AS5800-EC Series CLI Reference Guide R02
Table Of Contents
- How to Use This Guide
- Contents
- Figures
- Tables
- Getting Started
- Command Line Interface
- Using the Command Line Interface
- General Commands
- System Management Commands
- SNMP Commands
- Remote Monitoring Commands
- Authentication Commands
- General Security Measures
- Port Security
- Network Access (MAC Address Authentication)
- network-access aging
- network-access mac-filter
- mac-authentication reauth-time
- network-access dynamic-qos
- network-access dynamic-vlan
- network-access guest-vlan
- network-access link-detection
- network-access link- detection link-down
- network-access link- detection link-up
- network-access link- detection link-up- down
- network-access max- mac-count
- network-access mode mac-authentication
- network-access port- mac-filter
- mac-authentication intrusion-action
- mac-authentication max-mac-count
- clear network-access
- show network-access
- show network-access mac-address-table
- show network-access mac-filter
- Web Authentication
- DHCPv4 Snooping
- ip dhcp snooping
- ip dhcp snooping information option
- ip dhcp snooping information option encode no-subtype
- ip dhcp snooping information option remote-id
- ip dhcp snooping information policy
- ip dhcp snooping limit rate
- ip dhcp snooping verify mac-address
- ip dhcp snooping vlan
- ip dhcp snooping information option circuit-id
- ip dhcp snooping trust
- clear ip dhcp snooping binding
- clear ip dhcp snooping database flash
- ip dhcp snooping database flash
- show ip dhcp snooping
- show ip dhcp snooping binding
- DHCPv6 Snooping
- ipv6 dhcp snooping
- ipv6 dhcp snooping option remote-id
- ipv6 dhcp snooping option remote-id policy
- ipv6 dhcp snooping vlan
- ipv6 dhcp snooping max-binding
- ipv6 dhcp snooping trust
- clear ipv6 dhcp snooping binding
- clear ipv6 dhcp snooping statistics
- show ipv6 dhcp snooping
- show ipv6 dhcp snooping binding
- show ipv6 dhcp snooping statistics
- IPv4 Source Guard
- IPv6 Source Guard
- IPv6 Source Guard
- ARP Inspection
- ip arp inspection
- ip arp inspection filter
- ip arp inspection log-buffer logs
- ip arp inspection validate
- ip arp inspection vlan
- ip arp inspection limit
- ip arp inspection trust
- show ip arp inspection configuration
- show ip arp inspection interface
- show ip arp inspection log
- show ip arp inspection statistics
- show ip arp inspection vlan
- Port-based Traffic Segmentation
- Access Control Lists
- Interface Commands
- Link Aggregation Commands
- Port Mirroring Commands
- Congestion Control Commands
- Loopback Detection Commands
- UniDirectional Link Detection Commands
- Address Table Commands
- Spanning Tree Commands
- spanning-tree
- spanning-tree forward-time
- spanning-tree hello-time
- spanning-tree max-age
- spanning-tree mode
- spanning-tree pathcost method
- spanning-tree priority
- spanning-tree mst configuration
- spanning-tree transmission-limit
- max-hops
- mst priority
- mst vlan
- name
- revision
- spanning-tree bpdu-filter
- spanning-tree bpdu-guard
- spanning-tree cost
- spanning-tree edge-port
- spanning-tree link-type
- spanning-tree mst cost
- spanning-tree mst port-priority
- spanning-tree port-priority
- spanning-tree root-guard
- spanning-tree spanning-disabled
- spanning-tree tc-prop-stop
- spanning-tree protocol-migration
- show spanning-tree
- show spanning-tree mst configuration
- VLAN Commands
- Class of Service Commands
- Priority Commands (Layer 2)
- Priority Commands (Layer 3 and 4)
- qos map phb-queue
- qos map cos-dscp
- qos map default-drop- precedence
- qos map dscp-cos
- qos map dscp-mutation
- qos map ip-port-dscp
- qos map ip-prec-dscp
- qos map trust-mode
- show qos map cos-dscp
- show map default- drop-precedence
- show map dscp-cos
- show qos map dscp- mutation
- show qos map ip-port-dscp
- show qos map ip-prec-dscp
- show qos map phb-queue
- show qos map trust-mode
- Quality of Service Commands
- Data Center Bridging Commands
- Multicast Filtering Commands
- IGMP Snooping
- ip igmp snooping
- ip igmp snooping priority
- ip igmp snooping proxy-reporting
- ip igmp snooping querier
- ip igmp snooping router-alert-option- check
- ip igmp snooping router-port-expire- time
- ip igmp snooping tcn-flood
- ip igmp snooping tcn-query-solicit
- ip igmp snooping unregistered-data- flood
- ip igmp snooping unsolicited-report- interval
- ip igmp snooping version
- ip igmp snooping version-exclusive
- ip igmp snooping vlan general-query- suppression
- ip igmp snooping vlan immediate-leave
- ip igmp snooping vlan last-memb-query- count
- ip igmp snooping vlan last-memb-query- intvl
- ip igmp snooping vlan mrd
- ip igmp snooping vlan proxy-address
- ip igmp snooping vlan query-interval
- ip igmp snooping vlan query-resp-intvl
- ip igmp snooping vlan static
- clear ip igmp snooping groups dynamic
- clear ip igmp snooping statistics
- show ip igmp snooping
- show ip igmp snooping group
- show ip igmp snooping mrouter
- show ip igmp snooping statistics
- Static Multicast Routing
- IGMP Filtering and Throttling
- ip igmp filter (Global Configuration)
- ip igmp profile
- permit, deny
- range
- ip igmp authentication
- ip igmp filter (Interface Configuration)
- ip igmp max-groups
- ip igmp max-groups action
- ip igmp query-drop
- show ip igmp authentication
- show ip igmp filter
- show ip igmp profile
- show ip igmp query-drop
- show ip igmp throttle interface
- MLD Snooping
- ipv6 mld snooping
- ipv6 mld snooping querier
- ipv6 mld snooping query-interval
- ipv6 mld snooping query-max-response- time
- ipv6 mld snooping robustness
- ipv6 mld snooping router-port-expire- time
- ipv6 mld snooping unknown-multicast mode
- ipv6 mld snooping version
- ipv6 mld snooping vlan immediate-leave
- ipv6 mld snooping vlan mrouter
- ipv6 mld snooping vlan static
- clear ipv6 mld snooping groups dynamic
- clear ipv6 mld snooping statistics
- show ipv6 mld snooping
- show ipv6 mld snooping group
- show ipv6 mld snooping group source-list
- show ipv6 mld snooping mrouter
- IGMP (Layer 3)
- IGMP Proxy Routing
- MLD (Layer 3)
- MLD Proxy Routing
- IGMP Snooping
- LLDP Commands
- lldp
- lldp holdtime- multiplier
- lldp med-fast-start- count
- lldp notification- interval
- lldp refresh-interval
- lldp reinit-delay
- lldp tx-delay
- lldp admin-status
- lldp basic-tlv management-ip- address
- lldp basic-tlv port-description
- lldp basic-tlv system-capabilities
- lldp basic-tlv system-description
- lldp basic-tlv system-name
- lldp dcbx-tlv ets-config
- lldp dcbx-tlv ets-recommend
- lldp dcbx-tlv pfc-config
- lldp dot1-tlv proto-ident
- lldp dot1-tlv proto-vid
- lldp dot1-tlv pvid
- lldp dot1-tlv vlan-name
- lldp dot3-tlv link-agg
- lldp dot3-tlv mac-phy
- lldp dot3-tlv max-frame
- lldp med-location civic-addr
- lldp med-notification
- lldp med-tlv inventory
- lldp med-tlv location
- lldp med-tlv med-cap
- lldp med-tlv network- policy
- lldp notification
- show lldp config
- show lldp info local-device
- show lldp info remote-device
- show lldp info statistics
- CFM Commands
- Defining CFM Structures
- ethernet cfm ais level
- ethernet cfm ais ma
- ethernet cfm ais period
- ethernet cfm ais suppress alarm
- ethernet cfm domain
- ethernet cfm enable
- ma index name
- ma index name-format
- ethernet cfm mep
- ethernet cfm port-enable
- clear ethernet cfm ais mpid
- show ethernet cfm configuration
- show ethernet cfm md
- show ethernet cfm ma
- show ethernet cfm maintenance-points local
- show ethernet cfm maintenance-points local detail mep
- show ethernet cfm maintenance-points remote detail
- Continuity Check Operations
- Cross Check Operations
- Link Trace Operations
- Loopback Operations
- Fault Generator Operations
- Delay Measure Operations
- Defining CFM Structures
- Domain Name Service Commands
- DHCP Commands
- IP Interface Commands
- IPv4 Interface
- IPv6 Interface
- ND Snooping
- ipv6 nd snooping
- ipv6 nd snooping auto-detect
- ipv6 nd snooping auto-detect retransmit count
- ipv6 nd snooping auto-detect retransmit interval
- ipv6 nd snooping prefix timeout
- ipv6 nd snooping max-binding
- ipv6 nd snooping trust
- clear ipv6 nd snooping binding
- clear ipv6 nd snooping prefix
- show ipv6 nd snooping
- show ipv6 nd snooping binding
- show ipv6 nd snooping prefix
- VRRP Commands
- IP Routing Commands
- Global Routing Configuration
- IPv4 Commands
- ECMP Commands
- ecmp load-balance
- hash-selection list
- maximum-paths
- dst-mac (MAC Hash)
- ethertype (MAC Hash)
- src-mac (MAC Hash)
- vlan (MAC Hash)
- dst-ip (IPv4 Hash)
- dst-l4-port (IPv4 Hash)
- protocol-id (IPv4 Hash)
- src-ip (IPv4 Hash)
- src-l4-port (IPv4 Hash)
- vlan (IPv4 Hash)
- collapsed-dst-ip (IPv6 Hash)
- collapsed-src-ip (IPv6 Hash)
- dst-l4-port (IPv6 Hash)
- next-header (IPv6 Hash)
- src-l4-port (IPv6 Hash)
- vlan (IPv6 Hash)
- show ecmp load-balance
- show hash-selection list
- IPv6 Commands
- Routing Information Protocol (RIP)
- router rip
- default-information originate
- default-metric
- distance
- maximum-prefix
- neighbor
- network
- passive-interface
- redistribute
- timers basic
- version
- ip rip authentication mode
- ip rip authentication string
- ip rip receive version
- ip rip receive-packet
- ip rip send version
- ip rip send-packet
- ip rip split-horizon
- clear ip rip route
- show ip protocols rip
- show ip rip
- Open Shortest Path First (OSPFv2)
- Open Shortest Path First (OSPFv3)
- Border Gateway Protocol (BGPv4)
- BGP Overview
- External and Internal BGP
- BGP Routing Basics
- Internal BGP Scalability
- Route Flap Dampening
- BGP Command List
- General Configuration
- router bgp
- ip as-path access-list
- ip community-list
- ip extcommunity-list
- ip prefix-list
- aggregate-address
- bgp client-to-client reflection
- bgp cluster-id
- bgp confederation identifier
- bgp confederation peer
- bgp dampening
- bgp enforce-first-as
- bgp fast-external- failover
- bgp log-neighbor- changes
- bgp network import-check
- bgp router-id
- bgp scan-time
- network
- redistribute
- timers bgp
- clear ip bgp
- clear ip bgp dampening
- Route Metrics and Selection
- Neighbor Configuration
- neighbor activate
- neighbor advertisement- interval
- neighbor allowas-in
- neighbor attribute- unchanged
- neighbor capability dynamic
- neighbor capability orf prefix-list
- neighbor default- originate
- neighbor description
- neighbor distribute- list
- neighbor dont- capability-negotiate
- neighbor ebgp- multihop
- neighbor enforce- multihop
- neighbor filter-list
- neighbor interface
- neighbor maximum- prefix
- neighbor next-hop- self
- neighbor override- capability
- neighbor passive
- neighbor password
- neighbor peer-group (Creating)
- neighbor peer-group (Group Members)
- neighbor port
- neighbor prefix-list
- neighbor remote-as
- neighbor remove- private-as
- neighbor route-map
- neighbor route- reflector-client
- neighbor route- server-client
- neighbor send- community
- neighbor shutdown
- neighbor soft- reconfiguration inbound
- neighbor strict- capability-match
- neighbor timers
- neighbor timers connect
- neighbor unsuppress- map
- neighbor update- source
- neighbor weight
- Display Information
- show ip bgp
- show ip bgp attribute-info
- show ip bgp cidr-only
- show ip bgp community
- show ip bgp community-info
- show ip bgp community-list
- show ip bgp dampening
- show ip bgp filter-list
- show ip bgp neighbors
- show ip bgp paths
- show ip bgp prefix-list
- show ip bgp regexp
- show ip bgp route-map
- show ip bgp scan
- show ip bgp summary
- show ip community-list
- show ip extcommunity-list
- show ip prefix-list
- show ip prefix-list detail
- show ip prefix-list summary
- show ip protocols bgp
- General Configuration
- Policy-based Routing for BGP
- route-map
- call
- continue
- description
- match as-path
- match community
- match extcommunity
- match ip address
- match ip next-hop
- match ip route-source
- match metric
- match origin
- match pathlimit
- match peer
- on-match
- set aggregator as
- set as-path
- set atomic-aggregate
- set comm-list delete
- set community
- set extcommunity
- set ip next-hop
- set local-preference
- set metric
- set origin
- set originator-id
- set pathlimit ttl
- set weight
- show route-map
- Global Routing Configuration
- Multicast Routing Commands
- Appendices
- Glossary
- List of CLI Commands
- Index
Chapter 19
| VLAN Commands
Configuring VxLAN Tunneling
– 490 –
packet is stripped of its encapsulating headers and passed on to the destination
VM.
In addition to forwarding the packet to the destination VM, the remote VTEP learns
the mapping from inner source MAC to outer source IP address. It stores this
mapping in the bridge lookup table so that when the destination VM sends a
response packet, there is no need for “unknown destination” flooding of the
response packet.
Determining the MAC address of a destination VM prior to transmission by the
source VM is performed as with non-VXLAN environments. Broadcast frames are
used but are encapsulated within a multicast packet.
Broadcast Communication and Mapping to Multicast
Consider the VM on the source host attempting to communicate with the
destination VM using IP as it normally would. Assuming that they are both on the
same subnet, the VM sends out an ARP broadcast frame. In this non-VXLAN
environment, this frame would be sent out using MAC broadcast across all switches
carrying that VLAN.
With VXLAN, a header including the VXLAN VNI is inserted at the beginning of the
packet along with the outer IP header and outer UDP header. However, this
broadcast packet is sent out to the IP multicast group on which that VXLAN overlay
network is realized.
To effect this, we need to have a mapping between the VXLAN VNI and the IP
multicast group that it will use. (This information must be configured using the
vxlan flood command.) Using this mapping, the VTEP can provide IGMP
membership reports to the upstream switch/router to join/leave the VXLAN-related
IP multicast groups as needed. This will enable pruning of the leaf nodes for specific
multicast traffic addresses based on whether a member is available on this host
using the specific multicast address. In addition, use of multicast routing protocols
like Protocol Independent Multicast - Sparse Mode (PIM-SM) will provide efficient
multicast trees within the Layer 3 network
The destination VM sends a standard ARP response using IP unicast. This frame is
encapsulated and sent back to the VTEP connecting to the originating VM using IP
unicast VXLAN encapsulation. This is possible since the mapping of the ARP
response’s destination MAC to the VTEP IP was learned earlier through the ARP
request.
Note that multicast frames and “unknown MAC destination” frames are also sent
using the multicast tree, similar to the broadcast frames.
Table 93: VxLAN Tunneling Commands
Command Function Mode
vxlan udp-dst-port Configures the VXLAN UDP destination port GC
vxlan flood Configures remote VXLAN tunnel endpoint (VTEP) when
received packet fails bridge table lookup
GC
vxlan vlan vni Associates a VLAN ID with a virtual network identifier (VNI) GC