debug commands: • Enable the display of log messages for all DHCP packets sent and received on DHCP client interfaces.
Dell#1w2d23h: %STKUNIT0-M:CP %DHCLIENT-5-DHCLIENT-LOG: DHCLIENT_DBG_EVT: Interface Ma 0/0 :DHCP RELEASE CMD Received in state BOUND 1w2d23h: %STKUNIT0-M:CP %DHCLIENT-5-DHCLIENT-LOG: DHCLIENT_DBG_PKT: DHCP RELEASE sent in Interface Ma 0/0 1w2d23h: %STKUNIT0-M:CP %DHCLIENT-5-DHCLIENT-LOG: DHCLIENT_DBG_EVT: Interface Ma 0/0 :Transitioned to state STOPPED 1w2d23h: %STKUNIT0-M:CP %DHCLIENT-5-DHCLIENT-LOG: DHCLIENT_DBG_EVT: Interface Ma 0/0 :DHCP IP RELEASED CMD sent to FTOS in state STOPPED Dell# renew dhcp int
You can override the DHCP-assigned address on the OOB management interface by manually configuring an IP address using the CLI or CMC interface. If no user-configured IP address exists for the OOB interface exists and if the OOB IP address is not in the startup configuration, the Aggregator will automatically obtain it using DHCP. You can also manually configure an IP address for the VLAN 1 default management interface using the CLI.
NOTE: Management routes added by the DHCP client include the specific routes to reach a DHCP server in a different subnet and the management route. DHCP Client on a VLAN The following conditions apply on a VLAN that operates as a DHCP client: • • The default VLAN 1 with all ports auto-configured as members is the only L3 interface on the Aggregator.
Option Number and Description DHCP Message Type Option 53 • 1: DHCPDISCOVER • 2: DHCPOFFER • 3: DHCPREQUEST • 4: DHCPDECLINE • 5: DHCPACK • 6: DHCPNACK • 7: DHCPRELEASE • 8: DHCPINFORM Parameter Request List Option 55 Renewal Time Option 58 Clients use this option to tell the server which parameters it requires. It is a series of octets where each octet is DHCP option code.
• Insert Option 82 into DHCP packets. CONFIGURATION mode int ma 0/0 ip add dhcp relay information-option remote-id For routers between the relay agent and the DHCP server, enter the trust-downstream option. Releasing and Renewing DHCP-based IP Addresses On an Aggregator configured as a DHCP client, you can release a dynamically-assigned IP address without removing the DHCP client operation on the interface. To manually acquire a new IP address from the DHCP server, use the following command.
Example of the show ip dhcp lease Command Dell# show ip dhcp Interface Lease-IP Def-Router ServerId State Lease Obtnd At Lease Expires At ========= ======== ========= ======== ===== ============== ================ Ma 0/0 0.0.0.0/0 0.0.0.0 0.0.0.0 INIT -----NA--------NA---Vl 1 10.1.1.254/24 0.0.0.0 Renew Time ========== ----NA---08-26-2011 16:21:50 10.1.1.
7 FIP Snooping This chapter describes about the FIP snooping concepts and configuration procedures.
FIP enables FCoE devices to discover one another, initialize and maintain virtual links over an Ethernet network, and access storage devices in a storage area network. FIP satisfies the Fibre Channel requirement for point-to-point connections by creating a unique virtual link for each connection between an FCoE end-device and an FCF via a transit switch. FIP provides a functionality for discovering and logging in to an FCF.
FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF. An Ethernet bridge that provides these functions is called a FIP snooping bridge (FSB). On a FIP snooping bridge, ACLs are created dynamically as FIP login frames are processed.
Figure 8. FIP Snooping on an Aggregator The following sections describes how to configure the FIP snooping feature on a switch that functions as a FIP snooping bridge so that it can perform the following functions: • Performs FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis. • Set the FCoE MAC address prefix (FC-MAP) value used by an FCF to assign a MAC address to an ECoE end-device (server ENode or storage device) after a server successfully logs in.
How FIP Snooping is Implemented As soon as the Aggregator is activated in an M1000e chassis as a switch-bridge, existing VLAN-specific and FIP snooping autoconfigurations are applied. The Aggregator snoops FIP packets on VLANs enabled for FIP snooping and allows legitimate sessions. By default, all FCoE and FIP frames are dropped unless specifically permitted by existing FIP snooping-generated ACLs.
• VLAN membership: • The Aggregator auto-configures the VLANs which handle FCoE traffic. You can reconfigure VLAN membership on a port (vlan tagged command). • Each FIP snooping port is auto-configured to operate in Hybrid mode so that it accepts both tagged and untagged VLAN frames. • Tagged VLAN membership is auto-configured on each FIP snooping port that sends and receives FCoE traffic and has links with an FCF, ENode server or another FIP snooping bridge.
INTERFACE or CONFIGURATION mode fip-snooping port-mode fcf NOTE: All these configurations are available only in PMUX mode. NOTE: To disable the FIP snooping feature or FIP snooping on VLANs, use the no version of a command; for example, no feature fip-snooping or no fip-snooping enable. . Displaying FIP Snooping Information Use the show commands from the table below, to display information on FIP snooping. Table 6.
aa:bb:cc:00:00:00 aa:bb:cc:00:00:00 aa:bb:cc:00:00:00 aa:bb:cc:00:00:00 Te Te Te Te 0/42 0/42 0/42 0/42 FCoE MAC 0e:fc:00:01:00:01 0e:fc:00:01:00:02 0e:fc:00:01:00:03 0e:fc:00:01:00:04 0e:fc:00:01:00:05 FC-ID 01:00:01 01:00:02 01:00:03 01:00:04 01:00:05 aa:bb:cd:00:00:00 aa:bb:cd:00:00:00 aa:bb:cd:00:00:00 aa:bb:cd:00:00:00 Te Te Te Te Port WWPN 31:00:0e:fc:00:00:00:00 41:00:0e:fc:00:00:00:00 41:00:0e:fc:00:00:00:01 41:00:0e:fc:00:00:00:02 41:00:0e:fc:00:00:00:03 0/43 0/43 0/43 0/43 100 100 100 100
------54:7f:ee:37:34:40 2 ------------Po 22 ---100 -----0e:fc:00 -------------4000 ------------- show fip-snooping fcf Command Description Field Description FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session. FC-MAP FC-Map value advertised by the FCF. ENode Interface Slot/ number of the interface connected to the ENode.
Number of VN Port Session Timeouts Number of Session failures due to Hardware Config :0 :0 show fip-snooping statistics (port channel) Command Example Dell# show fip-snooping statistics interface port-channel 22 Number of Vlan Requests :0 Number of Vlan Notifications :2 Number of Multicast Discovery Solicits :0 Number of Unicast Discovery Solicits :0 Number of FLOGI :0 Number of FDISC :0 Number of FLOGO :0 Number of Enode Keep Alive :0 Number of VN Port Keep Alive :0 Number of Multicast Discovery Advertis
Field Description Number of FDISC Accepts Number of FIP FDISC accept frames received on the interface. Number of FDISC Rejects Number of FIP FDISC reject frames received on the interface. Number of FLOGO Accepts Number of FIP FLOGO accept frames received on the interface. Number of FLOGO Rejects Number of FIP FLOGO reject frames received on the interface. Number of CVLs Number of FIP clear virtual link frames received on the interface.
FIP Snooping Example The below illustration shows an Aggregator used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 9. FIP Snooping on an Aggregator In tbe above figure, DCBX and PFC are enabled on the Aggregator (FIP snooping bridge) and on the FCF ToR switch. On the FIP snooping bridge, DCBX is configured as follows: • A server-facing port is configured for DCBX in an auto-downstream role.
Debugging FIP Snooping To enable debug messages for FIP snooping events, enter the debug fip-snooping command.. 1 Enable FIP snooping debugging on for all or a specified event type, where: • all enables all debugging options. • acl enables debugging only for ACL-specific events. • error enables debugging only for error conditions. • ifm enables debugging only for IFM events. • info enables debugging only for information events. • ipc enables debugging only for IPC events.
8 Internet Group Management Protocol (IGMP) On an Aggregator, IGMP snooping is auto-configured. You can display information on IGMP by using show ip igmp command. Multicast is based on identifying many hosts by a single destination IP address. Hosts represented by the same IP address are a multicast group. The internet group management protocol (IGMP) is a Layer 3 multicast protocol that hosts use to join or leave a multicast group.
Figure 10. IGMP Version 2 Packet Format Joining a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier, or it may send an unsolicited report to its querier. • • Responding to an IGMP Query. • One router on a subnet is elected as the querier. The querier periodically multicasts (to all-multicast-systems address 224.0.0.1) a general query to all hosts on the subnet.
To accommodate these protocol enhancements, the IGMP version 3 packet structure is different from version 2. Queries (shown below in query packet format) are still sent to the all-systems address 224.0.0.1, but reports (shown below in report packet format) are sent to all the IGMP version 3 — capable multicast routers address 224.0.0.22. Figure 11. IGMP version 3 Membership Query Packet Format Figure 12.
Figure 13. IGMP Membership Reports: Joining and Filtering Leaving and Staying in Groups The below illustration shows how multicast routers track and refreshes the state change in response to group-and-specific and general queries. • Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 are no longer necessary.
IGMP Snooping IGMP snooping is auto-configured on an Aggregator. Multicast packets are addressed with multicast MAC addresses, which represents a group of devices rather than one unique device. Switches forward multicast frames out of all ports in a VLAN by default, even if there are only a small number of interested hosts, resulting in a waste of bandwidth.
Command Output show ip igmp snooping interface [interface] Displays IGMP information on IGMP-enabled interfaces. show ip igmp snooping mrouter [vlan vlan-number] Displays information on IGMP-enabled multicast router (mrouter) interfaces. clear ip igmp snooping groups [groupaddress | interface] Clears IGMP information for group addresses and IGMP-enabled interfaces.
Vlan 3 is up, line protocol is down Inbound IGMP access group is not set Interface IGMP group join rate limit is not set IGMP snooping is enabled on interface IGMP Snooping query interval is 60 seconds IGMP Snooping querier timeout is 125 seconds IGMP Snooping last member query response interval is 1000 ms IGMP snooping fast-leave is disabled on this interface IGMP snooping querier is disabled on this interface --More-show ip igmp snooping mrouter Command Example Dell# show ip igmp snooping mrouter Interfac
9 Interfaces This chapter describes 100/1000/10000 Mbps Ethernet, 10 Gigabit Ethernet, and 40 Gigabit Ethernet interface types, both physical and logical, and how to configure them with the Dell Networking Operating Software (OS).
• Setting the Speed and Duplex Mode of Ethernet Interfaces • Auto-Negotiation on Ethernet Interfaces • Viewing Interface Information • Enabling the Management Address TLV on All Interfaces of an Aggregator • Enhanced Validation of Interface Ranges • Enhanced Control of Remote Fault Indication Processing Interface Auto-Configuration An Aggregator auto-configures interfaces as follows: • • All interfaces operate as layer 2 interfaces at 10GbE in standalone mode.
Viewing Interface Information To view interface status and auto-configured parameters use show commands. The show interfaces command in EXEC mode lists all configurable interfaces on the chassis and has options to display the interface status, IP and MAC addresses, and multiple counters for the amount and type of traffic passing through the interface. If you configure a port channel interface, the show interfaces command lists the interfaces configured in the port channel.
service timestamps log datetime ! hostname FTOS ! username root password 7 d7acc8a1dcd4f698 privilege 15 mac-address-table aging-time 300 ! stack-unit 1 provision I/O-Aggregator ! stack-unit 1 port 33 portmode quad ! stack-unit 1 port 37 portmode quad --More-- Disabling and Re-enabling a Physical Interface By default, all port interfaces on an Aggregator are operationally enabled (no shutdown) to send and receive Layer 2 traffic.
interface TenGigabitEthernet 0/1 mtu 12000 portmode hybrid switchport auto vlan ! protocol lldp advertise management-tlv system-name dcbx port-role auto-downstream no shutdown Dell(conf-if-te-0/1)# To view the interfaces in Layer 2 mode, use the show interfaces switchport command in EXEC mode. Management Interfaces An Aggregator auto-configures with a DHCP-based IP address for in-band management on VLAN 1 and remote out-of-band (OOB) management.
To configure an IP address on a management interface, use either of the following commands in MANAGEMENT INTERFACE mode: 1 Configure an IP address and mask on the interface. • ip-address mask: enter an address in dotted-decimal format (A.B.C.D), the mask must be in /prefix format (/x) INTERFACE mode ip address ip-address mask 2 Acquire an IP address from the DHCP server.
untagged commands in INTERFACE configuration mode (Configuring VLAN Membership). Physical Interfaces and port channels can be members of VLANs. NOTE: You can assign a static IP address to default VLAN 1 using the ip address command. To assign a different VLAN ID to the default VLAN, use the default vlan-id vlan-id command. Following table lists out the VLAN defaults in Dell Networking OS: Table 8.
The tag header contains some key information used by Dell Networking OS: • The VLAN protocol identifier identifies the frame as tagged according to the IEEE 802.1Q specifications (2 bytes). • Tag control information (TCI) includes the VLAN ID (2 bytes total). The VLAN ID can have 4,096 values, but two are reserved. NOTE: The insertion of the tag header into the Ethernet frame increases the size of the frame to more than the 1518 bytes specified in the IEEE 802.3 standard.
VLAN 2 and port 0/4 is an untagged member of VLAN 3, the resulting LAG consisting of the two ports is an untagged member of VLAN 2 and a tagged member of VLAN 3.
Adding an Interface to an Untagged VLAN To move an untagged interfaces from the default VLAN to another VLAN, use the vlan untagged command as shown in the below figure.
4 Initialize the port-channel with configurations such as admin up, portmode, and switchport. Dell#configure Dell(conf)#int port-channel 128 Dell(conf-if-po-128)#portmode hybrid Dell(conf-if-po-128)#switchport 5 Configure the tagged VLANs 10 through 15 and untagged VLAN 20 on this port-channel. Dell(conf-if-po-128)#vlan tagged 10-15 Dell(conf-if-po-128)# Dell(conf-if-po-128)#vlan untagged 20 6 Show the running configurations on this port-channel.
• Server-facing interfaces (ports 1 to 32) auto-configure in LAGs (1 to 127) according to the NIC teaming configuration on the connected servers. Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad. . NOTE: A port channel may also be referred to as a link aggregation group (LAG). Port Channel Definitions and Standards Link aggregation is defined by IEEE 802.
is a TenGigabit Ethernet interface, all interfaces at 1000 Mbps are kept up, and all 100/1000/10000 interfaces that are not set to 1000 Mbps speed or auto negotiate are disabled. 1GbE and 10GbE Interfaces in Port Channels When both Gigabit and TenGigabitEthernet interfaces are added to a port channel, the interfaces must share a common speed. When interfaces have a configured speed different from the port channel speed, the software disables those interfaces.
In this example, the Port-channel 1 is a dynamically created port channel based on the NIC teaming configuration in connected servers learned via LACP. Also, the Port-channel 128 is the default port channel to which all the uplink ports are assigned by default.
Interface Range An interface range is a set of interfaces to which other commands may be applied, and may be created if there is at least one valid interface within the range. Bulk configuration excludes from configuring any non-existing interfaces from an interface range. A default VLAN may be configured only if the interface range being configured consists of only VLAN ports.
Exclude a Smaller Port Range If the interface range has multiple port ranges, the smaller port range is excluded from the prompt. Interface Range Prompt Excluding a Smaller Port Range Dell(conf)#interface range tengigabitethernet 2/0 - 23 , tengigab 2/1 - 10 Dell(conf-if-range-te-2/0-23)# Overlap Port Ranges If overlapping port ranges are specified, the port range is extended to the smallest start port number and largest end port number.
Dell Networking OS uptime is 1 day(s), 4 hour(s), 31 minute(s) Monitor time: 00:00:00 Refresh Intvl.
Configuring wavelength for 10–Gigabit SFP+ optics You can set the wavelength for tunable 10–Gigabit SFP+ optics using the wavelength command. To set the wavelength, follow these steps: • Enter the interface mode and set the wavelength. INTERFACE mode wavelength 1529.0 • The wavelength range is from 1528.3 nm to 1568.77nm. Verify configuration changes.
The flow control sender and receiver must be on the same port-pipe. Flow control is not supported across different port-pipes. (also refer to iSCSI Optimization: Operation). NOTE: After you disable DCB, if link-level flow control is not automatically enabled on an interface, to enable flow control, manually shut down the interface (shutdown command) and re-enable it (no shutdown command). To enable pause frames, use the following command. • Control how the system responds to and generates 802.
For example, if the members have a link MTU of 2100 and an IP MTU 2000, the port channel’s MTU values cannot be higher than 2100 for link MTU or 2000 bytes for IP MTU. VLANs: • All members of a VLAN must have the same IP MTU value. • Members can have different link MTU values. Tagged members must have a link MTU 4 bytes higher than untagged members to account for the packet tag. • The VLAN link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configured on the VLAN members.
INTERFACE mode show config Example of the show interfaces status Command to View Link Status Example of Setting Port Speed and Disabling Auto-Negotiation NOTE: The show interfaces status command displays link status, but not administrative status. For both link and administrative status, use the show ip interface [interface | brief] [configuration] command.
EXEC Privilege mode show interfaces [interface] status 2 Determine the remote interface status. EXEC mode EXEC Privilege mode [Use the command on the remote system that is equivalent to the above command.] 3 Access CONFIGURATION mode. EXEC Privilege mode config 4 Access the port. CONFIGURATION mode interface interface slot/port 5 Set the local port speed. INTERFACE mode speed {100 | 1000 | 10000 | auto} 6 Optionally, set full- or half-duplex.
Te 0/13 [output omitted] Down Auto Auto -- In the above example, several ports display “Auto” in the speed field, including port 0/1. Now, in the below example, the speed of port 0/1 is set to 100 Mb and then its auto-negotiation is disabled.
negotiation auto interface-config Supported mode Not Not supported supported(Sh ould some error message be thrown?) Not supported duplex half interface-config Supported mode CLI not available CLI not available Invalid Input error- CLI not available duplex full interface-config Supported mode CLI not available CLI not available Invalid Input error-CLI not available Error messages not thrown wherever it says not supported Setting Auto-Negotiation Options: Dell(conf)# int tengig 0/1 Dell(conf-if
Name: TenGigabitEthernet 13/2 802.1QTagged: True Vlan membership: Vlan 2 Name: TenGigabitEthernet 13/3 802.1QTagged: True Vlan membership: Vlan 2 --More-- Clearing Interface Counters The counters in the show interfaces command are reset by the clear counters command. This command does not clear the counters captured by any SNMP program.
can associate multicast MAC or hardware addresses to an interface range and VLANs by using the mac-address-table static multicast-mac-address vlan vlan-id output-range interface command. Enhanced Control of Remote Fault Indication Processing By default, the M I/O Aggregator module processes RFI errors transmitted by remote peers and brings down the interface when an RFI error is detected. You must enter the interface configuration mode before configuring Remote Fault Indication (RFI).
10 iSCSI Optimization An Aggregator enables internet small computer system interface (iSCSI) optimization with default iSCSI parameter settings(Default iSCSI Optimization Values) and is auto-provisioned to support: iSCSI Optimization: Operation To display information on iSCSI configuration and sessions, use show commands. iSCSI optimization enables quality-of-service (QoS) treatment for iSCSI traffic.
• • • • If you configured flow-control, iSCSI uses the current configuration. If you did not configure flow-control, iSCSI auto-configures flow control. iSCSI monitoring sessions — the switch monitors and tracks active iSCSI sessions in connections on the switch, including port information and iSCSI session information. iSCSI QoS — A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic.
You can configure the switch to monitor traffic for additional port numbers or a combination of port number and target IP address, and you can remove the well-known port numbers from monitoring.
The following message displays when you enable iSCSI on a switch and describes the configuration changes that are automatically performed: %STKUNIT0-M:CP %IFMGR-5-IFM_ISCSI_ENABLE: iSCSI has been enabled causing flow control to be enabled on all interfaces. EQL detection and enabling iscsi profile-compellent on an interface may cause some automatic configurations to occur like jumbo frames on all ports and no storm control and spanning tree port-fast on the port of detection.
Initiator:iqn.2010-11.com.ixia.ixload:initiator-iscsi-2c Up Time:00:00:01:28(DD:HH:MM:SS) Time for aging out:00:00:09:34(DD:HH:MM:SS) ISID:806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCPPort ID 10.10.0.44 33345 10.10.0.101 3260 0 Session 1 : ----------------------------------------------------------------------------Target:iqn.2010-11.com.ixia:ixload:iscsi-TG1 Initiator:iqn.2010-11.com.ixia.
11 Isolated Networks for Aggregators An Isolated Network is an environment in which servers can only communicate with the uplink interfaces and not with each other even though they are part of same VLAN. If the servers in the same chassis need to communicate with each other, it requires a non-isolated network connectivity between them or it needs to be routed in the TOR. Isolated Networks can be enabled on per VLAN basis.
12 Link Aggregation Unlike IOA Automated modes (Standalone and VLT modes), the IOA Programmable MUX (PMUX) can support multiple uplink LAGs. You can provision multiple uplink LAGs. The I/O Aggregator auto-configures with link aggregation groups (LAGs) as follows: • All uplink ports are automatically configured in a single port channel (LAG 128).
The Dell Networking OS implementation of LACP is based on the standards specified in the IEEE 802.3: “Carrier sense multiple access with collision detection (CSMA/CD) access method and physical layer specifications.” LACP functions by constantly exchanging custom MAC protocol data units (PDUs) across local area network (LAN) Ethernet links. The protocol packets are only exchanged between ports that you configure as LACP-capable.
Auto-Configured LACP Timeout LACP PDUs are exchanged between port channel (LAG) interfaces to maintain LACP sessions. LACP PDUs are transmitted at a slow or fast transmission rate, depending on the LACP timeout value configured on the partner system. The timeout value is the amount of time that a LAG interface waits for a PDU from the partner system before bringing the LACP session down. The default timeout is long-timeout (30 seconds) and is not user-configurable on the Aggregator.
Link Aggregation Control Protocol (LACP) The commands for Dell Networks’s implementation of the link aggregation control protocol (LACP) for creating dynamic link aggregation groups (LAGs) — known as port-channels in the Dell Networking OS — are provided in the following sections. NOTE: For static LAG commands, refer to the Interfaces chapter), based on the standards specified in the IEEE 802.3 Carrier sense multiple access with collision detection (CSMA/CD) access method and physical layer specifications.
• mtu • ip mtu (if the interface is on a Jumbo-enabled by default) NOTE: A logical port channel interface cannot have flow control. Flow control can only be present on the physical interfaces if they are part of a port channel. To view the interface’s configuration, enter INTERFACE mode for that interface and use the show config command or from EXEC Privilege mode, use the show running-config interface interface command.
Received 0 input symbol errors, 0 runts, 0 giants, 0 throttles 42 CRC, 0 IP Checksum, 0 overrun, 0 discarded 2456590833 packets output, 203958235255 bytes, 0 underruns Output 1640 Multicasts, 56612 Broadcasts, 2456532581 Unicasts 2456590654 IP Packets, 0 Vlans, 0 MPLS 0 throttles, 0 discarded Rate info (interval 5 minutes): Input 00.01Mbits/sec, 2 packets/sec Output 81.
Example of Moving an Interface to a New Port Channel The following example shows moving the TenGigabitEthernet 0/8 interface from port channel 4 to port channel 3.
Dell(conf-if-te-0/1)# vlan tagged 2-5,100,4010 Dell#show interfaces switchport te 0/1 Codes: U x G i - Untagged, T - Tagged Dot1x untagged, X - Dot1x tagged GVRP tagged, M - Trunk, H - VSN tagged Internal untagged, I - Internal tagged, v - VLT untagged, V - VLT tagged Name: TenGigabitEthernet 0/1 802.1QTagged: True Vlan membership: Q Vlans T 2-5,100,4010 Dell# Deleting or Disabling a Port Channel To delete or disable a port channel, use the following commands. • Delete a port channel.
In VLT mode, the interface level auto LAG configuration is not synced to the peer. Only the global auto LAG is synced to the peer. 3 View the auto LAG configurations. EXEC mode show io-aggregator auto-lag status Dell# show io-aggregator auto-lag status Auto LAG creation on server port(s) is enabled For the interface level auto LAG configurations, use the show interface command.
! interface TenGigabitEthernet 0/1 mtu 12000 portmode hybrid switchport no auto-lag enable ! protocol lldp advertise management-tlv management-address system-name dcbx port-role auto-downstream no shutdown Dell# Configuring the Minimum Number of Links to be Up for Uplink LAGs to be Active You can activate the LAG bundle for uplink interfaces or ports (the uplink port-channel is LAG 128) on the I/O Aggregator only when a minimum number of member interfaces of the LAG bundle is up.
0 throttles, 0 discarded, 0 collisions, 0 wreddrops Rate info (interval 299 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 05:22:28 Optimizing Traffic Disruption Over LAG Interfaces On IOA Switches in VLT Mode When you use the write memory command while an Aggregator operates in VLT mode, the VLT LAG configurations are saved in nonvolatile storage (NVS).
Enabling the Verification of Member Links Utilization in a LAG Bundle To examine the working efficiency of the LAG bundle interfaces, perform the following steps: 1 The functionality to detect the working efficiency of the LAG bundle interfaces is automatically activated on all the port channels, except the port channel that is configured as a VLT interconnect link, during the booting of the switch.
You can also use the show running-configuration interface port-channel command in EXEC Privilege mode to view whether the mechanism to evaluate the utilization of the member interfaces of the LAG bundle is enabled.
LACP LAG 128 is an aggregatable link LACP LAG 128 is a normal LAG A E I L O - Active LACP, B - Passive LACP, C - Short Timeout, D - Long Timeout Aggregatable Link, F - Individual Link, G - IN_SYNC, H - OUT_OF_SYNC Collection enabled, J - Collection disabled, K - Distribution enabled Distribution disabled, M - Partner Defaulted, N - Partner Non-defaulted, Receiver is in expired state, P - Receiver is not in expired state Port Te 0/41 is enabled, LACP is enabled and mode is lacp Port State: Bundle Actor Ad
Oper: State ADEHJLMP Key 128 Priority 32768 Partner is not present Port Te 0/51 is disabled, LACP is disabled and mode is lacp Port State: Bundle Actor Admin: State ADEHJLMP Key 128 Priority 32768 Oper: State ADEHJLMP Key 128 Priority 32768 Partner is not present Port Te 0/52 is disabled, LACP is disabled and mode is lacp Port State: Bundle Actor Admin: State ADEHJLMP Key 128 Priority 32768 Oper: State ADEHJLMP Key 128 Priority 32768 Partner is not present Port Te 0/53 is disabled, LACP is disabled and mode
0 throttles, 0 discarded, 0 collisions, 0 wreddrops Rate info (interval 299 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 00:12:38 show lacp 1 Command Example Dell# show lacp 1 Port-channel 1 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e8e1.e1c3 Partner System ID: Priority 65535, Address 24b6.fd87.
L LAG 10 L 11 Dell# 4 O - OpenFlow Controller Port-channel Mode Status Uptime Ports L3 up 00:01:00 Te 0/41 (Up) L3 (Up) up 00:00:01 Te 0/43 Te 0/42 (Up) Configure the port mode, VLAN, and so forth on the port-channel.
Te 0/35 Te 0/36 obsolete after a save and reload. [confirm yes/no]:yes Please save and reset unit 0 for the changes to take effect. Dell(conf)#no stack-unit 0 port 37 portmode quad Disabling quad mode on stack-unit 0 port 37 will make interface configs of Te 0/37 Te 0/38 Te 0/39 Te 0/40 obsolete after a save and reload. [confirm yes/no]:yes Please save and reset unit 0 for the changes to take effect.
Dell# Dell(conf)#int port-channel 20 Dell(conf-if-po-20)#vlan tagged 1000 Dell(conf-if-po-20)# Dell(conf-if-po-21)#vlan tagged 1000 % Error: Same VLAN cannot be added to more than one uplink port/LAG. Dell(conf-if-po-21)#vlan tagged 1001 Dell(conf-if-po-21)# 6 Show the VLAN status.
13 Layer 2 The Aggregator supports CLI commands to manage the MAC address table: • Clearing the MAC Address Entries • Displaying the MAC Address Table The Aggregator auto-configures with support for Network Interface Controller (NIC) Teaming. NOTE: On an Aggregator, all ports are configured by default as members of all (4094) VLANs, including the default VLAN. All VLANs operate in Layer 2 mode.
clear mac-address-table dynamic {address | all | interfaces | vlan} • address: deletes the specified entry. • all: deletes all dynamic entries. • interface: deletes all entries for the specified interface. • vlan: deletes all entries for the specified VLAN. Displaying the MAC Address Table To display the MAC address table, use the following command. • Display the contents of the MAC address table. EXEC Privilege mode NOTE: This command is available only in PMUX mode.
Figure 18. Redundant NOCs with NIC Teaming MAC Address Station Move When you use NIC teaming, consider that the server MAC address is originally learned on Port 0/1 of the switch (see figure below). If the NIC fails, the same MAC address is learned on Port 0/5 of the switch. The MAC address is disassociated with one port and re-associated with another in the ARP table; in other words, the ARP entry is “moved”. The Aggregator is auto-configured to support MAC Address station moves.
Figure 19. MAC Address Station Move MAC Move Optimization Station-move detection takes 5000ms because this is the interval at which the detection algorithm runs.
14 Link Layer Discovery Protocol (LLDP) Link layer discovery protocol (LLDP) advertises connectivity and management from the local station to the adjacent stations on an IEEE 802 LAN. LLDP facilitates multi-vendor interoperability by using standard management tools to discover and make available a physical topology for network management. The Dell Networking operating software implementation of LLDP is based on IEEE standard 801.1ab.
Figure 20. Type, Length, Value (TLV) Segment TLVs are encapsulated in a frame called an LLDP data unit (LLDPDU), which is transmitted from one LLDP-enabled device to its LLDPenabled neighbors. LLDP is a one-way protocol. LLDP-enabled devices (LLDP agents) can transmit and/or receive advertisements, but they cannot solicit and do not respond to advertisements. There are five types of TLVs (as shown in the below table). All types are mandatory in the construction of an LLDPDU except Optional TLVs.
Configure LLDP Configuring LLDP is a two-step process. 1 Enable LLDP globally. 2 Advertise TLVs out of an interface. Related Configuration Tasks • Viewing the LLDP Configuration • Viewing Information Advertised by Adjacent LLDP Agents • Configuring LLDPDU Intervals • Configuring a Time to Live • Debugging LLDP Important Points to Remember • LLDP is enabled by default. • Dell Networking systems support up to eight neighbors per interface.
mode LLDP mode configuration (default = rx and tx) multiplier LLDP multiplier configuration no Negate a command or set its defaults show Show LLDP configuration Dell(conf-if-te-0/3-lldp)# Enabling LLDP LLDP is enabled by default. Enable and disable LLDP globally or per interface. If you enable LLDP globally, all UP interfaces send periodic LLDPDUs. To enable LLDP, use the following command. 1 Enter Protocol LLDP mode. CONFIGURATION or INTERFACE mode protocol lldp 2 Enable LLDP.
• For TIA-1057 TLVs: • guest-voice • guest-voice-signaling • location-identification • power-via-mdi • softphone-voice • streaming-video • video-conferencing • video-signaling • voice • voice-signaling In the following example, LLDP is enabled globally. R1 and R2 are transmitting periodic LLDPDUs that contain management, 802.1, and 802.3 TLVs. Figure 22.
Figure 23. Organizationally Specific TLVs IEEE Organizationally Specific TLVs Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs. Table 15. Optional TLV Types Type TLV Description 4 Port description A user-defined alphanumeric string that describes the port. The Dell Networking OS does not currently support this TLV.
Type TLV Description whether the current settings are the result of auto-negotiation. This TLV is not available in the Dell Networking OS implementation of LLDP, but is available and mandatory (nonconfigurable) in the LLDP-MED implementation. 127 Power via MDI Dell Networking supports the LLDP-MED protocol, which recommends that Power via MDI TLV be not implemented, and therefore Dell Networking implements Extended Power via MDI TLV only.
Bit Position TLV Dell Networking OS Support 5 Inventory No 6–15 reserved No Table 17. LLDP-MED Device Types Value Device Type 0 Type Not Defined 1 Endpoint Class 1 2 Endpoint Class 2 3 Endpoint Class 3 4 Network Connectivity 5–255 Reserved LLDP-MED Network Policies TLV A network policy in the context of LLDP-MED is a device’s VLAN configuration and associated Layer 2 and Layer 3 configurations.
Type Application Description 5 Softphone Voice Specify this application type only if guest voice control packets use a separate network policy than voice data. 6 Video Conferencing Specify this application type for dedicated video conferencing and other similar appliances supporting real-time interactive video. 7 Streaming Video Specify this application type for dedicated video conferencing and other similar appliances supporting real-time interactive video.
• LLDPDUs are transmitted and received by default. LLDPDUs are transmitted periodically. The default interval is 30 seconds. • LLDPDU information received from a neighbor expires after the default Time to Live (TTL) value: 120 seconds. • Dell Networking OS supports up to eight neighbors per interface. • Dell Networking OS supports a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the maximum, the system does not configure more than 8000.
Viewing Unrecognized LLDP TLVs You can view or retrieve the stored unrecognized (reserved and organizational specific) TLVs using the show lldp neighbor details command. For more details, see Viewing Information Advertised by Adjacent LLDP Neighbors. View all the LLDP TLV information including unrecognized TLVs, using the snmpwalk and snmpget commands. For more details, see MIB Support to Display Unrecognized LLDP TLVs.
Example of Viewing Brief Information Advertised by Neighbors R1(conf-if-te-1/31-lldp)#end R1(conf-if-te-1/31)#do show lldp neighbors Loc PortID Rem Host Name Rem Port Id Rem Chassis Id ------------------------------------------------------------------------Te 0/2 00:00:c9:b1:3b:82 00:00:c9:b1:3b:82 Te 0/3 00:00:c9:ad:f6:12 00:00:c9:ad:f6:12 Example of Viewing Details Advertised by Neighbors Dell#show lldp neighbors detail ======================================================================== Local Interfa
CONFIGURATION mode or INTERFACE mode hello Example of Viewing LLDPDU Intervals Dell#conf Dell(conf)#protocol lldp Dell(conf-lldp)#show config ! protocol lldp Dell(conf-lldp)#hello ? <5-180> Hello interval in seconds (default=30) Dell(conf-lldp)#hello 10 Dell(conf-lldp)#show config ! protocol lldp hello 10 Dell(conf-lldp)# Dell(conf-lldp)#no hello Dell(conf-lldp)#show config ! protocol lldp Dell(conf-lldp)# Configuring a Time to Live The information received from a neighbor expires after a specific amount o
advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)# Clearing LLDP Counters You can clear LLDP statistics that are maintained on an Aggregator for LLDP counters for frames transmitted to and received from neighboring devices on all or a specified physical interface. To clear LLDP counters, enter the clear lldp counters command. 1 Clear counters for LLDP frames sent to and received from neighboring devices on all Aggregator interfaces or on a specified interface.
Figure 27. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networkings OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • Received and transmitted TLVs • LLDP configuration on the local agent • IEEE 802.1AB Organizationally Specific TLVs • Received and transmitted LLDP-MED TLVs Table 19.
MIB Object Category LLDP Variable LLDP MIB Object Description Basic TLV Selection mibBasicTLVsTxEnable lldpPortConfigTLVsTxEnable Indicates which management TLVs are enabled for system ports. mibMgmtAddrInstanceTxEnable lldpManAddrPortsTxEnable The management addresses defined for the system and the ports through which they are enabled for transmission.
TLV Type TLV Name TLV Variable System LLDP MIB Object 7 System Capabilities system capabilities Local lldpLocSysCapSupported Remote lldpRemSysCapSupported Local lldpLocSysCapEnabled Remote lldpRemSysCapEnabled Local lldpLocManAddrLen Remote lldpRemManAddrLen Local lldpLocManAddrSubtype Remote lldpRemManAddrSubtype Local lldpLocManAddr Remote lldpRemManAddr Local lldpLocManAddrIfSubtype Remote lldpRemManAddrIfSubtype Local lldpLocManAddrIfId Remote lldpRemManAddrIfId Local
TLV Type TLV Name TLV Variable System LLDP MIB Object VLAN name Local lldpXdot1LocVlanName Remote lldpXdot1RemVlanName Table 22.
TLV Sub-Type TLV Name TLV Variable Location ID Data 4 Extended Power via MDI Power Device Type Power Source System LLDP-MED MIB Object Remote lldpXMedRemLocationSubt ype Local lldpXMedLocLocationInfo Remote lldpXMedRemLocationInfo Local lldpXMedLocXPoEDeviceTy pe Remote lldpXMedRemXPoEDeviceT ype Local lldpXMedLocXPoEPSEPow erSource lldpXMedLocXPoEPDPowe rSource Remote lldpXMedRemXPoEPSEPo werSource lldpXMedRemXPoEPDPow erSource Power Priority Local lldpXMedLocXPoEPDPowe rPriority
15 Object Tracking IPv4 or IPv6 object tracking is available on Dell Networking OS. Object tracking allows the Dell Networking OS client processes, such as virtual router redundancy protocol (VRRP), to monitor tracked objects (for example, interface or link status) and take appropriate action when the state of an object changes. NOTE: In Dell Networking OS release version 9.7(0.0), object tracking is supported only on VRRP.
Figure 28. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object. Optionally, you can also specify: • UP and DOWN thresholds used to report changes in a route metric. • A time delay before changes in a tracked object’s state are reported to a client. Track Layer 2 Interfaces You can create an object to track the line-protocol state of a Layer 2 interface.
Track IPv4 and IPv6 Routes You can create an object that tracks an IPv4 or IPv6 route entry in the routing table. Specify a tracked route by its IPv4 or IPv6 address and prefix-length. Optionally specify a tracked route by a virtual routing and forwarding (VRF) instance name if the route to be tracked is part of a VRF. The next-hop address is not part of the definition of the tracked object.
Tracking a Layer 2 Interface You can create an object that tracks the line-protocol state of a Layer 2 interface and monitors its operational status (UP or DOWN). You can track the status of any of the following Layer 2 interfaces: • 1 Gigabit Ethernet: Enter gigabitethernet slot/port in the track interface interface command (see Step 1). • 10 Gigabit Ethernet: Enter tengigabitethernet slot/port.
Tracking a Layer 3 Interface You can create an object that tracks the routing status of an IPv4 or IPv6 Layer 3 interface. You can track the routing status of any of the following Layer 3 interfaces: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a port channel interface, enter the keywords port-channel then a number. • For a VLAN interface, enter the keyword vlan then a number from 1 to 4094.
The following is an example of configuring object tracking for an IPv4 interface: Dell(conf)#track 101 interface tengigabitethernet 7/2 ip routing Dell(conf-track-101)#delay up 20 Dell(conf-track-101)#description NYC metro Dell(conf-track-101)#end Dell#show track 101 Track 101 Interface TenGigabitEthernet 7/2 ip routing Description: NYC metro The following is an example of configuring object tracking for an IPv6 interface: Examples of Configuring Object Tracking for an IPv4 or IPv6 Interface Dell(conf)#trac
The UP and DOWN thresholds are user-configurable for each tracked route. The default UP threshold is 254; the default DOWN threshold is 255. The notification of a change in the state of a tracked object is sent when a metric value crosses a configured threshold. The tracking process uses a protocol-specific resolution value to convert the actual metric in the routing table to a scaled metric in the range from 0 to 255.
Example of the show track brief Command Router# show track brief ResId State 1 Resource LastChange IP route reachability Parameter 10.16.0.
16 Port Monitoring The Aggregator supports user-configured port monitoring. See Configuring Port Monitoring for the configuration commands to use. Port monitoring copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG).
0 TenGig 1/1 Dell(conf)# TenGig 1/42 rx interface Port-based In the following example, the host and server are exchanging traffic which passes through the uplink interface 1/1. Port 1/1 is the monitored port and port 1/42 is the destination port, which is configured to only monitor traffic received on tengigabitethernet 1/1 (host-originated traffic). Figure 29.
Dell(conf-mon-sess-1)#mon ses 2 Dell(conf-mon-sess-2)#source tengig 0/1 destination tengig 0/33 direction both % Error: MD port is already being monitored. NOTE: There is no limit to the number of monitoring sessions per system, provided that there are only four destination ports per port-pipe. If each monitoring session has a unique destination port, the maximum number of session is four per port-pipe.
In the example below, 0/25 and 0/26 belong to Port-pipe 1. This port-pipe has the same restriction of only four destination ports, new or used.
17 Security The Aggregator provides many security features. This chapter describes several ways to provide access security to the Dell Networking system. For details about all the commands described in this chapter, see the Security chapter in the Dell PowerEdge Command Line Reference Guide for the M I/O Aggregator . Supported Modes Standalone, PMUX, VLT, Stacking NOTE: You can also perform some of the configurations using the Web GUI - Dell Blade IO Manager.
Accessing the I/O Aggregator Using the CMC Console Only This functionality is supported on the Aggregator. You can enable the option to access and administer an Aggregator only using the chassis management controller (CMC) interface, and prevent the usage of the CLI interface of the device to configure and monitor settings. You can configure the restrict-access session command to disable access of the Aggregator using a Telnet or SSH session; the device is accessible only using the CMC GUI.
Only the console port behaves this way, and does so to ensure that users are not locked out of the system if network-wide issue prevents access to these servers. 1 Define an authentication method-list (method-list-name) or specify the default. CONFIGURATION mode aaa authentication login {method-list-name | default} method1 [... method4] The default method-list is applied to all terminal lines.
Enabling AAA Authentication — RADIUS To enable authentication from the RADIUS server, and use TACACS as a backup, use the following commands. 1 Enable RADIUS and set up TACACS as backup. CONFIGURATION mode aaa authentication enable default radius tacacs 2 Establish a host address and password. CONFIGURATION mode radius-server host x.x.x.x key some-password 3 Establish a host address and password. CONFIGURATION mode tacacs-server host x.x.x.
The re-authentication is also applicable for authenticated 802.1x devices. When there is a change in the authetication servers, the supplicants connected to all the ports are forced to re-authenticate. 1 Enable the re-authentication mode. CONFIGURATION mode aaa reauthentication enable 2 You are prompted to force the users to re-authenticate while adding or removing a RADIUS/TACACS+ server.
By default, commands are assigned to different privilege levels. You can access those commands only if you have access to that privilege level. For example, to reach the protocol spanning-tree command, log in to the router, enter the enable command for privilege level 15 (this privilege level is the default level for the command) and then enter CONFIGURATION mode. You can configure passwords to control access to the box and assign different privilege levels to users.
• Configure a password for a privilege level. CONFIGURATION mode enable password [level level] [encryption-mode] password Configure the optional and required parameters: • level level: Specify a level from 0 to 15. Level 15 includes all levels. • encryption-type: Enter 0 for plain text or 7 for encrypted text. • password: Enter a string. To change only the password for the enable command, configure only the password parameter.
privilege mode {level level command | reset command} Configure the following required and optional parameters: • mode: enter a keyword for the modes (exec, configure, interface, line, route-map, or router) • level level: the range is from 0 to 15. Levels 0, 1, and 15 are pre-configured. Levels 2 to 14 are available for custom configuration. • command: an Dell CLI keyword (up to five keywords allowed). • reset: return the command to its default privilege mode.
terminal traceroute Dell#confi Dell(conf)#? end Set terminal line parameters Trace route to destination Exit from Configuration mode Specifying LINE Mode Password and Privilege You can specify a password authentication of all users on different terminal lines. The user’s privilege level is the same as the privilege level assigned to the terminal line, unless a more specific privilege level is assigned to the user. To specify a password for the terminal line, use the following commands.
• Access-Accept — the RADIUS server authenticates the user. • Access-Reject — the RADIUS server does not authenticate the user. If an error occurs in the transmission or reception of RADIUS packets, you can view the error by enabling the debug radius command. Transactions between the RADIUS server and the client are encrypted (the users’ passwords are not sent in plain text). RADIUS uses UDP as the transport protocol between the RADIUS server host and the client.
Auto-Command You can configure the system through the RADIUS server to automatically execute a command when you connect to a specific line. The auto-command command is executed when the user is authenticated and before the prompt appears to the user. • Automatically execute a command. auto-command Privilege Levels Through the RADIUS server, you can configure a privilege level for the user to enter into when they connect to a session. This value is configured on the client system. • Set a privilege level.
Typical order of methods: RADIUS, TACACS+, Local, None. If RADIUS denies authorization, the session ends (RADIUS must not be the last method specified). Applying the Method List to Terminal Lines To enable RADIUS AAA login authentication for a method list, apply it to a terminal line. To configure a terminal line for RADIUS authentication and authorization, use the following commands. • Enter LINE mode.
Setting Global Communication Parameters for all RADIUS Server Hosts You can configure global communication parameters (auth-port, key, retransmit, and timeout parameters) and specific host communication parameters on the same system. However, if you configure both global and specific host parameters, the specific host parameters override the global parameters for that RADIUS server host. To set global communication parameters for all RADIUS server hosts, use the following commands.
TACACS+ Dell EMC Networking OS supports terminal access controller access control system (TACACS+ client, including support for login authentication. Configuration Task List for TACACS+ The following list includes the configuration task for TACACS+ functions.
TACACS server key. The fallback would not occur if the authentication failure is due to invalid credentials. For example, if the TACACS+ server is reachable, but the server key is invalid, Dell EMC Networking OS proceeds to the next authentication method. In the following example, the TACACS+ is incorrect, but the user is still authenticated by the secondary method. First bold line: Server key purposely changed to incorrect value. Second bold line: User authenticated using the secondary method.
DellEMC(config-line-vty)#login authentication tacacsmethod DellEMC(config-line-vty)#end Specifying a TACACS+ Server Host To specify a TACACS+ server host and configure its communication parameters, use the following command. • Enter the host name or IP address of the TACACS+ server host.
• • SSH V2 is enabled by default on all the modes. Display SSH connection information. EXEC Privilege mode show ip ssh Specifying an SSH Version The following example uses the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh command to confirm the setting. DellEMC(conf)#ip ssh server version 2 DellEMC(conf)#do show ip ssh SSH server : enabled. SSH server version : v2. SSH server vrf : default.
Other SSH related command include: • crypto key generate : generate keys for the SSH server. • debug ip ssh : enables collecting SSH debug information. • ip scp topdir : identify a location for files used in secure copy transfer. • ip ssh authentication-retries : configure the maximum number of attempts that should be used to authenticate a user. • ip ssh connection-rate-limit : configure the maximum number of incoming SSH connections per minute.
RSA Vty Authentication : disabled. Encryption HMAC Remote IP Using RSA Authentication of SSH The following procedure authenticates an SSH client based on an RSA key using RSA authentication. This method uses SSH version 2. 1 On the SSH client (Unix machine), generate an RSA key, as shown in the following example. 2 Copy the public key id_rsa.pub to the Dell EMC Networking system. 3 Disable password authentication if enabled.
7 Bind shosts and rhosts to host-based authentication. CONFIGURATION mode ip ssh pub-key-file flash://filename or ip ssh rhostsfile flash://filename Examples of Creating shosts and rhosts The following example shows creating shosts. admin@Unix_client# cd /etc/ssh admin@Unix_client# ls moduli sshd_config ssh_host_dsa_key.pub ssh_host_key.pub ssh_host_rsa_key.pub ssh_config ssh_host_dsa_key ssh_host_key ssh_host_rsa_key admin@Unix_client# cat ssh_host_rsa_key.
Enable host-based authentication on the server (Dell EMC Networking system) and the client (Unix machine). The following message appears if you attempt to log in via SSH and host-based is disabled on the client. In this case, verify that host-based authentication is set to “Yes” in the file ssh_config (root permission is required to edit this file): permission denied (host based). If the IP address in the RSA key does not match the IP address from which you attempt to log in, the following message appears.
access class. After users identify themselves, retrieves the access class from the local database and applies it. ( then can close the connection if a user is denied access.) NOTE: If a VTY user logs in with RADIUS authentication, the privilege level is applied from the RADIUS server only if you configure RADIUS authentication. The following example shows how to allow or deny a Telnet connection to a user. Users see a login prompt even if they cannot log in. No access class is configured for the VTY line.
DellEMC(config-line-vty)#access-class sourcemac DellEMC(config-line-vty)#end Dell EMC Networking OS Security Hardening The security of a network consists of multiple factors. Apart from access to the device, best practices, and implementing various security features, security also lies with the integrity of the device. If the software itself is compromised, all of the aforementioned methods become ineffective.
After enabling and configuring OS image hash verification, the device verifies the hash checksum of the OS boot image during every reload. DellEMC# verified boot hash system-image A: 619A8C1B7A2BC9692A221E2151B9DA9E Image Verification for Subsequent OS Upgrades After enabling OS image hash verification, for subsequent Dell EMC Networking OS upgrades, you must enter the hash checksum of the new OS image file.
CONFIGURATION mode verified boot 2 Generate the hash checksum for your startup configuration file. EXEC Privilege generate hash {md5 | sha1 | sha256} {flash://filename | startup-config} 3 Verify the hash checksum of the current startup configuration on the local file system. EXEC Privilege verified boot hash startup—config hash-value NOTE: The verified boot hash command is only applicable for the startup configuration file in the local file system.
Enabling User Lockout for Failed Login Attempts You can configure the system to lock out local users for a specific period for unsuccessful login attempts. This feature enhances the security of the switch by locking out the local user account if there are more number of unsuccessful login attempts than what is configured using the max-retry parameter. To enable the user lock out feature, use the following commands: Enable the user lockout feature.
18 Simple Network Management Protocol (SNMP) Network management stations use SNMP to retrieve or alter management data from network elements. A datum of management information is called a managed object; the value of a managed object can be static or variable. Network elements store managed objects in a database called a management information base (MIB).
Implementation Information The Dell Networking OS supports SNMP version 1 as defined by RFC 1155, 1157, and 1212, SNMP version 2c as defined by RFC 1901. Configuring the Simple Network Management Protocol NOTE: The configurations in this chapter use a UNIX environment with net-snmp version 5.4. This is only one of many RFCcompliant SNMP utilities you can use to manage the Aggregator using SNMP. Also, these configurations use SNMP version 2c.
Dell#show running-config snmp ! snmp-server community mycommunity ro Dell# Setting Up User-Based Security (SNMPv3) When setting up SNMPv3, you can set users up with one of the following three types of configuration for SNMP read/write operations. Users are typically associated to an SNMP group with permissions provided, such as OID view. • noauth — no password or privacy. Select this option to set up a user with no password or privacy privileges. This setting is the basic configuration.
CONFIGURATION mode snmp-server view view-name oid-tree {included | excluded} Select a User-based Security Type Dell(conf)#snmp-server host 1.1.1.1 traps {oid tree} version 3 ? auth Use the SNMPv3 authNoPriv Security Level noauth Use the SNMPv3 noAuthNoPriv Security Level priv Use the SNMPv3 authPriv Security Level Dell(conf)#snmp-server host 1.1.1.
snmp coldstart snmp linkdown snmp linkup SNMP_COLD_START: Agent Initialized - SNMP COLD_START. SNMP_WARM_START:Agent Initialized - SNMP WARM_START. PORT_LINKDN:changed interface state to down:%d PORT_LINKUP:changed interface state to up:%d Enabling a Subset of SNMP Traps You can enable a subset of Dell Networking enterprise-specific SNMP traps using one of the following listed command options. To enable a subset of Dell Networking enterprise-specific SNMP traps, use the following command.
Enable VLT traps. vrrp Enable VRRP state change traps xstp %SPANMGR-5-STP_NEW_ROOT: New Spanning Tree Root, Bridge ID Priority 32768, Address 0001.e801.fc35. %SPANMGR-5-STP_TOPOLOGY_CHANGE: Bridge port TenGigabitEthernet 1/8 transitioned from Forwarding to Blocking state. %SPANMGR-5-MSTP_NEW_ROOT_BRIDGE: Elected root bridge for instance 0. %SPANMGR-5-MSTP_NEW_ROOT_PORT: MSTP root changed to port Te 1/8 for instance 0. My Bridge ID: 40960:0001.e801.fc35 Old Root: 40960:0001.e801.fc35 New Root: 32768:00d0.
snmpwalk -v version -c community agent-ip {identifier.instance | descriptor.instance} In the following example, the value “4” displays in the OID before the IP address for IPv4. For an IPv6 IP address, a value of “16” displays. Example of Reading the Value of a Managed Object > snmpget -v 2c -c mycommunity 10.11.131.161 sysUpTime.0 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (32852616) 3 days, 19:15:26.16 > snmpget -v 2c -c mycommunity 10.11.131.161 .1.3.6.1.2.1.1.3.
The table that the Dell Networking system sends in response to the snmpget request is a table that contains hexadecimal (hex) pairs, each pair representing a group of eight ports. • Seven hex pairs represent a stack unit. Seven pairs accommodate the greatest number of ports available on an Aggregator, 56 ports. The last stack unit is assigned eight pairs, the eight pair is unused. The first hex pair, 00 in the previous example, represents ports 1 to 7 in Stack Unit 0.
Table 24. MIB Objects for Fetching Dynamic MAC Entries in the Forwarding Database MIB Object OID MIB Description dot1dTpFdbTable .1.3.6.1.2.1.17.4.3 Q-BRIDGE MIB List the learned unicast MAC addresses on the default VLAN. dot1qTpFdbTable .1.3.6.1.2.1.17.7.1.2. 2 Q-BRIDGE MIB List the learned unicast MAC addresses on non-default VLANs. dot3aCurAggFdb Table .1.3.6.1.4.1.6027.3.2. 1.1.5 F10-LINK-AGGREGATION -MIB List the learned MAC addresses of aggregated links (LAG).
SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.2.1000.0.1.232.6.149.172.1 = Hex-STRING: 00 01 E8 06 95 AC SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.3.1000.0.1.232.6.149.172.1 = INTEGER: 1 SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.4.1000.0.1.232.6.149.172.1 = INTEGER: 1 Deriving Interface Indices The Dell Networking OS assigns an interface number to each (configured or unconfigured) physical and logical interface.
Viewing the Reason for Last System Reboot Using SNMP • To view the reason for last system reboot using SNMP, you can use any one of the applicable SNMP commands: The following example shows a sample output of the snmpwalk command to view the last reset reason. [DellEMC ~]$ snmpwalk -c public -v 2c 10.16.133.172 1.3.6.1.4.1.6027.3.26.1.4.3.1.7 DELL-NETWORKING-CHASSIS-MIB::dellNetProcessorResetReason.stack.1.1 = STRING: Reboot by Software DELL-NETWORKING-CHASSIS-MIB::dellNetProcessorResetReason.stack.2.
2 • snmp-server community public ro • snmp-server community public ro • snmp-server community vrf1 ro • snmp-server community vrf2 ro • snmp-server context context1 • snmp-server context context2 • snmp mib community-map vrf1 context context1 • snmp mib community-map vrf1 context context2 Configure snmp context under the VRF instances. • sho run bgp • router bgp 100 • address-family ipv4 vrf vrf1 • snmp context context1 • neighbor 20.1.1.1 remote-as 200 • neighbor 20.1.1.
• • • • • • address-family ipv4 vrf vrf2 snmp context context2 timers bgp 30 90 neighbor 30.1.1.1 remote-as 200 neighbor 30.1.1.1 no shutdown exit-address-family Example of SNMP Walk Output for BGP timer configured for vrf1 (SNMPv2c) snmpwalk -v 2c -c vrf1 10.16.131.125 1.3.6.1.4.1.6027.20.1.2.3 SNMPv2-SMI::enterprises.6027.20.1.2.3.1.1.1.0.1.20.1.1.2.1.20.1.1.1 SNMPv2-SMI::enterprises.6027.20.1.2.3.1.1.2.0.1.20.1.1.2.1.20.1.1.1 SNMPv2-SMI::enterprises.6027.20.1.2.3.2.1.1.0.1.20.1.1.2.1.20.1.1.
SNMPv2-SMI::enterprises.6027.3.2.1.1.6.1.3.1107755009.1 = INTEGER: 2 (Tagged 1 or Untagged 2) dot3aCommonAggFdbStatus SNMPv2-SMI::enterprises.6027.3.2.1.1.6.1.4.1107755009.1 = INTEGER: 1 << Status active, 2 – status inactive If you learn the MAC address for the LAG, the LAG status also displays. dot3aCurAggVlanId SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.1.1.0.0.0.0.0.1.1 dot3aCurAggMacAddr SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.2.1.0.0.0.0.0.1.1 dot3aCurAggIndex SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.3.
1 1 QSFP+ QSFP+ AUTO Good/On * - Mismatch Dell# The status of the MIBS is as follows: $ snmpwalk -c public -v 2c 10.16.130.148 1.3.6.1.2.1.47.1.1.1.1.2 SNMPv2-SMI::mib-2.47.1.1.1.1.2.1 = "" SNMPv2-SMI::mib-2.47.1.1.1.1.2.2 = STRING: "PowerConnect I/O-Aggregator" SNMPv2-SMI::mib-2.47.1.1.1.1.2.3 = STRING: "Module 0" SNMPv2-SMI::mib-2.47.1.1.1.1.2.4 = STRING: "Unit: 0 Port 1 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.5 = STRING: "Unit: 0 Port 2 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.
SNMPv2-SMI::mib-2.47.1.1.1.1.2.84 = STRING: "Unit: 1 Port 17 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.85 = STRING: "Unit: 1 Port 18 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.86 = STRING: "Unit: 1 Port 19 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.87 = STRING: "Unit: 1 Port 20 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.88 = STRING: "Unit: 1 Port 21 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.89 = STRING: "Unit: 1 Port 22 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.
• If a port is configured in a VLAN, the respective bit for that port will be set to 1 in the specific VLAN. • In the aggregator, all the server ports and uplink LAG 128 will be in switchport. Hence, the respective bits are set to 1. The following output is for the default VLAN. Example of dot1qVlanCurrentUntaggedPorts output snmpwalk -Os -c public -v 1 10.16.151.151 1.3.6.1.2.1.17.7.1.4.2.1.5 mib-2.17.7.1.4.2.1.5.0.
• To view the available flash memory using SNMP, use the following command. snmpget -v2c -c public 192.168.60.120 .1.3.6.1.4.1.6027.3.10.1.2.9.1.6.1 enterprises.6027.3.10.1.2.9.1.5.1 = Gauge32: 24 The output above displays that 24% of the flash memory is used. MIB Support to Display the Software Core Files Generated by the System Dell Networking provides MIB objects to display the software core files generated by the system.
enterprises.6027.3.10.1.2.10.1.3.2.1 enterprises.6027.3.10.1.2.10.1.4.1.1 enterprises.6027.3.10.1.2.10.1.4.1.2 enterprises.6027.3.10.1.2.10.1.4.1.3 enterprises.6027.3.10.1.2.10.1.4.2.1 enterprises.6027.3.10.1.2.10.1.5.1.1 enterprises.6027.3.10.1.2.10.1.5.1.2 enterprises.6027.3.10.1.2.10.1.5.1.3 enterprises.6027.3.10.1.2.10.1.5.2.
• .1.3.6.1.4.1.6027.3.26.1.4.8.1.6.3 = STRING: "/f10/ConfD/db" .1.3.6.1.4.1.6027.3.26.1.4.8.1.6.4 = STRING: "/f10/flash" If Smart Script is installed on the system, the log also shows the phone home partition. snmpwalk -v 2c -c public -On 10.16.151.161 1.3.6.1.4.1.6027.3.26.1.4.8 .1.3.6.1.4.1.6027.3.26.1.4.8.1.2.1 = STRING: "/dev/ld0g" .1.3.6.1.4.1.6027.3.26.1.4.8.1.2.2 = STRING: "mfs:332" .1.3.6.1.4.1.6027.3.26.1.4.8.1.2.3 = STRING: "mfs:398" .1.3.6.1.4.1.6027.3.26.1.4.8.1.2.4 = STRING: "/dev/ld0h" .1.3.
MIB Object OID Description dellNetInetCidrECMPGrpAvl 1.3.6.1.4.1.6027.3.9.1.8 Available CAM for ECMP group. Viewing the ECMP Group Count Information • To view the ECMP group count information generated by the system, use the following command. snmpwalk -c public -v 2c 10.16.151.191 1.3.6.1.4.1.6027.3.9 SNMPv2-SMI::enterprises.6027.3.9.1.1.1.2.1.1 = Counter64: 79 SNMPv2-SMI::enterprises.6027.3.9.1.1.1.2.1.2 = Counter64: 1 SNMPv2-SMI::enterprises.6027.3.9.1.3.0 = Gauge32: 18 SNMPv2-SMI::enterprises.
SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.70.70.70.1.32.1.4.127.0.0.1.1.4.127.0.0.1 = "" SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.70.70.70.2.32.1.4.70.70.70.2.1.4.70.70.70.2 = Hex-STRING: 00 00 F4 FD 2C EF SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.80.80.80.0.24.1.4.10.1.1.1.1.4.10.1.1.1 = HexSTRING: 4C 76 25 F4 AB 02 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.80.80.80.0.24.1.4.20.1.1.1.1.4.20.1.1.1 = HexSTRING: 4C 76 25 F4 AB 02 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.80.80.80.0.
SNMPv2-SMI::enterprises.6027.3.9.1.5.1.11.1.1.4.30.1.1.1.32.1.4.30.1.1.1.1.4.30.1.1.1 = Gauge32: 0 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.11.1.1.4.30.1.1.2.32.1.4.127.0.0.1.1.4.127.0.0.1 = Gauge32: 0 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.11.1.1.4.70.70.70.0.24.0.0.0.0 = Gauge32: 0 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.11.1.1.4.70.70.70.1.32.1.4.127.0.0.1.1.4.127.0.0.1 = Gauge32: 0 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.11.1.1.4.70.70.70.2.32.1.4.70.70.70.2.1.4.70.70.70.
snmpwalk -v 2c -c public -On 10.16.150.97 1.3.6.1.2.1.47.1.3.2.1 .1.3.6.1.2.1.47.1.3.2.1.2.5.0 = OID: .1.3.6.1.2.1.2.2.1.1.2097157 .1.3.6.1.2.1.47.1.3.2.1.2.9.0 = OID: .1.3.6.1.2.1.2.2.1.1.2097669 .1.3.6.1.2.1.47.1.3.2.1.2.13.0 = OID: .1.3.6.1.2.1.2.2.1.1.2098181 .1.3.6.1.2.1.47.1.3.2.1.2.17.0 = OID: .1.3.6.1.2.1.2.2.1.1.2098693 .1.3.6.1.2.1.47.1.3.2.1.2.21.0 = OID: .1.3.6.1.2.1.2.2.1.1.2099205 .1.3.6.1.2.1.47.1.3.2.1.2.25.0 = OID: .1.3.6.1.2.1.2.2.1.1.2099717 .1.3.6.1.2.1.47.1.3.2.1.2.29.0 = OID: .1.3.6.1.
MIB Object OID Description dot3adAggPartnerSystemPriority 1.2.840.10006.300.43.1.1.1.1.8 Contains a two octet read–only value that indicates the priority value associated with the Partner’s system ID. dot3adAggPartnerOperKey 1.2.840.10006.300.43.1.1.1.1.9 Contains the current operational value of the key for the Aggregator’s current protocol partner. dot3adAggCollectorMaxDelay 1.2.840.10006.300.43.1.1.1.1.
MIB Support to Display Unrecognized LLDP TLVs This section provides information about MIB objects that display unrecognized LLDP TLV information about reserved and organizational specific unrecognized LLDP TLVs. MIB Support to Display Reserved Unrecognized LLDP TLVs The lldpRemUnknownTLVTable contains the information about an incoming reserved unrecognized LLDP TLVs that is not recognized by the local neighbor. The following table lists the related MIB objects: Table 34.
MIB Support to Display Organizational Specific Unrecognized LLDP TLVs The lldpRemOrgDefInfoTable contains organizationally defined information that is not recognized by the local neighbor. The following table lists the related MIB objects: Table 35. MIB Objects for Displaying Organizational Specific Unrecognized LLDP TLVs MIB Object OID Description lldpRemOrgDefInfoTable 1.0.8802.1.1.2.1.4.4 This table contains organizationally defined information that is not recognized by the local neighbor.
Transceiver Monitoring To retrieve and display the transceiver related parameters you can perform a snmpwalk transceiver table OID to retrieve transceiver details as per the MIB. This enables transceiver monitoring and identification of potential issues related to the transceivers on a switch. • Ensure that SNMP is enabled on the device before running a query to retrieve the transceiver information.
Field (OID) Description SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.16 Temperature SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.17 Volltage SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.18 Transmit Bias Current Lane1 SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.19 Transmit Bias Current Lane2 SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.20 Transmit Bias Current Lane3 SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.
19 Stacking An Aggregator auto-configures to operate in standalone mode. To use an Aggregator in a stack, you must manually configure it using the CLI to operate in stacking mode. In automated Stack mode, the base module 40GbE ports (33 and 37) operate as stack links and it is fixed. In Programmable MUX (PMUX) mode, you can select either the base or optional modules (ports 33 — 56). An Aggregator supports a maximum of six stacking units.
Figure 30. A Two-Aggregator Stack Stack Management Roles The stack elects the management units for the stack management. • Stack master — primary management unit • Standby — secondary management unit The master holds the control plane and the other units maintain a local copy of the forwarding databases.
• Inter-switch stacking link failure • Switch insertion • Switch removal If the master switch goes off line, the standby replaces it as the new master. NOTE: For the Aggregator, the entire stack has only one management IP address. Stack Master Election The stack elects a master and standby unit at bootup time based on MAC address. The unit with the higher MAC value becomes master. To view which switch is the stack master, enter the show system command.
MAC Addressing All port interfaces in the stack use the MAC address of the management interface on the master switch. The MAC address of the chassis in which the master Aggregator is installed is used as the stack MAC address. The stack continues to use the master’s chassis MAC address even after a failover. The MAC address is not refreshed until the stack is reloaded and a different unit becomes the stack master.
Stacking Port Numbers By default, each Aggregator in Standalone mode is numbered stack-unit 0. Stack-unit numbers are assigned to member switches when the stack comes up. The following example shows the numbers of the 40GbE stacking ports on an Aggregator. Figure 31. Stack Groups on an Aggregator Stacking in PMUX Mode PMUX stacking allows the stacking of two or more IOA units. This allows grouping of multiple units for high availability. IOA supports a maximum of six stacking units.
NOTE: Prior to configuring the stack-group, ensure the stacking ports are connected and in 40G native mode. 1 Configure stack groups on all stack units. Dell# Dell#configure Dell(conf)#stack-unit 0 stack-group 0 Dell(conf)#00:37:46: %STKUNIT0-M:CP %IFMGR-6-STACK_PORTS_ADDED: Ports Fo 0/33 have been configured as stacking ports.
Master Selection Criteria A Master is elected or re-elected based on the following considerations, in order: 1 The switch with the highest priority at boot time. 2 The switch with the highest MAC address at boot time. 3 A unit is selected as Standby by the administrator, and a fail over action is manually initiated or occurs due to a Master unit failure. No record of previous stack mastership is kept when a stack loses power.
Cabling Stacked Switches Before you configure MXL switches in a stack, connect the 40G direct attach or QSFP cables and transceivers to connect 40GbE ports on two Aggregators in the same or different chassis. Cabling Restrictions The following restrictions apply when setting up a stack of Aggregators: • Only daisy-chain or ring topologies are supported; star and full mesh topologies are not supported. • Stacking is supported only on 40GbE links by connecting 40GbE ports on the base module.
Configuring and Bringing Up a Stack After you attach the 40G QSFP or direct attach cables in a stack of Aggregators, to bring up the stack, follow these steps. NOTE: The procedure uses command examples for the stacking topology shown previously in this chapter. 1 Set up a connection to the CLI on an Aggregator as described in Accessing the CLI. 2 Log on to the CLI and enter Global Configuration mode.
stack-unit 0 iom-mode stack 5 Reload the switch. Dell Operating System automatically assigns a number to the new unit and adds it as member switch in the stack. The new unit synchronizes its running and startup configurations with the stack. EXEC Privilege mode reload If an Aggregator is already configured to operate in stacking mode, simply attach QSFP or direct attach cables to connect 40GbE ports on the base module of each stacked Aggregator.
EXEC PRIVILEGE When the reload completes, the base-module ports comes up in 4x10GbE (quad) mode. The switch functions in standalone mode but retains the running and startup configuration that was last synchronized by the master switch while it operated as a stack unit. Configuring the Uplink Speed of Interfaces as 40 Gigabit Ethernet You can configure the I/O Aggregator switch in standalone, VLT, and stack modes to operate with an uplink speed of 40 Gigabit Ethernet per second.
stack-unit unit-number iom-mode [stack | standalone | vlt] 40G You can use the show system stack-unit unit-number iom-uplink-speed command to view the uplink speed of the LAG bundles configured on the Flex IO modules installed on the Aggregator.
• show system stack-unit unit-number stack-group Displays the type of stack topology (ring or daisy chain) with a list of all stacked ports, port status, link speed, and peer stack-unit connection.
Example of the show system stack-unit stack-group configured Command Dell# show system stack-unit 1 stack-group configured Configured stack groups in stack-unit 1 --------------------------------------0 1 4 5 Example of the show system stack-unit stack-group Command Dell#show system stack-unit 1 stack-group Stack group Ports -----------------------------0 0/33 1 0/37 2 0/41 3 0/45 4 0/49 5 0/53 Dell# Example of the show system stack-ports (ring) Command Dell# show system stack-ports Topology: Ring Interface
Example of the show system stack-ports Command Dell# show system stack-ports Topology: Ring Interface Connection Link Speed (Gb/s) 0/33 1/33 40 0/37 1/37 40 1/33 0/33 40 1/37 0/37 40 Admin Status up up up up Link Trunk Status Group up up up up Example of the show redundancy Command Dell#show redundancy -- Stack-unit Status --------------------------------------------------------Mgmt ID: 0 Stack-unit ID: 0 Stack-unit Redundancy Role: Primary Active (Indicates Master Unit.
438 packets, 270449 bytes, 0 underruns 0 64-byte pkts, 57 over 64-byte pkts, 181 over 127-byte pkts 54 over 255-byte pkts, 0 over 511-byte pkts, 146 over 1023-byte pkts 72 Multicasts, 0 Broadcasts, 221 Unicasts 0 throttles, 0 discarded, 0 collisions, 0 wredDrops Rate info (interval 45 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.
The following is an example of the stack-link flapping error message. --------------------------------------MANAGMENT UNIT----------------------------------------Error: Stack Port 49 has flapped 5 times within 10 seconds.Shutting down this stack port now. Error: Please check the stack cable/module and power-cycle the stack. 10:55:20: %STKUNIT1-M:CP %KERN-2-INT: Error: Stack Port 50 has flapped 5 times within 10 seconds.Shutting down this stack port now.
• Resolution: From the master switch, reload the stack by entering thereload command in EXEC Privilege mode. When the stack comes up, the card problem will be resolved. Upgrading a Switch Stack To upgrade all switches in a stack with the same Dell Networking OS version, follow these steps. 1 Copy the new Dell Networking OS image to a network server.
Dell# reload Proceed with reload [confirm yes/no]: yes Upgrading a Single Stack Unit Upgrading a single stacked switch is necessary when the unit was disabled due to an incorrect Dell Networking OS version. This procedure upgrades the image in the boot partition of the member unit from the corresponding partition in the master unit.
20 Storm Control The storm control feature allows you to control unknown-unicast, muticast, and broadcast control traffic on Layer 2 and Layer 3 physical interfaces. Dell Networking OS Behavior: The Dell Networking OS supports broadcast control (the storm-control broadcast command) for Layer 2 and Layer 3 traffic. The minimum number of packets per second (PPS) that storm control can limit is two.
• Configure the packets per second (pps) of multicast traffic allowed on C-Series and S-Series networks only. CONFIGURATION mode storm-control multicast packets_per_second in • Configure the packets per second of unknown-unicast traffic allowed in or out of the network. CONFIGURATION mode storm-control unknown-unicast [packets_per_second in] Configuring Storm Control from INTERFACE Mode To configure storm control, use the following command.
21 Broadcast Storm Control On the Aggregator, the broadcast storm control feature is enabled by default on all ports, and disabled on a port when an iSCSI storage device is detected. Broadcast storm control is re-enabled as soon as the connection with an iSCSI device ends. Broadcast traffic on Layer 2 interfaces is limited or suppressed during a broadcast storm. You can view the status of a broadcast-storm control operation by using the show io-aggregator broadcast storm-control status command.
22 SupportAssist SupportAssist sends troubleshooting data securely to Dell. SupportAssist in this Dell EMC Networking OS release does not support automated email notification at the time of hardware fault alert, automatic case creation, automatic part dispatch, or reports. SupportAssist requires Dell EMC Networking OS 9.9(0.0) and SmartScripts 9.7 or later to be installed on the Dell EMC Networking device. For more information on SmartScripts, see Dell EMC Networking Open Automation guide. Figure 32.
Configuring SupportAssist Using a Configuration Wizard You are guided through a series of queries to configure SupportAssist. The generated commands are added to the running configuration, including the DNS resolve commands, if configured. This command starts the configuration wizard for the SupportAssist. At any time, you can exit by entering Ctrl-C. If necessary, you can skip some data entry. Enable the SupportAssist service.
making such transfers, Dell shall ensure appropriate protection is in place to safeguard the Collected Data being transferred in connection with SupportAssist. If you are downloading SupportAssist on behalf of a company or other legal entity, you are further certifying to Dell that you have appropriate authority to provide this consent on behalf of that entity.
support-assist activity {full-transfer | core-transfer} start now DellEMC#support-assist activity full-transfer start now DellEMC#support-assist activity core-transfer start now Configuring SupportAssist Activity SupportAssist Activity mode allows you to configure and view the action-manifest file for a specific activity. To configure SupportAssist activity, use the following commands. 1 Move to the SupportAssist Activity mode for an activity.
action-manifest remove DellEMC(conf-supportassist-act-full-transfer)#action-manifest remove custom_file1.json DellEMC(conf-supportassist-act-full-transfer)# DellEMC(conf-supportassist-act-event-transfer)#action-manifest remove custom_event_file1.json DellEMC(conf-supportassist-act-event-transfer)# 6 Enable a specific SupportAssist activity. By default, the full transfer includes the core files. When you disable the core transfer activity, the full transfer excludes the core files.
Configuring SupportAssist Person SupportAssist Person mode allows you to configure name, email addresses, phone, method and time zone for contacting the person. SupportAssist Person configurations are optional for the SupportAssist service. To configure SupportAssist person, use the following commands. 1 Configure the contact name for an individual.
[no] server server-name DellEMC(conf-supportassist)#server default DellEMC(conf-supportassist-serv-default)# 2 Configure a proxy for reaching the SupportAssist remote server. SUPPORTASSIST SERVER mode [no] proxy-ip-address {ipv4-address | ipv6-address}port port-number [ username userid password [encryption-type] password ] DellEMC(conf-supportassist-serv-default)#proxy-ip-address 10.0.0.
show running-config support-assist DellEMC# show running-config support-assist ! support-assist enable all ! activity event-transfer enable action-manifest install default ! activity core-transfer enable ! contact-company name Dell street-address F lane , Sector 30 address city Brussels state HeadState country Belgium postalcode S328J3 ! contact-person first Fred last Nash email-address primary des@sed.com alternate sed@dol.
23 System Time and Date The Aggregator auto-configures the hardware and software clocks with the current time and date. If necessary, you can manually set and maintain the system time and date using the CLI commands described in this chapter.
Setting the Timezone Universal time coordinated (UTC) is the time standard based on the International Atomic Time standard, commonly known as Greenwich Mean time. When determining system time, you must include the differentiator between the UTC and your local timezone. For example, San Jose, CA is the Pacific Timezone with a UTC offset of -8. To set the clock timezone, use the following command. • Set the clock to the appropriate timezone.
• offset: (OPTIONAL) enter the number of minutes to add during the summer-time period. The range is from 1 to 1440. The default is 60 minutes. Example of the clock summer-time Command Dell(conf)#clock summer-time pacific date Mar 14 2012 00:00 Nov 7 2012 00:00 Dell(conf)# Setting Recurring Daylight Saving Time Set a date (and time zone) on which to convert the switch to daylight saving time on a specific day every year.
Example of Clock Summer-Time Recurring Parameters Dell(conf)#clock summer-time pacific recurring ? <1-4> Week number to start first Week number to start last Week number to start Dell(conf)#clock summer-time pacific recurring Dell(conf)# Configuring the Offset-Threshold for NTP Audit Log You can configure the system to send an audit log message to a syslog server if the time difference from the NTP server is greater than a threshold value (offset-threshold). However, time synchronization still occurs.
24 Uplink Failure Detection (UFD) Supported Modes Standalone, PMUX, VLT, Stacking Topics: • Feature Description • How Uplink Failure Detection Works • UFD and NIC Teaming • Important Points to Remember • Uplink Failure Detection (SMUX mode) • Configuring Uplink Failure Detection (PMUX mode) • Clearing a UFD-Disabled Interface (in PMUX mode) • Displaying Uplink Failure Detection • Sample Configuration: Uplink Failure Detection Feature Description UFD provides detection of the loss of upstr
Figure 33. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group. An interface in an uplink-state group can be a physical interface or a port-channel (LAG) aggregation of physical interfaces. An enabled uplink-state group tracks the state of all assigned upstream interfaces.
Figure 34. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a Link-Down state. You can configure this number and is calculated by the ratio of the upstream port bandwidth to the downstream port bandwidth in the same uplink-state group.
For example, as shown previously, the switch/ router with UFD detects the uplink failure and automatically disables the associated downstream link port to the server. To continue to transmit traffic upstream, the server with NIC teaming detects the disabled link and automatically switches over to the backup link in order to continue to transmit traffic upstream. Important Points to Remember When you configure UFD, the following conditions apply. • • • You can configure up to 16 uplink-state groups.
3 Change the default timer. UPLINK-STATE-GROUP mode defer-timer seconds Dell(conf)#uplink-state-group 1 Dell(conf-uplink-state-group-1)#defer-timer 20 Dell(conf-uplink-state-group-1)#show config ! uplink-state-group 1 downstream TenGigabitEthernet 0/1-32 upstream Port-channel 128 defer-timer 20 Configuring Uplink Failure Detection (PMUX mode) To configure UFD, use the following commands. 1 Create an uplink-state group and enable the tracking of upstream links on the switch/router.
UPLINK-STATE-GROUP mode downstream auto-recover The default is auto-recovery of UFD-disabled downstream ports is enabled. To disable auto-recovery, use the no downstream auto-recover command. 5 Specify the time (in seconds) to wait for the upstream port channel (LAG 128) to come back up before server ports are brought down. UPLINK-STATE-GROUP mode defer-timer seconds NOTE: This command is available in Standalone and VLT modes only. The range is from 1 to 120.
Example of Syslog Messages Before and After Entering the clear ufd-disable uplink-state-group Command (S50) The following example message shows the Syslog messages that display when you clear the UFD-Disabled state from all disabled downstream interfaces in an uplink-state group by using the clear ufd-disable uplink-state-group group-id command. All downstream interfaces return to an operationally up state.
(For UPLINK-STATE-GROUP mode) show configuration • group-id: The values are from 1 to 16.
0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 throttles, 0 discarded, 0 collisions Rate info (interval 299 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.
Dell#show uplink-state-group 3 Uplink State Group: 3 Status: Enabled, Up Dell#show uplink-state-group detail (Up): Interface up (Dwn): Interface down (Dis): Interface disabled Uplink State Group : 3 Status: Enabled, Up Upstream Interfaces : Te 0/3(Up) Te 0/4(Up) Downstream Interfaces : Te 0/1(Up) Te 0/2(Up) Te 0/5(Up) Te 0/9(Up) Te 0/11(Up) Te 0/12(Up) < After a single uplink port fails > Dell#show uplink-state-group detail (Up): Interface up (Dwn): Interface down (Dis): Interface disabled Uplink State Grou
25 PMUX Mode of the IO Aggregator This chapter provides an overview of the PMUX mode. I/O Aggregator (IOA) Programmable MUX (PMUX) Mode IOA PMUX is a mode that provides flexibility of operation with added configurability. This involves creating multiple LAGs, configuring VLANs on uplinks and the server side, configuring data center bridging (DCB) parameters, and so forth. By default, IOA starts up in IOA Standalone mode.
Configuring the Commands without a Separate User Account Starting with Dell Networking OS version 9.3(0.0), you can configure the PMUX mode CLI commands without having to configure a new, separate user profile. The user profile you defined to access and log in to the switch is sufficient to configure the PMUX mode commands. The IOA PMUX Mode CLI Commands section lists the PMUX mode CLI commands that you can now configure without a separate user account.
• Provides fast convergence if either the link or a device fails. • Optimized forwarding with virtual router redundancy protocol (VRRP). • Provides link-level resiliency. • Assures high availability. CAUTION: Dell Networking does not recommend enabling Stacking and VLT simultaneously. If you enable both features at the same time, unexpected behavior occurs.
2 Verify the VLT configurations.
Version Local System MAC address Remote System MAC address Remote system version Delay-Restore timer Delay-Restore Abort Threshold Peer-Routing Peer-Routing-Timeout timer Multicast peer-routing timeout Dell# 5 : : : : : 6(3) 00:01:e8:8a:e9:91 00:01:e8:8a:e9:76 6(3) 90 seconds : 60 seconds : Disabled : 0 seconds : 150 seconds Configure the secondary VLT. NOTE: Repeat steps from 1 through 4 on the secondary VLT, ensuring you use the different backup destination and unitid.
* 1 Active 10 Active 11 Active 12 Active 13 Active 14 Active 15 Active 20 Active Dell U T T T T T T T T T T T T U U Te 0/33 Po128(Te Te 0/1 Po128(Te Te 0/1 Po128(Te Te 0/1 Po128(Te Te 0/1 Po128(Te Te 0/1 Po128(Te Te 0/1 Po128(Te Te 0/1 0/41-42) 0/41-42) 0/41-42) 0/41-42) 0/41-42) 0/41-42) 0/41-42) You can remove the inactive VLANs that have no member ports using the following command: Dell#configure Dell(conf)#no interface vlan ->vlan-id - Inactive VLAN with no member ports You can remove th
• VLT Proxy Gateway enables one VLT domain to act as the default gateway for its peer VLT domain in an eVLT topology. Configure Virtual Link Trunking VLT requires that you enable the feature and then configure the same VLT domain, backup link, and VLT interconnect on both peer switches. Important Points to Remember • VLT port channel interfaces must be switch ports. • Dell Networking strongly recommends that the VLTi (VLT interconnect) be a static LAG and that you disable LACP on the VLTi.
• MAC addresses for VLANs configured across VLT peer chassis are synchronized over the VLT interconnect on an egress port such as a VLT LAG. MAC addresses are the same on both VLT peer nodes. • ARP entries configured across the VLTi are the same on both VLT peer nodes.
• Software features supported on VLT physical ports • • Software features not supported with VLT • • • In a VLT domain, the following software features are supported on VLT physical ports: 802.1p, LLDP, flow control, port monitoring, and jumbo frames. In a VLT domain, the following software features are supported on non-VLT ports: 802.1x, , DHCP snooping, FRRP, IPv6 dynamic routing.
VLT and Stacking You cannot enable stacking with VLT. If you enable stacking on a unit on which you want to enable VLT, you must first remove the unit from the existing stack. After you remove the unit, you can configure VLT on the unit. VLT and IGMP Snooping When configuring IGMP Snooping with VLT, ensure the configurations on both sides of the VLT trunk are identical to get the same behavior on both sides of the trunk.
Additionally, ARP entries resulting from station movements from VLT to non-VLT ports or to different non-VLT ports are learned on the non-VLT port and synced with the peer node. The peer node is updated to use the new non-VLT port. NOTE: ARP entries learned on non-VLT, non-spanned VLANs are not synced with VLT peers. Verifying a VLT Configuration To monitor the operation or verify the configuration of a VLT domain, use any of the following show commands on the primary and secondary VLT switches.
Peer HeartBeat status: HeartBeat Timer Interval: HeartBeat Timeout: UDP Port: HeartBeat Messages Sent: HeartBeat Messages Received: Up 1 3 34998 1026 1025 Dell_VLTpeer2# show vlt backup-link VLT Backup Link ----------------Destination: Peer HeartBeat status: HeartBeat Timer Interval: HeartBeat Timeout: UDP Port: HeartBeat Messages Sent: HeartBeat Messages Received: 10.11.200.
System MAC address: System Role Priority: Local System MAC address: Local System Role Priority: 00:01:e8:8a:df:bc 32768 00:01:e8:8a:df:bc 32768 Dell_VLTpeer2# show vlt role VLT Role ---------VLT Role: System MAC address: System Role Priority: Local System MAC address: Local System Role Priority: Secondary 00:01:e8:8a:df:bc 32768 00:01:e8:8a:df:e6 32768 Example of the show running-config vlt Command Dell_VLTpeer1# show running-config vlt ! vlt domain 30 peer-link port-channel 60 back-up destination 10.
Configure the backup link. Configure the VLT interconnect (VLTi). Configure the port channel to an attached device. Verify that the port channels used in the VLT domain are assigned to the same VLAN. Configuring Virtual Link Trunking (VLT Peer 2) Enable VLT and create a VLT domain with a backup-link VLT interconnect (VLTi). Dell_VLTpeer2(conf)#vlt domain 999 Dell_VLTpeer2(conf-vlt-domain)#peer-link port-channel 100 Dell_VLTpeer2(conf-vlt-domain)#back-up destination 10.11.206.
Description Behavior at Peer Up Behavior During Run Time Action to Take commands to view the VLT port channel status information. System MAC mismatch A syslog error message and an SNMP trap are generated. A syslog error message and an SNMP trap are generated. Verify that the unit ID of VLT peers is not the same on both units and that the MAC address is the same on both units. Unit ID mismatch The VLT peer does not boot up. The VLTi is forced to a down state. The VLT peer does not boot up.
26 FC Flex IO Modules This part provides a generic, broad-level description of the operations, capabilities, and configuration commands of the Fiber Channel (FC) Flex IO module. Topics: • FC Flex IO Modules • Understanding and Working of the FC Flex IO Modules • Fibre Channel over Ethernet for FC Flex IO Modules FC Flex IO Modules This part provides a generic, broad-level description of the operations, capabilities, and configuration commands of the Fiber Channel (FC) Flex IO module.
The FC Flex IO module uses the same baseboard hardware of the IOA and the M1000e chassis. You can insert the FC Flex IO module into any of the optional module slots of the IOA and it provides four FC ports per module. If you insert only one FC Flex IO module, four ports are supported; if you insert two FC Flex IO modules, eight ports are supported. By installing an FC Flex IO module, you can enable the IOA to directly connect to an existing FC SAN network.
• There should a maximum of 64 server fabric login (FLOGI) requests or fabric discovery (FDISC) requests per server MAC address before forwarded by the FC Flex IO module to the FC core switch. Without user configuration, only 32 server login sessions are permitted for each server MAC address. To increase the total number of sessions to 64, use the max sessions command. • A distance of up to 300 meters is supported at 8 Gbps for Fibre Channel traffic.
• Fcoe-vlan: 1002 • Fc-map: 0x0efc00 • Fcf-priority: 128 • Fka-adv-period: 8000mSec • Keepalive: enable • Vlan priority: 3 • On an IOA, the FCoE virtual local area network (VLAN) is automatically configured. • With FC Flex IO modules on an IOA, the following DCB maps are applied on all of the ENode facing ports.
NOTE: 1 When you cable the ports, be sure not to interfere with the airflow from the small vent holes above and below the ports. Processing of Data Traffic The Dell Networking OS determines the module type that is plugged into the slot. Based on the module type, the software performs the appropriate tasks. The FC Flex IO module encapsulates and decapsulates the FCoE frames.
Figure 36. Installing and Configuring Flowchart for FC Flex IO Modules To see if a switch is running the latest Dell Networking OS version, use the show version command. To download a Dell Networking OS version, go to http://support.dell.com. Installation Site Preparation Before installing the switch or switches, make sure that the chosen installation location meets the following site requirements: • Clearance — There is adequate front and rear clearance for operator access.
1 Decrease the maximum temperature by 1°C (1.8°F) per 300 m (985 ft.) above 900 m (2955 ft.). 2 Relative Humidity — The operating relative humidity is 8 percent to 85 percent (non‑condensing) with a maximum humidity gradation of 10 percent per hour.
• The CNA sends a FIP fabric login (FLOGI) request to the FC Flex IO module, which converts FLOGI to FDISC messages or processes any internally generated FC frames and sends these messages to the SAN environment. • When the FC fabric discovery (FDISC) accept message is received from the SAN side, the FC Flex IO module converts the FDISC message again into an FLOGI accept message and transmits it to the CNA.
Figure 38. Case 2: Deployment Scenario of Configuring FC Flex IO Modules Fibre Channel over Ethernet for FC Flex IO Modules FCoE provides a converged Ethernet network that allows the combination of storage-area network (SAN) and LAN traffic on a Layer 2 link by encapsulating Fibre Channel data into Ethernet frames. The Fibre Channel (FC) Flex IO module is supported on Dell Networking Operating System (OS) I/O Aggregator (IOA).
27 FC FLEXIO FPORT FC FlexIO FPort is now supported on the Dell Networking OS. Topics: • FC FLEXIO FPORT • Configuring Switch Mode to FCF Port Mode • Name Server • FCoE Maps • Creating an FCoE Map • Zoning • Creating Zone and Adding Members • Creating Zone Alias and Adding Members • Creating Zonesets • Activating a Zoneset • Displaying the Fabric Parameters FC FLEXIO FPORT The switch is a blade switch which is plugged into the Dell M1000 Blade server chassis.
Configuring Switch Mode to FCF Port Mode To configure switch mode to Fabric services, use the following commands. 1 Configure Switch mode to FCF Port. CONFIGURATION mode feature fc fport domain id 2 NOTE: Enable remote-fault-signaling rx off command in FCF FPort mode on interfaces connected to the Compellent and MDF storage devices. 2 Create an FCoE map with the parameters used in the communication between servers and a SAN fabric.
FCOE MAP mode fabric-id fabric-num vlan vlan-id 4 Configure the FCoE mapped address prefix (FC-MAP) value which is used to identify FCoE traffic transmitted on the FCoE VLAN for the specified fabric. FCOE MAP mode fc-map fc-map-value 5 Configure the SAN fabric to which the FC port connects by entering the name of the FCoE map applied to the interface.
• The dedicated FCoE VLAN used to transport FCoE storage traffic. • The FC-MAP value used to generate a fabric-provided MAC address. • The association between the FCoE VLAN ID and FC fabric ID where the desired storage arrays are installed. Each Fibre Channel fabric serves as an isolated SAN topology within the same physical network. • A server uses the priority to select an upstream FCoE forwarder (FCF priority). • FIP keepalive (FKA) advertisement timeout.
4 Specify the FC-MAP value used to generate a fabric-provided MAC address, which is required to send FCoE traffic from a server on the FCoE VLAN to the FC fabric specified in Step 2. FCoE MAP mode fc-map fc-map-value You must enter a unique MAC address prefix as the FC-MAP value for each fabric. The range is from 0EFC00 to 0EFCFF. The default is none. 5 Configure the priority used by a server CNA to select the FCF for a fabric login (FLOGI). FCoE MAP mode fcf-priority priority The range is from 1 to 255.
Creating Zone and Adding Members To create a zone and add members to the zone, use the following commands. 1 Create a zone. CONFIGURATION mode fc zone zonename 2 Add members to a zone. ZONE CONFIGURATION mode member word The member can be WWPN (00:00:00:00:00:00:00:00), port ID (000000), or alias name (word).
member zonename Example of Creating Zonesets Dell(conf)#fc zoneset zs1 Dell(conf-fc-zoneset-zs1)#member z1 Dell(conf-fc-zoneset-zs1)# Dell(conf-fc-zoneset-zs1)#exit Dell(conf-fc-zoneset-zs1)# Activating a Zoneset Activating a zoneset makes the zones within it effective. On a switch, only one zoneset can be active. Any changes in an activated zoneset do not take effect until it is re-activated. By default, the fcoe-map fabric map-namedoes not have any active zonesets.
fcoe-map SAN_FABRIC description SAN_FABRIC fc-map 0efc00 fabric-id 1002 vlan 1002 ! fc-fabric default-zone-allow all Dell(conf-fcoe-SAN_FABRIC)# Example of the show fcoe-map Command Dell(conf)#do show Fabric Name fcoe-map map Fabric Type Fport Fabric Id 1002 Vlan Id 1002 Vlan priority 3 FC-MAP 0efc00 FKA-ADV-Period 8 Fcf Priority 128 Config-State ACTIVE Oper-State UP ======================================================= Switch Config Parameters ======================================================= Dom
brcd_cna1_wwpn1 sanb_p2tgt1_wwpn Active Zoneset: fcoe_srv_fc_tgt ZoneName ZoneMember ======================================== brcd_sanb 10:00:8c:7c:ff:21:5f:8d 20:02:00:11:0d:03:00:00 Dell# Example of the show fc zoneset active Command Dell#show fc zoneset active Active Zoneset: fcoe_srv_fc_tgt ZoneName ZoneMember ================================== brcd_sanb 10:00:8c:7c:ff:21:5f:8d 20:02:00:11:0d:03:00:00 Dell# Example of the show fc zone Command Dell#show fc zone ZoneName ZoneMember =======================
28 NPIV Proxy Gateway The N-port identifier virtualization (NPIV) Proxy Gateway (NPG) feature provides FCoE-FC bridging capability on the Aggregator, allowing server CNAs to communicate with SAN fabrics over the Aggregator.
NPIV Proxy Gateway Operation Consider a sample scenario of NPG operation. An FX2 server chassis configured as an NPG does not join a SAN fabric, but functions as an FCoE-FC bridge that forwards storage traffic between servers and core SAN switches. The core switches forward SAN traffic to and from FC storage arrays. An FX2 chassis FC port is configured as an N (node) port that logs in to an F (fabric) port on the upstream FC core switch and creates a channel for N-port identifier virtualization.
• FCoE gateway that provides FCoE-to-FC bridging. N-port virtualization using FCoE maps exposes upstream F ports as FCF ports to downstream server-facing ENode ports on the NPG. NPIV Proxy Gateway: Terms and Definitions The following table describes the terms used in an NPG configuration on the Aggregator. Table 39. Aggregator with the NPIV Proxy Gateway: Terms and Definitions Term Description FC port Fibre Channel port on the Aggregator that operates in autosensing, 2, 4, or 8-Gigabit mode.
Term Description principal switch The switch in a fabric with the lowest domain number. The principal switch accesses the master name database and the zone/zone set database. DCB Maps A Data Center Bridging (DCB) map is used to configure DCB functionality, such as PFC and ETS, on the Aggregator with the Ethernet ports that support CEE traffic and are DCBx-enabled, by default. By default, no PFC and ETS settings in a DCB map are applied to the Aggregator with the Ethernet ports when they are enabled.
6 Applying an FCoE map on server-facing Ethernet ports 7 Applying an FCoE Map on fabric-facing FC ports NOTE: All these configurations are available only in PMUX mode and you cannot perform these configurations in Standalone mode. Default Configurations in Standalone mode By default, the following configurations are set in Standalone mode: 1 All the FC port are applied with the default FCoE map.
Enabling Fibre Channel Capability on the Switch Enable the Fibre Channel capability on an Aggregator that you want to configure as an NPG for the Fibre Channel protocol. When you enable Fibre Channel capability, FCoE transit with FIP snooping is automatically enabled on all VLANs on the switch, using the default FCoE transit settings. 1 Enable the Fibre Channel capability on an Aggregator for the Fibre Channel protocol.
As a result, PFC and lossless port queues are disabled on 802.1p priorities, and all priorities are mapped to the same priority queue and equally share port bandwidth. • To change the ETS bandwidth allocation configured for a priority group in a DCB map, do not modify the existing DCB map configuration. Instead, create a new DCB map with the desired PFC and ETS settings, and apply the new map to the interfaces to override the previous DCB map settings.
• The FC-MAP value, used to generate the fabric-provided MAC address (FPMA). The FPMA is used by servers to transmit FCoE traffic to the fabric. You can associate an FC-MAP with only one FCoE VLAN and conversely, associate an FCoE VLAN with only one FCMAP. • FCF priority, the priority used by a server CNA to select an upstream FCoE forwarder (FCF). • FIP keepalive (FKA) advertisement timeout. The values for the FCoE VLAN, fabric ID and FC-MAP must be unique.
Applying an FCoE Map on Server-facing Ethernet Ports You can apply multiple FCoE maps on an Ethernet port or port channel. When you apply an FCoE map on a server-facing port or port channel: • The port is configured to operate in hybrid mode (accept both tagged and untagged VLAN frames). • The associated FCoE VLAN is enabled on the port or port channel. When you enable a server-facing Ethernet port, the servers respond to the FIP advertisements by performing FLOGIs on upstream virtualized FCF ports.
2 Apply the FCoE and FC fabric configurations in an FCoE map to the port. Repeat this step to apply an FCoE map to more than one FC port. INTERFACE FIBRE_CHANNEL mode fabric map-name Dell# interface fi 0/9 Dell(config-if-fc-0/9)# fabric SAN_FABRIC_A 3 Enable the port for FC transmission.
Dell(config-fcoe-name)# fcf-priority 128 Dell(config-fcoe-name)# fka-adv-period 8 5 Enable an upstream FC port: Dell(config-if-fc-0)# no shutdown 6 Enable a downstream Ethernet port: Dell(conf-if-te-0)# no shutdown Displaying NPIV Proxy Gateway Information To display information on the NPG operation, use the show commands in the following table: Table 40.
Table 41. show interfaces status Field Descriptions Field Description Port Server-facing 10GbE Ethernet (Te), or fabric-facing Fibre Channel (FC) port with slot/port information. Description Text description of port. Status Operational status of port: Ethernet ports - up (transmitting FCoE and LAN storage traffic) or down (not transmitting traffic).
VLAN ID The dedicated VLAN used to transport FCoE storage traffic between servers and a fabric over the NPG. The configured VLAN ID must be the same as the fabric ID. VLAN priority FCoE traffic uses VLAN priority 3. This setting is not user-configurable. FC-MAP FCoE MAC-address prefix value - The unique 24-bit MAC address prefix that identifies a fabric. FKA-ADV-period Time interval (in seconds) used to transmit FIP keepalive advertisements.
show npiv devices brief Command Example Dell# show npiv devices brief Total NPIV Devices = 2 ------------------------------------------------------------------------------------------------------ENode-Intf ENode-WWPN FCoE-Vlan Fabric-Intf Fabric-Map LoginMethod Status ------------------------------------------------------------------------------------------------------Te 0/11 LOGGED_IN Te 0/12 LOGGED_IN 20:01:00:10:18:f1:94:20 1003 Fc 0/9 fid_1003 FLOGI 10:00:00:00:c9:d9:9c:cb 1003 Fc 0/10 fid_1003
ENode[1]: ENode MAC ENode Intf FCF MAC Fabric Intf FCoE Vlan Fabric Map ENode WWPN ENode WWNN FCoE MAC FC-ID LoginMethod Secs Status : : : : : : : : : : : : : 00:10:18:f1:94:22 Te 0/12 5c:f9:dd:ef:10:c9 Fc 0/10 1003 fid_1003 10:00:00:00:c9:d9:9c:cb 10:00:00:00:c9:d9:9c:cd 0e:fc:03:01:02:02 01:02:01 FDISC 5593 LOGGED_IN Table 45.
Switch WWN Dell# : 10:00:5c:f9:dd:ef:10:c0 Table 46. show fc switch Command Description Field Description Switch Mode Fibre Channel mode of operation of an Aggregator. Default: NPG (configured as an NPIV proxy gateway). Switch WWN Factory-assigned worldwide node (WWN) name of the Aggregator. The Aggregator WWN name is not user-configurable.
29 Upgrade Procedures To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes. Get Help with Upgrades Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center. You can reach Technical Support: • On the web: http://support.dell.
30 Debugging and Diagnostics This chapter contains the following sections:.
L LAG 128 Mode L2L3 Status up Uptime 17:36:24 Ports Te 0/33 Te 0/35 Te 0/36 Te 0/39 Te 0/51 Te 0/53 Te 0/54 Te 0/56 (Up) (Up) (Up) (Up) (Up) (Up) (Up) (Up) Dell#show uplink-state-group 1 detail (Up): Interface up (Dwn): Interface down Uplink State Group Defer Timer Upstream Interfaces Downstream Interfaces 2 : : : : 1 10 Po Te Te Te Te Te Te Te (Dis): Interface disabled Status: Enabled, Up sec 128(Up) 0/1(Up) Te 0/2(Up) Te 0/3(Dwn) Te 0/4(Dwn) Te 0/5(Up) 0/6(Dwn) Te 0/7(Dwn) Te 0/8(Up) Te 0/9(
Flooded packets on all VLANs are received on a server Symptom: All packets flooded on all VLANs on an Aggregator are received on a server, even if the server is configured as a member of only a subset of VLANs. This behavior happens because all Aggregator ports are, by default, members of all (4094) VLANs. Resolution: Configure a port that is connected to the server with restricted VLAN membership.
show system stack-unit 0 Display software configuration on an Aggregator in stacking mode. show version Command Example Dell#show version Dell Real Time Operating System Software Dell Operating System Version: 1.0 Dell Force10 Application Software Version: E8-3-17-24 Copyright (c) 1999-2014 by Dell Inc. All Rights Reserved.
Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 — Level 0 diagnostics check for the presence of various components and perform essential path verifications. In addition, Level 0 diagnostics verify the identification registers of the components on the board. • Level 1 — A smaller set of diagnostic tests.
Proceed with Offline [confirm yes/no]:yes Dell# 2 Confirm the offline status.
EXEC Privilege mode • show hardware stack-unit {0-5} cpu management statistics View driver-level statistics for the data-plane port on the CPU for the specified stack-unit. EXEC Privilege mode show hardware stack-unit {0-5} cpu data-plane statistics • This view provides insight into the packet types entering the CPU to see whether CPU-bound traffic is internal (IPC traffic) or network control traffic, which the CPU must process.
• show hardware stack-unit {0-5} unit {0-0} ipmc-replication View the internal statistics for each port-pipe (unit) on per port basis. EXEC Privilege mode • show hardware stack-unit {0-5} unit {0-0} port-stats [detail] View the stack-unit internal registers for each port-pipe. EXEC Privilege mode • show hardware stack-unit {0-5} unit {0-0} register View the tables from the bShell through the CLI without going into the bShell.
=================================== SFP 49 Temp High Warning threshold SFP 49 Voltage High Warning threshold SFP 49 Bias High Warning threshold SFP 49 TX Power High Warning threshold SFP 49 RX Power High Warning threshold SFP 49 Temp Low Warning threshold SFP 49 Voltage Low Warning threshold SFP 49 Bias Low Warning threshold SFP 49 TX Power Low Warning threshold SFP 49 RX Power Low Warning threshold =================================== SFP 49 Temperature SFP 49 Voltage SFP 49 Tx Bias Current SFP 49 Tx Power
In addition, Dell Networking requires that you install blanks in all slots without a line card to control airflow for adequate system cooling. NOTE: Exercise care when removing a card; if it has exceeded the major or shutdown thresholds, the card could be hot to the touch.
OID String OID Name Description NOTE: These OIDs only generate if you enable the enable opticinfo-update-interval is enabled command. Hardware MIB Buffer Statistics .1.3.6.1.4.1.6027.3.27.1.4 dellNetFpPacketBufferTable View the modular packet buffers details per stack unit and the mode of allocation. .1.3.6.1.4.1.6027.3.27.1.5 dellNetFpStatsPerPortTable View the forwarding plane statistics containing the packet buffer usage per port per stack unit. .1.3.6.1.4.1.6027.3.27.1.
• Oversubscription ratio = 10 • Dynamic Cell Limit Per port = 59040/29 = 2036 cells Figure 39. Buffer Tuning Points Deciding to Tune Buffers Dell Networking recommends exercising caution when configuring any non-default buffer settings, as tuning can significantly affect system performance. The default values work for most cases. As a guideline, consider tuning buffers if traffic is bursty (and coming from several interfaces). In this case: • Reduce the dedicated buffer on all queues/interfaces.
BUFFER PROFILE mode • buffer dedicated Change the maximum number of dynamic buffers an interface can request. BUFFER PROFILE mode • buffer dynamic Change the number of packet-pointers per queue. BUFFER PROFILE mode • buffer packet-pointers Apply the buffer profile to a CSF to FP link.
no ip address mtu 9252 switchport no shutdown buffer-policy myfsbufferprofile Example of Viewing the Buffer Profile (Interface) Dell#show buffer-profile detail int gi 0/10 Interface Gi 0/10 Buffer-profile fsqueue-fp Dynamic buffer 1256.00 (Kilobytes) Queue# Dedicated Buffer Buffer Packets Kilobytes) 0 3.00 256 1 3.00 256 2 3.00 256 3 3.00 256 4 3.00 256 5 3.00 256 6 3.00 256 7 3.
If the default buffer profile (4Q) is active, the system displays an error message instructing you to remove the default configuration using the no buffer-profile global command. To apply a predefined buffer profile, use the following command. • Apply one of the pre-defined buffer profiles for all port pipes in the system. CONFIGURATION mode buffer-profile global [1Q|4Q] Sample Buffer Profile Configuration The two general types of network environments are sustained data transfers and voice/data.
• • • • • clear clear clear clear clear hardware hardware hardware hardware hardware stack-unit stack-unit stack-unit stack-unit stack-unit 0-5 0-5 0-5 0-5 0-5 counters unit 0–0 counters cpu data-plane statistics cpu party-bus statistics stack-port 33–56 Displaying Drop Counters To display drop counters, use the following commands. • • • Identify which stack unit, port pipe, and port is experiencing internal drops. show hardware stack-unit 0–11 drops [unit 0 [port 0–63]] Display drop counters.
Ingress MMU Drops HOL DROPS(TOTAL) HOL DROPS on COS0 HOL DROPS on COS1 HOL DROPS on COS2 HOL DROPS on COS3 HOL DROPS on COS4 HOL DROPS on COS5 HOL DROPS on COS6 HOL DROPS on COS7 HOL DROPS on COS8 HOL DROPS on COS9 HOL DROPS on COS10 HOL DROPS on COS11 HOL DROPS on COS12 HOL DROPS on COS13 HOL DROPS on COS14 HOL DROPS on COS15 HOL DROPS on COS16 HOL DROPS on COS17 TxPurge CellErr Aged Drops --- Egress MAC counters--Egress FCS Drops --- Egress FORWARD PROCESSOR IPv4 L3UC Aged & Drops TTL Threshold Drops INVA
rxPkt(COS6) rxPkt(COS7) rxPkt(UNIT0) rxPkt(UNIT1) rxPkt(UNIT2) rxPkt(UNIT3) transmitted txRequested noTxDesc txError txReqTooLarge txInternalError txDatapathErr txPkt(COS0) txPkt(COS1) txPkt(COS2) txPkt(COS3) txPkt(COS4) txPkt(COS5) txPkt(COS6) txPkt(COS7) txPkt(UNIT0) :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 The show hardware stack-unit cpu party-bus statistics command displays input and output statistics on the party bus, which carries inter-process communication traffic between
Enabling Buffer Statistics Tracking You can enable the tracking of statistical values of buffer spaces at a global level. The buffer statistics tracking utility operates in the max use count mode that enables the collection of maximum values of counters. To configure the buffer statistics tracking utility, perform the following step: 1 Enable the buffer statistics tracking utility and enter the Buffer Statistics Snapshot configuration mode.
MCAST 3 0 Unit 1 unit: 3 port: 21 (interface Fo 1/164) --------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------MCAST 3 0 Unit 1 unit: 3 port: 25 (interface Fo 1/168) --------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------MCAST 3 0 Unit 1 unit: 3 port: 29 (interface Fo 1/172) --------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------MCAST 3 0 Unit 1 uni
Restoring the Factory Default Settings Restoring factory defaults deletes the existing NVRAM settings, startup configuration and all configured settings such as stacking or fanout. To restore the factory default settings, use the restore factory-defaults stack-unit {0-5 | all} {clear-all | nvram} command in EXEC Privilege mode. CAUTION: There is no undo for this command. Important Points to Remember • When you restore all the units in a stack, all units in the stack are placed into stand-alone mode.
31 Standards Compliance This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking Operating System (OS), the system also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website. Click “Browse and search IETF documents,” enter an RFC number, and inspect the top of the resulting document for obsolescence citations to related RFCs.
General Internet Protocols The following table lists the Dell Networking OS support per platform for general internet protocols. Table 49.
RFC# Full Name 1542 Clarifications and Extensions for the Bootstrap Protocol 1812 Requirements for IP Version 4 Routers 2131 Dynamic Host Configuration Protocol 2338 Virtual Router Redundancy Protocol (VRRP) 3021 Using 31-Bit Prefixes on IPv4 Point-to-Point Links 3046 DHCP Relay Agent Information Option 3069 VLAN Aggregation for Efficient IP Address Allocation 3128 Protection Against a Variant of the Tiny Fragment Attack Network Management The following table lists the Dell Networking OS s
RFC# Full Name 2574 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) 2575 View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP) 2576 Coexistence Between Version 1, Version 2, and Version 3 of the Internetstandard Network Management Framework 2578 Structure of Management Information Version 2 (SMIv2) 2579 Textual Conventions for SMIv2 2580 Conformance Statements for SMIv2 2618 RADIUS Authentication Client MIB, e
RFC# Full Name IEEE 802.1AB The LLDP Management Information Base extension module for IEEE 802.3 organizationally defined discovery information. (LLDP DOT1 MIB and LLDP DOT3 MIB) sFlow.org sFlow Version 5 sFlow.
