Reference Guide
Table Of Contents
- FTOS Configuration Guide for the S4810 System FTOS Version 9.2(0.0) and 9.2(0.2)
- About this Guide
- Configuration Fundamentals
- Getting Started
- Management
- Configuring Privilege Levels
- Configuring Logging
- Log Messages in the Internal Buffer
- Disabling System Logging
- Sending System Messages to a Syslog Server
- Changing System Logging Settings
- Display the Logging Buffer and the Logging Configuration
- Configuring a UNIX Logging Facility Level
- Synchronizing Log Messages
- Enabling Timestamp on Syslog Messages
- File Transfer Services
- Terminal Lines
- Setting Time Out of EXEC Privilege Mode
- Using Telnet to get to Another Network Device
- Lock CONFIGURATION Mode
- Recovering from a Forgotten Password on the System
- Recovering from a Failed Start on the System
- 802.1ag
- Ethernet CFM
- Maintenance Domains
- Maintenance Points
- Maintenance End Points
- Implementation Information
- Configuring the CFM
- Enabling Ethernet CFM
- Creating a Maintenance Domain
- Creating a Maintenance Association
- Create Maintenance Points
- Continuity Check Messages
- Sending Loopback Messages and Responses
- Sending Linktrace Messages and Responses
- Enabling CFM SNMP Traps
- Displaying Ethernet CFM Statistics
- 802.1X
- The Port-Authentication Process
- Configuring 802.1X
- Important Points to Remember
- Enabling 802.1X
- Configuring Request Identity Re-Transmissions
- Forcibly Authorizing or Unauthorizing a Port
- Re-Authenticating a Port
- Configuring Timeouts
- Configuring Dynamic VLAN Assignment with Port Authentication
- Guest and Authentication-Fail VLANs
- Access Control Lists (ACLs)
- IP Access Control Lists (ACLs)
- Important Points to Remember
- IP Fragment Handling
- Configure a Standard IP ACL
- Configure an Extended IP ACL
- Configure Layer 2 and Layer 3 ACLs
- Assign an IP ACL to an Interface
- Applying an IP ACL
- Configure Ingress ACLs
- Configure Egress ACLs
- IP Prefix Lists
- ACL Resequencing
- Route Maps
- Bidirectional Forwarding Detection (BFD)
- Border Gateway Protocol IPv4 (BGPv4)
- Autonomous Systems (AS)
- Sessions and Peers
- Route Reflectors
- BGP Attributes
- Multiprotocol BGP
- Implement BGP with FTOS
- Configuration Information
- BGP Configuration
- Enabling BGP
- Configuring AS4 Number Representations
- Configuring Peer Groups
- Configuring BGP Fast Fail-Over
- Configuring Passive Peering
- Maintaining Existing AS Numbers During an AS Migration
- Allowing an AS Number to Appear in its Own AS Path
- Enabling Graceful Restart
- Enabling Neighbor Graceful Restart
- Filtering on an AS-Path Attribute
- Regular Expressions as Filters
- Redistributing Routes
- Enabling Additional Paths
- Configuring IP Community Lists
- Configuring an IP Extended Community List
- Filtering Routes with Community Lists
- Manipulating the COMMUNITY Attribute
- Changing MED Attributes
- Changing the LOCAL_PREFERENCE Attribute
- Changing the NEXT_HOP Attribute
- Changing the WEIGHT Attribute
- Enabling Multipath
- Filtering BGP Routes
- Filtering BGP Routes Using Route Maps
- Filtering BGP Routes Using AS-PATH Information
- Configuring BGP Route Reflectors
- Aggregating Routes
- Configuring BGP Confederations
- Enabling Route Flap Dampening
- Changing BGP Timers
- Enabling BGP Neighbor Soft-Reconfiguration
- Route Map Continue
- Enabling MBGP Configurations
- BGP Regular Expression Optimization
- Debugging BGP
- Sample Configurations
- Content Addressable Memory (CAM)
- Control Plane Policing (CoPP)
- Data Center Bridging (DCB)
- Ethernet Enhancements in Data Center Bridging
- Enabling Data Center Bridging
- QoS dot1p Traffic Classification and Queue Assignment
- Configuring Priority-Based Flow Control
- Configure Enhanced Transmission Selection
- Applying DCB Policies in a Switch Stack
- Applying DCB Policies with an ETS Configuration
- Configure a DCBx Operation
- Verifying the DCB Configuration
- PFC and ETS Configuration Examples
- Using PFC and ETS to Manage Data Center Traffic
- Dynamic Host Configuration Protocol (DHCP)
- DHCP Packet Format and Options
- Assign an IP Address using DHCP
- Implementation Information
- Configure the System to be a DHCP Server
- Configure the System to be a Relay Agent
- Configure the System to be a DHCP Client
- Configure the System for User Port Stacking (Option 230)
- Configure Secure DHCP
- Source Address Validation
- Equal Cost Multi-Path (ECMP)
- FCoE Transit
- Fibre Channel over Ethernet
- Ensure Robustness in a Converged Ethernet Network
- FIP Snooping on Ethernet Bridges
- FIP Snooping in a Switch Stack
- Using FIP Snooping
- FIP Snooping Prerequisites
- Important Points to Remember
- Enabling the FCoE Transit Feature
- Enable FIP Snooping on VLANs
- Configure the FC-MAP Value
- Configure a Port for a Bridge-to-Bridge Link
- Configure a Port for a Bridge-to-FCF Link
- Impact on Other Software Features
- FIP Snooping Restrictions
- Configuring FIP Snooping
- Displaying FIP Snooping Information
- FCoE Transit Configuration Example
- Enabling FIPS Cryptography
- Force10 Resilient Ring Protocol (FRRP)
- GARP VLAN Registration Protocol (GVRP)
- High Availability (HA)
- Internet Group Management Protocol (IGMP)
- IGMP Implementation Information
- IGMP Protocol Overview
- Configure IGMP
- Viewing IGMP Enabled Interfaces
- Selecting an IGMP Version
- Viewing IGMP Groups
- Adjusting Timers
- Configuring a Static IGMP Group
- Enabling IGMP Immediate-Leave
- IGMP Snooping
- Fast Convergence after MSTP Topology Changes
- Designating a Multicast Router Interface
- Interfaces
- Basic Interface Configuration
- Advanced Interface Configuration
- Interface Types
- View Basic Interface Information
- Enabling a Physical Interface
- Physical Interfaces
- Egress Interface Selection (EIS)
- Management Interfaces
- VLAN Interfaces
- Loopback Interfaces
- Null Interfaces
- Port Channel Interfaces
- Port Channel Definition and Standards
- Port Channel Benefits
- Port Channel Implementation
- 10/100/1000 Mbps Interfaces in Port Channels
- Configuration Tasks for Port Channel Interfaces
- Creating a Port Channel
- Adding a Physical Interface to a Port Channel
- Reassigning an Interface to a New Port Channel
- Configuring the Minimum Oper Up Links in a Port Channel
- Adding or Removing a Port Channel from a VLAN
- Assigning an IP Address to a Port Channel
- Deleting or Disabling a Port Channel
- Load Balancing Through Port Channels
- Load-Balancing on the
- Changing the Hash Algorithm
- Bulk Configuration
- Defining Interface Range Macros
- Monitoring and Maintaining Interfaces
- Splitting QSFP Ports to SFP+ Ports
- Link Dampening
- Link Bundle Monitoring
- Using Ethernet Pause Frames for Flow Control
- Configure the MTU Size on an Interface
- Port-Pipes
- Auto-Negotiation on Ethernet Interfaces
- View Advanced Interface Information
- Dynamic Counters
- Internet Protocol Security (IPSec)
- IPv4 Routing
- IP Addresses
- Configuration Tasks for IP Addresses
- Assigning IP Addresses to an Interface
- Configuring Static Routes
- Configure Static Routes for the Management Interface
- Enabling Directed Broadcast
- Resolution of Host Names
- Enabling Dynamic Resolution of Host Names
- Specifying the Local System Domain and a List of Domains
- Configuring DNS with Traceroute
- ARP
- Configuration Tasks for ARP
- Configuring Static ARP Entries
- Enabling Proxy ARP
- Clearing ARP Cache
- ARP Learning via Gratuitous ARP
- Enabling ARP Learning via Gratuitous ARP
- ARP Learning via ARP Request
- Configuring ARP Retries
- ICMP
- Configuration Tasks for ICMP
- Enabling ICMP Unreachable Messages
- UDP Helper
- Enabling UDP Helper
- Configuring a Broadcast Address
- Configurations Using UDP Helper
- UDP Helper with Broadcast-All Addresses
- UDP Helper with Subnet Broadcast Addresses
- UDP Helper with Configured Broadcast Addresses
- UDP Helper with No Configured Broadcast Addresses
- Troubleshooting UDP Helper
- IPv6 Routing
- iSCSI Optimization
- iSCSI Optimization Overview
- Monitoring iSCSI Traffic Flows
- Application of Quality of Service to iSCSI Traffic Flows
- Information Monitored in iSCSI Traffic Flows
- Detection and Auto-Configuration for Dell EqualLogic Arrays
- Configuring Detection and Ports for Dell Compellent Arrays
- Synchronizing iSCSI Sessions Learned on VLT-Lags with VLT-Peer
- Enable and Disable iSCSI Optimization
- Default iSCSI Optimization Values
- iSCSI Optimization Prerequisites
- Configuring iSCSI Optimization
- Displaying iSCSI Optimization Information
- iSCSI Optimization Overview
- Intermediate System to Intermediate System
- Link Aggregation Control Protocol (LACP)
- Layer 2
- Link Layer Discovery Protocol (LLDP)
- 802.1AB (LLDP) Overview
- Optional TLVs
- TIA-1057 (LLDP-MED) Overview
- Configure LLDP
- CONFIGURATION versus INTERFACE Configurations
- Enabling LLDP
- Enabling LLDP on Management Ports
- Advertising TLVs
- Viewing the LLDP Configuration
- Viewing Information Advertised by Adjacent LLDP Agents
- Configuring LLDPDU Intervals
- Configuring Transmit and Receive Mode
- Configuring a Time to Live
- Debugging LLDP
- Relevant Management Objects
- Multicast Source Discovery Protocol (MSDP)
- Protocol Overview
- Anycast RP
- Implementation Information
- Configure Multicast Source Discovery Protocol
- Enable MSDP
- Manage the Source-Active Cache
- Accept Source-Active Messages that Fail the RFP Check
- Specifying Source-Active Messages
- Limiting the Source-Active Messages from a Peer
- Preventing MSDP from Caching a Local Source
- Preventing MSDP from Caching a Remote Source
- Preventing MSDP from Advertising a Local Source
- Logging Changes in Peership States
- Terminating a Peership
- Clearing Peer Statistics
- Debugging MSDP
- MSDP with Anycast RP
- Configuring Anycast RP
- MSDP Sample Configurations
- Multiple Spanning Tree Protocol (MSTP)
- Protocol Overview
- Spanning Tree Variations
- Configure Multiple Spanning Tree Protocol
- Enable Multiple Spanning Tree Globally
- Adding and Removing Interfaces
- Creating Multiple Spanning Tree Instances
- Influencing MSTP Root Selection
- Interoperate with Non-FTOS Bridges
- Changing the Region Name or Revision
- Modifying Global Parameters
- Modifying the Interface Parameters
- Configuring an EdgePort
- Flush MAC Addresses after a Topology Change
- MSTP Sample Configurations
- Debugging and Verifying MSTP Configurations
- Multicast Features
- Open Shortest Path First (OSPFv2 and OSPFv3)
- Protocol Overview
- OSPF with FTOS
- Configuration Information
- Configuration Task List for OSPFv3 (OSPF for IPv6)
- Enabling IPv6 Unicast Routing
- Assigning IPv6 Addresses on an Interface
- Assigning Area ID on an Interface
- Assigning OSPFv3 Process ID and Router ID Globally
- Configuring Stub Areas
- Configuring Passive-Interface
- Redistributing Routes
- Configuring a Default Route
- Enabling OSPFv3 Graceful Restart
- OSPFv3 Authentication Using IPsec
- Troubleshooting OSPFv3
- PIM Sparse-Mode (PIM-SM)
- PIM Source-Specific Mode (PIM-SSM)
- Port Monitoring
- Private VLANs (PVLAN)
- Per-VLAN Spanning Tree Plus (PVST+)
- Protocol Overview
- Implementation Information
- Configure Per-VLAN Spanning Tree Plus
- Enabling PVST+
- Disabling PVST+
- Influencing PVST+ Root Selection
- Modifying Global PVST+ Parameters
- Modifying Interface PVST+ Parameters
- Configuring an EdgePort
- PVST+ in Multi-Vendor Networks
- Enabling PVST+ Extend System ID
- PVST+ Sample Configurations
- Quality of Service (QoS)
- Routing Information Protocol (RIP)
- Remote Monitoring (RMON)
- Rapid Spanning Tree Protocol (RSTP)
- Protocol Overview
- Configuring Rapid Spanning Tree
- Important Points to Remember
- Configuring Interfaces for Layer 2 Mode
- Enabling Rapid Spanning Tree Protocol Globally
- Adding and Removing Interfaces
- Modifying Global Parameters
- Modifying Interface Parameters
- Enabling SNMP Traps for Root Elections and Topology Changes
- Influencing RSTP Root Selection
- Configuring an EdgePort
- Configuring Fast Hellos for Link State Detection
- Software-Defined Networking (SDN)
- Security
- Service Provider Bridging
- sFlow
- Simple Network Management Protocol (SNMP)
- Protocol Overview
- Implementation Information
- Configuration Task List for SNMP
- Important Points to Remember
- Set up SNMP
- Reading Managed Object Values
- Writing Managed Object Values
- Configuring Contact and Location Information using SNMP
- Subscribing to Managed Object Value Updates using SNMP
- Enabling a Subset of SNMP Traps
- Copy Configuration Files Using SNMP
- Copying a Configuration File
- Copying Configuration Files via SNMP
- Copying the Startup-Config Files to the Running-Config
- Copying the Startup-Config Files to the Server via FTP
- Copying the Startup-Config Files to the Server via TFTP
- Copy a Binary File to the Startup-Configuration
- Additional MIB Objects to View Copy Statistics
- Obtaining a Value for MIB Objects
- Manage VLANs using SNMP
- Managing Overload on Startup
- Enabling and Disabling a Port using SNMP
- Fetch Dynamic MAC Entries using SNMP
- Deriving Interface Indices
- Monitor Port-Channels
- Troubleshooting SNMP Operation
- Stacking
- Storm Control
- Spanning Tree Protocol (STP)
- Protocol Overview
- Configure Spanning Tree
- Important Points to Remember
- Configuring Interfaces for Layer 2 Mode
- Enabling Spanning Tree Protocol Globally
- Adding an Interface to the Spanning Tree Group
- Modifying Global Parameters
- Modifying Interface STP Parameters
- Enabling PortFast
- Selecting STP Root
- STP Root Guard
- Enabling SNMP Traps for Root Elections and Topology Changes
- Configuring Spanning Trees as Hitless
- STP Loop Guard
- Displaying STP Guard Configuration
- System Time and Date
- Tunneling
- Uplink Failure Detection (UFD)
- Upgrade Procedures
- Virtual LANs (VLANs)
- Virtual Link Trunking (VLT)
- Virtual Router Redundancy Protocol (VRRP)
- S-Series Debugging and Diagnostics
- Standards Compliance
Configure the optional and required parameters:
– name: enter a text string (up to 63 characters).
– access-class access-list-name: enter the name of a configured IP ACL.
– privilege level: the range is from 0 to 15.
– nopassword: do not require the user to enter a password.
– encryption-type: enter 0 for plain text or 7 for encrypted text.
– password: enter a string.
2. Configure a password for privilege level.
CONFIGURATION mode
enable password [level level] [encryption-mode] password
Configure the optional and required parameters:
– level level: specify a level from 0 to 15. Level 15 includes all levels.
– encryption-type: enter 0 for plain text or 7 for encrypted text.
– password: enter a string up to 25 characters long.
To change only the password for the enable command, configure only the password parameter.
3. Configure level and commands for a mode or reset a command’s level.
CONFIGURATION mode
privilege mode {level level command | reset command}
Configure the following required and optional parameters:
– mode: enter a keyword for the modes (exec, configure, interface, line, route-map, or
router)
– level level: the range is from 0 to 15. Levels 0, 1, and 15 are pre-configured. Levels 2 to 14 are
available for custom configuration.
– command: an FTOS CLI keyword (up to five keywords allowed).
– reset: return the command to its default privilege mode.
To view the configuration, use the show running-config command in EXEC Privilege mode.
The following example shows a configuration to allow a user
john
to view only EXEC mode commands and all snmp-
server commands. Because the snmp-server commands are
enable
level commands and, by default, found in
CONFIGURATION mode, also assign the launch command for CONFIGURATION mode, configure, to the same
privilege level as the
snmp-server commands.
Line 1: The user
john
is assigned privilege level 8 and assigned a password.
Line 2: All other users are assigned a password to access privilege level 8.
Line 3: The configure command is assigned to privilege level 8 because it needs to reach CONFIGURATION mode
where the snmp-server commands are located.
Line 4: The snmp-server commands, in CONFIGURATION mode, are assigned to privilege level 8.
Example of Configuring a Custom Privilege Level
FTOS(conf)#username john privilege 8 password john
FTOS(conf)#enable password level 8 notjohn
FTOS(conf)#privilege exec level 8 configure
FTOS(conf)#privilege config level 8 snmp-server
FTOS(conf)#end
FTOS#show running-config
Current Configuration ...
698