FTOS Configuration Guide for the S4810 System FTOS 8.3.12.
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Information in this publication is subject to change without notice. © 2012 Dell Force10. All rights reserved.
1 About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Configure Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56 Log Messages in the Internal Buffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57 Configuration Task List for System Log Management . . . . . . . . . . . . . . . . . . . . . . . .57 Disable System Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Linktrace Message and Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80 Link Trace Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80 Enable CFM SNMP Traps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81 Display Ethernet CFM Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82 6 802.1X . . . . . . . . . . . . . .
www.dell.com | support.dell.com Configuration Task List for Prefix Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 ACL Resequencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122 Resequencing an ACL or Prefix List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123 Route Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4-Byte AS Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178 AS4 Number Representation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179 AS Number Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181 BGP4 Management Information Base (MIB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183 Important Points to Remember . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .250 Differences Between EtherScale and TeraScale . . . . . . . . . . . . . . . . . . . . . . . . . . .251 Select CAM Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251 CAM Allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ETS Operation with DCBx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .290 Configuring Bandwidth Allocation for DCBx CIN . . . . . . . . . . . . . . . . . . . . . . . . . . .291 Applying DCB Policies in a Switch Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291 Configuring DCBx Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292 DCBx Operation . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com 15 Equal Cost Multi-Path (ECMP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341 ECMP for Flow-based Affinity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .341 Configurable Hash Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .341 Deterministic ECMP Next Hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375 Enabling GVRP Globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375 Enabling GVRP on a Layer 2 Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375 Configuring GVRP Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .376 Configuring a GARP Timer . . . . . . . . .
www.dell.com | support.dell.com Enabling IGMP Immediate-leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .409 Disabling Multicast Flooding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .409 Specifying a Port as Connected to a Multicast Router . . . . . . . . . . . . . . . . . . . . . .409 Configuring the Switch as Querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Ethernet Pause Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .444 Threshold Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .445 Enable Pause Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .445 Configure MTU Size on an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .446 Port-pipes . . . . . . . . . . . . . .
www.dell.com | support.dell.com Synchronizing iSCSI Sessions learnt on VLT-Lags with VLT-Peer . . . . . . . . . . . . .479 Enabling and Disabling iSCSI Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .480 Default iSCSI Optimization Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .480 iSCSI Optimization Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .481 Configuring iSCSI Optimization . . . . . . . . .
Configuration Task List for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .530 Change your CAM-Profile on an E-Series system . . . . . . . . . . . . . . . . . . . . . . . . .530 Adjust your CAM-Profile on a C-Series or S-Series . . . . . . . . . . . . . . . . . . . . . . . .531 Assign an IPv6 Address to an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .532 Assign a Static IPv6 Route . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Default Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .568 Configuring the Switch for Microsoft Server Clustering . . . . . . . . . . . . . . . . . . . . . .568 Enable and Disable VLAN Flooding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .569 Configuring Redundant Pairs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
View the Source-active Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611 Limit the Source-active Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611 Clear the Source-active Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611 Enable the Rejected Source-active Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611 Accept Source-active Messages that fail the RFP Check . . . . . .
www.dell.com | support.dell.com IPv6 Multicast Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .655 Multicast Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .657 32 Object Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 659 Object Tracking Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .705 Configure PIM-SM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .705 Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .705 Enable PIM-SM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com 38 Quality of Service (QoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 743 Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .745 Port-based QoS Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .745 Set dot1p Priorities for Incoming Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Add and Remove Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .797 Modify Global Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .797 Modify Interface Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .798 Configure an EdgePort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com FTOS Options for Trunk Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .842 Debug VLAN Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .843 VLAN Stacking in Multi-vendor Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .844 VLAN Stacking Packet Drop Precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .850 Enable Drop Eligibility . . . . .
Create a Community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .873 Setting Up User-based Security (SNMPv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .873 Read Managed Object Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .875 Write Managed Object Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com LED Status Indicators on an S4810 Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .919 Display Status of Stacking Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .920 Removing Units or Front End Ports from a Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . .921 Remove a Unit from an S-Series Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .921 Remove Front End Port Stacking . . . . . . . .
Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .951 Configuring Network Time Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .951 Enable NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 952 Set the Hardware Clock with the Time Derived from NTP . . . . . . . . . . . . . . . . . . .952 Configure NTP broadcasts . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Configuration Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .994 RSTP and VLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .998 VLT Bandwidth Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .998 VLT and Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Sample buffer profile configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1066 Troubleshooting packet loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1067 Displaying Drop Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1067 Dataplane Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1069 Displaying Stack Port Statistics . . . . . . .
| www.dell.com | support.dell.
1 About this Guide Objectives This guide describes the protocols and features supported by the Force10 Operating System (FTOS) and provides configuration instructions and examples for implementing them. It supports the system platforms E-Series, C-Series, and S-Series. Though this guide contains information on protocols, it is not intended to be a complete reference. This guide is a reference for configuring protocols on Dell Force10 systems.
www.dell.com | support.dell.com Information Symbols Table 1-1 describes symbols contained in this guide. Table 1-1. Information Symbols Symbol Warning Description ces Platform Specific Feature This symbol informs you of a feature that supported on one or two platforms only: e is for E-Series, c is for C-Series, s is for S-Series.
2 Configuration Fundamentals The FTOS Command Line Interface (CLI) is a text-based interface through which you can configure interfaces and protocols. The CLI is largely the same for the E-Series, C-Series, and S-Series with the exception of some commands and command outputs. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels.
www.dell.com | support.dell.com CLI Modes Different sets of commands are available in each mode. A command found in one mode cannot be executed from another mode (with the exception of EXEC mode commands preceded by the command do; see The do Command in the Configuration Fundamentals chapter). You can set user access rights to commands and command modes using privilege levels; for more information on privilege levels and security options, refer to Privilege Levels Overview in the Security chapter.
IP IPv6 IP COMMUNITY-LIST IP ACCESS-LIST STANDARD ACCESS-LIST EXTENDED ACCESS-LIST LINE AUXILLIARY CONSOLE VIRTUAL TERMINAL MAC ACCESS-LIST MONITOR SESSION MULTIPLE SPANNING TREE Per-VLAN SPANNING TREE PREFIX-LIST RAPID SPANNING TREE REDIRECT ROUTE-MAP ROUTER BGP ROUTER ISIS ROUTER OSPF ROUTER RIP SPANNING TREE TRACE-LIST Navigating CLI Modes The FTOS prompt changes to indicate the CLI mode.
Prompt Access Command CONFIGURATION FTOS(conf)# • • From EXEC privilege mode, enter the command configure. From every mode except EXEC and EXEC Privilege, enter the command exit. Note: Access all of the following modes from CONFIGURATION mode. IP ACCESS-LIST LINE MAC ACCESS-LIST 34 FTOS Command Modes CLI Command Mode INTERFACE modes www.dell.com | support.dell.com Table 2-2.
Table 2-2.
www.dell.com | support.dell.com 4 5 6 7 not present online not present not present online E48VB E48VB 1-1-463 48 Undoing Commands When you enter a command, the command line is added to the running configuration file. Disable a command and remove it from the running-config by entering the original command preceded by the command no. For example, to delete an ip address configured on an interface, use the no ip address ip-address command, as shown in the following example.
debug --More-- • ? Debug functions after a partial keyword lists all of the keywords that begin with the specified letters. FTOS(conf)#cl? class-map clock FTOS(conf)#cl • A keyword followed by [space]? lists all of the keywords that can follow the specified keyword. FTOS(conf)#clock ? summer-time timezone FTOS(conf)#clock Configure summer (daylight savings) time Configure time zone Entering and Editing Commands When entering commands: • • • • • • Table 2-3. The CLI is not case sensitive.
www.dell.com | support.dell.com Table 2-3. Short-Cut Keys and their Actions (continued) Key Combination Action CNTL-N Return to more recent commands in the history buffer after recalling commands with CTRL-P or the UP arrow key. CNTL-P Recalls commands, beginning with the last command CNTL-R Re-enters the previous command. CNTL-U Deletes the line. CNTL-W Deletes the previous word. CNTL-X Deletes the line. CNTL-Z Ends continuous scrolling of command outputs.
FTOS(conf)#do show linecard all | grep 0 0 not present Note: FTOS accepts a space or no space before and after the pipe. To filter on a phrase with spaces, underscores, or ranges, enclose the phrase with double quotation marks. • except displays text that does not match the specified text. The following example shows this command used in combination with the command show linecard all.
www.dell.com | support.dell.com 40 Message 1 Multiple Users in Configuration mode Telnet Message % Warning: The following users are currently configuring the system: User "" on line console0 • On the system that is connected over the console, Message 2 appears: Message 2 Multiple Users in Configuration mode Telnet Message % Warning: User "" on line vty0 "10.11.130.
3 Getting Started This chapter contains the following major sections: • • • • • • Default Configuration Configure a Host Name Access the System Remotely Configure the Enable Password Configuration File Management File System Management When you power up the chassis, the system performs\ a Power-On Self Test (POST) during which Route Processor Module (RPM), Switch Fabric Module (SFM), and line card status LEDs blink green.
www.dell.com | support.dell.com To access the console port, follow the procedures below. Refer to Table 3-4, "Pin Assignments Between the Console and a DTE Terminal Server," in Getting Started for the console port pinout. Step Task 1 Install an RJ-45 copper cable into the console port.Use a rollover (crossover) cable to connect the S4810 console port to a terminal server. 2 Connect the other end of the cable to the DTE terminal server.
Configure a Host Name The host name appears in the prompt. The default host name is FTOS. • • Host names must start with a letter and end with a letter or digit. Characters within the string can be letters, digits, and hyphens. To configure a host name: Step 1 Task Command Syntax Command Mode Create a new host name. hostname name CONFIGURATION The example below illustrates the hostname command.
www.dell.com | support.dell.com To configure the management port IP address: Step 1 2 3 Task Command Syntax Command Mode Enter INTERFACE mode for the Management port. interface ManagementEthernet slot/port CONFIGURATION Assign an IP address to the interface. ip address ip-address/mask Enable the interface. • • slot range: 0 to 1 port range: 0 • ip-address: an address in dotted-decimal format • (A.B.C.D). mask: a subnet mask in /prefix-length format (/ xx).
To configure a username and password: Step 1 Task Command Syntax Command Mode Configure a username and password to access the system remotely. username username password [encryption-type] password encryption-type specifies how you are inputting the CONFIGURATION password, is 0 by default, and is not required. • • 0 is for inputting the password in clear text. 7 is for inputting a password that is already encrypted using a Type 7 hash.
www.dell.com | support.dell.com Configure the Enable Password Access the EXEC Privilege mode using the enable command. The EXEC Privilege mode is unrestricted by default. Configure a password as a basic security measure. There are two types of enable passwords: • enable password stores the password in the running/startup configuration using a DES encryption method. • enable secret is stored in the running/startup configuration in using a stronger, MD5 encryption method.
Copy Files to and from the System The command syntax for copying files is similar to UNIX. The copy command uses the format copy source-file-url destination-file-url. Note: See the FTOS Command Reference for a detailed description of the copy command. • • Table 3-5. To copy a local file to a remote system, combine the file-origin syntax for a local file location with the file-destination syntax for a remote file location shown in Table 3-5, "Forming a copy Command," in Getting Started.
www.dell.com | support.dell.com • The usbflash and rpm0usbflash commands are supported on E-Series ExaScale systems. Refer to your system’s Release Notes for a list of approved USB vendors. The following text is an example of using the copy command to save a file to an FTP server. FTOS#copy flash://FTOS-EF-8.2.1.0.bin ftp://myusername:mypassword@10.10.10.10//FTOS/ FTOS-EF-8.2.1.
Task Command Syntax Command Mode Save the running-configuration to: the startup-configuration on the internal flash of the primary RPM copy running-config startup-config the internal flash on an RPM copy running-config rpm{0|1}flash://filename Note: The internal flash memories on the RPMs are synchronized whenever there is a change, but only if the RPMs are running the same version of FTOS.
www.dell.com | support.dell.com View Files File information and content can only be viewed on local file systems. To view a list of files on the internal or external Flash: Step 1 Task Command Syntax Command Mode the internal flash of an RPM dir flash: EXEC Privilege the external flash of an RPM dir slot: View a list of files on: The output of the command dir also shows the read/write privileges, size (in bytes), and date of modification for each file, as shown in the example below.
View Configuration Files Configuration files have three commented lines at the beginning of the file, as shown in the example below, to help you track the last time any user made a change to the file, which user made the changes, and when the file was last saved to the startup-configuration.
www.dell.com | support.dell.com To change the default storage location: Task Command Syntax Command Mode Change the default directory. cd directory EXEC Privilege In the example below, the default storage location is changed to the external Flash of the primary RPM. File management commands then apply to the external Flash rather than the internal Flash.
4 Management Management is supported on platforms: ecs This chapter explains the different protocols or services used to manage the Dell Force10 system including: • • • • • • • Configure Privilege Levels Configure Logging File Transfer Services Terminal Lines Lock CONFIGURATION mode Recovering from a Forgotten Password on the S4810 Recovering from a Failed Start on the S4810 Configure Privilege Levels Privilege levels restrict access to commands based on user or terminal line.
www.dell.com | support.dell.com Removing a command from EXEC mode Remove a command from the list of available commands in EXEC mode for a specific privilege level using the command privilege exec from CONFIGURATION mode. In the command, specify a level greater than the level given to a user or terminal line, followed by the first keyword of each command to be restricted.
Task Command Syntax Allow access to INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode. Specify all keywords in the command. privilege configure level level {interface | line | route-map | router} {command-keyword ||...|| command-keyword} Allow access to a CONFIGURATION, INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode command. privilege {configure |interface | line | route-map | router} level level {command ||...
www.dell.com | support.dell.
To disable logging: Task Command Syntax Command Mode Disable all logging except on the console. no logging on CONFIGURATION Disable logging to the logging buffer. no logging buffer CONFIGURATION Disable logging to terminal lines. no logging monitor CONFIGURATION Disable console logging. no logging console CONFIGURATION Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer.
www.dell.com | support.dell.com Send System Messages to a Syslog Server Send system messages to a syslog server by specifying the server with the following command: Task Command Syntax Command Mode Specify the server to which you want to send system messages. You can configure up to eight syslog servers. logging {ip-address | hostname} CONFIGURATION Configure a Unix System as a Syslog Server Configure a UNIX system as a syslog server by adding the following lines to /etc/syslog.
Task Command Syntax Command Mode Specify the number of messages that FTOS saves to its logging history table. logging history size size CONFIGURATION To change one of the settings for logging system messages, use any or all of the following commands in the CONFIGURATION mode: To view the logging buffer and configuration, use the show logging command in the EXEC privilege mode as shown in the example for Display the Logging Buffer and the Logging Configuration.
www.dell.com | support.dell.com %IFMGR-5-CSTATE_UP: changed interface Physical state to up: So 12/8 %IFMGR-5-CSTATE_DN: changed interface Physical state to down: So 12/8 To view any changes made, use the show running-config logging command in the EXEC privilege mode as shown in the example for Configure a UNIX logging facility level. Configure a UNIX logging facility level You can save system log messages with a UNIX system logging facility.
logging facility user logging source-interface Loopback 0 logging 10.10.10.4 FTOS# Synchronize log messages You can configure FTOS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.
www.dell.com | support.dell.com To have FTOS include a timestamp with the syslog message, use the following command syntax in the CONFIGURATION mode: Command Syntax Command Mode Purpose service timestamps [log | debug] [datetime [localtime] [msec] [show-timezone] | uptime] CONFIGURATION Add timestamp to syslog messages. Specify the following optional parameters: • datetime: You can add the keyword localtime to include the localtime, msec, and show-timezone.
! ftp-server enable ftp-server username nairobi password 0 zanzibar FTOS# Configure FTP server parameters After the FTP server is enabled on the system, you can configure different parameters. To configure FTP server parameters, use any or all of the following commands in the CONFIGURATION mode: Command Syntax Command Mode Purpose ftp-server topdir dir CONFIGURATION Specify the directory for users using FTP to reach the system. The default is the internal flash directory.
www.dell.com | support.dell.com Configure FTP client parameters To configure FTP client parameters, use the following commands in the CONFIGURATION mode: Command Syntax Command Mode Purpose ip ftp source-interface interface CONFIGURATION Enter the following keywords and slot/port or number information: • For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information.
To apply an IP ACL to a line: Task Command Syntax Command Mode Apply an ACL to a VTY line. ip access-class access-list LINE To view the configuration, enter the show config command in the LINE mode, as shown in the example below. FTOS(config-std-nacl)#show config ! ip access-list standard myvtyacl seq 5 permit host 10.11.0.1 FTOS(config-std-nacl)#line vty 0 FTOS(config-line-vty)#show config line vty 0 access-class myvtyacl FTOS Behavior: Prior to FTOS version 7.4.2.
www.dell.com | support.dell.com To configure authentication for a terminal line: Step Task Command Syntax Command Mode 1 Create an authentication method list. You may use a mnemonic name or use the keyword default. The default authentication method for terminal lines is local, and the default method list is empty. aaa authentication login {method-list-name | default} [method-1] [method-2] [method-3] [method-4] [method-5] [method-6] 2 Apply the method list from Step 1 to a terminal line.
View the configuration using the command show config from LINE mode. FTOS(conf)#line con 0 FTOS(config-line-console)#exec-timeout 0 FTOS(config-line-console)#show config line console 0 exec-timeout 0 0 FTOS(config-line-console)# Telnet to Another Network Device To telnet to another device: Task Command Syntax Telnet to the peer RPM. You do not need to configure the management port on the peer RPM to be able to telnet to it. telnet-peer-rpm Telnet to a device with an IPv4 or IPv6 address.
www.dell.com | support.dell.com • Set a manual lock using the command configure terminal lock from CONFIGURATION mode. When you configure a manual lock, which is the default, you must enter this command time you want to enter CONFIGURATION mode and deny access to others. FTOS(conf)#configuration mode exclusive auto BATMAN(conf)#exit 3d23h35m: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by console FTOS#config ! Locks configuration mode exclusively.
Recovering from a Forgotten Password on the S4810 If you configure authentication for the console and you exit out of EXEC mode or your console session times out, you are prompted for a password to re-enter. If you forget your password: Step Task Command Syntax Command Mode 1 Log onto the system via console. 2 Power-cycle the chassis by switching off all of the power modules and then switching them back on. 3 Hit any key to abort the boot process.
www.dell.com | support.dell.com Step Task Command Syntax Command Mode 4 Set the system parameters to ignore the enable password when the system reloads. setenv enablepwdignore true uBoot 5 Reload the system. reset uBoot 6 Configure a new enable password. enable {secret | password} CONFIGURATION 7 Save the running-config to the startup-config.
5 802.1ag 802.1ag is available only on platform: s Ethernet Operations, Administration, and Maintenance (OAM) is a set of tools used to install, monitor, troubleshoot and manage Ethernet infrastructure deployments. Ethernet OAM consists of three main areas: 1. Service Layer OAM: IEEE 802.1ag Connectivity Fault Management (CFM) 2. Link Layer OAM: IEEE 802.3ah OAM 3.
www.dell.com | support.dell.com There is a need for Layer 2 equivalents to manage and troubleshoot native Layer 2 Ethernet networks. With these tools, you can identify, isolate, and repair faults quickly and easily, which reduces operational cost of running the network. OAM also increases availability and reduces mean time to recovery, which allows for tighter service level agreements, resulting in increased revenue for the service provider.
These roles define the relationships between all devices so that each device can monitor the layers under its responsibility. Maintenance points drop all lower-level frames and forward all higher-level frames.
www.dell.com | support.dell.com Implementation Information • Since the S-Series has a single MAC address for all physical/LAG interfaces, only one MEP is allowed per MA (per VLAN or per MD level). Configure CFM Configuring CFM is a five-step process: 1. Configure the ecfmacl CAM region using the cam-acl command. Refer to Configure Ingress Layer 2 ACL Sub-partitions. 2. Enable Ethernet CFM. 3. Create a Maintenance Domain. 4. Create a Maintenance Association. 5. Create Maintenance Points. 6.
Enable Ethernet CFM Task Command Syntax Command Mode Spawn the CFM process. No CFM configuration is allowed until the CFM process is spawned. ethernet cfm CONFIGURATION Disable Ethernet CFM without stopping the CFM process. disable ETHERNET CFM Create a Maintenance Domain Connectivity Fault Management (CFM) divides a network into hierarchical maintenance domains, as shown in the illustration in Maintenance Domains. Step 1 Task Command Syntax Command Mode Create maintenance domain.
www.dell.com | support.dell.com Create Maintenance Points Domains are comprised of logical entities called Maintenance Points. A maintenance point is a interface demarcation that confines CFM frames to a domain. There are two types of maintenance points: • • Maintenance End Points (MEPs): a logical entity that marks the end-point of a domain Maintenance Intermediate Points (MIPs): a logical entity configured at a port of a switch that constitutes intermediate points of an Maintenance Entity (ME).
Create a Maintenance Intermediate Point Maintenance Intermediate Point (MIP) is a logical entity configured at a port of a switch that constitutes intermediate points of an Maintenance Entity (ME). An ME is a point-to-point relationship between two MEPs within a single domain. An MIP is not associated with any MA or service instance, and it belongs to the entire MD. Task Command Syntax Command Mode Create an MIP.
www.dell.com | support.dell.com MP Database Persistence Task Command Syntax Command Mode Set the amount of time that data from a missing MEP is kept in the Continuity Check Database.
4. Reception of a CCM with an MD level lower than that of the receiving MEP, which indicates a configuration or cross-connect error. 5. Reception of a CCM containing a port status/interface status TLV, which indicates a failed bridge or aggregated port. The Continuity Check protocol sends fault notifications (Syslogs, and SNMP traps if enabled) whenever any of the above errors are encountered. Enable CCM Step 1 Task Command Syntax Command Mode Enable CCM.
www.dell.com | support.dell.com Linktrace Message and Response Linktrace Message and Response (LTM, LTR), also called Layer 2 Traceroute, is an administratively sent multicast frames transmitted by MEPs to track, hop-by-hop, the path to another MEP or MIP within the maintenance domain. All MEPs and MIPs in the same domain respond to an LTM with a unicast LTR. Intermediate MIPs forward the LTM toward the target MEP.
Task Command Syntax Command Mode Set the size of the Link Trace Cache. traceroute cache size entries ETHERNET CFM Default: 100 Range: 1 - 4095 entries show ethernet cfm traceroute-cache Display the Link Trace Cache.
www.dell.com | support.dell.com Three values are giving within the trap messages: MD Index, MA Index, and MPID. You can reference these values against the output of show ethernet cfm domain and show ethernet cfm maintenance-points local mep.
Task Command Syntax Command Mode FTOS#show ethernet cfm port-statistics interface gigabitethernet 0/5 Port statistics for port: Gi 0/5 ================================== RX Statistics ============= Total CFM Pkts 75394 CCM Pkts 75394 LBM Pkts 0 LTM Pkts 0 LBR Pkts 0 LTR Pkts 0 Bad CFM Pkts 0 CFM Pkts Discarded 0 CFM Pkts forwarded 102417 TX Statistics ============= Total CFM Pkts 10303 CCM Pkts 0 LBM Pkts 0 LTM Pkts 3 LBR Pkts 0 LTR Pkts 0 802.
| 802.1ag www.dell.com | support.dell.
6 802.1X 802.1X is supported on platforms: ecs Protocol Overview 802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). This feature is named for its IEEE specification. 802.
www.dell.com | support.dell.
1. When the authenticator senses a link state change, it requests that the supplicant identify itself using an EAP Identity Request Frame. 2. The supplicant responds with its identity in an EAP Response Identity frame. 3. The authenticator decapsulates the EAP Response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame, and forwards the frame to the authentication server. 4. The authentication server replies with an Access-Challenge.
www.dell.com | support.dell.com Code Identifier Length Range: 1-4 Codes: 1: Access-Request 2: Access-Accept 3: Access-Reject 11: Access-Challenge Message-Authenticator Attribute Type (79) EAP-Message Attribute Length EAP-Method Data (Supplicant Requested Credentials) fnC0034mp RADIUS Attributes for 802.1 Support Dell Force10 systems includes the following RADIUS attributes in all 802.
Important Points to Remember • • • • FTOS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. All platforms support only RADIUS as the authentication server. If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured. 802.1X is not supported on port-channels or port-channel members. Enabling 802.1X 802.1X must be enabled globally. To enable 802.
www.dell.com | support.dell.com no shutdown ! FTOS# View 802.1X configuration information for an interface using the command show dot1x interface, as shown in the example below. FTOS#show dot1x interface TenGigabitEthernet 2/1 802.
To configure a maximum number of Request Identity re-transmissions: Step 1 Task Command Syntax Command Mode Configure a maximum number of times that a Request Identity frame can be re-transmitted by the authenticator.
www.dell.com | support.dell.com Re-Auth Interval: Max-EAP-Req: Auth Type: 3600 seconds 10 SINGLE_HOST Auth PAE State: Backend State: Initialize Initialize Forcibly Authorizing or Unauthorizing a Port IEEE 802.1X requires that a port can be manually placed into any of three states: • ForceAuthorized is an authorized state. A device connected to this port in this state is never subjected to the authentication process, but is allowed to communicate on the network.
Auth PAE State: Backend State: Initialize Initialize Re-authenticating a Port Periodic Re-authentication After the supplicant has been authenticated, and the port has been authorized, the authenticator can be configured to re-authenticates the supplicant periodically. If re-authentication is enabled, the supplicant is required to re-authenticate every 3600 seconds, but this interval can be configured. A maximum number of re-authentications can be configured as well.
www.dell.com | support.dell.com Backend State: Initialize Configuring Timeouts If the supplicant or the authentication server is unresponsive, the authenticator terminates the authentication process after 30 seconds by default. This amount of time that the authenticator waits for a response can be configured. To terminate the authentication process due to an unresponsive supplicant: Step 1 Task Command Syntax Command Mode Terminate the authentication process due to an unresponsive supplicant.
Backend State: Initialize Dynamic VLAN Assignment with Port Authentication FTOS supports dynamic VLAN assignment when using 802.1X. The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID.
www.dell.com | support.dell.com The illustration below shows the configuration on the Dell Force10 system before connecting the end-user device in black and blue text, and after connecting the device in red text. The blue text corresponds to the preceding numbered steps on dynamic VLAN assignment with 802.1X. Guest and Authentication-fail VLANs Typically, the authenticator (Dell Force10 system) denies the supplicant access to the network until the supplicant is authenticated.
• • If the supplicant fails authentication a specified number of times, the authenticator places the port in the Authentication-fail VLAN. If a port is already forwarding on the Guest VLAN when 802.1X is enabled, then the port is moved out of the Guest VLAN, and the authentication process begins. Configuring a Guest VLAN If the supplicant does not respond within a determined amount of time ([reauth-max + 1] * tx-period, (refer to Configuring Timeouts) the system assumes that the host does not have 802.
www.dell.com | support.dell.com switchport dot1x authentication dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no shutdown FTOS(conf-if-Te-2/1)# View your configuration using the command show config from INTERFACE mode, as shown in the example in Configuring a Guest VLAN, or using the command show dot1x interface command from EXEC Privilege mode as shown in the example below.
7 Access Control Lists (ACLs) This chapter describes the Access Control Lists (ACLs), prefix lists, and route-maps. ecs Ingress IP and MAC ACLs are supported on platforms: e c s Egress IP and MAC ACLs are supported on platforms: e s Access Control Lists (ACLs) are supported on platforms: Overview At their simplest, Access Control Lists (ACLs), Prefix lists, and Route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter discusses implementing IP ACLs, IP Prefix lists and Route-maps.
www.dell.com | support.dell.com • • • • Configuring ACLs to Loopback • Applying an ACL on Loopback Interfaces IP Prefix Lists ACL Resequencing Route Maps IP Access Control Lists (ACLs) In the Dell Force10 switch/routers, you can create two different types of IP ACLs: standard or extended. A standard ACL filters packets based on the source IP packet.
CAM Profiling CAM optimization is supported on platforms et The default CAM profile has 1K Layer 2 ingress ACL entries. If you need more memory for Layer 2 ingress ACLs, select the profile l2-ipv4-inacl. When budgeting your CAM allocations for ACLs and QoS configurations, remember that ACL and QoS rules might consume more than one CAM entry depending on complexity. For example, TCP and UDP rules with port range options might require more than one CAM entry.
www.dell.com | support.dell.com • • • • L2 ACL(l2acl): 5 IPv6 L3 ACL (ipv6acl): 0 L3 QoS (ipv4qos): 1 L2 QoS (l2qos): 1 The ipv6acl allocation must be entered as a factor of 2 (2, 4, 6, 8, 10). All other profile allocations can use either even or odd numbered ranges. You must save the new CAM settings to the startup-config (write-mem or copy run start) then reload the system for the new settings to take effect.
Implementing ACLs on FTOS One IP ACL can be assigned per interface with FTOS. If an IP ACL is not assigned to an interface, it is not used by the software in any other capacity. The number of entries allowed per ACL is hardware-dependent. Refer to your line card documentation for detailed specification on entries allowed per ACL. If counters are enabled on IP ACL rules that are already configured, those counters are reset when a new rule is inserted or prepended.
www.dell.com | support.dell.com ACLs acl1 and acl2 have overlapping rules because the address range 20.1.1.0/24 is within 20.0.0.0/8. Therefore, (without the keyword order) packets within the range 20.1.1.0/24 match positive against cmap1 and are buffered in queue 7, though you intended for these packets to match positive against cmap2 and be buffered in queue 4.
IP fragments ACL examples The following configuration permits all packets (both fragmented & non-fragmented) with destination IP 10.1.1.1. The second rule does not get hit at all. FTOS(conf)#ip access-list extended ABC FTOS(conf-ext-nacl)#permit ip any 10.1.1.1/32 FTOS(conf-ext-nacl)#deny ip any 10.1.1.1./32 fragments FTOS(conf-ext-nacl) To deny second/subsequent fragments, use the same rules in a different order. These ACLs deny all second & subsequent fragments with destination IP 10.1.1.
www.dell.com | support.dell.com Note the following when configuring ACLs with the fragments keyword. When an ACL filters packets it looks at the Fragment Offset (FO) to determine whether or not it is a fragment. • • FO = 0 means it is either the first fragment or the packet is a non-fragment. FO > 0 means it is dealing with the fragments of the original packet.
When you use the log keyword, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets’ details. To view the rules of a particular ACL configured on a particular interface, use the show ip accounting access-list ACL-name interface interface command in EXEC Privilege mode as shown in the example below.
www.dell.com | support.dell.com When you use the log keyword, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets’ details. The example below illustrates a standard IP ACL in which the sequence numbers were assigned by the FTOS.
Configure filters with sequence number To create a filter for packets with a specified sequence number, use these commands in the following sequence, starting in the CONFIGURATION mode: Step 1 Command Syntax Command Mode Purpose ip access-list extended access-list-name CONFIGURATION Enter the IP ACCESS LIST mode by creating an extended IP ACL. CONFIG-EXT-NACL Configure a drop or forward filter. • log and monitor options are supported on E-Series only.
www.dell.com | support.dell.com UDP packets: To create a filter for UDP packets with a specified sequence number, use these commands in the following sequence, starting in the CONFIGURATION mode: Step 1 Command Syntax Command Mode Purpose ip access-list extended CONFIGURATION Create a extended IP ACL and assign it a unique name. CONFIG-EXT-NACL Configure an extended IP ACL filter for UDP packets. • log and monitor options are supported on E-Series only.
To configure a filter for an extended IP ACL without a specified sequence number, use any or all of the following commands in the IP ACCESS LIST mode: Command Syntax Command Mode Purpose {deny | permit} {source mask | any | host ip-address} [count [byte] | log ] [order] [monitor] [fragments] CONFIG-EXT-NACL Configure a deny or permit filter to examine IP packets. • log and monitor options are supported on E-Series only.
www.dell.com | support.dell.com Configuring Layer 2 and Layer 3 ACLs on an Interface Both Layer 2 and Layer 3 ACLs may be configured on an interface in Layer 2 mode. If both L2 and L3 ACLs are applied to an interface, the following rules apply: • • • The packets routed by FTOS are governed by the L3 ACL only, since they are not filtered against an L2 ACL. The packets switched by FTOS are first filtered by the L3 ACL, then by the L2 ACL.
The same ACL may be applied to different interfaces and that changes its functionality. For example, you can take ACL “ABCD”, and apply it using the in keyword and it becomes an ingress access list. If you apply the same ACL using the out keyword, it becomes an egress access list. If you apply the same ACL to the loopback interface, it becomes a loopback access list.
www.dell.com | support.dell.com You can view the number of packets matching the ACL by using the count option when creating ACL entries. E-Series supports packet and byte counts simultaneously. C-Series and S-Series support only one at any given time. To view the number of packets matching an ACL that is applied to an interface: Step Task 1 Create an ACL that uses rules with the count option. See Configure a standard IP ACL 2 Apply the ACL as an inbound or outbound ACL on an interface.
Egress ACLs are applied to line cards and affect the traffic leaving the system. Configuring egress ACLs onto physical interfaces protects the system infrastructure from attack—malicious and incidental—by explicitly allowing only authorized traffic.These system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target traffic, it is a simpler implementation. An egress ACL is used when users would like to restrict egress traffic.
www.dell.com | support.dell.com Task Command Syntax Command Mode Create a Layer 3 ACL using permit rules with the count option to describe the desired CPU traffic permit ip {source mask | any | host ip-address} {destination mask | any | host ip-address} count CONFIG-NACL Note: The ip control-plane [egress filter] and the ipv6 control-plane [egress filter] commands are not supported on S4810 systems.
To apply an ACL (standard or extended) for loopback, use these commands in the following sequence: Step Command Syntax Command Mode Purpose interface loopback 0 CONFIGURATION Only loopback 0 is supported for the loopback ACL. 2 ip access-list [standard | extended] name CONFIGURATION Apply rules to the new ACL. 3 ip access-group name in INTERFACE Apply an ACL to traffic entering loopback.
www.dell.com | support.dell.com IP prefix lists control routing policy. An IP prefix list is a series of sequential filters that contain a matching criterion (examine IP route prefix) and an action (permit or deny) to process routes. The filters are processed in sequence so that if a route prefix does not match the criterion in the first filter, the second filter (if configured) is applied. When the route prefix matches a filter, FTOS drops or forwards the packet based on the filter’s designated action.
For a complete listing of all commands related to prefix lists, refer to the FTOS Command Line Interface Reference document. Configure a prefix list To configure a prefix list, use these commands in the following sequence, starting in the CONFIGURATION mode: Step 1 2 Command Syntax Command Mode Purpose ip prefix-list prefix-name CONFIGURATION Create a prefix list and assign it a unique name. You are in the PREFIX LIST mode.
www.dell.com | support.dell.com To configure a filter without a specified sequence number, use these commands in the following sequence starting in the CONFIGURATION mode: Step 1 2 Command Syntax Command Mode Purpose ip prefix-list prefix-name CONFIGURATION Create a prefix list and assign it a unique name. {deny | permit} ip-prefix [ge min-prefix-length] [le max-prefix-length] CONFIG-NPREFIXL Create a prefix list filter with a deny or permit action.
FTOS> FTOS>show ip prefix summary Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 ip prefix-list filter_ospf: count: 4, range entries: 1, sequences: 5 - 10 FTOS> Use a prefix list for route redistribution To pass traffic through a configured prefix list, you must use the prefix list in a route redistribution command.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose distribute-list prefix-list-name out [connected | rip | static] CONFIG-ROUTER-OSPF Apply a configured prefix list to incoming routes. You can specify which type of routes are affected. If you enter the name of a non-existent prefix list, all routes are forwarded. To view the configuration, use the show config command in the ROUTER OSPF mode as shown in the example below or the show running-config ospf command in the EXEC mode.
Table 7-11. ACL Resequencing Example (Resequenced) seq 5 permit any host 1.1.1.1 seq 10 permit any host 1.1.1.2 seq 15 permit any host 1.1.1.3 seq 20 permit any host 1.1.1.4 Resequencing an ACL or Prefix List Resequencing is available for IPv4 and IPv6 ACLs and prefix lists and MAC ACLs. To resequence an ACL or prefix list use the appropriate command in Table 7-12. You must specify the list name, starting number, and increment when using these commands. Table 7-12.
www.dell.com | support.dell.com Remarks and rules that originally have the same sequence number have the same sequence number after the resequence command is applied. Remarks that do not have a corresponding rule will be incremented as as a rule. These two mechanisms allow remarks to retain their original position in the list. For example, in the following example, remark 10 corresponds to rule 10 and as such, they have the same number before and after the command is entered.
The FTOS implementation of route maps allows route maps with no match command or no set command. When there is no match command, all traffic matches the route map and the set command applies. Important Points to Remember • • • For route-maps with more than one match clause: • Two or more match clauses within the same route-map sequence have the same match commands (though the values are different), matching a packet against these clauses is a logical OR operation.
www.dell.com | support.dell.com The default action is permit and the default sequence number starts at 10. When the keyword deny is used in configuring a route map, routes that meet the match filters are not redistributed. To view the configuration, use the show config command in the ROUTE-MAP mode as shown in the example below.
Configure route map filters Within the ROUTE-MAP mode, there are match and set commands. Basically, match commands search for a certain criterion in the routes and the set commands change the characteristics of those routes, either adding something or specifying a level. When there are multiple match commands of the same parameter under one instance of route-map, then FTOS does a match between either of those match commands.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose match community CONFIG-ROUTE-MAP Match routes with COMMUNITY list attributes in their path. CONFIG-ROUTE-MAP Match routes whose next hop is a specific interface. The parameters are: • For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/ port information. • For a 1-Gigabit Ethernet interface, enter the keyword gigabitEthernet followed by the slot/port information.
Command Syntax Command Mode Purpose match route-type {external [type-1 | type-2] | internal | level-1 | level-2 | local } CONFIG-ROUTE-MAP Match routes specified as internal or external to OSPF, ISIS level-1, ISIS level-2, or locally generated. match tag tag-value CONFIG-ROUTE-MAP Match routes with a specific tag. To configure a set condition, use any or all of the following commands in the ROUTE-MAP mode: Command Syntax Command Mode Purpose set as-path prepend as-number [...
www.dell.com | support.dell.com Route redistribution occurs when FTOS learns the advertising routes from static or directly connected routes or another routing protocol. Different protocols assign different values to redistributed routes to identify either the routes and their origins. The metric value is the most common attribute that is changed to properly redistribute other routes into a routing protocol.
Continue clause Normally, when a match is found, set clauses are executed, and the packet is then forwarded; no more route-map modules are processed. If the continue command is configured at the end of a module, the next module (or a specified module) is processed even after a match is found. The following example shows a continue clause at the end of a route-map module. In this example, if a match is found in the route-map “test” module 10, module 30 will be processed.
www.dell.com | support.dell.
8 Bidirectional Forwarding Detection (BFD) Bidirectional Forwarding Detection (BFD) is supported only on platforms: e c Protocol Overview Bidirectional Forwarding Detection (BFD) is a protocol that is used to rapidly detect communication failures between two adjacent systems. It is a simple and lightweight replacement for existing routing protocol link state detection mechanisms. It also provides a failure detection solution for links on which no routing protocol is used. BFD is a simple hello mechanism.
www.dell.com | support.dell.com How BFD Works Two neighboring systems running BFD establish a session using a three-way handshake. After the session has been established, the systems exchange control packets at agreed upon intervals. In addition, systems send a control packet anytime there is a state change or change in a session parameter; these control packets are sent without regard to transmit and receive intervals. Note: FTOS does not support multi-hop BFD sessions.
Version (4) IHL TOS Total Length Preamble Flags Start Frame Delimiter Frag Offset Destination MAC TTL (255) Source MAC Protocol Ethernet Type (0x888e) Header Checksum Version (1) State Range: 3784 Source Port Options Diag Code Dest IP Addr Padding Checksum UDP Packet Detect Mult My Discriminator Your Discriminator Random number generated by remote system to identify a session Required Min RX Interval Required Min Echo RX Interval Auth Type The minimum interval between Echo pac
www.dell.com | support.dell.com Table 8-13. BFD Packet Fields Field Description Diagnostic Code The reason that the last session failed. State The current local session state. See BFD sessions. Flag A bit that indicates packet function. If the poll bit is set, the receiving system must respond as soon as possible, without regard to its transmit interval. The responding system clears the poll bit and sets the final bit in its response.
• • Active—The active system initiates the BFD session. Both systems can be active for the same session. Passive—The passive system does not initiate a session. It only responds to a request for session initialization from the active system. A BFD session has two modes: • • Asynchronous mode—In Asynchronous mode, both systems send periodic control messages at an agreed upon interval to indicate that their session status is Up.
www.dell.com | support.dell.com 4. The passive system receives the control packet, changes its state to Up. Both systems agree that a session has been established. However, since both members must send a control packet—that requires a response—anytime there is a state change or change in a session parameter, the passive system sends a final response indicating the state change. After this, periodic control packets are exchanged.
Important Points to Remember • • • • • • • BFD for line card ports is hitless, but is not hitless for VLANs since they are instantiated on the RPM. FTOS supports a maximum of 100 sessions per BFD agent on C-Series and E-Series. Each linecard processor has a BFD Agent, so the limit translates to 100 BFD sessions per linecard (plus, on the E-Series, 100 BFD sessions on RP2, which handles LAG and VLANs).
www.dell.com | support.dell.com 2. Establish a session with a next-hop neighbor. Related configuration tasks • • Viewing physical port session parameters. Disabling and re-enabling BFD. Enabling BFD globally BFD must be enabled globally on both routers, as shown in the illustration in Establishing a session on physical ports. To enable BFD globally: Step 1 Task Command Syntax Command Mode Enable BFD globally.
To establish a session: Step Task Command Syntax Command Mode 1 Enter interface mode interface CONFIGURATION 2 Assign an IP address to the interface if one is not already assigned. ip address ip-address INTERFACE Verify that the session is established using the command show bfd neighbors, as shown in the example below. R1(conf-if-gi-4/24)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr * 2.2.2.1 RemoteAddr 2.2.2.
www.dell.com | support.dell.com When both interfaces are configured for BFD, log messages are displayed indicating state changes, as shown in Message 2. Message 2 BFD Session State Changes R1(conf-if-gi-4/24)#00:36:01: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.2 on interface Gi 4/24 (diag: 0) 00:36:02: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Up for neighbor 2.2.2.
To disable BFD on an interface: Step 1 Task Command Syntax Command Mode Disable BFD on an interface. no bfd enable INTERFACE Message 3 Disabling BFD on a Local Interface R1(conf-if-gi-4/24)#01:00:52: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Ad Dn for neighbor 2.2.2.2 on interface Gi 4/24 (diag: 0) Message 4 Remote System State Change due to Local State Admin Down R2>01:32:53: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.
www.dell.com | support.dell.com Establishing sessions for static routes Sessions are established for all neighbors that are the next hop of a static route. FTOS(config)# interface gigabitethernet 2/2 FTOS(conf-if-gi-2/2)# ip address 2.2.3.1/24 FTOS(conf-if-gi-2/2)# no shutdown FTOS(config)# interface gigabitethernet 2/1 FTOS(conf-if-gi-2/1)# ip address 2.2.2.2/24 FTOS(conf-if-gi-2/1)# no shutdown FTOS(conf-if-gi-2/1)# bfd neighbor 2.2.2.1 R1 R3 R2 4/24 2/2 2/1 2.2.2.1/24 2.2.2.
To change parameters for static route sessions: Step 1 Task Command Syntax Command Mode Change parameters for all static route sessions. ip route bfd interval milliseconds min_rx milliseconds multiplier value role [active | passive] CONFIGURATION View session parameters using the command show bfd neighbors detail, as shown in the example in Verifying BFD sessions with BGP neighbors using show bfd neighbors detail.
www.dell.com | support.dell.com FTOS(conf-if-gi-2/1)# ip address 2.2.2.2/24 FTOS(conf-if-gi-2/1)# no shutdown FTOS(conf-if-gi-2/1)# exit FTOS(config)# router ospf 1 FTOS(config-router_ospf )# network 2.2.2.0/24 area 0 FTOS(config-router_ospf )# bfd all-neighbors FTOS(conf-if-gi-2/2)# ip address 2.2.3.1/24 FTOS(conf-if-gi-2/2)# no shutdown FTOS(conf-if-gi-2/2)# exit FTOS(config)# router ospf 1 FTOS(config-router_ospf )# network 2.2.3.
Changing OSPF session parameters BFD sessions are configured with default intervals and a default role. The parameters that can be configured are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role. These parameters are configured for all OSPF sessions or all OSPF sessions on a particular interface; if you change a parameter globally, the change affects all OSPF neighbors sessions.
www.dell.com | support.dell.com Configuring BFD for IS-IS BFD for IS-IS is supported on platforms: e When using BFD with IS-IS, the IS-IS protocol registers with the BFD manager on the RPM. BFD sessions are then established with all neighboring interfaces participating in IS-IS. If a neighboring interface fails, the BFD agent on the line card notifies the BFD manager, which in turn notifies the IS-IS protocol that a link state change occurred. Configuring BFD for IS-IS is a two-step process: 1.
To establish BFD with all IS-IS neighbors out of a single interface: Step 1 Task Command Syntax Command Mode Establish sessions with all IS-IS neighbors out of an interface. isis bfd all-neighbors INTERFACE View the established sessions using the command show bfd neighbors, as shown in Figure 8-3. Figure 8-3.
www.dell.com | support.dell.com View session parameters using the command show bfd neighbors detail. Disabling BFD for IS-IS If BFD is disabled globally, all sessions are torn down, and sessions on the remote system are placed in a Down state. If BFD is disabled on an interface, sessions on the interface are torn down, and sessions on the remote system are placed in a Down state (Message 4).
For example, the following illustration shows a sample BFD configuration on Router 1 and Router 2 that use eBGP in a transit network to interconnect AS1 and AS2. The eBGP routers exchange information with each other as well as with iBGP routers to maintain connectivity and accessibility within each autonomous system. Interior BGP Interior BGP Router 1 2/2 2.2.4.2 Router 2 1/1 2.2.4.3 Exterior BGP AS 1 FTOS(conf )# bfd enable FTOS(conf )# router bgp 1 FTOS(conf-router-bgp)# neighbor 2.2.4.
www.dell.com | support.dell.com As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up and BGP maintains its adjacencies. If a BFD for BGP neighbor does not receive a control packet within the detection interval, the router informs any clients of the BFD session (other routing protocols) about the failure.
To remove the disabled state of a BFD for BGP session with a specified neighbor, enter the no neighbor {ip-address | peer-group-name} bfd disable command in ROUTER BGP configuration mode. The BGP link with the neighbor returns to normal operation and uses the BFD session parameters globally configured with the bfd all-neighbors command or configured for the peer group to which the neighbor belongs.
www.dell.com | support.dell.com Verifying a BFD for BGP Configuration R2# show running-config bgp ! router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor 3.3.3.
Local MAC Addr: 00:01:e8:66:da:34 Remote Addr: 2.2.2.
www.dell.com | support.dell.com Neighbor AS 1.1.1.2 2.2.2.2 3.3.3.2 1 1 1 MsgRcvd MsgSent TblVer InQ 282 273 282 281 273 281 0 0 0 0 0 0 OutQ Up/Down 0 00:38:12 (0) 04:32:26 0 00:38:12 State/Pfx 0 0 0 Displaying Routing Sessions with BGP neighbors R2# show ip bgp neighbors 2.2.2.2 BGP neighbor is 2.2.2.2, remote AS 1, external link BGP version 4, remote router ID 12.0.0.
BGP version 4, remote router ID 12.0.0.4 BGP state ESTABLISHED, in this state for 00:05:33 ... Neighbor is using BGP peer-group mode BFD configuration Peer active in peer-group outbound optimization ... Configuring BFD for VRRP BFD for VRRP is only supported on platforms: ec When using BFD with VRRP, the VRRP protocol registers with the BFD manager on the RPM. BFD sessions are established with all neighboring interfaces participating in VRRP.
www.dell.com | support.dell.com VIRTUAL IP Address: 2.2.5.4 R1: BACKUP R2: MASTER 2/3 4/25 FTOS(config-if-range-gi-4/25)# ip address 2.2.5.1/24 FTOS(config-if-range-gi-4/25)# no shutdown FTOS(config-if-range-gi-4/25)# vrrp-group 1 FTOS(config-if-range-gi-4/25)# virtual-address 2.2.5.4 FTOS(config-if-range-gi-4/25)# vrrp bfd all-neighbors FTOS(config-if-range-gi-4/25)# vrrp bfd neighbor 2.2.5.2 IP Address: 2.2.5.3 Gateway: 2.2.5.1 FTOS(conf-if-gi-2/3)#ip address 2.2.5.
I O R V - ISIS OSPF Static Route (RTM) VRRP LocalAddr * 2.2.5.1 RemoteAddr 2.2.5.2 Interface State Rx-int Tx-int Mult Clients Gi 4/25 Down 1000 1000 3 V Session state information is also shown in the show vrrp command output, as shown in the following example. R1(conf-if-gi-4/25)#do show vrrp -----------------GigabitEthernet 4/1, VRID: 1, Net: 2.2.5.1 State: Backup, Priority: 1, Master: 2.2.5.
www.dell.com | support.dell.com Disabling BFD for VRRP If any or all VRRP sessions are disabled, the sessions are torn down. A final Admin Down control packet is sent to all neighbors and sessions on the remote system change to the Down state (Message 4). To disable all VRRP sessions on an interface: Step 1 Task Command Syntax Command Mode Disable all VRRP sessions on an interface.
Establishing sessions with VLAN neighbors To establish a session, BFD must be enabled at interface level on both ends of the link, as shown in the illustration below. The session parameters do not need to match. R1 R2 VLAN 200 4/25 2/3 FTOS(config-if-gi-4/25)# switchport FTOS(config-if-gi-4/25)# no shutdown FTOS(config-if-gi-4/25)# interface vlan 200 FTOS(config-if-vl-200)# ip address 2.2.3.
www.dell.com | support.dell.com Related configuration tasks • Disabling BFD for port-channels. Establishing sessions on port-channels To establish a session, BFD must be enabled at interface level on both ends of the link, as shown in the example below. The session parameters do not need to match.
To enable Protocol Liveness: Step 1 Task Command Syntax Command Mode Enable Protocol Liveness bfd protocol-liveness CONFIGURATION Troubleshooting BFD Examine control packet field values using the command debug bfd detail. The following example shows a three-way handshake using this command. R1(conf-if-gi-4/24)#00:54:38: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.2 on interface Gi 4/24 (diag: 0) 00:54:38 : Sent packet for session with neighbor 2.2.2.
www.dell.com | support.dell.
9 Border Gateway Protocol IPv4 (BGPv4) Border Gateway Protocol IPv4 (BGPv4) version 4 (BGPv4) is supported on platforms: e c s Platforms support BGP according to the following table: FTOS version Platform support 8.3.11.1 Z9000 8.3.7.0 S4810 8.1.1.0 E-Series ExaScale ex 7.8.1.0 S-Series 7.7.1.0. C-Series pre-7.7.1.
www.dell.com | support.dell.
A stub AS is one that is connected to only one other AS. A transit AS is one that provides connections through itself to separate networks. For example as seen in the illustration below, Router 1 can use Router 2 (the transit AS) to connect to Router 4. ISPs are always transit ASs, because they provide connections from one network to another. The ISP is considered to be “selling transit service” to the customer network, so thus the term Transit AS.
www.dell.com | support.dell.com 4 Routers 6 Routers 8 Routers The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor. Establishing a session Information exchange between peers is driven by events and timers.
In order to make decisions in its operations with other BGP peers, a BGP peer uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established. For each peer-to-peer session, a BGP implementation tracks which of these six states the session is in. The BGP protocol defines the messages that each peer should exchange in order to change the session from one state to another. The first state is the Idle mode.
www.dell.com | support.dell.com • • If a route was received from a nonclient peer, reflect the route to all client peers. If the route was received from a client peer, reflect the route to all nonclient and all client peers. To illustrate how these rules affect routing, refer to the illustration below and the following steps.Routers B, C, D, E, and G are members of the same AS - AS100. These routers are also in the same Route Reflection Cluster, where Router D is the Route Reflector.
BGP Attributes Routes learned via BGP have associated properties that are used to determine the best route to a destination when multiple paths exist to a particular destination. These properties are referred to as BGP attributes, and an understanding of how BGP attributes influence route selection is required for the design of robust networks.
www.dell.com | support.dell.com Figure 9-4. BGP Best Path Selection No, or Not Resulting in a Single Route Largest Weight Highest Local Pref Locally Originated Path Shortest AS Path Lowest Origin Code Lowest MED Learned via EBGP Lowest NEXT-HOP Cost Tie Breakers Short Cluster List from Lowest BGP ID Lowest Peering Addr A Single Route is Selected and Installed in the Forwarding Table Best Path selection details 1. Prefer the path with the largest WEIGHT attribute. 2.
• AS_CONFED_SEQUENCE has a path length of 1, no matter how many ASs are in the AS_CONFED_SEQUENCE. 5. Prefer the path with the lowest ORIGIN type (IGP is lower than EGP, and EGP is lower than INCOMPLETE). 6. Prefer the path with the lowest Multi-Exit Discriminator (MED) attribute. The following criteria apply: • • • This comparison is only done if the first (neighboring) AS is the same in the two paths; the MEDs are compared only if the first AS in the AS_SEQUENCE is the same for both paths.
www.dell.com | support.dell.com Weight The Weight attribute is local to the router and is not advertised to neighboring routers. If the router learns about more than one route to the same destination, the route with the highest weight will be preferred. The route with the highest weight is installed in the IP routing table. Local Preference Local Preference (LOCAL_PREF) represents the degree of preference within the entire AS. The higher the number, the greater the preference for the route.
One AS assigns the MED a value and the other AS uses that value to decide the preferred path. For this example, assume the MED is the only attribute applied. In the following illustration, AS100 and AS200 connect in two places. Each connection is a BGP session. AS200 sets the MED for its T1 exit point to 100 and the MED for its OC3 exit point to 50. This sets up a path preference through the OC3 link. The MEDs are advertised to AS100 routers so they know which is the preferred path.
www.dell.com | support.dell.com In FTOS, these origin codes appear as shown in the example below. The question mark (?) indicates an Origin code of INCOMPLETE. The lower case letter (i) indicates an Origin code of IGP. FTOS#show ip bgp BGP table version is 0, local router ID is 10.101.15.
Multiprotocol BGP MBGP for IPv6 unicast is supported on platforms e c MBGP for IPv4 Multicast is supported on platform c e s Multiprotocol Extensions for BGP (MBGP) is defined in IETF RFC 2858. MBGP allows different types of address families to be distributed in parallel. This allows information about the topology of IP Multicast-capable routers to be exchanged separately from the topology of normal IPv4 and IPv6 unicast routers.
www.dell.com | support.dell.com Note the following when configuring this functionality: • • • If the redistribute command does not have any metric configured and BGP Peer out-bound route-map does have metric-type internal configured, BGP advertises the IGP cost as MED.
Where the 2-Byte format is 1-65535, the 4-Byte format is 1-4294967295. Enter AS Numbers using the traditional format. If the ASN is greater than 65535, the dot format is shown when using the show ip bgp commands. For example, an ASN entered as 3183856184 will appear in the show commands as 48581.51768; an ASN of 65123 is shown as 65123. To calculate the comparable dot format for an ASN from a traditional format, use ASN/65536. ASN%65536. Table 9-15.
www.dell.com | support.dell.com ASDOT representation combines the ASPLAIN and ASDOT+ representations. AS Numbers less than 65536 appear in integer format (asplain); AS Numbers equal to or greater than 65536 appear using the decimal method (asdot+). For example, the AS Number 65526 appears as 65526, and the AS Number 65546 appears as 1.10. Dynamic AS Number Notation application FTOS 8.3.1.0 applies the ASN Notation type change dynamically to the running-config statements.
FTOS(conf-router_bgp)#no bgp asnotation FTOS(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057
www.dell.com | support.dell.com Router A AS 100 Router C AS 300 Router B AS 200 Before Migration Router A AS 100 AS 100 Router C AS 300 Router B Local AS 200 After Migration, with Local-AS enabled When you complete your migration, and you have reconfigured your network with the new information you must disable this feature. If the “no prepend” option is used, the local-as will not be prepended to the updates received from the eBGP peer.
BGP4 Management Information Base (MIB) The FORCE10-BGP4-V2-MIB enhances FTOS BGP Management Information Base (MIB) support with many new SNMP objects and notifications (traps) defined in the draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell Force10 website, www.force10networks.com. Note: Refer to the Dell Force10 iSupport webpage for the Force10-BGP4-V2-MIB and other MIB documentation.
www.dell.com | support.dell.com • • • • • • • • • • The f10BgpM2[Cfg]PeerReflectorClient field is populated based on the assumption that route-reflector clients are not in a full mesh if BGP client-2-client reflection is enabled and that the BGP speaker acting as reflector will advertise routes learned from one client to another client. If disabled, it is assumed that clients are in a full mesh, and there is no need to advertise prefixes to the other clients.
BGP Configuration To enable the BGP process and begin exchanging information, you must assign an AS number and use commands in the ROUTER BGP mode to configure a BGP neighbor. Defaults By default, BGP is disabled. By default, FTOS compares the MED attribute on different paths from within the same AS (the bgp always-compare-med command is not enabled). Note: In FTOS, all newly configured neighbors and peer groups are disabled.
www.dell.com | support.dell.
Use these commands in the following sequence, starting in the CONFIGURATION mode to establish BGP sessions on the router. Step 1 Command Syntax Command Mode Purpose router bgp as-number CONFIGURATION Assign an AS number and enter the ROUTER BGP mode. AS Number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) or 0.1-65535.65535 (Dotted format) Only one AS is supported per system If you enter a 4-Byte AS Number, 4-Byte AS Support is enabled automatically.
www.dell.com | support.dell.com Enter show config in CONFIGURATION ROUTER BGP mode to view the BGP configuration. Use the show ip bgp summary command in EXEC Privilege mode to view the BGP status. The following example shows the summary with a 2-Byte AS Number displayed; the example in Example: show ip bgp summary (4-Byte AS Number displayed) shows the summary with a 4-Byte AS Number displayed. Example: show ip bgp summary (2-Byte AS Number displayed) R2#show ip bgp summary BGP router identifier 192.168.
The following example displays two neighbors: one is an external and the second one is an internal BGP neighbor. The first line of the output for each neighbor displays the AS number and states whether the link is an external or internal. The third line of the show ip bgp neighbors output contains the BGP State. If anything other than ESTABLISHED is listed, the neighbor is not exchanging information and routes.
www.dell.com | support.dell.com network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 no shutdown neighbor 192.168.10.1 remote-as 65123 neighbor 192.168.10.1 update-source Loopback 0 neighbor 192.168.10.1 no shutdown neighbor 192.168.12.
bgp asnotation asplain FTOS(conf-router_bgp)#bgp asnotation asplain FTOS(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30.1.250 password 7 5ab3eb9a15ed02ff4f0dfd4500d6017873cfd9a267c04957 neighbor 172.30.1.
www.dell.com | support.dell.com Use these commands in the following sequence starting in the CONFIGURATION ROUTER BGP mode to create a peer group Step Command Syntax Command Mode Purpose neighbor peer-group-name peer-group CONFIG-ROUTERBGP Create a peer group by assigning a name to it. 2 neighbor peer-group-name no shutdown CONFIG-ROUTERBGP Enable the peer group. By default, all peer groups are disabled 3 neighbor ip-address remote-as CONFIG-ROUTERBGP Create a BGP neighbor.
A neighbor may keep its configuration after it was added to a peer group if the neighbor’s configuration is more specific than the peer group’s, and the neighbor’s configuration does not affect outgoing updates. Note: When you configure a new set of BGP policies for a peer group, always reset the peer group by entering the clear ip bgp peer-group peer-group-name command in EXEC Privilege mode. Use the show config command in the CONFIGURATION ROUTER BGP mode to view the configuration.
www.dell.com | support.dell.com For address family: IPv4 Unicast BGP neighbor is zanzibar, peer-group internal, Number of peers in this group 26 Peer-group members (* - outbound optimized): 10.68.160.1 10.68.161.1 10.68.162.1 10.68.163.1 10.68.164.1 10.68.165.1 10.68.166.1 10.68.167.1 10.68.168.1 10.68.169.1 10.68.170.1 10.68.171.1 10.68.172.1 10.68.173.1 10.68.174.1 10.68.175.1 10.68.176.1 10.68.177.1 10.68.178.1 10.68.179.1 10.68.180.1 10.68.181.1 10.68.182.1 10.68.183.1 10.68.184.1 10.68.185.
Use the show ip bgp neighbors command as shown in in the example below to verify that fast fall-over is enabled on a particular BGP neighbor. Note that since Fast Fall-Over is disabled by default, it will appear only if it has been enabled. FTOS#sh ip bgp neighbors BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.30.
www.dell.com | support.dell.com Peer-group members (* - outbound optimized): 100.100.100.100* FTOS# router bgp 65517 neighbor test peer-group neighbor test fall-over neighbor test no shutdown neighbor 100.100.100.100 remote-as 65517 neighbor 100.100.100.100 fall-over neighbor 100.100.100.100 update-source Loopback 0 neighbor 100.100.100.100 no shutdown FTOS# Configure passive peering When you enable a peer-group, the software sends an OPEN message to initiate a TCP connection.
Maintain existing AS numbers during an AS migration The local-as feature smooths out the BGP network migration operation and allows you to maintain existing ASNs during a BGP network migration. When you complete your migration, be sure to reconfigure your routers with the new information and disable this feature. Command Syntax Command Mode Purpose neighbor {IP address | peer-group-name local-as as number [no prepend] CONFIG-ROUTERBGP Allow external routes from this neighbor. Format: IP Address: A.B.C.
www.dell.com | support.dell.com Allow an AS number to appear in its own AS path This command allows you to set the number of times a particular AS number can occur in the AS path. The allow-as feature permits a BGP speaker to allow the ASN to be present for specified number of times in the update received from the peer, even if that ASN matches its own. The AS-PATH loop is detected if the local ASN is present more than the specified number of times in the command.
The default role for BGP on is as a receiving or restarting peer. If you enable BGP, when a peer that supports graceful restart resumes operating, FTOS performs the following tasks: • • • • Continues saving routes received from the peer if the peer advertised it had graceful restart capability. Continues forwarding traffic to the peer. Flags routes from the peer as Stale and sets a timer to delete them if the peer does not perform a graceful restart.
www.dell.com | support.dell.com You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, please refer to the following table or the FTOS Command Line Interface Reference. Command Syntax Command Mode Purpose neighbor {ip-address | peer-group-name} graceful-restart CONFIG-ROUTERBGP Add graceful restart to a BGP neighbor or peer-group.
--More-- AS-PATH ACLs use regular expressions to search AS_PATH values. AS-PATH ACLs have an “implicit deny.” This means that routes that do not meet a deny or match filter are dropped. Use these commands in the following sequence, starting in the CONFIGURATION mode to configure an AS-PATH ACL to filter a specific AS_PATH value. Step 1 Command Syntax Command Mode Purpose ip as-path access-list CONFIGURATION Assign a name to a AS-PATH ACL and enter AS-PATH ACL mode.
www.dell.com | support.dell.com FTOS(conf)#ip as-path access-list Eagle FTOS(config-as-path)#deny 32$ FTOS(config-as-path)#ex FTOS(conf)#router bgp 99 FTOS(conf-router_bgp)#neighbor AAA filter-list Eagle in FTOS(conf-router_bgp)#show conf ! router bgp 99 neighbor AAA peer-group neighbor AAA filter-list Eaglein neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 filter-list 1 in neighbor 10.155.15.
As seen in the example in Regular Expressions as filters, the expressions are displayed when using the show commands. Use the show config command in the CONFIGURATION AS-PATH ACL mode and the show ip as-path-access-list command in EXEC Privilege mode to view the AS-PATH ACL configuration. For more information on this command and route filtering, refer to Filter BGP routes. Redistribute routes In addition to filtering routes, you can add routes from other routing instances or protocols to the BGP process.
www.dell.com | support.dell.com Use the following command in the CONFIGURATION ROUTER BGP mode to allow multiple paths sent to peers. Note: In some cases, while receiving 1K same routes from more than 64 iBGP neighbors, BGP sessions holdtime of 10 seconds may flap. The BGP add-path does not update packets for advertisement and cannot scale to higher numbers. Either reduce the number of routes added or increase the holddown timer value.
Use these commands in the following sequence, starting in the CONFIGURATION mode to configure an IP community list. Step Command Syntax Command Mode Purpose 1 ip community-list CONFIGURATION Create a Community list and enter the COMMUNITY-LIST mode. CONFIG-COMMUNITYLIST Configure a Community list by denying or permitting specific community numbers or types of community • community-number: use AA:NN format where AA is the AS number (2 or 4 Bytes) and NN is a value specific to that autonomous system.
www.dell.com | support.dell.com To view the configuration, use the show config command in the CONFIGURATION COMMUNITY-LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip {community-lists | extcommunity-list} command in EXEC Privilege mode as shown in the example below.
Manipulate the COMMUNITY attribute In addition to permitting or denying routes based on the values of the COMMUNITY attributes, you can manipulate the COMMUNITY attribute value and send the COMMUNITY attribute with the route information. By default, FTOS does not send the COMMUNITY attribute. Use the following command in the CONFIGURATION ROUTER BGP mode to send the COMMUNITY attribute to BGP neighbors.
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 2 set comm-list CONFIG-ROUTE-MAP Configure a set filter to delete all COMMUNITY numbers in the IP Community list.
*>i 6.8.0.0/20 *>i 6.9.0.0/20 *>i 6.10.0.0/15 *>i 6.14.0.0/15 *>i 6.133.0.0/21 *>i 6.151.0.0/16 --More-- 195.171.0.16 195.171.0.16 195.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 100 100 100 100 100 100 0 0 0 0 0 0 209 209 209 209 209 209 7170 7170 7170 7170 7170 7170 1455 1455 1455 1455 1455 1455 i i i i i i Change MED attribute By default, FTOS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS.
www.dell.com | support.dell.com Use these commands in the following sequence, starting CONFIGURATION mode to change the default value of the LOCAL_PREF attribute for specific routes. Step Command Syntax Command Mode Purpose route-map map-name [permit | deny] [sequence-number] CONFIGURATION Enter the ROUTE-MAP mode and assign a name to a route map. 2 set local-preference value CONFIG-ROUTE-MAP Change LOCAL_PREF value for routes meeting the criteria of this route map.
Change WEIGHT attribute Use the following command in CONFIGURATION ROUTER BGP mode to change the how the WEIGHT attribute is used. Command Syntax Command Mode Purpose neighbor {ip-address | peer-group-name} weight weight CONFIG-ROUTERBGP Assign a weight to the neighbor connection. • weight range: 0 to 65535 • Default is 0 Use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode to view BGP configuration.
www.dell.com | support.dell.com Note: With FTOS, you can create inbound and outbound policies. Each of the commands used for filtering, has in and out parameters that must be applied. In FTOS, the order of preference varies depending on whether the attributes are applied for inbound updates or outbound updates.
• • • If the prefix list contains no filters, all routes are permitted. If none of the routes match any of the filters in the prefix list, the route is denied. This action is called an implicit deny. (If you want to forward all routes that do not match the prefix list criteria, you must configure a prefix list filter to permit all routes. For example, you could have the following filter as the last filter in your prefix list permit 0.0.0.0/0 le 32).
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 2 {deny | permit} AS-PATH ACL Create a AS-PATH ACL filter with a deny or permit action. as-regular-expression 3 exit AS-PATH ACL Return to the CONFIGURATION mode. 4 router bgp as-number CONFIGURATION Enter ROUTER BGP mode. 5 neighbor {ip-address | peer-group-name} filter-list as-path-name {in | out} CONFIG-ROUTER-B GP Filter routes based on the criteria in the configured route map.
When you enable a route reflector, FTOS automatically enables route reflection to all clients. To disable route reflection between all clients in this reflector, use the no bgp client-to-client reflection command in CONFIGURATION ROUTER BGP mode. All clients should be fully meshed before you disable route reflection. Aggregate routes FTOS provides multiple ways to aggregate routes in the BGP routing table.
www.dell.com | support.dell.com Configure BGP confederations Another way to organize routers within an AS and reduce the mesh for IBGP peers is to configure BGP confederations. As with route reflectors, BGP confederations are recommended only for IBGP peering involving a large number of IBGP peering sessions per router. Basically, when you configure BGP confederations, you break the AS into smaller sub-AS, and to those outside your network, the confederations appear as one AS.
When dampening is applied to a route, its path is described by one of the following terms: • • • history entry—an entry that stores information on a downed route dampened path—a path that is no longer advertised penalized path—a path that is assigned a penalty The CLI example below shows configuring values to start reusing or restarting a route, as well as their default values.
www.dell.com | support.dell.com To set dampening parameters via a route map, use the following command in CONFIGURATION ROUTE-MAP mode: Command Syntax Command Mode Purpose set dampening half-life reuse CONFIG-ROUTE-MAP Enter the following optional parameters to configure route dampening parameters: • half-life range: 1 to 45. Number of minutes after which the Penalty is decreased.
Use the following command in EXEC and EXEC Privilege mode to view statistics on route flapping. Command Syntax Command Mode Purpose show ip bgp flap-statistics [ip-address [mask]] [filter-list as-path-name] [regexp regular-expression] EXEC EXEC Privilege View all flap statistics or for specific routes meeting the following criteria: • ip-address [mask]: enter the IP address and mask • filter-list as-path-name: enter the name of an AS-PATH ACL.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose timers bgp keepalive holdtime CONFIG-ROUTERBGP Configure timer values for all neighbors. • keepalive range: 1 to 65535. Time interval, in seconds, between keepalive messages sent to the neighbor routers. (Default: 60 seconds) • holdtime range: 3 to 65536. Time interval, in seconds, between the last keepalive message and declaring the router dead.
Command Syntax Command Mode Purpose Entering this command starts the storage of updates, which is required to do inbound soft reconfiguration. Outbound BGP soft reconfiguration does not require inbound soft reconfiguration to be enabled. When soft-reconfiguration is enabled for a neighbor and the clear ip bgp soft in command is executed, the update database stored in the router is replayed and updates are reevaluated.
www.dell.com | support.dell.com • • • A successful match with a continue clause—the route map executes the set clauses and then goes to the specified route map entry upon execution of the continue clause. If the next route map entry contains a continue clause, the route map executes the continue clause if a successful match occurs. If the next route map entry does not contain a continue clause, the route map evaluates normally.
• • • • If the corresponding capability is received in the peer’s Open message, BGP will mark the peer as supporting the AFI/SAFI. When exchanging updates with the peer, BGP sends and receives IPv4 Multicast routes if the peer is marked as supporting that AFI/SAFI. Exchange of IPv4 Multicast route information occurs through the use of two new attributes called MP_REACH_NLRI and MP_UNREACH_NLRI, for feasible and withdrawn routes, respectively.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose debug ip bgp {ip-address | peer-group-name} soft-reconfiguration EXEC Privilege Enable soft-reconfiguration debug. Enable soft-reconfiguration debug. To enhance debugging of soft reconfig, use the following command only when route-refresh is not negotiated to avoid the peer from resending messages: bgp soft-reconfig-backup In-BGP is shown via the show ip protocols command. FTOS displays debug messages on the console.
BGP table version 1395, neighbor version 1394 Prefixes accepted 1 (consume 4 bytes), 0 withdrawn by peer Prefixes advertised 0, rejected 0, 0 withdrawn from peer Connections established 3; dropped 2 Last reset 00:00:12, due to Missing well known attribute Notification History 'UPDATE error/Missing well-known attr' Sent : 1 'Connection Reset' Sent : 1 Recv: 0 Recv: 0 Last notification (len 21) sent 00:26:02 ago ffffffff ffffffff ffffffff ffffffff 00160303 03010000 Last notification (len 21) received 00:26:
www.dell.com | support.dell.com PDU[2] : len 19, captured 00:34:51 ago ffffffff ffffffff ffffffff ffffffff 00130400 PDU[3] : len 19, captured 00:34:50 ago ffffffff ffffffff ffffffff ffffffff 00130400 PDU[4] : len 19, captured 00:34:20 ago ffffffff ffffffff ffffffff ffffffff 00130400 [. . .] The buffers storing the PDU free memory when: • • • • • BGP is disabled A neighbor is unconfigured clear ip bgp is issued New PDU are captured and there is no more space to store them The max buffer size is reduced.
You can copy and paste from these examples to your CLI. Be sure you make the necessary changes to support your own IP Addresses, Interfaces, Names, etc. The image below is a graphic illustration of the configurations shown on the following pages. These configurations show how to create BGP areas using physical and virtual links. They include setting up the interfaces and peers groups with each other. Physical Links AS 99 Virtual Links GigE 1/21 10.0.1.21 /24 GigE 2/11 10.0.1.
www.dell.com | support.dell.com Example: Enable BGP, Router 1 228 R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int gig 1/21 R1(conf-if-gi-1/21)#ip address 10.0.1.21/24 R1(conf-if-gi-1/21)#no shutdown R1(conf-if-gi-1/21)#show config ! interface GigabitEthernet 1/21 ip address 10.0.1.
Example: Enable BGP, Router 2 R2# conf R2(conf)#int loop 0 R2(conf-if-lo-0)#ip address 192.168.128.2/24 R2(conf-if-lo-0)#no shutdown R2(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.2/24 no shutdown R2(conf-if-lo-0)#int gig 2/11 R2(conf-if-gi-2/11)#ip address 10.0.1.22/24 R2(conf-if-gi-2/11)#no shutdown R2(conf-if-gi-2/11)#show config ! interface GigabitEthernet 2/11 ip address 10.0.1.22/24 no shutdown R2(conf-if-gi-2/11)#int gig 2/31 R2(conf-if-gi-2/31)#ip address 10.0.2.
www.dell.com | support.dell.com R2# Example: Enable BGP, Router 3 R3# conf R3(conf)# R3(conf)#int loop 0 R3(conf-if-lo-0)#ip address 192.168.128.3/24 R3(conf-if-lo-0)#no shutdown R3(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.3/24 no shutdown R3(conf-if-lo-0)#int gig 3/11 R3(conf-if-gi-3/11)#ip address 10.0.3.33/24 R3(conf-if-gi-3/11)#no shutdown R3(conf-if-gi-3/11)#show config ! interface GigabitEthernet 3/11 ip address 10.0.3.
2 BGP AS-PATH entrie(s) using 90 bytes of memory 2 neighbor(s) using 9216 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer 192.168.128.1 99 24 25 1 192.168.128.2 99 14 14 1 R3# InQ 0 0 OutQ Up/Down State/Pfx 0 00:14:20 1 0 00:10:22 1 Example: Enable Peer Group, Router 1 R1#conf R1(conf)#router bgp 99 R1(conf-router_bgp)# network 192.168.128.
www.dell.com | support.dell.
Connections established 4; dropped 3 Last reset 00:00:54, due to user reset R1# Example: Enable Peer Groups, Router 2 R2#conf R2(conf)#router bgp 99 R2(conf-router_bgp)# neighbor CCC peer-group R2(conf-router_bgp)# neighbor CC no shutdown R2(conf-router_bgp)# neighbor BBB peer-group R2(conf-router_bgp)# neighbor BBB no shutdown R2(conf-router_bgp)# neighbor 192.168.128.1 peer AAA R2(conf-router_bgp)# neighbor 192.168.128.1 no shut R2(conf-router_bgp)# neighbor 192.168.128.
www.dell.com | support.dell.
For address family: IPv4 Unicast BGP table version 1, neighbor version 1 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 1, denied 0, withdrawn 0 from peer Example: Enable Peer Groups, Router 3 (Continued) Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set to Loopback 0 Peer active
www.dell.com | support.dell.
10 Bare Metal Provisioning 2.0 Bare Metal Provisioning 2.0 is included as part of the FTOS image. It is supported on the following platform: Bare Metal Provisioning (BMP) improves accessibility to the switch by automatically loading pre-defined configurations and boot images that are stored in file servers. BMP can be used on a single switch or on multiple switches. For more information on using BMP and the different types of modes, refer to the Open Automation Guide.
www.dell.com | support.dell.com Restrictions BMP 2.0 is supported on the user ports and management ports of a switch. Overview On a new factory-loaded switch, the switch boots up in Jumpstart mode. You can reconfigure a switch to reload between Normal and Jumpstart mode. • • Jumpstart (BMP) mode: The switch automatically configures all ports (management and user ports) as Layer 3 physical ports and acts as a DHCP client on the ports for a user-configured time (DHCP timeout).
To display the currently configured reload mode for a switch running BMP version 2.0, enter the show reload-type or show bootvar command. FTOS#show reload type Reload-Type : config-download : dhcp-timeout : jump-start [Next boot :jump-start] enable 10 FTOS#show bootvar . . content truncated.. Reload Mode = jump-start File URL = tftp:/30.0.0.1/FTOS-SE-8-3-8-17.
www.dell.com | support.dell.com •6 •66 •67 •150 •209 Domain Name Server IP TFTP Server name Boot filename TFTP server IP address Configuration File Note: The boot file name and configuration file name must be in the correct format. If it is not, the switch will be unable to download the file from the DHCP server, and will behave as if the server could not be reached. The discovery process will continue, despite configured time-out, until the stop jump-start command is given.
Following is an example of a configuration of the DHCP server included on the most popular Linux distributions. The dhcpd.conf file shows assignment of a fixed IP address and configuration file based on the MAC address of the switch. Parameter Example Description option boot-filename code 67 = text; option tftp-server-address code 150 = ip-address; option config-file code 209 = text; subnet 10.20.30.0 netmask 255.255.255.0 { option domain-name-servers 20.30.40.1, 20.30.40.2; host S4810-1 { BMP 2.
www.dell.com | support.dell.com File Server Set up a file server and ensure connectivity. The server that holds the boot and configuration files must be configured as the network source for the switch. The switch recognizes HTTP, TFTP, FTP, and Flash URLs.
2. The switch sends DHCP Discover on all the interface up ports.
www.dell.com | support.dell.com • If there is a mismatch, the switch applies the downloaded version and reloads.
11 Content Addressable Memory (CAM) Content Addressable Memory (CAM) is supported on platforms: • • • • • • • • • • • • • • • • • • • et c s Content Addressable Memory CAM Profiles Microcode CAM Profiling for ACLs When to Use CAM Profiling Differences Between EtherScale and TeraScale Important Points to Remember Select CAM Profiles CAM Allocation Test CAM Usage View CAM Profiles View CAM-ACL settings View CAM-ACL settings Configure IPv4Flow Sub-partitions Configure Ingress Layer 2 ACL Sub-partitions Retur
www.dell.com | support.dell.com • Either ExaScale 10G or 40G CAM line cards can be used in a system. CAM Profiles Dell Force10 systems partition each CAM module so that it can store the different types of information. The size of each partition is specified in the CAM profile. A CAM profile is stored on every card, including each RPM. The same profile must be on every line card and RPM in the chassis.
Table 11-18. CAM Profile Descriptions CAM Profile Description ipv4-64k-ipv6 Provides IPv6 functionality; an alternate to ipv6-extacl that redistributes CAM space from the IPv4FIB to IPv4Flow and IPv6FIB. Available Microcodes: ipv6-extacl The size of CAM partitions is measured in entries. Table 11-18 shows the number of entries available in each partition for all CAM profiles.
www.dell.com | support.dell.com Table 11-20. Microcode Descriptions Microcode Description default Distributes CAM space for a typical deployment lag-hash-align For applications that require the same hashing for bi-directional traffic (for example, VoIP call or P2P file sharing). For port-channels, this microcode maps both directions of a bi-directional flow to the same output link. lag-hash-mpls For hashing based on MPLS labels (up to five labels deep).
You can re-configure the amount of space, in percentage, allocated to each sub-partition. As with the IPv4Flow partition, you can configure the Layer 2 ACL partition from EXEC Privilege mode or CONFIGURATION mode. The amount of space that you can distribute to the sub-partitions is equal to the amount of CAM space that the selected CAM profile allocates to the Layer 2 ACL partition. FTOS requires that you specify the amount of CAM space for all sub-partitions and that the sum of all sub-partitions is 100%.
www.dell.com | support.dell.com Example: EF Line Card with EG Chassis Profile (Card Problem) R1#show linecard 1 brief -- Line card Status Next Boot Required Type Current Type Hardware Rev Num Ports Up Time FTOS Version Jumbo Capable 1 : : : : : : : : : -card problem - mismatch cam profile online E48TF - 48-port 10/100/1000Base-T line card with RJ-45 interfaces (EF) E48TF - 48-port 10/100/1000Base-T line card with RJ-45 interfaces (EF) Base - 1.1 PP0 - 1.1 PP1 - 1.1 48 0 sec 7.6.1.
• • • • • • CAM Profiling is available on the E-Series TeraScale with FTOS versions 6.3.1.1 and later. All line cards within a single system must have the same CAM profile; this profile must match the system CAM profile (the profile on the primary RPM). • FTOS automatically reconfigures the CAM profile on line cards and the secondary RPM to match the system CAM profile by saving the correct profile on the card and then rebooting it.
www.dell.com | support.dell.com Step Task Command Syntax Command Mode 3 Verify that the new CAM profile will be written to the CAM on the next boot. show cam-profile summary EXEC Privilege 4 Reload the system. reload EXEC Privilege CAM Allocation User Configurable CAM Allocations is available on platforms: cs Allocate space for IPV4 ACLs and QoS regions, and IPv6 6 ACLs and QoS regions on the C-Series and S-Series by using the cam-acl command in CONFIGURATION mode.
To configure the IPv4 and IPv6 ACLs and Qos regions on the entire system: Step 1 Task Command Syntax Command Mode Select a cam-acl action cam-acl [default | l2acl] CONFIGURATION Note: Selecting default resets the CAM entries to the default settings. Select l2acl to allocate space for the ACLs, and QoS regions. 2 Enter the number of FP blocks for each region. Note: If allocation values are not entered for the CAM regions, the value is 0.
www.dell.com | support.dell.
VmanQos VmanDualQos EcfmAcl : : : 0 0 0 -- Line card 0 -Current Settings(in block sizes) L2Acl : 2 Ipv4Acl : 2 Ipv6Acl : 2 Ipv4Qos : 2 L2Qos : 2 L2PT : 1 IpMacAcl : 2 VmanQos : 0 VmanDualQos : 0 EcfmAcl : 0 -- Line card 6 -Current Settings(in block sizes) L2Acl : 2 Ipv4Acl : 2 Ipv6Acl : 2 Ipv4Qos : 2 L2Qos : 2 L2PT : 1 IpMacAcl : 2 VmanQos : 0 VmanDualQos : 0 EcfmAcl : 0 The default values for the show cam-acl command for the are: FTOS#show cam-acl -- Chassis Cam ACL -Current Settings(in block sizes)
www.dell.com | support.dell.com FcoeAcl iscsiOptAcl : : 0 2 FTOS# View CAM Usage View the amount of CAM space available, used, and remaining in each partition (including IPv4Flow and Layer 2 ACL sub-partitions) using the command show cam-usage from EXEC Privilege mode, as shown in the following example.
Table 11-22. IPv4Flow CAM Sub-partition Sizes Space Allocated (EtherScale) Space Allocated (TeraScale) Space Allocated (ExaScale) PBR 1K 1K 1K QoS 8K 2K 2K System Flow 5K 5K 5K 1 1K 1K Partition Trace Lists You can re-configure the amount of space allocated for each type of entry. FTOS requires that you specify an amount of CAM space for all types and in the order shown in Table 11-22.
www.dell.com | support.dell.
Configure Ingress Layer 2 ACL Sub-partitions IPv4Flow sub-partitions are supported on platform e The Ingress Layer 2 ACL CAM partition has sub-partitions for several types of information. Table 11-23 lists the sub-partition and the percentage of the Ingress Layer 2 ACL CAM partition that FTOS allocates to each by default. Table 11-23.
www.dell.com | support.dell.com To re-allocate CAM space within the Ingress Layer 2 ACL partition on the entire system as shown in the following example. : Step Task Command Syntax Command Mode 1 Re-allocate CAM space within the Ingress Layer 2 ACL partition. cam-l2acl CONFIGURATION 2 Save the running-configuration. copy running-config startup-config EXEC Privilege 3 Verify that FTOS will write the new CAM configuration to the CAM on the next boot.
Return to the Default CAM Configuration Return to the default CAM Profile, microcode, IPv4Flow, or Layer 2 ACL configuration using the keyword default from EXEC Privilege mode or from CONFIGURATION mode, as shown in the following example.
www.dell.com | support.dell.com • • • When an IP header is present, hashing is based on IP 3 tuple (source IP address, destination IP address, and IP protocol). If an IP header is not found after the 5th label, hashing is based on the MPLS labels. If the packet has more than 5 MPLS labels, hashing is based on the source and destination MAC address. To enable this type of hashing, use the default CAM profile with the microcode lag-hash-mpls.
• • Use the CONFIGURATION mode commands so that the profile is change throughout the system. Use the EXEC Privilege mode commands to match the profile of a component to the profile of the target system. QoS CAM Region Limitation The default CAM profile allocates a partition within the IPv4Flow region to store QoS service policies. If the QoS CAM space is exceeded, messages similar to the ones in Message 9 are displayed.
www.dell.com | support.dell.
12 Control Plane Policing (CoPP) Control Plane Policing (CoPP) is supported on platform: Overview Control Plane Policing (CoPP) uses ACL rules and QoS policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level.
Q5 Q4 CPU Processes (OSPF, LACP, STP, ICMP, etc) Q6 400 PPS (Ingress Flow Entries) Packets Protocol to Queue Classification ICMP PING Front End Ports STP Q7 1100 PPS CPU Software Queue www.dell.com | support.dell.com OPSF flood CPU at 1100 PPS ICMP fails Hardware Queue Rate Limiting No CoPP Rules Q3 Q2 Q1 STP Q0 Q7 receives STP at 1100 pps due to network storm/loop. The CPU is hit with the entire 1100 pps and the PING attemp fails intermittently.
The CoPP policies are configured by creating extended ACL rules and specifying rate-limits through QoS policies. The ACLs and QoS policies are assigned as service-policies. Configure CoPP for protocols This section lists the commands necessary to create and enable the service-policies for CoPP. Refer to Access Control Lists (ACLs) and Quality of Service (QoS) for complete information about creating ACLs and QoS rules.
www.dell.com | support.dell.
FTOS(conf-policy-map-in-cpuqos)#class-map class_bgp qos-policy rate_limit_400k FTOS(conf-policy-map-in-cpuqos)#class-map class_lacp qos-policy rate_limit_200k FTOS(conf-policy-map-in-cpuqos)#class-map class-ipv6 qos-policy rate_limit_200k FTOS(conf-policy-map-in-cpuqos)#exit Create Control Plane Service Policy FTOS(conf)#control-plane-cpuqos FTOS(conf-control-cpuqos)#service-policy rate-limit-protocols egressFP_rate_policy FTOS(conf-control-cpuqos)#exit Configure CoPP for CPU queues Controlling traffic on
www.dell.com | support.dell.
LACP LLDP GVRP STP ISIS 01:80:c2:00:00:02 any 01:80:c2:00:00:21 01:80:c2:00:00:00 01:80:c2:00:00:14/15 09:00:2b:00:00:04/05 0x8809 0x88cc any any any any Q7 Q7 Q7 Q7 Q7 Q7 CP CP CP CP CP CP _ _ _ _ _ FTOS# Use the show ipv6 protocol-queue-mapping command to view the queue mapping for IPv6 protocols.
www.dell.com | support.dell.
13 Data Center Bridging (DCB) The data center bridging (DCB) features are supported on the .
www.dell.com | support.dell.com For example, instead of deploying an Ethernet network for LAN traffic, additional storage area networks (SANs) to ensure lossless fiber-channel traffic, and a separate InfiniBand network for high-performance inter-processor computing within server clusters, only one DCB-enabled network is required in a data center.
PFC enhances the existing 802.3x pause and 802.1p priority capabilities to enable flow control based on 802.1p priorities (classes of service). Instead of stopping all traffic on a link (as performed by the traditional Ethernet pause mechanism), PFC pauses traffic on a link according to the 802.1p priority set on a traffic type. You can create lossless flows for storage and server traffic while allowing for loss in case of LAN traffic congestion on the same physical interface.
www.dell.com | support.dell.com Enhanced Transmission Selection Enhanced transmission selection (ETS) supports optimized bandwidth allocation between traffic types in multiprotocol (Ethernet, FCoE, SCSI) links. ETS allows you to divide traffic according to its 802.1p priority into different priority groups (traffic classes) and configure bandwidth allocation and queue scheduling for each group to ensure that each traffic type is correctly prioritized and receives its required bandwidth.
• • • Bandwidth allocated by the ETS algorithm is made available after strict-priority groups are serviced. If a priority group does not use its allocated bandwidth, the unused bandwidth is made available to other priority groups. For ETS traffic selection, an algorithm is applied to priority groups using: • Strict-priority shaping • ETS shaping Credit-based shaping is not supported. ETS uses the DCB MIB IEEE 802.1azd2.5.
www.dell.com | support.dell.com Figure 13-7. DCB PFC and ETS Traffic Handling Enabling Data Center Bridging Data center bridging (DCB) is automatically configured when FCoE or iSCSI Optimization are configured. Data center bridging supports converged enhanced Ethernet (CEE) in a data center network. DCB is disabled by default. It must be enabled to support CEE.
Task Command Command Mode Set PFC buffering on the DCB stack unit. dcb stack-unit all pfc-buffering pfc-ports 64 pfc-queues 2 CONFIGURATION Note: Save the configuration and reboot the system to save the pfc buffering configuration changes. FTOS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces (refer to Ethernet Pause Frames on page 444).
www.dell.com | support.dell.com Table 13-24. dot1p Priority-Queue Assignment dot1p Value in Incoming Frame Egress Queue Assignment 0 0 1 0 2 0 3 1 4 2 5 3 6 3 7 3 Configuring Priority-Based Flow Control Priority-based flow control (PFC) provides a flow control mechanism based on the 802.1p priorities in converged Ethernet traffic received on an interface and is enabled by default when DCB is enabled.
Step 3 Task Command Command Mode Configure the CoS traffic to be stopped for the specified delay. Enter the 802.1p values of the frames to be paused. Range: 0-7. Default: None. Maximum number of loss less queues supported on the switch: 2. Separate priority values with a comma. Specify a priority range with a dash, for example: pfc priority pfc priority priority-range DCB INPUT POLICY 1,3,5-7.
www.dell.com | support.dell.com FTOS Behavior: As soon as you apply a DCB policy with PFC enabled on an interface, DCBx starts exchanging information with PFC-enabled peers. The IEEE802.1Qbb, CEE and CIN versions of PFC TLV are supported. DCBx also validates PFC configurations that are received in TLVs from peer devices. By applying a DCB input policy with PFC enabled, you enable PFC operation on ingress port traffic.
A DCB input policy for PFC applied to an interface may become invalid if dot1p-queue mapping is reconfigured (refer to Create Input Policy Maps in Chapter 38, Quality of Service (QoS)). This situation occurs when the new dot1p-queue assignment exceeds the maximum number (2) of lossless queues supported globally on the switch. In this case, all PFC configurations received from PFC-enabled peers are removed and re-synchronized with the peer devices.
www.dell.com | support.dell.com FTOS Behavior: By default, no lossless queues are configured on a port. A limit of two lossless queues are supported on a port. If the amount of priority traffic that you configure to be paused exceeds the two lossless queues, an error message is displayed. You must reconfigure the input policy using a smaller number of PFC priorities.
Configuring Enhanced Transmission Selection Enhanced transmission selection (ETS) provides a way to optimize bandwidth allocation to outbound 802.1p classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, you can create groups within an 802.1p priority class to configure different treatment for traffic with different bandwidth, latency, and best-effort needs.
www.dell.com | support.dell.com • You can only use a QoS ETS output policy in association with a priority group in a DCB output policy and cannot be applied to an interface as a normal QoS output policy (refer to Applying an ETS Output Policy for a Priority Group to an Interface and Create an output QoS policy in Chapter 38, Quality of Service (QoS)). Note: The IEEE 802.1Qaz, CEE, and CIN versions of ETS are supported.
FTOS Behavior: Traffic in priority groups is assigned to strict-queue or WERR scheduling in an ETS output policy and is managed using the ETS bandwidth-assignment algorithm. FTOS de-queues all frames of strict-priority traffic before servicing any other queues. A queue with strict-priority traffic can starve other queues in the same port. ETS-assigned bandwidth allocation and scheduling apply only to data queues, not to control queues. FTOS supports hierarchical scheduling on an interface.
www.dell.com | support.dell.com Creating an ETS Priority Group An ETS priority group specifies the range of 802.1p priority traffic to which a QoS output policy with ETS settings is applied on an egress interface. You can associate a priority group to more than one ETS output policy on different interfaces. To create a priority group for ETS, follow these steps: Step Task Command Command Mode 1 Create an ETS priority group to use with an ETS output policy. Maximum: 32 characters.
Applying an ETS Output Policy for a Priority Group to an Interface To apply ETS on egress port traffic, you must associate a priority group with an ETS output policy which has scheduling and bandwidth configuration in a DCB output policy, and then apply the output policy to an interface. To apply ETS on egress port traffic, follow these steps: Step Task Command Command Mode 1 Create a DCB output policy to associate an ETS configuration with priority traffic. Maximum: 32 alphanumeric characters.
www.dell.com | support.dell.com FTOS Behavior: Create a DCB output policy to associate a priority group with an ETS output policy with scheduling and bandwidth configuration. You can apply a DCB output policy on multiple egress ports. The ETS configuration associated with 802.1p priority traffic in a DCB output policy is used in DCBx negotiation with ETS peers.
- The priority group for strict-priority scheduling (scheduler strict command; Creating a QoS ETS Output Policy) If you configure only the priority group in an ETS output policy or only the dot1p priority for strict-priority scheduling, the flow is handled with group strict priority.
www.dell.com | support.dell.com FTOS Behavior: Entering the command removes all DCB input policies applied to stacked ports. A dcb-policy input stack-unit all command overwrites any previous dcb-policy input stack-unit stack-unit-id configurations. Similarly, a dcb-policy input stack-unit stack-unit-id command overwrites any previous dcb-policy input stack-unit all configuration.
• • • Configuring Enhanced Transmission Selection FIP Snooping Chapter 13, Data Center Bridging (DCB) The following versions of DCBx are supported CIN, CEE, and IEEE2.5. Prerequisite: DCBx requires the LLDP to be enabled on all DCB devices. DCBx Operation DCBx performs the following operations: • • • • Discovers DCB configuration (such as PFC and ETS) in a peer device.
www.dell.com | support.dell.com • • • Auto-downstream: The port advertises its own configuration to DCBx peers but is not willing to receive remote peer configuration. The port always accepts internally propagated configurations from a configuration source. An auto-downstream port that receives an internally propagated configuration overwrites its local configuration with the new parameter values.
DCB Configuration Exchange The DCBx protocol supports the exchange and propagation of configuration information for the following DCB features. • • Enhanced transmission selection (ETS) Priority-based flow control (PFC) DCBx uses the following methods to exchange DCB configuration parameters: • • Asymmetric: DCB parameters are exchanged between a DCBx-enabled port and a peer port without requiring that a peer port and the local port use the same configured values for the configurations to be compatible.
www.dell.com | support.dell.com • • If a configuration source is found, the received configuration is checked against the currently configured values that are internally propagated by the configuration source. If the local configuration is compatible with the received configuration, the port is enabled for DCBx operation and synchronization.
DCBx Example Figure 13-8 shows how DCBx is used. The external 40GbE ports on the base module (ports 33 and 37) of two switches are used for uplinks configured as DCBx auto-upstream ports. The S4810 is connected to third-party, top-of-rack (ToR) switches through 40GbE uplinks. The ToR switches are part of a Fibre Channel storage network. • The internal ports (ports 1-32) connected to the 10GbE backplane are configured as auto-downstream ports.
www.dell.com | support.dell.com DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port: • • DCBx requires LLDP in both send (TX) and receive (RX) mode to be enabled on a port interface (protocol lldp mode command; refer to the example in CONFIGURATION versus INTERFACE Configurations in the Link Layer Discovery Protocol (LLDP) chapter). If a multiple DCBx peer ports are detected on a local DCBx interface, LLDP is shut down.
Step Task Command Command Mode 3 Configure the DCBx version used on the interface, where: auto configures the port to operate using the DCBx version received from a peer. • cee configures the port to use CEE (Intel 1.01). • cin configures the port to use Cisco-Intel-Nuova (DCBx 1.0). • ieee-v2.5 configures the port to use IEEE 802.1Qaz (Draft 2.5). Default: Auto. [no] DCBx version {auto | cee | cin | ieee-v2.
www.dell.com | support.dell.com Step 6 Task Command Command Mode On manual ports only: Configure the Application Priority TLVs advertised on the interface to DCBx peers, where: • fcoe enables the advertisement of FCoE in Application Priority TLVs. • iscsi enables the advertisement of iSCSI in Application Priority TLVs. Default: Application Priority TLVs are enabled to advertise FCoE and iSCSI.
Step 4 Task Command Command Mode Configure the PFC and ETS TLVs to be advertised on un-configured interfaces with a manual port-role, where: • ets-conf enables transmission of ETS Configuration TLVs. • ets-reco enables transmission of ETS Recommend TLVs. • pfc enables transmission of PFC TLVs.
www.dell.com | support.dell.com DCBx Error Messages An error in DCBx operation is displayed using the following syslog messages: LLDP_MULTIPLE_PEER_DETECTED: DCBx is operationally disabled after detecting more than one DCBx peer on the port interface. LLDP_PEER_AGE_OUT: DCBx is disabled as a result of LLDP timing out on a DCBx peer interface.
Table 13-25. Displaying DCB Configurations Command Output show qos dcb-input [pfc-profile] Displays the PFC configuration in a DCB input policy. show qos dcb-output [ets-profile] Displays the ETS configuration in a DCB output policy. show qos priority-groups Displays the ETS priority groups configured on the switch, including the 802.1p priority classes and ID of each group.
www.dell.com | support.dell.com Figure 13-12. show qos dcb-output Command Example FTOS# show qos dcb-output dcb-output ets priority-group san qos-policy san priority-group ipc qos-policy ipc priority-group lan qos-policy lan Figure 13-13. show qos priority-groups Command Example FTOS#show qos priority-groups priority-group ipc priority-list 4 set-pgid 2 Figure 13-14.
Table 13-26. show interface pfc summary Command Description Field Description Interface Interface type with stack-unit and port number. Admin mode is on Admin is enabled PFC Admin mode is on or off with a list of the configured PFC priorities. When PFC admin mode is on, PFC advertisements are enabled to be sent and received from peers; received PFC configuration takes effect. The admin operational status for a DCBx exchange of PFC configuration is enabled or disabled.
www.dell.com | support.dell.com Table 13-26. show interface pfc summary Command Description Field PFC TLV Statistics: Output TLV pkts Number of PFC TLVs transmitted. PFC TLV Statistics: Error pkts Number of PFC error packets received. PFC TLV Statistics: Pause Tx pkts Number of PFC pause frames transmitted. PFC TLV Statistics: Pause Rx pkts Number of PFC pause frames received Figure 13-15.
Figure 13-16.
www.dell.com | support.dell.
Figure 13-17.
www.dell.com | support.dell.com 310 Table 13-27. show interface ets detail Command Description Field | Description Interface Interface type with stack-unit and port number. Max Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured. Admin mode ETS mode: on or off.
Figure 13-18.
www.dell.com | support.dell.com Figure 13-20.
Figure 13-21.
www.dell.com | support.dell.com Table 13-28. 314 | show interface DCBx detail Command Description Field Description Local DCBx Compatibility mode DCBx version accepted in a DCB configuration as compatible. In auto-upstream mode, a port can only received a DCBx version supported on the remote peer. Local DCBx Configured mode DCBx version configured on the port: CEE, CIN, IEEE v2.5, or Auto (port auto-configures to use the DCBx version received from a peer).
PFC and ETS Configuration Examples This section contains examples of how to configure and apply DCB input and output policies on an interface. Using PFC and ETS to Manage Data Center Traffic In the following example: • • • Incoming SAN traffic is configured for priority-based flow control. Outbound LAN, IPC, and SAN traffic is mapped into three ETS priority groups and configured for enhanced traffic selection (bandwidth allocation and scheduling). One lossless queue is used.
www.dell.com | support.dell.com Figure 13-22. Example: PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in Table 13-29. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment.
Table 13-29. Example: dot1p-Queue Assignment dot1p Value in Incoming Frame Queue Assignment 0 0 1 0 2 0 3 1 4 2 5 3 6 3 7 3 Lossless SAN traffic with dot1p priority 3 is assigned to queue 1. Other traffic types are assigned the 802.1p priorities shown in Table 13-30 and the bandwidth allocations shown in Table 13-31. Table 13-30. Example: dot1p-priority class group Assignment dot1p Value in Incoming Frame Table 13-31.
www.dell.com | support.dell.com Figure 13-23.
Figure 13-24.
www.dell.com | support.dell.com Hierarchical Scheduling in ETS Output Policies ETS supports up to three levels of hierarchical scheduling. For example, you can apply ETS output policies with the following configurations: • • • Priority group 1 assigns traffic to one priority queue with 20% of the link bandwidth and strict-priority scheduling. Priority group 2 assigns traffic to one priority queue with 30% of the link bandwidth.
Skippy812 14 Dynamic Host Configuration Protocol (DHCP) Dynamic Host Configuration Protocol (DHCP) is available on platforms: e c s z.
www.dell.com | support.dell.com DHCP Packet Format and Options DHCP uses UDP as its transport protocol. The server listens on port 67 and transmits to port 68; the client listens on port 68 and transmits to port 67. The configuration parameters are carried as options in the DHCP packet in Type, Length, Value (TLV) format; many options are specified in RFC 2132.
Assigning an IP Address using DHCP When a client joins a network: 1. The client initially broadcasts a DHCPDISCOVER message on the subnet to discover available DHCP servers. This message includes the parameters that the client requires and might include suggested values for those parameters. 2. Servers unicast or broadcast a DHCPOFFER message in response to the DHCPDISCOVER that offers to the client values for the requested parameters.
www.dell.com | support.dell.com Implementation Information • • The Dell Force10 implementation of DHCP is based on RFC 2131 and RFC 3046. IP Source Address Validation is a sub-feature of DHCP Snooping; FTOS uses ACLs internally to implement this feature and as such, you cannot apply ACLs to an interface which has IP Source Address Validation.
A DHCP server is a network device that has been programmed to provide network configuration parameters to clients upon request. Servers typically serve many clients, making host management much more organized and efficient. The key responsibilities of DHCP servers are: 1. Address Storage and Management: DHCP servers are the owners of the addresses used by DHCP clients.The server stores the addresses and manages their use, keeping track of which addresses have been allocated and which are still available. 2.
www.dell.com | support.dell.com Create an IP Address Pool An address pool is a range of IP addresses that may be assigned by the DHCP server. Address pools are indexed by subnet number. To create an address pool: Step Task Command Syntax Command Mode 1 Access the DHCP server CLI context. ip dhcp server CONFIGURATION 2 Create an address pool and give it a name. pool name DHCP 3 Specify the range of IP addresses from which the DHCP server may assign addresses. • network is the subnet address.
Specify an Address Lease Time Task Command Syntax Command Mode Specify an address lease time for the addresses in a pool. lease {days [hours] [minutes] | infinite} DHCP Default: 24 hours Specify a Default Gateway The IP address of the default router should be on the same subnet as the client. Task Command Syntax Command Mode Specify default gateway(s) for the clients on the subnet, in order of preference.
www.dell.com | support.dell.com Configure a Method of Hostname Resolution Dell Force10 systems are capable of providing DHCP clients with parameters for two methods of hostname resolution. Address Resolution using DNS A domain is a group of networks. DHCP clients query DNS IP servers when they need to correlate host names to IP addresses. Step Task Command Syntax Command Mode 1 Create a domain.
To create a manual binding: Step Task Command Syntax Command Mode 1 Create an address pool pool name DHCP 2 Specify the client IP address. host address DHCP 3 Specify the client hardware address. • hardware-address is the client MAC address. type is the protocol of the hardware platform. The default protocol is Ethernet. hardware-address hardware-address type DHCP Debug DHCP server Task Command Syntax Command Mode Display debug information for DHCP server.
Note: DHCP Relay is not available on Layer 2 interfaces and VLANs. HCP Relay Device DHCP Server 10.11.2.5 Broadcast Source IP : 10.11.1.5 Destination IP: 255.255.255.255 Source Port: 67 Destination Port: 68 Unicast Source IP : 10.11.1.5 Destination IP: 10.11.0.3 Source Port: 67 Destination Port: 68 Unicast www.dell.com | support.dell.com When ip helper-address is configured, the system listens for DHCP broadcast messages on port 67.
Configure the System for User Port Stacking When you set the DHCP offer on the DHCP server, you can set the stacking-option variable to provide the stack-port detail so a stack can be formed when the units are connected. Configure Secure DHCP The following feature is available on platforms: c, e, s and z except where noted. DHCP as defined by RFC 2131 provides no authentication or security mechanisms.
www.dell.com | support.dell.com The relay agent strips Option 82 from DHCP responses before forwarding them to the client. Task Command Syntax Command Mode Insert Option 82 into DHCP packets. For routers between the relay agent and the DHCP server, enter the trust-downstream option. ip dhcp relay information-option [trust-downstream] CONFIGURATION Configure the system to enable remote-id string in Option 82.
Enable DCHP snooping Step Task Command Syntax Command Mode 1 Enable DHCP Snooping globally. ip dhcp snooping CONFIGURATION 2 Specify ports connected to DHCP servers as trusted. ip dhcp snooping trust INTERFACE 3 Enable DHCP Snooping on a VLAN. ip dhcp snooping vlan CONFIGURATION Add a static entry in the binding table Task Command Syntax Command Mode Add a static entry in the binding table.
www.dell.com | support.dell.com View the DHCP Snooping statistics with the show ip dhcp snooping command. FTOS#show ip dhcp snooping IP IP IP IP DHCP DHCP DHCP DHCP Snooping Snooping Mac Verification Relay Information-option Relay Trust Downstream : : : : Enabled. Disabled. Disabled. Disabled.
Dynamic ARP Inspection Dynamic ARP inspection prevents ARP spoofing by forwarding only ARP frames that have been validated against the DHCP binding table. ARP is a stateless protocol that provides no authentication mechanism. Network devices accept ARP requests and replies from any device, and ARP replies are accepted even when no request was sent. If a client receives an ARP message for which a relevant entry already exists in its ARP cache, it overwrites the existing entry with the new information.
www.dell.com | support.dell.com • denial of service—an attacker can send a fraudulent ARP messages to a client to associate a false MAC address with the gateway address, which would blackhole all internet-bound packets from the client. Note: DAI uses entries in the L2SysFlow CAM region, a sub-region of SystemFlow. One CAM entry is required for every DAI-enabled VLAN. You can enable DAI on up to 16 VLANs on a system.
Use show arp inspection statistics command to see how many valid and invalid ARP packets have been processed. FTOS#show arp inspection statistics Dynamic ARP Inspection (DAI) Statistics --------------------------------------Valid ARP Requests Valid ARP Replies Invalid ARP Requests Invalid ARP Replies FTOS# : : : : 0 1000 1000 0 Bypass the ARP Inspection You can configure a port to skip ARP inspection by defining the interface as trusted, which is useful in multi-switch environments.
www.dell.com | support.dell.com The DHCP binding table associates addresses assigned by the DHCP servers, with the port on which the requesting client is attached. When IP Source Address Validation is enabled on a port, the system verifies that the source IP address is one that is associated with the incoming port. If an attacker is impostering as a legitimate client the source address appears on the wrong ingress port, and the system drops the packet.
Step 4 Task Command Syntax Command Mode Enable IP+MAC Source Address Validation. ip dhcp source-address-validation ipmac INTERFACE FTOS creates an ACL entry for each IP+MAC address pair in the binding table and applies it to the interface. Task Command Syntax Command Mode Display the IP+MAC ACL for an interface for the entire system.
www.dell.com | support.dell.
15 Equal Cost Multi-Path (ECMP) Equal Cost Multi-Path (ECMP) is supported on platforms: e c s ECMP for Flow-based Affinity ECMP for Flow-based Affinity is available on platforms e and The hashing algorithm on E-Series TeraScale and E-Series ExaScale are different. Hashing on ExaScale is based on CRC, checksum, or XOR, and the algorithm on TeraScale is based on checksum only.
www.dell.com | support.dell.com FTOS Behavior: In FTOS versions prior to 8.2.1.2, the ExaScale default hash-algorithm is 0. Beginning with version 8.2.1.2, the default hash-algorithm is 24. Deterministic ECMP Next Hop Deterministic ECMP Next Hop arranges all ECMPs in order before writing them into the CAM. For example, suppose the RTM learns 8 ECMPs in the order that the protocols and interfaces came up. In this case, the FIB and CAM sort them so that the ECMPs are always arranged.
In the illustration below, Core Router 1 is an E-Series TeraScale and Core Router 2 is an E-Series ExaScale. They have similar configurations and have routes for prefix P with two possible next-hops. When Deterministic ECMP is enabled and the hash algorithm and seed are configured the same, each flow is consistently sent to the same next hop even though they are routed through two different chassis.
www.dell.com | support.dell.com Enable link bundle monitoring using the ecmp-group command. Note: An ecmp-group index is generated automatically for each unique ecmp-group when the user configures multipath routes to the same network. The system can generate a maximum of 512 unique ecmp-groups. The ecmp-group indexes are generated in even numbers (0, 2, 4, 6... 1022) and are for information only.
16 FIP Snooping FIP snooping is supported on platform This chapter describes the FIP snooping concepts and configuration procedures: • • • • • • • Fibre Channel over Ethernet Ensuring Robustness in a Converged Ethernet Network FIP Snooping on Ethernet Bridges FIP Snooping in a Switch Stack Configuring FIP Snooping Displaying FIP Snooping Information FIP Snooping Configuration Example Fibre Channel over Ethernet Fibre Channel over Ethernet (FCoE) provides a converged Ethernet network that allows the combin
www.dell.com | support.dell.com To ensure similar Fibre Channel robustness and security with FCoE in an Ethernet cloud network, the Fibre Channel over Ethernet initialization protocol (FIP) establishes virtual point-to-point links between FCoE end-devices (server ENodes and target storage devices) and FCoE forwarders (FCFs) over transit FCoE-enabled bridges.
Figure 16-27. FIP discovery and login between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF. An Ethernet bridge that provides these functions is called a FIP snooping bridge (FSB).
www.dell.com | support.dell.com • 348 • • Port-based ACLs are applied on all three port modes: on ports directly connected to an FCF, server-facing ENode ports, and bridge-to-bridge links. Port-based ACLs take precedence over global ACLs. FCoE-generated ACLs take precedence over user-configured ACLs. A user-configured ACL entry cannot deny FCoE and FIP snooping frames. Figure 16-28 shows a switch used as a FIP snooping bridge in a converged Ethernet network.
The following sections describe how to configure the FIP snooping feature on a switch that functions as a FIP snooping bridge so that it can perform the following functions: • • • • • • Allocate CAM resources for FCoE. Perform FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis. Set the FCoE MAC address prefix (FC-MAP) value used by an FCF to assign a MAC address to an FCoE end-device (server ENode or storage device) after a server successfully logs in.
www.dell.com | support.dell.com Enabling the FIP Snooping Feature Note: FIP Snooping is disabled by default. To enable this feature, you must follow the Configuration Procedure. As soon as you enable the FIP snooping feature on a switch-bridge, existing VLAN-specific and FIP snooping configurations are applied. The FCoE database is populated when the switch connects to a converged network adapter (CNA) or FCF port and compatible DCB configurations are synchronized.
Configuring a Port for a Bridge-to-Bridge Link If a switch port is connected to another FIP snooping bridge, configure the FCoE-Trusted Port mode for bridge-bridge links. Initially, all FCoE traffic is blocked. Only FIP frames with the ALL_FCF_MAC and ALL_ENODE_MAC values in their headers are allowed to pass. After the switch learns the MAC address of a connected FCF, it allows FIP frames destined to or received from the FCF MAC address.
www.dell.com | support.dell.com • VLAN membership: • You must create the VLANs on the switch which handles FCoE traffic (interface vlan command). • You must configure each FIP snooping port to operate in Hybrid mode so that it accepts both tagged and untagged VLAN frames (portmode hybrid command).
Displaying FIP Snooping Information Use the show commands in Table 16-33 to display information on FIP snooping. Table 16-33.
www.dell.com | support.dell.com Table 16-34. show fip-snooping sessions Command Description Field Description ENode MAC MAC address of the ENode. ENode Interface Slot/ port number of the interface connected to the ENode. FCF MAC MAC address of the FCF. FCF Interface Slot/ port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session. FCoE MAC MAC address of the FCoE session assigned by the FCF. FC-ID Fibre Channel ID assigned by the FCF.
Table 16-36. show fip-snooping fcf Command Description Field Description FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session. FC-MAP FC-Map value advertised by the FCF. ENode Interface Slot/ number of the interface connected to the ENode. FKA_ADV_PERIOD Period of time (in milliseconds) during which FIP keep-alive advertisements are transmitted.
www.dell.com | support.dell.com Figure 16-33.
Figure 16-34.
www.dell.com | support.dell.com Table 16-37. show fip-snooping statistics Command Descriptions Field Description Number of FDISC Rejects Number of FIP FDISC reject frames received on the interface. Number of FLOGO Accepts Number of FIP FLOGO accept frames received on the interface. Number of FLOGO Rejects Number of FIP FLOGO reject frames received on the interface. Number of CVLs Number of FIP clear virtual link frames received on the interface.
Figure 16-37. Configuration Example: FIP Snooping on an S4810 Switch In Figure 16-37, DCBX and PFC are enabled on the FIP snooping bridge and on the FCF ToR switch. On the FIP snooping bridge, DCBX is configured as follows: • • A server-facing port is configured for DCBX in an auto-downstream role. An FCF-facing port is configured for DCBX in an auto-upstream or configuration-source role.
www.dell.com | support.dell.com Figure 16-38. FIP Snooping Configuration Example Enable the FIP snooping feature on the switch (FIP snooping bridge): FTOS(conf)# feature fip-snooping Enable FIP snooping on FCoE VLAN 10: FTOS(conf)# interface vlan 10 FTOS(conf-if-vl-10)# fip-snooping enable Enable an FC-MAP value on VLAN 10: FTOS(conf-if-vl-10)# fip-snooping fc-map 0xOEFC01 Note: Configuring an FC-MAP value is only required if you do not use the default FC-MAP value (0x0EFC00).
17 Force10 Resilient Ring Protocol (FRRP) Force10 Resilient Ring Protocol (FRRP) is supported on platforms: e cs Force10 Resilient Ring Protocol (FRRP) provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a Metropolitan Area Network (MAN) or large campuses.
www.dell.com | support.dell.com A Virtual LAN (VLAN) is configured on all node ports in the ring. All ring ports must be members of the Member VLAN and the Control VLAN. The Member VLAN is the VLAN used to transmit data as described earlier. The Control VLAN is used to perform the health checks on the ring. The Control VLAN can always pass through all ports in the ring, including the secondary port of the Master node.
During the time between the Transit node detecting that its link is restored and the Master node detecting that the ring is restored, the Master node’s Secondary port is still forwarding traffic. This can create a temporary loop in the topology. To prevent this, the Transit node places all the ring ports transiting the newly restored port into a temporary blocked state. The Transit node remembers which port has been temporarily blocked and places it into a pre- forwarding state.
www.dell.com | support.dell.com • Ring Health Frames (RHF) • Hello RHF — Sent at 500ms (hello interval) — Transmitted and processed by Master node only • Topology Change RHF — Triggered updates — Processed at all nodes Important FRRP Concepts Table 17-38, "FRRP Components," in Force10 Resilient Ring Protocol (FRRP) lists some important FRRP concepts. Table 17-38. FRRP Components Concept Explanation Ring ID Each ring has a unique 8-bit ring ID through which the ring is identified (e.g.
Table 17-38. FRRP Components (continued) Concept Explanation Ring Status The state of the FRRP ring. During initialization/configuration, the default ring status is Ring-down (disabled). The Primary and Secondary interfaces, Control VLAN, and Master and Transit node information must be configured for the ring to be up. • Ring-Up: Ring is up and operational • Ring-Down: Ring is broken or not set up Ring Health-check Frame (RHF) Two types of RHFs are generated by the Master node.
www.dell.com | support.dell.com • • • • • Configure Primary and Secondary ports Configure the Master node Configure a Transit node Set FRRP Timers (optional) Enable FRRP Other FRRP related commands are: • Clear FRRP counters Create the FRRP group The FRRP group must be created on each switch in the ring. Use the commands in the following sequence to create the FRRP group.
Step Command Syntax Command Mode Purpose 2 tagged interface slot/ port {range} CONFIG-INT-VLAN Tag the specified interface or range of interfaces to this VLAN. Interface: • For a 10/100/1000 Ethernet interface, enter the keyword keyword GigabitEthernet followed by the slot/port information.
www.dell.com | support.dell.com Be sure to follow these guidelines: • • • All VLANS must be in Layer 2 mode. Control VLAN ports must be tagged. Member VLAN ports except the Primary/Secondary interface can be tagged or untagged. The Control VLAN must be the same for all nodes on the ring. Use the commands in the following sequence, on all of the Transit switches in the ring, to create the Members VLANs for this FRRP group.
Step Command Syntax Command Mode Purpose 4 mode transit CONFIG-FRRP Configure a Transit node 5 member-vlan vlan-id {range} CONFIG-FRRP Identify the Member VLANs for this FRRP group VLAN-ID, Range: VLAN IDs for the ring’s Member VLANs. 6 no disable CONFIG-FRRP Enable this FRRP group on this switch. Set FRRP Timers Step Command Syntax Command Mode Purpose 1 timer CONFIG-FRRP Enter the desired intervals for Hello-Interval or Dead-Interval times.
www.dell.com | support.dell.com Show FRRP information Use one of the following commands show general FRRP information. Command Syntax Command Mode Purpose show frrp ring-id EXEC or EXEC PRIVELEGED Show the information for the identified FRRP group. Ring ID: 1-255 show frrp summary EXEC or EXEC PRIVELEGED Show the state of all FRRP groups.
no shutdown ! interface Vlan 201 no ip address tagged GigabitEthernet 1/24,34 no shutdown ! protocol frrp 101 interface primary GigabitEthernet 1/24 secondary GigabitEthernet 1/34 control-vlan 101 member-vlan 201 mode master no disable R2 TRANSIT interface GigabitEthernet 2/14 no ip address switchport no shutdown ! interface GigabitEthernet 2/31 no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged GigabitEthernet 2/14,31 no shutdown ! interface Vlan 201 no ip address tagged Gigabi
www.dell.com | support.dell.
18 GARP VLAN Registration Protocol (GVRP) GARP VLAN Registration Protocol (GVRP) is supported on platforms: e cs Protocol Overview Typical VLAN implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GARP VLAN Registration Protocol (GVRP), defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches.
www.dell.com | support.dell.com • On the E-Series, C-Series, and non-S60/S55/S4810 S-Series, Per-VLAN Spanning Tree (PVST+) or MSTP and GVRP cannot be enabled at the same time, as shown in the example below. If Spanning Tree and GVRP are both required, implement RSTP. The S60, S55, and S4810 systems do support enabling GVRP and MSTP at the same time. FTOS(conf)#protocol spanning-tree pvst FTOS(conf-pvst)#no disable % Error: GVRP running. Cannot enable PVST. .........
Basic GVRP configuration is a 2-step process: 1. Enabling GVRP Globally. 2. Enabling GVRP on a Layer 2 Interface. Related Configuration Tasks • • Configuring GVRP Registration Configuring a GARP Timer Enabling GVRP Globally Enable GVRP for the entire switch using the command gvrp enable in CONFIGURATION mode, as shown in the following example. Use the show gvrp brief command to inspect the global configuration.
www.dell.com | support.dell.com Configuring GVRP Registration • • Fixed Registration Mode: Configuring a port in fixed registration mode allows for manual creation and registration of VLANs, prevents VLAN de-registration, and registers all VLANs known on other ports on the port. For example, if an interface is statically configured via the CLI to belong to a VLAN, it should not be un-configured when it receives a Leave PDU. So, the registration mode on that interface is FIXED.
• LeaveAll: Upon startup, a GARP device globally starts a LeaveAll timer. Upon expiration of this interval, it will send out a LeaveAll message so that other GARP devices can re-register all relevant attribute information. The device then restarts the LeaveAll timer to begin a new cycle. The LeaveAll timer must be greater than or equal to 5x of the Leave timer. The FTOS default is 10000ms.
www.dell.com | support.dell.
19 High Availability High Availability (HA) is supported on platforms: c e s Note: High Availability is not supported on the S60 system. High availability is a collection of features that preserves system continuity by maximizing uptime and minimizing packet loss during system disruptions. To support all the features within the HA collection, you should have the latest boot code. The following table lists the boot code requirements as of this FTOS release. Component Boot Code E-Series TeraScale RPM 2.4.
www.dell.com | support.dell.com Component Redundancy Dell Force10 systems eliminate single points of failure by providing dedicated or load-balanced redundancy for each component. RPM Redundancy The current version of FTOS supports 1+1 hitless Route Processor Module (RPM) redundancy. The primary RPM performs all routing, switching, and control operations while the standby RPM monitors the primary RPM.
Version compatibility between RPMs In general, the two RPMs should have the same FTOS version. However, FTOS tolerates some degree of difference between the two versions, as described in Table 19-39, "System Behavior with RPMs with Mismatched FTOS Versions," in High Availability. View the configuration loaded on each RPM using the command show redundancy, as shown in the example in Automatic and manual RPM failover . Table 19-39.
www.dell.com | support.dell.com Automatic and manual RPM failover RPM failover is the process of the standby RPM becoming the primary RPM. FTOS fails over to the standby RPM when: 1. Communication is lost between the standby and primary RPMs 2. You request a failover via the CLI 3. You remove the primary RPM Use the command show redundancy from EXEC Privilege mode to display the reason for the last failover.
C-Series RPMs have one CPU: Control Processor (CP). The CP on the RPM communicates with the LP via IPC. Like the E-Series, the CP monitors the health status of the other processors by sending a heartbeat message. If any CPU fails to acknowledge a consecutive number of heartbeat messages, or the CP itself fails to send heartbeat messages (IPC timeout), the primary RPM requests a failover to the standby RPM, and FTOS displays a message similar to Message 16.
www.dell.com | support.dell.com Table 19-40. Failover Behaviors Platform Failover Trigger Failover Behavior ce Hardware error detected on the primary RPM FTOS detects the hardware error on the primary RPM and notifies the standby RPM. The standby RPM initiates a failover. FTOS saves a CP trace log, and a CP hardware nvtrace log. Then the new primary RPM reboots the failed RPM. ce Forced failover via the CLI CP on primary RPM notifies standby RPM and the standby RPM initiates a failover.
RPM synchronization Data between the two RPMs is synchronized immediately after bootup. Once the two RPMs have done an initial full synchronization (block sync), thereafter FTOS only updates changed data (incremental sync). The data that is synchronized consists of configuration data, operational data, state and status, and statistics depending on the FTOS version.
www.dell.com | support.dell.com Specify an Auto-failover Limit When a non-recoverable fatal error is detected, an automatic failover occurs. However, FTOS is configured to auto-failover only three times within any 60 minute period. You may specify a different auto-failover count and period using the command redundancy auto-failover-limit. To re-enable the auto-failover-limit with its default parameters, in CONFIGURATION mode, use the redundancy auto-failover-limit command without parameters.
On the C-Series, when a secondary RPM with a logical SFM is inserted or removed, the system must add or remove the backplane links to the switch fabric trunk. Any time such links are changed, traffic is disrupted. Use the command redundancy sfm standby to avoid any traffic disruption when the secondary RPM is inserted. When this command is executed, the logical SFM on the standby RPM is immediately taken offline, and the SFM state set as standby. Use the command show sfm all to see SFM status information.
www.dell.com | support.dell.com Pre-configure a line card slot You may also pre-configure an empty line card slot with a logical line card using the command linecard from CONFIGURATION mode. After creating the logical line card, you can configure the interfaces on the line card as if it is present, as shown in the example below. FTOS(conf)#do show linecard 0 -- Line card 0 -Status : not present FTOS(conf)#int gig 0/0 ^ % Error: No card configured in slot at "^" marker.
FTOS#show linecard all -- Line cards -Slot Status NxtBoot ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 online online E48VB E48VB 7-5-1-71 48 [output omitted] Hitless Behavior Hitless Behavior is supported only on platforms: c e Hitless behavior is supported on S4810 with FTOS 8.3.12.0 and later or the E-Series ExaScale ex with FTOS 8.2.1.0. and later.
www.dell.com | support.dell.com Graceful Restart Graceful Restart is supported on platforms: e c s Graceful restart (also called non-stop forwarding) is a protocol-based mechanism that preserves the forwarding table of the restarting router and its neighbors for a specified period to minimize the loss of packets. A graceful-restart router does not immediately assume that a neighbor is permanently down and so does not trigger a topology change.
• For ExaScale, the RPM alone RPM periodically sends out test frames that loop back through the SFM. The loopback health check determines the overall status of the backplane and can identifies a faulty SFM. If three consecutive RPM loopbacks fail, then the software initiates a fault isolation procedure that sequentially disables one SFM at a time and performs the same loopback test.
www.dell.com | support.dell.com Trace Log Developers interlace messages with software code to track a the execution of a program. These messages are called trace messages; they are primarily used for debugging and provide lower level information than event messages, which are primarily used by system administrators. FTOS retains executed trace messages for hardware and software and stores them in files (logs) on the internal flash.
• • Hot-lock IP ACLs (supported on E-Series, C-Series, and S-Series) allow you to append rules to and delete rules from an Access Control List that is already written to CAM. This behavior is enabled by default and is available for both standard and extended ACLs on ingress and egress. For information on configuring ACLs, see Access Control Lists (ACLs).
www.dell.com | support.dell.com Configure Cache Boot Cache Boot is supported on platforms: c e Cache Boot is supported on E-Series ExaScale ex with FTOS 8.2.1.0. and later. FTOS Behavior: On E-Series ExaScale, the SFM auto upgrade feature is not supported with cacheboot. If you attempt an SFM auto upgrade, you must reload the chassis to recover. The Dell Force10 system has the ability to boot the chassis using a cached FTOS image.
Power Status : AC Voltage : ok Serial Number : FX000017082 --More-- 2. The cache boot feature requires at least the boot code versions in Table 19-43, "Boot Code Requirements for Cache Boot," in High Availability. Use show rpm and show linecard commands to verify that you have the proper version. Table 19-43. Boot Code Requirements for Cache Boot Component Boot Code E-Series TeraScale RPM 2.4.2.1 E-Series TeraScale Line Card 2.3.2.1 E-Series ExaScale RPM 2.5.0.3 E-Series ExaScale Line Card 2.9.
www.dell.com | support.dell.com linecard 4 invalid linecard 5 is not present. 6.5.1.8 Note: [b] : booted [n] : next boot Upgrade cache boot image(4.7.5.427) for all cards [yes/no]: yes cache boot image downloading in progress... !!!!!!!!!!!!!!!!!!!!! cache boot upgrade in progress. Please do NOT power off the card. Note: Updating Flash Table of Contents... Erasing TOC area...
SECONDARY IMAGE FILE = flash://FTOS-EF-7.7.1.0.bin DEFAULT IMAGE FILE = flash://FTOS-EF-7.6.1.0.bin LOCAL CONFIG FILE = variable does not exist PRIMARY HOST CONFIG FILE = variable does not exist SECONDARY HOST CONFIG FILE = variable does not exist PRIMARY NETWORK CONFIG FILE = variable does not exist SECONDARY NETWORK CONFIG FILE = variable does not exist CURRENT IMAGE FILE = flash://FTOS-EF-7.7.1.0.
www.dell.com | support.dell.com The restart time varies by process. In general, interface-related processes are hitless and can be restarted in seconds; if a restart is successful, traffic is not interrupted. Protocol tasks and line card processes are not hitless and take longer to restart. You can select which process may attempt to restart and the number of consecutive restart attempts before failover, but by default, every process fails over.
20 Internet Group Management Protocol (IGMP) Internet Group Management Protocol (IGMP) is supported on platforms: ecs Multicast is premised on identifying many hosts by a single destination IP address; hosts represented by the same IP address are a multicast group. Internet Group Management Protocol (IGMP) is a Layer 3 multicast protocol that hosts use to join or leave a multicast group.
www.dell.com | support.dell.com To receive multicast traffic from a particular source, a host must join the multicast group to which the source is sending traffic. A host that is a member of a group is called a receiver. A host may join many groups, and may join or leave any group at any time. A host joins and leaves a multicast group by sending an IGMP message to its IGMP Querier.
2. The querier sends a Group-Specific Query to determine whether there are any remaining hosts in the group. There must be at least one receiver in a group on a subnet for a router to forward multicast traffic for that group to the subnet. 3. Any remaining hosts respond to the query according to the delay timer mechanism (see Adjusting Query and Response Timers). If no hosts respond (because there are none remaining in the group) the querier waits a specified period and sends another query.
www.dell.com | support.dell.com Version (4) IHL TOS (0xc0) Total Length Flags Frag Offset TTL (1) Protocol (2) Header Checksum Type Reserved Src IP Addr Dest IP Addr (224.0.0.
Membership Reports: Joining and Filtering 3 Interface Multicast Group Filter Source Source Address Timer Mode Timer 1/1 224.1.1.1 GMI Exclude None 1/1 224.1.1.1 Include 10.11.1.1 GMI 1/1 224.1.1.1 Include 10.11.1.1 GMI IGMP Group-and-Source Specific Query Non-Querier Querier Type: 0x11 Group Address: 244.1.1.1 Number of Sources: 1 Source Address: 10.11.1.1 1/1 10.11.1.2 GMI 2 Change to Include Type: 0x22 Number of Group Records: 1 Record Type: 3 Number of Sources: 1 Multicast Address: 224.1.1.
www.dell.com | support.dell.com Membership Queries: Leaving and Staying Non-Querier Querier Interface Multicast Group Filter Source Source Address Timer Mode Timer 1/1 224.1.1.1 Include 10.11.1.1 LQMT 10.11.1.2 LQMT Non-querier builds identical table and waits Other Querier Present Interval to assume Querier role 1/1 2/1 224.2.2.2 GMI Exclude None IGMP Group-and-Source Specific Query Type: 0x11 Group Address: 224.1.1.1 Number of Sources: 2 Source Address: 10.11.1.1, 10.11.1.
Viewing IGMP Enabled Interfaces Interfaces that are enabled with PIM-SM are automatically enabled with IGMP. View IGMP-enabled interfaces using the command show ip igmp interface in the EXEC Privilege mode. FTOS#show ip igmp interface gig 7/16 GigabitEthernet 7/16 is up, line protocol is up Internet address is 10.87.3.
www.dell.com | support.dell.com Viewing IGMP Groups View both learned and statically configured IGMP groups using the command show ip igmp groups from EXEC Privilege mode. FTOS(conf-if-gi-1/0)#do sho ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Uptime 224.1.1.1 GigabitEthernet 1/0 00:00:03 224.1.2.1 GigabitEthernet 1/0 00:56:55 Expires Never 00:01:22 Last Reporter CLI 1.1.1.
Adjusting the IGMP Querier Timeout Value If there is more than one multicast router on a subnet, only one is elected to be the querier, which is the router that sends queries to the subnet. 1. Routers send queries to the all multicast systems address, 224.0.0.1. Initially, all routers send queries. 2. When a router receives a query it compares the IP address of the interface on which it was received with the source IP address given in the query.
www.dell.com | support.dell.com IGMP Snooping Multicast packets are addressed with multicast MAC addresses, which represent a group of devices, rather than one unique device. Switches forward multicast frames out of all ports in a VLAN by default, even though there may be only some interested hosts, which is a waste of bandwidth.
Enabling IGMP Immediate-leave Configure the switch to remove a group-port association upon receiving an IGMP Leave message using the command ip igmp fast-leave from INTERFACE VLAN mode. View the configuration using the command show config from INTERFACE VLAN mode, as shown in the example below.
www.dell.com | support.dell.com • • • IGMP snooping Querier does not start if there is a statically configured multicast router interface in the VLAN. The switch may lose the querier election if it does not have the lowest IP address of all potential queriers on the subnet. When enabled, IGMP snooping Querier starts after one query interval in case no IGMP general query (with IP SA lower than its VLAN IP address) is received on any of its VLAN members.
21 Interfaces This chapter describes interface types, both physical and logical, and how to configure them with FTOS. 10/100/1000 Mbps Ethernet, Gigabit Ethernet, and 10 Gigabit Ethernet interfaces are supported on platforms: e c s and Z SONET interfaces are only supported on platform e.
www.dell.com | support.dell.
0 Vlans 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics: 3 packets, 192 bytes, 0 underruns 3 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 3 Broadcasts, 0 Unicasts 0 Vlans, 0 throttles, 0 discarded, 0 collisions Rate info (interval 299 seco
www.dell.com | support.dell.com no ip address shutdown ! interface GigabitEthernet 9/9 no ip address shutdown Enable a Physical Interface After determining the type of physical interfaces available, the user may enter the INTERFACE mode by entering the command interface interface slot/port to enable and configure the interfaces.
Line card interfaces support Layer 2 and Layer 3 traffic over the 10/100/1000, Gigabit, and 10-Gigabit Ethernet interfaces. SONET interfaces with PPP encapsulation support Layer 3 traffic. These interfaces (except SONET interfaces with PPP encapsulation) can also become part of virtual interfaces such as VLANs or port channels. Link detection on ExaScale line cards is interrupt-based rather than poll-based, which enables ExaScale cards to bring up and take down links faster.
www.dell.com | support.dell.com Table 21-44. Interfaces Types Possible Modes Requires Creation Default State Port Channel Layer 2 Layer 3 Yes Shutdown (disabled) VLAN Layer 2 Layer 3 Yes, except for the default VLAN No shutdown (active for Layer 2) Shutdown (disabled for Layer 3) Type of Interface Configure Layer 2 (Data Link) Mode Use the switchport command in INTERFACE mode to enable Layer 2 data transmissions through an individual interface.
! interface GigabitEthernet 1/5 ip address 10.10.10.1 /24 no shutdown FTOS(conf-if)# If an interface is in the incorrect layer mode for a given command, an error message is displayed to the user. In the example below, the command ip address triggered an error message because the interface is in Layer 2 mode and the ip address command is a Layer 3 command only. FTOS(conf-if)#show config ! interface GigabitEthernet 1/2 no ip address switchport no shutdown FTOS(conf-if)#ip address 10.10.1.
www.dell.com | support.dell.com MTU is 1554 bytes Inbound access list is not set Proxy ARP is enabled Split Horizon is enabled Poison Reverse is disabled ICMP redirects are not sent ICMP unreachables are not sent Management Interfaces The S4810 system supports the Management Ethernet interface as well as the standard S-Series interface on any port. Either method can be used to connect to the system.
To configure IP addresses on a Management interface, use the following command in the MANAGEMENT INTERFACE mode: Command Syntax Command Mode Purpose ip address ip-address mask INTERFACE Configure an IP address and mask on the interface. • ip-address mask: enter an address in dotted-decimal format (A.B.C.D), the mask must be in /prefix format (/x) If there are 2 RPMs on the system, each Management interface must be configured with a different IP address.
www.dell.com | support.dell.com As shown in the following example, from EXEC Privilege mode, display the configuration for a given port by entering the command show interface, and the routing table with the show ip route command.
A consideration for including VLANs in routing protocols is that the no shutdown command must be configured. (For routing traffic to flow, the VLAN must be enabled.) Note: An IP address cannot be assigned to the Default VLAN, which, by default, is VLAN 1. To assign another VLAN ID to the Default VLAN, use the default vlan-id vlan-id command.
www.dell.com | support.dell.com To delete a Loopback interface, use the no interface loopback number command syntax in the CONFIGURATION mode. Many of the same commands found in the physical interface are found in Loopback interfaces. See also Configuring ACLs to Loopback. Null Interfaces The Null interface is another virtual interface created by the E-Series software. There is only one Null interface. It is always up, but no traffic is transmitted through this interface.
Port channel benefits For the E-Series, a port channel interface provides many benefits, including easy management, link redundancy, and sharing. Port channels are transparent to network configurations and can be modified and managed as one interface. For example, you configure one IP address for the group and that IP address is used for all routed traffic on the port channel. With this feature, the user can create larger-capacity interfaces by utilizing a group of lower-speed links.
www.dell.com | support.dell.com Port channels can contain a mix of 10, 100, or 1000 Mbps Ethernet interfaces and Gigabit Ethernet interfaces, and the interface speed (10, 100, or 1000 Mbps) used by the port channel is determined by the first port channel member that is physically up. FTOS disables the interfaces that do match the interface speed set by the first channel member.
Create a port channel You can create up to 255 port channels on an E-Series (255 for TeraScale and ExaScale, 1 to 32 for EtherScale). You can create up to 128 port channels on an C-Series, 52 port channels with 8 port members per group on an S-Series S50 or S25, and 128 port channels with 8 port members per group on an S-Series S55, S60 and S4810.
www.dell.com | support.dell.com When an interface is added to a port channel, FTOS recalculates the hash algorithm. To add a physical interface to a port channel, use these commands in the following sequence in the INTERFACE mode of a port channel: Step 1 2 Command Syntax Command Mode Purpose channel-member interface INTERFACE PORT-CHANNEL Add the interface to a port channel. The interface variable is the physical interface type and slot/port information.
Input 00.01Mbits/sec, 2 packets/sec Output 81.60Mbits/sec, 133658 packets/sec Time since last interface status change: 04:31:57 FTOS> When more than one interface is added to a Layer 2 port channel, FTOS selects one of the active interfaces in the port channel to be the Primary Port. The primary port replies to flooding and sends protocol PDUs. An asterisk in the show interfaces port-channel brief command indicates the primary port.
www.dell.com | support.dell.com The following text displays an example of moving the GigabitEthernet 1/8 interface from port channel 4 to port channel 3.
Command Syntax Command Mode Purpose untagged port-channel id number INTERFACE VLAN Add the port channel to the VLAN as an untagged interface. An interface without tagging enabled can belong to only one VLAN. To remove a port channel from a VLAN, use either of the following commands: Command Syntax Command Mode Purpose no tagged port-channel id number INTERFACE VLAN Remove the port channel with tagging enabled from the VLAN.
www.dell.com | support.dell.com Load balancing through port channels FTOS uses hash algorithms for distributing traffic evenly over channel members in a port channel (LAG). The hash algorithm distributes traffic among ECMP paths and LAG members. The distribution is based on a flow, except for packet-based hashing. A flow is identified by the hash and is assigned to one link. In packet-based hashing, a single flow can be distributed on the LAG and uses one link.
On the E-Series, to change the 5-tuple default to 3-tuple, MAC, or packet-based, use the following command in CONFIGURATION mode: Command Syntax Command Mode Purpose [no] load-balance [ip-selection {3-tuple | packet-based}] [mac] CONFIGURATION To designate a method to balance traffic over a port channel. By default, IP 5-tuple is used to distribute traffic over members port channel. ip-selection 3-tuple—Distribute IP traffic based on IP source address, IP destination address, and IP protocol type.
www.dell.com | support.dell.com IPv4, IPv6, and non-IP traffic handling on the E-Series The table below presents the combinations of the load-balance command and their effect on traffic types. Figure 21-39.
Hash algorithm The load-balance command discussed above selects the hash criteria applied to port channels. If even distribution is not obtained with the load-balance command, the hash-algorithm command can be used to select the hash scheme for LAG, ECMP and NH-ECMP. The 12 bit Lag Hash can be rotated or shifted till the desired hash is achieved. The nh-ecmp option allows you to change the hash value for recursive ECMP routes independently of non-recursive ECMP routes.
www.dell.com | support.dell.com To change to another method, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose hash-algorithm ecmp {crc-upper} | {dest-ip} | {lsb} CONFIGURATION Change to another algorithm. For more on load-balancing, see “Equal Cost Multipath and Link Aggregation Frequently Asked Questions” in the E-Series FAQ section (login required) of iSupport: https://www.force10networks.com/CSPortal20/KnowledgeBase/ToolTips.
Bulk Configuration Examples The following are examples of using the interface range command for bulk configuration: • • • • • • • Create a single-range Create a multiple-range Exclude duplicate entries Exclude a smaller port range Overlap port ranges Commas Add ranges Create a single-range FTOS(config)# interface range gigabitethernet 5/1 - 23 FTOS(config-if-range-gi-5/1-23)# no shutdown FTOS(config-if-range-gi-5/1-23)# Create a multiple-range FTOS(conf)#interface range tengigabitethernet 3/0 , gigabitet
www.dell.com | support.dell.com Commas The example below shows how to use commas to add different interface types to the range, enabling all Gigabit Ethernet interfaces in the range 5/1 to 5/23 and both Ten Gigabit Ethernet interfaces 1/1 and 1/2.
Choose an Interface-range Macro To use an interface-range macro in the interface range command, enter this command: Command Syntax Command Mode Purpose interface range macro name CONFIGURATION Selects the interfaces range to be configured using the values saved in a named interface-range macro. The example below shows how to change to the interface-range configuration mode using the interface-range macro named “test.
www.dell.com | support.dell.com FTOS#monitor interface gi 3/1 FTOS uptime is 1 day(s), 4 hour(s), 31 minute(s) Monitor time: 00:00:00 Refresh Intvl.
To test the condition of cables on 10/100/1000 BASE-T modules, use the tdr-cable-test command: Step 1 Command Syntax Command Mode Usage tdr-cable-test gigabitethernet / EXEC Privilege To test for cable faults on the GigabitEthernet cable. • Between two ports, the user must not start the test on both ends of the cable. • The user must enable the interface before starting the test. • The port should be enabled to run the test or the test prints an error message.
www.dell.com | support.dell.com Link Debounce Timer Link Debounce Timer is supported on platform e The Link Debounce Timer feature isolates upper layer protocols on Ethernet switches and routers from very short-term, possibly repetitive interface flaps often caused by network jitter on the DWDM equipment connecting the switch and other devices on a SONET ring. The Link Debounce Timer delays link change notifications, thus decreasing traffic loss due to network configuration.
Show debounce times in an interface show interface debounce [type] [slot/port] EXEC Privilege Show the debounce time for the specified interface. Enter the interface type keyword followed by the type of interface and slot/port information: • For a 10/100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/ port information. • For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information.
www.dell.com | support.dell.com Link Dampening Interface state changes occur when interfaces are administratively brought up or down or if an interface state changes. Every time an interface changes state or flaps, routing protocols are notified of the status of the routes that are affected by the change in state, and these protocols go through momentous task of re-converging. Flapping therefore puts the status of entire network at risk of transient loops and black holes.
FTOS# show interfaces dampening InterfaceStateFlapsPenaltyHalf-LifeReuseSuppressMax-Sup Gi 0/0Up005750250020 Gi 0/1Up21200205001500300 Gi 0/2Down4850306002000120 View a dampening summary for the entire system using the command show interfaces dampening summary from EXEC Privilege mode, as shown in the example below. FTOS# show interfaces dampening summary 20 interfaces are configured with dampening. 3 interfaces are currently suppressed.
www.dell.com | support.dell.com Table 21-48 lists the range for each transmission media. Table 21-48. MTU Range Transmission Media MTU Range (in bytes) Ethernet 594-12000 = link MTU 576-9234 = IP MTU Link Bundle Monitoring Link Bundle Monitoring is supported only on platform: Monitoring linked LAG bundles allows traffic distribution amounts in a link to be monitored for unfair distribution at any given time. A threshold of 60% is defined as an acceptable amount of traffic on a member link.
The following error message appears when trying to enable flow control when half duplex is already configured: Can’t configure flowcontrol when half duplex is configure, config ignored. The following error message appears when trying to enable half duplex and flow control configuration is on: Can’t configure half duplex when flowcontrol is on, config ignored.
www.dell.com | support.dell.com Note: If rx flow control is disabled, Dell Force10 recommends rebooting the system. Ethernet Pause Frames flow control must be enabled on all ports on a chassis or a line card. If not, the system may exhibit unpredictable behavior. On the C-Series and S-Series systems, the flow control sender and receiver must be on the same port-pipe. Flow control is not supported across different port-pipes on the C-Series or S-Series system.
Table 21-49 lists the various Layer 2 overheads found in FTOS and the number of bytes. Table 21-49. Difference between Link MTU and IP MTU Layer 2 Overhead Difference between Link MTU and IP MTU Ethernet (untagged) 18 bytes VLAN Tag 22 bytes Untagged Packet with VLAN-Stack Header 22 bytes Tagged Packet with VLAN-Stack Header 26 bytes Link MTU and IP MTU considerations for port channels and VLANs are as follows.
www.dell.com | support.dell.com Note: All references to the E1200 in this section include the E1200i-AC and E1200i-DC. References to E600 include the E600i. For the purposes of diagnostics, the major difference between the E-Series platforms is the number of port pipes per slot. • • E1200 and E600—Each slot has two port-pipes. Each portpipe has nine 3.125Gbps channels to the backplane, one to each SFM. E300—Each slot has one portpipe. Each port-pipe has eight 3.
For 10/100/1000 Ethernet interfaces, the negotiation auto command is tied to the speed command. Auto-negotiation is always enabled when the speed command is set to 1000 or auto. In FTOS, the command speed 100 is an exact equivalent of speed auto 100 in IOS.
www.dell.com | support.dell.com FTOS(config)#interface gig 0/1 FTOS(Interface 0/1)#speed 100 FTOS(Interface 0/1)#duplex full FTOS(Interface 0/1)#no negotiation auto FTOS(Interface 0/1)#show config ! interface GigabitEthernet 0/1 no ip address speed 100 duplex full no shutdown Setting Auto-Negotiation Options The negotiation auto command provides a mode option for configuring an individual port to forced master/ forced slave once auto-negotiation is enabled.
Command Syntax Command Mode Purpose keepalive [seconds] INTERFACE Change the default interval between keepalive messages. To view the new setting, use the show config command in the INTERFACE mode. View Advanced Interface Information Display Only Configured Interfaces The following options have been implemented for show [ip | running-config] interfaces commands for (only) linecard interfaces. When the configured keyword is used, only interfaces that have non-default configurations are displayed.
www.dell.com | support.dell.com Name: GigabitEthernet 13/2 802.1QTagged: True Vlan membership: Vlan 2 Name: GigabitEthernet 13/3 802.1QTagged: True Vlan membership: Vlan 2 --More-- Configure Interface Sampling Size Use the rate-interval command, in INTERFACE mode, to configure the number of seconds of traffic statistics to display in the show interfaces output. Although any value between 30 and 299 seconds (the default) can be entered, software polling is done once every 15 seconds.
FTOS(conf-if-te-10/0)#rate-interval 100 FTOS#show interfaces TenGigabitEthernet 10/0 is down, line protocol is down Hardware is Force10Eth, address is 00:01:e8:01:9e:d9 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 10000 Mbit ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 1d23h45m Queueing strategy: fifo 0 packets input, 0 bytes Input 0 IP Packets, 0 Vlans 0 MPLS 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over
www.dell.com | support.dell.com • • • IP FIB L2 ACL L2 FIB Clear interface counters The counters in the show interfaces command are reset by the clear counters command. This command does not clear the counters captured by any SNMP program.
22 IPv4 Routing IPv4 Routing is supported on platforms: ecs FTOS supports various IP addressing features. This chapter explains the basics of Domain Name Service (DNS), Address Resolution Protocol (ARP), and routing principles and their implementation in FTOS. • • • • • • IP Addresses Directed Broadcast Resolution of Host Names ARP ICMP UDP Helper Table 22-51 lists the defaults for the IP addressing features described in this chapter. Table 22-51.
www.dell.com | support.dell.com For more information on IP addressing, refer to RFC 791, Internet Protocol. Implementation Information In FTOS, you can configure any IP address as a static route except IP addresses already assigned to interfaces. Note: FTOS versions 7.7.1.0 and later support 31-bit subnet masks (/31, or 255.255.255.254) as defined by RFC 3021. This feature allows you to save two more IP addresses on point-to-point links than 30-bit masks. FTOS supports RFC 3021 with ARP.
To assign an IP address to an interface, use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose interface interface CONFIGURATION Enter the keyword interface followed by the type of interface and slot/port information: • For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. • For a Loopback interface, enter the keyword loopback followed by a number from 0 to 16383.
www.dell.com | support.dell.com To view the configuration, use the show config command in the INTERFACE mode as shown in the example below or show ip interface in the EXEC privilege mode as shown in the second example. FTOS(conf-if)#show conf ! interface GigabitEthernet 0/0 ip address 10.11.1.1/24 no shutdown ! FTOS(conf-if)# FTOS#show ip int gi 0/8 GigabitEthernet 0/8 is up, line protocol is up Internet address is 10.69.8.1/24 Broadcast address is 10.69.8.
To view the configured routes, use the show ip route static command. FTOS#show ip route static Destination Gateway ----------------S 2.1.2.0/24 Direct, Nu 0 S 6.1.2.0/24 via 6.1.20.2, S 6.1.2.2/32 via 6.1.20.2, S 6.1.2.3/32 via 6.1.20.2, S 6.1.2.4/32 via 6.1.20.2, S 6.1.2.5/32 via 6.1.20.2, S 6.1.2.6/32 via 6.1.20.2, S 6.1.2.7/32 via 6.1.20.2, S 6.1.2.8/32 via 6.1.20.2, S 6.1.2.9/32 via 6.1.20.2, S 6.1.2.10/32 via 6.1.20.2, S 6.1.2.11/32 via 6.1.20.2, S 6.1.2.12/32 via 6.1.20.2, S 6.1.2.13/32 via 6.1.20.
www.dell.com | support.dell.com To view the configured static routes for the management port, use the show ip management-route command in the EXEC privilege mode. FTOS#show ip route static Destination Gateway ----------------S 2.1.2.0/24 Direct, Nu 0 S 6.1.2.0/24 via 6.1.20.2, S 6.1.2.2/32 via 6.1.20.2, S 6.1.2.3/32 via 6.1.20.2, S 6.1.2.4/32 via 6.1.20.2, S 6.1.2.5/32 via 6.1.20.2, S 6.1.2.6/32 via 6.1.20.2, S 6.1.2.7/32 via 6.1.20.2, S 6.1.2.8/32 via 6.1.20.2, S 6.1.2.9/32 via 6.1.20.2, S 6.1.2.
• • Specify local system domain and a list of domains DNS with traceroute Enable dynamic resolution of host names By default, dynamic resolution of host names (DNS) is disabled. To enable DNS, use the following commands in the CONFIGURATION mode: Command Syntax Command Mode Purpose ip domain-lookup CONFIGURATION Enable dynamic resolution of host names. ip name-server ip-address CONFIGURATION Specify up to 6 name servers. The order you entered the servers determines the order of their use.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose ip domain-list name CONFIGURATION Enter up to 63 characters to configure names to complete unqualified host names. Configure this command up to 6 times to specify a list of possible domain names. FTOS searches the domain names in the order they were configured until a match is found or the list is exhausted. DNS with traceroute To configure your switch to perform DNS with traceroute, follow the steps below in the CONFIGURATION mode.
Address Resolution Protocol (ARP) runs over Ethernet and enables endstations to learn the MAC addresses of neighbors on an IP network. Over time, FTOS creates a forwarding table mapping the MAC addresses to their corresponding IP address. This table is called the ARP Cache and dynamically learned addresses are removed after a defined period of time. For more information on ARP, see RFC 826, An Ethernet Address Resolution Protocol.
www.dell.com | support.dell.com To view the static entries in the ARP cache, use the show arp static command in the EXEC privilege mode as shown below. FTOS#show arp Protocol Address Age(min) Hardware Address Interface VLAN CPU -------------------------------------------------------------------------------Internet 10.1.2.4 17 08:00:20:b7:bd:32 Ma 1/0 CP FTOS# Enable Proxy ARP By default, Proxy ARP is enabled. To disable Proxy ARP, use no proxy-arp command in the interface mode.
Command Syntax Command Mode Purpose clear arp-cache [interface | ip EXEC privilege Clear the ARP caches for all interfaces or for a specific interface by entering the following information: • For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. • For a port channel interface, enter the keyword port-channel followed by a number from 1 to 255 for TeraScale and ExaScale, 1 to 32 for EtherScale.
www.dell.com | support.dell.com Beginning with version 8.3.1.0, when a Gratuitous ARP is received, FTOS installs an ARP entry on all 3 CPUs. Task Command Syntax Command Mode Enable ARP learning via gratuitous ARP. arp learn-enable CONFIGURATION ARP Learning via ARP Request In FTOS versions prior to 8.3.1.0, FTOS learns via ARP Requests only if the Target IP specified in the packet matches the IP address of the receiving router interface.
Configurable ARP Retries In FTOS versions prior to 8.3.1.0, the number of ARP retries is set to 5 and is not configurable. After 5 retries, FTOS backs off for 20 seconds before it sends a new request. Beginning with FTOS version 8.3.1.0, the number of ARP retries is configurable. The default backoff interval remains at 20 seconds. On the S4810 platform, with FTOS version 8.3.8.0 and later, the time between ARP resend is configurable. This timer is an exponential backoff timer.
www.dell.com | support.dell.com To reenable the creation of ICMP unreachable messages on the interface, use the following command in the INTERFACE mode: Command Syntax Command Mode Purpose ip unreachable INTERFACE Set FTOS to create and send ICMP unreachable messages on the interface. To view if ICMP unreachable messages are sent on the interface, use the show config command in the INTERFACE mode. If it is not listed in the show config command output, it is enabled.
2. Configure a broadcast address on interfaces that will receive UDP broadcast traffic. Refer to Configuring a Broadcast Address. Important Points to Remember about UDP Helper • • • • The existing command ip directed broadcast is rendered meaningless if UDP helper is enabled on the same interface. The broadcast traffic rate should not exceed 200 packets per second when UDP helper is enabled. You may specify a maximum of 16 UDP ports.
www.dell.com | support.dell.com Configuring a Broadcast Address Configure a broadcast address on an interface using the command ip udp-broadcast-address, as shown in the example below. FTOS(conf-if-vl-100)#ip udp-broadcast-address 1.1.255.255 FTOS(conf-if-vl-100)#show config ! interface Vlan 100 ip address 1.1.0.1/24 ip udp-broadcast-address 1.1.255.
2. If UDP helper (using the command ip udp-helper udp-port) is enabled, and the UDP destination port of the packet matches the UDP port configured, the system changes the destination address to the configured broadcast 1.1.255.255 and routes the packet to VLANs 100 and 101. If an IP broadcast address is not configured (using the command ip udp-broadcast-address) on VLANs 100 or 101, the packet is forwarded using the original destination IP address 255.255.255.255.
www.dell.com | support.dell.
Troubleshooting UDP Helper Display debugging information using the command debug ip udp-helper, as shown in the example below. FTOS(conf)# debug ip udp-helper 01:20:22: Pkt rcvd on Gi 5/0 with IP DA (0xffffffff) will be sent on Gi 5/1 Gi 5/2 Vlan 3 01:44:54: Pkt rcvd on Gi 7/0 is handed over for DHCP processing. Use the command debug ip dhcp when using the IP helper and UDP helper on the same interface, as shown in the following example. Packet 0.0.0.0:68 -> 255.255.255.
| IPv4 Routing www.dell.com | support.dell.
23 iSCSI Optimization iSCSI Optimization is supported on platform . This chapter describes how to configure internet small computer system interface (iSCSI) optimization, which enables quality-of-service (QoS) treatment for iSCSI traffic.
www.dell.com | support.dell.com • • • iSCSI monitoring sessions — The switch monitors and tracks active iSCSI sessions in connections on the switch, including port information and iSCSI session information. iSCSI QoS—A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic. Classifier rules are used to direct the iSCSI data traffic to queues that can be given preferential QoS treatment over other data passing through the switch.
Monitoring iSCSI Traffic Flows The switch snoops iSCSI session-establishment and termination packets by installing classifier rules that trap iSCSI protocol packets to the CPU for examination. Devices that initiate iSCSI sessions usually use well-known TCP ports 3260 or 860 to contact targets. When you enable iSCSI optimization, by default the switch identifies IP packets to or from these ports as iSCSI traffic.
www.dell.com | support.dell.com If no iSCSI traffic is detected for a session during a user-configurable aging period, the session data is cleared. If more than 256 simultaneous sessions are logged continuously, the following message displays indicating the queue rate limit has been reached. %STKUNIT2-M:CP %iSCSI-5-ISCSI_OPT_MAX_SESS_EXCEEDED: New iSCSI Session Ignored: ISID - 400001370000 InitiatorName - iqn.1991-05.com.microsoft:dt-brcd-cna-2 TargetName iqn.2001-05.com.
Detection and Port Configuration for Dell Compellent Arrays Switches support the iscsi profile-compellent command to configure a port connected to a Dell Compellent storage array. The command configures a port for the best iSCSI traffic conditions and must be entered in INTERFACE Configuration mode.
www.dell.com | support.dell.com Enabling and Disabling iSCSI Optimization Note: iSCSI monitoring is disabled by default. iSCSI auto-configuration and auto-detection is enabled by default. If iSCSI is enabled, flow control will be automatically enabled on all interfaces. To disable the flow control on all interfaces, enter the command “no flow control rx on tx off” and save the configuration.
Table 23-52. iSCSI Optimization: Default Parameters Parameter Default Value VLAN priority tag iSCSI flows are assigned by default to dot1p priority 4 without remark setting. DSCP None: user-configurable. Remark Not configured. iSCSI session aging time 10 minutes iSCSI optimization target ports iSCSI well-known ports 3260 and 860 are configured as default (with no IP address or name) but can be removed as any other configured target. iSCSI session monitoring Disabled.
www.dell.com | support.dell.com 482 Step | Task Command Command Mode 7 (Optional) Configure the iSCSI target ports and optionally the IP addresses on which iSCSI communication will be monitored, where: • tcp-port-n is the TCP port number or a list of TCP port numbers on which the iSCSI target listens to requests. You can configure up to 16 target TCP ports on the switch in one command or multiple commands. Default: 860, 3260. Separate port numbers with a comma.
Step Task Command Command Mode 12 (Optional) Enter interface configuration mode to configure the auto-detection of Compellent disk arrays. interface port-type slot/port CONFIGURATION 13 (Optional) Configures the auto-detection of Compellent arrays on a port. Default: Compellent disk arrays are not detected. [no] iscsi profile-compellent INTERFACE Displaying iSCSI Optimization Information Use the show commands in Table 23-53 to display information on iSCSI optimization Table 23-53.
www.dell.com | support.dell.com Figure 23-42. show iscsi session Command Example VLT PEER1 FTOS#show isci session Session 0: ----------------------------------------------------------------------------------------Target: iqn.2001-05.com.equallogic:0-8a0906-0e70c2002-10a0018426a48c94-iom010 Initiator: iqn.1991-05.com.microsoft:win-x9l8v27yajg ISID: 400001370000 VLT PEER2 Session 0: ----------------------------------------------------------------------------------------Target: iqn.2001-05.com.
24 Intermediate System to Intermediate System Intermediate System to Intermediate System is supported on the e and platforms. IS-IS is supported on the E-Series ExaScale platform with FTOS 8.1.1.0 and later. It is supported on the with FTOS 8.3.10.0. Intermediate System to Intermediate System (IS-IS) protocol is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm. Dell Force10 supports both IPv4 and IPv6 versions of IS-IS, as it is detailed in this chapter.
www.dell.com | support.dell.com systems manage destination paths for external routers. Only Level 2 routers can exchange data packets or routing information directly with external routers located outside of the routing domains. Level 1-2 systems manage both inter-area and intra-area traffic by maintaining two separate link databases; one for Level 1 routes and one for Level 2 routes. A Level 1-2 router does not advertise Level 2 routes to a Level 1 router.
Multi-Topology IS-IS FTOS 7.8.1.0 and later support Multi-Topology Routing IS-IS. E-Series ExaScale platform ex supports Multi-Topology IS-IS with FTOS 8.2.1.0 and later. S-Series platform supports Multi-Topology IS-IS with FTOS 8.3.10.0 and later. Multi-Topology IS-IS (MT IS-IS) allows you to create multiple IS-IS topologies on a single router with separate databases.
www.dell.com | support.dell.com Interface support MT IS-IS is supported on physical Ethernet interfaces, physical Sonet interfaces, port-channel interfaces (static & dynamic using LACP), and VLAN interfaces. Adjacencies Adjacencies on point-to-point interfaces are formed as usual, where IS-IS routers do not implement Multi-Topology (MT) extensions. If a local router does not participate in certain MTs, it will not advertise those MT IDs in its IIHs and so will not include that neighbor within its LSPs.
• • • The T1 timer specifies the wait time before unacknowledged restart requests are generated. This is the interval before the system sends a Restart Request (an IIH with RR bit set in Restart TLV) until the CSNP is received from the helping router. The duration can be set to a specific amount of time (seconds) or a number of attempts. The T2 timer is the maximum time that the system will wait for LSP database synchronization. This timer applies to the database type (level-1, level-2 or both).
www.dell.com | support.dell.com Table 24-54 displays the default values for IS-IS. Table 24-54.
• • Set the overload bit on page 507 Debug IS-IS on page 508 Enable IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information with neighbors, enable IS-IS on an interface, instead of on a network as with other routing protocols. In IS-IS, neighbors form adjacencies only when they are same IS type.
www.dell.com | support.dell.com Step Task Command Syntax Command Mode 3 Enter the interface configuration mode. Enter the keyword interface followed by the type of interface and slot/port information: • For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. • For the Loopback interface on the RPM, enter the keyword loopback followed by a number from 0 to 16383.
Figure 24-45. Command Example: show isis protocol FTOS#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223.2425.2627.2829.3031.3233 47.0004.004d.
www.dell.com | support.dell.com Configure Multi-Topology IS-IS (MT IS-IS) Step 1 Task Command Syntax Command Mode Enable Multi-Topology IS-IS for IPv6. Enter the transition keyword to allow an IS-IS IPv6 user to continue to use single-topology mode while upgrading to multi-topology mode.After every router has been configured with the transition keyword, and all the routers are in MT IS-IS IPv6 mode users can remove the transition keyword on each router.
Configure Multi-Topology IS-IS (MT IS-IS) Step 1 Task Command Syntax Command Mode Enable Multi-Topology IS-IS for IPv6. Enter the transition keyword to allow an IS-IS IPv6 user to continue to use single-topology mode while upgrading to multi-topology mode.After every router has been configured with the transition keyword, and all the routers are in MT IS-IS IPv6 mode users can remove the transition keyword on each router.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose graceful-restart restart-wait seconds ROUTER-ISIS Enable the Graceful Restart maximum wait time before a restarting peer comes up. Be sure to set the t3 timer to adjacency on the restarting router when implementing this command.
Use the show isis graceful-restart detail command in EXEC Privilege mode to view all Graceful Restart related configuration. Figure 24-47.
www.dell.com | support.dell.com Figure 24-48. Command Example: show isis interface FTOS#show isis interface G1/34 GigabitEthernet 2/10 is up, line protocol is up MTU 1497, Encapsulation SAP Routing Protocol: IS-IS Circuit Type: Level-1-2 Interface Index 0x62cc03a, Local circuit ID 1 Level-1 Metric: 10, Priority: 64, Circuit ID: 0000.0000.000B.01 Hello Interval: 10, Hello Multiplier: 3, CSNP Interval: 10 Number of active level-1 adjacencies: 1 Level-2 Metric: 10, Priority: 64, Circuit ID: 0000.0000.000B.
Figure 24-49. Command Example: show running-config isis FTOS#show running-config isis ! router isis lsp-refresh-interval 902 net 47.0005.0001.000C.000A.4321.00 net 51.0005.0001.000C.000A.4321.00 FTOS# Configure IS-IS metric style and cost All IS-IS links or interfaces are associated with a cost that is used in the SPF calculations. The possible cost varies depending on the metric style supported.
www.dell.com | support.dell.com Figure 24-50. Command Example: show isis protocol FTOS#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223.2425.2627.2829.3031.3233 47.0004.004d.
Table 24-56. Correct Value Range for the isis metric command Metric Style Correct Value Range narrow transition 0 to 63 transition 0 to 63 Configuring the distance of a route Configure the distance for a route using the distance command from ROUTER ISIS mode.
www.dell.com | support.dell.com Figure 24-51. Command Example: show isis database FTOS#show isis database IS-IS Level-1 Link State Database LSPID LSP Seq Num B233.00-00 0x00000003 eljefe.00-00 * 0x00000009 eljefe.01-00 * 0x00000001 eljefe.02-00 * 0x00000001 Force10.00-00 0x00000002 IS-IS Level-2 Link State Database LSPID LSP Seq Num B233.00-00 0x00000006 eljefe.00-00 * 0x0000000D eljefe.01-00 * 0x00000001 eljefe.02-00 * 0x00000001 Force10.
Configure the prefix list in the PREFIX LIST mode prior to assigning it to the IS-IS process. For configuration information on prefix lists, see Chapter 7, Access Control Lists (ACLs). IPv4 routes Use the following commands in ROUTER ISIS mode to apply prefix lists to incoming or outgoing IPv4 routes. Note: These commands apply to IPv4 IS-IS only.
www.dell.com | support.dell.com 504 IPv6 routes Use these commands in ADDRESS-FAMILY IPV6 mode to apply prefix lists to incoming or outgoing IPv6 routes. = Note: These commands apply to IPv6 IS-IS only. Use the ROUTER ISIS mode previously shown to apply prefix lists to IPv4 routes. | Command Syntax Command Mode Purpose distribute-list prefix-list-name in [interface] ROUTER ISIS-AF IPV6 Apply a configured prefix list to all incoming IPv6 IS-IS routes.
Redistribute routes In addition to filtering routes, you can add routes from other routing instances or protocols to the IS-IS process. With the redistribute command syntax, you can include BGP, OSPF, RIP, static, or directly connected routes in the IS-IS process. Note: Do not route iBGP routes to IS-IS unless there are route-maps associated with the IS-IS redistribution. IPv4 routes Use any of the following commands in ROUTER ISIS mode to add routes from other routing instances or protocols.
www.dell.com | support.dell.com IPv6 routes Use any of the these commands in ROUTER ISIS ADDRESS-FAMILY IPV6 mode to add routes from other routing instances or protocols. Note: These commands apply to IPv6 IS-IS only. Use the ROUTER ISIS mode previously shown to apply prefix lists to IPv4 routes.
Use either or both of the commands in ROUTER ISIS mode to configure a simple text password. Command Syntax Command Mode Purpose area-password [hmac-md5] password ROUTER ISIS Configure authentication password for an area. FTOS supports HMAC-MD5 authentication. This password is inserted in Level 1 LSPs, Complete SNPs, and Partial SNPs. domain-password [encryption-type | hmac-md5] password ROUTER ISIS Set the authentication password for a routing domain.
www.dell.com | support.dell.com Figure 24-52. Command Example: show isis database FTOS#show isis database IS-IS Level-1 Link State Database LSPID LSP Seq Num B233.00-00 0x00000003 eljefe.00-00 * 0x0000000A eljefe.01-00 * 0x00000001 eljefe.02-00 * 0x00000001 Force10.00-00 0x00000002 IS-IS Level-2 Link State Database LSPID LSP Seq Num B233.00-00 0x00000006 eljefe.00-00 * 0x0000000E eljefe.01-00 * 0x00000001 eljefe.02-00 * 0x00000001 Force10.
Command Syntax Command Mode Purpose debug isis update-packets [interface] EXEC Privilege View sent and received LSPs. To view specific information, enter one of the following optional parameters: • interface: Enter the type of interface and slot/port information to view IS-IS information on that interface only. FTOS displays debug messages on the console. Use the show debugging command in EXEC Privilege mode to view which debugging commands are enabled.
www.dell.com | support.dell.com For any level (Level-1, Level-2, or Level-1-2), the value range possible in the isis metric command in INTERFACE mode changes depending on the metric style. Table 24-57.
Table 24-58.
www.dell.com | support.dell.com Leaking from One Level to Another 512 In the following scenarios, each IS-IS level is configured with a different metric style. Table 24-60.
Sample Configuration The following configurations are examples for enabling IPv6 IS-IS. These are not comprehensive directions. They are intended to give you a some guidance with typical configurations. S Note: Only one IS-IS process can run on the router, even if both IPv4 and IPv6 routing is being used. You can copy and paste from these examples to your CLI. Be sure you make the necessary changes to support your own IP Addresses, Interfaces, Names, etc.
www.dell.com | support.dell.com Figure 24-53. IS-IS Sample Configuration - Congruent Topology FTOS(conf-if-te-3/17)#show config ! interface TenGigabitEthernet 3/17 ip address 24.3.1.1/24 ipv6 address 24:3::1/76 ip router isis ipv6 router isis no shutdown FTOS (conf-if-te-3/17)# FTOS (conf-router_isis)#show config ! router isis metric-style wide level-1 metric-style wide level-2 net 34.0000.0000.AAAA.00 FTOS (conf-router_isis)# Figure 24-54.
Figure 24-56.
www.dell.com | support.dell.
25 IPv6 Routing IPv6 Routing is supported on platforms ecs Note: The IPv6 basic commands are supported on all platforms. However, not all features are supported on all platforms, nor for all releases. See Table 25-62 to determine the FTOS version supporting which features and platforms. IPv6 (Internet Protocol Version 6) is the successor to IPv4. Due to the extremely rapid growth in internet users and IP addresses, IPv4 is reaching its maximum usage.
www.dell.com | support.dell.com • • • Stateless Autoconfiguration Header Format Simplification Improved Support for Options and Extensions Extended Address Space The address format is extended from 32 bits to 128 bits. This not only provides room for all anticipated needs, it allows for the use of a hierarchical address space structure to optimize global addressing.
IPv6 Headers The IPv6 header has a fixed length of 40 bytes. This provides 16 bytes each for Source and Destination information and 8 bytes for general header information. The IPv6 header includes the following fields: • • • • • • • • Version (4 bits) Traffic Class (8 bits) Flow Label (20 bits) Payload Length (16 bits) Next Header (8 bits) Hop Limit (8 bits) Source Address (128 bits) Destination Address (128 bits) IPv6 provides for Extension Headers. Extension Headers are used only if necessary.
www.dell.com | support.dell.com Traffic Class (8 bits) The Traffic Class field deals with any data that needs special handling. These bits define the packet priority and are defined by the packet Source. Sending and forwarding routers use this field to identify different IPv6 classes and priorities. Routers understand the priority settings and handle them appropriately during conditions of congestion.
Note: This is not a comprehensive table of Next Header field values. Refer to the Internet Assigned Numbers Authority (IANA) web page at http://www.iana.org/assignments/ protocol-numbers for a complete and current listing. Hop Limit (8 bits) The Hop Limit field shows the number of hops remaining for packet processing. In IPv4, this is known as the Time to Live (TTL) field and uses seconds rather than hops. Each time the packet moves through a forwarding router, this field decrements by 1.
www.dell.com | support.dell.com Hop-by-Hop Options header The Hop-by-Hop options header contains information that is examined by every router along the packet’s path. It follows the IPv6 header and is designated by the Next Header value 0 (zero) (Table 25-61). When a Hop-by-Hop Options header is not included, the router knows that it does not have to process any router specific information and immediately processes the packet to its final destination.
Addressing IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). For example, 2001:0db8:0000:0000:0000:0000:1428:57ab is a valid IPv6 address. If one or more four-digit group(s) is 0000, the zeros may be omitted and replaced with two colons(::). For example, 2001:0db8:0000:0000:0000:0000:1428:57ab can be shortened to 2001:0db8::1428:57ab. Only one set of double colons is supported in a single address.
www.dell.com | support.dell.com case, a DHCP server is used, but it is specifically configured to always assign the same IPv6 address to a particular computer, and never to assign that IP address to another computer. This allows static IPv6 addresses to be configured in one place, without having to specifically configure each computer on the network in a different way.
Table 25-62. FTOS and IPv6 Feature Support (continued) Route redistribution 7.4.1 8.2.1 7.8.1 8.4.2 8.3.10.0 OSPF, IS-IS, and IPv6 BGP chapters in the FTOS Command Line Reference Guide Multiprotocol BGP extensions for IPv6 7.4.1 IPv6 BGP MD5 Authentication 8.2.1.0 IS-IS for IPv6 N/A 8.2.1 7.8.1 8.4.2 8.3.10.0 IPv6 BGP in the FTOS Command Line Reference Guide 8.2.1.0 8.2.1.0 8.4.2 8.3.10.0 IPv6 BGP in the FTOS Command Line Reference Guide N/A N/A N/A 8.3.10.
www.dell.com | support.dell.com Table 25-62. FTOS and IPv6 Feature Support (continued) IPv6 Access Control 7.4.1 Lists 8.2.1 7.8.1 8.2.1.0 8.3.10.0 IPv6 Access Control Lists in the FTOS Command Line Reference Guide IPv6 Multicast PIM-SM for IPv6 7.4.1 8.2.1 8.4.2 8.4.2 N/A IPv6 Multicast in this chapter; IPv6 PIM in the FTOS Command Line Reference Guide PIM-SSM for IPv6 7.5.1 8.2.1 8.4.2 8.4.
Path MTU Discovery IPv6 MTU Discovery is supported on platforms c e s Path MTU (Maximum Transmission Unit) defines the largest packet size that can traverse a transmission path without suffering fragmentation. Path MTU for IPv6 uses ICMPv6 Type-2 messages to discover the largest MTU along the path from source to destination and avoid the need to fragment the packet. The recommended MTU for IPv6 is 1280.
www.dell.com | support.dell.com IPv6 Neighbor Discovery IPv6 NDP is supported on platforms c e s Neighbor Discovery Protocol (NDP) is a top-level protocol for neighbor discovery on an IPv6 network. In lieu of ARP, NDP uses “Neighbor Solicitation” and “Neighbor Advertisement” ICMPv6 messages for determining relationships between neighboring nodes.
IPv6 Neighbor Discovery of MTU packets With FTOS 8.3.1.0, you can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers. It does not set the actual MTU rate. For example, if ipv6 nd mtu is set to 1280, the interface will still pass 1500-byte packets, if that is what is set with the mtu command.
www.dell.com | support.dell.com SSH over an IPv6 Transport IPv6 SSH is supported on platforms c e s FTOS supports both inbound and outbound SSH sessions using IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. Refer to the Security Commands chapter in the FTOS Command Line Interface Reference document for SSH configuration details.
Figure 25-60. Command Example: show cam-profile summary (E-Series) FTOS#show cam-profile summary -- Chassis CAM Profile -: Current Settings : Next Boot Profile Name : IPV6-ExtACL : IPV6-ExtACL MicroCode Name : IPv6-ExtACL : IPv6-ExtACL -- Line card 1 -: Current Settings : Next Boot : IPV6-ExtACL : IPV6-ExtACL : IPv6-ExtACL : IPv6-ExtACL Profile Name MicroCode Name FTOS# Figure 25-61.
www.dell.com | support.dell.com The default option sets the CAM Profile as follows: • • • • • L3 ACL (ipv4acl): 6 L2 ACL(l2acl) : 5 IPv6 L3 ACL (ipv6acl): 0 L3 QoS (ipv4qos): 1 L2 QoS (l2qos): 1 Save the new CAM settings to the startup-config (write-mem or copy run start) then reload the system for the new settings to take effect. Command Syntax Command Mode Purpose cam-acl { ipv6acl } CONFIGURATION Allocate space for IPV6 ACLs. Enter the CAM profile name followed by the amount to be allotted.
One of the existing IPv6 addresses must be deleted before a new IPv6 address can be configured. Command Syntax Command Mode Purpose ipv6 address ipv6 address/mask CONFIG-INTERFACE Enter the IPv6 Address for the device. ipv6 address : x:x:x:x::x mask : prefix length 0 to 128 IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing earlier in this chapter.
www.dell.com | support.dell.com 534 Note: After you configure a static IPv6 route (ipv6 route command) and configure the forwarding router’s address (specified in the ipv6 route command) on a neighbor’s interface, the IPv6 neighbor is not displayed in the show ipv6 route command output.
Telnet with IPv6 IPv6 Telnet is supported on platforms c e s The Telnet client and server in FTOS support IPv6 connections. You can establish a Telnet session directly to the router using an IPv6 Telnet client, or an IPv6 Telnet connection can be initiated from the router. Note: Telnet to link local addresses is not supported. Command Syntax Command Mode telnet ipv6 address EXEC or EXEC Privileged Purpose Enter the IPv6 Address for the device.
www.dell.com | support.dell.com Show IPv6 Information 536 All of the following show commands are supported on platforms c e s View specific IPv6 configuration with the following commands.
Show an IPv6 Interface View the IPv6 configuration for a specific interface with the following command. Command Syntax Command Mode Purpose show ipv6 interface EXEC Show the currently running configuration for the specified interface Enter the keyword interface followed by the type of interface and slot/port information: • For all brief summary of IPv6 status and configuration, enter the keyword brief. • For all IPv6 configured interfaces, enter the keyword configured.
www.dell.com | support.dell.com Show IPv6 Routes View the global IPv6 routing information with the following command. Command Syntax Command Mode Purpose show ipv6 route type EXEC Show IPv6 routing information for the specified route type. Enter the keyword: • To display information about a network, enter the ipv6 address (X:X:X:X::X). • To display information about a host, enter the hostname. • To display information about all IPv6 routes (including non-active routes), enter all.
Figure 25-64. Command Example: show ipv6 route summary FTOS#show ipv6 route summary Route Source connected static Total Active Routes 5 0 5 Non-active Routes 0 0 0 Figure 25-65 illustrates the show ipv6 route static command output. Figure 25-65.
www.dell.com | support.dell.com Figure 25-66. Command Example: show running-config interface FTOS#show run int gi 2/2 ! interface GigabitEthernet 2/2 no ip address ipv6 address 3:4:5:6::8/24 shutdown FTOS# Clear IPv6 Routes Use the clear IPv6 route command to clear routes from the IPv6 routing table. Command Syntax Command Mode Purpose clear ipv6 route {* | ipv6 address EXEC Clear (refresh) all or a specific routes from the IPv6 routing table.
26 Link Aggregation Control Protocol (LACP) Link Aggregation Control Protocol (LACP) is supported on platforms: e cs The major sections in the chapter are: • • • • • Introduction to Dynamic LAGs and LACP LACP Configuration Tasks Shared LAG State Tracking Configure LACP as Hitless LACP Basic Configuration Example Introduction to Dynamic LAGs and LACP A Link Aggregation Group (LAG), referred to as a port channel by FTOS, can provide both load-sharing and port redundancy across line cards.
www.dell.com | support.dell.com LACP functions by constantly exchanging custom MAC PDUs across LAN Ethernet links. The protocol packets are only exchanged between ports that are configured as LACP capable. Important Points to Remember • • • • • • LACP enables you to add members to a port channel (LAG) as long as it has no static members. Conversely, if the LAG already contains a statically defined member (channel-member command), the port-channel mode command is not permitted.
A port in Passive state cannot set up a LAG with another port in Passive state. LACP Configuration Commands If aggregated ports are configured with compatible LACP modes (Off, Active, Passive), LACP can automatically link them, as defined in IEEE 802.3, Section 43. The following commands configure LACP: Command Syntax Command Mode Purpose [no] lacp system-priority priority-value CONFIGURATION Configure the system priority.
www.dell.com | support.dell.com The LAG is in the default VLAN. To place the LAG into a non-default VLAN, use the tagged command on the LAG as shown in the example below: FTOS(conf)#interface vlan 10 FTOS(conf-if-vl-10)#tagged port-channel 32 Configure the LAG interfaces as dynamic After creating a LAG, configure the dynamic LAG interfaces. The following example shows ports 3/15, 3/16, 4/15, and 4/16 added to LAG 32 in LACP mode with the command port-channel-protocol lacp.
To configure the LACP long timeout as shown in the example below: Step 1 Task Command Syntax Command Mode Set the LACP timeout value to 30 seconds. lacp long-timeout CONFIG-INT-PO FTOS(conf)# interface port-channel 32 FTOS(conf-if-po-32)#no shutdown FTOS(conf-if-po-32)#switchport FTOS(conf-if-po-32)#lacp long-timeout FTOS(conf-if-po-32)#end FTOS# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.
www.dell.com | support.dell.com via R2, as shown. Traffic is equally distributed between LAGs 1 and 2. If LAG 1 fails, all traffic from R1 to R4 flows across LAG 2 only. This condition over-subscribes the link, and packets are dropped. R4 Po 2 Po 1 Po 1 failure R1 Po 2 over-subscribed R2 R3 fnC0049mp To avoid packet loss, traffic must be re-directed through the next lowest-cost link (R3 to R4).
R2#show running-config po-failover-group ! port-channel failover-group group 1 port-channel 1 port-channel 2 In the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down upon the failure. This effect is logged by Message 22, in which a console message declares both LAGs down at the same time.
www.dell.com | support.dell.com Important Points about Shared LAG State Tracking • • • • • This feature is available for static and dynamic LAGs. Only a LAG can be a member of a failover group. Shared LAG State Tracking can be configured on one side of a link or on both sides. If a LAG that is part of a failover group is deleted, the failover group is deleted. If a LAG moves to the down state due to this feature, its members may still be in the up state.
Port Channel 10 ALPHA BRAVO Gig 3/21 Gig 2/31 Gig 2/32 Gig 3/22 Gig 3/23 Gig 2/33 Configuring a LAG on ALPHA Creating a LAG on ALPHA Alpha(conf)#interface port-channel 10 Alpha(conf-if-po-10)#no ip address Alpha(conf-if-po-10)#switchport Alpha(conf-if-po-10)#no shutdown Alpha(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Alpha(conf-if-po-10)# Inspecting a LAG Port Configuration on ALPHA Alpha#sh int gig 2/31 GigabitEthernet 2/31 is up, line protocol is
www.dell.com | support.dell.
Shows the status of this physical nterface, and shows it is part of port channel 10. Alpha#sh int gig 2/31 GigabitEthernet 2/31 is up, line protocol is up Port is part of Port-channel 10 Hardware is Force10Eth, address is 00:01:e8:06:95:c0 Current address is 00:01:e8:06:95:c0 Interface index is 109101113 Port will not be disabled on partial SFM failure Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes Shows the speed of this physical interface.
www.dell.com | support.dell.com Inspecting Configuration of LAG 10 on ALPHA 552 Indicates the MAC address assigned to the LAG. This does NOT match any of the physical interface MAC addresses.
Using the show lacp Command to Verify LAG 10 Status on ALPHA Alpha#sho lacp 10 Port-channel 10 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e806.953e Partner System ID: Priority 32768, Address 0001.e809.
www.dell.com | support.dell.
Summary of the configuration on BRAVO Summary of the configuration on BRAVO Bravo(conf-if-gi-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Bravo(conf-if-po-10)#exit Bravo(conf)#int gig 3/21 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-gi-3/21)#port-channel-protocol lacp Bravo(conf-if-gi-3/21-lacp)#por
www.dell.com | support.dell.com Using the show interface Command to Inspect a LAG Port on BRAVO Shows the status of this nterface. Also shows it is part of LAG 10. Bravo#show int gig 3/21 GigabitEthernet 3/21 is up, line protocol is up Port is part of Port-channel 10 Hardware is Force10Eth, address is 00:01:e8:09:c3:82 Current address is 00:01:e8:09:c3:82 Shows that this is a Layer 2 port.
Indicates the MAC address assigned to the LAG. This does NOT match any of the physical interface MAC addresses. FTOS#sh int port 10 Port-channel 10 is up, line protocol is up Created by LACP protocol Hardware address is 00:01:e8:09:c4:ef, Current address is 00:01:e8:09:c4:ef Interface index is 1107755018 Confirms the number of links to bring up Minimum number of links to bring Port-channel up is 1 the LAG and that this is a switch Internet address is not set port instead of a router port.
www.dell.com | support.dell.com FTOS#show lacp 10 Port-channel 10 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e809.c24a Partner System ID: Priority 32768, Address 0001.e806.
27 Layer 2 Layer 2 features are supported on platforms: ecs This chapter describes the following Layer 2 features: • • • • • • • • Managing the MAC Address Table MAC Learning Limit NIC Teaming Microsoft Clustering Configuring Redundant Pairs Restricting Layer 2 Flooding Restricting Layer 2 Multicast Flooding over Low Speed Ports Far-end Failure Detection Managing the MAC Address Table FTOS provides the following management activities for the MAC address table: • • • • Clear the MAC Address Table Set th
www.dell.com | support.dell.com Set the Aging Time for Dynamic Entries Learned MAC addresses are entered in the table as dynamic entries, which means that they are subject to aging. For any dynamic entry, if no packet arrives on the switch with the MAC address as the source or destination address within the timer period, the address is removed from the table. The default aging time is 1800 seconds. Task Command Syntax Command Mode Disable MAC address aging for all dynamic entries.
Display the MAC Address Table To display the contents of the MAC address table: Task Command Syntax CommandMode Display the contents of the MAC address table. • address displays the specified entry. • aging-time displays the configured aging-time. • count displays the number of dynamic and static entries for all VLANs, and the total number of entries. • dynamic displays only dynamic entries • interface displays only entries for the specified interface. • static displays only static entries.
www.dell.com | support.dell.com MAC Address Learning Limit is a method of port security on Layer 2 port-channel and physical interfaces, and VLANs. It enables you to set an upper limit on the number of MAC addresses that learned on an interface/VLAN. After the limit is reached, the system drops all traffic from a device with an unlearned MAC address.
mac learning-limit mac-address-sticky Using sticky MAC addresses allows you to associate a specific port with MAC addresses from trusted devices. If sticky MAC is enabled, the specified port will retain any dynamically-learned addresses and prevent them from being transferred or learned on other ports. If mac-learning-limit is configured and sticky MAC is enabled, all dynamically-learned addresses are converted to sticky MAC addresses for the selected port.
www.dell.com | support.dell.com Station Move Violation Actions Station Move Violation Actions are supported only on platforms: S-Series (S25/S50) no-station-move is the default behavior. You can configure the system to take an action if a station move occurs using one the following options with the mac learning-limit command:. Task Command Syntax Generate a system log message indicating a station move. station-move-violation log Shut down the first port to learn the MAC address.
Per-VLAN MAC Learning Limit Per-VLAN MAC Learning Limit is available only on platform: e An individual MAC learning limit can be configured for each VLAN using Per-VLAN MAC Learning Limit. One application of Per-VLAN MAC Learning Limit is on access ports. In the following illustration, an Internet Exchange Point (IXP) connects multiple Internet Service Provider (ISP). An IXP can provide several types of services to its customers including public and private peering.
www.dell.com | support.dell.
(in the above example, this is Port 0/5 of the switch). To ensure the MAC address is disassociated with one port and re-associated with another port in the ARP table, you must configure the command mac-address-table station-move refresh-arp on the Dell Force10 switch at the time that NIC teaming is being configured on the server. Note: If this command is not configured, traffic continues to be forwarded to the failed NIC until the ARP entry on the switch times out. Figure 27-68.
www.dell.com | support.dell.com Default Behavior When an ARP request is sent to a server cluster, either the active server or all of the servers send a reply, depending on the cluster configuration. If the active server sends a reply, the Dell Force10 switch learns the active server’s MAC address. If all servers reply, the switch registers only the last received ARP reply, and the switch learns one server’s actual MAC address (Figure 27-69); the virtual MAC address is never learned.
As shown in Figure 27-71, the server MAC address is given in the Ethernet frame header of the ARP reply, while the virtual MAC address representing the cluster is given in the payload. The vlan-flooding command directs the system to discover that there are different MAC addresses in an ARP reply and associate the virtual MAC address with the VLAN connected to the cluster. Then, all traffic destined for the cluster is flooded out of all member ports.
www.dell.com | support.dell.com Configuring Redundant Pairs Configuring Redundant Pairs is supported on platforms: ecs Z Networks that employ switches that do not support Spanning Tree (STP) — for example, networks with Digital Subscriber Line Access Mutiplexers (DSLAM) — cannot have redundant links between switches because they create switching loops (Figure 27-72).
You configure a redundant pair by assigning a backup interface to a primary interface with the switchport backup interface command. Initially, the primary interface is active and transmits traffic and the backup interface remains down. If the primary fails for any reason, the backup transitions to an active UP state. If the primary interface fails and later comes back up, it remains as the backup interface for the redundant pair.
www.dell.com | support.dell.com Figure 27-73.
Restricting Layer 2 Flooding Restricting Layer 2 Flooding is supported only on platform: e When Layer 2 multicast traffic must be forwarded on a VLAN that has multiple ports with different speeds on the same port-pipe, forwarding is limited to the speed of the slowest port. Restricted Layer 2 Flooding prevents slower ports from lowering the throughput of multicast traffic on faster ports by restricting flooding to ports with a speed equal to or above a link speed you specify.
www.dell.com | support.dell.com Far-end Failure Detection Far-end Failure Detection is supported on platforms e Z Far-end Failure Detection (FEFD) is a protocol that senses remote data link errors in a network. It responds by sending a unidirectional report that triggers an echoed response after a specified time interval. FEFD can be enabled globally or locally on an interface basis. Disabling the global FEFD configuration does not disable the interface configuration. Figure 27-76.
FEFD state changes FEFD has two operational modes, Normal and Aggressive. When Normal mode is enabled on an interface an a far-end failure is detected, no intervention is required to reset the interface to bring it back to an FEFD operational state.When Aggressive mode is enabled on an interface in the same state, manual intervention is required to reset the interface.
www.dell.com | support.dell.com Important Points to Remember • FEFD enabled ports are subject to an 8 to 10 second delay during an RPM failover before becoming operational. FEFD can be enabled globally or on a per interface basis. Interface FEFD configurations override global FEFD configurations. FTOS supports FEFD on physical Ethernet interfaces only, excluding the management interface.
Enable FEFD on an Interface Entering the command fefd in INTERFACE mode enables FEFD on a per interface basis. To change the FEFD mode, supplement the fefd command in INTERFACE mode by entering the command fefd [mode {aggressive | normal}]. To disable FEFD protocol on one interface, enter the command fefd disable in INTERFACE mode.
www.dell.com | support.dell.com Figure 27-79.
28 Link Layer Discovery Protocol (LLDP) Link Layer Discovery Protocol (LLDP) is supported only on platforms: ecs This chapter contains the following sections: • • • 802.1AB (LLDP) Overview TIA-1057 (LLDP-MED) Overview Configuring LLDP 802.1AB (LLDP) Overview Link Layer Discovery Protocol (LLDP)—defined by IEEE 802.1AB—is a protocol that enables a LAN device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
www.dell.com | support.dell.com Figure 28-82. Type, Length, Value (TLV) Segment TLVs are encapsulated in a frame called an LLDP Data Unit (LLDPDU) (Figure 28-83), which is transmitted from one LLDP-enabled device to its LLDP-enabled neighbors. LLDP is a one-way protocol. LLDP-enabled devices (LLDP agents) can transmit and/or receive advertisements, but they cannot solicit and do not respond to advertisements. There are five types of TLVs.
Figure 28-83. LLDPDU Frame Optional TLVs FTOS supports the following optional TLVs: • • • Management TLVs IEEE 802.1 and 802.3 Organizationally Specific TLVs TIA-1057 Organizationally Specific TLVs Management TLVs A Management TLV is an Optional TLVs sub-type. This kind of TLV contains essential management information about the sender. The five types are described in Table 28-65. Organizationally Specific TLVs Organizationally specific TLVs can be defined by a professional organization or a vendor.
www.dell.com | support.dell.com IEEE Organizationally Specific TLVs Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups (Table 28-65) as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Force10 system to advertise any or all of these TLVs. Table 28-65. Optional TLV Types Type TLV Description Optional TLVs 4 Port description A user-defined alphanumeric string that describes the port. FTOS does not currently support this TLV.
TIA-1057 (LLDP-MED) Overview Link Layer Discovery Protocol—Media Endpoint Discovery (LLDP-MED) as defined by ANSI/ TIA-1057— provides additional organizationally specific TLVs so that endpoint devices and network connectivity devices can advertise their characteristics and configuration information; the OUI for the Telecommunications Industry Association (TIA) is 00-12-BB.
www.dell.com | support.dell.com Table 28-66.
Figure 28-85. LLDP-MED Capabilities TLV Table 28-67. Bit Position FTOS LLDP-MED Capabilities TLV FTOS Support 0 LLDP-MED Capabilities Yes 1 Network Policy Yes 2 Location Identification Yes 3 Extended Power via MDI-PSE Yes 4 Extended Power via MDI-PD No 5 Inventory No 6-15 reserved No Table 28-68.
www.dell.com | support.dell.com The application type is a represented by an integer (the Type integer in Table 28-69), which indicates a device function for which a unique network policy is defined. An individual LLDP-MED Network Policy TLV is generated for each application type that you specify with the FTOS CLI (Advertising TLVs on page 590).
Extended Power via MDI TLV The Extended Power via MDI TLV enables advanced PoE management between LLDP-MED endpoints and network connectivity devices. Advertise the Extended Power via MDI on all ports that are connected to an 802.3af powered, LLDP-MED endpoint device. • • • • Power Type: there are two possible power types: Power Sourcing Entity (PSE) or Power Device (PD). The Dell Force10 system is a PSE, which corresponds to a value of 0, based on the TIA-1057 specification.
www.dell.com | support.dell.com Important Points to Remember • • • • • LLDP is disabled by default. Dell Force10 systems support up to 8 neighbors per interface. Dell Force10 systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by 8 exceeds the maximum, the system will not configure more than 8000. INTERFACE level configurations override all CONFIGURATION level configurations. LLDP is not hitless.
Figure 28-88.
www.dell.com | support.dell.com Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces. • • If you configure the system globally, all interfaces will send LLDPDUs with the specified TLVs. If you configure an interface, only the interface will send LLDPDUs with the specified TLVs. If LLDP is configured both globally and at interface level, the interface level configuration overrides the global configuration.
Figure 28-89. Configuring LLDP Viewing the LLDP Configuration Display the LLDP configuration using the command show config in either the CONFIGURATION or INTERFACE mode, as shown in Figure 28-90 and Figure 28-91, respectively. Figure 28-90.
www.dell.com | support.dell.com Figure 28-91.
Figure 28-93.
www.dell.com | support.dell.com Figure 28-94.
Figure 28-95.
www.dell.com | support.dell.com Figure 28-96.
FTOS# debug lldp interface gigabitethernet 1/2 packet detail tx FTOS#1w1d19h : Transmit timer blew off for local interface Gi 1/2 1w1d19h : Forming LLDP pkt to send out of interface Gi 1/2 1w1d19h : TLV: Chassis ID, Len: 7, Subtype: Mac address (4), Value: 00:01:e8:0d:b6:d6 1w1d19h : TLV: Port ID, Len: 20, Subtype: Interface name (5), Value: GigabitEthernet 1/2 1w1d19h : TLV: TTL, Len: 2, Value: 120 1w1d19h : TLV: SYS_DESC, Len: 207, Value:Dell Force10 Networks Real Time Operating System Software.
www.dell.com | support.dell.com Table 28-70.
Table 28-71.
www.dell.com | support.dell.com Table 28-72. LLDP 802.1 Organizationally Specific TLV MIB Objects TLV Type TLV Name TLV Variable 127 Port and Protocol VLAN ID port and protocol VLAN supported Local port and protocol VLAN enabled PPVID 127 VLAN Name VID VLAN name length VLAN name Table 28-73.
Table 28-73.
www.dell.com | support.dell.com Table 28-73.
29 Multicast Source Discovery Protocol (MSDP) Multicast Source Discovery Protocol (MSDP) is supported on platform e and . Protocol Overview Multicast Source Discovery Protocol (MSDP) is a Layer 3 protocol that connects IPv4 PIM-SM domains. A domain in the context of MSDP is contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as BGP. Each RP peers with every other RP via TCP. Through this connection, peers advertise the sources in their domain. 1.
www.dell.com | support.dell.com RPs advertise each (S,G) in its domain in Type, Length, Value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected. Figure 29-99. Source Port Dest. Port (639) MSDP SA Message Format Seq. Number Type Code: 1: 2: 3: 4: 5: 6: 7: Ack.
Configuring Multicast Source Discovery Protocol Configuring MSDP is a three-step process: 1. Enable an exterior gateway protocol (EGP) with at least two routing domains. Figure 29-102 and MSDP Sample Configurations on page 626 show the OSPF-BGP configuration used in this chapter for MSDP. Otherwise, see Chapter 33, Open Shortest Path First (OSPFv2) and Chapter 9, Border Gateway Protocol IPv4 (BGPv4). 2. Configure PIM-SM within each EGP routing domain.
interface GigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface GigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface GigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown | Multicast Source Discovery Protocol (MSDP) 1/1 1/21 PC 1 : 10.11.3.2/24 R1 1/2 interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.
router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 192.168.0.1/32 area 0 network 10.11.3.0/24 area 0 router ospf 1 network 192.168.0.1/32 area 0 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 redistribute static redistribute connected redistribute bgp 100 R2_E300(conf)#do show run bgp ! router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200 neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.3 update-source Loopback 0 neighbor 192.168.0.
| Multicast Source Discovery Protocol (MSDP) M PI P GM +I R1 1/2 RP1 PC 2 Receiver: 239.0.0.1 1/1 1/21 ip multicast routing ! ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4 AS 100 R2 2/31 R3 3/41 4/31 R4 AS 200 ip multicast-routing ! ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 ip multicast-routing ! ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 4/1 P GM + I PC 3 Receiver: 239.0.0.1 RP2 3/21 M PI ip multicast-routing ! ip pim rp-address 192.168.0.
R1_E600(conf)#do show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpTime 239.0.0.1 10.11.4.2 192.168.0.1 local 95 16:49:25 (10.11.4.2, 239.0.0.1), uptime 1d16h, expires 00:03:12, flags: CTA Incoming interface: GigabitEthernet 1/21, RPF neighbor 10.11.1.21 Outgoing interface list: GigabitEthernet 1/1 Forward/Sparse 22:26:37/Never (*, 239.0.0.1), uptime 22:26:37, expires 00:00:00, RP 192.168.0.
www.dell.com | support.dell.com Enable MSDP Enable MSDP by peering RPs in different administrative domains. Step Task Command Syntax Command Mode 1 Enable MSDP. ip multicast-msdp CONFIGURATION 2 PeerPIM systems in different administrative domains. ip msdp peer connect-source CONFIGURATION Figure 29-104. Configuring an MSDP Peer R3_E600(conf)#ip multicast-msdp R3_E600(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3_E600(conf)#do show ip msdp summary Peer Addr 192.168.0.
• • RPs can transmit SA messages periodically to prevent SA storms, and only sources that are in the cache are advertised in the SA to prevent transmitting multiple copies of the same source information. View the Source-active Cache Task Command Syntax Command Mode View the SA cache. show ip msdp sa-cache EXEC Privilege Figure 29-106. Displaying the MSDP Source-active Cache R3_E600#show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr 239.0.0.1 10.11.4.2 192.168.0.
www.dell.com | support.dell.com • • Task Command Syntax Command Mode Cache rejected sources. ip msdp cache-rejected-sa CONFIGURATION Accept Source-active Messages that fail the RFP Check A default peer is a peer from which active sources are accepted even though they fail the RFP check. • • • • 612 the peer RP is unreachable, or because of an SA message format error. | In Scenario 1 of Figure 29-107, all MSPD peers are up.
Figure 29-107.
www.dell.com | support.dell.com Task Command Syntax Command Mode Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. If you do not specify an access list, the peer accepts all sources advertised by that peer. All sources from RPs denied by the ACL are subjected to the normal RPF check. ip msdp default-peer ip-address list CONFIGURATION Figure 29-108. Accepting Source-active Messages with FTOS(conf)#ip msdp peer 10.0.50.
Prevent MSDP from Caching a Local Source You can prevent MSDP from caching an active source based on source and/or group. Since the source is not cached, it is not advertised to remote RPs. Task Command Syntax Command Mode OPTIONAL: Cache sources that are denied by the redistribute list in the rejected SA cache. ip msdp cache-rejected-sa CONFIGURATION Prevent the system from caching local SA entries based on source and group using an extended ACL.
www.dell.com | support.dell.com Prevent MSDP from Caching a Remote Source Task Command Syntax Command Mode OPTIONAL: Cache sources that are denied by the SA filter in the rejected SA cache. ip msdp cache-rejected-sa CONFIGURATION Prevent the system from caching remote sources learned from a specific peer based on source and group. ip msdp sa-filter list out peer list ext-acl CONFIGURATION In Figure 29-111, R1 is advertising source 10.11.4.2.
Prevent MSDP from Advertising a Local Source Task Command Syntax Command Mode Prevent an RP from advertising a source in the SA cache. ip msdp sa-filter list in peer list ext-acl CONFIGURATION In Figure 29-111, R1 stops advertising source 10.11.4.2. Since it is already in the SA cache of R3, the entry remains there until it expires. Figure 29-111. Preventing MSDP from Advertising a Local Source [Router 1] R1_E600(conf)#do show run msdp ! ip multicast-msdp ip msdp peer 192.168.0.
www.dell.com | support.dell.com Log Changes in Peership States Task Command Syntax Command Mode Log peership state changes. ip msdp log-adjacency-changes CONFIGURATION Terminate a Peership MSDP uses TCP as its transport protocol. In a peering relationship, the peer with the lower IP address initiates the TCP session, while the peer with the higher IP address listens on port 639. Task Command Syntax Command Mode Terminate the TCP connection with a peer.
Clear Peer Statistics Task Command Syntax Command Mode Reset the TCP connection to the peer and clear all peer statistics. clear ip msdp peer peer-address CONFIGURATION Figure 29-113. Clearing Peer Statistics R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.
www.dell.com | support.dell.com Debug MSDP Task Command Syntax Command Mode Display the information exchanged between peers. debug ip msdp CONFIGURATION Figure 29-114. Debugging MSDP R1_E600(conf)#do debug ip msdp All MSDP debugging has been turned on R1_E600(conf)#03:16:08 : MSDP-0: Peer 03:16:09 : MSDP-0: Peer 192.168.0.3, 03:16:27 : MSDP-0: Peer 192.168.0.3, 03:16:38 : MSDP-0: Peer 192.168.0.3, 03:16:39 : MSDP-0: Peer 192.168.0.3, 03:17:09 : MSDP-0: Peer 192.168.0.3, 03:17:10 : MSDP-0: Peer 192.
MSDP with Anycast RP (10.11.4.2, 239.0.0.1), uptime 00:00:52, expires 00:03:20, flags: FTA Incoming interface: GigabitEthernet 2/1, RPF neighbor 0.0.0.0 Outgoing interface list: GigabitEthernet 2/11 Forward/Sparse 00:00:50/00:02:40 GigabitEthernet 2/31 Forward/Sparse 00:00:50/00:02:40 PI M AS X Area 0 + PI M PC 2 Source + MP IG PC 3 Receiver OS PF + Figure 29-115. MP IG 4/1 R4 4/31 OS PF + 2/1 BGP (*, 239.0.0.1), uptime 00:00:23, expires 00:00:00, RP 192.168.0.
www.dell.com | support.dell.com Reducing Source-active Message Flooding RPs flood source-active messages to all of their peers away from the RP. When multiple RPs exist within a domain, the RPs forward received active source information back to the originating RP, which violates the RFP rule. You can prevent this unnecessary flooding by creating a mesh-group. A mesh in this context is a topology in which each RP in a set of RPs has a peership with all other RPs in the set.
Figure 29-116. R1 Configuration for MSDP with Anycast RP ip multicast-routing ! interface GigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface GigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface GigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.11/32 no shutdown ! router ospf 1 network 10.11.2.
www.dell.com | support.dell.com Figure 29-117. 624 R2 Configuration for MSDP with Anycast RP ip multicast-routing ! interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown ! interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown ! interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.
Figure 29-118. R3 Configuration for MSDP with Anycast RP ip multicast-routing ! interface GigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface GigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.
www.dell.com | support.dell.com 626 MSDP Sample Configurations The following figures show the running-configurations for the routers shown in figures Figure 29-102, Figure 29-101, Figure 29-102, Figure 29-103. Figure 29-119. MSDP Sample Configuration: R1 Running-config ip multicast-routing ! interface GigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface GigabitEthernet 1/2 ip address 10.11.2.
Figure 29-120. MSDP Sample Configuration: R2 Running-config ip multicast-routing ! interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown ! interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown ! interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip address 192.168.0.2/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.
www.dell.com | support.dell.com Figure 29-121. MSDP Sample Configuration: R3 Running-config 628 ip multicast-routing ! interface GigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown ! interface GigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface ManagementEthernet 0/0 ip address 10.11.80.3/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.
Figure 29-122. MSDP Sample Configuration: R4 Running-config ip multicast-routing ! interface GigabitEthernet 4/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown ! interface GigabitEthernet 4/22 ip address 10.10.42.1/24 no shutdown ! interface GigabitEthernet 4/31 ip pim sparse-mode ip address 10.11.6.43/24 no shutdown ! interface Loopback 0 ip address 192.168.0.4/32 no shutdown ! router ospf 1 network 10.11.5.0/24 area 0 network 10.11.6.0/24 area 0 network 192.168.0.
www.dell.com | support.dell.
30 Multiple Spanning Tree Protocol (MSTP) Multiple Spanning Tree Protocol (MSTP) is supported on platforms: ecs Protocol Overview Multiple Spanning Tree Protocol (MSTP)—specified in IEEE 802.1Q-2003—is an RSTP-based spanning tree variation that improves on PVST+. MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances. In contrast, PVST+ allows a spanning tree instance for each VLAN.
www.dell.com | support.dell.com FTOS supports three other variations of Spanning Tree, as shown in Table 44. Table 30-74. FTOS Supported Spanning Tree Protocols Dell Force10 Term IEEE Specification Spanning Tree Protocol 802.1d Rapid Spanning Tree Protocol 802.1w Multiple Spanning Tree Protocol 802.1s Per-VLAN Spanning Tree Plus Third Party Implementation Information • • • • • The FTOS MSTP implementation is based on IEEE 802.
• • • Preventing Network Disruptions with BPDU Guard on page 937 SNMP Traps for Root Elections and Topology Changes on page 801 Configuring Spanning Trees as Hitless on page 943 Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP: Step Task Command Syntax Command Mode 1 Enter PROTOCOL MSTP mode. protocol spanning-tree mstp CONFIGURATION 2 Enable MSTP.
www.dell.com | support.dell.com Create Multiple Spanning Tree Instances A single MSTI provides no more benefit than RSTP. To take full advantage of MSTP you must create multiple MSTIs and map VLANs to them. Create an MSTI using the command msti from PROTOCOL MSTP mode. Specify the keyword vlan followed by the VLANs that you want to participate in the MSTI, as shown in Figure 30-125. Figure 30-125.
Influence MSTP Root Selection MSTP determines the root bridge, but you can assign one bridge a lower priority to increase the probability that it will become the root bridge. To change the bridge priority: Task Command Syntax Command Mode Assign a number as the bridge priority. A lower number increases the probability that the bridge becomes the root bridge.
www.dell.com | support.dell.com For a bridge to be in the same MSTP region as another, all three of these qualities must match exactly. The default values for name and revision will match on all Dell Force10 FTOS equipment. If you have non-FTOS equipment that will participate in MSTP, ensure these values to match on all the equipment. Note: Some non-FTOS equipment may implement a non-null default region name. SFTOS, for example, uses the Bridge ID, while others may use a MAC address.
To change MSTP parameters, use the following commands on the root bridge: Task Command Syntax Command Mode Change the forward-delay parameter. • Range: 4 to 30 • Default: 15 seconds forward-delay seconds PROTOCOL MSTP Change the hello-time parameter. Note: With large configurations (especially those with more ports) Dell Force10 recommends that you increase the hello-time. Range: 1 to 10 Default: 2 seconds hello-time seconds PROTOCOL MSTP Change the max-age parameter.
www.dell.com | support.dell.com Table 30-75 lists the default values for port cost by interface. Table 30-75.
To enable EdgePort on an interface, use the following command: Task Command Syntax Command Mode Enable EdgePort on an interface. spanning-tree mstp edge-port [bpduguard | shutdown-on-violation] INTERFACE Verify that EdgePort is enabled on a port using the command show config from the INTERFACE mode, as shown in Figure 30-130. FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1 If the interface to be shutdown is a port channel then all the member ports are disabled in the hardware.
www.dell.com | support.dell.com MSTP Sample Configurations The running-configurations in Figure 30-132, Figure 30-133, and Figure 30-133 support the topology shown in Figure 30-131. The configurations are from FTOS systems. An S50 system using SFTOS, configured as shown Figure 30-135, could be substituted for an FTOS router in this sample following topology and MSTP would function as designed. Figure 30-131.
Figure 30-132.
www.dell.com | support.dell.com Figure 30-133.
Figure 30-134.
www.dell.com | support.dell.com Figure 30-135.
Figure 30-136. Displaying BPDUs and Events FTOS#debug spanning-tree mstp bpdu 1w1d17h : MSTP: Sending BPDU on Gi 1/31 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x68 CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 20000 Regional Bridge Id: 32768:0001.e809.c24a, CIST Port Id: 128:384 Msg Age: 2, Max Age: 20, Hello: 2, Fwd Delay: 15, Ver1 Len: 0, Ver3 Len: 96 Name: my-mstp-region, Rev: 0, Int Root Path Cost: 20000 Rem Hops: 19, Bridge Id: 32768:0001.e80d.
www.dell.com | support.dell.com Figure 30-137. Sample Output for show running-configuration spanning-tree mstp command FTOS#show run spanning-tree mstp ! protocol spanning-tree mstp name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 Figure 30-138.
31 Multicast Features Multicast Features are supported on platforms: ecs This chapter contains the following sections: • • • • • Enable IP Multicast on page 647 Multicast with ECMP on page 648 First Packet Forwarding for Lossless Multicast on page 649 Multicast Policies on page 650 Multicast Traceroute on page 657 FTOS supports the following multicast protocols: • • • PIM Sparse-Mode (PIM-SM) on page 703 Internet Group Management Protocol (IGMP) on page 399 Multicast Source Discovery Protocol (MSDP) on
www.dell.com | support.dell.com Multicast with ECMP Dell Force10 multicast uses Equal-cost Multi-path (ECMP) routing to load-balance multiple streams across equal cost links. When creating the shared-tree Protocol Independent Multicast (PIM) uses routes from all configured routing protocols to select the best route to the rendezvous point (RP). If there are multiple, equal-cost paths, the PIM selects the route with the least number of currently running multicast streams.
As the upper five bits of an IP Multicast address are dropped in the translation, 32 different multicast group IDs all map to the same Ethernet address. For example, 224.0.0.5 is a well known IP address for OSPF that maps to the multicast MAC address 01:00:5e:00:00:05. However, 225.0.0.5, 226.0.0.5, etc., map to the same multicast MAC address. The Layer 2 FIB alone cannot differentiate multicast control traffic multicast data traffic with the same address, so if you use IP address 225.0.0.
www.dell.com | support.dell.com Multicast Policies FTOS offers parallel Multicast features for IPv4 and IPv6.
Note: The IN-L3-McastFib CAM partition is used to store multicast routes and is a separate hardware limit that is exists per port-pipe. Any software-configured limit might be superseded by this hardware space limitation. The opposite is also true, the CAM partition might not be exhausted at the time the system-wide route limit set by the ip multicast-limit is reached. Prevent a Host from Joining a Group You can prevent a host from joining a particular group by blocking specific IGMP reports.
| Multicast Features ip igmp snooping enable interface Vlan 400 ip pim sparse-mode ip address 10.11.4.1/24 untagged GigabitEthernet 1/2 ip igmp access-group igmpjoinfilR2G2 no shutdown (*, 239.0.0.1), uptime 00:00:06, expires 00:00:00, RP 10.11.12.2, flags: SCJ Incoming interface: GigabitEthernet 1/21, RPF neighbor 10.11.12.2 Outgoing interface list: Vlan 400 Forward/Sparse 00:00:06/Never interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.
Rate Limit IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined using the command ip igmp group-join-limit from INTERFACE mode. Hosts whose IGMP requests are denied will use the retry mechanism built-in to IGMP so that they’re membership is delayed rather than permanently denied. View the enable status of this feature using the command show ip igmp interface from EXEC Privilege mode.
| Multicast Features (10.11.5.2, 239.0.0.2), uptime 00:00:33, expires 00:03:07, flags: CT Incoming interface: GigabitEthernet 1/31, RPF neighbor 10.11.13.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:00:40/Never (*, 239.0.0.2), uptime 00:00:40, expires 00:00:00, RP 10.11.12.2, flags: SCJ Incoming interface: GigabitEthernet 1/21, RPF neighbor 10.11.12.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:00:40/Never (10.11.5.2, 239.0.0.
Prevent a PIM Router from Processing a Join Permit or deny PIM Join/Prune messages on an interface using an extended IP access list. Use the command ip pim join-filter to prevent the PIM SM router from creating state based on multicast source and/ or group. Note: Dell Force10 recommends that you do not use the ip pim join-filter command on an interface between a source and the RP router.
www.dell.com | support.dell.com Prevent an IPv6 Neighbor from Forming an Adjacency Task Command Syntax Command Mode Prevent a router from participating in PIM.
Multicast Traceroute Multicast Traceroute is supported only on platform: e MTRACE is an IGMP-based tool that prints that network path that a multicast packet takes from a source to a destination, for a particular group. FTOS has mtrace client and mtrace transmit functionality. • • MTRACE Client—an mtrace client transmits mtrace queries and prints out the details received responses.
| Multicast Features www.dell.com | support.dell.
32 Object Tracking IPv4/IPv6 Object Tracking is available on platforms: ces This chapter covers the following information: • • • Object Tracking Overview Object Tracking Configuration Displaying Tracked Objects Object tracking allows FTOS client processes, such as VRRP, to monitor tracked objects (for example, interface or link status) and take appropriate action when the state of an object changes. Note: In release 8.4.1.0, object tracking is supported only on VRRP.
www.dell.com | support.dell.com You can create a tracked object to monitor the metric of the default route 0.0.0.0/0. After you configure the default route as a tracked object, you can configure the VRRP group to track the state of the route. In this way, the VRRP priority of the router with the better metric as determined by OSPF automatically becomes master of the VRRP group.
Tracking Layer 3 Interfaces You can create an object that tracks the Layer 3 state (IPv4 or IPv6 routing status) of an interface. • • The Layer 3 status of an interface is UP only if the Layer 2 status of the interface is UP and the interface has a valid IP address. The Layer 3 status of an interface goes DOWN when its Layer 2 status goes down or the IP address is removed from the routing table.
www.dell.com | support.dell.com • If the scaled metric for a route is greater than or equal to the DOWN threshold or the route is not entered in the routing table, the state of a route is DOWN. The UP and DOWN thresholds are user-configurable for each tracked route. The default UP threshold is 254; the default DOWN threshold is 255. The notification of a change in the state of a tracked object is sent when a metric value crosses a configured threshold.
You can assign a unique priority-cost value from 1 to 254 to each tracked VRRP object or group interface. The priority cost is subtracted from the VRRP group priority if a tracked VRRP object is in a DOWN state. If a VRRP group router acts as owner-master, the run-time VRRP group priority remains fixed at 255 and changes in the state of a tracked object have no effect. For more information on how to track a VRRP object, see Track an Interface or Object on page 1037.
www.dell.com | support.dell.com To configure object tracking on the status of a Layer 2 interface, use the following commands. To remove object tracking on a Layer 2 interface, enter the no track object-id command. Step 1 Task Command Syntax Command Mode Configure object tracking on the line-protocol state of a Layer 2 interface. track object-id interface interface line-protocol CONFIGURATION Valid object IDs are from 1 to 65535.
For an IPv4 interface, a routing object only tracks the UP/DOWN status of the specified IPv4 interface (track interface ip-routing command). • • The status of an IPv4 interface is UP only if the Layer 2 status of the interface is UP and the interface has a valid IP address. The Layer 3 status of an IPv4 interface goes DOWN when its Layer 2 status goes down (for a Layer 3 VLAN, all VLAN ports must be down) or the IP address is removed from the routing table.
www.dell.com | support.dell.com Figure 32-147.
The tracking process uses a protocol-specific resolution value to convert the actual metric in the routing table to a scaled metric in the range 0 to 255. The resolution value is user-configurable and calculates the scaled metric by dividing a route's cost by the resolution value set for the route type: • • • • For ISIS, you can set the resolution in the range 1 to 1000, where the default is 10. For OSPF, you can set the resolution in the range 1 to 1592, where the default is 1.
www.dell.com | support.dell.com Figure 32-148. Command Example: track ip route reachability FTOS(conf)#track 104 ip route 10.0.0.0/8 reachability FTOS(conf-track-104)#delay up 20 down 10 FTOS(conf-track-104)#end FTOS#show track 104 Track 104 IP route 10.0.0.0/8 reachability Reachability is Down (route not in route table) 2 changes, last change 00:02:49 Tracked by: FTOS#configure FTOS(conf)#track 4 ip route 3.1.1.0/24 reachability vrf vrf1 Figure 32-149.
Step 2 Task Command Syntax Command Mode Configure object tracking on the metric of an IPv4 or IPv6 route. track object-id {ip route ip-address/prefix-len | ipv6 route ipv6-address/prefix-len} metric threshold [vrf vrf-name] CONFIGURATION Valid object IDs are from 1 to 65535. Enter an IPv4 address in dotted decimal format.Valid IPv4 prefix lengths are from /0 to /32. Enter an IPv6 address in X:X:X:X::X format. Valid IPv6 prefix lengths are from /0 to /128.
www.dell.com | support.dell.com Figure 32-151.
Figure 32-152. Command Example: show track FTOS#show track Track 1 IP route 23.0.0.
www.dell.com | support.dell.com Figure 32-155. Command Example: show track vrf FTOS#show track vrf red Track 5 IP route 192.168.0.0/24 reachability, Vrf: red Reachability is Up (CONNECTED) 3 changes, last change 00:02:39 First-hop interface is GigabitEthernet 13/4 Tracked by: • show running-config track [object-id] Use the show running-config track command to display the tracking configuration of a specified object or all objects that are currently configured on the router. Figure 32-156.
33 Open Shortest Path First (OSPFv2) Open Shortest Path First (OSPFv2) is supported on the platform only.
www.dell.com | support.dell.com Autonomous System (AS) Areas OSPF operate in a type of hierarchy. The largest entity within the hierarchy is the autonomous system (AS), which is a collection of networks under a common administration that share a common routing strategy. OSPF is an intra-AS (interior gateway) routing protocol, although it is capable of receiving routes from and sending routes to other ASs.
Area Types The Backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any Autonomous System (AS). All other areas must connect to Area 0. Areas can be defined in such a way that the backbone is not contiguous. In this case, backbone connectivity must be restored through virtual links. Virtual links are configured between any backbone routers that share a link to a non-backbone area and function as if they were direct links.
www.dell.com | support.dell.com Figure 33-158gives some examples of the different router designations. Figure 33-158.
Area Border Router (ABR) Within an AS, an Area Border (ABR) connects one or more areas to the Backbone. The ABR keeps a copy of the link-state database for every area it connects to, so it may keep multiple copies of the link state database. An Area Border Router (ABR) takes information it has learned on one of its attached areas and can summarize it before sending it out on other areas it is connected to. An ABR can connect to many areas in an AS, and is considered a member of each area it connects to.
www.dell.com | support.dell.com Link-State Advertisements (LSAs) A Link-State Advertisement (LSA) communicates the router's local routing topology to all other local routers in the same area. The LSA types supported by Dell Force10 are defined as follows: • • • • • • • Type 1 - Router LSA • The router lists links to other routers or networks in the same area. Type 1 LSAs are flooded across their own area only. The Link-State ID of the Type 1 LSA is the originating router ID.
• • 3: connection to a stub network IP network/subnet number 4: virtual link neighboring router ID LSA throttling LSA throttling provides configurable interval timers to improve OSPF convergence times. The default OSPF static timers (5 seconds for transmission, 1 second for acceptance) ensure sufficient time for sending and resending LSAs and for system acceptance of arriving LSAs. However, some networks may require reduced intervals for LSA transmission and acceptance.
www.dell.com | support.dell.com Figure 33-159. Priority and Costs Example Router 2 Priority 180 Cost 50 Router 3 Priority 100 Cost 25 Router 1 Priority 200 Cost 21 Router 4 Priority 150 Cost 20 Router 1 selected by the system as DR. Router 2 selected by the system as BDR. If R1 fails, the system subtracts 21 fromR1 s priority number. R1 s new pr iority is 179. R2 as both the selected BDR and the now-highest priority, becomes the DR. If R3 fails, the system subtracts R2 s new priority is130.
• • NSSA External (type 7) Opaque Link-local (type 9) Fast Convergence (OSPFv2, IPv4 only) Fast Convergence allows you to define the speeds at which LSAs are originated and accepted, and reduce OSPFv2 end-to-end convergence time. FTOS enables you to accept and originate LSAa as soon as they are available to speed up route information propagation. Note that the faster the convergence, the more frequent the route calculations and updates.
www.dell.com | support.dell.com RFC-2328 Compliant OSPF Flooding In OSPF, flooding is the most resource-consuming task. The flooding algorithm described in RFC 2328 requires that OSPF flood LSAs on all interfaces, as governed by LSA's flooding scope. (Refer to Section 13 of the RFC.) When multiple direct links connect two routers, the RFC 2328 flooding algorithm generates significant redundant information across all links.
OSPF ACK Packing The OSPF ACK Packing feature bundles multiple LS acknowledgements in a single packet, significantly reducing the number of ACK packets transmitted when the number of LSAs increases. This feature also enhances network utilization and reduces the number of small ACK packets sent to a neighboring router. OSPF ACK packing is enabled by default, and non-configurable.
www.dell.com | support.dell.com OSPF must be configured GLOBALLY on the system in CONFIGURATION mode. OSPF features and functions are assigned to each router using the CONFIG-INTERFACE commands for each interface. Note: By default, OSPF is disabled Configuration Task List for OSPFv2 (OSPF for IPv4) Open Shortest Path First version 2 (OSPF for IPv4) is supported on platforms ces 1. Configure a physical interface. Assign an IP address, physical or loopback, to the interface to enable Layer 3 routing. 2.
If implementing, Multi-Process OSPF, you must create an equal number of Layer 3 enabled interfaces and OSPF Process IDs. For example, if you create 4 OSPFv2 process IDs, you must have 4 interfaces with Layer 3 enabled. Use these commands on one of the interfaces to enable OSPFv2 routing. Step 1 Command Syntax Command Mode Usage ip address ip-address mask CONFIG-INTERFACE Assign an IP address to an interface. Format: A.B.C.D/M If using a Loopback interface, refer to Loopback Interfaces on page 421.
www.dell.com | support.dell.com Use the no router ospf process-id command syntax in the CONFIGURATION mode to disable OSPF. Use the clear ip ospf process-id command syntax in EXEC Privilege mode to reset the OSPFv2 process. Use the show ip ospf process-id command in EXEC mode (Figure 408) to view the current OSPFv2 status. Figure 33-164. Command Example: show ip ospf process-id FTOS#show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.
If you try to enable more OSPF processes than available Layer 3 interfaces you will see the following message. Message 28 C300(conf)#router ospf 1 % Error: No router ID available. In CONFIGURATION ROUTER OSPF mode, assign the Router ID. The Router ID is not required to be the router’s IP address. Dell Force10 recommends using the IP address as the Router ID for easier management and troubleshooting.
www.dell.com | support.dell.com Enable OSPFv2 on interfaces Each interface must have OSPFv2 enabled on it. It must be configured for Layer 3 protocol, and not be shutdown. OSPFv2 can also be assigned to a loopback interface as a virtual interface. OSPF functions and features, such as MD5 Authentication, Grace Period, Authentication Wait Time, etc, are assigned on a per interface basis. Note: If using features like MD5 Authentication, ensure all the neighboring routers are also configured for MD5.
Figure 33-166. Command Example: show ip ospf process-id interface FTOS>show ip ospf 1 interface GigabitEthernet 12/17 is up, line protocol is up Internet Address 10.2.2.1/24, Area 0.0.0.0 Process ID 1, Router ID 11.1.2.1, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 11.1.2.1, Interface address 10.2.2.1 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.
www.dell.com | support.dell.com Configure stub areas OSPF supports different types of LSAs to help reduce the amount of router processing within the areas. Type 5 LSAs are not flooded into stub areas; the Area Border Router (ABR) advertises a default route into the stub area to which it is attached. Stub area routers use the default route to reach external destinations To ensure connectivity in your OSPFv2 network, never configure the backbone area as a stub area.
Configure LSA throttling timers Configured LSA timers replace the standard transmit and acce4patnce times for LSAs. The LSA throttling timers are configured in milliseconds, with the interval time increasing exponentially until a maximum time has been reached. If the maximum time is reached, the system, the system continues to transmit at the max-interval. If the system is stable for twice the maximum interval time, the system reverts to the start-interval timer and the cycle begins again.
www.dell.com | support.dell.com Use the following command in the ROUTER OSPF mode to suppress the interface’s participation on an OSPF interface. This command stops the router from sending updates on that interface. Command Syntax Command Mode Usage passive-interface {default | interface} CONFIG-ROUTEROSPF-id Specify whether all or some of the interfaces will be passive. Default enabled passive interfaces on ALL interfaces in the OSPF process.
Figure 33-169. Command Example: show ip ospf process-id interface FTOS#show ip ospf 34 int GigabitEthernet 0/0 is up, line protocol is down Internet Address 10.1.2.100/24, Area 1.1.1.1 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DOWN, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 0.0.0.0 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.
www.dell.com | support.dell.com Figure 33-170 shows the convergence settings when fast-convergence is enabled and Figure 33-171 shows settings when fast-convergence is disabled. These displays appear with the show ip ospf command. Figure 33-170. Command Example: show ip ospf process-id (fast-convergence enabled) FTOS(conf-router_ospf-1)#fast-converge 2 FTOS(conf-router_ospf-1)#ex FTOS(conf)#ex FTOS#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.
Use any or all of the following commands in CONFIGURATION INTERFACE mode to change OSPFv2 parameters on the interfaces: Command Syntax Command Mode Usage ip ospf cost CONFIG-INTERFACE Change the cost associated with OSPF traffic on the interface. Cost: 1 to 65535 (default depends on the interface speed). ip ospf dead-interval seconds CONFIG-INTERFACE Change the time interval the router waits before declaring a neighbor dead. Configure Seconds range: 1 to 65535 (default is 40 seconds).
www.dell.com | support.dell.com Figure 33-172. Changing the OSPF Cost Value on an Interface FTOS(conf-if)#ip ospf cost 45 FTOS(conf-if)#show config ! interface GigabitEthernet 0/0 ip address 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 FTOS(conf-if)#end FTOS#show ip ospf 34 interface The change is made on the interface and it is reflected in the OSPF configuration GigabitEthernet 0/0 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.
• • • • transmit-delay: LSA transmission delay dead-interval: dead router detection time authentication-key: authentication key message-digest-key: MD5 authentication key Use the following command in CONFIGURATION ROUTER OSPF mode to configure virtual links.
www.dell.com | support.dell.com Filter routes To filter routes, use prefix lists. OSPF applies prefix lists to incoming or outgoing routes. Incoming routes must meet the conditions of the prefix lists, and if they do not, OSPF does not add the route to the routing table. Configure the prefix list in CONFIGURATION PREFIX LIST mode prior to assigning it to the OSPF process. Command Syntax Command Mode Usage ip prefix-list prefix-name CONFIGURATION Create a prefix list and assign it a unique name.
Redistribute routes You can add routes from other routing instances or protocols to the OSPF process. With the redistribute command syntax, you can include RIP, static, or directly connected routes in the OSPF process. Note: Do not route iBGP routes to OSPF unless there are route-maps associated with the OSPF redistribution.
www.dell.com | support.dell.com • • Have the routes been included in the OSPF database? Have the OSPF routes been included in the routing table (not just the OSPF database)? Some useful troubleshooting commands are: • • • • • • show interfaces show protocols debug IP OSPF events and/or packets show neighbors show virtual links show routes Use the show running-config ospf command to see the state of all the enabled OSPFv2 processes.
Command Syntax Command Mode Usage show ip ospf database EXEC Privilege View the summary information for the OSPF database Use the following command in EXEC Privilege mode to view the OSPFv2 configuration for a neighboring router: Command Syntax Command Mode Usage show ip ospf neighbor EXEC Privilege View the configuration of OSPF neighbors connected to the local router.
www.dell.com | support.dell.com Basic OSPFv2 Router Topology The following illustration is a sample basic OSPFv2 topology. Figure 33-176. Basic topology and CLI commands for OSPFv2 OSPF AREA 0 GI 2/1 GI 1/1 GI 2/2 GI 1/2 GI 3/1 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 ! interface GigabitEthernet 1/1 ip address 10.1.11.1/24 no shutdown ! interface GigabitEthernet 1/2 ip address 10.2.12.
34 PIM Sparse-Mode (PIM-SM) PIM Sparse-Mode (PIM-SM) is supported on platforms: ecs PIM-Sparse Mode (PIM-SM) is a multicast protocol that forwards multicast traffic to a subnet only upon request using a PIM Join message; this behavior is the opposite of PIM-Dense Mode, which forwards multicast traffic to all subnets until a request to stop. Implementation Information • • • • • • • • • • The Dell Force10 implementation of PIM-SM is based on the IETF Internet Draft draft-ietf-pim-sm-v2-new-05.
www.dell.com | support.dell.com Requesting Multicast Traffic A host requesting multicast traffic for a particular group sends an IGMP Join message to its gateway router. The gateway router is then responsible for joining the shared tree to the RP (RPT) so that the host can receive the requested traffic. 1. Upon receiving an IGMP Join message, the receiver gateway router (last-hop DR) creates a (*,G) entry in its multicast routing table for the requested group.
source, including the RP, create an (S,G) entry and list the interface on which the message was received as an outgoing interface, thus recreating a SPT to the source. 3. Once the RP starts receiving multicast traffic via the (S,G) it unicasts a Register-Stop message to the first-hop DR so that multicast packets are no longer encapsulated in PIM Register packets and unicast.
www.dell.com | support.dell.com Enable PIM-SM You must enable PIM-SM on each participating interface: Step 1 2 Task Command Command Mode Enable multicast routing on the system. ip multicast-routing CONFIGURATION Enable PIM-Sparse Mode ip pim sparse-mode INTERFACE Display which interfaces are enabled with PIM-SM using the command show ip pim interface from EXEC Privilege mode, as shown in Figure 34-177. Figure 34-177.
Figure 34-179. Viewing the PIM Multicast Routing Table FTOS#show ip pim tib PIM Multicast Routing Table Flags: D - Dense, S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 192.1.2.1), uptime 00:29:36, expires 00:03:26, RP 10.87.2.6, flags: SCJ Incoming interface: GigabitEthernet 4/12, RPF neighbor 10.87.3.
www.dell.com | support.dell.com Step 3 Task Set the expiry time for a specific (S,G) entry (Figure 34-180). Range 211-86400 seconds Default: 210 Command Syntax Command Mode ip pim sparse-mode sg-expiry-timer seconds sg-list CONFIGURATION access-list-name Note: The expiry time configuration is nullified, and the default global expiry time is used if: • an ACL is specified for an in the ip pim sparse-mode sg-expiry-timer command, but the ACL has not been created or is a standard ACL.
Override Bootstrap Router Updates PIM-SM routers need to know the address of the RP for each group for which they have (*,G) entry. This address is obtained automatically through the bootstrap router (BSR) mechanism or a static RP configuration. If you have configured a static RP for a group, use the option override with the command ip pim rp-address to override bootstrap router updates with your static RP configuration.
www.dell.com | support.dell.com Create Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM Multicast Border Routers (PMBRs). PMBRs connect each PIM domain to the rest of the internet. Create multicast boundaries and domains by filtering inbound and outbound Bootstrap Router (BSR) messages per interface, use the ip pim bsr-border command.
Enable PIM-SM graceful restart (non-stop forwarding capability) using the command ip pim graceful-restart nsf from CONFIGURATION mode. There are two options with this command: • • restart-time is the time required by the Dell Force10 system to restart. The default value is 180 seconds. stale-entry-time is the maximum amount of time that the Dell Force10 system preserves entries from a restarting neighbor. The default value is 60 seconds.
| PIM Sparse-Mode (PIM-SM) www.dell.com | support.dell.
35 Port Monitoring Port Monitoring is supported on platforms: ecs Port Monitoring is a feature that copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG). Port Monitoring functionality is different between platforms, but the behavior is the same, with highlighted exceptions.
www.dell.com | support.dell.com • The C-Series and S-Series may only have four destination ports per port-pipe. There is no limitation on the total number of monitoring sessions. Table 35-76 lists the maximum number of monitoring sessions per system. For the C-Series and S-Series, the total number of sessions is derived by consuming a unique destination port in each session, in each port-pipe. Table 35-76.
On the E-Series TeraScale, FTOS supports a single source-destination statement in a monitor session (Message 30). E-Series TeraScale supports only one source and one destination port per port-pipe (Message 31). Therefore, the E-Series TeraScale supports as many monitoring sessions as there are port-pipes in the system. Message 30 Multiple Source-Destination Statements Error Message on E-Series TeraScale % Error: Remove existing monitor configuration.
www.dell.com | support.dell.com The number of source ports FTOS allows within a port-pipe is equal to the number of physical ports in the port-pipe (n). However, n number of ports may only have four different destination ports (Message 33). Figure 35-185.
Figure 35-187.
www.dell.com | support.dell.com Configuring Port Monitoring To configure port monitoring: Step Task Command Syntax Command Mode 4 Verify that the intended monitoring port has no configuration other than no shutdown, as shown in Figure 35-189. show interface EXEC Privilege 5 Create a monitoring session using the command monitor session from CONFIGURATION mode, as shown in Figure 35-189.
Host Traffic 1/1 1/3 Server Traffic 1/2 Host Server FTOS(conf-if-gi-1/2)#show config ! interface GigabitEthernet 1/2 no ip address no shutdown Sniffer FTOS(conf )#monitor session 0 FTOS(conf-mon-sess-0)#source gig 1/1 destination gig 1/2 direction rx Port Monitoring 001 Flow-based Monitoring Flow-based Monitoring is supported only on platform e Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead all traffic on the interface.
www.dell.com | support.dell.com Figure 35-191. Configuring Flow-based Monitoring 720 FTOS(conf)#monitor session 0 FTOS(conf-mon-sess-0)#flow-based enable FTOS(conf)#ip access-list ext testflow FTOS(config-ext-nacl)#seq 5 permit icmp any any count bytes monitor FTOS(config-ext-nacl)#seq 10 permit ip 102.1.1.
36 Private VLANs (PVLAN) The Private VLANs (PVLAN) feature is supported on platforms cs For syntax details on the commands discussed in this chapter, see the Private VLANs Commands chapter in the FTOS Command Line Reference.
www.dell.com | support.dell.com • • • Ports in a community VLAN can communicate with each other. Ports in a community VLAN can communicate with all promiscuous ports in the primary VLAN. A community VLAN can only contain ports configured as host. Isolated VLAN — An isolated VLAN is a type of secondary VLAN in a primary VLAN: • • • Ports in an isolated VLAN cannot talk directly to each other. Ports in an isolated VLAN can only communicate with promiscuous ports in the primary VLAN.
Private VLAN Commands The commands dedicated to supporting the Private VLANs feature are: Table 36-77. Private VLAN Commands Task Command Syntax Command Mode Enable/disable Layer 3 communication between secondary VLANs. [no] ip local-proxy-arp Note: Even after ip-local-proxy-arp is disabled (no ip-local-proxy-arp) in a secondary VLAN, Layer 3 communication may happen between some secondary VLAN hosts, until the ARP timeout happens on those secondary VLAN hosts.
www.dell.com | support.dell.com Private VLAN Configuration Task List The following sections contain the procedures that configure a private VLAN: • • • • Creating PVLAN ports Creating a Primary VLAN on page 725 Creating a Community VLAN on page 726 Creating an Isolated VLAN on page 726 Creating PVLAN ports Private VLAN ports are those that will be assigned to the private VLAN (PVLAN).
Creating a Primary VLAN A primary VLAN is a port-based VLAN that is specifically enabled as a primary VLAN to contain the promiscuous ports and PVLAN trunk ports for the private VLAN. A primary VLAN also contains a mapping to secondary VLANs, which are comprised of community VLANs and isolated VLANs. Step Command Syntax Command Mode Purpose 1 interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode for the VLAN to which you want to assign the PVLAN interfaces.
www.dell.com | support.dell.com Creating a Community VLAN A community VLAN is a secondary VLAN of the primary VLAN in a private VLAN. The ports in a community VLAN can talk to each other and with the promiscuous ports in the primary VLAN. Step Command Syntax Command Mode Purpose 1 interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode for the VLAN that you want to make a community VLAN. 2 no shutdown INTERFACE VLAN Enable the VLAN.
Figure 36-193.
www.dell.com | support.dell.com The result is that: • • • • The ports in community VLAN 4001 can communicate directly with each other and with promiscuous ports. The ports in community VLAN 4002 can communicate directly with each other and with promiscuous ports The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the primary VLAN 4000.
show vlan private-vlan mapping: Display the primary-secondary VLAN mapping. See the example • output from the S50V, above, in Figure 36-197. Two show commands revised to display PVLAN data are: • • show arp • show vlan: See revised output in Figure 36-198. Figure 36-195.
www.dell.com | support.dell.com Figure 36-199.
37 Per-VLAN Spanning Tree Plus (PVST+) Per-VLAN Spanning Tree Plus (PVST+) is supported on platforms: ecs Protocol Overview Per-VLAN Spanning Tree Plus (PVST+) is a variation of Spanning Tree—developed by a third party— that allows you to configure a separate Spanning Tree instance for each VLAN. For more information on Spanning Tree, see Chapter 48, Spanning Tree Protocol (STP). Figure 37-200.
www.dell.com | support.dell.com Table 37-78. FTOS Supported Spanning Tree Protocols Dell Force10 Term IEEE Specification Multiple Spanning Tree Protocol (MSTP) 802.1s Per-VLAN Spanning Tree Plus (PVST+) Third Party Implementation Information • • • • The FTOS implementation of PVST+ is based on IEEE Standard 802.1d. The FTOS implementation of PVST+ uses IEEE 802.1s costs as the default costs (Table 37-79). Other implementations use IEEE 802.
Enable PVST+ When you enable PVST+, FTOS instantiates STP on each active VLAN. To enable PVST+ globally: Step Task Command Syntax Command Mode 1 Enter PVST context. protocol spanning-tree pvst PROTOCOL PVST 2 Enable PVST+. no disable PROTOCOL PVST Disable PVST+ Task Command Syntax Command Mode Disable PVST+ globally. disable PROTOCOL PVST Disable PVST+ on an interface, or remove a PVST+ parameter configuration.
STI 2 root STI 1: VLAN 100 STI 2: VLAN 200 STI 3: VLAN 300 R2 vlan 100 bridge-priority 4096 2/32 Blocking 3/22 X R3 STI 3 root vlan 100 bridge-priority 4096 3/12 2/12 Forwarding www.dell.com | support.dell.com Figure 37-202. Load Balancing with PVST+ 1/22 X X 1/32 STI 1 root R1 vlan 100 bridge-priority 4096 The bridge with the bridge value for bridge priority is elected root.
Figure 37-203. Display the PVST+ Forwarding Topology FTOS_E600(conf)#do show spanning-tree pvst vlan 100 VLAN 100 Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 100 Current root has priority 4096, Address 0001.e80d.
www.dell.com | support.dell.com Task Command Syntax Command Mode Change the max-age parameter. Range: 6 to 40 Default: 20 seconds vlan max-age PROTOCOL PVST The values for global PVST+ parameters are given in the output of the command show spanning-tree pvst, as shown in Figure 37-203. Modify Interface PVST+ Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port: • • Port cost is a value that is based on the interface type.
Task Command Syntax Command Mode Change the port priority of an interface. Range: 0 to 240, in increments of 16 Default: 128 spanning-tree pvst vlan priority INTERFACE The values for interface PVST+ parameters are given in the output of the command show spanning-tree pvst, as shown in Figure 37-203. Configure an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner.
www.dell.com | support.dell.com FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1 If the interface to be shutdown is a port channel then all the member ports are disabled in the hardware. 2 When a physical port is added to a port channel already in error disable state, the new member port will also be disabled in the hardware.
Dell Force10 System VLAN unaware Hub P1 untagged in VLAN 10 X P2 untagged in VLAN 20 moves to blocking unless Extended System ID is enabled Task Command Syntax Command Mode Augment the Bridge ID with the VLAN ID. extend system-id PROTOCOL PVST FTOS(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.
www.dell.com | support.dell.com Figure 37-205.
Figure 37-206.
www.dell.com | support.dell.
38 Quality of Service (QoS) Quality of Service (QoS) is supported on platforms: e c s Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. The E-Series has eight unicast queues per port and 128 multicast queues per-port pipe. Traffic is queued on ingress and egress. By default, on ingress, all data traffic is mapped to Queue 0, and all control traffic is mapped to Queue 7. On egress control traffic is mapped across all eight queues.
www.dell.com | support.dell.com Table 38-80.
Figure 38-208. Dell Force10 QoS Architecture Marking (DiffServ, 802.1p, Exp) Ingress Packet Processing Packet Classification (ACL) Rate Policing Buffers Class-based Queues Switching Rate Limiting Buffers Class-based Queues Egress Congestion Management (WFQ Scheduling) Egress Packet Processing Traffic Shaping Congestion Avoidance (WRED) Implementation Information The Dell Force10 QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication.
www.dell.com | support.dell.com • • • • Set dot1p Priorities for Incoming Traffic Configure Port-based Rate Policing Configure Port-based Rate Limiting Configure Port-based Rate Shaping Set dot1p Priorities for Incoming Traffic Change the priority of incoming traffic on the interface using the command dot1p-priority from INTERFACE mode, as shown in Figure 38-209. FTOS places traffic marked with a priority in a queue based on Table 38-81.
Honor dot1p Priorities on Ingress Traffic By default FTOS does not honor dot1p priorities on ingress traffic. Use the command service-class dynamic dot1p from INTERFACE mode to honor dot1p priorities on ingress traffic, as shown in Figure 38-210. You can configure this feature on physical interfaces and port-channels, but you cannot configure it on individual interfaces in a port channel.
www.dell.com | support.dell.com Figure 38-211. Rate Policing Ingress Traffic FTOS#config t FTOS(conf)#interface gigabitethernet 1/0 FTOS(conf-if)#rate police 100 40 peak 150 50 FTOS(conf-if)#end FTOS# Figure 38-212.
Figure 38-214.
www.dell.com | support.dell.com Policy-based QoS Configurations Policy-based QoS configurations consist of the components shown in Figure 38-216. Figure 38-216.
2. Once you create a class-map, FTOS places you in CLASS MAP mode. From this mode, specify your match criteria using the command match ip, as shown in Figure 38-217. Match-any class maps allow up to five ACLs, and match-all class-maps allow only one ACL. 3. After you specify your match criteria, link the class-map to a queue using the command service-queue from POLICY MAP mode, as shown in Figure 38-217. Figure 38-217.
www.dell.com | support.dell.com In cases such as these, where class-maps with overlapping ACL rules are applied to different queues, use the order keyword to specify the order in which you want to apply ACL rules, as shown in Figure 38-217. The order can range from 0 to 254. FTOS writes to the CAM ACL rules with lower order numbers (order numbers closer to 0) before rules with higher order numbers so that packets are matched as you intended. By default, all ACL rules have an order of 254.
FTOS Behavior: An explicit “deny any" rule in a Layer 3 ACL used in a (match any or match all) class-map creates a "default to Queue 0" entry in the CAM, which causes unintended traffic classification. Below, traffic is classified in two Queues, 1 and 2. Class-map ClassAF1 is “match any,” and ClassAF2 is “match all”.
www.dell.com | support.dell.com Create a QoS Policy There are two types of QoS policies: input and output. Input QoS policies regulate Layer 3 and Layer 2 ingress traffic. The regulation mechanisms for input QoS policies are rate policing and setting priority values. There are two types of input QoS policies: Layer 3 and Layer 2. • • Layer 3 QoS input policies allow you to rate police and set a DSCP or dot1p value. Layer 2 QoS input policies allow you to rate police and set a dot1p value.
Set a DSCP value for egress packets based on ingress QoS classification, as shown in Figure 38-209. The 6 bits that are used for DSCP are also used to identify the queue in which traffic is buffered. When you set a DSCP value, FTOS displays an informational message advising you of the queue to which you should apply the QoS policy (using the command service-queue from POLICY-MAP-IN mode).
www.dell.com | support.dell.com Allocate bandwidth to queue The E-Series schedules unicast, multicast, and replication traffic for egress based on the Weighted Fair Queuing algorithm. The C-Series and S-Series schedule packets for egress based on Deficit Round Robin (DRR). These strategies both offer a guaranteed data rate. To allocate bandwidth to queues on the C-Series and S-Series, assign each queue a weight ranging from 1 to 1024, in increments of 2n, using the command bandwidth-weight.
Specify a WRED profile to yellow and/or green traffic using the command wred from QOS-POLICY-OUT mode. See Apply a WRED profile to traffic. Create Policy Maps There are two types of policy maps: input and output. Create Input Policy Maps There are two types of input policy-maps: Layer 3 and Layer 2. 1. Create a Layer 3 input policy map using the command policy-map-input from CONFIGURATION mode. Create a Layer 2 input policy map by specifying the keyword layer2 with the policy-map-input command. 2.
www.dell.com | support.dell.com Table 38-84.
When using QoS service policies with multiple class maps, you can configure FTOS to use the incoming DSCP or dot1p marking as a secondary option for packet queuing in the event that no match occurs in the class maps. When class-maps are used, traffic is matched against each class-map sequentially from first to last. The sequence is based on the priority of the rules, as follows: 1. rules with lowest priority, or in the absence of a priority configuration, 2.
www.dell.com | support.dell.com To enable Fall Back to trust diffserve or dot1p: Task Command Syntax Command Mode Classify packets according to their DSCP value as a secondary option in case no match occurs against the configured class maps. trust {diffserve | dot1p} fallback POLICY-MAP-IN Mapping dot1p values to service queues Mapping dot1p values to service queues is available only on platforms: c s On the C-Series and S-Series all traffic is by default mapped to the same queue, Queue 0.
2. Once you create an output policy map, do one or more of the following: • • • Apply an output QoS policy to a queue Specify an aggregate QoS policy Apply an output policy map to an interface 3. Apply the policy map to an interface. See page 61. Apply an output QoS policy to a queue Apply an output QoS policy to queues using the command service-queue from INTERFACE mode. Specify an aggregate QoS policy Specify an aggregate QoS policy using the command policy-aggregate from POLICY-MAP-OUT mode.
www.dell.com | support.dell.com QoS Rate Adjustment is disabled by default, and no qos-rate-adjust is listed in the running-configuration. Task Command Syntax Command Mode Include a specified number of bytes of packet overhead to include in rate limiting, policing, and shaping calculations. For example, to include the Preamble and SFD, enter qos-rate-adjust 8. For variable length overhead fields you must know the number of bytes you want to include.
Figure 38-220. Packet Drop Rate for WREDl No Packets Buffered Early Warning Allotted Space Packet Drop Rate All Pckts 0 Pckts 0KB Min Total Buffer Space Max Buffer Space fnC0045mp You can create a custom WRED profile or use on of the five pre-defined profiles. Table 38-86. Pre-defined WRED Profiles (E-Series) Default Profile Name Minimum Threshold Maximum Threshold wred_drop 0 0 wred_ge_y 1024 2048 wred_ge_g 2048 4096 wred_teng_y 4096 8192 wred_teng_g 8192 16384 Table 38-87.
www.dell.com | support.dell.com 2. The command wred places you in WRED mode. From this mode, specify minimum and maximum threshold values using the command threshold. Apply a WRED profile to traffic Once you create a WRED profile you must specify to which traffic FTOS should apply the profile. FTOS assigns a color (also called drop precedence)—red, yellow, or green—to each packet based on it DSCP value before queuing it. DSCP is a 6 bit field.
Display WRED Drop Statistics Display the number of packets FTOS dropped by WRED Profile using the command show qos statistics from EXEC Privilege mode. Figure 38-223.
www.dell.com | support.dell.com Pre-calculating Available QoS CAM Space Pre-calculating Available QoS CAM Space is supported on platforms: c e s Before version 7.3.1 there was no way to measure the number of CAM entries a policy-map would consume (the number of CAM entries that a rule uses is not predictable; 1 to 16 entries might be used per rule depending upon its complexity). Therefore, it was possible to apply to an interface a policy-map that requires more entries than are available.
• Exception indicates that the number of CAM entries required to write the policy-map to the CAM is greater than the number of available CAM entries, and therefore the policy-map cannot be applied to an interface in the specified port-pipe.
| Quality of Service (QoS) www.dell.com | support.dell.
39 Routing Information Protocol (RIP) Routing Information Protocol (RIP) is supported only on platforms: e cs RIP is supported on the S-Series following the release of FTOS version 7.8.1.0, and on the C-Series with FTOS versions 7.6.1.0 and after. Routing Information Protocol (RIP) is based on a distance-vector algorithm, it tracks distances or hop counts to nearby routers when establishing network connections.
www.dell.com | support.dell.com This first RIP version does not support VLSM or CIDR and is not widely used. RIPv2 RIPv2 adds support for subnet fields in the RIP routing updates, thus qualifying it as a classless routing protocol. The RIPv2 message format includes entries for route tags, subnet masks, and next hop addresses. Another enhancement included in RIPv2 is multicasting for route updates on IP multicast address 224.0.0.9.
• • • • • • Set send and receive version on page 774 (optional) Generate a default route on page 776 (optional) Control route metrics on page 777 (optional) Summarize routes on page 776 (optional) Control route metrics on page 777 Debug RIP on page 777 For a complete listing of all commands related to RIP, refer to the FTOS Command Reference. Enable RIP globally By default, RIP is not enabled in FTOS.
www.dell.com | support.dell.com Figure 39-227. show ip rip database Command Example (Partial) FTOS#show ip rip database Total number of routes in RIP database: 978 160.160.0.0/16 [120/1] via 29.10.10.12, 00:00:26, Fa 160.160.0.0/16 auto-summary 2.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 2.0.0.0/8 auto-summary 4.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 4.0.0.0/8 auto-summary 8.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 8.0.0.0/8 auto-summary 12.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 12.
To control the source of RIP route information, use the following commands, in the ROUTER RIP mode: Command Syntax Command Mode Purpose neighbor ip-address ROUTER RIP Define a specific router to exchange RIP information between it and the Dell Force10 system. You can use this command multiple times to exchange RIP information with as many RIP networks as you want. passive-interface interface ROUTER RIP Disable a specific interface from sending or receiving RIP routing information.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose redistribute isis [level-1 | level-1-2 | level-2] [metric metric-value] [route-map map-name] ROUTER RIP Include IS-IS routes in RIP. • metric range: 0 to 16 • map-name: name of a configured route map. Note: IS-IS is not supported on the S-Series platform. redistribute ospf process-id [match external {1 | 2} | match internal] [metric value] [route-map map-name] ROUTER RIP Include specific OSPF routes in RIP.
Figure 39-228.
www.dell.com | support.dell.com Figure 39-230.
If you must perform routing between discontiguous subnets, disable automatic summarization. With automatic route summarization disabled, subnets are advertised. The command autosummary requires no other configuration commands. To disable automatic route summarization, in the ROUTER RIP mode, enter no autosummary. Note: If the ip split-horizon command is enabled on an interface, then the system does not advertise the summarized address.
www.dell.com | support.dell.com To enable RIP debugging, use the following command in the EXEC privilege mode: Command Syntax Command Mode Purpose debug ip rip [interface | database | events | trigger] EXEC privilege Enable debugging of RIP. Figure 39-231 shows the confirmation when the debug function is enabled. Figure 39-231. debug ip rip Command Example FTOS#debug ip rip RIP protocol debug is ON FTOS# To disable RIP, use the no debug ip rip command.
Configuring RIPv2 on Core 2 Figure 39-233. Configuring RIPv2 on Core 2 Core2(conf-if-gi-2/31)# Core2(conf-if-gi-2/31)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10.0 Core2(conf-router_rip)#network 10.300.10.0 Core2(conf-router_rip)#network 10.11.10.0 Core2(conf-router_rip)#network 10.11.20.0 Core2(conf-router_rip)#show config ! router rip network 10.0.0.
www.dell.com | support.dell.com Figure 39-235.
RIP Configuration on Core 3 Figure 39-237. RIP Configuration on Core 3 Core3(conf-if-gi-3/21)#router rip Core3(conf-router_rip)#version 2 Core3(conf-router_rip)#network 192.168.1.0 Core3(conf-router_rip)#network 192.168.2.0 Core3(conf-router_rip)#network 10.11.30.0 Core3(conf-router_rip)#network 10.11.20.0 Core3(conf-router_rip)#show config ! router rip network 10.0.0.0 network 192.168.1.0 network 192.168.2.
www.dell.com | support.dell.com Figure 39-239.
RIP Configuration Summary Figure 39-241. Summary of Core 2 RIP Configuration Using Output of show run Command ! interface GigabitEthernet 2/11 ip address 10.11.10.1/24 no shutdown ! interface GigabitEthernet 2/31 ip address 10.11.20.2/24 no shutdown ! interface GigabitEthernet 2/41 ip address 10.200.10.1/24 no shutdown ! interface GigabitEthernet 2/42 ip address 10.250.10.1/24 no shutdown router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 Figure 39-242.
www.dell.com | support.dell.
40 Remote Monitoring (RMON) Remote Monitoring (RMON) is supported on platform: ecs This chapter describes the Remote Monitoring (RMON): • • Implementation on page 785 Fault Recovery on page 786 Remote Monitoring (RMON) is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Force10 Ethernet Interfaces.
www.dell.com | support.dell.com Fault Recovery RMON provides the following fault recovery functions: Interface Down—When an RMON-enabled interface goes down, monitoring continues. However, all data values are registered as 0xFFFFFFFF (32 bits) or ixFFFFFFFFFFFFFFFF (64 bits). When the interface comes back up, RMON monitoring processes resumes. Note: A Network Management System (NMS) should be ready to interpret a down interface and plot the interface performance graph accordingly.
Set rmon alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. To disable the alarm, use the no form of this command: Command Syntax Command Mode Purpose [no] rmon alarm number variable interval {delta | absolute} rising-threshold [value event-number] falling-threshold value event-number [owner string] CONFIGURATION Set an alarm on any MIB object. Use the no form of this command to disable the alarm.
www.dell.com | support.dell.com Figure 40-243. rmon alarm Command Example FTOS(conf)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 20 delta rising-threshold 15 1 falling-threshold 0 owner nms1 Alarm Number MIB Variable Monitor Interval Counter Value Limit Triggered Event The above example configures RMON alarm number 10. The alarm monitors the MIB variable 1.3.6.1.2.1.2.2.1.20.1 (ifEntry.ifOutErrors) once every 20 seconds until the alarm is disabled, and checks the rise or fall of the variable.
Figure 40-244. rmon event Command Example FTOS(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 The above configuration example creates RMON event number 1, with the description “High ifOutErrors”, and generates a log entry when the event is triggered by an alarm. The user nms1 owns the row that is created in the event table by this command. This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”.
www.dell.com | support.dell.com Configure RMON collection history To enable the RMON MIB history group of statistics collection on an interface, use the rmon collection history command in interface configuration mode. To remove a specified RMON history group of statistics collection, use the no form of this command.
41 Rapid Spanning Tree Protocol (RSTP) Rapid Spanning Tree Protocol (RSTP) is supported on platforms: ecs Protocol Overview Rapid Spanning Tree Protocol (RSTP) is a Layer 2 protocol—specified by IEEE 802.1w—that is essentially the same as Spanning-Tree Protocol (STP) but provides faster convergence and interoperability with switches configured with STP and MSTP. FTOS supports three other variations of Spanning Tree, as shown in Table 41-89. Table 41-89.
www.dell.com | support.dell.com • • • • • • • Configure an EdgePort on page 799 Preventing Network Disruptions with BPDU Guard on page 937 Influence RSTP Root Selection on page 800 Configuring Spanning Trees as Hitless on page 943 SNMP Traps for Root Elections and Topology Changes on page 801 Fast Hellos for Link State Detection on page 801 Flush MAC Addresses after a Topology Change on page 639 Important Points to Remember • • • • RSTP is disabled by default.
Configure Interfaces for Layer 2 Mode All interfaces on all bridges that will participate in Rapid Spanning Tree must be in Layer 2 and enabled. Figure 41-247.
www.dell.com | support.dell.com Enable Rapid Spanning Tree Protocol Globally Rapid Spanning Tree Protocol must be enabled globally on all participating bridges; it is not enabled by default. To enable Rapid Spanning Tree globally for all Layer 2 interfaces: Step Task Command Syntax Command Mode 1 Enter the PROTOCOL SPANNING TREE RSTP mode. protocol spanning-tree rstp CONFIGURATIO N 2 Enable Rapid Spanning Tree.
Figure 41-250. Rapid Spanning Tree Enabled Globally root R1 R2 1/3 Forwarding 2/1 1/4 Blocking 2/2 1/1 1/2 3/1 3/2 3/3 2/3 2/4 3/4 R3 Port 684 (GigabitEthernet 4/43) is alternate Discarding Port path cost 20000, Port priority 128, Port Identifier 128.684 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port id is 128.
www.dell.com | support.dell.com Figure 41-251. show spanning-tree rstp Command Example FTOS#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.cbb4 Configured hello time 2, max age 20, forward delay 15, max hops 0 We are the root Current root has priority 32768, Address 0001.e801.
Figure 41-252. show spanning-tree rstp brief Command Example R3#show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e80f.1dad Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------- -------- ---- ------- --- ------- -------------------- -------Gi 3/1 128.
www.dell.com | support.dell.com Table 41-90 displays the default values for RSTP. Table 41-90.
• Port priority influences the likelihood that a port will be selected to be a forwarding port in case that several ports have the same port cost. To change the port cost or priority of an interface, use the following commands: Task Command Syntax Command Mode Change the port cost of an interface. Range: 0 to 65535 Default: see Table 41-90. spanning-tree rstp cost cost INTERFACE Change the port priority of an interface.
www.dell.com | support.dell.com FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1 If the interface to be shutdown is a port channel then all the member ports are disabled in the hardware. 2 When a physical port is added to a port channel already in error disable state, the new member port will also be disabled in the hardware.
Figure 41-254. bridge-priority Command Example FTOS(conf-rstp)#bridge-priority 4096 04:27:59: %RPM0-P:RP2 %SPANMGR-5-STP_ROOT_CHANGE: RSTP root changed. My Bridge ID: 4096:0001.e80b.88bd Old Root: 32768:0001.e801.cbb4 New Root: 4096:0001.e80b.88bd Old root bridge ID New root bridge ID SNMP Traps for Root Elections and Topology Changes Enable SNMP traps for RSTP, MSTP, and PVST+ collectively using the command snmp-server enable traps xstp.
www.dell.com | support.dell.
42 Security Security features are supported on platforms: ecs This chapter discusses several ways to provide access security to the Dell Force10 system. Platform-specific features are identified by the c, e or s icons (as shown below).
www.dell.com | support.dell.com • • • • • Enable AAA Accounting on page 804 (mandatory) Suppress AAA Accounting for null username sessions on page 804 (optional) Configure Accounting of EXEC and privilege-level command usage on page 805 (optional) Configure AAA Accounting for terminal lines on page 805 (optional) Monitor AAA Accounting on page 805 (optional) Enable AAA Accounting The aaa accounting command enables you to create a record for any or all of the accounting functions monitored.
Configure Accounting of EXEC and privilege-level command usage The network access server monitors the accounting functions defined in the TACACS+ attribute/value (AV) pairs. In the following sample configuration, AAA accounting is set to track all usage of EXEC commands and commands on privilege level 15.
www.dell.com | support.dell.com AAA Authentication FTOS supports a distributed client/server system implemented through Authentication, Authorization, and Accounting (AAA) to help secure networks against unauthorized access. In the Dell Force10 implementation, the Dell Force10 system acts as a RADIUS or TACACS+ client and sends authentication requests to a central RADIUS or TACACS+ server that contains all user authentication and network service access information.
Configure AAA Authentication login methods To configure an authentication method and method list, use these commands in the following sequence in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose aaa authentication login {method-list-name | default} method1 [... method4] CONFIGURATION Define an authentication method-list (method-list-name) or specify the default. The default method-list is applied to all terminal lines.
www.dell.com | support.dell.com Enable AAA Authentication To enable AAA authentication, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose aaa authentication enable CONFIGURATION • {method-list-name | default} method1 [... method4] • • default—Uses the listed authentication methods that follow this argument as the default list of methods when a user logs in.
Server-side configuration TACACS+: When using TACACS+, Dell Force10 sends an initial packet with service type SVC_ENABLE, and then, a second packet with just the password. The TACACS server must have an entry for username $enable$. RADIUS: When using RADIUS authentication, FTOS sends an authentication packet with the following: Username: $enab15$ Password: Therefore, the RADIUS server must have an entry for this username. AAA Authorization FTOS enables AAA new-model by default.
www.dell.com | support.dell.com By default, commands in FTOS are assigned to different privilege levels. You can access those commands only if you have access to that privilege level. For example, to reach the protocol spanning-tree command, you must log in to the router, enter the enable command for privilege level 15 (this is the default level for the command) and then enter the CONFIGURATION mode. You can configure passwords to control access to the box and assign different privilege levels to users.
Configure the enable password command To configure FTOS, you must use the enable command to enter the EXEC Privilege level 15. After entering the command, FTOS requests that you enter a password. Privilege levels are not assigned to passwords, rather passwords are assigned to a privilege level. A password for any privilege level can always be changed. To change to a different privilege level, enter the enable command, followed by the privilege level.
www.dell.com | support.dell.com To assign commands and passwords to a custom privilege level, you must be in privilege level 15 and use these commands in the following sequence in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose username name [access-class access-list-name] [privilege level] [nopassword | password [encryption-type] password] CONFIGURATION Assign a user name and password. Configure the optional and required parameters: • name: Enter a text string (up to 63 characters).
Figure 42-256. Configuring a Custom Privilege Level FTOS(conf)#username john privilege 8 password john FTOS(conf)#enable password level 8 notjohn FTOS(conf)#privilege exec level 8 configure FTOS(conf)#privilege config level 8 snmp-server FTOS(conf)#end FTOS#show running-config Current Configuration ...
www.dell.com | support.dell.com To specify a password for the terminal line, use the following commands, in any order, in the LINE mode: Command Syntax Command Mode Purpose privilege level level LINE Configure a custom privilege level for the terminal lines. • level level range: 0 to 15. Levels 0, 1 and 15 are pre-configured. Levels 2 to 14 are available for custom configuration. password [encryption-type] password LINE Specify either a plain text or encrypted password.
RADIUS Authentication and Authorization FTOS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication methods in the aaa authentication login command. When configuring AAA authorization, you can configure to limit the attributes of services available to a user. When authorization is enabled, the network access server uses configuration information from the user profile to issue the user's session.
www.dell.com | support.dell.com Auto-command You can configure the system through the RADIUS server to automatically execute a command when you connect to a specific line. To do this, use the command auto-command. The auto-command is executed when the user is authenticated and before the prompt appears to the user.
Command Syntax Command Mode Purpose aaa authorization exec {method-list-name | default} radius tacacs+ CONFIGURATION Create methodlist with RADIUS and TACACS+ as authorization methods. Typical order of methods: RADIUS, TACACS+, Local, None. If authorization is denied by RADIUS, the session ends (radius should not be the last method specified). Apply the method list to terminal lines To enable RADIUS AAA login authentication for a method list, you must apply it to a terminal line.
www.dell.com | support.dell.com To specify multiple RADIUS server hosts, configure the radius-server host command multiple times. If multiple RADIUS server hosts are configured, FTOS attempts to connect with them in the order in which they were configured. When FTOS attempts to authenticate a user, the software connects with the RADIUS server hosts one at a time, until a RADIUS server host responds with an accept or reject response.
To view the configuration of RADIUS communication parameters, use the show running-config command in the EXEC Privilege mode. Monitor RADIUS To view information on RADIUS transactions, use the following command in the EXEC Privilege mode: Command Syntax Command Mode Purpose debug radius EXEC Privilege View RADIUS transactions to troubleshoot problems. TACACS+ FTOS supports Terminal Access Controller Access Control System (TACACS+ client, including support for login authentication.
www.dell.com | support.dell.com To select TACACS as the login authentication method, use these commands in the following sequence in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose tacacs-server host {ip-address | host} CONFIGURATION Configure a TACACS+ server host. Enter the IP address or host name of the TACACS+ server. Use this command multiple times to configure multiple TACACS+ server hosts. 2 aaa authentication login {method-list-name | default} tacacs+ [...
Figure 42-258.
www.dell.com | support.dell.com Figure 42-259 demonstrates how to configure the access-class from a TACACS+ server. This causes the configured access-class on the VTY line to be ignored. If you have configured a deny10 ACL on the TACACS+ server, FTOS downloads it and applies it. If the user is found to be coming from the 10.0.0.0 subnet, FTOS also immediately closes the Telnet connection. Note, that no matter where the user is coming from, they see the login prompt. Figure 42-259.
To delete a TACACS+ server host, use the no tacacs-server host {hostname | ip-address} command. freebsd2# telnet 2200:2200:2200:2200:2200::2202 Trying 2200:2200:2200:2200:2200::2202... Connected to 2200:2200:2200:2200:2200::2202. Escape character is '^]'. Login: admin Password: FTOS# FTOS# Command Authorization The AAA command authorization feature configures FTOS to send each configuration command to a TACACS server for authorization before it is added to the running configuration.
www.dell.com | support.dell.com SCP is a remote file copy program that works with SSH and is supported by FTOS. Note: The Windows-based WinSCP client software is not supported for secure copying between a PC and an FTOS-based system. Unix-based SCP client software is supported.
Figure 42-260. Specifying an SSH version FTOS(conf)#ip ssh server version 2 FTOS(conf)#do show ip ssh SSH server : disabled. SSH server version : v2. Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled. To disable SSH server functions, enter no ip ssh server enable.
www.dell.com | support.dell.com • • • • • • • • • • • ip ssh hostbased-authentication enable: Enable hostbased-authentication for the SSHv2 server. ip ssh key-size: Configure the size of the server-generated RSA SSHv1 key. ip ssh password-authentication enable: Enable password authentication for the SSH server. ip ssh pub-key-file: Specify the file to be used for host-based authentication. ip ssh rhostsfile: Specify the rhost file to be used for host-based authorization.
Figure 42-262. Enabling SSH Password Authentication FTOS(conf)#ip ssh server enable % Please wait while SSH Daemon initializes ... done. FTOS(conf)#ip ssh password-authentication enable FTOS#sh ip ssh SSH server : enabled. Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled. RSA Authentication of SSH The following procedure authenticates an SSH client based on an RSA key using RSA authentication.
www.dell.com | support.dell.com Step 2 Task Command Syntax Command Mode Create shosts by copying the public RSA key to the to the file shosts in the diretory .ssh, and write the IP address of the host to the file. cp /etc/ssh/ssh_host_rsa_key.pub /.ssh/shosts Figure 42-264. Creating shosts admin@Unix_client# cd /etc/ssh admin@Unix_client# ls moduli sshd_config ssh_host_dsa_key.pub ssh_host_rsa_key.pub ssh_config ssh_host_dsa_key ssh_host_rsa_key ssh_host_key.
Figure 42-266. Client-based SSH Authentication FTOS#ssh 10.16.127.201 ? -l User name option -p SSH server port option (default 22) -v SSH protocol version Troubleshooting SSH • You may not bind id_rsa.pub to RSA authentication while logged in via the console. In this case, Message 37 appears. Message 37 RSA Authentication Error %Error: No username set for this term. • Host-based authentication must be enabled on the server (Dell Force10system) and the client (Unix machine).
www.dell.com | support.dell.com Trace Lists The Trace Lists feature is supported only on the E-Series: e You can log packet activity on a port to confirm the source of traffic attacking a system. Once the Trace list is enabled on the system, you view its traffic log to confirm the source address of the attacking traffic. In FTOS, Trace lists are similar to extended IP ACLs, except that Trace lists are not applied to an interface.
Creating a trace list Trace lists filter and log traffic based on source and destination IP addresses, IP host addresses, TCP addresses, TCP host addresses, UDP addresses, and UDP host addresses. When configuring the Trace list filters, include the count and bytes parameters so that any hits to that filter are logged.
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 2 seq sequence-number {deny | permit} tcp {source mask | any | host ip-address} [operator port [port]] {destination mask | any | host ip-address} [operator port [port]] [established] [count [byte] | log] TRACE LIST Configure a trace list filter for TCP packets. • source: An IP address as the source IP address for the filter to match.
Figure 42-267. Trace list Using seq Command Example FTOS(config-trace-acl)#seq 15 deny ip host 12.45.0.0 any log FTOS(config-trace-acl)#seq 5 permit tcp 121.1.3.45 0.0.255.255 any FTOS(config-trace-acl)#show conf ! ip trace-list dilling seq 5 permit tcp 121.1.0.0 0.0.255.255 any seq 15 deny ip host 12.45.0.0 any log FTOS(config-trace-acl)# If you are creating a Trace list with only one or two filters, you can let FTOS assign a sequence number based on the order in which the filters are configured.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose {deny | permit} tcp {source mask | any | host TRACE LIST Configure a deny or permit filter to examine TCP packets. Configure the following required and optional parameters: • source: An IP address as the source IP address for the filter to match. • mask: a network mask • any: to match any IP source address • host ip-address: to match IP addresses in a host. • destination: An IP address as the source IP address for the filter to match.
Figure 42-268. Trace List Example FTOS(config-trace-acl)#deny tcp host 123.55.34.0 any FTOS(config-trace-acl)#permit udp 154.44.123.34 0.0.255.255 host 34.6.0.0 FTOS(config-trace-acl)#show config ! ip trace-list nimule seq 5 deny tcp host 123.55.34.0 any seq 10 permit udp 154.44.0.0 0.0.255.255 host 34.6.0.0 To view all configured Trace lists and the number of packets processed through the Trace list, use the show ip accounting trace-list command (Figure 110) in the EXEC Privilege mode.
www.dell.com | support.dell.com VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in FTOS. These depend on which authentication scheme you use — line, local, or remote: Table 42-91. VTY Access Authentication Method Username VTY access-class access-class support? support? Remote authorization support? Line YES NO NO Local NO YES NO TACACS+ YES NO YES (with FTOS 5.2.1.0 and later) RADIUS YES NO YES (with FTOS 6.1.1.
Figure 42-270 shows how to allow or deny a Telnet connection to a user. Users will see a login prompt, even if they cannot login. No access class is configured for the VTY line. It defaults from the local database. Figure 42-270.
www.dell.com | support.dell.com VTY MAC-SA Filter Support 838 FTOS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security policy based on the source MAC address. To apply a MAC ACL on a VTY line, use the same access-class command as IP ACLs (Figure 42-272). Figure 42-272 shows how to deny incoming connections from subnet 10.0.0.0 without displaying a login prompt. Figure 42-272.
43 Service Provider Bridging Service Provider Bridging is supported on platforms: ecs This chapter contains the following major sections: • • • • • VLAN Stacking VLAN Stacking Packet Drop Precedence Dynamic Mode CoS for VLAN Stacking Layer 2 Protocol Tunneling Provider Backbone Bridging VLAN Stacking VLAN Stacking is supported on platforms: ces VLAN Stacking, also called Q-in-Q, is defined in IEEE 802.1ad—Provider Bridges, which is an amendment to IEEE 802.1Q—Virtual Bridged Local Area Networks.
PCP TPID (0x9100) DEI VID (VLAN 300) PCP TPID (0x8100) CFI (0) VID (VLAN Red) AN 1 00 tagged 100 AN 0 10 VL VL www.dell.com | support.dell.com Figure 43-273.
Create Access and Trunk Ports An access port is a port on the service provider edge that directly connects to the customer. An access port may belong to only one service provider VLAN. A trunk port is a port on a service provider bridge that connects to another service provider bridge and is a member of multiple service provider VLANs. Physical ports and port-channels can be access or trunk ports.
www.dell.com | support.dell.com Display the status and members of a VLAN using the show vlan command from EXEC Privilege mode. Members of a VLAN-Stacking-enabled VLAN are marked with an M in column Q. Figure 43-275.
In Figure 43-276 GigabitEthernet 0/1 a trunk port that is configured as a hybrid port and then added to VLAN 100 as untagged VLAN 101 as tagged, and VLAN 103, which is a stacking VLAN. Figure 43-276.
www.dell.com | support.dell.com Figure 43-277. Example of Output of debug member vlan and debug member port 3/27(MU) FTOS# debug member vlan 603 vlan id : 603 ports : Gi 2/47 (MT), Gi 3/1(MU), Gi 3/25(MT), Gi 3/26(MT), Gi FTOS#debug member port gigabitethernet 2/47 vlan id : 603 (MT), 100(T), 101(NU) VLAN Stacking in Multi-vendor Networks The first field in the VLAN tag is the Tag Protocol Identifier (TPID), which is two bytes.
Figure 43-278.
LUE TPID 0x9100 VLAN GREEN UE N BL VLA R1-E-Series TeraScale TPID: 0x9100 NB CE PROVIDER RVI SE X R2-E-Series TeraScale TPID: 0x8181 VLAN GREEN, VLAN VL AN Building D TPID 0x8100 VLA INTE RN ET www.dell.com | support.dell.com Figure 43-279.
LUE TPID 0x9191 VLAN GREEN UE N BL VLA R1-E-Series TeraScale TPID: 0x9191 Building D NB CE PROVIDER RVI SE VLA INTE RN ET Figure 43-280. First-byte TPID Match on the E-Series ExaScale X R2-E-Series ExaScale TPID: 0x9100 VLAN GREEN, VLAN VL AN PU VLAN R PURPLE ED RP LE Building C VL AN D RE Table 43-92 details the outcome of matched and mis-matched TPIDs in a VLAN-stacking network with the E-Series. Table 43-92.
www.dell.com | support.dell.com You can configure the first eight bits of the TPID using the command vlan-stack protocol-type. The TPID on the C-Series and S-Series systems is global. Ingress frames that do not match the system TPID are treated as untagged. This rule applies for both the outer tag TPID of a double-tagged frame and the TPID of a single-tagged frame.
LUE NB VLA DEFAULT VLAN Figure 43-282. Single and Double-tag First-byte TPID Match on C-Series and S-Series TPID 0x8181 R2-C-Series w/ FTOS <8.2.1.0 ED TPID: 0x8181 VLAN R PURPLE VLAN GREEN, VLAN EN GRE VLAN UE DEFAULT VLAN N BL R3-C-Series w/ FTOS >=8.2.1.0 VL VLA TPID: 0x8181 AN PU R1-C-Series w/ FTOS <8.2.1.
www.dell.com | support.dell.com Table 43-93 details the outcome of matched and mismatched TPIDs in a VLAN-stacking network with the C-Series and S-Series. Table 43-93. C-Series and S-Series Behaviors for Mis-matched TPID Network Position Incoming Packet TPID System TPID Match Type Pre-8.2.1.0 8.2.1.
Enable Drop Eligibility You must enable Drop Eligibility globally before you can honor or mark the DEI value. Task Command Syntax Command Mode Make packets eligible for dropping based on their DEI value. By default, packets are colored green, and DEI is marked 0 on egress. dei enable CONFIGURATION When Drop Eligibility is enabled, DEI mapping or marking takes place according to the defaults. In this case, the CFI is affected according to Table 43-94. Table 43-94.
www.dell.com | support.dell.com Task Command Syntax Command Mode FTOS#show interface dei-honor Default Drop precedence: Green Interface CFI/DEI Drop precedence ------------------------------------------------------------Gi 0/1 0 Green Gi 0/1 1 Yellow Gi 8/9 1 Red Gi 8/40 0 Yellow Mark Egress Packets with a DEI Value On egress, you can set the DEI value according to a different mapping than ingress (see Honor the Incoming DEI Value).
Figure 43-284. Statically and Dynamically Assigned dot1p for VLAN Stacking Untagged S-Tag with statically-assigned dot1p S-Tag DATA 0x0800 SA DA DATA 100 1 C-Tag C-Tag 3 0x0800 0x8100 SA DA 3 100 0x8100 C-Tagged 400 0x9100 SA DA 0x9100 SA DA S-Tag 4 400 S-Tag with mapped dot1p When configuring Dynamic Mode CoS, you have two options: a mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p.
www.dell.com | support.dell.com FTOS Behavior: For Option A above, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS configuration, the queue selected by Dynamic Mode CoS takes precedence. However, rate policing for the queue is determined by QoS configuration.
To map C-Tag dot1p values to S-Tag dot1p values and mark the frames accordingly: Step Task Command Syntax Command Mode Allocate CAM space to enable queuing frames according to the C-Tag or the S-Tag. vman-qos: mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p. This method requires half as many CAM entries as vman-qos-dual-fp. vman-qos-dual-fp: mark the S-Tag dot1p and queue the frame according to the S-Tag dot1p.
SPANNI NG TR INTE RN E T no spanning-tree ETWORK EN RE SPAN NIN G www.dell.com | support.dell.com Figure 43-285. VLAN Stacking without L2PT T ING TREE ANN SP PROVIDER w/ VICE R SE EE EE TR Building B no spanning-tree X BPDU w/ destination MAC address: 01-80-C2-00-00-00 Building A You might need to transport control traffic transparently through the intermediate network to the other region.
SPANNI NG TR Figure 43-286.
www.dell.com | support.dell.com Specify a Destination MAC Address for BPDUs By default, FTOS uses a Dell Force10-unique MAC address for tunneling BPDUs. You can configure another value. Task Command Syntax Command Mode Overwrite the BPDU with a user-specified destination MAC address when BPDUs are tunneled across the provider network.
Debug Layer 2 Protocol Tunneling Task Command Syntax Command Mode Display debugging information for L2PT. debug protocol-tunnel EXEC Privilege Provider Backbone Bridging Provider Backbone Bridging is supported only on platforms: cs IEEE 802.1ad—Provider Bridges amends 802.1Q—Virtual Bridged Local Area Networks so that service providers can use 802.1Q architecture to offer separate VLANs to customers with no coordination between customers, and minimal coordination between customers and the provider.
| Service Provider Bridging www.dell.com | support.dell.
44 sFlow Configuring sFlow is supported on platforms: • • • • • • • • ecs Enable and Disable sFlow sFlow Show Commands Specify Collectors Polling Intervals Sampling Rate Back-off Mechanism sFlow on LAG ports Extended sFlow Overview FTOS supports sFlow version 5. sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic. It is designed to provide traffic monitoring for high speed networks with many switches and routers.
www.dell.com | support.dell.com Figure 44-287. sFlow Traffic Monitoring System sFlow Collector Switch/Router sFlow Datagrams sFlow Agent Poll Interface Counters Interface Counters Flow Samples Switch ASIC Implementation Information The Dell Force10 sFlow is designed so that the hardware sampling rate is per line card port-pipe and is decided based upon all the ports in that port-pipe.
• • • • • • • • • • FTOS exports all sFlow packets to the collector. A small sampling rate can equate to a large number of exported packets. A backoff mechanism will automatically be applied to reduce this amount. Some sampled packets may be dropped when the exported packet rate is high and the backoff mechanism is about to or is starting to take effect. The dropEvent counter, in the sFlow packet, will always be zero.
www.dell.com | support.dell.com sFlow Show Commands FTOS includes the following sFlow display commands: • • • Show sFlow Globally Show sFlow on an Interface Show sFlow on a Line Card Show sFlow Globally Use the following command to view sFlow statistics: Command Syntax show sflow Command Mode EXEC Purpose Display sFlow configuration information and statistics. Figure 44-288 is a sample output from the show sflow command: Figure 44-288.
Figure 44-289. Command Example: show sflow interface FTOS#show sflow interface gigabitethernet 1/16 Gi 1/16 Configured sampling rate :8192 Actual sampling rate :8192 Sub-sampling rate :2 Counter polling interval :15 Samples rcvd from h/w :33 Samples dropped for sub-sampling :6 The configuration, shown in Figure 44-288, is also displayed in the running configuration (Figure 44-290): Figure 44-290.
www.dell.com | support.dell.com Specify Collectors The sflow collector command allows identification of sFlow Collectors to which sFlow datagrams are forwarded. The user can specify up to two sFlow collectors. If two Collectors are specified, the samples are sent to both. Collection through Management interface is supported on platform: e.
The sflow sample-rate command, when issued in CONFIGURATION mode, changes the default sampling rate. By default, the sampling rate of an interface is set to the same value as the current global default sampling rate.If the value entered is not a correct power of 2, the command generates an error message with the previous and next power-of-2 value. Select one of these two number and re-enter the command. (For more information on values in power-of-2, see Sub-sampling on page 867.
www.dell.com | support.dell.com Back-off Mechanism If the sampling rate for an interface is set to a very low value, the CPU can get overloaded with flow samples under high-traffic conditions. In such a scenario, a binary back-off mechanism gets triggered, which doubles the sampling-rate (halves the number of samples per second) for all interfaces. The backoff mechanism continues to double the sampling-rate until CPU condition is cleared. This is as per sFlow version 5 draft.
Figure 44-292. Confirming that Extended sFlow is Enabled FTOS#show sflow sFlow services are enabled Extended sFlow settings Global default sampling rate: 4096 show all 3 types are enabled Global default counter polling interval: 15 Global extended information enabled: gateway, router, switch 1 collectors configured Collector IP addr: 10.10.10.3, Agent IP addr: 10.10.0.
www.dell.com | support.dell.com Table 44-95. Extended Gateway Summary IP SA IP DA srcAS and srcPeerAS dstAS and dstPeerAS static/connected/IGP static/connected/IGP — — Extended gateway data is not exported because there is no AS information. static/connected/IGP BGP 0 Exported src_as & src_peer_as are zero because there is no AS information for IGP. BGP static/connected/IGP — — Prior to FTOS version 7.8.1.0, extended gateway data is not be exported because IP DA is not learned via BGP.
45 Simple Network Management Protocol (SNMP) Simple Network Management Protocol (SNMP) is supported on platforms: ecs SNMP is supported on the E-Series ExaScale platform with FTOS 8.1.1.0 and later. Note: On Dell Force10 routers, standard and private SNMP MIBs are supported, including all Get and a limited number of Set operations (such as set vlan and copy cmd).
www.dell.com | support.dell.com 1. Create a community. See page 873. Configuring SNMP version 3 requires you to configure SNMP users in one of three methods. See Setting Up User-based Security (SNMPv3).
Create a Community For SNMPv1 and SNMPv2, you must create a community to enable the community-based security in FTOS. The management station generates requests to either retrieve or alter the value of a management object and is called the SNMP manager. A network element that processes SNMP requests is called an SNMP agent. An SNMP community is a group of SNMP agents and managers that are allowed to interact.
www.dell.com | support.dell.com Figure 45-295. Select a User-based Security Type FTOS(conf)#snmp-server host 1.1.1.1 traps {oid tree} version 3 ? auth Use the SNMPv3 authNoPriv Security Level noauth Use the SNMPv3 noAuthNoPriv Security Level priv Use the SNMPv3 authPriv Security Level FTOS(conf)#snmp-server host 1.1.1.
Read Managed Object Values You may only retrieve (read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Force10 supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address. These values display for ipAddressTable objects using the snmpwalk command. In the following figure, the value “4” displays in the OID before the IP address for IPv4.
www.dell.com | support.dell.com Task Command Figure 45-298. Reading the Value of Many Managed Objects at Once > snmpwalk -v 2c -c mycommunity 10.11.131.161 .1.3.6.1.2.1.1 SNMPv2-MIB::sysDescr.0 = STRING: Dell Force10 Real Time Operating System Software Dell Force10 Operating System Version: 1.0 Dell Force10 Application Soft;ware Version: E_MAIN4.7.6.350 Copyright (c) 1999-2007 by Dell Force10 Build Time: Mon May 12 14:02:22 PDT 2008 SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.6027.1.3.
To configure system contact and location information from the Dell Force10 system: Task Command Command Mode Identify the system manager along with this person’s contact information (e.g., E-mail address or phone number). You may use up to 55 characters. Default: None snmp-server contact text CONFIGURATION Identify the physical location of the system. For example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1. You may use up to 55 characters.
www.dell.com | support.dell.com To configure the system to send SNMP notifications: Step Task Command Command Mode Configure the Dell Force10 system to send notifications to an SNMP server. • Enter the keyword traps to send trap messages. • Enter the keyword informs to send informational messages. • Enter the keyword version to send the SNMP version to use for notification messages. • Enter the name of the community-string to identify the SNMPv1 community string.
Table 45-97.
www.dell.com | support.dell.com Table 45-97.
Table 45-97. Dell Force10 Enterprise-specific SNMP Traps Command Option Trap Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1489568) 4:08:15.68,SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::mib-2.47.2.0.1, SNMPv2-SMI::enterprises.6027.3.6.1.1.2.
www.dell.com | support.dell.com Table 45-98. MIB Objects for Copying Configuration Files via SNMP MIB Object OID Object Values Description copySrcFileName .1.3.6.1.4.1.6027.3.5.1.1.1.1.4 Path (if file is not in Specifies name of the file. current directory) • If copySourceFileType is set to and filename. running-config or startup-config, copySrcFileName is not required. copyDestFileType .1.3.6.1.4.1.6027.3.5.1.1.1.1.
Step Task Command Syntax Command Mode On the server, use the command snmpset as shown: 3 snmpset -v snmp-version -c community-name -m mib_path/f10-copy-config.mib force10system-ip-address mib-object.index {i | a | s} object-value... Every specified object must have an object value, which must be preceded by the keyword i. See Table 6 for ranges. index must be unique to all previously executed snmpset commands. If an index value has been used previously, a message like the one in Message 3 appears.
www.dell.com | support.dell.com Table 45-99. Copying Configuration Files via SNMP Task snmpset -v 2c -c public force10system-ip-address copySrcFileType.index i 2 copyDestFileType.index i 3 Figure 45-300 show the command syntax using MIB object names. Figure 45-301 shows the same command using the object OIDs. In both cases, the object is followed by a unique index number. Figure 45-300. Copying Configuration Files via SNMP using Object-Name Syntax > snmpset -v 2c -r 0 -t 60 -c private -m .
Table 45-99. Copying Configuration Files via SNMP Task • • server-ip-address must be preceded by the keyword a. values for copyUsername and copyUserPassword must be preceded by the keyword s. Figure 45-304. Copying Configuration Files via SNMP and FTP to a Remote Server > snmpset -v 2c -c private -m ./f10-copy-config.mib 10.10.10.10 copySrcFileType.110 i 2 copyDestFileName.110 s /home/startup-config copyDestFileLocation.110 i 4 copyServerAddress.110 a 11.11.11.11 copyUserName.
www.dell.com | support.dell.com Dell Force10 provides additional MIB Objects to view copy statistics. These are provided in Table 45-100. Table 45-100. MIB Objects for Copying Configuration Files via SNMP MIB Object OID Values Description copyState .1.3.6.1.4.1.6027.3.5.1.1.1.1.11 1= running 2 = successful 3 = failed Specifies the state of the copy operation. copyTimeStarted .1.3.6.1.4.1.6027.3.5.1.1.1.1.12 Time value Specifies the point in the up-time clock that the copy operation started.
Figure 45-307 shows the command syntax using MIB object names, and Figure 45-308 shows the same command using the object OIDs. In both cases, the object is followed by same index number used in the snmpset command. Figure 45-307. Obtaining MIB Object Values for a Copy Operation using Object-name Syntax > snmpget -v 2c -c private -m ./f10-copy-config.mib 10.11.131.140 copyTimeCompleted.110 FTOS-COPY-CONFIG-MIB::copyTimeCompleted.110 = Timeticks: (1179831) 3:16:38.31 Figure 45-308.
www.dell.com | support.dell.com Figure 45-310. Assign a VLAN Alias using SNMP [Unix system output] > snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17.7.1.4.3.1.1.
The table that the Dell Force10 system sends in response to the snmpget request is a table that contains hexadecimal (hex) pairs, each pair representing a group of eight ports. • • • On the E-Series, 12 hex pairs represents a line card. Twelve pairs accommodates the greatest currently available line card port density, 96 ports. On the C-Series, 28 hex pairs represents a line card.
www.dell.com | support.dell.com The value 40 is in the first set of 7 hex pairs, indicating that these ports are in Stack Unit 0. The hex value 40 is 0100 0000 in binary. As described above, the left-most position in the string represents Port 1. The next position from the left represents Port 2 and has a value of 1, indicating that Port 0/2 is in VLAN 10. The remaining positions are 0, so those ports are not in the VLAN.
In Figure 45-315, Port 0/2 is added as a tagged member of VLAN 10. Figure 45-315. Adding Tagged Ports to a VLAN using SNMP >snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 x "40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" .1.3.6.1.2.1.17.7.1.4.3.1.4.
www.dell.com | support.dell.com Enable and Disable a Port using SNMP Step Task Command Syntax Command Mode 1 Create an SNMP community on the Dell Force10 system. snmp-server community CONFIGURATION 2 From the Dell Force10 system, identify the interface index of the port for which you want to change the admin status. Or, from the management system, use the snmpwwalk command to identify the interface index.
Each object is comprised an OID concatenated with an instance number. In the case of these objects, the instance number is the decimal equivalent of the MAC address; derive the instance number by converting each hex pair to its decimal equivalent. For example, the decimal equivalent of E8 is 232, and so the instance number for MAC address 00:01:e8:06:95:ac is.0.1.232.6.149.172. The value of dot1dTpFdbPort is the port number of the port off which the system learns the MAC address.
www.dell.com | support.dell.com Deriving Interface Indices FTOS assigns an interface number to each (configured or unconfigured) physical and logical interface. Display the interface index number using the command show interface from EXEC Privilege mode, as shown in Figure 45-319. Figure 45-319.
Figure 45-321. Binary Representation of Interface Index For interface indexing, slot and port numbering begins with the binary one. If the Dell Force10 system begins slot and port numbering from 0, then the binary 1 represents slot and port 0. For example, the index number in Figure 45-321 gives the binary 2 for the slot number, though interface GigabitEthernet 1/21 belongs to Slot 1. This is because the port for this example is on an E-Series which begins numbering slots from 0.
www.dell.com | support.dell.com SNMPv2-SMI::enterprises.6027.3.2.1.1.6.1.4.1107755009.1 = INTEGER: 1 << Status active, 2 – status inactive If we learn MAC addresses for the LAG, status will be shown for those as well. dot3aCurAggVlanId SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.1.1.0.0.0.0.0.1.1 = INTEGER: 1 dot3aCurAggMacAddr SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.2.1.0.0.0.0.0.1.1 = Hex-STRING: 00 00 00 00 00 01 dot3aCurAggIndex SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.3.1.0.0.0.0.0.1.
46 Stacking Stacking is supported on the following platforms: S-Series (S50/S25) s, Stacking is supported on the S4810 platform with FTOS version 8.3.7.1, version 8.3.10.2 and newer. Note: The S4810 commands accept Unit ID numbers 0-11, though the S4810 supports stacking up to 3 units only with FTOS version 8.3.7.1 and version 8.3.10.2. The S4810 supports stacking up to 6 units on FTOS version 8.3.12.0.
www.dell.com | support.dell.com Stack Management Roles The stack elects the management units for the stack management: • • • • Stack master: The primary management unit, also called the master unit. Standby: The secondary management unit. Stack units: Also called stack members, these are the remaining units in the stack. The system supports up to four S4810 stack units. Stack group: On the S4810, each set of 4 10G ports or each individual 40G port correspond to a stack-group.
A change in the stack master occurs when: • • • You power down the stack master or bring the master switch offline. A failover of the master switch occurs. You disconnect the master switch from the stack. When a stack reloads and all the units come up at the same time, for example, when all units boot up from flash, all units participate in the election and the master and standby are chosen based on the priority or MAC address.
www.dell.com | support.dell.com Failover Roles If the stack master fails (e.g., is powered off), it is removed from the stack topology. The standby unit detects the loss of peering communication and takes ownership of the stack management, switching from the standby role to the master role. The distributed forwarding tables are retained during the failover, as is the stack MAC address. The lack of a standby unit triggers an election within the remaining units for a standby role.
Figure 46-323. Adding a Standalone with a Lower MAC Address to a Stack— Before (S50-type) -------------------------------STANDALONE BEFORE CONNECTION---------------------------------Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Management online S50V S50V 7.8.1.
www.dell.com | support.dell.com After -------------------------------STANDALONE AFTER CONNECTION---------------------------------Standalone#%STKUNIT0-M:CP %POLLMGR-2-ALT_STACK_UNIT_STATE: Alternate Stack-unit is present 00:20:20: %STKUNIT0-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 1 present 00:20:22: %STKUNIT0-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 2 present Going for reboot.
Figure 46-325. S4810 supported stacking topologies High Availability on S-Series Stacks S-Series stacks have master and standby management units analogous to Dell Force10 Route Processor Modules (Figure 46-326). The master unit synchronizes the running configuration and protocol states so that the system fails over in the event of a hardware or software fault on the master unit.
www.dell.com | support.dell.com Figure 46-326. S-Series Stack Manager Redundancy (S50-type system) Stack#show redundancy -- Stack-unit Status ------------------------------------------------Mgmt ID: 0 Stack-unit ID: 1 Stack-unit Redundancy Role: Primary Stack-unit State: Active Stack-unit SW Version: 7.8.1.0 Link to Peer: Up -- PEER Stack-unit Status ------------------------------------------------Stack-unit State: Standby Peer stack-unit ID: 2 Stack-unit SW Version: 7.8.1.
Figure 46-327.
www.dell.com | support.dell.com S-Series Stacking Installation Tasks • • • • Create an S-Series Stack Add Units to an Existing S-Series Stack Remove a Unit from an S-Series Stack Split an S-Series Stack Create an S-Series Stack Stacking is enabled on the S4810 using the front end ports. No configuration is allowed on front end ports used for stacking. Stacking can be made between 10G ports of two units or 40G ports of two units. The stack links between the two units will be grouped into a single LAG.
With FTOS 8.3.12.0, when a unit is added to a stack, the management unit performs a system check on the new unit to ensure the hardware type is compatible. A similar check is performed on the FTOS version. If the stack is running 8.3.12.0 and the new unit is running an earlier software version, the new unit is put into a card problem state. • • If the unit is running version 8.3.10.x, it is upgraded to use the same FTOS version as the stack, rebooted and join the stack.
www.dell.com | support.dell.com Task Command Syntax Command Mode Save the stacking configuration on the ports. write memory EXEC Privilege Reload the switch. FTOS automatically assigns a number to the new unit and adds it as member switch in the stack. The new unit synchronizes its running and startup configurations with the stack. reload EXEC Privilege After the units are reloaded, the system reboots. The units come up in a stack after the reboot completes.
Step Task Command Syntax Command Mode 4 Configure the switch priority for each unit to make management unit selection deterministic. stack-unit priority CONFIGURATION 5 Assign a stack group for each unit. Begin with the first port on the management unit. Next, configure both ports on each subsequent unit. Finally, return to the management unit and configure the last port. (See the example below.
www.dell.com | support.dell.com Configure the first stack group on unit 1: stack-unit 1 stack-group 13 Configure the stack groups on unit 2: stack-unit 2 stack-group 14 stack-unit 2 stack-group 15 Configure the stack groups on unit 3: stack-unit 3 stack-group 12 stack-unit 3 stack-group 13 Configure the stack groups on unit 4: stack-unit 4 stack-group 13 stack-unit 4 stack-group 14 Configure the final stack-group on unit 1 to complete the stack.
9 10 Member Member not present not present -- Power Supplies -Unit Bay Status Type FanStatus ---------------------------------------------------------------------------1 0 absent absent 1 1 up AC up 2 0 down UNKNOWN down 2 1 up AC up 3 0 absent absent 3 1 up AC up 4 0 absent absent 4 1 up AC up -- Fan Status -Unit Bay TrayStatus Fan0 Speed Fan1 Speed ---------------------------------------------------------------------------1 0 up up 9360 up 9360 1 1 up up 9360 up 9360 2 0 up up 7680 up 7680 2 1 up up 79
www.dell.com | support.dell.com • by merging two stacks. If you are adding units to an existing stack, you can either: • • allow FTOS to automatically assign the new unit a position in the stack, or manually determine each units position in the stack by configuring each unit to correspond with the stack before connecting it. If you add a unit that has a stack number that conflicts with the stack, the stack assigns the first available stack number, as shown in the examples below.
4 5 6 7 8 9 10 11 Member Member Member Member Member Member Member Member not not not not not not not not present present present present present present present present Figure 46-330.
www.dell.com | support.dell.com Step Task Command Syntax Command Mode 5 Configure the ports on the added switch for stacking, where: stack-unit 0 defines the default ID unit-number in the initial configuration of a switch. stack-group group-number configures a port for stacking. stack-unit 0 stack-group group-number CONFIGURATION 6 Save the stacking configuration on the ports. write memory EXEC Privilege 7 Reload the switch.
Split an S-Series Stack To split a stack, unplug the desired stacking cables.You may do this at any time, whether the stack is powered or unpowered, and the units are online or offline. Each portion of the split stack retains the startup and running configuration of the original stack. For a parent stack that is split into two child stacks, A and B, each with multiple units: • • • • If one of the new stacks receives the master and the standby management units, it is unaffected by the split.
www.dell.com | support.dell.com Message 42 Renumbering the Stack Manager Renumbering master unit will reload the stack. WARNING: Interface configuration for current unit will be lost! Proceed to renumber [confirm yes/no]: yes Create a Virtual Stack Unit on an S-Series Stack Use virtual stack units to configure ports on the stack before adding a new unit. Task Command Syntax Command Mode Create a virtual stack unit.
Burned In MAC No Of MACs : 00:01:e8:8a:df:e6 : 3 -- Power Supplies -Unit Bay Status Type FanStatus --------------------------------------------------------------------------0 0 absent absent 0 1 up AC up -- Fan Status -Unit Bay TrayStatus Fan0 Speed Fan1 Speed -------------------------------------------------------------------------------0 0 up up 6960 up 6960 0 1 up up 6720 up 6720 Speed in RPM -- Unit 1 -Unit Type Status Required Type : Member Unit : not present : S4810 - 52-port GE/TE/FG (SE) -- Unit
www.dell.com | support.dell.com 8 9 10 11 Member Member Member Member not not not not present present present present Display information about an S4810 stack using the show system stack-ports command.
Manage Redundancy on an S-Series Stack Task Command Syntax Command Mode Reset the current management unit, and make the standby unit the new master unit. A new standby is elected. When the former stack master comes back online, it becomes a member unit. redundancy force-failover stack-unit EXEC Privilege Prevent the stack master from rebooting after a failover. This command does not affect a forced failover, manual reset, or a stack-link disconnect.
www.dell.com | support.dell.com Display Status of Stacking Ports To display the status of the stacking ports, including the topology: Task Command Syntax Command Mode Display the stacking ports. show system stack-ports EXEC Privilege The following example shows four switches stacked together with two 40G links in a ring topology.
Unit Bay Status Type FanStatus ---------------------------------------------------------------------------Unit Bay Status Type FanStatus ---------------------------------------------------------------------------1 0 absent absent 1 1 up AC up -- Fan Status -Unit Bay TrayStatus Fan0 Speed Fan1 Speed ---------------------------------------------------------------------------1 0 up up 7200 up 7200 1 1 up up 7200 up 7440 Speed in RPM The following example shows three switches stacked together in a daisy chain
www.dell.com | support.dell.com Figure 46-331. Removing an S4810 Stack Member—Before Force10#show system brief Stack MAC : 00:01:e8:8a:df:e6 Reload Type : normal-reload -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Management online S4810 S4810 8-3-7-13 64 1 Member online S4810 S4810 8-3-7-13 64 2 Member not present 3 Standby online S4810 S4810 8-3-7-13 64 Figure 46-332.
Troubleshoot an S-Series Stack • • • Recover from Stack Link Flaps Recover from a Card Problem State on an S-Series Stack Recover from a Card Mismatch State on an S-Series Stack Recover from Stack Link Flaps S-Series Stack Link Integrity Monitoring enables units to monitor their own stack ports and disable any stack port that flaps five times within 10 seconds.
www.dell.com | support.dell.
-------------------------------------------------------------------------------0 0 up up 6960 up 6720 0 1 up up 6720 up 6720 1 0 up up 6960 up 6720 1 1 up up 6720 up 6720 Speed in RPM stack-1# Recover from a Card Mismatch State on an S-Series Stack A card mismatch occurs if the stack has a provision for the lowest available stack number which does not match the model of a newly added unit. See the following example. To recover, disconnect the new unit.
www.dell.com | support.dell.com 23:12:34: %STKUNIT1-M:CP %CHMGR-3-STACKUNIT_MISMATCH: Mismatch: Stack unit 0 is type S50V - type S25N required 926 | Stack#show system brief Stack MAC : 00:01:e8:d5:f9:6f -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Member type mismatch S25N S50V 7.8.1.0 52 1 Management online S50N S50N 7.8.1.0 52 2 Standby online S50V S50V 7.8.1.
47 Storm Control ecs Storm Control for Multicast is supported on platforms: c s Storm Control is supported on platforms: The storm control feature enables you to control unknown-unicast and broadcast traffic on Layer 2 and Layer 3 physical interfaces. FTOS Behavior: On the E-Series, FTOS supports broadcast control for Layer 3 traffic only. To control Layer 2 broadcast traffic use the command storm-control unknown-unicast.
www.dell.com | support.dell.com Configure storm control from CONFIGURATION mode 928 Configure storm control from CONFIGURATION mode using the command storm control. From CONFIGURATION mode you can configure storm control for ingress and egress traffic.
48 Spanning Tree Protocol (STP) Spanning Tree Protocol (STP) is supported on platforms: e c s Protocol Overview Spanning Tree Protocol (STP) is a Layer 2 protocol—specified by IEEE 802.1d—that eliminates loops in a bridged topology by enabling only a single path through the network. By eliminating loops, the protocol improves scalability in a large network and enables you to implement redundant paths, which can be activated upon the failure of active paths.
www.dell.com | support.dell.com • • • • • • • • Removing an Interface from the Spanning Tree Group Modifying Global Parameters Modifying Interface STP Parameters Enabling PortFast Preventing Network Disruptions with BPDU Guard STP Root Selection SNMP Traps for Root Elections and Topology Changes Configuring Spanning Trees as Hitless Important Points to Remember • • • • • Spanning Tree Protocol (STP) is disabled by default. FTOS supports only one Spanning Tree instance (0).
Figure 48-336.
www.dell.com | support.dell.com Enabling Spanning Tree Protocol Globally Spanning Tree Protocol must be enabled globally; it is not enabled by default. To enable Spanning Tree globally for all Layer 2 interfaces: Step Task Command Syntax Command Mode 1 Enter the PROTOCOL SPANNING TREE mode. protocol spanning-tree 0 CONFIGURATION 2 Enable Spanning Tree.
Figure 48-337. Spanning Tree Enabled Globally root R1 R2 1/3 Forwarding 2/1 1/4 Blocking 2/2 1/1 1/2 3/1 3/2 3/3 3/4 R3 2/3 2/4 Port 290 (GigabitEthernet 2/4) is Blocking Port path cost 4, Port priority 8, Port Identifier 8.290 Designated root has priority 32768, address 0001.e80d.2462 Designated bridge has priority 32768, address 0001.e80d.2462 Designated port id is 8.
www.dell.com | support.dell.com Confirm that a port is participating in Spanning Tree using the show spanning-tree 0 brief command from EXEC privilege mode. FTOS#show spanning-tree 0 brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e80d.2462 We are the root of the spanning tree Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e80d.
Modifying Global Parameters You can modify Spanning Tree parameters. The root bridge sets the values for forward-delay, hello-time, and max-age and overwrites the values set on other bridges participating in Spanning Tree. Note: Dell Force10 recommends that only experienced network administrators change the Spanning Tree parameters. Poorly planned modification of the Spanning Tree parameters can negatively impact network performance. Table 48-103 displays the default values for Spanning Tree. Table 48-103.
www.dell.com | support.dell.com View the current values for global parameters using the show spanning-tree 0 command from EXEC privilege mode. Refer to the second example in Enabling Spanning Tree Protocol Globally. Modifying Interface STP Parameters You can set the port cost and port priority values of interfaces in Layer 2 mode. • • Port cost is a value that is based on the interface type. The greater the port cost, the less likely the port will be selected to be a forwarding port.
To enable PortFast on an interface: Task Command Syntax Command Mode Enable PortFast on an interface. spanning-tree stp-id portfast [bpduguard | [shutdown-on-violation]] INTERFACE Verify that PortFast is enabled on a port using the show spanning-tree command from the EXEC privilege mode or the show config command from INTERFACE mode; Dell Force10 recommends using the show config command, as shown in Figure 48-338. Figure 48-338.
www.dell.com | support.dell.com Note: Unless the shutdown-on-violation option is enabled, spanning-tree only drops packets after a BPDU violation; the physical interface remains up, as shown below. FTOS(conf-if-gi-0/7)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e805.fb07 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e85d.
Figure 48-339. Enabling BPDU Guard FTOS(conf-if-gi-3/41)# spanning-tree 0 portfast bpduguard shutdown-on-violation FTOS(conf-if-gi-3/41)#show config ! interface GigabitEthernet 3/41 no ip address switchport spanning-tree 0 portfast bpduguard shutdown-on-violation no shutdown 3/41 Hub Switch with Spanning Tree Enabled FTOS Behavior: BPDU Guard and BPDU filtering (refer to Removing an Interface from the Spanning Tree Group) both block BPDUs, but are two separate features.
www.dell.com | support.dell.com Task Command Syntax Command Mode Assign a number as the bridge priority or designate it as the root or secondary root. priority-value range: 0 to 65535. The lower the number assigned, the more likely this bridge will become the root bridge. The default is 32768. • The primary option specifies a bridge priority of 8192. • The secondary option specifies a bridge priority of 16384.
In STP topology 3 (Figure 48-341 lower middle), if the root guard feature is enabled on the STP port on Switch C that connects to device D, and device D sends a superior BPDU that would trigger the election of device D as the new root bridge, the BPDU is ignored and the port on Switch C transitions from a forwarding to a root-inconsistent state (shown by the green X icon). As a result, Switch A becomes the root bridge. All incoming and outgoing traffic is blocked on an STP port in a root-inconsistent state.
www.dell.com | support.dell.com Root Guard Configuration You enable STP root guard on a per-port or per-port-channel basis. FTOS Behavior: The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port.
Configuring Spanning Trees as Hitless Configuring Spanning Trees as Hitless is supported only on platforms: c e You can configure Spanning Tree (STP), Rapid Spanning Tree (RSTP), Multiple Spanning Tree (MSTP), and Per-Vlan Spanning Tree (PVST+) to be hitless (all or none must be configured as hitless). When configured as hitless, critical protocol state information is synchronized between RPMs so that RPM failover is seamless and no topology change is triggered.
www.dell.com | support.dell.com As shown in STP topology 3 (Figure 48-343 bottom middle), after you enable loop guard on an STP port or port-channel on Switch C, if no BPDUs are received and the max-age timer expires, the port transitions from a blocked state to a loop-inconsistent state (instead of to a forwarding state). Loop guard blocks the STP port so that no traffic is transmitted and no loop is created.
Figure 48-343.
www.dell.com | support.dell.com Loop Guard Configuration You enable STP loop guard on a per-port or per-port channel basis. FTOS Behavior: The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface.
Displaying STP Guard Configuration To verify the STP guard configured on port or port-channel interfaces, enter the show spanning-tree 0 guard [interface interface] command. The example below shows an STP network (instance 0) in which: • • • Root guard is enabled on a port that is in a root-inconsistent state. Loop guard is enabled on a port that is in a listening state. BPDU guard is enabled on a port that is shut down (Error Disabled state) after receiving a BPDU.
www.dell.com | support.dell.
49 System Time and Date System Time and Date settings, and Network Time Protocol are supported on platforms: ecs System times and dates can be set and maintained through the Network Time Protocol (NTP). They are also set through FTOS CLIs and hardware settings.
www.dell.com | support.dell.com • • Roundtrip delay provides the capability to launch a message to arrive at the reference clock at a specified time. Dispersion represents the maximum error of the local clock relative to the reference clock.
Figure 49-344. NTP Fields Source Port (123) Destination Port (123) Length NTP Packet Payload Checksum Range: +32 to -32 Status Leap Indicator Code: 00: No Warning 01: +1 second 10: -1 second 11: reserved Type Precision Est. Error Est.
www.dell.com | support.dell.com Enable NTP NTP is disabled by default. To enable it, specify an NTP server to which the Dell Force10 system will synchronize. Enter the command multiple times to specify multiple servers. You may specify an unlimited number of servers at the expense of CPU resources. Task Command Command Mode Specify the NTP server to which the Dell Force10 system will synchronize.
Figure 49-347. Displaying the Calculated NTP Synchronization Variables R5/R8(conf)#do show calendar 06:31:02 UTC Mon Mar 13 1989 R5/R8(conf)#ntp update-calendar 1 R5/R8(conf)#do show calendar 06:31:26 UTC Mon Mar 13 1989 R5/R8(conf)#do show calendar 12:24:11 UTC Thu Mar 12 2009 Configure NTP broadcasts With FTOS, you can receive broadcasts of time information. You can set interfaces within the system to receive NTP information through broadcast.
www.dell.com | support.dell.com To configure an IP address as the source address of NTP packets, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose ntp source interface CONFIGURATION Enter the following keywords and slot/port or number information: • For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. • For a loopback interface, enter the keyword loopback followed by a number between 0 and 16383.
Step Command Syntax Command Mode Purpose 2 ntp authentication-key number md5 key CONFIGURATION Set an authentication key. Configure the following parameters: number: Range 1 to 4294967295. This number must be the same as the number in the ntp trusted-key command. key: Enter a text string. This text string is encrypted. 3 ntp trusted-key number CONFIGURATION Define a trusted key. Configure a number from 1 to 4294967295.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose ntp server ip-address [key keyid] [prefer] [version number] CONFIGURATION Configure an NTP server. Configure the IP address of a server and the following optional parameters: • key keyid: Configure a text string as the key exchanged between the NTP server and client. • prefer: Enter the keyword to set this NTP server as the preferred server. • version number: Enter a number 1 to 3 as the NTP version.
• • • • • • • Root Dispersion (sys.rootdispersion, peer.rootdispersion, pkt.rootdispersion): This is a signed fixed-point number indicating the maximum error relative to the primary reference source at the root of the synchronization subnet, in seconds. Only positive values greater than zero are possible. Reference Clock Identifier (sys.refid, peer.refid, pkt.refid): This is a 32-bit code identifying the particular reference clock.
www.dell.com | support.dell.com Set the time and date for the switch hardware clock Command Syntax Command Mode Purpose calendar set time month day year EXEC Privilege Set the hardware clock to the current time and date. time: Enter the time in hours:minutes:seconds. For the hour variable, use the 24-hour format, for example, 17:15:00 is 5:15 pm. month: Enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year.
Set the time and date for the switch software clock You can change the order of the month and day parameters to enter the time and date as time day month year. You cannot delete the software clock. The software clock runs only when the software is up. The clock restarts, based on the hardware clock, when the switch reboots. Command Syntax Command Mode Purpose clock set time month day year EXEC Privilege Set the system software clock to the current time and date.
www.dell.com | support.dell.com 960 Command Syntax Command Mode Purpose FTOS#conf FTOS(conf)#clock timezone Pacific -8 FTOS(conf)#01:40:19: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Timezone configuration changed from "UTC 0 hrs 0 mins" to "Pacific -8 hrs 0 mins" FTOS# Set daylight saving time FTOS supports setting the system to daylight saving time once or on a recurring basis every year.
Set Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis. Command Syntax Command Mode Purpose clock summer-time time-zone date start-month start-day start-year start-time end-month end-day end-year end-time [offset] CONFIGURATION Set the clock to the appropriate timezone and daylight saving time. time-zone: Enter the three-letter name for the time zone. This name is displayed in the show clock output.
www.dell.com | support.dell.com Set Recurring Daylight Saving Time Set a date (and time zone) on which to convert the switch to daylight saving time on a specific day every year. If you have already set daylight saving for a one-time setting, you can set that date and time as the recurring setting with the clock summer-time time-zone recurring command.
Command Syntax Command Mode Purpose start-year: Enter a four-digit number as the year. Range: 1993 to 2035 start-time: Enter the time in hours:minutes. For the hour variable, use the 24-hour format, example, 17:15 is 5:15 pm. end-week: If you entered a start-week, Enter the one of the following as the week that daylight saving ends: • • • week-number: enter a number from 1-4 as the number of the week to end daylight saving time.
| System Time and Date www.dell.com | support.dell.
50 Uplink Failure Detection (UFD) Uplink Failure Detection (UFD) is supported on the following platforms: s (S50 only) and Feature Description Uplink Failure Detection (UFD) provides detection of the loss of upstream connectivity and, if used with NIC teaming, automatic recovery from a failed link. A switch provides upstream connectivity for devices, such as servers. If a switch loses its upstream connectivity, downstream devices also lose their connectivity.
www.dell.com | support.dell.com Figure 50-349. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group. An interface in an uplink-state group can be a physical interface or a port-channel (LAG) aggregation of physical interfaces. An enabled uplink-state group tracks the state of all assigned upstream interfaces.
Figure 50-350. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a link-down state. This number is user-configurable and is calculated by the ratio of upstream port bandwidth to downstream port bandwidth in the same uplink-state group.
www.dell.com | support.dell.com Important Points to Remember When you configure Uplink Failure Detection, the following conditions apply: • You can configure up to sixteen uplink-state groups. By default, no uplink-state groups are created. An uplink-state group is considered to be operationally up if it has at least one upstream interface in the link-up state. An uplink-state group is considered to be operationally down if it has no upstream interfaces in the link-up state.
Configuring Uplink Failure Detection To configure Uplink Failure Detection, follow these steps: Step 1 Command Syntax and Mode Description uplink-state-group group-id Creates an uplink-state group and enabling the tracking of upstream links on the switch/router. Valid group-id values are 1 to 16. To delete an uplink-state group, enter the no uplink-state-group group-id command.
www.dell.com | support.dell.com Step 5 Command Syntax and Mode Description description text (Optional) Enters a text description of the uplink-state group. Maximum length: 80 alphanumeric characters. Command Mode: UPLINK-STATE-GROUP 6 no enable Command Mode: UPLINK-STATE-GROUP (Optional) Disables upstream-link tracking without deleting the uplink-state group. Default: Upstream-link tracking is automatically enabled in an uplink-state group.
Message 45 shows the Syslog messages displayed when you clear the UFD-disabled state from all disabled downstream interfaces in an uplink-state group by entering the clear ufd-disable uplink-state-group group-id command. All downstream interfaces return to an operationally up state.
www.dell.com | support.dell.com 972 Displaying Uplink Failure Detection To display information on the Uplink Failure Detection feature, enter any of the following show commands: | Show Command Syntax Description show uplink-state-group [group-id] [detail] Command Mode: EXEC Displays status information on a specified uplink-state group or all groups. Valid group-id values are 1 to 16.
Figure 50-351.
www.dell.com | support.dell.com Figure 50-352.
Sample Configuration: Uplink Failure Detection Figure 50-355 shows a sample configuration of Uplink Failure Detection on a switch/router in which you: • • • • • • Configure uplink-state group 3. Add downstream links Gigabitethernet 0/1, 0/2, 0/5, 0/9, 0/11, and 0/12. Configure two downstream links to be disabled if an upstream link fails. Add upstream links Gigabitethernet 0/3 and 0/4. Add a text description for the group. Verify the configuration with various show commands. Figure 50-355.
www.dell.com | support.dell.
51 Upgrade Procedures Find the upgrade procedures Go to the FTOS Release Notes for your system type to see all the requirements to upgrade to the desired FTOS version. Follow the procedures in the FTOS Release Notes for the software version you wish to upgrade to. Get Help with upgrades Direct any questions or concerns about FTOS Upgrade Procedures to the Dell Force10 Technical Support Center. You can reach Technical Support: • • • On the Web: www.force10networks.
| Upgrade Procedures www.dell.com | support.dell.
52 Virtual LANs (VLAN) Virtual LANs (VLAN) are supported on platforms: ecs This section contains the following subsections: • • • • • Default VLAN Port-Based VLANs VLANs and Port Tagging Configuration Task List for VLANs Enable Null VLAN as the Default VLAN Virtual LANs, or VLANs, are a logical broadcast domain or logical grouping of interfaces in a LAN in which all data received is kept locally and broadcast to all members of the group.
www.dell.com | support.dell.com Table 52-105 displays the defaults for VLANs in FTOS. Table 52-105. VLAN Defaults on FTOS Feature Default Spanning Tree group ID All VLANs are part of Spanning Tree group 0 Mode Layer 2 (no IP address is assigned) Default VLAN ID VLAN 1 Default VLAN When interfaces are configured for Layer 2 mode, they are automatically placed in the Default VLAN as untagged interfaces. Only untagged interfaces can belong to the Default VLAN.
Untagged interfaces must be part of a VLAN. To remove an untagged interface from the Default VLAN, you must create another VLAN and place the interface into that VLAN. Alternatively, enter the no switchport command, and FTOS removes the interface from the Default VLAN. A tagged interface requires an additional step to remove it from Layer 2 mode. Since tagged interfaces can belong to multiple VLANs, you must remove the tagged interface from all VLANs, using the no tagged interface command.
www.dell.com | support.dell.com • • The VLAN protocol identifier identifies the frame as tagged according to the IEEE 802.1Q specifications (2 bytes). Tag Control Information (TCI) includes the VLAN ID (2 bytes total). The VLAN ID can have 4,096 values, but 2 are reserved. Note: The insertion of the tag header into the Ethernet frame increases the size of the frame to more than the 1518 bytes specified in the IEEE 802.3 standard. Some devices that are not compliant with IEEE 802.
Use the show vlan command (Figure 52-358) in the EXEC privilege mode to view the configured VLANs. Figure 52-358. show vlan Command Example FTOS#show vlan Codes: * - Default VLAN, G - GVRP VLANs * NUM 1 2 3 4 5 6 Status Inactive Active Active Active Active Active Q U U U T U U U Ports So 9/4-11 Gi 0/1,18 Gi 0/2,19 Gi 0/3,20 Po 1 Gi 0/12 So 9/0 FTOS# A VLAN is active only if the VLAN contains interfaces and those interfaces are operationally up.
www.dell.com | support.dell.com To tag frames leaving an interface in Layer 2 mode, you must assign that interface to a port-based VLAN to tag it with that VLAN ID. To tag interfaces, use these commands in the following sequence: Step Command Syntax Command Mode Purpose 1 interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode of the VLAN to which you want to assign the interface. tagged interface INTERFACE Enable an interface to include the IEEE 802.1Q tag header.
Use the untagged command to move untagged interfaces from the Default VLAN to another VLAN: Step 1 2 Command Syntax Command Mode Purpose interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode of the VLAN to which you want to assign the interface. untagged interface INTERFACE Configure an interface as untagged. This command is available only in VLAN interfaces.
www.dell.com | support.dell.com Assign an IP address to a VLAN VLANs are a Layer 2 feature. For two physical interfaces on different VLANs to communicate, you must assign an IP address to the VLANs to route traffic between the two interfaces. The shutdown command in INTERFACE mode does not affect Layer 2 traffic on the interface; the shutdown command only prevents Layer 3 traffic from traversing over the interface. Note: An IP address cannot be assigned to the Default VLAN, which, by default, is VLAN 1.
Native VLANs Traditionally, ports can be either untagged for membership to one VLAN or tagged for membership to multiple VLANs. An untagged port must be connected to a VLAN-unaware station (one that does not understand VLAN tags), and a tagged port must be connected to a VLAN-aware station (one that generates and understands VLAN tags). Native VLAN support breaks this barrier so that a port can be connected to both VLAN-aware and VLAN-unaware stations. Such ports are referred to as hybrid ports.
www.dell.com | support.dell.com 988 Enable Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment, service providers who perform frequent reconfigurations for customers with changing requirements occasionally enable multiple interfaces, each connected to a different customer, before the interfaces are fully configured.
53 Virtual Link Trunking (VLT) Virtual Link Trunking (VLT) is supported on the platform. Overview Virtual link trunking (VLT) allows physical links between two chassis to appear as a single virtual link to the network core or other switches such as Edge, Access or ToR. VLT reduces the role of Spanning Tree protocols by allowing LAG terminations on two separate distribution or core switches, and by supporting a loop free topology.
www.dell.com | support.dell.com This figure shows VLT deployed on S4810 switches. The S4810 switches appear as a single virtual switch from the point of view of the switch or server supporting LACP. Figure 53-361. Virtual Link Trunking on S4810 Switches Out-of-Band Management Network Backup Link Backup Link VLT Domain S4810 Chassiss S4810 Chassis Virtual Link Trunk Interconnect Virtual Link Trunk Switch or Server that supports LACP (802.
The following figure shows stacking at the access, VLT in aggregation, and Layer 3 at the core. The aggregation layer is mostly in the L2/L3 switching/routing layer. For better resiliency in the aggregation, Dell Force10 recommends running the Internal Gateway Protocol on the VLTi VLAN to synchronize the L3 routing table across the two nodes on a VLT system.
www.dell.com | support.dell.com Enhanced VLT An enhanced VLT (eVLT) configuration allows two different VLT domains connected by a standard LACP LAG to form a loop free Layer 2 topology in the aggregation layer. This configuration supports a maximum of four (4) units, increasing the number of available ports and allowing for dual redundancy of the VLT. The following figure shows how the core/aggregation port density in the Layer 2 topology is increased using eVLT.
VLT peer device - One of a pair of devices that are connected with the special port channel known as the VLT interconnect (VLTi). VLT peer switches have independent management planes. A VLT interconnect between the VLT chassis maintains synchronization of L2/L3 control planes across the two VLT peer switches. The VLT interconnect uses either 10G or 40G user ports on the chassis. A separate backup link maintains heartbeat messages across an out-of-band management network.
www.dell.com | support.dell.com • Configuration Notes When you configure VLT, the following conditions apply: • • 994 If the DHCP server is located on the ToR and the VLTi (ICL) is down due to a failed link when a VLT node is rebooted in JumpStart mode, it will not be able to reach the DHCP server, resulting in BMP failure. | VLT domain • A VLT domain supports two chassis members, which appear as a single logical device to network access devices connected to VLT ports through a port channel.
• • • • • • • • The VLT interconnect is used for data traffic only when there is a link failure that requires the VLTi to be used in order for data packets to reach their final destination. Unknown, multicast and broadcast traffic can be flooded across the VLT interconnect. MAC addresses for VLANs configured across VLT peer chassis are synchronized over the VLT interconnect on an egress port such as a VLT LAG. MAC addresses are the same on both VLT peer nodes.
www.dell.com | support.dell.com • Virtual link trunks (VLTs) between access devices and VLT peer switches: • To connect servers and access switches with VLT peer switches, you use a VLT port channel (see Figure 53-361). Up to 48 port-channels are supported; up to 8 member links are supported in each port channel between the VLT domain and an access device.
• • • • • Layer 3 VLAN connectivity VLT peers is enabled by configuring a VLAN network interface for the same VLAN on both switches. Software features supported on VLT port-channels: • In a VLT domain, the following software features are supported on VLT port-channels: 802.1p, LLDP, flow control, port monitoring, jumbo frames.
www.dell.com | support.dell.com • • If the primary chassis fails, the secondary chassis takes on the operational role of the primary. The SNMP MIB reports VLT statistics. RSTP and VLT VLT provides loop-free redundant topologies and does not require rapid spanning tree protocol (RSTP). RSTP can cause temporary port state blocking and may cause topology changes after link or node failures.
VLT and Stacking Stacking S4810 units cannot be enabled with VLT. If stacking is currently enabled on a unit on which you want to enable VLT, you must first remove the unit from the existing stack. For information on how to remove a unit from a stack, see Chapter 46, Stacking, Remove a Unit from an S-Series Stack on page 921. After the unit has been removed, VLT can be configured on the unit.
www.dell.com | support.dell.com PIM-Sparse Mode Support on VLT The Designated Router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports. The VLT peer switches can act as a last-hop router for IGMP receivers and as a first-hop router for multicast sources.
If the VLT node elected as the designated router fails, traffic loss will occur until another VLT node is elected the designated router. RSTP Configuration The RSTP Spanning Tree protocol is supported in a VLT domain. Before you configure VLT on peer switches, you must configure the Rapid Spanning Tree Protocol (RSTP) in the network if it will be included in your configuration. RSTP is required for initial loop prevention during the VLT startup phase.
www.dell.com | support.dell.com Sample RSTP Configuration Using Figure 53-361 as a sample VLT topology, the primary VLT switch will send BPDUs to an access device (switch or server) with its own RSTP bridge ID. BPDUs generated by an RSTP-enabled access device are only processed by the primary VLT switch. The secondary VLT switch tunnels the BPDUs that it receives to the primary VLT switch over the VLT interconnect.
5. Connect the peer switches in a VLT domain to an attached access device (switch or server). Configure a VLT interconnect Step 1 Task Command Syntax Command Mode Configure the port channel to be used for the VLT interconnect on a VLT switch and enter interface configuration mode. Enter the same port-channel number configured with the peer-link port-channel command in the Enable VLT and Create a VLT Domain steps.
www.dell.com | support.dell.com Enable VLT and Create a VLT Domain Step Task Command Syntax Command Mode 3 Configure the port channel to be used as the VLT interconnect between VLT peers in the domain. peer-link port-channel id-number VLT DOMAIN CONFIGURATION 4 (Optional) Prevent a possible loop during the bootup of a VLT peer switch or a device that accesses the VLT domain.
(Optional) Reconfigure default VLT settings Step Task Command Syntax Command Mode 1 Enter VLT-domain configuration mode for a specified VLT domain. Range of domain IDs: 1 to 1000. vlt domain domain-id CONFIGURATION 2 (Optional) After you configure the VLT domain on each peer switch on both sides of the interconnect trunk, by default, the FTOS software elects a primary and secondary VLT peer device. Use the primary-priority command to reconfigure the primary role of VLT peer switches.
www.dell.com | support.dell.com Connect a VLT domain to an attached access device (switch or server) Step Task Command Syntax Command Mode On a VLT peer switch: Configure the same port channel ID number on each peer switch in the VLT domain to connect to an attached device as follows: Configure the same port channel to be used to connect to an attached device and enter interface configuration mode. interface port-channel 2 Remove an IP address from the interface.
(Optional) Configure a VLT VLAN peer-down Step 3 Task Command Syntax Command Mode Enter the VLAN ID number of the VLAN where the VLT forwards packets received on the VLTi from an adjacent peer that is down. Range: 1 to 4094. peer-down-vlan vlan VLT DOMAIN CONFIGURATION interface number Use the following procedure to configure enhanced VLT between two VLT domains on your network. Refer to eVLT Configuration Example for a sample configuration.
www.dell.com | support.dell.com (Optional) Configure Enhanced VLT (eVLT) Step 6 7 Task Command Syntax Command Mode When you create a VLT domain on a switch, the FTOS software automatically creates a VLT-system MAC address used for internal system operations. Use the system-mac command to explicitly configure the default MAC address for the domain by entering a new MAC address in the format: aaaa.bbbb.cccc. You must also reconfigure the same MAC address on the VLT peer switch.
(Optional) Configure Enhanced VLT (eVLT) Step Task Command Syntax Command Mode 13 Enable LACP on the LAN port. port-channel-protocol lacp INTERFACE 14 Configure the LACP port channel mode. port-channel number mode [active] INTERFACE 15 Ensure that the interface is active. no shutdown MANAGEMENT INTERFACE 16 Repeat steps 1 through 15 for the VLT peer node in Domain 1. 17 Repeat steps 1 through 15 for the first VLT node in Domain 2.
www.dell.com | support.dell.com Task Command Syntax Command Mode 1. Configure the static LAG/LACP between ports connected from VLT peer 1 and VLT peer 2 to the top of rack unit. show running-config entity EXEC Privilege 2. Configure the VLT peer link port channel id in VLT peer 1 and VLT peer 2. show interfaces interface EXEC EXEC Privilege 3.
s4810-2# show interfaces managementethernet 0/0 Internet address is 10.11.206.43/16 s4810-4#show running-config vlt ! vlt domain 5 peer-link port-channel 1 back-up destination 10.11.206.43 s4810-4# s4810-4#show running-config interface managementethernet 0/0 ip address 10.11.206.58/16 no shutdown Configure the VLT links between VLT peer 1 and VLT peer 2 to the top of rack unit.
www.dell.com | support.dell.com no ip address ! port-channel-protocol LACP port-channel 100 mode active no shutdown s60-1# s60-1#show running-config interface port-channel 100 ! interface Port-channel 100 no ip address switchport no shutdown s60-1# s60-1#show interfaces port-channel 100 brief Codes: L - LACP Port-channel L LAG Mode 100 L2 Status up Uptime 03:33:48 Ports Te 0/48 Te 0/50 (Up) (Up) s60-1# Verify VLT is up.
eVLT Configuration Example The following example demonstrates the steps to configure enhanced VLT (eVLT) in a network. In this example there are two domains being configured. Domain 1 consists of Peer 1 and Peer 2; Domain 2 consists of Peer 3 and Peer 4 as shown below. In Domain 1, configure Peer 1 fist, then configure Peer 2. When that is complete, perform the same steps for the peer nodes in Domain 2. The interface used in this example is TenGigabitEthernet.
www.dell.com | support.dell.com Next, configure the VLT domain and VLTi on Peer 2: Domain_1_Peer2#configure Domain_1_Peer2(conf)#interface port-channel 1 Domain_1_Peer2(conf-if-po-1)# channel-member TenGigabitEthernet 0/8-9 Domain_1_Peer2(conf)#vlt domain 1000 Domain_1_Peer2(conf-vlt-domain)# peer-link port-channel 1 Domain_1_Peer2(conf-vlt-domain)# back-up destination 10.16.130.
Domain_2_Peer3(conf-if-range-te-0/16-17)# no shutdown Next, configure the VLT domain and VLTi on Peer 4: Domain_2_Peer4#configure Domain_2_Peer4(conf)#interface port-channel 1 Domain_2_Peer4(conf-if-po-1)# channel-member TenGigabitEthernet 0/8-9 Domain_2_Peer4(conf)#vlt domain 1000 Domain_2_Peer4(conf-vlt-domain)# peer-link port-channel 1 Domain_2_Peer4(conf-vlt-domain)# back-up destination 10.18.130.
www.dell.com | support.dell.com VLT_Peer1(conf-if-vl-4001)#ip igmp snooping mrouter interface port-channel 128 VLT_Peer1(conf-if-vl-4001)#exit VLT_Peer1(conf)#end Repeat these steps on VLT Peer Node 2 VLT_Peer2(conf)#ip multicast-routing VLT_Peer2(conf)#interface vlan 4001 VLT_Peer2(conf-if-vl-4001)#ip address 140.0.0.
Show Command Syntax Description show interfaces interface Displays the current status of a port or port-channel interface used in the VLT domain. interface specifies one of the following interface types: Fast Ethernet: Enter fastethernet slot/port. 1-Gigabit Ethernet: Enter gigabitethernet slot/port. 10-Gigabit Ethernet: Enter tengigabitethernet slot/port. Port channel: Enter port-channel {1-128}. Figure 53-364.
www.dell.com | support.dell.com Figure 53-365.
Figure 53-367. show vlt role Command Output on VLT peer switches FTOS_VLTpeer1# show vlt role VLT Role ---------VLT Role: System MAC address: System Role Priority: Local System MAC address: Local System Role Priority: Primary 00:01:e8:8a:df:bc 32768 00:01:e8:8a:df:bc 32768 FTOS_VLTpeer2# show vlt role VLT Role ---------VLT Role: System MAC address: System Role Priority: Local System MAC address: Local System Role Priority: Secondary 00:01:e8:8a:df:bc 32768 00:01:e8:8a:df:e6 32768 Figure 53-368.
www.dell.com | support.dell.com Figure 53-369.
Figure 53-370. show spanning-tree rstp Command Output on VLT peer switches FTOS_VLTpeer1# show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e88a.dff8 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 4096, Address 0001.e88a.d656 Configured hello time 2, max age 20, forward delay 15 Interface Name ---------Po 1 Po 3 Po 4 Po 100 Po 110 Po 111 Po 120 PortID -------128.2 128.4 128.5 128.101 128.111 128.112 128.
www.dell.com | support.dell.com Figure 53-371. Configuring Virtual Link Trunking (VLT Peer 1) FTOS_VLTpeer1(conf)#vlt domain 999 FTOS_VLTpeer1(conf-vlt-domain)#peer-link port-channel 100 FTOS_VLTpeer1(conf-vlt-domain)#back-up destination 10.11.206.35 FTOS_VLTpeer1(conf-vlt-domain)#exit Enable VLT and create a VLT domain FTOS_VLTpeer1(conf)#interface ManagementEthernet 0/0 FTOS_VLTpeer1(conf-if-ma-0/0)#ip address 10.11.206.
Figure 53-372. Configuring Virtual Link Trunking (VLT Peer 2) FTOS_VLTpeer2(conf)#vlt domain 999 FTOS_VLTpeer2(conf-vlt-domain)#peer-link port-channel 100 FTOS_VLTpeer2(conf-vlt-domain)#back-up destination 10.11.206.23 FTOS_VLTpeer2(conf-vlt-domain)#exit Enable VLT and create a VLT domain with a backup-link and interconnect trunk FTOS_VLTpeer2(conf)#interface ManagementEthernet 0/0 FTOS_VLTpeer2(conf-if-ma-0/0)#ip address 10.11.206.
www.dell.com | support.dell.com Figure 53-373. Verifying a Port-Channel Connection to a VLT Domain (From an Attached Access Switch) FTOS_TORswitch(conf)# show running-config interface port-channel 11 ! interface Port-channel 11 On an access device, verify the no ip address port-channel connection to a VLT switchport domain channel-member fortyGigE 1/18,22 no shutdown Troubleshooting VLT Use the following information to help to troubleshoot different VLT issues that may occur.
Description Behavior at Peer Up Behavior During Run Time Action to Take Spanning tree mismatch A syslog error message is at port level generated. A one-time informational syslog message is generated. Correct the spanning tree configuration on the ports. System MAC mismatch A syslog error message and an SNMP trap are generated. A syslog error message and an SNMP trap are generated. Verify that the unit ID of VLT peers is not the same on both units and that the MAC address is the same on both units.
www.dell.com | support.dell.com 8. After reloading, confirm that VLT is enabled. 1026 9. Confirm that the management ports are interconnected or connected to a switch that can transfer Heartbeat information.
54 Virtual Router Redundancy Protocol (VRRP) Virtual Router Redundancy Protocol (VRRP) is supported on platforms: e cs This chapter covers the following information: • • • • • VRRP Overview VRRP Benefits VRRP Implementation VRRP Configuration Sample Configurations VRRP Overview Virtual Router Redundancy Protocol (VRRP) is designed to eliminate a single point of failure in a statically routed network. VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a LAN.
www.dell.com | support.dell.com In Figure 54-374 below, Router A is configured as the MASTER router. It is configured with the IP address of the virtual router and sends any packets addressed to the virtual router through interface GigabitEthernet 1/1 to the Internet. As the BACKUP router, Router B is also configured with the IP address of the virtual router. If for any reason Router A becomes unavailable, VRRP elects a new MASTER Router.
VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and they are not dependent on IGP protocols to converge or update routing tables. VRRP Implementation E-Series supports an unlimited total number of VRRP groups on the switch while supporting up to 255 VRRP groups on a single interface (Table 54-106).
www.dell.com | support.dell.com Table 54-106. Recommended VRRP Advertise Intervals Recommended Advertise Interval Total VRRP Groups E-Series S-Series (S25, S50) C-Series Groups/Interface E-Series ExaScale E-Series TeraScale C-Series S-Series (S25, S50) Between 1000 and 1200 7 seconds 7 seconds 7 seconds 512 255 100 100 Between 1200 and 1500 8 seconds 8 seconds 8 seconds 512 255 120 120 Table 54-107.
• • • • Disable Preempt (optional) Change the Advertisement interval (optional) Track an Interface or Object (optional) VRRP initialization delay For a complete listing of all commands related to VRRP, refer to FTOS Command Line Interface. Create a Virtual Router To enable VRRP, you must create a Virtual Router. In FTOS, a VRRP Group is identified by the Virtual Router Identifier (VRID). To enable a Virtual Router, use the following command in the INTERFACE mode.
www.dell.com | support.dell.com C-Series supports a total of 128 VRRP groups on the switch with varying number of maximum VRRP groups per interface (Table 54-106). S-Series supports a total of 120 VRRP groups on a switch with FTOS or a total of 20 VRRP groups when using SFTOS. The S-Series supports varying number of maximum VRRP groups per interface (Table 54-106).
Figure 54-378. Command Example Display: show config for the Interface Note that the Primary IP address and the Virtual IP addresses are on the same subnet in the following example. FTOS(conf-if-gi-1/1)#show conf ! interface GigabitEthernet 1/1 ip address 10.10.10.1/24 ! vrrp-group 111 priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.
www.dell.com | support.dell.com Set VRRP Group (Virtual Router) Priority Setting a Virtual Router priority to 255 ensures that router is the “owner” virtual router for the VRRP group. VRRP elects the MASTER router by choosing the router with the highest priority. THe default priority for a Virtual Router is 100. The higher the number, the higher the priority. If the MASTER router fails, VRRP begins the election process to choose a new MASTER router based on the next-highest priority.
Configure VRRP Authentication Simple authentication of VRRP packets ensures that only trusted routers participate in VRRP processes. When authentication is enabled, FTOS includes the password in its VRRP transmission, and the receiving router uses that password to verify the transmission. Note: All virtual routers in the VRRP group must be configured the same: authentication must be enabled with the same password or authentication is disabled.
www.dell.com | support.dell.com Prevent the BACKUP router with the higher priority from becoming the MASTER router by disabling preempt. Note: All virtual routers in the VRRP group must be configured the same: all configured with preempt enabled or configured with preempt disabled. Since preempt is enabled by default, disable the preempt function with the following command in the VRRP mode. Re-enable preempt by entering the preempt command.
Change that advertisement interval with the following command in the VRRP mode: Task Command Syntax Command Mode Change the advertisement interval setting. advertise-interval seconds Range: 1-255 seconds Default: 1 second INTERFACE-VRID Figure 54-386. Command Example: advertise-interval FTOS(conf-if-gi-1/1)#vrrp-group 111 FTOS(conf-if-gi-1/1-vrid-111)#advertise-interval 10 FTOS(conf-if-gi-1/1-vrid-111)# Figure 54-387.
www.dell.com | support.dell.com • • • • 10-Gigabit Ethernet: Enter tengigabitethernet slot/port. Port channel: Enter port-channel number, where valid port-channel numbers are: • For the C-Series and S-Series, 1 to 128 • For the E-Series: 1 to 32 for EtherScale, 1 to 255 for TeraScale, and 1 to 512 for ExaScale SONET: Enter sonet slot/port. VLAN: Enter vlan vlan-id, where valid VLAN IDs are from 1 to 4094.
Figure 54-389. Command Example Display: track in VRID mode FTOS(conf-if-gi-1/1-vrid-111)#show conf ! vrrp-group 111 advertise-interval 10 authentication-type simple 7 387a7f2df5969da4 no preempt priority 255 track GigabitEthernet 1/2 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.10 FTOS(conf-if-gi-1/1-vrid-111)# Figure 54-390.
www.dell.com | support.dell.com Figure 54-392. Command Example: show running-config interface FTOS#show running-config interface gigabitethernet 7/30 interface GigabitEthernet 7/30 no ip address ipv6 address 2007::30/64 vrrp-ipv6-group 1 track 2 priority-cost 20 track 3 priority-cost 30 virtual-address 2007::1 virtual-address fe80::1 no shutdown VRRP initialization delay VRRP initialization delay is supported on the only. When configured, VRRP is enabled immediately upon system reload or boot.
Sample Configurations VRRP for IPv4 Configuration The configuration in Figure 54-393 shows how to enable IPv4 VRRP. This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, etc. Figure 54-393 shows the VRRP topology created with the CLI configuration in Figure 54-395. Figure 54-393.
www.dell.com | support.dell.com Figure 54-394. Configure VRRP for IPv4 Router 2 R2(conf)#int gi 2/31 R2(conf-if-gi-2/31)#ip address 10.1.1.1/24 R2(conf-if-gi-2/31)#vrrp-group 99 R2(conf-if-gi-2/31-vrid-99)#priority 200 R2(conf-if-gi-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-gi-2/31-vrid-99)#no shut R2(conf-if-gi-2/31)#show conf ! interface GigabitEthernet 2/31 ip address 10.1.1.1/24 ! vrrp-group 99 priority 200 virtual-address 10.1.1.
VRRP for IPv6 Configuration Figure 54-395 shows an example of a VRRP for IPv6 configuration in which the IPv6 VRRP group consists of two routers. This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, etc. Figure 54-395 shows the VRRP for IPv6 topology with the CLI configuration.
www.dell.com | support.dell.com Figure 54-396.
VRRP in VRF Configuration The example in this section shows how to enable VRRP operation in a VRF virtualized network for the following scenarios: • • Multiple VRFs on physical interfaces running VRRP Multiple VRFs on VLAN interfaces running VRRP To view a VRRP in VRF configuration, use the show commands described in Displaying a VRRP in VRF Configuration on page 1050. Non-VLAN Scenario Figure 54-397. VRRP in VRF: Non-VLAN Example Switch-1 VRID 11 Node IP 10.10.1.5 Virtual IP 10.10.1.
www.dell.com | support.dell.com Both Switch-1 and Switch-2 have three VRF instances defined: VRF-1, VRF-2, and VRF-3. Each VRF has a separate physical interface to a LAN switch and an upstream VPN interface to connect to the Internet. Both Switch-1 and Switch-2 use VRRP groups on each VRF instance in order that there is one master and one backup router for each VRF. In VRF-1 and VRF-2, Switch-2 serves as owner-master of the VRRP group and Switch-1 serves as the backup.
Figure 54-399. VRRP in VRF: Switch-2 Non-VLAN Configuration Switch-2 S2(conf)#ip vrf default-vrf 0 ! S2(conf)#ip vrf VRF-1 1 ! S2(conf)#ip vrf VRF-2 2 ! S2(conf)#ip vrf VRF-3 3 ! S2(conf)#interface GigabitEthernet 12/1 S2(conf-if-gi-12/1)#ip vrf forwarding VRF-1 S2(conf-if-gi-12/1)#ip address 10.10.1.2/24 S2(conf-if-gi-12/1)#vrrp-group 11 % Info: The VRID used by the VRRP group 11 in VRF 1 will be 177. S2(conf-if-gi-12/1-vrid-101)#priority 255 S2(conf-if-gi-12/1-vrid-101)#virtual-address 10.10.1.
www.dell.com | support.dell.com Figure 54-400. VRRP in VRF: Switch-1 VLAN Configuration 1048 Switch-1 S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface GigabitEthernet 12/4 S1(conf-if-gi-12/4)#no ip address S1(conf-if-gi-12/4)#switchport S1(conf-if-gi-12/4)#no shutdown ! S1(conf-if-gi-12/4)#interface vlan 100 S1(conf-if-vl-100)#ip vrf forwarding VRF-1 S1(conf-if-vl-100)#ip address 10.10.1.
Figure 54-401. VRRP in VRF: Switch-2 VLAN Configuration Switch-2 S2(conf)#ip vrf VRF-1 1 ! S2(conf)#ip vrf VRF-2 2 ! S2(conf)#ip vrf VRF-3 3 ! S2(conf)#interface GigabitEthernet 12/4 S2(conf-if-gi-12/4)#no ip address S2(conf-if-gi-12/4)#switchport S2(conf-if-gi-12/4)#no shutdown ! S2(conf-if-gi-12/4)#interface vlan 100 S2(conf-if-vl-100)#ip vrf forwarding VRF-1 S2(conf-if-vl-100)#ip address 10.10.1.
www.dell.com | support.dell.com Displaying a VRRP in VRF Configuration To display information on a VRRP group that is configured on an interface that belongs to a VRF instance, enter the show running-config track [interface interface] command: Figure 54-402. Command Example: show running-config track interface FTOS#show running-config interface gigabitethernet 13/4 interface GigabitEthernet 13/4 ip vrf forwarding red ip address 192.168.0.1/24 vrrp-group 4 virtual-address 192.168.0.
55 S-Series Debugging and Diagnostics The chapter contains the following major sections: • • • • • • • • • • Offline diagnostics Trace logs Last restart reason (S4810) show hardware commands (S4810) Environmental monitoring Buffer tuning Troubleshooting packet loss Application core dumps Mini core dumps TCP dumps Offline diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware.
www.dell.com | support.dell.com Important Points to Remember • You can only perform offline diagnostics on an offline standalone unit or offline member unit of a stack of three or more. You cannot perform diagnostics on the management or standby unit in a stack of two or more (Message 49). Message 49 Offline Diagnostics on Master/Standby Error Running Diagnostics on master/standby unit is not allowed on stack. • • • • Perform offline diagnostics on one stack member at a time.
Figure 55-405. Verifying the Offline/Online Status of an S-Series Stack Unit FTOS#show system brief | no-more Stack MAC : 00:01:e8:d6:02:39 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Standby online S25V S25V 4.7.7.220 28 1 Management offline S50N S50N 4.7.7.220 52 2 Member online S25P S25P 4.7.7.
www.dell.com | support.dell.com Figure 55-406. Running Offline Diagnostics on an S-Series Standalone Unit FTOS#diag stack-unit 1 alllevels Warning - diagnostic execution will cause multiple link flaps on the peer side - advisable to shut directly connected ports Proceed with Diags [confirm yes/no]: yes 00:03:35: %S50N:1 %DIAGAGT-6-DA_DIAG_STARTED: Starting diags on stack unit 1 00:03:35 : Approximate time to complete these Diags ...
Figure 55-407.
www.dell.com | support.dell.com Figure 55-408. Viewing the Results of Offline Diagnostics on a Standalone Unit FTOS#show file flash://TestReport-SU-0.txt **********************************S-Series Diagnostics******************** Stack Unit Board Serial Number : DL267160098 CPU Version : MPC8541, Version: 1.1 PLD Version : 5 Diag image based on build : E_MAIN4.7.7.206 Stack Unit Board Voltage levels - 3.300000 V, 2.500000 V, 1.800000 V, 1.250000 V, 1.200000 V, 2.
Auto Save on Crash or Rollover Exception information on for master or standby units is stored in the flash:/TRACE_LOG_DIR directory. This directory contains files that save trace information when there has been a task crash or timeout. On a master unit, the TRACE_LOG_DIR files can be reached by FTP or by using the show file command from the flash://TRACE_LOG_DIR directory. On a Standby unit, the TRACE_LOG_DIR files can be reached only by using the show file command from the flash://TRACE_LOG_DIR directory.
www.dell.com | support.dell.com show hardware commands (S4810) Note: The show hardware command tree is supported on the S4810 only. The show hardware command tree consists of EXEC Privilege commands used with the S4810 system. These commands display information from a hardware sub-component and from hardware-based feature tables. Table 55-110 lists the show hardware commands available as of the latest FTOS version on the S4810.
Table 55-110. show hardware Commands Command Description show hardware stack-unit {0-11} unit {0-1} ipmc-replication View the Multicast IPMC replication table from the bShell. show hardware stack-unit {0-11} unit {0-1} port-stats [detail] View the internal statistics for each port-pipe (unit) on per port basis. show hardware stack-unit {0-11} unit {0-1} register View the stack-unit internal registers for each port-pipe.
www.dell.com | support.dell.com Message 51 Over Temperature Condition System Messages CHMGR-2-MAJOR_TEMP: Major alarm: chassis temperature high (temperature reaches or exceeds threshold of [value]C) CHMGR-2-TEMP_SHUTDOWN_WARN: WARNING! temperature is [value]C; approaching shutdown threshold of [value]C To view the programmed alarm thresholds levels, including the shutdown value, execute the show alarms threshold command shown in Figure 55-410. Figure 55-410.
This message in Message 52 indicates that the specified card is not receiving enough power. In response, the system first shuts down Power over Ethernet (PoE). If the under-voltage condition persists, line cards are shut down, then RPMs. Troubleshoot an under-voltage condition To troubleshoot an under-voltage condition, check that the correct number of power supplies are installed and their Status LEDs are lit.
www.dell.com | support.dell.com • Forwarding Processor (FP) ASICs provide Ethernet MAC functions, queueing and buffering, as well as store feature and forwarding tables for hardware-based lookup and forwarding decisions. 1G and 10G interfaces use different FPs. Table 55-112 describes the type and number of ASICs per platform. Table 55-112. ASICS by Platform Hardware FP CSF S50N, S50V 2 0 S25V, S25P, S25N 1 0 You can tune buffers at three locations, as shown in Figure 55-411. 1.
Figure 55-411. Buffer Tuning Points CSF Unit 3 1 IDP Switch Links 2 FP Unit 1 3 Front-end Links PHY PHY Deciding to tune buffers Dell Force10 recommends exercising caution when configuring any non-default buffer settings, as tuning can significantly affect system performance. The default values work for most cases. As a guideline, consider tuning buffers if traffic is very bursty (and coming from several interfaces). In this case: • • • Reduce the dedicated buffer on all queues/interfaces.
www.dell.com | support.dell.com Buffer tuning commands Task Command Command Mode Define a buffer profile for the FP queues. buffer-profile fp fsqueue CONFIGURATION Define a buffer profile for the CSF queues. buffer-profile csf csqueue CONFIGURATION Change the dedicated buffers on a physical 1G interface. buffer dedicated BUFFER PROFILE Change the maximum amount of dynamic buffers an interface can request. buffer dynamic BUFFER PROFILE Change the number of packet-pointers per queue.
Figure 55-412. Display the Default Buffer Profile FTOS#show buffer-profile detail interface gigabitethernet 0/1 Interface Gi 0/1 Buffer-profile Dynamic buffer 194.88 (Kilobytes) Queue# Dedicated Buffer Buffer Packets (Kilobytes) 0 2.50 256 1 2.50 256 2 2.50 256 3 2.50 256 4 9.38 256 5 9.38 256 6 9.38 256 7 9.38 256 Figure 55-413.
www.dell.com | support.dell.com Using a pre-defined buffer profile FTOS provides two pre-defined buffer profiles, one for single-queue (i.e non-QoS) applications, and one for four-queue (i.e QoS) applications. Task Command Mode Apply one of two pre-defined buffer profiles for all port pipes in the system. buffer-profile global [1Q|4Q] CONFIGURATION You must reload the system for the global buffer profile to take effect (Message 53).
Figure 55-414.
www.dell.com | support.dell.com Figure 55-415.
Figure 55-416.
www.dell.com | support.dell.com Figure 55-417.
Displaying Stack Port Statistics The show hardware stack-unit stack-port command displays input and output statistics for a stack-port interface, as shown in Figure 55-419. Figure 55-419.
www.dell.com | support.dell.com Application core dumps Application core dumps are disabled by default. A core dump file can be very large. Due to memory requirements the file can only be sent directly to an FTP server. It is not stored on the local flash. Enable full application core dumps with the following: Task Command Syntax Command Mode Enable RPM core dumps and specify the shutdown mode. logging coredump server CONFIGURATION Undo this command using the no logging coredump server.
When a member or standby unit crashes, the mini core file gets uploaded to master unit. When the master unit crashes, the mini core file is uploaded to new master. Figure 55-422.
www.dell.com | support.dell.com 1074 | Task Command Syntax Command Mode Enable a TCP dump for CPU bound traffic.
56 Standards Compliance This document contains the following sections: • • • IEEE Compliance RFC and I-D Compliance MIB Location Note: Unless noted, when a standard cited here is listed as supported by FTOS, FTOS also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website. Click on “Browse and search IETF documents,” enter an RFC number, and inspect the top of the resulting document for obsolescence citations to related RFCs.
www.dell.com | support.dell.com • MTU — 9,252 bytes RFC and I-D Compliance The following standards are supported by FTOS, and are grouped by related protocol. The columns showing support by platform indicate which version of FTOS first supports the standard. Note: Checkmarks (9) in the E-Series column indicate that FTOS support was added before FTOS version 7.5.1. General Internet Protocols FTOS support, per platform Full Name 768 User Datagram Protocol 7.6.1 7.5.1 9 8.1.
General IPv4 Protocols FTOS support, per platform RFC# Full Name E-Series E-Series S-Series C-Series TeraScale ExaScale 791 Internet Protocol 7.6.1 7.5.1 9 8.1.1 792 Internet Control Message Protocol 7.6.1 7.5.1 9 8.1.1 826 An Ethernet Address Resolution Protocol 7.6.1 7.5.1 9 8.1.1 1027 Using ARP to Implement Transparent Subnet Gateways 7.6.1 7.5.1 9 8.1.1 1035 DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION (client) 7.6.1 7.5.1 9 8.1.
www.dell.com | support.dell.com General IPv6 Protocols 1078 FTOS support, per platform | Full Name 1886 DNS Extensions to support IP version 6 7.8.1 7.8.1 9 8.2.1 1981 (Partial) Path MTU Discovery for IP version 6 7.8.1 7.8.1 9 8.2.1 2460 Internet Protocol, Version 6 (IPv6) Specification 7.8.1 7.8.1 9 8.2.1 2462 (Partial) IPv6 Stateless Address Autoconfiguration 7.8.1 7.8.1 9 8.2.1 2464 Transmission of IPv6 Packets over Ethernet Networks 7.8.1 7.8.1 9 8.2.
Border Gateway Protocol (BGP) FTOS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale RFC# Full Name 1997 BGP Communities Attribute 7.8.1 7.7.1 9 8.1.1 2385 Protection of BGP Sessions via the TCP MD5 Signature Option 7.8.1 7.7.1 9 8.1.1 2439 BGP Route Flap Damping 7.8.1 7.7.1 9 8.1.1 2545 Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing 7.8.1 9 8.2.1 2796 BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP) 7.8.
www.dell.com | support.dell.com Open Shortest Path First (OSPF) FTOS support, per platform S-Series E-Series E-Series C-Series TeraScale ExaScale RFC# Full Name 1587 The OSPF Not-So-Stubby Area (NSSA) Option 7.6.1 7.5.1 9 8.1.1 2154 OSPF with Digital Signatures 7.6.1 7.5.1 9 8.1.1 2328 OSPF Version 2 7.6.1 7.5.1 9 8.1.1 2370 The OSPF Opaque LSA Option 7.6.1 7.5.1 9 8.1.1 2740 OSPF for IPv6 7.8.1 9 8.2.1 3623 Graceful OSPF Restart 7.8.1 7.5.1 9 8.1.
Routing Information Protocol (RIP) FTOS support, per platform S-Series E-Series TeraScale C-Series E-Series ExaScale RFC# Full Name 1058 Routing Information Protocol 7.8.1 7.6.1 9 8.1.1 2453 RIP Version 2 7.8.1 7.6.1 9 8.1.1 4191 Default Router Preferences and More-Specific Routes 8.3.12.0 Multiprotocol Label Switching (MPLS) FTOS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale RFC# Full Name 2702 Requirements for Traffic Engineering Over MPLS 8.3.
www.dell.com | support.dell.com Multicast FTOS support, per platform RFC# Full Name 1112 | E-Series ExaScale C-Series Host Extensions for IP Multicasting 7.8.1 7.7.1 9 8.1.1 2236 Internet Group Management Protocol, Version 2 7.8.1 7.7.1 9 8.1.1 2710 Multicast Listener Discovery (MLD) for IPv6 9 8.2.1 3376 Internet Group Management Protocol, Version 3 3569 An Overview of Source-Specific Multicast (SSM) 3618 7.8.1 7.7.1 9 8.1.1 7.8.1 SSM for IPv4 7.7.1 SSM for IPv4 7.5.
Network Management FTOS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale RFC# Full Name 1155 Structure and Identification of Management Information for TCP/IP-based Internets 7.6.1 7.5.1 9 8.1.1 1156 Management Information Base for Network Management of TCP/IP-based internets 7.6.1 7.5.1 9 8.1.1 1157 A Simple Network Management Protocol (SNMP) 7.6.1 7.5.1 9 8.1.1 1212 Concise MIB Definitions 7.6.1 7.5.1 9 8.1.
www.dell.com | support.dell.com Network Management (continued) 1084 FTOS support, per platform | C-Series E-Series ExaScale Full Name 2576 Coexistence Between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework 7.6.1 7.5.1 9 8.1.1 2578 Structure of Management Information Version 2 (SMIv2) 7.6.1 7.5.1 9 8.1.1 2579 Textual Conventions for SMIv2 7.6.1 7.5.1 9 8.1.1 2580 Conformance Statements for SMIv2 7.6.1 7.5.1 9 8.1.
Network Management (continued) FTOS support, per platform C-Series E-Series ExaScale Full Name 3815 Definitions of Managed Objects for the Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP) 4001 Textual Conventions for Internet Network Addresses 8.3.12 5060 Protocol Independent Multicast MIB 7.8.1 7.8.1 7.7.1 8.1.1 ANSI/TIA-1057 The LLDP Management Information Base extension module for TIA-TR41.4 Media Endpoint Discovery information 7.7.1 7.6.1 7.6.1 8.1.
www.dell.com | support.dell.com Network Management (continued) FTOS support, per platform RFC# Full Name S-Series C-Series FORCE10-FIB-M Force10 CIDR Multipath Routes MIB (The IP IB Forwarding Table provides information that you can use to determine the egress port of an IP packet and troubleshoot an IP reachability issue. It reports the autonomous system of the next hop, multiple next hop support, and policy routing support) | E-Series ExaScale 7.6.1 8.1.
MIB Location Force10 MIBs can be found under the Force10 MIBs subhead on the Documentation page of iSupport: https://www.force10networks.com/csportal20/KnowledgeBase/Documentation.aspx You also can obtain a list of selected MIBs and their OIDs at the following URL: https://www.force10networks.com/csportal20/MIBs/MIB_OIDs.aspx Some pages of iSupport require a login. To request an iSupport account, go to: https://www.force10networks.com/CSPortal20/Support/AccountRequest.
| Standards Compliance www.dell.com | support.dell.
Index Numerics 10/100/1000 Base-T Ethernet line card, auto negotiation 449 100/1000 Ethernet interfaces port channels 424 4-Byte AS Numbers 178 802.1AB 1075 802.1D 1075 802.1p 1075 802.1p/Q 1075 802.1Q 1075 802.1s 1075 802.1w 1075 802.1X 1075 802.3ab 1075 802.3ac 1075 802.3ad 1075 802.3ae 1075 802.3af 1075 802.3ak 1075 802.3i 1075 802.3u 1075 802.3x 1075 802.
www.dell.com | support.dell.
File Transfer Protocol. See FTP.
www.dell.com | support.dell.
Router 680 types supported LSPs 486 680 M MAC hashing scheme 432 management interface 415 accessing 419 configuring a management interface 418 configuring IP address 419 definition 418 IP address consideration 419 management interface, switch 414 max age 798, 935 MBGP 222 Member VLAN (FRRP) 363 MIB Location 1087 minimum oper up links in a port channel 428 mirror, port 713, 965 remote port mirroring 966 monitor interfaces 437 MSDP 603 MT IS-IS 487 MT IS-IS TLVs 489 MTU configuring MTU values for Port Chann
www.dell.com | support.dell.
configuring interfaces to run RIP 772 debugging RIP 778 default values 770 default version 771 disabling RIP 772 ECMP paths supported 770 enabling RIP 771 route information 773 setting route metrics 777 summarizing routes 777 timer values 770 version 1 description 769 version default on interfaces 770 RIP routes, maximum 770 RIPv1 769 RIPv2 770 root bridge 797, 935 route maps configuring match commands 127 configuring set commands 129 creating 125 creating multiple instances 126 default action 126 definitio
www.dell.com | support.dell.
line authentication, support for 837 local authentication and authorization 836 local authentication and authorization, local database source of access class radius authentication, support for 837 remote authentication and authorization 821 remote authentication and authorization, 10.0.0.
| Index www.dell.com | support.dell.
