Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON

1041

Table Of Contents

Dell EMC SmartFabric OS10 User Guide Release 10.5.0
Change history
Getting Started
- Switch with factory-installed OS10
- Switch without OS installed
- Switch deployment options
- Remote access
CLI Basics
- CONFIGURATION mode
- Check device status
- Command help
- Candidate configuration
  - Prevent configuration changes
- Copy running configuration
- Restore startup configuration
- Reload system image
- Filter show commands
- Common OS10 commands
Advanced CLI tasks
- Command alias
- Batch mode
  - batch
- Linux shell commands
- Using OS9 commands
  - feature config-os9-style
Zero-touch deployment
- ZTD DHCP server configuration
- ZTD provisioning script
- ZTD CLI batch file
- Post-ZTD script
- ZTD commands
OS10 provisioning
- Using Ansible
- Example: Configure an OS10 switch using Ansible
System management
- System banners
- User session management
  - User session management commands
- Telnet server
  - Telnet commands
- Simple Network Management Protocol
- System clock
- Network Time Protocol
- Dynamic Host Configuration Protocol
Interfaces
- Ethernet interfaces
- Unified port groups
- Z9264F-ON port-group profiles
- Port-groups on S5200F-ON switches
- L2 mode configuration
- L3 mode configuration
- Fibre Channel interfaces
  - Configuring wavelength
- Management interface
  - Management interface
- VLAN interfaces
- User-configured default VLAN
- VLAN scale profile
- Loopback interfaces
- Port-channel interfaces
  - Create port-channel
  - Add port member
  - Minimum links
  - Assign Port Channel IP Address
  - Remove or disable port-channel
  - Load balance traffic
  - Change hash algorithm
- Configure interface ranges
- Switch-port profiles
  - S4148-ON Series port profiles
  - S4148U-ON port profiles
- Configure negotiation modes on interfaces
- Configure breakout mode
- Breakout auto-configuration
- Reset default configuration
- Forward error correction
- Energy-efficient Ethernet
  - Enable energy-efficient Ethernet
  - Clear EEE counters
  - View EEE status/statistics
  - EEE commands
- View interface configuration
- Digital optical monitoring
  - Enable DOM and DOM traps
- Interface commands
  - channel-group
  - default interface
  - default vlan-id
  - description (Interface)
  - duplex
  - enable dom
  - enable dom traps
  - feature auto-breakout
  - fec
  - interface breakout
  - interface ethernet
  - interface loopback
  - interface mgmt
  - interface null
  - interface port-channel
  - interface range
  - interface vlan
  - link-bundle-utilization
  - mode
  - mode l3
  - mtu
  - negotiation
  - port mode Eth
  - port-group
  - profile
  - scale-profile vlan
  - show interface
  - show interface transceiver “Tunable wavelength”
  - show inventory media
  - show link-bundle-utilization
  - show port-channel summary
  - show port-group
  - show switch-port-profile
  - show system
  - show vlan
  - shutdown
  - speed (Fibre Channel)
  - speed (Management)
  - switch-port-profile
  - switchport access vlan
  - switchport mode
  - switchport trunk allowed vlan
  - wavelength
Fibre Channel
- Fibre Channel over Ethernet
  - Configure FIP snooping
- Terminology
- Virtual fabric
- Fibre Channel zoning
- F_Port on Ethernet
- Pinning FCoE traffic to a specific port of a port-channel
- Multi-hop FIP-snooping bridge
- Configuration guidelines
- NPIV Proxy Gateway cascading
  - NPG1 switch configuration
  - NPG2 switch configuration
- F_Port commands
- NPG commands
- F_Port and NPG commands
- FIP-snooping commands
- FCoE commands
Layer 2
- 802.1X
- Far-end failure detection
- Link Aggregation Control Protocol
- Link Layer Discovery Protocol
- Media Access Control
- Spanning-tree protocol
- Virtual LANs
- Port monitoring
Layer 3
- Virtual routing and forwarding
- Bidirectional Forwarding Detection
- Border Gateway Protocol
- Equal cost multi-path
- IPv4 routing
- IPv6 routing
- Open shortest path first
- Object tracking manager
- Policy-based routing
- Virtual Router Redundancy Protocol
Multicast
- Important notes
- Configure multicast routing
- Unknown multicast flood control
  - Enable multicast flood control
- Multicast Commands
  - multicast snooping flood-restrict
- Internet Group Management Protocol
- Multicast Listener Discovery Protocol
  - MLD snooping
  - MLD snooping commands
- Protocol Independent Multicast
- Multicast VRF sample configuration
- VLT multicast routing
VXLAN
- VXLAN concepts
- VXLAN as NVO solution
- Configure VXLAN
- L3 VXLAN route scaling
- DHCP relay on VTEPs
- View VXLAN configuration
- VXLAN MAC addresses
- VXLAN commands
- VXLAN MAC commands
- Example: VXLAN with static VTEP
- BGP EVPN for VXLAN
- Controller-provisioned VXLAN
UFT modes
- Configure UFT modes
  - IPv6 extended prefix routes
- UFT commands
Security
- User re-authentication
- Password strength
- Simple password check
- Obscure passwords
- Role-based access control
- Assign user role
- Bootloader protection
- Linuxadmin user configuration
- RADIUS authentication
- RADIUS over TLS authentication
- TACACS+ authentication
- Unknown user role
- SSH server
- Virtual terminal line ACLs
- Restrict SNMP access
- Enable AAA accounting
- Enable user lockout
- Limit concurrent login sessions
- Enable login statistics
- Privilege levels
  - Configure privilege levels
  - Configure enable password
- Audit log
- Security commands
  - aaa accounting
  - aaa authentication login
  - aaa re-authenticate enable
  - boot protect disable username
  - boot protect enable username password
  - clear logging audit
  - crypto ssh-key generate
  - disable
  - enable
  - enable password priv-lvl
  - ip access-class
  - ip radius source-interface
  - ip tacacs source-interface
  - ipv6 access-class
  - ip ssh server challenge-response-authentication
  - ip ssh server cipher
  - ip ssh server enable
  - ip ssh server hostbased-authentication
  - ip ssh server kex
  - ip ssh server mac
  - ip ssh server password-authentication
  - ip ssh server port
  - ip ssh server pubkey-authentication
  - ip ssh server vrf
  - line vty
  - logging audit enable
  - login concurrent-session limit
  - login-statistics enable
  - password-attributes
  - password-attributes max-retry lockout-period
  - privilege
  - radius-server host
  - radius-server host tls
  - radius-server retransmit
  - radius-server timeout
  - radius-server vrf
  - service obscure-password
  - service simple-password
  - show boot protect
  - show crypto ssh-key
  - show ip ssh
  - show logging audit
  - show login-statistics
  - show privilege
  - show running-configuration privilege
  - show users
  - system-user linuxadmin disable
  - system-user linuxadmin password
  - tacacs-server host
  - tacacs-server timeout
  - tacacs-server vrf
  - username password role
  - username sshkey
  - username sshkey filename
  - userrole inherit
- X.509v3 certificates
  - X.509v3 concepts
  - Public key infrastructure
  - Manage CA certificates
  - Certificate revocation
  - Request and install host certificates
  - Self-signed certificates
  - Security profiles
  - Cluster security
  - X.509v3 commands
  - Example: Configure RADIUS over TLS with X.509v3 certificates
OpenFlow
- OpenFlow logical switch instance
- OpenFlow controller
- OpenFlow version 1.3
- OpenFlow use cases
- Configure OpenFlow
  - Establish TLS connection
- OpenFlow commands
- OpenFlow-only mode commands
Access Control Lists
- IP ACLs
- MAC ACLs
- Control-plane ACLs
  - Control-plane ACL qualifiers
- IP fragment handling
  - IP fragments ACL
- L3 ACL rules
  - Permit ACL with L3 information only
  - Deny ACL with L3 information only
  - Permit all packets from host
  - Permit only first fragments and non-fragmented packets from host
- Assign sequence number to filter
  - User-provided sequence number
  - Auto-generated sequence number
- Delete ACL rule
- L2 and L3 ACLs
- Assign and apply ACL filters
- Ingress ACL filters
- Egress ACL filters
- VTY ACLs
- SNMP ACLs
- Clear access-list counters
- IP prefix-lists
- Route-maps
- Match routes
- Set conditions
- Continue clause
- ACL flow-based monitoring
  - Flow-based mirroring
- Enable flow-based monitoring
- View ACL table utilization report
  - Known behavior
- ACL logging
  - Important notes
- ACL commands
  - clear ip access-list counters
  - clear ipv6 access-list counters
  - clear mac access-list counters
  - deny
  - deny (IPv6)
  - deny (MAC)
  - deny icmp
  - deny icmp (IPv6)
  - deny ip
  - deny ipv6
  - deny tcp
  - deny tcp (IPv6)
  - deny udp
  - deny udp (IPv6)
  - description
  - ip access-group
  - ip access-list
  - ip as-path access-list
  - ip community-list standard deny
  - ip community–list standard permit
  - ip extcommunity-list standard deny
  - ip extcommunity-list standard permit
  - ip prefix-list description
  - ip prefix-list deny
  - ip prefix-list permit
  - ip prefix-list seq deny
  - ip prefix-list seq permit
  - ipv6 access-group
  - ipv6 access-list
  - ipv6 prefix-list deny
  - ipv6 prefix-list description
  - ipv6 prefix-list permit
  - ipv6 prefix-list seq deny
  - ipv6 prefix-list seq permit
  - mac access-group
  - mac access-list
  - permit
  - permit (IPv6)
  - permit (MAC)
  - permit icmp
  - permit icmp (IPv6)
  - permit ip
  - permit ipv6
  - permit tcp
  - permit tcp (IPv6)
  - permit udp
  - permit udp (IPv6)
  - remark
  - seq deny
  - seq deny (IPv6)
  - seq deny (MAC)
  - seq deny icmp
  - seq deny icmp (IPv6)
  - seq deny ip
  - seq deny ipv6
  - seq deny tcp
  - seq deny tcp (IPv6)
  - seq deny udp
  - seq deny udp (IPv6)
  - seq permit
  - seq permit (IPv6)
  - seq permit (MAC)
  - seq permit icmp
  - seq permit icmp (IPv6)
  - seq permit ip
  - seq permit ipv6
  - seq permit tcp
  - seq permit tcp (IPv6)
  - seq permit udp
  - seq permit udp (IPv6)
  - show access-group
  - show access-lists
  - show acl-table-usage detail
  - show ip as-path-access-list
  - show ip community-list
  - show ip extcommunity-list
  - show ip prefix-list
  - show logging access-list
- Route-map commands
  - continue
  - match as-path
  - match community
  - match extcommunity
  - match interface
  - match ip address
  - match ip next-hop
  - match ipv6 address
  - match ipv6 next-hop
  - match metric
  - match origin
  - match route-type
  - match tag
  - route-map
  - set comm-list add
  - set comm-list delete
  - set community
  - set extcomm-list add
  - set extcomm-list delete
  - set extcommunity
  - set local-preference
  - set metric
  - set metric-type
  - set next-hop
  - set origin
  - set tag
  - set weight
  - show route-map
Quality of service
- Configure quality of service
- Ingress traffic classification
  - Data traffic classification
  - Control-plane policing
- Egress traffic classification
- Policing traffic
- Mark Traffic
- Color traffic
- Modify packet fields
- Shaping traffic
- Bandwidth allocation
- Strict priority queuing
- Rate adjustment
- Buffer management
- Congestion avoidance
- Storm control
- RoCE for faster access and lossless connectivity
- Port to port-pipe and MMU mapping
- QoS commands
Virtual Link Trunking
- Terminology
- VLT domain
- VLT interconnect
- Graceful LACP with VLT
- Configure VLT
- Configure VRRP Active-Active mode
- Migrate VMs across data centers with eVLT
- View VLT information
- VLT commands
Uplink Failure Detection
- Configure uplink failure detection
- Uplink failure detection on VLT
  - Sample configurations of UFD on VLT
- UFD commands
Converged data center services
- Priority flow control
- Enhanced transmission selection
- Data center bridging eXchange
- Internet small computer system interface
- Converged network DCB example
sFlow
- Enable sFlow
- Max-header size configuration
- Collector configuration
  - Collector configuration for default VRF
  - Collector configuration for nondefault VRF
- Polling-interval configuration
- Sample-rate configuration
- Source interface configuration
- View sFlow information
- sFlow commands
Telemetry
- Telemetry terminology
- YANG-modeled telemetry data
- Configure telemetry
- View telemetry configuration
- Telemetry commands
- Example: Configure streaming telemetry
RESTCONF API
- Configure RESTCONF API
- CLI commands for RESTCONF API
- RESTCONF API tasks
Troubleshoot OS10
- Diagnostic tools
- Recover Linux password
- Recover OS10 user name password
- Restore factory defaults
- SupportAssist
- Support bundle
  - Event notifications
  - generate support-bundle
- System monitoring
- Log into OS10 device
- Frequently asked questions
Support resources

• Clear IPv6 access-list counters in EXEC mode.

clear ipv6 access-list counters access-list-name

• Clear MAC access-list counters in EXEC mode.

clear mac access-list counters access-list-name

IP prex-lists

IP prex-lists control the routing policy. An IP prex-list is a series of sequential lters that contain a matching criterion and an permit or

deny action to process routes. The lters process in sequence so that if a route prex does not match the criterion in the rst lter, the

second lter applies, and so on.

A route prex is an IP address pattern that matches on bits within the IP address. The format of a route prex is A.B.C.D/x, where

A.B.C.D is a dotted-decimal address and /x is the number of bits that match the dotted decimal address.

When the route prex matches a lter, the system drops or forwards the packet based on the lter’s designated action. If the route prex

does not match any of the lters in the prex-list, the route drops, an implicit deny.

For example, in 112.24.0.0/16, the rst 16 bits of the address 112.24.0.0 match all addresses between 112.24.0.0 to

112.24.255.255. Use permit or deny lters for specic routes with the le (less or equal) and ge (greater or equal) parameters, where

x.x.x.x/x represents a route prex:

• To deny only /8 prexes, enter deny x.x.x.x/x ge 8 le 8

• To permit routes with the mask greater than /8 but less than /12, enter permit x.x.x.x/x ge 8 le 12

• To deny routes with a mask less than /24, enter deny x.x.x.x/x le 24

• To permit routes with a mask greater than /20, enter permit x.x.x.x/x ge 20

The following rules apply to prex-lists:

• A prex-list without permit or deny lters allows all routes

• An implicit deny is assumed — the route drops for all route prexes that do not match a permit or deny lter

• After a route matches a lter, the lter’s action applies and no additional lters apply to the route

Use prex-lists in processing routes for routing protocols such as open shortest path rst (OSPF), route table manager (RTM), and border

gateway protocol (BGP).

To congure a prex-list, use commands in PREFIX-LIST and ROUTER-BGP modes. Create the prex-list in PREFIX-LIST mode and assign

that list to commands in ROUTER-BGP modes.

Route-maps

Route-maps are a series of commands that contain a matching criterion and action. They change the packets meeting the matching

criterion. ACLs and prex-lists can only drop or forward the packet or trac while route-maps process routes for route redistribution. For

example, use a route-map to lter only specic routes and to add a metric.

• Route-maps also have an implicit deny. Unlike ACLs and prex-lists where the packet or trac drops, if a route does not match the

route-map conditions, the route does not redistribute.

• Route-maps process routes for route redistribution. For example, to add a metric, a route-map can lter only specic routes. If the route

does not match the conditions, the route-map decides where the packet or trac drops. The route does not redistribute if it does not

match.

• Route-maps use commands to decide what to do with trac. To remove the match criteria in a route-map, use the no match

command.

• In a BGP route-map, if you repeat the same match statements; for example, a match metric, with dierent values in the same sequence

number, only the last match and set values are taken into account.

Access Control Lists

1043