Users Guide
Table Of Contents
- OS10 Enterprise Edition User Guide Release 10.3.2E(R2)
- Getting Started
- Download OS10 image and license
- Installation
- Log into OS10
- Install OS10 license
- Remote access
- Upgrade OS10
- CLI Basics
- User accounts
- Key CLI features
- CLI command modes
- CLI command hierarchy
- CLI command categories
- CONFIGURATION Mode
- Command help
- Check device status
- Candidate configuration
- Change to transaction-based configuration
- Back up or restore configuration
- Reload system image
- Filter show commands
- Alias command
- Batch mode commands
- Linux shell commands
- SSH commands
- OS9 environment commands
- Common commands
- alias
- batch
- boot
- commit
- configure
- copy
- delete
- dir
- discard
- do
- feature config-os9-style
- exit
- license
- lock
- management route
- move
- no
- reload
- show alias
- show boot
- show candidate-configuration
- show environment
- show inventory
- show ip management-route
- show ipv6 management-route
- show license status
- show running-configuration
- show startup-configuration
- show system
- show version
- start
- system
- system identifier
- terminal
- traceroute
- unlock
- write
- Interfaces
- Ethernet interfaces
- L2 mode configuration
- L3 mode configuration
- Management interface
- VLAN interfaces
- Loopback interfaces
- Port-channel interfaces
- Create port-channel
- Add port member
- Minimum links
- Assign Port Channel IP Address
- Remove or disable port-channel
- Load balance traffic
- Change hash algorithm
- Configure interface ranges
- Forward error correction
- View interface configuration
- Interface commands
- channel-group
- description (Interface)
- duplex
- fec
- interface breakout
- interface ethernet
- interface loopback
- interface mgmt
- interface null
- interface port-channel
- interface range
- interface vlan
- link-bundle-utilization
- mgmt
- mtu
- show interface
- show link-bundle-utilization
- show port-channel summary
- show vlan
- shutdown
- speed (Management)
- switchport access vlan
- switchport mode
- switchport trunk allowed vlan
- Layer 2
- 802.1X
- Link aggregation control protocol
- Link layer discovery protocol
- Protocol data units
- Optional TLVs
- Organizationally-specific TLVs
- Media endpoint discovery
- Network connectivity device
- LLDP-MED capabilities TLV
- Network policies TLVs
- Define network policies
- Packet timer values
- Disable and re-enable LLDP
- Advertise TLVs
- Network policy advertisement
- Fast start repeat count
- View LLDP configuration
- Adjacent agent advertisements
- Time to live
- LLDP commands
- Media Access Control
- Multiple spanning-tree protocol
- Rapid per-VLAN spanning-tree plus
- Rapid spanning-tree protocol
- Virtual LANs
- Port monitoring
- Layer 3
- Border gateway protocol
- Sessions and peers
- Route reflectors
- Multiprotocol BGP
- Attributes
- Selection criteria
- Weight and local preference
- Multiexit discriminators
- Origin
- AS path and next-hop
- Best path selection
- More path support
- Advertise cost
- 4-Byte AS numbers
- AS number migration
- Configure border gateway protocol
- Enable BGP
- Configure Dual Stack
- Peer templates
- Neighbor fall-over
- Fast external fallover
- Passive peering
- Local AS
- AS number limit
- Redistribute routes
- Additional paths
- MED attributes
- Local preference attribute
- Weight attribute
- Enable multipath
- Route-map filters
- Route reflector clusters
- Aggregate routes
- Confederations
- Route dampening
- Timers
- Neighbor soft-reconfiguration
- BGP commands
- Equal cost multi-path
- IPv4 routing
- IPv6 routing
- Open shortest path first
- Object tracking manager
- Policy-based routing
- Virtual router redundancy protocol
- Border gateway protocol
- System management
- Access Control Lists
- IP ACLs
- MAC ACLs
- IP fragment handling
- L3 ACL rules
- Assign sequence number to filter
- L2 and L3 ACLs
- Assign and apply ACL filters
- Ingress ACL filters
- Egress ACL filters
- Clear access-list counters
- IP prefix-lists
- Route-maps
- Match routes
- Set conditions
- continue Clause
- ACL flow-based monitoring
- Enable flow-based monitoring
- ACL commands
- clear ip access-list counters
- clear ipv6 access-list counters
- clear mac access-list counters
- deny
- deny (IPv6)
- deny (MAC)
- deny icmp
- deny icmp (IPv6)
- deny ip
- deny ipv6
- deny tcp
- deny tcp (IPv6)
- deny udp
- deny udp (IPv6)
- description
- ip access-group
- ip access-list
- ip as-path deny
- ip as-path permit
- ip community-list standard deny
- ip community–list standard permit
- ip extcommunity-list standard deny
- ip extcommunity-list standard permit
- ip prefix-list description
- ip prefix-list deny
- ip prefix-list permit
- ip prefix-list seq deny
- ip prefix-list seq permit
- ipv6 access-group
- ipv6 access-list
- ipv6 prefix-list deny
- ipv6 prefix-list description
- ipv6 prefix-list permit
- ipv6 prefix-list seq deny
- ipv6 prefix-list seq permit
- mac access-group
- mac access-list
- permit
- permit (IPv6)
- permit (MAC)
- permit icmp
- permit icmp (IPv6)
- permit ip
- permit ipv6
- permit tcp
- permit tcp (IPv6)
- permit udp
- permit udp (IPv6)
- remark
- seq deny
- seq deny (IPv6)
- seq deny (MAC)
- seq deny icmp
- seq deny icmp (IPv6)
- seq deny ip
- seq deny ipv6
- seq deny tcp
- seq deny tcp (IPv6)
- seq deny udp
- seq deny udp (IPv6)
- seq permit
- seq permit (IPv6)
- seq permit (MAC)
- seq permit icmp
- seq permit icmp (IPv6)
- seq permit ip
- seq permit ipv6
- seq permit tcp
- seq permit tcp (IPv6)
- seq permit udp
- seq permit udp (IPv6)
- show access-group
- show access-lists
- show ip as-path-access-list
- show ip community-list
- show ip extcommunity-list
- show ip prefix-list
- Route-map commands
- continue
- match as-path
- match community
- match extcommunity
- match interface
- match ip address
- match ip next-hop
- match ipv6 address
- match ipv6 next-hop
- match metric
- match origin
- match route-type
- match tag
- route-map
- set comm-list delete
- set community
- set extcomm-list delete
- set extcommunity
- set local-preference
- set metric
- set metric-type
- set next-hop
- set origin
- set tag
- set weight
- show route-map
- Quality of service
- Configure quality of service
- Class-map configuration
- Policy-map configuration
- Ingress traffic classification
- Queue selection
- Strict priority queuing
- Class of service or dot1p classification
- Mark traffic
- Traffic metering
- Bandwidth allocation
- Service-policy rate-shaping
- Policy-based rate-policing
- Storm control
- Control-plane policing
- Queue management
- Verify configuration
- Egress queue statistics
- QoS commands
- bandwidth
- class
- class-map
- clear interface
- clear qos statistics
- clear qos statistics type
- control-plane
- flowcontrol
- match
- match cos
- match dscp
- match precedence
- match queue
- match vlan
- pause
- police
- policy-map
- priority
- qos-group dot1p
- qos-group dscp
- queue qos-group
- random-detect
- service-policy
- set cos
- set dscp
- set qos-group
- shape
- show class-map
- show control-plane info
- show control-plane statistics
- show qos interface
- show policy-map
- show qos control-plane
- show qos egress bufffers interface
- show egress buffer-stats interface
- show qos ingress buffers interface
- show ingress buffer-stats interface
- show qos system
- show qos system buffers
- show qos maps
- system qos
- trust
- trust dot1p-map
- trust dscp-map
- qos-map traffic-class
- trust-map
- Virtual link trunking
- Converged data center services
- sFlow
- Troubleshoot OS10
- Support resources
Session and VLAN requirements
Remote port monitoring requires a source session (monitored ports on dierent source devices), a reserved tagged VLAN for transporting
monitored trac (congured on source, intermediate, and destination devices), and a destination session (destination ports connected to
analyzers on destination devices).
• Congure any network device with source ports and destination ports and enable it to function in an intermediate transport session for
a reserved VLAN at the same time for multiple remote port monitoring sessions. Enable and disable individual monitoring sessions.
• A remote port monitoring session mirrors monitored trac by prexing the reserved VLAN tag to monitored packets to transmit using
the reserved VLAN.
• The source address, destination address, and original VLAN ID of the mirrored packet are prexed with the tagged VLAN header.
Untagged source packets are tagged with the reserved VLAN ID.
• The member port of the reserved VLAN must have the MTU and IPMTU value as MAX+4 (to hold the VLAN tag parameter).
• To associate with source session, the reserved VLAN can have a maximum of four member ports.
• To associate with destination session, the reserved VLAN can have multiple member ports.
• The reserved VLAN cannot have untagged ports.
Reserved L2 VLAN
• MAC address learning in the reserved VLAN is automatically disabled.
• There is no restriction on the VLAN IDs used for the reserved remote monitoring VLAN. Valid VLAN IDs are from 2 to 4093. The default
VLAN ID is not supported.
• In monitored trac, packets that have the same destination MAC address as an intermediate or destination device in the path used by
the reserved VLAN to transport the mirrored trac are dropped by the device that receives the trac if the device has a L3 VLAN
congured.
Source session
• Congure physical ports and port-channels as sources in remote port monitoring and use them in the same source session. You can use
both L2 (congured with the switchport command) and L3 ports as source ports. Optionally congure one or more source VLANs
to congure the VLAN trac to be monitored on source ports.
• Use the default VLAN and native VLANs as a source VLAN.
• You cannot congure the dedicated VLAN used to transport mirrored trac as a source VLAN.
Restrictions
• When you use a source VLAN, enable ow-based monitoring (flow-based enable).
• In a source VLAN, only received (rx) trac is monitored.
• In S5148F-ON, only received (rx) trac is monitored.
• You cannot congure a source port-channel or source VLAN in a source session if the port-channel or VLAN has a member port
congured as a destination port in a remote port monitoring session.
• You cannot use a destination port for remote port monitoring as a source port, including the session the port functions as the
destination port.
• The reserved VLAN used to transport mirrored trac must be a L2 VLAN — L3 VLANs are not supported.
Congure remote port monitoring
Remote port monitoring requires a source interface (monitored ports on dierent source network devices) and a reserved tagged VLAN for
transporting mirrored trac (congured on the source, intermediate, and destination devices).
1 Create a remote monitoring session in CONFIGURATION mode.
monitor session session-id type rspan-source
186
Layer 2