Dell Configuration Guide for the S6000 System 9.10(0.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2016 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents 1 About this Guide...........................................................................................................................................32 Audience............................................................................................................................................................................32 Conventions.....................................................................................................................................................
Creating a Custom Privilege Level...........................................................................................................................55 Removing a Command from EXEC Mode.............................................................................................................. 55 Moving a Command from EXEC Privilege Mode to EXEC Mode....................................................................... 55 Allowing Access to CONFIGURATION Mode Commands...............................
802.1X..........................................................................................................................................................79 Port-Authentication Process...........................................................................................................................................81 EAP over RADIUS......................................................................................................................................................
Configure an Extended IP ACL......................................................................................................................................112 Configuring Filters with a Sequence Number........................................................................................................112 Configuring Filters Without a Sequence Number................................................................................................. 113 Configure Layer 2 and Layer 3 ACLs...............
Weight........................................................................................................................................................................163 Local Preference.......................................................................................................................................................163 Multi-Exit Discriminators (MEDs)...........................................................................................................................
Changing BGP Timers..............................................................................................................................................201 Enabling BGP Neighbor Soft-Reconfiguration.....................................................................................................202 Route Map Continue............................................................................................................................................... 203 Enabling MBGP Configurations......
Configuring Lossless QueuesExample:..................................................................................................................238 Priority-Based Flow Control Using Dynamic Buffer Method..............................................................................240 Behavior of Tagged Packets..........................................................................................................................................241 Configuration Example for DSCP and PFC Priorities.....
Using DHCP Clear Commands............................................................................................................................... 277 Configure the System to be a DHCP Client................................................................................................................277 Configuring the DHCP Client System....................................................................................................................277 DHCP Client on a Management Interface........
Configure a Port for a Bridge-to-FCF Link...........................................................................................................304 Impact on Other Software Features..................................................................................................................... 304 FIP Snooping Restrictions...................................................................................................................................... 305 Configuring FIP Snooping.................
Important Points to Remember................................................................................................................................... 330 Configure GVRP............................................................................................................................................................. 331 Related Configuration Tasks....................................................................................................................................
View Basic Interface Information.................................................................................................................................354 Resetting an Interface to its Factory Default State...................................................................................................356 Enabling a Physical Interface........................................................................................................................................356 Physical Interfaces.....
Example Scenarios.................................................................................................................................................. 380 Configuring wavelength for 10–Gigabit SFP+ optics................................................................................................383 Link Dampening..............................................................................................................................................................
Configure UDP Helper.............................................................................................................................................407 Important Points to Remember..............................................................................................................................407 Enabling UDP Helper.....................................................................................................................................................
Application of Quality of Service to iSCSI Traffic Flows......................................................................................434 Information Monitored in iSCSI Traffic Flows....................................................................................................... 434 Detection and Auto-Configuration for Dell EqualLogic Arrays........................................................................... 435 Configuring Detection and Ports for Dell Compellent Arrays.................
Shared LAG State Tracking.......................................................................................................................................... 468 Configuring Shared LAG State Tracking............................................................................................................... 468 Important Points about Shared LAG State Tracking........................................................................................... 469 LACP Basic Configuration Example...............
Advertising TLVs............................................................................................................................................................ 502 Viewing the LLDP Configuration................................................................................................................................. 503 Viewing Information Advertised by Adjacent LLDP Agents.....................................................................................
Protocol Overview......................................................................................................................................................... 537 Spanning Tree Variations.............................................................................................................................................. 538 Implementation Information....................................................................................................................................
Router Priority and Cost......................................................................................................................................... 575 OSPF with Dell Networking OS................................................................................................................................... 576 Graceful Restart.......................................................................................................................................................
Overriding Bootstrap Router Updates.................................................................................................................. 623 Configuring a Designated Router.................................................................................................................................623 Creating Multicast Boundaries and Domains............................................................................................................. 624 36 PIM Source-Specific Mode (PIM-SSM)..
Honoring dot1p Priorities on Ingress Traffic..........................................................................................................657 Configuring Port-Based Rate Policing.................................................................................................................. 658 Configuring Port-Based Rate Shaping..................................................................................................................658 Policy-Based QoS Configurations...................
Configuring RMON Collection Statistics...............................................................................................................703 Configuring the RMON Collection History........................................................................................................... 703 42 Rapid Spanning Tree Protocol (RSTP)..................................................................................................... 705 Protocol Overview...............................................
Configuring the SSH Client Cipher List.................................................................................................................735 Secure Shell Authentication................................................................................................................................... 736 Troubleshooting SSH............................................................................................................................................... 738 Telnet.....................
Displaying Show sFlow Global................................................................................................................................ 772 Displaying Show sFlow on an Interface................................................................................................................. 773 Displaying Show sFlow on a Stack-unit.................................................................................................................773 Configuring Specify Collectors............
Deriving Interface Indices..............................................................................................................................................797 Monitor Port-Channels................................................................................................................................................. 798 Troubleshooting SNMP Operation...............................................................................................................................
Configure Spanning Tree...............................................................................................................................................825 Related Configuration Tasks................................................................................................................................... 826 Important Points to Remember...................................................................................................................................
53 Tunneling................................................................................................................................................. 858 Configuring a Tunnel......................................................................................................................................................858 Configuring Tunnel Keepalive Settings........................................................................................................................
PIM-Sparse Mode Support on VLT....................................................................................................................... 884 VLT Routing .............................................................................................................................................................886 Non-VLT ARP Sync................................................................................................................................................. 888 RSTP Configuration.
VRF Overview................................................................................................................................................................ 932 VRF Configuration Notes..............................................................................................................................................933 DHCP..................................................................................................................................................................
Troubleshooting Packet Loss........................................................................................................................................987 Displaying Drop Counters....................................................................................................................................... 988 Dataplane Statistics.................................................................................................................................................
1 About this Guide This guide describes the protocols and features the Dell Networking Operating System (OS) supports and provides configuration instructions and examples for implementing them. For complete information about all the CLI commands, see the Dell Command Line Reference Guide for your system. The S6000 platform is available with Dell Networking OS version 9.0(2.0) and beyond. Though this guide contains information about protocols, it is not intended to be a complete reference.
2 Configuration Fundamentals The Dell Networking Operating System (OS) command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols. The CLI is largely the same for each platform except for some commands and command outputs. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels.
The Dell Networking OS CLI is divided into three major mode levels: • EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information. • EXEC Privilege mode has commands to view configurations, clear counters, manage configuration files, run diagnostics, and enable or disable debug operations. The privilege level is 15, which is unrestricted.
QOS POLICY RSTP ROUTE-MAP ROUTER BGP BGP ADDRESS-FAMILY ROUTER ISIS ISIS ADDRESS-FAMILY ROUTER OSPF ROUTER OSPFV3 ROUTER RIP SPANNING TREE SUPPORTASSIST TRACE-LIST VLT DOMAIN VRRP UPLINK STATE GROUP uBoot Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode.
CLI Command Mode Prompt Access Command Management Ethernet Interface Dell(conf-if-ma-0/0)# interface (INTERFACE modes) Null Interface Dell(conf-if-nu-0)# interface (INTERFACE modes) Port-channel Interface Dell(conf-if-po-1)# interface (INTERFACE modes) Tunnel Interface Dell(conf-if-tu-1)# interface (INTERFACE modes) VLAN Interface Dell(conf-if-vl-1)# interface (INTERFACE modes) STANDARD ACCESS-LIST Dell(config-std-nacl)# ip access-list standard (IP ACCESS-LIST Modes) EXTENDED ACCESS-LIS
CLI Command Mode Prompt Access Command DHCP Dell(config-dhcp)# ip dhcp server DHCP POOL Dell(config-dhcp-pool-name)# pool (DHCP Mode) ECMP Dell(conf-ecmp-group-ecmpgroup-id)# ecmp-group EIS Dell(conf-mgmt-eis)# management egress-interfaceselection FRRP Dell(conf-frrp-ring-id)# protocol frrp LLDP Dell(conf-lldp)# or Dell(conf-if —interface-lldp)# protocol lldp (CONFIGURATION or INTERFACE Modes) LLDP MANAGEMENT INTERFACE Dell(conf-lldp-mgmtIf)# management-interface (LLDP Mode) LINE De
-- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports -----------------------------------------------------------------------0 Management online S4810 S4810 9.4(0.
cd clear clock Change current directory Reset functions Manage the system clock • Enter ? after a partial keyword lists all of the keywords that begin with the specified letters. Dell(conf)#cl? class-map clock Dell(conf)#cl • Enter [space]? after a keyword lists all of the keywords that can follow the specified keyword. Dell(conf)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone Dell(conf)#clock Entering and Editing Commands Notes for entering commands.
Short-Cut Key Combination Action Esc D Deletes all characters from the cursor to the end of the word. Command History The Dell Networking OS maintains a history of previously-entered commands for each mode. For example: • When you are in EXEC mode, the UP and DOWN arrow keys display the previously-entered EXEC mode commands. • When you are in CONFIGURATION mode, the UP or DOWN arrows keys recall the previously-entered CONFIGURATION mode commands.
The no-more command displays the output all at once rather than one screen at a time. This is similar to the terminal length command except that the no-more option affects the output of the specified command only. The save command copies the output to a file for future reference. NOTE: You can filter a single command output multiple times. The save option must be the last option entered.
3 Getting Started This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) and system then loads the Dell Networking Operating System. Boot messages scroll up the terminal window during this process. No user interaction is required if the boot process proceeds without interruption. When the boot process completes, the system status LEDs remain online (green) and the console monitor displays the EXEC mode prompt.
Console Access The device has two management ports available for system access: a serial RS-232 /RJ-45 console port and an out-of-band (OOB) Ethernet port to manage the switch with an IP address. Serial Console The RJ-45/RS-232 console port is labeled on the upper right-hand side, as you face the I/O side of the chassis. Figure 1.
Table 2.
3 Configure a username and password. Configure a Username and Password Configure the Management Port IP Address To access the system remotely, assign IP addresses to the management ports. 1 Enter INTERFACE mode for the Management port. CONFIGURATION mode interface ManagementEthernet slot/port 2 Assign an IP address to the interface. INTERFACE mode ip address ip-address/mask 3 • ip-address: an address in dotted-decimal format (A.B.C.D). • mask: a subnet mask in /prefix-length format (/ xx).
Configuring the Enable Password Access EXEC Privilege mode using the enable command. EXEC Privilege mode is unrestricted by default. Configure a password as a basic security measure. There are three types of enable passwords: • enable password is stored in the running/startup configuration using a DES encryption method. • enable secret is stored in the running/startup configuration using MD5 encryption method.
Location source-file-url Syntax destination-file-url Syntax TFTP server For a remote file location: SCP server copy scp://{hostip | hostname}/ scp://{hostip | hostname}/ filepath/ filename filepath/filename Important Points to Remember • You may not copy a file from one remote system to another. • You may not copy a file from one location to the same location. • When copying to a server, you can only use a hostname if a domain name server (DNS) server is configured.
Table 5. Forming a copy Command Location source-file-url Syntax destination-file-url Syntax For a remote file location: copy nfsmount://{}/filepath/filename} username:password tftp://{hostip | hostname}/ filepath/filename NFS File System Important Points to Remember • You cannot copy a file from one remote system to another. • You cannot copy a file from one location to the same location.
Save the Running-Configuration The running-configuration contains the current system configuration. Dell Networking recommends coping your running-configuration to the startup-configuration. The commands in this section follow the same format as those commands in the Copy Files to and from the System section but use the filenames startup-configuration and running-configuration. These commands assume that current directory is the internal flash, which is the system default.
Example of the dir Command The output of the dir command also shows the read/write privileges, size (in bytes), and date of modification for each file.
To change the default directory, use the following command. • Change the default directory. EXEC Privilege mode cd directory View Command History The command-history trace feature captures all commands entered by all users of the system with a time stamp and writes these messages to a dedicated trace log buffer. The system generates a trace message for each executed command. No password information is saved to the file. To view the command-history trace, use the show command-history command.
NOTE: If the HTTP service is not VRF-aware, then it uses the global routing table to perform the look-up. To enable an HTTP client to look up the VRF table corresponding to either management VRF or any nondefault VRF, use the ip http vrf command in CONFIGURATION mode. • Configure an HTTP client with a VRF that is used to connect to the HTTP server.
MD5 Dell# verify md5 flash://FTOS-SE-9.5.0.0.bin 275ceb73a4f3118e1d6bcf7d75753459 MD5 hash VERIFIED for FTOS-SE-9.5.0.0.bin SHA256 Dell# verify sha256 flash://FTOS-SE-9.5.0.0.bin e6328c06faf814e6899ceead219afbf9360e986d692988023b749e6b2093e933 SHA256 hash VERIFIED for FTOS-SE-9.5.0.0.
4 Management This chapter describes the different protocols or services used to manage the Dell Networking system.
Creating a Custom Privilege Level Custom privilege levels start with the default EXEC mode command set. You can then customize privilege levels 2-14 by: • restricting access to an EXEC mode command • moving commands from EXEC Privilege to EXEC mode • restricting access A user can access all commands at his privilege level and below.
• moves the capture bgp-pdu max-buffer-size command from EXEC Privilege to EXEC mode by requiring a minimum privilege level 3, which is the configured level for VTY 0 • allows access to CONFIGURATION mode with the banner command • allows access to INTERFACE tengigabitethernet and LINE modes are allowed with no commands • Remove a command from the list of available commands in EXEC mode. CONFIGURATION mode • privilege exec level level {command ||...
linecard Set line card type Dell(conf)#interface ? fastethernet Fast Ethernet interface gigabitethernet Gigabit Ethernet interface loopback Loopback interface managementethernet Management Ethernet interface null Null interface port-channel Port-channel interface range Configure interface range sonet SONET interface tengigabitethernet TenGigabit Ethernet interface vlan VLAN interface Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#? end Exit from configuration mode exit Exit from interface
• any configured syslog servers To disable logging, use the following commands. • Disable all logging except on the console. CONFIGURATION mode no logging on • Disable logging to the logging buffer. CONFIGURATION mode no logging buffer • Disable logging to terminal lines. CONFIGURATION mode no logging monitor • Disable console logging. CONFIGURATION mode no logging console Audit and Security Logs This section describes how to configure, display, and clear audit and security logs.
• Adding and deleting of users. • User access and configuration changes to the security and crypto parameters (not the key information but the crypto configuration) Important Points to Remember When you enabled RBAC and extended logging: • Only the system administrator user role can execute this command. • The system administrator and system security administrator user roles can view security events and system events.
The following describes the two log messages formats: • 0 – Displays syslog messages format as described in RFC 3164, The BSD syslog Protocol • 1 – Displays syslog message format as described in RFC 5424, The SYSLOG Protocol Example of Configuring the Logging Message Format Dell(conf)#logging version ? <0-1> Select syslog version (default = 0) Dell(conf)#logging version 1 Setting Up a Secure Connection to a Syslog Server You can use reverse tunneling with the port forwarding to securely connect to a sy
2 On the syslog server, create a reverse SSH tunnel from the syslog server to the Dell OS switch, using following syntax: ssh -R :: user@remote_host -nNf In the following example the syslog server IP address is 10.156.166.48 and the listening port is 5141. The switch IP address is 10.16.131.141 and the listening port is 5140 ssh -R 5140:10.156.166.48:5141 admin@10.16.131.141 -nNf 3 Configure logging to a local host. locahost is “127.0.0.1” or “::1”.
logging {ip-address | ipv6-address | hostname} {{udp {port}} | {tcp {port}}} You can export system logs to an external server that is connected through a different VRF. Configuring a UNIX System as a Syslog Server To configure a UNIX System as a syslog server, use the following command. • Configure a UNIX system as a syslog server by adding the following lines to /etc/syslog.conf on the UNIX system and assigning write permissions to the file. • Add line on a 4.1 BSD UNIX system. local7.
The following example enables login activity tracking and configures the system to store the login activity details for 12 days. Dell(config)#login statistics enable Dell(config)#login statistics time-period 12 Display Login Statistics To view the login statistics, use the show login statistics command. Example of the show login statistics Command The show login statistics command displays the successful and failed login details of the current user in the last 30 days or the custom defined time period.
Example of the show login statistics user user-id command The show login statistics user user-id command displays the successful and failed login details of a specific user in the last 30 days or the custom defined time period. Dell# show login statistics user admin -----------------------------------------------------------------User: admin Last login time: 12:52:01 UTC Tue Mar 22 2016 Last login location: Line vty0 ( 10.16.127.
Example of Configuring Concurrent Session Limit The following example limits the permitted number of concurrent login sessions to 4. Dell(config)#login concurrent-session limit 4 Enabling the System to Clear Existing Sessions To enable the system to clear existing login sessions, follow this procedure: • Use the following command.
• Specify the minimum severity level for logging to the logging buffer. CONFIGURATION mode • logging buffered level Specify the minimum severity level for logging to the console. CONFIGURATION mode • logging console level Specify the minimum severity level for logging to terminal lines. CONFIGURATION mode • logging monitor level Specify the minimum severity level for logging to a syslog server.
%CHMGR-5-CARDDETECTED: Line card 10 present %CHMGR-5-CARDDETECTED: Line card 12 present %TSM-6-SFM_DISCOVERY: Found SFM 0 %TSM-6-SFM_DISCOVERY: Found SFM 1 %TSM-6-SFM_DISCOVERY: Found SFM 2 %TSM-6-SFM_DISCOVERY: Found SFM 3 %TSM-6-SFM_DISCOVERY: Found SFM 4 %TSM-6-SFM_DISCOVERY: Found SFM 5 %TSM-6-SFM_DISCOVERY: Found SFM 6 %TSM-6-SFM_DISCOVERY: Found SFM 7 %TSM-6-SFM_SWITCHFAB_STATE: Switch Fabric: UP %TSM-6-SFM_DISCOVERY: Found SFM 8 %TSM-6-SFM_DISCOVERY: Found 9 SFMs %CHMGR-5-CHECKIN: Checkin from line c
• user (for user programs) • uucp (UNIX to UNIX copy protocol) Example of the show running-config logging Command To view nondefault settings, use the show running-config logging command in EXEC mode. Dell#show running-config logging ! logging buffered 524288 debugging service timestamps log datetime msec service timestamps debug datetime msec ! logging trap debugging logging facility user logging source-interface Loopback 0 logging 10.10.10.
• You can add the keyword localtime to include the localtime, msec, and show-timezone. If you do not add the keyword localtime, the time is UTC. • uptime: To view time since last boot. If you do not specify a parameter, Dell Networking OS configures uptime. To view the configuration, use the show running-config logging command in EXEC privilege mode. To disable time stamping on syslog messages, use the no service timestamps [log | debug] command.
Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To specify the system logging settings, use the following commands. • Specify the directory for users using FTP to reach the system. CONFIGURATION mode ftp-server topdir dir • The default is the internal flash directory. Specify a user name for all FTP users and configure either a plain text or encrypted password.
Terminal Lines You can access the system remotely and restrict access to the system by creating user profiles. Terminal lines on the system provide different means of accessing the system. The console line (console) connects you through the console port in the route processor modules (RPMs). The virtual terminal lines (VTYs) connect you through Telnet to the system. The auxiliary line (aux) connects secondary devices such as modems.
! Dell(conf)# Dell(conf)#line vty 0 0 Dell(config-line-vty)#access-class testv6deny ipv6 Dell(config-line-vty)#access-class testvpermit ipv4 Dell(config-line-vty)#show c line vty 0 exec-timeout 0 0 access-class testpermit ipv4 access-class testv6deny ipv6 ! Configuring Login Authentication for Terminal Lines You can use any combination of up to six authentication methods to authenticate a user on a terminal line. A combination of authentication methods is called a method list.
login authentication myvtymethodlist Dell(config-line-vty)# Setting Timeout for EXEC Privilege Mode EXEC timeout is a basic security feature that returns Dell Networking OS to EXEC mode after a period of inactivity on the terminal lines. To set timeout, use the following commands. • Set the number of minutes and seconds. The default is 10 minutes on the console and 30 minutes on VTY. Disable EXEC time out by setting the timeout period to 0.
login: admin Dell# Lock CONFIGURATION Mode Dell Networking OS allows multiple users to make configurations at the same time. You can lock CONFIGURATION mode so that only one user can be in CONFIGURATION mode at any time (Message 2). You can set two types of lockst: auto and manual. • Set auto-lock using the configuration mode exclusive auto command from CONFIGURATION mode. When you set autolock, every time a user is in CONFIGURATION mode, all other users are denied access.
4 At the BLI prompt, set the system parameter to ignore the enable password and reload the system: BOOT_USER# ignore enable-password BOOT_USER# reload NOTE: You must manually enter each CLI command. The system rejects a command if you copy and paste it in the command line. 5 Configure a new password. CONFIGURATION mode enable {secret | password} 6 Save the change in the running configuration to the startup configuration.
BOOT_USER# boot change primary You are prompted to enter a valid boot device (for example, ftp o r tftp or flash) and a path or filename for the Dell Networking OS image that you want to use. 4 (Optional) Set the secondary and default boot locations by entering the following commands: BOOT_USER mode BOOT_USER# boot change secondary BOOT_USER# boot change default 5 Reboot the chassis.
Restoring Factory Default Environment Variables The Boot line determines the location of the image that is used to boot up the chassis after restoring factory default settings. Ideally, these locations contain valid images, using which the chassis boots up. When you restore factory-default settings, you can either use a flash boot procedure or a network boot procedure to boot the switch. Important Points to Remember • The Chassis remains in boot prompt if none of the partitions contain valid images.
BOOT_USER # interface management ethernet ip address ip_address_with_mask For example, 10.16.150.106/16. 5 Assign an IP address as the default gateway for the system. default-gateway gateway_ip_address For example, 10.16.150.254. 6 The environment variables are auto saved. 7 Reload the system.
5 802.1X 802.1X is a port-based Network Access Control (PNAC) that provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity is verified (through a username and password, for example). 802.
Figure 4. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant. The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only communicate with the authenticator in response to 802.1X requests. • The device with which the supplicant communicates is the authenticator. The authenticator is the gate keeper of the network.
• Configuring Dynamic VLAN Assignment with Port Authentication • Guest and Authentication-Fail VLANs Port-Authentication Process The authentication process begins when the authenticator senses that a link status has changed from down to up: 1 When the authenticator senses a link state change, it requests that the supplicant identify itself using an EAP Identity Request frame. 2 The supplicant responds with its identity in an EAP Response Identity frame.
EAP over RADIUS 802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579. EAP messages are encapsulated in RADIUS packets as a type of attribute in Type, Length, Value (TLV) format. The Type value for EAP messages is 79. Figure 6. EAP Over RADIUS RADIUS Attributes for 802.1X Support Dell Networking systems include the following RADIUS attributes in all 802.
• If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured. • 802.1X is not supported on port-channels or port-channel members. Enabling 802.1X Enable 802.1X globally. Figure 7. 802.1X Enabled 1 Enable 802.1X globally. CONFIGURATION mode dot1x authentication 2 Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] 3 Enable 802.1X on the supplicant interface only.
In the following example, the bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication ! [output omitted] ! interface TenGigabitEthernet 2/1 no ip address dot1x authentication no shutdown ! Dell# To view 802.1X configuration information for an interface, use the show dot1x interface command. In the following example, the bold lines show that 802.1X is enabled on all ports unauthorized by default. Dell#show dot1x interface TenGigabitEthernet 2/1/ 802.
Dot1x Profile test Profile MACs 00:00:00:00:01:11 Configuring MAC addresses for a do1x Profile To configure a list of MAC addresses for a dot1x profile, use the mac command. You can configure 1 to 6 MAC addresses. • Configure a list of MAC addresses for a dot1x profile. DOT1X PROFILE CONFIG (conf-dot1x-profile) mac mac-address mac-address — Enter the keyword mac and type up to the 48– bit MAC addresses using the nn:nn:nn:nn:nn:nn format. A maximum of 6 MAC addresses are allowed.
Auth-Fail VLAN id: Auth-Fail Max-Attempts:3 Critical VLAN: Critical VLAN id: Mac-Auth-Bypass Only: Static-MAB: Static-MAB Profile: Tx Period: Quiet Period: ReAuth Max: Supplicant Timeout: Server Timeout: Re-Auth Interval: Max-EAP-Req: Auth Type: Auth PAE State: Backend State: 200 Enable 300 Disable Enable Sample 90 seconds 120 seconds 10 30 seconds 30 seconds 7200 seconds 10 SINGLE_HOST Authenticated Idle Configuring Critical VLAN By default, critical-VLAN is not configured.
Auth PAE State: Backend State: Authenticated Idle Configuring Request Identity Re-Transmissions When the authenticator sends a Request Identity frame and the supplicant does not respond, the authenticator waits for 30 seconds and then re-transmits the frame. The amount of time that the authenticator waits before re-transmitting and the maximum number of times that the authenticator retransmits can be configured.
The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions. Dell(conf-if-range-Te-2/1)#dot1x tx-period 90 Dell(conf-if-range-Te-2/1)#dot1x max-eap-req 10 Dell(conf-if-range-Te-2/1)#dot1x quiet-period 120 Dell#show dot1x interface TenGigabitEthernet 2/1 802.
Re-Auth Interval: Max-EAP-Req: Auth Type: Auth PAE State: Backend State: Auth PAE State: Backend State: 3600 seconds 10 SINGLE_HOST Initialize Initialize Initialize Initialize Re-Authenticating a Port You can configure the authenticator for periodic re-authentication. After the supplicant has been authenticated, and the port has been authorized, you can configure the authenticator to re-authenticate the supplicant periodically.
Configuring Timeouts If the supplicant or the authentication server is unresponsive, the authenticator terminates the authentication process after 30 seconds by default. You can configure the amount of time the authenticator waits for a response. To terminate the authentication process, use the following commands: • Terminate the authentication process due to an unresponsive supplicant. INTERFACE mode dot1x supplicant-timeout seconds The range is from 1 to 300. • The default is 30.
Configuring Dynamic VLAN Assignment with Port Authentication Dell Networking OS supports dynamic VLAN assignment when using 802.1X. The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID.
Guest and Authentication-Fail VLANs Typically, the authenticator (the Dell system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is configured or the VLAN that the authentication server indicates in the authentication data. NOTE: Ports cannot be dynamically assigned to the default VLAN.
! interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-2/1)# Dell(conf-if-Te-2/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-2/1)#show config ! interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no shutdown Dell(conf-if-Te-2/1)# Example of Viewing Configured Authentication View your configuration using the show config command from INTERFACE mode, as shown in th
6 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) This section describes the access control list (ACL) virtual local area network (VLAN) group, and content addressable memory (CAM) enhancements. Optimizing CAM Utilization During the Attachment of ACLs to VLANs To minimize the number of entries in CAM, enable and configure the ACL CAM feature. Use this feature when you apply ACLs to a VLAN (or a set of VLANs) and when you apply ACLs to a set of ports.
• The ACL is applied or removed from a group and the ACL group does not contain a VLAN member. • The description of the ACL group is added or removed. Guidelines for Configuring ACL VLAN Groups Keep the following points in mind when you configure ACL VLAN groups: • The interfaces where you apply the ACL VLAN group function as restricted interfaces. The ACL VLAN group name identifies the group of VLANs that performs hierarchical filtering. • You can add only one ACL to an interface at a time.
3 Apply an egress IP ACL to the ACL VLAN group. CONFIGURATION (conf-acl-vl-grp) mode ip access-group {group name} out implicit-permit 4 Add VLAN member(s) to an ACL VLAN group. CONFIGURATION (conf-acl-vl-grp) mode member vlan {VLAN-range} 5 Display all the ACL VLAN groups or display a specific ACL VLAN group, identified by name.
EXEC Privilege mode Dell#show cam-usage switch Stackunit|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM ========|========|=================|============|============|============= 1 | 0 | IN-L2 ACL | 1536 | 0 | 1536 | | OUT-L2 ACL | 206 | 9 | 197 Codes: * - cam usage is above 90%. Viewing CAM Usage View the amount of CAM space available, used, and remaining in each partition (including IPv4Flow and Layer 2 ACL sub- partitions) using the show cam-usage command in EXEC Privilege mode.
| | OUT-L3 ACL | | OUT-V6 ACL 3 | 0 | IN-L2 ACL | | IN-L3 ACL | | IN-V6 ACL | | OUT-L2 ACL | | OUT-L3 ACL | | OUT-V6 ACL Codes: * - cam usage is above 90%.
7 Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC ACLS, refer to Layer 2.
Topics: • IP Access Control Lists (ACLs) • Important Points to Remember • IP Fragment Handling • Configure a Standard IP ACL • Configure an Extended IP ACL • Configure Layer 2 and Layer 3 ACLs • Assign an IP ACL to an Interface • Applying an IP ACL • Configure Ingress ACLs • Configure Egress ACLs • IP Prefix Lists • ACL Resequencing • Route Maps • Flow-Based Monitoring Support for ACLs • Configuring UDF ACL IP Access Control Lists (ACLs) In Dell Networking switch/routers, you c
User Configurable CAM Allocation Allocate space for IPV6 ACLs by using the cam-acl command in CONFIGURATION mode. The CAM space is allotted in filter processor (FP) blocks. The total space allocated must equal 13 FP blocks. (There are 16 FP blocks, but System Flow requires three blocks that cannot be reallocated.) Enter the ipv6acl allocation as a factor of 2 (2, 4, 6, 8, 10). All other profile allocations can use either even or odd numbered ranges.
Assigning ACLs to VLANs When you apply an ACL to a VLAN using single port-pipe, a copy of the ACL entries gets installed in the ACL CAM on the port-pipe. The entry looks for the incoming VLAN in the packet. When you apply an ACL on individual ports of a VLAN, separate copies of the ACL entries are installed for each port belonging to a port-pipe. You can use the log keyword to log the details about the packets that match.
• • • Two or more match clauses within the same route-map sequence have different match commands, matching a packet against these clauses is a logical AND operation. If no match is found in a route-map sequence, the process moves to the next route-map sequence until a match is found, or there are no more sequences. When a match is found, the packet is forwarded and no more route-map sequences are processed.
interface TenGigabitEthernet 1/1 Set clauses: tag 35 level stub-area Dell# To delete all instances of that route map, use the no route-map map-name command. To delete just one instance, add the sequence number to the command syntax. Dell(conf)#no route-map zakho 10 Dell(conf)#end Dell#show route-map route-map zakho, permit, sequence 20 Match clauses: interface TenGigabitEthernet 1/1 Set clauses: tag 35 level stub-area Dell# The following example shows a route map with multiple instances.
Also, if there are different instances of the same route-map, then it’s sufficient if a permit match happens in any instance of that routemap. Dell(conf)#route-map force permit 10 Dell(config-route-map)#match tag 1000 Dell(config-route-map)#match metric 2000 In the following example, instance 10 permits the route having a tag value of 1000 and instances 20 and 30 deny the route having a tag value of 1000. In this scenario, Dell Networking OS scans all the instances of the route-map for any permit statement.
• Match next-hop routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode • match ipv6 next-hop {access-list-name | prefix-list prefix-list-name} Match source routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode • match ip route-source {access-list-name | prefix-list prefix-list-name} Match source routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode • match ipv6 route-source {access-list-name | prefix-list prefix-list-name} Match routes with a specific value.
• Specify an OSPF or ISIS type for redistributed routes. CONFIG-ROUTE-MAP mode set metric-type {external | internal | type-1 | type-2} • Assign an IP address as the route’s next hop. CONFIG-ROUTE-MAP mode set next-hop ip-address • Assign an IPv6 address as the route’s next hop. CONFIG-ROUTE-MAP mode set ipv6 next-hop ip-address • Assign an ORIGIN attribute. CONFIG-ROUTE-MAP mode set origin {egp | igp | incomplete} • Specify a tag for the redistributed routes.
Configure a Route Map for Route Tagging One method for identifying routes from different routing protocols is to assign a tag to routes from that protocol. As the route enters a different routing domain, it is tagged. The tag is passed along with the route as it passes through different routing protocols. You can use this tag when the route leaves a routing domain to redistribute those routes again.
IP Fragments ACL Examples The following examples show how you can use ACL commands with the fragment keyword to filter fragmented packets. Example of Permitting All Packets on an Interface The following configuration permits all packets (both fragmented and non-fragmented) with destination IP 10.1.1.1. The second rule does not get hit at all. Dell(conf)#ip access-list extended ABC Dell(conf-ext-nacl)#permit ip any 10.1.1.1/32 Dell(conf-ext-nacl)#deny ip any 10.1.1.
Example of Logging Denied Packets To log all the packets denied and to override the implicit deny rule and the implicit permit rule for TCP/ UDP fragments, use a configuration similar to the following. Dell(conf)#ip access-list extended ABC Dell(conf-ext-nacl)#permit tcp any any fragment Dell(conf-ext-nacl)#permit udp any any fragment Dell(conf-ext-nacl)#deny ip any any log Dell(conf-ext-nacl) When configuring ACLs with the fragments keyword, be aware of the following.
ip access-list standard dilling seq 15 permit tcp 10.3.0.0/16 any seq 25 deny ip host 10.5.0.0 any log Dell(config-std-nacl)# To delete a filter, use the no seq sequence-number command in IP ACCESS LIST mode. If you are creating a standard ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The software assigns filters in multiples of 5.
Configure an Extended IP ACL Extended IP ACLs filter on source and destination IP addresses, IP host addresses, TCP addresses, TCP host addresses, UDP addresses, and UDP host addresses. The traffic passes through the filter in the order of the filter’s sequence and hence you can configure the extended IP ACL by first entering IP ACCESS LIST mode, and then assigning a sequence number to the filter.
Example of the seq Command When you create the filters with a specific sequence number, you can create the filters in any order and the filters are placed in the correct order. NOTE: When assigning sequence numbers to filters, you may have to insert a new filter. To prevent reconfiguring multiple filters, assign sequence numbers in multiples of five or another number. The example below shows how the seq command orders the filters according to the sequence number assigned.
Configure Layer 2 and Layer 3 ACLs Both Layer 2 and Layer 3 ACLs may be configured on an interface in Layer 2 mode. If both L2 and L3 ACLs are applied to an interface, the following rules apply: • When Dell Networking OS routes the packets, only the L3 ACL governs them because they are not filtered against an L2 ACL. • When Dell Networking OS switches the packets, first the L3 ACL filters them, then the L2 ACL filters them.
interface interface slot/port 2 Configure an IP address for the interface, placing it in Layer-3 mode. INTERFACE mode ip address ip-address 3 Apply an IP ACL to traffic entering or exiting an interface. INTERFACE mode ip access-group access-list-name {in} [implicit-permit] [vlan vlan-range | vrf vrf-range] NOTE: The number of entries allowed per ACL is hardware-dependent. For detailed specification about entries allowed per ACL, refer to your line card documentation. 4 Apply rules to the new ACL.
! tengigabitethernet 1/1 no ip address ip access-group abcd in no shutdown Dell(conf-if-te1/1)#end Dell#configure terminal Dell(conf)#ip access-list extended abcd Dell(config-ext-nacl)#permit tcp any any Dell(config-ext-nacl)#deny icmp any any Dell(config-ext-nacl)#permit 1.1.1.2 Dell(config-ext-nacl)#end Dell#show ip accounting access-list ! Extended Ingress IP access list abcd on tengigabitethernet 1/1 seq 5 permit tcp any any seq 10 deny icmp any any seq 15 permit 1.1.1.
ip vrf forwarding blue no ip address shutdown Dell(conf-if-te-1/2)# Dell(conf-if-te-1/2)# Dell(conf-if-te-1/2)#end Dell# Applying Egress Layer 3 ACLs (Control-Plane) By default, packets originated from the system are not filtered by egress ACLs. For example, if you initiate a ping session from the system and apply an egress ACL to block this type of traffic on the interface, the ACL does not affect that ping traffic.
• An “implicit deny” is assumed (that is, the route is dropped) for all route prefixes that do not match a permit or deny filter in a configured prefix list. • After a route matches a filter, the filter’s action is applied. No additional filters are applied to the route. Implementation Information In Dell Networking OS, prefix lists are used in processing routes for routing protocols (for example, router information protocol [RIP], open shortest path first [OSPF], and border gateway protocol [BGP]).
ip prefix-list juba seq 12 deny 134.23.0.0/16 seq 15 deny 120.0.0.0/8 le 16 seq 20 permit 0.0.0.0/0 le 32 Dell(conf-nprefixl)# NOTE: The last line in the prefix list Juba contains a “permit all” statement. By including this line in a prefix list, you specify that all routes not matching any criteria in the prefix list are forwarded. To delete a filter, use the no seq sequence-number command in PREFIX LIST mode.
Examples of the show ip prefix-list Command The following example shows the show ip prefix-list detail command. Dell>show ip prefix detail Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 seq 5 deny 1.102.0.0/16 le 32 (hit count: 0) seq 6 deny 2.1.0.0/16 ge 23 (hit count: 0) seq 10 permit 0.0.0.0/0 le 32 (hit count: 0) ip prefix-list filter_ospf: count: 4, range entries: 1, sequences: 5 - 10 seq 5 deny 100.100.1.
Applying a Filter to a Prefix List (OSPF) To apply a filter to routes in open shortest path first (OSPF), use the following commands. • Enter OSPF mode. CONFIGURATION mode router ospf • Apply a configured prefix list to incoming routes. You can specify an interface. If you enter the name of a non-existent prefix list, all routes are forwarded. CONFIG-ROUTER-OSPF mode distribute-list prefix-list-name in [interface] • Apply a configured prefix list to incoming routes.
Rules Resquencing Rules After Resequencing: seq 5 permit any host 1.1.1.1 seq 10 permit any host 1.1.1.2 seq 15 permit any host 1.1.1.3 seq 20 permit any host 1.1.1.4 Resequencing an ACL or Prefix List Resequencing is available for IPv4 and IPv6 ACLs, prefix lists, and MAC ACLs. To resequence an ACL or prefix list, use the following commands. You must specify the list name, starting number, and increment when using these commands.
seq 5 permit ip any host 1.1.1.1 remark 9 ABC remark 10 this remark corresponds to permit ip any host 1.1.1.2 seq 10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.4 Dell# end Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ! ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1 seq 4 permit ip any host 1.1.1.
Behavior of Flow-Based Monitoring Activate flow-based monitoring for a monitoring session by entering the flow-based enable command in the Monitor Session mode. When you enable this capability, traffic with particular flows that are traversing through the ingress interfaces are examined, and appropriate ACLs can be applied in the ingress direction. By default, flow-based monitoring is not enabled.
Dell#show ipv6 accounting access-list ! Ingress IPv6 access list kar on TenGigabitEthernet 1/1 Total cam count 1 seq 5 permit ipv6 22::/24 33::/24 monitor Enabling Flow-Based Monitoring Flow-based monitoring is supported on the S6000 platform. Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface. This feature is particularly useful when looking for malicious traffic. It is available for Layer 2 and Layer 3 ingress and egress traffic.
-----0 -----Te 1/1 ----------Te 1/2 --rx ---- --------Flow N/A -------N/A Configuring UDF ACL To configure a User Defined Field (UDF) ACL: 1 Enable UDF ACL feature on a switch. CONFIGURATION mode feature udf-acl Dell(conf)#feature udf-acl 2 Change the default CAM allocation settings or reconfigure new CAM allocation settings and enable IPV4 UDF.
FcoeAcl : iscsiOptAcl : ipv4pbr : vrfv4Acl : Openflow : fedgovacl : nlbclusteracl: 4 0 0 0 0 0 0 0 0 0 0 0 0 0 Dell# 4 Create a UDF packet format in the UDF TCAM table. CONFIGURATION mode udf-tcam name seq number Dell(conf)#udf-tcam ipnip seq 1 5 Configure a UDF ID to parse packet headers using the specified number of offset and required bytes.
CONFIGURATION-STANDARD-ACCESS-LIST mode CONFIGURATION-EXTENDED-ACCESS-LIST mode permit ip {source mask | any | host ip-address} {destination mask | any | host ip-address} udf-pkt-format name udf-qualifier-value name Dell(config-ext-nacl)#permit ip any any udf-pkt-format ipinip udf-qualifier-value ipnip_val1 12 View the UDF TCAM configuration.
8 Bidirectional Forwarding Detection (BFD) BFD is a protocol that is used to rapidly detect communication failures between two adjacent systems. It is a simple and lightweight replacement for existing routing protocol link state detection mechanisms. It also provides a failure detection solution for links on which no routing protocol is used. BFD is a simple hello mechanism. Two neighboring systems running BFD establish a session using a three-way handshake.
BFD Packet Format Control packets are encapsulated in user datagram protocol (UDP) packets. The following illustration shows the complete encapsulation of a BFD control packet inside an IPv4 packet. Figure 9. BFD in IPv4 Packet Format Field Description Diagnostic Code The reason that the last session failed. State The current local session state. Refer to BFD Sessions. Flag A bit that indicates packet function.
Field Description Length The entire length of the BFD packet. My Discriminator A random number generated by the local system to identify the session. Your Discriminator A random number generated by the remote system to identify the session. Discriminator values are necessary to identify the session to which a control packet belongs because there can be many sessions running on a single interface.
A session can have four states: Administratively Down, Down, Init, and Up. State Description Administratively Down The local system does not participate in a particular session. Down The remote system is not sending control packets or at least not within the detection time for a particular session. Init The local system is communicating. Up Both systems are exchanging control packets. The session is declared down if: • A control packet is not received within the detection time.
Figure 10.
Session State Changes The following illustration shows how the session state on a system changes based on the status notification it receives from the remote system. For example, if a session on a system is down and it receives a Down status notification from the remote system, the session state on the local system changes to Init. Figure 11.
• Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness • Troubleshooting BFD Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do not enable the routing protocol. Without BFD, if the remote system fails, the local system does not remove the connected route until the first failed attempt to send a packet.
Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 12. Establishing a BFD Session on Physical Ports 1 Enter interface mode. CONFIGURATION mode interface 2 Assign an IP address to the interface if one is not already assigned.
Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: False Client Registered: CLI Uptime: 00:03:57 Statistics: Number of packets received from neighbor: 1775 Number of packets sent to neighbor: 1775 Number of state changes: 1 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 4 Log messages displa
• Disable BFD on an interface. INTERFACE mode no bfd enable • Enable BFD on an interface. INTERFACE mode bfd enable If you disable BFD on a local interface, this message displays: R1(conf-if-te-4/24)#01:00:52: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Ad Dn for neighbor 2.2.2.
To establish a BFD session, use the following command. • Establish BFD sessions for all neighbors that are the next hop of a static route. CONFIGURATION mode ip route bfd Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes, use the show bfd neighbors command. R1(conf)#ip route 2.2.3.0/24 2.2.2.
Configure BFD for OSPF When using BFD with OSPF, the OSPF protocol registers with the BFD manager. BFD sessions are established with all neighboring interfaces participating in OSPF. If a neighboring interface fails, the BFD agent notifies the BFD manager, which in turn notifies the OSPF protocol that a link state change has occurred. Configuring BFD for OSPF is a two-step process: 1 Enable BFD globally. 2 Establish sessions with OSPF neighbors.
Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 14. Establishing Sessions with OSPF Neighbors To establish BFD with all OSPF neighbors or with OSPF neighbors on a single interface, use the following commands. • Establish sessions with all OSPF neighbors.
The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr * 2.2.2.2 * 2.2.3.1 RemoteAddr Interface State Rx-int Tx-int Mult Clients 2.2.2.1 Te 2/1 Up 100 100 3 O 2.2.3.2 Te 2/2 Up 100 100 3 O Changing OSPF Session Parameters Configure BFD sessions with default intervals and a default role.
Configuring BFD for OSPFv3 is a two-step process: 1 Enable BFD globally. 2 Establish sessions with OSPFv3 neighbors. Related Configuration Tasks • • Changing OSPFv3 Session Parameters Disabling BFD for OSPFv3 Establishing Sessions with OSPFv3 Neighbors You can establish BFD sessions with all OSPFv3 neighbors at once or with all neighbors out of a specific interface. Sessions are only established when the OSPFv3 adjacency is in the Full state.
To disable BFD sessions, use the following commands. • Disable BFD sessions with all OSPFv3 neighbors. ROUTER-OSPFv3 mode no bfd all-neighbors • Disable BFD sessions with OSPFv3 neighbors on a single interface. INTERFACE mode ipv6 ospf bfd all-neighbors disable Configure BFD for IS-IS When using BFD with IS-IS, the IS-IS protocol registers with the BFD manager on the RPM. BFD sessions are then established with all neighboring interfaces participating in IS-IS.
Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 15. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS neighbors on a single interface, use the following commands. • Establish sessions with all IS-IS neighbors. ROUTER-ISIS mode • bfd all-neighbors Establish sessions with IS-IS neighbors on a single interface.
I O R - ISIS - OSPF - Static Route (RTM) LocalAddr * 2.2.2.2 RemoteAddr Interface State Rx-int Tx-int Mult Clients 2.2.2.1 Te 2/1 Up 100 100 3 I Changing IS-IS Session Parameters BFD sessions are configured with default intervals and a default role. The parameters that you can configure are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role. These parameters are configured for all IS-IS sessions or all IS-IS sessions out of an interface.
Prerequisites Before configuring BFD for BGP, you must first configure the following settings: 1 Configure BGP on the routers that you want to interconnect, as described in Border Gateway Protocol IPv4 (BGPv4). 2 Enable fast fall-over for BGP neighbors to reduce convergence time (the neighbor fall-over command), as described in BGP Fast Fall-Over. Establishing Sessions with BGP Neighbors Before configuring BFD for BGP, you must first configure BGP on the routers that you want to interconnect.
BFD for BGP is supported only on directly-connected BGP neighbors and only in BGP IPv4 networks. Up to 128 simultaneous BFD sessions are supported As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up and BGP maintains its adjacencies.
ROUTER BGP mode neighbor {ip-address | peer-group-name} bfd disable • Remove the disabled state of a BFD for BGP session with a specified neighbor. ROUTER BGP mode no neighbor {ip-address | peer-group-name} bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members of a peer group (the neighbor peer-group-name bfd command in ROUTER BGP configuration mode).
Examples of Verifying BGP Information The following example shows verifying a BGP configuration. R2# show running-config bgp ! router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor 3.3.3.2 no shutdown bfd all-neighbors The following example shows viewing all BFD neighbors.
Remote MAC Addr: 00:01:e8:8a:da:7b Int: TenGigabitEthernet 6/2 State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: True Client Registered: BGP Uptime: 00:02:22 Statistics: Number of packets received from neighbor: 1428 Number of packets sent to neighbor: 1428 Number of state changes: 1 Number of messages from IFA about port state change: 0 Numb
2.2.2.2 3.3.3.2 1 1 273 282 273 281 0 0 0 0 (0) 0 04:32:26 00:38:12 0 0 The following example shows viewing BFD information for a specified neighbor. The bold lines show the message displayed when you enable a BFD session with different configurations: • Message displays when you enable a BFD session with a BGP neighbor that inherits the global BFD session settings configured with the global bfd all-neighbors command.
Neighbor is using BGP peer-group mode BFD configuration Peer active in peer-group outbound optimization ... Configure BFD for VRRP When using BFD with VRRP, the VRRP protocol registers with the BFD manager on the route processor module (RPM). BFD sessions are established with all neighboring interfaces participating in VRRP. If a neighboring interface fails, the BFD agent on the line card notifies the BFD manager, which in turn notifies the VRRP protocol that a link state change occurred.
vrrp bfd all-neighbors Establishing VRRP Sessions on VRRP Neighbors The master router does not care about the state of the backup router, so it does not participate in any VRRP BFD sessions. VRRP BFD sessions on the backup router cannot change to the UP state. Configure the master router to establish an individual VRRP session the backup router. To establish a session with a particular VRRP neighbor, use the following command. • Establish a session with a particular VRRP neighbor.
vrrp bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] • Change parameters for a particular VRRP session. INTERFACE mode vrrp bfd neighbor ip-address interval milliseconds min_rx milliseconds multiplier value role [active | passive] To view session parameters, use the show bfd neighbors detail command, as shown in the example in Verifying BFD Sessions with BGP Neighbors Using the show bfd neighbors command example in Displaying BFD for BGP Information.
CONFIGURATION debug bfd packet Examples of Output from the debug bfd Commands The following example shows a three-way handshake using the debug bfd detail command. R1(conf-if-te-4/24)#00:54:38: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.2 on interface Te 4/24 (diag: 0) 00:54:38 : Sent packet for session with neighbor 2.2.2.
9 Border Gateway Protocol IPv4 (BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS). The primary function of the BGP is to exchange network reachability information with other BGP systems.
IBGP provides routers inside the AS with the knowledge to reach routers external to the AS. EBGP routers exchange information with other EBGP routers as well as IBGP routers to maintain connectivity and accessibility. Figure 18. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol — a computer network in which BGP maintains the path that updated information takes as it diffuses through the network.
Figure 19. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor. Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies.
State Description Idle BGP initializes all resources, refuses all inbound BGP connection attempts, and initiates a TCP connection to the peer. Connect In this state the router waits for the TCP connection to complete, transitioning to the OpenSent state if successful. If that transition is not successful, BGP resets the ConnectRetry timer and transitions to the Active state when the timer expires. Active The router resets the ConnectRetry timer to zero and returns to the Connect state.
Figure 20. BGP Router Rules 1 Router B receives an advertisement from Router A through eBGP. Because the route is learned through eBGP, Router B advertises it to all its iBGP peers: Routers C and D. 2 Router C receives the advertisement but does not advertise it to any peer because its only other peer is Router D, an iBGP peer, and Router D has already learned it through iBGP from Router B.
preferences. BGP sees that the Weight criteria results in two potential “best paths” and moves to local preference to reduce the options. If a number of best paths is determined, this selection criteria is applied to group’s best to determine the ultimate best path. In non-deterministic mode (the bgp non-deterministic-med command is applied), paths are compared in the order in which they arrive.
c AS_CONFED_SET is not included in the AS_PATH length. d AS_CONFED_SEQUENCE has a path length of 1, no matter how many ASs are in the AS_CONFED_SEQUENCE. 5 Prefer the path with the lowest ORIGIN type (IGP is lower than EGP, and EGP is lower than INCOMPLETE). 6 Prefer the path with the lowest multi-exit discriminator (MED) attribute.
Figure 22. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path. MED is one of the criteria used to determine the best path, so keep in mind that other criteria may impact selection, as shown in the illustration in Best Path Selection Criteria. One AS assigns the MED a value and the other AS uses that value to decide the preferred path.
Figure 23. Multi-Exit Discriminators NOTE: Configuring the set metric-type internal command in a route-map advertises the IGP cost as MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost. If the outbound route-map uses MED, it overwrites IGP MED. Origin The origin indicates the origin of the prefix, or how the prefix came into BGP. There are three origin codes: IGP, EGP, INCOMPLETE.
NOTE: Any update that contains the AS path number 0 is valid. The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold).
Implement BGP with Dell Networking OS The following sections describe how to implement BGP on Dell Networking OS. Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths with new ones. By default, a BGP speaker advertises only the best path to its peers for a given address prefix.
Ignore Router-ID in Best-Path Calculation You can avoid unnecessary BGP best-path transitions between external paths under certain conditions. The bgp bestpath routerid ignore command reduces network disruption caused by routing and forwarding plane changes and allows for faster convergence. Four-Byte AS Numbers You can use the 4-Byte (32-bit) format when configuring autonomous system numbers (ASNs). The 4-Byte support is advertised as a new BGP capability (4-BYTE-AS) in the OPEN message.
ASDOT representation combines the ASPLAIN and ASDOT+ representations. AS numbers less than 65536 appear in integer format (asplain); AS numbers equal to or greater than 65536 appear in the decimal format (asdot+). For example, the AS number 65526 appears as 65526 and the AS number 65546 appears as 1.10. Dynamic AS Number Notation Application Dell Networking OS applies the ASN notation type change dynamically to the running-config statements.
router bgp 100 neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do show ip bgp BGP table version is 28093, local router ID is 172.30.1.57 AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated throughout the network while the migration is in progress. When migrating one AS to another, perhaps combining ASs, an eBGP network may lose its routing to an iBGP if the ASN changes.
If you use the “no prepend” option, the Local-AS does not prepend to the updates received from the eBGP peer. If you do not select “no prepend” (the default), the Local-AS is added to the first AS segment in the AS-PATH. If an inbound route-map is used to prepend the aspath to the update from the peer, the Local-AS is added first. For example, consider the topology described in the previous illustration.
• High CPU utilization may be observed during an SNMP walk of a large BGP Loc-RIB. • To avoid SNMP timeouts with a large-scale configuration (large number of BGP neighbors and a large BGP Loc-RIB), Dell Networking recommends setting the timeout and retry count values to a relatively higher number. For example, t = 60 or r = 5. • To return all values on an snmpwalk for the f10BgpM2Peer sub-OID, use the -C c option, such as snmpwalk -v 2c -C c -c public.
Item Default Local preference 100 MED 0 Route Flap Damping Parameters half-life = 15 minutes reuse = 750 suppress = 2000 max-suppress-time = 60 minutes external distance = 20 Distance internal distance = 200 local distance = 200 keepalive = 60 seconds Timers holdtime = 180 seconds Add-path Disabled Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN).
bgp four-octet-as-support NOTE: Use it only if you support 4-Byte AS numbers or if you support AS4 number representation. If you are supporting 4-Byte ASNs, enable this command. Disable 4-Byte support and return to the default 2-Byte format by using the no bgp four-octet-as-support command. You cannot disable 4-Byte support if you currently have a 4-Byte ASN configured. b Disabling 4-Byte AS numbers also disables ASDOT and ASDOT+ number representation. All AS numbers are displayed in ASPLAIN format.
The following example shows the show ip bgp summary command output (4–byte AS number displays). R2#show ip bgp summary BGP router identifier 192.168.10.2, local AS number 48735.
Received 0 messages, 0 notifications, 0 in queue Sent 0 messages, 0 notifications, 0 in queue Received 0 updates, Sent 0 updates Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP table version 0, neighbor version 0 0 accepted prefixes consume 0 bytes Prefix advertised 0, rejected 0, withdrawn 0 Connections established 0; dropped 0 Last reset never No active TCP connection Dell# The following example shows verifying the BGP configuration using the show running-config b
CONFIG-ROUTER-BGP mode bgp asnotation asplain • NOTE: ASPLAIN is the default method Dell Networking OS uses and does not appear in the configuration display. Enable ASDOT AS Number representation. CONFIG-ROUTER-BGP mode • bgp asnotation asdot Enable ASDOT+ AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot+ Examples of the bgp asnotation Commands The following example shows the bgp asnotation asplain command output.
A maximum of 256 peer groups are allowed on the system. Create a peer group by assigning it a name, then adding members to the peer group. After you create a peer group, you can configure route policies for it. For information about configuring route policies for a peer group, refer to Filtering BGP Routes. NOTE: Sample Configurations for enabling peer groups are found at the end of this chapter. 1 Create a peer group by assigning a name to it.
• • • • neighbor neighbor neighbor neighbor next-hop-self route-map out route-reflector-client send-community A neighbor may keep its configuration after it was added to a peer group if the neighbor’s configuration is more specific than the peer group’s and if the neighbor’s configuration does not affect outgoing updates. NOTE: When you configure a new set of BGP policies for a peer group, always reset the peer group by entering the clear ip bgp peer-group peer-group-name command in EXEC Privilege mode.
10.68.164.1 10.68.165.1 10.68.166.1 10.68.167.1 10.68.168.1 10.68.169.1 10.68.170.1 10.68.171.1 10.68.172.1 10.68.173.1 10.68.174.1 10.68.175.1 10.68.176.1 10.68.177.1 10.68.178.1 10.68.179.1 10.68.180.1 10.68.181.1 10.68.182.1 10.68.183.1 10.68.184.1 10.68.185.1 Dell> Configuring BGP Fast Fall-Over By default, a BGP session is governed by the hold time. BGP routers typically carry large routing tables, so frequent session resets are not desirable.
Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) fall-over enabled Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 52, neighbor version 52 4 accepted prefixes consume 16 bytes Prefix advertised 0, denied 0, withdrawn 0 Connections established 6; dr
When a BGP neighbor connection with authentication configured is rejected by a passive peer-group, Dell Networking OS does not allow another passive peer-group on the same subnet to connect with the BGP neighbor. To work around this, change the BGP configuration or change the order of the peer group configuration. You can constrain the number of passive sessions accepted by the neighbor. The limit keyword allows you to set the total number of sessions the neighbor will accept, between 2 and 265.
To disable this feature, use the no neighbor local-as command in CONFIGURATION ROUTER BGP mode. R2(conf-router_bgp)#show conf ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.
neighbor 100.10.92.9 local-as 6500 neighbor 100.10.92.9 no shutdown neighbor 192.168.10.1 remote-as 65123 neighbor 192.168.10.1 update-source Loopback 0 neighbor 192.168.10.1 no shutdown neighbor 192.168.12.2 remote-as 65123 neighbor 192.168.12.2 allowas-in 9 neighbor 192.168.12.2 update-source Loopback 0 neighbor 192.168.12.2 no shutdown R2(conf-router_bgp)#R2(conf-router_bgp)# Enabling Graceful Restart Use this feature to lessen the negative effects of a BGP restart.
Enabling Neighbor Graceful Restart BGP graceful restart is active only when the neighbor becomes established. Otherwise, it is disabled. Graceful-restart applies to all neighbors with established adjacency. With the graceful restart feature, Dell Networking OS enables the receiving/restarting mode by default. In Receiver-Only mode, graceful restart saves the advertised routes of peers that support this capability when they restart.
You can enter this command multiple times if multiple filters are desired. For accepted expressions, refer to Regular Expressions as Filters. 3 Return to CONFIGURATION mode. AS-PATH ACL mode exit 4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5 Use a configured AS-PATH ACL for route filtering and manipulation.
Regular Expression Definition ^ (caret) Matches the beginning of the input string. Alternatively, when used as the first character within brackets [^ ], this matches any number except the ones specified within the brackets. $ (dollar) Matches the end of the input string. . (period) Matches any single character, including white space. * (asterisk) Matches 0 or more sequences of the immediately previous character or pattern.
Dell#show ip as-path-access-lists ip as-path access-list Eagle deny 32$ Dell# Redistributing Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the BGP process. With the redistribute command, you can include ISIS, OSPF, static, or directly connected routes in the BGP process. To add routes from other routing instances or protocols, use any of the following commands in ROUTER BGP mode.
The range is from 2 to 64. 2 Allow the specified neighbor/peer group to send/ receive multiple path advertisements. CONFIG-ROUTER-BGP mode neighbor add-path NOTE: The path-count parameter controls the number of paths that are advertised, not the number of paths that are received. Configuring IP Community Lists Within Dell Networking OS, you have multiple methods of manipulating routing attributes. One attribute you can manipulate is the COMMUNITY attribute.
deny deny deny deny deny deny deny deny deny deny deny deny deny Dell# 14551:20 701:112 702:112 703:112 704:112 705:112 14551:112 701:667 702:667 703:667 704:666 705:666 14551:666 Configuring an IP Extended Community List To configure an IP extended community list, use these commands. 1 Create a extended community list and enter the EXTCOMMUNITY-LIST mode. CONFIGURATION mode ip extcommunity-list extcommunity-list-name 2 Two types of extended communities are supported.
Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. 1 Enter the ROUTE-MAP mode and assign a name to a route map. CONFIGURATION mode route-map map-name [permit | deny] [sequence-number] 2 Configure a match filter for all routes meeting the criteria in the IP community or IP extended community list.
route-map map-name [permit | deny] [sequence-number] 2 Configure a set filter to delete all COMMUNITY numbers in the IP community list. CONFIG-ROUTE-MAP mode set comm-list community-list-name delete OR set community {community-number | local-as | no-advertise | no-export | none} Configure a community list by denying or permitting specific community numbers or types of community.
*>i 6.133.0.0/21 *>i 6.151.0.0/16 --More-- 205.171.0.16 205.171.0.16 100 100 0 0 209 7170 1455 i 209 7170 1455 i Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS. To change how the MED attribute is used, enter any or all of the following commands. • Enable MED comparison in the paths from neighbors with different ASs. CONFIG-ROUTER-BGP mode bgp always-compare-med • By default, this comparison is not performed.
4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5 Apply the route map to the neighbor or peer group’s incoming or outgoing routes. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. To view a route map configuration, use the show route-map command in EXEC Privilege mode.
• weight: the range is from 0 to 65535. To view BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show runningconfig bgp command in EXEC Privilege mode. Enabling Multipath By default, the software allows one path to a destination. You can enable multipath to allow up to 64 parallel paths to a destination. NOTE: Dell Networking recommends not using multipath and add path simultaneously in a route reflector. To allow more than one path, use the following command.
• le: maximum prefix length to me matched. For information about configuring prefix lists, refer to Access Control Lists (ACLs). 3 Return to CONFIGURATION mode. CONFIG-PREFIX LIST mode exit 4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5 Filter routes based on the criteria in the configured prefix list.
5 Filter routes based on the criteria in the configured route map. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} Configure the following parameters: • ip-address or peer-group-name: enter the neighbor’s IP address or the peer group’s name. • map-name: enter the name of a configured route map. • in: apply the route map to inbound routes. • out: apply the route map to outbound routes.
Configuring BGP Route Reflectors BGP route reflectors are intended for ASs with a large mesh; they reduce the amount of BGP control traffic. NOTE: Dell Networking recommends not using multipath and add path simultaneously in a route reflector. With route reflection configured properly, IBGP routers are not fully meshed within a cluster but all receive routing information.
*> 9.141.128.0/24 10.114.8.33 Dell# 0 18508 701 7018 2686 ? Configuring BGP Confederations Another way to organize routers within an AS and reduce the mesh for IBGP peers is to configure BGP confederations. As with route reflectors, BGP confederations are recommended only for IBGP peering involving many IBGP peering sessions per router. Basically, when you configure BGP confederations, you break the AS into smaller sub-AS, and to those outside your network, the confederations appear as one AS.
To configure route flap dampening parameters, set dampening parameters using a route map, clear information on route dampening and return suppressed routes to active state, view statistics on route flapping, or change the path selection from the default mode (deterministic) to non-deterministic, use the following commands. • Enable route dampening.
NOTE: When you change the best path selection method, path selection for existing paths remains unchanged until you reset it by entering the clear ip bgp command in EXEC Privilege mode. Examples of Configuring a Route and Viewing the Number of Dampened Routes To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show runningconfig bgp command in EXEC Privilege mode. The following example shows how to configure values to reuse or restart a route.
• keepalive: the range is from 1 to 65535. Time interval, in seconds, between keepalive messages sent to the neighbor routers. The default is 60 seconds. • • holdtime: the range is from 3 to 65536. Time interval, in seconds, between the last keepalive message and declaring the router dead. The default is 180 seconds. Configure timer values for all neighbors. CONFIG-ROUTER-BGP mode timers bgp keepalive holdtime • keepalive: the range is from 1 to 65535.
neighbor {ip-address | peer-group-name} soft-reconfiguration inbound BGP stores all the updates received by the neighbor but does not reset the peer-session. Entering this command starts the storage of updates, which is required to do inbound soft reconfiguration. Outbound BGP soft reconfiguration does not require inbound soft reconfiguration to be enabled. Example of Soft-Reconfigration of a BGP Neighbor The example enables inbound soft reconfiguration for the neighbor 10.108.1.1.
When you configure a peer to support IPv4 multicast, Dell Networking OS takes the following actions: • Send a capacity advertisement to the peer in the BGP Open message specifying IPv4 multicast as a supported AFI/SAFI (Subsequent Address Family Identifier). • If the corresponding capability is received in the peer’s Open message, BGP marks the peer as supporting the AFI/SAFI.
• debug ip bgp [ip-address | peer-group peer-group-name] notifications [in | out] View information about BGP updates and filter by prefix name. EXEC Privilege mode • debug ip bgp [ip-address | peer-group peer-group-name] updates [in | out] [prefix-list name] Enable soft-reconfiguration debug.
Last reset 00:00:12, due to Missing well known attribute Notification History 'UPDATE error/Missing well-known attr' Sent : 1 Recv: 0 'Connection Reset' Sent : 1 Recv: 0 Last notification (len 21) sent 00:26:02 ago ffffffff ffffffff ffffffff ffffffff 00160303 03010000 Last notification (len 21) received 00:26:20 ago ffffffff ffffffff ffffffff ffffffff 00150306 00000000 Last PDU (len 41) received 00:26:02 ago that caused notification to be issued ffffffff ffffffff ffffffff ffffffff 00290200 00000e01 02040201
ffffffff ffffffff ffffffff ffffffff 00130400 [. . .] The following example shows how to view space requirements for storing all the PDUs. With full internet feed (205K) captured, approximately 11.8MB is required to store all of the PDUs. Dell(conf-router_bgp)#do show capture bgp-pdu neighbor 172.30.1.250 Incoming packet capture enabled for BGP neighbor 172.30.1.250 Available buffer size 29165743, 192991 packet(s) captured using 11794257 bytes [. . .
Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int te 1/21 R1(conf-if-te-1/21)#ip address 10.0.1.21/24 R1(conf-if-te-1/21)#no shutdown R1(conf-if-te-1/21)#show config ! interface TengigabitEthernet 1/21 ip address 10.0.1.21/24 no shutdown R1(conf-if-te-1/21)#int te 1/31 R1(conf-if-te-1/31)#ip address 10.0.3.
R1(conf-router_bgp)#show config ! router bgp 99 network 192.168.128.0/24 neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 update-source Loopback 0 neighbor 192 168 128 3 no shutdown Example of Enabling BGP (Router 2) R2# conf R2(conf)#int loop 0 R2(conf-if-lo-0)#ip address 192.168.128.
R3(conf-if-lo-0)#int te 3/21 R3(conf-if-te-3/21)#ip address 10.0.2.3/24 R3(conf-if-te-3/21)#no shutdown R3(conf-if-te-3/21)#show config ! interface TengigabitEthernet 3/21 ip address 10.0.2.3/24 no shutdown R3(conf-if-te-3/21)# R3(conf-if-te-3/21)#router bgp 100 R3(conf-router_bgp)#show config ! router bgp 100 R3(conf-router_bgp)#network 192.168.128.0/24 R3(conf-router_bgp)#neighbor 192.168.128.1 remote 99 R3(conf-router_bgp)#neighbor 192.168.128.1 no shut R3(conf-router_bgp)#neighbor 192.168.128.
BGP table version 1, neighbor version 1 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 1, denied 0, withdrawn 0 from peer Connections established 2; dropped 1 Last reset 00:00:57, due to user reset Notification History 'Connection Reset' Sent : 1 Recv: 0 Last notification (len 21) sent 00:00:57 ago ffffffff ffffffff ffffffff ffffffff 00150306 00000000 Local host: 192.168.128.1, Local port: 179 Foreign host: 192.168.128.2, Foreign port: 65464 BGP neighbor is 192.168.128.
R3(conf-router_bgp)# neighbor AAA peer-group R3(conf-router_bgp)# neighbor AAA no shutdown R3(conf-router_bgp)# neighbor CCC peer-group R3(conf-router_bgp)# neighbor CCC no shutdown R3(conf-router_bgp)# neighbor 192.168.128.2 peer-group BBB R3(conf-router_bgp)# neighbor 192.168.128.2 no shutdown R3(conf-router_bgp)# neighbor 192.168.128.1 peer-group BBB R3(conf-router_bgp)# neighbor 192.168.128.1 no shutdown R3(conf-router_bgp)# R3(conf-router_bgp)#end R3#show ip bgp summary BGP router identifier 192.168.
10 Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 (L2) and Layer 3 (L3) forwarding information, access-lists (ACLs), flows, and routing policies. CAM Allocation CAM Allocation for Ingress To allocate the space for regions such has L2 ingress ACL, IPV4 ingress ACL, IPV6 ingress ACL, IPV4 QoS, L2 QoS, PBR, VRF ACL, and so forth, use the cam-acl command in CONFIGURATION mode.
NOTE: When you reconfigure CAM allocation, use the nlbclusteracl number command to change the number of NLB ARP entries. The range is from 0 to 2. The default value is 0. At the default value of 0, eight NLB ARP entries are available for use. This platform supports upto 512 CAM entries. Select 1 to configure 256 entries. Select 2 to configure 1024 entries.
NOTE: If you do not enter the allocation values for the CAM regions, the value is 0. 3 Execute write memory and verify that the new settings are written to the CAM on the next boot. EXEC Privilege mode show cam-acl 4 Reload the system. EXEC Privilege mode reload Test CAM Usage To determine whether sufficient CAM space is available to enable a service-policy, use the test-cam-usage command.
cam-profile default microcode default Dell# View CAM-ACL Settings The show cam-acl command shows the cam-acl setting that will be loaded after the next reload.
L2PT IpMacAcl VmanQos VmanDualQos EcfmAcl FcoeAcl iscsiOptAcl ipv4pbr vrfv4Acl Openflow fedgovacl : : : : : : : : : : : 0 0 0 0 0 0 0 0 0 0 0 -- Stack unit 0 -Current Settings(in block sizes) 1 block = 128 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 VmanDualQos : 0 EcfmAcl : 0 FcoeAcl : 0 iscsiOptAcl : 0 ipv4pbr : 0 vrfv4Acl : 0 Openflow : 0 fedgovacl : 0 -- Stack unit 7 -Current Settings(in block sizes) 1 block = 128 entries L2Acl : 6 Ipv4Acl : 4 Ipv
| | | | | | Codes: * - cam usage Dell# OUT-L3 ACL | OUT-V6 ACL | OUT-L2 ACL | is above 90%. 158 158 206 | | | 5 | 0 | 7 | 153 158 199 CAM Optimization When you enable the CAM optimization, if a Policy Map containing classification rules (ACL and/or DSCP/ ip-precedence rules) is applied to more than one physical interface on the same port-pipe, only a single copy of the policy is written (only one FP entry is used). When you disable this command, the system behaves as described in this chapter.
Syslog Warning Upon 90 Percent Utilization of CAM CAM utilization includes both the L3_DEFIP and L3_DEFIP_PAIR_128 table entries to calculate the utilization. Syslog Warning for Discrepancies Between Configured Extended Prefixes An error message is displayed if the number of extended prefix entries is different from the configured value during bootup.
show hardware forwarding-table mode Dell#show hardware forwarding-table mode Mode L2 MAC Entries L3 Host Entries L3 Route Entries : : : : Current Settings Default 160K 144K 16K Dell# 220 Content Addressable Memory (CAM) Next Boot Settings scaled-l3-routes 32K 16K 128K
11 Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level.
Figure 27. CoPP Implemented Versus CoPP Not Implemented Configure Control Plane Policing The system can process a maximum of 4200 packets per second (PPS). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though per protocol CoPP is applied. This happens because queue-based rate limiting is applied first.
Configuring CoPP for Protocols This section lists the commands necessary to create and enable the service-policies for CoPP. For complete information about creating ACLs and QoS rules, refer to Access Control Lists (ACLs) and Quality of Service (QoS). The basics for creating a CoPP service policy are to create a Layer 2, Layer 3, and/or an IPv6 ACL rule for the desired protocol type. Then, create a QoS input policy to rate-limit the protocol traffics according to the ACL.
Examples of Configuring CoPP for Different Protocols The following example shows creating the IP/IPv6/MAC extended ACL.
Configuring CoPP for CPU Queues Controlling traffic on the CPU queues does not require ACL rules, but does require QoS policies. CoPP for CPU queues converts the input rate from kbps to pps, assuming 64 bytes is the average packet size, and applies that rate to the corresponding queue. Consequently, 1 kbps is roughly equivalent to 2 pps. The basics for creating a CoPP service policy is to create QoS policies for the desired CPU bound queue and associate it with a particular rate-limit.
Displaying CoPP Configuration The CLI provides show commands to display the protocol traffic assigned to each control-plane queue and the current rate-limit applied to each queue. Other show commands display statistical information for trouble shooting CoPP operation. To view the rates for each queue, use the show cpu-queue rate cp command.
Example of Viewing Queue Mapping for IPv6 Protocols Dell#show ipv6 protocol-queue-mapping Protocol Src-Port Dst-Port TcpFlag Queue EgPort Rate (kbps) --------------- -------- ------- ----- ------ ----------TCP (BGP) any/179 179/any _ Q6 CP _ ICMP any any _ Q6 CP _ VRRP any any _ Q7 CP _ Dell# Control Plane Policing (CoPP) 227
12 Data Center Bridging (DCB) Data center bridging (DCB) refers to a set of enhancements to Ethernet local area networks used in data center environments, particularly with clustering and storage area networks.
For example, instead of deploying an Ethernet network for LAN traffic, include additional storage area networks (SANs) to ensure lossless Fibre Channel traffic, and a separate InfiniBand network for high-performance inter-processor computing within server clusters, only one DCB-enabled network is required in a data center.
Figure 28. Illustration of Traffic Congestion The system supports loading two DCB_Config files: • FCoE converged traffic with priority 3. • iSCSI storage traffic with priority 4. In the Dell Networking OS, PFC is implemented as follows: • PFC is supported on specified 802.1p priority traffic (dot1p 0 to 7) and is configured per interface.
NOTE: Use the following command to enable etsacl: cam-acl l2acl 2 ipv4acl 2 ipv6acl 0 ipv4qos 0 l2qos 0 l2pt 0 ipmacacl 0 vman-qos 0 fcoeacl 2 etsacl 3. After executing this command, you must save the configuration and then reload the system. The following figure shows how ETS allows you to allocate bandwidth when different traffic types are classed according to 802.1p priority and mapped to priority groups. Figure 29.
DCBx requires the link layer discovery protocol (LLDP) to provide the path to exchange DCB parameters with peer devices. Exchanged parameters are sent in organizationally specific TLVs in LLDP data units. The following LLDP TLVs are supported for DCB parameter exchange: PFC parameters PFC Configuration TLV and Application Priority Configuration TLV. ETS parameters ETS Configuration TLV and ETS Recommendation TLV.
To enable DCB with PFC buffers on a switch, enter the following commands, save the configuration, and reboot the system to allow the changes to take effect. 1 Enable DCB. CONFIGURATION mode dcb enable 2 Set PFC buffering on the DCB stack unit. CONFIGURATION mode Dell(conf)#dcb enable pfc-queues NOTE: To save the pfc buffering configuration changes, save the configuration and reboot the system.
• To change the ETS bandwidth allocation configured for a priority group in a DCB map, do not modify the existing DCB map configuration. Instead, first create a new DCB map with the desired PFC and ETS settings, and apply the new map to the interfaces to override the previous DCB map settings. Then, delete the original dot1p priority-priority group mapping.
Set the bandwidth in percentage. The percentage range is from 1 to 100% in units of 1%. Committed and peak bandwidth is in megabits per second. The range is from 0 to 40000. Committed and peak burst size is in kilobytes. Default is 50. The range is from 0 to 10000. The pfc on command enables priority-based flow control. 3 Specify the dot1p priority-to-priority group mapping for each priority. priority-pgid dot1p0_group_num dot1p1_group_num ...dot1p7_group_num Priority group range is from 0 to 7.
Lossless traffic egresses out the no-drop queues. Ingress dot1p traffic from PFC-enabled interfaces is automatically mapped to the no-drop egress queues. 1 Enter INTERFACE Configuration mode. CONFIGURATION mode interface type slot/port 2 Configure the port queues that will still function as no-drop queues for lossless traffic. INTERFACE mode pfc no-drop queues queue-range For the dot1p-queue assignments, refer to the dot1p Priority-Queue Assignment table.
Configuring PFC in a DCB Map A switch supports the use of a DCB map in which you configure priority-based flow control (PFC) setting. To configure PFC parameters, you must apply a DCB map on an interface. PFC Configuration Notes PFC provides flow control based on the 802.1p priorities in a converged Ethernet traffic that is received on an interface and is enabled by default when you enable DCB.
Otherwise, the reconfiguration of a default dot1p-queue assignment is rejected. • To ensure complete no-drop service, apply the same PFC parameters on all PFC-enabled peers. PFC Prerequisites and Restrictions On a switch, PFC is globally enabled by default, but not applied on specific 802.1p priorities. To enable PFC on 802.1p priorities, create a DCB map.
Port C —> Port B PFC no-drop queues are configured for queues 1, 2 on Port B. PFC capability is enabled on priorities 3, 4 on PORT A and C. Port B acting as Egress During the congestion, [traffic pump on priorities 3 and 4 from PORT A and PORT C is at full line rate], PORT A and C send out the PFCs to rate the traffic limit. Egress drops are not observed on Port B since traffic flow on priorities is mapped to loss less queues.
Step Task Command Command Mode Range: 0-3. Separate queue values with a comma; specify a priority range with a dash; for example: pfc no-drop queues 1,3 or pfc no-drop queues 2-3 Default: No lossless queues are configured. Priority-Based Flow Control Using Dynamic Buffer Method In a data center network, priority-based flow control (PFC) manages large bursts of one traffic type in multiprotocol links so that it does not affect other traffic types and no frames are lost due to congestion.
This default behavior is impacted if you modify the total buffer available for PFC or assign static buffer configurations to the individual PFC queues. Behavior of Tagged Packets The below is example for enabling PFC for priority 2 for tagged packets. Priority (Packet Dot1p) 2 will be mapped to PG6 on PRIO2PG setting. All other Priorities for which PFC is not enabled are mapped to default PG – PG7.
a Enable DCB globally. Dell(conf)#dcb enable b Apply PFC Priority configuration. Configure priorities on which PFC is enabled. Dell(conf-if-te-1/1)#pfc priority 1,2 SNMP Support for PFC and Buffer Statistics Tracking Buffer Statistics Tracking (BST) feature provides a mechanism to aid in Resource Monitoring and Tuning of Buffer Allocation. The Max Use Count mode provides the maximum value of the counters accumulated over a period of time.
PRIORITY to PG mapping (PRIO2PG) is on the ingress for each port. By default, all priorities are mapped to PG7. A priority for which PFC has to be generated is assigned to a PG other than PG7 (say PG6) and buffer watermark is set on PG6 so as to generate PFC. In ingress, the buffers are accounted at per PG basis and would indicate the number of the packets that has ingress this port PG but still queued up in egress pipeline. However, there is no direct mapping between the PG and Queue.
Generation of PFC for a Priority for Untagged Packets In order to generate PFC for a particular priority for untagged packets, and configuring PFC for that priority, you should find the queue number associated with priority from TABLE 1 and Associate a DCB map to forward the matched DSCP packet to that queue. PFC frames gets generated with PFC priority associated with the queue when the queue gets congested.
PRIORITY-GROUP mode priority-list value The range is from 0 to 7. The default is none. Separate priority values with a comma. Specify a priority range with a dash. For example, priority-list 3,5-7. 4 Exit priority-group configuration mode. PRIORITY-GROUP mode exit 5 Repeat Steps 1 to 4 to configure all remaining dot1p priorities in an ETS priority group. 6 Specify the dot1p priority-to-priority group mapping for each priority. priority-pgid dot1p0_group_num dot1p1_group_num ...
• The CIN version supports two types of strict-priority scheduling: • Group strict priority: Use this to increase its bandwidth usage to the bandwidth total of the priority group and allow a single priority flow in a priority group. A single flow in a group can use all the bandwidth allocated to the group. • Link strict priority: Use this to increase to the maximum link bandwidth and allow a flow in any priority group. NOTE: CIN supports only the dot1p priority-queue assignment in a priority group.
Configuring ETS in a DCB Map A switch supports the use of a DCB map in which you configure enhanced transmission selection (ETS) setting. To configure ETS parameters, you must apply a DCB map on an interface. ETS Configuration Notes ETS provides a way to optimize bandwidth allocation to outbound 802.1p classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, you can create groups within an 802.
you can apply a QoS output policy with WRED and/or rate shaping on a DCBx CIN-enabled interface. In this case, the WRED or rate shaping configuration in the QoS output policy must take into account the bandwidth allocation or queue scheduler configured in the DCB map. Priority-Group Configuration Notes When you configure priority groups in a DCB map: • A priority group consists of 802.
• Apply the specified DCB policy on all ports of the switch stack or a single stacked switch. CONFIGURATION mode dcb-map {stack-unit all | stack-ports all} dcb-map-name Configure a DCBx Operation DCB devices use data center bridging exchange protocol (DCBx) to exchange configuration information with directly connected peers using the link layer discovery protocol (LLDP) protocol.
Auto-downstream • The configuration received from a DCBx peer or from an internally propagated configuration is not stored in the switch’s running configuration. • On a DCBx port in an auto-upstream role, the PFC and application priority TLVs are enabled. ETS recommend TLVs are disabled and ETS configuration TLVs are enabled. The port advertises its own configuration to DCBx peers but is not willing to receive remote peer configuration.
NOTE: On a DCBx port, application priority TLV advertisements are handled as follows: • The application priority TLV is transmitted only if the priorities in the advertisement match the configured PFC priorities on the port. • On auto-upstream and auto-downstream ports: • • If a configuration source is elected, the ports send an application priority TLV based on the application priority TLV received on the configuration-source port.
Propagation of DCB Information When an auto-upstream or auto-downstream port receives a DCB configuration from a peer, the port acts as a DCBx client and checks if a DCBx configuration source exists on the switch. • If a configuration source is found, the received configuration is checked against the currently configured values that are internally propagated by the configuration source.
Figure 31. DCBx Sample Topology DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port: • For DCBx, on a port interface, enable LLDP in both Send (TX) and Receive (RX) mode (the protocol lldp mode command; refer to the example in CONFIGURATION versus INTERFACE Configurations in the Link Layer Discovery Protocol (LLDP) chapter). If multiple DCBx peer ports are detected on a local DCBx interface, LLDP is shut down.
[no] DCBx version {auto | cee | cin | ieee-v2.5} • cee: configures the port to use CEE (Intel 1.01). • cin: configures the port to use Cisco-Intel-Nuova (DCBx 1.0). • ieee-v2.5: configures the port to use IEEE 802.1Qaz (Draft 2.5). The default is Auto. 4 Configure the DCBx port role the interface uses to exchange DCB information. PROTOCOL LLDP mode [no] DCBx port-role {config-source | auto-downstream | auto-upstream | manual} • auto-upstream: configures the port to receive a peer configuration.
Configuring DCBx Globally on the Switch To globally configure the DCBx operation on a switch, follow these steps. 1 Enter Global Configuration mode. EXEC PRIVILEGE mode configure 2 Enter LLDP Configuration mode to enable DCBx operation. CONFIGURATION mode [no] protocol lldp 3 Configure the DCBx version used on all interfaces not already configured to exchange DCB information. PROTOCOL LLDP mode [no] DCBx version {auto | cee | cin | ieee-v2.
[no] fcoe priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x8. 7 Configure the iSCSI priority advertised for the iSCSI protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] iscsi priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x10. DCBx Error Messages The following syslog messages appear when an error in DCBx operation occurs.
Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 19. Displaying DCB Configurations Command Output show qos dot1p-queue mapping Displays the current 802.1p priority-queue mapping. show dcb [stack-unit unit-number] Displays the data center bridging status, number of PFC-enabled ports, and number of PFC-enabled queues. On the master switch in a stack, you can specify a stack-unit number. The range is from 0 to 5.
The following example shows the output of the show qos dcb-map test command. Dell#show qos dcb-map test ----------------------State :Complete PfcMode:ON -------------------PG:0 TSA:ETS BW:50 PFC:OFF Priorities:0 1 2 5 6 7 PG:1 TSA:ETS BW:50 Priorities:3 4 PFC:ON The following example shows the show interfaces pfc summary command.
Table 20. show interface pfc summary Command Description Fields Description Interface Interface type with stack-unit and port number. Admin mode is on; Admin is enabled PFC Admin mode is on or off with a list of the configured PFC priorities . When PFC admin mode is on, PFC advertisements are enabled to be sent and received from peers; received PFC configuration takes effect. The admin operational status for a DCBx exchange of PFC configuration is enabled or disabled.
Fields Description PFC TLV Statistics: Output TLV pkts Number of PFC TLVs transmitted. PFC TLV Statistics: Error pkts Number of PFC error packets received. PFC TLV Statistics: Pause Tx pkts Number of PFC pause frames transmitted. PFC TLV Statistics: Pause Rx pkts Number of PFC pause frames received The following example shows the show interface pfc statistics command.
ETS DCBX Oper status is Down Reason: Port Shutdown State Machine Type is Asymmetric Conf TLV Tx Status is enabled Reco TLV Tx Status is enabled The following example shows the show interface ets detail command.
Table 21. show interface ets detail Command Description Field Description Interface Interface type with stack-unit and port number. Maximum Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured. Admin mode ETS mode: on or off. Admin Parameters ETS configuration on local port, including priority groups, assigned dot1p priorities, and bandwidth allocation.
Link Delay 45556 pause quantum 0 Pause Tx pkts, 0 Pause Rx pkts The following example shows the show stack-unit all stack-ports all ets details command.
The following example shows the show interface DCBx detail command (legacy CEE).
Field Description Peer Operating version DCBx version that the peer uses to exchange DCB parameters. Local DCBx TLVs Transmitted Transmission status (enabled or disabled) of advertised DCB TLVs (see TLV code at the top of the show command output). Local DCBx Status: DCBx Operational Version DCBx version advertised in Control TLVs. Local DCBx Status: DCBx Max Version Supported Highest DCBx version supported in Control TLVs.
dot1p Value in the Incoming Frame Egress Queue Assignment 0 2 1 0 2 1 3 3 4 4 5 5 6 6 7 7 Configuring the Dynamic Buffer Method Priority-based flow control using dynamic buffer spaces is supported on the switch. To configure the dynamic buffer capability, perform the following steps: 1 Enable the DCB application. By default, DCB is enabled and link-level flow control is disabled on all interfaces.
7 Assign the DCB policy to the DCB buffer threshold profile on interfaces. This setting takes precedence over the default bufferthreshold setting. INTERFACE mode (conf-if-te) dcb-policy buffer-threshold buffer-threshold 8 Configuring Global total buffer size on stack ports. CONFIGURATION mode dcb pfc-total-buffer-size buffer-size stack-unit all port-set {port-pipe |all} Port-set number range is from 0 to 3.
Figure 32. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment.
dot1p Value in the Incoming Frame Priority Group Assignment 6 LAN 7 LAN The following describes the priority group-bandwidth assignment. Priority Group Bandwidth Assignment IPC 5% SAN 50% LAN 45% PFC and ETS Configuration Command Examples The following examples show PFC and ETS configuration commands to manage your data center traffic.
13 Dynamic Host Configuration Protocol (DHCP) DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators.
Option Number and Description Subnet Mask Option 1 Specifies the client’s subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client’s default gateway. Domain Name Server Option 6 Domain Name Option 15 Specifies the domain name servers (DNSs) that are available to the client. Specifies the domain name that clients should use when resolving hostnames via DNS.
Option Number and Description End Option 255 Signals the last option in the DHCP packet. Assign an IP Address using DHCP The following section describes DHCP and the client in a network. When a client joins a network: 1 The client initially broadcasts a DHCPDISCOVER message on the subnet to discover available DHCP servers. This message includes the parameters that the client requires and might include suggested values for those parameters.
Implementation Information The following describes DHCP implementation. • Dell Networking implements DHCP based on RFC 2131 and RFC 3046. • IP source address validation is a sub-feature of DHCP Snooping; the Dell Networking OS uses access control lists (ACLs) internally to implement this feature and as such, you cannot apply ACLs to an interface which has IP source address validation.
Configuring the Server for Automatic Address Allocation Automatic address allocation is an address assignment method by which the DHCP server leases an IP address to a client from a pool of available addresses. An address pool is a range of IP addresses that the DHCP server may assign. The subnet number indexes the address pools. To create an address pool, follow these steps. 1 Access the DHCP server CLI context. CONFIGURATION mode ip dhcp server 2 Create an address pool and give it a name.
Excluding Addresses from the Address Pool The DHCP server assumes that all IP addresses in a DHCP address pool are available for assigning to DHCP clients. You must specify the IP address that the DHCP server should not assign to clients. To exclude an address, follow this step. • Exclude an address range from DHCP assignment. The exclusion applies to all configured pools. DHCP mode excluded-address Specifying an Address Lease Time To specify an address lease time, use the following command.
Using NetBIOS WINS for Address Resolution Windows internet naming service (WINS) is a name resolution service that Microsoft DHCP clients use to correlate host names to IP addresses within a group of networks. Microsoft DHCP clients can be one of four types of NetBIOS nodes: broadcast, peer-to-peer, mixed, or hybrid. 1 Specify the NetBIOS WINS name servers, in order of preference, that are available to Microsoft Dynamic Host Configuration Protocol (DHCP) clients.
Using DHCP Clear Commands To clear DHCP binding entries, address conflicts, and server counters, use the following commands. • Clear DHCP binding entries for the entire binding table. EXEC Privilege mode. • clear ip dhcp binding Clear a DHCP binding entry for an individual IP address. EXEC Privilege mode. clear ip dhcp binding ip address Configure the System to be a DHCP Client A DHCP client is a network device that requests an IP address and configuration parameters from a DHCP server.
• Release the IP address dynamically acquired from a DHCP server from the interface. • Disable the DHCP client on the interface so it cannot acquire a dynamic IP address from a DHCP server. • Stop DHCP packet transactions on the interface. When you enter the release dhcp command, the IP address dynamically acquired from a DHCP server is released from an interface. The ability to acquire a new DHCP server-assigned address remains in the running configuration for the interface.
DHCP Client on a Management Interface These conditions apply when you enable a management interface to operate as a DHCP client. • The management default route is added with the gateway as the router IP address received in the DHCP ACK packet. It is required to send and receive traffic to and from other subnets on the external network. The route is added irrespective when the DHCP client and server are in the same or different subnets.
The following criteria determine packets destined for the DHCP client: • • DHCP is enabled on the interface. • The user data protocol (UDP) destination port in the packet is 68. • The chaddr (change address) in the DHCP header of the packet is the same as the interface’s MAC address. An entry in the DHCP snooping table is not added for a DHCP client interface. DHCP Server A switch can operate as a DHCP client and a DHCP server.
Remote ID This identifies the host from which the message is received. The value of this sub-option is the MAC address of the relay agent that adds Option 82. The DHCP relay agent inserts Option 82 before forwarding DHCP packets to the server. The server can use this information to: • track the number of address requests per relay agent. Restricting the number of addresses available per relay agent can harden a server against address exhaustion attacks.
Enabling DHCP Snooping To enable DHCP snooping, use the following commands. 1 Enable DHCP snooping globally. CONFIGURATION mode ip dhcp snooping 2 Specify ports connected to DHCP servers as trusted. INTERFACE mode INTERFACE PORT EXTENDER mode ip dhcp snooping trust 3 Enable DHCP snooping on a VLAN. CONFIGURATION mode ip dhcp snooping vlan name Enabling IPv6 DHCP Snooping To enable IPv6 DHCP snooping, use the following commands. 1 Enable IPv6 DHCP snooping globally.
ipv6 dhcp snooping binding mac address vlan-id vlan-id ipv6 ipv6-address interface interfacetype | interface-number lease value Clearing the Binding Table To clear the binding table, use the following command. • Delete all of the entries in the binding table. EXEC Privilege mode clear ip dhcp snooping binding Clearing the DHCP IPv6 Binding Table To clear the DHCP IPv6 binding table, use the following command. • Delete all of the entries in the binding table.
Displaying the Contents of the DHCPv6 Binding Table To display the contents of the DHCP IPv6 binding table, use the following command. • Display the contents of the binding table. EXEC Privilege mode show ipv6 dhcp snooping biniding Example of the show ipv6 dhcp snooping binding Command View the DHCP snooping statistics with the show ipv6 dhcp snooping command.
Dell(conf-if-te-0/0)#no shutdown Dell(conf-if-te-0/0)# DHCP relay tries to get ip address for the client, through configured primary address filling giaddr (relay address) 10.1.1.1. If there is no OFFER from DHCP Server, for three DISCOVER retries. Since secondary-subnet enabled, DHCP Relay Agent tries to get ip address through secondary ip address filling giaddr (relay address) 11.1.1.1.
Denial of service An attacker can send a fraudulent ARP messages to a client to associate a false MAC address with the gateway address, which would blackhole all internet-bound packets from the client. NOTE: Dynamic ARP inspection (DAI) uses entries in the L2SysFlow CAM region, a sub-region of SystemFlow. One CAM entry is required for every DAI-enabled VLAN. You can enable DAI on up to 16 VLANs on a system.
Bypassing the ARP Inspection You can configure a port to skip ARP inspection by defining the interface as trusted, which is useful in multi-switch environments. ARPs received on trusted ports bypass validation against the binding table. All ports are untrusted by default. To bypass the ARP inspection, use the following command. • Specify an interface as trusted so that ARPs are not validated against the binding table.
INTERFACE mode ip dhcp source-address-validation vlan vlan-id NOTE: Before enabling SAV With VLAN option, allocate at least one FP block to the ipmacacl CAM region. DHCP MAC Source Address Validation DHCP MAC source address validation (SAV) validates a DHCP packet’s source hardware address against the client hardware address field (CHADDR) in the payload.
Viewing the Number of SAV Dropped Packets The following output of the show ip dhcp snooping source-address-validation discard-counters command displays the number of SAV dropped packets.
14 Equal Cost Multi-Path (ECMP) This chapter describes configuring ECMP. This chapter describes configuring ECMP. ECMP for Flow-Based Affinity ECMP for flow-based affinity includes link bundle monitoring. Configuring the Hash Algorithm TeraScale has one algorithm that is used for link aggregation groups (LAGs), ECMP, and NH-ECMP, and ExaScale can use three different algorithms for each of these features. To adjust the ExaScale behavior to match TeraScale, use the following command.
Configuring the Hash Algorithm Seed Deterministic ECMP sorts ECMPs in order even though RTM provides them in a random order. However, the hash algorithm uses as a seed the lower 12 bits of the chassis MAC, which yields a different hash result for every chassis. This behavior means that for a given flow, even though the prefixes are sorted, two unrelated chassis can select different hops.
Te 1/1 Te 1/1 Up Up 36 52 Managing ECMP Group Paths To avoid path degeneration, configure the maximum number of paths for an ECMP route that the L3 CAM can hold. When you do not configure the maximum number of routes, the CAM can hold a maximum ECMP per route. To configure the maximum number of paths, use the following command. NOTE: For the new settings to take effect, save the new ECMP settings to the startup-config (write-mem) then reload the system.
link-bundle-distribution trigger-threshold {percent} The range is from 1 to 90%. • The default is 60%. Display details for an ECMP group bundle. EXEC mode show link-bundle-distribution ecmp-group ecmp-group-id The range is from 1 to 64. Viewing an ECMP Group NOTE: An ecmp-group index is generated automatically for each unique ecmp-group when you configure multipath routes to the same network. The system can generate a maximum of 512 unique ecmp-groups.
The output of show IPv6 cam command has been enhanced to include the ECMP field in the Neighbor table of Ipv6 CAM. The sample output is displayed as follows, which is similar to the prefix table.
ipv6 dest-ipv6 vlan protocol L4-source-port L4-dest-port) mac Set the mac key fields to use in hash computation(default = sourcemac dest-mac vlan ethertype) tcp-udp Option to use TCP/UDP ports in packet for ECMP/LAG hashing tunnel Set the tunnel key fields to use in hash computation(default = Hashcomputation based on Inner Header)] • The second portion comes from static physical configuration such as ingress and egress port numbers.
Figure 35. Before Polarization Effect Router B performs the same hash as router A and all the traffic goes through the same path to router D, while no traffic is redirected to router E. Some of the anti-polarization techniques used generally to mitigate unequal traffic distribution in LAG/ECMP as follows: 1 Configuring different hash-seed values at each node - Hash seed is the primary parameter in hash computations that determine distribution of traffic among the ECMP paths.
of xor1 xor2 of xor2 xor4 of xor4 xor8 of xor8 xor16 CRC16_BISYNC_AND_XOR2 - Upper 8 bits of CRC16-BISYNC and lower 8 bits CRC16_BISYNC_AND_XOR4 - Upper 8 bits of CRC16-BISYNC and lower 8 bits CRC16_BISYNC_AND_XOR8 - Upper 8 bits of CRC16-BISYNC and lower 8 bits CR16 - 16 bit XOR] Example to view show hash-algorithm: Dell(conf)#hash-algorithm ecmp flow-based-hashing crc16 Dell(conf)#end Dell#show hash-algorithm Hash-Algorithm linecard 0 Port-Set 0 Seed 185270328 Hg-Seed 185282673 EcmpFlowBasedHashingAlgo-
15 FIP Snooping The Fibre Channel over Ethernet (FCoE) Transit feature is supported on Ethernet interfaces. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces or in a switch stack.
FIP provides functionality for discovering and logging into an FCF. After discovering and logging in, FIP allows FCoE traffic to be sent and received between FCoE end-devices (ENodes) and the FCF. FIP uses its own EtherType and frame format. The following illustration shows the communication that occurs between an ENode server and an FCoE switch (FCF). The following table lists the FIP functions. Table 25.
FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF. An Ethernet bridge that provides these functions is called a FIP snooping bridge (FSB). On a FIP snooping bridge, ACLs are created dynamically as FIP login frames are processed.
Figure 38. FIP Snooping on a Dell Networking Switch The following sections describe how to configure the FIP snooping feature on a switch: • • • • • • Allocate CAM resources for FCoE. Perform FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis. To assign a MAC address to an FCoE end-device (server ENode or storage device) after a server successfully logs in, set the FCoE MAC address prefix (FC-MAP) value an FCF uses.
• A switch stack configuration is synchronized with the standby stack unit. • Dynamic population of the FCoE database (ENode, Session, and FCF tables) is synchronized with the standby stack unit. The FCoE database is maintained by snooping FIP keep-alive messages. • In case of a failover, the new master switch starts the required timers for the FCoE database tables. Timers run only on the master stack unit. Using FIP Snooping There are four steps to configure FCoE transit.
• • The existing per-VLAN and FIP snooping configuration is stored. The configuration is re-applied the next time you enable the FIP snooping feature. You must apply the CAM-ACL space for the FCoE region before enabling the FIP-Snooping feature. If you do not apply CAM-ACL space, the following error message is displayed: Dell(conf)#feature fip-snooping % Error: Cannot enable fip snooping. CAM Region not allocated for Fcoe.
• You must configure at least one interface for FCF (FCoE Forwarder) mode on a FIP snooping-enabled VLAN. You can configure multiple FCF trusted interfaces in a VLAN. • A maximum of eight VLANS are supported for FIP snooping on the switch. When enabled globally, FIP snooping processes FIP packets in traffic only from the first eight incoming VLANs. When enabled on a per-VLAN basis, FIP snooping is supported on up to eight VLANs.
Impact Description STP If you enable an STP protocol (STP, RSTP, PVSTP, or MSTP) on the switch and ports enter a blocking state, when the state change occurs, the corresponding port-based ACLs are deleted. If a port is enabled for FIP snooping in ENode or FCF mode, the ENode/FCF MAC-based ACLs are deleted. FIP Snooping Restrictions The following restrictions apply when you configure FIP snooping. • The maximum number of FCoE VLANs supported on the switch is eight.
NOTE: To disable the FCoE transit feature or FIP snooping on VLANs, use the no version of a command; for example, no feature fip-snooping or no fip-snooping enable. Displaying FIP Snooping Information Use the following show commands to display information on FIP snooping. Table 27.
Table 28. show fip-snooping sessions Command Description Field Description ENode MAC MAC address of the ENode . ENode Interface Slot/port number of the interface connected to the ENode. FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session. FCoE MAC MAC address of the FCoE session assigned by the FCF. FC-ID Fibre Channel ID assigned by the FCF. Port WWPN Worldwide port name of the CNA port.
Table 30. show fip-snooping fcf Command Description Field Description FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session. FC-MAP FC-Map value advertised by the FCF. ENode Interface Slot/port number of the interface connected to the ENode. FKA_ADV_PERIOD Period of time (in milliseconds) during which FIP keep-alive advertisements are transmitted.
The following example shows the show fip-snooping statistics port-channel command.
Field Description Number of FDISC Rejects Number of FIP FDISC reject frames received on the interface. Number of FLOGO Accepts Number of FIP FLOGO accept frames received on the interface. Number of FLOGO Rejects Number of FIP FLOGO reject frames received on the interface. Number of CVLs Number of FIP clear virtual link frames received on the interface. Number of FCF Discovery Timeouts Number of FCF discovery timeouts that occurred on the interface.
FCoE Transit Configuration Example The following illustration shows a switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 39. Configuration Example: FIP Snooping on a Switch In this example, DCBx and PFC are enabled on the FIP snooping bridge and on the FCF ToR switch.
Dell(conf-if-te-1/1)# switchport Dell(conf-if-te-1/1)# protocol lldp Dell(conf-if-te-1/1-lldp)# dcbx port-role auto-downstream NOTE: A port is enabled by default for bridge-ENode links.
16 Flex Hash and Optimized Boot-Up This chapter describes the Flex Hash and fast-boot enhancements. Topics: • Flex Hash Capability Overview • Configuring the Flex Hash Mechanism • Configuring Fast Boot and LACP Fast Switchover • Optimizing the Boot Time • Interoperation of Applications with Fast Boot and System States • RDMA Over Converged Ethernet (RoCE) Overview • Preserving 802.
When load balancing RRoCE packets using flex hash is enabled, the show ip flow command is disabled. Similarly, when the show ip flow command is in use (ingress port-based load balancing is disabled), the hashing of RRoCE packets is disabled. Flex hash APIs do not mask out unwanted byte values after extraction of the data from the Layer 4 headers for the offset value.
Guidelines for Configuring Optimized Booting Mechanism Keep the following points and limitations in mind when you configure the fast boot capability: • Fast boot is supported only when you perform an expected, stipulated reload by using the reload-type normal-reload command in Global Configuration mode or by using the reset command in uBoot mode on a switch that is running Dell Networking OS Release 9.3(0.
Interoperation of Applications with Fast Boot and System States This functionality is supported on the S6000 platform. The following sections describe the application behavior when fast boot functionality is enabled: LACP and IPv4 Routing Prior to the system restart, the system implements the following changes when you perform a fast boot: The system saves all dynamic ARP entries to a database on the flash drive.
BGP Graceful Restart When the system contains one or more BGP peerings configured for BGP graceful restart, fast boot performs the following actions: • A closure of the TCP sessions is performed on all sockets corresponding to BGP sessions on which Graceful Restart has been negotiated. This behavior is to force the peer to perform the helper role so that any routes advertised by the restarting system are retained and the peering session will not go down due to BGP Hold timeout.
Changes to BGP Multipath When the system becomes active after a fast-boot restart, a change has been made to the BGP multipath and ECMP behavior. The system delays the computation and installation of additional paths to a destination into the BGP routing information base (RIB) and forwarding table for a certain period of time.
RRoCE packets are received and transmitted on specific interfaces called lite-subinterfaces. These interfaces are similar to the normal Layer 3 physical interfaces except for the extra provisioning that they offer to enable the VLAN ID for encapsulation. You can configure a physical interface or a Layer 3 Port Channel interface as a lite subinterface. When you configure a lite subinterface, only tagged IP packets with VLAN encapsulation are processed and routed. All other data packets are discarded.
17 Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimizations, STP can take up to 50 seconds to converge (depending on the size of network and node of failure) and may require 4 to 5 seconds to reconverge.
Ring Status The ring failure notification and the ring status checks provide two ways to ensure the ring remains up and active in the event of a switch or port failure. Ring Checking At specified intervals, the Master node sends a ring health frame (RHF) through the ring. If the ring is complete, the frame is received on its secondary port and the Master node resets its fail-period timer and continues normal operation.
In the following example, FRRP 101 is a ring with its own Control VLAN, and FRRP 202 has its own Control VLAN running on another ring. A Member VLAN that spans both rings is added as a Member VLAN to both FRRP groups. Switch R3 has two instances of FRRP running on it: one for each ring. The example topology that follows shows R3 assuming the role of a Transit node for both FRRP 101 and FRRP 202. Figure 40.
• Master node secondary port is in blocking state during Normal operation. • Ring health frames (RHF) • Hello RHF: sent at 500ms (hello interval); Only the Master node transmits and processes these. • Topology Change RHF: triggered updates; processed at all nodes. Important FRRP Concepts The following table lists some important FRRP concepts.
Implementing FRRP • FRRP is media and speed independent. • FRRP is a Dell proprietary protocol that does not interoperate with any other vendor. • You must disable the spanning tree protocol (STP) on both the Primary and Secondary interfaces before you can enable FRRP. • All ring ports must be Layer 2 ports. This is required for both Master and Transit nodes. • A VLAN configured as a control VLAN for a ring cannot be configured as a control or member VLAN for any other ring.
• Tag control VLAN ports. • All ports on the ring must use the same VLAN ID for the control VLAN. • You cannot configure a VLAN as both a control VLAN and member VLAN on the same ring. • Only two interfaces can be members of a control VLAN (the Master Primary and Secondary ports). • Member VLANs across multiple rings are not supported in Master nodes. To create the control VLAN for this FRRP group, use the following commands on the switch that is to act as the Master node.
• The control VLAN must be the same for all nodes on the ring. To create the Members VLANs for this FRRP group, use the following commands on all of the Transit switches in the ring. 1 Create a VLAN with this ID number. CONFIGURATION mode. interface vlan vlan-id VLAN ID: the range is from 1 to 4094. 2 Tag the specified interface or range of interfaces to this VLAN. CONFIG-INT-VLAN mode.
• Dead-Interval: the range is from 50 to 6000, in increments of 50 (default is 1500). Clearing the FRRP Counters To clear the FRRP counters, use one of the following commands. • Clear the counters associated with this Ring ID. EXEC PRIVELEGED mode. clear frrp ring-id • Ring ID: the range is from 1 to 255. Clear the counters associated with all FRRP groups. EXEC PRIVELEGED mode. clear frrp Viewing the FRRP Configuration To view the configuration for the FRRP group, use the following command.
• There can be only one Master node for any FRRP group. • You can configure FRRP on Layer 2 interfaces only. • Spanning Tree (if you enable it globally) must be disabled on both Primary and Secondary interfaces when you enable FRRP. • • When the interface ceases to be a part of any FRRP process, if you enable Spanning Tree globally, also enable it explicitly for the interface. The maximum number of rings allowed on a chassis is 255.
Example of R3 TRANSIT interface TenGigabitEthernet 3/14 no ip address switchport no shutdown ! interface TenGigabitEthernet 3/21 no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged TenGigabitEthernet 3/14,21 no shutdown ! interface Vlan 201 no ip address tagged TenGigabitEthernet 3/14,21 no shutdown ! protocol frrp 101 interface primary TenGigabitEthernet 3/21 secondary TenGigabitEthernet 3/14 control-vlan 101 member-vlan 201 mode transit no disable Force10 Resilient Ring Protoco
18 GARP VLAN Registration Protocol (GVRP) The generic attribute registration protocol (GARP) VLAN registration protocol (GVRP), defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches. GVRP-compliant switches use GARP to register and deregister attribute values, such as VLAN IDs, with each other.
Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example, GVRP is configured on VLAN trunk ports. Figure 41.
• Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp Dell(config-gvrp)#no disable Dell(config-gvrp)#show config ! protocol gvrp no disable Dell(config-gvrp)# To inspect the global configuration, use the show gvrp brief command. Enabling GVRP on a Layer 2 Interface To enable GVRP on a Layer 2 interface, use the following command. • Enable GVRP on a Layer 2 interface.
no ip address switchport gvrp enable gvrp registration fixed 34-35 gvrp registration forbidden 45-46 no shutdown Dell(conf-if-te-1/21)# Configure a GARP Timer Set GARP timers to the same values on all devices that are exchanging information using GVRP. There are three GARP timer settings. • Join — A GARP device reliably transmits Join messages to other devices by sending each Join message two times. To define the interval between the two sending operations of each Join message, use this parameter.
19 Internet Group Management Protocol (IGMP) Internet group management protocol (IGMP) is a Layer 3 multicast protocol that hosts use to join or leave a multicast group. Multicast is premised on identifying many hosts by a single destination IP address; hosts represented by the same IP address are a multicast group. Multicast routing protocols (such as protocol-independent multicast [PIM]) use the information in IGMP messages to discover which groups are active and to populate the multicast routing table.
leaves a multicast group by sending an IGMP message to its IGMP Querier. The querier is the router that surveys a subnet for multicast receivers and processes survey responses to populate the multicast routing table. IGMP messages are encapsulated in IP packets, as shown in the following illustration. Figure 42.
still receives no response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are differences. • Version 3 adds the ability to filter by multicast source, which helps multicast routing protocols avoid forwarding traffic to subnets where there are no interested receivers.
Figure 44. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. 1 The first unsolicited report from the host indicates that it wants to receive traffic for group 224.1.1.1. 2 The host’s second report indicates that it is only interested in traffic from group 224.1.1.1, source 10.11.1.1.
Figure 45. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. 1 Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 are no longer necessary.
Figure 46. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. 1 Enable multicast routing using the ip multicast-routing command. 2 Enable a multicast routing protocol.
Viewing IGMP Enabled Interfaces Interfaces that are enabled with PIM-SM are automatically enabled with IGMP. To view IGMP-enabled interfaces, use the following command. • View IGMP-enabled interfaces. EXEC Privilege mode show ip igmp interface Example of the show ip igmp interface Command Dell#show ip igmp interface TenGigabitEthernet 3/10 Inbound IGMP access group is not set Internet address is 165.87.34.
Example of the show ip igmp groups Command Dell# show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface 225.1.1.1 TenGigabitEthernet 1/1 225.1.2.1 TenGigabitEthernet 1/1 Mode IGMPV2 IGMPV2 Uptime 00:11:19 00:10:19 Expires 00:01:50 00:01:50 Last Reporter 165.87.34.100 165.87.31.100 Viewing IGMP Snooping Groups To view both learned and statically configured IGMP snooping groups, use the following command.
• Adjust the maximum response time. INTERFACE mode • ip igmp query-max-resp-time Adjust the last member query interval. INTERFACE mode ip igmp last-member-query-interval Enabling IGMP Immediate-Leave If the querier does not receive a response to a group-specific or group-and-source query, it sends another (querier robustness value). Then, after no response, it removes the group from the outgoing interface for the subnet.
• View the configuration. CONFIGURATION mode show running-config • Disable snooping on a VLAN.
Specifying a Port as Connected to a Multicast Router To statically specify or view a port in a VLAN, use the following commands. • Statically specify a port in a VLAN as connected to a multicast router. INTERFACE VLAN mode ip igmp snooping mrouter • View the ports that are connected to multicast routers. EXEC Privilege mode. show ip igmp snooping mrouter Configuring the Switch as Querier To configure the switch as a querier, use the following command.
Fast Convergence after MSTP Topology Changes When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, Dell Networking OS sends a general query out of all ports except the multicast router ports. The host sends a response to the general query and the forwarding database is updated without having to wait for the query interval to expire.
Application Name Port Number Client SNMP 162 for SNMP Traps (client), Supported Server 161 for SNMP MIB response (server) NTP 123 Supported DNS 53 Supported FTP 20/21 Supported Syslog 514 Supported Telnet 23 Supported TFTP 69 Supported Radius 1812,1813 Supported Tacacs 49 Supported HTTP 80 for httpd Supported Supported Supported 443 for secure httpd 8008 HTTP server port for confd application 8888 secure HTTP server port for confd application If you configure a source int
• Applications can be configured or unconfigured as management applications using the application or no application command. All configured applications are considered as management applications and the rest of them as non-management applications. • All the management routes (connected, static and default) are duplicated and added to the management EIS routing table. • Any new management route added is installed to both the EIS routing table and default routing table.
Handling of Switch-Initiated Traffic When the control processor (CP) initiates a control packet, the following processing occurs: • TCP/UDP port number is extracted from the sockaddr structure in the in_selectsrc call which is called as part of the connect system call or in the ip_output function.
• If route lookup in the EIS routing table fails or if the management port is down, then packets are dropped. The management application drop counter is incremented. • Whenever IP address is assigned to the management port, it is stored in a global variable in the IP stack, which is used for comparison with the source IP address of the packet. • Rest of the response traffic is handled as per existing behavior by doing route lookup in the default routing table.
• EIS is enabled implies that EIS feature is enabled and the application might or might not be configured as a management application • EIS is disabled implies that either EIS feature itself is disabled or that the application is not configured as a management application Transit Traffic This phenomenon occurs where traffic is transiting the switch. Traffic has not originated from the switch and is not terminating on the switch.
Protocol Behavior when EIS is Enabled Behavior when EIS is Disabled radius EIS Behavior Default Behavior Sflow-collector Default Behavior Snmp (SNMP Mib response and SNMP Traps) EIS Behavior Default Behavior ssh EIS Behavior Default Behavior syslog EIS Behavior Default Behavior tacacs EIS Behavior Default Behavior telnet EIS Behavior Default Behavior tftp EIS Behavior Default Behavior icmp (ping and traceroute) EIS Behavior for ICMP Default Behavior Behavior of Various Applicati
Protocol Behavior when EIS is Enabled Behavior when EIS is Disabled icmp (ping and traceroute) EIS Behavior for ICMP Default Behavior Interworking of EIS With Various Applications Stacking • The management EIS is enabled on the master and the standby unit. • Because traffic can be initiated from the Master unit only, the preference to management EIS table for switch-initiated traffic and all its related ARP processing is done in the Master unit only.
20 Interfaces This chapter describes interface types, both physical and logical, and how to configure them with Dell Networking Operating System (OS). The system supports 10 Gigabit Ethernet and 40 Gigabit Ethernet interfaces. NOTE: Only Dell-qualified optics are supported on these interfaces. Non-Dell 40G optics are set to error-disabled state.
• Loopback Interfaces • Null Interfaces • Port Channel Interfaces • Bulk Configuration • Defining Interface Range Macros • Monitoring and Maintaining Interfaces • Splitting 40G Ports without Reload • Splitting QSFP Ports to SFP+ Ports • Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port • Configuring wavelength for 10–Gigabit SFP+ optics • Link Dampening • Link Bundle Monitoring • Using Ethernet Pause Frames for Flow Control • Configure the MTU Size on an Interface • Port-Pi
NOTE: To end output from the system, such as the output from the show interfaces command, enter CTRL+C and Dell Networking OS returns to the command prompt. NOTE: The CLI output may be incorrectly displayed as 0 (zero) for the Rx/Tx power values. To obtain the correct power information, perform a simple network management protocol (SNMP) query. Examples of the show Commands The following example shows the configuration and status information for one interface.
no ip address shutdown ! interface TenGigabitEthernet 2/7 no ip address shutdown ! interface TenGigabitEthernet 2/8 no ip address shutdown ! interface TenGigabitEthernet 2/9 no ip address shutdown Resetting an Interface to its Factory Default State You can reset the configurations applied on an interface to its factory default state. To reset the configuration, perform the following steps: 1 View the configurations applied on an interface.
2 • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Enable the interface. INTERFACE mode no shutdown To confirm that the interface is enabled, use the show config command in INTERFACE mode. To leave INTERFACE mode, use the exit command or end command. You cannot delete a physical interface.
show interface transceiver QSFP QSFP QSFP QSFP QSFP QSFP QSFP QSFP QSFP QSFP QSFP QSFP 0 0 0 0 0 0 0 0 0 0 0 0 Serial ID Base Fields Id Ext Id Connector Transceiver Code Encoding Length(SFM) Km Length(OM3) 2m Length(OM2) 1m Length(OM1) 1m Length(Copper) 1m Vendor Rev = = = = = = = = = = = 0x0d 0x00 0x0c 0x04 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x05 0x00 0x32 0x00 0x00 0x00 0 Overview of Layer Modes On all systems running Dell Networking OS, you can place physical interfaces, port channels, and VLANs in
Configuring Layer 2 (Interface) Mode To configure an interface in Layer 2 mode, use the following commands. • Enable the interface. INTERFACE mode no shutdown • Place the interface in Layer 2 (switching) mode. INTERFACE mode switchport To view the interfaces in Layer 2 mode, use the show interfaces switchport command in EXEC mode. Configuring Layer 3 (Network) Mode When you assign an IP address to a physical interface, you place it in Layer 3 mode.
INTERFACE mode no shutdown • Configure a primary IP address and mask on the interface. INTERFACE mode ip address ip-address mask [secondary] The ip-address must be in dotted-decimal format (A.B.C.D) and the mask must be in slash format (/xx). Add the keyword secondary if the IP address is the interface’s backup IP address. Example of the show ip interface Command You can only configure one primary IP address per interface. You can configure up to 255 secondary IP addresses on a single interface.
To enable and configure EIS, use the following commands: 1 Enter EIS mode. CONFIGURATION mode management egress-interface-selection 2 Configure which applications uses EIS.
If there are 2 RPMs on the system, each Management interface must be configured with a different IP address. Unless the management route command is configured, you can only access the Management interface from the local LAN. To access the Management interface from another LAN, the management route command must be configured to point to the Management interface. Alternatively, you can use virtual-ip to manage a system with one or two RPMs.
Configuring a Management Interface on an Ethernet Port You can manage the system through any port using remote access such as Telnet. To configure an IP address for the port, use the following commands. There is no separate management routing table, so configure all routes in the IP routing table (the ip route command). • Configure an IP address. INTERFACE mode ip address ip-address mask • Enable the interface. INTERFACE mode no shutdown • The interface is the management interface.
Dell Networking OS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP addresses to VLANs and use them in routing protocols in the same manner that physical interfaces are used. For more information about configuring different routing protocols, refer to the chapters on the specific protocol. A consideration for including VLANs in routing protocols is that you must configure the no shutdown command. (For routing traffic to flow, you must enable the VLAN.
• Enter INTERFACE mode of the Null interface. CONFIGURATION mode interface null 0 The only configurable command in INTERFACE mode of the Null interface is the ip unreachable command. Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad.
Each port channel must contain interfaces of the same interface type/speed. Port channels can contain a mix of 1G/10G/40G. The interface speed that the port channel uses is determined by the first port channel member that is physically up. Dell Networking OS disables the interfaces that do not match the interface speed that the first channel member sets.
interface port-channel id-number 2 Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown After you enable the port channel, you can place it in Layer 2 or Layer 3 mode. To place the port channel in Layer 2 mode or configure an IP address to place the port channel in Layer 3 mode, use the switchport command. You can configure a port channel as you would a physical interface by enabling or configuring protocols or assigning access control lists.
Te 1/13 (Up) Te 1/14 (Up) Dell# The following example shows the port channel’s mode (L2 for Layer 2 and L3 for Layer 3 and L2L3 for a Layer 2-port channel assigned to a routed VLAN), the status, and the number of interfaces belonging to the port channel. Dell>show interface port-channel 20 Port-channel 20 is up, line protocol is up Hardware address is 00:01:e8:01:46:fa Internet address is 1.1.120.
INTERFACE PORT-CHANNEL mode no channel-member interface 2 Change to the second port channel INTERFACE mode. INTERFACE PORT-CHANNEL mode interface port-channel id number 3 Add the interface to the second port channel. INTERFACE PORT-CHANNEL mode channel-member interface Example of Moving an Interface to a New Port Channel The following example shows moving an interface from port channel 4 to port channel 3.
tagged port-channel id number • An interface with tagging enabled can belong to multiple VLANs. Add the port channel to the VLAN as an untagged interface. INTERFACE VLAN mode untagged port-channel id number • An interface without tagging enabled can belong to only one VLAN. Remove the port channel with tagging enabled from the VLAN. INTERFACE VLAN mode no tagged port-channel id number or no untagged port-channel id number • Identify which port channels are members of VLANs.
Assigning an IP Address to a Port Channel You can assign an IP address to a port channel and use port channels in Layer 3 routing protocols. To assign an IP address, use the following command. • Configure an IP address and mask on the interface. INTERFACE mode ip address ip-address mask [secondary] • ip-address mask: enter an address in dotted-decimal format (A.B.C.D). The mask must be in slash format (/24). • secondary: the IP address is the interface’s backup IP address.
hash-algorithm {ecmp {crc16 | crc16cc | crc32MSB | crc32LSB | crc-upper | dest-ip | flowbased-hashing {crc16|crc16cc|crc32MSB|crc32LSB|xor1|xor2|xor4|xor8|xor16}|lsb | xor1 | xor2 | xor4 | xor8 | xor16}[[hg {crc16 | crc16cc | crc32MSB | crc32LSB | xor1 | xor2 | xor4 | xor8 | xor16}]| [lag {crc16 | crc16cc | crc32MSB | crc32LSB | xor1 | xor2 | xor4 | xor8 | xor16 }] [stack-unit|linecard number | port-set number | [hg—seed seed-value | seedseed-value • For more information about algorithm choices, refer to
The show range command is available under Interface Range mode. This command allows you to display all interfaces that have been validated under the interface range context. The show configuration command is also available under Interface Range mode. This command allows you to display the running configuration only for interfaces that are part of interface range. You can avoid specifying spaces between the range of interfaces, separated by commas, that you configure by using the interface range command.
Exclude a Smaller Port Range The following is an example show how the smaller of two port ranges is omitted in the interface-range prompt. Example of the Interface-Range Prompt for Multiple Port Ranges Dell(conf)#interface range tengigabitethernet 2/1 - 23 , tengigab 2/1 - 10 Dell(conf-if-range-te-2/1-23)# Overlap Port Ranges The following is an example showing how the interface-range prompt extends a port range from the smallest start port number to the largest end port number when port ranges overlap.
• Selects the interfaces range to be configured using the values saved in a named interface-range macro. CONFIGURATION mode interface range macro name Example of Using a Macro to Change the Interface Range Configuration Mode The following example shows how to change to the interface-range configuration mode using the interface-range macro named “test.
m l T q - Change mode Page up Increase refresh interval Quit c - Clear screen a - Page down t - Decrease refresh interval q Dell# Maintenance Using TDR The time domain reflectometer (TDR) is supported on all Dell Networking switch/routers. TDR is an assistance tool to resolve link issues that helps detect obvious open or short conditions within any of the four copper pairs. TDR sends a signal onto the physical cable and examines the reflection of the signal that returns.
The defaults ports are: 0,8,16,24,32,36,40,44,48,52,56,60,64,68,72,76,80,84,88,92,100,108,116,124 Example: stack-unit stack-unit-number quad-port-profile [default | list of ports] To display the Fan-out capability profile, use the following show command: show system stack-unit quad-port-profile Example of the show Command The following example shows the system stack-unit quad-port-profile command.
Fo 1/15/1 Fo 1/16/1 Down Down 40000 Mbit Auto 40000 Mbit Auto --- The following example shows that when you split an interface on a 16X40G module, the subsequent even numbered interface is removed from the configuration. Dell(conf)# stack-unit [stack-unit number] slot [slot number] port [port number] portmode quad speed 10G Warning: Enabling Quad mode on stack-unit 1 slot 3 port 15. Please verify whether the configs related to interface Fo 1/3/15 Fo 1/3/16 are cleaned up before proceeding further.
To verify port splitting, use the show system stack-unit stack—unit—number fanout {count | configure} command • The quad port must be in a default configuration before you can split it into 4x10G ports. The 40G port is lost in the configuration when the port is split; be sure that the port is also removed from other L2/L3 feature configurations.
Example Scenarios Consider the following scenarios: • QSFP port 0 is connected to a QSA with SFP+ optical cables plugged in. • QSFP port 4 is connected to a QSA with SFP optical cables plugged in. • QSFP port 8 in fanned-out mode is plugged in with QSFP optical cables. • QSFP port 12 in 40 G mode is plugged in with QSFP optical cables.
SFP 0 Diagnostic Information =================================== SFP 0 Rx Power measurement type =================================== SFP 0 Temp High Alarm threshold SFP 0 Voltage High Alarm threshold SFP 0 Bias High Alarm threshold = OMA = 0.000C = 0.000V = 0.000mA NOTE: In the following show interfaces tengigbitethernet transceiver commands, the ports 5,6, and 7 are inactive and no physical SFP or SFP+ connection actually exists on these ports.
QSFP 0 Rx Power measurement type = OMA =================================== QSFP 0 Temp High Alarm threshold = 0.000C QSFP 0 Voltage High Alarm threshold = 0.000V QSFP 0 Bias High Alarm threshold = 0.
Current address is 90:b1:1c:f4:9a:fa Pluggable media present, SFP type is 1GBASE …………………… LineSpeed 1000 Mbit Dell#show interfaces tengigabitethernet 0/8 TenGigabitEthernet 0/0 is up, line protocol is up Hardware is DellEth, address is 90:b1:1c:f4:9a:fa Current address is 90:b1:1c:f4:9a:fa Pluggable media present, QSFP type is 4x10GBASE-CR1-3M ……..
Link dampening: • reduces processing on the CPUs by reducing excessive interface flapping. • improves network stability by penalizing misbehaving interfaces and redirecting traffic. • improves convergence times and stability throughout the network by isolating failures so that disturbances are not propagated. Important Points to Remember • Link dampening is not supported on VLAN interfaces. • Link dampening is disabled when the interface is configured for port monitoring.
• Clear dampening counters. clear dampening Example of the clear dampening Command Dell# clear dampening interface Te 1/1 Dell#show interfaces dampening Tengigabitethernet 1/1 Interface Supp Flaps Penalty Half-Life Reuse State Te 1/1 Up 0 0 1 2 Dell# Suppress Max-Sup 3 4 Link Dampening Support for XML View the output of the following show commands in XML by adding | display xml to the end of the command.
• Enable link bundle monitoring on port channel interfaces. link-bundle-monitor enable • Configure threshold level for link bundle monitoring. link-bundle-distribution trigger-threshold Dell(conf-if-po-10)#link-bundle-monitor enable Dell(conf)#link-bundle-distribution trigger-threshold • View the link bundle monitoring status. show link-bundle-distribution Using Ethernet Pause Frames for Flow Control Ethernet pause frames and threshold settings are supported on the Dell Networking OS.
The flow control sender and receiver must be on the same port-pipe. Flow control is not supported across different port-pipes. To enable pause frames, use the following command. • Control how the system responds to and generates 802.3x pause frames on the Ethernet ports. INTERFACE mode flowcontrol rx [off | on] tx [off | on] • rx on: enter the keywords rx on to process the received flow control frames on this port.
• • • All members of a VLAN must have the same IP MTU value. Members can have different Link MTU values. Tagged members must have a link MTU 4–bytes higher than untagged members to account for the packet tag. The VLAN link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configured on the VLAN members. For example, the VLAN contains tagged members with Link MTU of 1522 and IP MTU of 1500 and untagged members with Link MTU of 1518 and IP MTU of 1500.
5 Set the local port speed. INTERFACE mode speed {10 | 100 | 1000 | 10000 | auto} NOTE: If you use an active optical cable (AOC), you can convert the QSFP+ port to a 10 Gigabit SFP+ port or 1 Gigabit SFP port. You can use the speed command to enable the required speed. 6 Optionally, set full- or half-duplex. INTERFACE mode duplex {half | full} 7 Disable auto-negotiation on the port. INTERFACE mode no negotiation auto If the speed was set to 1000, do not disable auto-negotiation.
Set Auto-Negotiation Options The negotiation auto command provides a mode option for configuring an individual port to forced master/ forced slave once autonegotiation is enabled. CAUTION: Ensure that only one end of the node is configured as forced-master and the other is configured as forced-slave. If both are configured the same (that is, both as forced-master or both as forced-slave), the show interface command flaps between an auto-neg-error and forced-master/slave states.
Dell#show running-config interfaces configured Dell#show running-config interface tengigabitEthernet 1 configured In EXEC mode, the show interfaces switchport command displays only interfaces in Layer 2 mode and their relevant configuration information. The show interfaces switchport command displays the interface, whether it supports IEEE 802.1Q tagging or not, and the VLANs to which the interface belongs.
0 CRC, 0 IP Checksum, 0 overrun, 0 discarded 0 packets output, 0 bytes, 0 underruns Output 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 IP Packets, 0 Vlans, 0 MPLS 0 throttles, 0 discarded Rate info (interval 100 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 1d23h42m Dynamic Counters By default, counting is enabled for IPFLOW, IPACL, L2ACL, L2FIB.
• (OPTIONAL) To clear unknown source address (SA) drop counters when you configure the MAC learning limit on the interface, enter the keywords learning-limit. Example of the clear counters Command When you enter this command, confirm that you want Dell Networking OS to clear the interface counters for that interface. Dell#clear counters te 1/1 Clear counters on TenGigabitEthernet 1/1 [confirm] Dell# Compressing Configuration Files You can optimize and reduce the sizes of the configuration files.
! ! interface TenGigabitEthernet 1/2 Interface group TenGigabitEthernet 1/2 – 4 , TenGigabitEthernet 1/10 no ip address shutdown ! interface TenGigabitEthernet 1/3 no ip address shutdown ! interface TenGigabitEthernet 1/4 no ip address shutdown ! interface TenGigabitEthernet 1/10 no ip address shutdown ! interface TenGigabitEthernet 1/34 ip address 2.1.1.
shutdown ! interface Vlan 5 tagged te 1/1 no ip address shutdown ! interface Vlan 100 no ip address no shutdown ! interface Vlan 1000 ip address 1.1.1.1/16 no shutdown Uncompressed config size – 52 lines write memory compressed The write memory compressed CLI will write the operating configuration to the startup-config file in the compressed mode. In stacking scenario, it will also take care of syncing it to all the standby and member units.
21 IPv4 Routing The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS.
• UDP Helper with Broadcast-All Addresses • UDP Helper with Subnet Broadcast Addresses • UDP Helper with Configured Broadcast Addresses • UDP Helper with No Configured Broadcast Addresses • Troubleshooting UDP Helper IP Addresses Dell Networking OS supports IP version 4 (as described in RFC 791), classful routing, and variable length subnet masks (VLSM). With VLSM, you can configure one network with different masks. Supernetting, which increases the number of subnets, is also supported.
• 2 For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. Enable the interface. INTERFACE mode no shutdown 3 Configure a primary IP address and mask on the interface. INTERFACE mode ip address ip-address mask [secondary] • ip-address mask: the IP address must be in dotted decimal format (A.B.C.D). The mask must be in slash prefix-length format (/24). • secondary: add the keyword secondary if the IP address is the interface’s backup IP address.
----------S 2.1.2.0/24 S 6.1.2.0/24 S 6.1.2.2/32 S 6.1.2.3/32 S 6.1.2.4/32 S 6.1.2.5/32 S 6.1.2.6/32 S 6.1.2.7/32 S 6.1.2.8/32 S 6.1.2.9/32 S 6.1.2.10/32 S 6.1.2.11/32 S 6.1.2.12/32 S 6.1.2.13/32 S 6.1.2.14/32 S 6.1.2.15/32 S 6.1.2.16/32 S 6.1.2.17/32 S 11.1.1.0/24 Direct, Lo 0 --More-- ------Direct, Nu 0 via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.
Interface mode. When a ping or traceroute packet from an endpoint or a device arrives at the null 0 interface configured with a static route, it is discarded. In such cases, you can configure Internet Control Message Protocol (ICMP) unreachable messages to be sent to the transmitting device. Configuring the ICMP Source Interface You can enable the ICMP error and unreachable messages to contain the configured IP address of the source device instead of the previous hop's IP address.
ip directed-broadcast To view the configuration, use the show config command in INTERFACE mode. Resolution of Host Names Domain name service (DNS) maps host names to IP addresses. This feature simplifies commands such as Telnet and FTP by allowing you to enter a name instead of an IP address. Dynamic resolution of host names is disabled by default. Unless you enable the feature, the system resolves only host names entered into the host table with the ip host command.
Specifying the Local System Domain and a List of Domains If you enter a partial domain, Dell Networking OS can search different domains to finish or fully qualify that partial domain. A fully qualified domain name (FQDN) is any name that is terminated with a period/dot. Dell Networking OS searches the host table first to resolve the partial domain. The host table contains both statically configured and dynamically learnt host and IP addresses.
1 10.11.199.190 001.000 ms 001.000 ms 002.000 ms 2 gwegress-sjc-02.force10networks.com (10.11.30.126) 005.000 ms 001.000 ms 001.000 ms 3 fw-sjc-01.force10networks.com (10.11.127.254) 000.000 ms 000.000 ms 000.000 ms 4 www.dell.com (10.11.84.18) 000.000 ms 000.000 ms 000.000 ms Dell# ARP Dell Networking OS uses two forms of address resolution: address resolution protocol (ARP) and Proxy ARP. ARP runs over Ethernet and enables endstations to learn the MAC addresses of neighbors on an IP network.
Internet Dell# 10.1.2.4 17 08:00:20:b7:bd:32 Ma 1/1 - CP Enabling Proxy ARP By default, Proxy ARP is enabled. To disable Proxy ARP, use the no proxy-arp command in the interface mode. To re-enable Proxy ARP, use the following command. • Re-enable Proxy ARP. INTERFACE mode ip proxy-arp To view if Proxy ARP is enabled on the interface, use the show config command in INTERFACE mode. If it is not listed in the show config command output, it is enabled.
ARP Learning via ARP Request In Dell Networking OS versions prior to 8.3.1.0, Dell Networking OS learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface. This is the case when a host is attempting to resolve the gateway address. If the target IP does not match the incoming interface, the packet is dropped. If there is an existing entry for the requesting host, it is updated. Figure 47.
The default is 5. • The range is from 1 to 20. Set the exponential timer for resending unresolved ARPs. CONFIGURATION mode arp backoff-time The default is 30. • The range is from 1 to 3600. Display all ARP entries learned via gratuitous ARP.
UDP Helper User datagram protocol (UDP) helper allows you to direct the forwarding IP/UDP broadcast traffic by creating special broadcast addresses and rewriting the destination IP address of packets to match those addresses. Configure UDP Helper To configure Dell Networking OS to direct UDP broadcast, enable UDP helper and specify the UDP ports for which traffic is forwarded.
! interface Vlan 100 ip address 1.1.0.1/24 ip udp-broadcast-address 1.1.255.255 untagged TenGigabitEthernet 1/2 no shutdown To view the configured broadcast address for an interface, use show interfaces command. Dell#show interfaces vlan 100 Vlan 100 is up, line protocol is down Address is 00:01:e8:0d:b9:7a, Current address is 00:01:e8:0d:b9:7a Interface index is 1107787876 Internet address is 1.1.0.1/24 IP UDP-Broadcast address is 1.1.255.
Figure 49. UDP Helper with Broadcast-All Addresses UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matches the subnet broadcast address of any interface, the system changes the address to the configured broadcast address and sends it to matching interface. In the following illustration, Packet 1 has the destination IP address 1.1.1.255, which matches the subnet broadcast address of VLAN 101.
Figure 51. UDP Helper with Configured Broadcast Addresses UDP Helper with No Configured Broadcast Addresses The following describes UDP helper with no broadcast addresses configured. • If the incoming packet has a broadcast destination IP address, the unaltered packet is routed to all Layer 3 interfaces. • If the Incoming packet has a destination IP address that matches the subnet broadcast address of any interface, the unaltered packet is routed to the matching interfaces.
22 IPv6 Routing Internet protocol version 6 (IPv6) routing is the successor to IPv4. Due to the rapid growth in internet users and IP addresses, IPv4 is reaching its maximum usage. IPv6 will eventually replace IPv4 usage to allow for the constant expansion. This chapter provides a brief description of the differences between IPv4 and IPv6, and the Dell Networking support of IPv6. This chapter is not intended to be a comprehensive description of IPv6.
Extended Address Space The address format is extended from 32 bits to 128 bits. This not only provides room for all anticipated needs, it allows for the use of a hierarchical address space structure to optimize global addressing. Stateless Autoconfiguration When a booting device comes up in IPv6 and asks for its network prefix, the device can get the prefix (or prefixes) from an IPv6 router on its link.
• Next Header (8 bits) • Hop Limit (8 bits) • Source Address (128 bits) • Destination Address (128 bits) IPv6 provides for extension headers. Extension headers are used only if necessary. There can be no extension headers, one extension header or more than one extension header in an IPv6 packet. Extension headers are defined in the Next Header field of the preceding IPv6 header. Longest Prefix Match (LPM) Table and IPv6 /65 – /128 support Two partitions are available.
IPv6 Header Fields The 40 bytes of the IPv6 header are ordered, as shown in the following illustration. Figure 52. IPv6 Header Fields Version (4 bits) The Version field always contains the number 6, referring to the packet’s IP version. Traffic Class (8 bits) The Traffic Class field deals with any data that needs special handling. These bits define the packet priority and are defined by the packet Source. Sending and forwarding routers use this field to identify different IPv6 classes and priorities.
Next Header (8 bits) The Next Header field identifies the next header’s type. If an Extension header is used, this field contains the type of Extension header (as shown in the following table). If the next header is a transmission control protocol (TCP) or user datagram protocol (UDP) header, the value in this field is the same as for IPv4. The Extension header is located between the IP header and the TCP or UDP header. The following lists the Next Header field values.
Source Address (128 bits) The Source Address field contains the IPv6 address for the packet originator. Destination Address (128 bits) The Destination Address field contains the intended recipient’s IPv6 address. This can be either the ultimate destination or the address of the next hop router. Extension Header Fields Extension headers are used only when necessary. Due to the streamlined nature of the IPv6 header, adding extension headers do not severely impact performance.
11 Discard the packet and send an ICMP Parameter Problem, Code 2 message to the packet’s Source IP Address only if the Destination IP Address is not a multicast address. The second byte contains the Option Data Length. The third byte specifies whether the information can change en route to the destination. The value is 1 if it can change; the value is 0 if it cannot change.
In IPv6, every interface, whether using static or dynamic address assignments, also receives a local-link address automatically in the fe80::/64 subnet. Implementing IPv6 with Dell Networking OS Dell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your system. The following table lists the Dell Networking OS version in which an IPv6 feature became available for each platform. The sections following the table give greater detail about the feature. Table 40.
Feature and Functionality Dell Networking OS Release Introduction Documentation and Chapter Location S6000 IPv6 IS-IS in the Dell Networking OS Command Line Reference Guide. ISIS for IPv6 support for 8.3.11 distribute lists and administrative distance Intermediate System to Intermediate System OSPF for IPv6 (OSPFv3) 8.3.11 OSPFv3 in the Dell Networking OS Command Line Reference Guide. Equal Cost Multipath for IPv6 8.3.11 IPv6 IS-IS in the Dell Networking OS Command Line Reference Guide.
The Dell Networking OS ping and traceroute commands extend to support IPv6 addresses. These commands use ICMPv6 Type-2 messages. Path MTU Discovery Path MTU, in accordance with RFC 1981, defines the largest packet size that can traverse a transmission path without suffering fragmentation. Path MTU for IPv6 uses ICMPv6 Type-2 messages to discover the largest MTU along the path from source to destination and avoid the need to fragment the packet. The recommended MTU for IPv6 is 1280.
Figure 54. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers. It does not set the actual MTU rate. For example, if you set ipv6 nd mtu to 1280, the interface still passes 1500-byte packets, if that is what is set with the mtu command.
Dell(conf-if-te-1/1)#ipv6 nd dns-server 1000::1 ? <0-4294967295> Max lifetime (sec) which RDNSS address may be used for name resolution infinite Infinite lifetime (sec) which RDNSS address may be used for name resolution Dell(conf-if-te-1/1)#ipv6 nd dns-server 1000::1 1 Debugging IPv6 RDNSS Information Sent to the Host To verify that the IPv6 RDNSS information sent to the host is configured correctly, use the debug ipv6 nd command in EXEC Privilege mode.
ND router advertisements are sent every 198 to ND router advertisements live for 1800 seconds ND advertised hop limit is 64 IPv6 hop limit for originated packets is 64 ND dns-server address is 1000::1 with lifetime ND dns-server address is 3000::1 with lifetime ND dns-server address is 2000::1 with lifetime 600 seconds of 1 seconds of 1 seconds of 0 seconds To display IPv6 RDNSS information, use the show configuration command in INTERFACE CONFIG mode.
To have the changes take effect, save the new CAM settings to the startup-config (write-mem or copy run start) then reload the system for the new settings. • Allocate space for IPV6 ACLs. Enter the CAM profile name then the allocated amount. CONFIGURATION mode cam-acl { ipv6acl } When not selecting the default option, enter all of the profiles listed and a range for each. The total space allocated must equal 13. The ipv6acl range must be a factor of 2. • Show the current CAM settings.
• Set up IPv6 static routes. CONFIGURATION mode ipv6 route [vrf vrf-name] prefix interface-type slot/port forwarding router tag • vrf vrf-name:(OPTIONAL) name of the VRF. • prefix: IPv6 route prefix • slot/port : interface type and slot/port • forwarding router: forwarding router’s address • tag: route tag Enter the keyword interface then the type of interface and slot/port information: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information.
Displaying IPv6 Information View specific IPv6 configuration with the following commands. • List the IPv6 show options.
412::/64 onlink autoconfig Valid lifetime: 2592000, Preferred lifetime: 604800 Advertised by: fe80::201:e8ff:fe8b:3166 Global Anycast address(es): Joined Group address(es): ff02::1 ff02::1:ff8b:386e ND MTU is 0 ICMP redirects are not sent DAD is enabled, number of DAD attempts: 3 ND reachable time is 32000 milliseconds ND base reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds ND hop limit is 64 Showing IPv6 Routes To view the global IPv6 routing information, use the following
Destination Dist/Metric, Gateway, Last Change ----------------------------------------------------C 600::/64 [0/0] Direct, Te 1/24, 00:34:42 C 601::/64 [0/0] Direct, Te 1/24, 00:34:18 C 912::/64 [0/0] Direct, Lo 2, 00:02:33 O IA 999::1/128 [110/2] via fe80::201:e8ff:fe8b:3166, Te 1/24, 00:01:30 L fe80::/10 [0/0] Direct, Nu 0, 00:34:42 Dell# The following example shows the show ipv6 route static command.
• mask: the prefix length is from 0 to 128. NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing. Configuring IPv6 RA Guard The IPv6 Router Advertisement (RA) guard allows you to block or reject the unwanted router advertisement guard messages that arrive at the network device platform.
POLICY LIST CONFIGURATION mode router—lifetime value The router lifetime range is from 0 to 9,000 seconds. 11 Apply the policy to trusted ports. POLICY LIST CONFIGURATION mode trusted-port 12 Set the maximum transmission unit (MTU) value. POLICY LIST CONFIGURATION mode mtu value 13 Set the advertised reachability time. POLICY LIST CONFIGURATION mode reachable—time value The reachability time range is from 0 to 3,600,000 milliseconds. 14 Set the advertised retransmission time.
3 Display the configurations applied on all the RA guard policies or a specific RA guard policy. EXEC Privilege mode show ipv6 nd ra-guard policy policy-name The policy name string can be up to 140 characters.
23 iSCSI Optimization This chapter describes how to configure internet small computer system interface (iSCSI) optimization, which enables quality-of-service (QoS) treatment for iSCSI traffic.
• iSCSI QoS — A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic. Classifier rules are used to direct the iSCSI data traffic to queues that can be given preferential QoS treatment over other data passing through the switch. Preferential treatment helps to avoid session interruptions during times of congestion that would otherwise cause dropped iSCSI packets. • iSCSI DCBx TLVs are supported.
Application of Quality of Service to iSCSI Traffic Flows You can configure iSCSI CoS mode. This mode controls whether CoS (dot1p priority) queue assignment and/or packet marking is performed on iSCSI traffic. When you enable iSCSI CoS mode, the CoS policy is applied to iSCSI traffic. When you disable iSCSI CoS mode, iSCSI sessions and connections are still detected and displayed in the status tables, but no CoS policy is applied to iSCSI traffic.
After a switch is reloaded, any information exchanged during the initial handshake is not available. If the switch picks up the communication after reloading, it would detect a session was in progress but could not obtain complete information for it. Any incomplete information of this type would not be available in the show commands.
Synchronizing iSCSI Sessions Learned on VLT-Lags with VLTPeer The following behavior occurs during synchronization of iSCSI sessions. • If the iSCSI login request packet is received on a port belonging to a VLT lag, the information is synced to the VLT peer and the connection is associated with this interface. • Additional updates to connections (including aging updates) that are learnt on VLT lag members are synced to the peer.
Default iSCSI Optimization Values The following table lists the default values for the iSCSI optimization feature. Table 41. iSCSI Optimization Defaults Parameter Default Value iSCSI Optimization global setting Disabled. iSCSI CoS mode (802.1p priority queue mapping) dot1p priority 4 without the remark setting when you enable iSCSI. If you do not enable iSCSI, this feature is disabled.
iscsi enable 3 For a DCB environment: Configure iSCSI Optimization. EXEC Privilege mode iSCSI configuration: copy CONFIG_TEMPLATE/iSCSI_DCB_Config running-config. The configuration files are stored in the flash memory in the CONFIG_TEMPLATE file. NOTE: DCB/DCBx is enabled when you apply the iSCSI configuration in step 3. If you manually apply the iSCSI configuration by following steps 1 and 2, enable link layer discovery protocol (LLDP) before enabling iSCSI in step 2.
• 8 remark: marks incoming iSCSI packets with the configured dot1p or DSCP value when they egress the switch. The default is: the dot1 and DSCP values in egress packets are not changed. (Optional) Set the aging time for iSCSI session monitoring. CONFIGURATION mode [no] iscsi aging time time. The range is from 5 to 43,200 minutes. The default is 10 minutes. 9 (Optional) Configures DCBX to send iSCSI TLV advertisements.
3260 860 The following example shows the show iscsi session command. VLT PEER1 Dell#show iscsi session Session 0: ----------------------------------------------------------------------------------Target: iqn.2001-05.com.equallogic:0-8a0906-0e70c2002-10a0018426a48c94-iom010 Initiator: iqn.1991-05.com.microsoft:win-x9l8v27yajg ISID: 400001370000 VLT PEER2 Session 0: -----------------------------------------------------------------------------------Target: iqn.2001-05.com.
24 Intermediate System to Intermediate System The intermediate system to intermediate system (IS-IS) protocol that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS.
• area address — within your routing domain or area, each area must have a unique area value. The first byte is called the authority and format indicator (AFI). • system address — the router’s MAC address. • N-selector — this is always 0. The following illustration is an example of the ISO-style address to show the address format IS-IS uses. In this example, the first five bytes (47.0005.0001) are the area address. The system portion is 000c.000a.4321 and the last byte is always 0. Figure 56.
Adjacencies Adjacencies on point-to-point interfaces are formed as usual, where IS-IS routers do not implement MT extensions. If a local router does not participate in certain MTs, it does not advertise those MT IDs in its IS-IS hellos (IIHs) and so does not include that neighbor within its LSPs. If an MT ID is not detected in the remote side’s IIHs, the local router does not include that neighbor within its LSPs.
• MT Intermediate Systems TLV — appears for every topology a node supports. An MT ID is added to the extended IS reachability TLV type 22. • MT Reachable IPv4 Prefixes TLV — appears for each IPv4 an IS announces for a given MT ID. Its structure is aligned with the extended IS Reachability TLV Type 236 and it adds an MT ID. • MT Reachable IPv6 Prefixes TLV — appears for each IPv6 an IS announces for a given MT ID. Its structure is aligned with the extended IS Reachability TLV Type 236 and add an MT ID.
• Configuring IS-IS Graceful Restart • Changing LSP Attributes • Configuring the IS-IS Metric Style • Configuring IS-IS Cost • Changing the IS-Type • Controlling Routing Updates • Configuring Authentication Passwords • Setting the Overload Bit • Debuging IS-IS Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address.
The IP address must be on the same subnet as other IS-IS neighbors, but the IP address does not need to relate to the NET address. 5 Enter an IPv6 Address. INTERFACE mode ipv6 address ipv6-address mask • • ipv6 address: x:x:x:x::x mask: The prefix length is from 0 to 128. The IPv6 address must be on the same subnet as other IS-IS neighbors, but the IP address does not need to relate to the NET address. 6 Enable IS-IS on the IPv4 interface.
IS-IS: IS-IS: IS-IS: IS-IS: IS-IS: IS-IS: Dell# Level-1 DR Elections : 2 Level-2 DR Elections : 2 Level-1 SPF Calculations : 29 Level-2 SPF Calculations : 29 LSP checksum errors received : 0 LSP authentication failures : 0 You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: • In order to be neighbors, configure Level 1 routers with at least one common area address.
• graceful-restart ietf Configure the time during which the graceful restart attempt is prevented. ROUTER-ISIS mode graceful-restart interval minutes The range is from 1 to 120 minutes. • The default is 5 minutes. Enable the graceful restart maximum wait time before a restarting peer comes up. ROUTER-ISIS mode graceful-restart restart-wait seconds When implementing this command, be sure to set the t3 timer to adjacency on the restarting router. The range is from 1 to 120 minutes.
Graceful Restart Interval/Blackout time T3 Timer T3 Timeout Value T2 Timeout Value T1 Timeout Value Adjacency wait time : : : : : : : Operational Timer Value ====================== Current Mode/State : T3 Time left : T2 Time left : Restart ACK rcv count : Restart Req rcv count : Suppress Adj rcv count : Restart CSNP rcv count : Database Sync count : Enabled 1 min Manual 30 30 (level-1), 30 (level-2) 5, retry count: 1 30 Normal/RUNNING 0 0 (level-1), 0 0 (level-1), 0 0 (level-1), 0 0 (level-1), 0 0 (leve
• seconds: the range is from 0 to 120. The default is 5 seconds. • The default level is Level 1. Set the LSP size. ROUTER ISIS mode lsp-mtu size • • size: the range is from 128 to 9195. The default is 1497. Set the LSP refresh interval. ROUTER ISIS mode lsp-refresh-interval seconds • • seconds: the range is from 1 to 65535. The default is 900 seconds. Set the maximum time LSPs lifetime. ROUTER ISIS mode max-lsp-lifetime seconds • seconds: the range is from 1 to 65535.
Table 43. Metric Styles Metric Style Characteristics Cost Range Supported on IS-IS Interfaces narrow Sends and accepts narrow or old TLVs (Type, Length, Value). 0 to 63 wide Sends and accepts wide or new TLVs. 0 to 16777215 transition Sends both wide (new) and narrow (old) TLVs. 0 to 63 narrow transition Sends narrow (old) TLVs and accepts both narrow (old) and wide (new) TLVs. 0 to 63 wide transition Sends wide (new) TLVs and accepts both narrow (old) and wide (new) TLVs.
• • default-metric: the range is from 0 to 63 if the metric-style is narrow, narrow-transition, or transition. The range is from 0 to 16777215 if the metric style is wide or wide transition. Assign a metric for an IPv6 link or interface. INTERFACE mode isis ipv6 metric default-metric [level-1 | level-2] • default-metric: the range is from 0 to 63 for narrow and transition metric styles. The range is from 0 to 16777215 for wide metric styles. The default is 10. The default level is level-1.
Example of the show isis database Command to View Level 1-2 Link State Databases To view which IS-type is configured, use the show isis protocol command in EXEC Privilege mode. The show config command in ROUTER ISIS mode displays only non-default information. If you do not change the IS-type, the default value (level-1-2) is not displayed. The default is Level 1-2 router. When the IS-type is Level 1-2, the software maintains two Link State databases, one for each level.
Enter the type of interface and the interface information: • • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. • For a Loopback interface, enter the keyword loopback then a number from 0 to 16383. • For a port channel interface, enter the keywords port-channel then a number.
• • static: for user-configured routes. • bgp: for BGP routes only. Deny RTM download for pre-existing redistributed IPv6 routes. ROUTER ISIS-AF IPV6 mode distribute-list redistributed-override in Redistributing IPv4 Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the IS-IS process. With the redistribute command syntax, you can include BGP, OSPF, RIP, static, or directly connected routes in the IS-IS process.
redistribute {bgp as-number | connected | rip | static} [level-1 level-1-2 | level-2] [metric metric-value] [metric-type {external | internal}] [route-map map-name] Configure the following parameters: • • level-1, level-1-2, or level-2: assign all redistributed routes to a level. The default is level-2. • metric-value: the range is from 0 to 16777215. The default is 0. • metric-type: choose either external or internal. The default is internal. • map-name: enter the name of a configured route map.
Setting the Overload Bit Another use for the overload bit is to prevent other routers from using this router as an intermediate hop in their shortest path first (SPF) calculations. For example, if the IS-IS routing database is out of memory and cannot accept new LSPs, Dell Networking OS sets the overload bit and IS-IS traffic continues to transit the system. To set or remove the overload bit manually, use the following commands. • Set the overload bit in LSPs.
To view specific information, enter the following optional parameter: • • interface: Enter the type of interface and slot/port information to view IS-IS information on that interface only. View IS-IS SNP packets, include CSNPs and PSNPs. EXEC Privilege mode debug isis snp-packets [interface] To view specific information, enter the following optional parameter: • • interface: Enter the type of interface and slot/port information to view IS-IS information on that interface only.
Metric Style Correct Value Range for the isis metric Command narrow 0 to 63 wide transition 0 to 16777215 narrow transition 0 to 63 transition 0 to 63 Maximum Values in the Routing Table IS-IS metric styles support different cost ranges for the route. The cost range for the narrow metric style is 0 to 1023, while all other metric styles support a range of 0 to 0xFE000000. Change the IS-IS Metric Style in One Level Only By default, the IS-IS metric style is narrow.
Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value transition wide transition original value narrow transition wide original value narrow transition narrow original value narrow transition wide transition original value narrow transition transition original value wide transition wide original value wide transition narrow default value (10) if the original value is greater than 63. A message is sent to the console.
Level-1 Metric Style Level-2 Metric Style Resulting Metric Value wide narrow truncated value wide narrow transition truncated value wide wide transition original value wide transition truncated value narrow transition wide original value narrow transition narrow original value narrow transition wide transition original value narrow transition transition original value transition wide original value transition narrow original value transition wide transition original value
Figure 57. IPv6 IS-IS Sample Topography IS-IS Sample Configuration — Congruent Topology IS-IS Sample Configuration — Multi-topology IS-IS Sample Configuration — Multi-topology Transition The following is a sample configuration for enabling IPv6 IS-IS. Dell(conf-if-te-3/17)#show config ! interface TenGigabitEthernet 3/17 ip address 24.3.1.
exit-address-family Dell (conf-router_isis)# Dell (conf-if-te-3/17)#show config ! interface TenGigabitEthernet 3/17 ipv6 address 24:3::1/76 ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell (conf-router_isis)#show config ! router isis net 34.0000.0000.AAAA.
25 Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by the Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel by Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic.
LACP Modes Dell Networking OS provides three modes for configuration of LACP — Off, Active, and Passive. • Off — In this state, an interface is not capable of being part of a dynamic LAG. LACP does not run on any port that is configured to be in this state. • Active — In this state, the interface is said to be in the “active negotiating state.” LACP runs on any link that is configured to be in this state.
LACP Configuration Tasks The following configuration tasks apply to LACP. • Creating a LAG • Configuring the LAG Interfaces as Dynamic • Setting the LACP Long Timeout • Monitoring and Debugging LACP • Configuring Shared LAG State Tracking Creating a LAG To create a dynamic port channel (LAG), use the following command. First you define the LAG and then the LAG interfaces. • Create a dynamic port channel (LAG). CONFIGURATION mode interface port-channel • Create a dynamic port channel (LAG).
Dell(conf-if-te-4/15-lacp)#port-channel 32 mode active ... Dell(conf)#interface TenGigabitethernet 4/16 Dell(conf-if-te-4/16)#no shutdown Dell(conf-if-te-4/16)#port-channel-protocol lacp Dell(conf-if-te-4/16-lacp)#port-channel 32 mode active The port-channel 32 mode active command shown here may be successfully issued as long as there is no existing static channel-member configuration in LAG 32.
Shared LAG State Tracking Shared LAG state tracking provides the flexibility to bring down a port channel (LAG) based on the operational state of another LAG. At any time, only two LAGs can be a part of a group such that the fate (status) of one LAG depends on the other LAG. As shown in the following illustration, the line-rate traffic from R1 destined for R4 follows the lowest-cost route via R2. Traffic is equally distributed between LAGs 1 and 2.
To view the failover group configuration, use the show running-configuration po-failover-group command. Dell#show running-config po-failover-group ! port-channel failover-group group 1 port-channel 1 port-channel 2 As shown in the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down after the failure. This effect is logged by Message 1, in which a console message declares both LAGs down at the same time. Figure 59.
• • If a LAG that is part of a failover group is deleted, the failover group is deleted. If a LAG moves to the Down state due to this feature, its members may still be in the Up state. LACP Basic Configuration Example The screenshots in this section are based on the following example topology. Two routers are named ALPHA and BRAVO, and their hostname prompts reflect those names. Figure 60. LACP Basic Configuration Example Configure a LAG on ALPHA The following example creates a LAG on ALPHA.
0 Vlans 0 64-byte pkts, 12 over 64-byte pkts, 120 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 132 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics 136 packets, 16718 bytes, 0 underruns 0 64-byte pkts, 15 over 64-byte pkts, 121 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 136 Multicasts, 0 Broadcasts, 0 Unicasts 0 Vlans, 0 throttles, 0 discarded, 0 collisions, 0 wreddrops Ra
Figure 61.
Figure 62.
Figure 63.
Summary of the LAG Configuration on Bravo Bravo(conf-if-te-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Bravo(conf-if-po-10)#exit Bravo(conf)#int tengig 3/21 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-te-3/21)#port-channel-protocol lacp Bravo(conf-if-te-3/21-lacp)#port-channel 10 mode active Bravo(
Figure 64.
Figure 65.
Figure 66. Inspecting the LAG Status Using the show lacp command The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but is general enough to allow any type of network layer datagram to be sent over a PPP connection.
26 Layer 2 This chapter describes the Layer 2 features supported on the device. Manage the MAC Address Table You can perform the following management tasks in the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries • Configuring a Static MAC Address • Displaying the MAC Address Table Clearing the MAC Address Table You may clear the MAC address table of dynamic entries. To clear a MAC address table, use the following command.
Configuring a Static MAC Address A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. • Create a static MAC address entry in the MAC address table. CONFIGURATION mode mac-address-table static Displaying the MAC Address Table To display the MAC address table, use the following command. • Display the contents of the MAC address table.
NOTE: The CAM-check failure message beginning in Dell Networking OS version 8.3.1.0 is different from versions 8.2.1.1 and earlier, which read: % Error: ACL returned error % Error: Remove existing limit configuration if it was configured before Setting the MAC Learning Limit To set a MAC learning limit on an interface, use the following command. • Specify the number of MAC addresses that the system can learn off a Layer 2 interface.
mac learning-limit station-move The mac learning-limit station-move command allows a MAC address already in the table to be learned from another interface. For example, if you disconnect a network device from one interface and reconnect it to another interface, the MAC address is learned on the new interface. When the system detects this “station move,” the system clears the entry learned on the original interface and installs a new entry on the new interface.
To display a list of interfaces configured with MAC learning limit or station move violation actions, use the following commands. • Generate a system log message indicating a station move. INTERFACE mode station-move-violation log • Shut down the first port to learn the MAC address. INTERFACE mode station-move-violation shutdown-original • Shut down the second port to learn the MAC address.
mac-address-table disable-learning lacp • Disable source MAC address learning from LLDP BPDUs. CONFIGURATION mode mac-address-table disable-learning lldp • Disable source MAC address learning from LACP and LLDP BPDUs. CONFIGURATION mode mac-address-table disable-learning If you don’t use any option, the mac-address-table disable-learning command disables source MAC address learning from both LACP and LLDP BPDUs.
Figure 68. Configuring the mac-address-table station-move refresh-arp Command Configure Redundant Pairs Networks that employ switches that do not support the spanning tree protocol (STP) — for example, networks with digital subscriber line access multiplexers (DSLAM) — cannot have redundant links between switches because they create switching loops (as shown in the following illustration).
Figure 69. Configuring Redundant Layer 2 Pairs without Spanning Tree You configure a redundant pair by assigning a backup interface to a primary interface with the switchport backup interface command. Initially, the primary interface is active and transmits traffic and the backup interface remains down. If the primary fails for any reason, the backup transitions to an active Up state. If the primary interface fails and later comes back up, it remains as the backup interface for the redundant pair.
• • • The active or backup interface may not be a member of a LAG. The active and standby do not have to be of the same type (1G, 10G, and so on). You may not enable any Layer 2 protocol on any interface of a redundant pair or to ports connected to them. As shown in the above illustration, interface 3/41 is a backup interface for 3/42, and 3/42 is in the Down state. If 3/41 fails, 3/42 transitions to the Up state, which makes the backup link active.
Dell(conf-if-po-1)#switchport backup interface tengigabitethernet 1/2 Apr 9 00:16:29: %STKUNIT0-M:CP %IFMGR-5-L2BKUP_WARN: Do not run any Layer2 protocols on Po 1 and Te 1/2 Dell(conf-if-po-1)# Far-End Failure Detection Far-end failure detection (FEFD) is a protocol that senses remote data link errors in a network. FEFD responds by sending a unidirectional report that triggers an echoed response after a specified time interval. You can enable FEFD globally or locally on an interface basis.
3 When the local interface receives the echoed packet from the remote end, the local interface transitions to the Bi-directional state. 4 If the FEFD enabled system is configured to use FEFD in Normal mode and neighboring echoes are not received after three intervals, (you can set each interval can be set between 3 and 300 seconds) the state changes to unknown.
no shutdown 3 Enable fefd globally. CONFIGURATION mode fefd-global {interval | mode} Example of the show fefd Command To display information about the state of each interface, use the show fefd command in EXEC privilege mode. Dell#show fefd FEFD is globally 'ON', interval is 3 seconds, mode is 'Normal'.
Example of Viewing FEFD Configuration Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport fefd mode normal no shutdown Dell(conf-if-te-1/1)#do show fefd | grep 1/1 Te 1/1 Normal 3 Unknown Debugging FEFD To debug FEFD, use the first command. To provide output for each packet transmission over the FEFD enabled connection, use the second command. • Display output whenever events occur that initiate or disrupt an FEFD enabled connection.
with its peer 492 Layer 2
27 Link Layer Discovery Protocol (LLDP) This chapter describes how to configure and use the link layer discovery protocol (LLDP). 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
Table 48. Type, Length, Value (TLV) Types Type TLV Description 0 End of LLDPDU Marks the end of an LLDPDU. 1 Chassis ID An administratively assigned name that identifies the LLDP agent. 2 Port ID An administratively assigned name that identifies a port through which TLVs are sent and received. 3 Time to Live An administratively assigned name that identifies a port through which TLVs are sent and received.
Figure 73. Organizationally Specific TLV IEEE Organizationally Specific TLVs Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs. Table 49. Optional TLV Types Type TLV Description 4 Port description A user-defined alphanumeric string that describes the port. Dell Networking OS does not currently support this TLV.
Type TLV Description configurable) in the LLDP-MED implementation. 127 Power via MDI Dell Networking supports the LLDP-MED protocol, which recommends that Power via MDI TLV be not implemented, and therefore Dell Networking implements Extended Power via MDI TLV only. 127 Link Aggregation Indicates whether the link is capable of being aggregated, whether it is currently in a LAG, and the port identification of the LAG. Dell Networking OS does not currently support this TLV.
Type SubType TLV Description • • what LLDP-MED TLVs it supports LLDP device class 127 2 Network Policy Indicates the application type, VLAN ID, Layer 2 Priority, and DSCP value. 127 3 Location Identification Indicates that the physical location of the device expressed in one of three possible formats: • • • 127 4 Inventory Management TLVs Implementation of this set of TLVs is optional in LLDP-MED devices. None or all TLVs must be supported.
When you enable LLDP-MED in Dell Networking OS (using the advertise med command), the system begins transmitting this TLV. Figure 74. LLDP-MED Capabilities TLV Table 51. Dell Networking OS LLDP-MED Capabilities Bit Position TLV Dell Networking OS Support 0 LLDP-MED Capabilities Yes 1 Network Policy Yes 2 Location Identification Yes 3 Extended Power via MDI-PSE Yes 4 Extended Power via MDI-PD No 5 Inventory No 6–15 reserved No Table 52.
NOTE: As shown in the following table, signaling is a series of control packets that are exchanged between an endpoint device and a network connectivity device to establish and maintain a connection. These signal packets might require a different network policy than the media packets for which a connection is made. In this case, configure the signaling application. Table 53.
the max-milliwatts option with the power inline auto | static command. Dell Networking also honors the power value (power requirement) the powered device sends when the port is configured for power inline auto. Figure 76. Extended Power via MDI TLV Configure LLDP Configuring LLDP is a two-step process. 1 Enable LLDP globally. 2 Advertise TLVs out of an interface.
advertise disable end exit hello mode multiplier no show Advertise TLVs Disable LLDP protocol globally Exit from configuration mode Exit from LLDP configuration mode LLDP hello configuration LLDP mode configuration (default = rx and tx) LLDP multiplier configuration Negate a command or set its defaults Show LLDP configuration Dell(conf-lldp)#exit Dell(conf)#interface tengigabitethernet 1/3 Dell(conf-if-te-1/3)#protocol lldp Dell(conf-if-te-1/3-lldp)#? advertise Advertise TLVs disable Disable LLDP protocol
management-interface 3 Enable LLDP. PROTOCOL LLDP mode no disable Disabling and Undoing LLDP on Management Ports To disable or undo LLDP on management ports, use the following command. 1 Enter Protocol LLDP mode. CONFIGURATION mode. protocol lldp 2 Enter LLDP management-interface mode. LLDP-MANAGEMENT-INTERFACE mode. management-interface 3 Enter the disable command. LLDP-MANAGEMENT-INTERFACE mode. To undo an LLDP management port configuration, precede the relevant command with the keyword no.
• softphone-voice • streaming-video • video-conferencing • video-signaling • voice • voice-signaling In the following example, LLDP is enabled globally. R1 and R2 are transmitting periodic LLDPDUs that contain management, 802.1, and 802.3 TLVs. Figure 77. Configuring LLDP Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display the LLDP configuration.
protocol lldp Dell(conf-if-te-1/31-lldp)# Viewing Information Advertised by Adjacent LLDP Agents To view brief information about adjacent devices or to view all the information that neighbors are advertising, use the following commands. • Display brief information about adjacent devices. show lldp neighbors • Display all of the information that neighbors are advertising.
Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds. To configure LLDPDU intervals, use the following command. • Configure a non-default transmit interval.
! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#mode ? rx Rx only tx Tx only R1(conf-lldp)#mode tx R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description mode tx no disable R1(conf-lldp)#no mode R1(conf-lldp)#show config ! proto
advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)# Debugging LLDP You can view the TLVs that your system is sending and receiving. To view the TLVs, use the following commands. • View a readable version of the TLVs. debug lldp brief • View a readable version of the TLVs plus a hexadecimal version of the entire LLDPDU. debug lldp detail To stop viewing the LLDP TLVs sent and received by the system, use the no debug lldp command. Figure 78.
Table 54. LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP MIB Object Description LLDP Configuration adminStatus lldpPortConfigAdminStatus Whether you enable the local LLDP agent for transmit, receive, or both. msgTxHold lldpMessageTxHoldMultiplier Multiplier value. msgTxInterval lldpMessageTxInterval Transmit Interval value. rxInfoTTL lldpRxInfoTTL Time to live for received TLVs. txInfoTTL lldpTxInfoTTL Time to live for transmitted TLVs.
TLV Type TLV Name TLV Variable System LLDP MIB Object 4 Port Description port description Local lldpLocPortDesc Remote lldpRemPortDesc Local lldpLocSysName Remote lldpRemSysName Local lldpLocSysDesc Remote lldpRemSysDesc Local lldpLocSysCapSupported Remote lldpRemSysCapSupported Local lldpLocSysCapEnabled Remote lldpRemSysCapEnabled Local lldpLocManAddrLen Remote lldpRemManAddrLen Local lldpLocManAddrSubtype Remote lldpRemManAddrSubtype Local lldpLocManAddr Remote lldp
TLV Type 127 TLV Name VLAN Name TLV Variable VID VLAN name length VLAN name System LLDP MIB Object Remote lldpXdot1RemProtoVlanId Local lldpXdot1LocVlanId Remote lldpXdot1RemVlanId Local lldpXdot1LocVlanName Remote lldpXdot1RemVlanName Local lldpXdot1LocVlanName Remote lldpXdot1RemVlanName Table 57.
TLV Sub-Type 3 TLV Name Location Identifier TLV Variable System LLDP-MED MIB Object DSCP Value Local lldpXMedLocMediaPolicyDs cp Remote lldpXMedRemMediaPolicyD scp Local lldpXMedLocLocationSubty pe Remote lldpXMedRemLocationSubt ype Local lldpXMedLocLocationInfo Remote lldpXMedRemLocationInfo Local lldpXMedLocXPoEDeviceTy pe Remote lldpXMedRemXPoEDeviceT ype Local lldpXMedLocXPoEPSEPow erSource Location Data Format Location ID Data 4 Extended Power via MDI Power Device Type Po
28 Microsoft Network Load Balancing Network load balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems (OSs). NLB uses a distributed methodology or pattern to equally split and balance the network traffic load across a set of servers that are part of the cluster or group.
Limitations of the NLB Feature The following limitations apply to switches on which you configure NLB: • The NLB Unicast mode uses switch flooding to transmit all packets to all the servers that are part of the VLAN. When a large volume of traffic is processed, the clustering performance might be impacted in a small way. This limitation is applicable to switches that perform unicast flooding in the software. • The ip vlan-flooding command applies globally across the system and for all VLANs.
There might be some ARP table entries that are resolved through ARP packets, which had the Ethernet MAC SA different from the MAC information inside the ARP packet. This unicast data traffic flooding occurs only for those packets that use these ARP entries.
29 Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as border gateway protocol (BGP).
Figure 80.
active sources in the area of the other RPs. If any of the RPs fail, IP routing converges and one of the RPs becomes the active RP in more than one area. New sources register with the backup RP. Receivers join toward the new RP and connectivity is maintained. Implementation Information The Dell Networking OS implementation of MSDP is in accordance with RFC 3618 and Anycast RP is in accordance with RFC 3446. Configure Multicast Source Discovery Protocol Configuring MSDP is a four-step process.
Figure 81.
Figure 82.
Figure 83.
Figure 84. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. 1 Enable MSDP. CONFIGURATION mode ip multicast-msdp 2 Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Examples of Configuring and Viewing MSDP R3(conf)#ip multicast-msdp R3(conf)#ip msdp peer 192.168.0.
Peer Addr Description Local Addr State Source SA Up/Down To view details about a peer, use the show ip msdp peer command in EXEC privilege mode. Multicast sources in remote domains are stored on the RP in the source-active cache (SA cache). The system does not create entries in the multicast routing table until there is a local receiver for the corresponding multicast group. R3#show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.
Clearing the Source-Active Cache To clear the source-active cache, use the following command. • Clear the SA cache of all, local, or rejected entries, or entries for a specific group. CONFIGURATION mode clear ip msdp sa-cache [group-address | local | rejected-sa] Enabling the Rejected Source-Active Cache To cache rejected sources, use the following command.
Figure 85.
Figure 86.
Figure 87. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip-address list If you do not specify an access list, the peer accepts all sources that peer advertises. All sources from RPs that the ACL denies are subject to the normal RPF check.
229.0.50.3 229.0.50.4 24.0.50.3 24.0.50.4 200.0.0.50 200.0.0.50 10.0.50.2 10.0.50.2 Dell#ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 3 rejected SAs received, cache-size 32766 UpTime GroupAddr SourceAddr RPAddr 00:33:18 229.0.50.64 24.0.50.64 200.0.1.50 00:33:18 229.0.50.65 24.0.50.65 200.0.1.50 00:33:18 229.0.50.66 24.0.50.66 200.0.1.50 73 73 00:13:49 00:13:49 LearnedFrom 10.0.50.2 10.0.50.2 10.0.50.
UpTime 00:02:20 GroupAddr 239.0.0.1 SourceAddr 10.11.4.2 RPAddr 192.168.0.1 LearnedFrom local Reason Redistribute Preventing MSDP from Caching a Remote Source To prevent MSDP from caching a remote source, use the following commands. 1 OPTIONAL: Cache sources that the SA filter denies in the rejected SA cache. CONFIGURATION mode ip msdp cache-rejected-sa 2 Prevent the system from caching remote sources learned from a specific peer based on source and group.
ip msdp peer 192.168.0.3 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.3 list mylocalfilter R1(conf)#do show run acl ! ip access-list extended mylocalfilter seq 5 deny ip host 239.0.0.1 host 10.11.4.2 seq 10 deny ip any any R1(conf)#do show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire 239.0.0.1 10.11.4.2 192.168.0.
SAs learned from this peer: 0 SA Filtering: Clearing Peer Statistics To clear the peer statistics, use the following command. • Reset the TCP connection to the peer and clear all peer statistics. CONFIGURATION mode clear ip msdp peer peer-address Example of the clear ip msdp peer Command and Verifying Statistics are Cleared R3(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.
• • • traffic concentration: PIM-SM allows only one active group to RP mapping which means that all traffic for the group must, at least initially, travel over the same part of the network. You can load balance source registration between multiple RPs by strategically mapping groups to RPs, but this technique is less effective as traffic increases because preemptive load balancing requires prior knowledge of traffic distributions.
CONFIGURATION mode interface loopback 2 Make this address the RP for the group. CONFIGURATION mode ip pim rp-address 3 In each routing domain that has multiple RPs serving a group, create another Loopback interface on each RP serving the group with a unique IP address. CONFIGURATION mode interface loopback 4 Peer each RP with every other RP using MSDP, specifying the unique Loopback address as the connect-source.
interface TenGigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface TenGigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.11/32 no shutdown ! router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 10.11.3.0/24 area 0 network 192.168.0.11/32 area 0 ! ip multicast-msdp ip msdp peer 192.168.0.
neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.3 no shutdown ! ip ip ip ip ip ! ip ! ip multicast-msdp msdp peer 192.168.0.3 connect-source Loopback 1 msdp peer 192.168.0.11 connect-source Loopback 1 msdp mesh-group AS100 192.168.0.11 msdp originator-id Loopback 1 route 192.168.0.3/32 10.11.0.32 pim rp-address 192.168.0.1 group-address 224.0.0.0/4 The following example shows an R3 configuration for MSDP with Anycast RP.
no shutdown ! interface TenGigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface TenGigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 192.168.0.1/32 area 0 network 10.11.3.0/24 area 0 ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 0 ! ip pim rp-address 192.168.0.1 group-address 224.0.0.
MSDP Sample Configuration: R3 Running-Config ip multicast-routing ! interface TenGigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown ! interface TenGigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface ManagementEthernet 1/1 ip address 10.11.80.3/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.
30 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances. Protocol Overview MSTP — specified in IEEE 802.
• Adding and Removing Interfaces • Creating Multiple Spanning Tree Instances • Influencing MSTP Root Selection • Interoperate with Non-Dell Bridges • Changing the Region Name or Revision • Modifying Global Parameters • Modifying the Interface Parameters • Configuring an EdgePort • Flush MAC Addresses after a Topology Change • MSTP Sample Configurations • Debugging and Verifying MSTP Configurations Spanning Tree Variations The Dell Networking OS supports four variations of spanning tree
• Influencing MSTP Root Selection • Interoperate with Non-Dell Networking OS Bridges • Changing the Region Name or Revision • Modifying Global Parameters • Modifying the Interface Parameters • Configuring an EdgePort • Flush MAC Addresses after a Topology Change • Debugging and Verifying MSTP Configurations • Prevent Network Disruptions with BPDU Guard • Enabling SNMP Traps for Root Elections and Topology Changes • Configuring Spanning Trees as Hitless Enable Multiple Spanning Tree Glo
PROTOCOL MSTP mode msti Specify the keyword vlan then the VLANs that you want to participate in the MSTI. Examples of Configuring and Viewing MSTI The following examples shows the msti command. Dell(conf)#protocol spanning-tree mstp Dell(conf-mstp)#msti 1 vlan 100 Dell(conf-mstp)#msti 2 vlan 200-300 Dell(conf-mstp)#show config ! protocol spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200-300 All bridges in the MSTP region must have the same VLAN-to-instance mapping.
• Assign a number as the bridge priority. PROTOCOL MSTP mode msti instance bridge-priority priority A lower number increases the probability that the bridge becomes the root bridge. The range is from 0 to 61440, in increments of 4096. The default is 32768. Example of Assigning and Verifying the Root Bridge Priority By default, the simple configuration shown previously yields the same forwarding path for both MSTIs.
Example of the name Command To view the current region name and revision, use the show spanning-tree mst configuration command from EXEC Privilege mode. Dell(conf-mstp)#name my-mstp-region Dell(conf-mstp)#exit Dell(conf)#do show spanning-tree mst config MST region name: my-mstp-region Revision: 0 MSTI VID 1 100 2 200-300 Modifying Global Parameters The root bridge sets the values for forward-delay, hello-time, max-age, and max-hops and overwrites the values set on other MSTP bridges.
The range is from 1 to 40. The default is 20. Example of the forward-delay Parameter To view the current values for MSTP parameters, use the show running-config spanning-tree mstp command from EXEC privilege mode.
For the default, refer to the default values shown in the table.. 2 Change the port priority of an interface. INTERFACE mode spanning-tree msti number priority priority The range is from 0 to 240, in increments of 16. The default is 128. To view the current values for these interface parameters, use the show config command from INTERFACE mode. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner.
Flush MAC Addresses after a Topology Change Dell Networking OS has an optimized MAC address flush mechanism for RSTP, MSTP, and PVST+ that flushes addresses only when necessary, which allows for faster convergence during topology changes. However, you may activate the flushing mechanism defined by 802.1Q-2003 using the tc-flush-standard command, which flushes MAC addresses after every topology change notification.
no shutdown ! interface TenGigabitEthernet 1/31 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown Router 2 Running-Configuration This example uses the following steps: 1 Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs.
Router 3 Running-Configuration This example uses the following steps: 1 Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2 Assign Layer-2 interfaces to the MSTP topology. 3 Create VLANs mapped to MSTP instances tag interfaces to the VLANs.
no shutdown spanning-tree port mode enable switchport protected 0 exit interface 1/0/32 no shutdown spanning-tree port mode enable switchport protected 0 exit (Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit interface vlan 300 tagged 1/0/31 tagged 1/0/32 exit Debugging and Verifying MSTP Configurations To debut and verify MSTP configuration, use the following commands. • Display BPDUs.
• Are there “extra” MSTP instances in the Sending or Received logs? This may mean that an additional MSTP instance was configured on one router but not the others. The following example shows the show run spanning-tree mstp command. Dell#show run spanning-tree mstp ! protocol spanning-tree mstp name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 The following example shows viewing the debug log of a successful MSTP configuration.
31 Multicast Features NOTE: Multicast routing is supported on secondary IP addresses; it is not supported on IPv6. NOTE: Multicast routing is supported across default and non-default virtual routing and forwarding (VRFs).
Protocol Ethernet Address PIM-SM 01:00:5e:00:00:0d • The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fenner-traceroute-ipm. • Multicast is not supported on secondary IP addresses. • If you enable multicast routing, egress Layer 3 ACL is not applied to multicast data traffic. Multicast Policies The Dell Networking OS supports multicast features for IPv4. IPv4 Multicast Policies The following sections describe IPv4 multicast policies.
NOTE: The IN-L3-McastFib CAM partition stores multicast routes and is a separate hardware limit that exists per port-pipe. Any software-configured limit may supersede this hardware space limitation. The opposite is also true, the CAM partition might not be exhausted at the time the system-wide route limit is reached using the ip multicast-limit command.
Figure 91. Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration. Table 60. Preventing a Host from Joining a Group — Description Location Description 1/21 • • • • Interface TenGigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.12.1/24 no shutdown 1/31 • • • • Interface TenGigabitEthernet 1/31 ip pim sparse-mode ip address 10.11.13.
Location Description 2/1 • • • • Interface TenGigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.1.1/24 no shutdown 2/11 • • • • Interface TenGigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.12.2/24 no shutdown 2/31 • • • • Interface TenGigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.1/24 no shutdown 3/1 • • • • Interface TenGigabitEthernet 3/1 ip pim sparse-mode ip address 10.11.5.
ip pim neighbor-filter Setting a Threshold for Switching to the SPT The functionality to specify a threshold for switchover to the shortest path trees (SPTs) is available on the system. After a receiver receives traffic from the RP, PM-SM switches to SPT to forward multicast traffic. Every multicast group has an RP and a unidirectional shared tree (group-specific shared tree).
Figure 92. Preventing a Source from Transmitting to a Group The following table lists the location and description shown in the previous illustration. Table 62. Preventing a Source from Transmitting to a Group — Description Location Description 1/21 • • • • Interface TenGigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.12.1/24 no shutdown 1/31 • • • • Interface TenGigabitEthernet 1/31 ip pim sparse-mode ip address 10.11.13.
Location Description 2/1 • • • • Interface TenGigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.1.1/24 no shutdown 2/11 • • • • Interface TenGigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.12.2/24 no shutdown 2/31 • • • • Interface TenGigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.1/24 no shutdown 3/1 • • • • Interface TenGigabitEthernet 3/1 ip pim sparse-mode ip address 10.11.5.
Preventing a PIM Router from Processing a Join To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the source.
32 Object Tracking IPv4 or IPv6 object tracking is available on Dell Networking OS. Object tracking allows the Dell Networking OS client processes, such as virtual router redundancy protocol (VRRP), to monitor tracked objects (for example, interface or link status) and take appropriate action when the state of an object changes. NOTE: In Dell Networking OS release version 8.4.1.0, object tracking is supported only on VRRP.
Figure 93. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object. Optionally, you can also specify: • UP and DOWN thresholds used to report changes in a route metric. • A time delay before changes in a tracked object’s state are reported to a client. Track Layer 2 Interfaces You can create an object to track the line-protocol state of a Layer 2 interface.
Track IPv4 and IPv6 Routes You can create an object that tracks an IPv4 or IPv6 route entry in the routing table. Specify a tracked route by its IPv4 or IPv6 address and prefix-length. Optionally specify a tracked route by a virtual routing and forwarding (VRF) instance name if the route to be tracked is part of a VRF. The next-hop address is not part of the definition of the tracked object.
Set Tracking Delays You can configure an optional UP and/or DOWN timer for each tracked object to set the time delay before a change in the state of a tracked object is communicated to clients. The configured time delay starts when the state changes from UP to DOWN or the opposite way. If the state of an object changes back to its former UP/DOWN state before the timer expires, the timer is cancelled and the client is not notified.
track object-id interface interface line-protocol Valid object IDs are from 1 to 65535. 2 (Optional) Configure the time delay used before communicating a change in the status of a tracked interface. OBJECT TRACKING mode delay {[up seconds] [down seconds]} Valid delay times are from 0 to 180 seconds. The default is 0. 3 (Optional) Identify the tracked object with a text description. OBJECT TRACKING mode description text The text string can be up to 80 characters.
To configure object tracking on the routing status of a Layer 3 interface, use the following commands. 1 Configure object tracking on the routing status of an IPv4 or IPv6 interface. CONFIGURATION mode track object-id interface interface {ip routing | ipv6 routing} Valid object IDs are from 1 to 65535. 2 (Optional) Configure the time delay used before communicating a change in the status of a tracked interface.
In order for an route’s reachability or metric to be tracked, the route must appear as an entry in the routing table. A tracked route is considered to match an entry in the routing table only if the exact IPv4 or IPv6 address and prefix length match an entry in the table. For example, when configured as a tracked route, 10.0.0.0/24 does not match the routing table entry 10.0.0.0/8. Similarly, for an IPv6 address, 3333:100:200:300:400::/80 does not match routing table entry 3333:100:200:300::/64.
(Optional) E-Series only: For an IPv4 route, you can enter a VRF name to specify the virtual routing table to which the tracked route belongs. 2 (Optional) Configure the time delay used before communicating a change in the status of a tracked route. OBJECT TRACKING mode delay {[up seconds] [down seconds]} Valid delay times are from 0 to 180 seconds. The default is 0. 3 (Optional) Identify the tracked object with a text description.
track resolution {ip route | ipv6 route} {isis resolution-value | ospf resolution-value} The range of resolution values is: • 2 ISIS routes - 1 to 1000. The default is 1. • OSPF routes - 1 to 1592. The efault is 1. Configure object tracking on the metric of an IPv4 or IPv6 route. CONFIGURATION mode track object-id {ip route ip-address/prefix-len | ipv6 route ipv6-address/prefix-len} metric threshold [vrf vrf-name] Valid object IDs are from 1 to 65535. Enter an IPv4 address in dotted decimal format.
Example of IPv4 and IPv6 Tracking Metric Thresholds The following example configures object tracking on the metric threshold of an IPv6 route: Dell(conf)#track 8 ipv6 route 2::/64 metric threshold Dell(conf-track-8)#threshold metric up 30 Dell(conf-track-8)#threshold metric down 40 Displaying Tracked Objects To display the currently configured objects used to track Layer 2 and Layer 3 interfaces, and IPv4 and IPv6 routes, use the following show commands.
IP Route Resolution ISIS 1 OSPF 1 IPv6 Route Resolution ISIS 1 Example of the show track vrf Command Dell#show track vrf red Track 5 IP route 192.168.0.0/24 reachability, Vrf: red Reachability is Up (CONNECTED) 3 changes, last change 00:02:39 First-hop interface is TenGigabitEthernet 1/4 Example of Viewing Object Tracking Configuration Dell#show running-config track track 1 ip route 23.0.0.
33 Open Shortest Path First (OSPFv2 and OSPFv3) Open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) are supported on Dell Networking OS. This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking Operating System (OS). NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are the same between OSPFv2 and OSPFv3.
Figure 94. Autonomous System Areas Area Types The backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any AS. All other areas must connect to Area 0. An OSPF backbone is responsible for distributing routing information between areas. It consists of all area border routers, networks not wholly contained in any area, and their attached routers. NOTE: If you configure two non-backbone areas, then you must enable the B bit in OSPF.
Networks and Neighbors As a link-state protocol, OSPF sends routing information to other OSPF routers concerning the state of the links between them. The state (up or down) of those links is important. Routers that share a link become neighbors on that segment. OSPF uses the Hello protocol as a neighbor discovery and keep alive mechanism. After two routers are neighbors, they may proceed to exchange and synchronize their databases, which creates an adjacency.
Figure 95. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example. Area Border Router (ABR) Within an AS, an area border router (ABR) connects one or more areas to the backbone.
Autonomous System Border Router (ASBR) The autonomous system border area router (ASBR) connects to more than one AS and exchanges information with the routers in other ASs. Generally, the ASBR connects to a non-interior gate protocol (IGP) such as BGP or uses static routes. Internal Router (IR) The internal router (IR) has adjacencies with ONLY routers in the same area, as Router E, M, and I shown in the example in the Router Types.
• Type 8: Link LSA (OSPFv3) — This LSA carries the IPv6 address information of the local links. • Type 9: Link Local LSA (OSPFv2), Intra-Area-Prefix LSA (OSPFv3) — For OSPFv2, this is a link-local "opaque" LSA as defined by RFC2370. For OSPFv3, this LSA carries the IPv6 prefixes of the router and network links. • Type 11 - Grace LSA (OSPFv3) — For OSPFv3 only, this LSA is a link-local “opaque” LSA sent by a restarting OSPFv3 router during a graceful restart.
Figure 96. Priority and Cost Examples OSPF with Dell Networking OS The Dell Networking OS supports up to 10,000 OSPF routes for OSPFv2. Within the that 10,000 routes, you can designate up to 8,000 routes as external and up to 2,000 as inter/intra area routes. Dell Networking OS version 9.4(0.0) and later support only one OSPFv2 process per VRF. Dell Networking OS version 9.7(0.0) and later support OSPFv3 in VRF. Also, on OSPFv3, Dell Networking OS supports only one OSPFv3 process per VRF.
Graceful Restart When a router goes down without a graceful restart, there is a possibility for loss of access to parts of the network due to ongoing network topology changes. Additionally, LSA flooding and reconvergence can cause substantial delays. It is, therefore, desirable that the network maintains a stable topology if it is possible for data flow to continue uninterrupted.
Fast Convergence (OSPFv2, IPv4 Only) Fast convergence allows you to define the speeds at which LSAs are originated and accepted, and reduce OSPFv2 end-to-end convergence time. Dell Networking OS allows you to accept and originate LSAs as soon as they are available to speed up route information propagation. NOTE: The faster the convergence, the more frequent the route calculations and updates. This impacts CPU utilization and may impact adjacency stability in larger topologies.
ACKs 2 (shown in bold) is printed only for ACK packets. The following example shows no change in the updated packets (shown in bold). ACKs 2 (shown in bold) is printed only for ACK packets. 00:10:41 : OSPF(1000:00): Rcv. v:2 t:5(LSAck) l:64 Acks 2 rid:2.2.2.2 aid:1500 chk:0xdbee aut:0 auk: keyid:0 from:Vl 1000 LSType:Type-5 AS External id:160.1.1.0 adv:6.1.0.0 seq:0x8000000c LSType:Type-5 AS External id:160.1.2.0 adv:6.1.0.0 seq:0x8000000c 00:10:41 : OSPF(1000:00): Rcv. v:2 t:5(LSAck) l:64 Acks 2 rid:2.2.2.
Dell(conf-if-te-2/2)#ip ospf dead-interval 80 Dell(conf-if-te-2/2)# In the following example, the dead interval is set at 4x the hello interval (shown in bold). Dell (conf-if-te-2/2)#ip ospf dead-interval 20 Dell (conf-if-te-2/2)#do show ip os int tengigabitethernet 1/3 TenGigabitEthernet 2/2 is up, line protocol is up Internet Address 20.0.0.1/24, Area 0 Process ID 10, Router ID 1.1.1.2, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 1.1.1.
Use timers spf delay holdtime Example Dell# Dell#conf Dell(conf)#router ospf 1 Dell(conf-router_ospf-1)#timer spf 2 5 Dell(conf-router_ospf-1)# Dell(conf-router_ospf-1)#show config ! router ospf 1 timers spf 2 5 Dell(conf-router_ospf-1)# Dell(conf-router_ospf-1)#end Dell# For a complete list of the OSPF commands, refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Enabling OSPFv2 To enable Layer 3 routing, assign an IP address to an interface (physical or Loopback).
Assigning a Router ID In CONFIGURATION ROUTER OSPF mode, assign the router ID. The router ID is not required to be the router’s IP address. However, Dell Networking recommends using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described. • Assign the router ID for the OSPFv2 process. CONFIG-ROUTER-OSPF-id mode router-id ip address • Disable OSPF. CONFIGURATION mode no router ospf process-id • Reset the OSPFv2 process.
Enable OSPFv2 on Interfaces Enable and configure OSPFv2 on each interface (configure for Layer 3 protocol), and not shutdown. You can also assign OSPFv2 to a Loopback interface as a virtual interface. OSPF functions and features, such as MD5 Authentication, Grace Period, Authentication Wait Time, are assigned on a per interface basis. NOTE: If using features like MD5 Authentication, ensure all the neighboring routers are also configured for MD5.
Loopback interfaces also help the OSPF process. OSPF picks the highest interface address as the router-id and a Loopback interface address has a higher precedence than other interface addresses. Example of Viewing OSPF Status on a Loopback Interface Dell#show ip ospf 1 int TenGigabitEthernet 1/23 is up, line protocol is up Internet Address 10.168.0.1/24, Area 0.0.0.1 Process ID 1, Router ID 10.168.253.
Example of the show ip ospf database database-summary Command To view which LSAs are transmitted, use the show ip ospf database process-id database-summary command in EXEC Privilege mode. Dell#show ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area 2.2.2.2 3.3.3.3 Dell# ID Router Network S-Net S-ASBR Type-7 Subtotal 1 0 0 0 0 1 1 0 0 0 0 1 To view information on areas, use the show ip ospf process-id command in EXEC Privilege mode.
Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.0 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 No Hellos (Passive interface) Neighbor Count is 0, Adjacent neighbor count is 0 Loopback 45 is up, line protocol is up Internet Address 10.1.1.23/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.
Changing OSPFv2 Parameters on Interfaces In Dell Networking OS, you can modify the OSPF settings on the interfaces. Some interface parameter values must be consistent across all interfaces to avoid routing errors. For example, set the same time interval for the hello packets on all routers in the OSPF network to prevent misconfiguration of OSPF neighbors. To change OSPFv2 parameters on the interfaces, use any or all of the following commands. • Change the cost associated with OSPF traffic on the interface.
• Change the wait period between link state update packets sent out the interface. CONFIG-INTERFACE mode ip ospf transmit-delay seconds • seconds: the range is from 1 to 65535 (the default is 1 second). The transmit delay must be the same on all routers in the OSPF network. Example of Changing and Verifying the cost Parameter and Viewing Interface Status To view interface configurations, use the show config command in CONFIGURATION INTERFACE mode.
The default is 0 seconds. Enabling OSPFv2 Graceful Restart Graceful restart is enabled for the global OSPF process. The Dell Networking implementation of OSPFv2 graceful restart enables you to specify: • • • • grace period — the length of time the graceful restart process can last before OSPF terminates it. helper-reject neighbors — the router ID of each restart router that does not receive assistance from the configured router. mode — the situation or situations that trigger a graceful restart.
Example of the show run ospf Command When you configure a graceful restart on an OSPFv2 router, the show run ospf command displays information similar to the following. Dell#show run ospf ! router ospf 1 graceful-restart grace-period 300 graceful-restart role helper-only graceful-restart mode unplanned-only graceful-restart helper-reject 10.1.1.1 graceful-restart helper-reject 20.1.1.1 network 10.0.2.0/24 area 0 Dell# Creating Filter Routes To filter routes, use prefix lists.
• Specify which routes are redistributed into OSPF process. CONFIG-ROUTEROSPF-id mode redistribute {bgp | connected | isis | rip | static} [metric metric-value | metric-type typevalue] [route-map map-name] [tag tag-value] Configure the following required and optional parameters: • bgp, connected, isis, rip, static: enter one of the keywords to redistribute those routes. • metric metric-value: the range is from 0 to 4294967295. • metric-type metric-type: 1 for OSPF external route type 1.
show ip route summary • View the summary information for the OSPF database. EXEC Privilege mode show ip ospf database • View the configuration of OSPF neighbors connected to the local router. EXEC Privilege mode show ip ospf neighbor • View the LSAs currently in the queue. EXEC Privilege mode show ip ospf timers rate-limit • View debug messages.
Figure 97. Basic Topology and CLI Commands for OSPFv2 OSPF Area 0 — Te 1/1 and 1/2 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 ! interface TenGigabitEthernet 1/1 ip address 10.1.11.1/24 no shutdown ! interface TenGigabitEthernet 1/2 ip address 10.2.12.2/24 no shutdown ! interface Loopback 10 ip address 192.168.100.100/24 no shutdown OSPF Area 0 — Te 3/1 and 3/2 router ospf 33333 network 192.168.100.0/24 area 0 network 10.0.13.
network 10.2.21.0/24 area 0 network 10.2.22.0/24 area 0 ! interface Loopback 20 ip address 192.168.100.20/24 no shutdown ! interface TenGigabitEthernet 2/1 ip address 10.2.21.2/24 no shutdown ! interface TenGigabitEthernet 2/2 ip address 10.2.22.2/24 no shutdown Configuration Task List for OSPFv3 (OSPF for IPv6) This section describes the configuration tasks for Open Shortest Path First version 3 (OSPF for IPv6) on the switch.
ipv6 unicast routing Applying cost for OSPFv3 Change in bandwidth directly affects the cost of OSPF routes. • Explicitly specify the cost of sending a packet on an interface. INTERFACE mode ipv6 ospf interface-cost • • interface-cost:The range is from 1 to 65535. Default cost is based on the bandwidth. Specify how the OSPF interface cost is calculated based on the reference bandwidth method. The cost of an interface is calculated as Reference Bandwidth/Interface speed.
• process-id: the process ID number assigned. • area-id: the area ID for this interface. Assigning OSPFv3 Process ID and Router ID Globally To assign, disable, or reset OSPFv3 globally, use the following commands. • Enable the OSPFv3 process globally and enter OSPFv3 mode. CONFIGURATION mode ipv6 router ospf {process ID} • The range is from 0 to 65535. Assign the router ID for this OSPFv3 process. CONF-IPV6-ROUTER-OSPF mode router-id {number} • number: the IPv4 address. The format is A.B.C.D.
• Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf [vrf vrf-name] process Configuring Stub Areas To configure IPv6 stub areas, use the following command. • Configure the area as a stub area. CONF-IPV6-ROUTER-OSPF mode area area-id stub [no-summary] • no-summary: use these keywords to prevent transmission in to the area of summary ASBR LSAs. • Area ID: a number or IP address assigned when creating the area.
• bgp | connected | static: enter one of the keywords to redistribute those routes. • metric metric-value: The range is from 0 to 4294967295. • metric-type metric-type: enter 1 for OSPFv3 external route type 1 OR 2 for OSPFv3 external route type 2. • route-map map-name: enter a name of a configured route map. • tag tag-value: The range is from 0 to 4294967295. Configuring a Default Route To generate a default external route into the OSPFv3 routing domain, configure the following parameters.
graceful-restart mode [planned-only | unplanned-only] • • • Planned-only: the OSPFv3 router supports graceful restart only for planned restarts. A planned restart is when you manually enter a redundancy force-failover rpm command to force the primary RPM over to the secondary RPM. During a planned restart, OSPFv3 sends out a Grace LSA before the system switches over to the secondary RPM. OSPFv3 is notified that a planned restart is happening.
Originate New LSAS Rx New LSAS Ext LSA Count Rte Max Eq Cost Paths GR grace-period GR mode 73 114085 0 5 180 planned and unplanned Area 0 database summary Type Brd Rtr Count AS Bdr Rtr Count LSA count Summary LSAs Rtr LSA Count Net LSA Count Inter Area Pfx LSA Count Inter Area Rtr LSA Count Group Mem LSA Count Count/Status 2 2 12010 1 4 3 12000 0 0 The following example shows the show ipv6 ospf database grace-lsa command.
possible to insert the ESP header between the next layer protocol header and encapsulated IP header in Tunnel mode. However, Tunnel mode is not supported in Dell Networking OS. For detailed information about the IP ESP protocol, refer to RFC 4303. In OSPFv3 communication, IPsec provides security services between a pair of communicating hosts or security gateways using either AH or ESP.
Configuring IPsec Authentication on an Interface To configure, remove, or display IPsec authentication on an interface, use the following commands. Prerequisite: Before you enable IPsec authentication on an OSPFv3 interface, first enable IPv6 unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area (refer to Configuration Task List for OSPFv3 (OSPF for IPv6)).
• • key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. Required lengths of a non-encrypted or encrypted key are: 3DES - 48 or 96 hex digits; DES - 16 or 32 hex digits; AESCBC - 32 or 64 hex digits for AES-128 and 48 or 96 hex digits for AES-192. • key-encryption-type: (optional) specifies if the key is encrypted. The valid values are 0 (key is not encrypted) or 7 (key is encrypted).
Configuring IPsec Encryption for an OSPFv3 Area To configure, remove, or display IPsec encryption in an OSPFv3 area, use the following commands. Prerequisite: Before you enable IPsec encryption in an OSPFv3 area, first enable OSPFv3 globally on the router (refer to Configuration Task List for OSPFv3 (OSPF for IPv6)). The SPI value must be unique to one IPsec security policy (authentication or encryption) on the router.
EXEC Privilege show crypto ipsec sa ipv6 [interface interface] To display information on the SAs used on a specific interface, enter interface interface, where interface is one of the following values: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. • For a port channel interface, enter the keywords port-channel then a number.
STATUS : ACTIVE outbound ah sas spi : 500 (0x1f4) transform : ah-md5-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE inbound esp sas outbound esp sas Interface: TenGigabitEthernet 1/2 Link Local address: fe80::201:e8ff:fe40:4d11 IPSecv6 policy name: OSPFv3-1-600 inbound ah sas outbound ah sas inbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound esp sas spi : 600 (0x258) tran
Viewing Summary Information To get general route, configuration, links status, and debug information, use the following commands. • View the summary information of the IPv6 routes. EXEC Privilege mode show ipv6 route [vrf vrf-name] summary • View the summary information for the OSPFv3 database. EXEC Privilege mode show ipv6 ospf [vrf vrf-name] database • View the configuration of OSPFv3 neighbors.
34 Policy-based Routing (PBR) Policy-based routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. Overview When a router receives a packet, the router decides where to forward the packet based on the destination address in the packet, which is used to look up an entry in a routing table. However, in some cases, there may be a need to forward the packet based on other criteria: size, source, protocol type, destination, and so on.
After you apply a redirect-list to an interface, all traffic passing through it is subjected to the rules defined in the redirect-list. Traffic is forwarded based on the following: • Next-hop addresses are verified. If the specified next hop is reachable, traffic is forwarded to the specified next-hop. • If the specified next-hops are not reachable, the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists.
PBR Exceptions (Permit) To create an exception to a redirect list, use thepermit command. Exceptions are used when a forwarding decision should be based on the routing table rather than a routing policy. The Dell Networking OS assigns the first available sequence number to a rule configured without a sequence number and inserts the rule into the PBR CAM region next to the existing entries. Because the order of rules is important, ensure that you configure any necessary sequence numbers.
• • • • • • • • • • • • tunnel is used to configure the tunnel settings tunnel-id is used to redirect the traffic track is used to track the object-id track is to enable the tracking FORMAT: A.B.C.D FORMAT: slot/port ip-protocol-number or protocol-type is the type of protocol to be redirected FORMAT: 0-255 for IP protocol number, or enter protocol type source ip-address or any or host ip-address is the Source’s IP address FORMAT: A.B.C.
Dell(conf-redirect-list)#seq 15 redirect Dell(conf-redirect-list)#seq 20 redirect Dell(conf-redirect-list)#show config ! ip redirect-list test seq 10 redirect 10.1.1.2 ip 20.1.1.0/24 seq 15 redirect 10.1.1.3 ip 20.1.1.0/25 seq 20 redirect 10.1.1.3 ip 20.1.1.0/24 Dell(conf-redirect-list)# 10.1.1.3 ip 20.1.1.0/25 any 10.1.1.3 ip 20.1.1.128/24 any any any any NOTE: Starting with the Dell Networking OS version 9.4(0.
shutdown Dell(conf-if-te-1/1)# Dell(conf-if-gi-1/1)#ip redirect-group test Dell(conf-if-gi-1/1)#ip redirect-group xyz Dell(conf-if-gi-1/1)#show config ! interface GigabitEthernet 1/1 no ip address ip redirect-group test ip redirect-group xyz shutdown Dell(conf-if-gi-1/1)# In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes.
Use the show ip redirect-list (without the list name) to display all the redirect-lists configured on the device. Dell#show ip redirect-list IP redirect-list rcl0: Defined as: seq 5 permit ip 200.200.200.200 200.200.200.200 199.199.199.199 199.199.199.199 seq 10 redirect 1.1.1.2 tcp 234.224.234.234 255.234.234.234 222.222.222.
Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/24 any EDGE_ROUTER(conf-redirect-list)# seq 15 permit ip any any EDGE_ROUTER(conf-redirect-list)#show config ! ip redirect-list GOLD description Route GOLD traffic to ISP_GOLD. seq 5 redirect 10.99.99.254 ip 192.
View Redirect-List GOLD EDGE_ROUTER#show ip redirect-list IP redirect-list GOLD: Defined as: seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any, Next-hop reachable (via Te 3/23) seq 10 redirect 10.99.99.254 ip 192.168.2.0/24 any, Next-hop reachable (via Te 3/23) seq 15 permit ip any any Applied interfaces: Te 2/11 EDGE_ROUTER# Creating a PBR list using Explicit Track Objects for Redirect IPs Create Track Objects to track the Redirect IPs: Dell#configure terminal Dell(conf)#track 3 ip host 42.1.1.
seq 25 redirect 43.1.1.2 track 4 ip host 7.7.7.7 host 144.144.144.144, Track 4 [up], Next-hop reachable (via Vl 20) Applied interfaces: Te 2/28 Dell# Creating a PBR list using Explicit Track Objects for Tunnel Interfaces Creating steps for Tunnel Interfaces: Dell#configure terminal Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#tunnel destination 40.1.1.2 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip Dell(conf-if-tu-1)#tunnel keepalive 60.1.1.
Verify the Applied Redirect Rules: Dell#show ip redirect-list explicit_tunnel IP redirect-list explicit_tunnel: Defined as: seq 5 redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24, Track 1 [up], Next-hop reachable (via Te 1/32) seq 10 redirect tunnel 1 track 1 tcp any any, Track 1 [up], Next-hop reachable (via Te 1/32) seq 15 redirect tunnel 1 track 1 udp 155.55.0.0/16 host 144.144.144.144, Track 1 [up], Nexthop reachable (via Te 1/32) seq 20 redirect tunnel 2 track 2 tcp 155.55.2.0/24 222.22.2.
35 PIM Sparse-Mode (PIM-SM) Protocol-independent multicast sparse-mode (PIM-SM) is a multicast protocol that forwards multicast traffic to a subnet only after a request using a PIM Join message; this behavior is the opposite of PIM-Dense mode, which forwards multicast traffic to all subnets until a request to stop. Implementation Information The following information is necessary for implementing PIM-SM.
Refuse Multicast Traffic A host requesting to leave a multicast group sends an IGMP Leave message to the last-hop DR. If the host is the only remaining receiver for that group on the subnet, the last-hop DR is responsible for sending a PIM Prune message up the RPT to prune its branch to the RP. 1 After receiving an IGMP Leave message, the gateway removes the interface on which it is received from the outgoing interface list of the (*,G) entry.
ip multicast-routing Related Configuration Tasks The following are related PIM-SM configuration tasks. • Configuring S,G Expiry Timers • Configuring a Static Rendezvous Point • Configuring a Designated Router • Creating Multicast Boundaries and Domains Enable PIM-SM You must enable PIM-SM on each participating interface. 1 Enable multicast routing on the system. CONFIGURATION mode ip multicast-routing 2 Enable PIM-Sparse mode.
TenGigabitEthernet 2/13 (10.87.31.5, 192.1.2.1), uptime 00:01:24, expires 00:02:26, flags: FT Incoming interface: TenGigabitEthernet 2/11, RPF neighbor 0.0.0.0 Outgoing interface list: TenGigabitEthernet 1/11 TenGigabitEthernet 1/12 TenGigabitEthernet 2/13 --More-- Configuring S,G Expiry Timers By default, S, G entries expire in 210 seconds. You can configure a global expiry time (for all [S,G] entries) or configure an expiry time for a particular entry.
Configuring a Static Rendezvous Point The rendezvous point (RP) is a PIM-enabled interface on a router that acts as the root a group-specific tree; every group must have an RP. • Identify an RP by the IP address of a PIM-enabled or Loopback interface. ip pim rp-address Example of Viewing an RP on a Loopback Interface Dell#sh run int loop0 ! interface Loopback 0 ip address 1.1.1.1/32 ip pim sparse-mode no shutdown Dell#sh run pim ! ip pim rp-address 1.1.1.1 group-address 224.0.0.
INTERFACE mode ip pim query-interval seconds • Display the current value of these parameter. EXEC Privilege mode show ip pim interface Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM multicast border routers (PMBRs). PMBRs connect each PIM domain to the rest of the Internet.
36 PIM Source-Specific Mode (PIM-SSM) PIM source-specific mode (PIM-SSM) is a multicast protocol that forwards multicast traffic from a single source to a subnet. In the other versions of protocol independent multicast (PIM), a receiver subscribes to a group only. The receiver receives traffic not just from the source in which it is interested but from all sources sending to that group.
Related Configuration Tasks • Use PIM-SSM with IGMP Version 2 Hosts Enabling PIM-SSM To enable PIM-SSM, follow these steps. 1 Create an ACL that uses permit rules to specify what range of addresses should use SSM. CONFIGURATION mode ip access-list standard name 2 Enter the ip pim ssm-range command and specify the ACL you created. CONFIGURATION mode ip pim ssm-range acl-name Enabling PIM-SSM To display address ranges in the PIM-SSM range, use the show ip pim ssm-range command from EXEC Privilege mode.
Configuring PIM-SSM with IGMPv2 R1(conf)#do show run pim ! ip pim rp-address 10.11.12.2 group-address 224.0.0.0/4 ip pim ssm-range ssm R1(conf)#do show run acl ! ip access-list standard map seq 5 permit host 239.0.0.2 ! ip access-list standard ssm seq 5 permit host 239.0.0.2 R1(conf)#ip igmp ssm-map map 10.11.5.2 R1(conf)#do show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Mode Uptime Expires 239.0.0.
239.0.0.1 Vlan 400 INCLUDE 00:00:10 Never 10.11.4.2 R1(conf)#do show ip igmp ssm-map IGMP Connected Group Membership Group Address Interface Mode Uptime Expires 239.0.0.2 Vlan 300 IGMPv2-Compat 00:00:36 Never Member Ports: Te 1/1 R1(conf)#do show ip igmp ssm-map 239.0.0.2 SSM Map Information Group : 239.0.0.2 Source(s) : 10.11.5.2 R1(conf)#do show ip igmp groups detail Interface Group Uptime Expires Router mode Last reporter Last reporter mode Last report Group source Source address 10.11.5.
37 Port Monitoring Port monitoring (also referred to as mirroring ) allows you to monitor ingress and/or egress traffic on specified ports. The mirrored traffic can be sent to a port to which a network analyzer is connected to inspect or troubleshoot the traffic. Mirroring is used for monitoring Ingress or Egress or both Ingress and Egress traffic on a specific port(s). This mirrored traffic can be sent to a port where a network sniffer can connect and monitor the traffic.
Port Monitoring Port monitoring is supported on both physical and logical interfaces, such as VLAN and port-channel interfaces. The source port (MD) with monitored traffic and the destination ports (MG) to which an analyzer can be attached must be on the same switch. You can configure up to 128 source ports in a monitoring session. Only one destination port is supported in a monitoring session. The platform supports multiple source-destination statements in a single monitor session.
Example of Viewing a Monitoring Session In the example below, 0/25 and 0/26 belong to Port-pipe 1. This port-pipe has the same restriction of only four destination ports, new or used.
MONITOR SESSION mode source Example of Viewing Port Monitoring Configuration To display information on currently configured port-monitoring sessions, use the show monitor session command from EXEC Privilege mode.
Figure 99. Port Monitoring Example Configuring Monitor Multicast Queue To configure monitor QoS multicast queue ID, use the following commands. 1 Configure monitor QoS multicast queue ID. CONFIGURATION mode monitor multicast-queue queue-id Dell(conf)#monitor multicast-queue 7 2 Verify information about monitor configurations.
flow-based enable 2 Define in access-list rules that include the keyword monitor. For port monitoring, Dell Networking OS only considers traffic matching rules with the keyword monitor. CONFIGURATION mode ip access-list Refer to Access Control Lists (ACLs). 3 Apply the ACL to the monitored port.
Remote Port Mirroring Example Remote port mirroring uses the analyzers shown in the aggregation network in Site A. The VLAN traffic on monitored links from the access network is tagged and assigned to a dedicated L2 VLAN. Monitored links are configured in two source sessions shown with orange and green circles. Each source session uses a separate reserved VLAN to transmit mirrored packets (mirrored source-session traffic is shown with an orange or green circle with a blue border).
• You can configure any switch in the network with source ports and destination ports, and allow it to function in an intermediate transport session for a reserved VLAN at the same time for multiple remote-port mirroring sessions. You can enable and disable individual mirroring sessions. • BPDU monitoring is not required to use remote port mirroring.
Restrictions When you configure remote port mirroring, the following restrictions apply: • You can configure the same source port to be used in multiple source sessions. • You cannot configure a source port channel or source VLAN in a source session if the port channel or VLAN has a member port that is configured as a destination port in a remote-port mirroring session.
Configuring the Sample Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a destination session (destination ports connected to analyzers on destination switches). Table 63. Configuration Steps for RPM Step Command Purpose 1 configure terminal Enter global configuration mode.
Dell(conf-if-te-1/30)#switchport Dell(conf-if-te-1/30)#exit Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 1/30 Dell(conf-if-vl-30)#exit Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#channel-member te 1/28-29 Dell(conf-if-po-10)#no shutdown Dell(conf-if-po-10)#exit Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source port-channel 10 dest remote-vlan 30 dir both Dell(conf-mon-sess-3)#no disable Dell(conf-mon-sess-3)# Dell(con
Dell(conf-mon-sess-3)#source remote-vlan 30 destination te 1/6 Dell(conf-mon-sess-3)#tagged destination te 1/6 Dell(conf-mon-sess-3)#end Dell# Dell#show monitor session SessID Source Destination Dir Mode Source IP ------ ------------------ ---- --------1 remote-vlan 10 Te 1/4 N/A N/A N/A 2 remote-vlan 20 Te 1/5 N/A N/A N/A 3 remote-vlan 30 Te 1/6 N/A N/A N/A Dell# Dest IP -------N/A N/A N/A Configuring RSPAN Source Sessions to Avoid BPD Issues When ever you configure an RPM source session, you must ensure
Encapsulated Remote Port Monitoring Encapsulated Remote Port Monitoring (ERPM) copies traffic from source ports/port-channels or source VLANs and forwards the traffic using routable GRE-encapsulated packets to the destination IP address specified in the session. NOTE: When configuring ERPM, follow these guidelines • The Dell Networking OS supports ERPM source session only. Encapsulated packets terminate at the destination IP address or at the analyzer.
flow-based command to disable to disable flowbased ERPM. 6 no disable Enter the no disable command to activate the ERPM session.. The following example shows an ERPM configuration . Dell(conf)#monitor session 0 type erpm Dell(conf-mon-sess-0)#source tengigabitethernet 1/9 direction rx Dell(conf-mon-sess-0)#source port-channel 1 direction tx Dell(conf-mon-sess-0)#erpm source-ip 1.1.1.1 dest-ip 7.1.1.
ERPM Behavior on a typical Dell Networking OS The Dell Networking OS is designed to support only the Encapsulation of the data received / transmitted at the specified source port (Port A). An ERPM destination session / decapsulation of the ERPM packets at the destination Switch are not supported. Figure 101.
b Using Python script • Either have a Linux server's ethernet port ip as the ERPM destination ip or connect the ingress interface of the server to the ERPM MirrorToPort. The analyzer should listen in the forward/egress interface. If there is only one interface, one can choose the ingress and forward interface to be same and listen in the tx direction of the interface. • Download/ Write a small script (for example: erpm.
38 Per-VLAN Spanning Tree Plus (PVST+) Per-VLAN spanning tree plus (PVST+) is a variation of spanning tree — developed by a third party — that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN). Protocol Overview PVST+ is a variation of spanning tree — developed by a third party — that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN).
Figure 102. Per-VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 65. Spanning Tree Variations Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tree Protocol (MSTP) 802 .
2 Place the interfaces in VLANs. 3 Enable PVST+. 4 Optionally, for load balancing, select a nondefault bridge-priority for a VLAN.
Influencing PVST+ Root Selection As shown in the previous per-VLAN spanning tree illustration, all VLANs use the same forwarding topology because R2 is elected the root, and all TenGigabitEthernet ports have the same cost. The following per-VLAN spanning tree illustration changes the bridge priority of each bridge so that a different forwarding topology is generated for each VLAN. This behavior demonstrates how you can use PVST+ to achieve load balancing. Figure 103.
Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 100 Current root has priority 4096, Address 0001.e80d.b6d6 Number of topology changes 5, last change occurred 00:34:37 ago on Te 1/32 Port 375 (TenGigabitEthernet 1/22) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.
The values for global PVST+ parameters are given in the output of the show spanning-tree pvst command. Modifying Interface PVST+ Parameters You can adjust two interface parameters (port cost and port priority) to increase or decrease the probability that a port becomes a forwarding port. • Port cost — a value that is based on the interface type. The greater the port cost, the less likely the port is selected to be a forwarding port.
The values for interface PVST+ parameters are given in the output of the show spanning-tree pvst command, as previously shown. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode an interface forwards frames by default until it receives a BPDU that indicates that it should behave otherwise; it does not go through the Learning and Listening states.
Figure 104. PVST+ with Extend System ID • Augment the bridge ID with the VLAN ID. PROTOCOL PVST mode extend system-id Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32773 (priority 32768 sys-id-ext 5), Address 0001.e832.
no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/22,32 no shutdown ! protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 Example of PVST+ Configuration (R2) interface TenGigabitEthernet 2/12 no ip address switchport no shutdown ! interface TenGigabitEthernet 2/32 no ip address switchport no shutdown ! interface Vlan 100 no ip address tagged TenGigabitEthernet 2/12,32 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 2/12,32 no shutdown ! inte
39 Quality of Service (QoS) This chapter describes how to use and configure Quality of Service service (QoS) features on the switch. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 67.
Feature Direction Create Input Policy Maps Ingress Honor DSCP Values on Ingress Packets Ingress Honoring dot1p Values on Ingress Packets Ingress Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress Create Output Policy Maps Egress Enabling QoS Rate Adjustment Enabling Strict-Priority Queueing Weighted Random Early Detection Egress Create WRED Profiles Egress Figure 105.
• Enabling QoS Rate Adjustment • Enabling Strict-Priority Queueing • Queue Classification Requirements for PFC Functionality • Support for marking dot1p value in L3 Input Qos Policy • Weighted Random Early Detection • Pre-Calculating Available QoS CAM Space • Specifying Policy-Based Rate Shaping in Packets Per Second • Configuring Policy-Based Rate Shaping • Configuring Weights and ECN for WRED • Configuring WRED and ECN Attributes • Guidelines for Configuring ECN for Classifying and Co
dot1p Queue Number 4 4 5 5 6 6 7 7 • Change the priority of incoming traffic on the interface. dot1p-priority Example of Configuring a dot1p Priority on an Interface Dell#configure terminal Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#switchport Dell(conf-if-te-1/1)#dot1p-priority 1 Dell(conf-if-te-1/1)#end Honoring dot1p Priorities on Ingress Traffic By default, Dell Networking OS does not honor dot1p priorities on ingress traffic.
Configuring Port-Based Rate Policing If the interface is a member of a VLAN, you may specify the VLAN for which ingress packets are policed. • Rate policing ingress traffic on an interface. INTERFACE mode rate police Example of the rate police Command The following example shows configuring rate policing.
Policy-Based QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 106. Constructing Policy-Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps, Layer 2 and Layer 3, Dell Networking OS matches packets against match criteria in the order that you configure them.
Use step 1 or step 2 to start creating a Layer 3 class map. 1 Create a match-any class map. CONFIGURATION mode class-map match-any 2 Create a match-all class map. CONFIGURATION mode class-map match-all 3 Specify your match criteria. CLASS MAP mode match {ip | ipv6 | ip-any} After you create a class-map, Dell Networking OS places you in CLASS MAP mode. Match-any class maps allow up to five ACLs. Match-all class-maps allow only one ACL. 4 Link the class-map to a queue.
Use Step 1 or Step 2 to start creating a Layer 2 class map. 1 Create a match-any class map. CONFIGURATION mode class-map match-any 2 Create a match-all class map. CONFIGURATION mode class-map match-all 3 Specify your match criteria. CLASS MAP mode match mac After you create a class-map, Dell Networking OS places you in CLASS MAP mode. Match-any class maps allow up to five access-lists. Match-all class-maps allow only one. You can match against only one VLAN ID. 4 Link the class-map to a queue.
Examples of Traffic Classifications The following example shows incorrect traffic classifications.
Dot1p to Queue Mapping Requirement The dot1p to queue mapping on the system is global and this is used to configure the PRIO2COS table configuration. For DSCP based PFC feature on untagged packets, this mapping must be the same as the default dot1p to queue mapping and should not be changed (as in TABLE 1). If a custom dot1p to queue mapping is present it should be reconfigured to the default dot1p to queue mapping.
Creating an Input QoS Policy To create an input QoS policy, use the following steps. 1 Create a Layer 3 input QoS policy. CONFIGURATION mode qos-policy-input Create a Layer 2 input QoS policy by specifying the keyword layer2 after the qos-policy-input command.
Configuring Policy-Based Rate Shaping To configure policy-based rate shaping, use the following command. • Configure rate shape egress traffic. QOS-POLICY-OUT mode rate-shape Allocating Bandwidth to Queue The switch schedules packets for egress based on Deficit Round Robin (DRR). This strategy offers a guaranteed data rate. Allocate bandwidth to queues only in terms of percentage in 4-queue and 8-queue systems. The following table shows the default bandwidth percentage for each queue.
4 Define the memory from the dynamic buffer pool for a class of traffic. dynamic-buffer-limit buffer-limit The range is from 0 to 12288. Specifying WRED Drop Precedence You can configure the WRED drop precedence in an output QoS policy. • Specify a WRED profile to yellow and/or green traffic. QOS-POLICY-OUT mode wred For more information, refer to Applying a WRED Profile to Traffic.
DSCP-COLOR-MAP dscp {yellow | red} {list-dscp-values} 3 Apply the map profile to the interface. CONFIG-INTERFACE mode qos dscp-color-policy color-map-name Example: Create a DSCP Color Map The following example creates a DSCP color map profile, color-awareness policy, and applies it to interface te 1/11.
Display summary information about a color policy for one or more interfaces. Dell# show qos dscp-color-policy summary Interface dscp-color-map TE 1/10 mapONE TE 1/11 mapTWO Display summary information about a color policy for a specific interface.
POLICY-MAP-IN mode policy-service-queue qos-polcy Honoring DSCP Values on Ingress Packets Dell Networking OS provides the ability to honor DSCP values on ingress packets using Trust DSCP feature. The following table lists the standard DSCP definitions and indicates to which queues Dell Networking OS maps DSCP values. When you configure trust DSCP, the matched packets and matched bytes counters are not incremented in the show qos statistics. Table 70.
Table 72. Default dot1p to Queue Mapping dot1p Queue ID 0 1 1 0 2 2 3 3 4 4 5 5 6 6 7 7 The dot1p value is also honored for frames on the default VLAN. For more information, refer to Priority-Tagged Frames on the Default VLAN. • Enable the trust dot1p feature. POLICY-MAP-IN mode trust dot1p Mapping dot1p Values to Service Queues All traffic is by default mapped to the same queue, Queue 0.
• If you apply a service policy that contains an ACL to more than one interface, Dell Networking OS uses ACL optimization to conserve CAM space. The ACL optimization behavior detects when an ACL exists in the CAM rather than writing it to the CAM multiple times. • Apply an input policy map to an interface. INTERFACE mode service-policy input Specify the keyword layer2 if the policy map you are applying a Layer 2 policy map. Creating Output Policy Maps 1 Create an output policy map.
Enabling QoS Rate Adjustment By default while rate limiting, policing, and shaping, Dell Networking OS does not include the Preamble, SFD, or the IFG fields. These fields are overhead; only the fields from MAC destination address to the CRC are used for forwarding and are included in these rate metering calculations.
• On hybrid ports, Queue classification can be based on either Dot1p (for tagged packets) or DSCP (for untagged packets) but not both. Example Case: PFC does not work for tagged traffic, when DSCP based class map is applied on a hybrid port or on a tagged port. Assume two switches A and B are connected back to back. Consider the case where untagged packets arrive on switch A, if you want to generate PFC for priority 2 for DSCP range 0-7, then you have to match the interested traffic.
Weighted Random Early Detection Weighted random early detection (WRED) is a congestion avoidance mechanism that drops packets to prevent buffering resources from being consumed. The WRED congestion avoidance mechanism drops packets to prevent buffering resources from being consumed. Traffic is a mixture of various kinds of packets. The rate at which some types of packets arrive might be greater than others.
Figure 107. Packet Drop Rate for WRED You can create a custom WRED profile or use one of the five pre-defined profiles. Creating WRED Profiles To create WRED profiles, use the following commands. 1 Create a WRED profile. CONFIGURATION mode wred-profile 2 Specify the minimum and maximum threshold values. WRED mode threshold Applying a WRED Profile to Traffic After you create a WRED profile, you must specify to which traffic Dell Networking OS should apply the profile.
Displaying Default and Configured WRED Profiles To display the default and configured WRED profiles, use the following command. • Display default and configured WRED profiles and their threshold values. EXEC mode show qos wred-profile Displaying WRED Drop Statistics To display WRED drop statistics, use the following command. • Display the number of packets Dell Networking OS the WRED profile drops.
Test the policy-map size against the CAM space for a specific port-pipe or all port-pipes using these commands: • test cam-usage service-policy input policy-map {stack-unit } number port-set number • test cam-usage service-policy input policy-map {stack-unit } all The output of this command, shown in the following example, displays: • The estimated number of CAM entries the policy-map will consume. • Whether or not the policy-map can be applied.
You can use the rate-shape pps peak-rate burst-packets command in the QoS Policy Out Configuration mode to configure the peak rate and burst size as a measure of pps. Alternatively, you can use the rate shape kbps peak-rate burst-KB command to configure the peak rate and peak burst size as a measure of bytes.
for applications that are time-sensitive, such as video on demand (VoD) or voice over IP (VoIP) applications. In such cases, you can use ECN in conjunction with WRED to resolve the dropping of packets under congested conditions. Using ECN, the packets are marked for transmission at a later time after the network recovers from the heavy traffic state to an optimal load. In this manner, enhanced performance and throughput are achieved.
Table 73. Scenarios of WRED and ECN Configuration Queue Configuration Service-Pool Configuration WRED Threshold Expected Functionality Relationship Q threshold = Q-T, Service pool threshold = SP-T WRED ECN WRED ECN 0 0 X X X WRED/ECN not applicable 1 0 0 X X Queue based WRED, 1 X Q-T < SP-T No ECN marking SP-T < Q-T SP based WRED, No ECN marking 1 1 0 X X Queue-based ECN marking above queue threshold.
mode Dell(conf) #service-pool wred green pool0 thresh-1 pool1 thresh-2 Dell(conf) #service-pool wred yellow pool0 thresh-3 pool1 thresh-4 Dell(conf) #service-pool wred weight pool0 11 pool1 4 5 Create a service class and associate the threshold weight of the shared buffer with each of the queues per port in the egress direction.
! policy-map-input ecn_0_pmap service-queue 0 class-map ecn_0_cmap Applying this policy-map “ecn_0_pmap” will mark all the packets with ‘ecn == 0’ as yellow packets on queue0 (default queue). Classifying Incoming Packets Using ECN and Color-Marking Explicit Congestion Notification (ECN) is a capability that enhances WRED by marking the packets instead of causing WRED to drop them when the threshold value is exceeded.
You can use the ecn keyword with the ip access-list standard, ip access-list extended, seq, and permit commands for standard and extended IPv4 ACLs to match incoming packets with the specified ECN values. Similar to ‘dscp’ qualifier in the existing L3 ACL command, the ‘ecn’ qualifier can be used along with all other supported ACL match qualifiers such as SIP/DIP/TCP/UDP/SRC PORT/DST PORT/ ICMP. Until Release 9.3(0.
The above requirement can be achieved using either of the two approaches.
Applying Layer 2 Match Criteria on a Layer 3 Interface To process Layer 3 packets that contain a dot1p (IEEE 802.1p) VLAN Layer 2 header, configure VLAN tags on a Layer 3 port interface which is configured with an IP address but has no VLAN associated with it. You can also configure a VLAN sub-interface on the port interface and apply a policy map that classifies packets using the dot1p VLAN ID.
2 Configure the threshold weight of the shared buffer for the queues you want. In this example, this setting is configured for queues 5 and 7. Dell(conf-if-te-1/1)#Service-class buffer shared-threshold-weight queue5 4 queue7 6 Enabling Buffer Statistics Tracking You can enable the tracking of statistical values of buffer spaces at a global level. The buffer statistics tracking utility operates in the max use count mode that enables the collection of maximum values of counters.
MCAST 3 0 Unit 1 unit: 3 port: 21 (interface Fo 1/164) --------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------MCAST 3 0 Unit 1 unit: 3 port: 25 (interface Fo 1/168) --------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------MCAST 3 0 Unit 1 unit: 3 port: 29 (interface Fo 1/172) --------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------MCAST 3 0 Unit 1 uni
40 Routing Information Protocol (RIP) The Routing Information Protocol (RIP) tracks distances or hop counts to nearby routers when establishing network connections and is based on a distance-vector algorithm. RIP is based on a distance-vector algorithm; it tracks distances or hop counts to nearby routers when establishing network connections. RIP protocol standards are listed in the Standards Compliance chapter.
Implementation Information Dell Networking OS supports both versions of RIP and allows you to configure one version globally and the other version on interfaces or both versions on the interfaces. The following table lists the defaults for RIP in Dell Networking OS. Table 74.
CONFIGURATION mode router rip 2 Assign an IP network address as a RIP network to exchange routing information. ROUTER RIP mode network ip-address Examples of Verifying RIP is Enabled and Viewing RIP Routes After designating networks with which the system is to exchange RIP information, ensure that all devices on that network are configured to exchange RIP information. The Dell Networking OS default is to send RIPv1 and to receive RIPv1 and RIPv2.
[120/1] via 29.10.10.12, 00:01:22, Fa 2.0.0.0/8 auto-summary 4.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 4.0.0.0/8 auto-summary 8.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 8.0.0.0/8 auto-summary 12.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 12.0.0.0/8 auto-summary 20.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 20.0.0.0/8 auto-summary 29.10.10.0/24 directly connected,Fa 1/49 29.0.0.0/8 auto-summary 31.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 31.0.0.0/8 auto-summary 192.162.2.
Assigning a Prefix List to RIP Routes Another method of controlling RIP (or any routing protocol) routing information is to filter the information through a prefix list. A prefix list is applied to incoming or outgoing routes. Those routes must meet the conditions of the prefix list; if not, Dell Networking OS drops the route. Prefix lists are globally applied on all interfaces running RIP. Configure the prefix list in PREFIX LIST mode prior to assigning it to the RIP process.
Setting the Send and Receive Version To change the RIP version globally or on an interface in Dell Networking OS, use the following command. To specify the RIP version, use the version command in ROUTER RIP mode. To set an interface to receive only one or the other version, use the ip rip send version or the ip rip receive version commands in INTERFACE mode. You can set one RIP version globally on the system using system.
The following example of the show ip protocols command confirms that both versions are sent out that interface. This interface no longer sends and receives the same RIP versions as Dell Networking OS does globally (shown in bold).
Controlling Route Metrics As a distance-vector protocol, RIP uses hop counts to determine the best route, but sometimes the shortest hop count is a route over the lowest-speed link. To manipulate RIP routes so that the routing protocol prefers a different route, manipulate the route by using the offset command. Exercise caution when applying an offset command to routers on a broadcast network, as the router using the offset command is modifying RIP advertisements before sending out those advertisements.
RIP Configuration Example The examples in this section show the command sequence to configure RIPv2 on the two routers shown in the following illustration — Core 2 and Core 3. The host prompts used in the following example reflect those names. The examples are divided into the following groups of command sequences: • Configuring RIPv2 on Core 2 • Core 2 RIP Output • RIP Configuration on Core 3 • Core 3 RIP Output • RIP Configuration Summary Figure 108.
The following example shows the show ip rip database command to view the learned RIP routes on Core 2. Core2(conf-router_rip)#end 00:12:24: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by console Core2#show ip rip database Total number of routes in RIP database: 7 10.11.30.0/24 [120/1] via 10.11.20.1, 00:00:03, TenGigabitEthernet 2/3 10.300.10.0/24 directly connected,TenGigabitEthernet 2/4 10.200.10.0/24 directly connected,TenGigabitEthernet 2/5 10.11.20.
10.11.20.0 10.11.10.0 Routing Information Sources: Gateway Distance Last Update 10.11.20.1 120 00:00:12 Distance: (default is 120) Core2# RIP Configuration on Core3 The following example shows how to configure RIPv2 on a host named Core3. Example of Configuring RIPv2 on Core3 Core3(conf)#router rip Core3(conf-router_rip)#version 2 Core3(conf-router_rip)#network 192.168.1.0 Core3(conf-router_rip)#network 192.168.2.0 Core3(conf-router_rip)#network 10.11.30.0 Core3(conf-router_rip)#network 10.11.20.
E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- ------- --------------------R 10.11.10.0/24 via 10.11.20.2, Te 3/21 120/1 00:01:14 C 10.11.20.0/24 Direct, Te 3/21 0/0 00:01:53 C 10.11.30.0/24 Direct, Te 3/11 0/0 00:06:00 R 10.200.10.0/24 via 10.11.20.2, Te 3/21 120/1 00:01:14 R 10.300.10.0/24 via 10.11.
no shutdown router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 The following example shows viewing the RIP configuration on Core 3. ! interface TenGigabitEthernet 3/1 ip address 10.11.30.1/24 no shutdown ! interface TenGigabitEthernet 3/2 ip address 10.11.20.1/24 no shutdown ! interface TenGigabitEthernet 3/4 ip address 192.168.1.1/24 no shutdown ! interface TenGigabitEthernet 3/5 ip address 192.168.2.1/24 no shutdown ! router rip version 2 network 10.11.20.0 network 10.11.30.0 network 192.
41 Remote Monitoring (RMON) RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces. RMON operates with the simple network management protocol (SNMP) and monitors all nodes on a local area network (LAN) segment. RMON monitors traffic passing through the router and segment traffic not destined for the router.
Setting the RMON Alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. • Set an alarm on any MIB object.
• number: assigned event number, which is identical to the eventIndex in the eventTable in the RMON MIB. The value must be an integer from 1 to 65,535 and be unique in the RMON Event Table. • log: (Optional) generates an RMON log entry when the event is triggered and sets the eventType in the RMON MIB to log or logand-trap. Default is no log. • trap community: (Optional) SNMP community string used for this trap.
• integer: a value from 1 to 65,535 that identifies the RMON group of statistics. The value must be a unique index in the RMON History Table. • owner: (Optional) specifies the name of the owner of the RMON group of statistics. The default is a null-terminated string. • ownername: (Optional) records the name of the owner of the RMON group of statistics. • buckets: (Optional) specifies the maximum number of buckets desired for the RMON collection history group of statistics.
42 Rapid Spanning Tree Protocol (RSTP) The Rapid Spanning Tree Protocol (RSTP) is a Layer 2 protocol — specified by IEEE 802.1w — that is essentially the same as spanningtree protocol (STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP). Protocol Overview RSTP is a Layer 2 protocol — specified by IEEE 802.
• All interfaces in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode are automatically added to the RST topology. • Adding a group of ports to a range of VLANs sends multiple messages to the rapid spanning tree protocol (RSTP) task, avoid using the range command. When using the range command, Dell Networking recommends limiting the range to five ports and 40 VLANs. RSTP and VLT Virtual link trunking (VLT) provides loop-free redundant topologies and does not require RSTP.
• • Only one path from any bridge to any other bridge is enabled. Bridges block a redundant path by disabling one of the link ports. To enable RSTP globally for all Layer 2 interfaces, use the following commands. 1 Enter PROTOCOL SPANNING TREE RSTP mode. CONFIGURATION mode protocol spanning-tree rstp 2 Enable RSTP.
Bridge Identifier has priority 32768, Address 0001.e801.cbb4 Configured hello time 2, max age 20, forward delay 15, max hops 0 We are the root Current root has priority 32768, Address 0001.e801.cbb4 Number of topology changes 4, last change occurred 00:02:17 ago on Te 1/26 Port 377 (TenGigabitEthernet 2/1) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.377 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.
Adding and Removing Interfaces To add and remove interfaces, use the following commands. To add an interface to the Rapid Spanning Tree topology, configure it for Layer 2 and it is automatically added. If you previously disabled RSTP on the interface using the command no spanning-tree 0 command, re-enable it using the spanning-tree 0 command. • Remove an interface from the Rapid Spanning Tree topology. no spanning-tree 0 Modifying Global Parameters You can modify RSTP parameters.
• Change the hello-time parameter. PROTOCOL SPANNING TREE RSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. • The default is 2 seconds. Change the max-age parameter. PROTOCOL SPANNING TREE RSTP mode max-age seconds The range is from 6 to 40. The default is 20 seconds.
To view the current values for interface parameters, use the show spanning-tree rstp command from EXEC privilege mode. Enabling SNMP Traps for Root Elections and Topology Changes To enable SNMP traps collectively, use this command. Enable SNMP traps for RSTP, MSTP, and PVST+ collectively. snmp-server enable traps xstp Influencing RSTP Root Selection RSTP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it is selected as the root bridge.
• Disable spanning tree on the interface (the no spanning-tree command in INTERFACE mode). • Disable global spanning tree (the no spanning-tree command in CONFIGURATION mode). To enable EdgePort on an interface, use the following command. • Enable EdgePort on an interface.
43 Software-Defined Networking (SDN) The Dell Networking OS supports software-defined networking (SDN). For more information, see the SDN Deployment Guide.
44 Security This chapter describes several ways to provide security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide.
• Enable AAA accounting and create a record for monitoring the accounting function. CONFIGURATION mode aaa accounting {commands | exec | suppress | system level} {default | name} {start-stop | wait-start | stop-only} {tacacs+} The variables are: • system: sends accounting information of any other AAA configuration. • exec: sends accounting information when a user has logged in to EXEC mode. • command level: sends accounting of commands executed at the specified privilege level.
Configuring AAA Accounting for Terminal Lines To enable AAA accounting with a named method list for a specific terminal line (where com15 and execAcct are the method list names), use the following commands. • Configure AAA accounting for terminal lines.
Configuration Task List for AAA Authentication The following sections provide the configuration tasks. • Configuring AAA Authentication Login Methods • Enabling AAA Authentication • Enabling AAA Authentication - RADIUS For a complete list of all commands related to login authentication, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configure Login Authentication for Terminal Lines You can assign up to five authentication methods to a method list.
NOTE: Dell Networking recommends using the none method only as a backup. This method does not authenticate users. The none and enable methods do not work with secure shell (SSH). You can create multiple method lists and assign them to different terminal lines. Enabling AAA Authentication To enable AAA authentication, use the following command. • Enable AAA authentication. CONFIGURATION mode aaa authentication enable {method-list-name | default} method1 [...
Server-Side Configuration Using AAA authentication, the switch acts as a RADIUS or TACACS+ client to send authentication requests to a TACACS+ or RADIUS server. • TACACS+ — When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then sends a second packet with just the password. The TACACS server must have an entry for username $enable$.
• Privilege level 1 — is the default level for EXEC mode. At this level, you can interact with the router, for example, view some show commands and Telnet and ping to test connectivity, but you cannot configure the router. This level is often called the “user” level. One of the commands available in Privilege level 1 is the enable command, which you can use to enter a specific privilege level. • Privilege level 0 — contains only the end, enable, and disable commands.
Configuring the Enable Password Command To configure Dell Networking OS, use the enable command to enter EXEC Privilege level 15. After entering the command, Dell Networking OS requests that you enter a password. Privilege levels are not assigned to passwords, rather passwords are assigned to a privilege level. You can always change a password for any privilege level. To change to a different privilege level, enter the enable command, then the privilege level.
CONFIGURATION mode enable password [level level] [encryption-mode] password Configure the optional and required parameters: • level level: specify a level from 0 to 15. Level 15 includes all levels. • encryption-type: enter 0 for plain text or 7 for encrypted text. • password: enter a string up to 32 characters long. To change only the password for the enable command, configure only the password parameter. 3 Configure level and commands for a mode or reset a command’s level.
Escape character is '^]'.
• level-number: The level-number you wish to set. If you enter disable without a level-number, your security level is 1. RADIUS Remote authentication dial-in user service (RADIUS) is a distributed client/server protocol. This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and a RADIUS client (the Dell Networking system). The system sends user information to the RADIUS server and requests authentication of the user and password.
ACL Configuration Information The RADIUS server can specify an ACL. If an ACL is configured on the RADIUS server, and if that ACL is present, the user may be allowed access based on that ACL. If the ACL is absent, authorization fails, and a message is logged indicating this. RADIUS can specify an ACL for the user if both of the following are true: • If an ACL is absent. • If there is a very long delay for an entry, or a denied entry because of an ACL, and a message is logged.
Defining a AAA Method List to be Used for RADIUS To configure RADIUS to authenticate or authorize users on the system, create a AAA method list. Default method lists do not need to be explicitly applied to the line, so they are not mandatory. To create a method list, use the following commands. • Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the RADIUS authentication method.
• retransmit retries: the range is from 0 to 100. Default is 3. • timeout seconds: the range is from 0 to 1000. Default is 5 seconds. • key [encryption-type] key: enter 0 for plain text or 7 for encrypted text, and a string for the key. The key can be up to 42 characters long. This key must match the key configured on the RADIUS server host. If you do not configure these optional parameters, the global default values for all RADIUS host are applied.
Monitoring RADIUS To view information on RADIUS transactions, use the following command. • View RADIUS transactions to troubleshoot problems. EXEC Privilege mode debug radius TACACS+ Dell Networking OS supports terminal access controller access control system (TACACS+ client, including support for login authentication. Configuration Task List for TACACS+ The following list includes the configuration task for TACACS+ functions.
login authentication {method-list-name | default} Example of a Failed Authentication To view the configuration, use the show config in LINE mode or the show running-config tacacs+ command in EXEC Privilege mode. If authentication fails using the primary method, Dell Networking OS employs the second method (or third method, if necessary) automatically. For example, if the TACACS+ server is reachable, but the server key is invalid, Dell Networking OS proceeds to the next authentication method.
closes the Telnet session immediately. The following example demonstrates how to configure the access-class from a TACACS+ server. This configuration ignores the configured access-class on the VTY line. If you have configured a deny10 ACL on the TACACS+ server, the system downloads it and applies it. If the user is found to be coming from the 10.0.0.0 subnet, the system also immediately closes the Telnet connection. Note, that no matter where the user is coming from, they see the login prompt.
If rejected by the AAA server, the command is not added to the running config, and a message displays: 04:07:48: %RPM0-P:CP %SEC-3-SEC_AUTHORIZATION_FAIL: Authorization failure Command authorization failed for user (denyall) on vty0 ( 10.11.9.209 ) Certain TACACS+ servers do not authenticate the device if you use the aaa authorization commands level default local tacacs+ command. To resolve the issue, use the aaa authorization commands level default tacacs+ local command.
RSA Authentication : disabled. Vty Encryption HMAC Dell(conf)# Remote IP To disable SSH server functions, use the no ip ssh server enable command. Using SCP with SSH to Copy a Software Image To use secure copy (SCP) to copy a software image through an SSH connection from one switch to another, use the following commands. 1 On Switch 1, set the SSH port number ( port 22 by default). CONFIGURATION MODE ip ssh server port number 2 On Switch 1, enable SSH.
User name to login remote host: admin Password to login remote host: Removing the RSA Host Keys and Zeroizing Storage Use the crypto key zeroize rsa command to delete the host key pairs, both the public and private key information for RSA 1 and or RSA 2 types. Note that when FIPS mode is enabled there is no RSA 1 key pair. Any memory currently holding these keys is zeroized (written over with zeroes) and the NVRAM location where the keys are stored for persistence across reboots is also zeroized.
• diffie-hellman-group1-sha1 • diffie-hellman-group14-sha1 When FIPS is enabled, the default is diffie-hellman-group14-sha1. Example of Configuring a Key Exchange Algorithm The following example shows you how to configure a key exchange algorithm.
• hmac-md5-96 • hmac-sha1 • hmac-sha1-96 • hmac-sha2-256 The default list of HMAC algorithm is in the following order: • hmac-sha2-256 • hmac-sha1 • hmac-sha1-96 • hmac-md5 • hmac-md5-96 When FIPS is enabled, the default HMAC algorithm is hmac-sha2-256, hmac-sha1, hmac-sha1-96. Example of Configuring a HMAC Algorithm The following example shows you how to configure a HMAC algorithm list.
The following ciphers are available. • 3des-cbc • aes128-cbc • aes192-cbc • aes256-cbc • aes128-ctr • aes192-ctr • aes256-ctr The default cipher list is in the given order: aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr, aes128-cbc, 3des-cbc. Example of Configuring a Cipher List The following example shows you how to configure a cipher list.
Using RSA Authentication of SSH The following procedure authenticates an SSH client based on an RSA key using RSA authentication. This method uses SSH version 2. 1 On the SSH client (Unix machine), generate an RSA key, as shown in the following example. 2 Copy the public key id_rsa.pub to the Dell Networking system. 3 Disable password authentication if enabled. CONFIGURATION mode no ip ssh password-authentication enable 4 Enable RSA authentication in SSH.
ip ssh pub-key-file flash://filename or ip ssh rhostsfile flash://filename Examples of Creating shosts and rhosts The following example shows creating shosts. admin@Unix_client# cd /etc/ssh admin@Unix_client# ls moduli sshd_config ssh_host_dsa_key.pub ssh_host_key.pub ssh_host_rsa_key.pub ssh_config ssh_host_dsa_key ssh_host_key ssh_host_rsa_key admin@Unix_client# cat ssh_host_rsa_key.
If the IP address in the RSA key does not match the IP address from which you attempt to log in, the following message appears. In this case, verify that the name and IP address of the client is contained in the file /etc/hosts: RSA Authentication Error. Telnet To use Telnet with SSH, first enable SSH, as previously described. By default, the Telnet daemon is enabled. If you want to disable the Telnet daemon, use the following command, or disable Telnet in the startup config.
them from the VTY line with a deny-all access class. After users identify themselves, Dell Networking OS retrieves the access class from the local database and applies it. (Dell Networking OS then can close the connection if a user is denied access.) NOTE: If a VTY user logs in with RADIUS authentication, the privilege level is applied from the RADIUS server only if you configure RADIUS authentication. The following example shows how to allow or deny a Telnet connection to a user.
Dell(config-line-vty)#access-class sourcemac Dell(config-line-vty)#end Role-Based Access Control With Role-Based Access Control (RBAC), access and authorization is controlled based on a user’s role. Users are granted permissions based on their user roles, not on their individual user ID. User roles are created for job functions and through those roles they acquire the permissions to perform their associated job function.
NOTE: When you enter a user role, you have already been authenticated and authorized. You do not need to enter an enable password because you will be automatically placed in EXEC Priv mode. For greater security, the ability to view event, audit, and security system log is associated with user roles. For information about these topics, see Audit and Security Logs.
login authentication test authorization exec test exec-timeout 0 0 line vty 0 login authentication test authorization exec test line vty 1 login authentication test authorization exec test To enable role-based only AAA authorization: Dell(conf)#aaa authorization role-only System-Defined RBAC User Roles By default, the Dell Networking OS provides 4 system defined user roles. You can create up to 8 additional user roles. NOTE: You cannot delete any system defined roles.
permissions from scratch. You then restrict commands or add commands to that role. For more information about this topic, see Modifying Command Permissions for Roles. NOTE: You can change user role permissions on system pre-defined user roles or user-defined user roles. Important Points to Remember Consider the following when creating a user role: • Only the system administrator and user-defined roles inherited from the system administrator can create roles and user names.
When you modify a command for a role, you specify the role, the mode, and whether you want to restrict access using the deleterole keyword or grant access using the addrole keyword followed by the command you are controlling access. For information about how to create new roles, see also Creating a New User Role. The following output displays the modes available for the role command.
The following example removes the secadmin access to LINE mode and then verifies that the security administrator can no longer access LINE mode, using the show role mode configure line command in EXEC Privilege mode.
This section contains the following AAA Authentication and Authorization for Roles configuration tasks: • Configuring AAA Authentication for Roles • Configuring AAA Authorization for Roles • Configuring TACACS+ and RADIUS VSA Attributes for RBAC Configure AAA Authentication for Roles Authentication services verify the user ID and password combination. Users with defined roles and users with privileges are authenticated with the same mechanism.
aaa authorization exec ucraaa tacacs+ radius local aaa accounting commands role netadmin ucraaa start-stop tacacs+ ! The following configuration example applies a method list other than default to each VTY line. NOTE: Note that the methods were not applied to the console so the default methods (if configured) are applied there.
The following example configures an AV pair which allows a user to login from a network access server with a privilege level of 15, to have access to EXEC commands. The format to create a Dell Network OS AV pair for privilege level is shell:priv-lvl= where number is a value between 0 and 15.
The following example applies the accounting default method to the user role secadmin (security administrator). Dell(conf-vty-0)# accounting commands role secadmin default Displaying Active Accounting Sessions for Roles To display active accounting sessions for each user role, use the show accounting command in EXEC mode.
line route-map router Line Configuration mode Route map configuration mode Router configuration mode Dell#show role mode configure username Role access: sysadmin Dell##show role mode configure password-attributes Role access: secadmin,sysadmin Dell#show role mode configure interface Role access: netadmin, sysadmin Dell#show role mode configure line Role access: netadmin,sysadmin Displaying Information About Users Logged into the Switch To display information on all users logged into the switch, using the
45 Service Provider Bridging Service provider bridging provides the ability to add a second VLAN ID tag in an Ethernet frame and is referred to as VLAN stacking in the Dell Networking OS. VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges, which is an amendment to IEEE 802.1Q — Virtual Bridged Local Area Networks. It enables service providers to use 802.
Figure 110. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and are configured as VLAN-Stack access or trunk ports do not switch untagged traffic. To switch traffic, add these interfaces to a non-default VLAN-Stack-enabled VLAN. • Dell Networking cautions against using the same MAC address on different customer VLANs, on the same VLAN-Stack VLAN.
Related Configuration Tasks • • • • Configuring the Protocol Type Value for the Outer VLAN Tag Configuring Dell Networking OS Options for Trunk Ports Debugging VLAN Stacking VLAN Stacking in Multi-Vendor Networks Creating Access and Trunk Ports To create access and trunk ports, use the following commands. • • Access port — a port on the service provider edge that directly connects to the customer. An access port may belong to only one service provider VLAN.
Example of Viewing VLAN Stack Member Status To display the status and members of a VLAN, use the show vlan command from EXEC Privilege mode. Members of a VLAN-Stackingenabled VLAN are marked with an M in column Q.
portmode hybrid switchport vlan-stack trunk shutdown Dell(conf-if-te-1/1)#interface vlan 100 Dell(conf-if-vl-100)#untagged tengigabitethernet 1/1 Dell(conf-if-vl-100)#interface vlan 101 Dell(conf-if-vl-101)#tagged tengigabitethernet 1/1 Dell(conf-if-vl-101)#interface vlan 103 Dell(conf-if-vl-103)#vlan-stack compatible Dell(conf-if-vl-103-stack)#member tengigabitethernet 1/1 Dell(conf-if-vl-103-stack)#do show vlan Codes: Q: U x G - * - Default VLAN, G - GVRP VLANs Untagged, T - Tagged Dot1x untagged, X - Do
Given the matching-TPID requirement, there are limitations when you employ Dell Networking systems at network edges, at which, frames are either double tagged on ingress (R4) or the outer tag is removed on egress (R3). VLAN Stacking The default TPID for the outer VLAN tag is 0x9100. The system allows you to configure both bytes of the 2 byte TPID. Previous versions allowed you to configure the first byte only, and thus, the systems did not differentiate between TPIDs with a common first byte.
Figure 111.
Figure 112.
Figure 113. Single and Double-Tag TPID Mismatch VLAN Stacking Packet Drop Precedence VLAN stacking packet-drop precedence is supported on the switch. The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested. Enabling Drop Eligibility Enable drop eligibility globally before you can honor or mark the DEI value. When you enable drop eligibility, DEI mapping or marking takes place according to the defaults.
Table 78. Drop Eligibility Behavior Ingress Egress DEI Disabled DEI Enabled Normal Port Normal Port Retain CFI Set CFI to 0. Trunk Port Trunk Port Retain inner tag CFI Retain inner tag CFI. Retain outer tag CFI Set outer tag CFI to 0. Retain inner tag CFI Retain inner tag CFI Set outer tag CFI to 0 Set outer tag CFI to 0 Access Port Trunk Port To enable drop eligibility globally, use the following command. • Make packets eligible for dropping based on their DEI value.
Marking Egress Packets with a DEI Value On egress, you can set the DEI value according to a different mapping than ingress. For ingress information, refer to Honoring the Incoming DEI Value. To mark egress packets, use the following command. • Set the DEI value on egress according to the color currently assigned to the packet.
NOTE: The ability to map incoming C-Tag dot1p to any S-Tag dot1p requires installing up to eight entries in the Layer 2 QoS and Layer 2 ACL table for each configured customer VLAN. The scalability of this feature is limited by the impact of the 1:8 expansion in these content addressable memory (CAM) tables.
• vman-qos-dual-fp: mark the S-Tag dot1p and queue the frame according to the S-Tag dot1p. This method requires twice as many CAM entries as vman-qos and FP blocks in multiples of 2. The default is: 0 FP blocks for vman-qos and vman-qos-dual-fp. 2 The new CAM configuration is stored in NVRAM and takes effect only after a save and reload. EXEC Privilege mode copy running-config startup-config 3 Reload the system. reload 4 Map C-Tag dot1p values to a S-Tag dot1p value.
Figure 115. VLAN Stacking without L2PT You might need to transport control traffic transparently through the intermediate network to the other region. Layer 2 protocol tunneling enables BPDUs to traverse the intermediate network by identifying frames with the Bridge Group Address, rewriting the destination MAC to a user-configured non-reserved address, and forwarding the frames.
Figure 116. VLAN Stacking with L2PT Implementation Information • L2PT is available for STP, RSTP, MSTP, and PVST+ BPDUs. • No protocol packets are tunneled when you enable VLAN stacking. • L2PT requires the default CAM profile. Enabling Layer 2 Protocol Tunneling To enable Layer 2 protocol tunneling, use the following command. 1 Verify that the system is running the default CAM profile. Use this CAM profile for L2PT.
show cam-profile 2 Enable protocol tunneling globally on the system. CONFIGURATION mode protocol-tunnel enable 3 Tunnel BPDUs the VLAN. INTERFACE VLAN mode protocol-tunnel stp Specifying a Destination MAC Address for BPDUs By default, Dell Networking OS uses a Dell Networking-unique MAC address for tunneling BPDUs. You can configure another value. To specify a destination MAC address for BPDUs, use the following command.
Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command. • Display debugging information for L2PT. EXEC Privilege mode debug protocol-tunnel Provider Backbone Bridging IEEE 802.1ad—Provider Bridges amends 802.1Q—Virtual Bridged Local Area Networks so that service providers can use 802.1Q architecture to offer separate VLANs to customers with no coordination between customers, and minimal coordination between customers and the provider. 802.
46 sFlow sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic. It is designed to provide traffic monitoring for high-speed networks with many switches and routers.
hardware sampling rate is backed-off from 512 to 1024. Note that port 1 maintains its sampling rate of 16384; port 1 is unaffected because it maintains its configured sampling rate of 16384.: • If the interface states are up and the sampling rate is not configured on the port, the default sampling rate is calculated based on the line speed. • If the interface states are shut down, the sampling rate is set using the global sampling rate.
Global default counter polling interval: 20 Global default extended maximum header size: 128 bytes Global extended information enabled: none 1 collectors configured Collector IP addr: 100.1.1.1, Agent IP addr: 1.1.1.2, UDP port: 6343 VRF: Default 0 UDP packets exported 0 UDP packets dropped 0 sFlow samples collected stack-unit 0 Port set 0 Te 1/1: configured rate 16384, actual rate 16384 Dell# If you did not enable any extended information, the show output displays the following (shown in bold).
Egress Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 86400 Global default extended maximum header size: 256 bytes Global extended information enabled: none 1 collectors configured Collector IP addr: 100.1.1.12, Agent IP addr: 100.1.1.
Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53, Agent IP addr: 133.33.33.
Configuring Specify Collectors The sflow collector command allows identification of sFlow collectors to which sFlow datagrams are forwarded. You can specify up to two sFlow collectors. If you specify two collectors, the samples are sent to both. • Identify sFlow collectors to which sFlow datagrams are forwarded. CONFIGURATION mode sflow collector ip-address agent-addr ip-address [number [max-datagram-size number] ] | [maxdatagram-size number ] The default UDP port is 6343.
• extended-router — Next-hop and source and destination mask length. • extended-gateway — Source and destination AS number and the BGP next-hop. NOTE: The entire AS path is not included. BGP community-list and local preference information are not included. These fields are assigned default values and are not interpreted by the collector. • • Enable extended sFlow.
Table 79. Extended Gateway Summary IP SA IP DA srcAS and srcPeerAS dstAS and dstPeerAS Description static/connected/IGP static/connected/IGP — — Extended gateway data is not exported because there is no AS information. static/connected/IGP BGP 0 Exported src_as and src_peer_as are zero because there is no AS information for IGP. BGP static/connected/IGP — — Exported Exported Prior to Dell Networking OS version 7.8.1.
47 Simple Network Management Protocol (SNMP) The Simple Network Management Protocol (SNMP) is designed to manage devices on IP networks by monitoring device operation, which might require administrator intervention. NOTE: On Dell Networking routers, standard and private SNMP management information bases (MIBs) are supported, including all Get and a limited number of Set operations (such as set vlan and copy cmd).
Implementation Information The following describes SNMP implementation information. • Dell Networking OS supports SNMP version 1 as defined by RFC 1155, 1157, and 1212, SNMP version 2c as defined by RFC 1901, and SNMP version 3 as defined by RFC 2571. • Dell Networking OS supports up to 16 trap receivers. • Dell Networking OS implementation of the sFlow MIB supports sFlow configuration via SNMP sets.
1 SNMPv3 authentication provides only the sha option when the FIPS mode is enabled. 2 SNMPv3 privacy provides only the aes128 privacy option when the FIPS mode is enabled. 3 If you attempt to enable or disable FIPS mode and if any SNMPv3 users are previously configured, an error message is displayed stating you must delete all of the SNMP users before changing the FIPS mode. 4 A message is logged indicating whether FIPS mode is enabled for SNMPv3.
Creating a Community For SNMPv1 and SNMPv2, create a community to enable the community-based security in Dell Networking OS. The management station generates requests to either retrieve or alter the value of a management object and is called the SNMP manager. A network element that processes SNMP requests is called an SNMP agent. An SNMP community is a group of SNMP agents and managers that are allowed to interact.
snmp-server user name group-name 3 noauth auth md5 auth-password • Configure an SNMP group (password privileges only). CONFIGURATION mode snmp-server group groupname {oid-tree} auth read name write name • Configure an SNMPv3 view. CONFIGURATION mode snmp-server view view-name 3 noauth {included | excluded} NOTE: To give a user read and write privileges, repeat this step for each privilege type. • Configure an SNMP group (with password or privacy privileges).
The following example shows reading the value of the many managed objects at one time. > snmpwalk -v 2c -c mycommunity 10.11.131.161 .1.3.6.1.2.1.1 SNMPv2-MIB::sysDescr.0 = STRING: Dell Real Time Operating System Software Dell Operating System Version: 1.0 Dell Application Software Version: E_MAIN4.9.4.0.0 Copyright (c) 1999-2014 by Dell Build Time: Mon May 12 14:02:22 PDT 2008 SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.6027.1.3.
• The default is None. (From a management station) Identify the physical location of the system (for example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1). CONFIGURATION mode snmpset -v version -c community agent-ip sysLocation.0 s “location-info” You may use up to 55 characters. The default is None. Subscribing to Managed Object Value Updates using SNMP By default, the Dell Networking system displays some unsolicited SNMP messages (traps) upon certain events and conditions.
snmp linkdown snmp linkup SNMP_WARM_START:Agent Initialized - SNMP WARM_START. PORT_LINKDN:changed interface state to down:%d PORT_LINKUP:changed interface state to up:%d Enabling a Subset of SNMP Traps You can enable a subset of Dell Networking enterprise-specific SNMP traps using one of the following listed command options. To enable a subset of Dell Networking enterprise-specific SNMP traps, use the following command. • Enable a subset of SNMP traps.
vlt Enable VLT traps. vrrp Enable VRRP state change traps xstp %SPANMGR-5-STP_NEW_ROOT: New Spanning Tree Root, Bridge ID Priority 32768, Address 0001.e801.fc35. %SPANMGR-5-STP_TOPOLOGY_CHANGE: Bridge port TenGigabitEthernet 1/8 transitioned from Forwarding to Blocking state. %SPANMGR-5-MSTP_NEW_ROOT_BRIDGE: Elected root bridge for instance 0. %SPANMGR-5-MSTP_NEW_ROOT_PORT: MSTP root changed to port Te 1/8 for instance 0. My Bridge ID: 40960:0001.e801.fc35 Old Root: 40960:0001.e801.
To enable an SNMP agent to send a trap when the syslog server is not reachable, enter the following command: CONFIGURATION MODE snmp-server enable traps snmp syslog-unreachable To enable an SNMP agent to send a trap when the syslog server resumes connectivity, enter the following command: CONFIGURATION MODE snmp-server enable traps snmp syslog-reachable Table 81. List of Syslog Server MIBS that have read access MIB Object OID Object Values Description dF10SysLogTraps 1.3.6.1.4.1.6027.3.30.1.
MIB Object OID Object Values 2 = running-config Description • 3 = startup-config • copySrcFileLocation .1.3.6.1.4.1.6027.3.5.1.1.1.1.3 1 = flash If copySrcFileType is runningconfig or startup-config, the default copySrcFileLocation is flash. If copySrcFileType is a binary file, you must also specify copySrcFileLocation and copySrcFileName. Specifies the location of source file.
MIB Object OID Object Values Description • copyUserPassword .1.3.6.1.4.1.6027.3.5.1.1.1.1.10 Password for the server. If you specify copyUserName, you must also specify copyUserPassword. Password for the FTP, TFTP, or SCP server. Copying a Configuration File To copy a configuration file, use the following commands. NOTE: In UNIX, enter the snmpset command for help using the following commands. Place the f10-copy-config.
• Copy the running-config to the startup-config from the UNIX machine. snmpset -v 2c -c public force10system-ip-address copySrcFileType.index i 2 copyDestFileType.index i 3 Examples of Copying Configuration Files The following examples show the command syntax using MIB object names and the same command using the object OIDs. In both cases, a unique index number follows the object. The following example shows copying configuration files using MIB object names. > snmpset -v 2c -r 0 -t 60 -c private -m .
a 11.11.11.11 copyUserName.110 s mylogin copyUserPassword.110 s mypass FTOS-COPY-CONFIG-MIB::copySrcFileType.110 = INTEGER: runningConfig(2) FTOS-COPY-CONFIG-MIB::copyDestFileName.110 = STRING: /home/startup-config FTOS-COPY-CONFIG-MIB::copyDestFileLocation.110 = INTEGER: ftp(4) FTOS-COPY-CONFIG-MIB::copyServerAddress.110 = IpAddress: 11.11.11.11 FTOS-COPY-CONFIG-MIB::copyUserName.110 = STRING: mylogin FTOS-COPY-CONFIG-MIB::copyUserPassword.
MIB Object OID Values Description 3 = failed copyTimeStarted .1.3.6.1.4.1.6027.3.5.1.1.1.1.12 Time value Specifies the point in the uptime clock that the copy operation started. copyTimeCompleted .1.3.6.1.4.1.6027.3.5.1.1.1.1.13 Time value Specifies the point in the uptime clock that the copy operation completed. copyFailCause .1.3.6.1.4.1.6027.3.5.1.1.1.1.14 1 = bad filename Specifies the reason the copy request failed.
The following command shows how to get a MIB object value using the object name. > snmpget -v 2c -c private -m ./f10-copy-config.mib 10.11.131.140 copyTimeCompleted.110 FTOS-COPY-CONFIG-MIB::copyTimeCompleted.110 = Timeticks: (1179831) 3:16:38.31 The following command shows how to get a MIB object value using OID. > snmpget -v 2c -c private 10.11.131.140 .1.3.6.1.4.1.6027.3.5.1.1.1.1.13.110 SNMPv2-SMI::enterprises.6027.3.5.1.1.1.1.13.110 = Timeticks: (1179831) 3:16:38.
MIB Object OID Description chSysCoresStackUnitNumber 1.3.6.1.4.1.6027.3.10.1.2.10.1.4 Contains information that includes which stack unit or processor the core file was originated from. chSysCoresProcess 1.3.6.1.4.1.6027.3.10.1.2.10.1.5 Contains information that includes the process names that generated each core file. Viewing the Software Core Files Generated by the System • To view the viewing the software core files generated by the system, use the following command.
Assigning a VLAN Alias Write a character string to the dot1qVlanStaticName object to assign a name to a VLAN. Example of Assigning a VLAN Alias using SNMP [Unix system output] > snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17.7.1.4.3.1.1.
Example of Adding a Tagged Port to a VLAN using SNMP In the following example, Port 0/2 is added as a tagged member of VLAN 10. >snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 x "40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" .1.3.6.1.2.1.17.7.1.4.3.1.4.
snmpset with OID: snmpset -v version -c community agent-ip .1.3.6.1.2.1.2.2.1.7.ifindex i {1 | 2} Choose integer 1 to change the admin status to Up, or 2 to change the admin status to Down. Fetch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs. NOTE: The 802.1q Q-BRIDGE MIB defines VLANs regarding 802.1d, as 802.1d itself does not define them.
Example of Fetching MAC Addresses Learned on a Port-Channel Using SNMP Use dot3aCurAggFdbTable to fetch the learned MAC address of a port-channel. The instance number is the decimal conversion of the MAC address concatenated with the port-channel number.
The system image can also be retrieved by performing an SNMP walk on the following OID: MIB Object is chSysSwModuleTable and the OID is 1.3.6.1.4.1.6027.3.10.1.2.8. Dell#show interface Tengigabitethernet 1/21 TenGigabitEthernet 1/21 is up, line protocol is up Monitor Port-Channels To check the status of a Layer 2 port-channel, use f10LinkAggMib (.1.3.6.1.4.1.6027.3.2). In the following example, Po 1 is a switchport and Po 2 is in Layer 3 mode.
2010-02-10 14:22:40 10.16.130.4 [10.16.130.4]: SNMPv2-MIB::sysUpTime.0 = Timeticks: (8500934) 23:36:49.34 SNMPv2-MIB::snmpTrapOID.0 = OID: IF-MIB::linkUp IF-MIB::ifIndex.1107755009 = INTEGER: 1107755009 SNMPv2-SMI::enterprises.6027.3.1.1.4.1.2 = STRING: "OSTATE_UP: Changed interface state to up: Po 1" Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an SNMP agent on a Dell Networking router, take into account the following behavior.
48 Stacking Using the Dell Networking OS stacking feature, you can interconnect multiple switch units with stacking ports or front end user ports. The stack becomes manageable as a single switch through the stack management unit. The system accepts Unit ID numbers from 0 to 6 and the S6000 supports stacking up to six units with Dell Networking OS version 9.7(0.0).
• Inter-switch stacking link failure • Switch insertion • Switch removal If the master switch goes off line, the standby replaces it as the new master and the switch with the next highest priority or MAC address becomes standby. Stack Master Election The stack elects a master and standby unit at bootup time based on two criteria. • Unit priority — User-configurable. The range is from 1 to 14. A higher value (14) means a higher priority. The default is 0.
-- Fan Status -Unit Bay TrayStatus Fan0 Speed Fan1 Speed -----------------------------------------------------------------------------------2 0 up up 7021 up 7072 2 1 up up 7072 up 7021 2 2 up up 7021 up 7021 5 0 up up 7072 up 7021 5 1 up up 7021 up 6971 5 2 up up 7072 up 7021 Speed in RPM Dell# Virtual IP You can manage the stack using a single IP, known as a virtual IP, that is retained in the stack even after a failover. The virtual IP address is used to log in to the current master unit of the stack.
2 Member not present 3 Member not present 4 Member not present 5 Member not present 6 Member not present [output omitted] Standalone#show system | grep priority Master priority : 0 -----------STACK BEFORE CONNECTION---------------Stack#show system brief Stack MAC : 00:01:e8:d5:f9:6f -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------0 Standby online S6000 1-0 (0-3387) 128 1 Management online S6000 1-0 (0-3387) 128 2 Member not present 3 Member n
Stacking LAG When multiple links are used between stack units, Dell Networking OS automatically bundles them in a stacking LAG to provide aggregated throughput and redundancy. The stacking LAG is established automatically and transparently by Dell Networking OS (without user configuration) after peering is detected and behaves as follows: • • The stacking LAG dynamically aggregates; it can lose link members or gain new links.
Example of Stack Manager Redundancy Management Access on Stacks You can access the stack via the console port or VTY line. • Console access — You may access the stack through the console port of the master unit (stack manager) only. Similar to a standby RPM, the console port of the standby unit does not provide management capability; only a limited number of commands are available. Member units provide a limited set of commands.
• Split a Stack Create a Stack Stacking is enabled on the device using the front end ports. No configuration is allowed on front end ports used for stacking. Stacking can be made between 40G ports of two units. The stack links between the two units are grouped into a single LAG. Stack Group/Port Numbers By default, each unit in Standalone mode is numbered stack-unit 0. A maximum of six 40G stack links can be made between two units in a stack.
NOTE: Any scripts used to streamline the stacking configuration process must be updated to reflect the Command Mode change from EXEC to CONFIGURATION to allow the scripts to work correctly. Enabling Front End Port Stacking To enable the front ports on a unit for stacking, use the following commands. NOTE: After a port has been allocated for stacking, you can only use it for stacking. If stack-group 0 is allocated for stacking, you can use ports 0, 1, 2, and 3 for stacking but not for Ethernet anymore.
CONFIGURATION mode stack-unit stack—unit—number priority priority 5 Assign a stack group for each unit. CONFIGURATION mode stack-unit stack-unit—id stack-group stack-group—id Begin with the first port on the management unit. Next, configure both ports on each subsequent unit. Finally, return to the management unit and configure the last port. (refer to the following example.) 6 Connect the units using stacking cables. NOTE: The device does not require special stacking cables.
Dell(conf)#02:39:12: %STKUNIT4-M:CP %IFMGR-6-STACK_PORTS_ADDED: Ports Fo 4/52 have been configured as stacking ports. Please save and reload for config to take effect Dell(conf)#stack-unit 4 stack-group 14 Dell(conf)#02:39:15: %STKUNIT4-M:CP %IFMGR-6-STACK_PORTS_ADDED: Ports Fo 4/56 have been configured as stacking ports.
• • • • allow Dell Networking OS to automatically assign the new unit a position in the stack, or manually determine each units position in the stack by configuring each unit to correspond with the stack before connecting it. If you add a unit that has a stack number that conflicts with the stack, the stack assigns the first available stack number.
4 5 Member Management not present online S6000 S6000 1-0(0-3666) 128 Adding a Configured Unit to an Existing Stack To add a configured unit to an existing stack, use the following commands. If a stack unit goes down and is removed from the stack, the logical provisioning configured for that stack-unit number is saved on the master and standby units.
• Dell Networking OS selects a master stack manager from the two existing managers based on the priority of the stack. • Dell Networking OS resets all the units in the losing stack; they all become stack members. • If there is no unit numbering conflict, the stack members retain their previous unit numbers. Otherwise, the stack manager assigns new unit numbers, based on the order that they come online.
Creating a Virtual Stack Unit on a Stack Use virtual stack units to configure ports on the stack before adding a new unit. • Create a virtual stack unit. CONFIGURATION mode stack-unit stack-unit-number provision S4048–ONS6000 Displaying Information about a Stack To display information about the stack, use the following command. • Display for stack-identity, status, and hardware information on every unit in a stack.
-----------------------------------------------------------2 0 up AC up 6656 2 1 up AC up 6688 -- Fan Status -Unit Bay TrayStatus Fan0 Speed Fan1 Speed -----------------------------------------------------------2 0 up up 7021 up 7072 2 1 up up 7021 up 7072 2 2 up up 7021 up 7021 Speed in RPM -- Unit 5 -Unit Type : Management Unit Status : online Next Boot : online Required Type : S6000 - 32-port TE/FG (SI) Current Type : S6000 - 32-port TE/FG (SI) Master priority : 234881024 Hardware Rev : 4.
-- Fan Status -Unit Bay TrayStatus Fan0 Speed Fan1 Speed -----------------------------------------------------------------------------------2 0 up up 7072 up 6971 2 1 up up 7021 up 7021 2 2 up up 7021 up 6971 5 0 up up 7021 up 7123 5 1 up up 6971 up 7021 5 2 up up 7021 up 6971 Speed in RPM The following example shows the show system stack-ports command.
• A new standby is elected. When the former stack master comes back online, it becomes a member unit. Prevent the stack master from rebooting after a failover. CONFIGURATION mode redundancy disable-auto-reboot stack-unit • This command does not affect a forced failover, manual reset, or a stack-link disconnect. Display redundancy information.
----------------------------------------------------1/48 7/56 42 up up 1/52 5/60 42 up up 2/56 6/52 42 up up 2/60 4/52 42 up up 3/48 7/52 42 up up 3/52 5/56 42 up up 4/52 6/48 42 up up 4/56 4/48 42 up up Dell# The following example shows the parameters for the management unit in the stack.
5/4 5/120 Dell# 2/4 42 42 up up down up Remove Units or Front End Ports from a Stack To remove units or front end ports from a stack, use the following instructions. • Removing a Unit from a Stack • Removing Front End Port Stacking Removing a Unit from a Stack The running-configuration and startup-configuration are synchronized on all stack units. A stack member that is disconnected from the stack maintains this configuration.
no stack-unit id stack-group id 2 Save the stacking configuration on the ports. EXEC Privilege mode write memory 3 Reload the switch. EXEC Privilege mode reload After the units are reloaded, the system reboots. The units come up as standalone units after the reboot completes. Troubleshoot a Stack To troubleshoot a stack, use the following recovery tasks.
Example of Card Problem Error on a Stack - Different Dell Networking OS Versions Dell#show system brief Stack MAC Reload-Type : 90:b1:1c:f4:a7:c7 : normal-reload [Next boot : normal-reload] -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports -----------------------------------------------------------------------------------0 Member not present S6000 unknown 128 1 Member not present 2 Standby online S6000 S6000 1-0(0-3387) 128 3 Member not present S6000 4 Member not present 5 Management online
49 Storm Control Storm control allows you to control unknown-unicast, muticast, and broadcast traffic on Layer 2 and Layer 3 physical interfaces. Dell Networking Operating System (OS) Behavior: Dell Networking OS supports unknown-unicast, muticast, and broadcast control for Layer 2 and Layer 3 traffic. To view the storm control broadcast configuration show storm-control broadcast | multicast | unknown-unicast | pfc-llfc[interface] command.
• Configure storm control. • INTERFACE mode Configure the packets per second of broadcast traffic allowed on an interface (ingress only). INTERFACE mode storm-control broadcast packets_per_second in • Configure the packets per second of multicast traffic allowed on C-Series or S-Series interface (ingress only) network only. INTERFACE mode storm-control multicast packets_per_second in • Shut down the port if it receives the PFC/LLFC packets more than the configured rate.
Detect PFC Storm The following section explains the procedure to detect the PFC storm. You can detect the PFC storm by polling the lossless queues in a port or priority periodically. When the queue depth is not equal to zero or when the queue has traffic after subsequent number of polling, then the port or priority is detected to have the PFC storm. • Use the polling—interval {interval in milli-seconds} command to set the polling interval. The queue traffic and egress counters are polled.
Te 0/3 Te 0/4 Te 0/5 Te 0/80 6 3 4 5 6 3 4 5 6 3 4 5 6 3 4 5 6 Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Drop Normal Normal Normal Normal 14780 14780 14760 14760 14760 14760 14760 14740 14740 14740 14640 14540 14540 0 0 0 0 8686064 8682775 8690918 8690786 8686030 8682643 8690784 8690653 8685901 8680780 8688702 8688349 8683376 0 0 0 0 Use the show storm-control pfc statistics stack-unit unit-number port—set portpipe-number command to view the statistical data of the storm control PF
50 Spanning Tree Protocol (STP) The spanning tree protocol (STP) is supported on Dell Networking OS.
• Enabling Spanning Tree Protocol Globally Related Configuration Tasks • Adding an Interface to the Spanning Tree Group • Modifying Global Parameters • Modifying Interface STP Parameters • Enabling PortFast • Prevent Network Disruptions with BPDU Guard • STP Root Guard • Enabling SNMP Traps for Root Elections and Topology Changes • Configuring Spanning Trees as Hitless Important Points to Remember • STP is disabled by default.
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled. Figure 120. Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2, use the following command. 1 If the interface has been assigned an IP address, remove it. INTERFACE mode no ip address 2 Place the interface in Layer 2 mode. INTERFACE switchport 3 Enable the interface.
Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport no shutdown Dell(conf-if-te-1/1)# Enabling Spanning Tree Protocol Globally Enable the spanning tree protocol globally; it is not enabled by default.
Figure 121. Spanning Tree Enabled Globally To enable STP globally, use the following commands. 1 Enter PROTOCOL SPANNING TREE mode. CONFIGURATION mode protocol spanning-tree 0 2 Enable STP. PROTOCOL SPANNING TREE mode no disable Examples of Verifying Spanning Tree Information To disable STP globally for all Layer 2 interfaces, use the disable command from PROTOCOL SPANNING TREE mode. To verify that STP is enabled, use the show config command from PROTOCOL SPANNING TREE mode.
Topology change flag not set, detected flag not set Number of topology changes 3 last change occurred 0:16:11 ago from TenGigabitEthernet 2/3 Timers: hold 1, topology change 35 hello 2, max age 20, forward delay 15 Times: hello 0, topology change 0, notification 0, aging Normal Port 289 (TenGigabitEthernet 2/1) is Forwarding Port path cost 4, Port priority 8, Port Identifier 8.289 Designated root has priority 32768, address 0001.e80d.2462 Designated bridge has priority 32768, address 0001.e80d.
Table 89.
• Port priority — influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost. The default values are listed in Modifying Global Parameters. To change the port cost or priority of an interface, use the following commands. • Change the port cost of an interface. INTERFACE mode spanning-tree 0 cost cost The range is from 0 to 65535. • The default values are listed in Modifying Global Parameters. Change the port priority of an interface.
Prevent Network Disruptions with BPDU Guard Configure the Portfast (and Edgeport, in the case of RSTP, PVST+, and MSTP) feature on ports that connect to end stations. End stations do not generate BPDUs, so ports configured with Portfast/ Edgport (edgeports) do not expect to receive BDPUs. If an edgeport does receive a BPDU, it likely means that it is connected to another part of the network, which can negatively affect the STP topology.
Figure 122. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering both block BPDUs, but are two separate features. BPDU guard: • is used on edgeports and blocks all traffic on edgeport if it receives a BPDU. • drops the BPDU after it reaches the RP and generates a console message.
Interface IP-Address OK Method Status Protocol TenGigabitEthernet 1/7 unassigned YES Manual up up Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it becomes the root bridge. You can also specify that a bridge is the root or the secondary root. To change the bridge priority or specify that a bridge is the root or secondary root, use the following command.
Figure 123. STP Root Guard Prevents Bridging Loops Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port.
• mstp: enables root guard on an MSTP-enabled port. • rstp: enables root guard on an RSTP-enabled port. • pvst: enables root guard on a PVST-enabled port. To disable STP root guard on a port or port-channel interface, use the no spanning-tree 0 rootguard command in an interface configuration mode. To verify the STP root guard configuration on a port or port-channel interface, use the show spanning-tree 0 guard [interface interface] command in a global configuration mode.
As shown in STP topology 3 (bottom middle), after you enable loop guard on an STP port or port-channel on Switch C, if no BPDUs are received and the max-age timer expires, the port transitions from a blocked state to a Loop-Inconsistent state (instead of to a Forwarding state). Loop guard blocks the STP port so that no traffic is transmitted and no loop is created. As soon as a BPDU is received on an STP port in a Loop-Inconsistent state, the port returns to a blocking state.
• Multiple Spanning Tree Protocol (MSTP) • Per-VLAN Spanning Tree Plus (PVST+) • You cannot enable root guard and loop guard at the same time on an STP port. For example, if you configure loop guard on a port on which root guard is already configured, the following error message is displayed: % Error: RootGuard is configured. Cannot configure LoopGuard.
51 SupportAssist SupportAssist sends troubleshooting data securely to Dell. SupportAssist in this Dell Networking OS release does not support automated email notification at the time of hardware fault alert, automatic case creation, automatic part dispatch, or reports. SupportAssist requires Dell Networking OS 9.9(0.0) and SmartScripts 9.7 or later to be installed on the Dell Networking device. For more information on SmartScripts, see Dell Networking Open Automation guide. Figure 125.
• Configuring SupportAssist Person • Configuring SupportAssist Server • Viewing SupportAssist Configuration Configuring SupportAssist Using a Configuration Wizard You are guided through a series of queries to configure SupportAssist. The generated commands are added to the running configuration, including the DNS resolve commands, if configured. This command starts the configuration wizard for the SupportAssist. At any time, you can exit by entering Ctrl-C. If necessary, you can skip some data entry.
involve international transfers of data from you to Dell and/or to Dells affiliates, subcontractors or business partners. When making such transfers, Dell shall ensure appropriate protection is in place to safeguard the Collected Data being transferred in connection with SupportAssist. If you are downloading SupportAssist on behalf of a company or other legal entity, you are further certifying to Dell that you have appropriate authority to provide this consent on behalf of that entity.
support-assist activity {full-transfer} start now Dell#support-assist activity full-transfer start now Configuring SupportAssist Activity SupportAssist Activity mode allows you to configure and view the action-manifest file for a specific activity. To configure SupportAssist activity, use the following commands. 1 Move to the SupportAssist Activity mode for an activity. Allows you to configure customized details for a specific activity.
SUPPORTASSIST ACTIVITY mode action-manifest show {all} Dell(conf-supportassist-act-full-transfer)#action-manifest show all Dell(conf-supportassist-act-full-transfer)# 6 Enable a specific SupportAssist activity. SUPPORTASSIST ACTIVITY mode [no] enable Dell(conf-supportassist-act-full-transfer)#enable Dell(conf-supportassist-act-full-transfer)# Configuring SupportAssist Company SupportAssist Company mode allows you to configure name, address and territory information of the company.
[no] contact-person [first ] last Dell(conf-supportassist)#contact-person first john last doe Dell(conf-supportassist-pers-john_doe)# 2 Configure the email addresses to reach the contact person. SUPPORTASSIST PERSON mode [no] email-address primary email-address [alternate email-address] Dell(conf-supportassist-pers-john_doe)#email-address primary jdoe@mycompany.com Dell(conf-supportassist-pers-john_doe)# 3 Configure phone numbers of the contact person.
[no] enable Dell(conf-supportassist-serv-default)#enable Dell(conf-supportassist-serv-default)# 4 Configure the URL to reach the SupportAssist remote server. SUPPORTASSIST SERVER mode [no] url uniform-resource-locator Dell(conf-supportassist-serv-default)#url https://192.168.1.1/index.htm Dell(conf-supportassist-serv-default)# Viewing SupportAssist Configuration To view the SupportAssist configurations, use the following commands.
show eula-consent {support-assist | other feature} Dell#show eula-consent SupportAssist EULA has been: Accepted Additional information about the SupportAssist EULA is as follows: By installing SupportAssist, you allow Dell to save your contact information (e.g. name, phone number and/or email address) which would be used to provide technical support for your Dell products and services. Dell may use the information for providing recommendations to improve your IT infrastructure.
52 System Time and Date System time and date settings and the network time protocol (NTP) are supported on Dell Networking OS. You can set system times and dates and maintained through the NTP. They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings. The Dell Networking OS supports reaching an NTP server through different VRFs. You can configure a maximum of eight logging servers across different VRFs or the same VRF.
Following conventions established by the telephone industry [BEL86], the accuracy of each server is defined by a number called the stratum, with the topmost level (primary servers) assigned as one and each level downwards (secondary servers) in the hierarchy assigned as one greater than the preceding level. Dell Networking OS synchronizes with a time-serving host to get the correct time. You can set Dell Networking OS to poll specific NTP time-serving hosts for the current time.
Figure 126. NTP Fields Implementation Information Dell Networking systems can only be an NTP client. Configure the Network Time Protocol Configuring NTP is a one-step process. • Enabling NTP Related Configuration Tasks • Configuring NTP Broadcasts • Disabling NTP on an Interface • Configuring a Source IP Address for NTP Packets (optional) Enabling NTP NTP is disabled by default. To enable NTP, specify an NTP server to which the Dell Networking system synchronizes.
Examples of Viewing System Clock To display the system clock state with respect to NTP, use the show ntp status command from EXEC Privilege mode. R6_E300(conf)#do show ntp status Clock is synchronized, stratum 2, reference is 192.168.1.1 frequency is -369.623 ppm, stability is 53.319 ppm, precision is 4294967279 reference time is CD63BCC2.0CBBD000 (16:54:26.049 UTC Thu Mar 12 2009) clock offset is 997.529984 msec, root delay is 0.00098 sec root dispersion is 10.04271 sec, peer dispersion is 10032.
CONFIGURATION mode ntp source interface Enter the following keywords and slot/port or number information: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. • For a Loopback interface, enter the keyword loopback then a number from 0 to 16383. • For a port channel interface, enter the keywords port-channel then a number.
• 5 • vrf-name : Enter the name of the VRF through which the NTP server is reachable. • hostname : Enter the keyword hostname to see the IP address or host name of the remote device. • ipv4-address : Enter an IPv4 address in dotted decimal format (A.B.C.D). • ipv6-address : Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. • key keyid : Configure a text string as the key exchanged between the NTP server and the client.
NOTE: • Leap Indicator (sys.leap, peer.leap, pkt.leap) — This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover interval) in the day of insertion to be increased or decreased by one.
Dell Networking OS Time and Date You can set the time and date using the Dell Networking OS CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings.
• • a number from 1 to 23 as the number of hours in addition to UTC for the timezone. a minus sign (-) then a number from 1 to 23 as the number of hours.
• Set the clock to the appropriate timezone and adjust to daylight saving time every year. CONFIGURATION mode clock summer-time time-zone recurring start-week start-day start-month start-time end-week end-day end-month end-time [offset] • time-zone: Enter the three-letter name for the time zone. This name displays in the show clock output.
53 Tunneling Tunnel interfaces create a logical tunnel for IPv4 or IPv6 traffic. Tunneling supports RFC 2003, RFC 2473, and 4213. DSCP, hop-limits, flow label values, open shortest path first (OSPF) v2, and OSPFv3 are supported. Internet control message protocol (ICMP) error relay, PATH MTU transmission, and fragmented packets are not supported.
interface Tunnel 2 no ip address ipv6 address 2::1/64 tunnel destination 90.1.1.1 tunnel source 60.1.1.1 tunnel mode ipv6ip no shutdown The following sample configuration shows a tunnel configured in IPIP mode (IPv4 tunnel carries IPv4 and IPv6 traffic): Dell(conf)#interface tunnel 3 Dell(conf-if-tu-3)#tunnel source 5::5 Dell(conf-if-tu-3)#tunnel destination 8::9 Dell(conf-if-tu-3)#tunnel mode ipv6 Dell(conf-if-tu-3)#ip address 3.1.1.
The following sample configuration shows how to use the interface tunnel configuration commands. Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 ip address 20.1.1.1/24 ipv6 address 20:1::1/64 no shutdown Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#ip unnumbered tengigabitethernet 1/1 Dell(conf-if-tu-1)#ipv6 unnumbered tengigabitethernet 1/1 Dell(conf-if-tu-1)#tunnel source 40.1.1.
! interface Tunnel 1 ip address 1.1.1.1/24 ipv6 address 1abd::1/64 tunnel source anylocal tunnel allow-remote 40.1.1.2 tunnel mode ipip decapsulate-any no shutdown Guidelines for Configuring Multipoint Receive-Only Tunnels • You can configure up to eight remote end-points for a multipoint receive-only tunnel. The maximum number of remote end-points supported for all multipoint receive-only tunnels on the switch depends on the hardware table size to setup termination.
54 Upgrade Procedures To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes. Get Help with Upgrades Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center. You can reach Technical Support: • On the web: http://www.dell.
55 Virtual LANs (VLANs) Virtual LANs (VLANs) are a logical broadcast domain or logical grouping of interfaces in a local area network (LAN) in which all data received is kept locally and broadcast to all members of the group. When in Layer 2 mode, VLANs move traffic at wire speed and can span multiple devices. The system supports up to 4093 port-based VLANs and one default VLAN, as specified in IEEE 802.1Q.
Default VLAN When you configure interfaces for Layer 2 mode, they are automatically placed in the Default VLAN as untagged interfaces. Only untagged interfaces can belong to the Default VLAN. The following example displays the outcome of placing an interface in Layer 2 mode. To configure an interface for Layer 2 mode, use the switchport command.
Figure 127. Tagged Frame Format The tag header contains some key information that Dell Networking OS uses: • • The VLAN protocol identifier identifies the frame as tagged according to the IEEE 802.1Q specifications (2 bytes). Tag control information (TCI) includes the VLAN ID (2 bytes total). The VLAN ID can have 4,096 values, but two are reserved. NOTE: The insertion of the tag header into the Ethernet frame increases the size of the frame to more than the 1,518 bytes as specified in the IEEE 802.
Codes: * - Default VLAN, G - GVRP VLANs NUM * 1 2 3 4 5 6 Status Inactive Active Active Active Active Active Q U U U T U U U Ports So 9/4-11 Te 1/1,18 Te 1/2,19 Te 1/3,20 Po 1 Te 1/12 So 9/0 Assigning Interfaces to a VLAN You can only assign interfaces in Layer 2 mode to a VLAN using the tagged and untagged commands. To place an interface in Layer 2 mode, use the switchport command. You can further designate these Layer 2 interfaces as tagged or untagged.
interface Vlan 4 no ip address tagged Port-channel 1 Dell(conf-if-vlan)#end Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs NUM Status Q * 1 Inactive 2 Active T T 3 Active T T 4 Active T Ports Po1(So 0/0-1) Te 1/1 Po1(So 0/0-1) Te 1/2 Po1(So 0/0-1) When you remove a tagged interface from a VLAN (using the no tagged interface command), it remains tagged only if it is a tagged interface in another VLAN.
untagged TenGigabitEthernet 1/2 Dell(conf-if-vlan)#end Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs NUM * 1 2 3 4 Status Q Inactive Active T T Active T T Active U Ports Po1(So 0/0-1) Te 1/3 Po1(So 0/0-1) Te 1/1 Te 1/2 The only way to remove an interface from the Default VLAN is to place the interface in Default mode by using the no switchport command in INTERFACE mode. Assigning an IP Address to a VLAN VLANs are a Layer 2 feature.
To configure a port so that it can be a member of an untagged and tagged VLANs, use the following commands. 1 Remove any Layer 2 or Layer 3 configurations from the interface. INTERFACE mode 2 Configure the interface for Hybrid mode. INTERFACE mode portmode hybrid 3 Configure the interface for Switchport mode. INTERFACE mode switchport 4 Add the interface to a tagged or untagged VLAN.
56 VLT Proxy Gateway The virtual link trucking (VLT) proxy gateway feature allows a VLT domain to locally terminate and route L3 packets that are destined to a Layer 3 (L3) end point in another VLT domain. Enable the VLT proxy gateway using the link layer discover protocol (LLDP) method or the static configuration. For more information, see the Dell Networking OS Command Line Reference Guide.
Figure 128. Sample Configuration for a VLT Proxy Gateway Guidelines for Enabling the VLT Proxy Gateway Keep the following points in mind when you enable a VLT proxy gateway: • Proxy gateway is supported only for VLT; for example, across a VLT domain. • You must enable the VLT peer-routing command for the VLT proxy gateway to function.
• You cannot change the link layer discovery protocol (LLDP) port channel interface to a legacy LAG when you enable a proxy gateway. • Dell Networking recommends the vlt-peer-mac transmit command only for square VLTs without diagonal links. • The virtual router redundancy (VRRP) protocol and IPv6 routing is not supported. • Private VLANs (PVLANs) are not supported.
• The interface is typically a VLT port-channel that connects to a remote VLT domain. • The new proxy gateway TLV is carried on the physical links under the port channel only. • You must have at least one link connection to each unit of the VLT domain. Following are the prerequisites for Proxy Gateway LLDP configuration: • You must globally enable LLDP.
Figure 129. Sample Configuration for a VLT Proxy Gateway • The above figure shows a sample VLT Proxy gateway scenario. There are no diagonal links in the square VLT connection between the C and D in VLT domain 1 and C1 and D1 in the VLT domain 2. This causes sub-optimal routing with the VLT Proxy Gateway LLDP method.
Sample Configuration Static Method Dell(conf-vlt-domain)#proxy-gateway static Dell(conf-vlt-domain-pxy-gw-static)#remote-mac-address exclude-vlan 10 • Packet duplication may happen with “Exclude-VLAN” configuration – Assume you used the exclude-vlan option (called VLAN 10) in C and D and in C1 and D1; If packets for VLAN 10 with C’s MAC address (C is in VLT domain 1) gets an L3 hit at C1 in VLT domain 2, they are switched to both D1 (via ICL) and C via inter DC link.
57 Virtual Link Trunking (VLT) Virtual link trunking (VLT) allows physical links between two chassis to appear as a single virtual link to the network core or other switches such as Edge, Access, or top-of-rack (ToR). Overview VLT reduces the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches and supporting a loop-free topology.
Figure 130. Example of VLT Deployment VLT on Core Switches Uplinks from servers to the access layer and from access layer to the aggregation layer are bundled in LAG groups with end-to-end Layer 2 multipathing. This set up requires “horizontal” stacking at the access layer and VLT at the aggregation layer such that all the uplinks from servers to access and access to aggregation are in Active-Active Load Sharing mode.
Figure 131. Enhanced VLT VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) — The combined port channel between an attached device and the VLT peer switches. • VLT backup link — The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, periodic keep alive messages between the VLT peer switches. • VLT interconnect (VLTi) — The link used to synchronize states between the VLT peer switches. Both ends must be on 10G or 40G interfaces.
• If you include PVST on the system, configure it before VLT. Refer to PVST Configuration. • Dell Networking strongly recommends that the VLTi (VLT interconnect) be a static LAG and that you disable LACP on the VLTi. • Ensure that the spanning tree root bridge is at the Aggregation layer. Refer to RSTP and VLT for guidelines to avoid traffic loss, if you enable RSTP on the VLT device.
Configuration Notes When you configure VLT, the following conditions apply. • • VLT domain • A VLT domain supports two chassis members, which appear as a single logical device to network access devices connected to VLT ports through a port channel. • A VLT domain consists of the two core chassis, the interconnect trunk, backup link, and the LAG members connected to attached devices. • Each VLT domain has a unique MAC address that you create or VLT creates automatically.
• • • • If the link between the VLT peer switches is established, changing the VLT system MAC address or the VLT unit-id causes the link between the VLT peer switches to become disabled. However, removing the VLT system MAC address or the VLT unit-id may disable the VLT ports if you happen to configure the unit ID or system MAC address on only one VLT peer at any time.
• • Enable Layer 3 VLAN connectivity VLT peers by configuring a VLAN network interface for the same VLAN on both switches. • Dell Networking does not recommend enabling peer-routing if the CAM is full. To enable peer-routing, a minimum of two local DA spaces for wild-card functionality are required. Software features supported on VLT physical ports • • Software features not supported with VLT • • • • In a VLT domain, the following software features are supported on VLT physical ports: 802.
RSTP and VLT VLT provides loop-free redundant topologies and does not require RSTP. RSTP can cause temporary port state blocking and may cause topology changes after link or node failures. Spanning tree topology changes are distributed to the entire layer 2 network, which can cause a network-wide flush of learned MAC and ARP addresses, requiring these addresses to be re-learned. However, enabling RSTP can detect potential loops caused by non-system issues such as cabling errors or incorrect configurations.
• Heartbeat — You can configure an IPv4 or IPv6 address as a backup link destination. You cannot use an IPv4 and an IPv6 address simultaneously. VLT Port Delayed Restoration When a VLT node boots up, if the VLT ports have been previously saved in the start-up configuration, they are not immediately enabled. To ensure MAC and ARP entries from the VLT per node are downloaded to the newly enabled VLT node, the system allows time for the VLT ports on the new node to be enabled and begin receiving traffic.
Figure 132. PIM-Sparse Mode Support on VLT On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes is elected as the PIM designated router. If you configured IGMP snooping along with PIM on the VLT VLANs, you must configure VLTi as the static multicast router port on both VLT peer switches. This ensures that for first hop routers, the packets from the source are redirected to the designated router (DR) if they are incorrectly hashed.
To verify the PIM neighbors on the VLT VLAN and on the multicast port, use the show ip pim neighbor, show ip igmp snooping mrouter, and show running config commands. You can configure virtual link trunking (VLT) peer nodes as rendezvous points (RPs) in a Protocol Independent Multicast (PIM) domain. If the VLT node elected as the designated router fails and you enable VLT Multicast Routing, multicast routes are synced to the other peer for traffic forwarding to ensure minimal traffic loss.
vlt domain domain-id 2 Enable peer-routing. VLT DOMAIN mode peer-routing 3 Configure the peer-routing timeout. VLT DOMAIN mode peer-routing—timeout value value: Specify a value (in seconds) from 1 to 65535. The default value is infinity (without configuring the timeout).
VLT DOMAIN mode multicast peer-routing—timeout value value: Specify a value (in seconds) from 1 to 1200. 4 Configure a PIM-SM compatible VLT node as a designated router (DR). For more information, refer to Configuring a Designated Router. 5 Configure a PIM-enabled external neighboring router as a rendezvous point (RP). For more information, refer to Configuring a Static Rendezvous Point. 6 Configure the VLT VLAN routing metrics to prefer VLT VLAN interfaces over non-VLT VLAN interfaces.
Sample RSTP Configuration The following is a sample of an RSTP configuration. Using the example shown in the Overview section as a sample VLT topology, the primary VLT switch sends BPDUs to an access device (switch or server) with its own RSTP bridge ID. BPDUs generated by an RSTP-enabled access device are only processed by the primary VLT switch. The secondary VLT switch tunnels the BPDUs that it receives to the primary VLT switch over the VLT interconnect.
Configuring a VLT Interconnect To configure a VLT interconnect, follow these steps. 1 Configure the port channel for the VLT interconnect on a VLT switch and enter interface configuration mode. CONFIGURATION mode interface port-channel id-number Enter the same port-channel number configured with the peer-link port-channel command as described in Enabling VLT and Creating a VLT Domain. NOTE: To be included in the VLTi, the port channel must be in Default mode (no switchport or VLAN assigned).
back-up destination {ipv4-address | ipv6-address} [interval seconds] You can optionally specify the time interval used to send hello messages. The range is from 1 to 5 seconds. 3 Configure the port channel to be used as the VLT interconnect between VLT peers in the domain.
To set an amount of time, in seconds, to delay the system from restoring the VLT port, use the delay-restore command at any time. For more information, refer to VLT Port Delayed Restoration. Configuring a VLT Port Delay Period To configure a VLT port delay period, use the following commands. 1 Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs from 1 to 1000.
To explicitly configure the default values on each peer switch, use the unit-id command. Configure a different unit ID (0 or 1) on each peer switch. Unit IDs are used for internal system operations. Use this command to minimize the time required for the VLT system to determine the unit ID assigned to each peer switch when one peer switch reboots. Connecting a VLT Domain to an Attached Access Device (Switch or Server) To connect a VLT domain to an attached access device, use the following commands.
Configuring a VLT VLAN Peer-Down (Optional) To configure a VLT VLAN peer-down, use the following commands. 1 Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 2 Enter the port-channel number that acts as the interconnect trunk.
back-up destination ip-address [interval seconds] You can optionally specify the time interval used to send hello messages. The range is from 1 to 5 seconds. 6 When you create a VLT domain on a switch, Dell Networking OS automatically creates a VLT-system MAC address used for internal system operations. VLT DOMAIN CONFIGURATION mode system-mac mac-address mac-address To explicitly configure the default MAC address for the domain by entering a new MAC address, use the system-mac command. The format is aaaa.
port-channel-protocol lacp 14 Configure the LACP port channel mode. INTERFACE mode port-channel number mode [active] 15 Ensure that the interface is active. MANAGEMENT INTERFACE mode no shutdown 16 Repeat steps 1 through 15 for the VLT peer node in Domain 1. 17 Repeat steps 1 through 15 for the first VLT node in Domain 2. 18 Repeat steps 1 through 15 for the VLT peer node in Domain 2.
EXEC Privilege mode show running-config entity 12 Verify that VLT is running. EXEC mode show vlt brief or show vlt detail 13 Verify that the VLT LAG is running in both VLT peer units. EXEC mode or EXEC Privilege mode show interfaces interface Example of Configuring VLT In the following sample VLT configuration steps, VLT peer 1 is Dell-2, VLT peer 2 is Dell-4, and the ToR is S60-1.
2 Configure the VLT peer link port channel id in VLT peer 1 and VLT peer 2. 3 In the Top of Rack unit, configure LACP in the physical ports (shown for VLT peer 1 only. Repeat steps for VLT peer 2. The bold vltpeer-lag port-channel 2 indicates that port-channel 2 is the port-channel id configured in VLT peer 2).
ICL Link Status HeartBeat Status VLT Peer Status Version Local System MAC address Remote System MAC address Remote system version Delay-Restore timer : : : : : : : : Up Up Up 6(3) 00:01:e8:8a:e9:91 00:01:e8:8a:e9:76 6(3) 90 seconds Delay-Restore Abort Threshold Peer-Routing Peer-Routing-Timeout timer Multicast peer-routing timeout Dell# : : : : 60 seconds Disabled 0 seconds 150 seconds Verify that the VLT LAG is up in VLT peer unit.
Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 90b1.1cf4.9b79 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 0, Address 90b1.1cf4.9b79 We are the root of Vlan 1000 Configured hello time 2, max age 20, forward delay 15 Interface Name ---------Po 1 Po 2 Te 1/10 Te 1/13 Interface Name ---------Po 1 Po 2 Te 1/10 Te 1/13 Dell# PortID -------128.2 128.3 128.230 128.
Figure 133. eVLT Configuration Example eVLT Configuration Step Examples In Domain 1, configure the VLT domain and VLTi on Peer 1. Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)# channel-member TenGigabitEthernet 1/8-9 Domain_1_Peer1(conf)#vlt domain 1000 Domain_1_Peer1(conf-vlt-domain)# peer-link port-channel 1 Domain_1_Peer1(conf-vlt-domain)# back-up destination 10.16.130.
Configure eVLT on Peer 2. Domain_1_Peer2(conf)#interface port-channel 100 Domain_1_Peer2(conf-if-po-100)# switchport Domain_1_Peer2(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_1_Peer2(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 2.
PIM-Sparse Mode Configuration Example The following sample configuration shows how to configure the PIM Sparse mode designated router functionality on the VLT domain with two VLT port-channels that are members of VLAN 4001. For more information, refer to PIM-Sparse Mode Support on VLT. Examples of Configuring PIM-Sparse Mode The following example shows how to enable PIM multicast routing on the VLT node globally.
EXEC mode • show vlt role Display the current configuration of all VLT domains or a specified group on the switch. EXEC mode • show running-config vlt Display statistics on VLT operation. EXEC mode • show vlt statistics Display the RSTP configuration on a VLT peer switch, including the status of port channels used in the VLT interconnect trunk and to connect to access devices. EXEC mode • show spanning-tree rstp Display the current status of a port or port-channel interface used in the VLT domain.
Version Local System MAC address Remote System MAC address Remote system version Delay-Restore timer : : : : : 6(3) 00:01:e8:8a:e9:91 00:01:e8:8a:e9:76 6(3) 90 seconds Delay-Restore Abort Threshold Peer-Routing Peer-Routing-Timeout timer Multicast peer-routing timeout Dell# : : : : 60 seconds Disabled 0 seconds 150 seconds The following example shows the show vlt detail command.
HeartBeat Messages Received: 986 ICL Hello's Sent: 148 ICL Hello's Received: 98 Dell_VLTpeer2# show vlt statistics VLT Statistics ---------------HeartBeat Messages Sent: HeartBeat Messages Received: ICL Hello's Sent: ICL Hello's Received: 994 978 89 89 The following example shows the show spanning-tree rstp command. The bold section displays the RSTP state of port channels in the VLT domain. Port channel 100 is used in the VLT interconnect trunk (VLTi) to connect to VLT peer2.
Enable VLT and create a VLT domain with a backup-link and interconnect trunk (VLTi). Dell_VLTpeer1(conf)#vlt domain 999 Dell_VLTpeer1(conf-vlt-domain)#peer-link port-channel 100 Dell_VLTpeer1(conf-vlt-domain)#back-up destination 10.11.206.35 Dell_VLTpeer1(conf-vlt-domain)#exit Configure the backup link. Dell_VLTpeer1(conf)#interface ManagementEthernet 0/0 Dell_VLTpeer1(conf-if-ma-0/0)#ip address 10.11.206.
Configure the port channel to an attached device. Dell_VLTpeer2(conf)#interface port-channel 110 Dell_VLTpeer2(conf-if-po-110)#no ip address Dell_VLTpeer2(conf-if-po-110)#switchport Dell_VLTpeer2(conf-if-po-110)#channel-member fortyGigE 1/48 Dell_VLTpeer2(conf-if-po-110)#no shutdown Dell_VLTpeer2(conf-if-po-110)#vlt-peer-lag port-channel 110 Dell_VLTpeer2(conf-if-po-110)#end Verify that the port channels used in the VLT domain are assigned to the same VLAN.
Description Behavior at Peer Up Behavior During Run Time Action to Take commands to view the VLT port channel status information. Spanning tree mismatch at global level All VLT port channels go down on both VLT peers. A syslog error message is generated. No traffic is passed on the port channels. A one-time informational syslog message is generated. During run time, a loop may occur as long as the mismatch lasts. To resolve, enable RSTP on both VLT peers.
Specifying VLT Nodes in a PVLAN You can configure VLT peer nodes in a private VLAN (PVLAN). VLT enables redundancy without the implementation of Spanning Tree Protocol (STP), and provides a loop-free network with optimal bandwidth utilization. Because the VLT LAG interfaces are terminated on two different nodes, PVLAN configuration of VLT VLANs and VLT LAGs are symmetrical and identical on both the VLT peers. PVLANs provide Layer 2 isolation between ports within the same VLAN.
PVLAN. For example, if a VLAN is a primary VLT VLAN on one peer and not a primary VLT VLAN on the other peer, VLTi is not made a part of that VLAN. MAC Synchronization for VLT Nodes in a PVLAN For the MAC addresses that are learned on non-VLT ports, MAC address synchronization is performed with the other peer if the VLTi (ICL) link is part of the same VLAN as the non-VLT port.
Under such conditions, the IP stack performs the following operations: • The ARP reply is sent with the MAC address of the primary VLAN. • The ARP request packet originates on the primary VLAN for the intended destination IP address. The ARP request received on ICLs are not proxied, even if they are received with a secondary VLAN tag.
VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Mac Synchronization Peer1 Peer2 Peer1 Peer2 Access Access Secondary (Community) Secondary (Community) Yes Yes - Primary VLAN X - Primary VLAN X Yes Yes Secondary (Isolated) Secondary (Isolated) Yes Yes - Primary VLAN X Yes Yes Secondary (Isolated) Secondary (Isolated) No No - Primary VLAN X - Primary VLAN Y No No Secondary (Community) Secondary (Community) No No - Primary VLAN Y - Primary VLAN X No No Access Access
4 • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown 5 To configure the VLT interconnect, repeat Steps 1–4 on the VLT peer switch. 6 Enter VLT-domain configuration mode for a specified VLT domain.
7 To obtain maximum VLT resiliency, configure the PVLAN IDs and mappings to be identical on both the VLT peer nodes. Set the PVLAN mode of the selected VLAN to primary. INTERFACE VLAN mode private-vlan mode primary 8 Map secondary VLANs to the selected primary VLAN. INTERFACE VLAN mode private-vlan mapping secondary-vlan vlan-list The list of secondary VLANs can be: • Specified in comma-delimited (VLAN-ID,VLAN-ID) or hyphenated-range format (VLAN-ID-VLAN-ID).
link or peer is down, and the ARP request for a private VLAN IP address reaches the wrong peer, the wrong peer responds to the ARP request with the peer MAC address. The IP address of the VLT node VLAN interface is synchronized with the VLT peer over ICL when the VLT peers are up. Whenever you add or delete an IP address, this updated information is synchronized with the VLT peer. IP address synchronization occurs regardless of the VLAN administrative state.
routing timeout value command. You can configure an optimal time for a VLT node to retain synced multicast routes or synced multicast outgoing interface (OIF), after a VLT peer node failure, using the multicast peer-routing-timeout command in VLT DOMAIN mode. Using the bootstrap router (BSR) mechanism, you can configure both the VLT nodes in a VLT domain as the candidate RP for the same group range. When an RP fails, the VLT peer automatically takes over the role of the RP.
no ip address switchport vlan-stack access vlt-peer-lag port-channel 10 no shutdown Dell# Dell(conf)#interface port-channel 20 Dell(conf-if-po-20)#switchport Dell(conf-if-po-20)#vlt-peer-lag port-channel 20 Dell(conf-if-po-20)#vlan-stack trunk Dell(conf-if-po-20)#no shutdown Dell#show running-config interface port-channel 20 ! interface Port-channel 20 no ip address switchport vlan-stack trunk vlt-peer-lag port-channel 20 no shutdown Dell# Configure the VLAN as a VLAN-Stack VLAN and add the VLT LAG as Membe
back-up destination 10.16.151.
V Po1(Te 1/30-32) Dell# 920 Virtual Link Trunking (VLT)
58 Virtual Extensible LAN (VXLAN) Virtual Extensible LAN (VXLAN) is supported on Dell Networking OS. Overview The switch acts as the VXLAN gateway and performs the VXLAN Tunnel End Point (VTEP) functionality. VXLAN is a technology where in the data traffic from the virtualized servers is transparently transported over an existing legacy network. Figure 134.
Components of VXLAN network VXLAN provides a mechanism to extend an L2 network over an L3 network. In short, VXLAN is an L2 overlay scheme over an L3 network and this overlay is termed as a VXLAN segment.
Functional Overview of VXLAN Gateway The following section is the functional overview of VXLAN Gateway: 1 Provides connectivity between a Virtual server infrastructure and a Physical server infrastructure. 2 Provides the functions performed by a VTEP in a virtual server infrastructure. The functions of a VTEP are: • VTEP is responsible for creating one or more logical networks.
Outer IP Header: • Source Address : It is the source MAC address of the router that routes the packet. • VLAN: It is optional in a VXLAN implementation and will be designated by an ethertype of 0×8100 and has an associated VLAN ID tag. • Ethertype: It is set to 0×0800 because the payload packet is an IPv4 packet. The initial VXLAN draft does not include an IPv6 implementation, but it is planned for the next draft.
Figure 136. Create Hypervisor Figure 137. Edit Hypervisor Figure 138. Create Transport Connector 2 Create Service Node To create service node, the required fields are the IP address and SSL certificate of the server. The Service node is responsible for broadcast/unknown unicast/multicast traffic replication.
Figure 139. Create Service Node 3 Create VXLAN Gateway To create a VXLAN L2 Gateway, the IP address of the Gateway is mandatory. The following is the snapshot of the user interface in creating a VXLAN Gateway Figure 140. Create Gateway 4 Create Logical Switch You can create a logical network by creating a logical switch. The logical network acts as the forwarding domain for workloads on the physical as well as virtual infrastructure. Figure 141.
Figure 142. Create Logical Switch Port NOTE: For more details about NVP controller configuration, refer to the NVP user guide from VMWare . Configuring VxLAN Gateway To configure the VxLAN gateway on the switch, follow these steps: 1 Connecting to NVP controller 2 Advertising VXLAN access ports to controller Connecting to an NVP Controller To connect to an NVP controller, use the following commands.
fail-mode secure If the local VTEP loses connectivity with the controller, it will delete all its database and hardware flows/resources. 7 no shut VxLAN INSTANCE mode Advertising VXLAN Access Ports to Controller To advertise the access ports to the controller, use the following command. In INTERFACE mode, vxlan-instance command configures a VXLAN-Access Port into a VXLAN-instance.
Tunnel : count 1 36.1.1.1 : vxlan_over_ipv4 (up) The following example shows the show vxlan vxlan-instance unicast-mac-local command.
The following example shows the show vxlan vxlan-instance statistics interface command. Dell#show vxlan vxlan-instance 1 statistics interface fortyGigE 0/124 100 Port : Fo 0/124 Vlan : 100 Rx Packets : 13 Rx Bytes : 1317 Tx Packets : 13 Tx Bytes : 1321 The following example shows the show vxlan vxlan-instance physical-locator command. Dell#show vxlan vxlan-instance 1 physical-locator Instance : 1 Tunnel : count 1 36.1.1.
* * * * * * LocalAddr 1.0.1.1 3.3.3.3 3.3.3.3 3.3.3.3 3.3.3.3 3.3.3.3 RemoteAddr 1.0.1.2 192.168.122.135 192.168.122.136 192.168.122.137 192.168.122.138 192.168.122.
59 Virtual Routing and Forwarding (VRF) Virtual Routing and Forwarding (VRF) allows a physical router to partition itself into multiple Virtual Routers (VRs). The control and data plane are isolated in each VR so that traffic does NOT flow across VRs.Virtual Routing and Forwarding (VRF) allows multiple instances of a routing table to co-exist within the same router at the same time. VRF Overview VRF improves functionality by allowing network paths to be segmented without using multiple devices.
Figure 143. VRF Network Example VRF Configuration Notes Although there is no restriction on the number of VLANs that can be assigned to a VRF instance, the total number of routes supported in VRF is limited by the size of the IPv4 CAM. VRF is implemented in a network device by using Forwarding Information Bases (FIBs). A network device may have the ability to configure different virtual routers, where entries in the FIB that belong to one VRF cannot be accessed by another VRF on the same device.
Table 92. Software Features Supported on VRF Feature/Capability Support Status for Default VRF Support Status for Non-default VRF Configuration rollback for commands introduced or modified Yes No LLDP protocol on the port Yes No 802.
Feature/Capability Support Status for Default VRF Support Status for Non-default VRF VRRP on physical and logical interfaces Yes Yes VRRPV3 Yes Yes Secondary IP Addresses Yes No Following IPv6 capabilities No Basic Yes No OSPFv3 Yes Yes IS-IS Yes Yes BGP Yes Yes ACL Yes No Multicast Yes No NDP Yes Yes RAD Yes Yes Ingress/Egress Storm-Control (perinterface/global) Yes No DHCP DHCP requests are not forwarded across VRF instances.
Creating a Non-Default VRF Instance VRF is enabled by default on the switch and supports up to 64 VRF instances: 1 to 63 and the default VRF (0). • Create a non-default VRF instance by specifying a name and VRF ID number, and enter VRF configuration mode. CONFIGURATION ip vrf vrf-name vrf-id The VRF ID range is from 1 to 63. 0 is the default VRF ID. Assigning an Interface to a VRF You must enter the ip vrf forwarding command before you configure the IP address or any other setting on an interface.
View VRF Instance Information To display information about VRF configuration, enter the show ip vrf command. To display information on all VRF instances (including the default VRF 0), do not enter a value for vrf-name. • Display the interfaces assigned to a VRF instance. EXEC show ip vrf [vrf-name] Assigning an OSPF Process to a VRF Instance OSPF routes are supported on all VRF instances. SeeOpen Shortest Path First (OSPFv2) for complete OSPF configuration information.
Task Command Syntax Command Mode vrrp-group 10 virtual-address 10.1.1.100 no shutdown View VRRP command output for the VRF vrf1 show vrrp vrf vrf1 -----------------TenGigabitEthernet 1/13, IPv4 VRID: 10, Version: 2, Net: 10.1.1.1 VRF: 2 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 43, Gratuitous ARP sent: 0 Virtual MAC address: 00:00:5e:00:01:0a Virtual IP address: 10.1.1.
NOTE: The command line help still displays relevant details corresponding to each of these commands. However, these interface range or interface group commands are not supported when Management VRF is configured. Configuring a Static Route • Configure a static route that points to a management interface.
Figure 145. Setup VRF Interfaces The following example relates to the configuration shown in the above illustrations. Router 1 ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet no ip address switchport no shutdown ! interface TenGigabitEthernet ip vrf forwarding blue ip address 10.0.0.1/24 no shutdown ! interface TenGigabitEthernet ip vrf forwarding orange ip address 20.0.0.1/24 no shutdown ! interface TenGigabitEthernet ip vrf forwarding green ip address 30.0.0.
no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 256 ip vrf forwarding green ip address 3.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown ! router ospf 1 vrf blue router-id 1.0.0.1 network 1.0.0.0/24 area 0 network 10.0.0.0/24 area 0 ! router ospf 2 vrf orange router-id 2.0.0.1 network 2.0.0.
interface Vlan 256 ip vrf forwarding green ip address 3.0.0.2/24 tagged TenGigabitEthernet 3/1 no shutdown ! router ospf 1 vrf blue router-id 1.0.0.2 network 11.0.0.0/24 area 0 network 1.0.0.0/24 area 0 passive-interface TenGigabitEthernet 2/1 ! router ospf 2 vrf orange router-id 2.0.0.2 network 21.0.0.0/24 area 0 network 2.0.0.0/24 area 0 passive-interface TenGigabitEthernet 2/2 ! ip route vrf green30.0.0.0/24 3.0.0.1 ! The following shows the output of the show commands on Router 1.
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set C C O Destination ----------2.0.0.0/24 20.0.0.0/24 21.0.0.0/24 Gateway ------Direct, Vl 192 Direct, Te 1/2 via 2.0.0.
C O C ----------1.0.0.0/24 10.0.0.0/24 11.0.0.0/24 ------Direct, Vl 128 via 1.0.0.
Dynamic Route Leaking Route Leaking is a powerful feature that enables communication between isolated (virtual) routing domains by segregating and sharing a set of services such as VOIP, Video, and so on that are available on one routing domain with other virtual domains. Inter-VRF Route Leaking enables a VRF to leak or export routes that are present in its RTM to one or more VRFs.
3 Configure VRF-red. ip vrf vrf-red interface-type slot/port ip vrf forwarding VRF-red ip address ip—address mask A non-default VRF named VRF-red is created and the interface is assigned to this VRF. 4 Configure the import target in VRF-red. ip route-import 1:1 5 Configure the export target in VRF-red. ip route-export 2:2 6 Configure VRF-blue.
ip route-import ip route-import 2:2 3:3 Show routing tables of all the VRFs (without any route-export and route-import tags being configured) Dell# show ip route vrf VRF-Red O 11.1.1.1/32 via 111.1.1.1 110/0 C 111.1.1.0/24 Direct, Te 1/11 0/0 00:00:10 22:39:59 Dell# show ip route vrf VRF-Blue O 22.2.2.2/32 via 122.2.2.2 110/0 00:00:11 C 122.2.2.0/24 Direct, Te 1/12 0/0 Dell# show ip route vrf VRF-Green O 33.3.3.3/32 via 133.3.3.3 00:00:11 C 133.3.3.
• If the target VRF conatins the same prefix as either the sourced or Leaked route from some other VRF, then route Leaking for that particular prefix fails and the following error-log is thrown. SYSLOG (“Duplicate prefix found %s in the target VRF %d”, address, import_vrf_id) with The type/level is EVT_LOGWARNING. • The source routes always take precedence over leaked routes. The leaked routes are deleted as soon as routes are locally learnt by the VRF using other means.
Dell(config-route-map)match source-protocol bgp This action specifies that the route-map contains OSPF and BGP as the matching criteria for exporting routes from vrf-red. 4 Configure the export target in the source VRF with route-map export_ospfbgp_protocol. ip route-export 1:1 export_ospfbgp_protocol 5 Configure VRF-blue. ip vrf vrf-blue interface-type slot/port ip vrf forwarding VRF-blue ip address ip—address mask A non-default VRF named VRF-blue is created and the interface 1/22 is assigned to it.
• 950 You can expose a unique set of routes from the Source VRF for Leaking to other VRFs. For example, in VRF-red there is no option for exporting one set of routes (for example, OSPF) to VRF- blue and another set of routes (for example, BGP routes) to some other VRF. Similarly, when two VRFs leak or export routes, there is no option to discretely filter leaked routes from each source VRF. Meaning, you cannot import one set of routes from VRF-red and another set of routes from VRF-blue.
60 Virtual Router Redundancy Protocol (VRRP) Virtual router redundancy protocol (VRRP) is designed to eliminate a single point of failure in a statically routed network. VRRP Overview VRRP is designed to eliminate a single point of failure in a statically routed network. VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a local area network (LAN).
Figure 146. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to converge or update routing tables. VRRP Implementation Within a single VRRP group, up to 12 virtual IP addresses are supported.
Table 94. Recommended VRRP Advertise Intervals Recommended Advertise Interval Groups/Interface Total VRRP Groups Groups/Interface Less than 250 1 second 12 Between 250 and 450 2–3 seconds 24 Between 450 and 600 3–4 seconds 36 Between 600 and 800 4 seconds 48 Between 800 and 1000 5 seconds 84 Between 1000 and 1200 7 seconds 100 Between 1200 and 1500 8 seconds 120 VRRP Configuration By default, VRRP is not configured.
no vrrp-group vrid Examples of Configuring and Verifying VRRP The following examples how to configure VRRP. Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#vrrp-group 111 Dell(conf-if-te-1/1-vrid-111)# The following examples how to verify the VRRP configuration. Dell(conf-if-te-1/1)#show conf ! interface TenGigabitEthernet 1/1 ip address 10.10.10.
2 Set the master switch to VRRP protocol version 3. Dell_master_switch(conf-if-te-1/1-vrid-100)#version 3 3 Set the backup switches to version 3. Dell_backup_switch1(conf-if-te-1/1-vrid-100)#version 3 Dell_backup_switch2(conf-if-te-1/2-vrid-100)#version 3 Assign Virtual IP addresses Virtual routers contain virtual IP addresses configured for that VRRP group (VRID). A VRRP group does not transmit VRRP packets until you assign the Virtual IP address to the VRRP group.
NOTE: In the following example, the primary IP address and the virtual IP addresses are on the same subnet. Dell(conf-if-te-1/1)#show conf ! interface TenGigabitEthernet 1/1 ip address 10.10.10.1/24 ! vrrp-group 111 priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.3 ! vrrp-group 222 no shutdown The following example shows the same VRRP group (VRID 111) configured on multiple interfaces on different subnets.
To verify the VRRP group priority, use the show vrrp command. Dellshow vrrp -----------------TenGigabitEthernet 1/1, VRID: 111, Net: 10.10.10.1 State: Master, Priority: 255, Master: 10.10.10.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 2343, Gratuitous ARP sent: 5 Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.10.1 10.10.10.2 10.10.10.3 10.10.10.10 Authentication: (none) -----------------TenGigabitEthernet 1/2, VRID: 111, Net: 10.10.2.
Disabling Preempt The preempt command is enabled by default. The command forces the system to change the MASTER router if another router with a higher priority comes online. Prevent the BACKUP router with the higher priority from becoming the MASTER router by disabling preempt. NOTE: You must configure all virtual routers in the VRRP group the same: you must configure all with preempt enabled or configure all with preempt disabled.
• Change the advertisement interval setting. INTERFACE-VRID mode advertise-interval seconds The range is from 1 to 255 seconds. • The default is 1 second. For VRRPv3, change the advertisement centisecs interval setting. INTERFACE-VRID mode advertise-interval centisecs centisecs The range is from 25 to 4075 centisecs in units of 25 centisecs. The default is 100 centisecs.
For a virtual group, you can also track the status of a configured object (the track object-id command) by entering its object number. NOTE: You can configure a tracked object for a VRRP group (using the track object-id command in INTERFACE-VRID mode) before you actually create the tracked object (using a track object-id command in CONFIGURATION mode). However, no changes in the VRRP group’s priority occur until the tracked object is defined and determined to be down.
The following example shows verifying the tracking status.
Set the delay timer on individual interfaces. The delay timer is supported on all physical interfaces, VLANs, and LAGs. When you configure both CLIs, the later timer rules VRRP enabling. For example, if you set vrrp delay reload 600 and vrrp delay minimum 300, the following behavior occurs: • When the system reloads, VRRP waits 600 seconds (10 minutes) to bring up VRRP on all interfaces that are up and configured for VRRP.
Figure 147. VRRP for IPv4 Topology Examples of Configuring VRRP for IPv4 and IPv6 The following example shows configuring VRRP for IPv4 Router 2. R2(conf)#interface tengigabitethernet 2/31 R2(conf-if-te-2/31)#ip address 10.1.1.1/24 R2(conf-if-te-2/31)#vrrp-group 99 R2(conf-if-te-2/31-vrid-99)#priority 200 R2(conf-if-te-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-te-2/31-vrid-99)#no shut R2(conf-if-te-2/31)#show conf ! interface TenGigabitEthernet 2/31 ip address 10.1.1.
TenGigabitEthernet 2/31, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 200, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 817, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:63 Virtual IP address: 10.1.1.3 Authentication: (none) R2# Router 3 R3(conf)#interface tengigabitethernet 3/21 R3(conf-if-te-3/21)#ip address 10.1.1.2/24 R3(conf-if-te-3/21)#vrrp-group 99 R3(conf-if-te-3/21-vrid-99)#virtual 10.1.1.
Figure 148. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address. The following example shows configuring VRRP for IPv6 Router 2 and Router 3. Configure a virtual link local (fe80) address for each VRRPv3 group created for an interface.
R2(conf-if-te-1/1-vrid-10)#no shutdown R2(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 ipv6 address 1::1/64 vrrp-group 10 priority 100 virtual-address fe80::10 virtual-address 1::10 no shutdown R2(conf-if-te-1/1)#end R2#show vrrp -----------------TenGigabitEthernet 1/1, IPv6 VRID: 10, Version: 3, Net:fe80::201:e8ff:fe6a:c59f VRF: 0 default-vrf State: Master, Priority: 100, Master: fe80::201:e8ff:fe6a:c59f (local) Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE,
VRRP in a VRF: Non-VLAN Scenario The following example shows how to enable VRRP in a non-VLAN. The following example shows a typical use case in which you create three virtualized overlay networks by configuring three VRFs in two switches. The default gateway to reach the Internet in each VRF is a static route with the next hop being the virtual IP address configured in VRRP. In this scenario, a single VLAN is associated with each VRF.
Figure 149. VRRP in a VRF: Non-VLAN Example Example of Configuring VRRP in a VRF on Switch-1 (Non-VLAN) Switch-1 S1(conf)#ip vrf default-vrf 0 ! S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 1/1 S1(conf-if-te-1/1)#ip vrf forwarding VRF-1 S1(conf-if-te-1/1)#ip address 10.10.1.5/24 S1(conf-if-te-1/1)#vrrp-group 11 % Info: The VRID used by the VRRP group 11 in VRF 1 will be 177.
S1(conf-if-te-1/3-vrid-105)#virtual-address 20.1.1.5 S1(conf-if-te-1/3)#no shutdown Dell#show vrrp tengigabitethernet 2/8 -----------------TenGigabitEthernet 2/8, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 0 default State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 119, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:01 Virtual IP address: 10.1.1.
VRRP in VRF: Switch-1 VLAN Configuration Switch-1 S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 1/1 S1(conf-if-te-1/1)#no ip address S1(conf-if-te-1/1)#switchport S1(conf-if-te-1/1)#no shutdown ! S1(conf-if-te-1/1)#interface vlan 100 S1(conf-if-vl-100)#ip vrf forwarding VRF-1 S1(conf-if-vl-100)#ip address 10.10.1.
VRRP in VRF: Switch-2 VLAN Configuration Switch-2 S2(conf)#ip vrf VRF-1 1 ! S2(conf)#ip vrf VRF-2 2 ! S2(conf)#ip vrf VRF-3 3 ! S2(conf)#interface TenGigabitEthernet 1/1 S2(conf-if-te-1/1)#no ip address S2(conf-if-te-1/1)#switchport S2(conf-if-te-1/1)#no shutdown ! S2(conf-if-te-1/1)#interface vlan 100 S2(conf-if-vl-100)#ip vrf forwarding VRF-1 S2(conf-if-vl-100)#ip address 10.10.1.
VRF: 2 vrf2 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 419, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:01 Virtual IP address: 10.1.1.100 Authentication: (none) VRRP for IPv6 Configuration This section shows VRRP IPv6 topology with CLI configurations. Consider an example VRRP for IPv6 configuration in which the IPv6 VRRP group consists of two routers. Figure 150.
NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be master even if one of two routers has a higher IP or IPv6 address. Router 2 R2(conf)#interface tengigabitethernet 1/1 R2(conf-if-te-1/1)#no ip address R2(conf-if-te-1/1)#ipv6 address 1::1/64 R2(conf-if-te-1/1)#vrrp-group 10 NOTE: You must configure a virtual link local (fe80) address for each VRRPv3 group created for an interface.
Virtual IP address: 1::10 fe80::10 Dell#show vrrp tengigabitethernet 0/0 TenGigabitEthernet 0/0, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:fd76 VRF: 0 default State: Backup, Priority: 90, Master: fe80::201:e8ff:fe8a:e9ed Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 214, Bad pkts rcvd: 0, Adv sent: 0 Virtual MAC address: 00:00:5e:00:02:ff Virtual IP address: 10:1:1::255 fe80::255 Dell#show vrrp tengigabitethernet 2/8 TenGigabi
Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 548, Bad pkts rcvd: 0, Adv sent: 0 Virtual MAC address: 00:00:5e:00:02:ff Virtual IP address: 10:1:1::255 fe80::255 Virtual Router Redundancy Protocol (VRRP) 975
61 Debugging and Diagnostics This chapter describes debugging and diagnostics for the device. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • • • Level 0 — Level 0 diagnostics check for the presence of various components and perform essential path verifications. In addition, Level 0 diagnostics verify the identification registers of the components on the board.
3 Start diagnostics on the unit. diag stack-unit stack-unit-number When the tests are complete, the system displays the following message and automatically reboots the unit. Dell#00:09:42 : Diagnostic test results are stored on file: flash:/TestReport-SU-1.txt Diags completed... Rebooting the system now!!! Mar 12 10:40:35: %S6000:0 %DIAGAGT-6-DA_DIAG_DONE: Diags finished on stack unit 0 Dell#00:09:42 : Diagnostic test results are stored on file: flash:/TestReport-SU-0.txt Diags completed...
The following example shows the diag command (standalone unit). Dell#diag stack-unit 1 level0 Warning - diagnostic execution will cause multiple link flaps on the peer side - advisable to shut directly connected ports Proceed with Diags [confirm yes/no]: yes Dell#Dec 15 04:14:07: %S4820:0 %DIAGAGT-6-DA_DIAG_STARTED: Starting diags on stack unit 1 00:12:10 : System may take additional time for Driver Init. 00:12:10 : Approximate time to complete the Diags ...
Test 5 - Psu Status Monitor Test .................................... NOT PRESENT Test 6.000 - Psu0 Fan Speed Monitor Test ............................ PASS diagS6000IsPsuGood[954]: ERROR: Psu:1, Power supply is not present. Test 6.001 - Psu1 Fan Speed Monitor Test ............................ NOT PRESENT Test 6 - Psu Fan Speed Monitor Test ................................. NOT PRESENT Test 7.000 - Psu0 Fan Status Monitor Test ...........................
Trace Logs In addition to the syslog buffer, Dell Networking OS buffers trace messages which are continuously written by various Dell Networking OS software tasks to report hardware and software events and status information. Each trace message provides the date, time, and name of the Dell Networking OS process. All messages are stored in a ring buffer. You can save the messages to a file either manually or automatically after failover.
=================================== QSFP 52 Temp High Alarm threshold QSFP 52 Voltage High Alarm threshold QSFP 52 Bias High Alarm threshold QSFP 52 RX Power High Alarm threshold QSFP 52 Temp Low Alarm threshold QSFP 52 Voltage Low Alarm threshold QSFP 52 Bias Low Alarm threshold QSFP 52 RX Power Low Alarm threshold =================================== QSFP 52 Temp High Warning threshold QSFP 52 Voltage High Warning threshold QSFP 52 Bias High Warning threshold QSFP 52 RX Power High Warning threshold QSFP 52
Troubleshoot an Over-temperature Condition To troubleshoot an over-temperature condition, use the following information. 1 Use the show environment commands to monitor the temperature levels. 2 Check air flow through the system. Ensure that the air ducts are clean and that all fans are working correctly. 3 After the software has determined that the temperature levels are within normal limits, you can re-power the card safely. To bring back the line card online, use the power-on command in EXEC mode.
OID String OID Name Description .1.3.6.1.4.1.6027.3.27.1.4 dellNetFpPacketBufferTable View the modular packet buffers details per stack unit and the mode of allocation. .1.3.6.1.4.1.6027.3.27.1.5 dellNetFpStatsPerPortTable View the forwarding plane statistics containing the packet buffer usage per port per stack unit. .1.3.6.1.4.1.6027.3.27.1.6 dellNetFpStatsPerCOSTable View the forwarding plane statistics containing the packet buffer statistics per COS per port.
• Dynamic Pool= Total Available Pool(16384 cells) — Total Dedicated Pool = 5904 cells • Oversubscription ratio = 10 • Dynamic Cell Limit Per port = 59040/29 = 2036 cells Figure 151. Buffer Tuning Points Deciding to Tune Buffers Dell Networking recommends exercising caution when configuring any non-default buffer settings, as tuning can significantly affect system performance. The default values work for most cases.
BUFFER PROFILE mode • buffer dedicated Change the maximum number of dynamic buffers an interface can request. BUFFER PROFILE mode • buffer dynamic Change the number of packet-pointers per queue. BUFFER PROFILE mode • buffer packet-pointers Apply the buffer profile to a line card. CONFIGURATION mode • buffer fp-uplink linecard Apply the buffer profile to a CSF to FP link.
The following example shows viewing the buffer profile allocations. Dell#show running-config interface tengigabitethernet 2/1 ! interface TenGigabitEthernet 2/1 no ip address mtu 9216 switchport no shutdown buffer-policy myfsbufferprofile The following example shows viewing the default buffer profile on an interface. Dell#show buffer-profile detail interface tengigabitethernet 1/10 Interface Te 1/10 Buffer-profile fsqueue-fp Dynamic buffer 1256.
user-defined buffer profile on interface Te 1/1. Please remove global pre-defined buffer profile. To apply a predefined buffer profile, use the following command. • Apply one of the pre-defined buffer profiles for all port pipes in the system. CONFIGURATION mode buffer-profile global [1Q|4Q] If the default buffer profile dynamic is active, Dell Networking OS displays an error message instructing you to remove the default configuration using the no buffer-profile global command.
• • • • • show hardware drops interface interface clear hardware stack-unit stack-unit-number clear hardware stack-unit stack-unit-number clear hardware stack-unit stack-unit-number clear hardware stack-unit stack-unit-number counters unit 0-1 counters cpu data-plane statistics cpu party-bus statistics Displaying Drop Counters To display drop counters, use the following commands. • • Identify which stack unit and port pipe is experiencing internal drops.
HOL DROPS on COS3 HOL DROPS on COS4 HOL DROPS on COS5 HOL DROPS on COS6 HOL DROPS on COS7 HOL DROPS on COS8 HOL DROPS on COS9 HOL DROPS on COS10 HOL DROPS on COS11 HOL DROPS on COS12 HOL DROPS on COS13 HOL DROPS on COS14 HOL DROPS on COS15 HOL DROPS on COS16 HOL DROPS on COS17 TxPurge CellErr Aged Drops --- Egress MAC counters--Egress FCS Drops --- Egress FORWARD PROCESSOR IPv4 L3UC Aged & Drops TTL Threshold Drops INVALID VLAN CNTR Drops L2MC Drops PKT Drops of ANY Conditions Hg MacUnderflow TX Err PKT Cou
rxPkt(UNIT0) :773 transmitted :12698 txRequested :12698 noTxDesc :0 txError :0 txReqTooLarge :0 txInternalError :0 txDatapathErr :0 txPkt(COS0 ) :0 txPkt(COS1 ) :0 txPkt(COS2 ) :0 txPkt(COS3 ) :0 txPkt(COS4 ) :0 txPkt(COS5 ) :0 txPkt(COS6 ) :0 txPkt(COS7 ) :0 txPkt(COS8 ) :0 txPkt(COS9 ) :0 txPkt(COS10) :0 txPkt(COS11) :0 txPkt(UNIT0) :0 Example of Viewing Party Bus Statistics Dell#sh hardware stack-unit 1 cpu party-bus statistics Input Statistics: 27550 packets, 2559298 bytes 0 dropped, 0 errors Output Sta
RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX - IPV4 L3 Unicast Frame Counter IPV4 L3 routed multicast Packets IPV6 L3 Unicast Frame Counter IPV6 L3 routed multicast Packets Unicast Packet Counter 64 Byte Frame Counter 64 to 127 Byte Frame Counter 128 to 255 Byte Frame Counter 256 to 511 Byte Frame Counter 512 to 1023 Byte Frame Counter 1024 to 1518 Byte Frame Counter 1519 to 1522 Byte Good
RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX - Unicast Packet Counter 64 Byte Frame Counter 64 to 127 Byte Frame Counter 128 to 255 Byte Frame Counter 256 to 511 Byte Frame Counter 512 to 1023 Byte Frame Counter 1024 to 1518 Byte Frame Counter 1519 to 1522 Byte Good VLAN Frame Counter 1519 to 2047 Byte Frame Counter 2048 to 4095 Byte Frame Counter 4096 to 9216 Byte Frame Counter Good Packet Counter Pac
RX - Good Packet Counter RX - Packet/Frame Counter RX - Unicast Frame Counter RX - Multicast Frame Counter RX - Broadcast Frame Counter RX - Byte Counter RX - Control Frame Counter RX - Pause Control Frame Counter RX - Oversized Frame Counter RX - Jabber Frame Counter RX - VLAN Tag Frame Counter RX - Double VLAN Tag Frame Counter RX - RUNT Frame Counter RX - Fragment Counter RX - VLAN Tagged Packets RX - Ingress Dropped Packet RX - MTU Check Error Frame Counter RX - PFC Frame Priority 0 RX - PFC Frame Prior
Example of Application Mini Core Dump Listings Dell#dir Directory of flash: 1 2 3 4 5 6 7 8 9 10 11 12 13 drwdrwx drwd---rw-rw-rw-rw-rw-rw-rw-rw-rw- 16384 1536 512 512 8693 8693 156 156 156 156 156 156 156 Jan Sep Aug Aug Sep Sep Aug Aug Aug Aug Aug Aug Aug 01 03 07 07 03 03 28 28 28 28 31 29 31 1980 2009 2009 2009 2009 2009 2009 2009 2009 2009 2009 2009 2009 00:00:00 16:51:02 13:05:58 13:06:00 16:50:56 16:44:22 16:16:10 17:17:24 18:25:18 19:07:36 16:18:50 14:28:34 16:14:56 +00:00 +00:00 +00:00 +00:0
tcpdump cp [capture-duration time | filter expression | max-file-count value | packet-count value | snap-length value | write-to path] Debugging and Diagnostics 995
62 Standards Compliance This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking OS, the system also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website. Click “Browse and search IETF documents,” enter an RFC number, and inspect the top of the resulting document for obsolescence citations to related RFCs.
MTU 9,216 bytes RFC and I-D Compliance Dell Networking OS supports the following standards. The standards are grouped by related protocol. The columns showing support by platform indicate which version of Dell Networking OS first supports the standard. General Internet Protocols The following table lists the Dell Networking OS support per platform for general internet protocols. Table 97. General Internet Protocols RFC# Full Name Z-Series S-Series 768 User Datagram Protocol 7.6.
General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 98. General IPv4 Protocols R F C # Full Name Z-Series S-Series 79 Internet Protocol 1 7.6.1 79 Internet Control 2 Message Protocol 7.6.1 82 An Ethernet Address 6 Resolution Protocol 7.6.1 10 Using ARP to 27 Implement Transparent Subnet Gateways 7.6.1 10 DOMAIN NAMES 3 IMPLEMENTATION 5 AND SPECIFICATION (client) 7.6.
R F C # Full Name Z-Series S-Series 21 Dynamic Host 31 Configuration Protocol 7.6.1 23 Virtual Router 38 Redundancy Protocol (VRRP) 7.6.1 3 Using 31-Bit Prefixes 02 on IPv4 Point-to1 Point Links 7.7.1 3 DHCP Relay Agent 0 Information Option 46 7.8.1 3 0 6 9 7.8.1 VLAN Aggregation for Efficient IP Address Allocation 31 Protection Against a 28 Variant of the Tiny Fragment Attack 7.6.
RF C# Full Name Z-Series S-Series over Ethernet Networks 267 5 IPv6 Jumbograms 7.8.1 2711 IPv6 Router Alert Option 8.3.12.0 358 IPv6 Global 7 Unicast Address Format 7.8.1 400 IPv6 Scoped 7 Address Architecture 8.3.12.0 429 Internet 1 Protocol Version 6 (IPv6) Addressing Architecture 7.8.1 444 3 7.8.1 Internet Control Message Protocol (ICMPv6) for the IPv6 Specification 486 Neighbor 1 Discovery for IPv6 8.3.12.0 486 IPv6 Stateless 2 Address Autoconfigurati on 8.3.12.0 517 5 8.3.12.
RFC# Full Name S-Series/Z-Series 2545 Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing 2796 BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP) 7.8.1 2842 Capabilities Advertisement with BGP-4 7.8.1 2858 Multiprotocol Extensions for BGP-4 7.8.1 2918 Route Refresh Capability for BGP-4 7.8.1 3065 Autonomous System Confederations for BGP 7.8.1 4360 BGP Extended Communities Attribute 7.8.1 4893 BGP Support for Four-octet AS Number Space 7.8.
RFC# Full Name S-Series 2763 Dynamic Hostname Exchange Mechanism for IS-IS 2966 Domain-wide Prefix Distribution with Two-Level ISIS 3373 Three-Way Handshake for Intermediate System to Intermediate System (IS-IS) Point-to-Point Adjacencies 3567 IS-IS ACruythpetongtircaapthioicn 3784 Intermediate System to Intermediate System (ISIS) Extensions in Support of Generalized MultiProtocol Label Switching (GMPLS) 5120 MT-ISIS: Multi Topology (MT) Routing in Intermediate System to Intermediate Systems (
RFC# Full Name Z-Series S-Series 3376 Internet Group Management Protocol, Version 3 7.8.1 3569 An Overview of SourceSpecific Multicast (SSM) 7.8.1 SSM for IPv4 3618 Multicast Source Discovery Protocol (MSDP) draftietfpim smv2new05 Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification (Revised) 7.8.1 PIM-SM for IPv4 Network Management The following table lists the Dell Networking OS support per platform for network management protocol. Table 105.
RFC# Full Name S4810 2558 Definitions of Managed Objects for the Synchronous Optical Network/Synchronous Digital Hierarchy (SONET/SDH) Interface Type 2570 Introduction and Applicability Statements for Internet Standard Management Framework 7.6.1 2571 An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks 7.6.1 2572 Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) 7.6.
RFC# Full Name S4810 Statistics High-Capacity Table, Ethernet History HighCapacity Table 3416 Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP) 7.6.1 3418 Management Information Base (MIB) for the Simple Network Management Protocol (SNMP) 7.6.1 3434 Remote Monitoring MIB Extensions for High Capacity Alarms, High-Capacity Alarm Table (64 bits) 7.6.1 3580 IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines 7.6.
RFC# Full Name S4810 IEEE 802.1AB The LLDP Management Information Base extension module for IEEE 802.3 organizationally defined discovery information. (LLDP DOT1 MIB and LLDP DOT3 MIB) 7.7.1 ruzin-mstp-mib-0 2 (Traps) Definitions of Managed Objects for Bridges with Multiple Spanning Tree Protocol 7.6.1 sFlow.org sFlow Version 5 7.7.1 sFlow.org sFlow Version 5 MIB 7.7.1 FORCE10-BGP4-V2-MIB Force10 BGP MIB (draft-ietf-idr-bgp4-mibv2-05) 7.8.
https://www.force10networks.com/CSPortal20/AccountRequest/AccountRequest.aspx If you have forgotten or lost your account information, contact Dell TAC for assistance.
