Dell Force10 Configuration Guide for the MXL 10/40GbE Switch IO Module Publication Date: March 2013
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Information in this publication is subject to change without notice. © 2013 Dell Force10. All rights reserved.
1 About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com 4 Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Configure Privilege Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51 Create a Custom Privilege Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51 Removing a Command from EXEC Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Layer 4 ACL Rules Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75 Configure a Standard IP ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76 Configure an Extended IP ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78 Configure Filters with a Sequence Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79 Configure Filters Without a Sequence Number . . . . . . . . . . .
www.dell.com | support.dell.com View CAM-ACL Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 CAM Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 4 8 Data Center Bridging (DCB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Ethernet Enhancements in Data Center Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9 Dynamic Host Configuration Protocol (DHCP) . . . . . . . . . . . . . . . . . . . . . . . . . . 159 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 DHCP Packet Format and Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160 Assigning an IP Address Using DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161 Implementation Information . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com DHCP MAC Source Address Validation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185 IP+MAC Source Address Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185 10 FIP Snooping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 Fibre Channel over Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enabling IGMP Immediate-leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216 Disabling Multicast Flooding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217 Specifying a Port as Connected to a Multicast Router . . . . . . . . . . . . . . . . . . . . . .217 Configuring the Switch as Querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217 Adjusting the Last Member Query Interval . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Exclude a Smaller Port Range. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240 Overlap Port Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240 Commas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240 Add Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ARP Learning via Gratuitous ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269 ARP Learning via ARP Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .270 Configurable ARP Retries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .270 Internet Control Message Protocol (ICMP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .271 Configuration Task List for ICMP . . . . . .
www.dell.com | support.dell.com LACP Basic Configuration Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .294 Configuring a LAG on ALPHA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .295 Summary of the Configuration on ALPHA . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299 Summary of the Configuration on BRAVO. . . . . . . . . . . . . . . . . . . . . . . . . . . . .300 17 Layer 2. . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Transmit and Receive Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .328 Configuring a Time to Live . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .329 Debugging LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .330 Relevant Management Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365 Configuration Task List for OSPFv2 (OSPF for IPv4) . . . . . . . . . . . . . . . . . . . . . . .366 Enable OSPFv2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .366 Enable Multi-Process OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .368 Assign an OSPFv2 area . . . . . .
Modify Global PVST+ Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .407 Enable BPDU Filtering globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .408 Modify Interface PVST+ Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .409 Configure an EdgePort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .410 PVST+ in Multi-vendor Networks . . . .
www.dell.com | support.dell.com Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .436 Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .436 Configuration Task List for RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .436 Enable RIP Globally. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
28 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473 AAA Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473 Configuration Task List for AAA Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .473 Enable AAA Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Using SCP with SSH to Copy a Software Image . . . . . . . . . . . . . . . . . . . . . . . . . .495 Secure Shell Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .496 Important Points to Remember for SSH Authentication. . . . . . . . . . . . . . . . . . .496 SSH Authentication by Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .496 RSA Authentication of SSH . . . . . . . . . . . . . . . . . . . . . .
Configure Contact and Location Information Using SNMP . . . . . . . . . . . . . . . . . . . . . .521 Subscribe to Managed Object Value Updates using SNMP . . . . . . . . . . . . . . . . . . . . .522 Copy Configuration Files Using SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .525 Manage VLANs Using SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .531 Create a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Merging Two Stacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .558 Splitting a Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .559 Managing Redundant Stack Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .559 Reset a Unit on a Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Root Guard Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .592 SNMP Traps for Root Elections and Topology Changes . . . . . . . . . . . . . . . . . . . . . . . .592 Displaying STP Guard Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .593 34 System Time and Date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 595 Network Time Protocol . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com VLANs and Port Tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .625 Configuration Task List for VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .626 Create a Port-Based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .626 Assign Interfaces to a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .627 Assign an IP Address to a VLAN . .
Displaying Drop Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .662 Dataplane Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .664 Displaying Stack Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .666 Displaying Stack Member Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .666 Application Core Dumps . . . . . . . . . . . . . . .
22 | www.dell.com | support.dell.
1 About this Guide Objectives This guide describes the supported protocols and software features, and provides configuration instructions and examples, for the Dell Force10 MXL 10/40GbE Switch IO Module running FTOS version 8.3.16.4. The MXL 10/40GbE Switch IO Module is installed in a Dell PowerEdge M1000e Enclosure. For information about how to install and perform the initial switch configuration, refer to the Getting Started Guides on the Dell Support website at http://support.dell.com/manuals.
www.dell.com | support.dell.com Conventions This document uses the following conventions to describe command syntax: Convention Description keyword Keywords are in bold and must be entered in the CLI as listed. parameter Parameters are in italics and require a number or word to be entered in the CLI. {X} Keywords and parameters within braces must be entered in the CLI. [X] Keywords and parameters within brackets are optional.
2 Configuration Fundamentals The Dell Force10 operating software (FTOS) command line interface (CLI) is a text-based interface through which you can configure interfaces and protocols. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels. In FTOS, after you enable a command, it is entered into the running configuration file.
www.dell.com | support.dell.com CLI Modes Different sets of commands are available in each mode. A command found in one mode cannot be executed from another mode (with the exception of EXEC mode commands preceded by the command do; for more information, refer to The do Command and EXEC Privilege Mode commands). You can set user access rights to commands and command modes using privilege levels; for more information about privilege levels and security options, refer to Security.
Figure 2-2. CLI Modes in FTOS Navigating CLI Modes The FTOS prompt changes to indicate the CLI mode. Table 2-1 lists the CLI mode, its prompt, and information about how to access and exit this CLI mode. You must move linearly through the command modes, with the exception of the end command, which takes you directly to EXEC Privilege mode and the exit command moves you up one command mode level.
www.dell.com | support.dell.com Table 2-1. FTOS Command Modes CLI Command Mode Prompt Access Command CONFIGURATION FTOS(conf)# • • From EXEC privilege mode, enter the command configure. From every mode except EXEC and EXEC Privilege, enter the command exit.
Table 2-1.
www.dell.com | support.dell.com Figure 2-4.
Layer 2 protocols are disabled by default. Enable them using the no disable command. For example, in PROTOCOL SPANNING TREE mode, enter no disable to enable Spanning Tree. Obtaining Help Obtain a list of keywords and a brief functional description of those keywords at any CLI mode using the ? or help commands: • Enter ? at the prompt or after a keyword to list the keywords available in the current mode. • ? after a prompt lists all of the available keywords.
www.dell.com | support.dell.com Entering and Editing Commands When entering commands: • • Table 2-2. 32 | The CLI is not case sensitive. You can enter partial CLI keywords. • You must enter the minimum number of letters to uniquely identify a command. For example, cl cannot be entered as a partial keyword because both the clock and class-map commands begin with the letters “cl.” You can, however, enter clo as a partial keyword because only one command begins with those three letters.
Command History FTOS maintains a history of previously-entered commands for each mode. For example: • • When you are in EXEC mode, the UP and DOWN arrow keys display the previously-entered EXEC mode commands. When you are in CONFIGURATION mode, the UP or DOWN arrows keys recall the previously-entered CONFIGURATION mode commands.
www.dell.com | support.dell.com • displays text that does not match the specified text. Figure 2-10 shows this command used in combination with the do show stack-unit all stack-ports all pfc details | except 0 command. except Figure 2-10.
Multiple Users in Configuration Mode FTOS notifies all users in the event that there are multiple users logged into CONFIGURATION mode. A warning message indicates the username, type of connection (console or vty), and in the case of a vty connection, the IP address of the terminal on which the connection was established.
36 | Configuration Fundamentals www.dell.com | support.dell.
3 Getting Started This chapter contains the following major sections: • • • • • • • • • • Console access Boot Process Default Configuration Configure a Host Name Access the System Remotely Configure the Enable Password Configuration File Management File System Management View the Command History Upgrading and Downgrading FTOS When the boot process is complete, the console monitor displays the Dell Force10 operating software (FTOS) banner and EXEC mode prompt (Figure 3-2).
www.dell.com | support.dell.com Figure 3-1.
For the console port piMnout, refer to Table 3-1. To access the console port, follow these steps. Step Task 1 Connect the USB connector to the front panel. Use the RS-232 Serial Line cable to connect the MXL 10/40GbE Switch IO Module console port to a terminal server. 2 Connect the other end of the cable to the DTE terminal server.
www.dell.com | support.dell.com Figure 3-2. Completed Boot Process syncing disks... done unmounting file systems... unmounting /f10/flash (/dev/ld0e)... unmounting /usr (mfs:31)... unmounting /lib (mfs:23)... unmounting /f10 (mfs:20)... unmounting /tmp (mfs:15)... unmounting /kern (kernfs)... unmounting / (/dev/md0a)... done rebooting... NetLogic XLP Stage 1 Loader Built by build at tools-sjc-01 on Thu May 31 23:53:38 2012 IOM Boot Selector Label 4.0.0.
Figure 3-3. Completed Boot Process (Contd.) DRAM: 2 GB Initialized CPLD on CS3 Detected [XLP308 (Lite+) Rev A0] Initializing I2C0: speed = 30 KHz, prescaler = 0x0377 -- done. Initializing I2C1: speed = 100 KHz, prescaler = 0x0109 -- done. Initialized eMMC Host Controller Detected SD Card Now running in RAM - U-Boot [N64 ABI, Big-Endian] at: ffffffff8c100000 Flash: 256 MB PCIE (B0:D01:F0) : Link up. PCIE (B0:D01:F1) : No Link.
www.dell.com | support.dell.com Default Configuration A version of FTOS is pre-loaded onto the chassis; however, the system is not configured when you power up for the first time (except for the default hostname, which is FTOS). You must configure the system using the CLI. Configure a Host Name The host name appears in the prompt. The default host name is FTOS. • • Host names must start with a letter and end with a letter or digit. Characters within the string can be letters, digits, and hyphens.
3. Configure a username and password. Refer to Configure a Username and Password. Configure the Management Port IP Address Assign IP addresses to the management ports in order to access the system remotely. To configure the management port IP address, follow these steps: Step 1 2 3 Task Command Syntax Command Mode Enter INTERFACE mode for the Management port. interface ManagementEthernet slot/port CONFIGURATION Assign an IP address to the interface.
www.dell.com | support.dell.com Configure a Username and Password Configure a system username and password to access the system remotely. To configure a username and password, follow this step: Step 1 Task Command Syntax Command Mode Configure a username and password to access the system remotely. username username password [encryption-type] password encryption-type specifies how you are inputting the CONFIGURATION password, is 0 by default, and is not required.
Configuration File Management You can store on and access files from various storage media. Rename, delete, and copy files on the system from EXEC Privilege mode. Note: Using flash memory cards in the system that have not been approved by Dell Force10 can cause unexpected system behavior, including a reboot. Copy Files to and from the System The command syntax for copying files is similar to UNIX. The copy command uses the format copy source-file-url destination-file-url.
www.dell.com | support.dell.com Figure 3-5 shows an example of using the copy command to save a file to an FTP server. Figure 3-5. Copying a file to a Remote System Local Location Remote Location FTOS#copy flash://FTOS-EF-8.2.1.0.bin ftp://myusername:mypassword@10.10.10.10//FTOS/FTOS-EF-8.2.1.
Task Command Syntax Command Mode Save the running-configuration to: the startup-configuration on the internal flash copy running-config startup-config the usb flash on the IOM copy running-config usbflash://filename an FTP server copy running-config ftp:// username:password@{hostip | hostname}/filepath/ filename a TFTP server copy running-config tftp://{hostip | hostname}/filepath/ filename an SCP server copy running-config scp:// username:password@{hostip | hostname}/filepath/ filename EXEC Pr
www.dell.com | support.dell.com Figure 3-7.
Figure 3-8. Tracking Changes with Configuration Comments FTOS#show running-config Current Configuration ... Current Configuration ... ! Version E8-3-16-0 ! Last configuration change at Tue Mar 6 11:51:50 2012 by default ! Startup-config last updated at Tue Mar 6 07:41:23 2012 by default ! boot system stack-unit 5 primary tftp://10.11.200.241/dt-m1000e-3-a2 boot system stack-unit 5 secondary system: B: boot system stack-unit 5 default tftp://10.11.200.241/dt-m1000e-3-b2 boot system gateway 10.11.209.
www.dell.com | support.dell.com You can change the default storage location to the USB Flash (Figure 3-10). File management commands then apply to the USB Flash rather than the internal Flash. Figure 3-10. Alternative Storage Location FTOS#cd usbflash: FTOS#copy running-config test ! 3998 bytes successfully copied No File System Specified FTOS#dir Directory of usbflash: 1 drwx 2 drwx 3 -rwx 4 -rwx 4096 Jan 01 1980 00:00:00 +00:00 . 2048 May 02 2012 07:05:06 +00:00 ..
4 Management This chapter explains the different protocols or services used to manage the Dell Force10 system including: • • • • • • • Configure Privilege Levels Configure Logging File Transfer Services Terminal Lines Lock CONFIGURATION Mode Recovering from a Forgotten Password Recovering from a Failed Start Configure Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 15 privilege levels, of which two are pre-defined. The default privilege level is 1.
www.dell.com | support.dell.com Removing a Command from EXEC Mode Remove a command from the list of available commands in EXEC mode for a specific privilege level using the privilege exec command from CONFIGURATION mode. In the command, specify a level greater than the level given to a user or terminal line, followed by the first keyword of each command to be restricted.
Task Command Syntax Command Mode Allow access to INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode. Specify all keywords in the command. privilege configure level level {interface | line | route-map | router} {command-keyword ||...|| command-keyword} CONFIGURATION Allow access to a CONFIGURATION, INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode command. privilege {configure |interface | line | route-map | router} level level {command ||...
www.dell.com | support.dell.com Figure 4-1.
To set a privilege level for a user: Task Command Syntax Command Mode Configure a privilege level for a user. username username privilege level CONFIGURATION Apply a Privilege Level to a Terminal Line To set a privilege level for a terminal line: Task Command Syntax Command Mode Configure a privilege level for a terminal line.
www.dell.com | support.dell.com Disable System Logging By default, logging is enabled and log messages are sent to the logging buffer, all terminal lines, console, and syslog servers. To enable and disable system logging: Task Command Syntax Command Mode Disable all logging except on the console. no logging on CONFIGURATION Disable logging to the logging buffer. no logging buffer CONFIGURATION Disable logging to terminal lines. no logging monitor CONFIGURATION Disable console logging.
To change the severity level of messages logged to a syslog server, use any or all of the following commands in CONFIGURATION mode: Task Command Syntax Command Mode Specify the minimum severity level for logging to the logging buffer. logging buffered level CONFIGURATION Specify the minimum severity level for logging to the console. logging console level CONFIGURATION Specify the minimum severity level for logging to terminal lines.
www.dell.com | support.dell.com Figure 4-2. show logging Command Example FTOS#show logging Syslog logging: enabled Console logging: level debugging Monitor logging: level debugging Buffer logging: level debugging, 58 Messages Logged, Size (40960 bytes) Trap logging: level informational Logging to 172.31.1.4 Logging to 172.16.1.162 Logging to 133.33.33.4 Logging to 10.10.10.4 Logging to 10.1.2.4 May 20 20:00:10: %STKUNIT0-M:CP %SYS-5-CONFIG_I: Configured from vty0 ( 10.11.68 .
Configure a UNIX Logging Facility Level You can save system log messages with a UNIX system logging facility. To configure a UNIX logging facility level, use the following command in CONFIGURATION mode: Command Syntax Command Mode Purpose logging facility [facility-type] CONFIGURATION Specify one of the following parameters.
www.dell.com | support.dell.com Synchronize log messages You can configure FTOS to filter and consolidate system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.
Enable timestamp on Syslog Messages By default, syslog messages do not include a time/date stamp stating when the error or message was created. To have FTOS include a timestamp with the syslog message, use the following command syntax in CONFIGURATION mode: Command Syntax Command Mode Purpose service timestamps [log | debug] [datetime [localtime] [msec] [show-timezone] | uptime] CONFIGURATION Add timestamp to syslog messages.
www.dell.com | support.dell.com Enable the FTP Server To enable the system as an FTP server, use the following command in CONFIGURATION mode: Command Syntax Command Mode Purpose ftp-server enable CONFIGURATION Enable FTP on the system. To view the FTP configuration, enter the show running-config ftp command in EXEC privilege mode (Figure 4-4). Figure 4-4.
Configure FTP Client Parameters To configure FTP client parameters, use the following commands in CONFIGURATION mode: Command Syntax Command Mode Purpose ip ftp source-interface interface CONFIGURATION Enter the following keywords and slot/port or number information: • For a loopback interface, enter the keyword loopback followed by a number between 0 and 16383.
www.dell.com | support.dell.com Figure 4-5. Applying an Access List to a VTY Line FTOS(conf-std-nacl)#show config ! ip access-list standard myvtyacl seq 5 permit host 10.11.0.1 FTOS(conf-std-nacl)#line vty 0 FTOS(conf-line-vty)#show config line vty 0 access-class myvtyacl FTOS Behavior: Prior to FTOS version 7.4.2.0, in order to deny access on a VTY line, you must apply an ACL and AAA authentication to the line. Then users are denied access only after they enter a username and password.
Step 3 Task Command Syntax Command Mode If you used the line authentication method in the method list you applied to the terminal line, configure a password for the terminal line. password LINE VTY lines 0-2 use a single authentication method, line (Figure 4-6). Figure 4-6.
www.dell.com | support.dell.com Figure 4-7. Configuring EXEC Timeout FTOS(conf)#line con 0 FTOS(conf-line-console)#exec-timeout 0 FTOS(conf-line-console)#show config line console 0 exec-timeout 0 0 FTOS(conf-line-console)# Telnet to Another Network Device To telnet to another device (Figure 4-8): Task Command Syntax Command Mode Telnet to the stack-unit.You do not need to configure the management port on the stack-unit to be able to telnet to it.
You can set two types of locks: auto and manual. • • Set an auto-lock using the configuration mode exclusive auto command from CONFIGURATION mode. When you set an auto-lock, every time a user is in CONFIGURATION mode, all other users are denied access. This means that you can exit to EXEC Privilege mode, and re-enter CONFIGURATION mode, without having to set the lock again. Set a manual lock using the configure terminal lock command from CONFIGURATION mode.
www.dell.com | support.dell.com You can then send any user a message using the send command from EXEC Privilege mode. Alternatively you can clear any line using the clear command from EXEC Privilege mode. If you clear a console session, the user is returned to EXEC mode. Recovering from a Forgotten Password If you configure authentication for the console and you exit out of EXEC mode or your console session times out, you are prompted to re-enter the password.
Step Task Command Syntax Command Mode 2 Power-cycle the chassis by switching off all of the power modules and then switching them back on. 3 Hit any key to abort the boot process. You enter uBoot immediately, as indicated by the => prompt. hit any key (during bootup) 4 Set the system parameters to ignore the enable password when the system reloads. setenv enablepwdignore true uBoot 5 Reload the system. reset uBoot 6 Configure a new enable password.
70 | Management www.dell.com | support.dell.
5 Access Control Lists (ACLs) This chapter describes the access control lists (ACLs), prefix lists, and route-maps.
www.dell.com | support.dell.com IP Access Control Lists (ACLs) In the Dell Force10 switch/routers, you can create two different types of IP ACLs: standard or extended. A standard ACL filters packets based on the source IP packet.
• • L3 Ingress Access list L3 Egress Access list Note: IP ACLs are supported over VLANs in Version 6.2.1.1 and higher. V ACLs and VLANs There are some differences when assigning ACLs to a VLAN rather than a physical port. For example, when using a single port-pipe, if you apply an ACL to a VLAN, one copy of the ACL entries gets installed in the ACL CAM on the port-pipe. The entry would look for the incoming VLAN in the packet.
www.dell.com | support.dell.com Figure 5-1. Using the Order Keyword in ACLs FTOS(conf)#ip access-list standard acl1 FTOS(conf-std-nacl)#permit 20.0.0.0/8 FTOS(conf-std-nacl)#exit FTOS(conf)#ip access-list standard acl2 FTOS(conf-std-nacl)#permit 20.1.1.
To deny second/subsequent fragments, use the same rules in a different order. These ACLs deny all second & subsequent fragments with destination IP 10.1.1.1 but permit the first fragment & non fragmented packets with destination IP 10.1.1.1 (Figure 5-3). Figure 5-3. Deny Second Packets FTOS(conf)#ip access-list extended ABC FTOS(conf-ext-nacl)#deny ip any 10.1.1.1/32 fragments FTOS(conf-ext-nacl)#permit ip any 10.1.1.
www.dell.com | support.dell.com Note the following when configuring ACLs with the fragments keyword. When an ACL filters packets, it looks at the fragment offset (FO) to determine whether or not it is a fragment. FO = 0 means it is either the first fragment or the packet is a non-fragment. FO > 0 means it is dealing with the fragments of the original packet.
Figure 5-6. Command Example: show ip accounting access-list FTOS#show ip accounting access ToOspf interface tengig 1/6 Standard IP access list ToOspf seq 5 deny any seq 10 deny 10.2.0.0 /16 seq 15 deny 10.3.0.0 /16 seq 20 deny 10.4.0.0 /16 seq 25 deny 10.5.0.0 /16 seq 30 deny 10.6.0.0 /16 seq 35 deny 10.7.0.0 /16 seq 40 deny 10.8.0.0 /16 seq 45 deny 10.9.0.0 /16 seq 50 deny 10.10.0.0 /16 FTOS# Figure 5-7 shows how the seq command orders the filters according to the sequence number assigned.
www.dell.com | support.dell.com Figure 5-8 shows a standard IP ACL in which the sequence numbers were assigned by FTOS. The filters were assigned sequence numbers based on the order in which they were configured (for example, the first filter was given the lowest sequence number). The show config command in IP ACCESS LIST mode displays the two filters with the sequence numbers 5 and 10. Figure 5-8. Standard IP ACL FTOS(conf-route-map)#ip access standard kigali FTOS(conf-std-nacl)#permit 10.1.0.
Configure Filters with a Sequence Number To create a filter for packets with a specified sequence number, follow these steps, starting in CONFIGURATION mode: Step 1 Command Syntax Command Mode Purpose ip access-list extended CONFIGURATION Enter the IP ACCESS LIST mode by creating an extended IP ACL. CONFIG-EXT-NACL Configure a drop or forward filter.
www.dell.com | support.dell.com To configure a filter for an extended IP ACL without a specified sequence number, use any or all of the following commands in IP ACCESS LIST mode: Command Syntax Command Mode Purpose {deny | permit} {source mask | any | host ip-address} [count [byte]] [order] [fragments] CONFIG-EXT-NACL Configure a deny or permit filter to examine IP packets.
Configuring Layer 2 and Layer 3 ACLs on an Interface You can configure both Layer 2 and Layer 3 ACLs on an interface in Layer 2 mode. If both L2 and L3 ACLs are applied to an interface, the following rules apply: • • • The packets routed by FTOS are governed by the L3 ACL only because they are not filtered against an L2 ACL. The packets switched by FTOS are first filtered by the L3 ACL, then by the L2 ACL. When packets are switched by FTOS, the egress L3 ACL does not filter the packet.
www.dell.com | support.dell.com You can apply the same ACL to different interfaces and that changes its functionality. For example, you can take ACL “ABCD”, and apply it using the in keyword and it becomes an ingress access list. If you apply the same ACL using the out keyword, it becomes an egress access list. For more information about Layer-3 interfaces, refer to Interfaces.
To view the number of packets matching an ACL that is applied to an interface, follow these steps: Step Task 1 Create an ACL that uses rules with the count option. Refer to Configure a Standard IP ACL 2 Apply the ACL as an inbound or outbound ACL on an interface. Refer to Assign an IP ACL to an Interface 3 View the number of packets matching the ACL using the show ip accounting access-list command from EXEC Privilege mode.
www.dell.com | support.dell.com Configuring Egress ACLs Configuring egress ACLs onto physical interfaces protects the system infrastructure from attack— malicious and incidental—by explicitly allowing only authorized traffic.These system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target traffic, it is a simpler implementation. Use an egress ACL when you would like to restrict egress traffic.
The Control Plane Egress Layer 3 ACL feature enhances IP reachability debugging by implementing control-plane ACLs for CPU-generated and CPU-forwarded traffic. Using permit rules with the count option, you can track on a per-flow basis whether CPU-generated and CPU-forwarded packets were transmitted successfully.. Task Command Syntax Command Mode Apply Egress ACLs to IPv4 system traffic.
www.dell.com | support.dell.com The following rules apply to prefix lists: • • • A prefix list without any permit or deny filters allows all routes. An “implicit deny” is assumed (that is, the route is dropped) for all route prefixes that do not match a permit or deny filter in a configured prefix list. After a route matches a filter, the filter’s action is applied. No additional filters are applied to the route.
If you want to forward all routes that do not match the prefix list criteria, you must configure a prefix list filter to permit all routes (permit 0.0.0.0/0 le 32). The “permit all” filter must be the last filter in your prefix list. To permit the default route only, enter permit 0.0.0.0/0. Figure 5-15 shows how the seq command orders the filters according to the sequence number assigned.
www.dell.com | support.dell.com Figure 5-16 shows a prefix list in which the sequence numbers were assigned by the software. The filters were assigned sequence numbers based on the order in which they were configured (for example, the first filter was given the lowest sequence number). The show config command in PREFIX LIST mode displays the two filters with the sequence numbers 5 and 10. Figure 5-16. Prefix List FTOS(conf-nprefixl)#permit 123.23.0.0 /16 FTOS(conf-nprefixl)#deny 133.24.56.
Use a Prefix List for Route Redistribution To pass traffic through a configured prefix list, you must use the prefix list in a route redistribution command. The prefix list is applied to all traffic redistributed into the routing process and the traffic is either forwarded or dropped depending on the criteria and actions specified in the prefix list.
www.dell.com | support.dell.com To view the configuration, use the show config command in the ROUTER OSPF mode (Figure 5-20) or the show running-config ospf command in EXEC mode. Figure 5-20. Command Example: show config in ROUTER OSPF Mode FTOS(conf-router_ospf)#show config ! router ospf 34 network 10.2.1.1 255.255.255.255 area 0.0.0.1 distribute-list prefix awe in FTOS(conf-router_ospf)# ACL Resequencing ACL Resequencing allows you to re-number the rules and remarks in an access or prefix list.
Resequencing an ACL or Prefix List Resequencing is available for IPv4 ACLs, prefix lists, and MAC ACLs. To resequence an ACL or prefix list, use the appropriate command in Table 5-4. When using these commands, you must specify the list name, starting number, and increment. Table 5-4.
www.dell.com | support.dell.com Figure 5-22. Resequencing Remarks FTOS(conf-ext-nacl)# show config ! ip access-list extended test remark 4 XYZ remark 5 this remark corresponds to permit any host 1.1.1.1 seq 5 permit ip any host 1.1.1.1 remark 9 ABC remark 10 this remark corresponds to permit ip any host 1.1.1.2 seq 10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.
• • If no match is found in a route-map sequence, the process moves to the next route-map sequence until a match is found, or there are no more sequences. When a match is found, the packet is forwarded; no more route-map sequences are processed. • If a continue clause is included in the route-map sequence, the next or a specified route-map sequence is processed after a match is found.
www.dell.com | support.dell.com You can create multiple instances of this route map using the sequence number option to place the route maps in the correct order. FTOS processes the route maps with the lowest sequence number first. When a configured route map is applied to a command, such as redistribute, traffic passes through all instances of that route map until a match is found. Figure 5-24 shows an example with two instances of a route map. Figure 5-24.
Configure Route Map Filters Within ROUTE-MAP mode, there are match and set commands. match commands search for a certain criterion in the routes and set commands change the characteristics of those routes, either by adding something or by specifying a level. When there are multiple match commands of the same parameter under one instance of a route-map, FTOS does a match between either of those match commands.
www.dell.com | support.dell.com To configure match criterion for a route map, use any or all of the following commands in ROUTE-MAP mode: Command Syntax Command Mode Purpose match interface interface CONFIG-ROUTE-MAP Match routes whose next hop is a specific interface. The parameters are: • • • • For a loopback interface, enter the keyword loopback followed by a number between zero (0) and 16383.
Use these commands to create route map instances. There is no limit to the number of set and match commands per route map, but the convention is to keep the number of match and set filters in a route map low. Set commands do not require a corresponding match command. Configure a Route Map for Route Redistribution Route maps on their own cannot affect traffic and must be included in different commands to affect routing traffic.
www.dell.com | support.dell.com In Figure 5-28, the redistribute ospf command with a route map is used in ROUTER RIP mode to apply a tag of 34 to all internal OSPF routes that are redistributed into RIP. Figure 5-28.
Access Control Lists (ACLs) | 99
www.dell.com | support.dell.
6 Bare Metal Provisioning (BMP) Bare metal provisioning (BMP) improves accessibility to the MXL 10/40GbE Switch IO Module system. BMP performs auto configuration using a configuration file and an approved version of FTOS from a network source. BMP not only allows you to configure a stack with a minimum of effort, but it is also useful for quick configuration of a standalone system.
www.dell.com | support.dell.com Use reload mode to boot up, the system remains in the system memory. If the system undergoes an automatic reload, it reloads using the previously used mode. To use a different mode when the system reloads automatically, reboot the system in a new mode. The new mode is then retained in system memory. To view the current reload mode, use the show reload type or show bootvar command (Figure 6-1) and (Figure 6-2). Figure 6-1.
Auto-Configuration The system boot status is output to the console as the reload progresses. The messages include connections to the servers, assigned IP addresses and gateways, and the success or failure of those connections. • BMP Mode • MAC-Based IP Assignment • DHCP Configuration • IP Server • Domain Name Server • Boot Commands • System Boot and Set-Up Behavior BMP Mode BMP mode is the boot mode configured for a new system arriving from Dell Force10.
www.dell.com | support.dell.com option configfile "pt-MXLSWitchIO-12"; TFTP ##### bootfile-name could be given in the following way option bootfile-name “ftp://admin:admin@Guest-1/jumpstart”; FTP URL with DNS option bootfile-name "http://30.0.0.1/jumpstart”; HTTP URL with IP address option bootfile-name "tftp://30.0.0.1/jumpstart"; TFTP URL with IP address ) DHCP Configuration Prior to implementing BMP mode, you must update the dhcp.conf file on the appropriate DHCP server.
option routers code 3 = ip-address; subnet 30.0.0.0 netmask 255.255.0.0 { range 30.0.1.17 30.0.1.100; option tftp-server-address 30.0.0.1; (IP address) option tftp-server-address "Guest-1" (DNS) option domain-name-servers 30.0.0.1; option routers 30.0.0.14; Boot file location IP address DNS server hostname ) IP Server • Set up an IP server and ensure connectivity. The server that holds the boot and configuration files must be configured as the network source for the system.
www.dell.com | support.dell.com Boot Commands Command Syntax Command Mode Purpose reload-type jump-start auto-save dhcp-timeout minutes config-download [enable |disable] retry-count EXEC Privilege Reload the system in BMP mode. To reload in non-BMP mode, enter reload-type normal command. Enter config-download enable to download the configuration file from the DHCP server. Enter config-download disable so that the system uses the start-up configuration file on the flash.
2. The system sends DHCP Discover on all the interface up ports.
www.dell.com | support.dell.com • If there is a mismatch, the system upgrades to the downloaded version and reloads.
7 Content Addressable Memory (CAM) Content addressable memory (CAM) is a type of memory that stores information in the form of a look-up table (LUT). On Dell Force10 systems, the CAM stores Layer 2 and Layer 3 forwarding information, access-lists (ACL), flows, and routing policies.
www.dell.com | support.dell.com The ipv6acl and vman-dual-qos allocations must be entered as a factor of 2 (2, 4, 6, 8, 10). All other profile allocations can use either even or odd numbered ranges. Note: On the MXL 10/40GbE Switch IO Module, there can be only one odd number of blocks in the command line interface (CLI) configuration; the other blocks must be in factors of two. For example, a CLI configuration of 5+4+2+1+1 blocks is not supported; a configuration of 6+4+2+1 blocks is supported.
Figure 7-1. Command Example: test cam-usage FTOS#test cam-usage service-policy input pmap stack-unit all Stack-Unit | Portpipe | CAM Partition | Available CAM | Estimated CAM per Port | Status -----------------------------------------------------------------------------------------2 | 0 | L2ACL | 28 | 1 | Allowed (28) View CAM-ACL Settings View the current cam-acl settings for the system chassis and each component using the show cam-acl command (Figure 7-2). Figure 7-2.
www.dell.com | support.dell.com 112 CAM Optimization When you enable the CAM optimization command, if a policy map containing classification rules (ACL and/or dscp/ip-precedence rules) is applied to more than one physical interface on the same port-pipe, only a single copy of the policy is written (only one FP entry is used). When you disable this command, the system behaves as described in this chapter. However, enabling CAM optimization would apply a single rate policy FP entry.
8 Data Center Bridging (DCB) The data center bridging (DCB) features are supported on the MXL 10/40GbE Switch.
www.dell.com | support.dell.com Data center bridging satisfies the needs of the following types of data center traffic in a unified fabric: • • • LAN traffic consists of a large number of flows that are generally insensitive to latency requirements, while certain applications, such as streaming video, are more sensitive to latency. Ethernet functions as a best-effort network that may drop packets in case of network congestion.
Figure 8-1. Priority-Based Flow Control PFC is implemented as follows in the Dell Force10 operating software (FTOS): • • • • • • PFC is supported on specified 802.1p priority traffic (dot1p 0 to 7) and is configured per interface. However, only two lossless queues are supported on an interface: one for FCoE converged traffic and one for SCSI storage traffic. You must configure the same lossless queues on all ports.
www.dell.com | support.dell.com Although you can configure strict-priority queue scheduling for a priority group, ETS introduces flexibility that allows the bandwidth allocated to each priority group to be dynamically managed according to the amount of LAN, storage, and server traffic in a flow. Unused bandwidth in a priority-group is dynamically allocated to other priority groups for which traffic is available to be scheduled. Traffic is queued according to its 802.
Data Center Bridging Exchange Protocol (DCBX) The data center bridging exchange (DCBX) protocol is enabled by default on any switch on which PFC or ETS are enabled. DCBX allows a switch to automatically discover DCB-enabled peers and exchange configuration information. PFC and ETS use DCBX to exchange and negotiate parameters with peer devices.
www.dell.com | support.dell.com Enabling Data Center Bridging Data center bridging is enabled by default on an MXL 10/40GbE Switch to support converged enhanced Ethernet (CEE) in a data center network, and is a prerequisite for configuring: • • • • Priority-based flow control Enhanced transmission selection Data center bridging exchange protocol FCoE initialization protocol (FIP) snooping DCB processes virtual local area network (VLAN)-tagged packets and dot1p priority values.
QoS dot1p Traffic Classification and Queue Assignment DCB supports PFC, ETS, and DCBX to handle converged Ethernet traffic that is assigned to an egress queue according to the following quality of service (QoS) methods: • • Important: of two Honor dot1p: Using the service-class dynamic dot1p command in INTERFACE Configuration mode, you can honor dot1p priorities in ingress traffic at the port or global switch level (refer to Honoring dot1p Values on Ingress Packets).
www.dell.com | support.dell.com Configuring Priority-Based Flow Control Priority-based flow control provides a flow control mechanism based on the 802.1p priorities in converged Ethernet traffic received on an interface and is enabled by default. As an enhancement to the existing Ethernet pause mechanism, PFC stops traffic transmission for specified priorities (CoS values) without impacting other priority classes. Different traffic types are assigned to different priority classes.
FTOS Behavior: As soon as you apply a DCB policy with PFC enabled on an interface, DCBX starts exchanging information with PFC-enabled peers. The IEEE802.1Qbb, CEE and CIN versions of PFC TLV are supported. DCBX also validates PFC configurations received in TLVs from peer devices. If you reocnfigure the PFC priorities in an input policy and re-apply the policy to an interface, By applying a DCB input policy with PFC enabled, you enable PFC operation on ingress port traffic.
www.dell.com | support.dell.com Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is turned off and priority classes are disabled in a DCB input policy applied to the interface. The configuration of no-drop queues provides flexibility for ports on which PFC is not needed but lossless traffic should egress from the interface. Lossless traffic egresses out the no-drop queues.
Configuring the PFC Buffer in a Switch Stack In a switch stack, you must configure all stacked ports with the same PFC configuration. In addition, you must configure a separate buffer of memory allocated exclusively to a service pool accessed by queues on which priority-based control flows are mapped. These PFC-enabled queues ensure the lossless transmission of storage and server traffic.
www.dell.com | support.dell.com Configuring Enhanced Transmission Selection Enhanced transmission selection (ETS) provides a way to optimize bandwidth allocation to outbound 802.1p classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, you can create groups within an 802.1p priority class to configure different treatment for traffic with different bandwidth, latency, and best-effort needs.
Creating a QoS ETS Output Policy A QoS output policy that you create to optimize bandwidth on an output interface for specified priority traffic consists of the ETS settings used in DCBX negotiations with peer devices: • • Bandwidth percentage Queue scheduling To create a QoS output policy with ETS settings, follow these steps: Step Task Command Command Mode 1 Create a QoS output policy to configure the ETS bandwidth allocation and scheduling for priority traffic. Maximum: 32 characters.
www.dell.com | support.dell.com FTOS Behavior: Traffic in priority groups is assigned to strict-queue or WERR scheduling in an ETS output policy and is managed using the ETS bandwidth-assignment algorithm. FTOS deqeues all frames of strict-priority traffic before servicing any other queues. A queue with strict-priority traffic can starve other queues in the same port. ETS-assigned bandwidth allocation and scheduling apply only to data queues, not to control queues.
Creating an ETS Priority Group An ETS priority group specifies the range of 802.1p priority traffic to which a QoS output policy with ETS settings is applied on an egress interface. You can associate a priority group to more than one ETS output policy on different interfaces. To create a priority group for ETS, follow these steps: Step Task Command Command Mode 1 Create an ETS priority group to use with an ETS output policy. Maximum: 32 characters.
www.dell.com | support.dell.com Applying an ETS Output Policy for a Priority Group to an Interface To apply ETS on egress port traffic, you must associate a priority group with an ETS output policy which has scheduling and bandwidth configuration in a DCB output policy, and then apply the output policy to an interface. To apply ETS on egress port traffic, follow these steps: Step Task Command Command Mode 1 Create a DCB output policy to associate an ETS configuration with priority traffic.
ETS Operation with DCBX In DCBX negotiation with peer ETS devices, ETS configuration is handled as follows: • • • • • ETS TLVs are supported in DCBX versions CIN, CEE, and IEEE2.5. ETS operational parameters are determined by the DCBX port-role configurations (Configuring DCBX Operation). ETS configurations received from TLVs from a peer are validated. In case of a hardware limitation or TLV error: • DCBX operation on an ETS port goes down.
www.dell.com | support.dell.com To create a QoS output policy that allocates different amounts of bandwidth to the different traffic types/ dot1p priorities assigned to a queue and apply the output policy to the interface, follow these steps. 130 Step | Task Command Command Mode 1 Create a QoS output policy. Maximum: 32 alphanumeric characters.
Applying DCB Policies in a Switch Stack You can apply a DCB input policy with PFC configuration to all stacked ports in a switch stack or on a stacked switch. You can apply different DCB input policies to different stacked switches. Task Command Command Mode Apply the specified DCB input policy on all ports of the switch stack or a single stacked switch.
www.dell.com | support.dell.com Configuring DCBX Operation The data center bridging exchange protocol (DCBX) is used by DCB devices to exchange configuration information with directly connected peers using the link layer discovery protocol (LLDP) protocol. DCBX can detect the misconfiguration of a peer DCB device, and optionally, configure peer DCB devices with DCB feature settings to ensure consistent operation in a data center network.
DCBX Port Roles Use the following DCBX port roles to enable the auto-configuration of DCBX-enabled ports and propagate DCB configurations learned from peer DCBX devices internally to other switch ports: • • • Auto-upstream: The port advertises its own configuration to DCBX peers and receives its configuration from DCBX peers (ToR or FCF device). The port also propagates its configuration to other ports on the switch.
www.dell.com | support.dell.com • On a DCBX port that is the configuration source, all PFC and application priority TLVs are enabled. ETS recommend TLVs are disabled and ETS configuration TLVs are enabled. Manual - The port is configured to operate only with administrator-configured settings and does not auto-configure with DCB settings received from a DCBX peer or from an internally propagated configuration from the configuration source.
Configuration Source Election When an auto-upstream or auto-downstream port receives a DCB configuration from a peer, the port first checks to see if there is an active configuration source on the switch. • • If a configuration source already exists, the received peer configuration is checked against the local port configuration. If the received configuration is compatible, the DCBX marks the port as DCBX-enabled.
www.dell.com | support.dell.com Auto-Detection and Manual Configuration of the DCBX Version When operating in Auto-Detection mode (dcbx version auto command in DCBX Configuration Procedure), a DCBX port automatically detects the DCBX version on a peer port. Legacy CIN and CEE versions are supported in addition to the standard IEEE version 2.5 DCBX. A DCBX port detects a peer version after receiving a valid frame for that version.
Figure 8-4. DCBX Sample Topology DCBX Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBX operation on a port: • • DCBX requires LLDP in both send (TX) and receive (RX) mode to be enabled on a port interface (protocol lldp mode command; refer to Figure 18-7). If a multiple DCBX peer ports are detected on a local DCBX interface, LLDP is shut down.
www.dell.com | support.dell.com DCBX Configuration Procedure To configure an MXL Switch for DCBX operation in a data center network, you must: 1. Configure ToR- and FCF-facing interfaces as auto-upstream ports. 2. Configure server-facing interfaces as auto-downstream ports. 3. Configure a port to operate in a configuration-source role. 4. Configure ports to operate in a manual role. To verify the DCBX configuration on a port, use the show interface dcbx detail command (Figure 8-16).
Step Task Command Command Mode 4 Configure the DCBX port role used by the interface to exchange DCB information, where: • auto-upstream configures the port to receive a peer configuration. The configuration source is elected from auto-upstream ports. • auto-downstream configures the port to accept the internally propagated DCB configuration from a configuration source. • config-source configures the port to serve as the configuration source on the switch.
www.dell.com | support.dell.com Configuring DCBX Globally on the Switch To globally configure DCBX operation on a switch, follow these steps: Step Task Command Command Mode 1 Enter Global Configuration mode. configure EXEC PRIVILEGE 2 Enter LLDP Configuration mode to enable DCBX operation.
Step 5 Task Command Command Mode Configure the Application Priority TLVs to be advertised on unconfigured interfaces with a manual port-role, where: • fcoe enables the advertisement of FCoE in Application Priority TLVs. • iscsi enables the advertisement of iSCSI in Application Priority TLVs. Default: Application Priority TLVs are enabled and advertise FCoE and iSCSI.
www.dell.com | support.dell.com Debugging DCBX on an Interface 142 To enabled DCBX debug traces for all or a specific control path, use the following command: | Task Command Command Mode Enable DCBX debugging, where: • all: Enables all DCBX debugging operations. auto-detect-timer: Enables traces for DCBX auto-detect timers. • config-exchng: Enables traces for DCBX configuration exchanges. • fail: Enables traces for DCBX failures. • mgmt: Enables traces for DCBX management frames.
Verifying DCB Configuration Use the show commands in Table 8-2 to display DCB configurations. Table 8-2. Displaying DCB Configurations Command Output show dot1p-queue mapping (Figure 8-5) Displays the current 802.1p priority-queue mapping. show dcb [stack-unit unit-number] (Figure 8-6) Displays data center bridging status, number of PFC-enabled ports, and number of PFC-enabled queues. On the master switch in a stack, you can specify a stack-unit number. Valid values: 0 to 5.
www.dell.com | support.dell.com Figure 8-8. show qos dcb-output Command Example FTOS# show qos dcb-output dcb-output ets priority-group san qos-policy san priority-group ipc qos-policy ipc priority-group lan qos-policy lan Figure 8-9. show qos priority-groups Command Example FTOS#show qos priority-groups priority-group ipc priority-list 4 set-pgid 2 Figure 8-10.
Table 8-3. show interface pfc summary Command Description Field Description Interface Interface type with stack-unit and port number. Admin mode is on Admin is enabled PFC Admin mode is on or off with a list of the configured PFC priorities. When PFC admin mode is on, PFC advertisements are enabled to be sent and received from peers; received PFC configuration takes effect. The admin operational status for a DCBX exchange of PFC configuration is enabled or disabled.
www.dell.com | support.dell.com Table 8-3. show interface pfc summary Command Description Field Description PFC TLV Statistics: Output TLV pkts Number of PFC TLVs transmitted. PFC TLV Statistics: Error pkts Number of PFC error packets received. PFC TLV Statistics: Pause Tx pkts Number of PFC pause frames transmitted. PFC TLV Statistics: Pause Rx pkts Number of PFC pause frames received Figure 8-11.
Figure 8-12.
www.dell.com | support.dell.com Figure 8-13.
Table 8-4. show interface ets detail Command Description Field Description Interface Interface type with stack-unit and port number. Max Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured. Admin mode ETS mode: on or off. When on, the scheduling and bandwidth allocation configured in an ETS output policy or received in a DCBX TLV from a peer can take effect on an interface.
www.dell.com | support.dell.com Figure 8-14.
Figure 8-16.
www.dell.com | support.dell.com Table 8-5. 152 show interface dcbx detail Command Description Field | Description Local DCBX Compatibility mode DCBX version accepted in a DCB configuration as compatible. In auto-upstream mode, a port can only received a DCBX version supported on the remote peer. Local DCBX Configured mode DCBX version configured on the port: CEE, CIN, IEEE v2.5, or Auto (port auto-configures to use the DCBX version received from a peer).
PFC and ETS Configuration Examples This section contains examples of how to configure and apply DCB input and output policies on an interface. Using PFC and ETS to Manage Data Center Traffic In the example shown in Figure 8-17 for an MXL 10/40GbE Switch: • • • Incoming SAN traffic is configured for priority-based flow control. Outbound LAN, IPC, and SAN traffic is mapped into three ETS priority groups and configured for enhanced traffic selection (bandwidth allocation and scheduling).
www.dell.com | support.dell.com QoS Traffic Classification: On the MXL Switch, the service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in Table 8-6. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment. Table 8-6.
Table 8-8. Example: priority group-bandwidth Assignment Priority Group Figure 8-18.
www.dell.com | support.dell.com Figure 8-19.
Hierarchical Scheduling in ETS Output Policies On an MXL Switch, ETS supports up to three levels of hierarchical scheduling. For example, you can apply ETS output policies with the following configurations: • • • Priority group 1 assigns traffic to one priority queue with 20% of the link bandwidth and strict-priority scheduling. Priority group 2 assigns traffic to one priority queue with 30% of the link bandwidth.
158 | Data Center Bridging (DCB) www.dell.com | support.dell.
Skippy812 9 Dynamic Host Configuration Protocol (DHCP) This chapter contains the following sections: • • • • • • • Overview Implementation Information Configuration Tasks Configure the System to be a DHCP Server Configure the System to be a Relay Agent Configure the System to be a DHCP Client Configure Secure DHCP Overview Dynamic host configuration protocol (DHCP) is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) bas
www.dell.com | support.dell.com DHCP Packet Format and Options DHCP uses the user datagram protocol (UDP) as its transport protocol. The server listens on port 67 and transmits to port 68; the client listens on port 68 and transmits to port 67. The configuration parameters are carried as options in the DHCP packet in type, length, value (TLV) format; many options are specified in RFC 2132.
Assigning an IP Address Using DHCP When a client joins a network: 1. The client initially broadcasts a DHCPDISCOVER message on the subnet to discover available DHCP servers. This message includes the parameters that the client requires and might include suggested values for those parameters. 2. Servers unicast or broadcast a DHCPOFFER message in response to the DHCPDISCOVER that offers to the client values for the requested parameters.
www.dell.com | support.dell.com Implementation Information • • The Dell Force10 implementation of DHCP is based on RFC 2131 and RFC 3046. IP source address validation is a sub-feature of DHCP snooping; FTOS uses ACLs internally to implement this feature and as such, you cannot apply ACLs to an interface which has IP source address validation.
3. Lease Management: DHCP servers use leases to allocate addresses to clients for a limited time. The DHCP server maintains information about each of the leases, including lease length. 4. Responding To client requests: DHCP servers respond to different types of requests from clients, primarily, granting, renewing, and terminating leases. 5.
www.dell.com | support.dell.com Step 3 4 Task Command Syntax Command Mode Specify the range of IP addresses from which the DHCP server may assign addresses. • network is the subnet address. • prefix-length specifies the number of bits used for the network portion of the address you specify. network network /prefix-length DHCP Display the current pool configuration.
Enable DHCP Server DHCP server is disabled by default. To enable the DHCP server, follow these steps: Step Task Command Syntax Command Mode 1 Enter the DHCP command-line context. ip dhcp server CONFIGURATION 2 Enable DHCP server. no disable DHCP Default: Disabled 3 Display the current DHCP configuration.
www.dell.com | support.dell.com Address Resolution using NetBIOS WINS Windows internet naming service (WINS) is a name resolution service that Microsoft DHCP clients use to correlate host names to IP addresses within a group of networks. Microsoft DHCP clients can be one of four types of NetBIOS nodes: broadcast, peer-to-peer, mixed, or hybrid.
Debug DHCP Server To display debug information, follow this step: Task Command Syntax Command Mode Display debug information for DHCP server. debug ip dhcp server [events | packets] EXEC Privilege DHCP Clear Commands To clear DHCP binding entries, follow these steps: Task Command Syntax Command Mode Clear DHCP binding entries for the entire binding table. clear ip dhcp binding EXEC Privilege Clear a DHCP binding entry for an individual IP address.
www.dell.com | support.dell.com Figure 9-4. Configuring Dell Force10 MXL 10/40GbE Switch IO Module system as a DHCP Relay Device To view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privilege mode (Figure 9-5). Figure 9-5. Displaying the Helper Address Configuration FTOS#show ip int tengig 1/3 TenGigabitEthernet 1/3 is up, line protocol is down Internet address is 10.11.0.1/24 Broadcast address is 10.11.0.
Configure the System to be a DHCP Client A DHCP client is a network device that requests an IP address and configuration parameters from a DHCP server. On an MXL Switch, the DHCP client functionality is implemented as follows: • • • • • The switch can obtain a dynamically-assigned IP address from a DHCP server. The switch does not receive a start-up configuration.
www.dell.com | support.dell.com To display DHCP client information, enter the following show commands: Task Command Syntax Command Mode Display statistics about DHCP client interfaces (Figure 9-6). show ip dhcp client statistics interface type slot/port EXEC Privilege Clear DHCP client statistics on a specified or on all interfaces.
To enable debug messages for DHCP client operation, enter the following debug commands: Task Command Syntax Command Mode Enable the display of log messages for all DHCP packets sent and received on DHCP client interfaces.
www.dell.com | support.dell.com Figure 9-8.
Figure 9-9 shows an example of the packet- and event-level debug messages displayed for the packet transmissions and state transitions on a DHCP client interface when you release and renew a DHCP client. Figure 9-9.
www.dell.com | support.dell.com FTOS Behavior: The ip address dhcp command enables DHCP server-assigned dynamic IP addresses on an interface. This setting persists after a switch reboot. If you enter the shutdown command on the interface, DHCP transactions are stopped and the dynamically-acquired IP address is saved. Use the show interface type slot/port command to display the dynamic IP address and DHCP as the mode of IP address assignment.
DHCP Client on a Management Interface When you enable a management interface to operate as a DHCP client, the following conditions apply: • • • • • • • The management default route is added with the gateway as the router IP address received in the DHCP ACK packet. This is required to send and receive traffic to and from other subnets on the external network. This route is added irrespective both when the DHCP client and server are in the same or different subnets.
www.dell.com | support.dell.com DHCP Client Operation with other Features Stacking The DHCP client daemon runs only on the master unit and handles all DHCP packet transactions. The DHCP client running on the master unit periodically synchronizes the lease file with the standby unit. When a stack failover occurs, the new master requests the same DHCP server-assigned IP address on DHCP client interfaces.
VRRP You cannot enable DHCP client on an interface and set the priority to 255 or assign the same IP address acquired by DHCP to a VRRP virtual group. Setting the priority to 255 or assigning an interface IP address to a VRRP virtual group guarantees that this router becomes the VRRP group owner.
www.dell.com | support.dell.com Configure Secure DHCP DHCP as defined by RFC 2131 provides no authentication or security mechanisms. Secure DHCP is a suite of features that protects networks that use dynamic address allocation from spoofing and attacks. • • • • Option 82 DHCP Snooping Dynamic ARP Inspection Source Address Validation Option 82 RFC 3046 (the relay agent information option, or Option 82) is used for class-based IP address assignment.
DHCP Snooping DHCP snooping protects networks from spoofing. In the context of DHCP snooping, all ports are either trusted or untrusted. By default, all ports are untrusted. Trusted ports are ports through which attackers cannot connect. Manually configure ports connected to legitimate servers and relay agents as trusted.
www.dell.com | support.dell.com Add a Static Entry in the Binding Table To add a static entry in the binding table, follow this step: Task Command Syntax Command Mode Add a static entry in the binding table.
To view the DHCP snooping statistics, use the show ip dhcp snooping command (Figure 9-10). Figure 9-10. Command example: show ip dhcp snooping FTOS#show ip dhcp snooping IP IP IP IP DHCP DHCP DHCP DHCP Snooping Snooping Mac Verification Relay Information-option Relay Trust Downstream : : : : Disabled. Disabled. Disabled. Enabled.
www.dell.com | support.dell.com To view the number of entries in the table, use the show ip dhcp snooping binding command. This output displays the snooping binding table created using the ACK packets from the trusted port (Figure 9-11). Figure 9-11. Command example: show ip dhcp snooping binding FTOS#show ip dhcp snooping binding Codes : S - Static D - Dynamic IP Address MAC Address Expires(Sec) Type VLAN Interface ======================================================================== 10.1.1.
• denial of service—an attacker can send fraudulent ARP messages to a client to associate a false MAC address with the gateway address, which blackholes all internet-bound packets from the client. Note: Dynamic ARP inspection (DAI) uses entries in the L2SysFlow CAM region, a sub-region of SystemFlow. One CAM entry is required for every DAI-enabled VLAN. You can enable DAI on up to 16 VLANs on a system.
www.dell.com | support.dell.com To see how many valid and invalid ARP packets have been processed, use the show arp inspection statistics command (Figure 9-13). Figure 9-13.
IP Source Address Validation IP source address validation prevents IP spoofing by forwarding only IP packets that have been validated against the DHCP binding table. A spoofed IP packet is one in which the IP source address is strategically chosen to disguise the attacker. For example, using ARP spoofing, an attacker can assume a legitimate client’s identity and receive traffic addressed to it. Then the attacker can spoof the client’s IP address to interact with other clients.
www.dell.com | support.dell.com To enable IP+MAC source address validation, follow these steps: Step Task Command Syntax Command Mode 1 Allocate at least one FP block to the ipmacacl CAM region. cam-acl l2acl CONFIGURATION 2 Save the running-config to the startup-config. copy running-config startup-config EXEC Privilege 3 Reload the system. reload EXEC Privilege 4 Enable IP+MAC Source Address Validation.
10 FIP Snooping FIP snooping is supported on the MXL 10/40GbE Switch.
www.dell.com | support.dell.com To ensure similar Fibre Channel robustness and security with FCoE in an Ethernet cloud network, the Fibre Channel over Ethernet initialization protocol (FIP) establishes virtual point-to-point links between FCoE end-devices (server ENodes and target storage devices) and FCoE forwarders (FCFs) over transit FCoE-enabled bridges.
Figure 10-1. FIP discovery and login between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF. An Ethernet bridge that provides these functions is called a FIP snooping bridge (FSB).
www.dell.com | support.dell.com • • • 190 Port-based ACLs are applied on ports directly connected to an FCF and on server-facing ENode ports. Port-based ACLs take precedence over global ACLs. FCoE-generated ACLs take precedence over user-configured ACLs. A user-configured ACL entry cannot deny FCoE and FIP snooping frames. Figure 10-2 shows an MXL 10/40GbE Switch used as a FIP snooping bridge in a converged Ethernet network. The ToR switch operates as an FCF for FCoE traffic.
The following sections describe how to configure the FIP snooping feature on a switch that functions as a FIP snooping bridge so that it can perform the following functions: • • • • • Perform FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis. Set the FCoE MAC address prefix (FC-MAP) value used by an FCF to assign a MAC address to an FCoE end-device (server ENode or storage device) after a server successfully logs in.
www.dell.com | support.dell.com Enabling the FIP Snooping Feature As soon as you enable the FIP snooping feature on a switch-bridge, existing VLAN-specific and FIP snooping configurations are applied. By default, all FCoE and FIP frames are dropped unless specifically permitted by existing FIP snooping-generated ACLs. You can reconfigure any of the FIP snooping settings. If you disable FIP snooping, FIP and FCoE traffic are handled as normal Ethernet frames and no FIP snooping ACLs are generated.
Configuring a Port for a Bridge-to-FCF Link If a port is directly connected to an FCF, configure the port mode as FCF. Initially, all FCoE traffic is blocked; only FIP frames are allowed to pass. FCoE traffic is allowed on the port only after a successful FLOGI request/response and confirmed use of the configured FC-MAP value for the VLAN.
www.dell.com | support.dell.com FIP Snooping Restrictions The following restrictions apply when you configure FIP snooping on an MXL switch: • • • • The maximum number of FCoE VLANs supported on the switch is eight. The maximum number of FIP snooping sessions (including NPIV sessions) supported per ENode server is 16. In a full FCoE N_port ID virtualization (NPIV) configuration, 16 sessions (one FLOGI + fifteen NPIV sessions) are supported per ENode.
Displaying FIP Snooping Information Use the show commands in Table 10-1 to display information on FIP snooping. Table 10-1.
www.dell.com | support.dell.com Figure 10-3. show fip-snooping sessions Command Example FTOS#show fip-snooping sessions Enode MAC Enode Intf aa:bb:cc:00:00:00 Te 0/42 aa:bb:cc:00:00:00 Te 0/42 aa:bb:cc:00:00:00 Te 0/42 aa:bb:cc:00:00:00 Te 0/42 aa:bb:cc:00:00:00 Te 0/42 FCoE MAC 0e:fc:00:01:00:01 0e:fc:00:01:00:02 0e:fc:00:01:00:03 0e:fc:00:01:00:04 0e:fc:00:01:00:05 Table 10-2.
Figure 10-5. show fip-snooping enode Command Example FTOS# show fip-snooping enode Enode MAC Enode Interface ----------------------d4:ae:52:1b:e3:cd Te 0/11 Table 10-3. FCF MAC ------54:7f:ee:37:34:40 VLAN ---100 FC-ID ----62:00:11 show fip-snooping enode Command Description Field Description ENode MAC MAC address of the ENode. ENode Interface Slot/ port number of the interface connected to the ENode. FCF MAC MAC address of the FCF. VLAN VLAN ID number used by the session.
www.dell.com | support.dell.com Figure 10-7.
Figure 10-8.
www.dell.com | support.dell.com 200 Table 10-5. show fip-snooping statistics Command Descriptions Field | Description Number of Vlan Requests Number of FIP-snooped VLAN request frames received on the interface. Number of VLAN Notifications Number of FIP-snooped VLAN notification frames received on the interface. Number of Multicast Discovery Solicits Number of FIP-snooped multicast discovery solicit frames received on the interface.
Figure 10-9. show fip-snooping system Command Example FTOS# show fip-snooping system Global Mode FCOE VLAN List (Operational) FCFs Enodes Sessions : : : : : Enabled 1, 100 1 2 17 Note: NPIV sessions are included in the number of FIP-snooped sessions displayed. Figure 10-10.
www.dell.com | support.dell.com FIP Snooping Configuration Example Figure 10-11 shows an MXL Switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 10-11. Configuration Example: FIP Snooping on an MXL 10/40GbE Switch In Figure 10-11, DCBX and PFC are enabled on the MXL Switch (FIP snooping bridge) and on the FCF ToR switch.
Figure 10-12 shows how to configure FIP snooping on FCoE VLAN 10, an FCF-facing port (0/50), and an ENode server-facing port (0/1), and to configure the FIP snooping ports as tagged members of the FCoE VLAN enabled for FIP snooping. Figure 10-12.
204 | FIP Snooping www.dell.com | support.dell.
11 GARP VLAN Registration Protocol (GVRP) This chapter contains the following sections: • • • • • Configuring GVRP Enabling GVRP Globally Enabling GVRP on a Layer 2 Interface Configuring GVRP Registration Configuring a GARP Timer Overview Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GARP VLAN registration protocol (GVRP), defined by the IEEE 802.
www.dell.com | support.dell.com • • Dynamic VLANs are aged out after the LeaveAll timer expires three times without receipt of a Join message. Use the show gvrp statistics {interface interface | summary} command to display status. On the MXL Switch, per-VLAN spanning tree+ (PVST+) and GVRP cannot be enabled at the same time (Figure 11-1).
Figure 11-2. GVRP Configuration Overview GVRP is configured globally and on all VLAN trunk ports for the edge and core switches. Edge Switches Edge Switches Core Switches VLANs 70-80 VLANs 10-20 VLANs 10-20 VLANs 30-50 VLANs 70-80 VLANs 30-50 NOTES: VLAN 1 mode is always fixed and cannot be configured All VLAN trunk ports must be configured for GVRP All VLAN trunk ports must be configured as 802.1Q Basic GVRP configuration is a two-step process: 1. Enabling GVRP Globally 2.
www.dell.com | support.dell.com Enabling GVRP Globally Enable GVRP for the entire switch using the gvrp enable command in CONFIGURATION mode (Figure 11-3). Use the show gvrp brief command to inspect the global configuration. Figure 11-3.
• • • Normal Registration: Allows dynamic creation, registration, and de-registration of VLANs (if you enabled dynamic VLAN creation). By default, the registration mode is set to normal when you enable GVRP on a port. This default mode enables the port to dynamically register and de-register VLANs, and to propagate both dynamic and static VLAN information.
www.dell.com | support.dell.com Figure 11-6 shows GVRP registration. Figure 11-6. Configuring GVRP Registration FTOS(conf)#garp timer leav 1000 FTOS(conf)#garp timers leave-all 5000 FTOS(conf)#garp timer join 300 Verification: FTOS(conf)#do show garp timer GARP Timers Value (milliseconds) ---------------------------------------Join Timer 300 Leave Timer 1000 LeaveAll Timer 5000 FTOS(conf)# FTOS displays Message 1 if an attempt is made to configure an invalid GARP timer.
12 Internet Group Management Protocol (IGMP) Multicast is based on identifying many hosts by a single destination IP address. Hosts represented by the same IP address are a multicast group. The internet group management protocol (IGMP) is a Layer 3 multicast protocol that hosts use to join or leave a multicast group. Multicast routing protocols (such as protocol-independent multicast [PIM]) use the information in IGMP messages to discover which groups are active and to populate the multicast routing table.
www.dell.com | support.dell.com Figure 12-1. IGMP Version 2 Packet Format Preamble IHL Version (4) TOS (0xc0) Total Length Start Frame Delimiter Destination MAC Flags Frag Offset Source MAC TTL (1) Protocol (2) Padding IP Packet Ethernet Type Header Checksum Src IP Addr Dest IP Addr FCS Options (Router Alert) Type Padding Max.
IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are differences: • Version 3 adds the ability to filter by multicast source, which helps the multicast routing protocols avoid forwarding traffic to subnets where there are no interested receivers. To enable filtering, routers must keep track of more state information, that is, the list of sources that must be filtered.
www.dell.com | support.dell.com Joining and Filtering Groups and Sources Figure 12-4 shows how multicast routers maintain the group and source information from unsolicited reports. 1. The first unsolicited report from the host indicates that it wants to receive traffic for group 224.1.1.1. 2. The host’s second report indicates that it is only interested in traffic from group 224.1.1.1, source 10.11.1.1.
Leaving and Staying in Groups Figure 12-5 shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. 1. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 are no longer necessary. 2. The querier, before making any state changes, sends a group-and-source query to see if any other host is interested in these two sources; queries for state-changes are retransmitted multiple times.
www.dell.com | support.dell.com IGMP Snooping Implementation Information • • • • IGMP snooping on the Dell Force 10 operating system (FTOS) uses IP multicast addresses not MAC addresses. IGMP snooping is not supported on stacked VLANs. IGMP snooping is supported on all MXL 10/40GbE stack members. IGMP snooping reacts to STP and MSTP topology changes by sending a general query on the interface that transitions to the forwarding state.
Disabling Multicast Flooding If the switch receives a multicast packet that has an IP address of a group it has not learned (unregistered frame), the switch floods that packet out of all ports on the VLAN. On the MXL Switch, when you configure no ip igmp snooping flood, the system forwards the frames on mrouter ports for first 96 IGMP snooping enabled VLANs. For all other VLANs, the unregistered multicast packets are dropped.
www.dell.com | support.dell.com Fast Convergence after MSTP Topology Changes When a port transitions to the forwarding state as a result of an STP or MSTP topology change, FTOS sends a general query out of all ports except the multicast router ports. The host sends a response to the general query and the forwarding database is updated without having to wait for the query interval to expire.
13 Interfaces This chapter describes 100/1000/10000 Mbps Ethernet, 10 Gigabit Ethernet, and 40 Gigabit Ethernet interface types, both physical and logical, and how to configure them with the Dell Force10 operating software (FTOS).
www.dell.com | support.dell.com Interface Types The following lists the different interface types.
Figure 13-1.
www.dell.com | support.dell.com Use the show ip interfaces brief command in EXEC Privilege mode to view which interfaces are enabled for Layer 3 data transmission. In Figure 13-2, the TenGigabitEthernet interface 1/5 is in Layer 3 mode because an IP address has been assigned to it and the interface’s status is operationally up. Figure 13-2.
Enable a Physical Interface After determining the type of physical interfaces available, you can enter INTERFACE mode by entering the interface interface slot/port command to enable and configure the interface.
www.dell.com | support.dell.com The following section includes information about optional configurations for physical interfaces: • • • • • • Overview of Layer Modes Configure Layer 2 (Data Link) Mode Management Interfaces Auto-Negotiation on Ethernet Interfaces Adjust the Keepalive Timer Clear Interface Counters Overview of Layer Modes On all systems running FTOS, you can place physical interfaces, port channels, and VLANs in Layer 2 mode or Layer 3 mode. By default, VLANs are in Layer 2 mode.
To configure an interface in Layer 2 mode, use these commands in INTERFACE mode: Command Syntax Command Mode Purpose no shutdown INTERFACE Enable the interface. switchport INTERFACE Place the interface in Layer 2 (switching) mode. For information about enabling and configuring STP, refer to Layer 2 on page 305. To view the interfaces in Layer 2 mode, use the command show interfaces switchport in EXEC mode.
www.dell.com | support.dell.com To assign an IP address, use the following commands in INTERFACE mode: Command Syntax Command Mode Purpose no shutdown INTERFACE Enable the interface. ip address ip-address mask [secondary] INTERFACE Configure a primary IP address and mask on the interface. The ip-address must be in dotted-decimal format (A.B.C.D) and the mask must be decimal and should be mentioned in slash format (/xx).
You can access the full switch using: • • • • Internal RS-232 using the chassis management controller (CMC). Telnet into CMC and do a connect -b switch-id to get console access to corresponding IOM. External serial port with a universal serial bus (USB) connector (front panel): connect using the IOM front panel USB serial line to get console access (Labeled as USB B). Telnet/others using the public IP interface on the fabric D interface. CMC through the private IP interface on the fabric D interface.
www.dell.com | support.dell.com You can manage the MXL Switch from any port. Configure an IP address for the port using the ip address command. Enable the IP address for the port using the no shutdown command. You can use the description command from INTERFACE mode to note that the interface is the management interface. There is no separate management routing table, so you must configure all routes in the IP routing table (use the ip route command).
VLAN Interfaces VLANs are logical interfaces and are, by default, in Layer 2 mode. Physical interfaces and port channels can be members of VLANs. For more information about VLANs and Layer 2, refer to Layer 2 and Virtual LANs (VLAN). Note: To monitor VLAN interfaces, use the Management Information Base for Network Management of TCP/IP-based internets: MIB-II (RFC 1213). Note: You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN.
www.dell.com | support.dell.com Loopback Interfaces A Loopback interface is a virtual interface in which the software emulates an interface. Packets routed to it are processed locally. Because this interface is not a physical interface, you can configure routing protocols on this interface to provide protocol stability. You can place loopback interfaces in default Layer 3 mode.
Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad. This section covers the following topics: • • • • Port Channel Definition and Standards Port Channel Benefits Port Channel Implementation Configuration Task List for Port Channel Interfaces Port Channel Definition and Standards Link aggregation is defined by IEEE 802.
www.dell.com | support.dell.com Table 13-2 lists the number of port channels per platform. Table 13-2. Number of Port Channels per Platform Platform MXL 10/40GbE Switch IO Module Port-channels Members/Channel 128 16 As soon as a port channel is configured, FTOS treats it like a physical interface. For example, IEEE 802.1Q tagging is maintained while the physical interface is in the port channel.
Configuration Task List for Port Channel Interfaces To configure a port channel (LAG), you use the commands similar to those found in physical interfaces. By default, no port channels are configured in the startup configuration.
www.dell.com | support.dell.com • ip mtu (if the interface is on a Jumbo-enabled by default.) Note: The MXL Switch supports jumbo frames by default (the default maximum transmission unit [MTU] is 1554 bytes) You can configure the MTU using the mtu command from INTERFACE mode. To view the interface’s configuration, enter INTERFACE mode for that interface and use the show config command or from EXEC Privilege mode, use the show running-config interface interface command.
Figure 13-11 shows the port channel’s mode (L2 for Layer 2 and L3 for Layer 3 and L2L3 for a Layer 2 port channel assigned to a routed VLAN), the status, and the number of interfaces belonging to the port channel. Figure 13-11.
www.dell.com | support.dell.com Figure 13-12. Error Message FTOS(conf-if-po-1)#show config ! interface Port-channel 1 no ip address channel-member TenGigabitEthernet 0/16 shutdown FTOS(conf-if-po-1)# FTOS(conf-if-po-1)#int tengig 1/6 FTOS(conf-if)#ip address 10.56.4.4 /24 % Error: Te 1/6 Port is part of a LAG. FTOS(conf-if)# Error message Reassign an Interface to a New Port Channel An interface can be a member of only one port channel.
Configure the Minimum oper up Links in a Port Channel (LAG) You can configure the minimum links in a port channel (LAG) that must be in “oper up” status for the port channel to be considered in “oper up” status. To configure the minimum links, use the following command in INTERFACE mode: Command Syntax minimum-links number Command Mode Purpose INTERFACE Enter the number of links in a LAG that must be in “oper up” status.
www.dell.com | support.dell.com Assign an IP Address to a Port Channel You can assign an IP address to a port channel and use port channels in Layer 3 routing protocols. To assign an IP address, use the following command in INTERFACE mode: Command Syntax Command Mode Purpose ip address ip-address mask [secondary] INTERFACE Configure an IP address and mask on the interface. • ip-address mask: enter an address in dotted-decimal format (A.B.C.D) and the mask must be in slash format (/24).
Note: When creating an interface range, interfaces appear in the order they were entered and are not sorted. To display all interfaces that have been validated under the interface range context, use the show range command in Interface Range mode. To display the running configuration only for interfaces that are part of interface range, use the show configuration command in Interface Range mode.
www.dell.com | support.dell.com Figure 13-17. Interface Range Prompt Excluding Duplicate Entries FTOS(conf)#interface range vlan 1 , vlan 1 , vlan 3 , vlan 3 FTOS(conf-if-range-vl-1,vl-3)# FTOS(conf)#interface range tengigabitethernet 2/0 - 23 , tengigabitethernet 2/0 - 23 , tengigab 2/0 - 23 FTOS(conf-if-range-te-2/0-23)# Exclude a Smaller Port Range If the interface range has multiple port ranges, the smaller port range is excluded from the prompt. Figure 13-18.
Figure 13-21. Multiple-Range Bulk Configuration with VLAN, and Port-channel FTOS(conf-ifrange-te-5/1-23-te-1/1-2)# interface range Vlan 2 – 100 , Port 1 – 25 FTOS(conf-if-range-te-5/1-23-te-1/1-2-vl-2-100-po-1-25)# no shutdown FTOS(conf-if-range)# Interface Range Macros You can define an interface-range macro to automatically select a range of interfaces for configuration. Before you can use the macro keyword in the interface-range macro command string, you must define the macro.
www.dell.com | support.dell.
Monitor and Maintain Interfaces Monitor interface statistics with the monitor interface command. This command displays an ongoing list of the interface status (up/down), number of packets, traffic statistics, etc. Command Syntax Command Mode Purpose monitor interface interface EXEC Privilege View the interface’s statistics. Enter the type of interface and slot/port information: • For a 100/1000/10000 Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.
www.dell.com | support.dell.com Figure 13-24. monitor interface Command Example FTOS#monitor interface tengig 3/1 Dell Force10 uptime is 1 day(s), 4 hour(s), 31 minute(s) Monitor time: 00:00:00 Refresh Intvl.
To test the condition of cables on 100/1000/10000 BASE-T modules, following these steps using the tdr-cable-test command. Step 1 2 Command Syntax Command Mode Usage tdr-cable-test tengigabitethernet / EXEC Privilege To test for cable faults on the TenGigabitEthernet cable. • Between two ports, you must not start the test on both ends of the cable. • Enable the interface before starting the test. • The port must be enabled to run the test or the test prints an error message.
www.dell.com | support.dell.com Merging SFP+ Ports to QSFP 40G Ports To remove FANOUT mode in 40G QSFP Ports, use the following commands: Command Syntax Command Mode Purpose no stack-unit stack-unit port number portmode quad CONFIGURATION Merge 4-10G ports to a single 40G port. stack-unit: Enter the stack member unit identifier of the stack member to reset. Range: 0 to 5 To display the stack-unit number, enter the show system brief command.
Table 13-3 lists the range for each transmission media. Table 13-3. MTU Range Transmission Media MTU Range (in bytes) Ethernet 594-12000 = link MTU 576-11982 = IP MTU Layer 2 Flow Control Using Ethernet Pause Frames Ethernet pause frames allow for a temporary stop in data transmission. A situation may arise where a sending device may transmit data faster than a destination device can accept it.
www.dell.com | support.dell.com The flow-control sender and receiver must be on the same port-pipe. Flow control is not supported across different port-pipes (also refer to Enabling and Disabling iSCSI Optimization on page 281). Command Syntax Command Mode Purpose flowcontrol rx [off | on] tx [off | on] [threshold INTERFACE Control how the system responds to and generates 802.3x pause frames on 10 and 40Gig ports.
Table 13-4 lists the various Layer 2 overheads found in FTOS and the number of bytes. Table 13-4. Difference between Link MTU and IP MTU Layer 2 Overhead Difference between Link MTU and IP MTU Ethernet (untagged) 18 bytes VLAN Tag 22 bytes Untagged Packet with VLAN-Stack Header 22 bytes Tagged Packet with VLAN-Stack Header 26 bytes Link MTU and IP MTU considerations for port channels and VLANs are as follows.
www.dell.com | support.dell.com Auto-Negotiation on Ethernet Interfaces Setting Speed and Duplex Mode of Ethernet Interfaces By default, auto-negotiation of speed and duplex mode is enabled on 100/1000/10000 Base-T Ethernet interfaces. Only 10GbE interfaces do not support auto-negotiation. When using 10GbE interfaces, verify that the settings on the connecting devices are set to no auto-negotiation. The local interface and the directly connected remote interface must have the same setting.
Figure 13-25.
www.dell.com | support.dell.com Setting Auto-Negotiation Options The negotiation auto command provides a mode option for configuring an individual port to forced master/ forced slave after you enable auto-negotiation. Caution: Ensure that only one end of the node is configured as forced-master and the other is configured as forced-slave.
Figure 13-27.
www.dell.com | support.dell.com Figure 13-28.
Configure Interface Sampling Size To configure the number of seconds of traffic statistics to display in the show interfaces output, use the rate-interval command in INTERFACE mode. You can enter any value between five and 299 seconds (the default). If you enter 1 to 5 seconds, software polling is done at 5 sec interval. If you enter 6 to 10 sec, software polling is done at 10 sec interval. For any other value, software polling is done once every 15 seconds.
www.dell.com | support.dell.com Figure 13-30 shows how to configure rate interval when changing the default value. Figure 13-30.
Dynamic Counters By default, counting for the following four applications is enabled: • • • • IPFLOW IPACL L2ACL L2FIB For the remaining applications, FTOS automatically turns on counting when you enable the application and is turned off when you disable the application. Note that if you enable more than four counter-dependent applications on a port pipe, there is an impact on line rate performance.
www.dell.com | support.dell.com To clear the counters, use the following command in EXEC Privilege mode: Command Syntax Command Mode Purpose clear counters [interface] [vrrp [vrid] | learning-limit] EXEC Privilege Clear the counters used in the show interface commands for all VRRP groups, VLANs, and physical interfaces or selected ones. Without an interface specified, the command clears all interface counters.
14 IPv4 Routing The Dell Force10 operating software (FTOS) supports various IP addressing features. This chapter explains the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in FTOS. • • • • • • IP Addresses Directed Broadcast Resolution of Host Names Addess Resolution Protocol (ARP) Internet Control Message Protocol (ICMP) UDP Helper Table 14-1 lists the defaults for the IP addressing features described in this chapter. Table 14-1.
www.dell.com | support.dell.com Implementation Information In FTOS, you can configure any IP address as a static route except IP addresses already assigned to interfaces. Note: FTOS versions 7.7.1.0 and later support 31-bit subnet masks (/31, or 255.255.255.254) as defined by RFC 3021. This feature allows you to save two more IP addresses on point-to-point links than 30-bit masks. FTOS supports RFC 3021 with ARP.
Step Command Syntax Command Mode Purpose 3 ip address ip-address mask [secondary] INTERFACE Configure a primary IP address and mask on the interface. • ip-address mask: IP address must be in dotted decimal format (A.B.C.D) and the mask must be in slash prefix-length format (/24). • Add the keyword secondary if the IP address is the interface’s backup IP address.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose ip route ip-address mask {ip-address | interface [ip-address]} [distance] [permanent] [tag tag-value] CONFIGURATION Configure a static IP address. Use the following required and optional parameters: • ip-address: Enter an address in dotted decimal format (A.B.C.D). • mask: Enter a mask in slash prefix-length format (/X). • interface: Enter an interface type followed by slot/port information. • distance range: 1 to 255 (optional).
• • • When an interface comes up, FTOS re-installs the route. When a recursive resolution is “broken,” FTOS withdraws the route. When a recursive resolution is satisfied, FTOS re-installs the route. Configure Static Routes for the Management Interface When an IP address used by a protocol and a static management route exists for the same prefix, the protocol route takes precedence over the static management route.
www.dell.com | support.dell.com Resolution of Host Names Domain name service (DNS) maps host names to IP addresses. This feature simplifies commands such as Telnet and FTP by allowing you to enter a name instead of an IP address. Dynamic resolution of host names is disabled by default. Unless you enable the feature, the system resolves only host names entered into the host table with the ip host command.
Specify Local System Domain and a List of Domains If you enter a partial domain, FTOS can search different domains to finish or fully qualify that partial domain. A fully qualified domain name (FQDN) is any name that is terminated with a period/dot. FTOS searches the host table first to resolve the partial domain. The host table contains both statically configured and dynamically learnt host and IP addresses. If FTOS cannot resolve the domain, it tries the domain name assigned to the local system.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose traceroute [host | ip-address ] CONFIGURATION When you enter the traceroute command without specifying an IP address (Extended Traceroute), you are prompted for: • a target and source IP address • timeout in seconds (default is 5) • a probe count (default is 3) • minimum TTL (default is 1) • maximum TTL (default is 30) • port number (default is 33434). To keep the default setting for those parameters, press the ENTER key.
In FTOS, proxy ARP enables hosts with knowledge of the network to accept and forward packets from hosts that contain no knowledge of the network. Proxy ARP makes it possible for hosts to be ignorant of the network, including subnetting. For more information about proxy ARP, refer to RFC 925, Multi-LAN Address Resolution, and RFC 1027, Using ARP to Implement Transparent Subnet Gateways.
www.dell.com | support.dell.com To view the static entries in the ARP cache, use the show arp static command in EXEC privilege mode (Figure 14-7). Figure 14-7. show arp static Command Example FTOS#show arp Protocol Address Age(min) Hardware Address Interface VLAN CPU ----------------------------------------------------------------------------------------Internet 10.11.68.14 94 00:01:e9:45:00:03 Ma 0/0 CP Internet 10.11.209.
Clear ARP Cache To clear the ARP cache of dynamically learnt ARP information, use the following command in EXEC Privilege mode: Command Syntax Command Mode Purpose clear arp-cache [interface | ip EXEC privilege Clear the ARP caches for all interfaces or for a specific interface by entering the following information: • For a port channel interface, enter the keyword port-channel followed by a number from 1 to 128.
www.dell.com | support.dell.com ARP Learning via ARP Request In FTOS versions prior to 8.3.1.0, FTOS learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface. This is the case when a host is attempting to resolve the gateway address. If the target IP does not match the incoming interface, the packet is dropped. If there is an existing entry for the requesting host, it is updated (Figure 14-8). Beginning with FTOS version 8.3.1.
The default backoff interval remains at 20 seconds. On the MXL switch platform, with FTOS version 8.3.8.0 and later, the time between ARP re-send is configurable. This timer is an exponential backoff timer. Over the specified period, the time between ARP requests increases. This reduces the potential for the system to slow down while waiting for a multitude of ARP responses. Task Command Syntax Command Mode Set the number of ARP retries.
www.dell.com | support.dell.com To view if ICMP unreachable messages are sent on the interface, use the show config command in INTERFACE mode. If it is not listed in the show config command output, it is enabled. Only non-default information is displayed in the show config command output. UDP Helper UDP helper allows you to direct the forwarding IP/UDP broadcast traffic by creating special broadcast addresses and rewriting the destination IP address of packets to match those addresses.
Figure 14-11. Viewing the UDP Broadcast Configuration FTOS#show ip udp-helper -------------------------------------------------Port UDP port list -------------------------------------------------TenGig 1/1 1000 Configurations Using UDP Helper When you enable UDP helper and the destination IP address of an incoming packet is a broadcast address, FTOS suppresses the destination address of the packet. The following sections describe various configurations that employ UDP helper to direct broadcasts.
www.dell.com | support.dell.com Figure 14-12. UDP helper with All Broadcast Addresses VLAN 100 IP address: 1.1.0.1/24 Subnet broadcast address: 1.1.0.255 Configured broadcast address: 1.1.255.255 Hosts on VLAN 100: 1.1.0.2, 1.1.0.3, 1.1.0.4 Packet 1 Destination Address: 255.255.255.255 1/2 1/1 1/3 Ingress interface IP Address: 2.1.1.1/24 UDP helper enabled VLAN 101 IP address: 1.11.1/24 Subnet broadcast address: 1.1.1.255 Configured broadcast address: 1.1.255.255 Hosts on VLAN 100: 1.1.1.2, 1.1.1.
Packet 2 is sent from a host on VLAN 101. It has broadcast MAC address and a destination IP address that matches the configured broadcast address on VLAN 101. In this case, Packet 2 is flooded on VLAN 101 with the destination address unchanged because the forwarding process is Layer 2. If you enabled UDP helper, the packet is flooded on VLAN 100 as well. Figure 14-14. UDP Helper with Configured Broadcast Addresses VLAN 100 IP address: 1.1.0.1/24 Subnet broadcast address: 1.1.0.
www.dell.com | support.dell.com Figure 14-16. 276 Debugging IP Helper with UDP Helper Packet 0.0.0.0:68 -> 255.255.255.255:67 TTL 128 2005-11-05 11:59:35 %RELAY-I-PACKET, BOOTP REQUEST (Unicast) received at interface 172.21.50.193 BOOTP Request, XID = 0x9265f901, secs = 0 hwaddr = 00:02:2D:8D:46:DC, giaddr = 0.0.0.0, hops = 2 2005-11-05 11:59:35 %RELAY-I-BOOTREQUEST, Forwarded BOOTREQUEST for 00:02:2D:8D:46:DC to 137.138.17.
15 iSCSI Optimization iSCSI optimization is supported on the MXL 10/40GbE Switch. This chapter describes how to configure internet small computer system interface (iSCSI) optimization, which enables quality-of-service (QoS) treatment for iSCSI traffic.
www.dell.com | support.dell.com • 278 • iSCSI QoS—A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic. Classifier rules are used to direct the iSCSI data traffic to queues that can be given preferential QoS treatment over other data passing through the switch. Preferential treatment helps to avoid session interruptions during times of congestion that would otherwise cause iSCSI packets to be dropped. iSCSI DCBX TLVs are supported.
Monitoring iSCSI Traffic Flows The switch snoops iSCSI session-establishment and termination packets by installing classifier rules that trap iSCSI protocol packets to the CPU for examination. Devices that initiate iSCSI sessions usually use well-known TCP ports 3260 or 860 to contact targets. When you enable iSCSI optimization, by default the switch identifies IP packets to or from these ports as iSCSI traffic.
www.dell.com | support.dell.com Detection and Autoconfiguration for Dell EqualLogic Arrays The iSCSI optimization feature includes auto-provisioning support with the ability to detect directly connected Dell EqualLogic storage arrays and automatically reconfigure the switch to enhance storage traffic flows. The MXL Switch uses the link layer discovery protocol (LLDP) to discover Dell EqualLogic devices on the network. LLDP is enabled by default.
After you execute the iscsi profile-compellent command, the following actions occur: • • • Jumbo frame size is set to 1200 for all interfaces on all ports and port-channels, if it is not already enabled. Spanning-tree portfast is enabled on the interface identified by LLDP if the port is in L2 mode. Unicast storm control is disabled on the interface identified by LLDP.
www.dell.com | support.dell.com Default iSCSI Optimization Values Table 15-1 shows the default values for the iSCSI optimization feature. Table 15-1. iSCSI Optimization: Default Parameters Parameter Default Value iSCSI Optimization global setting Enabled iSCSI CoS mode (802.1p priority queue mapping) Enabled: dot1p priority 4 without remark setting iSCSI CoS Packet classification iSCSI packets are classified by VLAN instead of by DSCP values.
Configuring iSCSI Optimization To configure iSCSI optimization on a switch, follow these steps: Step Task Command Command Mode 1 Globally enable iSCSI optimization. Default: Enabled. [no] iscsi enable CONFIGURATION 2 Configure the iSCSI target ports and optionally the IP addresses on which iSCSI communication will be monitored, where: • tcp-port-n is the TCP port number or a list of TCP port numbers on which the iSCSI target listens to requests.
www.dell.com | support.dell.com Step Task Command Command Mode 5 (Optional) Configures DCBX to send iSCSI TLV advertisements. You can configure iSCSI TLVs to be sent either globally or on a specified interface. The interface configuration takes priority over global configuration. Default: Enabled. [no] advertise dcbx-app-tlv iscsi CONFIGURATION or INTERFACE 6 (Optional) Configures the priority bitmap to be advertised in iSCSI application TLVs. Default: 4 (0x10 in the bitmap).
Figure 15-3. show iscsi sessions Command Example FTOS# show isci sessions Session 0: ----------------------------------------------------------------------------------------Target: iqn.2001-05.com.equallogic:0-8a0906-0e70c2002-10a0018426a48c94-iom010 Initiator: iqn.1991-05.com.microsoft:win-x9l8v27yajg ISID: 400001370000 Session 1: ----------------------------------------------------------------------------------------Target: iqn.2001-05.com.
286 | iSCSI Optimization www.dell.com | support.dell.
16 Link Aggregation Control Protocol (LACP) The major sections in this chapter include: • • • • Introduction to Dynamic LAGs and LACP LACP Configuration Tasks Shared LAG State Tracking LACP Basic Configuration Example Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel by the Dell Force10 operating software (FTOS), provides both load-sharing and port redundancy across stack units. You can enable LAGs as static or dynamic.
www.dell.com | support.dell.com Important Points to Remember • • • • • • LACP allows you to add members to a port channel (LAG) as long as it has no static members. Conversely, if the LAG already contains a statically defined member (channel-member command), the port-channel mode command is not permitted. A static LAG cannot be created if a dynamic LAG using the selected number already exists.
LACP Configuration Commands If you configure aggregated ports with compatible LACP modes (Off, Active, Passive), LACP can automatically link them, as defined in IEEE 802.3, Section 43. The following commands configure LACP: Command Syntax Command Mode Purpose [no] lacp system-priority priority-value CONFIGURATION Configure the system priority.
www.dell.com | support.dell.com The LAG is in the default VLAN. To place the LAG into a non-default VLAN, use the tagged command on the LAG (Figure 16-2): Figure 16-2. Placing a LAG into a Non-default VLAN FTOS(conf)#interface vlan 10 FTOS(conf-if-vl-10)#tagged port-channel 32 Configure the LAG Interfaces as Dynamic After creating a LAG, to configure the dynamic LAG interfaces, use the port-channel-protocol lacp command. Figure 16-3 shows ports 3/15, 3/16, 4/15, and 4/16 added to LAG 32 in LACP mode.
To configure the LACP long timeout, follow the step below. Step 1 Task Command Syntax Command Mode Set the LACP timeout value to 30 seconds. lacp long-timeout CONFIG-INT-PO Figure 16-4 shows the no shutdown command. Figure 16-4.
Shared LAG state tracking provides the flexibility to bring down a port channel (LAG) based on the operational state of another LAG. At any time, only two LAGs can be a part of a group such that the fate (status) of one LAG depends on the other LAG. In Figure 16-5, line-rate traffic from R1 destined for R4 follows the lowest-cost route via R2. Traffic is equally distributed between LAGs 1 and 2. If LAG 1 fails, all traffic from R1 to R4 flows across LAG 2 only.
In Figure 16-6, LAGs 1 and 2 have been placed into to the same failover group. Figure 16-6. Configuring Shared LAG State Tracking FTOS#config FTOS(conf)#port-channel failover-group FTOS(conf-po-failover-grp)#group 1 port-channel 1 port-channel 2 To view the failover group configuration, use the show running-configuration po-failover-group command (Figure 16-7). Figure 16-7.
www.dell.com | support.dell.com To view the status of a failover group member, use the show interface port-channel command (Figure 16-9). Figure 16-9.
Figure 16-10. LACP Sample Topology Configuring a LAG on ALPHA Figure 16-11 shows creating a LAG (ALPHA). Figure 16-11.
www.dell.com | support.dell.com Figure 16-12 shows the LAG port configuration (ALPHA). 296 Figure 16-12.
Figure 16-13 shows inspecting the LAG 10 configuration (ALPHA). Figure 16-13.
www.dell.com | support.dell.com To Verify LAG 10 Status on ALPHA, use the show lacp command (Figure 16-13). 298 Figure 16-14.
Summary of the Configuration on ALPHA Figure 16-15 shows the summary of the configuration (ALPHA) Figure 16-15.
www.dell.com | support.dell.com Summary of the Configuration on BRAVO Figure 16-16 shows the summary of the configuration (BRAVO). Figure 16-16.
To inspect a LAG port on BRAVO, use the show interface command (Figure 16-17). Figure 16-17.
www.dell.com | support.dell.com To inspect the LAG, use the show interfaces port-channel command (Figure 16-18). Figure 16-18. show interfaces port-channel Command Example to inspect LAG 10 To inspect the LAG status, use the show lacp command (Figure 16-19).
Figure 16-19.
www.dell.com | support.dell.
17 Layer 2 This chapter describes the following Layer 2 features: • • • Managing the MAC Address Table MAC Learning Limit Network Interface Controller (NIC) Teaming Managing the MAC Address Table The Dell Force10 operating system (FTOS) provides the following management activities for the MAC address table: • • • • Clear the MAC Address Table Set the Aging Time for Dynamic Entries Configure a Static MAC Address Display the MAC Address Table Clear the MAC Address Table To clear the MAC address table of d
www.dell.com | support.dell.com To set the aging time for dynamic entries, use the following commands: Task Command Syntax Command Mode Disable MAC address aging for all dynamic entries. mac-address-table aging-time 0 CONFIGURATION Specify an aging time. mac-address-table aging-time seconds CONFIGURATION Range: 10-1000000 FTOS Behavior: The time elapsed before the configured MAC aging time expires is not precisely as configured.
MAC Learning Limit This section describes the following: • • • • • MAC Learning Limit Dynamic MAC Learning Limit Station-Move Learning Limit Violation Actions Station Move Violation Actions Recovering from Learning Limit and Station Move Violations The MAC address learning limit is a method of port security on Layer 2 port-channel and physical interfaces, and virtual local area networks (VLANs). It allows you to set an upper limit on the number of MAC addresses that are learned on an interface/VLAN.
www.dell.com | support.dell.com MAC Learning Limit Dynamic The MAC address table is stored on the Layer 2 forwarding information base (FIB) region of the CAM. The Layer 2 FIB region allocates space for static MAC address entries and dynamic MAC address entries. When you enable MAC learning limit, entries created on this port are static by default. When you configure the dynamic option, learned MAC addresses are stored in the dynamic region and are subject to aging.
Task Command Syntax Command Mode Shut down both the first and second port to learn the MAC address. mac station-move-violation shutdown-both INTERFACE To display a list of interfaces configured with MAC learning limit or station move violation actions, use the following command: Task Command Syntax Command Mode Display a list of all of the interfaces configured with MAC learning limit or station move violation.
www.dell.com | support.dell.com Figure 17-1. Redundant NICs with NIC Teaming X Port 0/1 MAC: A:B:C:D A:B IP: 1.1.1.1 k Active Lin Port 0/5 fnC0025mp When you use NIC teaming, consider that the server MAC address is originally learned on Port 0/1 of the switch (Figure 17-2). When the NIC fails, the same MAC address is learned on Port 0/5 of the switch. The MAC address must be disassociated with the one port and re-associated with another in the ARP table; in other words, the ARP entry must be “moved”.
is the number of times a station move must be detected in a single interval in order to trigger a system log message. For example, if you configure mac-address-table station-move threshold 2 time-interval 5000, and 4 station moves occur in 5000ms, two log messages are generated.
312 | Layer 2 www.dell.com | support.dell.
18 Link Layer Discovery Protocol (LLDP) This chapter contains the following sections: • • • Overview TIA-1057 (LLDP-MED) Overview Configuring LLDP Overview Link layer discovery protocol (LLDP)—defined by IEEE 802.1AB—is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
www.dell.com | support.dell.com TLVs are encapsulated in a frame called an LLDP data unit (LLDPDU) (Figure 18-2), which is transmitted from one LLDP-enabled device to its LLDP-enabled neighbors. LLDP is a one-way protocol. LLDP-enabled devices (LLDP agents) can transmit and/or receive advertisements, but they cannot solicit and do not respond to advertisements. There are five types of TLVs (Table 18-1). All types are mandatory in the construction of an LLDPDU except Optional TLVs.
Management TLVs A Management TLV is an Optional TLVs sub-type. This kind of TLV contains essential management information about the sender. The five types are described in Table 18-2. Organizationally Specific TLVs Organizationally specific TLVs can be defined by a professional organization or a vendor. They have two mandatory fields (Figure 18-3) in addition to the basic TLV fields (Figure 18-1): • Organizationally Unique Identifier (OUI)—a unique number assigned by the IEEE to an organization or vendor.
www.dell.com | support.dell.com Table 18-2. Optional TLV Types Type TLV Description 127 Port and Protocol VLAN ID On Dell Force10 systems, indicates the tagged VLAN to which a port belongs (and the untagged VLAN to which a port belongs if the port is in hybrid mode). 127 VLAN Name Indicates the user-defined alphanumeric string that identifies the VLAN. 127 Protocol Identity Indicates the protocols that the port can process. FTOS does not currently support this TLV. IEEE 802.
TIA Organizationally Specific TLVs The Dell Force10 system is an LLDP-MED Network Connectivity Device (Device Type 4). Network connectivity devices are responsible for: • • transmitting an LLDP-MED capabilities TLV to endpoint devices storing the information that endpoint devices advertise Table 18-3 list the five types of TIA-1057 Organizationally Specific TLVs. Table 18-3.
www.dell.com | support.dell.com LLDP-MED Capabilities TLV The LLDP-MED Capabilities TLV communicates the types of TLVs that the endpoint device and the network connectivity device support. LLDP-MED network connectivity devices must transmit the Network Policies TLV. • • The value of the LLDP-MED Capabilities field in the TLV is a 2 octet bitmap (Figure 18-4), each bit represents an LLDP-MED capability (Table 18-4). The possible values of the LLDP-MED Device Type is listed in Table 18-5.
LLDP-MED Network Policies TLV A network policy in the context of LLDP-MED is a device’s virtual local area network (VLAN) configuration and associated Layer 2 and Layer 3 configurations, specifically: • • • • VLAN ID VLAN tagged or untagged status Layer 2 priority DSCP value The application type is represented by an integer (the Type integer in Table 18-6), which indicates a device function for which a unique network policy is defined.
www.dell.com | support.dell.com Figure 18-5.
Related Configuration Tasks • • • • • • Viewing the LLDP Configuration Viewing Information Advertised by Adjacent LLDP Agents Configuring LLDPDU Intervals Configuring Transmit and Receive Mode Configuring a Time to Live Debugging LLDP Important Points to Remember • • • • • LLDP is disabled by default. Dell Force10 systems support up to eight neighbors per interface. Dell Force10 systems support a maximum of 8000 total neighbors per system.
www.dell.com | support.dell.com Figure 18-7.
Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces. • • If you configure the system globally, all interfaces send LLDPDUs with the specified TLVs. If you configure an interface, only the interface sends LLDPDUs with the specified TLVs. If you configure LLDP both globally and at interface level, the interface-level configuration overrides the global configuration.
www.dell.com | support.dell.com In Figure 18-8, LLDP is enabled globally. R1 and R2 are transmitting periodic LLDPDUs that contain management, 802.1, and 802.3 TLVs. Figure 18-8. Configuring LLDP Viewing the LLDP Configuration To display the LLDP configuration, use the show config command in either CONFIGURATION or INTERFACE mode (Figure 18-9) and (Figure 18-10). Figure 18-9.
Figure 18-10. Viewing LLDP Interface Configurations R1(conf-lldp)#exit R1(conf)#interface tengigabitethernet 1/31 R1(conf-if-te-1/31)#show config ! interface TenGigabitEthernet 1/31 no ip address ! no shutdown R1(conf-if-te-1/31)#protocol lldp R1(conf-if-te-1/31-lldp)#show config ! protocol lldp R1(conf-if-te-1/31-lldp)# Viewing Information Advertised by Adjacent LLDP Agents To display brief information about adjacent devices, use the show lldp neighbors command (Figure 18-11).
www.dell.com | support.dell.com Figure 18-12.
Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds. To configure a non-default transmit interval—at CONFIGURATION level or INTERFACE level—use the hello command (Figure 18-13). Figure 18-13.
www.dell.com | support.dell.com 328 Configuring Transmit and Receive Mode After you enable LLDP, Dell Force10 systems transmit and receive LLDPDUs by default. You can configure the system—at CONFIGURATION level or INTERFACE level—to transmit only by executing the mode tx command, or receive only by executing the mode rx command. To return to the default setting, use the no mode command (Figure 18-14). Figure 18-14.
Configuring a Time to Live The information received from a neighbor expires after a specific amount of time (measured in seconds) called a Time to Live (TTL). The TTL is the product of the LLDPDU transmit interval (hello) and an integer called a multiplier. The default multiplier is 4, which results in a default TTL of 120 seconds. To adjust the TTL value—at CONFIGURATION level or INTERFACE level—use the multiplier command.
www.dell.com | support.dell.com 330 Debugging LLDP The debug lldp command allows you to view the TLVs that your system is sending and receiving. • • Use the debug lldp brief command to view a readable version of the TLVs. Use the debug lldp detail command to view a readable version of the TLVs plus a hexadecimal version of the entire LLDPDU. Figure 18-16.
Relevant Management Objects FTOS supports all IEEE 802.1AB MIB objects. • • • • Table 18-7 lists the objects associated with received and transmitted TLVs. Table 18-8 lists the objects associated with the LLDP configuration on the local agent. Table 18-9 lists the objects associated with IEEE 802.1AB Organizationally Specific TLVs. Table 18-10 lists the objects associated with received and transmitted LLDP-MED TLVs.
www.dell.com | support.dell.com Table 18-7.
Table 18-8.
www.dell.com | support.dell.com Table 18-9. LLDP 802.1 Organizationally Specific TLV MIB Objects TLV Type TLV Name TLV Variable 127 Port and Protocol VLAN ID port and protocol VLAN supported Local port and protocol VLAN enabled PPVID 127 VLAN Name VID VLAN name length VLAN name Table 18-10.
Table 18-10.
www.dell.com | support.dell.com Table 18-10.
19 Multiple Spanning Tree Protocol (MSTP) Overview Multiple spanning tree protocol (MSTP)—specified in IEEE 802.1Q-2003—is an rapid spanning tree protocol (RSTP)-based spanning tree variation that improves on PVST+. MSTP allows multiple spanning tree instances and allows you to map many virtual local area networks (VLANs) to one spanning tree instance to reduce the total number of required instances. In contrast, per-VLAN spanning tree plus (PVST+) allows a spanning tree instance for each VLAN.
www.dell.com | support.dell.com The Dell Force10 operating software (FTOS) supports three other variations of Spanning Tree (Table 19-1). Table 19-1. FTOS Supported Spanning Tree Protocols Dell Force10 Term IEEE Specification Spanning Tree Protocol 802.1d Rapid Spanning Tree Protocol 802.1w Multiple Spanning Tree Protocol 802.1s Per-VLAN Spanning Tree Plus Third Party Implementation Information • • • • • The FTOS MSTP implementation is based on IEEE 802.
• • Preventing Network Disruptions with BPDU Guard SNMP Traps for Root Elections and Topology Changes Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP, follow these steps: Step Task Command Syntax Command Mode 1 Enter PROTOCOL MSTP mode. protocol spanning-tree mstp CONFIGURATION 2 Enable MSTP. no disable PROTOCOL MSTP To verify that MSTP is enabled, use the show config command from PROTOCOL MSTP mode (Figure 19-2). Figure 19-2.
www.dell.com | support.dell.com Figure 19-3. Mapping VLANs to MSTI Instances FTOS(conf)#protocol spanning-tree mstp FTOS(conf-mstp)#msti 1 vlan 100 FTOS(conf-mstp)#msti 2 vlan 200-300 FTOS(conf-mstp)#show config ! protocol spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200-300 All bridges in the MSTP region must have the same VLAN-to-instance mapping. To view which instance a VLAN is mapped, use the show spanning-tree mst vlan command from EXEC Privilege mode.
To change the bridge priority, use the following command: Task Command Syntax Command Mode Assign a number as the bridge priority. A lower number increases the probability that the bridge becomes the root bridge. Range: 0 to 61440, in increments of 4096 Default: 32768 msti instance bridge-priority priority PROTOCOL MSTP The simple configuration (Figure 19-1) by default yields the same forwarding path for both MSTIs.
www.dell.com | support.dell.com To change the region name or revision, use the following commands: Task Command Syntax Command Mode Change the region name. name name PROTOCOL MSTP Change the region revision number. • Range: 0 to 65535 • Default: 0 revision number PROTOCOL MSTP To view the current region name and revision, use the show spanning-tree mst configuration command from EXEC Privilege mode (Figure 19-6). Figure 19-6.
Task Command Syntax Command Mode Change the hello-time parameter. Note: With large configurations (especially those with more ports) Dell Force10 recommends that you increase the hello-time. Range: 1 to 10 Default: 2 seconds hello-time seconds PROTOCOL MSTP Change the max-age parameter. Range: 6 to 40 Default: 20 seconds max-age seconds PROTOCOL MSTP Change the max-hops parameter.
www.dell.com | support.dell.com Figure 19-8. BPDU Filtering enabled globally Task Command Syntax Command Mode Enable BPDU Filter globally to filter transmission of BPDU port fast enabled interfaces. edge-port bpdu filter default PROTOCOL MSTP Modify Interface Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port: • • Port cost is a value that is based on the interface type.
Table 19-2. MSTP Default Port Cost Values Port Cost Default Value Port Channel with two 10-Gigabit Ethernet interfaces 1800 Port Channel with two 40-Gigabit Ethernet interfaces 600 To change the port cost or priority of an interface, use the following commands: Task Command Syntax Command Mode Change the port cost of an interface. Range: 0 to 2000000 Default: refer to Table 19-2. spanning-tree msti number cost cost INTERFACE Change the port priority of an interface.
www.dell.com | support.dell.com To verify that EdgePort is enabled on a port, use the show config command from INTERFACE mode (Figure 19-9). FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1 If the interface to be shutdown is a port channel, all the member ports are disabled in the hardware. 2 When a physical port is added to a port channel already in error disable state, the new member port is also disabled in the hardware.
Figure 19-10. MSTP with Three VLANs Mapped to Two Spanning Tree Instances root R1 R2 1/2 Forwarding 2/1 2/3 Blocking 1/3 3/1 3/2 R3 Figure 19-11.
www.dell.com | support.dell.com Figure 19-12.
Figure 19-13.
www.dell.com | support.dell.com Figure 19-14.
Debugging and Verifying an MSTP Configuration To display BPDUs, use the debug spanning-tree mstp bpdu command from EXEC Privilege mode (Figure 19-15). To display MSTP-triggered topology change messages, use the debug spanning-tree mstp events command. Figure 19-15. Displaying BPDUs and Events FTOS#debug spanning-tree mstp bpdu 1w1d17h : MSTP: Sending BPDU on TenGig 1/31 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x68 CIST Root Bridge Id: 32768:0001.e806.
www.dell.com | support.dell.com • MSTP Instances. • Use the show commands to verify the VLAN to MSTP instance mapping. • Are there “extra” MSTP Instances in the Sending or Received logs? That may mean that an additional MSTP instance was configured on one router but not the others. Figure 19-16.
Figure 19-18. Displaying BPDUs and Events - Debug Log of Unsuccessful MSTP Configuration 4w0d4h : MSTP: Received BPDU on TenGig 2/21 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x78Different Region CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 0 Regional Bridge Id: 32768:0001.e806.953e, CIST Port Id: 128:470 Msg Age: 0, Max Age: 20, Hello: 2, Fwd Delay: 15, Ver1 Len: 0, Ver Name: Tahiti, Rev: 123, Int Root Path Cost: 0 Rem Hops: 20, Bridge Id: 32768:0001.e8d5.
www.dell.com | support.dell.
20 Open Shortest Path First (OSPFv2) This chapter includes the following topics: • • • • Overview Implementing OSPF with FTOS • Fast Convergence (OSPFv2, IPv4 only) • Multi-Process OSPF (OSPFv2, IPv4 only) • RFC-2328 Compliant OSPF Flooding • OSPF ACK Packing • OSPF Adjacency with Cisco Routers Configuration Information • Configuration Task List for OSPFv2 (OSPF for IPv4) • Troubleshooting OSPFv2 Sample Configurations for OSPFv2 OSPF protocol standards are listed in the Chapter 40, Standards Compliance
www.dell.com | support.dell.com Autonomous System (AS) Areas OSPF operates in a type of hierarchy. The largest entity within the hierarchy is the AS, which is a collection of networks under a common administration that share a common routing strategy (Figure 20-1). OSPF is an intra-AS (interior gateway) routing protocol, although it is capable of receiving routes from and sending routes to other ASs. You can divide an AS into a number of areas, which are groups of contiguous networks and attached hosts.
Area Types The Backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any AS. All other areas must connect to Area 0. Areas can be defined in such a way that the backbone is not contiguous. In this case, backbone connectivity must be restored through virtual links. Virtual links are configured between any backbone routers that share a link to a non-backbone area and function as if they were direct links.
www.dell.com | support.dell.com Figure 20-2 shows some examples of the different router designations. Figure 20-2.
Backbone Router (BR) A backbone router (BR) is part of the OSPF backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in Figure 20-2. Area Border Router (ABR) Within an AS, an area border router (ABR) connects one or more areas to the backbone. The ABR keeps a copy of the link-state database for every area it connects to, so it may keep multiple copies of the link state database.
www.dell.com | support.dell.com These router designations are not the same as the router IDs described earlier. The DR and BDR are configurable in FTOS. If no DR or BDR is defined in FTOS, the system assigns them. OSPF looks at the priority of the routers on the segment to determine which routers are the DR and BDR. The router with the highest priority is elected the DR. If there is a tie, the router with the higher router ID takes precedence. After the DR is elected, the BDR is elected the same way.
Depending on the type, the link ID has different meanings. • • • • 1: point-to-point connection to another router neighboring router 2: connection to a transit network IP address of Designated Router 3: connection to a stub network IP network/subnet number 4: virtual link neighboring router ID LSA Throttling LSA throttling provides configurable interval timers to improve OSPF convergence times.
www.dell.com | support.dell.com Figure 20-3. Priority and Costs Example Router 2 Priority 180 Cost 50 Router 3 Priority 100 Cost 25 Router 1 Priority 200 Cost 21 Router 4 Priority 150 Cost 20 Router 1 selected by the system as DR. Router 2 selected by the system as BDR. If R1 fails, the system subtracts 21 fromR1 s priority number. R1 s new pr iority is 179. R2 as both the selected BDR and the now-highest priority, becomes the DR. If R3 fails, the system subtracts R2 s new priority is130.
• Opaque Link-local (type 9) Fast Convergence (OSPFv2, IPv4 only) Fast convergence allows you to define the speeds at which LSAs are originated and accepted, and reduce OSPFv2 end-to-end convergence time. FTOS allows you to accept and originate LSAs as soon as they are available to speed up route information propagation. Note: The faster the convergence, the more frequent the route calculations and updates. This impacts CPU utilization and may impact adjacency stability in larger topologies.
www.dell.com | support.dell.com If you require the RFC 2328 flooding behavior, enable it by using the flood-2328 command in ROUTER OSPF mode. When you enable RFC 2328 flooding, this command configures FTOS to flood LSAs on all interfaces. To confirm RFC 2328 flooding behavior, use debug ip ospf packet command and look for output similar to the following (Figure 20-4). Figure 20-4. Enabling RFC-2328 Compliant OSPF Flooding 00:10:41 : OSPF(1000:00): Printed only for ACK packets Rcv.
OSPF Adjacency with Cisco Routers To establish an OSPF adjacency between Dell Force10 and Cisco routers, the hello interval and dead interval must be the same on both routers. In FTOS, the OSPF dead interval value is, by default, set to 40 seconds, and is independent of the OSPF hello interval. Configuring a hello interval does not change the dead interval in FTOS. In contrast, the OSPF dead interval on a Cisco router is, by default, four times as long as the hello interval.
www.dell.com | support.dell.com To assign OSPF features and functions to each router, use the CONFIG-INTERFACE commands for each interface. Note: By default, OSPF is disabled. Configuration Task List for OSPFv2 (OSPF for IPv4) Configuration takes three steps: 1. Configure a physical interface. Assign an IP address, physical or loopback, to the interface to enable Layer 3 routing. 2. Enable OSPF globally. Assign network area and neighbors. 3. Add interfaces or configure other attributes.
To enable OSPFv2 routing, follow these steps. Step 1 Command Syntax Command Mode Usage ip address ip-address mask CONFIG-INTERFACE Assign an IP address to an interface. Format: A.B.C.D/M CONFIG-INTERFACE Enable the interface. If using a loopback interface, refer to Loopback Interfaces on page 230. 2 no shutdown To enable the OSPF process, return to CONFIGURATION mode.
www.dell.com | support.dell.com Figure 20-8. show ip ospf process id Command Example FTOS#show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.10 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Number of area in this router is 0, normal 0 stub 0 nssa 0 FTOS# Enable Multi-Process OSPF Multi-process OSPF allows multiple OSPFv2 processes on a single router. The following list shows the number of processes supported on each platform type.
In CONFIGURATION ROUTER OSPF mode, assign the Router ID. The Router ID is not required to be the router’s IP address. For easier management and troubleshooting, Dell Force10 recommends using the IP address as the Router ID. Command Syntax Command Mode Usage router-id ip address CONFIG-ROUTER-OSPF-id Assign the Router ID for the OSPFv2 process. IP Address: A.B.C.D To disable OSPF, use the no router ospf process-id command in CONFIGURATION mode.
www.dell.com | support.dell.com OSPF functions and features, such as MD5 Authentication, Grace Period, Authentication Wait Time, etc., are assigned on a per interface basis. Note: If using features like MD5 Authentication, ensure all the neighboring routers are also configured for MD5. Figure 20-9 shows an example of assigning an IP address to an interface and then assigning an OSPFv2 area that includes that Layer-3 interface’s IP address. Figure 20-9.
Loopback interfaces also assist in the OSPF process. OSPF picks the highest interface address as the router-id and a loopback interface address has a higher precedence than other interface addresses. Figure 20-11 shows the show ip ospf process-id interface command with a loopback interface. Figure 20-11. show ip ospf process-id interface Command Example FTOS#show ip ospf 1 int TenGigabitEthernet 13/23 is up, line protocol is up Internet Address 10.168.0.1/24, Area 0.0.0.1 Process ID 1, Router ID 10.168.
www.dell.com | support.dell.com To view which LSAs are transmitted, use the show ip ospf database process-id database-summary command syntax in EXEC Privilege mode (Figure 20-12). Figure 20-12. show ip ospf process-id database database-summary Command Example FTOS#show ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area ID 2.2.2.2 3.3.3.
To suppress the interface’s participation on an OSPF interface, use the following command in ROUTER OSPF mode. This command stops the router from sending updates on that interface. Command Syntax Command Mode Usage passive-interface {default | interface} CONFIG-ROUTER-OSPF-id Specify whether all or some of the interfaces will be passive. Default enabled passive interfaces on ALL interfaces in the OSPF process.
www.dell.com | support.dell.com Figure 20-13. show ip ospf process-id interface Command Example FTOS#show ip ospf 34 int TenGigabitEthernet 0/0 is up, line protocol is down Internet Address 10.1.2.100/24, Area 1.1.1.1 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DOWN, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 0.0.0.0 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.
Figure 20-14 shows the convergence settings when you enable fast-convergence. Figure 20-15 shows settings when you disable fast-convergence. To view these settings, use the show ip ospf command. Figure 20-14. show ip ospf process-id (Fast-Convergence Enabled) Command Example FTOS(conf-router_ospf-1)#fast-converge 2 FTOS(conf-router_ospf-1)#exit FTOS(conf)#exit FTOS#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.
www.dell.com | support.dell.com To change OSPFv2 parameters on the interfaces, use any or all of the following commands in CONFIGURATION INTERFACE mode. Command Syntax Command Mode Usage ip ospf cost CONFIG-INTERFACE Change the cost associated with OSPF traffic on the interface. Cost: 1 to 65535 (default depends on the interface speed). ip ospf dead-interval seconds CONFIG-INTERFACE Change the time interval the router waits before declaring a neighbor dead.
To view interface configurations, use the show config command in CONFIGURATION INTERFACE mode (Figure 20-16). To view the interface status in the OSPF process, use the show ip ospf interface command in EXEC mode. Figure 20-16. Changing the OSPF Cost Value on an Interface FTOS(conf-if)#ip ospf cost 45 FTOS(conf-if)#show config ! interface TenGigabitEthernet 0/0 ip address 10.1.2.100 255.255.255.
www.dell.com | support.dell.com Filter Routes To filter routes, use prefix lists. OSPF applies prefix lists to incoming or outgoing routes. Incoming routes must meet the conditions of the prefix lists, and if they do not, OSPF does not add the route to the routing table. Configure the prefix list in CONFIGURATION PREFIX LIST mode prior to assigning it to the OSPF process, To do this, use the following commands.
Redistribute Routes You can add routes from other routing instances or protocols to the OSPF process. With the redistribute command, you can include router information protocol (RIP), static, or directly connected routes in the OSPF process. To redistribute routes, use the following command in CONFIGURATION- ROUTER-OSPF mode.
www.dell.com | support.dell.com Troubleshooting OSPFv2 FTOS has several tools to make troubleshooting easier. Be sure to check the following, as these are typical issues that interrupt an OSPFv2 process.
Figure 20-18. show running-config ospf Command Example FTOS#show run ospf ! router ospf 3 ! router ospf 4 router-id 4.4.4.4 network 4.4.4.0/28 area 1 ! router ospf 5 ! router ospf 6 ! router ospf 7 mib-binding ! router ospf 8 ! default-information originate always router-id 10.10.10.10 FTOS# To get general route and links status information, use the following commands in EXEC Privilege mode.
www.dell.com | support.dell.com To configure the debugging options of an OSPFv2 process, use the following command in EXEC Privilege mode. Command Syntax Command Mode Usage debug ip ospf process-id [event | packet | spf | database-timers rate-limit] EXEC Privilege View debug messages. To view debug messages for a specific OSPF process ID, enter debug ip ospf process-id. If you do not enter a process ID, the command applies to the first OSPF process.
Figure 20-19. Basic Topology and CLI Commands for OSPFv2 OSPF AREA 0 GI 2/1 GI 1/1 GI 2/2 GI 1/2 GI 3/1 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 ! interface TenGigabitEthernet 1/1 ip address 10.1.11.1/24 no shutdown ! interface TenGigabitEthernet 1/2 ip address 10.2.12.2/24 no shutdown ! interface Loopback 10 ip address 192.168.100.100/24 no shutdown GI 3/2 router ospf 33333 network 192.168.100.0/24 area 0 network 10.0.13.
www.dell.com | support.dell.
21 Port Monitoring Port monitoring is a feature that copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG). Port monitoring functionality is different between platforms, but the behavior is the same, with highlighted exceptions.
www.dell.com | support.dell.com Note: There is no limit to the number of monitoring sessions per system, provided that there are only four destination ports per port-pipe. If each monitoring session has a unique destination port, the maximum number of session is four per port-pipe. Port Monitoring The MXL 10/40GbE Switch supports multiple source-destination statements in a monitor session, but there may only be one destination port in a monitoring session (Message 2).
Figure 21-2. Number of Monitoring Ports FTOS(conf)#mon ses 300 FTOS(conf-mon-sess-300)#source tengig 0/17 destination tengig 0/4 direction tx % Error: Exceeding max MG ports for this MD port pipe.
www.dell.com | support.dell.com FTOS Behavior: All monitored frames are tagged if the configured monitoring direction is transmit (TX), regardless of whether the monitored port (MD) is a Layer 2 or Layer 3 port. If the MD port is a Layer 2 port, the frames are tagged with the VLAN ID of the VLAN to which the MD belongs. If the MD port is a Layer 3 port, the frames are tagged with VLAN ID 4095. If the MD port is in a Layer 3 VLAN, the frames are tagged with the respective Layer 3 VLAN ID.
To display monitor sessions, use the show monitor session command from EXEC Privilege mode (Figure 21-4). Figure 21-4.
390 | Port Monitoring www.dell.com | support.dell.
22 Private VLANs (PVLAN) For syntax details about the commands described in this chapter, refer to the Private VLANs (PVLAN) Commands chapter in the FTOS Command Reference Guide.
www.dell.com | support.dell.com Private VLAN Concepts The VLAN types in a PVLAN include: Community VLAN—a type of secondary VLAN in a primary VLAN: • • • Ports in a community VLAN can communicate with each other. Ports in a community VLAN can communicate with all promiscuous ports in the primary VLAN. A community VLAN can only contain ports configured as host. Isolated VLAN—a type of secondary VLAN in a primary VLAN: • • • Ports in an isolated VLAN cannot talk directly to each other.
Each of the port types can be any type of physical Ethernet port, including port channels (LAGs). For details about port channels, refer to Port Channel Interfaces in Interfaces. For an introduction to VLANs, refer to Layer 2. Private VLAN Commands The commands dedicated to supporting the PVLANs feature are: Table 22-1. Private VLAN Commands Task Command Syntax Command Mode Enable/disable Layer 3 communication between secondary VLANs.
www.dell.com | support.dell.com Private VLAN Configuration Task List The following sections contain the procedures that configure a PVLAN: • • • • Creating PVLAN Ports Creating a Primary VLAN Creating a Community VLAN Creating an Isolated VLAN Creating PVLAN Ports PVLAN ports are those that are assigned to the Private VLAN.
Creating a Primary VLAN A primary VLAN is a port-based VLAN that is specifically enabled as a primary VLAN to contain the promiscuous ports and PVLAN trunk ports for the private VLAN. A primary VLAN also contains a mapping to secondary VLANs, which are comprised of community VLANs and isolated VLANs.
www.dell.com | support.dell.com Creating a Community VLAN A community VLAN is a secondary VLAN of the primary VLAN in a Private VLAN. The ports in a community VLAN can talk to each other and with the promiscuous ports in the primary VLAN. To create a community VLAN, follow these steps: Step Command Syntax Command Mode Purpose 1 interface vlan vlan-id CONFIGURATION Access INTERFACE VLAN mode for the VLAN that you want to make a community VLAN. 2 no shutdown INTERFACE VLAN Enable the VLAN.
Figure 22-2.
www.dell.com | support.dell.com The results are: • • • • The ports in community VLAN 4001 can communicate directly with each other and with promiscuous ports. The ports in community VLAN 4002 can communicate directly with each other and with promiscuous ports. The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the primary VLAN 4000.
• • You can also use one of three show commands that are specific to the Private VLAN feature: • show interfaces private-vlan [interface interface]: Display the type and status of the configured PVLAN interfaces. Refer to the example output in the Security chapter of the FTOS Command Reference Guide. • show vlan private-vlan [community | interface | isolated | primary | primary_vlan | interface interface]: Display the configured PVLANs or interfaces that are part of a PVLAN.
www.dell.com | support.dell.com Figure 22-6.
Private VLANs (PVLAN) | 401
402 | Private VLANs (PVLAN) www.dell.com | support.dell.
23 Per-VLAN Spanning Tree Plus (PVST+) Overview Per-VLAN spanning tree plus (PVST+) is a variation of spanning tree—developed by a third party—that allows you to configure a separate spanning tree instance for each VLAN (Figure 23-1). For more information about spanning tree, refer to Spanning Tree Protocol (STP). Figure 23-1.
www.dell.com | support.dell.com The Dell Force10 operating software (FTOS) supports three other variations of spanning tree (Table 23-1). Table 23-1. FTOS Supported Spanning Tree Protocols Dell Force10 Term IEEE Specification Spanning Tree Protocol (STP) 802.1d Rapid Spanning Tree Protocol (RSTP) 802.1w Multiple Spanning Tree Protocol (MSTP) 802.1s Per-VLAN Spanning Tree Plus (PVST+) Third Party Implementation Information • • • The FTOS implementation of PVST+ is based on RPVST.
Enable PVST+ When you enable PVST+, FTOS instantiates STP on each active VLAN. To enable PVST+ globally, follow these steps: Step Task Command Syntax Command Mode 1 Enter PVST context. protocol spanning-tree pvst PROTOCOL PVST 2 Enable PVST+. no disable PROTOCOL PVST Disable PVST+ To disable PVST+, use the following commands. Task Command Syntax Command Mode Disable PVST+ globally. disable PROTOCOL PVST Disable PVST+ on an interface, or remove a PVST+ parameter configuration.
Load Balancing with PVST+ STI 2 root vlan 100 bridge-priority 4096 STI 3 root STI 1: VLAN 100 STI 2: VLAN 200 STI 3: VLAN 300 R2 2/32 Blocking R3 vlan 100 bridge-priority 4096 3/22 X 3/12 2/12 Forwarding www.dell.com | support.dell.com Figure 23-3. 1/22 X X 1/32 STI 1 root R1 vlan 100 bridge-priority 4096 The bridge with the bridge value for bridge priority is elected root.
Display the PVST+ forwarding topology by entering the show spanning-tree pvst [vlan vlan-id] command from EXEC Privilege mode (Figure 23-4). Figure 23-4. Display the PVST+ Forwarding Topology FTOS(conf-if-te-5/41)#do show spanning-tree pvst vlan 2 VLAN 2 Root Identifier has priority 32768, Address 001e.c9f1.00f3 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 32768, Address 001e.c9f1.
www.dell.com | support.dell.com To change PVST+ parameters, use the following commands on the Root Bridge: Task Command Syntax Command Mode Change the forward-delay parameter. • Range: 4 to 30 • Default: 15 seconds vlan forward-delay PROTOCOL PVST Change the hello-time parameter. vlan hello-time PROTOCOL PVST vlan max-age PROTOCOL PVST Note: With large configurations (especially those with more ports), Dell Force10 recommends that you increase the hello-time.
Figure 23-5. BPDU Filtering enabled globally Task Command Syntax Command Mode Enable BPDU Filter globally to filter transmission of BPDU port fast enabled interfaces. edge-port bpdu filter default PROTOCOL PVST Modify Interface PVST+ Parameters To increase or decrease the probability that a port becomes a forwarding port, you can adjust two interface parameters: • • Port cost is a value that is based on the interface type.
www.dell.com | support.dell.com Note: The FTOS implementation of PVST+ uses IEEE 802.1s costs as the default costs. Other implementations use IEEE 802.1d costs as the default costs. If you are using Dell Force10 systems in a multi-vendor network, verify that the costs are values you intended. To change the port cost or priority of an interface, use the following commands: Task Command Syntax Command Mode Change the port cost of an interface. Range: 0 to 200000 Default: refer to Table 23-2.
FTOS Behavior: Regarding the bpduguard shutdown-on-violation behavior: 1 If the interface to be shutdown is a port channel, all the member ports are disabled in the hardware. 2 When you add a physical port to a port channel already in Error Disable state, the new member port id also disabled in the hardware. 3 When you remove a physical port from a port channel in Error Disable state, the Error Disabled state is cleared on this physical port (the physical port is enabled in the hardware).
www.dell.com | support.dell.com Figure 23-6. PVST+ with Extend System ID Task Command Syntax Command Mode Augment the Bridge ID with the VLAN ID. extend system-id PROTOCOL PVST FTOS(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32773 (priority 32768 sys-id-ext 5), Address 0001.e832.
PVST+ Sample Configurations Figure 23-7, Figure 23-8, and Figure 23-9 provide the running configurations for the topology shown in Figure 23-3. Figure 23-7.
www.dell.com | support.dell.com Figure 23-8.
24 Quality of Service (QoS) Overview Differentiated service is accomplished by classifying and queuing traffic and assigning priorities to those queues. The MXL Switch traffic has four data queues per port. All queues are serviced using the Weighted Round Robin scheduling algorithm. You can only manage queuing prioritization on egress.
www.dell.com | support.dell.com Table 24-1.
Figure 24-1. Dell Force10 QoS Architecture Implementation Information The Dell Force10 QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication.
www.dell.com | support.dell.com Set dot1p Priorities for Incoming Traffic Change the priority of incoming traffic on the interface using the dot1p-priority command from INTERFACE mode (Figure 24-2). The Dell Force10 operating software (FTOS) places marked traffic in the corresponding queue as shown in Table 24-2. If you set a dot1p priority for a port-channel, all port-channel members are configured with the same value. You cannot assign a dot1p value to individual interfaces in a port-channel.
On the MXL Switch, you can configure service-class dynamic dot1p from CONFIGURATION mode, which applies the configuration to all interfaces. A CONFIGURATION mode service-class dynamic dot1p entry supersedes any INTERFACE entries. For more information, refer to Mapping dot1p Values to Service Queues. Note: You cannot configure service-policy input and service-class dynamic dot1p on the same interface. Figure 24-3.
www.dell.com | support.dell.com Configure Port-based Rate Shaping Rate shaping buffers, rather than drops, traffic that exceeds the specified rate until the buffer is exhausted. If any stream exceeds the configured bandwidth on a continuous basis, it can consume all of the buffer space that is allocated to the port. • • To apply rate shaping to outgoing traffic on a port, use the rate shape command from INTERFACE mode (Figure 24-5).
Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to each class. For both class maps, Layer 2 and Layer 3, FTOS matches packets against match criteria in the order that you configure them. Create a Layer 3 Class Map A Layer 3 class map differentiates ingress packets based on the DSCP value or IP precedence, and characteristics defined in an IP access control list (ACL).
www.dell.com | support.dell.com Create a Layer 2 Class Map All class maps are Layer 3 by default; you can create a Layer 2 class map by specifying the option layer2 with the class-map command. A Layer 2 class map differentiates traffic according to the 802.1p value and/ or characteristics defined in a MAC ACL. 1. To create a match-any class map, use the class-map match-any command or to create a match-all class map, use the class-map match-all command from CONFIGURATION mode, and enter the keyword layer2.
Figure 24-8. FTOS#show ! class-map match ip match ip match ip Marking Flows in the Same Queue with Different DSCP Values run class-map match-any example-flowbased-dscp access-group test set-ip-dscp 2 access-group test1 set-ip-dscp 4 precedence 7 set-ip-dscp 1 FTOS#show run qos-policy-input ! qos-policy-input flowbased set ip-dscp 3 Display Configured Class Maps and Match Criteria To display all class-maps or a specific class map, use the show qos class-map command from EXEC Privilege mode.
www.dell.com | support.dell.com 1. Create a Layer 3 input QoS policy using the qos-policy-input command from CONFIGURATION mode. Create a Layer 2 input QoS policy by specifying the keyword layer2 after the qos-policy-input command. 2.
Configure Policy-Based Rate Shaping To rate shape egress traffic, use the rate-shape command from QOS-POLICY-OUT mode. Allocate Bandwidth to the Queue To allocate bandwidth, use the bandwidth-percentage command in QOS-POLICY-OUT mode. FTOS recommends that you pre-calculate your bandwidth requirements before creating them. Make sure you apply the QoS policy to all the four queues and that the sum of the bandwidths allocated through them is exactly 100.
www.dell.com | support.dell.com 3. Apply the input policy map to an interface. Apply a Class-Map or Input QoS Policy to a Queue To assign an input QoS policy to a queue, use the service-queue command from POLICY-MAP-IN mode. Apply an Input QoS Policy to an Input Policy Map To apply an input QoS policy to an input policy map, use the policy-aggregate command from POLICY-MAP-IN mode.
Honoring dot1p Values on Ingress Packets FTOS provides the ability to honor dot1p values on ingress packets with the trust dot1p feature. To enable trust dot1p, use the trust dot1p command from POLICY-MAP-IN mode. Table 24-4 lists the queue to which the classified traffic is sent based on the dot1p value. Table 24-4. Default dot1p to Queue Mapping dot1p Queue ID 0 0 1 0 2 0 3 1 4 2 5 3 6 3 7 3 The dot1p value is also honored for frames on the default VLAN.
www.dell.com | support.dell.com Figure 24-10.
Mapping dot1p Values to Service Queues All traffic is, by default, mapped to the same queue, Queue 0. If you honor dot1p on ingress, you can create service classes based the queueing strategy in Table 24-4 using the service-class dynamic dot1p command from INTERFACE mode. Apply this queuing strategy globally by entering this command from CONFIGURATION mode. • • All dot1p traffic is mapped to Queue 0 unless you enable the service-class dynamic dot1p command on an interface or globally.
www.dell.com | support.dell.com Apply an Output Policy Map to an Interface To apply an output policy map to an interface, use the service-policy output command from INTERFACE mode. You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it.
Strict-Priority Queueing To assign strict-priority to one unicast queue, 1 to 3, use the strict-priority command from CONFIGURATION mode. Strict-priority means that FTOS dequeues all packets from the assigned queue before servicing any other queues. • • • The strict-priority command supersedes the bandwidth-percentage command percentage configurations. A queue with strict-priority can starve other queues in the same port-pipe.
www.dell.com | support.dell.com Table 24-5. Pre-defined WRED Profiles Default Profile Name Minimum Threshold Maximum Threshold Maximum Drop Rate wred_drop 0 0 100 wred_teng_y 467 4671 100 wred_teng_g 467 4671 50 wred_fortyg_y 467 4671 50 wred_fortyg_g 467 4671 25 Create WRED Profiles To create a WRED profile, follow these steps: 1. To create a WRED profile, use the wred command from CONFIGURATION mode. 2. The wred command places you in WRED mode.
Display WRED Drop Statistics To display the number of packets FTOS dropped by the WRED profile, use the show qos statistics command from EXEC Privilege mode (Figure 24-13). Figure 24-13.
434 | Quality of Service (QoS) www.dell.com | support.dell.
25 Routing Information Protocol (RIP) Routing Information Protocol (RIP) is based on a distance-vector algorithm. RIP tracks distances or hop counts to nearby routers when establishing network connections. • • • • Overview Implementation Information Configuration Information RIP Configuration Example RIP protocol standards are listed in the Standards Compliance chapter. Overview RIP is the oldest interior gateway protocol. There are two versions of RIP: RIP version 1 (RIPv1) and RIP version 2 (RIPv2).
www.dell.com | support.dell.com RIPv2 RIPv2 adds support for subnet fields in the RIP routing updates, thus qualifying it as a classless routing protocol. The RIPv2 message format includes entries for route tags, subnet masks, and next hop addresses. Another enhancement included in RIPv2 is multicasting for route updates on IP multicast address 224.0.0.9.
• • • • • Generate a Default Route (optional) Control Route Metrics (optional) Summarize Routes (optional) Control Route Metrics Debug RIP For a complete listing of all commands related to RIP, refer to the FTOS Command Reference Guide. Enable RIP Globally By default, RIP is not enabled in FTOS.
www.dell.com | support.dell.com When the RIP process has learned the RIP routes, use the show ip rip database command in EXEC mode to view those routes (Figure 25-2). Figure 25-2. show ip rip database Command Example (Partial) FTOS#show ip rip database Total number of routes in RIP database: 978 160.160.0.0/16 [120/1] via 29.10.10.12, 00:00:26, Fa 160.160.0.0/16 auto-summary 2.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 2.0.0.0/8 auto-summary 4.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 4.0.0.
Control RIP Routing Updates By default, RIP broadcasts routing information to all enabled interfaces, but you can configure RIP to send or to block RIP routing information, either from a specific IP address or a specific interface. To control which devices or interfaces receive routing updates, you must configure a direct update to one router and configure interfaces to block RIP updates from other sources.
www.dell.com | support.dell.com To add routes from other routing instances or protocols, use any of the following commands in ROUTER RIP mode: Command Syntax Command Mode Purpose redistribute {connected | static} [metric metric-value] [route-map map-name] ROUTER RIP Include directly connected or user-configured (static) routes in RIP. • metric range: 0 to 16 • map-name: name of a configured route map.
Figure 25-3 shows an example of the RIP configuration after you use the version command to set RIPv2 in ROUTER RIP mode. After you set the version command in ROUTER RIP mode, the interface (TenGigabitEthernet 0/0) participating in the RIP process is also set to send and receive RIPv2. Figure 25-3.
www.dell.com | support.dell.com The show ip protocols command example Figure 25-5 confirms that both versions are sent out that interface. This interface no longer sends and receives the same RIP versions as FTOS does globally. Figure 25-5.
Summarize Routes Routes in the RIPv2 routing table are summarized by default, thus reducing the size of the routing table and improving routing efficiency in large networks. By default, the autosummary command in ROUTER RIP mode is enabled and summarizes RIP routes up to the classful network boundary. If you must perform routing between discontiguous subnets, disable automatic summarization. With automatic route summarization disabled, subnets are advertised.
www.dell.com | support.dell.com To view configuration changes, use the show config command in ROUTER RIP mode. Debug RIP To enable RIP debugging, use the debug ip rip command. When you enable debugging, you can view information about RIP protocol changes or RIP routes (Figure 25-6). To enable RIP debugging, use the following command in EXEC privilege mode: Command Syntax Command Mode Purpose debug ip rip [interface | database | events | trigger] EXEC privilege Enable debugging of RIP. Figure 25-6.
Figure 25-7. RIP Topology Example Configuring RIPv2 on Core 2 Figure 25-8. Configuring RIPv2 on Core 2 Core2(conf-if-te-2/31)# Core2(conf-if-te-2/31)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10.0 Core2(conf-router_rip)#network 10.300.10.0 Core2(conf-router_rip)#network 10.11.10.0 Core2(conf-router_rip)#network 10.11.20.0 Core2(conf-router_rip)#show config ! router rip network 10.0.0.
www.dell.com | support.dell.com Figure 25-9. Example of RIP Configuration Response from Core 2 Core2(conf-router_rip)#end 00:12:24: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by console Core2#show ip rip database Total number of routes in RIP database: 7 10.11.30.0/24 [120/1] via 10.11.20.1, 00:00:03, TenGigabitEthernet 2/31 10.300.10.0/24 directly connected,TenGigabitEthernet 2/42 10.200.10.0/24 directly connected,TenGigabitEthernet 2/41 10.11.20.
Figure 25-11.
www.dell.com | support.dell.com Core 3 RIP Output The examples in this section are: • • • To display the Core 3 RIP database, use the show ip rip database command (Figure 25-13). To display the Core 3 RIP setup, use the show ip route command (Figure 25-14). To display the Core 3 RIP activity, use the show ip protocols command (Figure 25-15). Figure 25-13. show ip rip database Command Example for Core 3 RIP Setup Core3#show ip rip database Total number of routes in RIP database: 7 10.11.10.
Figure 25-15.
www.dell.com | support.dell.com RIP Configuration Summary Figure 25-16. Summary of Core 2 RIP Configuration Using Output of show run Command ! interface TenGigabitEthernet 2/11 ip address 10.11.10.1/24 no shutdown ! interface TenGigabitEthernet 2/31 ip address 10.11.20.2/24 no shutdown ! interface TenGigabitEthernet 2/41 ip address 10.200.10.1/24 no shutdown ! interface TenGigabitEthernet 2/42 ip address 10.300.10.1/24 no shutdown router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.
Routing Information Protocol (RIP) | 451
www.dell.com | support.dell.
26 Remote Monitoring (RMON) Overview This chapter describes remote monitoring (RMON). This chapter includes the following sections: • • Implementation Fault Recovery RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Force10 Ethernet interfaces.
www.dell.com | support.dell.com RMON implements the following standard request for comment (RFCs) (for more information, refer to RFC and I-D Compliance): • • • RFC-2819 RFC-3273 RFC-3434 Fault Recovery RMON provides the following fault recovery functions: Interface Down—When an RMON-enabled interface goes down, monitoring continues. However, all data values are registered as 0xFFFFFFFF (32 bits) or ixFFFFFFFFFFFFFFFF (64 bits). When the interface comes back up, RMON monitoring processes resumes.
Set the RMON Alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. To disable the alarm, use the no form of these commands: Command Syntax Command Mode Purpose [no] rmon alarm number variable interval {delta | absolute} rising-threshold [value event-number] falling-threshold value event-number [owner string] CONFIGURATION Set an alarm on any MIB object. Use the no form of this command to disable the alarm.
www.dell.com | support.dell.com To configure an RMON alarm, use the rmon alarm command (Figure 26-1). Figure 26-1. rmon alarm Command Example FTOS(conf)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 20 delta rising-threshold 15 1 falling-threshold 0 owner nms1 Alarm Number MIB Variable Monitor Interval Counter Value Limit Triggered Event The above example configures RMON alarm number 10. The alarm monitors the MIB variable 1.3.6.1.2.1.2.2.1.20.1 (ifEntry.
Figure 26-2. rmon event Command Example FTOS(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 The configuration in Figure 26-2 creates RMON event number 1 with the description “High ifOutErrors”, and generates a log entry when the event is triggered by an alarm. The user nms1 owns the row that is created in the event table by this command. This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”.
www.dell.com | support.dell.com Configure RMON Collection History To enable the RMON MIB history group of statistics collection on an interface, use the rmon collection history command in CONFIGURATION INTERFACE (conf-if) mode. To remove a specified RMON history group of statistics collection, use the no rmon collection history command.
Remote Monitoring (RMON) | 459
460 | Remote Monitoring (RMON) www.dell.com | support.dell.
27 Rapid Spanning Tree Protocol (RSTP) Overview Rapid spanning tree protocol (RSTP) is a Layer 2 protocol—specified by IEEE 802.1w—that is essentially the same as the spanning-tree protocol (STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP). FTOS supports three other variations of spanning tree (Table 27-1). Table 27-1.
www.dell.com | support.dell.com • • • SNMP Traps for Root Elections and Topology Changes Fast Hellos for Link State Detection Flush MAC Addresses after a Topology Change Important Points to Remember • • • • RSTP is disabled by default. FTOS supports only one RST instance. All interfaces in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode are automatically added to the RST topology.
To configure and enable the interfaces for Layer 2, use the following commands: Step Task Command Syntax Command Mode 1 If the interface has been assigned an IP address, remove it. no ip address INTERFACE 2 Place the interface in Layer 2 mode. switchport INTERFACE 3 Enable the interface. no shutdown INTERFACE To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Figure 27-2.
www.dell.com | support.dell.com To verify that RSTP is enabled, use the show config command from PROTOCOL SPANNING TREE RSTP mode (Figure 27-3). Figure 27-3. FTOS(conf-rstp)#show config ! protocol spanning-tree rstp no disable FTOS(conf-rstp)# Indicates that Rapid Spanning Tree is enabled When you enable RST, all physical and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of the RST topology (Figure 27-4).
To view the interfaces participating in RST, use the show spanning-tree rstp command from EXEC privilege mode (Figure 27-5). If a physical interface is part of a port channel, only the port channel is listed in the command output. Figure 27-5. show spanning-tree rstp Command Example FTOS#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.
www.dell.com | support.dell.com To confirm that a port is participating in RST, use the show spanning-tree rstp brief command from EXEC privilege mode (Figure 27-6). Figure 27-6. show spanning-tree rstp brief Command Example FTOS#show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e80f.
• Max-age is the length of time the bridge maintains configuration information before it refreshes that information by recomputing the RST topology. Note: Dell Force10 recommends that only experienced network administrators change the RST group parameters. Poorly planned modification of the RSTG parameters can negatively impact network performance. Table 27-2 lists the default values for RSTP. Table 27-2.
www.dell.com | support.dell.com Enable BPDU Filtering globally The enabling of BPDU Filtering stops transmitting of BPDUs on the operational port fast enabled ports by default. When BPDUs are received, the spanning tree is automatically prepared. By default global bpdu filtering is disabled. Figure 27-7. BPDU Filtering enabled globally Task Command Syntax Command Mode Enable BPDU Filter globally to filter transmission of BPDU port fast enabled interfaces.
To change the port cost or priority of an interface, use the following commands: Task Command Syntax Command Mode Change the port cost of an interface. Range: 0 to 65535 Default: refer to Table 27-2. spanning-tree rstp cost cost INTERFACE Change the port priority of an interface. Range: 0 to 240 Default: 128 spanning-tree rstp priority priority-value INTERFACE To view the current values for interface parameters, use the show spanning-tree rstp command from EXEC privilege mode (Figure 27-5).
www.dell.com | support.dell.com FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1 If the interface to be shutdown is a port channel, all the member ports are disabled in the hardware. 2 When a physical port is added to a port channel already in the Error Disable state, the new member port is also disabled in the hardware.
Figure 27-9. bridge-priority Command Example FTOS(conf-rstp)#bridge-priority 4096 FTOS(conf-rstp)#2d0h22m: %STKUNIT3-M:CP %SPANMGR-5-STP_ROOT_CHANGE: RSTP root changed. My Bridge ID: 4096:001e.c9f1.00cf Old Root: 32768:0001.e88a.fdb3 New Root: 4096:001e.c9f1.00cf Old root bridge ID New root bridge ID SNMP Traps for Root Elections and Topology Changes To enable SNMP traps for RSTP, MSTP, and PVST+ collectively, use the snmp-server enable traps xstp command.
www.dell.com | support.dell.
28 Security This chapter describes the following: • • • • • • • • • AAA Accounting AAA Authentication AAA Authorization RADIUS TACACS+ Protection from TCP Tiny and Overlapping Fragment Attacks SCP and SSH Telnet VTY Line and Access-Class Configuration For details about all the commands described in this chapter, refer to the Security Commands chapter in the FTOS Command Reference Guide.
www.dell.com | support.dell.com • • Configure AAA Accounting for Terminal Lines (optional) Monitor AAA Accounting (optional) Enable AAA Accounting To create a record for any or all of the accounting functions monitored, use the aaa accounting command.
Configure Accounting of EXEC and Privilege-Level Command Usage The network access server monitors the accounting functions defined in the terminal access controller access control system (TACACS+) attribute/value (AV) pairs. In Figure 28-1, AAA accounting is set to track all usage of EXEC commands and commands on privilege level 15. Figure 28-1.
www.dell.com | support.dell.com Figure 28-3.
Configure AAA Authentication Login Methods To configure an authentication method and method list, use these commands in the following sequence in CONFIGURATION mode: Step Command Syntax Command Mode Purpose aaa authentication login {method-list-name | default} method1 [...method4] CONFIGURATION Define an authentication method-list (method-list-name) or specify the default. The default method-list is applied to all terminal lines.
www.dell.com | support.dell.com Enable AAA Authentication To enable AAA authentication, use the following command in CONFIGURATION mode: Command Syntax Command Mode Purpose aaa authentication enable {method-list-name | default} method1 [... method4] CONFIGURATION • • • default—Uses the listed authentication methods that follows this argument as the default list of methods when a user logs in.
To use local authentication for enable secret on the console, while using remote authentication on virtual terminal line (VTY) lines, use the following commands: FTOS(conf)# aaa authentication enable mymethodlist radius tacacs FTOS(conf)# line vty 0 9 FTOS(conf-line-vty)# enable authentication mymethodlist Server-Side Configuration TACACS+: When using TACACS+, Dell Force10 sends an initial packet with service type SVC_ENABLE, and then, a second packet with just the password.
www.dell.com | support.dell.com Privilege levels 2 through 14 are not configured and you can customize them for different users and access. After you configure other privilege levels, enter those levels by adding the level parameter after the enable command or by configuring a user name or password that corresponds to the privilege level. For more information about configuring user names, refer to Configure a Username and Password. By default, commands in FTOS are assigned to different privilege levels.
To configure a username and password, use the following command in CONFIGURATION mode: Command Syntax Command Mode Purpose username name [access-class access-list-name] [nopassword | password [encryption-type] password] [privilege level] CONFIGURATION Assign a user name and password. Configure the optional and required parameters: • name: Enter a text string up to 63 characters long. • access-class access-list-name: Enter the name of a configured IP ACL.
www.dell.com | support.dell.com Configure Custom Privilege Levels In addition to assigning privilege levels to the user, you can configure the privilege levels of commands so that they are visible in different privilege levels. Within FTOS, commands have certain privilege levels. With the privilege command, you can change the default level or you can reset their privilege level back to the default.
To view the configuration, use the show running-config command in EXEC Privilege mode. Figure 28-4 is an example of a configuration to allow a user “john” to view only EXEC mode commands and all snmp-server commands. Because the snmp-server commands are “enable” level commands and, by default, found in CONFIGURATION mode, you must also assign the launch command for CONFIGURATION mode, configure, to the same privilege level as the snmp-server commands. Figure 28-4.
www.dell.com | support.dell.com Specify the LINE Mode Password and Privilege You can specify a password authentication of all users on different terminal lines. The user’s privilege level is the same as the privilege level assigned to the terminal line. To specify a password for the terminal line, use the following commands, in any order, in LINE mode: Command Syntax Command Mode Purpose privilege level level LINE Configure a custom privilege level for the terminal lines. • level level range: 0 to 15.
Transactions between the RADIUS server and the client are encrypted (the users’ passwords are not sent in plain text). RADIUS uses the user datagram protocol (UDP) as the transport protocol between the RADIUS server host and the client. For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service.
www.dell.com | support.dell.com RADIUS can specify an ACL for the user if both of the following are true: • • If an ACL is absent. There is a very long delay for an entry, or a denied entry because of an ACL, and a message is logged. Note: The ACL name must be a string. Only standard ACLs in authorization (both RADIUS and TACACS) are supported. Authorization is denied in cases using extended ACLs.
Define an AAA Method List to be Used for RADIUS To configure RADIUS to authenticate or authorize users on the system, you must create an AAA method list. Default method lists do not need to be explicitly applied to the line, so they are not mandatory.
www.dell.com | support.dell.com To specify a RADIUS server host and configure its communication parameters, use the following command in CONFIGURATION mode: Command Syntax Command Mode Purpose radius-server host {hostname | ip-address} [auth-port port-number] [retransmit retries] [timeout seconds] [key [encryption-type] key] CONFIGURATION Enter the host name or IP address of the RADIUS server host.
Command Syntax Command Mode Purpose radius-server key [encryption-type] key CONFIGURATION Configure a key for all RADIUS communications between the system and RADIUS server hosts. • encryption-type: Enter 7 to encrypt the password. Enter 0 to keep the password as plain text. • key: Enter a string. The key can be up to 42 characters long. You cannot use spaces in the key. radius-server retransmit retries CONFIGURATION Configure the number of times FTOS retransmits RADIUS requests.
www.dell.com | support.dell.com • Choose TACACS+ as the Authentication Method For a complete listing of all commands related to TACACS+, refer to the Security chapter in the FTOS Command Reference Guide. Choose TACACS+ as the Authentication Method One of the login authentication methods available is TACACS+ and the user’s name and password are sent for authentication to the TACACS hosts specified.
Figure 28-6.
www.dell.com | support.dell.com Figure 28-7 shows how to configure access-class from a TACACS+ server. This causes the configured access-class on the VTY line to be ignored. If you have configured a deny10 ACL on the TACACS+ server, FTOS downloads it and applies it. If the user is found to be coming from the 10.0.0.0 subnet, FTOS also immediately closes the Telnet connection. Note that no matter where the user is coming from, they see the login prompt. Figure 28-7.
To delete a TACACS+ server host, use the no tacacs-server host {hostname | ip-address} command. freebsd2# telnet 2200:2200:2200:2200:2200::2202 Trying 2200:2200:2200:2200:2200::2202... Connected to 2200:2200:2200:2200:2200::2202. Escape character is '^]'. Login: admin Password: FTOS# FTOS# Command Authorization The AAA command authorization feature configures FTOS to send each configuration command to a TACACS server for authorization before it is added to the running configuration.
www.dell.com | support.dell.com SCP and SSH Secure shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. FTOS is compatible with SSH versions 1.5 and 2, both the client and server modes. SSH sessions are encrypted and use authentication. For information about command syntax, refer to the Security chapter in the FTOS Command Line Interface Reference Guide. Secure copy (SCP) is a remote file copy program that works with SSH and is supported by FTOS.
Figure 28-8. Specifying an SSH version FTOS(conf)#ip ssh server version 2 FTOS(conf)#do show ip ssh SSH server : disabled. SSH server version : v2. Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled. Vty Encryption Remote IP To disable SSH server functions, use the no ip ssh server enable command.
www.dell.com | support.dell.com • ip ssh authentication-retries: Configure the maximum number of attempts that should be used to authenticate a user. • • • • • • • • • • • ip ssh connection-rate-limit: Configure the maximum number of incoming SSH connections per minute. ip ssh hostbased-authentication enable: Enable hostbased-authentication for the SSHv2 server. ip ssh key-size: Configure the size of the server-generated RSA SSHv1 key.
Figure 28-10. Enabling SSH Password Authentication FTOS(conf)#ip ssh server enable % Please wait while SSH Daemon initializes ... done. FTOS(conf)#ip ssh password-authentication enable FTOS#sh ip ssh SSH server : enabled. Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled. Vty Encryption Remote IP RSA Authentication of SSH To authenticates an SSH client based on an RSA key using RSA authentication, follow these steps.
www.dell.com | support.dell.com To configure host-based authentication, use the following steps: Step Task Command Syntax Command Mode 1 Configure RSA Authentication. Refer to RSA Authentication of SSH above. 2 Create shosts by copying the public RSA key to the to the file shosts in the diretory .ssh, and write the IP address of the host to the file (Figure 28-12). Figure 28-12. cp /etc/ssh/ssh_host_rsa_key.pub /.
Client-based SSH Authentication To set SSH from the chassis to the SSH client, use the ssh ip_address command. This method uses SSH version 1 or version 2. If the SSH port is a non-default value, to change the default port number, use the ip ssh server port number command. You may only change the port number when SSH is disabled. You must then still use the -p option with the ssh command. Figure 28-14. Client-Based SSH Authentication FTOS#ssh 10.16.127.
www.dell.com | support.dell.com Telnet To use Telnet with SSH, you must first enable SSH, as described above. By default, the Telnet daemon is enabled. To disable the Telnet daemon, use the [no] ip telnet server enable command, or disable Telnet in the startup config (Figure 28-15). Figure 28-15.
You can assign line authentication on a per-VTY basis; it is a simple password authentication using an access-class as authorization. Local authentication is configured globally. You configure access classes on a per-user basis. FTOS can assign different access classes to different users by username. Until users attempt to log in, FTOS does not know if they will be assigned a VTY line.
www.dell.com | support.dell.com Figure 28-17. Example Access Class Configuration Using TACACS+ Without Prompt FTOS(conf)#ip access-list standard deny10 FTOS(conf-ext-nacl)#permit 10.0.0.0/8 FTOS(conf-ext-nacl)#deny any FTOS(conf)# FTOS(conf)#aaa authentication login tacacsmethod tacacs+ FTOS(conf)#tacacs-server host 256.1.1.
Security | 503
504 | Security www.dell.com | support.dell.
29 sFlow This chapter contains the following sections: • • • • • • • • Enable and Disable sFlow sFlow Show Commands Specify Collectors Polling Intervals Sampling Rate Back-Off Mechanism sFlow on LAG ports Extended sFlow Overview The Dell Force10 operating software (FTOS) supports sFlow version 5. sFlow is a standard-based sampling technology embedded within switches and routers which you can use to monitor network traffic (Figure 29-1).
www.dell.com | support.dell.com Figure 29-1. sFlow Traffic Monitoring System sFlow Collector Switch/Router sFlow Datagrams sFlow Agent Poll Interface Counters Interface Counters Flow Samples Switch ASIC Implementation Information The Dell Force10 sFlow is designed so that the hardware sampling rate is per stack unit port-pipe and is decided based on all the ports in that port-pipe.
• • • • • • The 802.1P source priority field is not filled in extended switch element in the sFlow datagram. Only the Destination and Destination Peer AS number are packed in the dst-as-path field in extended gateway element. If the packet being sampled is redirected using policy-based routing (PBR), the sFlow datagram may contain incorrect extended gateway and/or router information. The source VLAN field in the extended switch element is not packed in case of routed packet.
www.dell.com | support.dell.com Show sFlow Globally To view sFlow statistics, use the following command (Figure 29-2): Command Syntax show sflow Figure 29-2. Command Mode EXEC Purpose Display sFlow configuration information and statistics. show sflow Command Example FTOS#show sflow Indicates sFlow is globally enabled sFlow services are enabled Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53, Agent IP addr: 133.33.
Show sFlow on a Stack Unit To view sFlow statistics on a specified stack unit, use the following command (Figure 29-4): Command Syntax Command Mode show sflow stack-unit unit-number Figure 29-4. EXEC Purpose Display sFlow configuration information and statistics on the specified interface.
www.dell.com | support.dell.com . Command Syntax Command Mode sflow polling-interval interval value CONFIGURATION or INTERFACE Usage Change the global default counter polling interval. interval value—in seconds. Range: 15 to 86400 seconds. Default: 20 seconds. Sampling Rate The sFlow sampling rate is the number of packets that are skipped before the next sample is taken. sFlow does not have time-based packet sampling.
3. Configures interface Tengig 1/1 to a sub-sampling rate of 2 to achieve an actual rate of 8192. Note: Sampling rate backoff can change the sampling rate value that is set in the hardware. The following equation shows the relationship between the actual sampling rate, the sub-sampling rate, and the hardware sampling rate for an interface: Actual sampling rate = sub-sampling rate * hardware sampling rate Note: There is an absence of a configured rate in the equation.
www.dell.com | support.dell.com To confirm that extended information packing is enabled, use the show sflow to confirm that extended information packing is enabled (Figure 29-5). Figure 29-5. Confirming that Extended sFlow is Enabled FTOS#show sflow sFlow services are enabled Extended sFlow settings Global default sampling rate: 4096 show all 3 types are enabled Global default counter polling interval: 15 Global extended information enabled: switch 1 collectors configured Collector IP addr: 10.10.10.
sFlow | 513
514 | sFlow www.dell.com | support.dell.
30 Simple Network Management Protocol (SNMP) Protocol Overview Network management stations use the Simple Network Management Protocol (SNMP) to retrieve or alter management data from network elements. A datum of management information is called a managed object; the value of a managed object can be static or variable. Network elements store managed objects in a database called a Management Information Base (MIB).
www.dell.com | support.dell.com Configuring SNMP version 3 requires you to configure SNMP users in one of three methods. See Setting Up User-based Security (SNMPv3).
Related Configuration Tasks The following list contains configuration tasks for SNMP: • • • • • • • • • • • • • Setting up SNMP Setting Up User-based Security (SNMPv3) Read Managed Object Values Write Managed Object Values Configure Contact and Location Information Using SNMP Subscribe to Managed Object Value Updates using SNMP Copy Configuration Files Using SNMP Manage VLANs Using SNMP Enable and Disable a Port Using SNMP Fetch Dynamic MAC Entries Using SNMP Deriving Interface Indices Monitor Port-channel
www.dell.com | support.dell.com Create a Community For SNMPv1 and SNMPv2, you must create a community to enable the community-based security in FTOS. The management station generates requests to either retrieve or alter the value of a management object and is called the SNMP manager. A network element that processes SNMP requests is called an SNMP agent. An SNMP community is a group of SNMP agents and managers that are allowed to interact.
Figure 30-2. Select a User-based Security Type FTOS(conf)#snmp-server host 1.1.1.1 traps {oid tree} version 3 ? auth Use the SNMPv3 authNoPriv Security Level noauth Use the SNMPv3 noAuthNoPriv Security Level priv Use the SNMPv3 authPriv Security Level FTOS(conf)#snmp-server host 1.1.1.1 traps version 3 noauth ? WORD SNMPv3 user name To set up a user with view privileges only (no password or privacy privileges): Task Command Command Mode Configure the user.
www.dell.com | support.dell.com Read Managed Object Values You may only retrieve (read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Force10 supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address. These values display for ipAddressTable objects using the snmpwalk command. In the following figure, the value “4” displays in the OID before the IP address for IPv4.
Task Command Figure 30-5. Reading the Value of Many Managed Objects at Once > snmpwalk -v 2c -c mycommunity 10.11.209.217 .1.3.6.1.2.1.1 SNMPv2-MIB::sysDescr.0 = STRING: Dell Force10 OS Operating System Version: 1.0 Application Software Version: E8-3-16-0 Series: MXL-10/40GbE Copyright (c) 1999-2012 by Dell Inc. All Rights Reserved. Build Time: Tue May 22 22:40:56 PDT 2012 SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.6027.1.4.
www.dell.com | support.dell.com To configure system contact and location information from the Dell Force10 system: Task Command Command Mode Identify the system manager along with this person’s contact information (e.g., E-mail address or phone number). You may use up to 55 characters. Default: None snmp-server contact text CONFIGURATION Identify the physical location of the system. For example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1. You may use up to 55 characters.
To configure the system to send SNMP notifications, follow these steps: Step Task Command Command Mode Configure the Dell Force10 system to send notifications to an SNMP server. • Enter the keyword traps to send trap messages. • Enter the keyword informs to send informational messages. • Enter the keyword version to send the SNMP version to use for notification messages. • Enter the name of the community-string to identify the SNMPv1 community string.
www.dell.com | support.dell.com Table 30-2.
Table 30-2. Dell Force10 Enterprise-specific SNMP Traps Command Option Trap 10.16.130.140 [10.16.130.140]: Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (645746) 1:47:37.46, SNMPv2-MIB::snmpTrapOID.0 = OID: IF-MIB::linkDown, IF-MIB::ifIndex.45420801 = INTEGER: 45420801, SNMPv2-SMI::enterprises.6027.3.1.1.4.1.2 = STRING: "OSTATE_DN: Changed interface state to down: Te 0/44", SNMPv2-SMI::enterprises.6027.3.6.1.1.2.0 = INTEGER: 22 ets ETS peer state enabled 10.16.130.140 [10.16.130.
www.dell.com | support.dell.com 526 • copy configuration files from a server to the Dell Force10 system You can perform all of these tasks using IPv4 addresses. The relevant MIBs for these functions are: Table 30-3. | MIB Objects for Copying Configuration Files Using SNMP MIB Object OID Object Values Description copySrcFileType .1.3.6.1.4.1.6027.3.5.1.1.1.1.2 1 = FTOS file 2 = running-config 3 = startup-config Specifies the type of file to copy from.
Table 30-3. MIB Objects for Copying Configuration Files Using SNMP MIB Object OID Object Values Description copyUserName .1.3.6.1.4.1.6027.3.5.1.1.1.1.9 Username for the server. Username for the FTP, TFTP, or SCP server. • If the copyUserName is specified so must copyUserPassword. copyUserPassword .1.3.6.1.4.1.6027.3.5.1.1.1.1.10 Password for the server. Password for the FTP, TFTP, or SCP server.
www.dell.com | support.dell.com Note: In UNIX, enter the command snmpset for help using this command. Place the file f10-copy-config.mib in the directory from which you are executing the snmpset command or in the snmpset tool path.
Table 30-4. Copying Configuration Files via SNMP Task Copy the startup-config to the running-config using the following command from a UNIX machine: snmpset -c private -v 2c force10system-ip-address copySrcFileType.index i 3 copyDestFileType.index i 2 Figure 30-9. Copying Configuration Files via SNMP using Object-Name Syntax > snmpset -c public -v 2c -m ./f10-copy-config.mib 10.11.131.162 copySrcFileType.7 i 3 copyDestFileType.7 i 2 FORCE10-COPY-CONFIG-MIB::copySrcFileType.
www.dell.com | support.dell.com Table 30-4. Copying Configuration Files via SNMP Task Figure 30-12. Copying Configuration Files via SNMP and TFTP to a Remote Server .snmpset -v 2c -c private -m ./f10-copy-config.mib 10.10.10.10 copySrcFileType.4 i 3 copyDestFileType.4 i 1 copyDestFileLocation.4 i 3 copyDestFileName.4 s /home/myfilename copyServerAddress.4 a 11.11.11.
To obtain a value for any of the MIB Objects in Table 30-5, follow this step: Step Task 1 Get a copy-config MIB object value. snmpset -v 2c -c public -m /f10-copy-config.mib force10system-ip-address [OID.index | mib-object.index • index is the index value used in the snmpset command used to complete the copy operation. Note: You can use the entire OID rather than the object name. Use the form: OID.index as shown in Figure 30-15.
www.dell.com | support.dell.com Create a VLAN Use the dot1qVlanStaticRowStatus object to create a VLAN. The snmpset operation in Figure 30-16 creates VLAN 10 by specifying a value of 4 for instance 10 of the dot1qVlanStaticRowStatus object. Figure 30-16. Creating a VLAN Using SNMP > snmpset -v2c -c mycommunity 123.45.6.78 .1.3.6.1.2.1.17.7.1.4.3.1.5.10 i 4 SNMPv2-SMI::mib-2.17.7.1.4.3.1.5.
Display the Ports in a VLAN FTOS identifies VLAN interfaces using an interface index number that is displayed in the output of the command show interface vlan, as shown in Figure 30-18. Figure 30-18.
www.dell.com | support.dell.com Figure 30-19 shows the output for an MXL Switch. All hex pairs are 00, indicating that no ports are assigned to VLAN 10. In Figure 30-20, Port 0/2 is added to VLAN 10 as untagged. And the first hex pair changes from 00 to 04. Figure 30-20.
In Figure 30-21, Port 0/2 is added as an untagged member of VLAN 10. Figure 30-21. Adding Untagged Ports to a VLAN using SNMP >snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 x "40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" .1.3.6.1.2.1.17.7.1.4.3.1.4.
www.dell.com | support.dell.com Enable and Disable a Port Using SNMP Step Task Command Syntax Command Mode 1 Create an SNMP community on the Dell Force10 system. snmp-server community CONFIGURATION 2 From the Dell Force10 system, identify the interface index of the port for which you want to change the admin status. Or, from the management system, use the snmpwwalk command to identify the interface index.
In Figure 30-23, R1 has one dynamic MAC address, learned off of port TenGigabitEthernet 1/21, which is a member of the default VLAN, VLAN 1. The SNMP walk returns the values for dot1dTpFdbAddress, dot1dTpFdbPort, and dot1dTpFdbStatus. Each object is comprised an OID concatenated with an instance number. In the case of these objects, the instance number is the decimal equivalent of the MAC address; derive the instance number by converting each hex pair to its decimal equivalent.
www.dell.com | support.dell.com Deriving Interface Indices FTOS assigns an interface number to each (configured or unconfigured) physical and logical interface. Display the interface index number using the command show interface from EXEC Privilege mode, as shown in Figure 30-26. Figure 30-26.
Figure 30-28. Binary Representation of Interface Index For interface indexing, slot and port numbering begins with binary one. If the Dell Force10 system begins slot and port numbering from 0, then binary 1 represents slot and port 0. In S4810, the first interface is 0/0, but in the MXL Switch the first interface is 0/1. Hence, in the MXL Switch 0/0s ifindex is unused and Ifindex creation logic is not changed. Since Zero is reserved for logical interfaces, it starts from 1.
www.dell.com | support.dell.com If we learn mac address for the LAG, status is shown for those as well. dot3aCurAggVlanId SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.1.1.0.0.0.0.0.1.1 dot3aCurAggMacAddr SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.2.1.0.0.0.0.0.1.1 dot3aCurAggIndex SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.3.1.0.0.0.0.0.1.1 dot3aCurAggStatus SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.4.1.0.0.0.0.0.1.
Entity MIBS The Entity MIB provides a mechanism for presenting hierarchies of physical entities using SNMP tables. The Entity MIB contains the following groups, which describe the physical elements and logical elements of a managed system The following tables are implemented for the MXL Switch Platform. Physical Entity A physical entity or physical component represents an identifiable physical resource within a managed system. Zero or more logical entities may utilize a physical resource at any given time.
www.dell.com | support.dell.com 542 The status for the MIBS is as follows: vijayakrishnan@tapti[3:42pm] : /tftpboot > snmpwalk -c public -v 2c 10.16.130.135 1.3.6.1.2.1.47.1.1.1.1.2 SNMPv2-SMI::mib-2.47.1.1.1.1.2.1 = "" SNMPv2-SMI::mib-2.47.1.1.1.1.2.2 = STRING: "PowerConnect MXL 10/40GbE" SNMPv2-SMI::mib-2.47.1.1.1.1.2.3 = STRING: "Module 0" SNMPv2-SMI::mib-2.47.1.1.1.1.2.4 = STRING: "Unit: 0 Port 1 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.5 = STRING: "Unit: 0 Port 2 10G Level" SNMPv2-SMI::mib-2.47.1.1.
SNMPv2-SMI::mib-2.47.1.1.1.1.2.77 = STRING: "Unit: 1 Port 10 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.78 = STRING: "Unit: 1 Port 11 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.79 = STRING: "Unit: 1 Port 12 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.80 = STRING: "Unit: 1 Port 13 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.81 = STRING: "Unit: 1 Port 14 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.82 = STRING: "Unit: 1 Port 15 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.
www.dell.com | support.dell.com SNMPv2-SMI::mib-2.47.1.1.1.1.2.158 = SNMPv2-SMI::mib-2.47.1.1.1.1.2.159 = SNMPv2-SMI::mib-2.47.1.1.1.1.2.160 = SNMPv2-SMI::mib-2.47.1.1.1.1.2.161 = SNMPv2-SMI::mib-2.47.1.1.1.1.2.162 = SNMPv2-SMI::mib-2.47.1.1.1.1.2.163 = SNMPv2-SMI::mib-2.47.1.1.1.1.2.164 = SNMPv2-SMI::mib-2.47.1.1.1.1.2.165 = SNMPv2-SMI::mib-2.47.1.1.1.1.2.169 = SNMPv2-SMI::mib-2.47.1.1.1.1.2.170 = SNMPv2-SMI::mib-2.47.1.1.1.1.2.174 = SNMPv2-SMI::mib-2.47.1.1.1.1.2.175 = SNMPv2-SMI::mib-2.47.1.1.1.1.2.
31 Stacking Overview Stacking is supported on a MXL 10/40GbE Switch on the 40GbE ports (for the base module) or a 2-Port 40GbE QSFP+ module. You can connect up to six MXL 10/40GbE Switches in a single stack. Stacking provides a single point of management and network interface controller (NIC) teaming for high availability and higher throughput.
www.dell.com | support.dell.com Figure 31-1. Four Stacked MXL 10/40GbE Switches 10GbE LAN Uplinks (LAG) 40GbE Stack Links Member Switches Master Switch Standby Switch Stack Management Roles The stack elects the management units for the stack management: • • Stack master: primary management unit Standby: secondary management unit The master holds the control plane and the other units maintain a local copy of the forwarding databases.
If the master switch goes off line, the standby replaces it as the new master and the switch with the next highest priority or MAC address becomes standby. Note: For the MXL Switch, the entire stack has only one management IP address. Stack Master Election The stack elects a master and standby unit at bootup time based on two criteria: • • Unit priority: This is user-configurable. Valid values are from 1 to 14. A higher value means a higher priority. The default is 0.
www.dell.com | support.dell.com Figure 31-2.
Supported Stacking Topologies Stacking is supported on the MXL 10/40GbE Switch in ring and daisy-chain topologies. Example 1: Dual-Ring Stack Across Multiple Chassis Using two separate stacks in a dual-ring stacking topology provides redundancy and increased high availability in case of stack failure. Also, stacking upgrades are simplified when you have to take one stack offline (Figure 31-3).
www.dell.com | support.dell.com Example 2: Dual Daisy-Chain Stack Across Multiple Chassis 550 Using two separate, daisy-chained stacks in a stacking topology provides redundancy and increased high availability in case of stack failure. Also, stacking upgrades are simplified when you have to take one stack offline (Figure 31-4). Figure 31-4.
Stack Group/Port Numbers By default, each switch in Standalone mode is numbered stack-unit 0. Stack-unit numbers are assigned to member switches when the stack comes up. Figure 31-5 shows the stack-group numbers of 40GbE ports on an MXL 10/40GbE Switch. Figure 31-5.
www.dell.com | support.dell.com Stacking Prerequisites Before you cable and configure a stack of MXL 10/40GbE Switches, review the following prerequisites: • • • • • All MXL 10/40GbE Switches in the stack must be powered up with the initial or startup configuration before you attach the cables. All stacked MXL 10/40GbE Switches must run the same FTOS version. The minimum FTOS version required is 8.3.16.0. To check the FTOS version that a switch is running, use the show version command.
Cabling Procedure The following cabling procedure uses the stacking topology in Figure 31-1. Follow the same steps to cable switches in any of the stacking topologies shown in Supported Stacking Topologies. To connect the cabling, follow these steps: 1. Connect a 40GbE port on the first switch to a 40GbE port on the second switch. 2. Connect another 40GbE port on the second switch to a 40GbE port on the third switch. 3. Connect another 40GbE port on the third switch to a 40GbE port on the fourth switch. 4.
www.dell.com | support.dell.com Step Task Command Syntax Command Mode 3 Configure a 40GbE port for stacking mode, where: stack-unit is the unit-number of the member stack unit. Valid values: 0 to 5. Default value: 0. stack-group group-number is the number of stacked port on unit. Valid values: 0 to 1 (Figure 31-5). stack-unit unit-number stack-group group-number CONFIGURATION 4 Save the stacking configuration on the 40GbE ports.
Renumbering a Stack Unit To renumber a stack unit to reset the unit numbering for a master, standby or member unit, enter the stack-unit renumber command in EXEC Privilege mode and reload the switch. Task Command Syntax Command Mode Assign a stack-number to a unit. stack-unit unit-number renumber new-number EXEC Privilege • • • • If you renumber the master switch, you are prompted to reload the entire stack.
www.dell.com | support.dell.com FTOS Behavior: Stacking configuration is handled as follows on an MXL 10/40GbE Switch: • If a stack unit goes down and is removed from the stack, the logical provisioning configured for the stack-unit number is saved on the master and standby switches. • When you add a new unit to the stack and the stack already has an existing member unit with the same stack-unit number, the new unit is assigned the smallest available unit number (0 to 5).
To remove a stack port, use the following command: Task Command Syntax Command Mode Remove a stacked port from a stack. no stack-unit unit-number stack-group group end write memory reload CONFIGURATION When the reload completes, the port comes up in 40GbE mode if it is on the base module and in 4x10GbE (quad) mode if the port is on a FlexIO module, such as a 2-Port 40GbE QSFP+ module.
www.dell.com | support.dell.com Step Task Command Syntax Command Mode 4 Configure a 40GbE port for stacking, where: stack-unit 0 defines the default ID unit-number in the initial configuration of a switch. stack-group group-number configures a 40GbE port for stacking. Base-module ports are stack groups 0 and 1; 40GbE ports on a FlexIO module in slot 0 are stack groups 2 and 3 and in slot 1 are stack groups 4 and 5 (Figure 31-5).
• • If there is no unit numbering conflict, the stack members retain their previous unit numbers. Otherwise, the stack master assigns new unit numbers, based on the order in which they come online. The new stack master uses its own startup and running configurations to synchronize the configurations on the new stack members. Note: Adding a new unit that is powered on and has stack groups configured is the same as merging two stacks (refer to Adding a Stack Unit).
www.dell.com | support.dell.com Reset a Unit on a Stack Use the following reset commands to reload any of the member units or the standby in a stack. If you try to reset the stack master, an error message is displayed: Reset of master unit is not allowed. Task Command Syntax Command Mode Reload a stack unit from the master switch reset stack-unit unit-number EXEC Privilege Reload a member unit from the unit itself. reset-self EXEC Privilege Reset a stack-unit when the unit is in a problem state.
Table 31-2. Displaying Stack Configurations Command Output show system stack-ports [status | topology] Displays the type of stack topology (ring or daisy chain) with a list of all stacked ports, port status, link speed, and peer stack-unit connection. (Figure 31-13) Figure 31-8.
www.dell.com | support.dell.com Figure 31-9.
Figure 31-10. show inventory optional-module Command Example FTOS# show inventory optional-module Unit Slot Expected Inserted Next Boot Power ----------------------------------------------------------------0 0 SFP+ SFP+ AUTO Good 0 1 QSFP+ QSFP+ AUTO Good * - Mismatch Figure 31-11. show system stack-unit stack-group configured Command Example FTOS# show system stack-unit 1 stack-group configured Configured stack groups in stack-unit 1 --------------------------------------0 1 4 5 Figure 31-12.
www.dell.com | support.dell.com Figure 31-13. show system stack-ports (ring) Command Example FTOS# show system stack-ports Topology: Ring Interface Connection Link Speed (Gb/s) Admin Status Link Status 0/33 0/37 1/37 2/33 40 40 up up up up 0/41 1/49 40 up up 0/45 2/53 40 up up 1/33 2/37 40 up up 1/37 0/33 40 up up 1/49 0/41 40 up up 1/53 2/49 40 up up 2/33 0/37 40 up up 2/37 1/33 40 up up 2/49 1/53 40 up up 2/53 0/45 40 up up Figure 31-14.
Troubleshooting a Switch Stack Troubleshooting Commands To perform troubleshooting operations on a switch stack, use the commands in Table 31-3 on the master switch. Table 31-3. Troubleshooting Stack Commands Command Output show system stack-ports (Figure 31-15) Displays the status of stacked ports on stack units.
www.dell.com | support.dell.com Figure 31-16. show redundancy Command Example FTOS#show redundancy -- Stack-unit Status --------------------------------------------------------Mgmt ID: 0 Stack-unit ID: 0 Stack-unit Redundancy Role: Primary Stack-unit State: Active Indicates Master Unit.
Figure 31-17.
www.dell.com | support.dell.com Master Switch Fails Problem: The master switch fails due to a hardware fault, software crash, or power loss. Resolution: A failover procedure begins: 1. Keep-alive messages from the MXL 10/40GbE master switch time out after 60 seconds and the switch is removed from the stack. 2. The standby switch takes the master role. Data traffic on the new master switch is uninterrupted. Protocol traffic is managed by the control plane. 3. A member switch is elected as the new standby.
Master Switch Recovers from Failure Problem: The master switch recovers from a failure after a reboot and rejoins the stack: • • As a member unit if there is already a standby As a standby if there is no standby in the stack Protocol and control plane recovery requires time before the switch is fully online. Resolution: When the entire stack is reloaded, the recovered master switch becomes the master unit of the stack.
www.dell.com | support.dell.com Figure 31-20.
Upgrading a Switch Stack To upgrade all switches in a stack with the same FTOS version, follow these steps: Step Task Command Syntax Command Mode 1 Copy the new FTOS image to a network server. 2 Download the FTOS image by accessing an interactive CLI that requests the server IP address and image filename, and prompts you to upgrade all member stack units. Specify the system partition on the master switch into which you want to copy the FTOS image; valid values are a: and b:.
www.dell.com | support.dell.com Upgrading a Single Stack Unit Upgrading a single stacked switch is necessary when the unit was disabled due to an incorrect FTOS version. This procedure upgrades the image in the boot partition of the member unit from the corresponding partition in the master unit.
Stacking | 573
574 | Stacking www.dell.com | support.dell.
32 Storm Control This chapter contains the following sections: • • Overview Configuring Storm Control Overview The storm control feature allows you to control unknown-unicast and broadcast traffic on Layer 2, Layer 3, and multicast physical interfaces. FTOS Behavior: The Dell Force10 operating software (FTOS) supports broadcast control (storm-control broadcast command) for Layer 2 and Layer 3 traffic. FTOS Behavior: The minimum number of packets per second (PPS) that storm control can limit is two.
www.dell.com | support.dell.com You can configure storm control for ingress traffic in CONFIGURATION mode.
33 Spanning Tree Protocol (STP) Overview The spanning tree protocol (STP) is a Layer 2 protocol—specified by IEEE 802.1d—that eliminates loops in a bridged topology by enabling only a single path through the network. By eliminating loops, the protocol improves scalability in a large network and allows you to implement redundant paths, which can be activated after the failure of active paths.
www.dell.com | support.dell.com Configuring Spanning Tree Configuring STP is a two-step process: 1. Configure interfaces for Layer 2. 2. Enable STP.
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in STP must be in Layer 2 mode and enabled. Figure 33-1. Example of Configuring Interfaces for Layer 2 Mode To configure the interfaces for Layer 2 and then enable them, follow these steps: Step Task Command Syntax Command Mode 1 If the interface has been assigned an IP address, remove it. no ip address INTERFACE 2 Place the interface in Layer 2 mode. switchport INTERFACE 3 Enable the interface.
www.dell.com | support.dell.com To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode (Figure 33-2). Figure 33-2. show config Command Example FTOS(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport Indicates no shutdown FTOS(conf-if-te-1/1)# that the interface is in Layer 2 mode Enabling Spanning Tree Protocol Globally You must enable STP globally; it is not enabled by default.
Figure 33-4. Spanning Tree Enabled Globally To view the STP configuration and the interfaces that are participating in STP, use the show spanning-tree 0 command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output (Figure 33-5). Figure 33-5. show spanning-tree 0 Command Example FTOS#show spanning-tree 0 Executing IEEE compatible Spanning Tree Protocol Bridge Identifier has priority 32768, address 0001.e826.
www.dell.com | support.dell.com To confirm that a port is participating in STP, use the show spanning-tree 0 brief command from EXEC privilege mode (Figure 33-6). Figure 33-6. show spanning-tree brief Command Example FTOS#show spanning-tree 0 brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e80d.2462 We are the root of the spanning tree Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e80d.
Modifying Global Parameters You can modify the STP parameters. The root bridge sets the values for forward-delay, hello-time, and max-age and overwrites the values set on other bridges participating in STP. Note: Dell Force10 recommends that only experienced network administrators change the STP parameters. Poorly planned modification of the STP parameters can negatively impact network performance. Table 33-2.
www.dell.com | support.dell.com Modifying Interface STP Parameters You can set the port cost and port priority values of interfaces in Layer 2 mode. • • Port cost is a value that is based on the interface type. The greater the port cost, the less likely the port is selected to be a forwarding port. Port priority influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost. The default values are listed in Table 33-2.
To enable PortFast on an interface, use the following command: Task Command Syntax Command Mode Enable PortFast on an interface. spanning-tree stp-id portfast [bpduguard [shutdown-on-violation] | bpdufilter] INTERFACE To verify that PortFast is enabled on a port, use the show spanning-tree command from EXEC privilege mode or the show config command from INTERFACE mode. Dell Force10 recommends using the show config command (Figure 33-7). Figure 33-7.
www.dell.com | support.dell.com Note: Note that unless you enable the shutdown-on-violation option, STP only drops packets after a BPDU violation; the physical interface remains up, as shown below: FTOS#show spanning-tree 0 brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e88a.fdb3 Cost 1 Root Port 2 (Port-channel 1) Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 001e.c9f1.
Figure 33-8. Enabling BPDU Guard FTOS Behavior: BPDU guard blocks BPDUs (refer to Removing an Interface from the Spanning Tree Group). • BPDU guard is used on edgeports and blocks all traffic on edgeport if it receives a BPDU. BPDU Filtering . Global BPDU Filtering When BPDU Filtering is enabled globally, it should stop transmitting BPDUs on the operational port fast enabled ports by default. When it receives BPDUs, it automatically participates in the spanning tree.
www.dell.com | support.dell.com Figure 33-9. BPDU Filtering enabled globally ] Interface BPDU Filtering When BPDU Filtering is enabled on an interface, it should stop sending and receiving BPDUs on the port fast enabled ports. When BPDU guard and BPDU filter is enabled on the port, then BPDU filter takes the highest precedence. By default bpdu filtering on an interface is disabled. Figure 33-10.
STP Root Selection STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it is selected as the root bridge. You can also specify that a bridge is the root or the secondary root. To change the bridge priority or specify that a bridge is the root or secondary root, use the following command: Task Command Syntax Command Mode Assign a number as the bridge priority or designate it as the root or secondary root. priority-value range: 0 to 65535.
www.dell.com | support.dell.com In STP topology 2 (Figure 33-12 upper right), STP is enabled on device D on which a software bridge application is started to connect to the network. Because the priority of the bridge in device D is lower than the root bridge in Switch A, device D is elected as root, causing the link between Switches A and B to enter a Blocking state. Network traffic then begins to flow in the directions indicated by the BPDU arrows in the topology.
Figure 33-12.
www.dell.com | support.dell.com Root Guard Configuration You enable STP root guard on a per-port or per-port-channel basis. FTOS Behavior: The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port.
Displaying STP Guard Configuration To verify the STP guard configured on port or port-channel interfaces, use the show spanning-tree 0 guard [interface interface] command. Figure 33-13 shows an example for an STP network (instance 0) in which: • • • Root guard is enabled on a port that is in a Root-Inconsistent state. BPDU guard is enabled on a port that is shut down (Error Disabled state) after receiving a BPDU. Bpdu filter is disabled on the ports. Figure 33-13.
www.dell.com | support.dell.
34 System Time and Date You can set and maintain system times and dates through the network time protocol (NTP). You can also set them through the Dell Force10 operating software (FTOS) command line interfaces (CLIs) and hardware settings.
www.dell.com | support.dell.com NTP is designed to produce three products: clock offset, roundtrip delay, and dispersion, all of which are relative to a selected reference clock. • • • Clock offset represents the amount to adjust the local clock to bring it into correspondence with the reference clock. Roundtrip delay provides the capability to launch a message to arrive at the reference clock at a specified time. Dispersion represents the maximum error of the local clock relative to the reference clock.
Figure 34-1. NTP Fields Source Port (123) Destination Port (123) Length NTP Packet Payload Checksum Range: +32 to -32 Status Leap Indicator Code: 00: No Warning 01: +1 second 10: -1 second 11: reserved Type Precision Est. Error Est.
www.dell.com | support.dell.com To specify an NTP server, use the following command. Task Command Command Mode Specify the NTP server to which the Dell Force10 system will synchronize. ntp server ip-address CONFIGURATION To display the system clock state with respect to NTP, use the show ntp status command from EXEC Privilege mode (Figure 34-2). Figure 34-2. show ntp status Command Example (with respect to NTP) FTOS(conf)#do show ntp status Clock is synchronized, stratum 2, reference is 192.168.1.
Configure NTP Broadcasts With FTOS, you can receive broadcasts of time information. You can set interfaces within the system to receive NTP information through broadcast. To configure an interface to receive NTP broadcasts, use the following command in INTERFACE mode: Task Command Command Set the interface to receive NTP packets. ntp broadcast client INTERFACE Table 34-1. ntp broadcast client Command Example 2w1d11h : NTP: Maximum Slew:-0.000470, Remainder = -0.
www.dell.com | support.dell.com To configure an IP address as the source address of NTP packets, use the following command in CONFIGURATION mode: Command Syntax Command Mode Purpose ntp source interface CONFIGURATION Enter the following keywords and slot/port or number information: • For a loopback interface, enter the keyword loopback followed by a number between 0 and 16383. • For a port channel interface, enter the keyword lag followed by a number from 1 to 128.
Figure 34-5. show running-config ntp Command Example FTOS#show running ntp ! ntp authenticate ntp authentication-key 345 md5 5A60910F3D211F02 ntp server 11.1.1.1 version 3 ntp trusted-key 345 FTOS# encrypted key Command Syntax Command Mode Purpose ntp server ip-address [key keyid] [prefer] [version number] CONFIGURATION Configure an NTP server.
www.dell.com | support.dell.com • 602 | Leap Indicator (sys.leap, peer.leap, pkt.leap): This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover interval) in the day of insertion to be increased or decreased by one.
FTOS Time and Date You can set the time and date using the FTOS CLI.
www.dell.com | support.dell.com Set the Time and Date for the Switch Software Clock You can change the order of the month and day parameters to enter the time and date as time day month year. You cannot delete the software clock. The software clock runs only when the software is up. The clock restarts, based on the hardware clock, when the switch reboots.
Command Syntax Command Mode Purpose FTOS#conf FTOS(conf)#clock timezone Pacific -8 FTOS# Set Daylight Savings Time FTOS supports setting the system to daylight savings time once or on a recurring basis every year. Set Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight savings time on a one-time basis.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose FTOS(conf)#clock summer-time pacific date Mar 14 2012 00:00 Nov 7 2012 00:00 FTOS(conf)# Set Recurring Daylight Saving Time Set a date (and time zone) on which to convert the switch to daylight savings time on a specific day every year. If you have already set daylight savings for a one-time setting, you can set that date and time as the recurring setting using the clock summer-time time-zone recurring command.
Command Syntax Command Mode Purpose • • • • • • • • • end-week: If you entered a start-week, enter one of the following as the week that daylight savings ends: week-number: enter a number from 1 to 4 as the number of the week to end daylight savings time. first: enter the keyword first to end daylight savings time in the first week of the month. last: enter the keyword last to end daylight savings time in the last week of the month. end-month: Enter the name of one of the 12 months in English.
608 | System Time and Date www.dell.com | support.dell.
35 Uplink Failure Detection (UFD) Feature Description Uplink Failure Detection (UFD) provides detection of the loss of upstream connectivity and, if used with NIC teaming, automatic recovery from a failed link. A switch provides upstream connectivity for devices, such as servers. If a switch loses its upstream connectivity, downstream devices also lose their connectivity.
www.dell.com | support.dell.com Figure 35-1. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group. An interface in an uplink-state group can be a physical interface or a port-channel (LAG) aggregation of physical interfaces. An enabled uplink-state group tracks the state of all assigned upstream interfaces.
Figure 35-2. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a link-down state. This number is user-configurable and is calculated by the ratio of upstream port bandwidth to downstream port bandwidth in the same uplink-state group.
www.dell.com | support.dell.com Important Points to Remember When you configure Uplink Failure Detection, the following conditions apply: • You can configure up to sixteen uplink-state groups. By default, no uplink-state groups are created. An uplink-state group is considered to be operationally up if it has at least one upstream interface in the link-up state. An uplink-state group is considered to be operationally down if it has no upstream interfaces in the link-up state.
Configuring Uplink Failure Detection To configure Uplink Failure Detection, follow these steps: Step 1 Command Syntax and Mode Description uplink-state-group group-id Creates an uplink-state group and enabling the tracking of upstream links on the switch/router. Valid group-id values are 1 to 16. To delete an uplink-state group, enter the no uplink-state-group group-id command.
www.dell.com | support.dell.com Step 5 Command Syntax and Mode Description description text (Optional) Enters a text description of the uplink-state group. Maximum length: 80 alphanumeric characters. Command Mode: UPLINK-STATE-GROUP 6 no enable Command Mode: UPLINK-STATE-GROUP (Optional) Disables upstream-link tracking without deleting the uplink-state group. Default: Upstream-link tracking is automatically enabled in an uplink-state group.
Message 1 shows the Syslog messages displayed when you clear the UFD-disabled state from all disabled downstream interfaces in an uplink-state group by entering the clear ufd-disable uplink-state-group group-id command. All downstream interfaces return to an operationally up state.
www.dell.com | support.dell.com 616 Displaying Uplink Failure Detection To display information on the Uplink Failure Detection feature, enter any of the following show commands: | Show Command Syntax Description show uplink-state-group [group-id] [detail] Command Mode: EXEC Displays status information on a specified uplink-state group or all groups. Valid group-id values are 1 to 16.
Figure 35-3.
www.dell.com | support.dell.com Figure 35-4.
Sample Configuration: Uplink Failure Detection Figure 35-7 shows a sample configuration of Uplink Failure Detection on a switch/router in which you: • • • • • • Configure uplink-state group 3. Add downstream links TenGigabitethernet 0/1, 0/2, 0/5, 0/9, 0/11, and 0/12. Configure two downstream links to be disabled if an upstream link fails. Add upstream links TenGigabitethernet 0/3 and 0/4. Add a text description for the group. Verify the configuration with various show commands.
www.dell.com | support.dell.com Figure 35-7.
36 Upgrade Procedures Find the Upgrade Procedures To see all the requirements to upgrade to the desired Dell Force10 operating software (FTOS) version, go to the FTOS Release Notes for your system type. Follow the procedures in the FTOS Release Notes for the software version you wish to upgrade to. Get Help with Upgrades Direct any questions or concerns about the FTOS Upgrade Procedures to the Dell Force10 Technical Support Center. You can reach Technical Support: • • • On the Web: www.force10networks.
622 | Upgrade Procedures www.dell.com | support.dell.
37 Virtual LANs (VLAN) This section contains the following subsections: • • • • • Default VLAN Port-Based VLANs VLANs and Port Tagging Configuration Task List for VLANs Enable Null VLAN as the Default VLAN Virtual LANs (VLANs), are a logical broadcast domain, or logical grouping of interfaces in a LAN, in which all data received is kept locally and broadcast to all members of the group. When in Layer 2 mode, VLANs move traffic at wire speed and can span multiple devices.
www.dell.com | support.dell.com Table 37-1 lists the defaults for VLANs in FTOS. Table 37-1. VLAN Defaults on FTOS Feature Default Spanning Tree group ID All VLANs are part of Spanning Tree group 0 Mode Layer 2 (no IP address is assigned) Default VLAN ID VLAN 1 Default VLAN When you configure interfaces for Layer 2 mode, they are automatically placed in the default VLAN as untagged interfaces. Only untagged interfaces can belong to the default VLAN.
Untagged interfaces must be part of a VLAN. To remove an untagged interface from the default VLAN, you must create another VLAN and place the interface into that VLAN. Alternatively, use the no switchport command, and FTOS removes the interface from the default VLAN. A tagged interface requires an additional step to remove it from Layer 2 mode. Because tagged interfaces can belong to multiple VLANs, you must remove the tagged interface from all VLANs using the no tagged interface command.
www.dell.com | support.dell.com The tag header contains some key information used by FTOS: • • The VLAN protocol identifier identifies the frame as tagged according to the IEEE 802.1Q specifications (2 bytes). Tag control information (TCI) includes the VLAN ID (2 bytes total). The VLAN ID can have 4,096 values, but two are reserved. Note: The insertion of the tag header into the Ethernet frame increases the size of the frame to more than the 1518 bytes specified in the IEEE 802.3 standard.
To view the configured VLANs, use the show vlan command in EXEC privilege mode (Figure 37-3). Figure 37-3.
www.dell.com | support.dell.com To tag frames leaving an interface in Layer 2 mode, you must assign that interface to a port-based VLAN to tag it with that VLAN ID. To tag interfaces, follow these steps: Step Command Syntax Command Mode Purpose 1 interface vlan vlan-id CONFIGURATION Access INTERFACE VLAN mode of the VLAN to which you want to assign the interface. tagged interface INTERFACE Enable an interface to include the IEEE 802.1Q tag header.
Except for hybrid ports, only a tagged interface can be a member of multiple VLANs. You can assign hybrid ports to two VLANs if the port is untagged in one VLAN and tagged in all others. When you remove a tagged interface from a VLAN (using the no tagged interface command), it remains tagged only if it is a tagged interface in another VLAN. If you remove the tagged interface from the only VLAN to which it belongs, the interface is placed in the default VLAN as an untagged interface.
www.dell.com | support.dell.com The only way to remove an interface from the default VLAN is to place the interface in Default mode by using the no switchport command in INTERFACE mode. Assign an IP Address to a VLAN VLANs are a Layer 2 feature. For two physical interfaces on different VLANs to communicate, you must assign an IP address to the VLANs to route traffic between the two interfaces.
To configure a port so that it can be a member of an untagged and tagged VLANs, follow these steps: Step Task Command Command Mode 1 Remove any Layer 2 or Layer 3 configurations from the interface. INTERFACE 2 Configure the interface for hybrid mode. portmode hybrid INTERFACE 3 Configure the interface for switchport mode. switchport INTERFACE 4 Add the interface to a tagged or untagged VLAN.
632 | Virtual LANs (VLAN) www.dell.com | support.dell.
38 Virtual Router Redundancy Protocol (VRRP) This chapter covers the following information: • • • • • Overview VRRP Benefits VRRP Implementation VRRP Configuration Sample Configurations Overview Virtual router redundancy protocol (VRRP) is designed to eliminate a single point of failure in a statically routed network. VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a local area network (LAN).
www.dell.com | support.dell.com In Figure 38-1, Router A is configured as the MASTER router. It is configured with the IP address of the virtual router and sends any packets addressed to the virtual router through interface TenGigabitEthernet 1/ 1 to the Internet. As the BACKUP router, Router B is also configured with the IP address of the virtual router. If for any reason Router A becomes unavailable, VRRP elects a new MASTER Router. Router B assumes the duties of Router A and becomes the MASTER router.
VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and they are not dependent on internal gateway protocol (IGP) to converge or update routing tables. VRRP Implementation The MXL 10/40GbE Switch supports a total of 2000 VRRP groups on a switch and 255 VRRP groups per interface (Table 38-1). Within a single VRRP group, up to 12 virtual IP addresses are supported.
www.dell.com | support.dell.com VRRP Configuration By default, VRRP is not configured.
Figure 38-3. show config Command Example FTOS(conf-if-te-1/1)#show conf ! interface Tengigabitethernet 1/1 ip address 10.10.10.1/24 ! vrrp-group 111 no shutdown FTOS(conf-if-te-1/1)# Note that the interface has an IP Address and is enabled Assign Virtual IP addresses Virtual routers contain virtual IP addresses configured for that VRRP group (VRID). A VRRP group does not transmit VRRP packets until you assign the virtual IP address to the VRRP group.
www.dell.com | support.dell.com To configure a virtual IP address, follow these steps: Step Task Command Syntax Command Mode 1 Configure a VRRP group. VRID Range: 1 to 255 vrrp-group vrrp-id INTERFACE 2 Configure virtual IP addresses for this VRID. Range: up to 12 addresses virtual-address ip-address1 [...ip-address12] INTERFACE -VRID Figure 38-4. virtual-address Command Example FTOS(conf-if-te-1/1-vrid-111)#virtual-address 10.10.10.1 FTOS(conf-if-te-1/1-vrid-111)#virtual-address 10.10.10.
Figure 38-6 shows the same VRRP group configured on multiple interfaces on different subnets. Figure 38-6. show vrrp Command Example Same VRRP Group (VRID) FTOS#do show vrrp -----------------Tengigabitethernet 1/1, VRID: 111, Net: 10.10.10.1 State: Master, Priority: 255, Master: 10.10.10.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 1768, Gratuitous ARP sent: 5 Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.10.1 10.10.10.2 10.10.10.
www.dell.com | support.dell.com To configure the VRRP group’s priority, use the following command: Task Command Syntax Command Mode Configure the priority for the VRRP group. Range: 1 to 255 Default: 100 priority priority INTERFACE -VRID Figure 38-7. priority Command Example FTOS(conf-if-te-1/2)#vrrp-group 111 FTOS(conf-if-te-1/2-vrid-111)#priority 125 Figure 38-8. show vrrp Command Example FTOS#show vrrp -----------------Tengigabitethernet 1/1, VRID: 111, Net: 10.10.10.
To configure simple authentication, use the following command: Task Command Syntax Command Mode Configure a simple text password. Parameters: authentication-type simple [encryption-type] password INTERFACE-VRID encryption-type: 0 indicates unencrypted; 7 indicates encrypted password: plain text Figure 38-9.
www.dell.com | support.dell.com Because preempt is enabled by default, disable the preempt function with the following command in the VRRP mode. To re-enable preempt, use the preempt command. When preempt is enabled, it does not display in the show commands because it is a default setting. Task Command Syntax Command Mode Prevent any BACKUP router with a higher priority from becoming the MASTER router. no preempt INTERFACE-VRID Figure 38-11.
Figure 38-13. advertise-interval Command Example FTOS(conf-if-te-1/1)#vrrp-group 111 FTOS(conf-if-te-1/1-vrid-111)#advertise-interval 10 FTOS(conf-if-te-1/1-vrid-111)# Figure 38-14. show config Command Example FTOS(conf-if-te-1/1-vrid-111)#show conf ! vrrp-group 111 advertise-interval 10 authentication-type simple 7 387a7f2df5969da4 no preempt priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.
www.dell.com | support.dell.com You can configure a tracked object for a VRRP group (using the track object-id command in INTERFACE-VRID mode) before you actually create the tracked object (using a track object-id command in CONFIGURATION mode) (Figure 38-15) and (Figure 38-16). However, no changes in the VRRP group’s priority occur until the tracked object is defined and determined to be down.
Figure 38-17. show vrrp Command Example FTOS#show vrrp -----------------TenGigabitEthernet 1/3, IPv4 VRID: 21, Version: 2, Net: 10.1.1.1 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 72, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:15 Virtual IP address: 10.1.1.2 Authentication: (none) FTOS# Figure 38-18.
www.dell.com | support.dell.com Task Command Syntax Command Mode Set the delay time for VRRP initialization on an individual interface. This is the gap between an interface coming up and being operational, and VRRP enabling. Seconds range: 0-900 Default: 0 vrrp delay minimum seconds INTERFACE Set the delay time for VRRP initialization on all the interfaces in the system configured for VRRP. This is the gap between system boot up completion and VRRP enabling.
Figure 38-19.
www.dell.com | support.dell.com Figure 38-20. Configure VRRP for IPv4 Router R2(conf)#int tengig 2/31 R2(conf-if-te-2/31)#ip address 10.1.1.1/24 R2(conf-if-te-2/31)#vrrp-group 99 R2(conf-if-te-2/31-vrid-99)#priority 200 R2(conf-if-te-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-te-2/31-vrid-99)#no shut R2(conf-if-te-2/31)#show conf ! interface Tengigabitethernet 2/31 ip address 10.1.1.1/24 ! vrrp-group 99 priority 200 virtual-address 10.1.1.
39 Debugging and Diagnostics The chapter contains the following sections: • • • • • • • • • Offline Diagnostics Trace Logs Show Hardware Commands Environmental Monitoring Buffer Tuning Troubleshooting Packet Loss Application Core Dumps Mini Core Dumps TCP Dumps Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware.
www.dell.com | support.dell.com Important Points to Remember • • • • You can only perform offline diagnostics on an offline standalone unit. You cannot perform diagnostics if the ports are configured in a stacking group. Remove the port(s) from the stacking group before executing the diagnostic test. Diagnostics only test connectivity, not the entire data path. Diagnostic results are stored on the flash of the unit on which you performed the diagnostics.
Trace Logs In addition to the syslog buffer, the Dell Force10 operating software (FTOS) buffers trace messages which are continuously written by various FTOS software tasks to report hardware and software events and status information. Each trace message provides the date, time, and name of the FTOS process. All messages are stored in a ring buffer and can be saved to a file either manually or automatically upon failover.
www.dell.com | support.dell.com Table 39-1. show hardware Commands Command Description show hardware stack-unit {0-5} cpu management View the internal interface status of the stack-unit CPU port which statistics connects to the external management interface. show hardware stack-unit {0-5} cpu data-plane statistics View the driver-level statistics for the data-plane port on the CPU for the specified stack-unit.
Figure 39-4. show interfaces transceiver Command Example FTOS#show int ten 0/49 transceiver SFP is present SFP 49 Serial Base ID fields SFP 49 Id = 0x03 SFP 49 Ext Id = 0x04 SFP 49 Connector = 0x07 SFP 49 Transceiver Code = 0x00 0x00 0x00 0x01 0x20 0x40 0x0c 0x01 SFP 49 Encoding = 0x01 SFP 49 BR Nominal = 0x0c SFP 49 Length(9um) Km = 0x00 SFP 49 Length(9um) 100m = 0x00 SFP 49 Length(50um) 10m = 0x37 SFP 49 Length(62.
www.dell.com | support.dell.com Recognize an Over-Temperature Condition An over-temperature condition occurs for one of two reasons: • • The card genuinely is too hot. A sensor has malfunctioned. Inspect cards adjacent to the one reporting condition to discover the cause. • • If directly adjacent cards are not a normal temperature, suspect a genuine overheating condition. If directly adjacent cards are a normal temperature, suspect a faulty sensor.
Figure 39-6.
www.dell.com | support.dell.com The simple network management protocol (SNMP) traps and OIDs in Table 39-2 provide information about environmental monitoring hardware and hardware components. Table 39-2. SNMP Traps and OIDs OID String OID Name Description chSysPortXfpRecvPower OID to display the receiving power of the connected optics. chSysPortXfpTxPower OID to display the transmitting power of the connected optics. chSysPortXfpRecvTemp OID to display the Temperature of the connected optics.
All ports support eight queues, four for data traffic and four for control traffic. All eight queues are tunable. Physical memory is organized into cells of 128 bytes. The cells are organized into two buffer pools—a dedicated buffer and a dynamic buffer. • • Dedicated buffer is reserved memory that cannot be used by other interfaces on the same ASIC or by other queues on the same interface. This buffer is always allocated, and no dynamic recarving takes place based on changes in interface status.
www.dell.com | support.dell.com Deciding to Tune Buffers Dell Force10 recommends exercising caution when configuring any non-default buffer settings, as tuning can significantly affect system performance. The default values work for most cases. As a guideline, consider tuning buffers if traffic is very bursty (and coming from several interfaces). In this case: • • • Reduce the dedicated buffer on all queues/interfaces. Increase the dynamic buffer on all interfaces.
FTOS Behavior: When you remove a buffer-profile using the no buffer-profile [fp | csf] command from CONFIGURATION mode, the buffer-profile name still appears in the output of show buffer-profile [detail | summary]. After a stack unit is reset, the buffer profile correctly returns to the default values, but the profile name remains.
www.dell.com | support.dell.com Figure 39-9. Displaying Buffer Profile Allocations FTOS#show running-config interface tengigabitethernet 2/0 ! interface TenGigabitEthernet 2/0 no ip address mtu 9252 switchport no shutdown buffer-policy myfsbufferprofile FTOS#show buffer-profile detail int tengig 0/10 Interface Tengig 0/10 Buffer-profile fsqueue-fp Dynamic buffer 1256.00 (Kilobytes) Queue# Dedicated Buffer Buffer Packets (Kilobytes) 0 3.00 256 1 3.00 256 2 3.00 256 3 3.00 256 4 3.00 256 5 3.00 256 6 3.
You must reload the system for the global buffer profile to take effect (Message 3). Message 3 Reload After Applying Global Buffer Profile % Info: For the global pre-defined buffer profile to take effect, please save the config and reload the system. FTOS Behavior: After you configure buffer-profile global 1Q, Message 3 is displayed during every bootup. Only one reboot is required for the configuration to take effect; afterwards this bootup message may be ignored.
www.dell.com | support.dell.com Figure 39-10.
Figure 39-11.
www.dell.com | support.dell.com Figure 39-12.
Figure 39-13.
www.dell.com | support.dell.com Displaying Stack Port Statistics The show hardware stack-unit stack-port command displays input and output statistics for a stack-port interface (Figure 39-15). Figure 39-15.
Application Core Dumps Application core dumps are disabled by default. A core dump file can be very large. Due to memory requirements, the file can only be sent directly to an FTP server. It is not stored on the local flash. To enable full application core dumps, use the following command: Task Command Syntax Command Mode Enable RPM core dumps and specify the shutdown mode. logging coredump server CONFIGURATION To undo this command, use the no logging coredump server command.
www.dell.com | support.dell.com Figure 39-17.
TCP Dumps TCP dump captures CPU bound control plane traffic to improve troubleshooting and system manageability. When enabled, a TCP dump captures all the packets on the local CPU, as specified in the CLI. You can save the traffic capture files to flash, FTP, SCP, or TFTP. The files saved on the flash are located in the flash://TCP_DUMP_DIR/Tcpdump_/ directory, and labeled tcpdump_*.pcap. There can be up to 20 Tcpdump_ directories.
670 | Debugging and Diagnostics www.dell.com | support.dell.
40 Standards Compliance This chapter contains the following sections: • • • IEEE Compliance RFC and I-D Compliance MIB Location Note: Unless noted, when a standard cited here is listed as supported by Dell Force10 operating software (FTOS), FTOS also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website.
www.dell.com | support.dell.com RFC and I-D Compliance The following standards are supported by FTOS, and are grouped by related protocol. The columns showing support by platform indicate which version of FTOS first supports the standard.
General IPv4 Protocols RFC# Full Name 791 Internet Protocol 792 Internet Control Message Protocol 826 An Ethernet Address Resolution Protocol 1027 Using ARP to Implement Transparent Subnet Gateways 1035 DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION (client) 1042 A Standard for the Transmission of IP Datagrams over IEEE 802 Networks 1191 Path MTU Discovery 1305 Network Time Protocol (Version 3) Specification, Implementation and Analysis 1519 Classless Inter-Domain Routing (CIDR): an Addres
www.dell.com | support.dell.
Open Shortest Path First (OSPF) RFC# Full Name 1587 The OSPF Not-So-Stubby Area (NSSA) Option 2154 OSPF with Digital Signatures 2328 OSPF Version 2 2370 The OSPF Opaque LSA Option 3623 Graceful OSPF Restart 4222 Prioritized Treatment of Specific OSPF Version 2 Packets and Congestion Avoidance Routing Information Protocol (RIP) RFC# Full Name 1058 Routing Information Protocol 2453 RIP Version 2 Standards Compliance | 675
www.dell.com | support.dell.
Network Management (continued) RFC# Full Name 2575 View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP) 2576 Coexistence Between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework 2578 Structure of Management Information Version 2 (SMIv2) 2579 Textual Conventions for SMIv2 2580 Conformance Statements for SMIv2 2618 RADIUS Authentication Client MIB, except the following four counters: radiusAuthClientInvalidServerAddresse
www.dell.com | support.dell.com Network Management (continued) RFC# Full Name 3418 Management Information Base (MIB) for the Simple Network Management Protocol (SNMP) 3434 Remote Monitoring MIB Extensions for High Capacity Alarms, High-Capacity Alarm Table (64 bits) 5060 Protocol Independent Multicast MIB ANSI/TIA-1057 The LLDP Management Information Base extension module for TIA-TR41.
Network Management (continued) RFC# Full Name FORCE10-LIN KAGG-MIB Force10 Enterprise Link Aggregation MIB FORCE10-COP Force10 File Copy MIB (supporting SNMP Y-CONFIG-MI SET operation) B FORCE10-MO N-MIB Force10 Monitoring MIB FORCE10-PRO Force10 Product Object Identifier MIB DUCTS-MIB FORCE10-SS- Force10 S-Series Enterprise Chassis MIB CHASSIS-MIB FORCE10-SMI Force10 Structure of Management Information FORCE10-SYS Force10 System Component MIB (enables the TEM-COMPO user to view CAM usage information)
www.dell.com | support.dell.com MIB Location Force10 MIBs are under the Force10 MIBs subhead on the Documentation page of iSupport: https://www.force10networks.com/csportal20/KnowledgeBase/Documentation.aspx You also can obtain a list of selected MIBs and their OIDs at the following URL: https://www.force10networks.com/csportal20/MIBs/MIB_OIDs.aspx Some pages of iSupport require a login. To request an iSupport account, go to: https://www.force10networks.com/CSPortal20/Support/AccountRequest.
Index Numerics 10/100/1000 Base-T Ethernet line card, auto negotiation 250 100/1000 Ethernet interfaces port channels 232 802.1AB 671 802.1D 671 802.1p 671 802.1p/Q 671 802.1Q 671 802.1s 671 802.1w 671 802.1X 671 802.3ac 671 802.3ad 671 802.3ae 671 802.3af 671 802.3ak 671 802.3i 671 802.3u 671 802.3x 671 802.
www.dell.com | support.dell.com E extended IP ACL 72 F Fast Convergence after MSTP-Triggered Topology Changes 218 fast-convergence OSPF 374 File Transfer Protocol. See FTP.
ip ssh connection-rate-limit 496 ip ssh hostbased-authentication enable 496 ip ssh password-authentication enable 496 ip ssh pub-key-file 496 ip ssh rhostsfile 496 ip ssh rsa-authentication 496 ip ssh rsa-authentication enable 496 ip ssh server command 494 IP version 4 259 isolated port 392 isolated VLAN 392 L LAG. See Port Channels.
www.dell.com | support.dell.
auto summarization default 436 changing RIP version 440 configuring interfaces to run RIP 438 debugging RIP 444 default values 436 default version 437 disabling RIP 438 ECMP paths supported 436 enabling RIP 437 route information 439 setting route metrics 443 summarizing routes 443 timer values 436 version 1 description 435 version default on interfaces 436 RIPv1 435 RIPv2 436 root bridge 466, 583 route maps configuring match commands 96 configuring set commands 96 creating 93 creating multiple instances 94
www.dell.com | support.dell.com TCP Tiny and Overlapping Fragment Attack, Protection Against 493 TDR (Time Domain Reflectometer) 244 Telnet 492 Telnet Daemon, Enabling and Disabling 500 Time Domain Reflectometer (TDR) 244 Time to Live (TTL) 329 trunk port 392 TTL 329 U user level definition 479 user name configuring user name 481 username command 482 V virtual IP addresses 637 Virtual LANs. See VLAN. Virtual Router Identifier. See VRID. Virtual Router Redundancy Protocol. See VRRP.
Index | 687
688 | Index www.dell.com | support.dell.
