Dell Configuration Guide for the S6010–ON System 9.10(0.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2016 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents 1 About this Guide..................................................................................................................... 35 Audience.....................................................................................................................................35 Conventions.............................................................................................................................. 35 Related Documents..............................................................
Using HTTP for File Transfers................................................................................................ 59 Verify Software Images Before Installation.........................................................................60 4 Management........................................................................................................................... 62 Configuring Privilege Levels..................................................................................................
Setting Timeout for EXEC Privilege Mode...........................................................................85 Using Telnet to get to Another Network Device............................................................... 85 Lock CONFIGURATION Mode...............................................................................................86 Viewing the Configuration Lock Status......................................................................... 86 Restoring the Factory Default Settings..........
Configuring Filters with a Sequence Number.............................................................121 Configuring Filters Without a Sequence Number......................................................123 Configure Layer 2 and Layer 3 ACLs.................................................................................. 124 Assign an IP ACL to an Interface......................................................................................... 124 Applying an IP ACL.....................................
Route Reflectors..................................................................................................................... 174 BGP Attributes......................................................................................................................... 175 Best Path Selection Criteria............................................................................................ 175 Weight.......................................................................................................
Changing the WEIGHT Attribute................................................................................... 215 Enabling Multipath............................................................................................................215 Filtering BGP Routes........................................................................................................ 215 Filtering BGP Routes Using Route Maps......................................................................
Ethernet Enhancements in Data Center Bridging...........................................................254 Priority-Based Flow Control.......................................................................................... 256 Enhanced Transmission Selection................................................................................ 257 Data Center Bridging Exchange Protocol (DCBx).....................................................258 Data Center Bridging in a Traffic Flow..........................
Auto-Detection and Manual Configuration of the DCBx Version.........................286 DCBx Example.................................................................................................................. 286 DCBx Prerequisites and Restrictions............................................................................ 287 Configuring DCBx............................................................................................................ 287 Verifying the DCB Configuration.................
ECMP for Flow-Based Affinity............................................................................................. 330 Configuring the Hash Algorithm...................................................................................330 Enabling Deterministic ECMP Next Hop..................................................................... 330 Configuring the Hash Algorithm Seed......................................................................... 331 Link Bundle Monitoring........................
BGP Graceful Restart.......................................................................................................359 Cold Boot Caused by Power Cycling the System..................................................... 359 Unexpected Reload of the System............................................................................... 359 Software Upgrade............................................................................................................ 360 LACP Fast Switchover...................
IGMP Version 3................................................................................................................. 384 Configure IGMP......................................................................................................................388 Related Configuration Tasks..........................................................................................388 Viewing IGMP Enabled Interfaces......................................................................................
Configuring Layer 2 (Interface) Mode.......................................................................... 412 Configuring Layer 3 (Network) Mode...........................................................................412 Configuring Layer 3 (Interface) Mode.......................................................................... 413 Egress Interface Selection (EIS)........................................................................................... 414 Important Points to Remember.............
Enabling Link Dampening.............................................................................................. 439 Link Bundle Monitoring.........................................................................................................441 Using Ethernet Pause Frames for Flow Control.............................................................. 442 Enabling Pause Frames...................................................................................................
UDP Helper............................................................................................................................. 469 Configure UDP Helper.................................................................................................... 469 Important Points to Remember.................................................................................... 469 Enabling UDP Helper.............................................................................................................
Configuring IPv6 RA Guard on an Interface...............................................................499 Monitoring IPv6 RA Guard............................................................................................. 499 22 iSCSI Optimization............................................................................................................ 500 iSCSI Optimization Overview..............................................................................................
24 Link Aggregation Control Protocol (LACP)...................................................................539 Introduction to Dynamic LAGs and LACP........................................................................ 539 Important Points to Remember.................................................................................... 539 LACP Modes...................................................................................................................... 540 Configuring LACP Commands.........
802.1AB (LLDP) Overview......................................................................................................571 Protocol Data Units.......................................................................................................... 571 Optional TLVs..........................................................................................................................572 Management TLVs...................................................................................................
Limiting the Source-Active Cache............................................................................... 609 Clearing the Source-Active Cache.............................................................................. 609 Enabling the Rejected Source-Active Cache.............................................................609 Accept Source-Active Messages that Fail the RFP Check.............................................610 Specifying Source-Active Messages........................................
Implementation Information............................................................................................... 645 Multicast Policies................................................................................................................... 646 IPv4 Multicast Policies.....................................................................................................646 31 Object Tracking......................................................................................................
Configuring Stub Areas................................................................................................... 700 Configuring Passive-Interface.......................................................................................700 Redistributing Routes...................................................................................................... 700 Configuring a Default Route..........................................................................................
Configuring PIM-SSM with IGMPv2..............................................................................734 36 Port Monitoring.................................................................................................................. 736 Important Points to Remember.......................................................................................... 736 Port Monitoring.......................................................................................................................
Create a QoS Policy......................................................................................................... 777 DSCP Color Maps............................................................................................................. 779 Create Policy Maps.......................................................................................................... 782 Enabling QoS Rate Adjustment...........................................................................................
Configuring an RMON Event......................................................................................... 823 Configuring RMON Collection Statistics.....................................................................824 Configuring the RMON Collection History.................................................................824 41 Rapid Spanning Tree Protocol (RSTP)............................................................................826 Protocol Overview.......................................
Removing the RSA Host Keys and Zeroizing Storage ............................................. 860 Configuring When to Re-generate an SSH Key ....................................................... 860 Configuring the SSH Server Key Exchange Algorithm............................................. 860 Configuring the HMAC Algorithm for the SSH Server.............................................. 861 Configuring the SSH Server Cipher List.......................................................................
45 sFlow.................................................................................................................................... 902 Overview..................................................................................................................................902 Implementation Information...............................................................................................903 Important Points to Remember........................................................................
Additional MIB Objects to View Copy Statistics........................................................ 930 Obtaining a Value for MIB Objects...............................................................................930 MIB Support to Display the Available Memory Size on Flash........................................931 Viewing the Available Flash Memory Size................................................................... 932 MIB Support to Display the Software Core Files Generated by the System.......
Displaying the Status of Stacking Ports.......................................................................960 Remove Units or Front End Ports from a Stack.............................................................. 960 Removing a Unit from a Stack...................................................................................... 960 Removing Front End Port Stacking...............................................................................961 Troubleshoot a Stack.................................
Configuring SupportAssist Activity.....................................................................................990 Configuring SupportAssist Company................................................................................ 992 Configuring SupportAssist Person......................................................................................993 Configuring SupportAssist Server.......................................................................................
Moving Untagged Interfaces....................................................................................... 1020 Assigning an IP Address to a VLAN............................................................................. 1021 Configuring Native VLANs.................................................................................................. 1021 Enabling Null VLAN as the Default VLAN........................................................................ 1022 55 VLT Proxy Gateway.............
Reconfiguring Stacked Switches as VLT......................................................................... 1070 Specifying VLT Nodes in a PVLAN.................................................................................... 1070 Association of VLTi as a Member of a PVLAN...........................................................1071 MAC Synchronization for VLT Nodes in a PVLAN................................................... 1072 PVLAN Operations When One VLT Peer is Down..........................
Assigning an OSPF Process to a VRF Instance......................................................... 1102 Configuring VRRP on a VRF Instance.........................................................................1102 Configuring Management VRF.................................................................................... 1103 Configuring a Static Route........................................................................................... 1104 Sample VRF Configuration...............................
Display Stack Member Counters................................................................................. 1166 Enabling Application Core Dumps....................................................................................1169 Mini Core Dumps..................................................................................................................1170 Enabling TCP Dumps............................................................................................................
1 About this Guide This guide describes the protocols and features the Dell Networking Operating System (OS) supports and provides configuration instructions and examples for implementing them. For complete information about all the CLI commands, see the Dell Command Line Reference Guide for your system. The S6000–ON platform is available with Dell Networking OS version 9.7(0.0) and beyond. Though this guide contains information about protocols, it is not intended to be a complete reference.
Related Documents For more information about the Dell Networking switches, see the following documents: • Dell Networking OS Command Line Reference Guide • Dell Networking OS Installation Guide • Dell Networking OS Quick Start Guide • Dell Networking OS Release Notes About this Guide 36
2 Configuration Fundamentals The Dell Networking Operating System (OS) command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols. The CLI is largely the same for each platform except for some commands and command outputs. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels.
CLI Modes Different sets of commands are available in each mode. A command found in one mode cannot be executed from another mode (except for EXEC mode commands with a preceding do command (refer to the do Command section). You can set user access rights to commands and command modes using privilege levels. The Dell Networking OS CLI is divided into three major mode levels: • EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level.
IP MANAGEMENT ETHERNET NULL PORT-CHANNEL TUNNEL VLAN VRRP IPv6 IP COMMUNITY-LIST IP ACCESS-LIST STANDARD ACCESS-LIST EXTENDED ACCESS-LIST MAC ACCESS-LIST LINE AUXILLIARY CONSOLE VIRTUAL TERMINAL LLDP LLDP MANAGEMENT INTERFACE MONITOR SESSION MULTIPLE SPANNING TREE OPENFLOW INSTANCE PVST PORT-CHANNEL FAILOVER-GROUP PREFIX-LIST PRIORITY-GROUP PROTOCOL GVRP QOS POLICY RSTP ROUTE-MAP ROUTER BGP BGP ADDRESS-FAMILY ROUTER ISIS ISIS ADDRESS-FAMILY ROUTER OSPF ROUTER OSPFV3 ROUTER RIP SPANNING TREE SUPPORTASSIST
Table 1. Dell Networking OS Command Modes CLI Command Mode Prompt Access Command EXEC Dell> Access the router through the console or terminal line. EXEC Privilege Dell# • • CONFIGURATION Dell(conf)# • • From EXEC mode, enter the enable command. From any other mode, use the end command. From EXEC privilege mode, enter the configure command. From every mode except EXEC and EXEC Privilege, enter the exit command. NOTE: Access all of the following modes from CONFIGURATION mode.
CLI Command Mode Prompt Access Command STANDARD ACCESS-LIST Dell(config-std-macl)# mac access-list standard (MAC ACCESS-LIST Modes) EXTENDED ACCESS-LIST Dell(config-ext-macl)# mac access-list extended (MAC ACCESS-LIST Modes) MULTIPLE SPANNING TREE Dell(config-mstp)# protocol spanning-tree mstp Per-VLAN SPANNING TREE Plus Dell(config-pvst)# protocol spanning-tree pvst PREFIX-LIST Dell(conf-nprefixl)# ip prefix-list RAPID SPANNING TREE Dell(config-rstp)# protocol spanning-tree rstp REDIRE
CLI Command Mode Prompt Access Command FRRP Dell(conf-frrp-ring-id)# protocol frrp LLDP Dell(conf-lldp)# or Dell(conf-if—interfacelldp)# protocol lldp (CONFIGURATION or INTERFACE Modes) LLDP MANAGEMENT INTERFACE Dell(conf-lldp-mgmtIf)# management-interface (LLDP Mode) LINE Dell(config-line-console) or Dell(config-line-vty) line console orline vty MONITOR SESSION Dell(conf-mon-sesssessionID)# monitor session OPENFLOW INSTANCE Dell(conf-of-instance-ofid)# openflow of-instance PORT-CHANNEL
Stack MAC Reload-Type : 34:17:eb:f2:c2:c4 : normal-reload [Next boot : normal-reload] -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports -----------------------------------------------------------------------1 Management online S6000-ON S6000-ON 1-0(0-3932) 128 2 Member not present 3 Member not present 4 Member not present 5 Member not present 6 Member not present -- Power Supplies -Unit Bay Status Type FanStatus FanSpeed(rpm) -----------------------------------------------------------1 1 up
Obtaining Help Obtain a list of keywords and a brief functional description of those keywords at any CLI mode using the ? or help command: • To list the keywords available in the current mode, enter ? at the prompt or after a keyword. • Enter ? after a command prompt to list all of the available keywords. The output of this command is the same as the help command.
Short-Cut Key Combination Action CNTL-D Deletes character at cursor. CNTL-E Moves the cursor to the end of the line. CNTL-F Moves the cursor forward one character. CNTL-I Completes a keyword. CNTL-K Deletes all characters from the cursor to the end of the command line. CNTL-L Re-enters the previous command. CNTL-N Return to more recent commands in the history buffer after recalling commands with CTRL-P or the UP arrow key. CNTL-P Recalls commands, beginning with the last command.
• show run | grep Ethernet returns a search result with instances containing a capitalized “Ethernet,” such as interface TenGigabitEthernet 1/1/1. • show run | grep ethernet does not return that search result because it only searches for instances containing a non-capitalized “ethernet.” • show run | grep Ethernet ignore-case returns instances containing both “Ethernet” and “ethernet.” The grep command displays only the lines containing specified text.
Multiple Users in Configuration Mode Dell Networking OS notifies all users when there are multiple users logged in to CONFIGURATION mode. A warning message indicates the username, type of connection (console or VTY), and in the case of a VTY connection, the IP address of the terminal on which the connection was established.
3 Getting Started This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) and system then loads the Dell Networking Operating System. Boot messages scroll up the terminal window during this process. No user interaction is required if the boot process proceeds without interruption. When the boot process completes, the system status LEDs remain online (green) and the console monitor displays the EXEC mode prompt.
Console Access The device has one RJ-45/RS-232 console port, an out-of-band (OOB) Ethernet port, and a micro USB-B console port. Serial Console The RJ-45/RS-232 console port is labeled on the upper right-hand side, as you face the I/O side of the chassis. Figure 1. RJ-45 Console Port 1 2 RS-232 console port. USB port. Accessing the Console Port To access the console port, follow these steps: For the console port pinout, refer to Accessing the RJ-45 Console Port with a DB-9 Adapter.
• • • 8 data bits 1 stop bit No flow control Pin Assignments You can connect to the console using a RJ-45 to RJ-45 rollover cable and a RJ-45 to DB-9 female DTE adapter to a terminal server (for example, a PC). The pin assignments between the console and a DTE terminal server are as follows: Table 2.
Example of the hostname Command Dell(conf)#hostname R1 R1(conf)# Accessing the System Remotely You can configure the system to access it remotely by Telnet or secure shell (SSH). • The platform has a dedicated management port and a management routing table that is separate from the IP routing table. • You can manage all Dell Networking products in-band via the front-end data ports through interfaces assigned an IP address as well.
Configure a Management Route Define a path from the system to the network from which you are accessing the system remotely. Management routes are separate from IP routes and are only used to manage the system through the management port. To configure a management route, use the following command. • Configure a management route to the network from which you are accessing the system. CONFIGURATION mode management route ip-address/mask gateway • ip-address: the network address in dotted-decimal format (A.B.
• Create a password to access EXEC Privilege mode. CONFIGURATION mode enable [password | secret | sha256-password] [level level] [encryption-type] password • level: is the privilege level, is 15 by default, and is not required. • encryption-type: specifies how you input the password, is 0 by default, and is not required. • 0 is to input the password in clear text. • 5 is to input a password that is already encrypted using MD5 encryption method.
Location source-file-url Syntax destination-file-url Syntax For a remote file location: copy scp://{hostip | hostname}/filepath/ filename scp://{hostip | hostname}/ filepath/filename SCP server Important Points to Remember • You may not copy a file from one remote system to another. • You may not copy a file from one location to the same location. • When copying to a server, you can only use a hostname if a domain name server (DNS) server is configured.
The foreign file system remains mounted as long as the device is up and does not reboot. You can run the file system commands without having to mount or un-mount the file system each time you run a command. When you save the configuration using the write command, the mount command is saved to the startup configuration. As a result, each time the device re-boots, the NFS file system is mounted during start up. Table 5.
24 bytes successfully copied Dell# Dell#copy tftp://10.16.127.35/username/dv-maa-test ? flash: Copy to local file system ([flash://]filepath) nfsmount: Copy to nfs mount file system (nfsmount:///filepath) running-config remote host: Destination file name [test.c]: ! 225 bytes successfully copied Dell# Save the Running-Configuration The running-configuration contains the current system configuration. Dell Networking recommends coping your running-configuration to the startup-configuration.
Configure the Overload Bit for a Startup Scenario For information about setting the router overload bit for a specific period of time after a switch reload is implemented, see the Intermediate System to Intermediate System (IS-IS) section in the Dell Command Line Reference Guide for your system. Viewing Files You can only view file information and content on local file systems. To view a list of files or the contents of a file, use the following commands. • View a list of files on the internal flash.
View Configuration Files Configuration files have three commented lines at the beginning of the file, as shown in the following example, to help you track the last time any user made a change to the file, which user made the changes, and when the file was last saved to the startup-configuration.
View Command History The command-history trace feature captures all commands entered by all users of the system with a time stamp and writes these messages to a dedicated trace log buffer. The system generates a trace message for each executed command. No password information is saved to the file. To view the command-history trace, use the show command-history command.
specify a nondefault VRF, the VRF table corresponding to that nondefault VRF is used to look up the HTTP server. However, these changes are backward-compatible and do not affect existing behavior; meaning, you can still use the ip http source- interface command to communicate with a particular interface even if no VRF is configured on that interface NOTE: If the HTTP service is not VRF-aware, then it uses the global routing table to perform the look-up.
To validate the software image on the flash drive after the image is transferred to the system, but before you install the image, use the verify {md5 | sha256} [ flash://]img-file [hash-value] command in EXEC mode. • md5: MD5 message-digest algorithm • sha256: SHA256 Secure Hash Algorithm • flash: (Optional) Specifies the flash drive. The default uses the flash drive. You can enter the image file name. • hash-value: (Optional). Specify the relevant hash published on iSupport.
4 Management This chapter describes the different protocols or services used to manage the Dell Networking system.
Creating a Custom Privilege Level Custom privilege levels start with the default EXEC mode command set. You can then customize privilege levels 2-14 by: • restricting access to an EXEC mode command • moving commands from EXEC Privilege to EXEC mode • restricting access A user can access all commands at his privilege level and below.
Allowing Access to Different Modes This section describes how to allow access to the INTERFACE, LINE, ROUTE-MAP, and ROUTER modes. Similar to allowing access to CONFIGURATION mode, to allow access to INTERFACE, LINE, ROUTE-MAP, and ROUTER modes, you must first allow access to the command that enters you into the mode. For example, to allow a user to enter INTERFACE mode, use the privilege configure level level interface tengigabitethernet command.
privilege exec level 4 resequence privilege configure level 3 line privilege configure level 3 interface tengigabitethernet Dell#telnet 10.11.80.
username username privilege level NOTE: When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configuring Logging The Dell Networking OS tracks changes in the system using event and error messages. By default, Dell Networking OS logs these messages on: • • • the internal buffer console and terminal lines any configured syslog servers To disable logging, use the following commands.
Audit Logs The audit log contains configuration events and information. The types of information in this log consist of the following: • User logins to the switch. • System events for network issues or system issues. • Users making configuration changes. The switch logs who made the configuration changes and the date and time of the change. However, each specific change on the configuration is not logged. Only that the configuration was modified is logged with the user ID, date, and time of the change.
Example of the show logging auditlog Command For information about the logging extended command, see Enabling Audit and Security Logs Dell#show logging auditlog May 12 12:20:25: Dell#: %CLI-6-logging extended by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.
Setting Up a Secure Connection to a Syslog Server You can use reverse tunneling with the port forwarding to securely connect to a syslog server. Figure 2.
2 On the syslog server, create a reverse SSH tunnel from the syslog server to the Dell OS switch, using following syntax: ssh -R :: user@remote_host -nNf In the following example the syslog server IP address is 10.156.166.48 and the listening port is 5141. The switch IP address is 10.16.131.141 and the listening port is 5140 ssh -R 5140:10.156.166.48:5141 admin@10.16.131.141 -nNf 3 Configure logging to a local host. locahost is “127.0.0.1” or “::1”.
• no logging monitor Disable console logging. CONFIGURATION mode no logging console Sending System Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over UDP. • Specify the server to which you want to send system messages. You can configure up to eight syslog servers.
Restrictions for Tracking Login Activity These restrictions apply for tracking login activity: • Only the system and security administrators can configure login activity tracking and view the login activity details of other users. • Login statistics is not applicable for login sessions that do not use user names for authentication. For example, the system does not report login activity for a telnet session that prompts only a password.
User: admin Last login time: 12:52:01 UTC Tue Mar 22 2016 Last login location: Line vty0 ( 10.16.127.
Successful login attempt(s) in last 30 day(s): 1 -----------------------------------------------------------------The following is sample output of the show login statistics unsuccessful-attempts command. Dell# show login statistics unsuccessful-attempts There were 3 unsuccessful login attempt(s) for user admin in last 30 day(s). The following is sample output of the show login statistics unsuccessful-attempts timeperiod days command.
Configuring Concurrent Session Limit To configure concurrent session limit, follow this procedure: • Limit the number of concurrent sessions for all users. CONFIGURATION mode login concurrent-session limit number-of-sessions Example of Configuring Concurrent Session Limit The following example limits the permitted number of concurrent login sessions to 4.
Escape character is '^]'. Login: admin Password: Maximum concurrent sessions for the user reached. Current sessions for user admin: Line Location 2 vty 0 10.14.1.97 3 vty 1 10.14.1.97 4 vty 2 10.14.1.97 5 vty 3 10.14.1.97 Kill existing session? [line number/Enter to cancel]: Changing System Logging Settings You can change the default settings of the system logging by changing the severity level and the storage location. The default is to log all messages up to debug level, that is, all system messages.
logging history size size To view the logging buffer and configuration, use the show logging command in EXEC privilege mode, as shown in the example for Display the Logging Buffer and the Logging Configuration. To view the logging configuration, use the show running-config logging command in privilege mode, as shown in the example for Configure a UNIX Logging Facility Level.
Configuring a UNIX Logging Facility Level You can save system log messages with a UNIX system logging facility. To configure a UNIX logging facility level, use the following command. • Specify one of the following parameters.
! logging logging logging logging Dell# trap debugging facility user source-interface Loopback 0 10.10.10.4 Synchronizing Log Messages You can configure Dell Networking OS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system. 1 Enter LINE mode.
service timestamps [log | debug] [datetime [localtime] [msec] [show-timezone] | uptime] Specify the following optional parameters: • You can add the keyword localtime to include the localtime, msec, and show-timezone. If you do not add the keyword localtime, the time is UTC. • uptime: To view time since last boot. If you do not specify a parameter, Dell Networking OS configures uptime. To view the configuration, use the show running-config logging command in EXEC privilege mode.
Enabling the FTP Server To enable the system as an FTP server, use the following command. To view FTP configuration, use the show running-config ftp command in EXEC privilege mode. • Enable FTP on the system. CONFIGURATION mode ftp-server enable Example of Viewing FTP Configuration Dell#show running ftp ! ftp-server enable ftp-server username nairobi password 0 zanzibar Dell# Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters.
• Enter the following keywords and the interface information: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/ subport information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. • For a Loopback interface, enter the keyword loopback then a number from 0 to 16383. • For a port channel interface, enter the keywords port-channel then a number.
configuration, you can set up two different types of access classes with each class processing either IPv4 or IPv6 rules separately. To apply an IP ACL to a line, Use the following command. • Apply an ACL to a VTY line. LINE mode access-class access-list-name [ipv4 | ipv6] NOTE: If you already have configured generic IP ACL on a terminal line, then you cannot further apply IPv4 or IPv6 specific filtering on top of this configuration.
Configuring Login Authentication for Terminal Lines You can use any combination of up to six authentication methods to authenticate a user on a terminal line. A combination of authentication methods is called a method list. If the user fails the first authentication method, Dell Networking OS prompts the next method until all methods are exhausted, at which point the connection is terminated. The available authentication methods are: enable Prompt for the enable password.
login authentication myvtymethodlist Dell(config-line-vty)# Setting Timeout for EXEC Privilege Mode EXEC timeout is a basic security feature that returns Dell Networking OS to EXEC mode after a period of inactivity on the terminal lines. To set timeout, use the following commands. • Set the number of minutes and seconds. The default is 10 minutes on the console and 30 minutes on VTY. Disable EXEC time out by setting the timeout period to 0.
Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. Example of the telnet Command for Device Access Dell# telnet 10.11.80.203 Trying 10.11.80.203... Connected to 10.11.80.203. Exit character is '^]'. Login: Login: admin Password: Dell>exit Dell#telnet 2200:2200:2200:2200:2200::2201 Trying 2200:2200:2200:2200:2200::2201... Connected to 2200:2200:2200:2200:2200::2201. Exit character is '^]'. FreeBSD/i386 (freebsd2.force10networks.
If another user attempts to enter CONFIGURATION mode while a lock is in place, the following appears on their terminal (message 1): % Error: User "" on line console0 is in exclusive configuration mode. If any user is already in CONFIGURATION mode when while a lock is in place, the following appears on their terminal (message 2): % Error: Can't lock configuration mode exclusively since the following users are currently configuring the system: User "admin" on line vty1 ( 10.1.1.1 ).
Unit Nvram Config -----------------------1 Success Power-cycling the unit(s). .... Restoring Factory Default Environment Variables The Boot line determines the location of the image that is used to boot up the chassis after restoring factory default settings. Ideally, these locations contain valid images, using which the chassis boots up. When you restore factory-default settings, you can either use a flash boot procedure or a network boot procedure to boot the switch.
boot device : flash file name : systema BOOT_USER # To boot from flash partition B: BOOT_USER # boot change primary boot device : flash file name : systemb BOOT_USER # To boot from network: BOOT_USER # boot change primary boot device : tftp file name : FTOS-S6010-9.10.0.1.bin Server IP address : 10.16.127.35 BOOT_USER # 4 Assign an IP address and netmask to the Management Ethernet interface. BOOT_USER # interface management ethernet ip address ip_address_with_mask For example, 10.16.150.106/16.
5 802.1X 802.1X is a port-based Network Access Control (PNAC) that provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity is verified (through a username and password, for example). 802.
The following figures show how the EAP frames are encapsulated in Ethernet and RADIUS frames. Figure 3. EAP Frames Encapsulated in Ethernet and RADUIS Figure 4. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • • The device attempting to access the network is the supplicant. The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only communicate with the authenticator in response to 802.1X requests.
server and the supplicant. The authenticator also changes the status of the port based on the results of the authentication process. The Dell Networking switch is the authenticator. • The authentication-server selects the authentication method, verifies the information the supplicant provides, and grants it network access privileges. Ports can be in one of two states: • Ports are in an unauthorized state by default. In this state, non-802.1X traffic cannot be forwarded in or out of the port.
Access-Reject frame. If the port state remains unauthorized, the authenticator forwards an EAP Failure frame. Figure 5. EAP Port-Authentication 802.
EAP over RADIUS 802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579. EAP messages are encapsulated in RADIUS packets as a type of attribute in Type, Length, Value (TLV) format. The Type value for EAP messages is 79. Figure 6. EAP Over RADIUS RADIUS Attributes for 802.1X Support Dell Networking systems include the following RADIUS attributes in all 802.
• Forcibly Authorizing or Unauthorizing a Port • Re-Authenticating a Port • Configuring Timeouts • Configuring a Guest VLAN • Configuring an Authentication-Fail VLAN Important Points to Remember • Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server.
Enabling 802.1X Enable 802.1X globally. Figure 7. 802.1X Enabled 1 Enable 802.1X globally. CONFIGURATION mode dot1x authentication 2 Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] 3 Enable 802.1X on the supplicant interface only. 802.
INTERFACE mode dot1x authentication Examples of Verifying that 802.1X is Enabled Globally and on an Interface Verify that 802.1X is enabled globally and at the interface level using the show running-config | find dot1x command from EXEC Privilege mode. In the following example, the bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication ! [output omitted] ! interface TenGigabitEthernet 2/1/1 no ip address dot1x authentication no shutdown ! Dell# To view 802.
Configuring Request Identity ReTransmissions When the authenticator sends a Request Identity frame and the supplicant does not respond, the authenticator waits for 30 seconds and then re-transmits the frame. The amount of time that the authenticator waits before re-transmitting and the maximum number of times that the authenticator re-transmits can be configured.
INTERFACE mode dot1x quiet-period seconds The range is from 1 to 65535. The default is 60 seconds.
To set the port state, use the following command. • Place a port in the ForceAuthorized, ForceUnauthorized, or Auto state. INTERFACE mode dot1x port-control {force-authorized | force-unauthorized | auto} The default state is auto. Example of Placing a Port in Force-Authorized State and Viewing the Configuration The example shows configuration information for a port that has been force-authorized. The bold line shows the new port-control state.
• Configure the maximum number of times the supplicant can be re-authenticated. INTERFACE mode dot1x reauth-max number The range is from 1 to 10. The default is 2. Example of Re-Authenticating a Port and Verifying the Configuration The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period.
dot1x server-timeout seconds The range is from 1 to 300. The default is 30. Example of Viewing Configured Server Timeouts The example shows configuration information for a port for which the authenticator terminates the authentication process for an unresponsive supplicant or server after 15 seconds. The bold lines show the new supplicant and server timeouts. Dell(conf-if-Te-1/1/1)#dot1x port-control force-authorized Dell(conf-if-Te-1/1/1)#do show dot1x interface TenGigabitEthernet 1/1/1 802.
The illustration shows the configuration on the Dell Networking system before connecting the end user device in black and blue text, and after connecting the device in red text. The blue text corresponds to the preceding numbered steps on dynamic VLAN assignment with 802.1X. Figure 8. Dynamic VLAN Assignment 1 Configure 8021.x globally (refer to Enabling 802.1X) along with relevant RADIUS server configurations (refer to the illustration inDynamic VLAN Assignment with Port Authentication).
the VLAN for which the port is configured or the VLAN that the authentication server indicates in the authentication data. NOTE: Ports cannot be dynamically assigned to the default VLAN. If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases this behavior is not appropriate. External users of an enterprise network, for example, might not be able to be authenticated, but still need access to the network.
Configure a port to be placed in the VLAN after failing the authentication process as specified number of times using the dot1x auth-fail-vlan command from INTERFACE mode. Configure the maximum number of authentication attempts by the authenticator using the keyword max-attempts with this command.
6 Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC ACLS, refer to Layer 2.
NOTE: In order for the VRF ACLs to take effect, ACLs configured in the Layer 3 CAM region must have an implicit-permit option. You can use the ip access-group command to configure VRF-aware ACLs on interfaces. Using the ip access-group command, in addition to a range of VLANs, you can also specify a range of VRFs as input for configuring ACLs on interfaces. The VRF range is from 1 to 63.
When creating an access list, the sequence of the filters is important. You have a choice of assigning sequence numbers to the filters as you enter them, or the Dell Networking Operating System (OS) assigns numbers in the order the filters are created. The sequence numbers are listed in the display output of the show config and show ip accounting access-list commands.
To determine whether sufficient ACL CAM space is available to enable a service-policy, use this command. To verify the actual CAM space required, create a class map with all the required ACL rules, then execute the test cam-usage command in Privilege mode. The following example shows the output when executing this command. The status column indicates whether you can enable the policy.
Determine the Order in which ACLs are Used to Classify Traffic When you link class-maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue priority (queue numbers closer to 0 have lower priorities). As shown in the following example, class-map cmap2 is matched against ingress packets before cmap1. ACLs acl1 and acl2 have overlapping rules because the address range 20.1.1.0/24 is within 20.0.0.0/8.
• If a continue clause is included in the route-map sequence, the next or a specified route-map sequence is processed after a match is found. Configuration Task List for Route Maps Configure route maps in ROUTE-MAP mode and apply the maps in various commands in ROUTER RIP and ROUTER OSPF modes. The following list includes the configuration tasks for route maps, as described in the following sections.
Match clauses: Set clauses: route-map zakho, permit, sequence 20 Match clauses: interface TenGigabitEthernet 1/1/1 Set clauses: tag 35 level stub-area Dell# To delete all instances of that route map, use the no route-map map-name command. To delete just one instance, add the sequence number to the command syntax.
Dell(config-route-map)#match tag 2000 Dell(config-route-map)#match tag 3000 Example of the match Command to Match All Specified Values In the next example, there is a match only if a route has both of the specified characteristics. In this example, there a match only if the route has a tag value of 1000 and a metric value of 2000. Also, if there are different instances of the same route-map, then it’s sufficient if a permit match happens in any instance of that route-map.
• • For a port channel interface, enter the keywords port-channel then a number. • For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. Match destination routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode • match ip address prefix-list-name Match destination routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode • match ipv6 address prefix-list-name Match next-hop routes specified in a prefix list (IPv4).
Configuring Set Conditions To configure a set condition, use the following commands. • Add an AS-PATH number to the beginning of the AS-PATH. CONFIG-ROUTE-MAP mode • set as-path prepend as-number [... as-number] Generate a tag to be added to redistributed routes. CONFIG-ROUTE-MAP mode • set automatic-tag Specify an OSPF area or ISIS level for redistributed routes.
To create route map instances, use these commands. There is no limit to the number of set commands per route map, but the convention is to keep the number of set filters in a route map low. Set commands do not require a corresponding match command. Configure a Route Map for Route Redistribution Route maps on their own cannot affect traffic and must be included in different commands to affect routing traffic.
Example of the redistribute Command Using a Route Tag ! router rip redistribute ospf 34 metric 1 route-map torip ! route-map torip permit 10 match route-type internal set tag 34 ! Continue Clause Normally, when a match is found, set clauses are executed, and the packet is then forwarded; no more routemap modules are processed. If you configure the continue command at the end of a module, the next module (or a specified module) is processed even after a match is found.
IP Fragments ACL Examples The following examples show how you can use ACL commands with the fragment keyword to filter fragmented packets. Example of Permitting All Packets on an Interface The following configuration permits all packets (both fragmented and non-fragmented) with destination IP 10.1.1.1. The second rule does not get hit at all. Dell(conf)#ip access-list extended ABC Dell(conf-ext-nacl)#permit ip any 10.1.1.1/32 Dell(conf-ext-nacl)#deny ip any 10.1.1.
Example of Permitting Only First Fragments and Non-Fragmented Packets from a Specified Host In the following example, the TCP packets that are first fragments or non-fragmented from host 10.1.1.1 with TCP destination port equal to 24 are permitted. Additionally, all TCP non-first fragments from host 10.1.1.1 are permitted. All other IP packets that are non-first fragments are denied. Dell(conf)#ip access-list extended ABC Dell(conf-ext-nacl)#permit tcp host 10.1.1.
Example of Viewing the Rules of a Specific ACL on an Interface The following is an example of viewing the rules of a specific ACL on an interface. Dell#show ip accounting access-list ToOspf interface gig 1/6 Standard IP access list ToOspf seq 5 deny any seq 10 deny 10.2.0.0 /16 seq 15 deny 10.3.0.0 /16 seq 20 deny 10.4.0.0 /16 seq 25 deny 10.5.0.0 /16 seq 30 deny 10.6.0.0 /16 seq 35 deny 10.7.0.0 /16 seq 40 deny 10.8.0.0 /16 seq 45 deny 10.9.0.0 /16 seq 50 deny 10.10.0.
the first filter was given the lowest sequence number). The show config command in IP ACCESS LIST mode displays the two filters with the sequence numbers 5 and 10. Example of Viewing a Filter Sequence for a Specified Standard ACL and for an Interface Dell(config-route-map)#ip access standard kigali Dell(config-std-nacl)#permit 10.1.0.0/16 Dell(config-std-nacl)#show config ! ip access-list standard kigali seq 5 permit 10.1.0.
seq sequence-number {deny | permit} {ip-protocol-number | icmp | ip | tcp | udp} {source mask | any | host ip-address} {destination mask | any | host ipaddress} [operator port [port]] [count [byte]] [order] [fragments] When you use the log keyword, the CP logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets’ details.
seq 15 deny ip host 112.45.0.0 any log Dell(config-ext-nacl)# Configuring Filters Without a Sequence Number If you are creating an extended ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. Dell Networking OS assigns filters in multiples of five.
Configure Layer 2 and Layer 3 ACLs Both Layer 2 and Layer 3 ACLs may be configured on an interface in Layer 2 mode. If both L2 and L3 ACLs are applied to an interface, the following rules apply: • When Dell Networking OS routes the packets, only the L3 ACL governs them because they are not filtered against an L2 ACL. • When Dell Networking OS switches the packets, first the L3 ACL filters them, then the L2 ACL filters them.
This section describes the following: • Configure Ingress ACLs • Configure Egress ACLs For more information about Layer-3 interfaces, refer to Interfaces. Applying an IP ACL To apply an IP ACL (standard or extended) to a physical or port channel interface, use the following commands. 1 Enter the interface number. CONFIGURATION mode interface interface slot/port 2 Configure an IP address for the interface, placing it in Layer-3 mode.
Counting ACL Hits You can view the number of packets matching the ACL by using the count option when creating ACL entries. 1 Create an ACL that uses rules with the count option. Refer to Configure a Standard IP ACL Filter. 2 Apply the ACL as an inbound or outbound ACL on an interface. 3 show ip accounting access-list EXEC Privilege mode View the number of packets matching the ACL. Configure Ingress ACLs Ingress ACLs are applied to interfaces and to traffic entering the system.
Configure Egress ACLs Egress ACLs are applied to line cards and affect the traffic leaving the system. Configuring egress ACLs onto physical interfaces protects the system infrastructure from attack — malicious and incidental — by explicitly allowing only authorized traffic. These system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target traffic, it is a simpler implementation. To restrict egress traffic, use an egress ACL.
Applying Egress Layer 3 ACLs (Control-Plane) By default, packets originated from the system are not filtered by egress ACLs. For example, if you initiate a ping session from the system and apply an egress ACL to block this type of traffic on the interface, the ACL does not affect that ping traffic. The Control Plane Egress Layer 3 ACL feature enhances IP reachability debugging by implementing control-plane ACLs for CPU-generated and CPUforwarded traffic.
• To deny routes with a mask less than /24, enter deny x.x.x.x/x le 24. • To permit routes with a mask greater than /20, enter permit x.x.x.x/x ge 20. The following rules apply to prefix lists: • A prefix list without any permit or deny filters allows all routes. • An “implicit deny” is assumed (that is, the route is dropped) for all route prefixes that do not match a permit or deny filter in a configured prefix list. • After a route matches a filter, the filter’s action is applied.
• • ge min-prefix-length: the minimum prefix length to match (from 0 to 32). le max-prefix-length: the maximum prefix length to match (from 0 to 32). Example of Assigning Sequence Numbers to Filters If you want to forward all routes that do not match the prefix list criteria, configure a prefix list filter to permit all routes (permit 0.0.0.0/0 le 32). The “permit all” filter must be the last filter in your prefix list. To permit the default route only, enter permit 0.0.0.0/0.
Dell(conf-nprefixl)#show conf ! ip prefix-list awe seq 5 permit 123.23.0.0/16 seq 10 deny 133.0.0.0/8 Dell(conf-nprefixl)# To delete a filter, enter the show config command in PREFIX LIST mode and locate the sequence number of the filter you want to delete, then use the no seq sequence-number command in PREFIX LIST mode. Viewing Prefix Lists To view all configured prefix lists, use the following commands. • Show detailed information about configured prefix lists.
• Enter RIP mode. CONFIGURATION mode • router rip Apply a configured prefix list to incoming routes. You can specify an interface. If you enter the name of a nonexistent prefix list, all routes are forwarded. CONFIG-ROUTER-RIP mode • distribute-list prefix-list-name in [interface] Apply a configured prefix list to outgoing routes. You can specify an interface or type of route. If you enter the name of a non-existent prefix list, all routes are forwarded.
router ospf 34 network 10.2.1.1 255.255.255.255 area 0.0.0.1 distribute-list prefix awe in Dell(conf-router_ospf)# ACL Resequencing ACL resequencing allows you to re-number the rules and remarks in an access or prefix list. The placement of rules within the list is critical because packets are matched against rules in sequential order. To order new rules using the current numbering scheme, use resequencing whenever there is no opportunity.
• resequence access-list {ipv4 | ipv6 | mac} {access-list-name StartingSeqNum Step-to-Increment} IPv4 or IPv6 prefix-list EXEC mode resequence prefix-list {ipv4 | ipv6} {prefix-list-name StartingSeqNum Step-toIncrement} Examples of Resequencing ACLs When Remarks and Rules Have the Same Number or Different Numbers Remarks and rules that originally have the same sequence number have the same sequence number after you apply the resequence command.
ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1 seq 4 permit ip any host 1.1.1.1 remark 6 this remark has no corresponding rule remark 8 this remark corresponds to permit ip any host 1.1.1.2 seq 8 permit ip any host 1.1.1.2 seq 10 permit ip any host 1.1.1.3 seq 12 permit ip any host 1.1.1.
When a stack unit is reset or a stack unit undergoes a failure, the ACL agent registers with the port mirroring application. The port mirroring utility downloads the monitoring configuration to the ACL agent. The interface manager notifies the port mirroring application about the removal of an interface when an ACL entry associated with that interface to is deleted.
-----0 A -----Te 1/1/1 ----------Te 1/2/1 --rx ---- --------Flow N/A -------N/ The show config command has been modified to display monitoring configuration in a particular session.
Example of the flow-based enable Command To view an access-list that you applied to an interface, use the show ip accounting access-list command from EXEC Privilege mode. Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#flow-based enable Dell(conf)#ip access-list ext testflow Dell(config-ext-nacl)#seq 5 permit icmp any any count bytes monitor Dell(config-ext-nacl)#seq 10 permit ip 102.1.1.
7 Bidirectional Forwarding Detection (BFD) BFD is a protocol that is used to rapidly detect communication failures between two adjacent systems. It is a simple and lightweight replacement for existing routing protocol link state detection mechanisms. It also provides a failure detection solution for links on which no routing protocol is used. BFD is a simple hello mechanism. Two neighboring systems running BFD establish a session using a threeway handshake.
NOTE: The Dell Networking Operating System (OS) does not support multi-hop BFD sessions. If a system does not receive a control packet within an agreed-upon amount of time, the BFD agent changes the session state to Down. It then notifies the BFD manager of the change and sends a control packet to the neighbor that indicates the state change (though it might not be received if the link or receiving interface is faulty).
BFD Packet Format Control packets are encapsulated in user datagram protocol (UDP) packets. The following illustration shows the complete encapsulation of a BFD control packet inside an IPv4 packet. Figure 9. BFD in IPv4 Packet Format Field Description Diagnostic Code The reason that the last session failed. State The current local session state. Refer to BFD Sessions. Flag A bit that indicates packet function.
Field Description system clears the poll bit and sets the final bit in its response. The poll and final bits are used during the handshake and in Demand mode (refer to BFD Sessions). NOTE: Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear. Detection Multiplier The number of packets that must be missed in order to declare a session down. Length The entire length of the BFD packet.
BFD Sessions BFD must be enabled on both sides of a link in order to establish a session. The two participating systems can assume either of two roles: Active The active system initiates the BFD session. Both systems can be active for the same session. Passive The passive system does not initiate a session. It only responds to a request for session initialization from the active system.
1 The active system sends a steady stream of control packets that indicates that its session state is Down, until the passive system responds. These packets are sent at the desired transmit interval of the Active system. The Your Discriminator field is set to zero. 2 When the passive system receives any of these control packets, it changes its session state to Init and sends a response that indicates its state change.
Session State Changes The following illustration shows how the session state on a system changes based on the status notification it receives from the remote system. For example, if a session on a system is down and it receives a Down status notification from the remote system, the session state on the local system changes to Init. Figure 11.
• Dell Networking OS supports only OSPF, OSPFv3, IS-IS, and BGP protocols as BFD clients. Configure BFD This section contains the following procedures.
Example of Verifying BFD is Enabled To verify that BFD is enabled globally, use the show running bfd command. The bold line shows that BFD is enabled. R1(conf)#bfd ? enable protocol-liveness R1(conf)#bfd enable Enable BFD protocol Enable BFD protocol-liveness R1(conf)#do show running-config bfd ! bfd enable R1(conf)# Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration.
The bold line shows the BFD session. R1(conf-if-te-1/24/1)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int * 2.2.2.1 2.2.2.2 Te 1/24/1 Up 100 Tx-int 100 Mult 3 Clients C To view specific information about BFD sessions, use the show bfd neighbors detail command. R1(conf-if-te-4/24/1)#do show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 1 Local Addr: 2.2.2.
Local Addr: 2.2.2.1 Local MAC Addr: 00:01:e8:09:c3:e5 Remote Addr: 2.2.2.
Configuring BFD for static routes is a three-step process: 1 Enable BFD globally. 2 Configure static routes on both routers on the system (either local or remote). 3 Configure an IP route to connect BFD on the static routes using the ip route bfd command. Related Configuration Tasks • Changing Static Route Session Parameters • Disabling BFD for Static Routes Establishing Sessions for Static Routes Sessions are established for all neighbors that are the next hop of a static route. Figure 13.
LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients 2.2.2.1 2.2.2.2 Te 4/24/1 Up 100 100 4 R To view detailed session information, use the show bfd neighbors detail command, as shown in the examples in Displaying BFD for BGP Information. Changing Static Route Session Parameters BFD sessions are configured with default intervals and a default role. The parameters you can configure are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role.
Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 14. Establishing Sessions with OSPF Neighbors To establish BFD with all OSPF neighbors or with OSPF neighbors on a single interface, use the following commands. • Establish sessions with all OSPF neighbors.
• Establish sessions with OSPF neighbors on a single interface. INTERFACE mode ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr * 2.2.2.2 * 2.2.3.
To disable BFD sessions, use the following commands. • Disable BFD sessions with all OSPF neighbors. ROUTER-OSPF mode no bfd all-neighbors Disable BFD sessions with all OSPF neighbors on an interface. • INTERFACE mode ip ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv3 provides support for IPV6. Configuring BFD for OSPFv3 is a two-step process: 1 Enable BFD globally. 2 Establish sessions with OSPFv3 neighbors.
neighbors sessions. If you change a parameter at the interface level, the change affects all OSPFv3 sessions on that interface. To change parameters for all OSPFv3 sessions or for OSPFv3 sessions on a single interface, use the following commands. To view session parameters, use the show bfd neighbors detail command, as shown in the example in Displaying BFD for BGP Information. • Change parameters for all OSPFv3 sessions.
Related Configuration Tasks • Changing IS-IS Session Parameters • Disabling BFD for IS-IS Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 15. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS neighbors on a single interface, use the following commands. • Establish sessions with all IS-IS neighbors.
• Establish sessions with IS-IS neighbors on a single interface. INTERFACE mode isis bfd all-neighbors Example of Verifying Sessions with IS-IS Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows that IS-IS BFD sessions are enabled. R2(conf-router_isis)#bfd all-neighbors R2(conf-router_isis)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr * 2.2.2.
To disable BFD sessions, use the following commands. • Disable BFD sessions with all IS-IS neighbors. ROUTER-ISIS mode • no bfd all-neighbors Disable BFD sessions with IS-IS neighbors on a single interface. INTERFACE mose isis bfd all-neighbors disable Configure BFD for BGP In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence.
For example, the following illustration shows a sample BFD configuration on Router 1 and Router 2 that use eBGP in a transit network to interconnect AS1 and AS2. The eBGP routers exchange information with each other as well as with iBGP routers to maintain connectivity and accessibility within each autonomous system. Figure 16.
session (other routing protocols) about the failure. It then depends on the individual routing protocols that uses the BGP link to determine the appropriate response to the failure condition. The typical response is to terminate the peering session for the routing protocol and reconverge by bypassing the failed neighboring router. A log message is generated whenever BFD detects a failure condition. 1 Enable BFD globally.
• Disable a BFD for BGP session with a specified neighbor. ROUTER BGP mode neighbor {ip-address | peer-group-name} bfd disable Remove the disabled state of a BFD for BGP session with a specified neighbor. • ROUTER BGP mode no neighbor {ip-address | peer-group-name} bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members of a peer group (the neighbor peer-group-name bfd command in ROUTER BGP configuration mode).
EXEC Privilege mode show ip bgp neighbors [ip-address] Examples of Verifying BGP Information The following example shows verifying a BGP configuration. R2# show running-config bgp ! router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor 3.3.3.2 no shutdown bfd all-neighbors The following example shows viewing all BFD neighbors.
Statistics: Number of packets received from neighbor: 4762 Number of packets sent to neighbor: 4490 Number of state changes: 2 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 5 Session Discriminator: 10 Neighbor Discriminator: 11 Local Addr: 2.2.2.3 Local MAC Addr: 00:01:e8:66:da:34 Remote Addr: 2.2.2.
De-registration Init Up Down Admin Down : : : : : 0 0 1 0 2 The following example shows viewing BFD summary information. The bold line shows the message displayed when you enable BFD for BGP connections. R2# show ip bgp summary BGP router identifier 10.0.0.1, local AS number 2 BGP table version is 0, main routing table version 0 BFD is enabled, Interval 100 Min_rx 100 Multiplier 3 Role Active 3 neighbor(s) using 24168 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 1.1.1.
Prefixes accepted 0 (consume 0 bytes), withdrawn 0 by peer, martian prefixes ignored 0 Prefixes advertised 0, denied 0, withdrawn 0 from peer Connections established 1; dropped 0 Last reset never Local host: 2.2.2.3, Local port: 63805 Foreign host: 2.2.2.2, Foreign port: 179 E1200i_ExaScale# R2# show ip bgp neighbors 2.2.2.3 BGP neighbor is 2.2.2.3, remote AS 1, external link Member of peer-group pg1 for session parameters BGP version 4, remote router ID 12.0.0.
Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once, or a session can be established with a particular neighbor. Figure 17. Establishing Sessions with All VRRP Neighbors To establish sessions with all VRRP neighbors, use the following command. • Establish sessions with all VRRP neighbors.
Examples of Viewing VRRP Sessions To view the established sessions, use the show bfd neighbors command. The bold line shows that VRRP BFD sessions are enabled. Dell(conf-if-te-1/1/1)#vrrp bfd all-neighbors Dell(conf-if-te-1/1/1)#do show bfd neighbor * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) V - VRRP LocalAddr * 2.2.5.1 RemoteAddr Interface State Rx-int Tx-int Mult Clients 2.2.5.
To view session parameters, use the show bfd neighbors detail command, as shown in the example in Verifying BFD Sessions with BGP Neighbors Using the show bfd neighbors command example in Displaying BFD for BGP Information. Disabling BFD for VRRP If you disable any or all VRRP sessions, the sessions are torn down. A final Admin Down control packet is sent to all neighbors and sessions on the remote system change to the Down state.
CONFIGURATION debug bfd packet Examples of Output from the debug bfd Commands The following example shows a three-way handshake using the debug bfd detail command. R1(conf-if-te-4/24/1)#00:54:38: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.2 on interface Te 4/24/1 (diag: 0) 00:54:38 : Sent packet for session with neighbor 2.2.2.
8 Border Gateway Protocol IPv4 (BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS). The primary function of the BGP is to exchange network reachability information with other BGP systems.
You can group autonomous systems into three categories (multihomed, stub, and transit), defined by their connections and operation. • multihomed AS — is one that maintains connections to more than one other AS. This group allows the AS to remain connected to the Internet in the event of a complete failure of one of their connections. However, this type of AS does not allow traffic from one AS to pass through on its way to another AS. A simple example of this group is seen in the following illustration.
in “full mesh.” As seen in the illustration below, four routers connected in a full mesh have three peers each, six routers have five peers each, and eight routers in full mesh have seven peers each. Figure 19. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible.
Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor. Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies.
proper peers. If the peers are members of a peer group however, the information can be sent to one place and then passed onto the peers within the group. Route Reflectors Route reflectors reorganize the iBGP core into a hierarchy and allow some route advertisement rules. NOTE: Do not use route reflectors (RRs) in the forwarding path. In iBGP, hierarchal RRs maintaining forwarding plane RRs could create routing loops. Route reflection divides iBGP peers into two groups: client peers and nonclient peers.
BGP Attributes Routes learned using BGP have associated properties that are used to determine the best route to a destination when multiple paths exist to a particular destination. These properties are referred to as BGP attributes, and an understanding of how BGP attributes influence route selection is required for the design of robust networks.
NOTE: The bgp bestpath as-path multipath-relax command is disabled by default, preventing BGP from load-balancing a learned route across two or more eBGP peers. To enable load-balancing across different eBGP peers, enable the bgp bestpath as-path multipath-relax command. A system error results if you configure the bgp bestpath as-path ignore command and the bgp bestpath as-path multipath-relax command at the same time. Only enable one command at a time.
b A path with no AS_PATH configured has a path length of 0. c AS_CONFED_SET is not included in the AS_PATH length. d AS_CONFED_SEQUENCE has a path length of 1, no matter how many ASs are in the AS_CONFED_SEQUENCE. 5 Prefer the path with the lowest ORIGIN type (IGP is lower than EGP, and EGP is lower than INCOMPLETE). 6 Prefer the path with the lowest multi-exit discriminator (MED) attribute.
Weight The weight attribute is local to the router and is not advertised to neighboring routers. If the router learns about more than one route to the same destination, the route with the highest weight is preferred. The route with the highest weight is installed in the IP routing table. Local Preference Local preference (LOCAL_PREF) represents the degree of preference within the entire AS. The higher the number, the greater the preference for the route.
Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path. MED is one of the criteria used to determine the best path, so keep in mind that other criteria may impact selection, as shown in the illustration in Best Path Selection Criteria. One AS assigns the MED a value and the other AS uses that value to decide the preferred path. For this example, assume the MED is the only attribute applied.
Origin The origin indicates the origin of the prefix, or how the prefix came into BGP. There are three origin codes: IGP, EGP, INCOMPLETE. Origin Type Description IGP Indicates the prefix originated from information learned through an interior gateway protocol. EGP Indicates the prefix originated from information learned from an EGP protocol, which NGP replaced. INCOMPLETE Indicates that the prefix originated from an unknown source.
0x5e62df4 0x3a1814c 0x567ea9c 0x6cc1294 0x6cc18d4 0x5982e44 0x67d4a14 0x559972c 0x59cd3b4 0x7128114 0x536a914 0x2ffe884 0 0 0 0 0 0 0 0 0 0 0 0 2 26 75 2 1 162 2 31 2 10 3 1 18508 18508 18508 18508 18508 18508 18508 18508 18508 18508 18508 18508 701 209 209 209 701 209 701 209 209 209 209 701 17302 i 22291 i 3356 2529 i 1239 19265 i 2914 4713 17935 i i 19878 ? 18756 i 7018 15227 i 3356 13845 i 701 6347 7781 i 3561 9116 21350 i Next Hop The next hop is the IP address used to reach the advertising route
Implement BGP with Dell Networking OS The following sections describe how to implement BGP on Dell Networking OS. Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths with new ones. By default, a BGP speaker advertises only the best path to its peers for a given address prefix.
Table 8.
AS4 Number Representation Dell Networking OS supports multiple representations of 4-byte AS numbers: asplain, asdot+, and asdot. NOTE: The ASDOT and ASDOT+ representations are supported only with the 4-Byte AS numbers feature. If 4-Byte AS numbers are not implemented, only ASPLAIN representation is supported. ASPLAIN is the default method the system uses. With the ASPLAIN notation, a 32-bit binary AS number is translated into a decimal value.
bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057
C’s configuration. Local-AS allows this behavior to happen by allowing Router B to appear as if it still belongs to Router B’s old network (AS 200) as far as communicating with Router C is concerned. Figure 24. Before and After AS Number Migration with Local-AS Enabled When you complete your migration, and you have reconfigured your network with the new information, disable this feature. If you use the “no prepend” option, the Local-AS does not prepend to the updates received from the eBGP peer.
3 Prepend "65001 65002" to as-path. Local-AS is prepended before the route-map to give an impression that update passed through a router in AS 200 before it reached Router B. BGP4 Management Information Base (MIB) The FORCE10-BGP4-V2-MIB enhances support for BGP management information base (MIB) with many new simple network management protocol (SNMP) objects and notifications (traps) defined in draft-ietf-idr-bgp4mibv2-05. To see these enhancements, download the MIB from the Dell website.
• The f10BgpM2[Cfg]PeerReflectorClient field is populated based on the assumption that route-reflector clients are not in a full mesh if you enable BGP client-2-client reflection and that the BGP speaker acting as reflector advertises routes learned from one client to another client. If disabled, it is assumed that clients are in a full mesh and there is no need to advertise prefixes to the other clients. • High CPU utilization may be observed during an SNMP walk of a large BGP Loc-RIB.
BGP Configuration To enable the BGP process and begin exchanging information, assign an AS number and use commands in ROUTER BGP mode to configure a BGP neighbor. By default, BGP is disabled. By default, Dell Networking OS compares the MED attribute on different paths from within the same AS (the bgp always-compare-med command is not enabled). NOTE: In Dell Networking OS, all newly configured neighbors and peer groups are disabled.
Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor or peer. In BGP, routers with an established TCP connection are called neighbors or peers. After a connection is established, the neighbors exchange full BGP routing tables with incremental updates afterward.
address-family [ipv4 | ipv6} vrf Use this command to enter BGP for IPv6 mode (CONF-ROUTER_BGPv6_AF). 2 Add a neighbor as a remote AS. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group name} remote-as as-number • • peer-group name: 16 characters as-number: from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte) or 0.1 to 65535.65535 (Dotted format) Formats: IP Address A.B.C.D You must Configure Peer Groups before assigning it a remote AS. 3 Enable the BGP neighbor.
1 paths using 72 bytes of memory BGP-RIB over all using 73 bytes of memory 1 BGP path attribute entrie(s) using 72 bytes of memory 1 BGP AS-PATH entrie(s) using 47 bytes of memory 5 neighbor(s) using 23520 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 10.10.21.1 10.10.32.3 100.10.92.9 192.168.10.1 192.168.12.
BGP neighbor is 10.1.1.1, remote AS 65535, internal link Administratively shut down BGP version 4, remote router ID 10.0.0.
Term Description ASDOT A representation combines the ASPLAIN and ASDOT+ representations. AS numbers less than 65536 appear in integer format (asplain); AS numbers equal to or greater than 65536 appear using the decimal method (asdot+). For example, the AS number 65526 appears as 65526 and the AS number 65546 appears as 1.10. NOTE: The ASDOT and ASDOT+ representations are supported only with the 4-Byte AS numbers feature.
neighbor 172.30.1.250 no shutdown 5332332 9911991 65057 18508 12182 7018 46164 i The following example shows the bgp asnotation asdot+ command output. Dell(conf-router_bgp)#bgp asnotation asdot+ Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp asnotation asdot+ bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30.1.250 password 7 5ab3eb9a15ed02ff4f0dfd4500d6017873cfd9a267c04957 neighbor 172.30.1.
neighbor ip-address peer-group peer-group-name 6 Add a neighbor as a remote AS. CONFIG-ROUTERBGP mode neighbor {ip-address | peer-group name} remote-as as-number Formats: IP Address A.B.C.D • Peer-Group Name: 16 characters. • as-number: the range is from 0 to 65535 (2-Byte) or 1 to 4294967295 | 0.1 to 65535.65535 (4Byte) or 0.1 to 65535.
neighbor 10.14.8.60 remote-as 18505 neighbor 10.14.8.60 no shutdown Dell(conf-router_bgp)# To enable a peer group, use the neighbor peer-group-name no shutdown command in CONFIGURATION ROUTER BGP mode (shown in bold). Dell(conf-router_bgp)#neighbor zanzibar no shutdown Dell(conf-router_bgp)#show config ! router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes neighbor zanzibar peer-group neighbor zanzibar no shutdown neighbor 10.1.1.1 remote-as 65535 neighbor 10.1.1.1 shutdown neighbor 10.14.8.
10.68.183.1 10.68.184.1 10.68.185.1 Dell> Configuring BGP Fast Fall-Over By default, a BGP session is governed by the hold time. BGP routers typically carry large routing tables, so frequent session resets are not desirable. The BGP fast fallover feature reduces the convergence time while maintaining stability. The connection to a BGP peer is immediately reset if a link to a directly connected external peer fails.
Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 52, neighbor version 52 4 accepted prefixes consume 16 bytes Prefix advertised 0, denied 0, withdrawn 0 Connections established 6; dropped 5 Last reset 00:19:37, due to Reset by peer Notification History 'Connection Reset' Sent : 5 Recv: 0 Local host: 200.200.200.200, Local port: 65519 Foreign host: 100.100.100.
You can constrain the number of passive sessions accepted by the neighbor. The limit keyword allows you to set the total number of sessions the neighbor will accept, between 2 and 265. The default is 256 sessions. 1 Configure a peer group that does not initiate TCP connections with other peers. CONFIG-ROUTER-BGP mode neighbor peer-group-name peer-group passive limit Enter the limit keyword to restrict the number of sessions accepted. 2 Assign a subnet to the peer group.
Example of the Verifying that Local AS Numbering is Disabled The first line in bold shows the actual AS number. The second two lines in bold show the local AS number (6500) maintained during migration. To disable this feature, use the no neighbor local-as command in CONFIGURATION ROUTER BGP mode. R2(conf-router_bgp)#show conf ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.
To disable this feature, use the no neighbor allow-as in number command in CONFIGURATION ROUTER BGP mode. R2(conf-router_bgp)#show conf ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.
• • Bring the secondary RPM online as the primary and re-open sessions with all peers operating in No Shutdown mode. Defer best path selection for a certain amount of time. This helps optimize path selection and results in fewer updates being sent out. To enable graceful restart, use the configure router bgp graceful-restart command. • Enable graceful restart for the BGP node. CONFIG-ROUTER-BGP mode • bgp graceful-restart Set maximum restart time for all peers.
• Local router supports graceful restart for this neighbor or peer-group as a receiver only. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} graceful-restart [role receiver-only] Set the maximum time to retain the restarting neighbor’s or peer-group’s stale paths. • CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} graceful-restart [stale-path-time timein-seconds] The default is 360 seconds.
CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} filter-list as-path-name {in | out} If you assign an non-existent or empty AS-PATH ACL, the software allows all routes. Example of the show ip bgp paths Command To view all BGP path attributes in the BGP database, use the show ip bgp paths command in EXEC Privilege mode.
Regular Expression Definition * (asterisk) Matches 0 or more sequences of the immediately previous character or pattern. + (plus) Matches 1 or more sequences of the immediately previous character or pattern. ? (question) Matches 0 or 1 sequence of the immediately previous character or pattern.
Dell(conf-router_bgp)#ex Dell(conf)#ex Dell#show ip as-path-access-lists ip as-path access-list Eagle deny 32$ Dell# Redistributing Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the BGP process. With the redistribute command, you can include ISIS, OSPF, static, or directly connected routes in the BGP process. To add routes from other routing instances or protocols, use any of the following commands in ROUTER BGP mode.
Enabling Additional Paths The add-path feature is disabled by default. NOTE: Dell Networking OS recommends not using multipath and add path simultaneously in a route reflector. To allow multiple paths sent to peers, use the following commands. 1 Allow the advertisement of multiple paths for the same address prefix without the new paths replacing any previous ones. CONFIG-ROUTER-BGP mode bgp add-path [both|received|send] path-count count The range is from 2 to 64.
ip community-list community-list-name 2 Configure a community list by denying or permitting specific community numbers or types of community. CONFIG-COMMUNITYLIST mode {deny | permit} {community-number | local-AS | no-advertise | no-export | quote-regexp regular-expression-list | regexp regular-expression} • community-number: use AA:NN format where AA is the AS number (2 Bytes or 4 Bytes) and NN is a value specific to that autonomous system.
CONFIG-COMMUNITY-LIST mode {permit | deny} {{rt | soo} {ASN:NN | IPADDR:N} | regex REGEX-LINE} Filter routes based on the type of extended communities they carry using one of the following keywords: • rt: route target. • soo: route origin or site-of-origin. Support for matching extended communities against regular expression is also supported. Match against a regular expression using the following keyword. • regexp: regular expression.
match {community community-list-name [exact] | extcommunity extcommunity-listname [exact]} 3 Return to CONFIGURATION mode. CONFIG-ROUTE-MAP mode exit 4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number AS-number: 0 to 65535 (2-Byte) or 1 to 4294967295 (4-Byte) or 0.1 to 65535.65535 (Dotted format) 5 Apply the route map to the neighbor or peer group’s incoming or outgoing routes.
OR set community {community-number | local-as | no-advertise | no-export | none} Configure a community list by denying or permitting specific community numbers or types of community. 3 • community-number: use AA:NN format where AA is the AS number (2 or 4 Bytes) and NN is a value specific to that autonomous system. • local-AS: routes with the COMMUNITY attribute of NO_EXPORT_SUBCONFED and are not sent to EBGP peers.
*>i 6.10.0.0/15 *>i 6.14.0.0/15 *>i 6.133.0.0/21 *>i 6.151.0.0/16 --More-- 195.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 100 100 100 100 0 0 0 0 209 209 209 209 7170 7170 7170 7170 1455 1455 1455 1455 i i i i Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS. To change how the MED attribute is used, enter any or all of the following commands.
route-map map-name [permit | deny] [sequence-number] 2 Change LOCAL_PREF value for routes meeting the criteria of this route map. CONFIG-ROUTE-MAP mode set local-preference value 3 Return to CONFIGURATION mode. CONFIG-ROUTE-MAP mode exit 4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5 Apply the route map to the neighbor or peer group’s incoming or outgoing routes.
Changing the WEIGHT Attribute To change how the WEIGHT attribute is used, enter the first command. You can also use route maps to change this and other BGP attributes. For example, you can include the second command in a route map to specify the next hop address. • Assign a weight to the neighbor connection. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} weight weight • • weight: the range is from 0 to 65535. The default is 0. Sets weight for the route.
NOTE: Dell Networking OS supports up to 255 characters in a set community statement inside a route map. NOTE: You can create inbound and outbound policies. Each of the commands used for filtering has in and out parameters that you must apply. In Dell Networking OS, the order of preference varies depending on whether the attributes are applied for inbound updates or outbound updates.
• prefix-list-name: enter the name of a configured prefix list. • in: apply the prefix list to inbound routes. • out: apply the prefix list to outbound routes. As a reminder, the following are rules concerning prefix lists: • If the prefix list contains no filters, all routes are permitted. • If none of the routes match any of the filters in the prefix list, the route is denied. This action is called an implicit deny.
• out: apply the route map to outbound routes. To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. To view a route map configuration, use the show route-map command in EXEC Privilege mode. Filtering BGP Routes Using AS-PATH Information To filter routes based on AS-PATH information, use these commands. 1 Create a AS-PATH ACL and assign it a name. CONFIGURATION mode ip as-path access-list as-path-name 2 Create a AS-PATH ACL filter with a deny or permit action.
Configuring BGP Route Reflectors BGP route reflectors are intended for ASs with a large mesh; they reduce the amount of BGP control traffic. NOTE: Dell Networking recommends not using multipath and add path simultaneously in a route reflector. With route reflection configured properly, IBGP routers are not fully meshed within a cluster but all receive routing information.
Example of Viewing Aggregated Routes In the show ip bgp command, aggregates contain an ‘a’ in the first column (shown in bold) and routes suppressed by the aggregate contain an ‘s’ in the first column. Dell#show ip bgp BGP table version is 0, local router ID is 10.101.15.13 Status codes: s suppressed, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed, n - network Origin codes: i - IGP, e - EGP, ? - incomplete Network *> 7.0.0.0/29 *> 7.0.0.
• is withdrawn • is readvertised after being withdrawn • has an attribute change The constant router reaction to the WITHDRAWN and UPDATE notices causes instability in the BGP process. To minimize this instability, you may configure penalties (a numeric value) for routes that flap. When that penalty value reaches a configured limit, the route is not advertised, even if the route is up. In Dell Networking OS, that penalty value is 1024.
• • half-life: the range is from 1 to 45. Number of minutes after which the Penalty is decreased. After the router assigns a Penalty of 1024 to a route, the Penalty is decreased by half after the half-life period expires. The default is 15 minutes. • reuse: the range is from 1 to 20000. This number is compared to the flapping route’s Penalty value. If the Penalty value is less than the reuse value, the flapping route is once again advertised (or no longer suppressed). The default is 750.
<1-20000> Value to start reusing a route (default = 750) Dell(conf-router_bgp)#bgp dampening 2 2000 ? <1-20000> Value to start suppressing a route (default = 2000) Dell(conf-router_bgp)#bgp dampening 2 2000 3000 ? <1-255> Maximum duration to suppress a stable route (default = 60) Dell(conf-router_bgp)#bgp dampening 2 2000 3000 10 ? route-map Route-map to specify criteria for dampening To view a count of dampened routes, history routes, and penalized routes when you enable route dampening, look at the s
• keepalive: the range is from 1 to 65535. Time interval, in seconds, between keepalive messages sent to the neighbor routers. The default is 60 seconds. • holdtime: the range is from 3 to 65536. Time interval, in seconds, between the last keepalive message and declaring the router dead. The default is 180 seconds. To view non-default values, use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode.
neighbor {ip-address | peer-group-name} soft-reconfiguration inbound BGP stores all the updates received by the neighbor but does not reset the peer-session. Entering this command starts the storage of updates, which is required to do inbound soft reconfiguration. Outbound BGP soft reconfiguration does not require inbound soft reconfiguration to be enabled. Example of Soft-Reconfigration of a BGP Neighbor The example enables inbound soft reconfiguration for the neighbor 10.108.1.1.
Enabling MBGP Configurations Multiprotocol BGP (MBGP) is an enhanced BGP that carries IP multicast routes. BGP carries two sets of routes: one set for unicast routing and one set for multicast routing. The routes associated with multicast routing are used by the protocol independent multicast (PIM) to build data distribution trees. Dell Networking OS MBGP is implemented per RFC 1858. You can enable the MBGP feature per router and/or per peer/peer-group. The default is IPv4 Unicast routes.
Debugging BGP To enable BGP debugging, use any of the following commands. • View all information about BGP, including BGP events, keepalives, notifications, and updates. EXEC Privilege mode • debug ip bgp [ip-address | peer-group peer-group-name] [in | out] View information about BGP route being dampened. EXEC Privilege mode • debug ip bgp dampening [in | out] View information about local BGP state changes and other BGP events.
Storing Last and Bad PDUs Dell Networking OS stores the last notification sent/received and the last bad protocol data unit (PDU) received on a per peer basis. The last bad PDU is the one that causes a notification to be issued. In the following example, the last seven lines shown in bold are the last PDUs. Example of the show ip bgp neighbor Command to View Last and Bad PDUs Dell(conf-router_bgp)#do show ip bgp neighbors 1.1.1.2 BGP neighbor is 1.1.1.
Capturing PDUs To capture incoming and outgoing PDUs on a per-peer basis, use the capture bgp-pdu neighbor direction command. To disable capturing, use the no capture bgp-pdu neighbor direction command. The buffer size supports a maximum value between 40 MB (the default) and 100 MB. The capture buffers are cyclic and reaching the limit prompts the system to overwrite the oldest PDUs when new ones are received for a given neighbor or direction.
The following example shows how to view space requirements for storing all the PDUs. With full internet feed (205K) captured, approximately 11.8MB is required to store all of the PDUs. Dell(conf-router_bgp)#do show capture bgp-pdu neighbor 172.30.1.250 Incoming packet capture enabled for BGP neighbor 172.30.1.250 Available buffer size 29165743, 192991 packet(s) captured using 11794257 bytes [. . .] Dell(conf-router_bgp)#do sho ip bg s BGP router identifier 172.30.1.
Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int te 1/21/1 R1(conf-if-te-1/21/1)#ip address 10.0.1.21/24 R1(conf-if-te-1/21/1)#no shutdown R1(conf-if-te-1/21/1)#show config ! interface TengigabitEthernet 1/21/1 ip address 10.0.1.
R1(conf-if-te-1/31)#router bgp 99 R1(conf-router_bgp)#network 192.168.128.0/24 R1(conf-router_bgp)#neighbor 192.168.128.2 remote 99 R1(conf-router_bgp)#neighbor 192.168.128.2 no shut R1(conf-router_bgp)#neighbor 192.168.128.2 update-source loop 0 R1(conf-router_bgp)#neighbor 192.168.128.3 remote 100 R1(conf-router_bgp)#neighbor 192.168.128.3 no shut R1(conf-router_bgp)#neighbor 192.168.128.3 update-source loop 0 R1(conf-router_bgp)#show config ! router bgp 99 network 192.168.128.0/24 neighbor 192.168.128.
R3(conf)#int loop 0 R3(conf-if-lo-0)#ip address 192.168.128.3/24 R3(conf-if-lo-0)#no shutdown R3(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.3/24 no shutdown R3(conf-if-lo-0)#int te 3/11/1 R3(conf-if-te-3/11/1)#ip address 10.0.3.33/24 R3(conf-if-te-3/11/1)#no shutdown R3(conf-if-te-3/11/1)#show config ! interface TengigabitEthernet 3/11/1 ip address 10.0.3.33/24 no shutdown R3(conf-if-lo-0)#int te 3/21/1 R3(conf-if-te-3/21/1)#ip address 10.0.2.
neighbor 192.168.128.3 update-source Loopback 0 neighbor 192.168.128.3 no shutdown R1# R1#show ip bgp summary BGP router identifier 192.168.128.
! router bgp 99 network 192.168.128.0/24 neighbor AAA peer-group neighbor AAA no shutdown neighbor BBB peer-group neighbor BBB no shutdown neighbor 192.168.128.1 remote-as 99 neighbor 192.168.128.1 peer-group CCC neighbor 192.168.128.1 update-source Loopback 0 neighbor 192.168.128.1 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 peer-group BBB neighbor 192.168.128.3 update-source Loopback 0 neighbor 192.168.128.
5 opens, 0 notifications, 5 updates 83 keepalives, 0 route refresh requests Sent 99 messages, 0 in queue 5 opens, 4 notifications, 5 updates 85 keepalives, 0 route refresh requestsCapabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IP
9 Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 (L2) and Layer 3 (L3) forwarding information, access-lists (ACLs), flows, and routing policies. CAM Allocation CAM Allocation for Ingress To allocate the space for regions such has L2 ingress ACL, IPV4 ingress ACL, IPV6 ingress ACL, IPV4 QoS, L2 QoS, PBR, VRF ACL, and so forth, use the cam-acl command in CONFIGURATION mode.
CAM Allocation Setting vrfv4Acl 0 Openflow 0 fedgovacl 0 NOTE: When you reconfigure CAM allocation, use the nlbclusteracl number command to change the number of NLB ARP entries. The range is from 0 to 2. The default value is 0. At the default value of 0, eight NLB ARP entries are available for use. This platform supports upto 1024 CAM entries. Select 1 to configure 1024 entries. Select 2 to configure 2048 entries.
Dell(conf)# 1 Select a cam-acl action. CONFIGURATION mode cam-acl [default | l2acl] NOTE: Selecting default resets the CAM entries to the default settings. Select l2acl to allocate the desired space for all other regions. 2 Enter the number of FP blocks for each region.
View CAM Profiles To view the current CAM profile for the chassis and each component, use the show cam-profile command. This command also shows the profile that is loaded after the next chassis or component reload.
Ipv4Acl Ipv6Acl Ipv4Qos L2Qos L2PT IpMacAcl VmanQos VmanDualQos EcfmAcl FcoeAcl iscsiOptAcl ipv4pbr vrfv4Acl Openflow fedgovacl : : : : : : : : : : : : : : : 4 0 2 1 0 0 0 0 0 0 0 0 0 0 0 2 0 2 1 0 0 0 0 0 0 0 2 2 0 0 -- Stack unit 0 -Current Settings(in block sizes) Next Boot(in block sizes) 1 block = 128 entries L2Acl : 6 4 Ipv4Acl : 4 2 Ipv6Acl : 0 0 Ipv4Qos : 2 2 L2Qos : 1 1 L2PT : 0 0 IpMacAcl : 0 0 VmanQos : 0 0 VmanDualQos : 0 0 EcfmAcl : 0 0 FcoeAcl : 0 0 iscsiOptAcl : 0 0 ipv4pbr : 0 2 vrfv4Acl
vrfv4Acl Openflow fedgovacl : : : 0 0 0 -- Stack unit 0 -Current Settings(in block sizes) 1 block = 128 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 VmanDualQos : 0 EcfmAcl : 0 FcoeAcl : 0 iscsiOptAcl : 0 ipv4pbr : 0 vrfv4Acl : 0 Openflow : 0 fedgovacl : 0 -- Stack unit 7 -Current Settings(in block sizes) 1 block = 128 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 VmanDualQos : 0 EcfmAcl : 0 FcoeAcl :
| | | | | | | | | | Codes: * - cam usage Dell# IN-V6 ACL IN-L2 ACL OUT-L3 ACL OUT-V6 ACL OUT-L2 ACL is above 90%. | | | | | 0 768 158 158 206 | | | | | 0 0 5 0 7 | | | | | 0 768 153 158 199 CAM Optimization When you enable the CAM optimization, if a Policy Map containing classification rules (ACL and/or DSCP/ ipprecedence rules) is applied to more than one physical interface on the same port-pipe, only a single copy of the policy is written (only one FP entry is used).
A table-full error message is displayed once the number of entries is crossed the table size. Table-full message is generated only once when it crosses the threshold. For subsequent addition of entries, the tablefull message is not recorded you clear the table-full message. The table-full message is cleared internally when the number of entries is less than the table size.
hardware forwarding-table mode Dell(conf)#hardware forwarding-table mode ? scaled-l3-hosts Forwarding table mode for scaling L3 host entries scaled-l3-routes Forwarding table mode for scaling L3 route entries Dell(conf)# Dell(conf)#hardware forwarding-table mode scaled-l3-hosts Hardware forwarding-table mode is changed. Save the configuration and reload to take effect.
10 Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level.
The following illustration shows an example of the difference between having CoPP implemented and not having CoPP implemented. Figure 26. Control Plane Policing Figure 27.
Configure Control Plane Policing The system can process a maximum of 4200 packets per second (PPS). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though per protocol CoPP is applied. This happens because queue-based rate limiting is applied first. For example, border gateway protocol (BGP) and internet control message protocol (ICMP) share same queue (Q6); Q6 has 400 PPS of bandwidth by default.
CONFIGURATION mode ipv6 access-list name cpu-qos permit {bgp | icmp | vrrp} 4 Create a QoS input policy for the router and assign the policing. CONFIGURATION mode qos-policy-input name cpu-qos rate-police rate-police-value 5 Create a QoS class map to differentiate the control-plane traffic and assign to an ACL. CONFIGURATION mode class-map match-any name cpu-qos match {ip | mac | ipv6} access-group name 6 Create a QoS input policy map to match to the class-map and qos-policy for each desired protocol.
The following example shows creating the QoS input policy.
CONFIGURATION mode qos-policy-input name cpu-qos 2 Create an input policy-map to assign the QoS policy to the desired service queues.l. CONFIGURATION mode policy-map--input name cpu-qos service-queue queue-number qos-policy name 3 Enter Control Plane mode. CONFIGURATION mode control-plane-cpuqos 4 Assign a CPU queue-based service policy on the control plane in cpu-qos mode. Enabling this command sets the queue rates according to those configured.
Viewing Queue Rates Example of Viewing Queue Rates Dell#show cpu-queue rate cp Service-Queue Rate (PPS) -------------- ----------Q0 1300 Q1 300 Q2 300 Q3 300 Q4 2000 Q5 400 Q6 400 Q7 1100 Dell# Example of Viewing Queue Mapping To view the queue mapping for each configured protocol, use the show ip protocol-queue-mapping command.
Example of Viewing Queue Mapping for IPv6 Protocols Dell#show ipv6 protocol-queue-mapping Protocol Src-Port Dst-Port TcpFlag Queue EgPort Rate (kbps) --------------- -------- ------- ----- ------ ----------TCP (BGP) any/179 179/any _ Q6 CP _ ICMP any any _ Q6 CP _ VRRP any any _ Q7 CP _ Dell# Control Plane Policing (CoPP) 253
11 Data Center Bridging (DCB) Data center bridging (DCB) refers to a set of enhancements to Ethernet local area networks used in data center environments, particularly with clustering and storage area networks.
• • • Data center bridging exchange protocol (DCBx) Priority-based flow control (PFC) Enhanced transmission selection (ETS) To configure PFC, ETS, and DCBx for DCB, refer to Sample DCB Configuration for the CLI configurations. DCB refers to a set of IEEE Ethernet enhancements that provide data centers with a single, robust, converged network to support multiple traffic types, including local area network (LAN), server, and storage traffic.
• • 802.1Qau — Congestion Notification Data Center Bridging Exchange (DCBx) protocol NOTE: Dell Networking OS supports only the PFC, ETS, and DCBx features in data center bridging. Priority-Based Flow Control In a data center network, priority-based flow control (PFC) manages large bursts of one traffic type in multiprotocol links so that it does not affect other traffic types and no frames are lost due to congestion.
• • • • • • • • • • By default, PFC is enabled on an interface with no dot1p priorities configured. You can configure the PFC priorities if the switch negotiates with a remote peer using DCBx During DCBx negotiation with a remote peer: DCBx communicates with the remote peer by LLDP TLV to determine current policies, such as PFC support and ETS bandwidth allocation. If DCBx negotiation is not successful (for example, a version or TLV mismatch), DCBx is disabled and PFC or ETS cannot be enabled.
The following table lists the traffic groupings ETS uses to select multiprotocol traffic for transmission. Table 13. ETS Traffic Groupings Traffic Groupings Description Group ID A 4-bit identifier assigned to each priority group. The range is from 0 to 7 configurable; 8 - 14 reservation and 15.0 - 15.7 is strict priority group.. Group bandwidth Percentage of available bandwidth allocated to a priority group. Group transmission selection algorithm (TSA) Type of queue scheduling a priority group uses.
Data Center Bridging in a Traffic Flow The following figure shows how DCB handles a traffic flow on an interface. Figure 30. DCB PFC and ETS Traffic Handling Enabling Data Center Bridging DCB is automatically configured when you configure FCoE or iSCSI optimization. Data center bridging supports converged enhanced Ethernet (CEE) in a data center network. DCB is disabled by default. It must be enabled to support CEE.
To enable DCB with PFC buffers on a switch, enter the following commands, save the configuration, and reboot the system to allow the changes to take effect. 1 Enable DCB. CONFIGURATION mode dcb enable 2 Set PFC buffering on the DCB stack unit. CONFIGURATION mode Dell(conf)#dcb enable pfc-queues NOTE: Dell Networking OS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces. For more information, refer to Ethernet Pause Frames.
DCB map is applied. By default, PFC is not applied on specific 802.1p priorities; ETS assigns equal bandwidth to each 802.1p priority. As a result, PFC and lossless port queues are disabled on 802.1p priorities, and all priorities are mapped to the same priority queue and equally share the port bandwidth. • To change the ETS bandwidth allocation configured for a priority group in a DCB map, do not modify the existing DCB map configuration.
Configuring Priority-Based Flow Control Priority-Based Flow Control (PFC) provides a flow control mechanism based on the 802.1p priorities in converged Ethernet traffic received on an interface and is enabled by default when you enable DCB. As an enhancement to the existing Ethernet pause mechanism, PFC stops traffic transmission for specified priorities (Class of Service (CoS) values) without impacting other priority classes. Different traffic types are assigned to different priority classes.
Type, Length, Value (TLV) are supported. DCBx also validates PFC configurations that are received in TLVs from peer devices. NOTE: You cannot enable PFC and link-level flow control at the same time on an interface. Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is turned off. Prerequisite: A DCB with PFC configuration is applied to the interface with the following conditions: • • PFC mode is off (no pfc mode on).
The maximum number of lossless queues globally supported on the switch is two. The range is from 0 to 7. Separate the queue values with a comma; specify a priority range with a dash; for example, pfc no-drop queues 1,7 or pfc no-drop queues 2-7. The default: No lossless queues are configured. 3 Configure to drop the unknown unicast packets flooding on lossless priorities. CONFIGURATION mode pfc-nodrop-priority l2-dlf drop 4 View the packets drop count corresponding to the priority.
Configuring PFC in a DCB Map A switch supports the use of a DCB map in which you configure priority-based flow control (PFC) setting. To configure PFC parameters, you must apply a DCB map on an interface. PFC Configuration Notes PFC provides flow control based on the 802.1p priorities in a converged Ethernet traffic that is received on an interface and is enabled by default when you enable DCB.
• If you apply a DCB map with PFC disabled (pfc off), you can enable link-level flow control on the interface using the flowcontrol rx on tx on command. To delete the DCB map, first disable linklevel flow control. PFC is then automatically enabled on the interface because an interface is PFCenabled by default. • To ensure no-drop handling of lossless traffic, PFC allows you to configure lossless queues on a port (see Configuring Lossless Queues).
Step Task Command Command Mode slot/port /subport | fortygigabitEthernets lot/port} 2 Apply the DCB map on the Ethernet port to configure it with the PFC and ETS settings in the map; for example: dcb-map name INTERFACE Dell# interface tengigabitEthernet 1/1/1 Dell(config-if-te-1/1/1)# dcb-map SAN_A_dcb_map1 Repeat Steps 1 and 2 to apply a DCB map to more than one port.
Step Task Command Command Mode which is already configured for lossless queues (pfc no-drop queues command). Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is disabled in a DCB map, apply the map on the interface. The configuration of no-drop queues provides flexibility for ports on which PFC is not needed, but lossless traffic should egress from the interface.
• If you configure lossless queues on an interface that already has a DCB map with PFC enabled (pfc on), an error message is displayed. Table 16. Configuring Lossless Queues on a Port Interface Step Task Command Command Mode 1 Enter INTERFACE Configuration mode. interface {tengigabitEthernet slot/port /subport | fortygigabitEthernet slot/port} CONFIGURATION 2 Open a DCB map and enter DCB map configuration mode. dcb-map name INTERFACE 3 Disable PFC.
Pause and Resume of Traffic The pause message is used by the sending device to inform the receiving device about a congested, heavilyloaded traffic state that has been identified. When the interface of a sending device transmits a pause frame, the recipient acknowledges this frame by temporarily halting the transmission of data packets. The sending device requests the recipient to restart the transmission of data traffic when the congestion eases and reduces.
This default behavior is impacted if you modify the total buffer available for PFC or assign static buffer configurations to the individual PFC queues. Behavior of Tagged Packets The below is example for enabling PFC for priority 2 for tagged packets. Priority (Packet Dot1p) 2 will be mapped to PG6 on PRIO2PG setting. All other Priorities for which PFC is not enabled are mapped to default PG – PG7.
2 Associate above class-maps to Queues Queue assignment as below. Table 17. Queue Assignments Internalpriority 0 1 2 3 4 5 6 7 Queue 0 0 0 1 2 3 3 3 3 Dot1p->Queue Mapping Configuration is retained at the default value. 4 Interface Configurations on server connected ports. a Enable DCB globally. Dell(conf)#dcb enable b Apply PFC Priority configuration. Configure priorities on which PFC is enabled.
dellNetFpStatsPerP This table fetches the Allocated Min cells, Shared cells, and Headroom cells per Priority gTable Group, the mode in which the buffer cells are allocated — Static or Dynamic and the Used Min Cells, Shared cells and Headroom cells per Priority Group. The table fetches a value of 0 if the mode of allocation is Static and a value of 1 if the mode of allocation is Dynamic. This table lists thestack-unit number, port number and priority group number.
Table 18. Priority to Queue Mapping Internalpriority 0 1 2 3 4 5 6 7 Queue 2 0 1 3 4 5 6 7 Default dot1p to queue configuration is as follows: Table 19. Dot1p to Queue Mapping PacketDot1p 0 1 2 3 4 5 6 7 Queue 2 0 1 3 4 5 6 7 PFC and ETS Configuration Examples This section contains examples of how to configure and apply DCB policies on an interface.
The packets that come in with packet-dot1p 2 alone will use Q1 (as per dot1p to Queue classification – Table 2) on the egress port. • When Peer sends a PFC message for Priority 2, based on above PRIO2COS table (TABLE 2), Queue 1 is halted. • Queue 1 starts buffering the packets with Dot1p 2. This causes PG6 buffer counter to increase on the ingress, since P-dot1p 2 is mapped to PG6. • As the PG6 watermark threshold is reached, PFC will be generated for dot1p 2.
Creating an ETS Priority Group An ETS priority group specifies the range of 802.1p priority traffic to which a QoS output policy with ETS settings is applied on an egress interface. 1 Configure a DCB Map. CONFIGURATION mode dcb-map dcb-map-name The dcb-map-name variable can have a maximum of 32 characters. 2 Create an ETS priority group. CONFIGURATION mode priority-group group-num {bandwidth bandwidth | strict-priority} pfc off The range for priority group is from 0 to 7. Set the bandwidth in percentage.
Dell Networking OS Behavior: A priority group consists of 802.1p priority values that are grouped for similar bandwidth allocation and scheduling, and that share latency and loss requirements. All 802.1p priorities mapped to the same queue must be in the same priority group. Configure all 802.1p priorities in priority groups associated with an ETS output policy. You can assign each dot1p priority to only one priority group. By default, all 802.
Configuring Bandwidth Allocation for DCBx CIN After you apply an ETS output policy to an interface, if the DCBx version used in your data center network is CIN, you may need to configure a QoS output policy to overwrite the default CIN bandwidth allocation. This default setting divides the bandwidth allocated to each port queue equally between the dot1p priority traffic assigned to the queue.
Configuring ETS in a DCB Map A switch supports the use of a DCB map in which you configure enhanced transmission selection (ETS) setting. To configure ETS parameters, you must apply a DCB map on an interface. ETS Configuration Notes ETS provides a way to optimize bandwidth allocation to outbound 802.1p classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, you can create groups within an 802.
ETS Prerequisites and Restrictions On a switch, ETS is enabled by default on Ethernet ports with equal bandwidth assigned to each 802.1p priority. You can change the default ETS configuration only by using a DCB map.
Priority group 3 Assigns traffic to two priority queues with 50% of the link bandwidth and strict-priority scheduling. In this example, the configured ETS bandwidth allocation and scheduler behavior is as follows: Unused bandwidth Normally, if there is no traffic or unused bandwidth for a priority group, the bandwidth usage: allocated to the group is distributed to the other priority groups according to the bandwidth percentage allocated to each group.
Configure a DCBx Operation DCB devices use data center bridging exchange protocol (DCBx) to exchange configuration information with directly connected peers using the link layer discovery protocol (LLDP) protocol. DCBx can detect the misconfiguration of a peer DCB device, and optionally, configure peer DCB devices with DCB feature settings to ensure consistent operation in a data center network.
source) receives and overwrites its configuration with internally propagated information, one of the following actions is taken: Auto-downstream • If the peer configuration received is compatible with the internally propagated port configuration, the link with the DCBx peer is enabled. • If the received peer configuration is not compatible with the currently configured port configuration, the link with the DCBx peer port is disabled and a syslog message for an incompatible configuration is generated.
propagate internal or external configurations. Unlike other user-configured ports, the configuration of DCBx ports in Manual mode is saved in the running configuration. On a DCBx port in a manual role, all PFC, application priority, ETS recommend, and ETS configuration TLVs are enabled.
Configuration Source Election When an auto-upstream or auto-downstream port receives a DCB configuration from a peer, the port first checks to see if there is an active configuration source on the switch. • If a configuration source already exists, the received peer configuration is checked against the local port configuration. If the received configuration is compatible, the DCBx marks the port as DCBx-enabled.
Auto-Detection and Manual Configuration of the DCBx Version When operating in Auto-Detection mode (the DCBx version auto command), a DCBx port automatically detects the DCBx version on a peer port. Legacy CIN and CEE versions are supported in addition to the standard IEEE version 2.5 DCBx. A DCBx port detects a peer version after receiving a valid frame for that version.
The internal ports (ports 1-32) connected to the 10GbE backplane are configured as auto-downstream ports. Figure 31.
interface type slot/port/subport 2 Enter LLDP Configuration mode to enable DCBx operation. INTERFACE mode [no] protocol lldp 3 Configure the DCBx version used on the interface, where: auto configures the port to operate using the DCBx version received from a peer. PROTOCOL LLDP mode [no] DCBx version {auto | cee | cin | ieee-v2.5} • cee: configures the port to use CEE (Intel 1.01). • cin: configures the port to use Cisco-Intel-Nuova (DCBx 1.0). • ieee-v2.5: configures the port to use IEEE 802.
PROTOCOL LLDP mode [no] advertise DCBx-appln-tlv {fcoe | iscsi} • fcoe: enables the advertisement of FCoE in Application Priority TLVs. • iscsi: enables the advertisement of iSCSI in Application Priority TLVs. The default is Application Priority TLVs are enabled to advertise FCoE and iSCSI. NOTE: To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-appln-tlv iscsi.
• pfc: enables transmission of PFC TLVs. NOTE: You can configure the transmission of more than one TLV type at a time. You can only enable ETS recommend TLVs (ets-reco) if you enable ETS configuration TLVs (ets-conf). To disable TLV transmission, use the no form of the command; for example, no advertise DCBxtlv pfc ets-reco. The default is All TLV types are enabled. 5 Configure the Application Priority TLVs that advertise on unconfigured interfaces with a manual portrole.
in a DCBx TLV from a remote peer but received a different, conflicting DCBx version. DSM_DCBx_PFC_PARAMETERS_MATCH and DSM_DCBx_PFC_PARAMETERS_MISMATCH: A local DCBx port received a compatible (match) or incompatible (mismatch) PFC configuration from a peer. DSM_DCBx_ETS_PARAMETERS_MATCH and DSM_DCBx_ETS_PARAMETERS_MISMATCH: A local DCBx port received a compatible (match) or incompatible (mismatch) ETS configuration from a peer.
Command Output show interface port-type pfc {summary | detail} Displays the PFC configuration applied to ingress traffic on an interface, including priorities and link delay. To clear PFC TLV counters, use the clear pfc counters interface port-type slot/port command. show interface port-type pfc statistics Displays counters for the PFC frames received and transmitted (by dot1p priority class) on an interface. You can use the show interface pfc statistics command even without enabling DCB on the system.
State :Complete PfcMode:ON -------------------PG:0 TSA:ETS BW:50 PFC:OFF Priorities:0 1 2 5 6 7 PG:1 TSA:ETS BW:50 Priorities:3 4 PFC:ON The following example shows the show interfaces pfc summary command.
Table 21. show interface pfc summary Command Description Fields Description Interface Interface type with stack-unit and port number. Admin mode is on; Admin is enabled PFC Admin mode is on or off with a list of the configured PFC priorities . When PFC admin mode is on, PFC advertisements are enabled to be sent and received from peers; received PFC configuration takes effect. The admin operational status for a DCBx exchange of PFC configuration is enabled or disabled.
Fields Description Application Priority TLV: Local FCOE Priority Map Priority bitmap used by local DCBx port in FCoE advertisements in application priority TLVs. Application Priority TLV: Local ISCSI Priority Map Priority bitmap used by local DCBx port in ISCSI advertisements in application priority TLVs. Application Priority TLV: Remote FCOE Priority Map Status of FCoE advertisements in application priority TLVs from remote peer port: enabled or disabled.
6 7 - - - - - - Remote Parameters : ------------------Remote is disabled Local Parameters : -----------------Local is enabled PG-grp Priority# BW-% BW-COMMITTED BW-PEAK TSA % Rate(Mbps) Burst(KB) Rate(Mbps) Burst(KB) ---------------------------------------------------------------------------------0 3 25 ETS 1 4 25 ETS 2 0,1,2,5,6,7 50 ETS 3 4 5 6 7 Oper status is init ETS DCBX Oper status is Down Reason: Port Shutdown State Machine Type is Asymmetric Conf TLV Tx Status is enabled Reco TLV Tx Status
Local Parameters : -----------------Local is enabled TC-grp Priority# 0 0,1,2,3,4,5,6,7 1 2 3 4 5 6 7 Bandwidth 100% 0% 0% 0% 0% 0% 0% 0% Priority# Bandwidth 0 13% 1 13% 2 13% 3 13% 4 12% 5 12% 6 12% 7 12% Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled 0 Input Conf TLV Pkts, 0 Output Conf TLV 0 Input Traffic Class TLV Pkts, 0 Output Class TLV Pkts TSA ETS ETS ETS ETS ETS ETS ETS ETS TSA ETS ETS ETS ETS ETS ETS ETS ETS Pkts, 0 Error Conf TLV Pkts Traffic Class
Field Description Operational status (local port) Port state for current operational ETS configuration: • • • Init: Local ETS configuration parameters were exchanged with peer. Recommend: Remote ETS configuration parameters were received from peer. Internally propagated: ETS configuration parameters were received from configuration source. ETS DCBx Oper status Operational status of ETS configuration on local port: match or mismatch.
0 1 2 3 4 5 6 7 8 0,1,2,3,4,5,6,7 100% - ETS - Stack unit 2 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters: -------------------Admin is enabled TC-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3,4,5,6,7 100% ETS 1 2 3 4 5 6 7 8 The following example shows the show interface DCBx detail command (IEEE).
P-PFC Configuration TLV enabled p-PFC Configuration TLV disabled F-Application priority for FCOE enabled f-Application Priority for FCOE disabled I-Application priority for iSCSI enabled i-Application Priority for iSCSI disabled ----------------------------------------------------------------------Interface TenGigabitEthernet 1/14/1 Remote Mac Address 00:01:e8:8a:df:a0 Port Role is Auto-Upstream DCBx Operational Status is Enabled Is Configuration Source? FALSE Local DCBx Compatibility mode is CEE Local DCBx
Field Description Local DCBx Configured mode DCBx version configured on the port: CEE, CIN, IEEE v2.5, or Auto (port auto-configures to use the DCBx version received from a peer). Peer Operating version DCBx version that the peer uses to exchange DCB parameters. Local DCBx TLVs Transmitted Transmission status (enabled or disabled) of advertised DCB TLVs (see TLV code at the top of the show command output). Local DCBx Status: DCBx Operational Version DCBx version advertised in Control TLVs.
Honor dot1p You can honor dot1p priorities in ingress traffic at the port or global switch level (refer to Default dot1p to Queue Mapping) using the service-class dynamic dot1p command in INTERFACE configuration mode. Layer 2 class maps You can use dot1p priorities to classify traffic in a class map and apply a service policy to an ingress port to map traffic to egress queues. NOTE: Dell Networking does not recommend mapping all ingress traffic to a single queue when using PFC and ETS.
For each priority, you can specify the shared buffer threshold limit, the ingress buffer size, buffer limit for pausing the acceptance of packets, and the buffer offset limit for resuming the acceptance of received packets.
• One lossless queue is used. Figure 32. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment.
dot1p Value in the Incoming Frame Priority Group Assignment 1 LAN 2 LAN 3 SAN 4 IPC 5 LAN 6 LAN 7 LAN The following describes the priority group-bandwidth assignment. Priority Group Bandwidth Assignment IPC 5% SAN 50% LAN 45% PFC and ETS Configuration Command Examples The following examples show PFC and ETS configuration commands to manage your data center traffic.
12 Dynamic Host Configuration Protocol (DHCP) DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators.
specify the parameters that they require, and the server sends only those parameters. Some common options are shown in the following illustration. Figure 33. DHCP packet Format The following table lists common DHCP options. Option Number and Description Subnet Mask Option 1 Specifies the client’s subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client’s default gateway.
Option Number and Description Clients use this option to tell the server which parameters it requires. It is a series of octets where each octet is DHCP option code. Renewal Time Option 58 Specifies the amount of time after the IP address is granted that the client attempts to renew its lease with the original server. Rebinding Time Option 59 Specifies the amount of time after the IP address is granted that the client attempts to renew its lease with any server, if the original server does not respond.
There are additional messages that are used in case the DHCP negotiation deviates from the process previously described and shown in the illustration below. DHCPDECLINE A client sends this message to the server in response to a DHCPACK if the configuration parameters are unacceptable; for example, if the offered address is already in use. In this case, the client starts the configuration process over by sending a DHCPDISCOVER.
• Dell Networking OS provides 40000 entries that can be divided between leased addresses and excluded addresses. By extension, the maximum number of pools you can configure depends on the subnet mask that you give to each pool. For example, if all pools were configured for a /24 mask, the total would be 40000/253 (approximately 158). If the subnet is increased, more pools can be configured. The maximum subnet that can be configured for a single pool is /17.
Configuring the Server for Automatic Address Allocation Automatic address allocation is an address assignment method by which the DHCP server leases an IP address to a client from a pool of available addresses. An address pool is a range of IP addresses that the DHCP server may assign. The subnet number indexes the address pools. To create an address pool, follow these steps. 1 Access the DHCP server CLI context. CONFIGURATION mode ip dhcp server 2 Create an address pool and give it a name.
Related Configuration Tasks • Configure a Method of Hostname Resolution • Creating Manual Binding Entries • Debugging the DHCP Server • Using DHCP Clear Commands Excluding Addresses from the Address Pool The DHCP server assumes that all IP addresses in a DHCP address pool are available for assigning to DHCP clients. You must specify the IP address that the DHCP server should not assign to clients. To exclude an address, follow this step. • Exclude an address range from DHCP assignment.
Using DNS for Address Resolution A domain is a group of networks. DHCP clients query DNS IP servers when they need to correlate host names to IP addresses. 1 Create a domain. DHCP domain-name name 2 Specify in order of preference the DNS servers that are available to a DHCP client.
pool name 2 Specify the client IP address. DHCP host address 3 Specify the client hardware address. DHCP hardware-address hardware-address type • hardware-address: the client MAC address. • type: the protocol of the hardware platform. The default protocol is Ethernet. Debugging the DHCP Server To debug the DHCP server, use the following command. • Display debug information for DHCP server.
• The switch can obtain a dynamically assigned IP address from a DHCP server. A start-up configuration is not received. Use bare metal provisioning (BMP) to receive configuration parameters (Dell Networking OS version and a configuration file). BMP is enabled as a factory-default setting on a switch. A switch cannot operate with BMP and as a DHCP client simultaneously. To disable BMP in EXEC mode, use the stop bmp command. After BMP stops, the switch acts as a DHCP client.
To manually configure a static IP address on an interface, use the ip address command. A prompt displays to release an existing dynamically acquired IP address. If you confirm, the ability to receive a DHCP serverassigned IP address is removed. To enable acquiring a dynamic IP address from a DHCP server on an interface configured with a static IP address, use the ip address dhcp command. A prompt displays to confirm the IP address reconfiguration.
DHCP Client on a Management Interface These conditions apply when you enable a management interface to operate as a DHCP client. • The management default route is added with the gateway as the router IP address received in the DHCP ACK packet. It is required to send and receive traffic to and from other subnets on the external network. The route is added irrespective when the DHCP client and server are in the same or different subnets.
VLAN and Port Channels DHCP client configuration and behavior are the same on Virtual LAN (VLAN) and port-channel (LAG) interfaces as on a physical interface.
• stack group ID The received stacking configuration is always applied on the master stack unit. option #230 "unit-number:3#priority:2#stack-group:14" Configure Secure DHCP DHCP as defined by RFC 2131 provides no authentication or security mechanisms. Secure DHCP is a suite of features that protects networks that use dynamic address allocation from spoofing and attacks.
• Manually reset the remote ID for Option 82. CONFIGURATION mode ip dhcp relay information-option remote-id DHCP Snooping DHCP snooping protects networks from spoofing. In the context of DHCP snooping, ports are either trusted or not trusted. By default, all ports are not trusted. Trusted ports are ports through which attackers cannot connect. Manually configure ports connected to legitimate servers and relay agents as trusted.
INTERFACE mode INTERFACE PORT EXTENDER mode ip dhcp snooping trust 3 Enable DHCP snooping on a VLAN. CONFIGURATION mode ip dhcp snooping vlan name Enabling IPv6 DHCP Snooping To enable IPv6 DHCP snooping, use the following commands. 1 Enable IPv6 DHCP snooping globally. CONFIGURATION mode ipv6 dhcp snooping 2 Specify ports connected to IPv6 DHCP servers as trusted. INTERFACE mode ipv6 dhcp snooping trust 3 Enable IPv6 DHCP snooping on a VLAN or range of VLANs.
EXEC Privilege mode clear ip dhcp snooping binding Clearing the DHCP IPv6 Binding Table To clear the DHCP IPv6 binding table, use the following command. • Delete all of the entries in the binding table. EXEC Privilege mode clear ipv6 dhcp snooping binding Dell# clear ipv6 dhcp snooping? binding Clear the snooping binding database Displaying the Contents of the Binding Table To display the contents of the binding table, use the following command. • Display the contents of the binding table.
Displaying the Contents of the DHCPv6 Binding Table To display the contents of the DHCP IPv6 binding table, use the following command. • Display the contents of the binding table. EXEC Privilege mode show ipv6 dhcp snooping biniding Example of the show ipv6 dhcp snooping binding Command View the DHCP snooping statistics with the show ipv6 dhcp snooping command.
Codes : S - Static D - Dynamic IP Address MAC Address Expires(Sec) Type VLAN Interface ================================================================ 10.1.1.251 00:00:4d:57:f2:50 172800 D Vl 10 Te 1/2/1 10.1.1.252 00:00:4d:57:e6:f6 172800 D Vl 10 Te 1/1/1 10.1.1.253 00:00:4d:57:f8:e8 172740 D Vl 10 Te 1/3/1 10.1.1.
NOTE: Dynamic ARP inspection (DAI) uses entries in the L2SysFlow CAM region, a sub-region of SystemFlow. One CAM entry is required for every DAI-enabled VLAN. You can enable DAI on up to 16 VLANs on a system. However, the ExaScale default CAM profile allocates only nine entries to the L2SysFlow region for DAI. You can configure 10 to 16 DAI-enabled VLANs by allocating more CAM space to the L2SysFlow region before enabling DAI. SystemFlow has 102 entries by default.
Valid ARP Replies Invalid ARP Requests Invalid ARP Replies Dell# : 1000 : 1000 : 0 Bypassing the ARP Inspection You can configure a port to skip ARP inspection by defining the interface as trusted, which is useful in multiswitch environments. ARPs received on trusted ports bypass validation against the binding table. All ports are untrusted by default. To bypass the ARP inspection, use the following command. • Specify an interface as trusted so that ARPs are not validated against the binding table.
impostering as a legitimate client, the source address appears on the wrong ingress port and the system drops the packet. If the IP address is fake, the address is not on the list of permissible addresses for the port and the packet is dropped. Similarly, if the IP address does not belong to the permissible VLAN, the packet is dropped. To enable IP source address validation, use the following command.
copy running-config startup-config 3 Reload the system. EXEC Privilege reload 4 Do one of the following. • Enable IP+MAC SAV. INTERFACE mode ip dhcp source-address-validation ipmac • Enable IP+MAC SAV with VLAN option. INTERFACE mode ip dhcp source-address-validation ipmac vlan vlan-id Dell Networking OS creates an ACL entry for each IP+MAC address pair and optionally with its VLAN ID in the binding table and applies it to the interface.
Clearing the Number of SAV Dropped Packets To clear the number of SAV dropped packets, use the clear ip dhcp snooping source-addressvalidation discard-counters command. Dell>clear ip dhcp snooping source-address-validation discard-counters To clear the number of SAV dropped packets on a particular interface, use the clear ip dhcp snooping source-address-validation discard-counters interface interface command.
13 Equal Cost Multi-Path (ECMP) This chapter describes configuring ECMP. This chapter describes configuring ECMP. ECMP for Flow-Based Affinity ECMP for flow-based affinity includes link bundle monitoring. Configuring the Hash Algorithm TeraScale has one algorithm that is used for link aggregation groups (LAGs), ECMP, and NH-ECMP, and ExaScale can use three different algorithms for each of these features. To adjust the ExaScale behavior to match TeraScale, use the following command.
• Enable IPv6 Deterministic ECMP next hop. CONFIGURATION mode. ipv6 ecmp-deterministic Configuring the Hash Algorithm Seed Deterministic ECMP sorts ECMPs in order even though RTM provides them in a random order. However, the hash algorithm uses as a seed the lower 12 bits of the chassis MAC, which yields a different hash result for every chassis. This behavior means that for a given flow, even though the prefixes are sorted, two unrelated chassis can select different hops.
utilization calculation performs when the utilization of the link-bundle (not a link within a bundle) exceeds 60%. Enable link bundle monitoring using the ecmp-group command. NOTE: An ecmp-group index is generated automatically for each unique ecmp-group when you configure multipath routes to the same network. The system can generate a maximum of 512 unique ecmp-groups. The ecmp-group indexes are generated in even numbers (0, 2, 4, 6... 1022) and are for information only.
Creating an ECMP Group Bundle Within each ECMP group, you can specify an interface. If you enable monitoring for the ECMP group, the utilization calculation is performed when the average utilization of the link-bundle (as opposed to a single link within the bundle) exceeds 60%. 1 Create a user-defined ECMP group bundle. CONFIGURATION mode ecmp-group ecmp-group-id The range is from 1 to 64. 2 Add interfaces to the ECMP group bundle.
Viewing an ECMP Group NOTE: An ecmp-group index is generated automatically for each unique ecmp-group when you configure multipath routes to the same network. The system can generate a maximum of 512 unique ecmp-groups. The ecmp-group indices are generated in even numbers (0, 2, 4, 6... 1022) and are for information only. You can configure ecmp-group with id 2 for link bundle monitoring.
The output of show IPv6 cam command has been enhanced to include the ECMP field in the Neighbor table of Ipv6 CAM. The sample output is displayed as follows, which is similar to the prefix table.
14 FIP Snooping The Fibre Channel over Ethernet (FCoE) Transit feature is supported on Ethernet interfaces. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces or in a switch stack.
To ensure similar Fibre Channel robustness and security with FCoE in an Ethernet cloud network, FIP establishes virtual point-to-point links between FCoE end-devices (server ENodes and target storage devices) and FCoE forwarders (FCFs) over transit FCoE-enabled bridges. Ethernet bridges commonly provide ACLs that can emulate a point-to-point link by providing the traffic enforcement required to create a Fibre Channel-level of robustness.
FIP Function Description Logout On receiving a FLOGI packet, FSB deletes all existing sessions from the ENode to the FCF. Figure 35. FIP Discovery and Login Between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF.
Dynamic ACL generation on the switch operating as a FIP snooping bridge function as follows: Port-based ACLs These ACLs are applied on all three port modes: on ports directly connected to an FCF, server-facing ENode ports, and bridge-to-bridge links. Port-based ACLs take precedence over global ACLs. FCoE-generated ACLs These take precedence over user-configured ACLs. A user-configured ACL entry cannot deny FCoE and FIP snooping frames.
The following illustration shows a switch used as a FIP snooping bridge in a converged Ethernet network. The top-of-rack (ToR) switch operates as an FCF for FCoE traffic. The switch operates as a lossless FIP snooping bridge to transparently forward FCoE frames between the ENode servers and the FCF switch. Figure 36. FIP Snooping on a Dell Networking Switch The following sections describe how to configure the FIP snooping feature on a switch: • • • Allocate CAM resources for FCoE.
• To provide more port security on ports that are directly connected to an FCF and have links to other FIP snooping bridges, set the FCF or Bridge-to-Bridge Port modes. • To ensure that they are operationally active, check FIP snooping-enabled VLANs. • Process FIP VLAN discovery requests and responses, advertisements, solicitations, FLOGI/FDISC requests and responses, FLOGO requests and responses, keep-alive packets, and clear virtual-link messages.
• create the VLANs on the switch which handles FCoE traffic (use the interface vlan command). • configure each FIP snooping port to operate in Hybrid mode so that it accepts both tagged and untagged VLAN frames (use the portmode hybrid command). • configure tagged VLAN membership on each FIP snooping port that sends and receives FCoE traffic and has links with an FCF, ENode server, or another FIP snooping bridge (use the tagged port-type slot/port command).
fedgovacl : nlbclusteracl: 0 0 st-sjc-s5000-29# Enabling the FCoE Transit Feature The following sections describe how to enable FCoE transit. NOTE: FCoE transit is disabled by default. To enable this feature, you must follow the Configure FIP Snooping. As soon as you enable the FCoE transit feature on a switch-bridge, existing VLAN-specific and FIP snooping configurations are applied.
Configure a Port for a Bridge-to-Bridge Link If a switch port is connected to another FIP snooping bridge, configure the FCoE-Trusted Port mode for bridge-bridge links. Initially, all FCoE traffic is blocked. Only FIP frames with the ALL_FCF_MAC and ALL_ENODE_MAC values in their headers are allowed to pass. After the switch learns the MAC address of a connected FCF, it allows FIP frames destined to or received from the FCF MAC address.
Impact Description FIP snooping in ENode or FCF mode, the ENode/FCF MAC-based ACLs are deleted. FIP Snooping Restrictions The following restrictions apply when you configure FIP snooping. • The maximum number of FCoE VLANs supported on the switch is eight. • The maximum number of FIP snooping sessions supported per ENode server is 32. To increase the maximum number of sessions to 64, use the fip-snooping max-sessions-per-enodemac command.
6 Configure the port for bridge-to-FCF links. INTERFACE mode or CONFIGURATION mode fip-snooping port-mode fcf NOTE: To disable the FCoE transit feature or FIP snooping on VLANs, use the no version of a command; for example, no feature fip-snooping or no fip-snooping enable. Displaying FIP Snooping Information Use the following show commands to display information on FIP snooping. Table 28.
Command Output show fip-snooping vlan Displays information on the FCoE VLANs on which FIP snooping is enabled. Examples of the show fip-snooping Commands The following example shows the show fip-snooping sessions command.
The following example shows the show fip-snooping enode command. Dell# show fip-snooping enode Enode MAC Enode Interface FCF MAC VLAN FC-ID ----------------------- ---------- ----d4:ae:52:1b:e3:cd Te 1/11/1 54:7f:ee:37:34:40 100 62:00:11 The following table describes the show fip-snooping enode command fields. Table 30. show fip-snooping enode Command Description Field Description ENode MAC MAC address of the ENode. ENode Interface Slot/port number of the interface connected to the ENode.
Number of Vlan Notifications Number of Multicast Discovery Solicits Number of Unicast Discovery Solicits Number of FLOGI Number of FDISC Number of FLOGO Number of Enode Keep Alive Number of VN Port Keep Alive Number of Multicast Discovery Advertisement Number of Unicast Discovery Advertisement Number of FLOGI Accepts Number of FLOGI Rejects Number of FDISC Accepts Number of FDISC Rejects Number of FLOGO Accepts Number of FLOGO Rejects Number of CVL Number of FCF Discovery Timeouts Number of VN Port Session
Number Number Number Number Number Number of of of of of of FLOGO Accepts FLOGO Rejects CVL FCF Discovery Timeouts VN Port Session Timeouts Session failures due to Hardware Config :0 :0 :0 :0 :0 :0 The following table describes the show fip-snooping statistics command fields. Table 32. show fip-snooping statistics Command Descriptions Field Description Number of VLAN Requests Number of FIP-snooped VLAN request frames received on the interface.
Field Description Number of FLOGO Accepts Number of FIP FLOGO accept frames received on the interface. Number of FLOGO Rejects Number of FIP FLOGO reject frames received on the interface. Number of CVLs Number of FIP clear virtual link frames received on the interface. Number of FCF Discovery Timeouts Number of FCF discovery timeouts that occurred on the interface. Number of VN Port Session Timeouts Number of VN port session timeouts that occurred on the interface.
FCoE Transit Configuration Example The following illustration shows a switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 37. Configuration Example: FIP Snooping on a Switch In this example, DCBx and PFC are enabled on the FIP snooping bridge and on the FCF ToR switch.
Example of Enabling FIP Snooping on the FCoE VLAN Dell(conf)# interface vlan 10 Dell(conf-if-vl-10)# fip-snooping enable Example of Enabling an FC-MAP Value on a VLAN Dell(conf-if-vl-10)# fip-snooping fc-map 0xOEFC01 NOTE: Configuring an FC-MAP value is only required if you do not use the default FC-MAP value (0x0EFC00).
15 Flex Hash and Optimized Boot-Up This chapter describes the Flex Hash and fast-boot enhancements. Topics: • Flex Hash Capability Overview • Configuring the Flex Hash Mechanism • Configuring Fast Boot and LACP Fast Switchover • Optimizing the Boot Time • Interoperation of Applications with Fast Boot and System States • RDMA Over Converged Ethernet (RoCE) Overview • Preserving 802.
Configuring the Flex Hash Mechanism The flex hash functionality enables you to configure a packet search key and matches packets based on the search key. When a packet matches the search key, two 16-bit hash fields are extracted from the start of the L4 header and provided as inputs (bins 2 and 3) for RTAG7 hash computation. You must specify the offset of hash fields from the start of the L4 header, which contains a flow identification field. 1 In Dell Networking OS Release 9.3(0.
has no effect. If you configure the optimized booting-time capability and perform a reload of the system, the LACP application sends PDUs across all the active LACP links immediately. INTERFACE (conf-if-po-number) mode Dell(conf-if-po-number)#lacp fast-switchover Optimizing the Boot Time You can reduce the booting time of a switch by using the fast boot feature.
from Release 9.3(0.0) to an earlier release that does not support the fast boot functionality because the system behavior is unexpected and undefined. • Fast boot uses the Symmetric Multiprocessing (SMP) utility that is enabled on the Intel CPU on the device to enhance the speed of the system startup. SMP is supported on the device.
Interoperation of Applications with Fast Boot and System States This functionality is supported on the platform. The following sections describe the application behavior when fast boot functionality is enabled: LACP and IPv4 Routing Prior to the system restart, the system implements the following changes when you perform a fast boot: The system saves all dynamic ARP entries to a database on the flash drive.
quickly as possible. At the same time, the entries are changed to an initial (“incomplete”) state so that they are refreshed (and flushed, if not learnt again). The database on the flash is also deleted immediately. • To ensure that the adjacent systems do not time out and purge their ND cache entries, the age-out time or the reachable time for ND cache entries must be configured to be as high as necessary. Dell recommends that you configure the reachable timer to be 90 seconds or longer.
Software Upgrade When fast boot is used to upgrade the system to a release that supports fast boot, the system enables the restoration of dynamic ARP or ND databases that were maintained in the older release from when you performed the upgrade and the ARP and ND applications identify that the system has been booted using fast boot. LACP Fast Switchover For fast boot, the operation of LACP has been optimized.
best path to each destination and delays installation of additional ECMP paths until a minimum of 30 seconds has elapsed from the time the first BGP peer is established. Once this time has elapsed, all routes in the BGP RIB are processed for additional paths. While the above change will ensure that at least one path to each destination gets into the FIB as quickly as possible, it does prevent additional paths from being used even if they are available. This downside has been deemed to be acceptable.
You can configure a physical interface or a Layer 3 Port Channel interface as a lite subinterface. When you configure a lite subinterface, only tagged IP packets with VLAN encapsulation are processed and routed. All other data packets are discarded. A normal Layer 3 physical interface processes only untagged packets and makes routing decisions based on the default Layer 3 VLAN ID (4095). To enable routing of RRoCE packets, the VLAN ID is mapped to the default VLAN ID of 4095 using VLAN translation.
16 Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimizations, STP can take up to 50 seconds to converge (depending on the size of network and node of failure) and may require 4 to 5 seconds to reconverge.
Each Transit node is also configured with a Primary port and a Secondary port on the ring, but the port distinction is ignored as long as the node is configured as a Transit node. If the ring is complete, the Master node logically blocks all data traffic in the transmit and receive directions on the Secondary port to prevent a loop. If the Master node detects a break in the ring, it unblocks its Secondary port and allows data traffic to be transmitted and received through it.
During the time between the Transit node detecting that its link is restored and the Master node detecting that the ring is restored, the Master node’s Secondary port is still forwarding traffic. This can create a temporary loop in the topology. To prevent this, the Transit node places all the ring ports transiting the newly restored port into a temporary blocked state. The Transit node remembers which port has been temporarily blocked and places it into a pre- forwarding state.
FRRP groups. Switch R3 has two instances of FRRP running on it: one for each ring. The example topology that follows shows R3 assuming the role of a Transit node for both FRRP 101 and FRRP 202. Figure 38. Example of Multiple Rings Connected by Single Switch Important FRRP Points FRRP provides a convergence time that can generally range between 150ms and 1500ms for Layer 2 networks. The Master node originates a high-speed frame that circulates around the ring.
• One Master node per ring — all other nodes are Transit. • Each node has two member interfaces — primary and secondary. • There is no limit to the number of nodes on a ring. • Master node ring port states — blocking, pre-forwarding, forwarding, and disabled. • Transit node ring port states — blocking, pre-forwarding, forwarding, and disabled. • STP disabled on ring interfaces. • Master node secondary port is in blocking state during Normal operation.
Concept Explanation • Ring Status Dead Interval — The interval when data traffic is blocked on a port. The default is three times the Hello interval rate. The dead interval is configurable in 50 ms increments from 50 ms to 6000 ms. The state of the FRRP ring. During initialization/configuration, the default ring status is Ring-down (disabled). The Primary and Secondary interfaces, control VLAN, and Master and Transit node information must be configured for the ring to be up.
FRRP Configuration These are the tasks to configure FRRP. • Creating the FRRP Group • Configuring the Control VLAN • • Configure Primary and Secondary ports Configuring and Adding the Member VLANs • Configure Primary and Secondary ports Other FRRP related commands are: • Clearing the FRRP Counters • Viewing the FRRP Configuration • Viewing the FRRP Information Creating the FRRP Group Create the FRRP group on each switch in the ring. To create the FRRP group, use the command.
To create the control VLAN for this FRRP group, use the following commands on the switch that is to act as the Master node. 1 Create a VLAN with this ID number. CONFIGURATION mode. interface vlan vlan-id VLAN ID: from 1 to 4094. 2 Tag the specified interface or range of interfaces to this VLAN. CONFIG-INT-VLAN mode. tagged interface {range} Interface: 3 • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/ subport information.
• All VLANS must be in Layer 2 mode. • Tag control VLAN ports. Member VLAN ports, except the Primary/Secondary interface, can be tagged or untagged. • The control VLAN must be the same for all nodes on the ring. To create the Members VLANs for this FRRP group, use the following commands on all of the Transit switches in the ring. 1 Create a VLAN with this ID number. CONFIGURATION mode. interface vlan vlan-id VLAN ID: the range is from 1 to 4094.
Setting the FRRP Timers To set the FRRP timers, use the following command. NOTE: Set the Dead-Interval time 3 times the Hello-Interval. • Enter the desired intervals for Hello-Interval or Dead-Interval times. CONFIG-FRRP mode. timer {hello-interval|dead-interval} milliseconds • Hello-Interval: the range is from 50 to 2000, in increments of 50 (default is 500). • Dead-Interval: the range is from 50 to 6000, in increments of 50 (default is 1500).
Ring ID: the range is from 1 to 255. Show the state of all FRRP groups. • EXEC or EXEC PRIVELEGED mode. show frrp summary Ring ID: the range is from 1 to 255. Troubleshooting FRRP To troubleshoot FRRP, use the following information. Configuration Checks • • • • • • Each Control Ring must use a unique VLAN ID. Only two interfaces on a switch can be Members of the same control VLAN. There can be only one Master node for any FRRP group. You can configure FRRP on Layer 2 interfaces only.
protocol frrp 101 interface primary TenGigabitEthernet 1/24/1 secondary TenGigabitEthernet 1/31/1 control-vlan 101 member-vlan 201 mode master no disable Example of R2 TRANSIT interface TenGigabitEthernet 1/14/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/11/1 no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged TenGigabitEthernet 1/14/1,11/1 no shutdown ! interface Vlan 201 no ip address tagged TenGigabitEthernet 1/14/1,11/1 no shutdown ! protocol frrp 10
mode transit no disable Force10 Resilient Ring Protocol (FRRP) 375
17 GARP VLAN Registration Protocol (GVRP) The generic attribute registration protocol (GARP) VLAN registration protocol (GVRP), defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches. GVRP-compliant switches use GARP to register and de-register attribute values, such as VLAN IDs, with each other.
% Error: PVST running. Cannot enable GVRP. % Error: MSTP running. Cannot enable GVRP.
Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example, GVRP is configured on VLAN trunk ports. Figure 39.
Related Configuration Tasks • Configure GVRP Registration • Configure a GARP Timer Enabling GVRP Globally To configure GVRP globally, use the following command. • Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp Dell(config-gvrp)#no disable Dell(config-gvrp)#show config ! protocol gvrp no disable Dell(config-gvrp)# To inspect the global configuration, use the show gvrp brief command.
Configure GVRP Registration Configure GVRP registration. There are two GVRP registration modes: • Fixed Registration Mode — figuring a port in fixed registration mode allows for manual creation and registration of VLANs, prevents VLAN deregistration, and registers all VLANs known on other ports on the port. For example, if an interface is statically configured via the CLI to belong to a VLAN, it should not be unconfigured when it receives a Leave PDU.
Example of the garp timer Command Dell(conf)#garp timer leav 1000 Dell(conf)#garp timers leave-all 5000 Dell(conf)#garp timer join 300 Verification: Dell(conf)#do show garp timer GARP Timers Value (milliseconds) ---------------------------------------Join Timer 300 Leave Timer 1000 LeaveAll Timer 5000 Dell(conf)# Dell Networking OS displays this message if an attempt is made to configure an invalid GARP timer: Dell(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer.
18 Internet Group Management Protocol (IGMP) Internet group management protocol (IGMP) is a Layer 3 multicast protocol that hosts use to join or leave a multicast group. Multicast is premised on identifying many hosts by a single destination IP address; hosts represented by the same IP address are a multicast group. Multicast routing protocols (such as protocol-independent multicast [PIM]) use the information in IGMP messages to discover which groups are active and to populate the multicast routing table.
IGMP Protocol Overview IGMP has three versions. Version 3 obsoletes and is backwards-compatible with version 2; version 2 obsoletes version 1. IGMP Version 2 IGMP version 2 improves on version 1 by specifying IGMP Leave messages, which allows hosts to notify routers that they no longer care about traffic for a particular group. Leave messages reduce the amount of time that the router takes to stop forwarding traffic for a group to a subnet (leave latency) after the last host leaves the group.
Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. Responding to an IGMP Query The following describes how a host can join a multicast group. 1 One router on a subnet is elected as the querier. The querier periodically multicasts (to all-multicastsystems address 224.0.0.1) a general query to all hosts on the subnet.
are sent to the all IGMP version 3-capable multicast routers address 244.0.0.22, as shown in the second illustration. Figure 41. IGMP Version 3 Packet Structure Figure 42. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. 1 The first unsolicited report from the host indicates that it wants to receive traffic for group 224.1.1.1.
cannot record the include request. There are no other interested hosts, so the request is recorded. At this point, the multicast routing protocol prunes the tree to all but the specified sources. 3 The host’s third message indicates that it is only interested in traffic from sources 10.11.1.1 and 10.11.1.2. Because this request again prevents all other sources from reaching the subnet, the router sends another group-and-source query so that it can satisfy all other hosts.
Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to groupand-specific and general queries. 1 Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 are no longer necessary.
Configure IGMP Configuring IGMP is a two-step process. 1 Enable multicast routing using the ip multicast-routing command. 2 Enable a multicast routing protocol.
Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version 3. To switch to version 3, use the following command. • Switch to a different IGMP version.
Adjusting Timers The following sections describe viewing and adjusting timers. To view the current value of all IGMP timers, use the following command. • View the current value of all IGMP timers. EXEC Privilege mode show ip igmp interface For more information, refer to the example shown in Viewing IGMP Enabled Interfaces. Adjusting Query and Response Timers The querier periodically sends a general query to discover which multicast groups are active. A group must have at least one host to be active.
Enabling IGMP Immediate-Leave If the querier does not receive a response to a group-specific or group-and-source query, it sends another (querier robustness value). Then, after no response, it removes the group from the outgoing interface for the subnet. IGMP immediate leave reduces leave latency by enabling a router to immediately delete the group membership on an interface after receiving a Leave message (it does not send any group-specific or groupand-source queries before deleting the entry).
Configuring IGMP Snooping Configuring IGMP snooping is a one-step process. To enable, view, or disable IGMP snooping, use the following commands. There is no specific configuration needed for IGMP snooping with virtual link trunking (VLT). For information about VLT configurations, refer to Virtual Link Trunking (VLT). • Enable IGMP snooping on a switch. CONFIGURATION mode ip igmp snooping enable View the configuration. • CONFIGURATION mode show running-config Disable snooping on a VLAN.
interface Vlan 100 no ip address ip igmp snooping fast-leave shutdown Dell(conf-if-vl-100)# Disabling Multicast Flooding If the switch receives a multicast packet that has an IP address of a group it has not learned (unregistered frame), the switch floods that packet out of all ports on the VLAN. When you configure the no ip igmp snooping flood command, the system drops the packets immediately. The system does not forward the frames on mrouter ports, even if they are present.
IGMP snooping querier does not start if there is a statically configured multicast router interface in the VLAN. The switch may lose the querier election if it does not have the lowest IP address of all potential queriers on the subnet. When enabled, IGMP snooping querier starts after one query interval in case no IGMP general query (with IP SA lower than its VLAN IP address) is received on any of its VLAN members.
management route command. The management default route can be either configured statically or returned dynamically by the DHCP client. A static route points to the management interface or a forwarding router. Transit traffic (destination IP not configured in the switch) that is received on the front-end port with destination on the management port is dropped and received in the management port with destination on the front-end port is dropped.
Application Name Port Number Client DNS 53 Supported FTP 20/21 Supported Syslog 514 Supported Telnet 23 Supported TFTP 69 Supported Radius 1812,1813 Supported Tacacs 49 Supported HTTP 80 for httpd Server Supported Supported Supported 443 for secure httpd 8008 HTTP server port for confd application 8888 secure HTTP server port for confd application If you configure a source interface is for any EIS management application, EIS might not coexist with that interface and the behavio
When the feature is enabled using the management egress-interface-selection command, the following events are performed: • The CLI prompt changes to the EIS mode. • In this mode, you can run the application and no application commands • Applications can be configured or unconfigured as management applications using the application or no application command. All configured applications are considered as management applications and the rest of them as non-management applications.
• Any management static route newly added using the management route CLI is installed to both the management EIS routing table and default routing table. • As per existing behavior, for routes in the default routing table, conflicting front-end port routes if configured has higher precedence over management routes. So there can be scenarios where the same management route is present in the EIS routing table but not in the default routing table.
• For the clear arp-cache command, upon receiving the ARP delete request, the route corresponding to the destination IP is identified. The ARP entries learned in the management EIS routing table are also cleared. • Therefore, a separate control over clearing the ARP entries learned via routes in the EIS table is not present. If the ARP entry for a destination is cleared in the default routing table, then if an ARP entry for the destination exists in the EIS table, that entry is also cleared.
• Packets received on the front-end port with destination on the management port is dropped. • A separate drop counter is incremented for this case. This counter is viewed using the netstat command, like all other IP layer counters. Consider a scenario in which ip1 is an address assigned to the management port and ip2 is an address assigned to any of the front panel port of a switch. End users on the management and front panel port networks are connected.
This phenomenon occurs where traffic is transiting the switch. Traffic has not originated from the switch and is not terminating on the switch. • Drop the packets that are received on the front-end data port with destination on the management port. • Drop the packets that received on the management port with destination as the front-end data port. Switch-Destined Traffic This phenomenon occurs where traffic is terminated on the switch.
Table 35.
If source IP address does not match the management port IP address route lookup is done in the default routing table. Default Behavior: Route lookup is done in the default routing table and appropriate egress port is selected. Table 36.
sFlow management application is supported only in standalone boxes and switch shall throw error message if sFlow is configured in stacking environment Designating a Multicast Router Interface To designate an interface as a multicast router interface, use the following command. Dell Networking OS also has the capability of listening in on the incoming IGMP general queries and designate those interfaces as the multicast router interface when the frames have a non-zero IP source address.
19 Interfaces This chapter describes interface types, both physical and logical, and how to configure them with Dell Networking Operating System (OS). The system supports 10 Gigabit Ethernet and 40 Gigabit Ethernet interfaces. NOTE: Only Dell-qualified optics are supported on these interfaces. Non-Dell 40G optics are set to errordisabled state.
• Interface Types • View Basic Interface Information • Resetting an Interface to its Factory Default State • Enabling a Physical Interface • Physical Interfaces • Egress Interface Selection (EIS) • Management Interfaces • VLAN Interfaces • Loopback Interfaces • Null Interfaces • Port Channel Interfaces • Bulk Configuration • Defining Interface Range Macros • Monitoring and Maintaining Interfaces • Splitting 40G Ports without Reload • Splitting QSFP Ports to SFP+ Ports • Conv
Interface Type Modes Possible Default Mode Requires Creation Default State VLAN L2, L3 L2 Yes (except default) L2 - Shutdown (disabled) L3 - No Shutdown (enabled) View Basic Interface Information To view basic interface information, use the following command. You have several options for viewing interface status and configuration parameters. • Lists all configurable interfaces on the chassis.
Output Statistics: 0 packets, 0 bytes, 0 underruns 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 throttles, 0 discarded, 0 collisions, 0 wreddrops Rate info (interval 299 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.
Resetting an Interface to its Factory Default State You can reset the configurations applied on an interface to its factory default state. To reset the configuration, perform the following steps: 1 View the configurations applied on an interface. INTERFACE mode show config Dell(conf-if-te-1/5/1)#show config ! interface TenGigabitEthernet 1/5/1 no ip address portmode hybrid switchport rate-interval 8 mac learning-limit 10 no-station-move no shutdown 2 Reset an interface to its factory default state.
interface interface 2 • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/ subport information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Enable the interface. INTERFACE mode no shutdown To confirm that the interface is enabled, use the show config command in INTERFACE mode. To leave INTERFACE mode, use the exit command or end command. You cannot delete a physical interface.
You can use the speed command only to configure on the management optic ports alone. Without any optic, if you configure the speed, the configuration is assigned as the port speed to support Provisioning through BMP. User viewable Logs: Logs for optic insertion and removal are same as QSFP optics. You can use the show inventory media command to check the optic type and the show interface transceiver command to view the optic properties.
Type of Interface Possible Modes Requires Creation Default State VLAN Layer 2 Yes, except for the default VLAN. No shutdown (active for Layer 2) Layer 3 Shutdown (disabled for Layer 3 ) Configuring Layer 2 (Data Link) Mode Do not configure switching or Layer 2 protocols such as spanning tree protocol (STP) on an interface unless the interface has been set to Layer 2 mode. To set Layer 2 data transmissions through an individual interface, use the following command.
by the shutdown command. One of the interfaces in the system must be in Layer 3 mode before you configure or enter a Layer 3 protocol mode (for example, OSPF). • Enable Layer 3 on an individual interface INTERFACE mode • ip address ip-address Enable the interface. INTERFACE mode no shutdown Example of Error Due to Issuing a Layer 3 Command on a Layer 2 Interface If an interface is in the incorrect layer mode for a given command, an error message is displayed (shown in bold).
To view IP information on an interface in Layer 3 mode, use the show ip interface command in EXEC Privilege mode. Dell>show ip int vlan 58 Vlan 58 is up, line protocol is up Internet address is 1.1.49.1/24 Broadcast address is 1.1.49.
management egress-interface-selection 2 Configure which applications uses EIS. EIS mode application {all | application-type} NOTE: If you configure SNMP as the management application for EIS and you add a default management route, when you perform an SNMP walk and check the debugging logs for the source and destination IPs, the SNMP agent uses the destination address of incoming SNMP packets as the source address for outgoing SNMP responses for security.
the management interface is the primary address. If deleted, you must re-add it; the secondary address is not promoted. The following rules apply to having two IPv6 addresses on a management interface: • • IPv6 addresses on a single management interface cannot be in the same subnet. IPv6 secondary addresses on management interfaces: • across a platform must be in the same subnet. • must not match the virtual IP address and must not be in the same subnet as the virtual IP.
• virtual-ip is a CONFIGURATION mode command. • When applied, the management port on the primary RPM assumes the virtual IP address. Executing the show interfaces and show ip interface brief commands on the primary RPM management interface displays the virtual IP address and not the actual IP address assigned on that interface. • A duplicate IP address message is printed for the management port’s virtual IP address on an RPM failover.
Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is 10.11.131.254 to network 0.0.0.0 Destination ----------*S 0.0.0.0/0 C 10.11.130.
! ip ospf hello-interval 15 no shutdown Loopback Interfaces A Loopback interface is a virtual interface in which the software emulates an interface. Packets routed to it are processed locally. Because this interface is not a physical interface, you can configure routing protocols on this interface to provide protocol stability. You can place Loopback interfaces in default Layer 3 mode. To configure, view, or delete a Loopback interface, use the following commands.
Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad. This section covers the following topics: • Port Channel Definition and Standards • Port Channel Benefits • Port Channel Implementation • Configuration Tasks for Port Channel Interfaces Port Channel Definition and Standards Link aggregation is defined by IEEE 802.
Member ports of a LAG are added and programmed into the hardware in a predictable order based on the port ID, instead of in the order in which the ports come up. With this implementation, load balancing yields predictable results across device reloads. A physical interface can belong to only one port channel at a time. Each port channel must contain interfaces of the same interface type/speed. Port channels can contain a mix of 1G/10G/40G.
• Configuring the Minimum Oper Up Links in a Port Channel (optional) • Adding or Removing a Port Channel from a VLAN (optional) • Assigning an IP Address to a Port Channel (optional) • Deleting or Disabling a Port Channel (optional) • Load Balancing Through Port Channels (optional) Creating a Port Channel You can create up to 4096 port channels with up to 16 port members per group on the platform. To configure a port channel, use the following commands. 1 Create a port channel.
To view the interface’s configuration, enter INTERFACE mode for that interface and use the show config command or from EXEC Privilege mode, use the show running-config interface interface command. When an interface is added to a port channel, Dell Networking OS recalculates the hash algorithm. To add a physical interface to a port, use the following commands. 1 Add the interface to a port channel.
Input 00.01Mbits/sec, 2 packets/sec Output 81.60Mbits/sec, 133658 packets/sec Time since last interface status change: 04:31:57 Dell> When more than one interface is added to a Layer 2-port channel, Dell Networking OS selects one of the active interfaces in the port channel to be the primary port. The primary port replies to flooding and sends protocol data units (PDUs). An asterisk in the show interfaces port-channel brief command indicates the primary port.
interface Port-channel 4 no ip address channel-member TenGigabitEthernet 1/8/1 no shutdown Dell(conf-if-po-4)#no chann tengi 1/8/1 Dell(conf-if-po-4)#int port 3 Dell(conf-if-po-3)#channel tengi 1/8/1 Dell(conf-if-po-3)#sho conf ! interface Port-channel 3 no ip address channel-member TenGigabitEthernet 1/8/1 shutdown Dell(conf-if-po-3)# Configuring the Minimum Oper Up Links in a Port Channel You can configure the minimum links in a port channel (LAG) that must be in “oper up” status to consider the port cha
INTERFACE VLAN mode untagged port-channel id number An interface without tagging enabled can belong to only one VLAN. Remove the port channel with tagging enabled from the VLAN. • INTERFACE VLAN mode no tagged port-channel id number or no untagged port-channel id number Identify which port channels are members of VLANs.
Assigning an IP Address to a Port Channel You can assign an IP address to a port channel and use port channels in Layer 3 routing protocols. To assign an IP address, use the following command. • Configure an IP address and mask on the interface. INTERFACE mode ip address ip-address mask [secondary] • ip-address mask: enter an address in dotted-decimal format (A.B.C.D). The mask must be in slash format (/24). • secondary: the IP address is the interface’s backup IP address.
Changing the Hash Algorithm The load-balance command selects the hash criteria applied to port channels. If you do not obtain even distribution with the load-balance command, you can use the hash-algorithm command to select the hash scheme for LAG, ECMP and NH-ECMP. You can rotate or shift the 12–bit Lag Hash until the desired hash is achieved. The nh-ecmp option allows you to change the hash value for recursive ECMP routes independently of nonrecursive ECMP routes.
• crc32MSB — uses MSB 16 bits of computed CRC32(default) • crc-upper — uses the upper 32 bits of the hash key to compute the egress port. • dest-ip — uses destination IP address as part of the hash key. • lsb — uses the least significant bit of the hash key to compute the egress port.
address-table static multicast-mac-address vlan vlan-id output-range interface command. Bulk Configuration Examples Use the interface range command for bulk configuration. • Create a Single-Range • Create a Multiple-Range • Exclude Duplicate Entries • Exclude a Smaller Port Range • Overlap Port Ranges • Commas • Add Ranges Create a Single-Range The following is an example of a single range.
Overlap Port Ranges The following is an example showing how the interface-range prompt extends a port range from the smallest start port number to the largest end port number when port ranges overlap. handles overlapping port ranges.
Choosing an Interface-Range Macro To use an interface-range macro, use the following command. • Selects the interfaces range to be configured using the values saved in a named interface-range macro. CONFIGURATION mode interface range macro name Example of Using a Macro to Change the Interface Range Configuration Mode The following example shows how to change to the interface-range configuration mode using the interfacerange macro named “test.
Traffic statistics: Current Input bytes: 0 Output bytes: 0 Input packets: 0 Output packets: 0 64B packets: 0 Over 64B packets: 0 Over 127B packets: 0 Over 255B packets: 0 Over 511B packets: 0 Over 1023B packets: 0 Error statistics: Input underruns: 0 Input giants: 0 Input throttles: 0 Input CRC: 0 Input IP checksum: 0 Input overrun: 0 Output underruns: 0 Output throttles: 0 m l T q - Change mode Page up Increase refresh interval Quit Rate 0 Bps 0 Bps 0 pps 0 pps 0 pps 0 pps 0 pps 0 pps 0 pps 0 pps 0 0 0
EXEC Privilege mode show tdr tengigabitethernet slot/port/subport Splitting 40G Ports without Reload You can split 40G interfaces into 10G ports without reboot. You can also combine the split ports to create a 40G port without reload. • On a device, fan-out profile constructs automatically with default 24 ports (2,4,6,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,27,29,31) . These ports can be changed to 40G to 10G mode or vice-versa without reload.
i00:02:27: %S6000-ON:1 %IFAGT-5-INSERT_OPTICS_QSFP: Optics QSFP inserted in slot 1 port 24/4 Dell(conf)#stack-unit 1 port 24 portmode quad Port 24 quad mode enabled NOTE: Save and reload, after the setting takes effect. FTOS(conf)#stack-unit 1 port 4 portmode quad Port 4 quad mode enabled You can only split the 40G ports in the top row (odd numbered ports) on a 16X40G module. If you configure 4X10G on a 40G interface, the subsequent even numbered interface is removed and unavailable for use.
NOTE: When you split a 40G port (such as fo 1/4) into four 10G ports, the 40G interface configuration is still available in the startup configuration when you save the running configuration by using the write memory command. When a reload of the system occurs, the 40G interface configuration is not applicable because the 40G ports are split into four 10G ports after the reload operation. While the reload is in progress, you might see error messages when the configuration file is being loaded.
You can use QSFP optical cables (without a QSA) to split a 40 Gigabit port on a switch or a server into four 10 Gigabit ports. To split the ports, enable the fan-out mode. Similarly, you can enable the fan-out mode to configure the QSFP port on a device to act as an SFP or SFP+ port. As the QSA enables a QSFP or QSFP+ port to be used as an SFP or SFP+ port, Dell Networking OS does not immediately detect the QSA after you insert it into a QSFP port cage.
• • QSFP port 8 in fanned-out mode is plugged in with QSFP optical cables. QSFP port 12 in 40 G mode is plugged in with QSFP optical cables.
=================================== SFP 4/1 Rx Power measurement type =================================== SFP 4/1 Temp High Alarm threshold SFP 4/1 Voltage High Alarm threshold SFP 4/1 Bias High Alarm threshold = OMA = 0.000C = 0.000V = 0.000mA Link Dampening Interface state changes occur when interfaces are administratively brought up or down or if an interface state changes.
interface TenGigabitEthernet 1/1/1 ip address 10.10.19.1/24 dampening 1 2 3 4 no shutdown To view dampening information on all or specific dampened interfaces, use the show interfaces dampening command from EXEC Privilege mode.
Configure MTU Size on an Interface In Dell Networking OS, Maximum Transmission Unit (MTU) is defined as the entire Ethernet packet (Ethernet header + FCS + payload). The link MTU is the frame size of a packet, and the IP MTU size is used for IP fragmentation. If the system determines that the IP packet must be fragmented as it leaves the interface, Dell Networking OS divides the packet into fragments no bigger than the size set in the ip mtu command.
show link-bundle-distribution Using Ethernet Pause Frames for Flow Control Ethernet pause frames and threshold settings are supported on the Dell Networking OS. Ethernet Pause Frames allow for a temporary stop in data transmission. A situation may arise where a sending device may transmit data faster than a destination device can accept it. The destination sends a PAUSE frame back to the source, stopping the sender’s transmission for a period of time.
Enabling Pause Frames Enable Ethernet pause frames flow control on all ports on a chassis or a line card. If not, the system may exhibit unpredictable behavior. NOTE: Changes in the flow-control values may not be reflected automatically in the show interface output. As a workaround, apply the new settings, execute shut then no shut on the interface, and then check the running-config of the port. NOTE: If you disable rx flow control, Dell Networking recommends rebooting the system.
The following table lists the various Layer 2 overheads found in the Dell Networking OS and the number of bytes. Table 39. Layer 2 Overhead Layer 2 Overhead Difference Between Link MTU and IP MTU Ethernet (untagged) 18 bytes VLAN Tag 22 bytes Untagged Packet with VLAN-Stack Header 22 bytes Tagged Packet with VLAN-Stack Header 26 bytes Link MTU and IP MTU considerations for port channels and VLANs are as follows.
Auto-Negotiation on Ethernet Interfaces By default, auto-negotiation of speed and duplex mode is enabled on 10/100/1000 Base-T Ethernet interfaces. Only 10GE interfaces do not support auto-negotiation. When using 10GE interfaces, verify that the settings on the connecting devices are set to no auto-negotiation. NOTE: When you use a copper SFP2 module with catalog number GP-SFP2-1T in the S25P model, you can manually set its speed with the speed command.
CONFIGURATION mode interface interface-type 5 Set the local port speed. INTERFACE mode speed {10 | 100 | 1000 | 10000 | auto} NOTE: If you use an active optical cable (AOC), you can convert the QSFP+ port to a 10 Gigabit SFP + port or 1 Gigabit SFP port. You can use the speed command to enable the required speed. 6 Optionally, set full- or half-duplex. INTERFACE mode duplex {half | full} 7 Disable auto-negotiation on the port.
no ip address speed 100 duplex full no shutdown Set Auto-Negotiation Options The negotiation auto command provides a mode option for configuring an individual port to forced master/ forced slave once auto-negotiation is enabled. CAUTION: Ensure that only one end of the node is configured as forced-master and the other is configured as forced-slave.
View Advanced Interface Information The following options have been implemented for the show [ip | running-config] interfaces commands for (only) stack-unit interfaces. When you use the configured keyword, only interfaces that have non-default configurations are displayed. Dummy stack-unit interfaces (created with the stack-unit command) are treated like any other physical interface.
The following example shows how to configure rate interval when changing the default value. To configure the number of seconds of traffic statistics to display in the show interfaces output, use the following command. • Configure the number of seconds of traffic statistics to display in the show interfaces output. INTERFACE mode rate-interval Example of the rate-interval Command The bold lines shows the default value of 299 seconds, the change-rate interval of 100, and the new rate interval set to 100.
Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 1d23h42m Dynamic Counters By default, counting is enabled for IPFLOW, IPACL, L2ACL, L2FIB. For the remaining applications, Dell Networking OS automatically turns on counting when you enable the application, and is turned off when you disable the application.
• For a port channel interface, enter the keywords port-channel then a number. • For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. • (OPTIONAL) To clear statistics for all VRRP groups configured, enter the keyword vrrp. Enter a number from 1 to 255 as the vrid. • (OPTIONAL) To clear unknown source address (SA) drop counters when you configure the MAC learning limit on the interface, enter the keywords learning-limit.
no ip address no ip address no ip address no ip address no ip address switchport shut shut shut shut shut ip address 2.1.1.
! no shutdown interface Vlan 2 ! no ip address no shutdown Compressed config size – 27 lines. ! interface Vlan 3 tagged te 1/1/1 no ip address shutdown ! interface Vlan 4 tagged te 1/1/1 no ip address shutdown ! interface Vlan 5 tagged te 1/1/1 no ip address shutdown ! interface Vlan 100 no ip address no shutdown ! interface Vlan 1000 ip address 1.1.1.
The write memory compressed CLI will write the operating configuration to the startup-config file in the compressed mode. In stacking scenario, it will also take care of syncing it to all the standby and member units.
20 IPv4 Routing The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS.
• Enabling ICMP Unreachable Messages • UDP Helper • Enabling UDP Helper • Configuring a Broadcast Address • Configurations Using UDP Helper • UDP Helper with Broadcast-All Addresses • UDP Helper with Subnet Broadcast Addresses • UDP Helper with Configured Broadcast Addresses • UDP Helper with No Configured Broadcast Addresses • Troubleshooting UDP Helper IP Addresses Dell Networking OS supports IP version 4 (as described in RFC 791), classful routing, and variable length subnet masks (VL
For a complete listing of all commands related to IP addressing, refer to the Dell Networking OS Command Line Interface Reference Guide. Assigning IP Addresses to an Interface Assign primary and secondary IP addresses to physical or logical (for example, [virtual local area network [VLAN] or port channel) interfaces to enable IP communication between the system and hosts connected to that interface. You can assign one primary address and up to 255 secondary IP addresses to each interface.
Configuring Static Routes A static route is an IP address that you manually configure and that the routing protocol does not learn, such as open shortest path first (OSPF). Often, static routes are used as backup routes in case other dynamically learned routes are unreachable. You can enter as many static IP addresses as necessary. To configure a static route, use the following command. • Configure a static IP address.
S 6.1.2.17/32 S 11.1.1.0/24 Direct, Lo 0 --More-- via 6.1.20.2, Te 5/1/1 Direct, Nu 0 1/0 0/0 00:02:30 00:02:30 Dell Networking OS installs a next hop that is on the directly connected subnet of current IP address on the interface. Dell Networking OS also installs a next hop that is not on the directly connected subnet but which recursively resolves to a next hop on the interface's configured subnet. • When the interface goes down, Dell Networking OS withdraws the route.
such cases, you can configure Internet Control Message Protocol (ICMP) unreachable messages to be sent to the transmitting device. Configuring the ICMP Source Interface You can enable the ICMP error and unreachable messages to contain the configured IP address of the source device instead of the previous hop's IP address.
EXEC mode Dell>show ip tcp reduced-syn-ack-wait Enabling Directed Broadcast By default, Dell Networking OS drops directed broadcast packets destined for an interface. This default setting provides some protection against denial of service (DoS) attacks. To enable Dell Networking OS to receive directed broadcasts, use the following command. • Enable directed broadcast. INTERFACE mode ip directed-broadcast To view the configuration, use the show config command in INTERFACE mode.
• ip domain-lookup Specify up to six name servers. CONFIGURATION mode ip name-server ip-address [ip-address2 ... ip-address6] The order you entered the servers determines the order of their use. Example of the show hosts Command To view current bindings, use the show hosts command. Dell>show host Default domain is force10networks.com Name/address lookup uses domain service Name servers are not set Host Flags TTL Type Address -------- ----- ------- ------ks (perm, OK) - IP 2.2.2.
Configuring DNS with Traceroute To configure your switch to perform DNS with traceroute, use the following commands. • Enable dynamic resolution of host names. CONFIGURATION mode • ip domain-lookup Specify up to six name servers. CONFIGURATION mode ip name-server ip-address [ip-address2 ... ip-address6] • The order you entered the servers determines the order of their use.
IP address. This table is called the ARP Cache and dynamically learned addresses are removed after a defined period of time. For more information about ARP, refer to RFC 826, An Ethernet Address Resolution Protocol. In Dell Networking OS, Proxy ARP enables hosts with knowledge of the network to accept and forward packets from hosts that contain no knowledge of the network. Proxy ARP makes it possible for hosts to be ignorant of the network, including subnetting.
To view the static entries in the ARP cache, use the show arp static command in EXEC privilege mode. Dell#show arp Protocol Address Age(min) Hardware Address Interface VLAN CPU -------------------------------------------------------------------------------Internet 10.1.2.4 17 08:00:20:b7:bd:32 Ma 1/1 CP Dell# Enabling Proxy ARP By default, Proxy ARP is enabled. To disable Proxy ARP, use the no proxy-arp command in the interface mode. To re-enable Proxy ARP, use the following command.
ARP Learning via Gratuitous ARP Gratuitous ARP can mean an ARP request or reply. In the context of ARP learning via gratuitous ARP on Dell Networking OS, the gratuitous ARP is a request.
ARP Learning via ARP Request In Dell Networking OS versions prior to 8.3.1.0, Dell Networking OS learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface. This is the case when a host is attempting to resolve the gateway address. If the target IP does not match the incoming interface, the packet is dropped. If there is an existing entry for the requesting host, it is updated. Figure 45.
Configuring ARP Retries You can configure the number of ARP retries. The default backoff interval remains at 20 seconds. To set and display ARP retries, use the following commands. • Set the number of ARP retries. CONFIGURATION mode arp retries number The default is 5. The range is from 1 to 20. Set the exponential timer for resending unresolved ARPs. • CONFIGURATION mode arp backoff-time The default is 30. The range is from 1 to 3600. Display all ARP entries learned via gratuitous ARP.
Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are disabled. When enabled, ICMP unreachable messages are created and sent out all interfaces. To disable and re-enable ICMP unreachable messages, use the following commands. • To disable ICMP unreachable messages. INTERFACE mode no ip unreachable Set Dell Networking OS to create and send ICMP unreachable messages on the interface.
Enabling UDP Helper To enable UDP helper, use the following command. • Enable UPD helper. ip udp-helper udp-ports Example of Enabling UDP Helper and Using the UDP Helper show Command Dell(conf-if-te-1/1/1)#ip udp-helper udp-port 1000 Dell(conf-if-te-1/1/1)#show config ! interface TenGigabitEthernet 1/1/1 ip address 2.1.1.1/24 ip udp-helper udp-port 1000 no shutdown To view the interfaces and ports on which you enabled UDP helper, use the show ip udp-helper command from EXEC Privilege mode.
Last clearing of "show interface" counters 00:07:44 Queueing strategy: fifo Input Statistics: 0 packets, 0 bytes Time since last interface status change: 00:07:44 Configurations Using UDP Helper When you enable UDP helper and the destination IP address of an incoming packet is a broadcast address, Dell Networking OS suppresses the destination address of the packet. The following sections describe various configurations that employ UDP helper to direct broadcasts.
3 Packet 2 is also forwarded to the ingress interface with an unchanged destination address because it does not have broadcast address configured. Figure 47. UDP Helper with Broadcast-All Addresses UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matches the subnet broadcast address of any interface, the system changes the address to the configured broadcast address and sends it to matching interface.
UDP Helper with Configured Broadcast Addresses Incoming packets with a destination IP address matching the configured broadcast address of any interface are forwarded to the matching interfaces. In the following illustration, Packet 1 has a destination IP address that matches the configured broadcast address of VLAN 100 and 101. If you enabled UDP helper and the UDP port number matches, the packet is flooded on both VLANs with an unchanged destination address. Packet 2 is sent from a host on VLAN 101.
Troubleshooting UDP Helper To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug ip udp-helper 01:20:22: Pkt rcvd on Te 5/1/1 with IP DA (0xffffffff) will be sent on Te 5/1/2 Te 5/1/3 Vlan 3 01:44:54: Pkt rcvd on Te 7/1/1 is handed over for DHCP processing. When using the IP helper and UDP helper on the same interface, use the debug ip dhcp command. Example Output from the debug ip dhcp Command Packet 0.0.0.
21 IPv6 Routing Internet protocol version 6 (IPv6) routing is the successor to IPv4. Due to the rapid growth in internet users and IP addresses, IPv4 is reaching its maximum usage. IPv6 will eventually replace IPv4 usage to allow for the constant expansion. This chapter provides a brief description of the differences between IPv4 and IPv6, and the Dell Networking support of IPv6. This chapter is not intended to be a comprehensive description of IPv6.
Extended Address Space The address format is extended from 32 bits to 128 bits. This not only provides room for all anticipated needs, it allows for the use of a hierarchical address space structure to optimize global addressing. Stateless Autoconfiguration When a booting device comes up in IPv6 and asks for its network prefix, the device can get the prefix (or prefixes) from an IPv6 router on its link.
IPv6 Headers The IPv6 header has a fixed length of 40 bytes. This fixed length provides 16 bytes each for source and destination information and 8 bytes for general header information. The IPv6 header includes the following fields: • • • • • • • • Version (4 bits) Traffic Class (8 bits) Flow Label (20 bits) Payload Length (16 bits) Next Header (8 bits) Hop Limit (8 bits) Source Address (128 bits) Destination Address (128 bits) IPv6 provides for extension headers.
The longest prefix match (LPM) table on the system supports different types of prefixes for IPv6 and IPv4. The route table, also called the LPM table, is divided into the following three logical tables: 1 IPv4 32-bit LPM table (Holds IPv4 Prefixes) 2 IPv6 64-bit LPM table (Holds IPv6 Prefixes less than /65 Prefix Length) 3 IPv6 128-bit LPM table (Holds IPv6 Prefixes greater than /64 Prefix Length) The LPM table, which is 8K in size, is a dedicated table.
Version (4 bits) The Version field always contains the number 6, referring to the packet’s IP version. Traffic Class (8 bits) The Traffic Class field deals with any data that needs special handling. These bits define the packet priority and are defined by the packet Source. Sending and forwarding routers use this field to identify different IPv6 classes and priorities. Routers understand the priority settings and handle them appropriately during conditions of congestion.
Value Description 59 No Next Header 60 Destinations option header NOTE: This table is not a comprehensive list of Next Header field values. For a complete and current listing, refer to the Internet Assigned Numbers Authority (IANA) web page at . Hop Limit (8 bits) The Hop Limit field shows the number of hops remaining for packet processing. In IPv4, this is known as the Time to Live (TTL) field and uses seconds rather than hops.
The Hop-by-Hop Options header contains: • Next Header (1 byte) This field identifies the type of header following the Hop-by-Hop Options header and uses the same values. • Header Extension Length (1 byte) This field identifies the length of the Hop-by-Hop Options header in 8-byte units, but does not include the first 8 bytes. Consequently, if the header is less than 8 bytes, the value is 0 (zero). • Options (size varies) This field can contain one or more options.
IPv6 networks are written using classless inter-domain routing (CIDR) notation. An IPv6 network (or subnet) is a contiguous group of IPv6 addresses the size of which must be a power of two; the initial bits of addresses, which are identical for all hosts in the network, are called the network's prefix. A network is denoted by the first address in the network and the size in bits of the prefix (in decimal), separated with a slash.
Table 41. Dell Networking OS versions and supported platforms with IPv6 support Feature and Functionality Documentation and Chapter Location Basic IPv6 Commands IPv6 Basic Commands in the Dell Networking OS Command Line Interface Reference Guide.
Feature and Functionality Documentation and Chapter Location IPv6 IS-IS in the Dell Networking OS Command Line Reference Guide. ISIS for IPv6 support for distribute lists and administrative distance OSPF for IPv6 (OSPFv3) Intermediate System to Intermediate System IPv6 IS-IS in the Dell Networking OS Command Line Reference Guide. OSPFv3 in the Dell Networking OS Command Line Reference Guide.
Feature and Functionality Documentation and Chapter Location MLDv1/v2 IPv6 PIM in the Dell Networking OS Command Line Reference Guide. ICMPv6 ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting. The Dell Networking OS implementation of ICMPv6 is based on RFC 4443.
The recommended MTU for IPv6 is 1280. Greater MTU settings increase processing efficiency because each packet carries more data while protocol overheads (for example, headers) or underlying per-packet delays remain fixed. Figure 51. Path MTU Discovery Process IPv6 Neighbor Discovery The IPv6 neighbor discovery protocol (NDP) is a top-level protocol for neighbor discovery on an IPv6 network.
a multicast address with the unicast address used as the last 24 bits. Other hosts on the link do not participate in the process, greatly increasing network bandwidth efficiency. Figure 52. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers. It does not set the actual MTU rate.
• link local addresses • loopback addresses • prefix addresses • multicast addresses • invalid host addresses If you specify this information in the IPv6 RDNSS configuration, a DNS error is displayed. Example for Configuring an IPv6 Recursive DNS Server The following example configures a RDNNS server with an IPv6 address of 1000::1 and a lifetime of 1 second.
Displaying IPv6 RDNSS Information To display IPv6 interface information, including IPv6 RDNSS information, use the show ipv6 interface command in EXEC or EXEC Privilege mode. Examples of Displaying IPv6 RDNSS Information The following example displays IPv6 RDNSS information. The output in the last 3 lines indicates that the IPv6 RDNSS was correctly configured on interface te 1/1/1.
Secure Shell (SSH) Over an IPv6 Transport Dell Networking OS supports both inbound and outbound SSH sessions using IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide. Configuration Tasks for IPv6 The following are configuration tasks for the IPv6 protocol.
• Allocate space for IPV6 ACLs. Enter the CAM profile name then the allocated amount. CONFIGURATION mode cam-acl { ipv6acl } When not selecting the default option, enter all of the profiles listed and a range for each. The total space allocated must equal 13. • The ipv6acl range must be a factor of 2. Show the current CAM settings. EXEC mode or EXEC Privilege mode • show cam-acl Provides information on FP groups allocated for the egress acl.
NOTE: After you configure a static IPv6 route (the ipv6 route command) and configure the forwarding router’s address (specified in the ipv6 route command) on a neighbor’s interface, the IPv6 neighbor does not display in the show ipv6 route command output. • Set up IPv6 static routes. CONFIGURATION mode ipv6 route [vrf vrf-name] prefix interface-type slot/port [/subport] forwarding router tag • vrf vrf-name:(OPTIONAL) name of the VRF.
commands for IPv6 have been extended to support IPv6. For more information regarding SNMP commands, refer to the SNMP and SYSLOG chapters in the Dell Networking OS Command Line Interface Reference Guide. • snmp-server host • snmp-server user ipv6 • snmp-server community ipv6 • snmp-server community access-list-name ipv6 • snmp-server group ipv6 • snmp-server group access-list-name ipv6 Displaying IPv6 Information View specific IPv6 configuration with the following commands.
• For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/ subport information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. • For a Loopback interface, enter the keyword loopback then a number from 0 to 16383. • For a port channel interface, enter the keywords port-channel then a number. • For a VLAN interface, enter the keyword vlan then a number from 1 to 4094.
• To display information about Border Gateway Protocol (BGP) routes, enter bgp. • To display information about ISO IS-IS routes, enter isis. • To display information about Open Shortest Path First (OSPF) routes, enter ospf. • To display information about Routing Information Protocol (RIP), enter rip. • To display information about static IPv6 routes, enter static. • To display information about an IPv6 Prefix lists, enter list and the prefix-list name.
Showing the Running-Configuration for an Interface To view the configuration for any interface, use the following command. • Show the currently running configuration for the specified interface. EXEC mode show running-config interface type {slot/port[/subport]} Enter the keyword interface then the type of interface and slot/port information: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/ subport information.
Configuring IPv6 RA Guard The IPv6 Router Advertisement (RA) guard allows you to block or reject the unwanted router advertisement guard messages that arrive at the network device platform. To configure the IPv6 RA guard, perform the following steps: 1 Configure the terminal to enter the Global Configuration mode. EXEC Privilege mode configure terminal 2 Enable the IPv6 RA guard. CONFIGURATION mode ipv6 nd ra-guard enable 3 Create the policy.
POLICY LIST CONFIGURATION mode router-preference maximum {high | low | medium} 10 Set the router lifetime. POLICY LIST CONFIGURATION mode router—lifetime value The router lifetime range is from 0 to 9,000 seconds. 11 Apply the policy to trusted ports. POLICY LIST CONFIGURATION mode trusted-port 12 Set the maximum transmission unit (MTU) value. POLICY LIST CONFIGURATION mode mtu value 13 Set the advertised reachability time.
Configuring IPv6 RA Guard on an Interface To configure the IPv6 Router Advertisement (RA) guard on an interface, perform the following steps: 1 Configure the terminal to enter the Interface mode. CONFIGURATION mode interface interface-type slot/port[/subport] 2 Apply the IPv6 RA guard to a specific interface. INTERFACE mode ipv6 nd ra-guard attach policy policy-name [vlan [vlan 1, vland 2, vlan 3.....]] 3 Display the configurations applied on all the RA guard policies or a specific RA guard policy.
22 iSCSI Optimization This chapter describes how to configure internet small computer system interface (iSCSI) optimization, which enables quality-of-service (QoS) treatment for iSCSI traffic.
• Auto-detection of EqualLogic storage arrays — the switch detects any active EqualLogic array directly attached to its ports. • Manual configuration to detect Compellent storage arrays where auto-detection is not supported. • Automatic configuration of switch ports after detection of storage arrays. • If you configure flow-control, iSCSI uses the current configuration.
ensure that iSCSI traffic in these sessions receives priority treatment when forwarded on stacked switch hardware. Figure 53. iSCSI Optimization Example Monitoring iSCSI Traffic Flows The switch snoops iSCSI session-establishment and termination packets by installing classifier rules that trap iSCSI protocol packets to the CPU for examination. Devices that initiate iSCSI sessions usually use well-known TCP ports 3260 or 860 to contact targets.
Application of Quality of Service to iSCSI Traffic Flows You can configure iSCSI CoS mode. This mode controls whether CoS (dot1p priority) queue assignment and/or packet marking is performed on iSCSI traffic. When you enable iSCSI CoS mode, the CoS policy is applied to iSCSI traffic. When you disable iSCSI CoS mode, iSCSI sessions and connections are still detected and displayed in the status tables, but no CoS policy is applied to iSCSI traffic.
400001370000 InitiatorName - iqn.1991-05.com.microsoft:dt-brcd-cna-2 TargetName iqn.2001-05.com.equallogic:4-52aed6-b90d9446c-162466364804fa49-wj-v1 TSIH - 0" NOTE: If you are using EqualLogic or Compellent storage arrays, more than 256 simultaneous iSCSI sessions are possible. However, iSCSI session monitoring is not capable of monitoring more than 256 simultaneous iSCSI sessions. If this number is exceeded, sessions may display as unknown in session monitoring output.
Configuring Detection and Ports for Dell Compellent Arrays To configure a port connected to a Dell Compellent storage array, use the following command. • Configure a port connected to a Dell Compellent storage array. INTERFACE Configuration mode iscsi profile-compellent The command configures a port for the best iSCSI traffic conditions.
Enable and Disable iSCSI Optimization The following describes enabling and disabling iSCSI optimizaiton. NOTE: iSCSI monitoring is disabled by default. iSCSI auto-configuration and auto-detection is enabled by default. If you enable iSCSI, flow control is automatically enabled on all interfaces. To disable flow control on all interfaces, use the no flow control rx on tx off command and save the configuration.
Default iSCSI Optimization Values The following table lists the default values for the iSCSI optimization feature. Table 42. iSCSI Optimization Defaults Parameter Default Value iSCSI Optimization global setting Disabled. iSCSI CoS mode (802.1p priority queue mapping) dot1p priority 4 without the remark setting when you enable iSCSI. If you do not enable iSCSI, this feature is disabled.
cam-acl l2acl 4 ipv4acl 4 ipv6acl 0 ipv4qos 2 l2qos 1 l2pt 0 ipmacacl 0 vmanqos 0 ecfmacl 0 fcoeacl 0 iscsioptacl 2 NOTE: Content addressable memory (CAM) allocation is optional. If CAM is not allocated, the following features are disabled: • session monitoring • aging • class of service You can enable iSCSI even when allocated with zero (0) CAM blocks. However, if no CAM blocks are allocated, session monitoring is disabled and this information the show iscsi command displays this information.
Separate port numbers with a comma. If multiple IP addresses are mapped to a single TCP port, use the no iscsi target port tcp-port-n command to remove all IP addresses assigned to the TCP number. To delete a specific IP address from the TCP port, use the no iscsi target port tcp-port-n ip-address address command to specify the address to be deleted. • ip-address specifies the IP address of the iSCSI target.
[no] iscsi priority-bits. The default is 4 (0x10 in the bitmap). 11 (Optional) Configures the auto-detection of Compellent arrays on a port. INTERFACE mode [no] iscsi profile-compellent. The default is: Compellent disk arrays are not detected. Displaying iSCSI Optimization Information To display information on iSCSI optimization, use the following show commands. • Display the currently configured iSCSI settings. • show iscsi Display information on active iSCSI sessions on the switch.
VLT PEER2 Session 0: ----------------------------------------------------------------------------------Target: iqn.2001-05.com.equallogic:0-8a0906-0f60c2002-0360018428d48c94-iom011 iqn.1991-05.com.microsoft:win-x9l8v27yajg ISID: 400001370000 The following example shows the show iscsi session detailed command. VLT PEER1 Dell# show iscsi session detailed Session 0: -----------------------------------------------------------Target:iqn.2010-11.com.ixia:ixload:iscsi-TG1 Initiator:iqn.2010-11.com.ixia.
23 Intermediate System to Intermediate System The intermediate system to intermediate system (IS-IS) protocol that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS.
IS-IS Addressing IS-IS PDUs require ISO-style addressing called network entity title (NET). For those familiar with name-to-network service mapping point (NSAP) addresses, the composition of the NET is identical to an NSAP address, except the last byte is always 0. The NET is composed of the IS-IS area address, system ID, and N-selector. The last byte is the N-selector. All routers within an area have the same area portion.
The multi-topology ID is shown in the first octet of the IS-IS packet. Certain MT topologies are assigned to serve predetermined purposes: • MT ID #0: Equivalent to the “standard” topology. • MT ID #1: Reserved for IPv4 in-band management purposes. • MT ID #2: Reserved for IPv6 routing topology. • MT ID #3: Reserved for IPv4 multicast routing topology. • MT ID #4: Reserved for IPv6 multicast routing topology. • MT ID #5: Reserved for IPv6 in-band management purposes.
restart, there is a potential to lose access to parts of the network due to the necessity of network topology changes. IS-IS graceful restart recognizes that in a modern router, the control plane and data plane are functionally separate. Restarting the control plane functionality (such as the failover of the active route processor module (RPM) to the backup in a redundant configuration) should not necessarily interrupt data packet forwarding.
• MT Reachable IPv6 Prefixes TLV — appears for each IPv6 an IS announces for a given MT ID. Its structure is aligned with the extended IS Reachability TLV Type 236 and add an MT ID. By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address easier. Dell Networking OS does not support ISO CLNS routing; however, the ISO NET format is supported for addressing.
Configuration Tasks for IS-IS The following describes the configuration tasks for IS-IS. • • • • • • • • • • • Enabling IS-IS Configure Multi-Topology IS-IS (MT IS-IS) Configuring IS-IS Graceful Restart Changing LSP Attributes Configuring the IS-IS Metric Style Configuring IS-IS Cost Changing the IS-Type Controlling Routing Updates Configuring Authentication Passwords Setting the Overload Bit Debuging IS-IS Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS.
Enter the keyword interface then the type of interface and slot/port information: • • • • • 4 For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/ subport information. For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. For a Loopback interface, enter the keyword loopback then a number from 0 to 16383. For a port channel interface, enter the keywords port-channel then a number.
21.2223.2425.2627.2829.3031.3233 47.0004.004d.0001 Interfaces supported by IS-IS: Vlan 2 TenGigabitEthernet 4/22/1 Loopback 0 Redistributing: Distance: 115 Generate narrow metrics: level-1-2 Accept narrow metrics: level-1-2 Generate wide metrics: none Accept wide metrics: none Dell# To view IS-IS protocol statistics, use the show isis traffic command in EXEC Privilege mode.
NOTE: When you do not enable transition mode, you do not have IPv6 connectivity between routers operating in single-topology mode and routers operating in multi-topology mode. 2 Exclude this router from other router’s SPF calculations. ROUTER ISIS AF IPV6 mode set-overload-bit 3 Set the minimum interval between SPF calculations.
ROUTER-ISIS mode graceful-restart t1 {interval seconds | retry-times value} • interval: wait time (the range is from 5 to 120. The default is 5.) • • retry-times: number of times an unacknowledged restart request is sent before the restarting router gives up the graceful restart engagement with the neighbor. (The range is from 1 to 10 attempts. The default is 1.) Configure the time for the graceful restart timer T2 that a restarting router uses as the wait time for each database to synchronize.
Restart Req rcv count Suppress Adj rcv count Restart CSNP rcv count Database Sync count : : : : 0 0 0 0 (level-1), (level-1), (level-1), (level-1), 0 0 0 0 (level-2) (level-2) (level-2) (level-2) Circuit TenGigabitEthernet 2/10/1: Mode: Normal L1-State:NORMAL, L2-State: NORMAL L1: Send/Receive: RR:0/0, RA: 0/0, SA:0/0 T1 time left: 0, retry count left:0 L2: Send/Receive: RR:0/0, RA: 0/0, SA:0/0 T1 time left: 0, retry count left:0 Dell# Example of the show isis interface Command To view all interfaces
ROUTER ISIS mode lsp-mtu size • • size: the range is from 128 to 9195. The default is 1497. Set the LSP refresh interval. ROUTER ISIS mode lsp-refresh-interval seconds • • seconds: the range is from 1 to 65535. The default is 900 seconds. Set the maximum time LSPs lifetime. ROUTER ISIS mode max-lsp-lifetime seconds • seconds: the range is from 1 to 65535. The default is 1200 seconds.
Table 44. Metric Styles Metric Style Characteristics Cost Range Supported on IS-IS Interfaces narrow Sends and accepts narrow or old TLVs (Type, Length, Value). 0 to 63 wide Sends and accepts wide or new TLVs. 0 to 16777215 transition Sends both wide (new) and narrow 0 to 63 (old) TLVs. narrow transition Sends narrow (old) TLVs and accepts both narrow (old) and wide (new) TLVs. 0 to 63 wide transition Sends wide (new) TLVs and accepts both narrow (old) and wide (new) TLVs.
Configuring the IS-IS Cost When you change from one IS-IS metric style to another, the IS-IS metric value could be affected. For each interface with IS-IS enabled, you can assign a cost or metric that is used in the link state calculation. To change the metric or cost of the interface, use the following commands. • Assign an IS-IS metric.
Changing the IS-Type To change the IS-type, use the following commands. You can configure the system to act as a Level 1 router, a Level 1-2 router, or a Level 2 router. To change the IS-type for the router, use the following commands. • Configure IS-IS operating level for a router. ROUTER ISIS mode is-type {level-1 | level-1-2 | level-2-only} • Default is level-1-2. Change the IS-type for the IS-IS process.
• For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/ subport information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. • For a Loopback interface, enter the keyword loopback then a number from 0 to 16383. • For a port channel interface, enter the keywords port-channel then a number. • For a VLAN interface, enter the keyword vlan then a number from 1 to 4094.
ROUTER ISIS mode distribute-list redistributed-override in Applying IPv6 Routes To apply prefix lists to incoming or outgoing IPv6 routes, use the following commands. NOTE: These commands apply to IPv6 IS-IS only. To apply prefix lists to IPv4 routes, use ROUTER ISIS mode, previously shown. • Apply a configured prefix list to all incoming IPv6 IS-IS routes.
To add routes from other routing instances or protocols, use the following commands. NOTE: These commands apply to IPv4 IS-IS only. To apply prefix lists to IPv6 routes, use ADDRESSFAMILY IPV6 mode, shown later. • Include BGP, directly connected, RIP, or user-configured (static) routes in IS-IS.
• • metric-value: the range is from 0 to 16777215. The default is 0. • metric-type: choose either external or internal. The default is internal. • map-name: enter the name of a configured route map. Include specific OSPF routes in IS-IS.
To view the passwords, use the show config command in ROUTER ISIS mode or the show runningconfig isis command in EXEC Privilege mode. To remove a password, use either the no area-password or no domain-password commands in ROUTER ISIS mode. Setting the Overload Bit Another use for the overload bit is to prevent other routers from using this router as an intermediate hop in their shortest path first (SPF) calculations.
• debug isis View information on all adjacency-related activity (for example, hello packets that are sent and received). EXEC Privilege mode debug isis adj-packets [interface] To view specific information, enter the following optional parameter: • • interface: Enter the type of interface and slot/port information to view IS-IS information on that interface only. View information about IS-IS local update packets.
IS-IS Metric Styles The following sections provide additional information about the IS-IS metric styles.
Table 45. Metric Value When the Metric Style Changes Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value wide narrow default value (10) if the original value is greater than 63. A message is sent to the console. wide transition truncated value (the truncated value appears in the LSP only). The original isis metric value is displayed in the show config and show running-config commands and is used if you change back to transition metric style.
Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value wide transition narrow transition default value (10) if the original value is greater than 63. A message is sent to the console. wide transition transition truncated value (the truncated value appears in the LSP only). The original isis metric value is displayed in the show config and show running-config commands and is used if you change back to transition metric style.
Level-1 Metric Style Level-2 Metric Style Resulting Metric Value wide narrow transition truncated value wide wide transition original value wide transition truncated value narrow transition wide original value narrow transition narrow original value narrow transition wide transition original value narrow transition transition original value transition wide original value transition narrow original value transition wide transition original value transition narrow transition
• Multi-topology Transition — You must configure the IPv6 address. Configuring the IPv4 address is optional. You must enable the ipv6 router isis command on the interface. If you configure IPv4, also enable the ip router isis command. In router isis configuration mode, enable multitopology transition under address-family ipv6 unicast. Figure 55.
Dell (conf-if-te-3/17/1)# Dell (conf-router_isis)#show config ! router isis net 34.0000.0000.AAAA.00 ! address-family ipv6 unicast multi-topology exit-address-family Dell (conf-router_isis)# Dell (conf-if-te-3/17/1)#show config ! interface TenGigabitEthernet 3/17/1 ipv6 address 24:3::1/76 ipv6 router isis no shutdown Dell (conf-if-te-3/17/1)# Dell (conf-router_isis)#show config ! router isis net 34.0000.0000.AAAA.
24 Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by the Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel by Dell Networking OS, can provide both loadsharing and port redundancy across line cards. You can enable LAGs as static or dynamic.
• If a physical interface is a part of a static LAG, the port-channel-protocol lacp command is rejected on that interface. • If a physical interface is a part of a dynamic LAG, it cannot be added as a member of a static LAG. The channel-member tengigabitethernet command is rejected in the static LAG interface for that physical interface. • A dynamic LAG can be created with any type of configuration.
• Enable or disable LACP on any LAN port. INTERFACE mode [no] port-channel-protocol lacp The default is LACP disabled. This command creates context. Configure LACP mode. • LACP mode [no] port-channel number mode [active | passive | off] • number: cannot statically contain any links. The default is LACP active. Configure port priority. • LACP mode [no] lacp port-priority priority-value The range is from 1 to 65535 (the higher the number, the lower the priority). The default is 32768.
Example of Configuring a LAG Interface Dell(conf)#interface port-channel 32 Dell(conf-if-po-32)#no shutdown Dell(conf-if-po-32)#switchport The LAG is in the default VLAN. To place the LAG into a non-default VLAN, use the tagged command on the LAG. Dell(conf)#interface vlan 10 Dell(conf-if-vl-10)#tagged port-channel 32 Configuring the LAG Interfaces as Dynamic After creating a LAG, configure the dynamic LAG interfaces. To configure the dynamic LAG interfaces, use the following command.
NOTE: The 30-second timeout is available for dynamic LAG interfaces only. You can enter the lacp long-timeout command for static LAGs, but it has no effect. To configure LACP long timeout, use the following command. • Set the LACP timeout value to 30 seconds.
As shown in the following illustration, the line-rate traffic from R1 destined for R4 follows the lowest-cost route via R2. Traffic is equally distributed between LAGs 1 and 2. If LAG 1 fails, all traffic from R1 to R4 flows across LAG 2 only. This condition over-subscribes the link and packets are dropped. Figure 56. Shared LAG State Tracking To avoid packet loss, redirect traffic through the next lowest-cost link (R3 to R4).
To view the failover group configuration, use the show running-configuration po-failover-group command. Dell#show running-config po-failover-group ! port-channel failover-group group 1 port-channel 1 port-channel 2 As shown in the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down after the failure. This effect is logged by Message 1, in which a console message declares both LAGs down at the same time. Figure 57.
Important Points about Shared LAG State Tracking The following is more information about shared LAG state tracking. • • • • • This feature is available for static and dynamic LAGs. Only a LAG can be a member of a failover group. You can configure shared LAG state tracking on one side of a link or on both sides. If a LAG that is part of a failover group is deleted, the failover group is deleted. If a LAG moves to the Down state due to this feature, its members may still be in the Up state.
switchport no shutdown ! Alpha(conf-if-po-10)# Example of Viewing a LAG Port Configuration The following example inspects a LAG port configuration on ALPHA.
Figure 59.
Figure 60.
Figure 61.
switchport no shutdown interface TenGigabitEthernet 2/31 no ip address Summary of the LAG Configuration on Bravo Bravo(conf-if-te-3/21/1)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Bravo(conf-if-po-10)#exit Bravo(conf)#int tengig 3/21/1 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-te-3/21/1)#port-channel
Figure 62.
Figure 63.
Figure 64. Inspecting the LAG Status Using the show lacp command The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but is general enough to allow any type of network layer datagram to be sent over a PPP connection.
25 Layer 2 This chapter describes the Layer 2 features supported on the device. Manage the MAC Address Table You can perform the following management tasks in the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries • Configuring a Static MAC Address • Displaying the MAC Address Table Clearing the MAC Address Table You may clear the MAC address table of dynamic entries. To clear a MAC address table, use the following command.
• Specify an aging time. CONFIGURATION mode mac-address-table aging-time seconds The range is from 10 to 1000000. Configuring a Static MAC Address A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. • Create a static MAC address entry in the MAC address table. CONFIGURATION mode mac-address-table static Displaying the MAC Address Table To display the MAC address table, use the following command.
• mac learning-limit mac-address-sticky • mac learning-limit station-move • Learning Limit Violation Actions • Setting Station Move Violation Actions • Recovering from Learning Limit and Station Move Violations Dell Networking OS Behavior: When configuring the MAC learning limit on a port or VLAN, the configuration is accepted (becomes part of running-config and show mac learning-limit interface) before the system verifies that sufficient CAM space exists.
Dell Networking OS Behavior: If you do not configure the dynamic option, the system does not detect station moves in which a MAC address learned from a MAC-limited port is learned on another port on the same system. Therefore, any configured violation response to detected station moves is not performed.
show mac learning-limit Dell Networking OS Behavior: The systems do not generate a station-move violation log entry for physical interfaces or port-channels when you configure mac learning-limit or when you configure mac learning-limit station-move-violation log. Dell Networking OS detects a station-move violation only when you configure mac learning-limit dynamic and logs the violation only when you configure the mac learning-limit station-move-violation log, as shown in the following example.
• station-move-violation shutdown-offending Shut down both the first and second port to learn the MAC address. INTERFACE mode • station-move-violation shutdown-both Display a list of all of the interfaces configured with MAC learning limit or station move violation. CONFIGURATION mode show mac learning-limit violate-action NOTE: When the MAC learning limit (MLL) is configured as no-station-move, the MLL will be processed as static entries internally.
The following illustration shows a topology where two NICs have been teamed together. In this case, if the primary NIC fails, traffic switches to the secondary NIC because they are represented by the same set of addresses. Figure 65. Redundant NICs with NIC Teaming When you use NIC teaming, consider that the server MAC address is originally learned on Port 0/1 of the switch (shown in the following) and Port 0/5 is the failover port.
NOTE: If you have configured the no mac-address-table station-move refresh-arp command, traffic continues to be forwarded to the failed NIC until the ARP entry on the switch times out. Figure 66.
Apply all other configurations to each interface in the redundant pair such that their configurations are identical, so that transition to the backup interface in the event of a failure is transparent to rest of the network. Figure 67. Configuring Redundant Layer 2 Pairs without Spanning Tree You configure a redundant pair by assigning a backup interface to a primary interface with the switchport backup interface command.
To ensure that existing network applications see no difference when a primary interface in a redundant pair transitions to the backup interface, be sure to apply identical configurations of other traffic parameters to each interface. If you remove an interface in a redundant link (remove the line card of a physical interface or delete a port channel with the no interface port-channel command), the redundant pair configuration is also removed.
Dell(conf-if-te-1/11/1)#shutdown 00:24:53: %RPM0-P:CP %IFMGR-5-ASTATE_DN: Changed interface Admin state to down: Te 1/11/1 Dell(conf-if-te-1/11/1)#00:24:55: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 1/11/1 00:24:55: %RPM0-P:CP %IFMGR-5-INACTIVE: Changed Vlan interface state to inactive: Vl 1 00:24:55: %RPM0-P:CP %IFMGR-5-OSTATE_UP: Changed interface state to up: Te 1/11/2 00:24:55: %RPM0-P:CP %IFMGR-5-ACTIVE: Changed Vlan interface state to active: Vl 1 00:24:55: %RPM0-P:CP %IFMGR-5
enable FEFD globally or locally on an interface basis. Disabling the global FEFD configuration does not disable the interface configuration. Figure 68. Configuring Far-End Failure Detection The report consists of several packets in SNAP format that are sent to the nearest known MAC address. In the event of a far-end failure, the device stops receiving frames and, after the specified time interval, assumes that the far-end is not available.
2 After you enable FEFD on an interface, it transitions to the Unknown state and sends an FEFD packet to the remote end of the link. 3 When the local interface receives the echoed packet from the remote end, the local interface transitions to the Bi-directional state. 4 If the FEFD enabled system is configured to use FEFD in Normal mode and neighboring echoes are not received after three intervals, (you can set each interval can be set between 3 and 300 seconds) the state changes to unknown.
Configuring FEFD You can configure FEFD for all interfaces from CONFIGURATION mode, or on individual interfaces from INTERFACE mode. To enable FEFD globally on all interfaces, use the following command. • Enable FEFD globally on all interfaces. CONFIGURATION mode fefd-global To report interval frequency and mode adjustments, use the following commands. 1 Setup two or more connected interfaces for Layer 2 or Layer 3.
Enabling FEFD on an Interface To enable, change, or disable FEFD on an interface, use the following commands. • Enable FEFD on a per interface basis. INTERFACE mode fefd • Change the FEFD mode. INTERFACE mode fefd [mode {aggressive | normal}] • Disable FEFD protocol on one interface. INTERFACE mode fefd disable Disabling an interface shuts down all protocols working on that interface’s connected line. It does not delete your previous FEFD configuration which you can enable again at any time.
Debugging FEFD To debug FEFD, use the first command. To provide output for each packet transmission over the FEFD enabled connection, use the second command. • Display output whenever events occur that initiate or disrupt an FEFD enabled connection. EXEC Privilege mode • debug fefd events Provide output for each packet transmission over the FEFD enabled connection.
26 Link Layer Discovery Protocol (LLDP) This chapter describes how to configure and use the link layer discovery protocol (LLDP). 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
There are five types of TLVs. All types are mandatory in the construction of an LLDPDU except Optional TLVs. You can configure the inclusion of individual Optional TLVs. Table 49. Type, Length, Value (TLV) Types Type TLV Description 0 End of LLDPDU Marks the end of an LLDPDU. 1 Chassis ID An administratively assigned name that identifies the LLDP agent. 2 Port ID An administratively assigned name that identifies a port through which TLVs are sent and received.
Management TLVs A management TLV is an optional TLVs sub-type. This kind of TLV contains essential management information about the sender. Organizationally Specific TLVs A professional organization or a vendor can define organizationally specific TLVs. They have two mandatory fields (as shown in the following illustration) in addition to the basic TLV fields. Figure 71. Organizationally Specific TLV IEEE Organizationally Specific TLVs Eight TLV types have been defined by the IEEE 802.1 and 802.
Type TLV Description 127 Port-VLAN ID On Dell Networking systems, indicates the untagged VLAN to which a port belongs. 127 Port and Protocol VLAN ID On Dell Networking systems, indicates the tagged VLAN to which a port belongs (and the untagged VLAN to which a port belongs if the port is in Hybrid mode). 127 Protocol Identity Indicates the protocols that the port can process. Dell Networking OS does not currently support this TLV.
TIA-1057 (LLDP-MED) Overview Link layer discovery protocol — media endpoint discovery (LLDP-MED) as defined by ANSI/ TIA-1057— provides additional organizationally specific TLVs so that endpoint devices and network connectivity devices can advertise their characteristics and configuration information; the OUI for the Telecommunications Industry Association (TIA) is 00-12-BB.
Type SubType TLV Description 127 3 Location Identification Indicates that the physical location of the device expressed in one of three possible formats: • • • 127 4 Inventory Management TLVs Implementation of this set of TLVs is optional in LLDP-MED devices. None or all TLVs must be supported. Dell Networking OS does not currently support these TLVs.
LLDP-MED Capabilities TLV The LLDP-MED capabilities TLV communicates the types of TLVs that the endpoint device and the network connectivity device support. LLDP-MED network connectivity devices must transmit the Network Policies TLV. • The value of the LLDP-MED capabilities field in the TLV is a 2–octet bitmap, each bit represents an LLDP-MED capability (as shown in the following table). • The possible values of the LLDP-MED device type are shown in the following.
LLDP-MED Network Policies TLV A network policy in the context of LLDP-MED is a device’s VLAN configuration and associated Layer 2 and Layer 3 configurations. LLDP-MED network policies TLV include: • VLAN ID • VLAN tagged or untagged status • Layer 2 priority • DSCP value An integer represents the application type (the Type integer shown in the following table), which indicates a device function for which a unique network policy is defined.
Type Application Description 7 Streaming Video Specify this application type for dedicated video conferencing and other similar appliances supporting real-time interactive video. 8 Video Signaling Specify this application type only if video control packets use a separate network policy than video data. 9–255 Reserved — Figure 73.
Configure LLDP Configuring LLDP is a two-step process. 1 Enable LLDP globally. 2 Advertise TLVs out of an interface. Related Configuration Tasks • • • • • • Viewing the LLDP Configuration Viewing Information Advertised by Adjacent LLDP Agents Configuring LLDPDU Intervals Configuring Transmit and Receive Mode Configuring a Time to Live Debugging LLDP Important Points to Remember • • • • • LLDP is enabled by default. Dell Networking systems support up to eight neighbors per interface.
Example of the protocol lldp Command (CONFIGURATION Level) R1(conf)#protocol lldp R1(conf-lldp)#? advertise Advertise TLVs disable Disable LLDP protocol globally end Exit from configuration mode exit Exit from LLDP configuration mode hello LLDP hello configuration mode LLDP mode configuration (default = rx and tx) multiplier LLDP multiplier configuration no Negate a command or set its defaults show Show LLDP configuration Dell(conf-lldp)#exit Dell(conf)#interface tengigabitethernet 1/3/1 Dell(conf-if-te-1/3
Enabling LLDP on Management Ports LLDP on management ports is enabled by default. To enable LLDP on management ports, use the following command. 1 Enter Protocol LLDP mode. CONFIGURATION mode protocol lldp 2 Enter LLDP management-interface mode. LLDP-MANAGEMENT-INTERFACE mode management-interface 3 Enable LLDP. PROTOCOL LLDP mode no disable Disabling and Undoing LLDP on Management Ports To disable or undo LLDP on management ports, use the following command. 1 Enter Protocol LLDP mode.
To advertise TLVs, use the following commands. 1 Enter LLDP mode. CONFIGURATION or INTERFACE mode protocol lldp 2 Advertise one or more TLVs. PROTOCOL LLDP mode advertise {dcbx-appln-tlv | dcbx-tlv | dot3-tlv | interface-port-desc | management-tlv | med } Include the keyword for each TLV you want to advertise. • For management TLVs: system-capabilities, system-description. • For 802.1 TLVs: port-protocol-vlan-id, port-vlan-id . • For 802.3 TLVs: max-frame-size.
Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display the LLDP configuration. CONFIGURATION or INTERFACE mode show config Examples of Viewing LLDP Configurations The following example shows viewing an LLDP global configuration.
Examples of Viewing Brief or Detailed Information Advertised by Neighbors Example of Viewing Brief Information Advertised by Neighbors Dell(conf-if-te-1/3/1-lldp)#end Dell (conf-if-te-1/3/1)#do show lldp neighbors Loc PortID Rem Host Name Rem Port Id Rem Chassis Id -------------------------------------------------------------------Te 1/1/1 TenGigabitEthernet 1/5 00:01:e8:05:40:46 Te 1/2/1 TenGigabitEthernet 1/6 00:01:e8:05:40:46 Example of Viewing Details Advertised by Neighbors Dell#show lldp neighbors det
Example of Viewing LLDPDU Intervals R1(conf)#protocol lldp R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#mode ? rx Rx only tx Tx only R1(conf-lldp)#mode tx R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-d
protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#mode ? rx Rx only tx Tx only R1(conf-lldp)#mode tx R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description mode tx no disable R1(conf-lldp)#no mode R1(conf-lldp)#show config ! protoco
advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description multiplier 5 no disable R1(conf-lldp)#no multiplier R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)# Debugging LLDP You can view the TLVs that your system is sending and receiving.
To stop viewing the LLDP TLVs sent and received by the system, use the no debug lldp command. Figure 76. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs • the LLDP configuration on the local agent • IEEE 802.
Table 55. LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP MIB Object Description LLDP Configuration adminStatus lldpPortConfigAdminStatus Whether you enable the local LLDP agent for transmit, receive, or both. msgTxHold lldpMessageTxHoldMultiplier Multiplier value. msgTxInterval lldpMessageTxInterval Transmit Interval value. rxInfoTTL lldpRxInfoTTL Time to live for received TLVs. txInfoTTL lldpTxInfoTTL Time to live for transmitted TLVs.
Table 56.
TLV Type TLV Name TLV Variable System LLDP MIB Object interface numbering subtype Local lldpLocManAddrIfSub type Remote lldpRemManAddrIfSu btype Local lldpLocManAddrIfId Remote lldpRemManAddrIfId Local lldpLocManAddrOID Remote lldpRemManAddrOID interface number OID Table 57. LLDP 802.
Table 58.
TLV Sub-Type TLV Name TLV Variable 3 Location Data Format Local Location Identifier Location ID Data 4 Extended Power via MDI Power Device Type Power Source System LLDP-MED MIB Object lldpXMedLocLocation Subtype Remote lldpXMedRemLocatio nSubtype Local lldpXMedLocLocation Info Remote lldpXMedRemLocatio nInfo Local lldpXMedLocXPoEDe viceType Remote lldpXMedRemXPoED eviceType Local lldpXMedLocXPoEPS EPowerSource lldpXMedLocXPoEPD PowerSource Remote lldpXMedRemXPoEPS EPowerSource lldpX
27 Microsoft Network Load Balancing Network load balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems (OSs). NLB uses a distributed methodology or pattern to equally split and balance the network traffic load across a set of servers that are part of the cluster or group.
NLB Multicast Mode Scenario Consider a topology in which you configure four servers, S1 through S4, as a cluster or a farm. This set of servers connects to a Layer 3 switch, which connects to the end-clients. They contain a single multicast MAC address (MAC-Cluster: 03-00-5E-11-11-11). In Multicast NLB mode, configure a static ARP configuration command to associate the cluster IP address with a multicast cluster MAC address.
given in the payload. Then, all the traffic destined for the cluster is flooded out of all member ports. Because all the servers in the cluster receive traffic, failover and balancing are preserved. Enable and Disable VLAN Flooding • The older ARP entries are overwritten whenever newer NLB entries are learned. • All ARP entries, learned after you enable VLAN flooding, are deleted when you disable VLAN flooding, and RP2 triggers an ARP resolution.
This setting causes the multicast MAC address to be mapped to the cluster IP address for the NLB mode of operation of the switch. 2 Associate specific MAC or hardware addresses to VLANs.
28 Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as border gateway protocol (BGP).
3 When an MSDP peer receives an SA message, it determines if there are any group members within the domain interested in any of the advertised sources. If there are, the receiving RP sends a join message to the originating RP, creating a shortest path tree (SPT) to the source. Figure 77.
RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected. Figure 78.
Anycast RP Using MSDP, anycast RP provides load sharing and redundancy in PIM-SM networks. Anycast RP allows two or more rendezvous points (RPs) to share the load for source registration and the ability to act as hot backup routers for each other. Anycast RP allows you to configure two or more RPs with the same IP address on Loopback interfaces. The Anycast RP Loopback address are configured with a 32-bit mask, making it a host address.
Related Configuration Tasks The following lists related MSDP configuration tasks.
Figure 79.
Figure 80.
Figure 81.
Figure 82. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. 1 Enable MSDP.
ip multicast-msdp 2 Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Examples of Configuring and Viewing MSDP R3(conf)#ip multicast-msdp R3(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3(conf)#do show ip msdp summary Peer Addr Description Local Addr State Source SA Up/Down To view details about a peer, use the show ip msdp peer command in EXEC privilege mode.
Example of the show ip msdp sa-cache Command R3#show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom 239.0.0.1 10.11.4.2 192.168.0.1 192.168.0.1 Expire UpTime 76 00:10:44 Limiting the Source-Active Cache Set the upper limit of the number of active sources that the Dell Networking OS caches. The default active source limit is 500K messages.
Accept Source-Active Messages that Fail the RFP Check A default peer is a peer from which active sources are accepted even though they fail the RFP check. Referring to the following illustrations: • In Scenario 1, all MSPD peers are up. • In Scenario 2, the peership between RP1 and RP2 is down, but the link (and routing protocols) between them is still up.
Figure 83.
Figure 84.
Figure 85. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip-address list If you do not specify an access list, the peer accepts all sources that peer advertises. All sources from RPs that the ACL denies are subject to the normal RPF check.
Example of the ip msdp default-peer Command and Viewing Denied Sources Dell(conf)#ip msdp peer 10.0.50.2 connect-source Vlan 50 Dell(conf)#ip msdp default-peer 10.0.50.2 list fifty Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50 Dell#ip msdp sa-cache MSDP Source-Active Cache - 3 entries GroupAddr SourceAddr RPAddr LearnedFrom 229.0.50.2 24.0.50.2 200.0.0.50 10.0.50.2 229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 229.0.50.4 24.0.50.4 200.0.0.50 10.0.50.
CONFIGURATION mode ip msdp cache-rejected-sa 2 Prevent the system from caching local SA entries based on source and group using an extended ACL. CONFIGURATION mode ip msdp redistribute list Example of Verifying the System is not Caching Local Sources When you apply this filter, the SA cache is not affected immediately. When sources that are denied by the ACL time out, they are not refreshed. Until they time out, they continue to reside in the cache.
Example of Verifying the System is not Caching Remote Sources As shown in the following example, R1 is advertising source 10.11.4.2. It is already in the SA cache of R3 when an ingress SA filter is applied to R3. The entry remains in the SA cache until it expires and is not stored in the rejected SA cache. [Router 3] R3(conf)#do show run msdp ! ip multicast-msdp ip msdp peer 192.168.0.1 connect-source Loopback 0 ip msdp sa-filter in 192.168.0.
seq 5 deny ip host 239.0.0.1 host 10.11.4.2 seq 10 deny ip any any R1(conf)#do show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom 239.0.0.1 10.11.4.2 192.168.0.1 local R3(conf)#do show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom 239.0.0.1 10.11.4.2 192.168.0.1 192.168.0.
[Router 1] R1(conf)#do show ip msdp peer Peer Addr: 192.168.0.3 Local Addr: 0.0.0.0(0) Connect Source: Lo 0 State: Inactive Up/Down Time: 00:00:03 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA Filtering: Clearing Peer Statistics To clear the peer statistics, use the following command. • Reset the TCP connection to the peer and clear all peer statistics.
Example of the debug ip msdp Command R1(conf)#do debug ip msdp All MSDP debugging has been turned on R1(conf)#03:16:08 : MSDP-0: Peer 192.168.0.3, sent Keepalive msg 03:16:09 : MSDP-0: Peer 192.168.0.3, rcvd Keepalive msg 03:16:27 : MSDP-0: Peer 192.168.0.3, sent Source Active msg 03:16:38 : MSDP-0: Peer 192.168.0.3, sent Keepalive msg 03:16:39 : MSDP-0: Peer 192.168.0.3, rcvd Keepalive msg 03:17:09 : MSDP-0: Peer 192.168.0.3, sent Keepalive msg 03:17:10 : MSDP-0: Peer 192.168.0.
3 RPs use MSDP to peer with each other using a unique address. Figure 86. MSDP with Anycast RP Configuring Anycast RP To configure anycast RP, use the following commands. 1 In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address. CONFIGURATION mode interface loopback 2 Make this address the RP for the group.
CONFIGURATION mode ip pim rp-address 3 In each routing domain that has multiple RPs serving a group, create another Loopback interface on each RP serving the group with a unique IP address. CONFIGURATION mode interface loopback 4 Peer each RP with every other RP using MSDP, specifying the unique Loopback address as the connectsource. CONFIGURATION mode ip msdp peer 5 Advertise the network of each of the unique Loopback addresses throughout the network.
interface TenGigabitEthernet 1/1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface TenGigabitEthernet 1/2/1 ip address 10.11.2.1/24 no shutdown ! interface TenGigabitEthernet 1/21/1 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.11/32 no shutdown ! router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 10.11.3.0/24 area 0 network 192.
no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.22/32 area 0 redistribute static redistribute connected redistribute bgp 100 ! router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200 neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.3 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 1 ip msdp peer 192.168.0.11 connect-source Loopback 1 ip msdp mesh-group AS100 192.168.0.
! ip route 192.168.0.1/32 10.11.0.23 ip route 192.168.0.22/32 10.11.0.23 ! ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 MSDP Sample Configurations The following examples show the running-configurations described in this chapter. For more information, see the illustrations in the Related Configuration Tasks section. MSDP Sample Configuration: R1 Running-Config ip multicast-routing ! interface TenGigabitEthernet 1/1/1 ip pim sparse-mode ip address 10.11.3.
! interface TenGigabitEthernet 1/31/1 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip address 192.168.0.2/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.2/32 area 0 redistribute static redistribute connected redistribute bgp 100 ! router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200 neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.3 update-source Loopback 0 neighbor 192.168.0.
neighbor 192.168.0.2 update-source Loopback 0 neighbor 192.168.0.2 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.1 connect-source Loopback 0 ! ip route 192.168.0.2/32 10.11.0.23 MSDP Sample Configuration: R4 Running-Config ip multicast-routing ! interface TenGigabitEthernet 1/1/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown ! interface TenGigabitEthernet 1/22/1 ip address 10.10.42.1/24 no shutdown ! interface TenGigabitEthernet 1/31/1 ip pim sparse-mode ip address 10.11.6.
29 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances. Protocol Overview MSTP — specified in IEEE 802.
In the following illustration, three VLANs are mapped to two multiple spanning tree instances (MSTI). VLAN 100 traffic takes a different path than VLAN 200 and 300 traffic. The behavior demonstrates how you can use MSTP to achieve load balancing. Figure 87.
Spanning Tree Variations The Dell Networking OS supports four variations of spanning tree, as shown in the following table. Table 59. Spanning Tree Variations Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tree Protocol (MSTP) 802 .
• Interoperate with Non-Dell Networking OS Bridges • Changing the Region Name or Revision • Modifying Global Parameters • Modifying the Interface Parameters • Configuring an EdgePort • Flush MAC Addresses after a Topology Change • Debugging and Verifying MSTP Configurations • Prevent Network Disruptions with BPDU Guard • Enabling SNMP Traps for Root Elections and Topology Changes • Configuring Spanning Trees as Hitless Enable Multiple Spanning Tree Globally MSTP is not enabled by default
To remove an interface from the MSTP topology, use the no spanning-tree 0 command. Creating Multiple Spanning Tree Instances To create multiple spanning tree instances, use the following command. A single MSTI provides no more benefit than RSTP. To take full advantage of MSTP, create multiple MSTIs and map VLANs to them. • Create an MSTI. PROTOCOL MSTP mode msti Specify the keyword vlan then the VLANs that you want to participate in the MSTI.
Port 374 (TenGigabitEthernet 1/1/1/1) is root Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.374 Designated root has priority 32768, address 0001.e806.953e Designated bridge has priority 32768, address 0001.e806.953e Designated port id is 128.
A lower number increases the probability that the bridge becomes the root bridge. The range is from 0 to 61440, in increments of 4096. The default is 32768. Example of Assigning and Verifying the Root Bridge Priority By default, the simple configuration shown previously yields the same forwarding path for both MSTIs. The following example shows how R3 is assigned bridge priority 0 for MSTI 2, which elects a different root bridge than MSTI 2.
• Change the region revision number. PROTOCOL MSTP mode revision number Example of the name Command To view the current region name and revision, use the show spanning-tree mst configuration command from EXEC Privilege mode.
The default is 2 seconds. 3 Change the max-age parameter. PROTOCOL MSTP mode max-age seconds The range is from 6 to 40. The default is 20 seconds. 4 Change the max-hops parameter. PROTOCOL MSTP mode max-hops number The range is from 1 to 40. The default is 20. Example of the forward-delay Parameter To view the current values for MSTP parameters, use the show running-config spanning-tree mstp command from EXEC privilege mode.
Table 60.
violation option causes the interface hardware to be shut down when it receives a BPDU. When you implement only bpduguard, although the interface is placed in an Error Disabled state when receiving the BPDU, the physical interface remains up and spanning-tree drops packets in the hardware after a BPDU violation. BPDUs are dropped in the software after receiving the BPDU violation. This feature is the same as PortFast mode in spanning tree.
To view the enable status of this feature, use the show running-config spanning-tree mstp command from EXEC Privilege mode. MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from Dell Networking OS systems. Figure 88.
switchport no shutdown ! interface TenGigabitEthernet 1/31/1 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 1/21/1,31/1 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 1/21,31/1 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/21,31/1 no shutdown Router 2 Running-Configuration This example uses the following steps: 1 Enable MSTP globally and set the region name and revision map MSTP instances to
no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/1/3/1,1/1/4/1 no shutdown (Step 1) protocol spanning-tree mstp no disable name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! (Step 2) interface TenGigabitEthernet 2/11/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 2/31/1 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 2/11/1,31/1 no shutdown ! interface Vlan 200 no ip address tagged TenGiga
switchport no shutdown ! interface TenGigabitEthernet 1/1/5/2 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 1/1/5/1,1/1/5/2 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 1/1/5/1,1/1/5/2 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/1/5/1,1/1/5/2 no shutdown (Step 1) protocol spanning-tree mstp no disable name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! (Step 2) interface TenGig
SFTOS Example Running-Configuration This example uses the following steps: 1 Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2 Assign Layer-2 interfaces to the MSTP topology. 3 Create VLANs mapped to MSTP instances tag interfaces to the VLANs.
EXEC Privilege mode debug spanning-tree mstp bpdu Display MSTP-triggered topology change messages. • debug spanning-tree mstp events Examples of Viewing MSTP Configurations To ensure all the necessary parameters match (region name, region version, and VLAN to instance mapping), examine your individual routers. To show various portions of the MSTP configuration, use the show spanning-tree mst commands.
Brg/Port Prio: 32768/128, Rem Hops: 20 INST 2: Flags: 0x6e, Reg Root: 32768:0001.e806.953e, Int Root Cost: 0 Brg/Port Prio: 32768/128, Rem Hops: 20 4w0d4h : MSTP: Received BPDU on Te 2/21/1 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x78 (Indicates MSTP routers are in the [single] region.) CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 0 Regional Bridge Id: 32768:0001.e806.
30 Multicast Features NOTE: Multicast routing is supported on secondary IP addresses; it is not supported on IPv6. NOTE: Multicast routing is supported across default and non-default virtual routing and forwarding (VRFs).
Protocol Ethernet Address OSPF 01:00:5e:00:00:05 01:00:5e:00:00:06 RIP 01:00:5e:00:00:09 NTP 01:00:5e:00:01:01 VRRP 01:00:5e:00:00:12 PIM-SM 01:00:5e:00:00:0d • The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fennertraceroute-ipm. • Multicast is not supported on secondary IP addresses. • If you enable multicast routing, egress Layer 3 ACL is not applied to multicast data traffic.
When the multicast route limit is reached, the following displays: 3w1d13h: %RPM0-P:RP2 %PIM-3-PIM_TIB_LIMIT: PIM TIB limit reached. No new routes will be learnt until TIB level falls below low watermark. 3w1d13h: %RPM0-P:RP2 %PIM-3-PIM_TIB_LIMIT: PIM TIB below low watermark. Route learning will begin. To limit the number of multicast routes, use the following command. • Limit the total number of multicast routes on the system. CONFIGURATION mode ip multicast-limit The range is from 1 to 16000.
limiting Receiver 1, so both IGMP reports are accepted and two corresponding entries are created in the routing table. Figure 89. Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration. Table 61. Preventing a Host from Joining a Group — Description Location 1/21/1 Description • • • Interface TenGigabitEthernet 1/21/1 ip pim sparse-mode ip address 10.11.12.
Location Description • no shutdown 1/31/1 • • • • Interface TenGigabitEthernet 1/31/1 ip pim sparse-mode ip address 10.11.13.1/24 no shutdown 2/1/1 • • • • Interface TenGigabitEthernet 2/1/1 ip pim sparse-mode ip address 10.11.1.1/24 no shutdown 2/11/1 • • • • Interface TenGigabitEthernet 2/11/1 ip pim sparse-mode ip address 10.11.12.2/24 no shutdown 2/31/1 • • • • Interface TenGigabitEthernet 2/31/1 ip pim sparse-mode ip address 10.11.23.
Location Description • • • • • ip pim sparse-mode ip address 10.11.4.1/24 untagged TenGigabitEthernet 1/2/1 ip igmp access-group igmpjoinfilR2G2 no shutdown Preventing a PIM Router from Forming an Adjacency To prevent a router from participating in PIM (for example, to configure stub multicast routing), use the following command. • Prevent a router from participating in PIM.
Preventing a Source from Registering with the RP To prevent the PIM source DR from sending register packets to route processor (RP) for the specified multicast source and group, use the following command. If the source DR never sends register packets to the RP, no hosts can ever discover the source and create a shortest path tree (SPT) to it. • Prevent a source from transmitting to a particular group.
Figure 90. Preventing a Source from Transmitting to a Group The following table lists the location and description shown in the previous illustration. Table 63. Preventing a Source from Transmitting to a Group — Description Location 1/21/1 Description • • • Interface TenGigabitEthernet 1/21/1 ip pim sparse-mode ip address 10.11.12.
Location Description • no shutdown 1/31/1 • • • • Interface TenGigabitEthernet 1/31/1 ip pim sparse-mode ip address 10.11.13.1/24 no shutdown 2/1/1 • • • • Interface TenGigabitEthernet 2/1/1 ip pim sparse-mode ip address 10.11.1.1/24 no shutdown 2/11/1 • • • • Interface TenGigabitEthernet 2/11/1 ip pim sparse-mode ip address 10.11.12.2/24 no shutdown 2/31/1 • • • • Interface TenGigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.
Location Description • • • • ip pim sparse-mode ip address 10.11.4.1/24 untagged TenGigabitEthernet 1/2 no shutdown Preventing a PIM Router from Processing a Join To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router.
31 Object Tracking IPv4 or IPv6 object tracking is available on Dell Networking OS. Object tracking allows the Dell Networking OS client processes, such as virtual router redundancy protocol (VRRP), to monitor tracked objects (for example, interface or link status) and take appropriate action when the state of an object changes. NOTE: In Dell Networking OS release version 8.4.1.0, object tracking is supported only on VRRP.
Later, if network conditions change and the cost of the default route in each router changes, the mastership of the VRRP group is automatically reassigned to the router with the better metric. Figure 91. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object. Optionally, you can also specify: • UP and DOWN thresholds used to report changes in a route metric.
Track Layer 3 Interfaces You can create an object that tracks the Layer 3 state (IPv4 or IPv6 routing status) of an interface. • The Layer 3 status of an interface is UP only if the Layer 2 status of the interface is UP and the interface has a valid IP address. • The Layer 3 status of an interface goes DOWN when its Layer 2 status goes down or the IP address is removed from the routing table.
The UP and DOWN thresholds are user-configurable for each tracked route. The default UP threshold is 254; the default DOWN threshold is 255. The notification of a change in the state of a tracked object is sent when a metric value crosses a configured threshold. The tracking process uses a protocol-specific resolution value to convert the actual metric in the routing table to a scaled metric in the range from 0 to 255.
Object Tracking Configuration You can configure three types of object tracking for a client. • Track Layer 2 Interfaces • Track Layer 3 Interfaces • Track an IPv4/IPv6 Route For a complete listing of all commands related to object tracking, refer to the Dell Networking OS Command Line Interface Reference Guide. Tracking a Layer 2 Interface You can create an object that tracks the line-protocol state of a Layer 2 interface and monitors its operational status (UP or DOWN).
OBJECT TRACKING mode description text The text string can be up to 80 characters. 4 (Optional) Display the tracking configuration and the tracked object’s status.
CONFIGURATION mode track object-id interface interface {ip routing | ipv6 routing} Valid object IDs are from 1 to 65535. 2 (Optional) Configure the time delay used before communicating a change in the status of a tracked interface. OBJECT TRACKING mode delay {[up seconds] [down seconds]} Valid delay times are from 0 to 180 seconds. The default is 0. 3 (Optional) Identify the tracked object with a text description. OBJECT TRACKING mode description text The text string can be up to 80 characters.
Track an IPv4/IPv6 Route You can create an object that tracks the reachability or metric of an IPv4 or IPv6 route. You specify the route to be tracked by its address and prefix-length values. Optionally, for an IPv4 route, you can enter a VRF instance name if the route is part of a VPN routing and forwarding (VRF) table. The next-hop address is not part of the definition of a tracked IPv4/IPv6 route.
• The resolution value used to map RIP routes is not configurable. The RIP hop-count is automatically multiplied by 16 to scale it. For example, a RIP metric of 16 (unreachable) scales to 256, which considers a route to be DOWN. Tracking Route Reachability Use the following commands to configure object tracking on the reachability of an IPv4 or IPv6 route. To remove object tracking, use the no track object-id command. 1 Configure object tracking on the reachability of an IPv4 or IPv6 route.
Reachability is Down (route not in route table) 2 changes, last change 00:02:49 Tracked by: Dell#configure Dell(conf)#track 4 ip route 3.1.1.
Valid delay times are from 0 to 180 seconds. The default is 0. 4 (Optional) Identify the tracked object with a text description. OBJECT TRACKING mode description text The text string can be up to 80 characters. 5 (Optional) Configure the metric threshold for the UP and/or DOWN routing status to be tracked for the specified route. OBJECT TRACKING mode threshold metric {[up number] [down number]} The default UP threshold is 254.
Displaying Tracked Objects To display the currently configured objects used to track Layer 2 and Layer 3 interfaces, and IPv4 and IPv6 routes, use the following show commands. To display the configuration and status of currently tracked Layer 2 or Layer 3 interfaces, IPv4 or IPv6 routes, or a VRF instance, use the show track command. You can also display the currently configured perprotocol resolution values used to scale route metrics when tracking metric thresholds.
Example of the show track resolution Command Dell#show track resolution IP Route Resolution ISIS 1 OSPF 1 IPv6 Route Resolution ISIS 1 Example of the show track vrf Command Dell#show track vrf red Track 5 IP route 192.168.0.0/24 reachability, Vrf: red Reachability is Up (CONNECTED) 3 changes, last change 00:02:39 First-hop interface is TenGigabitEthernet 1/4/1 Example of Viewing Object Tracking Configuration Dell#show running-config track track 1 ip route 23.0.0.
32 Open Shortest Path First (OSPFv2 and OSPFv3) Open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) are supported on Dell Networking OS. This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking Operating System (OS). NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are the same between OSPFv2 and OSPFv3.
Autonomous System (AS) Areas OSPF operates in a type of hierarchy. The largest entity within the hierarchy is the autonomous system (AS), which is a collection of networks under a common administration that share a common routing strategy. OSPF is an intra-AS (interior gateway) routing protocol, although it is capable of receiving routes from and sending routes to other ASs. You can divide an AS into a number of areas, which are groups of contiguous networks and attached hosts.
Area Types The backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any AS. All other areas must connect to Area 0. An OSPF backbone is responsible for distributing routing information between areas. It consists of all area border routers, networks not wholly contained in any area, and their attached routers. NOTE: If you configure two non-backbone areas, then you must enable the B bit in OSPF. The backbone is the only area with a default area number.
The following example shows different router designations. Figure 93. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example.
Area Border Router (ABR) Within an AS, an area border router (ABR) connects one or more areas to the backbone. The ABR keeps a copy of the link-state database for every area it connects to, so it may keep multiple copies of the link state database. An ABR takes information it has learned on one of its attached areas and can summarize it before sending it out on other areas it is connected to. An ABR can connect to many areas in an AS, and is considered a member of each area it connects to.
Link-State Advertisements (LSAs) A link-state advertisement (LSA) communicates the router’s local routing topology to all other local routers in the same area. The LSA types supported by Dell Networking are defined as follows: • Type 1: Router LSA — The router lists links to other routers or networks in the same area. Type 1 LSAs are flooded across their own area only. The link-state ID of the Type 1 LSA is the originating router ID.
The LSA throttling timers are configured in milliseconds, with the interval time increasing exponentially until a maximum time has been reached. If the maximum time is reached, the system, the system continues to transmit at the max-interval until twice the max-interval time has passed. At that point, the system reverts to the start-interval timer and the cycle begins again.
Figure 94. Priority and Cost Examples OSPF with Dell Networking OS The Dell Networking OS supports up to 10,000 OSPF routes for OSPFv2. Within the that 10,000 routes, you can designate up to 8,000 routes as external and up to 2,000 as inter/intra area routes. Dell Networking OS version 9.4(0.0) and later support only one OSPFv2 process per VRF. Dell Networking OS version 9.7(0.0) and later support OSPFv3 in VRF. Also, on OSPFv3, Dell Networking OS supports only one OSPFv3 process per VRF.
• External LSA (type 7) • Link LSA, OSPFv3 only (type 8) • Opaque Link-Local (type 9) • Grace LSA, OSPFv3 only (type 11) Graceful Restart When a router goes down without a graceful restart, there is a possibility for loss of access to parts of the network due to ongoing network topology changes. Additionally, LSA flooding and reconvergence can cause substantial delays. It is, therefore, desirable that the network maintains a stable topology if it is possible for data flow to continue uninterrupted.
Configuring helper-reject role on an OSPFv2 router or OSPFv3 interface enables the restarting-only role globally on the router or locally on the interface. In a helper-reject role, OSPF does not participate in the graceful restart of an adjacent OSPFv2/v3 router. If multiple OSPF interfaces provide communication between two routers, after you configure helperreject on one interface, all other interfaces between the two routers behave as if they are in the helpreject role.
Processing SNMP and Sending SNMP Traps Only the process in default vrf can process the SNMP requests and send SNMP traps. NOTE: SNMP gets request corresponding to the OspfNbrOption field in the OspfNbrTable returns a value of 66. RFC-2328 Compliant OSPF Flooding In OSPF, flooding is the most resource-consuming task. The flooding algorithm described in RFC 2328 requires that OSPF flood LSAs on all interfaces, as governed by LSA’s flooding scope (refer to Section 13 of the RFC.
LSType:Type-5 AS External(5) Age:1 Seq:0x8000000c id:170.1.2.0 Adv:6.1.0.0 Netmask:255.255.255.0 fwd:0.0.0.0 E2, tos:0 metric:0 To confirm that you enabled RFC-2328–compliant OSPF flooding, use the show ip ospf command. Dell#show ip ospf Routing Process ospf 1 with ID 2.2.2.
Backup Designated Router (ID) 1.1.1.1, Interface address 30.0.0.2 Timer intervals configured, Hello 20, Dead 80, Wait 20, Retransmit 5 Hello due in 00:00:04 Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 1.1.1.1 (Backup Designated Router) Dell (conf-if-te-2/2/1)# Configuration Information The interfaces must be in Layer 3 mode (assigned an IP address) and enabled so that they can send and receive traffic. The OSPF process must know about these interfaces.
3 Add interfaces or configure other attributes. 4 Set the time interval between when the switch receives a topology change and starts a shortest path first (SPF) calculation.
The OSPF process ID is the identifying number assigned to the OSPF process. The router ID is the IP address associated with the OSPF process. After the OSPF process and the VRF are tied together, the OSPF process ID cannot be used again in the system.
address 10.0.0.0 /8, you cannot assign the network address 10.1.0.0 /16 because it is already included in the first network address. When configuring the network command, configure a network address and mask that is a superset of the IP subnet configured on the Layer-3 interface for OSPFv2 to use. You can assign the area in the following step by a number or with an IP interface address. • Enable OSPFv2 on an interface and assign a network address range to a specific OSPF area.
To view currently active interfaces and the areas assigned to them, use the show ip ospf interface command. Example of Viewing Active Interfaces and Assigned Areas Dell>show ip ospf 1 interface TenGigabitEthernet 1/17/1 is up, line protocol is up Internet Address 10.2.2.1/24, Area 0.0.0.0 Process ID 1, Router ID 11.1.2.1, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 11.1.2.1, Interface address 10.2.2.1 Backup Designated Router (ID) 0.0.0.
To configure a stub area, use the following commands. 1 Review all areas after they were configured to determine which areas are NOT receiving type 5 LSAs. EXEC Privilege mode show ip ospf process-id [vrf] database database-summary 2 Enter CONFIGURATION mode. EXEC Privilege mode configure 3 Enter ROUTER OSPF mode. CONFIGURATION mode router ospf process-id [vrf] Process ID is the ID assigned when configuring OSPFv2 globally. 4 Configure the area as a stub area.
passive-interface {default | interface} The default is enabled passive interfaces on ALL interfaces in the OSPF process. Entering the physical interface type, slot, and number enables passive interface on only the identified interface. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/ subport information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information.
Setting the convergence parameter (from 1 to 4) indicates the actual convergence level. Each convergence setting adjusts the LSA parameters to zero, but the fast-convergence parameter setting allows for even finer tuning of the convergence speed. The higher the number, the faster the convergence. To enable or disable fast-convergence, use the following command. • Enable OSPF fast-convergence and specify the convergence level.
To change OSPFv2 parameters on the interfaces, use any or all of the following commands. • Change the cost associated with OSPF traffic on the interface. CONFIG-INTERFACE mode ip ospf cost • • cost: The range is from 1 to 65535 (the default depends on the interface speed). Change the time interval the router waits before declaring a neighbor dead. CONFIG-INTERFACE mode ip ospf dead-interval seconds • seconds: the range is from 1 to 65535 (the default is 40 seconds).
• Change the wait period between link state update packets sent out the interface. CONFIG-INTERFACE mode ip ospf transmit-delay seconds • seconds: the range is from 1 to 65535 (the default is 1 second). The transmit delay must be the same on all routers in the OSPF network. Example of Changing and Verifying the cost Parameter and Viewing Interface Status To view interface configurations, use the show config command in CONFIGURATION INTERFACE mode.
When you configure the auth-change-wait-time, OSPF sends out only the old authentication scheme until the wait timer expires. After the wait timer expires, OSPF sends only the new authentication scheme. However, the new authentication scheme does not take effect immediately after the authentication change wait timer expires; OSPF accepts both the old as well as new authentication schemes for a time period that is equal to two times the configured authentication change wait timer.
CONFIG-ROUTEROSPF- id mode graceful-restart role [helper-only | restart-only] Dell Networking OS supports the following options: • Helper-only: the OSPFv2 router supports graceful-restart only as a helper router. • Restart-only: the OSPFv2 router supports graceful-restart only during unplanned restarts. By default, OSPFv2 supports both restarting and helper roles. Selecting one or the other role restricts OSPFv2 to the single selected role.
The optional parameters are: • ge min-prefix-length: is the minimum prefix length to match (from 0 to 32). • le max-prefix-length: is the maximum prefix length to match (from 0 to 32). For configuration information about prefix lists, refer to Access Control Lists (ACLs). Applying Prefix Lists To apply prefix lists to incoming or outgoing OSPF routes, use the following commands. • Apply a configured prefix list to incoming OSPF routes.
Troubleshooting OSPFv2 Use the information in this section to troubleshoot OSPFv2 operation on the switch. Be sure to check the following, as these questions represent typical issues that interrupt an OSPFv2 process. NOTE: The following tasks are not a comprehensive; they provide some examples of typical troubleshooting checks.
To view debug messages for a specific OSPF process ID, use the debug ip ospf process-id command. If you do not enter a process ID, the command applies to the first OSPF process. To view debug messages for a specific operation, enter one of the optional keywords: • event: view OSPF event messages. • packet: view OSPF packet information. • spf: view SPF information. • database-timers rate-limit: view the LSAs currently in the queue.
Basic OSPFv2 Router Topology The following illustration is a sample basic OSPFv2 topology. Figure 95. Basic Topology and CLI Commands for OSPFv2 OSPF Area 0 — Te 1/1/1 and 1/2/1 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 ! interface TenGigabitEthernet 1/1/1 ip address 10.1.11.1/24 no shutdown ! interface TenGigabitEthernet 1/2/1 ip address 10.2.12.2/24 no shutdown ! interface Loopback 10 ip address 192.168.100.
ip address 10.1.13.3/24 no shutdown ! interface TenGigabitEthernet 3/2/1 ip address 10.2.13.3/24 no shutdown OSPF Area 0 — Te 2/1/1 and 2/2/1 router ospf 22222 network 192.168.100.0/24 area 0 network 10.2.21.0/24 area 0 network 10.2.22.0/24 area 0 ! interface Loopback 20 ip address 192.168.100.20/24 no shutdown ! interface TenGigabitEthernet 2/1/1 ip address 10.2.21.2/24 no shutdown ! interface TenGigabitEthernet 2/2/1 ip address 10.2.22.
NOTE: IPv6 and OSPFv3 do not support Multi-Process OSPF. You can only enable a single OSPFv3 process. Set the time interval between when the switch receives a topology change and starts a shortest path first (SPF) calculation.
Assigning IPv6 Addresses on an Interface To assign IPv6 addresses to an interface, use the following commands. 1 Assign an IPv6 address to the interface. CONF-INT-type slot/port mode ipv6 address ipv6 address IPv6 addresses are normally written as eight groups of four hexadecimal digits; separate each group by a colon (:). The format is A:B:C::F/128. 2 Bring up the interface.
• The range is from 0 to 65535. Assign the router ID for this OSPFv3 process. CONF-IPV6-ROUTER-OSPF mode router-id {number} • number: the IPv4 address. The format is A.B.C.D. NOTE: Enter the router-id for an OSPFv3 router as an IPv4 IP address. • Disable OSPF. CONFIGURATION mode • no ipv6 router ospf process-id Reset the OSPFv3 process.
Configuring Stub Areas To configure IPv6 stub areas, use the following command. • Configure the area as a stub area. CONF-IPV6-ROUTER-OSPF mode area area-id stub [no-summary] • no-summary: use these keywords to prevent transmission in to the area of summary ASBR LSAs. • Area ID: a number or IP address assigned when creating the area. You can represent the area ID as a number from 0 to 65536 if you assign a dotted decimal format rather than an IP address.
redistribute {bgp | connected | static} [metric metric-value | metric-type typevalue] [route-map map-name] [tag tag-value] Configure the following required and optional parameters: • bgp | connected | static: enter one of the keywords to redistribute those routes. • metric metric-value: The range is from 0 to 4294967295. • metric-type metric-type: enter 1 for OSPFv3 external route type 1 OR 2 for OSPFv3 external route type 2. • route-map map-name: enter a name of a configured route map.
NOTE: Enter the ipv6 ospf graceful-restart helper-reject command in Interface configuration mode. • Enable OSPFv3 graceful restart globally by setting the grace period (in seconds). CONF-IPV6-ROUTER-OSPF mode graceful-restart grace-period seconds • The valid values are from 40 to 1800 seconds. Configure an OSPFv3 interface to not act on the Grace LSAs that it receives from a restarting OSPFv3 neighbor.
Examples of the Graceful Restart show Commands The following example shows the show run ospf command. Dell#show run ospf ! router ospf 1 router-id 200.1.1.1 log-adjacency-changes graceful-restart grace-period 180 network 20.1.1.0/24 area 0 network 30.1.1.0/24 area 0 ! ipv6 router ospf 1 log-adjacency-changes graceful-restart grace-period 180 The following example shows the show ipv6 ospf database database-summary command. Dell#show ipv6 ospf database database-summary ! OSPFv3 Router with ID (200.1.1.
Restart Interval Restart Reason : 180 : Switch to Redundant Processor OSPFv3 Authentication Using IPsec OSPFv3 uses IPsec to provide authentication for OSPFv3 packets. IPsec authentication ensures security in the transmission of OSPFv3 packets between IPsec-enabled routers. IPsec is a set of protocols developed by the internet engineering task force (IETF) to support secure exchange of packets at the IP layer. IPsec supports two encryption modes: transport and tunnel.
OSPFv3 Authentication Using IPsec: Configuration Notes OSPFv3 authentication using IPsec is implemented according to the specifications in RFC 4552. • To use IPsec, configure an authentication (using AH) or encryption (using ESP) security policy on an interface or in an OSPFv3 area. Each security policy consists of a security policy index (SPI) and the key used to validate OSPFv3 packets. After IPsec is configured for OSPFv3, IPsec operation is invisible to the user.
Configuring IPsec Authentication on an Interface To configure, remove, or display IPsec authentication on an interface, use the following commands. Prerequisite: Before you enable IPsec authentication on an OSPFv3 interface, first enable IPv6 unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area (refer to Configuration Task List for OSPFv3 (OSPF for IPv6)).
• Enable IPsec encryption for OSPFv3 packets on an IPv6-based interface. INTERFACE mode ipv6 ospf encryption {null | ipsec spi number esp encryption-algorithm [keyencryption-type] key authentication-algorithm [key-authentication-type] key} • null: causes an encryption policy configured for the area to not be inherited on the interface. • ipsec spi number: is the security policy index (SPI) value. The range is from 256 to 4294967295.
• Enable IPSec authentication for OSPFv3 packets in an area. CONF-IPV6-ROUTER-OSPF mode area-id authentication ipsec spi number {MD5 | SHA1} [key-encryption-type] key • area area-id: specifies the area for which OSPFv3 traffic is to be authenticated. For area-id, enter a number or an IPv6 prefix. • spi number: is the SPI value. The range is from 256 to 4294967295. • MD5 | SHA1: specifies the authentication type: message digest 5 (MD5) or Secure Hash Algorithm 1 (SHA-1).
• • • • • key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. The required lengths of a non-encrypted or encrypted key are: 3DES - 48 or 96 hex digits; DES - 16 or 32 hex digits; AES-CBC - 32 or 64 hex digits for AES-128 and 48 or 96 hex digits for AES-192. key-encryption-type: (optional) specifies if the key is encrypted. Valid values: 0 (key is not encrypted) or 7 (key is encrypted).
Crypto IPSec client security policy data Policy name Policy refcount Inbound ESP SPI Outbound ESP SPI Inbound ESP Auth Key Outbound ESP Auth Key Inbound ESP Cipher Key Outbound ESP Cipher Key Transform set : : : : : : : : : OSPFv3-1-502 1 502 (0x1F6) 502 (0x1F6) 123456789a123456789b123456789c12 123456789a123456789b123456789c12 123456789a123456789b123456789c123456789d12345678 123456789a123456789b123456789c123456789d12345678 esp-3des esp-md5-hmac Crypto IPSec client security policy data Policy name : OSPFv
outbound esp sas Interface: TenGigabitEthernet 1/2/1 Link Local address: fe80::201:e8ff:fe40:4d11 IPSecv6 policy name: OSPFv3-1-600 inbound ah sas outbound ah sas inbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE Troubleshooting OSPFv3 The system provides several tools
EXEC Privilege mode • show ipv6 route [vrf vrf-name] summary View the summary information for the OSPFv3 database. EXEC Privilege mode • show ipv6 ospf [vrf vrf-name] database View the configuration of OSPFv3 neighbors. EXEC Privilege mode • show ipv6 ospf [vrf vrf-name] neighbor View debug messages for all OSPFv3 interfaces.
33 Policy-based Routing (PBR) Policy-based routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. Overview When a router receives a packet, the router decides where to forward the packet based on the destination address in the packet, which is used to look up an entry in a routing table. However, in some cases, there may be a need to forward the packet based on other criteria: size, source, protocol type, destination, and so on.
To enable PBR, create a redirect list. Redirect lists are defined by rules or routing policies. You can define following parameters in routing policies or rules: • • • • • • • IP address of the forwarding router (next-hop IP address) Protocol as defined in the header Source IP address and mask Destination IP address and mask Source port Destination port TCP Flags After you apply a redirect-list to an interface, all traffic passing through it is subjected to the rules defined in the redirect-list.
Defined as: seq 5 permit ip 200.200.200.200 200.200.200.200 199.199.199.199 199.199.199.199 seq 10 redirect 1.1.1.2 tcp 234.224.234.234 255.234.234.234 222.222.222.222/24 seq 40 ack, Next-hop reachable(via Te 1/4/1) Applied interfaces: Te 1/2/1 Hot-Lock PBR Ingress and egress Hot lock PBR allows you to add or delete new rules into an existing policy (already written into content address memory [CAM]) without disruption to traffic flow.
Create a Redirect List To create a redirect list, use the following commands. Create a redirect list by entering the list name. CONFIGURATION mode ip redirect-list redirect-list-name redirect-list-name: 16 characters. To delete the redirect list, use the no ip redirect-list command. The following example creates a redirect list by the name of xyz.
To delete a rule, use the no redirect command. The redirect rule supports Non-contiguous bitmasks for PBR in the Destination router IP address The following example shows how to create a rule for a redirect list by configuring: • IP address of the next-hop router in the forwarding route • IP protocol number • Source address with mask information • Destination address with mask information Example: Creating a Rule Dell(conf-redirect-list)#redirect ? A.B.C.
seq 10 redirect 10.1.1.2 ip 20.1.1.0/24 any seq 15 redirect 10.1.1.3 ip 20.1.1.0/25 any seq 20 redirect 10.1.1.3 ip 20.1.1.0/24 any Dell(conf-redirect-list)# NOTE: Starting with the Dell Networking OS version 9.4(0.0), the use of multiple recursive routes with the same source-address and destination-address combination in a redirect policy on an router.
! interface TenGigabitEthernet 1/1/1 no ip address ip redirect-group test ip redirect-group xyz shutdown Dell(conf-if-te-1/1/1)# In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect List Configuration To view the configuration redirect list configuration, use the following commands.
, Track 200 [up], Next-hop reachable (via Te 1/19/1) Use the show ip redirect-list (without the list name) to display all the redirect-lists configured on the device. Dell#show ip redirect-list IP redirect-list rcl0: Defined as: seq 5 permit ip 200.200.200.200 200.200.200.200 199.199.199.199 199.199.199.199 seq 10 redirect 1.1.1.2 tcp 234.224.234.234 255.234.234.234 222.222.222.
Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23/1)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/24 any EDGE_ROUTER(conf-redirect-list)# seq 15 permit ip any any EDGE_ROUTER(conf-redirect-list)#show config ! ip redirect-list GOLD description Route GOLD traffic to ISP_GOLD. seq 5 redirect 10.99.99.
EDGE_ROUTER(conf-if-Te-2/11/1)#end EDGE_ROUTER(conf-redirect-list)#end EDGE_ROUTER# View Redirect-List GOLD EDGE_ROUTER#show ip redirect-list IP redirect-list GOLD: Defined as: seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any, Next-hop reachable (via Te 3/23/1), ARP resolved seq 10 redirect 10.99.99.254 ip 192.168.2.
Dell(conf)#int TenGigabitEthernet 2/28 Dell(conf-if-te-2/28)#ip redirect-group redirect_list_with_track Dell(conf-if-te-2/28)#end Verify the Applied Redirect Rules: Dell#show ip redirect-list redirect_list_with_track IP redirect-list redirect_list_with_track Defined as: seq 5 redirect 42.1.1.2 track 3 tcp 155.55.2.0/24 222.22.2.0/24, Track 3 [up], Next-hop reachable (via Vl 20) seq 10 redirect 42.1.1.2 track 3 tcp any any, Track 3 [up], Next-hop reachable (via Vl 20) seq 15 redirect 42.1.1.
ResId 1 2 Dell# Resource Interface ip routing Interface ipv6 routing Parameter Tunnel 1 Tunnel 2 State Up Up LastChange 00:00:00 00:00:00 Create a Redirect-list with Track Objects pertaining to Tunnel Interfaces: Dell#configure terminal Dell(conf)#ip redirect-list explicit_tunnel Dell(conf-redirect-list)#redirect tunnel 1 track Dell(conf-redirect-list)#redirect tunnel 1 track Dell(conf-redirect-list)#redirect tunnel 1 track 144.144.144.
34 PIM Sparse-Mode (PIM-SM) Protocol-independent multicast sparse-mode (PIM-SM) is a multicast protocol that forwards multicast traffic to a subnet only after a request using a PIM Join message; this behavior is the opposite of PIM-Dense mode, which forwards multicast traffic to all subnets until a request to stop. Implementation Information The following information is necessary for implementing PIM-SM.
2 The last-hop DR sends a PIM Join message to the RP. All routers along the way, including the RP, create an (*,G) entry in their multicast routing table, and the interface on which the message was received becomes the outgoing interface associated with the (*,G) entry. This process constructs an RPT branch to the RP. 3 If a host on the same subnet as another multicast receiver sends an IGMP report for the same multicast group, the gateway takes no action.
immediately upon arrival. The arrival of the (S,G) packet confirms for PIM that the SPT is created, and that it can prune itself from the shared tree. Important Point to Remember If you use a Loopback interface with a /32 mask as the RP, you must enable PIM Sparse-mode on the interface. Configuring PIM-SM Configuring PIM-SM is a three-step process. 1 Enable multicast routing (refer to the following step). 2 Select a rendezvous point. 3 Enable PIM-SM on an interface. Enable multicast routing.
Examples of Viewing PIM-SM Information To display which interfaces are enabled with PIM-SM, use the show ip pim interface command from EXEC Privilege mode. Dell#show ip pim interface Address Interface Ver/ Mode 165.87.34.5 Te 1/10/1 v2/S 10.1.1.2 Vl 10 v2/S 20.1.1.5 Vl 20 v2/S 165.87.31.200 Vl 30 v2/S Nbr Count 0 1 1 1 Query Intvl 30 30 30 30 DR Prio 1 1 1 1 DR 165.87.34.5 10.1.1.2 20.1.1.5 165.87.31.
When you create, delete, or update an expiry time, the changes are applied when the keep alive timer refreshes. To configure a global expiry time or to configure the expiry time for a particular (S,G) entry, use the following commands. 1 Enable global expiry timer for S, G entries. CONFIGURATION mode ip pim sparse-mode sg-expiry-timer seconds The range is from 211 to 86,400 seconds. The default is 210. 2 Set the expiry time for a specific (S,G) entry (as shown in the following example).
Example of Viewing an RP on a Loopback Interface Dell#sh run int loop0 ! interface Loopback 0 ip address 1.1.1.1/32 ip pim sparse-mode no shutdown Dell#sh run pim ! ip pim rp-address 1.1.1.1 group-address 224.0.0.0/4 Overriding Bootstrap Router Updates PIM-SM routers must know the address of the RP for each group for which they have (*,G) entry. This address is obtained automatically through the bootstrap router (BSR) mechanism or a static RP configuration.
• ip pim dr-priority priority-value Change the interval at which a router sends hello messages. INTERFACE mode • ip pim query-interval seconds Display the current value of these parameter. EXEC Privilege mode show ip pim interface Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM multicast border routers (PMBRs). PMBRs connect each PIM domain to the rest of the Internet.
35 PIM Source-Specific Mode (PIMSSM) PIM source-specific mode (PIM-SSM) is a multicast protocol that forwards multicast traffic from a single source to a subnet. In the other versions of protocol independent multicast (PIM), a receiver subscribes to a group only. The receiver receives traffic not just from the source in which it is interested but from all sources sending to that group.
Important Points to Remember • The default SSM range is 232/8 always. Applying an SSM range does not overwrite the default range. Both the default range and SSM range are effective even when the default range is not added to the SSM ACL. • Extended ACLs cannot be used for configuring SSM range. Be sure to create the ACL first and then apply it to the SSM range. • The default range is always supported, so range can never be smaller than the default.
R1(conf)#do show ip pim ssm-range Group Address / MaskLen 239.0.0.2 / 32 Use PIM-SSM with IGMP Version 2 Hosts PIM-SSM requires receivers that support IGMP version 3. You can employ PIM-SSM even when receivers support only IGMP version 1 or version 2 by translating (*,G) entries to (S,G) entries. Translate (*,G) entries to (S,G) entries using the ip igmp ssm-map acl command source from CONFIGURATION mode. In a standard access list, specify the groups or the group ranges that you want to map to a source.
Member Ports: Te 1/1 239.0.0.1 Vlan 400 INCLUDE 00:00:10 Never 10.11.4.2 R1(conf)#do show ip igmp ssm-map IGMP Connected Group Membership Group Address Interface Mode Uptime Expires 239.0.0.2 Vlan 300 IGMPv2-Compat 00:00:36 Never Member Ports: Te 1/1 R1(conf)#do show ip igmp ssm-map 239.0.0.2 SSM Map Information Group : 239.0.0.2 Source(s) : 10.11.5.2 R1(conf)#do show ip igmp groups detail Interface Group Uptime Expires Router mode Last reporter Last reporter mode Last report Group source Source address 10.
36 Port Monitoring Port monitoring (also referred to as mirroring ) allows you to monitor ingress and/or egress traffic on specified ports. The mirrored traffic can be sent to a port to which a network analyzer is connected to inspect or troubleshoot the traffic. Mirroring is used for monitoring Ingress or Egress or both Ingress and Egress traffic on a specific port(s). This mirrored traffic can be sent to a port where a network sniffer can connect and monitor the traffic.
• Destination port (MG) can be a physical interface or port-channel interface. • A Port monitoring session can have multiple source statements. • Range command is supported in the source statement, where we can specify a range of interfaces of (Physical, Port Channel or VLAN) types. • One Destination Port (MG) can be used in multiple sessions. • There can be a maximum of 128 source ports in a Port Monitoring session. • Flow based monitoring is supported for all type of source interfaces.
! monitor session 200 source TenGigabitEthernet 1/1/2 destination TenGigabitEthernet 1/4/2 direction tx ! monitor session 300 source TenGigabitEthernet 1/1/3 destination TenGigabitEthernet 1/4/3 direction rx ! monitor session 400 source TenGigabitEthernet 1/1/4 destination TenGigabitEthernet 1/4/4 direction rx ! Dell Networking OS Behavior: All monitored frames are tagged if the configured monitoring direction is egress (TX), regardless of whether the monitored port (MD) is a Layer 2 or Layer 3 port.
! monitor session 0 source TenGigabitEthernet 1/1/1 destination TenGigabitEthernet 1/2/1 direction rx Dell(conf-mon-sess-0)# Dell(conf-mon-sess-0)#do show monitor session SessID Source Destination Dir Mode Source IP Dest IP ------ ------------------- ---- ---------------0 Te 1/1/1 Te 1/2/1 rx Port N/A N/A Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#source po 10 dest ten 1/2/1 dir rx Dell(conf-mon-sess-0)#do show monitor session SessID Source Destination Dir Mode Source IP ------ ------------------ --
In the following example, the host and server are exchanging traffic which passes through the uplink interface 1/1/1. Port 1/1/1 is the monitored port and port 1/32/1 is the destination port, which is configured to only monitor traffic received on tengigabitethernet 1/1/1 (host-originated traffic). Figure 96. Port Monitoring Example Configuring Monitor Multicast Queue To configure monitor QoS multicast queue ID, use the following commands. 1 Configure monitor QoS multicast queue ID.
show run monitor session Dell#show run monitor session ! monitor multicast-queue 7 Dell# Enabling Flow-Based Monitoring Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface. This feature is particularly useful when looking for malicious traffic. It is available for Layer 2 and Layer 3 ingress and egress traffic. You can specify traffic using standard or extended access-lists. 1 Enable flow-based monitoring for a monitoring session.
seq 10 permit ip 102.1.1.
The reserved VLANs transport the mirrored traffic in sessions (blue pipes) to the destination analyzers in the local network. Two destination sessions are shown: one for the reserved VLAN that transports orange-circle traffic; one for the reserved VLAN that transports green-circle traffic. Figure 97.
• Mirrored traffic is transported across the network using 802.1Q-in-802.1Q tunneling. The source address, destination address and original VLAN ID of the mirrored packet are preserved with the tagged VLAN header. Untagged source packets are tagged with the reserve VLAN ID. • You cannot configure a private VLAN or a GVRP VLAN as the reserved RPM VLAN. • The RPM VLAN can’t be a Private VLAN. • The RPM VLAN can be used as GVRP VLAN. • The L3 interface configuration should be blocked for RPM VLAN.
• By default, ingress traffic on a destination port is dropped. Restrictions When you configure remote port mirroring, the following restrictions apply: • You can configure the same source port to be used in multiple source sessions. • You cannot configure a source port channel or source VLAN in a source session if the port channel or VLAN has a member port that is configured as a destination port in a remote-port mirroring session.
R R 100 300 Active Active T Fo 1/20/1 T Fo 1/24/1 Configuring the Sample Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a destination session (destination ports connected to analyzers on destination switches). Table 64.
Dell(conf)#mac access-list standard mac_acl Dell(config-std-macl)#permit 00:00:00:00:11:22 count monitor Dell(config-std-macl)#exit Dell(conf)#interface vlan 100 Dell(conf-if-vl-100)#mac access-group mac_acl1 in Dell(conf-if-vl-100)#exit Dell(conf)#inte te 1/30/1 Dell(conf-if-te-1/30)#no shutdown Dell(conf-if-te-1/30)#switchport Dell(conf-if-te-1/30)#exit Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 1/30/1 Dell(conf-if-vl-30)#exit Dell(conf)#inter
Dell(conf-if-vl-20)#mode remote-port-mirroring Dell(conf-if-vl-20)#tagged te 1/2/1 Dell(conf-if-vl-20)#exit Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 1/3/1 Dell(conf-if-vl-30)#exit Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source remote-vlan 10 dest te 1/4/1 Dell(conf-mon-sess-1)#exit Dell(conf)#monitor session 2 type rpm Dell(conf-mon-sess-2)#source remote-vlan 20 destination te 1/5/1 Dell(conf-mon-sess-2)#tagged destination
5 Show the output for the LACP. Dell#show interfaces port-channel brief Codes: L - LACP Port-channel O - OpenFlow Controller Port-channel LAG L1 L2 Dell# Mode L3 L2 Status up up Uptime 00:01:17 00:00:58 Ports Te 1/4/1 Te 1/5/1 (Up) (Up) Encapsulated Remote Port Monitoring Encapsulated Remote Port Monitoring (ERPM) copies traffic from source ports/port-channels or source VLANs and forwards the traffic using routable GRE-encapsulated packets to the destination IP address specified in the session.
Table 65. Configuration steps for ERPM Step Command Purpose 1 configure terminal Enter global configuration mode. 2 monitor session type erpm Specify a session ID and ERPM as the type of monitoring session, and enter Monitoring-Session configuration mode. The session number needs to be unique and not already defined. 3 source { interface | range } direction {rx | tx | both} Specify the source port or range of ports.
Dell#show running-config interface vlan 11 ! interface Vlan 11 no ip address tagged TenGigabitEthernet 1/1/1-1/1/3 mac access-group flow in <<<<<<<<<<<<<< Only ingress packets are supported for mirroring shutdown ERPM Behavior on a typical Dell Networking OS The Dell Networking OS is designed to support only the Encapsulation of the data received / transmitted at the specified source port (Port A). An ERPM destination session / decapsulation of the ERPM packets at the destination Switch are not supported.
If the sniffer does not support IP interface, a destination switch will be needed to receive the encapsulated ERPM packet and locally mirror the whole packet to the Sniffer or a Linux Server. Decapsulation of ERPM packets at the Destination IP/ Analyzer • In order to achieve the decapsulation of the original payload from the ERPM header. The below two methods are suggested : a b Using Network Analyzer • Install any well-known Network Packet Analyzer tool which is open source and free to download.
: Specify another interface on the Linux server via which the decapsulation packets can Egress. In case there is only one interface, the ingress interface itself can be specified as Egress and the analyzer can listen in the tx direction.
37 Per-VLAN Spanning Tree Plus (PVST +) Per-VLAN spanning tree plus (PVST+) is a variation of spanning tree — developed by a third party — that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN). Protocol Overview PVST+ is a variation of spanning tree — developed by a third party — that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN).
Figure 99. Per-VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 66. Spanning Tree Variations Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tree Protocol (MSTP) 802 .
• The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs (as shown in the following table). Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multivendor network, verify that the costs are values you intended. Configure Per-VLAN Spanning Tree Plus Configuring PVST+ is a four-step process. 1 Configure interfaces for Layer 2. 2 Place the interfaces in VLANs. 3 Enable PVST+.
Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands. • Disable PVST+ globally. PROTOCOL PVST mode • disable Disable PVST+ on an interface, or remove a PVST+ parameter configuration. INTERFACE mode no spanning-tree pvst Example of Viewing PVST+ Configuration To display your PVST+ configuration, use the show config command from PROTOCOL PVST mode.
Influencing PVST+ Root Selection As shown in the previous per-VLAN spanning tree illustration, all VLANs use the same forwarding topology because R2 is elected the root, and all TenGigabitEthernet ports have the same cost. The following per-VLAN spanning tree illustration changes the bridge priority of each bridge so that a different forwarding topology is generated for each VLAN. This behavior demonstrates how you can use PVST + to achieve load balancing. Figure 100.
vlan bridge-priority The range is from 0 to 61440. The default is 32768. Example of the show spanning-tree pvst vlan Command To display the PVST+ forwarding topology, use the show spanning-tree pvst [vlan vlan-id] command from EXEC Privilege mode. Dell_E600(conf)#do show spanning-tree pvst vlan 100 VLAN 100 Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.
• Change the hello-time parameter. PROTOCOL PVST mode vlan hello-time NOTE: With large configurations (especially those configurations with more ports), Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. Change the max-age parameter. • PROTOCOL PVST mode vlan max-age The range is from 6 to 40. The default is 20 seconds. The values for global PVST+ parameters are given in the output of the show spanning-tree pvst command.
Port Cost Default Value Port Channel with 1-Gigabit Ethernet interfaces 18000 Port Channel with 10-Gigabit Ethernet interfaces 1800 Port Channel with 25-Gigabit Ethernet interfaces 1200 Port Channel with 50-Gigabit Ethernet interfaces 200 Port Channel with 100-Gigabit Ethernet interfaces 180 NOTE: The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs. Other implementations use IEEE 802.1w costs as the default costs.
• Enable EdgePort on an interface. INTERFACE mode spanning-tree pvst edge-port [bpduguard | shutdown-on-violation] The EdgePort status of each interface is given in the output of the show spanning-tree pvst command, as previously shown. Dell Networking OS Behavior: Regarding the bpduguard shutdown-on-violation command behavior: • If the interface to be shut down is a port channel, all the member ports are disabled in the hardware.
To keep both ports in a Forwarding state, use extend system ID. Extend system ID augments the bridge ID with a VLAN ID to differentiate BPDUs on each VLAN so that PVST+ does not detect a loop and both ports can remain in a Forwarding state. Figure 101. PVST+ with Extend System ID • Augment the bridge ID with the VLAN ID.
interface TenGigabitEthernet 1/32/1 no ip address switchport no shutdown ! protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 interface Vlan 100 no ip address tagged TenGigabitEthernet 1/22,32/1 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 1/22,32/1 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/22,32/1 no shutdown ! protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 Example of PVST+ Configuration (R2) interface TenG
interface TenGigabitEthernet 3/22/1 no ip address switchport no shutdown ! interface Vlan 100 no ip address tagged TenGigabitEthernet 3/12,22/1 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 3/12,22/1 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 3/12,22/1 no shutdown ! protocol spanning-tree pvst no disable vlan 300 bridge-priority 4096 Per-VLAN Spanning Tree Plus (PVST+) 765
38 Quality of Service (QoS) This chapter describes how to use and configure Quality of Service service (QoS) features on the switch. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 68.
Feature Direction Configure a Scheduler to Queue Egress Specify WRED Drop Precedence Egress Create Policy Maps Ingress + Egress Create Input Policy Maps Ingress Honor DSCP Values on Ingress Packets Ingress Honoring dot1p Values on Ingress Packets Ingress Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress Create Output Policy Maps Egress Enabling QoS Rate Adjustment Enabling Strict-Priority Queueing Weighted Random Early Detection Egress Quality of Service (QoS) 76
Feature Direction Create WRED Profiles Egress Figure 102.
• Configuring Weights and ECN for WRED • Configuring WRED and ECN Attributes • Guidelines for Configuring ECN for Classifying and Color-Marking Packets • Applying Layer 2 Match Criteria on a Layer 3 Interface • Enabling Buffer Statistics Tracking Implementation Information The Dell Networking QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication.
dot1p Queue Number 4 4 5 5 6 6 7 7 • Change the priority of incoming traffic on the interface. dot1p-priority Example of Configuring a dot1p Priority on an Interface Dell#configure terminal Dell(conf)#interface tengigabitethernet 1/1/1 Dell(conf-if-te-1/1/1)#switchport Dell(conf-if-te-1/1/1)#dot1p-priority 1 Dell(conf-if-te-1/1/1)#end Honoring dot1p Priorities on Ingress Traffic By default, Dell Networking OS does not honor dot1p priorities on ingress traffic.
Dell Networking OS Behavior: Hybrid ports can receive untagged, tagged, and priority tagged frames. The rate metering calculation might be inaccurate for untagged ports because an internal assumption is made that all frames are treated as tagged. Internally, the ASIC adds a 4-bytes tag to received untagged frames. Though these 4-bytes are not part of the untagged frame received on the wire, they are included in the rate metering calculation resulting in metering inaccuracy.
Dell(conf-if-te-1/1/1)#rate shape 500 50 Dell(conf-if-te-1/1/1)#end Policy-Based QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 103. Constructing Policy-Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic.
Creating a Layer 3 Class Map A Layer 3 class map differentiates ingress packets based on the DSCP value or IP precedence, and characteristics defined in an IP ACL. You can also use VLAN IDs and VRF IDs to classify the traffic using layer 3 class-maps. You may specify more than one DSCP and IP precedence value, but only one value must match to trigger a positive match for the class map. NOTE: IPv6 and IP-any class maps cannot match on ACLs or VLANs. Use step 1 or step 2 to start creating a Layer 3 class map.
The following example matches IPv6 traffic with a DSCP value of 40. Dell(conf)# class-map match-all test Dell(conf-class-map)# match ipv6 dscp 40 The following example matches IPv4 and IPv6 traffic with a precedence value of 3. Dell(conf)# class-map match-any test1 Dell(conf-class-map)#match ip-any precedence 3 Creating a Layer 2 Class Map All class maps are Layer 3 by default; however, you can create a Layer 2 class map by specifying the layer2 option with the class-map command.
and are buffered in queue 7, though you intended for these packets to match positive against cmap2 and be buffered in queue 4. In cases such as these, where class-maps with overlapping ACL rules are applied to different queues, use the keyword order. Dell Networking OS writes to the CAM ACL rules with lower order numbers (order numbers closer to 0) before rules with higher order numbers so that packets are matched as you intended.
seq 5 permit ip host 23.64.0.5 any seq 10 deny ip any any In the previous example, the ClassAF1 does not classify traffic as intended. Traffic matching the first match criteria is classified to Queue 1, but all other traffic is classified to Queue 0 as a result of CAM entry 20419. When you remove the explicit “deny any” rule from all three ACLs, the CAM reflects exactly the desired classification. The following example shows correct traffic classifications.
• PIR < x – will be marked as “Red” But ‘Green’ packets matching the specific match criteria for which ‘color-marking’ is configured will be overwritten and marked as “Yellow”. Create a QoS Policy There are two types of QoS policies — input and output. Input QoS policies regulate Layer 3 and Layer 2 ingress traffic. The regulation mechanisms for input QoS policies are rate policing and setting priority values. • Layer 3 — QoS input policies allow you to rate police and set a DSCP or dot1p value.
Setting a dot1p Value for Egress Packets To set a dot1p value for egress packets, use the following command. • Set a dscp or dot1p value for egress packets. QOS-POLICY-IN mode set mac-dot1p Constraints The systems supporting this feature should use only the default global dot1p to queue mapping configuration as described in Dot1p to Queue Mapping Requirement. Creating an Output QoS Policy To create an output QoS policy, use the following commands. 1 Create an output QoS policy.
Table 70. Default Bandwidth Weights Queue Default Bandwidth Percentage for Default Bandwidth Percentage for 4–Queue System 8–Queue System 0 6.67% 1% 1 13.33% 2% 2 26.67% 3% 3 53.33% 4% 4 - 5% 5 - 10% 6 - 25% 7 - 50% NOTE: The system supports 8 data queues. When you assign a percentage to one queue, note that this change also affects the amount of bandwidth that is allocated to other queues.
classify input traffic on an interface based on the DSCP value of each packet and assigns it an initial drop precedence of green, yellow, or red The default setting for each DSCP value (0-63) is green (low drop precedence). The DSCP color map allows you to set the number of specific DSCP values to yellow or red. Traffic marked as yellow delivers traffic to the egress interface, which will either transmit or drop the packet based on configured queuing behavior.
Displaying DSCP Color Maps To display DSCP color maps, use the show qos dscp-color-map command in EXEC mode. Examples for Creating a DSCP Color Map Display all DSCP color maps. Dell# show qos dscp-color-map Dscp-color-map mapONE yellow 4,7 red 20,30 Dscp-color-map mapTWO yellow 16,55 Display a specific DSCP color map.
Create Policy Maps There are two types of policy maps: input and output. Creating Input Policy Maps There are two types of input policy-maps: Layer 3 and Layer 2. 1 Create a Layer 3 input policy map. CONFIGURATION mode policy-map-input Create a Layer 2 input policy map by specifying the keyword layer2 with the policy-map-input command.
Table 71.
trust dot1p Mapping dot1p Values to Service Queues All traffic is by default mapped to the same queue, Queue 0. If you honor dot1p on ingress, you can create service classes based the queueing strategy in Honoring dot1p Values on Ingress Packets. You may apply this queuing strategy globally by entering the following command from CONFIGURATION mode. • All dot1p traffic is mapped to Queue 0 unless you enable service-class dynamic dot1p on an interface or globally.
policy-map-output 2 After you create an output policy map, do one or more of the following: Applying an Output QoS Policy to a Queue Specifying an Aggregate QoS Policy Applying an Output Policy Map to an Interface 3 Apply the policy map to an interface. Applying an Output QoS Policy to a Queue To apply an output QoS policy to a queue, use the following command. • Apply an output QoS policy to queues.
• Payload: (variable) • Cyclic redundancy check (CRC): 4 bytes • Inter-frame gap (IFG): (variable) You can optionally include overhead fields in rate metering calculations by enabling QoS rate adjustment. QoS rate adjustment is disabled by default. • Specify the number of bytes of packet overhead to include in rate limiting, policing, and shaping calculations. CONFIGURATION mode qos-rate-adjust overhead-bytes For example, to include the Preamble and SFD, type qos-rate-adjust 8.
• On hybrid ports, Queue classification can be based on either Dot1p (for tagged packets) or DSCP (for untagged packets) but not both. Example Case: PFC does not work for tagged traffic, when DSCP based class map is applied on a hybrid port or on a tagged port. Assume two switches A and B are connected back to back. Consider the case where untagged packets arrive on switch A, if you want to generate PFC for priority 2 for DSCP range 0-7, then you have to match the interested traffic.
% Error: Dot1p marking is not allowed on L3 Input Qos Policy. Dell(conf-qos-policy-in)# You will also be able to mark both DSCP and Dot1p in the L3 Input Qos Policy: Dell(conf)#qos-policy-input qos-input Dell(conf-qos-policy-in)#set mac-dot1p 2 Dell(conf-qos-policy-in)#set ip-dscp 5 Dell Dell(conf-qos-policy-in)# Weighted Random Early Detection Weighted random early detection (WRED) is a congestion avoidance mechanism that drops packets to prevent buffering resources from being consumed.
Figure 104. Packet Drop Rate for WRED You can create a custom WRED profile or use one of the five pre-defined profiles. Creating WRED Profiles To create WRED profiles, use the following commands. 1 Create a WRED profile. CONFIGURATION mode wred-profile 2 Specify the minimum and maximum threshold values. WRED mode threshold Applying a WRED Profile to Traffic After you create a WRED profile, you must specify to which traffic Dell Networking OS should apply the profile.
• • If you do not configure Dell Networking OS to honor DSCP values on ingress (refer to Honoring DSCP Values on Ingress Packets), all traffic defaults to green drop precedence. Assign a WRED profile to either yellow or green traffic. QOS-POLICY-OUT mode wred Displaying Default and Configured WRED Profiles To display the default and configured WRED profiles, use the following command. • Display default and configured WRED profiles and their threshold values.
Example of the show qos statistics egress-queue Command Dell#show qos statistics egress-queue Interface Te 1/1/1 Unicast/Multicast Egress Queue Statistics Queue# Q# Type TxPkts TxBytes DroppedPkts DroppedBytes --------------------------------------------------------------------------------0 UCAST 0 0 0 0 1 UCAST 0 0 0 0 2 UCAST 0 0 0 0 3 UCAST 0 0 0 0 4 UCAST 0 0 0 0 5 UCAST 0 0 0 0 6 UCAST 0 0 0 0 7 UCAST 0 0 0 0 8 UCAST 204 13056 0 0 9 MCAST 0 0 0 0 10 MCAST 0 0 0 0 11 MCAST 0 0 0 0 12 MCAST 0 0 0 0 13 MC
The output of this command, shown in the following example, displays: • The estimated number of CAM entries the policy-map will consume. • Whether or not the policy-map can be applied. • The number of interfaces in a port-pipe to which the policy-map can be applied. Specifically: • Available CAM — the available number of CAM entries in the specified CAM partition for the specified line card or stack-unit port-pipe.
committed burst size. Traffic is considered to be green-colored up to the point at which the unused bandwidth does not exceed the committed burst size. Peak rate refers to the maximum rate for traffic arriving or exiting an interface under normal traffic conditions. Peak burst size indicates the maximum size of unused peak bandwidth that is aggregated. This aggregated bandwidth enables brief durations of burst traffic that exceeds the peak rate and committed burst.
QOS-POLICY-OUT mode Dell(config-qos-policy-out)# rate shape Kbps peak-rate burst-KB committed Kbps committed-rate burst-KB Configuring Weights and ECN for WRED The WRED congestion avoidance functionality drops packets to prevent buffering resources from being consumed. Traffic is a mixture of various kinds of packets. The rate at which some types of packets arrive might be greater than others.
Global Service Pools With WRED and ECN Settings Support for global service pools is now available. You can configure global service pools that are shared buffer pools accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed. Two service pools are used– one for loss-based queues and the other for lossless (priority-based flow control (PFC)) queues. You can enable WRED and ECN configuration on the global service-pools.
Queue Configuration Service-Pool Configuration WRED Threshold Relationship Q threshold = Q-T, Service pool threshold = SP-T Expected Functionality SP-T < Q-T SP based WRED, No ECN marking 1 1 0 X X 1 X Q-T < SP-T SP-T < Q-T Queue-based ECN marking above queue threshold. ECN marking to shared buffer limits of the service-pool and then packets are tail dropped. Same as above but ECN marking starts above SP-T.
4 Create a global buffer pool that is a shared buffer pool accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed.
Sample configuration to mark non-ecn packets as “yellow” with Multiple traffic class Consider the example where there are no different traffic classes that is all the packets are egressing on the default ‘queue0’. Dell Networking OS can be configured as below to mark the non-ecn packets as yellow packets.
Dell Networking OS support different types of match qualifiers to classify the incoming traffic. Match qualifiers can be directly configured in the class-map command or it can be specified through one or more ACL which in turn specifies the combination of match qualifiers. Until Release 9.3(0.0), support is available for classifying traffic based on the 6-bit DSCP field of the IPv4 packet.
• Classification based on ECN only • Classification based on ECN and DSCP concurrently You can now use the set-color yellow keyword with the match ip access-group command to mark the color of the traffic as ‘yellow’ would be added in the ‘match ip’ sequence of the class-map configuration. By default, all packets are considered as ‘green’ (without the rate-policer and trust-diffserve configuration) and hence support would be provided to mark the packets as ‘yellow’ alone will be provided.
seq 5 permit any dscp 40 ecn 0 ! class-map match-any class_dscp_40 match ip access-group dscp_40_non_ecn set-color yellow match ip access-group dscp_40 ! class-map match-any class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50 ! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets: ! ip access-list standard dscp_50_ecn seq 5 permit any dscp 50
configure a VLAN sub-interface on the port interface and apply a policy map that classifies packets using the dot1p VLAN ID. To apply an input policy map with Layer 2 match criteria to a Layer 3 port interface, use the servicepolicy input policy-name layer 2 command in Interface configuration mode.
frequently. The receive buffer must be large enough to save all data that is received when the system processes a PFC PAUSE frame. You can use the service-class buffer shared-threshold-weight queue0 ... queue7 number command in Interface Configuration mode to specify the threshold weight for the shared buffer for each of the queues per port. 1 Create a 10-Gigabit Ethernet interface.
Unit 1 unit: 3 port: 1 (interface Fo 1/144) --------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------MCAST 3 0 Unit 1 unit: 3 port: 5 (interface Fo 1/148) --------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------MCAST 3 0 Unit 1 unit: 3 port: 9 (interface Fo 1/152) --------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------MCAST 3 0 Unit 1 unit: 3 port: 13 (i
EXEC/EXEC Privilege mode Dell# show hardware buffer-stats-snapshot resource interface fortyGigE 0/0 queue all Unit 0 unit: 0 port: 1 (interface Fo 0/0) --------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------UCAST 0 0 UCAST 1 0 UCAST 2 0 UCAST 3 0 UCAST 4 0 UCAST 5 0 UCAST 6 0 UCAST 7 0 UCAST 8 0 UCAST 9 0 UCAST 10 0 UCAST 11 0 MCAST 0 0 MCAST 1 0 MCAST 2 0 MCAST 3 0 MCAST 4 0 MCAST 5 0 MCAST 6 0 MCAST 7 0 MCAST 8 0 Quality of Service (QoS) 805
39 Routing Information Protocol (RIP) The Routing Information Protocol (RIP) tracks distances or hop counts to nearby routers when establishing network connections and is based on a distance-vector algorithm. RIP is based on a distance-vector algorithm; it tracks distances or hop counts to nearby routers when establishing network connections. RIP protocol standards are listed in the Standards Compliance chapter.
This first RIP version does not support variable length subnet mask (VLSM) or classless inter-domain routing (CIDR) and is not widely used. RIPv2 RIPv2 adds support for subnet fields in the RIP routing updates, thus qualifying it as a classless routing protocol. The RIPv2 message format includes entries for route tags, subnet masks, and next hop addresses. Another enhancement included in RIPv2 is multicasting for route updates on IP multicast address 224.0.0.9.
Configuration Task List The following is the configuration task list for RIP.
When the RIP process has learned the RIP routes, use the show ip rip database command in EXEC mode to view those routes. Dell#show ip rip database Total number of routes in RIP database: 978 160.160.0.0/16 [120/1] via 29.10.10.12, 00:00:26, Fa 1/4 160.160.0.0/16 auto-summary 2.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 1/4 2.0.0.0/8 auto-summary 4.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 1/4 4.0.0.0/8 auto-summary 8.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 1/4 8.0.0.0/8 auto-summary 12.0.0.
192.162.2.0/24 [120/1] via 29.10.10.12, 00:01:21, Fa 1/49 192.162.2.0/24 auto-summary 192.161.1.0/24 [120/1] via 29.10.10.12, 00:00:27, Fa 1/49 192.161.1.0/24 auto-summary 192.162.3.0/24 [120/1] via 29.10.10.12, 00:01:22, Fa 1/49 192.162.3.0/24 auto-summary To disable RIP globally, use the no router rip command in CONFIGURATION mode. Configure RIP on Interfaces When you enable RIP globally on the system, interfaces meeting certain conditions start receiving RIP routes.
ROUTER RIP mode • distribute-list prefix-list-name in Assign a configured prefix list to all outgoing RIP routes. ROUTER RIP mode distribute-list prefix-list-name out To view the current RIP configuration, use the show running-config command in EXEC mode or the show config command in ROUTER RIP mode. Adding RIP Routes from Other Instances In addition to filtering routes, you can add routes from other routing instances or protocols to the RIP process.
ROUTER RIP mode • version {1 | 2} Set the RIP versions received on that interface. INTERFACE mode • ip rip receive version [1] [2] Set the RIP versions sent out on that interface. INTERFACE mode ip rip send version [1] [2] Examples of the RIP Process To see whether the version command is configured, use the show config command in ROUTER RIP mode. The following example shows the RIP configuration after the ROUTER RIP mode version command is set to RIPv2.
Invalid after 180 seconds, hold down 180, flushed after 240 Output delay 8 milliseconds between packets Automatic network summarization is in effect Outgoing filter for all interfaces is Incoming filter for all interfaces is Default redistribution metric is 1 Default version control: receive version 2, send version 2 Interface Recv Send TenGigabitEthernet 1/1/1 2 1 2 Routing for Networks: 10.0.0.
Controlling Route Metrics As a distance-vector protocol, RIP uses hop counts to determine the best route, but sometimes the shortest hop count is a route over the lowest-speed link. To manipulate RIP routes so that the routing protocol prefers a different route, manipulate the route by using the offset command. Exercise caution when applying an offset command to routers on a broadcast network, as the router using the offset command is modifying RIP advertisements before sending out those advertisements.
Example of the debug ip rip Command The following example shows the confirmation when you enable the debug function. Dell#debug ip rip RIP protocol debug is ON Dell# To disable RIP, use the no debug ip rip command. RIP Configuration Example The examples in this section show the command sequence to configure RIPv2 on the two routers shown in the following illustration — Core 2 and Core 3. The host prompts used in the following example reflect those names.
Core 2 RIP Output The examples in the section show the core 2 RIP output. Examples of the show ip Commands to View Core 2 Information • To display Core 2 RIP database, use the show ip rip database command. • To display Core 2 RIP setup, use the show ip route command. • To display Core 2 RIP activity, use the show ip protocols command. The following example shows the show ip rip database command to view the learned RIP routes on Core 2.
The following example shows the show ip protocols command to show the RIP configuration activity on Core 2.
Examples of the show ip Commands to View Learned RIP Routes on Core 3 The following example shows the show ip rip database command to view the learned RIP routes on Core 3. Core3#show ip rip database Total number of routes in RIP database: 7 10.11.10.0/24 [120/1] via 10.11.20.2, 00:00:13, TenGigabitEthernet 10.200.10.0/24 [120/1] via 10.11.20.2, 00:00:13, TenGigabitEthernet 10.300.10.0/24 [120/1] via 10.11.20.2, 00:00:13, TenGigabitEthernet 10.11.20.0/24 directly connected,TenGigabitEthernet 10.11.30.
TenGigabitEthernet 3/24/1 2 2 TenGigabitEthernet 3/23/1 2 2 Routing for Networks: 10.11.20.0 10.11.30.0 192.168.2.0 192.168.1.0 Routing Information Sources: Gateway Distance Last Update 10.11.20.2 120 00:00:22 Distance: (default is 120) Core3# RIP Configuration Summary Examples of Viewing RIP Configuration on Core 2 and Core 3 The following example shows viewing the RIP configuration on Core 2. ! interface TenGigabitEthernet ip address 10.11.10.1/24 no shutdown ! interface TenGigabitEthernet ip address 10.
interface TenGigabitEthernet 3/5/1 ip address 192.168.2.1/24 no shutdown ! router rip version 2 network 10.11.20.0 network 10.11.30.0 network 192.168.1.0 network 192.168.2.
40 Remote Monitoring (RMON) RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces. RMON operates with the simple network management protocol (SNMP) and monitors all nodes on a local area network (LAN) segment. RMON monitors traffic passing through the router and segment traffic not destined for the router.
Fault Recovery RMON provides the following fault recovery functions. • Interface Down — When an RMON-enabled interface goes down, monitoring continues. However, all data values are registered as 0xFFFFFFFF (32 bits) or ixFFFFFFFFFFFFFFFF (64 bits). When the interface comes back up, RMON monitoring processes resumes. NOTE: A network management system (NMS) should be ready to interpret a down interface and plot the interface performance graph accordingly.
• • • • event-number: event number to trigger when the rising threshold exceeds its limit. This value is identical to the alarmRisingEventIndex in the alarmTable of the RMON MIB. If there is no corresponding rising-threshold event, the value should be zero. falling-threshold value: value at which the falling-threshold alarm is triggered or reset. For the rmon alarm command, this setting is a 32-bits value, for the rmon hc-alarm command this setting is a 64 bits value.
created in the event table by this command. This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”. Dell(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 Configuring RMON Collection Statistics To enable RMON MIB statistics collection on an interface, use the RMON collection statistics command in INTERFACE CONFIGURATION mode. • Enable RMON MIB statistics collection.
• bucket-number: (Optional) a value associated with the number of buckets specified for the RMON collection history group of statistics. The value is limited to from 1 to 1000. The default is 50 (as defined in RFC-2819). • interval: (Optional) specifies the number of seconds in each polling cycle. • seconds: (Optional) the number of seconds in each polling cycle. The value is ranged from 5 to 3,600 (Seconds). The default is 1,800 (as defined in RFC-2819).
41 Rapid Spanning Tree Protocol (RSTP) The Rapid Spanning Tree Protocol (RSTP) is a Layer 2 protocol — specified by IEEE 802.1w — that is essentially the same as spanning-tree protocol (STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP). Protocol Overview RSTP is a Layer 2 protocol — specified by IEEE 802.
• Enabling SNMP Traps for Root Elections and Topology Changes • Configuring Fast Hellos for Link State Detection • Flush MAC Addresses after a Topology Change Important Points to Remember • RSTP is disabled by default. • Dell Networking OS supports only one Rapid Spanning Tree (RST) instance. • All interfaces in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode are automatically added to the RST topology.
no ip address 2 Place the interface in Layer 2 mode. INTERFACE mode switchport 3 Enable the interface. INTERFACE mode no shutdown Example of Verifying an Interface is in Layer 2 Mode and Enabled To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. The bold lines indicate that the interface is in Layer 2 mode.
To verify that RSTP is enabled, use the show config command from PROTOCOL SPANNING TREE RSTP mode. The bold line indicates that RSTP is enabled. Dell(conf-rstp)#show config ! protocol spanning-tree rstp no disable Dell(conf-rstp)# Figure 106. Rapid Spanning Tree Enabled Globally To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output.
BPDU : sent 121, received 9 The port is not in the Edge port mode Port 378 (TenGigabitEthernet 2/2/1) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.378 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port id is 128.
Adding and Removing Interfaces To add and remove interfaces, use the following commands. To add an interface to the Rapid Spanning Tree topology, configure it for Layer 2 and it is automatically added. If you previously disabled RSTP on the interface using the command no spanning-tree 0 command, re-enable it using the spanning-tree 0 command. • Remove an interface from the Rapid Spanning Tree topology. no spanning-tree 0 Modifying Global Parameters You can modify RSTP parameters.
RSTP Parameter • Default Value Port Channel with 40-Gigabit Ethernet interfaces Port Priority 128 To change these parameters, use the following commands. • Change the forward-delay parameter. PROTOCOL SPANNING TREE RSTP mode forward-delay seconds The range is from 4 to 30. • The default is 15 seconds. Change the hello-time parameter.
Modifying Interface Parameters On interfaces in Layer 2 mode, you can set the port cost and port priority values. • Port cost — a value that is based on the interface type. The previous table lists the default values. The greater the port cost, the less likely the port is selected to be a forwarding port. • Port priority — influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost.
• Assign a number as the bridge priority or designate it as the primary or secondary root. PROTOCOL SPANNING TREE RSTP mode bridge-priority priority-value • priority-value The range is from 0 to 65535. The lower the number assigned, the more likely this bridge becomes the root bridge. The default is 32768. Entries must be multiples of 4096. Example of the bridge-priority Command A console message appears when a new root bridge has been assigned.
Example of Verifying an EdgePort is Enabled on an Interface To verify that EdgePort is enabled on a port, use the show spanning-tree rstp command from EXEC privilege mode or the show config command from INTERFACE mode. NOTE: Dell Networking recommends using the show config command from INTERFACE mode. In the following example, the bold line indicates that the interface is in EdgePort mode.
42 Software-Defined Networking (SDN) The Dell Networking OS supports software-defined networking (SDN). For more information, see the SDN Deployment Guide.
43 Security This chapter describes several ways to provide security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide.
• Suppressing AAA Accounting for Null Username Sessions (optional) • Configuring Accounting of EXEC and Privilege-Level Command Usage (optional) • Configuring AAA Accounting for Terminal Lines (optional) • Monitoring AAA Accounting (optional) Enabling AAA Accounting The aaa accounting command allows you to create a record for any or all of the accounting functions monitored. To enable AAA accounting, use the following command.
Configuring Accounting of EXEC and Privilege-Level Command Usage The network access server monitors the accounting functions defined in the TACACS+ attribute/value (AV) pairs. • Configure AAA accounting to monitor accounting functions defined in TACACS+. CONFIGURATION mode aaa accounting system default start-stop tacacs+ aaa accounting command 15 default start-stop tacacs+ System accounting can use only the default method list.
Example of the show accounting Command for AAA Accounting Dell#show accounting Active accounted actions on tty2, User admin Priv 1 Task ID 1, EXEC Accounting record, 00:00:39 Elapsed, service=shell Active accounted actions on tty3, User admin Priv 1 Task ID 2, EXEC Accounting record, 00:00:26 Elapsed, service=shell Dell# AAA Authentication Dell Networking OS supports a distributed client/server system implemented through authentication, authorization, and accounting (AAA) to help secure networks against un
Configuring AAA Authentication Login Methods To configure an authentication method and method list, use the following commands. Dell Networking OS Behavior: If you use a method list on the console port in which RADIUS or TACACS is the last authentication method, and the server is not reachable, Dell Networking OS allows access even though the username and password credentials cannot be verified.
• default: uses the listed authentication methods that follow this argument as the default list of methods when a user logs in. • method-list-name: character string used to name the list of enable authentication methods activated when a user logs in. • method1 [... method4]: any of the following: RADIUS, TACACS, enable, line, none. If you do not set the default list, only the local enable is checked. This setting has the same effect as issuing an aaa authentication enable default enable command.
Server-Side Configuration Using AAA authentication, the switch acts as a RADIUS or TACACS+ client to send authentication requests to a TACACS+ or RADIUS server. • TACACS+ — When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then sends a second packet with just the password. The TACACS server must have an entry for username $enable$.
AAA Authorization Dell Networking OS enables AAA new-model by default. You can set authorization to be either local or remote. Different combinations of authentication and authorization yield different results. By default, Dell Networking OS sets both to local. Privilege Levels Overview Limiting access to the system is one method of protecting the system and your network. However, at times, you might need to allow others access to the router and you can limit that access to a subset of commands.
• Configuring Custom Privilege Levels (mandatory) • Specifying LINE Mode Password and Privilege (optional) • Enabling and Disabling Privilege Levels (optional) For a complete listing of all commands related to Dell Networking OS privilege levels and passwords, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configuring a Username and Password In Dell Networking OS, you can assign a specific username to limit user access to the system.
To view the configuration for the enable secret command, use the show running-config command in EXEC Privilege mode. In custom-configured privilege levels, the enable command is always available. No matter what privilege level you entered Dell Networking OS, you can enter the enable 15 command to access and configure all CLIs.
Configure the following required and optional parameters: • mode: enter a keyword for the modes (exec, configure, interface, line, route-map, or router) • level level: the range is from 0 to 15. Levels 0, 1, and 15 are pre-configured. Levels 2 to 14 are available for custom configuration. • command: an Dell Networking OS CLI keyword (up to five keywords allowed). • reset: return the command to its default privilege mode.
exit no show terminal traceroute Dell#confi Dell(conf)#? end exit no snmp-server Dell(conf)# Exit from the EXEC Negate a command Show running system information Set terminal line parameters Trace route to destination Exit from Configuration mode Exit from Configuration mode Reset a command Modify SNMP parameters Specifying LINE Mode Password and Privilege You can specify a password authentication of all users on different terminal lines.
• level-number: The level-number you wish to set. If you enter disable without a level-number, your security level is 1. RADIUS Remote authentication dial-in user service (RADIUS) is a distributed client/server protocol. This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and a RADIUS client (the Dell Networking system). The system sends user information to the RADIUS server and requests authentication of the user and password.
Idle Time Every session line has its own idle-time. If the idle-time value is not changed, the default value of 30 minutes is used. RADIUS specifies idle-time allow for a user during a session before timeout. When a user logs in, the lower of the two idle-time values (configured or default) is used. The idle-time value is updated if both of the following happens: • The administrator changes the idle-time of the line on which the user has logged in.
• Defining a AAA Method List to be Used for RADIUS (mandatory) • Applying the Method List to Terminal Lines (mandatory except when using default lists) • Specifying a RADIUS Server Host (mandatory) • Setting Global Communication Parameters for all RADIUS Server Hosts (optional) • Monitoring RADIUS (optional) For a complete listing of all Dell Networking OS commands related to RADIUS, refer to the Security chapter in the Dell Networking OS Command Reference Guide.
• To use the method list. CONFIGURATION mode authorization exec methodlist Specifying a RADIUS Server Host When configuring a RADIUS server host, you can set different communication parameters, such as the UDP port, the key password, the number of retries, and the timeout. To specify a RADIUS server host and configure its communication parameters, use the following command. • Enter the host name or IP address of the RADIUS server host.
To set global communication parameters for all RADIUS server hosts, use the following commands. • Set a time interval after which a RADIUS host server is declared dead. CONFIGURATION mode radius-server deadtime seconds • • seconds: the range is from 0 to 2147483647. The default is 0 seconds. Configure a key for all RADIUS communications between the system and RADIUS server hosts. CONFIGURATION mode radius-server key [encryption-type] key • • encryption-type: enter 7 to encrypt the password.
TACACS+ Dell Networking OS supports terminal access controller access control system (TACACS+ client, including support for login authentication. Configuration Task List for TACACS+ The following list includes the configuration task for TACACS+ functions.
login authentication {method-list-name | default} Example of a Failed Authentication To view the configuration, use the show config in LINE mode or the show running-config tacacs+ command in EXEC Privilege mode. If authentication fails using the primary method, Dell Networking OS employs the second method (or third method, if necessary) automatically. For example, if the TACACS+ server is reachable, but the server key is invalid, Dell Networking OS proceeds to the next authentication method.
TACACS+ Remote Authentication The system takes the access class from the TACACS+ server. Access class is the class of service that restricts Telnet access and packet sizes. If you have configured remote authorization, the system ignores the access class you have configured for the VTY line and gets this access class information from the TACACS+ server. The system must know the username and password of the incoming user before it can fetch the access class from the server.
To view the TACACS+ configuration, use the show running-config tacacs+ command in EXEC Privilege mode. To delete a TACACS+ server host, use the no tacacs-server host {hostname | ip-address} command. freebsd2# telnet 2200:2200:2200:2200:2200::2202 Trying 2200:2200:2200:2200:2200::2202... Connected to 2200:2200:2200:2200:2200::2202. Escape character is '^]'.
Dell Networking OS SCP, which is a remote file copy program that works with SSH. NOTE: The Windows-based WinSCP client software is not supported for secure copying between a PC and a Dell Networking OS-based system. Unix-based SCP client software is supported. To use the SSH client, use the following command. • Open an SSH connection and specify the hostname, username, port number,encryption cipher,HMAC algorithm and version of the SSH client.
ip ssh server port number 2 On Switch 1, enable SSH. CONFIGURATION MODE copy ssh server enable 3 On Switch 2, invoke SCP. CONFIGURATION MODE copy scp: flash: 4 On Switch 2, in response to prompts, enter the path to the desired file and enter the port number specified in Step 1. EXEC Privilege Mode 5 On the chassis, invoke SCP.
Removing the RSA Host Keys and Zeroizing Storage Use the crypto key zeroize rsa command to delete the host key pairs, both the public and private key information for RSA 1 and or RSA 2 types. Note that when FIPS mode is enabled there is no RSA 1 key pair. Any memory currently holding these keys is zeroized (written over with zeroes) and the NVRAM location where the keys are stored for persistence across reboots is also zeroized.
key-exchange-algorithm : Enter a space-delimited list of key exchange algorithms that will be used by the SSH server. The following key exchange algorithms are available: • diffie-hellman-group-exchange-sha1 • diffie-hellman-group1-sha1 • diffie-hellman-group14-sha1 The default key exchange algorithms are the following: • diffie-hellman-group-exchange-sha1 • diffie-hellman-group1-sha1 • diffie-hellman-group14-sha1 When FIPS is enabled, the default is diffie-hellman-group14-sha1.
• hmac-md5-96 When FIPS is enabled, the default HMAC algorithm is hmac-sha2-256,hmac-sha1,hmac-sha1-96. Example of Configuring a HMAC Algorithm The following example shows you how to configure a HMAC algorithm list. Dell(conf)# ip ssh server mac hmac-sha1-96 Configuring the SSH Server Cipher List To configure the cipher list supported by the SSH server, use the ip ssh server cipher cipher-list command in CONFIGURATION mode.
Example of Enabling SSH Password Authentication To view your SSH configuration, use the show ip ssh command from EXEC Privilege mode. Dell(conf)#ip ssh server enable Dell(conf)#ip ssh password-authentication enable Dell# show ip ssh SSH server : enabled. SSH server version : v1 and v2. SSH server vrf : default. SSH server ciphers : 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128ctr,aes192-ctr,aes256-ctr. SSH server macs : hmac-md5,hmac-md5-96,hmac-sha1,hmac-sha1-96,hmacsha2-256,hmac-sha2-256-96.
Configuring Host-Based SSH Authentication Authenticate a particular host. This method uses SSH version 2. To configure host-based authentication, use the following commands. 1 Configure RSA Authentication. Refer to Using RSA Authentication of SSH. 2 Create shosts by copying the public RSA key to the file shosts in the directory .ssh, and write the IP address of the host to the file. cp /etc/ssh/ssh_host_rsa_key.pub /.ssh/shosts Refer to the first example.
The following example shows creating rhosts. admin@Unix_client# ls id_rsa id_rsa.pub rhosts shosts admin@Unix_client# cat rhosts 10.16.127.201 admin Using Client-Based SSH Authentication To SSH from the chassis to the SSH client, use the following command. This method uses SSH version 1 or version 2. If the SSH port is a non-default value, use the ip ssh server port number command to change the default port number. You may only change the port number when SSH is disabled.
Example of Using Telnet for Remote Login Dell(conf)#ip telnet server enable Dell(conf)#no ip telnet server enable VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in Dell Networking OS. These depend on which authentication scheme you use — line, local, or remote. Table 77.
Dell Networking OS can assign different access classes to different users by username. Until users attempt to log in, Dell Networking OS does not know if they will be assigned a VTY line. This means that incoming users always see a login prompt even if you have excluded them from the VTY line with a deny-all access class. After users identify themselves, Dell Networking OS retrieves the access class from the local database and applies it.
VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security policy based on the source MAC address. To apply a MAC ACL on a VTY line, use the same access-class command as IP ACLs. The following example shows how to deny incoming connections from subnet 10.0.0.0 without displaying a login prompt.
• Displaying Accounting for User Roles • Displaying Information About Roles Logged into the Switch • Display Role Permissions Assigned to a Command Overview of RBAC With Role-Based Access Control (RBAC), access and authorization is controlled based on a user’s role. Users are granted permissions based on their user roles, not on their individual user ID. User roles are created for job functions and through those roles they acquire the permissions to perform their associated job function.
Pre-requisites Before you enable role-based only AAA authorization: 1 Locally define a system administrator user role. This will give you access to login with full permissions even if network connectivity to remote authentication servers is not available. 2 Configure login authentication on the console. This ensures that all users are properly identified through authentication no matter the access point.
System-Defined RBAC User Roles By default, the Dell Networking OS provides 4 system defined user roles. You can create up to 8 additional user roles. NOTE: You cannot delete any system defined roles. The system defined user roles are as follows: • Network Operator (netoperator) - This user role has no privilege to modify any configuration on the switch. You can access Exec mode (monitoring) to view the current configuration and status information.
defined roles. Otherwise you would have to create a user role’s command permissions from scratch. You then restrict commands or add commands to that role. For more information about this topic, see Modifying Command Permissions for Roles. NOTE: You can change user role permissions on system pre-defined user roles or user-defined user roles.
myrole secadmin Exec Config Line Modifying Command Permissions for Roles You can modify (add or delete) command permissions for newly created user roles and system defined roles using the role mode { { { addrole | deleterole } role-name } | reset } command command in Configuration mode. NOTE: You cannot modify system administrator command permissions. If you add or delete command permissions using the role command, those changes only apply to the specific user role.
Example: Allow Security Administrator to Access Only 10-Gigabit Ethernet Interfaces The following example allows the security administrator (secadmin) to only access 10-Gigabit Ethernett interfaces and then shows that the secadmin, highlighted in bold, can now access Interface mode. However, the secadmin can only access 10-Gigabit Ethernet interfaces.
In the following example the command protocol permissions are reset to their original setting or one or more of the system-defined roles and any roles that inherited permissions from them. Dell(conf)#role configure reset protocol Adding and Deleting Users from a Role To create a user name that is authenticated based on a user role, use the username name password encryption-type password role role-name command in CONFIGURATION mode.
To configure AAA authentication, use the aaa authentication command in CONFIGURATION mode. aaa authentication login {method-list-name | default} method [… method4] Configure AAA Authorization for Roles Authorization services determine if the user has permission to use a command in the CLI. Users with only privilege levels can use commands in privilege-or-role mode (the default) provided their privilege level is the same or greater than the privilege level of those commands.
accounting commands role netadmin line vty 1 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin line vty 2 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin line vty 3 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin line vty 4 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin line vty 5 login authentication ucraaa authorization exec ucraaa accounting comman
The format to create a Dell Network OS AV pair for privilege level is shell:priv-lvl= where number is a value between 0 and 15. Force10-avpair= ”shell:priv-lvl=15“ Example for Creating a AVP Pair for System Defined or User-Defined Role The following section shows you how to create an AV pair to allow a user to login from a network access server to have access to commands based on the user’s role.
The following example applies the accounting default method to the user role secadmin (security administrator). Dell(conf-vty-0)# accounting commands role secadmin default Displaying Active Accounting Sessions for Roles To display active accounting sessions for each user role, use the show accounting command in EXEC mode.
Displaying Role Permissions Assigned to a Command To display permissions assigned to a command, use the show role command in EXEC Privilege mode. The output displays the user role and or permission level.
44 Service Provider Bridging Service provider bridging provides the ability to add a second VLAN ID tag in an Ethernet frame and is referred to as VLAN stacking in the Dell Networking OS. VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges, which is an amendment to IEEE 802.1Q — Virtual Bridged Local Area Networks. It enables service providers to use 802.
Figure 107. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and are configured as VLAN-Stack access or trunk ports do not switch untagged traffic. To switch traffic, add these interfaces to a non-default VLANStack-enabled VLAN. • Dell Networking cautions against using the same MAC address on different customer VLANs, on the same VLAN-Stack VLAN.
Configure VLAN Stacking Configuring VLAN-Stacking is a three-step process. 1 Creating Access and Trunk Ports 2 Assign access and trunk ports to a VLAN (Creating Access and Trunk Ports). 3 Enabling VLAN-Stacking for a VLAN.
switchport vlan-stack access no shutdown Dell#show run interface tengigabitEthernet 1/2/1 ! interface TenGigabitEthernet 1/2/1 no ip address switchport vlan-stack trunk no shutdown Enable VLAN-Stacking for a VLAN To enable VLAN-Stacking for a VLAN, use the following command. • Enable VLAN-Stacking for the VLAN. INTERFACE VLAN mode vlan-stack compatible Example of Viewing VLAN Stack Member Status To display the status and members of a VLAN, use the show vlan command from EXEC Privilege mode.
Configuring Dell Networking OS Options for Trunk Ports 802.1ad trunk ports may also be tagged members of a VLAN so that it can carry single and double-tagged traffic. You can enable trunk ports to carry untagged, single-tagged, and double-tagged VLAN traffic by making the trunk port a hybrid port. To configure trunk ports, use the following commands. 1 Configure a trunk port to carry untagged, single-tagged, and double-tagged traffic by making it a hybrid port.
Debugging VLAN Stacking To debug VLAN stacking, use the following command. • Debug the internal state and membership of a VLAN and its ports. debug member Example of Debugging a VLAN and its Ports The port notations are as follows: • • • • • MT — stacked trunk MU — stacked access port T — 802.1Q trunk port U — 802.
You can configure the first 8 bits of the TPID using the vlan-stack protocol-type command. The TPID is global. Ingress frames that do not match the system TPID are treated as untagged. This rule applies for both the outer tag TPID of a double-tagged frame and the TPID of a single-tagged frame. For example, if you configure TPID 0x9100, the system treats 0x8100 and untagged traffic the same and maps both types to the default VLAN, as shown by the frame originating from Building C.
Therefore, a mismatched TPID results in the port not differentiating between tagged and untagged traffic. Figure 108.
Figure 109.
Figure 110. Single and Double-Tag TPID Mismatch VLAN Stacking Packet Drop Precedence VLAN stacking packet-drop precedence is supported on the switch. The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested.
Enabling Drop Eligibility Enable drop eligibility globally before you can honor or mark the DEI value. When you enable drop eligibility, DEI mapping or marking takes place according to the defaults. In this case, the CFI is affected according to the following table. Table 78. Drop Eligibility Behavior Ingress Egress DEI Disabled DEI Enabled Normal Port Normal Port Retain CFI Set CFI to 0. Trunk Port Trunk Port Retain inner tag CFI Retain inner tag CFI.
Example of Viewing DEI-Honoring Configuration To display the DEI-honoring configuration, use the show interface dei-honor [interface slot/ port/subport] in EXEC Privilege mode. Dell#show interface dei-honor Default Drop precedence: Green Interface CFI/DEI Drop precedence --------------------------------------Te 1/1/1 0 Green Te 1/1/1 1 Yellow Te 2/9/1 1 Red Te 2/10/1 0 Yellow Marking Egress Packets with a DEI Value On egress, you can set the DEI value according to a different mapping than ingress.
Dynamic Mode CoS for VLAN Stacking One of the ways to ensure quality of service for customer VLAN-tagged frames is to use the 802.1p priority bits in the tag to indicate the level of QoS desired. When an S-Tag is added to incoming customer frames, the 802.1p bits on the S-Tag may be configured statically for each customer or derived from the C-Tag using Dynamic Mode CoS. Dynamic Mode CoS maps the C-Tag 802.1p value to a S-Tag 802.1p value. Figure 111.
! class-map match-any a layer2 match mac access-group a ! mac access-list standard a seq 5 permit any ! qos-policy-input 3 layer2 rate-police 40 Likewise, in the following configuration, packets with dot1p priority 0–3 are marked as dot1p 7 in the outer tag and queued to Queue 3. Rate policing is according to qos-policy-input 3. All other packets will have outer dot1p 0 and hence are queued to Queue 1. They are therefore policed according to qos-policyinput 1.
reload 4 Map C-Tag dot1p values to a S-Tag dot1p value. INTERFACE mode vlan-stack dot1p-mapping c-tag-dot1p values sp-tag-dot1p value Separate C-Tag values by commas. Dashed ranges are permitted. Dynamic Mode CoS overrides any Layer 2 QoS configuration in case of conflicts. NOTE: Because dot1p-mapping marks and queues packets, the only remaining applicable QoS configuration is rate metering. You may use Rate Shaping or Rate Policing.
Figure 112. VLAN Stacking without L2PT You might need to transport control traffic transparently through the intermediate network to the other region. Layer 2 protocol tunneling enables BPDUs to traverse the intermediate network by identifying frames with the Bridge Group Address, rewriting the destination MAC to a user-configured non-reserved address, and forwarding the frames.
these Dell Networking OS versions, Dell Networking systems are required at the egress edge of the intermediate network because only Dell Networking OS could recognize the significance of the destination MAC address and rewrite it to the original Bridge Group Address. In Dell Networking OS version 8.2.1.0 and later, the L2PT MAC address is user-configurable, so you can specify an address that non-Dell Networking systems can recognize and rewrite the address at egress edge.
Figure 113. VLAN Stacking with L2PT Implementation Information • L2PT is available for STP, RSTP, MSTP, and PVST+ BPDUs. • No protocol packets are tunneled when you enable VLAN stacking. • L2PT requires the default CAM profile.
Enabling Layer 2 Protocol Tunneling To enable Layer 2 protocol tunneling, use the following command. 1 Verify that the system is running the default CAM profile. Use this CAM profile for L2PT. EXEC Privilege mode show cam-profile 2 Enable protocol tunneling globally on the system. CONFIGURATION mode protocol-tunnel enable 3 Tunnel BPDUs the VLAN.
For details about this command, refer to CAM Allocation. 2 Save the running-config to the startup-config. EXEC Privilege mode copy running-config startup-config 3 Reload the system. EXEC Privilege mode reload 4 Set a maximum rate at which the RPM processes BPDUs for L2PT. VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting. The range is from 64 to 320 kbps. Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command.
Provider backbone bridging through IEEE 802.1ad eliminates the need for tunneling BPDUs with L2PT and increases the reliability of provider bridge networks as the network core need only learn the MAC addresses of core switches, as opposed to all MAC addresses received from attached customer devices. • Use the Provider Bridge Group address as the destination MAC address in BPDUs. The xstp keyword applies this functionality to STP, RSTP, and MSTP; this functionality is not available for PVST+.
45 sFlow sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic. It is designed to provide traffic monitoring for high-speed networks with many switches and routers.
Implementation Information Dell Networking sFlow is designed so that the hardware sampling rate is per line card port-pipe and is decided based on all the ports in that port-pipe. If you do not enable sFlow on any port specifically, the global sampling rate is downloaded to that port and is to calculate the port-pipe’s lowest sampling rate. This design supports the possibility that sFlow might be configured on that port in the future. Back-off is triggered based on the port-pipe’s hardware sampling rate.
Enabling Extended sFlow Extended sFlow packs additional information in the sFlow datagram depend on the type of sampled packet. The platform supports extended-switch information processing only. Extended sFlow packs additional information in the sFlow datagram depending on the type of sampled packet. You can enable the following options: • extended-switch — 802.1Q VLAN ID and 802.1p priority information. • extended-router — Next-hop and source and destination mask length.
Enabling and Disabling sFlow on an Interface By default, sFlow is disabled on all interfaces. This CLI is supported on physical ports and link aggregation group (LAG) ports. To enable sFlow on a specific interface, use the following command. • Enable sFlow on an interface. INTERFACE mode [no] sflow ingress-enable To disable sFlow on an interface, use the no version of this command.
1 collectors configured Collector IP addr: 100.1.1.12, Agent IP addr: 100.1.1.
Example of Viewing sFlow Configuration (Global) The first bold line indicates sFlow is globally enabled. The second bold lines indicate sFlow is enabled on Te 1/16/1 and Te 1/17/1 Dell#show sflow sFlow services are enabled Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53, Agent IP addr: 133.33.33.
Displaying Show sFlow on a Stack-unit To view sFlow statistics on a specified Stack-unit, use the following command. • Display sFlow configuration information and statistics on the specified interface.
• interval value: in seconds. The range is from 15 to 86400 seconds. The default is 20 seconds. Back-Off Mechanism If the sampling rate for an interface is set to a very low value, the CPU can get overloaded with flow samples under high-traffic conditions. In such a scenario, a binary back-off mechanism gets triggered, which doubles the sampling-rate (halves the number of samples per second) for all interfaces. The backoff mechanism continues to double the samplingrate until the CPU condition is cleared.
Examples of Verifying Extended sFlow The bold line shows that extended sflow setting is enabled for extended switch. Dell#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 20 Global default extended maximum header size: 128 bytes Global extended information enabled: switch 1 collectors configured Collector IP addr: 100.1.1.1, Agent IP addr: 1.1.1.
IP SA IP DA srcAS and srcPeerAS dstAS and dstPeerAS Description because there is no AS information. static/ connected/IGP BGP 0 Exported src_as and src_peer_as are zero because there is no AS information for IGP. BGP static/ connected/IGP — — Exported Exported Prior to Dell Networking OS version 7.8.1.0, extended gateway data is not exported because IP DA is not learned via BGP. Version 7.8.1.
46 Simple Network Management Protocol (SNMP) The Simple Network Management Protocol (SNMP) is designed to manage devices on IP networks by monitoring device operation, which might require administrator intervention. NOTE: On Dell Networking routers, standard and private SNMP management information bases (MIBs) are supported, including all Get and a limited number of Set operations (such as set vlan and copy cmd).
Protocol Overview Network management stations use SNMP to retrieve or alter management data from network elements. A datum of management information is called a managed object; the value of a managed object can be static or variable. Network elements store managed objects in a database called a management information base (MIB). MIBs are hierarchically structured and use object identifiers to address managed objects, but managed objects also have a textual name called an object descriptor.
Table 80.
• Creating a Community Configuring SNMP version 3 requires configuring SNMP users in one of three methods. Refer to Setting Up User-Based Security (SNMPv3).
SNMP community is a group of SNMP agents and managers that are allowed to interact. Communities are necessary to secure communication between SNMP managers and agents; SNMP agents do not respond to requests from management stations that are not part of the community. Dell Networking OS enables SNMP automatically when you create an SNMP community and displays the following message. You must specify whether members of the community may only retrieve values (read), or retrieve and alter values (read-write).
snmp-server view view-name oid-tree {included | excluded} NOTE: To give a user read and write view privileges, repeat this step for each privilege type. • Configure the user with an authorization password (password privileges only). CONFIGURATION mode • snmp-server user name group-name 3 noauth auth md5 auth-password Configure an SNMP group (password privileges only). CONFIGURATION mode • snmp-server group groupname {oid-tree} auth read name write name Configure an SNMPv3 view.
• snmpget -v version -c community agent-ip {identifier.instance | descriptor.instance} Read the value of the managed object directly below the specified object. • snmpgetnext -v version -c community agent-ip {identifier.instance | descriptor.instance} Read the value of many objects at once. snmpwalk -v version -c community agent-ip {identifier.instance | descriptor.
Configuring Contact and Location Information using SNMP You may configure system contact and location information from the Dell Networking system or from the management station using SNMP. To configure system contact and location information from the Dell Networking system and from the management station using SNMP, use the following commands. • (From a Dell Networking system) Identify the system manager along with this person’s contact information (for example, an email address or phone number).
Subscribing to Managed Object Value Updates using SNMP By default, the Dell Networking system displays some unsolicited SNMP messages (traps) upon certain events and conditions. You can also configure the system to send the traps to a management station. Traps cannot be saved on the system. Dell Networking OS supports the following three sets of traps: • RFC 1157-defined traps — coldStart, warmStart, linkDown, linkUp, authenticationFailure, and egpNeighbborLoss.
Example of RFC-Defined SNMP Traps and Related Enable Commands The following example lists the RFC-defined SNMP traps and the command used to enable each. The coldStart and warmStart traps are enabled using a single command. snmp authentication SNMP_AUTH_FAIL:SNMP Authentication failed.Request with invalid community string. snmp coldstart SNMP_COLD_START: Agent Initialized - SNMP COLD_START. SNMP_WARM_START:Agent Initialized - SNMP WARM_START.
MAJOR_PS_CLR: major alarm cleared: sufficient power MINOR_PS: Minor alarm: power supply non-redundant MINOR_PS_CLR: Minor alarm cleared: power supply redundant envmon temperature MINOR_TEMP: Minor alarm: chassis temperature MINOR_TEMP_CLR: Minor alarm cleared: chassis temperature normal (%s %d temperature is within threshold of %dC) MAJOR_TEMP: Major alarm: chassis temperature high (%s temperature reaches or exceeds threshold of %dC) MAJOR_TEMP_CLR: Major alarm cleared: chassis temperature lower (%s %d temp
SNMP Copy Config Command Completed %RPM0-P:CP %SNMP-4-RMON_RISING_THRESHOLD: STACKUNIT0 rising threshold alarm from SNMP OID %RPM0-P:CP %SNMP-4-RMON_FALLING_THRESHOLD: STACKUNIT0 falling threshold alarm from SNMP OID %RPM0-P:CP %SNMP-4-RMON_HC_RISING_THRESHOLD: STACKUNIT0 high-capacity rising threshold alarm from SNMP OID Enabling an SNMP Agent to Notify Syslog Server Failure You can configure a network device to send an SNMP trap if an audit processing failure occurs due to loss of
10.11.226.121 (port: 9140) is not reachable" SNMPv2-SMI::enterprises. 6027.3.6.1.1.2.0 = INTEGER: 2 Following is the sample audit log message that other syslog servers that are reachable receive: Oct 21 00:46:13: dv-fedgov-s4810-6: %EVL-6-NOT_REACHABLE:Syslog server 10.11.226.121 (port: 9140) is not reachable Following example shows the SNMP trap that is sent when connectivity to the syslog server is resumed: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (10230) 0:01:42.30 SNMPv2MIB::snmpTrapOID.
MIB Object OID Object Values Description and copySrcFileName. copySrcFileLocation 1 = flash . 1.3.6.1.4.1.6027.3.5.1.1.1.1. 2 = slot0 3 3 = tftp Specifies the location of source file. • 4 = ftp 5 = scp If copySrcFileLocation is FTP or SCP, you must specify copyServerAddress, copyUserName, and copyUserPassword. 6 = usbflash copySrcFileName . Path (if the file is not in Specifies name of the file. 1.3.6.1.4.1.6027.3.5.1.1.1.1. the current directory) and • If 4 filename.
MIB Object OID copyServerAddress . IP Address of the server. 1.3.6.1.4.1.6027.3.5.1.1.1.1. 8 The IP address of the server. . Username for the server. 1.3.6.1.4.1.6027.3.5.1.1.1.1. 9 Username for the FTP, TFTP, or SCP server. . Password for the server. 1.3.6.1.4.1.6027.3.5.1.1.1.1. 10 Password for the FTP, TFTP, or SCP server. copyUserName copyUserPassword Object Values Description • • If you specify copyServerAddress, you must also specify copyUserName and copyUserPassword.
NOTE: You can use the entire OID rather than the object name. Use the form: OID.index i object-value. To view more information, use the following options in the snmpset command. • -c: View the community, either public or private. • -m: View the MIB files for the SNMP command. • -r: Number of retries using the option • -t: View the timeout. • -v: View the SNMP version (either 1, 2, 2d, or 3). The following examples show the snmpset command to copy a configuration.
Copying the Startup-Config Files to the Running-Config To copy the startup-config to the running-config from a UNIX machine, use the following command. • Copy the startup-config to the running-config from a UNIX machine. snmpset -c private -v 2c force10system-ip-address copySrcFileType.index i 3 copyDestFileType.index i 2 Examples of Copying Configuration Files from a UNIX Machine The following example shows how to copy configuration files from a UNIX machine using the object name.
FTOS-COPY-CONFIG-MIB::copyUserName.110 = STRING: mylogin FTOS-COPY-CONFIG-MIB::copyUserPassword.110 = STRING: mypass Copying the Startup-Config Files to the Server via TFTP To copy the startup-config to the server via TFTP from the UNIX machine, use the following command. NOTE: Verify that the file exists and its permissions are set to 777. Specify the relative path to the TFTP root directory. • Copy the startup-config to the server via TFTP from the UNIX machine. snmpset -v 2c -c public -m .
Additional MIB Objects to View Copy Statistics Dell Networking provides more MIB objects to view copy statistics, as shown in the following table. Table 83. Additional MIB Objects for Copying Configuration Files via SNMP MIB Object OID Values copyState 1= running . 1.3.6.1.4.1.6027.3.5.1.1.1.1. 2 = successful 11 Description Specifies the state of the copy operation. 3 = failed copyTimeStarted . Time value 1.3.6.1.4.1.6027.3.5.1.1.1.1.
snmpset -v 2c -c public -m ./f10-copy-config.mib force10system-ip-address [OID.index | mib-object.index] index: the index value used in the snmpset command used to complete the copy operation. NOTE: You can use the entire OID rather than the object name. Use the form: OID.index. Examples of Getting MIB Object Values The following examples show the snmpget command to obtain a MIB object value.
Viewing the Available Flash Memory Size • To view the available flash memory using SNMP, use the following command. snmpget -v2c -c public 192.168.60.120 .1.3.6.1.4.1.6027.3.10.1.2.9.1.6.1 enterprises.6027.3.10.1.2.9.1.5.1 = Gauge32: 24 The output above displays that 24% of the flash memory is used. MIB Support to Display the Software Core Files Generated by the System Dell Networking provides MIB objects to display the software core files generated by the system.
Viewing the Software Core Files Generated by the System • To view the viewing the software core files generated by the system, use the following command. snmpwalk -v2c -c public 192.168.60.120 .1.3.6.1.4.1.6027.3.10.1.2.10 enterprises.6027.3.10.1.2.10.1.1.1.1 = 1 enterprises.6027.3.10.1.2.10.1.1.1.2 = 2 enterprises.6027.3.10.1.2.10.1.1.1.3 = 3 enterprises.6027.3.10.1.2.10.1.1.2.1 = 1 enterprises.6027.3.10.1.2.10.1.2.1.1 = "/CORE_DUMP_DIR/flashmntr.core.gz" enterprises.6027.3.10.1.2.10.1.2.1.
Assigning a VLAN Alias Write a character string to the dot1qVlanStaticName object to assign a name to a VLAN. Example of Assigning a VLAN Alias using SNMP [Unix system output] > snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17.7.1.4.3.1.1.
00 00 00 00 00 00 00 00 00 00 00 00 00" SNMPv2-SMI::mib-2.17.7.1.4.3.1.2.1107787786 = Hex-STRING: 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SNMPv2-SMI::mib-2.17.7.1.4.3.1.4.
To enable overload bit for IPv4 set 1.3.6.1.4.1.6027.3.18.1.1 and IPv6 set 1.3.6.1.4.1.6027.3.18.1.4 To set time to wait set 1.3.6.1.4.1.6027.3.18.1.2 and 1.3.6.1.4.1.6027.3.18.1.5 respectively To set time to wait till bgp session are up set 1.3.6.1.4.1.6027.3.18.1.3 and 1.3.6.1.4.1.6027.3.18.1.6 Enabling and Disabling a Port using SNMP To enable and disable a port using SNMP, use the following commands. 1 Create an SNMP community on the Dell system.
Table 86. MIB Objects for Fetching Dynamic MAC Entries in the Forwarding Database MIB Object OID MIB Description dot1dTpFdbTable .1.3.6.1.2.1.17.4.3 Q-BRIDGE MIB List the learned unicast MAC addresses on the default VLAN. dot1qTpFdbTable .1.3.6.1.2.1.17.7.1.2. 2 Q-BRIDGE MIB List the learned unicast MAC addresses on nondefault VLANs. dot3aCurAggFdb Table .1.3.6.1.4.1.6027.3.2. 1.1.5 F10-LINKAGGREGATION -MIB List the learned MAC addresses of aggregated links (LAG).
1000 00:01:e8:06:95:ac Dynamic Po 1 Active -------------Query from Management Station--------------------->snmpwalk -v 2c -c techpubs 10.11.131.162 .1.3.6.1.4.1.6027.3.2.1.1.5 SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.1.1000.0.1.232.6.149.172.1 = SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.2.1000.0.1.232.6.149.172.1 = 00 01 E8 06 95 AC SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.3.1000.0.1.232.6.149.172.1 = SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.4.1000.0.1.232.6.149.172.
Table 87. MIB Objects for Viewing the System Image on Flash Partitions MIB Object OID Description MIB chSysSwInPartitionAImgV 1.3.6.1.4.1.6027.3.10.1.2.8. List the version string of Chassis MIB ers 1.11 the system image in Flash Partition A. chSysSwInPartitionBImgV 1.3.6.1.4.1.6027.3.10.1.2.8. List the version string of Chassis MIB ers 1.12 the system image in Flash Partition B.
SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.2.1.0.0.0.0.0.1.1 = Hex-STRING: 00 00 00 00 00 01 dot3aCurAggIndex SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.3.1.0.0.0.0.0.1.1 = INTEGER: 1 dot3aCurAggStatus SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.4.1.0.0.0.0.0.1.1 = INTEGER: 1 << Status active, 2 – status inactive Example of Viewing Changed Interface State for Monitored Ports Layer 3 LAG does not include this support. SNMP trap works for the Layer 2 / Layer 3 / default mode LAG. SNMPv2-MIB::sysUpTime.
47 Stacking Using the Dell Networking OS stacking feature, you can interconnect multiple switch units with stacking ports or front end user ports. The stack becomes manageable as a single switch through the stack management unit. The system accepts Unit ID numbers from 1 to 6 and it supports stacking up to six units.
• Stack unit topology • Stack running configuration (which includes ACL, LACP, STP, SPAN, and so on.) • Logs. The master switch maintains stack operation with minimal impact in the event of: • Switch failure • Inter-switch stacking link failure • Switch insertion • Switch removal If the master switch goes off line, the standby replaces it as the new master and the switch with the next highest priority or MAC address becomes standby.
Reload-Type : normal-reload [Next boot : normal-reload] -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports ----------------------------------------------------------------------------------0 Member not present S6000-ON 1 Member not present 2 Standby online S6000-ON S6000-ON 1-0(0-3387) 128 3 Member not present S6000-ON 4 Member not present 5 Management online S6000-ON S6000-ON 1-0(0-3387) 128 -- Power Supplies -Unit Bay Status Type FanStatus FanSpeed(rpm) -------------------------------------
After the former master switch recovers, despite having a higher priority or MAC address, it does not recover its master role but instead takes the next available role. To view failover details, use the show redundancy command. MAC Addressing on Stacks The stack has three MAC addresses: the chassis MAC, interface MAC, and null interface MAC. All interfaces in the stack use the interface MAC address of the management unit, and the chassis MAC for the stack is the master’s chassis MAC.
[output omitted] Stack#show system Master priority : Stack#show system Master priority : stack-unit 1 | grep priority 0 stack-unit 2 | grep priority 0 Example of Adding a Standalone with a Lower MAC Address and Equal Priority to a Stack Stacking LAG When multiple links are used between stack units, Dell Networking OS automatically bundles them in a stacking LAG to provide aggregated throughput and redundancy.
Supported Stacking Topologies The device supports stacking in a ring or a daisy chain topology. Dell Networking recommends the ring topology when stacking the switches to provide redundant connectivity. Figure 114. Supported Stacking Topologies High Availability on Stacks Stacks have master and standby management units analogous to Dell Networking route processor modules (RPM).
Example of Stack Manager Redundancy Management Access on Stacks You can access the stack via the console port or VTY line. • Console access — You may access the stack through the console port of the master unit (stack manager) only. Similar to a standby RPM, the console port of the standby unit does not provide management capability; only a limited number of commands are available. Member units provide a limited set of commands.
• All stack units must have the same version of Dell Networking OS. Stacking Installation Tasks The following are the stacking installation tasks. • Create a Stack • Add Units to an Existing Stack • Split a Stack Create a Stack No configuration is allowed on front end ports used for stacking. Stacking can be made between 40G ports of two units. The stack links between the two units are grouped into a single LAG.
• If the new unit is running an Dell Networking OS version prior to, the unit is put into a card problem state, Dell Networking OS is not upgraded, and a syslog message is raised. The unit must be upgraded to Dell Networking OS version before you can proceed. Syslog messages are generated by the management unit: • before the management unit downloads its Dell Networking OS version or later to the new unit. The syslog includes the unit number, previous version, and version being downloaded.
Creating a New Stack Prior to creating a stack, know which unit will be the management unit and which will be the standby unit. 1 Power up all units in the stack. 2 Verify that each unit has the same Dell Networking OS version prior to stacking them together. EXEC Privilege mode show version 3 Manually configure unit numbers for each unit, so that the stacking is deterministic upon boot up. EXEC Privilege mode stack-unit stack—unit—number renumber stack—unit—number.
Figure 116. Creating a new stack In the above example, stack unit 1 is the master management unit, stack unit 2 is the standby unit. The cables are connected to each unit.
Stack MAC : 00:01:e8:8c:53:32 Reload Type : normal-reload [Next boot : normal-reload] -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------1 Member not present 2 Management online S4810 S4810 4810-8-3-12-1447 64 3 Standby online S4810 S4810 4810-8-3-12-1447 64 4 Member online S4810 S4810 4810-8-3-12-1447 64 5 Member online S4810 S4810 4810-8-3-12-1447 64 6 Member not present -- Power Supplies -Unit Bay Status Type FanStatus -----------
Manually Assigning a New Unit to an Existing Stack To manually assign a new unit a position in an existing stack, use the following steps. 1 On the stack, determine the next available stack-unit number, and the management priority of the management unit. EXEC Privilege mode show system brief or show system stack-unit 2 On the new unit, number it the next available stack-unit number.
configuration conflict occurs between the new unit and the provisioned stack unit, the configuration of the new unit takes precedence. 1 Add the configured unit to the top or bottom of the stack. 2 Power on the switch. 3 Attach cables to connect ports on the added switch to one or more existing switches in the stack. 4 Log on to the CLI and enter global configuration mode.
• Dell Networking OS selects a master stack manager from the two existing managers based on the priority of the stack. • Dell Networking OS resets all the units in the losing stack; they all become stack members. • If there is no unit numbering conflict, the stack members retain their previous unit numbers. Otherwise, the stack manager assigns new unit numbers, based on the order that they come online.
Renumbering the stack manager triggers the whole stack to reload, as shown in the message below. When the stack comes back online, the master unit remains the management unit. Dell#stack-unit 2 renumber 1 Renumbering master unit will reload the stack. WARNING: Interface configuration for current unit will be lost! Proceed to renumber [confirm yes/no]: yes Creating a Virtual Stack Unit on a Stack Use virtual stack units to configure ports on the stack before adding a new unit.
Current Type : Z9100-ON - 34-port TE/TF/FO/FI/HU G (ZD-ON) Master priority : NA Hardware Rev : 0.
Speed in RPM The following example shows the show system stack-ports command.
redundancy force-failover stack-unit A new standby is elected. When the former stack master comes back online, it becomes a member unit. Prevent the stack master from rebooting after a failover. • CONFIGURATION mode redundancy disable-auto-reboot stack-unit This command does not affect a forced failover, manual reset, or a stack-link disconnect. Display redundancy information.
Displaying the Status of Stacking Ports To display the status of the stacking ports, including the topology, use the following command. • Display the stacking ports. EXEC Privilege mode show system stack-ports Examples of Viewing the Status for Stacked Switches The following example shows the parameters for the management unit in the stack. Remove Units or Front End Ports from a Stack To remove units or front end ports from a stack, use the following instructions.
4 5 Member Management not present online S6000-ON S6000-ON 1-0(0-3387) 128 Removing Front End Port Stacking To remove the configuration on the front end ports used for stacking, use the following commands. 1 Remove the stack group configuration that is configured. CONFIGURATION mode no stack-unit id stack-group id 2 Save the stacking configuration on the ports. EXEC Privilege mode write memory 3 Reload the switch. EXEC Privilege mode reload After the units are reloaded, the system reboots.
Example of Console Messages About Flapping Link Recover from a Card Problem State on a Stack If a unit added to a stack has a different Dell Networking OS version, the unit does not come online and Dell Networking OS cites a card problem error. To recover, disconnect the new unit from the stack, change the Dell Networking OS version to match the stack, and then reconnect it to the stack.
48 Storm Control Storm control allows you to control unknown-unicast, muticast, and broadcast traffic on Layer 2 and Layer 3 physical interfaces. Dell Networking Operating System (OS) Behavior: Dell Networking OS supports unknown-unicast, muticast, and broadcast control for Layer 2 and Layer 3 traffic. To view the storm control broadcast configuration show storm-control broadcast | multicast | unknown-unicast | pfc-llfc[interface] command.
Configuring Storm Control from INTERFACE Mode To configure storm control, use the following command. From INTERFACE mode: • You can only configure storm control for ingress traffic. • If you configure storm control from both INTERFACE and CONFIGURATION mode, the INTERFACE mode configurations override the CONFIGURATION mode configurations. • The storm control is calculated in packets per second. • Configure storm control.
CONFIGURATION mode storm-control multicast packets_per_second in Configure the packets per second of unknown-unicast traffic allowed in or out of the network. • CONFIGURATION mode storm-control unknown-unicast packets_per_second in Detect PFC Storm The following section explains the procedure to detect the PFC storm. You can detect the PFC storm by polling the lossless queues in a port or priority periodically.
PFC Storm When packets flood a network, the result is excessive traffic which affects the performance of the network. When Priority Flow Control (PFC) is enabled on a port, the traffic flows according to the priority of the data. PFC storm is the inconsistencies found in the traffic that flows through a PFC enabled port. You can detect this by polling the lossless queues on each port. This polling is done at periodic intervals.
14780 Te 0/3 14780 14760 14760 14760 Te 0/4 14760 14760 14740 14740 Te 0/5 14740 14640 14540 14540 Te 0/80 0 0 0 0 6 Drop 3 Drop 4 Drop 5 Drop 6 Drop 3 Drop 4 Drop 5 Drop 6 Drop 3 Drop 4 Drop 5 Drop 6 Drop 3 Normal 4 Normal 5 Normal 6 Normal 8686064 8682775 8690918 8690786 8686030 8682643 8690784 8690653 8685901 8680780 8688702 8688349 8683376 0 0 0 0 Use the show storm-control pfc statistics stack-unit unit-number port—set portpipenumber command to view the statistical d
Te 0/5 Te 0/80 6 3 4 5 6 3 4 5 6 2 2 2 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Dell# Storm Control 968
49 Spanning Tree Protocol (STP) The spanning tree protocol (STP) is supported on Dell Networking OS.
Dell Networking Term IEEE Specification Per-VLAN Spanning Tree Plus (PVST+) Third Party Configure Spanning Tree Configuring spanning tree is a two-step process.
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled. Figure 117. Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2, use the following command. 1 If the interface has been assigned an IP address, remove it. INTERFACE mode no ip address 2 Place the interface in Layer 2 mode.
switchport 3 Enable the interface. INTERFACE mode no shutdown Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1/1)#show config ! interface TenGigabitEthernet 1/1/1 no ip address switchport no shutdown Dell(conf-if-te-1/1/1)# Enabling Spanning Tree Protocol Globally Enable the spanning tree protocol globally; it is not enabled by default.
Figure 118. Spanning Tree Enabled Globally To enable STP globally, use the following commands. 1 Enter PROTOCOL SPANNING TREE mode. CONFIGURATION mode protocol spanning-tree 0 2 Enable STP. PROTOCOL SPANNING TREE mode no disable Examples of Verifying Spanning Tree Information To disable STP globally for all Layer 2 interfaces, use the disable command from PROTOCOL SPANNING TREE mode. To verify that STP is enabled, use the show config command from PROTOCOL SPANNING TREE mode.
To view the spanning tree configuration and the interfaces that are participating in STP, use the show spanning-tree 0 command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. R2#show spanning-tree 0 Executing IEEE compatible Spanning Tree Protocol Bridge Identifier has priority 32768, address 0001.e826.ddb7 Configured hello time 2, max age 20, forward delay 15 Current root has priority 32768, address 0001.e80d.
Adding an Interface to the Spanning Tree Group To add a Layer 2 interface to the spanning tree topology, use the following command. • Enable spanning tree on a Layer 2 interface. INTERFACE mode spanning-tree 0 Modifying Global Parameters You can modify the spanning tree parameters. The root bridge sets the values for forward-delay, hello-time, and max-age and overwrites the values set on other bridges participating in STP.
forward-delay seconds The range is from 4 to 30. The default is 15 seconds. Change the hello-time parameter (the BPDU transmission interval). • PROTOCOL SPANNING TREE mode hello-time seconds NOTE: With large configurations (especially those with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. the default is 2 seconds. Change the max-age parameter (the refresh interval for configuration information that is generated by recomputing the spanning tree topology).
INTERFACE mode spanning-tree 0 priority priority-value The range is from 0 to 15. The default is 8. To view the current values for interface parameters, use the show spanning-tree 0 command from EXEC privilege mode. Refer to the second example in Enabling Spanning Tree Protocol Globally. Enabling PortFast The PortFast feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner.
Prevent Network Disruptions with BPDU Guard Configure the Portfast (and Edgeport, in the case of RSTP, PVST+, and MSTP) feature on ports that connect to end stations. End stations do not generate BPDUs, so ports configured with Portfast/ Edgport (edgeports) do not expect to receive BDPUs. If an edgeport does receive a BPDU, it likely means that it is connected to another part of the network, which can negatively affect the STP topology.
• Disabling global spanning tree (the no spanning-tree in CONFIGURATION mode). Figure 119. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering both block BPDUs, but are two separate features. BPDU guard: • • is used on edgeports and blocks all traffic on edgeport if it receives a BPDU. drops the BPDU after it reaches the RP and generates a console message.
Te 1/6/1 128.263 128 Te 1/7/1 128.264 128 20000 FWD 20000 32768 0001.e805.fb07 128.653 20000 EDS 20000 32768 0001.e85d.0e90 128.264 Interface Name Role PortID Prio Cost Sts Cost Link-type Edge ------------ ------ -------- ---- ------- --- ---------------Te 1/6/1 Root 128.263 128 20000 FWD 20000 P2P No Te 1/7/1 ErrDis 128.
Because any switch in an STP network with a lower priority can become the root bridge, the forwarding topology may not be stable. The location of the root bridge can change, resulting in unpredictable network behavior. The STP root guard feature ensures that the position of the root bridge does not change. Root Guard Scenario For example, as shown in the following illustration (STP topology 1, upper left) Switch A is the root bridge in the network core.
Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port.
• Enable SNMP traps for RSTP, MSTP, and PVST+ collectively. snmp-server enable traps xstp Configuring Spanning Trees as Hitless You can configure STP, RSTP, MSTP, and PVST+ to be hitless (configure all or none as hitless). When configured as hitless, critical protocol state information is synchronized between the RPMs so that RPM failover is seamless and no topology change is triggered. To be hitless per spanning tree type or for all spanning tree types, use the following commands.
to a Loop-Inconsistent state (instead of to a Forwarding state). Loop guard blocks the STP port so that no traffic is transmitted and no loop is created. As soon as a BPDU is received on an STP port in a Loop-Inconsistent state, the port returns to a blocking state. If you disable STP loop guard on a port in a Loop-Inconsistent state, the port transitions to an STP blocking state and restarts the max-age timer. Figure 121.
• Loop guard is supported on any STP-enabled port or port-channel interface. • Loop guard is supported on a port or port-channel in any spanning tree mode: • Spanning Tree Protocol (STP) • Rapid Spanning Tree Protocol (RSTP) • Multiple Spanning Tree Protocol (MSTP) • Per-VLAN Spanning Tree Plus (PVST+) • You cannot enable root guard and loop guard at the same time on an STP port.
Example of Viewing STP Guard Configuration Dell#show spanning-tree 0 guard Interface Name Instance Sts Guard type --------- -------- --------- ---------Te 1/1/1 0 INCON(Root) Rootguard Te 1/2/1 0 LIS Loopguard Te 1/3/1 0 EDS (Shut) Bpduguard Spanning Tree Protocol (STP) 986
50 SupportAssist SupportAssist sends troubleshooting data securely to Dell. SupportAssist in this Dell Networking OS release does not support automated email notification at the time of hardware fault alert, automatic case creation, automatic part dispatch, or reports. SupportAssist requires Dell Networking OS 9.9(0.0) and SmartScripts 9.7 or later to be installed on the Dell Networking device. For more information on SmartScripts, see Dell Networking Open Automation guide. Figure 122.
Topics: • Configuring SupportAssist Using a Configuration Wizard • Configuring SupportAssist Manually • Configuring SupportAssist Activity • Configuring SupportAssist Company • Configuring SupportAssist Person • Configuring SupportAssist Server • Viewing SupportAssist Configuration Configuring SupportAssist Using a Configuration Wizard You are guided through a series of queries to configure SupportAssist.
the information for providing recommendations to improve your IT infrastructure.
contact-person [first ] last Dell(conf)#support-assist Dell(conf-supportassist)#contact-person first john last doe Dell(conf-supportassist-pers-john_doe)# 5 (Optional) Configure the name of the remote SupportAssist Server and move to SupportAssist Server mode.
action-manifest get tftp | ftp | flash Dell(conf-supportassist-act-full-transfer)#action-manifest get tftp://10.0.0.1/ test file Dell(conf-supportassist-act-full-transfer)# The custom action-manifest file is a JSON file. Syntax of the custom action-manifest file: { } “show command-1” : “xml tag-1”, “show command-2” : “xml tag-2”, “show command-3” : “xml tag-3”, ...
[no] enable Dell(conf-supportassist-act-full-transfer)#enable Dell(conf-supportassist-act-full-transfer)# Configuring SupportAssist Company SupportAssist Company mode allows you to configure name, address and territory information of the company. SupportAssist Company configurations are optional for the SupportAssist service. To configure SupportAssist company, use the following commands. 1 Configure the contact information for the company.
Configuring SupportAssist Person SupportAssist Person mode allows you to configure name, email addresses, phone, method and time zone for contacting the person. SupportAssist Person configurations are optional for the SupportAssist service. To configure SupportAssist person, use the following commands. 1 Configure the contact name for an individual.
Configuring SupportAssist Server SupportAssist Server mode allows you to configure server name and the means of reaching the server. By default, a SupportAssist server URL has been configured on the device. Configuring a URL to reach the SupportAssist remote server should be done only under the direction of Dell SupportChange. To configure SupportAssist server, use the following commands. 1 Configure the name of the remote SupportAssist Server and move to SupportAssist Server mode.
show support-assist status Dell#show support-assist status SupportAssist Service: Installed EULA: Accepted Server: default Enabled: Yes URL: https://stor.g3.ph.dell.com Service status: Enabled Server: chennai Enabled: Yes URL: http://10.16.148.19/ Activity -------------full-transfer 2 State ------Success Last Start -----------------------Aug 10 2015 11:15:26 PST Last Success -----------------------Aug 10 2015 11:15:28 PST Display the current configuration and changes from the default values.
may include but is not limited to configuration information, user supplied contact information, names of data volumes, IP addresses, access control lists, diagnostics & performance information, network configuration information, host/server configuration & performance information and related data (Collected Data) and transmits this information to Dell. By downloading SupportAssist and agreeing to be bound by these terms and the Dell end user license agreement, available at: www.dell.
51 System Time and Date System time and date settings and the network time protocol (NTP) are supported on Dell Networking OS. You can set system times and dates and maintained through the NTP. They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings. The Dell Networking OS supports reaching an NTP server through different VRFs. You can configure a maximum of eight logging servers across different VRFs or the same VRF.
also definitive maximum error bounds, so that the user interface can determine not only the time, but the quality of the time as well. In what may be the most common client/server model, a client sends an NTP message to one or more servers and processes the replies as received. The server interchanges addresses and ports, overwrites certain fields in the message, recalculates the checksum and returns the message immediately.
Figure 123. NTP Fields Implementation Information Dell Networking systems can only be an NTP client. Configure the Network Time Protocol Configuring NTP is a one-step process. • Enabling NTP Related Configuration Tasks • Configuring NTP Broadcasts • Disabling NTP on an Interface • Configuring a Source IP Address for NTP Packets (optional) Enabling NTP NTP is disabled by default. To enable NTP, specify an NTP server to which the Dell Networking system synchronizes.
• Specify the NTP server to which the Dell Networking system synchronizes. CONFIGURATION mode ntp server ip-address Examples of Viewing System Clock To display the system clock state with respect to NTP, use the show ntp status command from EXEC Privilege mode. R6_E300(conf)#do show ntp status Clock is synchronized, stratum 2, reference is 192.168.1.1 frequency is -369.623 ppm, stability is 53.319 ppm, precision is 4294967279 reference time is CD63BCC2.0CBBD000 (16:54:26.
To view whether NTP is configured on the interface, use the show config command in INTERFACE mode. If ntp disable is not listed in the show config command output, NTP is enabled. (The show config command displays only non-default configuration information.) Configuring a Source IP Address for NTP Packets By default, the source address of NTP packets is the IP address of the interface used to reach the network. You can configure one interface’s IP address include in all NTP packets.
ntp authenticate 2 Set an authentication key. CONFIGURATION mode ntp authentication-key number md5 key Configure the following parameters: 3 • number: the range is from 1 to 4294967295. This number must be the same as the number in the ntp trusted-key command. • key: enter a text string. This text string is encrypted. Define a trusted key. CONFIGURATION mode ntp trusted-key number Configure a number from 1 to 4294967295.
rec CD7F4F63.6BE8F000 (14:51:15.421 UTC Thu Apr 2 2009) xmt CD7F5368.D0535000 (15:8:24.813 UTC Thu Apr 2 2009) 1w6d23h : NTP: rcv packet from 192.168.1.1 leap 0, mode 4, version 3, stratum 1, ppoll 1024 rtdel 0000 (0.000000), rtdsp AF587 (10959.090820), refid 4C4F434C (76.79.67.76) ref CD7E14FD.43F7CED9 (16:29:49.265 UTC Wed Apr 1 2009) org CD7F5368.D0535000 (15:8:24.813 UTC Thu Apr 2 2009) rec CD7F5368.D0000000 (15:8:24.812 UTC Thu Apr 2 2009) xmt CD7F5368.D0000000 (15:8:24.
NOTE: • Leap Indicator (sys.leap, peer.leap, pkt.leap) — This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover interval) in the day of insertion to be increased or decreased by one.
Dell Networking OS Time and Date You can set the time and date using the Dell Networking OS CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings.
Setting the Timezone Universal time coordinated (UTC) is the time standard based on the International Atomic Time standard, commonly known as Greenwich Mean time. When determining system time, include the differentiator between UTC and your local timezone. For example, San Jose, CA is the Pacific Timezone with a UTC offset of -8. To set the clock timezone, use the following command. • Set the clock to the appropriate timezone.
• start-day: enter the number of the day. The range is from 1 to 31. You can enter the name of a month to change the order of the display to time day month year. • start-year: enter a four-digit number as the year. The range is from 1993 to 2035. • start-time: enter the time in hours:minutes. For the hour variable, use the 24-hour format; example, 17:15 is 5:15 pm. • end-month: enter the name of one of the 12 months in English.
• start-time: Enter the time in hours:minutes. For the hour variable, use the 24-hour format; example, 17:15 is 5:15 pm. • end-week: If you entered a start-week, enter the one of the following as the week that daylight saving ends: • week-number: Enter a number from 1 to 4 as the number of the week in the month to start daylight saving time. • first: Enter the keyword first to start daylight saving time in the first week of the month.
52 Tunneling Tunnel interfaces create a logical tunnel for IPv4 or IPv6 traffic. Tunneling supports RFC 2003, RFC 2473, and 4213. DSCP, hop-limits, flow label values, open shortest path first (OSPF) v2, and OSPFv3 are supported. Internet control message protocol (ICMP) error relay, PATH MTU transmission, and fragmented packets are not supported.
tunnel mode ipip no shutdown The following sample configuration shows a tunnel configured in IPV6IP mode (IPv4 tunnel carries IPv6 traffic only): Dell(conf)#interface tunnel 2 Dell(conf-if-tu-2)#tunnel source 60.1.1.1 Dell(conf-if-tu-2)#tunnel destination 90.1.1.1 Dell(conf-if-tu-2)#tunnel mode ipv6ip Dell(conf-if-tu-2)#ipv6 address 2::1/64 Dell(conf-if-tu-2)#no shutdown Dell(conf-if-tu-2)#show config ! interface Tunnel 2 no ip address ipv6 address 2::1/64 tunnel destination 90.1.1.1 tunnel source 60.1.1.
Dell(conf-if-tu-1)#ip address 1.1.1.1/24 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel destination 40.1.1.2 Dell(conf-if-tu-1)#tunnel mode ipip Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#tunnel keepalive 1.1.1.2 attempts 4 interval 6 Dell(conf-if-tu-1)#show config ! interface Tunnel 1 ip address 1.1.1.1/24 ipv6 address 1abd::1/64 tunnel destination 40.1.1.2 tunnel source 40.1.1.1 tunnel keepalive 1.1.1.
Configuring Tunnel Allow-Remote Decapsulation You can configure an IPv4 or IPV6 address or prefix whose tunneled packet is accepted for decapsulation. • • If you do not configure allow-remote entries, tunneled packets from any remote peer address are accepted. You can configure up to eight allow-remote entries on any particular multipoint receive-only tunnel. The following sample configuration shows how to configure a tunnel allow-remote address.
ipv6 address 1abd::1/64 tunnel source anylocal tunnel allow-remote 40.1.1.2 tunnel mode ipip decapsulate-any no shutdown Guidelines for Configuring Multipoint Receive-Only Tunnels • You can configure up to eight remote end-points for a multipoint receive-only tunnel. The maximum number of remote end-points supported for all multipoint receive-only tunnels on the switch depends on the hardware table size to setup termination.
53 Upgrade Procedures To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes. Get Help with Upgrades Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center. You can reach Technical Support: • On the web: http://www.dell.
54 Virtual LANs (VLANs) Virtual LANs (VLANs) are a logical broadcast domain or logical grouping of interfaces in a local area network (LAN) in which all data received is kept locally and broadcast to all members of the group. When in Layer 2 mode, VLANs move traffic at wire speed and can span multiple devices. The system supports up to 4093 port-based VLANs and one default VLAN, as specified in IEEE 802.1Q.
Default VLAN When you configure interfaces for Layer 2 mode, they are automatically placed in the Default VLAN as untagged interfaces. Only untagged interfaces can belong to the Default VLAN. The following example displays the outcome of placing an interface in Layer 2 mode. To configure an interface for Layer 2 mode, use the switchport command.
those interfaces. Different VLANs can communicate between each other by means of IP routing. Because traffic is only broadcast or flooded to the interfaces within a VLAN, the VLAN conserves bandwidth. Finally, you can have multiple VLANs configured on one switch, thus segmenting the device. Interfaces within a port-based VLAN must be in Layer 2 mode and can be tagged or untagged in the VLAN ID. VLANs and Port Tagging To add an interface to a VLAN, the interface must be in Layer 2 mode.
Creating a Port-Based VLAN To configure a port-based VLAN, create the VLAN and then add physical interfaces or port channel (LAG) interfaces to the VLAN. NOTE: The Default VLAN (VLAN 1) is part of the system startup configuration and does not require configuration. A VLAN is active only if the VLAN contains interfaces and those interfaces are operationally up. As shown in the following example, VLAN 1 is inactive because it does not contain any interfaces.
To view which interfaces are tagged or untagged and to which VLAN they belong, use the show vlan command. The following example shows that six VLANs are configured, and two interfaces are assigned to VLAN 2. The Q column in the show vlan command example notes whether the interface is tagged (T) or untagged (U). For more information about this command, refer to the Layer 2 chapter of the Dell Networking OS Command Reference Guide.
2 Active 3 Active 4 Active T T T T T Po1(So 0/0-1) Te 1/1/1 Po1(So 0/0-1) Te 1/2/1 Po1(So 0/0-1) When you remove a tagged interface from a VLAN (using the no tagged interface command), it remains tagged only if it is a tagged interface in another VLAN. If the tagged interface is removed from the only VLAN to which it belongs, the interface is placed in the Default VLAN as an untagged interface.
Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs NUM * 1 2 3 4 Status Q Inactive Active T T Active T T Active U Ports Po1(So 0/0-1) Te 1/3/1 Po1(So 0/0-1) Te 1/1/1 Te 1/2/1 The only way to remove an interface from the Default VLAN is to place the interface in Default mode by using the no switchport command in INTERFACE mode. Assigning an IP Address to a VLAN VLANs are a Layer 2 feature.
Native VLAN is useful in deployments where a Layer 2 port can receive both tagged and untagged traffic on the same physical port. The classic example is connecting a voice-over-IP (VOIP) phone and a PC to the same port of the switch. The VOIP phone is configured to generate tagged packets (with VLAN = VOICE VLAN) and the attached PC generates untagged packets. NOTE: When a hybrid port is untagged in a VLAN but it receives tagged traffic, all traffic is accepted.
55 VLT Proxy Gateway The virtual link trucking (VLT) proxy gateway feature allows a VLT domain to locally terminate and route L3 packets that are destined to a Layer 3 (L3) end point in another VLT domain. Enable the VLT proxy gateway using the link layer discover protocol (LLDP) method or the static configuration. For more information, see the Dell Networking OS Command Line Reference Guide.
For more information about eVLT, refer to the Virtual Link Trunking (VLT) chapter. The core or Layer 3 routers C and D in local VLT Domain and C1 and D1 in the remote VLT Domain are then part of a Layer 3 cloud. Figure 125. Sample Configuration for a VLT Proxy Gateway Guidelines for Enabling the VLT Proxy Gateway Keep the following points in mind when you enable a VLT proxy gateway: • Proxy gateway is supported only for VLT; for example, across a VLT domain.
• • • • • • • • • • • • • The connection between DCs must be a L3 VLT in eVLT format . For more information, refer to the eVLT Configuration Example The trace route across the DCs can show extra hops. To ensure no traffic drops, you must maintain route symmetry across the VLT domains. When the routing table across DCs is not symmetrical, there is a possibility of a routing miss by a DC that does not have the route for L3 traffic.
• LLDP has a limited TLV size. As a result, information that is carried by the new TLV is limited to one or two MAC addresses. • You must have all related systems properly configured and set up. LLDP Organizational TLV for Proxy Gateway • LLDP defines an organizationally specific TLV (type 127) with a unique identifier (0x0001E8) and a defined subtype (0x01) for sending or receiving information.
• LLDP packets fail to reach the remote VLT domain devices (for example, because the system is down, rebooting, or the port physical link connection is down). Figure 126. Sample Configuration for a VLT Proxy Gateway • The above figure shows a sample VLT Proxy gateway scenario. There are no diagonal links in the square VLT connection between the C and D in VLT domain 1 and C1 and D1 in the VLT domain 2. This causes sub-optimal routing with the VLT Proxy Gateway LLDP method.
• Assume the inter-chassis link (ICL) between C1 and D1 is shut and if D1 is the secondary VLT, one half of the inter DC link goes down. After VM motion, if a packet reaches D2 with the destination MAC address of D1, it may be dropped. This behavior is applicable only in an LLDP configuration; in a static configuration, the packet is forwarded. • Any L3 packet, when it gets an L3 hit and is routed, it has a time to live (TTL) decrement as expected.
Configuring an LLDP VLT Proxy Gateway You can configure a proxy gateway in a VLT domain to locally route packets destined to a L3 endpoint in another VLT domain. Apply the following configurations in the Core L3 Routers C and D in the local VLT domain and C1 and D1 in the remote VLT domain: 1 Configure proxy-gateway lldp in VLT Domain Configuration mode. 2 Configure peer-domain-link port-channel in VLT Domain Proxy Gateway LLDP mode.
56 Virtual Link Trunking (VLT) Virtual link trunking (VLT) allows physical links between two chassis to appear as a single virtual link to the network core or other switches such as Edge, Access, or top-of-rack (ToR). Overview VLT reduces the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches and supporting a loop-free topology.
The following example shows how VLT is deployed. The switches appear as a single virtual switch from the point of view of the switch or server supporting link aggregation control protocol (LACP). Figure 127. Example of VLT Deployment VLT on Core Switches Uplinks from servers to the access layer and from access layer to the aggregation layer are bundled in LAG groups with end-to-end Layer 2 multipathing.
Enhanced VLT An enhanced VLT (eVLT) configuration creates a port channel between two VLT domains by allowing two different VLT domains, using different VLT domain ID numbers, connected by a standard link aggregation control protocol (LACP) LAG to form a loop-free Layer 2 topology in the aggregation layer. This configuration supports a maximum of four switches, increasing the number of available ports and allowing for dual redundancy of the VLT.
• VLT domain — This domain includes both the VLT peer devices, VLT interconnect, and all of the port channels in the VLT connected to the attached devices. It is also associated to the configuration mode that you must use to assign VLT global parameters. • VLT peer device — One of a pair of devices that are connected with the special port channel known as the VLT interconnect (VLTi). VLT peer switches have independent management planes.
connected to the source and ToR is down, traffic is duplicated due to route inconsistency between peers. To avoid this scenario, Dell Networking recommends configuring both the source and the receiver on a spanned VLT VLAN. • Bulk Sync happens only for Global IPv6 Neighbors; Link-local neighbor entries are not synced.
• • VLT peer switches operate as separate chassis with independent control and data planes for devices attached on non-VLT ports. • One chassis in the VLT domain is assigned a primary role; the other chassis takes the secondary role. The primary and secondary roles are required for scenarios when connectivity between the chassis is lost. VLT assigns the primary chassis role according to the lowest MAC address. You can configure the primary role.
removing the VLT system MAC address or the VLT unit-id may disable the VLT ports if you happen to configure the unit ID or system MAC address on only one VLT peer at any time. • • • If the link between VLT peer switches is established, any change to the VLT system MAC address or unit-id fails if the changes made create a mismatch by causing the VLT unit-ID to be the same on both peers and/or the VLT system MAC address does not match on both peers.
• Software features supported on VLT port-channels • In a VLT domain, the following software features are supported on VLT port-channels: 802.1p, ingress and egress ACLs, BGP, DHCP relay, IS-IS, OSPF, active-active PIM-SM, PIM-SSM, VRRP, Layer 3 VLANs, LLDP, flow control, port monitoring, jumbo frames, IGMP snooping, sFlow, ingress and egress ACLs, and Layer 2 control protocols RSTP and PVST only. NOTE: Peer VLAN spanning tree plus (PVST+) passthrough is supported in a VLT domain.
longer has an active port channel for a link. The remote peer then enables data forwarding across the interconnect trunk for packets that would otherwise have been forwarded over the failed port channel. This mechanism ensures reachability and provides loop management. If the VLT interconnect fails, the VLT software on the primary switch checks the status of the remote peer using the backup link. If the remote peer is up, the secondary switch disables all VLT ports on its device to prevent loops.
• Configure any ports at the edge of the spanning tree’s operating domain as edge ports, which are directly connected to end stations or server racks. Disable RSTP on ports connected directly to Layer 3only routers not running STP or configure them as edge ports. • Ensure that the primary VLT node is the root bridge and the secondary VLT peer node has the secondbest bridge ID in the network.
VLT Port Delayed Restoration When a VLT node boots up, if the VLT ports have been previously saved in the start-up configuration, they are not immediately enabled. To ensure MAC and ARP entries from the VLT per node are downloaded to the newly enabled VLT node, the system allows time for the VLT ports on the new node to be enabled and begin receiving traffic. The delay-restore feature waits for all saved configurations to be applied, then starts a configurable timer.
PIM-Sparse Mode Support on VLT The designated router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports. VLT peer switches can act as a last-hop router for IGMP receivers and as a first-hop router for multicast sources. Figure 129.
On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes is elected as the PIM designated router. If you configured IGMP snooping along with PIM on the VLT VLANs, you must configure VLTi as the static multicast router port on both VLT peer switches. This ensures that for first hop routers, the packets from the source are redirected to the designated router (DR) if they are incorrectly hashed.
VLT Unicast Routing VLT unicast routing locally routes packets destined for the L3 endpoint of the VLT peer. This method avoids sub-optimal routing. Peer-routing syncs the MAC addresses of both VLT peers and requires two local DA entries in TCAM. In case a VLT node is down, a timer that allows you to configure the amount of time needed for peer recovery provides resiliency. You can enable VLT unicast across multiple configurations using VLT links. You can enable ECMP on VLT nodes using VLT unicast.
Unlike VLT unicast routing, a normal multicast routing protocol does not exchange multicast routes between VLT peers. When you enable VLT multicast routing, the multicast routing table is synced between the VLT peers. Only multicast routes configured with a Spanned VLAN IP as their IIF are synced between VLT peers. For multicast routes with a Spanned VLAN IIF, only OIFs configured with a Spanned VLAN IP interface are synced between VLT peers.
5 Configure a PIM-enabled external neighboring router as a rendezvous point (RP). For more information, refer to Configuring a Static Rendezvous Point. 6 Configure the VLT VLAN routing metrics to prefer VLT VLAN interfaces over non-VLT VLAN interfaces. For more information, refer to Classify Traffic. 7 Configure symmetrical Layer 2 and Layer 3 configurations on both VLT peers for any spanned VLAN.
PROTOCOL SPANNING TREE RSTP mode no disable 3 Configure each peer switch with a unique bridge priority. PROTOCOL SPANNING TREE RSTP mode bridge-priority Sample RSTP Configuration The following is a sample of an RSTP configuration. Using the example shown in the Overview section as a sample VLT topology, the primary VLT switch sends BPDUs to an access device (switch or server) with its own RSTP bridge ID. BPDUs generated by an RSTPenabled access device are only processed by the primary VLT switch.
Before you begin, make sure that both VLT peer switches are running the same Dell Networking OS version and are configured for RSTP as described in RSTP Configuration. For VRRP operation, ensure that you configure VRRP groups and L3 routing on each VLT peer as described in VLT and VRRP interoperability in the Configuration Notes section.
Enabling VLT and Creating a VLT Domain To enable VLT and create a VLT domain, use the following steps. 1 Enable VLT on a switch, then configure a VLT domain and enter VLT-domain configuration mode. CONFIGURATION mode vlt domain domain-id The domain ID range is from 1 to 1000. Configure the same domain ID on the peer switch to allow for common peering. VLT uses the domain ID to automatically create a VLT MAC address for the domain.
lacp ungroup member-independent {vlt | port-channel port-channel-id} LACP on VLT ports (on a VLT switch or access device), which are members of the virtual link trunk, is not brought up until the VLT domain is recognized on the access device. 6 Repeat Steps 1 to 4 on the VLT peer switch to configure the IP address of this switch as the endpoint of the VLT backup link and to configure the same port channel for the VLT interconnect.
CONFIGURATION mode delay-restore delay-restore-time The range is from 1 to 1200. The default is 90 seconds. Reconfiguring the Default VLT Settings (Optional) To reconfigure the default VLT settings, use the following commands. 1 Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000.
Connecting a VLT Domain to an Attached Access Device (Switch or Server) To connect a VLT domain to an attached access device, use the following commands. On a VLT peer switch: To connect to an attached device, configure the same port channel ID number on each peer switch in the VLT domain. 1 Configure the same port channel to be used to connect to an attached device and enter interface configuration mode. CONFIGURATION mode interface port-channel id-number 2 Remove an IP address from the interface.
Configuring a VLT VLAN Peer-Down (Optional) To configure a VLT VLAN peer-down, use the following commands. 1 Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 2 Enter the port-channel number that acts as the interconnect trunk.
VLT DOMAIN CONFIGURATION mode peer-link port-channel id-number 5 Configure the IP address of the management interface on the remote VLT peer to be used as the endpoint of the VLT backup link for sending out-of-band hello messages. VLT DOMAIN CONFIGURATION mode back-up destination ip-address [interval seconds] You can optionally specify the time interval used to send hello messages. The range is from 1 to 5 seconds.
10 Associate the port channel to the corresponding port channel in the VLT peer for the VLT connection to an attached device. INTERFACE PORT-CHANNEL mode vlt-peer-lag port-channel id-number 11 Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown 12 Add links to the eVLT port. Configure a range of interfaces to bulk configure. CONFIGURATION mode interface range {port-channel id} 13 Enable LACP on the LAN port.
INTERFACE PORTCHANNEL mode channel-member 5 Configure the backup link between the VLT peer units (shown in the following example). 6 Configure the peer 2 management ip/ interface ip for which connectivity is present in VLT peer 1. EXEC Privilege mode show running-config vlt 7 Configure the peer 1 management ip/ interface ip for which connectivity is present in VLT peer 1.
Configure the VLTi between VLT peer 1 and VLT peer 2. 1 You can configure the LACP/static LAG between the peer units (not shown). 2 Configure the peer-link port-channel in the VLT domains of each peer unit. Dell-2(conf)#interface port-channel Dell-2(conf-if-po-1)#channel-member Dell-4(conf)#interface port-channel Dell-4(conf-if-po-1)#channel-member 1 TenGigabitEthernet 1/4/1-1/4/4 1 TenGigabitEthernet 1/4/1-1/4/4 Configure the backup link between the VLT peer units.
no shutdown Dell-2#show interfaces port-channel 2 brief Codes: L - LACP Port-channel L LAG 2 Mode L2L3 Status up Uptime 03:33:14 Ports Te 1/4/1 (Up) In the ToR unit, configure LACP on the physical ports.
Peer-Routing-Timeout timer Multicast peer-routing timeout Dell# : 0 seconds : 150 seconds Verify that the VLT LAG is up in VLT peer unit. Dell-2#show interfaces port-channel 2 brief Codes: L - LACP Port-channel LAG L 2 Mode L2L3 Status up Uptime 03:43:24 Ports Te 1/4/1 (Up) Dell-4#show interfaces port-channel 2 brief Codes: L - LACP Port-channel LAG L 2 Mode L2L3 Status up Uptime 03:33:31 Ports Te 1/18/1 (Up) PVST+ Configuration PVST+ is supported in a VLT domain.
Configure both ends of the VLT interconnect trunk with identical PVST+ configurations. When you enable VLT, the show spanning-tree pvst brief command output displays VLT information. Dell#show spanning-tree pvst vlan 1000 brief VLAN 1000 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 90b1.1cf4.9b79 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 0, Address 90b1.1cf4.
Figure 130. eVLT Configuration Example eVLT Configuration Step Examples In Domain 1, configure the VLT domain and VLTi on Peer 1. Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)# channel-member TenGigabitEthernet 1/8/1-1/8/2 Domain_1_Peer1(conf)#vlt domain 1000 Domain_1_Peer1(conf-vlt-domain)# peer-link port-channel 1 Domain_1_Peer1(conf-vlt-domain)# back-up destination 10.16.130.
Domain_1_Peer2(conf-vlt-domain)# Domain_1_Peer2(conf-vlt-domain)# Domain_1_Peer2(conf-vlt-domain)# Domain_1_Peer2(conf-vlt-domain)# peer-link port-channel 1 back-up destination 10.16.130.12 system-mac mac-address 00:0a:00:0a:00:0a unit-id 1 Configure eVLT on Peer 2. Domain_1_Peer2(conf)#interface port-channel 100 Domain_1_Peer2(conf-if-po-100)# switchport Domain_1_Peer2(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_1_Peer2(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 2.
Domain_2_Peer4(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_2_Peer4(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 4.
Verifying a VLT Configuration To monitor the operation or verify the configuration of a VLT domain, use any of the following show commands on the primary and secondary VLT switches. • Display information on backup link operation. EXEC mode • show vlt backup-link Display general status information about VLT domains currently configured on the switch.
• For a port channel interface, enter the keywords port-channel then a number. Examples of the show vlt and show spanning-tree rstp Commands The following example shows the show vlt backup-link command. Dell_VLTpeer1# show vlt backup-link VLT Backup Link ----------------Destination: Peer HeartBeat status: HeartBeat Timer Interval: HeartBeat Timeout: UDP Port: HeartBeat Messages Sent: HeartBeat Messages Received: 10.11.200.
Local LAG Id -----------2 100 Peer LAG Id ----------127 100 Local Status -----------UP UP Peer Status ----------UP UP Active VLANs ------------20, 30 10, 20, 30 The following example shows the show vlt role command.
The bold section displays the RSTP state of port channels in the VLT domain. Port channel 100 is used in the VLT interconnect trunk (VLTi) to connect to VLT peer2. Port channels 110, 111, and 120 are used to connect to access switches or servers (vlt). Dell_VLTpeer1# show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e88a.dff8 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 4096, Address 0001.e88a.
Configure the backup link. Dell_VLTpeer1(conf)#interface ManagementEthernet 1/1 Dell_VLTpeer1(conf-if-ma-1/1)#ip address 10.11.206.23/ Dell_VLTpeer1(conf-if-ma-1/1)#no shutdown Dell_VLTpeer1(conf-if-ma-1/1)#exit Configure the VLT interconnect (VLTi).
Configure the port channel to an attached device. Dell_VLTpeer2(conf)#interface port-channel 110 Dell_VLTpeer2(conf-if-po-110)#no ip address Dell_VLTpeer2(conf-if-po-110)#switchport Dell_VLTpeer2(conf-if-po-110)#channel-member fortyGigE 1/12 Dell_VLTpeer2(conf-if-po-110)#no shutdown Dell_VLTpeer2(conf-if-po-110)#vlt-peer-lag port-channel 110 Dell_VLTpeer2(conf-if-po-110)#end Verify that the port channels used in the VLT domain are assigned to the same VLAN.
Description Behavior at Peer Up Behavior During Run Time Action to Take The VLT peer does not boot up. The VLTi is forced to a down state. The VLT peer does not boot up. The VLTi is forced to a down state. Verify the domain ID matches on both VLT peers. A syslog error message and an SNMP trap are generated. A syslog error message and an SNMP trap are generated. A syslog error message is generated. A syslog error message is generated.
Description Behavior at Peer Up Behavior During Run Time Action to Take information, refer to the Release Notes for this release. VLT LAG ID is not configured on one VLT peer A syslog error message is generated. The peer with the VLT configured remains active. A syslog error message is generated. The peer with the VLT configured remains active. Verify the VLT LAG ID is configured correctly on both VLT peers. VLT LAG ID mismatch The VLT port channel is brought down.
The association of PVLAN with the VLT LAG must also be identical. After the VLT LAG is configured to be a member of either the primary or secondary PVLAN (which is associated with the primary), ICL becomes an automatic member of that PVLAN on both switches. This association helps the PVLAN data flow received on one VLT peer for a VLT LAG to be transmitted on that VLT LAG from the peer. You can associate either a VLT VLAN or a VLT LAG to a PVLAN.
For VLT VLANs, the association between primary VLAN and secondary VLANs is examined on both the peers. Only if the association is identical on both the peers, VLTi is configured as a member of those VLANs. This behavior is because of security functionalities in a PVLAN. For example, if a VLAN is a primary VLT VLAN on one peer and not a primary VLT VLAN on the other peer, VLTi is not made a part of that VLAN.
During the booting phase or when the ICL link attempts to come up, a system logging message is recorded if VLT PVLAN mismatches, PVLAN mode mismatches, PVLAN association mismatches, or PVLAN port mode mismatches occur. Also, you can view these discrepancies if any occur by using the show vlt mismatch command. Interoperation of VLT Nodes in a PVLAN with ARP Requests When an ARP request is received, and the following conditions are applicable, the IP stack performs certain operations.
VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Mac Synchronizatio n Peer1 Peer2 Peer1 Peer2 Trunk Access Primary Secondary No No Promiscuous Promiscuous Primary Primary Yes Yes Promiscuous Access Primary Secondary No No Promiscuous Promiscuous Primary Primary Yes Yes - Secondary (Community) - Secondary (Isolated) No No Secondary (Community) Secondary (Isolated) No No Yes Yes Access Access • Promiscuous Promiscuous Primary X • Primary X Primary Prima
VLT LAG Mode Peer1 PVLAN Mode of VLT VLAN Peer2 ICL VLAN Membership Mac Synchronizatio n Peer1 Peer2 - Primary VLAN Y - Primary VLAN X No No Promiscuous Access Primary Secondary No No Trunk Access Primary/Normal Secondary No No Configuring a VLT VLAN or LAG in a PVLAN You can configure the VLT peers or nodes in a private VLAN (PVLAN).
4 • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/ subport information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown 5 To configure the VLT interconnect, repeat Steps 1–4 on the VLT peer switch. 6 Enter VLT-domain configuration mode for a specified VLT domain.
• 5 trunk (inter-switch PVLAN hub port) Access INTERFACE VLAN mode for the VLAN to which you want to assign the PVLAN interfaces. CONFIGURATION mode interface vlan vlan-id 6 Enable the VLAN. INTERFACE VLAN mode no shutdown 7 To obtain maximum VLT resiliency, configure the PVLAN IDs and mappings to be identical on both the VLT peer nodes. Set the PVLAN mode of the selected VLAN to primary. INTERFACE VLAN mode private-vlan mode primary 8 Map secondary VLANs to the selected primary VLAN.
If the ICL link is down when a VLT node receives an ARP request for the IP address of the VLT peer, owing to LAG-level hashing algorithm in the top-of-rack (ToR) switch, the incorrect VLT node responds to the ARP request with the peer MAC address. Proxy ARP is not performed when the ICL link is up and the ARP request the wrong VLT peer. In this case, ARP requests are tunneled to the VLT peer. Proxy ARP supported on both VLT interfaces and non-VLT interfaces. Proxy ARP is supported on symmetric VLANs only.
When you remove the VLT domain on one of the VLT nodes, the peer routing configuration removal is notified to the peer. In this case, the VLT peer node disables the proxy ARP. When you remove the ICL link on one of the VLT nodes using the no peer-link command, the ICL down event is triggered on the other VLT node, which in turn starts the proxy ARP application.
Configuring VLAN-Stack over VLT To configure VLAN-stack over VLT, follow these steps. 1 Configure the VLT LAG as VLAN-Stack access or Trunk mode on both the peers. INTERFACE PORT-CHANNEL mode vlan-stack {access | trunk} 2 Configure VLAN as VLAN-stack compatible on both the peers. INTERFACE VLAN mode vlan-stack compatible 3 Add the VLT LAG as a member to the VLAN-stack on both the peers. INTERFACE VLAN mode member port-channel port—channel ID 4 Verify the VLAN-stack configurations.
Dell#show running-config interface port-channel 10 ! interface Port-channel 10 no ip address switchport vlan-stack access vlt-peer-lag port-channel 10 no shutdown Dell# Dell(conf)#interface port-channel 20 Dell(conf-if-po-20)#switchport Dell(conf-if-po-20)#vlt-peer-lag port-channel 20 Dell(conf-if-po-20)#vlan-stack trunk Dell(conf-if-po-20)#no shutdown Dell#show running-config interface port-channel 20 ! interface Port-channel 20 no ip address switchport vlan-stack trunk vlt-peer-lag port-channel 20 no shut
Configure the VLT domain Dell(conf)#vlt domain 1 Dell(conf-vlt-domain)#peer-link port-channel 1 Dell(conf-vlt-domain)#back-up destination 10.16.151.115 Dell(conf-vlt-domain)#system-mac mac-address 00:00:00:11:11:11 Dell(conf-vlt-domain)#unit-id 1 Dell(conf-vlt-domain)# Dell#show running-config vlt vlt domain 1 peer-link port-channel 1 back-up destination 10.16.151.
member Port-channel 10,20 shutdown Dell# Verify that the Port Channels used in the VLT Domain are Assigned to the VLAN-Stack VLAN Dell#show vlan id 50 Codes: * - Default VLAN, G - GVRP VLANs, R - Remote Port Mirroring VLANs, P Primary, C - Community, I - Isolated O - Openflow Q: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged o - OpenFlow untagged, O - OpenFlow tagged G - GVRP tagged, M - Vlan-stack i - Internal untagged, I - Internal tagged, v - VLT untagged, V - VLT tagged NUM 50 Dell# Stat
57 Virtual Extensible LAN (VXLAN) Virtual Extensible LAN (VXLAN) is supported on Dell Networking OS. Overview The switch acts as the VXLAN gateway and performs the VXLAN Tunnel End Point (VTEP) functionality. VXLAN is a technology where in the data traffic from the virtualized servers is transparently transported over an existing legacy network. Figure 131.
• Configuring VxLAN Gateway • Displaying VXLAN Configurations • VXLAN Service nodes for BFD Components of VXLAN network VXLAN provides a mechanism to extend an L2 network over an L3 network. In short, VXLAN is an L2 overlay scheme over an L3 network and this overlay is termed as a VXLAN segment.
• Binds the Port and VLAN to logical networks based on messages from the NVP. • Binds MACs to the VTEP and logical network based on messages from the NVP. • Advertises MACs learnt on south-facing VXLAN capable-ports to the NVP client. VXLAN Hypervisor It is the VTEP that connects the Virtual Machines (VM) to the underlay legacy network to the physical infrastructure. Service Node(SN) It is also another VTEP, but it is fully managed by NSX.
VXLAN achieves L2 over L3 overlay using the tunneling mechanism. VTEPs are the end points of a tunnel located within the hypervisor on the server that hosts VMs. The VXLAN frame format is shown in the following figure: Figure 132.
VXLAN Header : Frame Check Sequence (FCS): • Source Port: Entropy of the inner frame. The entropy could be based on the Inner L2 header or Inner L3 header. • VXLAN Port : IANA-assigned VXLAN Port (4789). • UDP Checksum: The UDP checksum field is transmitted as zero. When a packet is received with a UDP checksum of zero, it is accepted for decapsulation.
Figure 133. Create Hypervisor Figure 134. Edit Hypervisor Figure 135.
2 Create Service Node To create service node, the required fields are the IP address and SSL certificate of the server. The Service node is responsible for broadcast/unknown unicast/multicast traffic replication. The following is the snapshot of the user interface for the creation of service node: Figure 136. Create Service Node 3 Create VXLAN Gateway To create a VXLAN L2 Gateway, the IP address of the Gateway is mandatory.
A logical switch port provides a logical connection point for a VM interface (VIF) and a L2 gateway connection to an external network. It binds the virtual access ports in the GW to logical network (VXLAN) and VLAN. Figure 139. Create Logical Switch Port NOTE: For more details about NVP controller configuration, refer to the NVP user guide from VMWare .
4 gateway-ip VxLAN INSTANCE mode gateway-ip IP address 5 max-back off (Optional) VxLAN INSTANCE mode max_backoff time The range is from 1000-180000. The default value is 30000 milliseconds. 6 fail-mode (Optional) VxLAN INSTANCE mode fail-mode secure If the local VTEP loses connectivity with the controller, it will delete all its database and hardware flows/ resources.
VFI : 28674 Unknown Multicast MAC Tunnels: 192.168.122.133 : vxlan_over_ipv4 (up) Port Vlan Bindings: Te 1/8/1: VLAN: 0 (0x80000001), Fo 1/4: VLAN: 0 (0x80000004), The following example shows the show vxlan vxlan-instance statistics interface command. Dell#show vxlan vxlan-instance 1 statistics interface fortyGigE 1/12 100 Port : Fo 1/12 Vlan : 100 Rx Packets : 13 Rx Bytes : 1317 Tx Packets : 13 Tx Bytes : 1321 The following example shows the show vxlan vxlan-instance physical-locator command.
Total LN count : 1 Name bffc3be0-13e6-4745-9f6b-0bcbc5877f01 VNID 4656 Dell#$n-instance 1 logical-network n 2a8d5d19-8845-4365-ad04-243f0b6df252 Name : 2a8d5d19-8845-4365-ad04-243f0b6df252 Description : Tunnel Key : 2 VFI : 28674 Unknown Multicast MAC Tunnels: 192.168.122.133 : vxlan_over_ipv4 (up) Port Vlan Bindings: Te 0/80: VLAN: 0 (0x80000001), Fo 0/124: VLAN: 0 (0x80000004), The following example shows the show vxlan vxlan-instance statistics interface command.
(BUM). When one of the service nodes goes down or bfd is down in that service node, the gateway switches to the alternate service node for Broadcast unknown Unicast and Multicast Traffic (BUM). Examples of the show bfd neighbors command. To verify that the session is established, use the show bfd neighbors command. Dell_GW1#show bfd neighbors * Ad Dn B C I O O3 R M V VT * * * * * * - Active session role Admin Down BGP CLI ISIS OSPF OSPFv3 Static Route (RTM) MPLS VRRP Vxlan Tunnel LocalAddr 1.0.1.1 3.3.
58 Virtual Routing and Forwarding (VRF) Virtual Routing and Forwarding (VRF) allows a physical router to partition itself into multiple Virtual Routers (VRs). The control and data plane are isolated in each VR so that traffic does NOT flow across VRs.Virtual Routing and Forwarding (VRF) allows multiple instances of a routing table to co-exist within the same router at the same time. VRF Overview VRF improves functionality by allowing network paths to be segmented without using multiple devices.
Figure 140. VRF Network Example VRF Configuration Notes Although there is no restriction on the number of VLANs that can be assigned to a VRF instance, the total number of routes supported in VRF is limited by the size of the IPv4 CAM. VRF is implemented in a network device by using Forwarding Information Bases (FIBs). A network device may have the ability to configure different virtual routers, where entries in the FIB that belong to one VRF cannot be accessed by another VRF on the same device.
VRF supports route redistribution between routing protocols (including static routes) only when the routes are within the same VRF. Dell Networking OS uses both the VRF name and VRF ID to manage VRF instances. The VRF name and VRF ID number are assigned using the ip vrf command. The VRF ID is displayed in show ip vrf command output. The VRF ID is not exchanged between routers. VRF IDs are local to a router. VRF supports some routing protocols only on the default VRF (default-vrf) instance.
Feature/Capability Support Status for Default VRF Support Status for Non-default VRF NOTE: ACLs supported on all VRF VLAN ports. IPv4 ACLs are supported on nondefault-VRFs also. IPv6 ACLs are supported on defaultVRF only. PBR supported on default-VRF only. QoS not supported on VLANs.
DHCP DHCP requests are not forwarded across VRF instances. The DHCP client and server must be on the same VRF instance. VRF Configuration The VRF configuration tasks are: 1 Enabling VRF in Configuration Mode 2 Creating a Non-Default VRF 3 Assign an Interface to a VRF You can also: • View VRF Instance Information • Connect an OSPF Process to a VRF Instance • Configure VRRP on a VRF Loading VRF CAM • Load CAM memory for the VRF feature.
Assigning an Interface to a VRF You must enter the ip vrf forwarding command before you configure the IP address or any other setting on an interface. NOTE: You can configure an IP address or subnet on a physical or VLAN interface that overlaps the same IP address or subnet configured on another interface only if the interfaces are assigned to different VRFs. If two interfaces are assigned to the same VRF, you cannot configure overlapping IP subnets or the same IP address on them.
View VRF Instance Information To display information about VRF configuration, enter the show ip vrf command. To display information on all VRF instances (including the default VRF 0), do not enter a value for vrf-name. • Display the interfaces assigned to a VRF instance. EXEC show ip vrf [vrf-name] Assigning an OSPF Process to a VRF Instance OSPF routes are supported on all VRF instances. SeeOpen Shortest Path First (OSPFv2) for complete OSPF configuration information.
Table 93. Configuring VRRP on a VRF Task Command Syntax Command Mode Create VRF ip vrf vrf1 CONFIGURATION Assign the VRF to an interface ip vrf forwarding vrf1 VRF CONFIGURATION Assign an IP address to the interface ip address 10.1.1.1 /24 no shutdown Configure the VRRP group and virtual IP address vrrp-group 10 virtual-address 10.1.1.100 show config ----------------------------! interface TenGigabitEthernet 1/13/1 ip vrf forwarding vrf1 ip address 10.1.1.1/24 ! vrrp-group 10 virtual-address 10.
When Management VRF is configured, the following interface range or interface group commands are disabled: • ipv6 nd dad — Duplicated Address Detection • ipv6 nd dns-server — Configure DNS distribution option in RA packets originated by the router • ipv6 nd hop-limit — Set hop limit advertised in RA and used in IPv6 data packets originated by the router • ipv6 nd managed-config-flag — Hosts should use DHCP for address config • ipv6 nd max-ra-interval — Set IPv6 Max Router Advertisement Interval •
Sample VRF Configuration The following configuration illustrates a typical VRF set-up. Figure 141.
Figure 142. Setup VRF Interfaces The following example relates to the configuration shown in the above illustrations. Router 1 ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet 3/1/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/1/1 ip vrf forwarding blue ip address 10.0.0.
! interface TenGigabitEthernet 1/2/1 ip vrf forwarding orange ip address 20.0.0.1/24 no shutdown ! interface TenGigabitEthernet 1/3/1 ip vrf forwarding green ip address 30.0.0.1/24 no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.1/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.1/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! interface Vlan 256 ip vrf forwarding green ip address 3.0.0.
! interface TenGigabitEthernet 2/3/1 ip vrf forwarding green ip address 31.0.0.1/24 no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.2/24 tagged TenGigabitEthernet 3/1/1 no shutdown interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.2/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! interface Vlan 256 ip vrf forwarding green ip address 3.0.0.2/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! router ospf 1 vrf blue router-id 1.0.0.2 network 11.0.0.0/24 area 0 network 1.0.0.
2.0.0.2 1 FULL/DR Dell#show ip route vrf blue 00:00:37 2.0.0.
=================================================================================== === The following shows the output of the show commands on Router 2. Router 2 Dell#show ip vrf VRF-Name default-vrf 3/1/1-3/1/3, VRF-ID 0 Interfaces Te Te 2/1/1-2/17/1,2/21/1-2/32/4, blue 1 orange 2 green Dell#show ip ospf 1 neighbor Neighbor ID Pri Area 1.0.0.1 1 FULL/BDR 128 0 ! Dell#sh ip ospf 2 neighbor Neighbor ID Pri Area 2.0.0.
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Last Change --------------------C 2.0.0.0/24 00:26:44 O 20.0.0.0/24 00:14:22 C 21.0.0.0/24 00:20:38 Gateway Dist/Metric ------- ----------- Direct, Vl 192 via 2.0.0.
The following example illustrates how route leaking between two VRFs can be performed: interface TenGigabitEthernet 1/9/1 ip vrf forwarding VRF1 ip address 120.0.0.1/24 interface TenGigabitEthernet 1/10/1 ip vrf forwarding VRF2 ip address 140.0.0.1/24 ip route vrf VRF1 20.0.0.0/16 140.0.0.2 vrf VRF2 ip route vrf VRF2 40.0.0.0/16 120.0.0.
Consider a scenario where you have created four VRF tables VRF-red, VRF-blue, VRF-Green, and VRF-shared. The VRF-shared table belongs to a particular service that should be made available only to VRF-Red and VRFBlue but not VRF-Green. For this purpose, routes corresponding VRF-Shared routes are leaked to only VRFRed and VRF-Blue. And for reply, routes corresponding to VRF-Red and VRF-Blue are leaked to VRF-Shared.
8 Configure the export target in VRF-blue. ip route-import 3:3 9 Configure VRF-green. ip vrf vrf-green interface-type slot/port[/subport] ip vrf forwarding VRF-green ip address ip—address mask A non-default VRF named VRF-green is created and the interface is assigned to it. 10 Configure the import target in the source VRF VRF-Shared for reverse communication with VRF-red and VRF-blue.
O 44.4.4.4/32 00:00:11 via 144.4.4.4 110/0 C Direct, Te 1/4/1 0/0 144.4.4.0/24 00:32:36 Show routing tables of VRFs( after route-export and route-import tags are configured). Dell# show ip route vrf VRF-Red O C O C 11.1.1.1/32 111.1.1.0/24 44.4.4.4/32 144.4.4.0/24 via 111.1.1.1 110/0 00:00:10 Direct, Te 1/11/1 0/0 22:39:59 via VRF-shared:144.4.4.4 0/0 00:32:36 Direct, VRF-shared:Te 1/4/1 0/0 00:32:36 Dell# show ip route vrf VRF-Blue O 22.2.2.2/32 via 122.2.2.2 00:00:11 C O C 122.2.2.0/24 44.4.4.
Configuring Route Leaking with Filtering When you initalize route leaking from one VRF to another, all the routes are exposed to the target VRF. If the size of the source VRF's RTM is considerablly large, an import operation results in the duplication of the target VRF's RTM with the source RTM entries. To mitigate this issue, you can use route-maps to filter the routes that are exported and imported into the route targets based on certain matching criteria.
This action specifies that the route-map contains OSPF and BGP as the matching criteria for exporting routes from vrf-red. 4 Configure the export target in the source VRF with route-map export_ospfbgp_protocol. ip route-export 1:1 export_ospfbgp_protocol 5 Configure VRF-blue. ip vrf vrf-blue interface-type slot/port[/subport] ip vrf forwarding VRF-blue ip address ip—address mask A non-default VRF named VRF-blue is created and the interface 1/22/1 is assigned to it.
Important Points to Remember • Only Active routes are eligible for leaking. For example, if VRF-A has two routes from BGP and OSPF, in which the BGP route is not active. In this scenario, the OSPF route takes precedence over BGP. Even though the Target VRF-B has specified filtering options to match BGP, the BGP route is not leaked as that route is not active in the Source VRF. • The export-target and import-target support only the match protocol and match prefix-list options.
59 Virtual Router Redundancy Protocol (VRRP) Virtual router redundancy protocol (VRRP) is designed to eliminate a single point of failure in a statically routed network. VRRP Overview VRRP is designed to eliminate a single point of failure in a statically routed network. VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a local area network (LAN).
Figure 143. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single pointof-failure. End-station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to converge or update routing tables. VRRP Implementation Within a single VRRP group, up to 12 virtual IP addresses are supported.
Z-Series supports a total of 255 VRRP groups on a switch. The total number of VRRP groups per system should be less than 512. The following recommendations shown may vary depending on various factors like address resolution protocol (ARP) broadcasts, IP broadcasts, or spanning tree protocol (STP) before changing the advertisement interval.
For a complete listing of all commands related to VRRP, refer to Dell Networking OS Command Line Reference Guide. Creating a Virtual Router To enable VRRP, create a virtual router. In Dell Networking Operating System (OS), the virtual router identifier (VRID) identifies a VRRP group. To enable or delete a virtual router, use the following commands. • Create a virtual router for that interface with a VRID. INTERFACE mode vrrp-group vrid The VRID range is from 1 to 255.
The following example configures the IPv4 VRRP 100 group to use VRRP protocol version 3. Dell(conf-if-te-1/1/1)# vrrp-group 100 Dell(conf-if-te-1/1/1-vrid-100)#version ? 2 VRRPv2 3 VRRPv3 both Interoperable, send VRRPv3 receive both Dell(conf-if-te-1/1/1-vrid-100)#version 3 You can use the version both command in INTERFACE mode to migrate from VRRPv2 to VRRPv3. When you set the VRRP version to both, the switch sends only VRRPv3 advertisements but can receive VRRPv2 or VRRPv3 packets.
multiple IP subnets configured on the interface, Dell Networking recommends configuring virtual IP addresses belonging to the same IP subnet for any one VRRP group. • For example, an interface (on which you enable VRRP) contains a primary IP address of 50.1.1.1/24 and a secondary IP address of 60.1.1.1/24. The VRRP group (VRID 1) must contain virtual addresses belonging to either subnet 50.1.1.0/24 or subnet 60.1.1.0/24, but not from both subnets (though Dell Networking OS allows the same).
The following example shows the same VRRP group (VRID 111) configured on multiple interfaces on different subnets. Dell#show vrrp -----------------TenGigabitEthernet 1/1/1, VRID: 111, Version: 2 Net: 10.10.10.1 State: Master, Priority: 255, Master: 10.10.10.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 1768, Gratuitous ARP sent: 5 Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.10.1 10.10.10.2 10.10.10.3 10.10.10.
Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 2343, Gratuitous ARP sent: 5 Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.10.1 10.10.10.2 10.10.10.3 10.10.10.10 Authentication: (none) -----------------TenGigabitEthernet 1/2/1, VRID: 111, Net: 10.10.2.1 State: Master, Priority: 125, Master: 10.10.2.
Disabling Preempt The preempt command is enabled by default. The command forces the system to change the MASTER router if another router with a higher priority comes online. Prevent the BACKUP router with the higher priority from becoming the MASTER router by disabling preempt. NOTE: You must configure all virtual routers in the VRRP group the same: you must configure all with preempt enabled or configure all with preempt disabled.
If you are configured for VRRP version 2, the timer values must be in multiples of whole seconds. For example, timer value of 3 seconds or 300 centisecs are valid and equivalent. However, a timer value of 50 centisecs is invalid because it not is not multiple of 1 second. If are using VRRP version 3, you must configure the timer values in multiples of 25 centisecs. To change the advertisement interval in seconds or centisecs, use the following command. A centisecs is 1/100 of a second.
The lowered priority of the VRRP group may trigger an election. As the Master/Backup VRRP routers are selected based on the VRRP group’s priority, tracking features ensure that the best VRRP router is the Master for that group. The sum of all the costs of all the tracked interfaces must be less than the configured priority on the VRRP group. If the VRRP group is configured as Owner router (priority 255), tracking for that group is disabled, irrespective of the state of the tracked interfaces.
EXEC mode or EXEC Privilege mode show running-config interface interface Examples of Configuring and Viewing the track Command The following example shows how to configure tracking using the track command. Dell(conf-if-te-1/1/1)#vrrp-group 111 Dell(conf-if-te-1/1/1-vrid-111)#track Tengigabitethernet 1/2/1 The following example shows how to verify tracking using the show conf command.
2 - Up IPv6 route, 2040::/64, priority-cost 20, 00:02:11 3 - Up IPv6 route, 2050::/64, priority-cost 30, 00:02:11 The following example shows verifying the VRRP configuration on an interface.
vrrp delay reload seconds This time is the gap between system boot up completion and VRRP enabling. The seconds range is from 0 to 900. The default is 0. Sample Configurations Before you set up VRRP, review the following sample configurations. VRRP for an IPv4 Configuration The following configuration shows how to enable IPv4 VRRP. This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration.
Figure 144. VRRP for IPv4 Topology Examples of Configuring VRRP for IPv4 and IPv6 The following example shows configuring VRRP for IPv4 Router 2. R2(conf)#interface tengigabitethernet 2/31/1 R2(conf-if-te-2/31/1)#ip address 10.1.1.1/24 R2(conf-if-te-2/31/1)#vrrp-group 99 R2(conf-if-te-2/31/1-vrid-99)#priority 200 R2(conf-if-te-2/31/1-vrid-99)#virtual 10.1.1.3 R2(conf-if-te-2/31/1-vrid-99)#no shut R2(conf-if-te-2/31/1)#show conf ! interface TenGigabitEthernet 2/31/1 ip address 10.1.1.
vrrp-group 99 priority 200 virtual-address 10.1.1.3 no shutdown R2(conf-if-te-2/31/1)#end R2#show vrrp -----------------TenGigabitEthernet 2/31/1, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 200, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 817, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:63 Virtual IP address: 10.1.1.
10.1.1.3 Authentication: (none) Figure 145. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address. The following example shows configuring VRRP for IPv6 Router 2 and Router 3. Configure a virtual link local (fe80) address for each VRRPv3 group created for an interface.
The virtual IPv6 address you configure must be the same as the IPv6 subnet to which the interface belongs. Although R2 and R3 have the same default, priority (100), R2 is elected master in the VRRPv3 group because the TenGigabitethernet 1/1/1 interface has a higher IPv6 address than the TenGigabitethernet 1/2/1 interface on R3.
Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 11, Bad pkts rcvd: 0, Adv sent: 0 Virtual MAC address: 00:00:5e:00:02:0a VRRP in a VRF Configuration The following example shows how to enable VRRP operation in a VRF virtualized network for the following scenarios. • Multiple VRFs on physical interfaces running VRRP. • Multiple VRFs on VLAN interfaces running VRRP. To view a VRRP in a VRF configuration, use the show commands.
Figure 146. VRRP in a VRF: Non-VLAN Example Example of Configuring VRRP in a VRF on Switch-1 (Non-VLAN) Switch-1 S1(conf)#ip vrf default-vrf 0 ! S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 1/1/1 S1(conf-if-te-1/1/1)#ip vrf forwarding VRF-1 S1(conf-if-te-1/1/1)#ip address 10.10.1.
S1(conf-if-te-1/2/1)#no shutdown ! S1(conf)#interface TenGigabitEthernet 1/3/1 S1(conf-if-te-1/3/1)#ip vrf forwarding VRF-3 S1(conf-if-te-1/3/1)#ip address 20.1.1.5/24 S1(conf-if-te-1/3/1)#vrrp-group 15 % Info: The VRID used by the VRRP group 15 in VRF 3 will be 243. S1(conf-if-te-1/3/1-vrid-105)#priority 255 S1(conf-if-te-1/3/1-vrid-105)#virtual-address 20.1.1.
VLAN Scenario In another scenario, to connect to the LAN, VRF-1, VRF-2, and VRF-3 use a single physical interface with multiple tagged VLANs (instead of separate physical interfaces). In this case, you configure three VLANs: VLAN-100, VLAN-200, and VLAN-300. Each VLAN is a member of one VRF. A physical interface ( tengigabitethernet 1/1/1) attaches to the LAN and is configured as a tagged interface in VLAN-100, VLAN-200, and VLAN-300. The rest of this example is similar to the non-VLAN scenario.
Vlan 400, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 1 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 278, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:01 Virtual IP address: 10.1.1.100 Authentication: (none) Dell#show vrrp vrf vrf2 port-channel 1 -----------------Port-channel 1, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 2 vrf2 State: Master, Priority: 100, Master: 10.1.1.
% Info: The VRID used by the VRRP group 15 in VRF 3 will be 243. S2(conf-if-vl-300-vrid-101)#priority 100 S2(conf-if-vl-300-vrid-101)#virtual-address 20.1.1.5 S2(conf-if-vl-300)#no shutdown Dell#show vrrp vrf vrf1 vlan 400 -----------------Vlan 400, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 1 vrf1 State: Master, Priority: 100, Master: 10.1.1.
Consider an example VRRP for IPv6 configuration in which the IPv6 VRRP group consists of two routers. Figure 147. VRRP for IPv6 Topology NOTE: This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, and so on.
R2(conf-if-te-1/1/1)#ipv6 address 1::1/64 R2(conf-if-te-1/1/1)#vrrp-group 10 NOTE: You must configure a virtual link local (fe80) address for each VRRPv3 group created for an interface. The VRRPv3 group becomes active as soon as you configure the link local address. Afterwards, you can configure the group’s virtual IPv6 address. R2(conf-if-te-1/1/1-vrid-10)#virtual-address fe80::10 NOTE: The virtual IPv6 address you configure should be the same as the IPv6 subnet to which the interface belongs.
Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 11, Bad pkts rcvd: 0, Adv sent: 0 Virtual MAC address: 00:00:5e:00:02:0a Virtual IP address: 1::10 fe80::10 Dell#show vrrp tengigabitethernet 1/1/1 TenGigabitEthernet 1/1/1, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:fd76 VRF: 0 default State: Backup, Priority: 90, Master: fe80::201:e8ff:fe8a:e9ed Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master
00:00:5e:00:02:ff Virtual IP address: 10:1:1::255 fe80::255 Dell#show vrrp vrf vrf2 port-channel 1 Port-channel 1, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:fd76 VRF: 2 vrf2 State: Backup, Priority: 90, Master: fe80::201:e8ff:fe8a:e9ed Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 548, Bad pkts rcvd: 0, Adv sent: 0 Virtual MAC address: 00:00:5e:00:02:ff Virtual IP address: 10:1:1::255 fe80::255 Virtual Router Redundancy Proto
60 Debugging and Diagnostics This chapter describes debugging and diagnostics for the device. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 — Level 0 diagnostics check for the presence of various components and perform essential path verifications. In addition, Level 0 diagnostics verify the identification registers of the components on the board.
NOTE: The system reboots when the offline diagnostics complete. This is an automatic process. The following warning message appears when you implement the offline stack-unit command: Warning - Diagnostic execution will cause stack-unit to reboot after completion of diags. Proceed with Offline-Diags [confirm yes/no]:y After the system goes offline, you must reload or run the online stack-unit stack-unit-number command for the normal operation. 2 Confirm the offline status.
The following example shows the show system brief command. Dell#show system brief Stack MAC : 10:11:12:13:14:15 Reload-Type : normal-reload [Next boot : normal-reload] -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports ----------------------------------------------------------------------------------0 Management offline S6000 S6000 9.4(0.
removed 00:08:50: %STKUNIT1-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 2 present 00:09:00: %STKUNIT1-M:CP %CHMGR-5-CHECKIN: Checkin from Stack unit 2 (type S25P, 28 ports) 00:09:00: %S25P:2 %CHMGR-0-PS_UP: Power supply 0 in unit 2 is up 00:09:00: %STKUNIT1-M:CP %CHMGR-5-STACKUNITUP: Stack unit 2 is up [output from the console of the unit in which diagnostics are performed] Dell(stack-member-2)# Diagnostic test results are stored on file: flash:/TestReport-SU-2.txt Diags completed...
Test 10.002 - FanTray2 Presence Test ................................NOT PRESENT Test 10 - FanTray Presence Test .....................................NOT PRESENT Test 11.000 - FanTray0 Status Monitor Test .......................... PASS Test 11.001 - FanTray1 Status Monitor Test .......................... PASS diagS6000FanStatusMonitorTest[328]: ERROR: FanTray:2 is failed or not present. Test 11.002 - FanTray2 Status Monitor Test ..........................NOT PRESENT Test 11 - FanTray Status Monitor Test ..
Trace Logs In addition to the syslog buffer, Dell Networking OS buffers trace messages which are continuously written by various Dell Networking OS software tasks to report hardware and software events and status information. Each trace message provides the date, time, and name of the Dell Networking OS process. All messages are stored in a ring buffer. You can save the messages to a file either manually or automatically after failover.
QSFP QSFP QSFP QSFP QSFP QSFP QSFP QSFP QSFP QSFP QSFP QSFP QSFP QSFP 52 52 52 52 52 52 52 52 52 52 52 52 52 52 Length(SFM) Km = 0x00 Length(OM3) 2m = 0x32 Length(OM2) 1m = 0x00 Length(OM1) 1m = 0x00 Length(Copper) 1m = 0x00 Vendor Rev = 01 Laser Wavelength = 850.
When the system detects a genuine over-temperature condition, it powers off the card. To recognize this condition, look for the following system messages: CHMGR-2-MAJOR_TEMP: Major alarm: chassis temperature high (temperature reaches or exceeds threshold of [value]C) CHMGR-2-TEMP_SHUTDOWN_WARN: WARNING! temperature is [value]C; approaching shutdown threshold of [value]C To view the programmed alarm thresholds levels, including the shutdown value, use the show alarms threshold command.
Troubleshoot an Under-Voltage Condition To troubleshoot an under-voltage condition, check that the correct number of power supplies are installed and their Status light emitting diodes (LEDs) are lit. The following table lists information for SNMP traps and OIDs on the environmental monitoring hardware and hardware components. Table 95. SNMP Traps and OIDs OID String OID Name Description chSysPortXfpRecvPower OID displays the receiving power of the connected optics.
Buffer Tuning Buffer tuning allows you to modify the way your switch allocates buffers from its available memory and helps prevent packet drops during a temporary burst of traffic. The application-specific integrated circuit (ASICs) implement the key functions of queuing, feature lookups, and forwarding lookups in hardware.
• • • Dynamic Pool= Total Available Pool(16384 cells) — Total Dedicated Pool = 5904 cells Oversubscription ratio = 10 Dynamic Cell Limit Per port = 59040/29 = 2036 cells Figure 148. Buffer Tuning Points Deciding to Tune Buffers Dell Networking recommends exercising caution when configuring any non-default buffer settings, as tuning can significantly affect system performance. The default values work for most cases.
• Define a buffer profile for the CSF queues. CONFIGURATION mode • buffer-profile csf csqueue Change the dedicated buffers on a physical 1G interface. BUFFER PROFILE mode • buffer dedicated Change the maximum number of dynamic buffers an interface can request. BUFFER PROFILE mode • buffer dynamic Change the number of packet-pointers per queue. BUFFER PROFILE mode • buffer packet-pointers Apply the buffer profile to a line card.
To display the default buffer profile, use the show buffer-profile {summary | detail} command from EXEC Privilege mode. The following example shows viewing the default buffer profile. Dell#show buffer-profile detail interface tengigabitethernet 1/1/1 Interface Te 1/1/1 Buffer-profile Dynamic buffer 194.88 (Kilobytes) Queue# Dedicated Buffer Buffer Packets (Kilobytes) 0 2.50 256 1 2.50 256 2 2.50 256 3 2.50 256 4 9.38 256 5 9.38 256 6 9.38 256 7 9.
6 7 3.00 3.00 256 256 Using a Pre-Defined Buffer Profile Dell Networking OS provides two pre-defined buffer profiles, one for single-queue (for example, non-qualityof-service [QoS]) applications, and one for four-queue (for example, QoS) applications. You must reload the system for the global buffer profile to take effect, a message similar to the following displays: % Info: For the global pre-defined buffer profile to take effect, please save the config and reload the system..
buffer dedicated queue0 3 queue1 3 queue2 3 queue3 3 queue4 3 queue5 3 queue6 3 queue7 3 buffer dynamic 1256 ! buffer fp-uplink stack-unit 1 port-set 0 buffer-policy fsqueue-hig buffer fp-uplink stack-unit 1 port-set 1 buffer-policy fsqueue-hig ! Interface range tengigabitethernet 1/1 - 18/1 buffer-policy fsqueue-fp Dell#show run interface tengigabitethernet 1/10/1 ! interface TenGigabitEthernet 1/10/1 no ip address Troubleshooting Packet Loss The show hardware stack-unit command is intended primarily to t
show hardware drops interface interface Example of the show hardware stack-unit Command to View Drop Counters Statistics Example of show hardware drops interface interface Dell#show hardware drops interface tengigabitethernet 2/1/1 Drops in Interface Te 2/1/1: --- Ingress Drops --Ingress Drops IBP CBP Full Drops PortSTPnotFwd Drops IPv4 L3 Discards Policy Discards Packets dropped by FP (L2+L3) Drops Port bitmap zero Drops Rx VLAN Drops --- Ingress MAC counters--Ingress FCSDrops Ingress MTUExceeds --- MMU Dr
Total Total Total Total IngMac Drops Mmu Drops EgMac Drops Egress Drops : : : : 0 124904297 0 0 Dell#show hardware stack-unit 1 drops unit 0 UserPort PortNumber Drops Egress Drops 1 1 0 0 2 2 0 0 3 3 0 0 4 4 0 0 5 5 0 0 6 6 0 0 7 7 0 0 8 8 0 0 9 9 0 0 10 10 0 0 11 11 0 0 12 12 0 0 13 13 0 0 14 14 0 0 15 15 0 0 16 16 0 0 17 17 0 0 18 18 0 0 19 19 0 0 20 20 0 0 21 21 0 0 22 22 0 0 23 23 0 0 24 24 0 0 25 25 0 0 26 26 0 0 27 27 0 0 28 28 Ingress Drops IngMac Drops Total Mmu Drops 0 0 0 0 0 0 0 0
0 29 0 30 0 31 0 32 0 33 0 34 0 35 0 36 0 37 0 38 0 39 0 40 0 41 0 42 0 43 0 44 0 45 0 46 0 47 0 48 0 49 0 49 0 49 0 49 0 52 0 52 0 52 0 52 0 53 0 53 0 53 0 53 0 29 0 30 0 31 0 32 0 33 0 34 0 35 0 36 0 37 0 38 0 39 0 40 0 41 0 42 0 43 0 44 0 45 0 46 0 47 0 48 0 49 0 50 0 51 0 52 0 61 0 62 0 63 0 64 0 65 0 66 0 67 0 68 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 54/1 0 54/2 0 54/3 0 54/4 0 Internal 0 Internal 0 0 69 0 70 0 71 0 72 0 53 0 57 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 4659499 0 0 Dataplane Statistics The show hardware stack-unit cpu data-plane statistics command provides insight into the packet types coming to the CPU. The show hardware stack-unit cpu party-bus statistics command displays input and output statistics on the party bus, which carries inter-process communication traffic between CPUs.
txPkt(COS1 ) txPkt(COS2 ) txPkt(COS3 ) txPkt(COS4 ) txPkt(COS5 ) txPkt(COS6 ) txPkt(COS7 ) txPkt(COS8 ) txPkt(COS9 ) txPkt(COS10) txPkt(COS11) txPkt(UNIT0) :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 Example of Viewing Party Bus Statistics Dell#sh hardware stack-unit 1 cpu party-bus statistics Input Statistics: 27550 packets, 2559298 bytes 0 dropped, 0 errors Output Statistics: 1649566 packets, 1935316203 bytes 0 errors Display Stack Port Statistics The show hardware stack-unit stack-port command displays input
Description RX - IPV4 L3 Unicast Frame Counter RX - IPV4 L3 routed multicast Packets RX - IPV6 L3 Unicast Frame Counter RX - IPV6 L3 routed multicast Packets RX - Unicast Packet Counter RX - 64 Byte Frame Counter RX - 64 to 127 Byte Frame Counter RX - 128 to 255 Byte Frame Counter RX - 256 to 511 Byte Frame Counter RX - 512 to 1023 Byte Frame Counter RX - 1024 to 1518 Byte Frame Counter RX - 1519 to 1522 Byte Good VLAN Frame Counter RX - 1519 to 2047 Byte Frame Counter RX - 2048 to 4095 Byte Frame Counter R
--------Interface Fo 1/60 : Description RX - IPV4 L3 Unicast Frame Counter RX - IPV4 L3 routed multicast Packets RX - IPV6 L3 Unicast Frame Counter RX - IPV6 L3 routed multicast Packets RX - Unicast Packet Counter RX - 64 Byte Frame Counter RX - 64 to 127 Byte Frame Counter RX - 128 to 255 Byte Frame Counter RX - 256 to 511 Byte Frame Counter RX - 512 to 1023 Byte Frame Counter RX - 1024 to 1518 Byte Frame Counter RX - 1519 to 1522 Byte Good VLAN Frame Counter RX - 1519 to 2047 Byte Frame Counter RX - 2048
RX - IPV4 L3 Unicast Frame Counter RX - IPV4 L3 Routed Multicast Packets RX - IPV6 L3 Unicast Frame Counter RX - IPV6 L3 Routed Multicast Packets RX - Unicast Packet Counter RX - 64 Byte Frame Counter RX - 65 to 127 Byte Frame Counter RX - 128 to 255 Byte Frame Counter RX - 256 to 511 Byte Frame Counter RX - 512 to 1023 Byte Frame Counter RX - 1024 to 1518 Byte Frame Counter RX - 1519 to 1522 Byte Good VLAN Frame Counter RX - 1519 to 2047 Byte Frame Counter RX - 2048 to 4095 Byte Frame Counter RX - 4096 to
To undo this command, use the no logging coredump server command. Mini Core Dumps Dell Networking OS supports mini core dumps on the application and kernel crashes. The mini core dump applies to Master, Standby, and Member units. Application and kernel mini core dumps are always enabled. The mini core dumps contain the stack space and some other minimal information that you can use to debug a crash. These files are small files and are written into flash until space is exhausted.
Enabling TCP Dumps A TCP dump captures CPU-bound control plane traffic to improve troubleshooting and system manageability. When you enable TCP dump, it captures all the packets on the local CPU, as specified in the CLI. You can save the traffic capture files to flash, FTP, SCP, or TFTP. The files saved on the flash are located in the flash://TCP_DUMP_DIR/Tcpdump_/ directory and labeled tcpdump_*.pcap. There can be up to 20 Tcpdump_ directories.
61 Standards Compliance This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking OS, the system also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website. Click “Browse and search IETF documents,” enter an RFC number, and inspect the top of the resulting document for obsolescence citations to related RFCs.
802.3z Gigabit Ethernet (1000BASE-X) ANSI/TIA-1057 LLDP-MED Force10 FRRP (Force10 Redundant Ring Protocol) Force10 PVST+ SFF-8431 SFP+ Direct Attach Cable (10GSFP+Cu) MTU 9,216 bytes RFC and I-D Compliance Dell Networking OS supports the following standards. The standards are grouped by related protocol. The columns showing support by platform indicate which version of Dell Networking OS first supports the standard.
RFC# Full Name Z-Series 2474 Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers 2615 PPP over SONET/SDH 2698 A Two Rate Three Color Marker 3164 The BSD syslog Protocol S-Series 7.7.1 7.6.1 draftBidirectional Forwarding ietf-bfd Detection base-0 3 General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 98.
R Full Name F C # 1 0 4 2 A Standard for the Transmission of IP Datagrams over IEEE 802 Networks Z-Series S-Series 7.6.1 1 Path MTU 1 Discovery 9 1 7.6.1 1 3 0 5 Network Time Protocol (Version 3) Specification, Implementation and Analysis 7.6.1 1 5 1 9 Classless InterDomain Routing (CIDR): an Address Assignment and Aggregation Strategy 7.6.1 1 5 4 2 Clarifications and Extensions for the Bootstrap Protocol 7.6.1 1 Requirements 8 for IP Version 4 1 Routers 2 7.6.
R Full Name F C # Z-Series S-Series 2 Point-to-Point 1 Links 3 0 4 6 DHCP Relay Agent Information Option 7.8.1 3 0 6 9 VLAN Aggregation for Efficient IP Address Allocation 7.8.1 3 1 2 8 Protection Against a Variant of the Tiny Fragment Attack 7.6.1 General IPv6 Protocols The following table lists the Dell Networking OS support per platform for general IPv6 protocols. Table 99. General IPv6 Protocols RF Full Name C# Z-Series S-Series 18 86 DNS Extensions to support IP version 6 7.8.
RF Full Name C# Z-Series S-Series 24 62 (Pa rtia l) IPv6 Stateless Address Autoconfigu ration 7.8.1 24 64 Transmissio n of IPv6 Packets over Ethernet Networks 7.8.1 26 75 IPv6 Jumbogram s 7.8.1 271 IPv6 Router 1 Alert Option 8.3.12.0 35 87 IPv6 Global Unicast Address Format 7.8.1 40 07 IPv6 Scoped Address Architecture 8.3.12.0 42 91 Internet Protocol Version 6 (IPv6) Addressing Architecture 7.8.1 44 43 Internet Control Message Protocol (ICMPv6) for the IPv6 Specificatio n 7.8.
RF Full Name C# Z-Series S-Series Autoconfigu ration 517 IPv6 Router 5 Advertiseme nt Flags Option 8.3.12.0 Border Gateway Protocol (BGP) The following table lists the Dell Networking OS support per platform for BGP protocols. Table 100. Border Gateway Protocol (BGP) RFC# Full Name S-Series/Z-Series 1997 BGP ComAmtturnibituitees 7.8.1 2385 Protection of BGP Sessions via the TCP MD5 Signature Option 7.8.1 2439 BGP Route Flap Damping 7.8.
Open Shortest Path First (OSPF) The following table lists the Dell Networking OS support per platform for OSPF protocol. Table 101. Open Shortest Path First (OSPF) RFC# Full Name S-Series/Z-Series 1587 The OSPF Not-So-Stubby Area (NSSA) Option 7.6.1 2154 OSPF with Digital Signatures 7.6.1 2328 OSPF Version 2 7.6.1 2370 The OSPF Opaque LSA Option 7.6.1 2740 OSPF for IPv6 9.1(0.0) 3623 Graceful OSPF Restart 7.8.
RFC# Full Name S-Series 3784 Intermediate System to Intermediate System (IS-IS) Extensions in Support of Generalized Multi-Protocol Label Switching (GMPLS) 5120 MT-ISIS: Multi Topology (MT) Routing in Intermediate System to Intermediate Systems (IS-ISs) 5306 Restart Signaling for IS-IS 5308 Routing IPv6 with IS-IS draft-ietf-isis-igpp2p- overlan-06 Point-to-point operation over LAN in link-state routing protocols draft-kaplan-isis-e xt-eth-02 Extended Ethernet Frame Size Support 8.3.10.
RFC # Full Name Z-Series S-Series 3376 Internet Group Management Protocol, Version 3 7.8.1 3569 An Overview of Source-Specific Multicast (SSM) 7.8.1 SSM for IPv4 3618 Multicast Source Discovery Protocol (MSDP) draft -ietfpim -smv2new05 Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification (Revised) 7.8.1 PIM-SM for IPv4 Network Management The following table lists the Dell Networking OS support per platform for network management protocol. Table 105.
RFC# Full Name S4810 1901 Introduction to Community-based SNMPv2 7.6.1 2011 SNMPv2 Management Information Base for 7.6.1 the Internet Protocol using SMIv2 2012 SNMPv2 Management Information Base for 7.6.1 the Transmission Control Protocol using SMIv2 2013 SNMPv2 Management Information Base for 7.6.1 the User Datagram Protocol using SMIv2 2024 Definitions of Managed Objects for Data Link Switching using SMIv2 7.6.1 2096 IP Forwarding Table MIB 7.6.
RFC# Full Name S4810 radiusAuthClientInvalidServerAddresses radiusAuthClientMalformedAccessRespons es radiusAuthClientUnknownTypes radiusAuthClientPacketsDropped 2698 A Two Rate Three Color Marker 9.5.(0.0) 3635 Definitions of Managed Objects for the Ethernet-like Interface Types 7.6.1 2674 Definitions of Managed Objects for Bridges 7.6.1 with Traffic Classes, Multicast Filtering and Virtual LAN Extensions 2787 Definitions of Managed Objects for the Virtual Router Redundancy Protocol 7.6.
RFC# Full Name S4810 4001 Textual Conventions for Internet Network Addresses 8.3.12 4292 IP Forwarding Table MIB 9.5.(0.0) 4750 OSPF Version 2 Management Information Base 9.5.(0.0) 4502 RMON v2 MIB 9.5(0.0) 5060 Protocol Independent Multicast MIB 7.8.1 ANSI/TIA-1057 The LLDP Management Information Base extension module for TIA-TR41.4 Media Endpoint Discovery information 7.7.1 draft-grant-tacacs -02 The TACACS+ Protocol 7.6.
RFC# Full Name S4810 information. (LLDP DOT1 MIB and LLDP DOT3 MIB) ruzin-mstp-mib-0 2 (Traps) Definitions of Managed Objects for Bridges 7.6.1 with Multiple Spanning Tree Protocol sFlow.org sFlow Version 5 7.7.1 sFlow.org sFlow Version 5 MIB 7.7.1 FORCE10-BGP4-V2-MIB Force10 BGP MIB (draft-ietf-idr-bgp4mibv2-05) 7.8.1 f10–bmp-mib Force10 Bare Metal Provisioning MIB 9.2(0.
MIB Location You can find Force10 MIBs under the Force10 MIBs subhead on the Documentation page of iSupport: https://www.force10networks.com/CSPortal20/KnowledgeBase/Documentation.aspx You also can obtain a list of selected MIBs and their OIDs at the following URL: https://www.force10networks.com/CSPortal20/Main/Login.aspx Some pages of iSupport require a login. To request an iSupport account, go to: https://www.force10networks.com/CSPortal20/AccountRequest/AccountRequest.
