Service Manual

ManualsBrandsDell ManualsserversDell Force10 MXL Blade

Dell Networking Command Line Reference Guide

for the MXL 10/40GbE Switch I/O Module

9.11(0.0)

Summary of content (1319 pages)

PAGE 1
Dell Networking Command Line Reference Guide for the MXL 10/40GbE Switch I/O Module 9.11(0.
PAGE 2
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2017 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
PAGE 3
Contents 1 About this Guide...........................................................................................................................................43 Objectives......................................................................................................................................................................... 43 Audience........................................................................................................................................................
PAGE 4
banner exec...................................................................................................................................................................... 76 banner login.......................................................................................................................................................................77 banner motd..........................................................................................................................................
PAGE 5
show processes cpu...................................................................................................................................................... 105 show processes ipc flow-control................................................................................................................................. 108 show processes memory...............................................................................................................................................
PAGE 6
show config.....................................................................................................................................................................143 Common IP ACL Commands........................................................................................................................................ 143 access-class.............................................................................................................................................................
PAGE 7
show ip prefix-list detail................................................................................................................................................. 187 show ip prefix-list summary.......................................................................................................................................... 188 Route Map Commands..................................................................................................................................................
PAGE 8
permit.............................................................................................................................................................................. 246 deny udp (for IPv6 ACLs).............................................................................................................................................247 deny tcp (for IPv6 ACLs)......................................................................................................................................
PAGE 9
bgp client-to-client reflection...................................................................................................................................... 282 bgp cluster-id................................................................................................................................................................. 283 bgp confederation identifier......................................................................................................................................
PAGE 10
neighbor peer-group (assigning peers)...................................................................................................................... 308 neighbor peer-group (creating group)........................................................................................................................309 neighbor peer-group passive....................................................................................................................................... 309 neighbor remote-as.......
PAGE 11
distance bgp................................................................................................................................................................... 347 show ip bgp dampened-paths......................................................................................................................................348 BGP Extended Communities (RFC 4360).................................................................................................................
PAGE 12
pfc mode on....................................................................................................................................................................374 pfc no-drop queues....................................................................................................................................................... 375 priority-list..................................................................................................................................................
PAGE 13
debug ip dhcp server.....................................................................................................................................................424 debug ipv6 dhcp ........................................................................................................................................................... 424 default-router.....................................................................................................................................................
PAGE 14
ip dhcp relay................................................................................................................................................................... 442 ip dhcp relay secondary-subnet ..................................................................................................................................442 show ip dhcp snooping.................................................................................................................................................
PAGE 15
show fip-snooping config.............................................................................................................................................. 471 show fip-snooping enode.............................................................................................................................................. 471 show fip-snooping fcf...................................................................................................................................................
PAGE 16
ip igmp snooping mrouter.............................................................................................................................................499 ip igmp snooping querier...............................................................................................................................................499 show ip igmp snooping mrouter..................................................................................................................................
PAGE 17
stack-unit portmode......................................................................................................................................................547 wavelength..................................................................................................................................................................... 548 Port Channel Commands..........................................................................................................................................
PAGE 18
ip route............................................................................................................................................................................ 578 ip source-route.............................................................................................................................................................. 580 ip tcp initial-time..................................................................................................................................
PAGE 19
ipv6 address....................................................................................................................................................................616 ipv6 address eui64..........................................................................................................................................................617 ipv6 control-plane icmp error-rate-limit....................................................................................................................
PAGE 20
clear ip bgp * (asterisk)................................................................................................................................................648 clear ip bgp as-number................................................................................................................................................. 648 clear ip bgp ipv6-address.............................................................................................................................................
PAGE 21
network backdoor..........................................................................................................................................................675 redistribute..................................................................................................................................................................... 676 redistribute isis...........................................................................................................................................
PAGE 22
neighbor remove-private-as.........................................................................................................................................702 neighbor route-map.......................................................................................................................................................702 neighbor route-reflector-client....................................................................................................................................
PAGE 23
distance............................................................................................................................................................................731 distribute-list in............................................................................................................................................................... 731 distribute-list out...............................................................................................................................
PAGE 24
show isis graceful-restart detail...................................................................................................................................759 show isis hostname....................................................................................................................................................... 760 show isis interface.......................................................................................................................................................
PAGE 25
advertise dot3-tlv.......................................................................................................................................................... 790 advertise management-tlv............................................................................................................................................ 791 clear lldp counters...................................................................................................................................................
PAGE 26
show ip msdp.................................................................................................................................................................. 816 show ip msdp sa-cache rejected-sa............................................................................................................................ 817 35 Multiple Spanning Tree Protocol (MSTP)................................................................................................ 818 debug spanning-tree mstp.....
PAGE 27
description................................................................................................................................................................ 843 show running-config track..................................................................................................................................... 844 show track................................................................................................................................................................
PAGE 28
ip ospf network.............................................................................................................................................................. 875 ip ospf priority................................................................................................................................................................ 876 ip ospf retransmit-interval..............................................................................................................................
PAGE 29
default-information originate........................................................................................................................................ 916 graceful-restart grace-period....................................................................................................................................... 916 graceful-restart mode....................................................................................................................................................
PAGE 30
ip pim register-filter....................................................................................................................................................... 947 ip pim rp-address........................................................................................................................................................... 947 ip pim rp-candidate..........................................................................................................................................
PAGE 31
43 Private VLAN (PVLAN)............................................................................................................................ 977 ip local-proxy-arp........................................................................................................................................................... 978 private-vlan mapping secondary-vlan......................................................................................................................... 979 private-vlan mode....
PAGE 32
match ip dscp............................................................................................................................................................... 1009 match ip precedence....................................................................................................................................................1010 match mac access-group............................................................................................................................................
PAGE 33
ip rip receive version.................................................................................................................................................... 1039 ip rip send version........................................................................................................................................................ 1039 ip split-horizon...............................................................................................................................................
PAGE 34
49 Security................................................................................................................................................. 1069 AAA Accounting Commands...................................................................................................................................... 1069 aaa accounting.......................................................................................................................................................
PAGE 35
tacacs-server key...................................................................................................................................................1097 SSH Server and SCP Commands.............................................................................................................................. 1098 crypto key generate...............................................................................................................................................1098 debug ip ssh.....
PAGE 36
sflow collector............................................................................................................................................................... 1127 sflow enable (Global).................................................................................................................................................... 1127 sflow ingress-enable.........................................................................................................................................
PAGE 37
default logging monitor................................................................................................................................................ 1156 default logging trap.......................................................................................................................................................1157 logging............................................................................................................................................................
PAGE 38
description..................................................................................................................................................................... 1183 disable.............................................................................................................................................................................1184 forward-delay....................................................................................................................................
PAGE 39
clock set......................................................................................................................................................................... 1213 clock summer-time date.............................................................................................................................................. 1214 clock summer-time recurring...................................................................................................................................
PAGE 40
no interface management ethernet ip address........................................................................................................ 1238 reload............................................................................................................................................................................. 1238 show boot blc...............................................................................................................................................................
PAGE 41
peer-routing-timeout................................................................................................................................................... 1263 primary-priority............................................................................................................................................................. 1263 show ip mroute..................................................................................................................................................
PAGE 42
Data Center Bridging (DCB) for FC Flex IO Modules............................................................................................. 1295 NPIV Proxy Gateway for FC Flex IO Modules......................................................................................................... 1295 description (for FCoE maps)................................................................................................................................ 1296 fabric.............................................
PAGE 43
1 About this Guide This guide provides information about the Dell Networking Operating System (OS) command line interface (CLI). This guide also includes information about the protocols and features found in the Dell OS and on the Dell Networking systems supported by the Dell OS.
PAGE 44
[X] Keywords and parameters within brackets are optional. x|y Keywords and parameters separated by a bar require you to choose one option. x||y Keywords and parameters separated by a double bar allows you to choose any or all of the options. Information Icons This book uses the following information symbols: NOTE: The Note icon signals important operational information. CAUTION: The Caution icon signals information about situations that could result in equipment damage or loss of data.
PAGE 45
2 CLI Basics This chapter describes the command line interface (CLI) structure and command modes. The Dell operating software commands are in a text-based interface that allows you to use the launch commands, change command modes, and configure interfaces and protocols.
PAGE 46
User "admin" on line vty1 ( 123.12.1.123 ) User "Irene" on line vty3 ( 123.12.1.321 ) Dell#conf When another user enters CONFIGURATION mode, the Dell Networking OS sends a message similar to the following: % Warning: User "admin" on line vty2 "172.16.1.210" is in configuration In this case, the user is “admin” on vty2. Navigating the CLI The Dell Networking Operating System (OS) displays a command line interface (CLI) prompt comprised of the host name and CLI mode.
PAGE 47
To obtain a list of available options: Type a keyword and then type a space and a ?. To obtain a list of partial keywords using a partial keyword: Type a partial keyword and then type a ?. Example The following is an example of typing ip ? at the prompt: Dell(conf)#ip ? igmp Internet Group Management Protocol route Establish static routes telnet Specify telnet options When entering commands, you can take advantage of the following timesaving features: • The commands are not case-sensitive.
PAGE 48
Using the Keyword no Command To disable, delete or return to default values, use the no form of the commands. For most commands, if you type the keyword no in front of the command, you disable that command or delete it from the running configuration. In this guide, the no form of the command is described in the Syntax portion of the command description.
PAGE 49
Filtering the Command Output Multiple Times You can filter a single command output multiple times. To filter a command output multiple times, place the save option as the last filter. For example: Dell# command | grep regular-expression | except regular-expression | grep otherregular-expression | find regular-expression | no-more | save. Command Modes To navigate and launch various CLI modes, use specific commands. Navigation to these modes is described in the following sections.
PAGE 50
2 Enter the interface command and then enter an interface type and interface number that is available on the switch. The prompt changes to include the designated interface and slot/port number.
PAGE 51
MAC ACCESS LIST Mode To enter MAC ACCESS LIST mode and configure either standard or extended access control lists (ACLs), use the mac access-list standard or mac access-list extended command. To enter MAC ACCESS LIST mode: 1 Verify that you are logged in to CONFIGURATION mode. 2 Use the mac access-list standard or mac access-list extended command. Include a name for the ACL. The prompt changes to include (conf-std-macl) or (conf-ext-macl). You can return to CONFIGURATION mode by using the exit command.
PAGE 52
PROTOCOL GVRP Mode To enable and configure GARP VLAN Registration Protocol (GVRP), use PROTOCOL GVRP mode. For more information, refer to GARP VLAN Registration (GVRP). To enter PROTOCOL GVRP mode: 1 Verify that you are logged in to CONFIGURATION mode. 2 Enter the protocol gvrp command. The prompt changes to include (config-gvrp). You can return to CONFIGURATION mode by using the exit command. RAPID SPANNING TREE (RSTP) Mode To enable and configure RSTP, use RSTP mode.
PAGE 53
To enter ROUTER RIP mode: 1 Verify that you are logged in to CONFIGURATION mode. 2 Enter the router rip command. The prompt changes to include (conf-router_rip). You can return to CONFIGURATION mode by using the exit command. SPANNING TREE Mode To enable and configure the Spanning Tree protocol, use SPANNING TREE mode. For more information, refer to Spanning Tree Protocol (STP). To enter SPANNING TREE mode: 1 Verify that you are logged in to CONFIGURATION mode.
PAGE 54
3 File Management This chapter contains command line interface (CLI) commands needed to manage the configuration files as well as other file management commands. The commands in this chapter are supported by the Dell Networking Operating System (OS).
PAGE 55
stack-unit Enter the stack-unit number for the master switch. stack-unit-number Enter the stack-unit number. The range is from 0 to 5. all Enter the keywordall to apply the configuration for all stack units. default Enter the keyword default to use the primary Dell Networking OS image. primary Enter the keyword primary to use the primary Dell Networking OS image. secondary Enter the keyword secondary to use the primary Dell Networking OS image.
PAGE 56
Command Modes Command History • flash: (internal Flash) or any sub-directory • usbflash: (external Flash) or any sub-directory EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.0 Introduced on the MXL 10/40GbE Switch IO Module. copy Copy one file to another location. The Dell Networking Operating System (OS) supports IPv4 addressing for FTP, TFTP, and SCP (in the hostip field).
PAGE 57
NOTE: Dell Networking OS imposes a length limit on the password you create for performing the secure copy operation. Your password can be no longer than 32 characters. When you use the copy running-config startup-config command to copy the running configuration (the startup configuration file amended by any configuration changes made since the system was started) to the startup configuration file, the Dell Networking OS creates a backup file on the internal flash of the startup configuration.
PAGE 58
delete Delete a file from the flash. After deletion, files cannot be restored. Syntax delete flash: ([flash://]filepath) usbflash ([usbflash://]filepath) Parameters flash-url no-confirm Command Modes Command History Example Enter the following location and keywords: • For a file or directory on the internal Flash, enter flash:// then the filename or directory name. • For a file or directory on an external USB drive, enter usbflash:// then the filename or directory name.
PAGE 59
Usage Information Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. You must include the colon (:) when entering this command. CAUTION: This command deletes all files, including the startup configuration file. So, after executing this command, consider saving the running config as the startup config (use the write memory command or copy run start command). Related Commands copy — copies the current configuration to either the startup-configuration file or the terminal.
PAGE 60
logging coredump Enable coredump. Syntax logging coredump stack-unit all Command Modes CONFIGURATION Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The kernel coredump can be large and may take five to 30 minutes to upload.
PAGE 61
NOTE: You must disable logging coredump before you designate a new server destination for your core dumps. Related Commands logging coredump – disables the kernel coredump pwd Display the current working directory. Syntax pwd Command Modes EXEC Privilege Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Example Dell#pwd flash: Dell# Related Commands cd – changes the directory.
PAGE 62
Command Modes Command History Usage Information 0-5 Enter the stack member unit identifier to restore only the mentioned stack-unit. all Enter the keyword all to restore all units in the stack. bootvar Enter the keyword bootvar to reset boot line. clear-all Enter the keywords clear-all to reset the NvRAM, boot environment variables, and the system startup configuration. nvram Enter the keyword nvram to reset the NvRAM only. EXEC Privilege Version Description 9.9(0.
PAGE 63
Each boot path variable (primary_boot, secondary_boot, and default_boot) is further split into the following three independent variables: • primary_server, primary_file, and primary_type • secondary_server, secondary_file, and secondary_type • default_server, default_file, and default_type NOTE: For information on the default values that these variables take, refer to the Restoring Factory Default Environment Variables section in the Dell Networking OS Configuration guide.
PAGE 64
Power-cycling the unit(s). Dell# Example (NvRAM, single unit) Dell#restore factory-defaults stack-unit 1nvram ************************************************************** * Warning - Restoring factory defaults will delete the existing * * persistent settings (stacking, fanout, etc.) * * After restoration the unit(s) will be powercycled immediately.
PAGE 65
show file Display contents of a text file in the local filesystem. Syntax Parameters Command Modes Command History show file url url Enter one of the following: • For a file on the internal Flash, enter flash:// then the filename. • For a file on the external Flash, enter usbflash:// then the filename. EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 66
Command History Example Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.0 Introduced on the MXL 10/40GbE Switch IO Module. Dell#show file-systems Size(b) Free(b) 2143281152 2000936960 15848660992 831594496 Dell# Command Fields Type USERFLASH USBFLASH network network network Flags rw rw rw rw rw Prefixes flash: usbflash: ftp: tftp: scp: Field Description size(b) Lists the size (in bytes) of the storage location. If the location is remote, no size is listed.
PAGE 67
Command Modes Command History Usage Information Example EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. NOTE: A filepath that contains a dot ( . ) is not supported.
PAGE 68
File Management ftp for the current FTP configuration fvrp for the current FVRP configuration host for the current host configuration hardwaremonitor for hardware-monitor action-on-error settings igmp for the current IGMP configuration interface for the current interface configuration line for the current line configuration load-balance for the current port-channel load-balance configuration logging for the current logging configuration mac for the current MAC ACL configuration mac-
PAGE 69
Command Modes Command History configured (OPTIONAL) Enter the keyword configuration to display line card interfaces with non-default configurations only. status (OPTIONAL) Enter the keyword status to display the checksum for the running configuration and the start-up configuration. EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Example Dell#show running-config Current Configuration ...
PAGE 70
Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Example Dell#show startup-config ! Version E8-3-16-29 ! Last configuration change at Thu Apr 26 19:19:02 2012 by default ! Startup-config last updated at Thu Apr 26 19:19:04 2012 by default ! boot system stack-unit 0 primary system: A: boot system stack-unit 0 secondary tftp://10.11.200.241/ dt-m1000e-5-c2 boot system gateway 10.11.209.
PAGE 71
Command Fields Lines Beginning With Description Dell Force10 Network... Name of the operating system Dell Force10 Operating... OS version number Dell Force10 Application... Software version Copyright (c)... Copyright information Build Time... Software build’s date stamp Build Path... Location of the software build files loaded on the system Dell Force10 uptime is... Amount of time the system has been up System image...
PAGE 72
flash: After entering the keyword flash:, you can either follow it with the location of the source file in this form: //filepath or press Enter to launch a prompt sequence. usbflash: After entering the keyword usbflash:, you can either follow it with the location of the source file in this form: //filepath or press Enter to launch a prompt sequence. A: Enter this keyword to upgrade the bootflash partition A. B: Enter this keyword to upgrade the bootflash partition B.
PAGE 73
B: Defaults none Command Modes EXEC Privilege Command History Enter this keyword to upgrade the bootflash partition B. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information Reset the card using the power-cycle option after restoring the FPGA command.
PAGE 74
Usage Information Example You can enter this command in the following ways: • verify md5 flash://img-file • verify md5 flash://img-file • verify sha256 flash://img-file • verify sha256 flash://img-file Without Entering the Hash Value for Verification using SHA256 Dell# verify sha256 flash://FTOS-SE-9.5.0.0.bin SHA256 hash for FTOS-SE-9.5.0.0.
PAGE 75
4 Control and Monitoring The Dell Networking OS supports the following control and monitoring commands. asset-tag Assign and store a unique asset-tag to the stack member. Syntax asset-tag stack-unit unit id Asset-tag ID To remove the asset tag, use no stack-unit unit-id Asset-tag ID command. Parameters stack-unit unit-id Enter the keywordsstack-unit then the unit-id to assign a tag to the specific member. The range is from 0 to 5.
PAGE 76
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. You must save the configuration and reload the system to implement ASF. When you enter the command, the system sends a message stating that the new mode is enabled when the system reloads. banner exec Configure a message that is displayed when your enter EXEC mode.
PAGE 77
exec-banner — Enables the display of a text string when you enter EXEC mode. line — enables and configures the console and virtual terminal lines to the system. banner login Set a banner to display when logging on to the system. Syntax banner login {acknowledgement | keyboard-interactive | c line c} Enter no banner login to delete the banner text. Enter no banner login keyboard-interactive to automatically go to the banner message prompt (does not require a carriage return).
PAGE 78
[y/n]: y Login: admin Password: Related Commands banner motd — sets a Message of the Day banner. exec-banner — enables the display of a text string when you enter EXEC mode. banner motd Set a message of the day (MOTD) banner. Syntax banner motd c line c Parameters c Enter a delineator character to specify the limits of the text banner. The delineator is a percent character (%). line Enter a text string for your message of the day banner message ending the message with your delineator.
PAGE 79
clear command history Clear the command history log. Syntax clear command history Command Modes EXEC Privilege Command History Related Commands Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. show command-history — displays a buffered log of all the commands all users enter along with a time stamp. clear line Reset a terminal line.
PAGE 80
debug cpu-traffic-stats Enable the collection of computer processor unit (CPU) traffic statistics. Syntax debug cpu-traffic-stats Defaults Disabled Command Modes EXEC Privilege Command History Usage Information Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. This command enables (and disables) the collection of CPU traffic statistics from the time this command is executed (not from system boot).
PAGE 81
Command Modes Command History EXEC Privilege Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. do Allows the execution of most EXEC-level commands from all CONFIGURATION levels without returning to the EXEC level. Syntax Parameters Defaults Command Modes Command History Usage Information Example do command command Enter an EXEC-level command. none • CONFIGURATION • INTERFACE Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.
PAGE 82
Defaults 15 Command Modes EXEC Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.5(0.0) Introduced the support for roles on the MXL 10/40GbE Switch. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Users entering EXEC Privilege mode or any other configured privilege level can access configuration commands.
PAGE 83
Command Modes Command History CONFIGURATION Version Description 9.9(0.0) Introduced on the FN IOM. 9.7(0.0) Introduced on the MXL. end Return to EXEC Privilege mode from other command modes (for example, CONFIGURATION or ROUTER OSPF modes). Syntax Command Modes Command History Related Commands end • CONFIGURATION • SPANNING TREE • MULTIPLE SPANNING TREE • LINE • INTERFACE • VRRP • ACCESS-LIST • PREFIX-LIST • ROUTER OSPF • ROUTER RIP Version Description 9.9(0.
PAGE 84
Related Commands banner exec — configures a banner to display when entering EXEC mode. line — enables and configures console and virtual terminal lines to the system. exec-timeout Set a time interval that the system waits for input on a line before disconnecting the session. Syntax exec-timeout minutes [seconds] To return to default settings, use the no exec-timeout command. Parameters minutes Enter the number of minutes of inactivity on the system before disconnecting the current session.
PAGE 85
Command History Related Commands • ROUTER OSPF • ROUTER RIP Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. end — returns to EXEC Privilege mode. feature unique-name Set a unique host name for the system. Syntax feature unique-name Defaults None Command Modes CONFIGURATION Supported Modes Command History Usage Information • Standalone • VLT • Stacking • PMUX • STOMP Full Switch Version Description 9.10(0.
PAGE 86
Command History Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Example morpheus% ftp 10.31.1.111 Connected to 10.31.1.111. 220 FTOS (1.0) FTP server ready Name (10.31.1.
PAGE 87
ftp-server username Create a user name and associated password for incoming FTP server sessions. Syntax Parameters ftp-server username username password [encryption-type] password username Enter a text string up to 40 characters long as the user name. password password Enter the keyword password then a string up to 40 characters long as the password. Without specifying an encryption type, the password is unencrypted.
PAGE 88
password Defaults Not configured. Command Modes CONFIGURATION Command History Usage Information • 0 (zero) for an unecrypted (clear text) password • 7 (seven) for a hidden text password Enter a string up to 40 characters as the password. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The password is listed in the configuration file; you can view the password by entering the show runningconfig ftp command in EXEC mode.
PAGE 89
ip ftp username Assign a user name for outgoing FTP connection requests. Syntax Parameters ip ftp username username username Enter a text string as the user name up to 40 characters long. Defaults No user name is configured. Command Modes CONFIGURATION Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information Configure a password with the ip ftp password command.
PAGE 90
• For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/ port information. • For VLAN interface, enter the keyword vlan then a number from 1 to 4094. Defaults The IP address on the system that is closest to the Telnet address is used in the outgoing packets. Command Modes CONFIGURATION Command History Related Commands Version Description 8.3.16.
PAGE 91
Parameters console 0 Enter the keyword console 0 to configure the console port. The console option is <0-0>. vty number Enter the keyword vty then a number from 0 to 9 to configure a virtual terminal line for Telnet sessions. The system supports 10 Telnet sessions. end-number (OPTIONAL) Enter a number from 1 to 9 as the last virtual terminal line to configure. You can configure multiple lines at one time.
PAGE 92
If the login concurrent-session clear-line enable command is configured, you are provided with an option to clear any of your existing sessions after a successful login authentication. When you reach the maximum concurrent session limit, you can still login by clearing any of your existing sessions.
PAGE 93
no login statistics {enable | time-period days} Parameters enable Enables user login statistics. By default, the system displays the login statistics for the last 30 days. time-period days Sets the number of days for which the system stores the user login statistics. The range is from 1 to 30. Defaults Not configured Command Modes CONFIGURATION Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.8(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 94
The preceding message shows that the user had previously logged in to the system using the console line. It also displays the number of unsuccessful login attempts since the last login and the number of unsuccessful login attempts during a custom time period. Related Commands login concurrent-session — Configures the limit of concurrent sessions for all users on console and virtual terminal lines.
PAGE 95
• For a Port Channel interface, enter the keywords port-channel then a number: The range is from 1 to 128. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/ port information. • For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. tos (IPv4 only) Enter the type of service required. The range is from 0 to 255. The default is 0.
PAGE 96
Commands. For information on the ICMP message codes that return from a ping command, refer to Internet Control Message Protocol (ICMP) Message Types. Example (IPv4) Dell#ping 172.31.1.255 Type Ctrl-C to abort. Sending 5, 100-byte ICMP Echos to 172.31.1.255, timeout is 2 seconds: Reply to request 1 from 172.31.1.208 0 ms Reply to request 1 from 172.31.1.216 0 ms Reply to request 1 from 172.31.1.205 16 ms :: Reply to request 5 from 172.31.1.209 0 ms Reply to request 5 from 172.31.1.
PAGE 97
Command Modes Command History Usage Information EXEC Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Messages can contain an unlimited number of lines; however, each line is limited to 255 characters. To move to the next line, use . To send the message use CTR-Z; to abort a message, use CTR-C. service timestamps To debug and log messages, add time stamps. This command adds either the uptime or the current time and date.
PAGE 98
Command Modes Command History Example • EXEC • EXEC Privilege Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Dell# show alarms -- Minor Alarms -Alarm Type Duration --------------------------------------No minor alarms -- Major Alarms -Alarm Type Duration ---------------------------------------No major alarms Dell# show command-history Display a buffered log of all commands all users enter along with a time stamp.
PAGE 99
[4/20 10:27:56]: CMD-(CLI):[show interfaces tengigabitethernet 0/3]by default from console [4/20 10:55:8]: CMD-(CLI):[show lldp neighbors]by default from console [4/20 15:17:6]: CMD-(CLI):[show cam-acl]by default from console [4/20 16:34:59]: CMD-(CLI):[show running-config interface tengigabitethernet 0/1 55]by default from console [4/20 16:38:14]: CMD-(CLI):[show vlan]by default from console [5/4 9:11:52]: CMD-(TEL0):[show version]by admin from vty0 (10.11.68.
PAGE 100
show debugging View a list of all enabled debugging processes. Syntax show debugging Command Modes EXEC Privilege Command History Example Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 101
* Management Unit -- Thermal Sensor Readings (deg C) -Unit Sensor0 Sensor1 Sensor2 Sensor3 Sensor4 Sensor5 Sensor6 Sensor7 Sensor8 Sensor9 ------------------------------------------------------0 50 52 53 53 54 48 57 57 53 56 Dell# Example (stack-unit) Dell#show environment stack-unit 0 -- Unit Environment Status -Unit Status Temp Voltage -----------------------------------0* online 49C ok * Management Unit Example (thermalsensor) Dell#show environment thermal-sensor -- Thermal Sensor Readings (deg C) -Unit
PAGE 102
* - Management Unit Software Protocol Configured -------------------------------------------------------------SNMP LLDP Dell# Example (media) Dell#show inventory media Slot Port Type Media Serial Number F10Qualid ---------------------------------------------------------0 33 QSFP 40GBASE-CR4-1M APF11490011J2Q Yes 0 37 QSFP 40GBASE-SR4 MLJ004V No 0 41 QSFP 40GBASE-SR4 MLJ003P No 0 42 QSFP 40GBASE-SR4 MLJ003P No 0 43 QSFP 40GBASE-SR4 MLJ003P No 0 44 QSFP 40GBASE-SR4 MLJ003P No 0 45 QSFP 40GBASE-SR4 MLJ004Y No
PAGE 103
user login-id Defaults None Command Modes CONFIGURATION Command History Usage Information (Optional)Displays the login statistics of a specific user in the last 30 days or the custom defined time period. When you use it with the unsuccessful-attempts keyword, the system displays the number of failed login attempts by a specific user in the last 30 days or the custom defined time period Version Description 9.10(0.0) Introduced the successful-attempts keyword. 9.9(0.0) Introduced on the FN IOM.
PAGE 104
User: admin1 Last login time: 12:49:19 UTC Tue Mar 22 2016 Last login location: Line vty0 ( 10.16.127.145 ) Unsuccessful login attempt(s) since the last successful login: 0 Unsuccessful login attempt(s) in last 30 day(s): 3 Successful login attempt(s) in last 30 day(s): 2 ----------------------------------------------------------------------------------------------------------------------------------User: admin2 Last login time: 12:49:27 UTC Tue Mar 22 2016 Last login location: Line vty0 ( 10.16.127.
PAGE 105
show memory View current memory usage on the MXL switch. Syntax Parameters Command Modes Command History show memory [stack-unit 0–5] stack-unit 0–5 • EXEC • EXEC Privilege (OPTIONAL) Enter the keywords stack-unit then the stack unit ID of the stack member to display memory information on the designated stack member. Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 106
memory Command Modes Command History Example (summary) • EXEC • EXEC Privilege (OPTIONAL) Enter the keyword memory to display memory statistics. Refer to Example (memory). Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 107
0x763eb000 90800 ipc 0x77ee9000 5 tme 0x77eec000 0 ttraceIpFlow 0x77eee000 20 linkscan_user_threa 0x77ff6000 0 isrTask 0x7811a000 0 tDDB 0x7811c000 22980 GC 0x7811e000 0 bshell_reaper_threa 0x78365000 10 tSysLog 0x78367000 1106980 tTimerTask 0x78369000 13131160 tExcTask 0x7836b000 30 tLogTask 0x785bb000 147650 tUsrRoot Example (memory) 9080 10000 0.00% 0.00% 0.00% 0 0 5 1 0000 0.00% 0.00% 0.00% 0 0 0 0.00% 0.00% 0.00% 0 2 10000 0.00% 0.00% 0.00% 0 0 0 0.00% 0.00% 0.00% 0 0 0 0.00% 0.00% 0.
PAGE 108
fcoecntrl dhclient f10appioserv ndpm f10appioserv vrrp f10appioserv frrp f10appioserv xstp f10appioserv pim f10appioserv Dell# Related Commands 262144 548864 225280 618496 225280 335872 225280 180224 225280 2740224 225280 1007616 225280 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 7917568 1310720 208896 7512064 208896 8048640 208896 7512064 208896 9801728 208896 7757824 208896 show hardware layer2 acl — displays Layer 2 ACL data for the selected stack member and stack member portpipe.
PAGE 109
Field Description Cur Len Current number of messages enqueued High Mark Highest number of packets in the queue at any time #of to / Timeout Timeout count #of Retr /Retries Number of retransmissions #msg Sent/Msg Sent/ Number of messages sent #msg Ackd/Ack Rcvd Number of messages acknowledged Retr /Available Retra Number of retries left Total/ Max Retra Number of retries allowed Important Points: Example • The SWP provides flow control-based reliable communication between the sending and
PAGE 110
Command Modes Command History Usage Information all Enter the keyword all for detailed memory usage on all stack members. summary Enter the keyword summary for a brief summary of memory availability and usage on all stack members. • EXEC • EXEC Privilege Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 111
fcoecntrl dhclient f10appioserv ndpm f10appioserv vrrp Example (management-unit) 262144 548864 225280 618496 225280 335872 0 0 0 0 0 0 0 0 0 0 7917568 1310720 208896 7512064 208896 Dell#show processes memory management-unit Total:2147483648, MaxUsed:378470400 [05/23/2012 09:49:39] CurrentUsed:378470400, CurrentFree:1769013248 SharedUsed:18533952, SharedFree:2437592 PID Process ResSize Size 472 ospf 8716288 573440 529 fcoecntrl 7917568 262144 225 dhclient 1310720 548864 360 ndpm 7512064 618496 160 vrrp
PAGE 112
Command History Example Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 113
-- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports ---------------------------------------------------------0 1 2 3 4 5 Member Management Member Member Member Member not present online MXL-10/40GbE MXL-10/40GbE 9-1-0-917 56 not present not present not present not present Dell# Example (stack-unit) Dell#show system stack-unit 0 -- Unit 0 -Unit Type : Management Unit Status : online Next Boot : online Required Type : MXL-10/40GbE - 34-port GE/TE/FG (XL) Current Type : MXL-10/40GbE - 34-port GE
PAGE 114
show system stack-ports — Displays information about the stack ports on all switches in the stack. show hardware stack-unit — Displays the data plane and management plane input and output statistics of a particular stack member. stack-unit priority — Configures the ability of the switch to become the management unit of a stack. show tech-support Display a collection of data from other show commands, necessary for Dell Networking OS technical support to perform troubleshooting on MXL switches.
PAGE 115
Example (partial) • show processes cpu • show processes memory • show redundancy • show running-conf • show version Dell#show tech-support ? page Page through output stack-unit Unit Number | Pipe through a command Dell#show tech-support stack-unit 1 ? page Page through output | Pipe through a command Dell#show tech-support stack-unit 1 | ? except Show only text that does not match a pattern find Search for the first occurrence of a pattern grep Show only text that matches a pattern no-m
PAGE 116
* Management Unit -- Thermal Sensor Readings (deg C) -Unit Sensor0 Sensor1 --------------------------1 39 41 --------------------- show ip traffic ------------------IP statistics: Rcvd: 894390 total, 415557 local destination 0 format errors, 0 checksum errors, 0 bad hop count 0 unknown protocol, 0 not a gateway 15 security failures, 0 bad options Frags: 0 reassembled, 0 timeouts, 0 too big 0 fragmented, 0 couldn't fragment Bcast: 402 received, 0 sent; Mcast: 37 received, 0 sent Sent: 468133 generated, 0 for
PAGE 117
Defaults Command Modes Command History • For a Loopback interface, enter the keyword loopback then a number from zero (0) to 16383. • For the Null interface, enter the keyword null then 0. • For a Port Channel interface, enter the keywords port-channel then a number. The range is from 1 to 128. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information.
PAGE 118
ip-address Defaults Command Modes Command History Enter the IP address of the device in dotted decimal format. • Timeout = 5 seconds • Probe count = 3 • 30 hops max • 40 byte packet size • UDP port = 33434 • EXEC • EXEC Privilege Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 119
virtual-ip Configure a virtual IP address for the active management interface. You can configure virtual addresses both for IPv4 independently. Syntax Parameters virtual-ip {ipv4-address} ipv4-address Defaults none Command Modes CONFIGURATION Command History Usage Information Enter the IP address of the active management interface in a dotted decimal format (A.B.C.D.). Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 120
5 802.1X An authentication server must authenticate a client connected to an 802.1X switch port. Until the authentication, only extensible authentication protocol over LAN (EAPOL) traffic is allowed through the port to which a client is connected. After authentication is successful, normal traffic passes through the port. The Dell Networking operating software supports remote authentication dial-in service (RADIUS) and active directory environments using 802.1X Port Authentication.
PAGE 121
• dot1x port-control • dot1x quiet-period • dot1x reauthentication • dot1x reauth-max • dot1x server-timeout • dot1x supplicant-timeout • dot1x tx-period • mac • show dot1x cos-mapping interface • show dot1x interface • show dot1x profile debug dot1x Display 802.1X debugging information. Syntax Parameters debug dot1x [all | auth-pae-fsm | backend-fsm | eapol-pdu] [interface interface] all Enable all 802.1X debug messages. auth-pae-fsm Enable authentication PAE FSM debug messages.
PAGE 122
Defaults 3 attempts Command Modes CONFIGURATION (conf-if-interface-slot/port) Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. If the host responds to 802.1X with an incorrect login/password, the login fails. The switch attempts to authenticate again until the maximum attempts configured is reached.
PAGE 123
Usage Information The prerequisites for enabling MAB-only authentication on a port are: • Enable 802.1X authentication globally on the switch and on the port (the dot1x authentication command). • Enable MAC authentication bypass on the port (the dot1x mac-auth-bypass command). In MAB-only authentication mode, a port authenticates using the host MAC address even though 802.1xauthentication is enabled. If the MAB-only authentication fails, the host is placed in the guest VLAN (if configured).
PAGE 124
dot1x critical-vlan Configure critical-VLAN for users or devices when authentication server is not reachable. Syntax [no] dot1x critical-vlan vlan-id Parameters vlan-id Defaults Not Configured. Command Modes INTERFACE Enter the VLAN identifier. The VLAN-ID range is from 1 to 4094. INTERFACE (BATCH MODE) Command History Usage Information This guide is platform-specific. For command information about other platforms, refer to the relevant Dell Networking OS Command Line Reference Guide.
PAGE 125
Auth PAE State: Backend State: Authenticated Idle dot1x profile Configure a dot1x profile to define a list of trusted supplicant MAC addresses. Syntax Parameters [no] dot1x profile profile-name profile-name Defaults None Command Modes CONFIGURATION Enter a dot1x profile-name. The profile name length is limited to 32 characters. CONFIGURATION TERMINAL BATCH Error Strings NONE Command History This guide is platform-specific.
PAGE 126
Command Modes INTERFACE INTERFACE (BATCH MODE) Command History Usage Information This guide is platform-specific. For command information about other platforms, refer to the relevant Dell Networking OS Command Line Reference Guide. Version Description 9.10(0.0) Introduced on the S3100 series, S4048–ON, S4048–ON, S4810, S4820T, S5000, S6000, S6000–ON, the Configuration Terminal Batch mode on C9010, Z9100–ON, and Z9500. 9.9(0.0) Introduced on the C9010.
PAGE 127
To disable the guest VLAN, use the no dot1x guest-vlan vlan-id command. Parameters vlan-id Enter the VLAN Identifier. The range is from 1 to 4094. Defaults Not configured. Command Modes CONFIGURATION (conf-if-interface-slot/port) Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. 1X authentication is enabled when an interface is connected to the switch.
PAGE 128
Usage Information Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. • Single-host mode authenticates only one host per authenticator port and drops all other traffic on the port. • Multi-host mode authenticates the first host to respond to an Identity Request and then permits all other traffic on the port. • Multi-supplicant mode authenticates every device attempting to connect to the network on the authenticator port.
PAGE 129
dot1x max-supplicants Restrict the number of supplicants that can be authenticated and permitted to access the network through the port. This configuration is only takes effect in Multi-Auth mode. Syntax Parameters dot1x max-supplicants number number Enter the number of supplicants that can be authenticated on a single port in Multi-Auth mode. The range is from 1 to 128. The default is 128. Defaults 128 hosts can be authenticated on a single authenticator port.
PAGE 130
Parameters seconds Defaults 60 seconds Command Modes INTERFACE Command History Enter the number of seconds. The range is from 1 to 65535. The default is 60. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. dot1x reauthentication Enable periodic reauthentication of the client. Syntax dot1x reauthentication [interval seconds] To disable periodic reauthentication, use the no dot1x reauthentication command.
PAGE 131
Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. dot1x server-timeout Configure the amount of time after which exchanges with the server time-out. Syntax dot1x server-timeout seconds To return to the default, use the no dot1x server-timeout command. Parameters seconds Defaults 30 seconds Command Modes INTERFACE Command History Usage Information Enter a time-out value in seconds. The range is from 1 to 300, where 300 is implementation dependant. The default is 30.
PAGE 132
Defaults 30 seconds Command Modes INTERFACE Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. dot1x tx-period Configure the intervals at which EAPOL PDUs the Authenticator PAE transmits. Syntax dot1x tx-period seconds To return to the default, use the no dot1x tx-period command.
PAGE 133
Usage Information Version Description 9.10(0.0) Introduced on the S3100 series, S4048–ON, S4048–ON, S4810, S4820T, S5000, S6000, S6000–ON, the Configuration Terminal Batch mode on C9010, Z9100–ON, and Z9500. 9.9(0.0) Introduced on the C9010. The mac command configures a list of supplicant MAC addresses for a dot1x profile represented with a profilename. You can configure up to 6 MAC addresses in a single mac command.
PAGE 134
You can display the CoS mapping information applied to traffic from authenticated supplicants on 802.1X-enabled ports that are in Single-Hot, Multi-Host, and Multi-Supplicant authentication modes. Example Dell#show dot1x cos-mapping interface tengigabitethernet 0/1 802.
PAGE 135
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Usage Information If you enable 802.1X multi-supplicant authentication on a port, additional 802.1X configuration details (Port Authentication status, Untagged VLAN ID, Authentication PAE state, and Backend state) are displayed for each supplicant, as shown in the following example. Example Dell#show dot1x interface fortyGigE 0/48 802.
PAGE 136
Dell#show dot1x interface tengigabitethernet 0/32 mac-address 00:00:00:00:00:10 Supplicant Mac: 0 0 0 0 0 10 Lookup for Mac: 802.
PAGE 137
Profile MACs 00:50:56:aa:01:10 00:50:56:aa:01:11 802.
PAGE 138
6 Access Control Lists (ACL) Access control lists (ACLs) are supported by the Dell Networking Operating System (OS).
PAGE 139
• permit icmp • permit tcp • permit udp • seq • Common MAC Access List Commands • clear counters mac access-group • mac access-group • show mac access-lists • show mac accounting access-list • Standard MAC ACL Commands • deny • mac access-list standard • permit • seq • Extended MAC ACL Commands • deny • mac access-list extended • permit • seq • IP Prefix List Commands • clear ip prefix-list • deny • ip prefix-list • permit • seq • show config • show ip pr
PAGE 140
• seq • deny tcp • deny udp • deny arp (for Extended MAC ACLs) • deny icmp • deny ether-type (for Extended MAC ACLs) • deny • deny • permit (for Standard IP ACLs) • permit arp • permit ether-type (for Extended MAC ACLs) • permit icmp • permit udp • permit (for Extended IP ACLs) • permit • seq • permit tcp • seq arp • seq ether-type • seq • seq • permit udp • permit tcp • permit icmp • permit • deny udp (for IPv6 ACLs) • deny tcp (for IPv6 ACLs) • deny i
PAGE 141
Command History • CONFIGURATION-MAC ACCESS LIST-STANDARD • CONFIGURATION-MAC ACCESS LIST-EXTENDED Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. remark Enter a description for an ACL entry. Syntax Parameters remark [remark-number] [description] remark-number Enter the remark number. The range is from 0 to 4294967290. NOTE: You can use the same sequence number for the remark and an ACL rule.
PAGE 142
Related Commands resequence access-list — Re-assigns sequence numbers to entries of an existing access-list. resequence access-list Re-assign sequence numbers to entries of an existing access-list. Syntax resequence access-list {ipv4 | mac} {access-list-name StartingSeqNum Step-toIncrement} Parameters Defaults ipv4 | mac Enter the keyword ipv4 or mac to identify the access list type to resequence. access-list-name Enter the name of a configured IP access list.
PAGE 143
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information When you have exhausted all the sequence numbers, this feature permits re-assigning a new sequence number to entries of an existing prefix list. Related Commands seq — Assigns a sequence number to a deny or permit filter in an IP access list while creating the filter. show config Display the current ACL configuration.
PAGE 144
Parameters access-list-name Enter the name of a configured Standard ACL, up to 140 characters. ipv4 Enter the keyword ipv4 to configure an IPv4 access class. ipv6 Enter the keyword ipv6 to configure an IPv6 access class. Defaults Not configured. Command Modes LINE Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.8(0.0) Added the ipv4 and ipv6 parameters to the command. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 145
ip access-group Apply an egress IP ACL to an interface. Syntax Parameters ip access-group access-list-name {in | out} [implicit-permit] [vlan vlan-id] access-list-name Enter the name of a configured access list, up to 140 characters. in Enter the keyword in to apply the ACL to incoming traffic. out Enter the keyword out to apply the ACL to the outgoing traffic.
PAGE 146
• in Command Modes Command History For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/ port information. Identify whether ACL is applied on the ingress or egress side. EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Example Dell#show ip access-lists test in Standard Ingress IP access list test seq 5 permit 1.1.1.0/24 count (0 packets) seq 10 deny 2.1.1.
PAGE 147
Usage Information show ip accounting access-lists Description “Extended IP...” Displays the name of the IP ACL. “seq 5...” Displays the filter. If the keywords count or byte were configured in the filter, the number of packets or bytes the filter processes is displayed at the end of the line. “order 4” Displays the QoS order of priority for the ACL entry.
PAGE 148
order numbers have a higher priority) If you did not use the keyword order, the ACLs have the lowest order by default (255). fragments Enter the keyword fragments to use ACLs to control packet fragments. threshold-in msgs count (OPTIONAL) Enter the threshold-in-msgs keyword followed by a value to indicate the maximum number of ACL logs that can be generated, exceeding which the generation of ACL logs is terminated with the seq, permit, or deny commands. The threshold range is from 1 to 100.
PAGE 149
ip access-list standard Create a standard IP access list (IP ACL) to filter based on IP address. Syntax Parameters ip access-list standard access-list-name access-list-name Enter a string up to 140 characters long as the ACL name. Defaults All IP access lists contain an implicit deny any, that is, if no match occurs, the packet is dropped. Command Modes CONFIGURATION Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.
PAGE 150
no-drop Enter the keywords no-drop to match only the forwarded packets. count (OPTIONAL) Enter the keyword count to count packets processed by the filter. bytes (OPTIONAL) Enter the keyword bytes to count bytes processed by the filter. dscp (OPTIONAL) Enter the keyword dcsp to match to the IP DCSCP values. order (OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry.
PAGE 151
This mechanism copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG). Related Commands deny — assigns a IP ACL filter to deny IP packets. ip access-list standard — creates a standard ACL. seq Assign a sequence number to a deny or permit filter in an extended IP access list while creating the filter.
PAGE 152
Usage Information 9.3(0.0) Added support for logging of ACLs on the MXL 10/40GbE Switch IO Module platform. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The order option is relevant in the context of the Policy QoS feature only. The following applies: • The seq sequence-number command is applicable only in an ACL group. • The order option works across ACL groups that have been applied on an interface via the QoS policy framework.
PAGE 153
deny (for Extended IP ACLs) Configure a filter that drops IP packets meeting the filter criteria. Syntax deny {ip | ip-protocol-number} {source mask | any | host ip-address} {destination mask | any | host ip-address} [count [byte]] [dscp value] [order] [monitor] [fragments] [log [interval minutes] [threshold-in-msgs [count]] [monitor] To remove this filter, you have two choices: Parameters • Use the no seq sequence-number command if you know the filter’s sequence number.
PAGE 154
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.4(0.0) Added support for flow-based monitoring on the MXL 10/40GbE Switch IO Module platform. 9.3(0.0) Added support for logging of ACLs on the MXL 10/40GbE Switch IO Module platform. When the configured maximum threshold is exceeded, generation of logs is stopped.
PAGE 155
host ip-address Enter the keyword host then the IP address to specify a host IP address. destination Enter the IP address of the network or host to which the packets are sent. dscp Enter this keyword dscp to deny a packet based on the DSCP value. The range is from 0 to 63. count (OPTIONAL) Enter the keyword count to count packets processed by the filter. byte (OPTIONAL) Enter the keyword byte to count bytes processed by the filter.
PAGE 156
access-lists. This mechanism copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG). deny tcp Configure a filter that drops transmission control protocol (TCP) packets meeting the filter criteria.
PAGE 157
Defaults • 25 = SMTP • 169 = SNMP destination Enter the IP address of the network or host to which the packets are sent. mask Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. count (OPTIONAL) Enter the keyword count to count packets the filter processes. byte (OPTIONAL) Enter the keyword byte to count bytes the filter processes.
PAGE 158
If ACL logging is stopped because the configured threshold is exceeded, it is re-enabled after the logging interval period elapses. ACL logging is supported for standard and extended IPv4 ACLs, IPv6 ACLs, and MAC ACLs. You can configure ACL logging only on ACLs that are applied to ingress interfaces; you cannot enable logging for ACLs that are associated with egress interfaces.
PAGE 159
mask Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. any Enter the keyword any to specify that all routes are subject to the filter. host ip-address Enter the keyword host then the IP address to specify a host IP address. dscp Enter this keyword dscp to deny a packet based on the DSCP value. The range is from 0 to 63.
PAGE 160
Usage Information The order option is relevant in the context of the Policy QoS feature only. For more information, refer to the Quality of Service chapter of the Dell Networking OS Configuration Guide. You can configure either count (packets) or count (bytes). However, for an ACL with multiple rules, you can configure some ACLs with count (packets) and others as count (bytes) at any given time. Most ACL rules require one entry in the CAM.
PAGE 161
Parameters access-list-name Enter a string up to 140 characters long as the access list name. Defaults All access lists contain an implicit deny any; that is, if no match occurs, the packet is dropped. Command Modes CONFIGURATION Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information The number of entries allowed per ACL is hardware-dependent.
PAGE 162
fragments Enter the keyword fragments to use ACLs to control packet fragments. log (OPTIONAL) Enter the keyword log to enable the triggering of ACL log messages. threshold-in msgs count (OPTIONAL) Enter the threshold-in-msgs keyword followed by a value to indicate the maximum number of ACL logs that can be generated, exceeding which the generation of ACL logs is terminated with the seq, permit, or deny commands. The threshold range is from 1 to 100.
PAGE 163
permit icmp Configure a filter to allow all or specific ICMP messages. Syntax permit icmp {source mask | any | host ip-address} {destination mask | any | host ip-address} [dscp] [message-type] [count [byte]] [order] [fragments] [threshold-in-msgs [count]] To remove this filter, you have two choices: Parameters • Use the no seq sequence-number command if you know the filter’s sequence number.
PAGE 164
Usage Information Version Description 9.4(0.0) Added support for flow-based monitoring on the MXL 10/40GbE Switch IO Module platform. 9.3(0.0) Added the support for logging of ACLs on the MXL 10/40GbE Switch IO Module platform. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The order option is relevant in the context of the Policy QoS feature only. For more information, refer to the Quality of Service chapter of the Dell Networking OS Configuration Guide.
PAGE 165
bit Enter a flag or combination of bits: • ack: acknowledgement field • fin: finish (no more data from the user) • psh: push function • rst: reset the connection • syn: synchronize sequence numbers • urg: urgent field dscp Enter the keyword dscp to deny a packet based on the DSCP value. The range is from 0 to 63.
PAGE 166
monitor (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule is applied to the monitored interface. Defaults By default, 10 ACL logs are generated if you do not specify the threshold explicitly. The default frequency at which ACL logs are generated is five minutes. By default, flow-based monitoring is not enabled.
PAGE 167
5 6 7 8 0001110000000000 0001111000000000 0001111100000000 0001111101000000 1111111000000000 1111111100000000 1111111111000000 1111111111111111 7168 7680 7936 8000 7679 7935 7999 8000 512 256 64 1 Total Ports: 4001 Example An ACL rule with a TCP port lt 1023 uses only one entry in the CAM. Dell# Data Mask From To 1 0000000000000000 1111110000000000 0 #Covered 1023 1024 Total Ports: 1024 Related Commands ip access-list extended — creates an extended ACL.
PAGE 168
port port Enter the application layer port number. Enter two port numbers if you are using the range logical operand. The range is 0 to 65535. destination Enter the IP address of the network or host to which the packets are sent. count (OPTIONAL) Enter the keyword count to count packets processed by the filter. byte (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. order (OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry.
PAGE 169
for Layer 2 and Layer 3 ingress and egress traffic. You may specify traffic using standard or extended access-lists. This mechanism copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG). Example An ACL rule with a TCP port range of 4000–8000 uses eight entries in the CAM.
PAGE 170
source Enter an IP address in dotted decimal format of the network from which the packet was received. mask (OPTIONAL) Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. any Enter the keyword any to specify that all routes are subject to the filter. host ip-address Enter the keyword host and then enter the IP address to specify a host IP address or hostname.
PAGE 171
Defaults By default 10 ACL logs are generated if you do not specify the threshold explicitly. The default frequency at which the ACL logs are generated is five minutes. By default, the flow-based monitoring is not enabled. Command Modes CONFIGURATION-IP ACCESS-LIST-EXTENDED Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.4(0.0) Added support for the flow-based monitoring on the MXL 10/40GbE Switch IO Module. 9.3(0.
PAGE 172
Common MAC Access List Commands The following commands are available within both MAC ACL modes (Standard and Extended) and do not have mode-specific options. These commands allow you to clear, display, and assign MAC ACL configurations. The MAC ACL can be applied on Physical, Port-channel and VLAN interfaces. As per the stipulated rules in the ACL, the traffic on the Interface/VLAN members or Port-channel members will be permitted or denied. The switch supports both Ingress and Egress MAC ACLs.
PAGE 173
Usage Information Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. You can assign one ACL (standard or extended) to an interface. In case of applying a MAC ACL to traffic entering or exiting a VLAN interface. Enter the VLAN interface mode and apply the mac acl in the following manner. mac access-group access-list-name {in | out} Related Commands 1 If the MAC ACL is applied on VLAN, none of the VLAN members should have an access list applied for that VLAN.
PAGE 174
show mac accounting access-list Display MAC access list configurations and counters (if configured). Syntax show mac accounting access-list access-list-name interface interface in | out Parameters access-list-name Enter the name of a configured MAC ACL, up to 140 characters.
PAGE 175
deny To drop packets with a the MAC address specified, configure a filter. Syntax deny {any | mac-source-address [mac-source-address-mask]} [count [byte]] [log [interval minutes] [threshold—in-msgs [count]] [monitor] To remove this filter, you have two choices: Parameters • Use the no seq sequence-number command if you know the filter’s sequence number. • Use the no deny {any | mac-source-address mac-source-address-mask} command.
PAGE 176
count for that new interval commences from zero. If ACL logging was stopped previously because the configured threshold is exceeded, it is re-enabled for this new interval. If ACL logging is stopped because the configured threshold is exceeded, it is re-enabled after the logging interval period elapses. ACL logging is supported for standard and extended IPv4 ACLs, IPv6 ACLs, and MAC ACLs.
PAGE 177
permit To forward packets from a specific source MAC address, configure a filter. Syntax permit {any | mac-source-address [mac-source-address-mask]} [count [byte]] | log [interval minutes] [threshold-in-msgs[count] [monitor] To remove this filter, you have two choices: Parameters • Use the no seq sequence-number command if you know the filter’s sequence number. • Use the no permit {any | mac-source-address mac-source-address-mask} command.
PAGE 178
When the interval at which ACL logs are configured to be recorded expires, the subsequent, fresh interval timer is started and the packet count for that new interval commences from zero. If ACL logging was stopped previously because the configured threshold is exceeded, it is re-enabled for this new interval. If ACL logging is stopped because the configured threshold is exceeded, it is re-enabled after the logging interval period elapses.
PAGE 179
generation of ACL logs is terminated with the seq, permit, or deny commands. The threshold range is from 1 to 100. interval minutes (OPTIONAL) Enter the keyword interval followed by the time period in minutes at which ACL logs must be generated. The interval range is from 1 to 10 minutes.. monitor (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule is applied to the monitored interface.
PAGE 180
The Switch supports both Ingress and Egress MAC ACLs. deny To drop packets that match the filter criteria, configure a filter. Syntax deny {any | host mac-address | mac-source-address mac-source-address-mask} {any | host mac-address | mac-destination-address mac-destination-address-mask} [ethertype-operator] [count [byte]] To remove this filter, you have two choices: Parameters • Use the no seq sequence-number command if you know the filter’s sequence number.
PAGE 181
Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. permit — configures a MAC address filter to pass packets. seq — configures a MAC address filter with a specified sequence number. mac access-list extended Name a new or existing extended MAC access control list (extended MAC ACL).
PAGE 182
permit To pass packets matching the criteria specified, configure a filter. Syntax permit {any | host mac-address | mac-source-address mac-source-address-mask} {any | host mac-address | mac-destination-address mac-destination-address-mask} [ethertype operator] [count [byte]] To remove this filter, you have two choices: Parameters • Use the no seq sequence-number command if you know the filter’s sequence number.
PAGE 183
Related Commands deny — configures a MAC ACL filter to drop packets. seq — configure a MAC ACL filter with a specified sequence number. seq Configure a filter with a specific sequence number. Syntax Parameters seq sequence-number {deny | permit} {any | host mac-address | mac-sourceaddress mac-source-address-mask} {any | host mac-address | mac-destinationaddress mac-destination-address-mask} [ethertype operator] [count [byte]] sequence-number Enter a number as the filter sequence number.
PAGE 184
Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. deny — configures a filter to drop packets. permit — configures a filter to forward packets. IP Prefix List Commands When you create an access-list without any rule and then apply it to an interface, the ACL behavior reflects implicit permit. To configure or enable IP prefix lists, use these commands.
PAGE 185
Defaults Not configured. Command Modes PREFIX-LIST Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Sequence numbers for this filter are automatically assigned starting at sequence number 5. If you do not use the ge or le options, only packets with an exact match to the prefix are filtered. Related Commands permit — configures a filter to pass packets.
PAGE 186
le max-prefixlength Command Modes Command History Usage Information (OPTIONAL) Enter the keyword le and then enter the maximum prefix length, which is a number from zero (0) to 32. PREFIX-LIST Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Sequence numbers for this filter are automatically assigned starting at sequence number 5. If you do not use the ge or le options, only packets with an exact match to the prefix are filtered.
PAGE 187
Usage Information If you do not use the ge or le options, only packets with an exact match to the prefix are filtered. Related Commands deny — configures a filter to drop packets. permit — configures a filter to pass packets. show config Display the current PREFIX-LIST configurations. Syntax show config Command Modes PREFIX-LIST Command History Example Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 188
show ip prefix-list summary Display a summary of the configured prefix lists. Syntax show ip prefix-list summary [prefix-name] Parameters Command Modes Command History Example prefix-name • EXEC • EXEC Privilege (OPTIONAL) Enter a text string as the name of the prefix list, up to 140 characters. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 189
Match clause with Continue clause The continue feature can exist without a match clause. A continue clause without a match clause executes and jumps to the specified route-map entry. With a match clause and a continue clause, the match clause executes first and the continue clause next in a specified route map entry. The continue clause launches only after a successful match.
PAGE 190
match interface To match routes whose next hop is on the interface specified, configure a filter. Syntax match interface interface To remove a match, use the no match interface interface command. Parameters interface Defaults Not configured. Command Modes ROUTE-MAP Command History Related Commands Enter the following keywords and slot/port or number information: • For the Loopback interface, enter the keyword loopback then a number from zero (0) to 16383.
PAGE 191
Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. match interface — redistributes routes that match the next-hop interface. match ip next-hop — redistributes routes that match the next-hop IP address. match ip route-source — redistributes routes that match routes advertised by other routers. match metric — redistributes routes that match a specific metric.
PAGE 192
match ip route-source To match based on the routes advertised by routes specified in IP access lists or IP prefix lists, configure a filter. Syntax match ip route-source {access-list | prefix-list prefix-list-name} Parameters access-list-name Enter the name of a configured IP access list, up to 140 characters. prefix-list prefixlist-name Enter the keywords prefix-list and then enter the name of configured prefix list, up to 140 characters. Defaults Not configured.
PAGE 193
match ip address — redistributes routes that match an IP address. match ip next-hop — redistributes routes that match the next-hop IP address. match ip route-source — redistributes routes that match routes advertised by other routers. match route-type — redistributes routes that match a route type. match tag — redistributes routes that match a specific tag. match route-type To match routes based on the how the route is defined, configure a filter.
PAGE 194
Defaults Not configured. Command Modes ROUTE-MAP Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. match interface — redistributes routes that match the next-hop interface. match ip address — redistributes routes that match an IP address. match ip next-hop — redistributes routes that match the next-hop IP address.
PAGE 195
Related Commands show config2 — displays the current configuration. set automatic-tag To automatically compute the tag value of the route, configure a filter. Syntax set automatic-tag To return to the default, use the no set automatic-tag command. Defaults Not configured. Command Modes ROUTE-MAP Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 196
set tag — specifies the tag assigned to redistributed routes. set metric-type To assign a new route type for routes redistributed to OSPF, configure a filter. Syntax set metric-type {internal | external | type-1 | type-2} Parameters internal Enter the keyword internal to assign the Interior Gateway Protocol metric of the next hop as the route’s BGP MULTI_EXIT_DES (MED) value. external Enter the keyword external to assign the IS-IS external metric.
PAGE 197
set metric — specifies the metric value assigned to redistributed routes. set metric-type — specifies the route type assigned to redistributed routes. show config Display the current route map configuration. Syntax show config Command Modes ROUTE-MAP Command History Example Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.
PAGE 198
deny (for Standard IP ACLs) To drop packets with a certain IP address, configure a filter. Syntax deny {source | any | host {ip-address}}[count [byte]] [dscp value] [order] [fragments] [log [interval minutes] [threshold-in-msgs [count]] [monitor] To remove this filter, you have two choices: Parameters • Use the no seq sequence-number command if you know the filter’s sequence number. • Use the no deny {source [mask] | any | host ip-address} command.
PAGE 199
Usage Information When the configured maximum threshold is exceeded, generation of logs is stopped. When the interval at which ACL logs are configured to be recorded expires, the subsequent, fresh interval timer is started and the packet count for that new interval commences from zero. If ACL logging was stopped previously because the configured threshold is exceeded, it is re-enabled for this new interval.
PAGE 200
order numbers have a higher priority) If you did not use the keyword order, the ACLs have the lowest order by default (255). monitor OPTIONAL) Enter the keyword monitor when the rule is describing the traffic that you want to monitor and the ACL in which you are creating the rule is applied to the monitored interface. fragments Enter the keyword fragments to use ACLs to control packet fragments. log (OPTIONAL) Enter the keyword log to enable the triggering of ACL log messages.
PAGE 201
deny udp — assigns a filter to deny UDP packets. ip access-list extended — creates an extended ACL. seq Assign a sequence number to a deny or permit filter in an extended IP access list while creating the filter. Syntax Parameters seq sequence-number {deny | permit} {source [mask] | any | host ip-address}} [count [byte] [dscp value] [order] [fragments] [threshold-in-msgs [count] sequence-number Enter a number from 0 to 4294967290. The range is from 0 to 65534.
PAGE 202
Usage Information The order option is relevant in the context of the Policy QoS feature only. The following applies: • The seq sequence-number command is applicable only in an ACL group. • The order option works across ACL groups that have been applied on an interface via the QoS policy framework. • The order option takes precedence over seq sequence-number. • If sequence-number is not configured, the rules with the same order value are ordered according to their configuration order.
PAGE 203
mask Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. any Enter the keyword any to specify that all routes are subject to the filter. host ip-address Enter the keyword host then the IP address to specify a host IP address. dscp Enter this keyword dscp to deny a packet based on the DSCP value. The range is from 0 to 63.
PAGE 204
generation of ACL logs is terminated with the seq, permit, or deny commands. The threshold range is from 1 to 100. Defaults By default, 10 ACL logs are generated if you do not specify the threshold explicitly. The default frequency at which ACL logs are generated is five minutes. By default, flow-based monitoring is not enabled. Command Modes Command History Usage Information CONFIGURATION-IP ACCESS-LIST-EXTENDED Version Description 9.9(0.0) Introduced on the FN IOM. 9.4(0.
PAGE 205
3 4 5 6 7 8 0001000000000000 0001100000000000 0001110000000000 0001111000000000 0001111100000000 0001111101000000 1111100000000000 1111110000000000 1111111000000000 1111111100000000 1111111111000000 1111111111111111 4096 6144 7168 7680 7936 8000 6143 7167 7679 7935 7999 8000 2048 1024 512 256 64 1 Total Ports: 4001 Example An ACL rule with a TCP port lt 1023 uses only one entry in the CAM.
PAGE 206
port port Enter the application layer port number. Enter two port numbers if using the range logical operand. The range is from 0 to 65535. destination Enter the IP address of the network or host to which the packets are sent. mask Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. count (OPTIONAL) Enter the keyword count to count packets processed by the filter.
PAGE 207
Example An ACL rule with a TCP port range of 4000–8000 uses eight entries in the CAM.
PAGE 208
Enter the keyword vlan and then enter the VLAN ID to filter traffic associated with a specific VLAN. The range is 1 to 4094 and 1 to 2094 for ExaScale ( you can use IDs 1 to 4094). To filter all VLAN traffic, specify VLAN 1. ip-address Enter an IP address in dotted decimal format (A.B.C.D) as the target IP address of the ARP. opcode code-number Enter the keyword opcode and then enter the number of the ARP opcode. The range is from 1 to 23.
PAGE 209
Usage Information When the configured maximum threshold is exceeded, generation of logs is stopped. When the interval at which ACL logs are configured to be recorded expires, the subsequent, fresh interval timer is started and the packet count for that new interval commences from zero. If ACL logging was stopped previously because the configured threshold is exceeded, it is re-enabled for this new interval.
PAGE 210
host ip-address Enter the keyword host then the IP address to specify a host IP address. destination Enter the IP address of the network or host to which the packets are sent. dscp Enter this keyword dscp to deny a packet based on the DSCP value. The range is from 0 to 63. count (OPTIONAL) Enter the keyword count to count packets processed by the filter. byte (OPTIONAL) Enter the keyword byte to count bytes processed by the filter.
PAGE 211
access-lists. This mechanism copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG). deny ether-type (for Extended MAC ACLs) Configure an egress filter that drops specified types of Ethernet packets on egress ACL supported line cards. (For more information, refer to your line card documentation).
PAGE 212
threshold-in msgs count (OPTIONAL) Enter the threshold-in-msgs keyword followed by a value to indicate the maximum number of ACL logs that can be generated, exceeding which the generation of ACL logs is terminated with the seq, permit, or deny commands. The threshold range is from 1 to 100. interval minutes (OPTIONAL) Enter the keyword interval followed by the time period in minutes at which ACL logs must be generated. The time interval range is from of 1 to 10 minutes.
PAGE 213
• Parameters Use the no deny {any | mac-source-address mac-source-address-mask} command. any Enter the keyword any to specify that all routes are subject to the filter. mac-sourceaddress Enter a MAC address in nn:nn:nn:nn:nn:nn format. mac-sourceaddress-mask (OPTIONAL) Specify which bits in the MAC address must match. If no mask is specified, a mask of 00:00:00:00:00:00 is applied (in other words, the filter allows only MAC addresses that match).
PAGE 214
instead all traffic on the interface. This feature is particularly useful when looking for malicious traffic. It is available for Layer 2 and Layer 3 ingress and egress traffic. You may specify traffic using standard or extended access-lists. This mechanism copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG).
PAGE 215
The default frequency at which ACL logs are generated is five minutes. By default, flow-based monitoring is not enabled. Command Modes Command History Usage Information CONFIGURATION-IP ACCESS-LIST-STANDARD Version Description 9.9(0.0) Introduced on the FN IOM. 9.4(0.0) Added the support for flow-based monitoring on the MXL 10/40GbE Switch IO Module. 9.3(0.0) Added the support for logging of ACLs on the MXL 10/40GbE Switch IO Module. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 216
To remove this filter, you have two choices: Parameters • Use the no seq sequence-number command if you know the filter’s sequence number. • Use the no permit {source [mask] | any | host ip-address} command. source Enter the IP address in dotted decimal format of the network from which the packet was sent. mask (OPTIONAL) Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous.
PAGE 217
count for that new interval commences from zero. If ACL logging was stopped previously because the configured threshold is exceeded, it is re-enabled for this new interval. If ACL logging is stopped because the configured threshold is exceeded, it is re-enabled after the logging interval period elapses. ACL logging is supported for standard and extended IPv4 ACLs, IPv6 ACLs, and MAC ACLs.
PAGE 218
opcode codenumber Enter the keyword opcode followed by the number of the ARP opcode. The range is 1 to 16. count (OPTIONAL) Enter the keyword count to count packets processed by the filter. byte (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. log (OPTIONAL, E-Series only) Enter the keyword log to have the information kept in an ACL log file. order (OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry.
PAGE 219
Usage Information The order option is relevant in the context of the Policy QoS feature only. For more information, refer to the “Quality of Service” chapter of the Dell Networking OS Configuration Guide. When you use the log option, the CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets’ details. The monitor option is relevant in the context of flow-based monitoring only.
PAGE 220
destination-macaddress macaddress-mask Enter a MAC address and mask in the nn:nn:nn:nn:nn format. For the MAC address mask, specify which bits in the MAC address must match. The MAC ACL supports an inverse mask; therefore, a mask of ff:ff:ff:ff:ff:ff allows entries that do not match and a mask of 00:00:00:00:00:00 only allows entries that match exactly. any Enter the keyword any to match and drop specific Ethernet traffic on the interface.
PAGE 221
Usage Information Version Description 9.4(0.0) Added the support for flow-based monitoring on the MXL 10/40GbE Switch IO Module platform. 9.3(0.0) Added the support for logging of ACLs on the MXL 10/40GbE Switch IO Module platform. 8.2.1.0 Allows ACL control of fragmented packets for IP (Layer 3) ACLs. 8.1.1.0 Introduced on the E-Series ExaScale. 7.4.1.0 Added the monitor option. 6.5.10 Expanded to include the optional QoS order priority for the ACL entry.
PAGE 222
To remove this filter, you have two choices: Parameters • Use the no seq sequence-number command if you know the filter’s sequence number. • Use the no permit icmp {source mask | any | host ip-address} {destination mask | any | host ip-address} command. source Enter the IP address of the network or host from which the packets were sent. mask Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or noncontiguous.
PAGE 223
When the configured maximum threshold is exceeded, generation of logs is stopped. When the interval at which ACL logs are configured to be recorded expires, the subsequent, fresh interval timer is started and the packet count for that new interval commences from zero. If ACL logging was stopped previously because the configured threshold is exceeded, it is re-enabled for this new interval.
PAGE 224
port port Enter the application layer port number. Enter two port numbers if you are using the range logical operand. The range is 0 to 65535. destination Enter the IP address of the network or host to which the packets are sent. count (OPTIONAL) Enter the keyword count to count packets processed by the filter. byte (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. order (OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry.
PAGE 225
for Layer 2 and Layer 3 ingress and egress traffic. You may specify traffic using standard or extended access-lists. This mechanism copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG). Example An ACL rule with a TCP port range of 4000–8000 uses eight entries in the CAM.
PAGE 226
bytes (OPTIONAL) Enter the keyword bytes to count bytes processed by the filter. dscp (OPTIONAL) Enter the keyword dcsp to match to the IP DCSCP values. order (OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry. The range is from 0 to 254 (where 0 is the highest priority and 254 is the lowest; lower-order numbers have a higher priority). If you do not use the keyword order, the ACLs have the lowest order by default (255).
PAGE 227
Related Commands ip access-list extended — creates an extended ACL. permit tcp — assigns a permit filter for TCP packets. permit udp — assigns a permit filter for UDP packets. permit To forward packets from a specific source MAC address, configure a filter.
PAGE 228
Usage Information Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. When the configured maximum threshold is exceeded, generation of logs are stopped. When the interval at which ACL logs are configured to be recorded expires, the subsequent, fresh interval timer is started and the packet count for that new interval commences from zero. If ACL logging was stopped previously because the configured threshold is exceeded, it is re-enabled for this new interval.
PAGE 229
log (OPTIONAL) Enter the keyword log to enable the triggering of ACL log messages. threshold-in msgs count (OPTIONAL) Enter the threshold-in-msgs keyword followed by a value to indicate the maximum number of ACL logs that can be generated, exceeding which the generation of ACL logs is terminated with the seq, permit, or deny commands. The threshold range is from 1 to 100. interval minutes (OPTIONAL) Enter the keyword interval followed by the time period in minutes at which ACL logs must be generated.
PAGE 230
permit tcp To pass TCP packets meeting the filter criteria, configure a filter. Syntax permit tcp {source mask | any | host ip-address} [bit] [operator port [port]] {destination mask | any | host ip-address} [bit] [dscp] [operator port [port]] [count [byte]] [order] [fragments][log [interval minutes] [threshold-in-msgs [count]] [monitor] To remove this filter, you have two choices: Parameters • Use the no seq sequence-number command if you know the filter’s sequence number.
PAGE 231
• 169 = SNMP destination Enter the IP address of the network or host to which the packets are sent. mask Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. count (OPTIONAL) Enter the keyword count to count packets the filter processes. byte (OPTIONAL) Enter the keyword byte to count bytes the filter processes. order (OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry.
PAGE 232
When the configured maximum threshold is exceeded, generation of logs is stopped. When the interval at which ACL logs are configured to be recorded expires, the subsequent, fresh interval timer is started and the packet count for that new interval commences from zero. If ACL logging was stopped previously because the configured threshold is exceeded, it is re-enabled for this new interval.
PAGE 233
To remove this filter, use the no seq sequence-number command. Parameters sequence-number Enter a number from 0 to 4294967290. deny Enter the keyword deny to drop all traffic meeting the filter criteria.. permit Enter the keyword permit to forward all traffic meeting the filter criteria. destination-macaddress macaddress-mask Enter a MAC address and mask in the nn:nn:nn:nn:nn format. For the MAC address mask, specify which bits in the MAC address must match.
PAGE 234
Command Modes Command History Usage Information CONFIGURATION-EXTENDED-ACCESS-LIST Version Description 9.9(0.0) Introduced on the FN IOM. 9.4(0.0) Added support for flow-based monitoring on the MXL 10/40GbE Switch IO Module platform. 9.3(0.0) Added support for logging of ACLs on the MXL 10/40GbE Switch IO Module platform. 8.2.1.0 Allows ACL control of fragmented packets for IP (Layer 3) ACLs. 8.1.1.0 Introduced on the E-Series ExaScale. 7.4.1.0 Added the monitor option. 6.5.
PAGE 235
This mechanism copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG). NOTE: When ACL logging and byte counters are configured simultaneously, byte counters may display an incorrect value. Configure packet counters with logging instead. seq ether-type Configure an egress filter with a specific sequence number that filters traffic with specified types of Ethernet packets.
PAGE 236
log (OPTIONAL) Enter the keyword log to enable the triggering of ACL log messages. interval minutes (OPTIONAL) Enter the keyword interval followed by the time period in minutes at which ACL logs must be generated. The interval range is from 1 to 10 minutes.
PAGE 237
You cannot include IP, TCP, or UDP (Layer 3) filters in an ACL configured with ARP or Ether-type (Layer 2) filters. Apply Layer 2 ACLs to interfaces in Layer 2 mode. When the configured maximum threshold is exceeded, generation of logs is stopped. When the interval at which ACL logs are configured to be recorded expires, the subsequent, fresh interval timer is started and the packet count for that new interval commences from zero.
PAGE 238
threshold-in msgs count (OPTIONAL) Enter the threshold-in-msgs keyword followed by a value to indicate the maximum number of ACL logs that can be generated, exceeding which the generation of ACL logs is terminated with the seq, permit, or deny commands. The threshold range is from 1 to 100. Defaults By default, 10 ACL logs are generated if you do not specify the threshold explicitly. The default frequency at which ACL logs are generated is five minutes. By default, flow-based monitoring is not enabled.
PAGE 239
seq — assigns a sequence number to a deny or permit filter in an IP access list while creating the filter. seq Assign a sequence number to a deny or permit filter in an extended IP access list while creating the filter.
PAGE 240
• 169 = SNMP destination Enter the IP address of the network or host to which the packets are sent. count (OPTIONAL) Enter the keyword count to count packets the filter processes. byte (OPTIONAL) Enter the keyword byte to count bytes the filter processes. dscp (OPTIONAL) Enter the keyword dcsp to match to the IP DCSCP values. order (OPTIONAL) Enter the keyword order to specify the QoS order for the ACL entry.
PAGE 241
count for that new interval commences from zero. If ACL logging was stopped previously because the configured threshold is exceeded, it is re-enabled for this new interval. If ACL logging is stopped because the configured threshold is exceeded, it is re-enabled after the logging interval period elapses. ACL logging is supported for standard and extended IPv4 ACLs, IPv6 ACLs, and MAC ACLs.
PAGE 242
port port (OPTIONAL) Enter the application layer port number. Enter two port numbers if using the range logical operand. The range is 0 to 65535. destination address Enter the IPv6 address of the network or host to which the packets are sent in the x:x:x:x::x format followed by the prefix length in the /x format. The range is /0 to /128. The :: notation specifies successive hexadecimal fields of zero. count (OPTIONAL) Enter the keyword count to count packets processed by the filter.
PAGE 243
This mechanism copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG). Related Commands permit – assigns a permit filter for IP packets. permit tcp – assigns a permit filter for TCP packets. permit tcp Configure a filter to pass TCP packets that match the filter criteria.
PAGE 244
bit Enter a flag or combination of bits: • ack: acknowledgement field • fin: finish (no more data from the user) • psh: push function • rst: reset the connection • syn: synchronize sequence numbers • urg: urgent field count (OPTIONAL) Enter the keyword count to count packets processed by the filter. byte (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. log (OPTIONAL) Enter the keyword log to enable the triggering of ACL log messages.
PAGE 245
instead all traffic on the interface. This feature is particularly useful when looking for malicious traffic. It is available for Layer 2 and Layer 3 ingress and egress traffic. You may specify traffic using standard or extended access-lists. This mechanism copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG).
PAGE 246
monitor (OPTIONAL) Enter the keyword monitor to monitor traffic on the monitoring interface specified in the flow-based monitoring session along with the filter operation. Defaults By default, 10 ACL logs are generated if you do not specify the threshold explicitly. The default frequency at which ACL logs are generated is five minutes. By default, flow-based monitoring is not enabled. Command Modes ACCESS-LIST Command History Usage Information Version Description 9.9(0.
PAGE 247
icmp Enter the keyword icmp to filter internet Control Message Protocol version 6. ipv6 Enter the keyword ipv6 to filter any internet Protocol version 6. tcp Enter the keyword tcp to filter the Transmission Control protocol. udp Enter the keyword udp to filter the User Datagram Protocol. count (OPTIONAL) Enter the keyword count to count packets the filter processes. byte (OPTIONAL) Enter the keyword byte to count bytes the filter processes.
PAGE 248
• Parameters Use the no deny udp {source address mask | any | host ipv6-address} {destination address | any | host ipv6-address} command source Enter the IP address of the network or host from which the packets are sent. mask Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. any Enter the keyword any to specify that all routes are subject to the filter.
PAGE 249
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.4(0.0) Added support for flow-based monitoring on the MXL 10/40GbE Switch IO Module platform. 9.3(0.0) Added support for logging of ACLs on the MXL 10/40GbE Switch IO Module platform. When the configured maximum threshold is exceeded, generation of logs is stopped.
PAGE 250
host ipv6–address Enter the keyword host then the IPv6 address to specify a host IP address. operator (OPTIONAL) Enter one of the following logical operand: port Defaults • eq = equal to • neq = not equal to • gt = greater than • lt = less than • range = inclusive range of ports (you must specify two ports for the port command) Enter the application layer port number. Enter two port numbers if using the range logical operand. The range is from 0 to 65535.
PAGE 251
Usage Information When the configured maximum threshold is exceeded, generation of logs is stopped. When the interval at which ACL logs are configured to be recorded expires, the subsequent, fresh interval timer is started and the packet count for that new interval commences from zero. If ACL logging was stopped previously because the configured threshold is exceeded, it is re-enabled for this new interval.
PAGE 252
Defaults threshold-in msgs count (OPTIONAL) Enter the threshold-in-msgs keyword followed by a value to indicate the maximum number of ACL logs that can be generated, exceeding which the generation of ACL logs is terminated with the seq, permit, or deny commands. The threshold range is from 1 to 100. interval minutes (OPTIONAL) Enter the keyword interval followed by the time period in minutes at which ACL logs must be generated. The time interval range is from 1 to 10 minutes.
PAGE 253
To remove this filter, you have two choices: Parameters • Use the no seq sequence-number command syntax if you know the filter’s sequence number • Use the no deny {ipv6-protocol-number | icmp | ipv6 | tcp | udp} command count OPTIONAL) Enter the keyword count to count packets processed by the filter. byte (OPTIONAL) Enter the keyword byte to count bytes processed by the filter. dscp (OPTIONAL) Enter the keyword dscp to match to the IP DSCP values.
PAGE 254
You can activate flow-based monitoring for a monitoring session by entering the flow-based enable command in the Monitor Session mode. When you enable this capability, traffic with particular flows that are traversing through the ingress and egress interfaces are examined and, appropriate ACLs can be applied in both the ingress and egress directions. Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead all traffic on the interface.
PAGE 255
7 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) This section describes the access control list (ACL) virtual local area network (VLAN) group, and content addressable memory (CAM) enhancements. member vlan Add VLAN members to an ACL VLAN group. Syntax Parameters member vlan {VLAN-range} VLAN-range Enter the member VLANs using comma-separated VLAN IDs, a range of VLAN IDs, a single VLAN ID, or a combination.
PAGE 256
ip access-group Apply an egress IP ACL to the ACL VLAN group. Syntax ip access-group {group name} out implicit-permit Parameters group-name Enter the name of the ACL VLAN group where you want the egress IP ACLs applied, up to 140 characters. out Enter the keyword out to apply the ACL to outgoing traffic.
PAGE 257
Usage Information When an ACL-VLAN-Group name or the Access List Group Name contains more than 30 characters, the name is truncated in the show acl-vlan-group command output. Examples The following sample illustrates the output of the show acl-vlan-group command. NOTE: Some group names and some access list names are truncated.
PAGE 258
Usage Information After CAM configuration for ACL VLAN groups is performed, you must reboot the system to enable the settings to be stored in nonvolatile storage. During the initialization of CAM, the chassis manager reads the NVRAM and allocates the dynamic VCAP regions. The following table describes the output fields of this show command: Example Field Description Chassis Vlan Cam ACL Details about the CAM blocks allocated for ACLs for various VLAN operations at a system-wide, global level.
PAGE 259
Command Modes Command History Usage Information CONFIGURATION Version Description 9.9(0.0) Introduced on the FN IOM. 9.3(0.0) Introduced on the MXL platform. The VLAN ContentAware Processor (VCAP) application is a pre-ingress CAP that modifies the VLAN settings before packets are forwarded. To support the ACL CAM optimization functionality, the CAM carving feature is enhanced. A total of four VACP groups are present, of which two are for fixed groups and the other two are for dynamic groups.
PAGE 260
Field Description CAM-Region Type of area in the CAM block that is used for ACL VLAN groups Total CAM space Total amount of space in the CAM block Used CAM Amount of CAM space that is currently in use Available CAM Amount of CAM space that is free and remaining to be allocated for ACLs Example: Dell#show cam-usage Stackunit|Portpipe|CAM Partition |Total CAM|Used CAM|AvailableCAM ========|========|================|=========|========|======== 0 | 0 | IN-L3 ACL | 512 | 1 | 511 | | IN-L3 ECMP GRP | 1
PAGE 261
Examples Version Description 9.3(0.0) Introduced on the MXL 10/40GbE Switch IO Module platform. The following sample output shows the line-by-line style display when using the show running-config aclvlan-group option.
PAGE 262
show acl-vlan-group detail Display all the ACL VLAN Groups or display a specific ACL VLAN Group by name. To display the names in their entirety, the output displays in a line-by-line format. Syntax show acl-vlan-group detail Parameters detail Display information in a line-by-line format to display the names in their entirety. Without the detail option, the output is displayed in a table style and information may be truncated.
PAGE 263
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.3(0.0) Introduced on the MXL 10/40GbE Switch IO Module platform. Enter a description for each ACL VLAN group that you create for effective and streamlined administrative and logging purposes.
PAGE 264
8 Bidirectional Forwarding Detection (BFD) Bidirectional forwarding detection (BFD) is a detection protocol that provides fast forwarding path failure detection. The Dell Networking Operating System (OS) implementation is based on the standards specified in the IETF Draft draft-ietf-bfd-base-03 and supports BFD on all Layer 3 physical interfaces including virtual local area network (VLAN) interfaces and port-channels.
PAGE 265
• Active — The active system initiates the BFD session. Both systems can be active for the same session. • Passive — The passive system does not initiate a session. It only responds to a request for session initialization from the active system. The default is active. Defaults Refer to Parameters. Command Modes ROUTER OSPF ROUTER OSPFv3 ROUTER BGP ROUTER ISIS INTERFACE (BFD for VRRP only) Command History Usage Information Related Commands Version Description 9.9(0.0) Introduced on the FN IOM.
PAGE 266
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. bfd enable (Configuration) Enable BFD on all interfaces. Syntax bfd enable Disable BFD using the no bfd enable command. Defaults BFD is disabled by default. Command Modes CONFIGURATION Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 267
multiplier value Enter the keywords multiplier to specify the number of packets that must be missed in order to declare a session down. The range is from 3 to 50. The default is 3. role [active | passive] Enter the role that the local system assumes: • Active — The active system initiates the BFD session. Both systems can be active for the same session. • Passive — The passive system does not initiate a session. It only responds to a request for session initialization from the active system.
PAGE 268
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Protocol Liveness is a feature that notifies the BFD Manager when a client protocol (for example, OSPF and ISIS) is disabled. When a client is disabled, all BFD sessions for that protocol are torn down. Neighbors on the remote system receive an Admin Down control packet and are placed in the Down state.
PAGE 269
Related Commands show bfd neighbors — displays the BFD neighbor information on all interfaces or a specified interface. ipv6 ospf bfd all-neighbors Establish BFD sessions with all OSPFv3 neighbors on a single interface or use non-default BFD session parameters.
PAGE 270
To remove all BFD sessions with IS-IS neighbors discovered on this interface, use the no isis bfd allneighbors [disable | [interval interval min_rx min_rx multiplier value role {active | passive}]] command. Parameters disable (OPTIONAL) Enter the keyword disable to disable BFD on this interface. interval milliseconds (OPTIONAL) Enter the keywords interval to specify non-default BFD session parameters beginning with the transmission interval. The range is from 50 to 1000. The default is 200.
PAGE 271
Defaults none Command Modes ROUTER BGP Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. When you enable a BFD session with a specified BGP neighbor or peer group using the bfd neighbor command, the default BFD session parameters are used (interval: 200 milliseconds, min_rx: 200 milliseconds, multiplier: 3 packets, and role: active) if you have not specified parameters with the bfd neighbor command.
PAGE 272
When you remove the Disabled state of a BFD for a BGP session with a specified neighbor by entering the no neighbor bfd disable command, the BGP link with the neighbor returns to normal operation and uses the BFD session parameters globally configured with the bfd all-neighbor command or configured for the peer group to which the neighbor belongs. Related Commands bfd all-neighbors — enables BFD sessions with all neighbors discovered by Layer 3 protocols.
PAGE 273
Example (Detail) Dell#show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 1 Local Addr: 10.1.3.2 Local MAC Addr: 00:01:e8:02:15:0e Remote Addr: 10.1.3.
PAGE 274
9 Border Gateway Protocol IPv4 (BGPv4) For detailed information about configuring BGP, refer to the BGP chapter in the Dell Networking OS Configuration Guide.
PAGE 275
• capture bgp-pdu max-buffer-size • clear ip bgp • clear ip bgp dampening • clear ip bgp flap-statistics • clear ip bgp peer-group • debug ip bgp • debug ip bgp dampening • debug ip bgp events • debug ip bgp keepalives • debug ip bgp notifications • debug ip bgp soft-reconfiguration • debug ip bgp updates • default-metric • description • max-paths • neighbor activate • neighbor add-path • neighbor advertisement-interval • neighbor advertisement-start • neighbor allowas
PAGE 276
• shutdown address-family-ipv4–multicast • shutdown address-family-ipv4–unicast • shutdown address-family-ipv6–unicast • show capture bgp-pdu neighbor • show config • show ip bgp • show ip bgp cluster-list • show ip bgp community • show ip bgp community-list • show ip bgp dampened-paths • show ip bgp detail • show ip bgp extcommunity-list • show ip bgp filter-list • show ip bgp flap-statistics • show ip bgp inconsistent-as • show ip bgp neighbors • show ip bgp next-hop • s
PAGE 277
BGPv4 Commands Border gateway protocol (BGP) is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS). BGP version 4 (BGPv4) supports classless interdomain routing (CIDR) and the aggregation of routes and AS paths. Basically, two routers (called neighbors or peers) exchange information including full routing tables and periodically send messages to update those routing tables. NOTE: Dell Networking OS Version 7.7.
PAGE 278
AS_SET includes AS_PATH and community information from the routes included in the aggregated route. Defaults attribute-map mapname (OPTIONAL) Enter the keywords attribute-map then the name of a configured route map to modify attributes of the aggregate, excluding AS_PATH and NEXT_HOP attributes. summary-only (OPTIONAL) Enter the keyword summary-only to advertise only the aggregate address. Specific routes are not advertised.
PAGE 279
Defaults Command Modes Command History Related Commands both Enter the keyword both to indicate that the system sends and accepts multiple paths from peers. path-count Enter the number paths supported. The range is from 2 to 64. Disabled • ROUTER BGP • ROUTER BGP-address-family Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 280
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Before enabling this feature, enable the enable bgp four-octet-as-supportcommand. If you disable the four-octect-support command after using dot or dot+ format, the AS numbers revert to asplain text. When you apply an asnotation, it is reflected in the running-configuration.
PAGE 281
Usage Information If you enable this command, use the clear ip bgp * command to recompute the best path. bgp bestpath as-path multipath-relax Include prefixes received from different AS paths during multipath calculation. Syntax bgp bestpath as-path multipath-relax To return to the default BGP routing process, use the no bgp bestpath as-path multipath-relax command. Defaults Disabled Command Modes ROUTER BGP Command History Usage Information Version Description 9.9(0.
PAGE 282
Defaults Disabled Command Modes ROUTER BGP Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. The MED is a 4-byte unsigned integer value and the default behavior is to assume a missing MED as 4294967295. This command causes a missing MED to be treated as 0. During path selection, paths with a lower MED are preferred over paths with a higher MED.
PAGE 283
neighbor route-reflector-client — configures a route reflector and clients. bgp cluster-id Assign a cluster ID to a BGP cluster with more than one route reflector. Syntax bgp cluster-id {ip-address | number} To delete a cluster ID, use the no bgp cluster-id {ip-address | number} command. Parameters ip-address Enter an IP address as the route reflector cluster ID. number Enter a route reflector cluster ID as a number from 1 to 4294967295. Defaults Not configured.
PAGE 284
Command Modes Command History Usage Information ROUTER BGP Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. To accept 4-byte formats before entering a 4-byte AS number, configure your system. All the routers in the Confederation must be 4 byte or 2 byte identified routers. You cannot mix them. The autonomous systems configured in this command are visible to the EBGP neighbors.
PAGE 285
bgp four-octet-as-support — enables 4-byte support for the BGP process. bgp dampening Enable BGP route dampening and configure the dampening parameters. Syntax bgp dampening [half-life reuse suppress max-suppress-time] [route-map map-name] To disable route dampening, use the no bgp dampening [half-life reuse suppress maxsuppress-time] [route-map map-name] command. Parameters half-life (OPTIONAL) Enter the number of minutes after which the Penalty is decreased.
PAGE 286
bgp default local-preference Change the default local preference value for routes exchanged between internal BGP peers. Syntax bgp default local-preference value To return to the default value, use the no bgp default local-preference command. Parameters value Defaults 100 Command Modes ROUTER BGP Command History Enter a number to assign to routes as the degree of preference for those routes.
PAGE 287
show ip protocols — views information on routing protocols. bgp fast-external-failover Enable the fast external failover feature, which immediately resets the BGP session if a link to a directly connected external peer fails. Syntax bgp fast-external-failover To disable fast external failover, use the no bgp fast-external-failover command. Defaults Enabled Command Modes ROUTER BGP Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.
PAGE 288
bgp graceful-restart To support graceful restart as a receiver only, enable graceful restart on a BGP neighbor, a BGP node, or designate a local router. Syntax bgp graceful-restart [restart-time seconds] [stale-path-time seconds] [role receiver-only] To return to the default, use the no bgp graceful-restart command. Parameters restart-time seconds Enter the keyword restart-time then the maximum number of seconds to restart and bring-up all the peers. The range is from 1 to 3600 seconds.
PAGE 289
Usage Information In Non-Deterministic mode, paths are compared in the order in which they arrive. This method can lead to the system choosing different best paths from a set of paths, depending on the order in which they are received from the neighbors because MED may or may not get compared between adjacent paths. In Deterministic mode (no bgp non-deterministic-med), the system compares MED between adjacent paths within an AS group because all paths in the AS group are from the same AS.
PAGE 290
Usage Information BGP uses regular expressions (regex) to filter route information. In particular, the use of regular expressions to filter routes based on AS-PATHs and communities is common. In a large-scale configuration, filtering millions of routes based on regular expressions can be quite CPU intensive, as a regular expression evaluation involves generation and evaluation of complex finite state machines.
PAGE 291
bgp soft-reconfig-backup To avoid the peer from resending messages, use this command only when route-refresh is not negotiated. Syntax bgp soft-reconfig-backup To return to the default setting, use the no bgp soft-reconfig-backup command. Defaults Off Command Modes ROUTER BGP Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 292
capture bgp-pdu max-buffer-size Set the size of the BGP packet capture buffer. This buffer size pertains to both IPv4 and IPv6 addresses. Syntax capture bgp-pdu max-buffer-size 100-102400000 Parameters 100-102400000 Defaults 40960000 bytes. Command Modes EXEC Privilege Command History Related Commands Enter a size for the capture buffer. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 293
Related Commands Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. bgp recursive-bgp-next-hop — disables next-hop resolution through other routes learned by the BGP. bgp soft-reconfig-backup — turns on BGP Soft Reconfiguration. clear ip bgp dampening Clear information on route dampening and return the suppressed route to the Active state.
PAGE 294
Command Modes Command History • ( ) = (parenthesis) groups a series of pattern elements to a single element. • { } = (braces) minimum and the maximum match count. • ^ = (caret) the beginning of the input string. If you use the caret at the beginning of a sequence or range, it matches on everything BUT the characters specified. • $ = (dollar sign) the end of the output string. EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.
PAGE 295
Command Modes Command History Usage Information in (OPTIONAL) Enter the keyword in to view only information on inbound BGP routes. out (OPTIONAL) Enter the keyword out to view only information on outbound BGP routes. EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. To view information on both incoming and outgoing routes, do not include the in and out parameters in the debugging command.
PAGE 296
debug ip bgp events Display information on local BGP state changes and other BGP events. Syntax debug ip bgp [ip-address | peer-group peer-group-name] events [in | out] To disable debugging, use the no debug ip bgp [ip-address | peer-group peer-group-name] events command. Parameters Command Modes Command History Usage Information ip-address (OPTIONAL) Enter the IP address of the neighbor in dotted decimal format.
PAGE 297
Usage Information To remove all configured debug commands for BGP, enter the no debug ip bgp command. debug ip bgp notifications Allows you to view information about BGP notifications received from neighbors. Syntax debug ip bgp [ip-address | peer-group peer-group-name] notifications [in | out] To disable debugging, use the no debug ip bgp [ip-address | peer-group peer-group-name] notifications [in | out] command.
PAGE 298
Usage Information Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. This command turns on BGP soft-reconfiguration inbound debugging. If no neighbor is specified, debug turns on for all neighbors. debug ip bgp updates Allows you to view information about BGP updates. Syntax debug ip bgp updates [in | out | prefix-list prefix-list-name] To disable debugging, use the no debug ip bgp [ip-address | peer-group peer-group-name] updates [in | out] command.
PAGE 299
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Usage Information The default-metric command in BGP sets the value of the BGP MULTI_EXIT_DISC (MED) attribute for redistributed routes only. Related Commands bgp always-compare-med — enables comparison of all BGP MED attributes. redistribute — redistributes routes from other routing protocols into BGP.
PAGE 300
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. If you enable this command, use the clear ip bgp * command to recompute the best path. neighbor activate This command allows the specified neighbor/peer group to be enabled for the current AFI/SAFI (Address Family Identifier/Subsequent Address Family Identifier).
PAGE 301
Defaults none Command Modes CONFIGURATION-ROUTER-BGP-ADDRESS FAMILY Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. bgp add-path — allows the advertisement of multiple paths for the same address prefix without the new paths implicitly replacing any previous ones. neighbor advertisement-interval Set the advertisement interval between BGP neighbors or within a BGP peer group.
PAGE 302
seconds Defaults none Command Modes ROUTER BGP Command History Enter a number as the time interval, in seconds, before BGP route updates are sent. The range is from 0 to 3600 seconds. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. neighbor allowas-in Set the number of times an AS number can occur in the AS path.
PAGE 303
route-map mapname Defaults Not configured. Command Modes ROUTER BGP Command History Usage Information (OPTIONAL) Enter the keyword route-map then the name of a configured route map. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. If you apply a route map to a BGP peer or neighbor with the neighbor default-originate command configured, the software does not apply the set filters in the route map to that BGP peer or neighbor.
PAGE 304
prefix-list-name Enter the name of an established prefix list. If the prefix list is not configured, the default is permit (to allow all routes). in Enter the keyword in to distribute only inbound traffic. out Enter the keyword out to distribute only outbound traffic. Defaults Not configured. Command Modes ROUTER BGP Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 305
neighbor fall-over Enable or disable fast fall-over for BGP neighbors. Syntax neighbor {ipv4-address | peer-group-name} fall-over To disable, use the no neighbor {ipv4-address | peer-group-name} fall-over command. Parameters ipv4-address Enter the IP address of the neighbor in dotted decimal format. peer-group-name Enter the name of the peer group. Defaults Disabled. Command Modes ROUTER BGP Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.
PAGE 306
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. This feature advertises to BGP neighbors through a capability advertisement. In Receiver Only mode, BGP saves the advertised routes of peers that support this capability when they restart. neighbor local-as To accept external routes from neighbors with a local AS number in the AS number path, configure Internal BGP (IBGP) routers.
PAGE 307
maximum Enter a number as the maximum number of prefixes allowed for this BGP router. The range is from 1 to 4294967295. threshold (OPTIONAL) Enter a number to be used as a percentage of the maximum value. When the number of prefixes reaches this percentage of the maximum value, the software sends a message. The range is from 1 to 100 percent. The default is 75. warning-only (OPTIONAL) Enter the keyword warning-only to set the router to send a log message when the maximum value is reached.
PAGE 308
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Configure the same password on both BGP peers or a connection does not occur. When you configure MD5 authentication between two BGP peers, each segment of the TCP connection between them is verified and the MD5 digest is checked on every segment sent on the TCP connection.
PAGE 309
• neighbor distribute-list • neighbor route-map • neighbor route-reflector-client • neighbor shutdown A neighbor may keep its configuration after it was added to a peer group if the neighbor’s configuration is more specific than the peer group’s, and the neighbor’s configuration does not affect outgoing updates. A peer group must exist before you add a peer to it. If the peer group is disabled (shutdown) the peers within the group are also disabled (shutdown).
PAGE 310
To delete a passive peer-group, use the no neighbor peer-group-name peer-group passive command. Parameters peer-group-name Enter a text string up to 16 characters long as the name of the peer group. limit (Optional) Enter the keyword limit to constrain the numbers of sessions for this peergroup. The range is from 2 to 256. The default is 256. Defaults Not configured. Command Modes ROUTER BGP Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.
PAGE 311
Usage Information To accept 4-byte formats before entering a 4 byte AS Number, configure your system. If the number parameter is the same as the AS number used in the router bgp command, the remote AS entry in the neighbor is considered an internal BGP peer entry. This command creates a peer and the newly created peer is disabled (Shutdown). Related Commands router bgp — enters ROUTER BGP mode and configures routes in an AS. bgp four-octet-as-support — enables 4-byte support for the BGP process.
PAGE 312
To remove the route map, use the no neighbor {ip-address | peer-group-name} route-map map-name {in | out} command. Parameters ip-address Enter the IP address of the neighbor in dotted decimal format. peer-group-name Enter the name of the peer group. map-name Enter the name of an established route map. If the Route map is not configured, the default is deny (to drop all routes). in Enter the keyword in to filter inbound routes. out Enter the keyword out to filter outbound routes.
PAGE 313
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. A route reflector reflects routes to the neighbors assigned to the cluster. Neighbors in the cluster do not need not to be fully meshed. By default, when you use no route reflector, the internal BGP (IBGP) speakers in the network must be fully meshed.
PAGE 314
neighbor soft-reconfiguration inbound Enable soft-reconfiguration for BGP. Syntax neighbor {ip-address | peer-group-name} soft-reconfiguration inbound To disable, use the no neighbor {ip-address | peer-group-name} soft-reconfiguration inbound command. Parameters ip-address Enter the IP address of the neighbor in dotted decimal format. peer-group-name Enter the name of the peer group to disable or enable all routers within the peer group.
PAGE 315
• Command Modes Command History Usage Information holdtime = 180 seconds ROUTER BGP Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Timer values configured with the neighbor timers command override the timer values configured with any other command.
PAGE 316
neighbor weight Assign a weight to the neighbor connection, which is used to determine the best path. Syntax neighbor {ip-address | peer-group-name} weight weight To remove a weight value, use the no neighbor {ip-address | peer-group-name} weight command. Parameters ip-address Enter the IP address of the peer router in dotted decimal format. peer-group-name Enter the name of the peer group to disable all routers within the peer group. weight Enter a number as the weight.
PAGE 317
• set tag If the route map is not configured, the default is deny (to drop all routes). Defaults Not configured. Command Modes ROUTER BGP Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Usage Information The system software resolves the network address the network command configures with the routes in the main routing table to ensure that the networks are reachable using non-BGP routes and non-default routes.
PAGE 318
Parameters connected Enter the keyword connected to redistribute routes from physically connected interfaces. static Enter the keyword static to redistribute manually configured routes. These routes are treated as incomplete routes. route-map mapname (OPTIONAL) Enter the keyword route-map then the name of an established route map.
PAGE 319
match internal (OPTIONAL) Enter the keywords match internal to redistribute OSPF internal routes only. route-map mapname (OPTIONAL) Enter the keywords route-map then the name of a configured route map. Defaults Not configured. Command Modes ROUTER BGP Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. With the Dell Networking OS version 8.3.1.
PAGE 320
shutdown all Disables all the BGP neighbors. Syntax shutdown all Use the no shutdown all command to enable all the configured BGP neighbors. Command Modes Command History Usage Information ROUTER BGP Version Description 9.11.0.0 Introduced on the S-Series, Z-Series, MXL, and IOM. You can use this command to disable all the configured BGP neighbors. This command is global for all VRFs.
PAGE 321
Command Modes ROUTER BGP CONFIGURATION Command History Usage Information Version Description 9.11.0.0 Introduced on the S-Series, Z-Series, MXL, and IOM. You can use this command to disable all the configured BGP neighbors corresponding to the unicast IPv4 address families. This command is global for all VRFs. shutdown address-family-ipv6–unicast Disables all the BGP neighbors corresponding to the unicast IPv6 address families.
PAGE 322
Example Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Dell(conf-router_bgp)#show capture bgp-pdu neighbor 20.20.20.2 Incoming packet capture enabled for BGP neighbor 20.20.20.
PAGE 323
Related Commands capture bgp-pdu max-buffer-size — specifies a size for the capture buffer. show ip bgp View the current BGP IPv4 routing table for the system. Syntax Parameters Command Modes Command History Usage Information show ip bgp [ipv4 unicast] [network [network-mask] [longer-prefixes]] ipv4 unicast (OPTIONAL) Enter the keywords ipv4 unicast to view information only related to ipv4 unicast routes.
PAGE 324
*> *> 3.3.0.0/16 *> 4.0.0.0/8 *> 4.2.49.12/30 * 4.17.250.0/24 *> 63.114.8.33 * 4.21.132.0/23 *> *> 4.24.118.16/30 *> 4.24.145.0/30 *> 4.24.187.12/30 *> 4.24.202.0/30 *> 4.25.88.0/30 *> 5.0.0.0/9 *> 5.0.0.0/10 *> 5.0.0.0/11 --More-Related Commands 63.114.8.33 0.0.0.0 63.114.8.35 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.33 63.114.8.
PAGE 325
Example Field Description Path Lists all the ASs the route passed through to reach the destination network. Dell#show ip bgp cluster-list BGP table version is 64444683, local router ID is 120.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r redistributed, n - network Origin codes: i - IGP, e - EGP, ? - incomplete Network * I 10.10.10.1/32 * I *>I * I * I * I * I 10.19.75.5/32 * I *>I * I * I * I * I 10.30.1.
PAGE 326
All routes with the NO_ADVERTISE (0xFFFFFF02) community attribute must not be advertised to other BGP peers. no-export Enter the keywords no-export to view all routes containing the well-known community attribute of NO_EXPORT. All routes with the NO_EXPORT (0xFFFFFF01) community attribute must not be advertised outside a BGP confederation boundary. Command Modes Command History Usage Information • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.
PAGE 327
*>i 6.3.0.0/18 *>i 6.4.0.0/16 *>i 6.5.0.0/19 *>i 6.8.0.0/20 *>i 6.9.0.0/20 *>i 6.10.0.0/15 *>i 6.14.0.0/15 *>i 6.133.0.0/21 *>i 6.151.0.0/1 --More-- 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.16 205.171.0.
PAGE 328
Path source: I - internal, a - aggregate, c - confed-external, r redistributed, n - network Origin codes: i - IGP, e - EGP, ? - incomplete Network Dell# Next Hop Metric LocPrf Weight Path show ip bgp dampened-paths View BGP routes that are dampened (non-active). Syntax show ip bgp [ipv4 unicast] dampened-paths Command Modes Command History Usage Information Example • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.
PAGE 329
Command History Example Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 330
NumDfrdPfx 0 AfActPeerHd 0x41a1a3a4 : AfExtDist 1101112312 : AfIntDist 200 : AfLocDist 200 AfNumRRc 0 : AfRR 0 : AfNetRttP 0x41a0d300 : AfNetCtxAddr 1101112392 : AfNetCtxAddrlen 255 AfNwCtxAddr 1101112443 : AfNwCtxAddrlen 255 : AfNetBKDrRttP 0x41a0d500 : AfNetBKDRCnt 0 : AfDampHLife 0 AfDampReuse 0 : AfDampSupp 0 : AfDampMaxHld 0 : AfDampCeiling 0 : AfDampRmapP show ip bgp extcommunity-list View information on all routes with Extended Community attributes.
PAGE 331
Command History Usage Information Example Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. The following describes the show ip bgp filter-list hello command shown in the following example.
PAGE 332
show ip bgp flap-statistics View flap statistics on BGP routes. Syntax show ip bgp [ipv4 unicast] flap-statistics [ip-address [mask]] [filter-list aspath-name] [regexp regular-expression] Parameters ipv4 unicast (OPTIONAL) Enter the keywords ipv4 unicast to view information only related to ipv4 unicast routes. ip-address (OPTIONAL) Enter the IP address (in dotted decimal format) of the BGP network to view information only on that network.
PAGE 333
Example Field Description Flaps Displays the number of times the route flapped. Duration Displays the hours:minutes:seconds since the route first flapped. Reuse Displays the hours:minutes:seconds until the flapped route is available. Path Lists all the ASs the flapping route passed through to reach the destination network. Dell>show ip bgp flap-statistics BGP table version is 210851, local router ID is 63.114.8.
PAGE 334
* 3.0.0.0/8 * * *> *> 3.18.135.0/24 * * * *> 4.0.0.0/8 * * * * 6.0.0.0/20 * *> * * 9.2.0.0/16 * --More-- 63.114.8.33 63.114.8.34 63.114.8.60 63.114.8.33 63.114.8.60 63.114.8.34 63.114.8.33 63.114.8.33 63.114.8.60 63.114.8.34 63.114.8.33 63.114.8.33 63.114.8.60 63.114.8.34 63.114.8.33 63.114.8.33 63.114.8.60 63.114.8.
PAGE 335
Command Modes Command History Usage Information • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. After a peer reset, the contents of the notification log messages is displayed in hex values for debugging. The following describes the show ip bgp neighbors command shown in the following examples. The Lines Beginning with: Description BGP neighbor Displays the BGP neighbor address and its AS number.
PAGE 336
The Lines Beginning with: Description Connections established Displays the number of TCP connections established and dropped between the two peers to exchange BGP information. Last reset Displays the amount of time since the peering session was last reset. Also states if the peer resets the peering session. If the peering session was never reset, the word never is displayed. Local host: Displays the peering address of the local router and the TCP port number.
PAGE 337
Connections established 2; dropped 1 Last reset 00:18:21, due to Maximum prefix limit reached Example Dell>show ip bgp neighbors 192.14.1.5 advertised-routes (Advertised-Routes) BGP table version is 74103, local router ID is 33.33.33.33 Status codes: s suppressed, S stale, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r redistributed, n - network Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf *>r 1.10.1.0/24 0.0.0.
PAGE 338
show ip bgp next-hop View all next hops (using learned routes only) with current reachability and flap status. This command only displays one path, even if the next hop is reachable by multiple paths. Syntax show ip bgp next-hop Command Modes Command History Usage Information Example • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 339
NOTE: Enter an escape sequence (CTRL+v) prior to entering the ? regular expression. Command Modes Command History Usage Information Example • EXEC • EXEC Privilege • [ ] = (brackets) a range of single-character patterns. • ( ) = (parenthesis) groups a series of pattern elements to a single element. • { } = (braces) minimum and the maximum match count. • ^ = (caret) the beginning of the input string.
PAGE 340
show ip bgp paths as-path View all unique AS-PATHs in the BGP database. Syntax show ip bgp paths as-path Command Modes Command History Usage Information Example • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. The following describes the show ip bgp paths as-path command shown in the following example. Field Description Address Displays the internal address where the path attribute is stored.
PAGE 341
Command History Usage Information Example Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. The following describes the show ip bgp paths community command shown in the following example. Field Description Address Displays the internal address where the path attribute is stored. Hash Displays the hash bucket where the path attribute is stored. Refcount Displays the number of BGP routes using these communities.
PAGE 342
summary Command Modes Command History Usage Information Example ( ) • EXEC • EXEC Privilege (OPTIONAL) Enter the keyword summary to view status information of the peers in that peer group. The output is the same as that found in the show ip bgp summary command. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. The following describes the show ip bgp peer-group command shown in the following example.
PAGE 343
BGP neighbor is RT-PEERS Number of peers in this group 20 Peer-group members (* - outbound optimized): 12.1.1.2* 12.1.1.3* 12.1.1.4* 12.1.1.5* 12.1.1.6* 12.2.1.2* 12.2.1.3* 12.2.1.4* 12.2.1.5* 12.2.1.6* 12.3.1.2* 12.3.1.3* 12.3.1.4* 12.3.1.5* 12.3.1.6* 12.4.1.2* 12.4.1.3* 12.4.1.4* 12.4.1.5* 12.4.1.6* Related Commands neighbor peer-group (assigning peers) — assigns a peer to a peer-group. neighbor peer-group (creating group) — creates a peer group.
PAGE 344
Command History Usage Information Example (S4810) Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. The following describes the show ip bgp regexp command shown in the following example. Field Description Network Displays the destination network prefix of each BGP route. Next Hop Displays the next hop address of the BGP router. If 0.0.0.0 is listed in this column, then non-BGP routes exist in the router’s routing table.
PAGE 345
• Command History Usage Information EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. The following describes the show ip bgp summary command shown in the following example. Field Description BGP router identifier Displays the local router ID and the AS number. BGP table version Displays the BGP table version and the main routing table version.
PAGE 346
Field State/Pfxrcd Description Time Established Display Example > 1 week 11w2d (WeeksDays) If the neighbor is in Established stage, the number of network prefixes received. If a maximum limit was configured with the neighbor maximum-prefix command, (prfxd) appears in this column. If the neighbor is not in Established stage, the current stage is displayed (Idle, Connect, Active, OpenSent, OpenConfirm).
PAGE 347
To return to the default, use the no timers bgp command. Parameters keepalive Enter a number for the time interval, in seconds, between keepalive messages sent to the neighbor routers. The range is from 1 to 65535. The default is 60 seconds. holdtime Enter a number for the time interval, in seconds, between the last keepalive message and declaring the router dead. The range is from 3 to 65535. The default is 180 seconds.
PAGE 348
Parameters Defaults Command Modes Command History external-distance Enter a number to assign to routes learned from a neighbor external to the AS. The range is from 1 to 255. The default is 20. internal-distance Enter a number to assign to routes learned from a router within the AS. The range is from 1 to 255. The default is 200. local-distance Enter a number to assign to routes learned from networks listed in the network command. The range is from 1 to 255. The default is 200.
PAGE 349
Example Field Description Path Lists all the ASs the dampened route passed through to reach the destination network. Dell>show ip bgp dampened-paths BGP table version is 210708, local router ID is 63.114.8.
PAGE 350
Usage Information Related Commands If the set community rt and soo are in the same route-map entry, the behavior defines as: • If the rt option comes before soo, with or without the additive option, soo overrides the communities rt sets. • If the rt option comes after soo, without the additive option, rt overrides the communities soo sets. • If the rt with the additive option comes after soo, rt adds the communities soo sets.
PAGE 351
Command Modes Command History Usage Information Example • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. The following describes the show ip bgp paths extcommunity command shown in the following example. Field Description Address Displays the internal address where the path attribute is stored. Hash Displays the hash bucket where the path attribute is stored.
PAGE 352
The show ip bgp community command without any parameters lists BGP routes with at least one BGP community attribute and the output is the same as for the show ip bgp command output. IPv6 BGP Commands IPv6 Border Gateway Protocol (IPv6 BGP) is supported on the switch. Border gateway protocol (BGP) is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS).
PAGE 353
ipv4-neighbor-addr | ipv6-neighboraddr Clear and reapply policies for a neighbor. peer-group name Clear and reapply policies for all BGP routers in the specified peer group. ipv6 unicast soft Clear and reapply policies for all IPv6 unicast routes. in Reapply only inbound policies. NOTE: If you enter soft, without an in or out option, both inbound and outbound policies are reset. out Reapply only outbound policies.
PAGE 354
ipv6 prefix-list Configure an IPv6 prefix list. Syntax ipv6 prefix-list prefix-list name Parameters prefix-list name Enter the name of the prefix list. NOTE: There is a 140-character limit for prefix list names. Defaults none Command Modes CONFIGURATION Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. show ipv6 prefix-list — View the selected IPv6 prefix-list.
PAGE 355
IPv6 MBGP Commands Multiprotocol BGP (MBGP) is an enhanced BGP that enables multicast routing policy throughout the Internet and connecting multicast topologies between BGP and autonomous systems (AS). MBGP is implemented as per IETF RFC 1858. show ipv6 mbgproutes Display the selected IPv6 MBGP route or a summary of all MBGP routes in the table.
PAGE 356
10 Content Addressable Memory (CAM) Content addressable memory (CAM) commands are supported on the Dell Networking operating software on the platform. WARNING: If you are using these features for the first time, contact Dell Networking Technical Assistance Center (TAC) for guidance.
PAGE 357
vman-qos—dual—fp number] ipv4pbr number} ecfmacl number [nlbclusteraclnumber]fcoeacl number iscsioptacl number} Parameters default Use the default CAM profile settings and set the CAM as follows: • L3 ACL (ipv4acl): 4 • L2 ACL(l2acl): 5 • IPv6 L3 ACL (ipv6acl): 0 • L3 QoS (ipv4qos): 1 • L2 QoS (l2qos): 1 • L2PT (L2PT): 0 • MAC ACL (IpMacAcl): 0 • VmanDualQos: 0 • EcfmAcl: 0 • nlbclusteracl: 0 • FcoeAcl: 4 • iscsiOptAcl: 2 l2acl number Enter the keyword l2acl and then the number of
PAGE 358
Command Modes Command History Usage Information vman-dual-qos number Enter the keyword vman-dual-qos and then the number of FP blocks for VMAN dual QoS. The range is from 0 to 4. Ipv4pbr number Enter the keyword ipv4pbr and then the number of FP blocks for ipv4pbr ACL. The range is from 0 to 8. Openflow number Enter the keyword openflow and then the number of FP blocks for open flow (multiples of 4). The range is from 0 to 8.
PAGE 359
cam-optimization Optimize CAM utilization for QoS Entries by minimizing require policy-map CAM space. Syntax Parameters cam-optimization [qos] qos Optimize CAM usage for QoS. Defaults Disabled. Command Modes CONFIGURATION Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 360
VmanDualQos : EcfmAcl : FcoeAcl : iscsiOptAcl : ipv4pbr : vrfv4Acl : Openflow : fedgovacl : nlbclusteracl: 0 0 0 0 0 0 0 0 0 -- stack-unit 0 -Current Settings(in block sizes) 1 block = 128 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 VmanDualQos : 0 EcfmAcl : 0 FcoeAcl : 0 iscsiOptAcl : 0 ipv4pbr : 0 vrfv4Acl : 0 Openflow : 0 fedgovacl : 0 nlbclusteracl: 0 -- stack-unit 1 -Current Settings(in block sizes) 1 block = 128 entries L2Acl : 6 Ipv4Acl : 4 Ipv6
PAGE 361
Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information The display reflects the settings implemented with the cam-acl-egress command.
PAGE 362
11 Control Plane Policing (CoPP) The Dell Networking OS supports the following CoPP commands. control-plane-cpuqos To manage control-plane traffic, enter control-plane mode and configure the switch. Syntax control-plane-cpuqos Defaults Not configured. Command Modes CONFIGURATION Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 363
service-policy rate-limit-protocols Apply a policy for the system to rate limit control protocols on a per-protocol basis. Syntax Parameters service-policy rate-limit-protocols policy-name policy-name Enter the service-policy name, using a string up to 32 characters. Defaults Not configured. Command Modes CONTROL-PLANE-CPUQOS Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 364
Example Dell#show cpu-queue rate cp Service-Queue Rate (PPS) -----------------------Q0 1300 Q1 300 Q2 300 Q3 400 Q4 2000 Q5 300 Q6 400 Q7 400 Q8 400 Q9 600 Q10 300 Q11 300 Burst () ----------512 50 50 50 50 50 50 50 50 50 50 50 show ip protocol-queue-mapping Display the queue mapping for each configured protocol. Syntax show ip protocol-queue-mapping Defaults Not configured. Command Modes EXEC Privilege Command History Example Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.
PAGE 365
Command History Example Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 366
12 Data Center Bridging (DCB) Data center bridging (DCB) refers to a set of IEEE Ethernet enhancements that provide data centers with a single, robust, converged network to support multiple traffic types, including local area network (LAN), server, and storage traffic. The Dell Networking Operating System (OS) commands for data center bridging features include 802.1Qbb priority-based flow control (PFC), 802.1Qaz enhanced transmission selection (ETS), and the data center bridging exchange (DCBX) protocol.
PAGE 367
• qos-policy-buffer • service-class buffer shared-threshold-weight • show qos dcb-map • show stack-unit stack-ports pfc details advertise dcbx-appln-tlv On a DCBX port with a manual role, configure the application priority TLVs advertised on the interface to DCBX peers. Syntax advertise dcbx-appln-tlv {fcoe | iscsi} To remove the application priority TLVs, use the no advertise dcbx-appln-tlv {fcoe | iscsi} command.
PAGE 368
Version 8.3.16.1 Usage Information Introduced on the MXL 10/40GbE Switch IO Module. You can configure the transmission of more than one TLV type at a time; for example: advertise dcbx-tlv ets-conf ets-reco. You can enable ETS recommend TLVs (ets-reco) only if you enable ETS configuration TLVs (ets-conf). To disable TLV transmission, use the no form of the command; for example, no advertise dcbx-tlv pfc ets-reco. DCBX requires that you enable LLDP to advertise DCBX TLVs to peers.
PAGE 369
• scheduler — schedules priority traffic in port queues. dcb-enable Enable data center bridging. Syntax dcb enable To disable DCB, use the no dcb enable command. Defaults none Command Modes CONFIGURATION Command History Usage Information Version 9.2(0.0) Introduced on the M I/O Aggregator. Version 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. DCB is not supported if you enable link-level flow control on one or more interfaces.
PAGE 370
Example for Interface Mode Dell(conf-if-te-1/1)#dcb-policy buffer-threshold test dcb-policy buffer-threshold (Interface Configuration) Assign the DCB policy to the DCB buffer threshold profile on interfaces. This setting takes precedence over the global buffer-threshold setting.
PAGE 371
Defaults Manual Command Modes INTERFACE PROTOCOL LLDP Command History Usage Information Version 9.2(0.0) Introduced on the M I/O Aggregator. Version 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. DCBX requires that you enable LLDP to advertise DCBX TLVs to peers. Configure DCBX operation at the INTERFACE level on a switch or globally on the switch. To verify the DCBX configuration on a port, use the show interface dcbx detail command.
PAGE 372
Parameters {all | auto-detecttimer | configexchng | fail | mgmt | resource | sem | tlv} Defaults none Command Modes EXEC Privilege Command History Enter the type of debugging, where: • all: enables all DCBX debugging operations. • auto-detect-timer: enables traces for DCBX auto-detect timers. • config-exchng: enables traces for DCBX configuration exchanges. • fail: enables traces for DCBX failures. • mgmt: enables traces for DCBX management frames.
PAGE 373
To remove the configured FCoE priority, use the no fcoe priority-bits command. Parameters priority-bitmap Defaults 0x8 Command Modes PROTOCOL LLDP Command History Usage Information Enter the priority-bitmap range. The range is from 1 to FF. Version 9.2(0.0) Introduced on the M I/O Aggregator. Version 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. This command is available at the global level only.
PAGE 374
threshold-value Buffer limit at which the port sends the pause to peer in KB. Enter a number in the range of 0 to 7787. The default is 10 KB. resume-offset Buffer offset limit for resuming in KB threshold-value Buffer offset limit at which the port resumes the peer in KB. Enter a number in the range of 1 to 7787. The default is 10 KB. shared-thresholdweight Buffer shared threshold weight size Weightage of the priorities on the shared buffer size in the system. Enter a number in the range of 0 to 9.
PAGE 375
Usage Information By applying a DCB input policy with PFC enabled, you enable PFC operation on ingress port traffic. To achieve complete lossless handling of traffic, also enable PFC on all DCB egress ports or configure the dot1p priority-queue assignment of PFC priorities to lossless queues (refer to pfc no-drop queues). To disable PFC operation on an interface, enter the no pfc mode on command in DCB Input Policy Configuration mode.
PAGE 376
priority-list Configure the 802.1p priorities for the traffic on which you want to apply an ETS output policy. Syntax priority-list value To remove the priority list, use the no priority-list command. Parameters value Enter the priority list value. Separate priority values with a comma; specify a priority range with a dash; for example, priority-list 3,5-7. The range is from 0 to 7. Defaults none Command Modes PRIORITY-GROUP Command History Usage Information Version Description 9.9(0.
PAGE 377
If an error occurs when a port receives a peer’s ETS configuration, the port’s configuration is reset to the previously configured ETS output policy. If no ETS output policy was previously applied, the port is reset to the default ETS parameters. Related Commands • scheduler — schedules the priority traffic in port queues. • bandwidth-percentage — bandwidth percentage allocated to the priority traffic in port queues. scheduler Configure the method used to schedule priority traffic in port queues.
PAGE 378
Parameters Command Modes Command History Usage Information unit number Enter the DCB unit number. The range is from 0 to 5. EXEC Privilege Version 9.2(0.0) Introduced on the M I/O Aggregator. Version 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Specify a stack-unit number on the Master switch in a stack.
PAGE 379
Field Description Port-Role Configured the DCBX port role: auto-upstream, auto-downstream, config-source, or manual. DCBX Operational Status Operational status (enabled or disabled) used to elect a configuration source and internally propagate a DCB configuration. The DCBX operational status is the combination of PFC and ETS operational status. Configuration Source Specifies whether the port serves as the DCBX configuration source on the switch: true (yes) or false (no).
PAGE 380
Example Field Description PFC TLV Statistics: Error PFC pkts Number of PFC error packets received. PFC TLV Statistics: PFC Pause Tx pkts Number of PFC pause frames transmitted. PFC TLV Statistics: PFC Pause Rx pkts Number of PFC pause frames received. PFC TLV Statistics: Input PG TLV Pkts Number of PG TLVs received. PFC TLV Statistics: Output PG TLV Pkts Number of PG TLVs transmitted. PFC TLV Statistics: Error PG TLV Pkts Number of PG error packets received.
PAGE 381
Remote Mac Address 00:00:00:00:00:11 Port Role is Auto-Upstream DCBX Operational Status is Enabled Is Configuration Source? TRUE Local DCBX Compatibility mode is CEE Local DCBX Configured mode is CEE Peer Operating version is CEE Local DCBX TLVs Transmitted: ErPfi Local DCBX Status ----------------DCBX Operational Version is 0 DCBX Max Version Supported is 0 Sequence Number: 2 Acknowledgment Number: 2 Protocol State: In-Sync Peer DCBX Status: ---------------DCBX Operational Version is 0 DCBX Max Version Sup
PAGE 382
The following describes the show interface summary command shown in the following example. Field Description Interface Interface type with stack-unit and port number. Max Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured. Admin mode ETS mode: on or off. When on, the scheduling and bandwidth allocation configured in an ETS output policy or received in a DCBX TLV from a peer can take effect on an interface.
PAGE 383
1 0% ETS 2 0% ETS 3 0% ETS 4 0% ETS 5 0% ETS 6 0% ETS 7 0% ETS Priority# Bandwidth TSA 0 13% ETS 1 13% ETS 2 13% ETS 3 13% ETS 4 12% ETS 5 12% ETS 6 12% ETS 7 12% ETS Remote Parameters: ------------------Remote is disabled Local Parameters: -----------------Local is enabled TC-grp Priority# Bandwidth TSA 0 0,1,2,3,4,5,6,7 100% ETS 1 0% ETS 2 0% ETS 3 0% ETS 4 0% ETS 5 0% ETS 6 0% ETS 7 0% ETS Priority# Bandwidth TSA 0 13% ETS 1 13% ETS 2 13% ETS 3 13% ETS 4 12% ETS 5 12% ETS 6 12% ETS 7 12% ETS Oper status
PAGE 384
5 6 7 Remote Parameters: ------------------Remote is disabled Local Parameters : -----------------Local is enabled TC-grp Priority# 0 0,1,2,3,4,5,6,7 1 2 3 4 5 6 7 12% 12% 12% ETS ETS ETS Bandwidth 100% 0% 0% 0% 0% 0% 0% 0% TSA ETS ETS ETS ETS ETS ETS ETS ETS Priority# Bandwidth TSA 0 13% ETS 1 13% ETS 2 13% ETS 3 13% ETS 4 12% ETS 5 12% ETS 6 12% ETS 7 12% ETS Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled 0 Input Conf TLV Pkts, 0 Output Conf TLV Pkts, 0 Err
PAGE 385
Usage Information Version Description 9.2(0.0) Introduced on the M I/O Aggregator. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. To clear the PFC TLV counters, use the clear pfc counters interface port-type slot/port command. The following describes the show interface pfc summary command shown in the following example. Field Description Interface Interface type with stack-unit and port number.
PAGE 386
Field Description Application Priority TLV: Remote FCOE Priority Map Status of FCoE advertisements in application priority TLVs from the remote peer port: enabled or disabled. Application Priority TLV: Remote ISCSI Priority Map Status of iSCSI advertisements in application priority TLVs from the remote peer port: enabled or disabled. PFC TLV Statistics: Input TLV pkts Number of PFC TLVs received. PFC TLV Statistics: Output TLV pkts Number of PFC TLVs transmitted.
PAGE 387
0 Input TLV pkts, 1 Output TLV pkts, 0 Error pkts, 0 Pause Tx pkts, 0 Pause Rx pkts show interface pfc statistics Displays counters for the PFC frames received and transmitted (by dot1p priority class) on an interface. Syntax Parameters show interface port-type slot/port pfc statistics port-type Enter the port type. slot/port Enter the slot/port number. NOTE: This command also enables you to view information corresponding to a range of ports.
PAGE 388
Usage Information Example NOTE: Please note that Dell Networking does not recommended to use this command as it has been deprecated in the current 9.4(0.0) release. A warning message appears when you try to run this command indicating that you have to use the dcb-map commands in the future.
PAGE 389
3 4 5 6 7 8 - - dcb pfc-shared-buffer-size Configure the maximum amount of shared buffer size for PFC packets in kilobytes. Syntax Parameters dcb pfc-shared—buffer—size KB KB Enter a number in the range of 0 to 7787. Default None. Command Modes CONFIGURATION mode Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.3(0.0) Introduced on the MXL platform. Configure the maximum shared buffer available for PFC traffic.
PAGE 390
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.9(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Configure the maximum buffer available for PFC traffic. You can choose to increase or decrease the buffer size that is allocated in the system by default. However, if you modify the PFC buffer size lower than the previously configured size, the system determines whether this reduction in size is valid without disrupting the existing configuration.
PAGE 391
128000 pause-threshold 103360 resume-threshold 83520 Dell(conf-qos-policy-buffer)# queue 4 pause no-drop buffer-size 128000 pause-threshold 103360 resume-threshold 83520 priority value buffer-size size pause-threshold threshold-value resume-offset threshold-value shared-threshold-weight size Dell(conf-dcb-buffer-thr)#priority 0 buffer-size 52 pause-threshold 16 resumeoffset 10 shared-threshold-weight 7 dcb enable pfc-queues Configure the number of PFC queues.
PAGE 392
Usage Information Limitations PFC and ETS are enabled by default on the interfaces when DCB is globally enabled (refer to dcb enable). In some network topology, you may want to disable PFC on an interface and apply link level flow control; Similarly you may want to disable ETS on an interface and apply QoS bandwidth configurations. • “dcb-map” CLI on interface is mutually exclusive to “no dcb ets enable” and “no dcb pfc enable”.
PAGE 393
stack-unit all Enter the stack unit identification. Indicates the specific the stack unit or units. Entering all shows the status for all stacks. stack-port all Enter the port number of a port in a switch stack. Default None Command Modes CONFIGURATION mode Command History Version Description 9.3(0.0) Introduced on the MXL platform. Usage Information You can configure up to a maximum of four lossless (PFC) queues.
PAGE 394
Command History Usage Information Version 9.3(0.0) Introduced on the FC Flex IO module installed in the MXL 10/40GbE Switch module platform. PFC and ETS settings are not pre-configured on Ethernet ports. You must use the dcb-map command to configure different groups of 802.1p priorities with PFC and ETS settings. Using the priority-pgid command, you assign each 802.1p priority to one priority group. A priority group consists of 802.
PAGE 395
resume-offset Buffer offset limit for resuming in KB threshold-value Buffer offset limit at which the port resumes the peer in KB. Enter a number in the range of 1 to 7787. The default is 10 KB. shared-thresholdweight Buffer shared threshold weight size Weightage of the priorities on the shared buffer size in the system. Enter a number in the range from 0 to 9. The default shared threshold weight is 10. Default The default size of the ingress buffer is 45 KB.
PAGE 396
shared-thresholdweight Specify the weight of a queue for the shared buffer space. queue 0 to queue 7 To apply the shared-threshold weight, specify the queue number . number Enter a weight for the queue on the shared buffer as a number in the range of 1 to 11. Default The default threshold weight on the shared buffer for each queue is 9. Therefore, each queue can consume up to 66.67 percent of available shared buffer by default.
PAGE 397
show qos dcb-map Display the DCB parameters configured in a specified DCB map. FC Flex IO Modules with MXL Syntax Parameters Command Modes Command History Usage Information show qos dcb-map map-name map-name • EXEC • EXEC Privilege Version 9.3(0.0) Displays the PFC and ETS parameters configured in the specified map. Introduced on the FC Flex IO module installed in the MXL 10/40GbE Switch.
PAGE 398
show stack-unit stack-ports pfc details Displays the PFC configuration applied to ingress traffic on stacked ports, including PFC Operational mode on each unit with the configured priorities, link delay, and number of pause packets sent and received. Syntax show stack-unit {all | stack-unit} stack-ports {all | port-number} pfc details Parameters Command Modes Command History Example stack-unit Enter the stack unit. port-number Enter the port number. CONFIGURATION Version 9.2(0.
PAGE 399
13 Debugging and Diagnostics The basic debugging and diagnostic commands are supported by the Dell Networking Operating System (OS).
PAGE 400
diag stack-unit Run offline diagnostics on a stack unit. Syntax diag stack-unit number [alllevels | level0 | level1 | level2] verbose no-reboot Parameters number Enter the stack-unit number. The range is from 0 to 5. alllevels Enter the keyword alllevels to run the complete set of offline diagnostic tests. level0 Enter the keyword level0 to run Level 0 diagnostics. Level 0 diagnostics check for the presence of various components and perform essential path verifications.
PAGE 401
stack unit 0 syncing disks... 1 1 done unmounting file systems... unmounting /f10/flash (/dev/ld0e)... unmounting /usr/pkg (/dev/ld0h)... unmounting /usr (mfs:35)... unmounting /lib (mfs:24)... unmounting /f10 (mfs:21)... unmounting /tmp (mfs:15)... unmounting /kern (kernfs)... unmounting / (/dev/md0a)... done rebooting... offline stack-unit Place a stack unit in the offline state.
PAGE 402
Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Hardware Commands These commands display information from a hardware sub-component or ASIC. clear hardware stack-unit Clear statistics from selected hardware components.
PAGE 403
Parameters stack-unit 0–5 Enter the keywords stack-unit then 0 to 5 to select a particular stack member and then enter one of the following command options to clear a specific collection of data. port-set 0–0 counters Enter the keywords port-set along with a port-pipe number, then the keyword counters to clear the system-flow counters on the selected port-pipe. Defaults none Command Modes EXEC Privilege Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 8.
PAGE 404
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. show hardware stack-unit Display the data plane or management plane input and output statistics of the designated component of the designated stack member.
PAGE 405
unit 0–0 {counters | details | port-stats [detail] | register} Defaults Command Modes Command History Example Enter the keyword unit then 0 for port-pipe 0, and then enter one of the following keywords to troubleshoot errors on the selected port-pipe and to give status on why a port is not coming up to register level: counters, details, port-stats [detail], or register. none • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.8(0.
PAGE 406
txInternalError txDatapathErr txPkt(COS0) txPkt(COS1) txPkt(COS2) txPkt(COS3) txPkt(COS4) txPkt(COS5) txPkt(COS6) txPkt(COS7) txPkt(UNIT0) Dell# :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 Example Dell#show hardware stack-unit 0 cpu party-bus statistics Input Statistics: 8189 packets, 8076608 bytes 0 dropped, 0 errors Output Statistics: 366 packets, 133100 bytes 0 errors Dell# Example (drop summary) Dell#show hard stack-unit 0 drops unit 0 Example (portstatistics) Dell#show hardware stack-unit 0 unit 0 port-sta
PAGE 407
0x0332a000 ASF_PORT_SPEED.xe2 = 0x00000007 0x0332e000 ASF_PORT_SPEED.xe3 = 0x00000000 0x03323000 ASF_PORT_SPEED.xe4 = 0x00000000 0x03327000 ASF_PORT_SPEED.xe5 = 0x00000000 0x0332b000 ASF_PORT_SPEED.xe6 = 0x00000000 0x0332f000 ASF_PORT_SPEED.xe7 = 0x00000000 0x03324000 ASF_PORT_SPEED.xe8 = 0x00000000 0x03328000 ASF_PORT_SPEED.xe9 = 0x00000000 0x0332c000 ASF_PORT_SPEED.xe10 = 0x00000000 0x03330000 ASF_PORT_SPEED.xe11 = 0x00000000 0x03325000 ASF_PORT_SPEED.xe12 = 0x00000000 0x03329000 ASF_PORT_SPEED.
PAGE 408
The linkStatus of Front End Port 16 is FALSE The linkStatus of Front End Port 17 is FALSE The linkStatus of Front End Port 18 is FALSE The linkStatus of Front End Port 19 is FALSE The linkStatus of Front End Port 20 is FALSE The linkStatus of Front End Port 21 is FALSE The linkStatus of Front End Port 22 is FALSE The linkStatus of Front End Port 23 is FALSE The linkStatus of Front End Port 24 is FALSE The linkStatus of Front End Port 25 is FALSE The linkStatus of Front End Port 26 is FALSE The linkStatus of
PAGE 409
----- Buffer Stats for Interface Te 0/2 Queue 6 Maximum Shared Limit: 7667 Default Packet Buffer allocate for the Queue: 8 Used Packet Buffer: 0 ----- Buffer Stats for Interface Te 0/3 Queue 6 Maximum Shared Limit: 7667 Default Packet Buffer allocate for the Queue: 8 Used Packet Buffer: 0 ----- Buffer Stats for Interface Te 0/4 Queue 6 Maximum Shared Limit: 7667 Default Packet Buffer allocate for the Queue: 8 Used Packet Buffer: 0 ----- Buffer Stats for Interface Te 0/5 Queue 6 Maximum Shared Limit: 7667 De
PAGE 410
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.8(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 411
Used Packet Buffer: 0 ----- Buffer Stats for Interface Te 1/1 Queue Maximum Shared Limit: 29514 Default Packet Buffer allocate for the Queue: Used Packet Buffer: 0 ----- Buffer Stats for Interface Te 1/1 Queue Maximum Shared Limit: 29514 Default Packet Buffer allocate for the Queue: 10 ----8 11 ----8 show hardware counters interface interface Display the counter information for a specific interface.
PAGE 412
RX - 1519 to 1522 Byte Good VLAN Frame Counter RX - 1519 to 2047 Byte Frame Counter RX - 2048 to 4095 Byte Frame Counter RX - 4096 to 9216 Byte Frame Counter RX - Good Packet Counter RX - Packet/Frame Counter RX - Unicast Frame Counter RX - Multicast Frame Counter RX - Broadcast Frame Counter RX - Byte Counter RX - Control Frame Counter RX - Pause Control Frame Counter RX - Oversized Frame Counter RX - Jabber Frame Counter RX - VLAN Tag Frame Counter RX - Double VLAN Tag Frame Counter RX - RUNT Frame Counte
PAGE 413
Command Modes • Interface all queue mcast {id | all} - egress queue-level snapshot for multicast packets only. • Interface all prio-group {id | all} - ingress priority-group level snapshot. EXEC EXEC Privilege Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.8(0.0) Introduced on the MXL 10/40GbE Switch.
PAGE 414
MCAST 3 0 Unit 1 unit: 3 port: 25 (interface Fo 1/168) --------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------MCAST 3 0 Unit 1 unit: 3 port: 29 (interface Fo 1/172) --------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------MCAST 3 0 Unit 1 unit: 3 port: 33 (interface Fo 1/176) --------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------MCAST 3 0 Unit 1 uni
PAGE 415
Usage Information -Queue ucast/mcast — Displays the total unicast/multicast buffer usage on per-port per-queue basis. For CPU port, counters for queues 0 to11 displays and there is no differentiation between unicast and multicast queues.
PAGE 416
--------------------------------------MCAST 3 0 Dell#show hardware buffer-stats-snapshot resource interface fortyGigE 0/0 queue mcast all Unit 0 unit: 0 port: 1 (interface Fo 0/0) --------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------MCAST 0 0 MCAST 1 0 MCAST 2 0 MCAST 3 0 MCAST 4 0 MCAST 5 0 MCAST 6 0 MCAST 7 0 MCAST 8 0 Example displaying ingress prioritygroup level snapshot for the specific interface Dell#show hardware buffer-stats-snapshot resource
PAGE 417
(OPTIONAL) Enter the keyword counters to display hit counters for the selected ACL or QoS option. Defaults none Command Modes EXEC Privilege Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 418
, 0x00 action={act=Drop, param0=0(0x00), param1=0(0x00)}, action={act=CosQCpuNew, param0=7(0x07), param1=0(0x00)}, action={act=CopyToCpu, param0=0(0x00), param1=0(0x00)}, action={act=UpdateCounter, param0=1(0x01), param1=0(0x00)}, meter=NULL, counter={idx=1, mode=0x01, entries=1} ############## FP Entry for redirecting LACP traffic to CPU Port ############ EID 2045: gid=1, slice=15, slice_idx=0x02, prio=0x7fd, flags=0x82, Installed tcam: color_indep=0, higig=0, higig_mask=0, KEY=0x00000000 00000000 00000000
PAGE 419
Parameters interface drops Command Modes Enter any of the following keywords and slot/port or slot/port-range or number information: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/ port information. Enter the keyword drops to display internal drops. EXEC EXEC Privilege Command History This guide is platform-specific.
PAGE 420
HOL DROPS on COS15 HOL DROPS on COS16 HOL DROPS on COS17 TxPurge CellErr Aged Drops --- Egress MAC counters--Egress FCS Drops --- Egress FORWARD PROCESSOR IPv4 L3UC Aged & Drops TTL Threshold Drops INVALID VLAN CNTR Drops L2MC Drops PKT Drops of ANY Conditions Hg MacUnderflow TX Err PKT Counter --- Error counters--Internal Mac Transmit Errors Unknown Opcodes Internal Mac Receive Errors : : : : : 0 0 0 0 0 : 0 Drops : 0 : 0 : 0 : 0 : 0 : 0 : 0 --- : 0 : 0 : 0 Example displaying Dell(conf)#do show hardw
PAGE 421
Internal Mac Transmit Errors Unknown Opcodes Internal Mac Receive Errors Dell(conf)# : 0 : 0 : 0 Debugging and Diagnostics 421
PAGE 422
14 Dynamic Host Configuration Protocol (DHCP) Dynamic host configuration protocol (DHCP) is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on the configuration policies the network administrators determine. An MXL switch can operate as a DHCP server or DHCP client. As a DHCP client, the switch requests an IP address from a DHCP server.
PAGE 423
• Commands to Configure Secure DHCP • arp inspection • arp inspection-trust • clear ip dhcp snooping • clear ipv6 dhcp snooping binding • ip dhcp snooping • ipv6 dhcp snooping • ip dhcp snooping database • ipv6 dhcp snooping database write-delay • ip dhcp snooping binding • IPv6 DHCP Snooping Binding • ip dhcp snooping database renew • ipv6 dhcp snooping database renew • ip dhcp snooping trust • ipv6 dhcp snooping trust • ip dhcp source-address-validation • ip dhcp snooping
PAGE 424
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Entering after the clear ip dhcp binding command clears all the IPs from the binding table. debug ip dhcp server Display the Dell Networking OS debugging messages for DHCP. Syntax debug ip dhcp server [events | packets] Parameters events Enter the keyword events to display the DHCP state changes.
PAGE 425
Parameters address Defaults none Command Modes DHCP Command History Enter a list of routers that may be the default gateway for clients on the subnet. You may specify up to eight routers. List them in order of preference. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. disable Disable the DHCP server. Syntax disable DHCP Server is disabled by default. To enable the system to be a DHCP server, use the no disable command.
PAGE 426
domain-name Assign a domain to clients based on the address pool. Syntax domain-name name Parameters name Defaults none Command Modes DHCP Command History Give a name to the group of addresses in a pool. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. excluded-address Prevent the server from leasing an address or range of addresses in the pool.
PAGE 427
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. host For manual (rather than automatic) configurations, assign a host to a single-address pool. Syntax Parameters host address address/mask Defaults none Command Modes DHCP Command History Enter the host IP address and subnet mask. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 428
netbios-name-server Specify the NetBIOS windows internet naming service (WINS) name servers, in order of preference, that are available to Microsoft dynamic host configuration protocol (DHCP) clients. Syntax netbios-name-server address [address2...address8] Parameters address Defaults none Command Modes DHCP Command History Enter the address of the NETBIOS name server. You may enter up to eight, in order of preference. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.
PAGE 429
Parameters network/ prefixlength Defaults none Command Modes DHCP Command History Specify a range of addresses. Prefix-length range is from 17 to 31. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. show ip dhcp binding Display the DHCP binding table. Syntax show ip dhcp binding Defaults none Command Modes EXEC Privilege Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.
PAGE 430
show ip dhcp conflict Display the address conflict log. Syntax show ip dhcp conflict address Parameters address Defaults none Command Modes EXEC Privilege Command History Display a particular conflict log entry. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. show ip dhcp server Display the DHCP server statistics.
PAGE 431
Command History Usage Information Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The ip address dhcp command enables an Ethernet interface to acquire a DHCP server-assigned dynamic IP address. This setting persists after a switch reboot. If you enter the shutdown command on the interface, DHCP transactions are stopped and the dynamically-acquired IP address is saved.
PAGE 432
debug ip dhcp clients events Enable the display of log messages for the following events on DHCP client interfaces: IP address acquisition, IP address release, Renewal of IP address and lease time, and Release of an IP address. Syntax debug ip dhcp client events [interface type slot/port] Parameters interface type slot/ port Defaults none Command Modes EXEC Privilege Command History Display log messages for DHCP events on the specified interface.
PAGE 433
Parameters interface type slot/ port Defaults none Command Modes EXEC Privilege Command History Usage Information • For a 10-GigabitEthernet Ethernet interface, enter TenGigabitEthernet then the slot/port numbers; for example, tengigabitethernet 1/3. • For a 40-GigabitEthernet Ethernet interface, enter FortyGigabitEthernet then the slot/port numbers; for example, fortygigabitethernet 0/2. Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 434
Parameters all Display DHCP client statistics on all DHCP client-enabled interfaces on the switch. interface type slot/ port Display DHCP client statistics on the specified interface. Defaults none Command Modes EXEC Privilege Command History • For a 10-GigabitEthernet Ethernet interface, enter TenGigabitEthernet then the slot/port numbers; for example, tengigabitethernet 1/3.
PAGE 435
Command Modes Command History Related Commands INTERFACE VLAN Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. arp inspection-trust — specifies a port as trusted so that ARP frames are not validated against the binding table. arp inspection-trust Specify a port as trusted so that ARP frames are not validated against the binding table.
PAGE 436
Command Modes Command History Example EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM Dell# clear ipv6 dhcp snooping? binding Clear the snooping binding database ip dhcp snooping Enable DHCP snooping globally. Syntax [no] ip dhcp snooping Defaults Disabled Command Modes CONFIGURATION Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 437
ip dhcp snooping database Delay writing the binding table for a specified time. Syntax Parameters ip dhcp snooping database write-delay minutes minutes Defaults none Command Modes CONFIGURATION Command History The range is from 5 to 21600. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. ipv6 dhcp snooping database write-delay To set time interval for storing the snooping binding entries in a file.
PAGE 438
Defaults ip ip-address Enter the keyword ip then the IP address that the server is leasing. interface type Enter the keyword interface then the type of interface to which the host is connected: • For a Ten-Gigabit Ethernet interface, enter the keyword tengigabitethernet. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE. slot/port Enter the slot and port number of the interface. lease time Enter the keyword lease then the amount of time the IP address are leased.
PAGE 439
lease value Defaults Command Modes Command History Enter the keyword lease then the amount of time the IPv6 address are leased. The range is from 1 to 4294967295. none • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.7(0.0) Introduced on the MXL. ip dhcp snooping database renew Renew the binding table. Syntax ip dhcp snooping database renew Defaults none Command Modes Command History • EXEC • EXEC Privilege Version Description 9.9(0.
PAGE 440
ip dhcp snooping trust Configure an interface as trusted. Syntax [no] ip dhcp snooping trust Defaults Untrusted Command Modes INTERFACE Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. ipv6 dhcp snooping trust Configure an interface as trusted for DHCP snooping. Syntax [no] ipv6 dhcp snooping trust To disable dhcp snooping trusted capability on this interface, use the no ipv6 dhcp snooping trust command.
PAGE 441
1 Use the cam-acl l2acl command from CONFIGURATION mode. 2 Save the running-config to the startup-config. 3 Reload the system. ip dhcp snooping vlan Enable DHCP Snooping on one or more VLANs. Syntax Parameters [no] ip dhcp snooping vlan name name Defaults Disabled Command Modes CONFIGURATION Command History Usage Information Enter the name of a VLAN on which to enable DHCP Snooping. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.
PAGE 442
ip dhcp relay Enable Option 82. Syntax ip dhcp relay information-option [remote-id | trust-downstream] Parameters remote-id Configure the system to enable the remote-id string in option-82. trust-downstream Configure the system to trust Option 82 when it is received from the previous-hop router. Defaults Disabled Command Modes CONFIGURATION Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 443
Defaults Command Modes Command History Related Commands none • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. clear ip dhcp snooping — clears the contents of the DHCP binding table. show ipv6 DHCP snooping Display the DHCPv6 snooping database. Syntax show ipv6 dhcp snooping Defaults none Command Modes EXEC Privilege Command History Example Version Description 9.9(0.0) Introduced on the FN IOM.
PAGE 444
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. ipv6 DHCP snooping verify mac-address Configure to enable verify source mac-address against ipv6 DHCP packet mac address. Syntax [no] ipv6 dhcp snooping verify mac-address To disable verify source mac-address against ipv6 DHCP packet mac address, use the no ipv6 dhcp snooping verify mac-address command.
PAGE 445
15 Equal Cost Multi-Path (ECMP) Equal cost multi-path (ECMP) is supported on the Dell Networking OS. ecmp-group Provides a mechanism to monitor traffic distribution on an ECMP link bundle. A system log is generated when the standard deviation of traffic distribution on a member link exceeds a defined threshold. Syntax ecmp-group {ecmp-group-id interface interface | link-bundle-monitor} To remove the selected interface, use the ecmp-group no interface command.
PAGE 446
based-hashing {crc16|crc16cc|crc32MSB|crc32LSB|xor1|xor2|xor4|xor8|xor16}|lsb | xor1 | xor2 | xor4 | xor8 | xor16}[[hg {crc16 | crc16cc | crc32MSB | crc32LSB | xor1 | xor2 | xor4 | xor8 | xor16}]| [lag {crc16 | crc16cc | crc32MSB | crc32LSB | xor1 | xor2 | xor4 | xor8 | xor16 }][stack-unit|linecard number | port-set number] | [hg—seed value] | [seedvalue] To return to the default hash algorithm, use the no hash-algorithm command.
PAGE 447
crc32LSB|xor1 | xor2 | xor4 | xor8 | xor16}|lsb | xor1 | xor2 | xor4 | xor8 | xor16 hg {crc16 | crc16cc | crc32MSB | crc32LSB | xor1 | xor2 | xor4 | xor8 | xor16} lag {crc16 | crc16cc | crc32MSB | crc32LSB | xor1 | xor2 | xor4 | xor8 | xor16} hg-seed seed-value • flow-based-hashing: Enter the keywords flow-based-hashing followed by the algorithm crc16 |crc16cc |crc32MSB |crc32LSB |xor1 |xor2 |xor4 |xor8 | xor16 • lsb: Returns the LSB of the key as the hash • xor1: Use CRC16_BISYNC_AND_XOR1 — Upper
PAGE 448
stack-unit number (OPTIONAL) : Enter the keyword stack-unit then the stack-unit slot number. linecard number (OPTIONAL) : Enter the keyword linecard then the linecard slot number. port-set number (OPTIONAL) Enter the keyword port-set then the port-set slot number. Defaults 0 for hash-algorithm value on TeraScale and ExaScale IPSA and IPDA mask value is FF for a line card. Command Modes CONFIGURATION Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM.
PAGE 449
hash-algorithm ecmp Change the hash algorithm used to distribute traffic flows across an ECMP (equal-cost multipath routing) group. Syntax hash-algorithm ecmp {crc-upper} | {dest-ip} | {lsb} To return to the default hash algorithm, use the no hash-algorithm ecmp command. Parameters Defaults Command Modes Command History Usage Information crc-upper Uses the upper 32 bits of the key for the hash computation. The default is crc-lower. dest-ip Uses the destination IP for ECMP hashing.
PAGE 450
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Deterministic ECMP sorts ECMPs in order even though RTM provides them in a random order. However, the hash algorithm uses as a seed the lower 12 bits of the chassis MAC, which yields a different hash result for every chassis. This behavior means that for a given flow, even though the prefixes are sorted, two unrelated chassis select different hops.
PAGE 451
link-bundle-distribution trigger-threshold Provides a mechanism to set the threshold to trigger when traffic distribution begins being monitored on an ECMP link bundle. Syntax Parameters Command Modes Command History link-bundle-distribution trigger-threshold [percent] percent Indicate the threshold value when traffic distribution starts being monitored on an ECMP link bundle. The range is from 1 to 90%. The default is 60%. EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.
PAGE 452
show link-bundle distribution Display the link-bundle distribution for the interfaces in the bundle, type of bundle (LAG or ECMP), and the most recently calculated interface utilization (either bytes per second rate or maximum rate) for each interface. Syntax show link-bundle-distribution Command Modes EXEC Privilege Command History Example 452 Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 453
16 FC FLEXIO FPORT The switch is a blade switch which is plugged into the Dell M1000 Blade server chassis.The blade module contains two slots for pluggable flexible module. With single FC Flex IO module, 4 ports are supported, whereas 8 ports are supported with both FC Flex IO modules. Each port can operate in 2G, 4G or 8G Fiber Channel speed. The topology-wise, FC Flex IOM is directly connected to a FC Storage.
PAGE 454
• fcoe-map • fabric • active-zoneset • show fc ns • show fc switch • show fc zoneset • show fc zone • show fc alias • show fcoe-map feature fc Enable feature fc with FPort functionality. Syntax feature fc fport domain-id range Parameters Command Modes Command History Range Enter the range from 1 to 239. CONFIGURATION Version Description 9.9(0.0) Introduced on the FN IOM. 9.7(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 455
Example without member Dell(conf)# fc zone z1 Dell(conf-fc-zone-z1)# Example with member Dell(conf)#fc zone test Dell(conf-fc-zone-test)#member ? WORD WWN(00:00:00:00:00:00:00:00), portID(000000), or Alias name(word) Dell(conf-fc-zone-test)#member Related Commands show fc zone — displays the configured zone. show fcoe-map — displays the fabric parameters. fc alias Create a zone alias name. Syntax fc alias ZoneAliasNamemember name To delete a zone alias name, use the no fc zone ZoneAliasName command.
PAGE 456
To delete a zoneset, use the no fc zoneset zoneset_name [member] command. Parameters Command Modes Command History zoneset_namemem ber Enter the zoneset name. Enter the WWPN, FC-ID, or Alias name. CONFIGURATION Version Description 9.9(0.0) Introduced on the FN IOM. 9.7(0.0) Introduced on the MXL 10/40GbE Switch IO Module. 9.1(1.0) Introduced on the S5000.
PAGE 457
On an MXL NPIV proxy gateway, an FCoE map is applied on fabric-facing FC ports and server-facing Ethernet ports. Use the fcoe-map command to apply an FCoE map on an Ethernet port. Use the fabric command to apply an FCoE map on an FC port. An FCoE map consists of the following parameters: the dedicated FCoE VLAN for storage traffic, the destination SAN fabric (FC-MAP value), FCF priority, and the FIP keepalive (FKA) advertisement timeout.
PAGE 458
Related Commands fcoe-map — creates an FCoE map which contains the parameters used in the communication between servers and a SAN fabric. show fcoe-map — displays the Fibre Channel and FCoE configuration parameters in FCoE maps. active-zoneset Activate the zoneset. Syntax active-zoneset zoneset_name To change to the default zone behavior, use the no active-zoneset zoneset_name command. Parameters Command Modes Command History zoneset_name Enter the zoneset name.
PAGE 459
Example Version Description 9.1(1.0) Introduced on the S5000. Dell#show fc ns switch Total number of devices = 1 Switch Name 10:00:5c:f9:dd:ef:0a:00 Domain Id 1 Switch Port 53 Port Id 01:35:00 Port Name 10:00:8c:7c:ff:17:f8:01 Node Name 20:00:8c:7c:ff:17:f8:01 Class of Service 8 IP Address Symbolic Port Name Brocade-1860 | 3.0.3.
PAGE 460
Port Type Registered with NameServer Registered for SCN Dell# Dell#show fc ns Total number of Intf# Domain 9 2 11 2 Dell# fabric brief devices = 2 FC-ID 02:09:00 02:0b:00 Node port Yes Yes Enode-WWPN Enode-WWNN 32:11:0e:fc:00:00:00:88 22:11:0e:fc:00:00:00:88 31:11:0e:fc:00:00:00:77 21:11:0e:fc:00:00:00:77 show fc switch Display the switch configuration for Fibre Channel capability.
PAGE 461
merged Command Modes Command History Example • EXEC • EXEC Privilege Enter the keyword merged to display the merge active zones. Version Description 9.9(0.0) Introduced on the FN IOM. 9.7(0.0) Introduced on the MXL 10/40GbE Switch IO Module. 9.1(1.0) Introduced on the S5000.
PAGE 462
Parameters Command Modes Command History Example zonename • EXEC • EXEC Privilege Enter the zone name to display the details. Version Description 9.9(0.0) Introduced on the FN IOM. 9.7(0.0) Introduced on the MXL 10/40GbE Switch IO Module. 9.1(1.0) Introduced on the S5000. Dell#show fc zone ZoneName ZoneMember ======================================================= brcd_sanb brcd_cna1_wwpn1 sanb_p2tgt1_wwpn Dell# Related Commands fc zone — creates a zone.
PAGE 463
show fcoe-map Display the Fibre Channel and FCoE configuration parameters in FCoE maps. Syntax show fcoe-map Parameters None Command Modes Command History Usage Information • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.3(0.0) Introduced on the MXL 10/40GbE Switch IO Module. 9.1.1.0 Introduced on the S5000.
PAGE 464
17 FIPS Cryptography To configure federal information processing standards (FIPS) cryptography, use the following commands on the switch. Topics: • fips mode enable • show fips status • show ip ssh • ssh fips mode enable Enable the FIPS cryptography mode on the platform. Syntax fips mode enable To disable the FIPS cryptography mode, use the no fips mode enable command. Default Disabled Command Modes CONFIGURATION Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.
PAGE 465
Example 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Dell#show fips status FIPS Mode : Disabled Dell# Dell#show fips status FIPS Mode : Enabled Dell# show ip ssh Display information about established SSH sessions Syntax show ip ssh Defaults none Command Modes EXEC EXEC Privilege Command History Example Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 466
NOTE: The :: notation specifies successive hexadecimal fields of zeros. -c encryption cipher Enter the following encryption cipher to use. (For v2 clients only.) Without the FIPS mode enabled: • 3des-cbc: Force ssh to use 3des-cbc encryption cipher. With the FIPS mode enabled: • aes128–cbc: Force ssh to use the aes128–cbc encryption cipher. • aes256–cbc: Force ssh to use the aes256–cbc encryption cipher. -l username (OPTIONAL) Enter the keyword —l then the user name used in this SSH session.
PAGE 467
Dell#ssh 10.11.8.12 -c ? 3des-cbc Force ssh to use 3des-cbc encryption cipher Dell#ssh 10.11.8.12 -m ? hmac-sha1 Force ssh to use hmac-sha1 HMAC algorithm hmac-sha1-96 Force ssh to use hmac-sha1-96 HMAC algorithm hmac-md5 Force ssh to use hmac-md5 HMAC algorithm hmac-md5-96 Force ssh to use hmac-md5-96 HMAC algorithm With FIPS mode enabled: Dell#ssh 10.11.8.
PAGE 468
18 FIP Snooping In a converged Ethernet network, the switch can operate as an intermediate Ethernet bridge to snoop on Fibre Channel over Ethernet initialization protocol (FIP) packets during the login process on Fibre Channel over Ethernet (FCoE) forwarders (FCFs). Acting as a transit FIP snooping bridge, the switch uses dynamically-created ACLs to permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF.
PAGE 469
Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. clear fip-snooping statistics Clears the statistics on the FIP packets snooped on all VLANs, a specified VLAN, or a specified port interface. Syntax Parameters Command Modes Command History clear fip-snooping statistics [interface vlan vlan-id | interface port-type port/slot | interface port-channel port-channel-number] vlan-id Enter the VLAN ID of the FIP packet statistics to be cleared.
PAGE 470
To disable the FIP snooping feature on all or a specified VLAN, use the no fip-snooping enable command. Defaults FIP snooping is disabled on all VLANs. Command Modes Command History Usage Information • CONFIGURATION • VLAN INTERFACE Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The maximum number of FCFs supported per FIP snooping-enabled VLAN is four.
PAGE 471
Usage Information 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator. Version 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The maximum number of FCFs supported per FIP snooping-enabled VLAN is four. show fip-snooping config Display the FIP snooping status and configured FC-MAP values. Syntax Command Modes Command History Example show fip-snooping config • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.
PAGE 472
Example Field Description ENode MAC MAC address of the ENode. ENode Interface Slot/ port number of the interface connected to the ENode. FCF MAC MAC address of the FCF. VLAN VLAN ID number the session uses. FC-ID Fibre Channel session ID the FCF assigns.
PAGE 473
show fip-snooping sessions Display information on FIP-snooped sessions on all VLANs or a specified VLAN, including the ENode interface and MAC address, the FCF interface and MAC address, VLAN ID, FCoE MAC address and FCoE session ID number (FC-ID), worldwide node name (WWNN) and the worldwide port name (WWPN).
PAGE 474
show fip-snooping statistics Display statistics on the FIP packets snooped on all interfaces, including VLANs, physical ports, and port channels. Syntax show fip-snooping statistics [interface vlan vlan-id | interface port-type port/slot | interface port-channel port-channel-number] Parameters Command Modes Command History Usage Information 474 FIP Snooping vlan-id Enter the VLAN ID of the FIP packet statistics displays.
PAGE 475
Example Field Description Number of Unicast Discovery Advertisements Number of FIP-snoop unicast discovery advertisements received on the interface. Number of FLOGI Accepts Number of FIP FLOGI accept frames received on the interface. Number of FLOGI Rejects Number of FIP FLOGI reject frames received on the interface. Number of FDISC Accepts Number of FIP FDISC accept frames received on the interface. Number of FDISC Rejects Number of FIP FDISC reject frames received on the interface.
PAGE 476
Number Number Number Number Number Number Number Number Number Number Number Number Number Number Number Number Example (Port Channel) of of of of of of of of of of of of of of of of FDISC :16 FLOGO :0 Enode Keep Alive :4416 VN Port Keep Alive :3136 Multicast Discovery Advertisement :0 Unicast Discovery Advertisement :0 FLOGI Accepts :0 FLOGI Rejects :0 FDISC Accepts :0 FDISC Rejects :0 FLOGO Accepts :0 FLOGO Rejects :0 CVL :0 FCF Discovery Timeouts :0 VN Port Session Timeouts :0 Session failures due to H
PAGE 477
Enodes Sessions : 2 : 17 show fip-snooping vlan Display information on the FCoE VLANs on which FIP snooping is enabled. Syntax Command Modes Command History Example show fip-snooping vlan • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 478
19 Force10 Resilient Ring Protocol (FRRP) FRRP is a proprietary protocol for that offers fast convergence in a Layer 2 network without having to run the spanning tree protocol (STP). The resilient ring protocol is an efficient protocol that transmits a high-speed token across a ring to verify the link status. All the intelligence is contained in the master node with practically no intelligence required of the transit mode. Important Points to Remember • FRRP is media- and speed-independent.
PAGE 479
Usage Information Example 9.9(0.0) Introduced on the FN MXL. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Executing this command without the optional ring-id command clears the statistics counters on all the available rings. The system requires a command line confirmation before the command executes.
PAGE 480
description Enter an identifying description of the ring. Syntax description Word To remove the ring description, use the no description [Word] command. Parameters Word Enter a description of the ring. Maximum: 255 characters. Defaults none Command Modes CONFIGURATION (conf-frrp) Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. disable Disable the resilient ring protocol.
PAGE 481
secondary interface control-vlan vlan-id • Port Channel interface: enter the keyword port-channel then a number. The range is from 1 to 128.
PAGE 482
9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. mode Set the Master or Transit mode of the ring. Syntax mode {master | transit} To reset the mode, use the no mode {master | transit} command. Parameters master Enter the keyword master to set the Ring node to Master mode. transit Enter the keywordtransit to set the Ring node to Transit mode. Defaults Mode None Command Modes CONFIGURATION (conf-frrp) Command History Version Description 9.9(0.
PAGE 483
show frrp Display the resilient ring protocol configuration. Syntax Parameters show frrp [ring-id [summary]] | [summary] ring-id Enter the ring identification number. The range is from 1 to 255 summary (OPTIONAL) Enter the keyword summary to view just a summarized version of the Ring configuration. Defaults none Command Modes EXEC Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 484
timer Set the hello interval or dead interval for the Ring control packets. Syntax timer {hello-interval milliseconds}| {dead-interval milliseconds} To remove the timer, use the no timer {hello-interval [milliseconds]}| {dead-interval milliseconds} command. Parameters hello-interval milliseconds Enter the keyword hello-interval then the time, in milliseconds, to set the hello interval of the control packets.
PAGE 485
20 GARP VLAN Registration (GVRP) The Dell Networking Operating System (OS) supports the basic GVRP commands. The generic attribute registration protocol (GARP) mechanism allows the configuration of a GARP participant to propagate through a network quickly. A GARP participant registers or de-registers its attributes with other participants by making or withdrawing declarations of attributes. At the same time, based on received declarations or withdrawals, GARP handles attributes of other participants.
PAGE 486
Topics: • clear gvrp statistics • debug gvrp • disable • garp timers • gvrp enable • gvrp registration • protocol gvrp • show config • show garp timers • show gvrp • clear gvrp statistics • show vlan clear gvrp statistics Clear GVRP statistics on an interface.
PAGE 487
event Enter the keyword event to enable debugging on the JOIN/LEAVE events. pdu Enter the keyword pdu then one of the following Interface keywords and slot/port or number information: Defaults Disabled. Command Modes EXEC Command History • For a Port Channel interface, enter the keywords port-channel then a number. The range is from 1 to 128. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information.
PAGE 488
Parameters join Enter the keyword join then the number of milliseconds to configure the join time. The range is from 100 to 147483647 milliseconds. The default is 200 milliseconds. NOTE: Designate the milliseconds in multiples of 100. leave Enter the keyword leave then the number of milliseconds to configure the leave time. The range is from 100 to 2147483647 milliseconds. The default is 600 milliseconds. NOTE: Designate the milliseconds in multiples of 100.
PAGE 489
Related Commands Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. disable — globally disables GVRP. gvrp registration Configure the GVRP register type. Syntax gvrp registration {fixed | normal | forbidden} To return to the default, use the gvrp register normal command. Parameters fixed Enter the keyword fixed then the VLAN range in a comma-separated VLAN ID set. normal Enter the keyword normal then the VLAN range in a comma-separated VLAN ID set.
PAGE 490
Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. disable — globally disables GVRP. show config Display the global GVRP configuration. Syntax show config Command Modes CONFIGURATION-GVRP Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. gvrp enable — enables GVRP on physical interfaces and LAGs.
PAGE 491
show gvrp Display the GVRP configuration. Syntax Parameters Defaults Command Modes Command History show gvrp [brief | interface] brief (OPTIONAL) Enter the keyword brief to display a brief summary of the GVRP configuration. interface (OPTIONAL) Enter the following keywords and slot/port or number information: • For a Port Channel interface, enter the keywords port-channel then a number. The range is from 1 to 128.
PAGE 492
Parameters interface interface summary Defaults Enter the following keywords and slot/port or number information: • For a Port Channel interface, enter the keywords port-channel then a number. The range is from 1 to 128. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/ port information.
PAGE 493
show vlan Display the global VLAN configuration. Syntax Command Modes Command History Example show vlan • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 494
21 Internet Group Management Protocol (IGMP) The IGMP commands are supported by the Dell Networking Operating System (OS). IGMP Snooping Commands The Dell Networking OS supports IGMP Snooping version 2 and 3 on all Dell Networking systems. Important Points to Remember for IGMP Snooping • The Dell Networking OS supports version 1, version 2, and version 3 hosts.
PAGE 495
To remove the feature, use the no ip igmp access-group access-list command. Parameters access-list Enter the name of the extended ACL (16 characters maximum). Defaults Not configured Command Modes INTERFACE (conf-if-interface-slot/port) Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The access list accepted is an extended ACL.
PAGE 496
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. ip igmp query-interval Change the transmission frequency of IGMP general queries the Querier sends. Syntax ip igmp query-interval seconds To return to the default values, use the no ip igmp query-interval command. Parameters seconds Defaults 60 seconds Command Modes INTERFACE Command History Enter the number of seconds between queries sent out.
PAGE 497
ip igmp version Manually set the version of the router to IGMPv2 or IGMPv3. Syntax Parameters ip igmp version {2 | 3} 2 Enter the number 2 to set the IGMP version number to IGMPv2. 3 Enter the number 3 to set the IGMP version number to IGMPv3. Defaults 2 (that is, IGMPv2) Command Modes INTERFACE Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. ip igmp snooping enable Enable IGMP snooping on all or a single VLAN.
PAGE 498
To disable IGMP snooping fast leave, use the no igmp snooping fast-leave command. Defaults Not configured. Command Modes INTERFACE VLAN — (conf-if-vl-n) Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Queriers normally send some queries when a leave message is received prior to deleting a group from the membership database. There may be situations when you require a fast deletion of a group.
PAGE 499
Defaults 1000 milliseconds Command Modes INTERFACE VLAN Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. This last-member-query-interval is also the interval between successive Group-Specific Query messages. To change the last-member-query interval, use this command. ip igmp snooping mrouter Statically configure a VLAN member port as a multicast router interface.
PAGE 500
Defaults Not configured. Command Modes INTERFACE VLAN — (conf-if-vl-n) Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. This command enables the IGMP switch to send General Queries periodically. This behavior is useful when there is no multicast router present in the VLAN because the multicast traffic is not routed.
PAGE 501
22 Interfaces The commands in this chapter are supported by Dell Networking Operating System (OS).
PAGE 502
• show interfaces dampening • show interfaces description • show interfaces stack-unit • show interfaces status • show interfaces switchport • show interfaces transceiver • show range • shutdown • speed (for 1000/10000/auto interfaces) • stack-unit portmode • wavelength • Port Channel Commands • channel-member • group • interface port-channel • minimum-links • port-channel failover-group • show config • show interfaces port-channel • Time Domain Reflectometer (TDR) •
PAGE 503
• For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/ port information. • For a VLAN, enter the keyword VLAN then a number from 1 to 4094. NOTE: This command also enables you to clear the port configurations corresponding to a range of ports. • You can specify multiple ports as slot/port-range.
PAGE 504
• For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/ port information. Defaults Without an interface specified, the command clears all interface dampening counters. Command Modes EXEC Privilege Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator. 8.3.16.
PAGE 505
For details about using XFP ports with CX4 cables, refer to your MXLswitch hardware guide. Example (Unsuccessful) Dell#show interfaces tengigabitethernet 0/26 | grep "XFP type" Pluggable media present, XFP type is 10GBASE-CX4 Dell(conf-if-te-0/26)#cx4-cable-length short % Error: Unsupported command. Dell(conf-if-te-0/26)#cx4-cable-length medium % Error: Unsupported command. Dell(conf-if-te-0/26)#cx4-cable-length long % Error: Unsupported command.
PAGE 506
Usage Information Version Description 9.2(0.0) Introduced on the M I/O Aggregator. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. With each flap, the Dell Networking OS penalizes the interface by assigning a penalty (1024) that decays exponentially depending on the configured half-life. After the accumulated penalty exceeds the suppress threshold value, the interface moves to the Error-Disabled state.
PAGE 507
Usage Information Use the default interface command to set a 10- Gigabit Ethernet or 40-Gigabit Ethernet interface to its factory-default state. By default, a physical interface is disabled (shutdown) with no assigned IP address or switchport (no ip address). This command removes all software settings and all L3, VLAN, VXLAN, and portchannel configurations on a physical interface.
PAGE 508
Related Commands • The shutdown and description commands are the only commands that you can configure on an interface that is a member of a port-channel. • Use the show interfaces description command to display descriptions configured for each interface. show interfaces description — displays the description field of the interfaces. duplex (1000/10000 Interfaces) Configure duplex mode on any physical interfaces where the speed is set to 1000/10000.
PAGE 509
Defaults Command Modes Command History Usage Information tx off Enter the keywords tx off so that flow control frames are not sent from this port to the connected device when a higher rate of traffic is received. negotiate (Optional) Enter the keyword negotiate to enable the pause-negotiation with the egress port of the peer device. If the negotiate command is not used, pausenegotiation is disabled. 40 gigabit Ethernet interfaces do not support pause-negotiation.
PAGE 510
NOTE: The flow control must be off (rx off tx off) before configuring the half duplex. Example (partial) Dell(conf-if-tengig-0/1)#show config ! interface TenGigabitEthernet 0/1 no ip address switchport no negotiation auto flowcontrol rx off tx on no shutdown ...
PAGE 511
Related Commands show running-config — displays the flow configuration parameters (non-default values only). show interfaces — displays the negotiated flow control parameters. interface Configure a physical interface on the switch. Syntax Parameters interface interface interface Defaults Not configured.
PAGE 512
interface loopback Configure a Loopback interface. Syntax interface loopback number To remove a loopback interface, use the no interface loopback number command. Parameters number Defaults Not configured. Command Modes CONFIGURATION Command History Enter a number as the interface number. The range is from 0 to 16383. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 513
Usage Information You cannot delete a Management port. The Management port is enabled by default (no shutdown). To assign an IP address to the Management port, use the ip address command. Example Dell(conf)#interface managementethernet 0/0 Dell(conf-if-ma-0/0)# interface null Configure a Null interface on the switch. Syntax Parameters interface null number number Enter zero (0) as the Null interface number.
PAGE 514
Parameters interface, interface,... Enter the keywords interface range and one of the interfaces — slot/port, portchannel, or VLAN number. Select the range of interfaces for bulk configuration. You can enter up to six comma-separated ranges. Spaces are not required between the commas. Comma-separated ranges can include VLANs, port-channels, and physical interfaces. Slot/Port information must contain a space before and after the dash.
PAGE 515
Use the show running-config command to display the VLAN and port-channel interfaces. VLAN or portchannel interfaces that are not displayed in the show running-config command cannot be used with the bulk configuration feature of the interface range command. You cannot create virtual interfaces (VLAN, Port-channel) using the interface range command. NOTE: If a range has VLAN, physical, port-channel, and SONET interfaces, only commands related to physical interfaces can be bulk configured.
PAGE 516
Slot/Port information must contain a space before and after the dash. For example, interface range tengigabitethernet 0/1 - 5 is valid; interface range tengigabitethernet 0/1-5 is NOT valid. Defaults none Command Modes CONFIGURATION Command History Example (Single Range) • For a Port Channel interface, enter the keywords port-channel then a number. The range is from 1 to 128. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information.
PAGE 517
Example (Single Range) Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. This example shows the macro named test that was defined earlier. Dell(config)#interface range macro test Dell(config-if-range-te-0/0-3,te-5/0-8)# Related Commands interface range — configures a range of command (bulk configuration). interface range macro (define) — defines a macro for an interface range (bulk configuration). interface vlan Configure a VLAN. You can configure up to 4096 VLANs.
PAGE 518
If you configure intf-type cr4 autoneg, use the no intf-type cr4 autoneg command to set the interface type as cr4 with autonegotiation disabled. Defaults Not configured Command Modes CONFIGURATION Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 519
load-balance By default, Dell Networking OS uses an IP 4-tuple (IP SA, IP DA, Source Port, and Destination Port) to distribute IP traffic over members of a Port Channel as well as equal-cost paths. To designate another method to balance traffic over Port Channel members, use the load-balance command.
PAGE 520
• IP destination address • TCP/UDP source port • TCP/UDP destination port load-balance hg Choose the traffic flow parameters the hash calculation uses while distributing the traffic across internal higig links.
PAGE 521
gre-ipv4 | mac-inmac] • ipv4-over-gre-ipv4 — Use ipv4-over-gre-ipv4 field in hash calculation. • mac-in-mac — Use mac-in-mac field in hash calculation. Defaults IP selection 5-tuples (source-ip dest-ip vlan protocol L4-source-port L4-dest-port). Command Modes CONFIGURATION Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. monitor interface Monitor counters on a single interface or all interfaces on a line card.
PAGE 522
Example (Single Interface) Key Description b Change the counters displayed from Packets on the interface to Bytes. r Change the [delta] column from change in the number of packets/bytes in the last interval to rate per second. l Change the view to the next interface on the line card, or if in line card mode, the next line card in the chassis. a Change the view to the previous interface on the line card, or if in line card mode, the previous line card in the chassis.
PAGE 523
Command Modes Command History Usage Information INTERFACE Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. If the packet includes a Layer 2 header, the difference between the link MTU and IP MTU (ip mtu command) must be enough bytes to include the Layer 2 header. • The IP MTU is adjusted automatically when you configure the Layer 2 MTU with the mtu command.
PAGE 524
negotiation auto Enable auto-negotiation on an interface. Syntax negotiation auto To disable auto-negotiation, use the no negotiation auto command. Defaults Enabled. Command Modes INTERFACE Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 525
Example (Master/ Slave, partial) Dell#show interfaces configured TenGigabitEthernet 1/8 is up, line protocol is up Hardware is Dell Force10Eth, address is 00:01:e8:05:f7:fc Current address is 00:01:e8:05:f7:fc Interface index is 474791997 Internet address is 1.1.1.1/24 MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit, Mode full duplex, Master ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interfaces" counters 00:12:42 Queueing strategy: fifo Input Statistics: ...
PAGE 526
To return a port to accept either tagged or untagged frames (non-hybrid), use the no portmode hybrid command. Defaults non-hybrid Command Modes INTERFACE (conf-if-interface-slot/port) Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The following describes the interface command shown in the following example.
PAGE 527
V - VLT tagged Name: TenGigabitEthernet 3/2 802.1QTagged: Hybrid Vlan membership: Q Vlans U 20 T 10 Native VlanId: 20.
PAGE 528
rate-interval (Configuration Mode) Configure the traffic sampling interval for all physical and logical port-channel interfaces globally. The support to configure rate-interval globally enables you to modify the default interval rate for all physical and logical interfaces at one time. Syntax rate-interval seconds Use the no rate-interval command to remove the sampling interval configuration. Parameters seconds Enter the number of seconds for which to collect traffic data.
PAGE 529
off Brings the interface down when an RFI error is detected. Defaults ON. Command Modes INTERFACE CONFIGURATION Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.7(0.0) Introduced on the MXL switch. Usage Information By default, the switch processes the RFI errors transmitted by remote peers and brings down the interface when an RFI error is detected.
PAGE 530
Example Dell(conf)#interface range tengigabitethernet 1/1 - 2 Dell(conf-if-range-te-1/1-2)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/2 no ip address switchport no shutdown Dell(conf-if-range-te-1/1-2)# show interfaces Display information on a specific physical interface or virtual interface.
PAGE 531
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM and added support to display the interface configurations corresponding to a range of ports. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Starting with Dell Networking OS Release 9.3(0.0), you can also view the configuration of 40-Gigabit Ethernet interfaces by using the fortyGigE keyword with the show interface interface-type brief command.
PAGE 532
Line Description • Output Statistics: • giants = packets that are greater than the MTU size • throttles = packets containing PAUSE frames Number of CRC, overrun, and discarded packets: • CRC = packets with CRC/FCS errors • overrun = number of packets discarded due to FIFO overrun conditions • discarded = the sum of runts, giants, CRC, and overrun packets discarded without any processing Displays output statistics sent out of the interface including: • Number of packets, bytes, and underruns o
PAGE 533
Usage Information The interface counter “over 1023-byte pkts” does not increment for packets in the range 9216 > x < 1023. The Management port is enabled by default (no shutdown). If necessary, use the ip address command to assign an IP address to the Management port.
PAGE 534
Related Commands show interfaces configured — displays any interface with a non-default configuration. show interfaces stack-unit — displays information on all interfaces on a specific stack unit. strict-priority unicast — displays information of either rate limiting or rate policing on the interface. show interfaces switchport — displays Layer 2 information about the interfaces.
PAGE 535
Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 00:04:59 Dell# Related Commands show interfaces — displays information on a specific physical interface or virtual interface. show interfaces dampening Display interface dampening information.
PAGE 536
Te 3/8 Dell# Related Commands Up 0 0 5 750 2500 20 dampening — configures dampening on an interface. show interfaces — displays information on a specific physical interface or virtual interface. show interfaces configured — displays any interface with a non-default configuration. show interfaces description Display the descriptions configured on the interface.
PAGE 537
Usage Information Example Related Commands Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The following describes the show interfaces description command shown in the Example below. Field Description Interface Displays the type of interface and associated slot and port number. OK? Indicates if the hardware is functioning properly. Status States whether the interface is enabled (up) or disabled (administratively down).
PAGE 538
MTU 1554 bytes, IP MTU 1500 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 5d5h24m Queueing strategy: fifo Input Statistics: 0 packets, 0 bytes 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics: 0 packets, 0 bytes, 0 underruns 0 64-byte pkts, 0 over 64
PAGE 539
Command Modes Command History • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM and added support to display the interface configurations corresponding to a range of ports. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 540
stack-unit stackunit-number Command Modes Command History Usage Information Example • EXEC • EXEC Privilege (OPTIONAL) Enter the keyword stack-unit then the stack-unit-number. The range is from 0 to 5. Version Description 9.9(0.0) Introduced on the FN IOM and added support to display the interface configurations corresponding to a range of ports. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The following describes the show interfaces switchport command for the following example.
PAGE 541
Related Commands interface — configures a physical interface on the switch. show ip interface — displays Layer 3 information about the interfaces. show interfaces — displays information on a specific physical interface or virtual interface. show interfaces transceiver — displays the physical status and operational status of an installed transceiver. The output also displays the transceiver’s serial number.
PAGE 542
Interfaces Line Description Voltage High Alarm threshold Displays the interface index number used by SNMP to identify the interface. Bias High Alarm threshold Factory-defined setting. Value can differ between SFP and SFP+. TX Power High Alarm threshold Factory-defined setting. Value can differ between SFP and SFP+. RX Power High Alarm threshold Factory-defined setting. Value can differ between SFP and SFP+. Temp Low Alarm threshold Factory-defined setting.
PAGE 543
Line Description Tx Bias Current Present transmission (Tx) bias current of the SFP. If this crosses bias high alarm/warning thresholds, the TX bias high alarm/warning flag is set to true. If it falls below the low alarm/warning thresholds, the TX bias low alarm/warning flag is set to true. Tx Power Present Tx power of the SFP. If this crosses Tx power alarm/warning thresholds, the Tx power high alarm/warning flag is set to true.
PAGE 544
Example Line Description Tx Bias High Warning Flag This can be either true or false, depending on the Tx bias current value displayed above. Tx Power High Warning Flag This can be either true or false, depending on the Current Tx power value displayed above. Rx Power High Warning Flag This can be either true or false, depending on the Current Tx power value displayed above. Temperature Low Warning Flag This can be either true or false, depending on the Current Temperature value displayed above.
PAGE 545
SFP 1 Temp High Warning threshold = 90.000C SFP 1 Voltage High Warning threshold = 3.700V SFP 1 Bias High Warning threshold = 14.000mA SFP 1 TX Power High Warning threshold = 0.631mW SFP 1 RX Power High Warning threshold = 0.794mW SFP 1 Temp Low Warning threshold = -20.000C SFP 1 Voltage Low Warning threshold = 2.900V SFP 1 Bias Low Warning threshold = 2.000mA SFP 1 TX Power Low Warning threshold = 0.079mW SFP 1 RX Power Low Warning threshold = 0.
PAGE 546
Example Dell(conf-if-range-te-0/6)#show range interface tengigabitethernet 0/6 Dell(conf-if-range-te-0/6)# Related Commands interface — configures a physical interface on the switch. show ip interface — displays Layer 3 information about the interfaces. show interfaces — displays information on a specific physical interface or virtual interface. shutdown Disable an interface. Syntax shutdown To activate an interface, use the no shutdown command. Defaults The interface is disabled.
PAGE 547
speed (for 1000/10000/auto interfaces) Set the speed for 1000/10000 Base-T Ethernet interfaces. Set both sides of a link to the same speed (1000/10000) or to auto or the link may not come up. Syntax speed {1000 | 10000 | auto} To return to the default setting, use the no speed {1000 | 10000 | auto} command. Parameters 1000 Enter the keyword 1000 to set the interface’s speed to 1000 Mb/s. 10000 Enter the keyword 10000 to set the interface’s speed to 10000 Mb/s. Auto-negotiation is enabled.
PAGE 548
NOTE: The switch commands accept Unit ID numbers from 0 to 5, though the switch supports stacking up to three units only with the Dell Networking OS version 8.3.7.1. number Defaults Disabled Command Modes CONFIGURATION Command History Usage Information Enter the port number of the 40G port to be split. Enter one of the following port numbers for the switch: 48, 52, 56, or 60. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator. 8.3.16.
PAGE 549
If you configure the wavelength on a non-tunable optic, there is no change to the existing wavelength. The configured wavelength is saved in the running configuration and is applicable, when a tunable optic is used. If you do not configure the wavelength on an inserted tunable optic, the existing wavelength is used. Example Related Commands The following example shows the wavelength set for a tunable 10–Gigabit SFP+ optic: • show config — displays the interface configuration.
PAGE 550
Usage Information Use the interface port-channel command to access this command. You cannot add an interface to a Port Channel if the interface contains an IP address in its configuration. Link MTU and IP MTU considerations for Port Channels are: • All members must have the same link MTU value and the same IP MTU value. • The Port Channel link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configured on the channel members.
PAGE 551
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator. Example Dell(conf)#port-channel failover-group Dell(conf-po-failover-grp)#group 1 port-channel 1 port-channel 2 Dell(conf-po-failover-grp)# Related Commands port-channel failover-group — accesses PORT-CHANNEL FAILOVER-GROUP mode to configure a LAG failover group. show interfaces port-channel — displays information on configured Port Channel groups.
PAGE 552
Example Dell(conf)#int port-channel 2 Dell(conf-if-po-2)# Related Commands channel-member — adds a physical interface to the LAG. interface — configures a physical interface. interface vlan — configures a VLAN. shutdown — disables/enables the port channel. minimum-links Configure the minimum number of links in a LAG (Port Channel) that must be in “oper up” status for the LAG to be also in “oper up” status.
PAGE 553
Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information This feature groups two LAGs to work in tandem as a supergroup. For example, if one LAG goes down, the other LAG is taken down automatically, providing an alternate path to reroute traffic, avoiding oversubscription on the other LAG. You can use both static and dynamic (LACP) LAGs to configure failover groups.
PAGE 554
Command Modes Command History Usage Information Example (EtherScale) 554 Interfaces • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM and added support to display the interface configurations corresponding to a range of ports.. 8.3.16.1 Introduced on the S4820T. The following describes the show interfaces port-channel command shown in the following example. Field Description Port-Channel 1... Displays the LAG’s status.
PAGE 555
Internet address is not set Mode of IP Address Assignment : NONE DHCP Client-ID :lag1001ec9f10005 MTU 1554 bytes, IP MTU 1500 bytes LineSpeed auto Members in this channel: ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 03:28:00 Queueing strategy: fifo Input Statistics: 0 packets, 0 bytes 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0
PAGE 556
Time Domain Reflectometer (TDR) TDR is useful for troubleshooting an interface that is not establishing a link; either it is flapping or not coming up at all. TDR detects open or short conditions of copper cables on 100/1000 Base-T modules. Important Points to Remember • The interface and port must be enabled (configured — refer to the interface command) before running TDR. An error message is generated if you have not enabled the interface.
PAGE 557
Defaults none Command Modes EXEC Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. If the TDR test has not been run, an error message is generated: %Error: Please run the TDR test first The following describes the TDR test status. Status Definition OK Status: Terminated TDR test is complete, no fault is detected on the cable, and the test is terminated.
PAGE 558
debug ip udp-helper Enable UDP debug and display the debug information on a console. Syntax debug ip udp-helper To disable debug information, use the no debug ip udp-helper command. Defaults Debug disabled. Command Modes Command History Example • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 559
Usage Information When a UDP broadcast packet is flooded out of an interface, and the outgoing interface is configured using this command, the outgoing packet’s IP destination address is replaced with the configured broadcast address. Related Commands debug ip udp-helper — enables debug and displays the debug information on a console. show ip udp-helper — displays the configured UDP helpers on all interfaces.
PAGE 560
Command Modes Command History EXEC Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Example Dell#show ip udp-helper -------------------------------------------------Port UDP port list -------------------------------------------------Te 1/1 656, 658 Te 1/2 All Related Commands debug ip udp-helper — enables debug and displays the debug information on a console. ip udp-broadcast-address — configures a UDP IP address for broadcast.
PAGE 561
23 IPv4 Routing The basic IPv4 commands are supported by Dell Networking Operating System (OS).
PAGE 562
• show ip fib stack-unit • show ip interface • show ip management-route • show ip protocols • show ip route • show ip route list • show ip route summary • show ip traffic • show tcp statistics arp To associate an IP address with a multicast MAC address in the switch when you configure multicast mode of the network load balancing (NLB), use the address resolution protocol (ARP).
PAGE 563
configuration mode. This setting causes the multicast MAC address to be mapped to the cluster IP address for NLB mode of operation of the switch. You cannot use Class D or Class E IP addresses or zero IP address (0.0.0.0) when creating a static ARP. Zero MAC addresses (00:00:00:00:00:00) are also invalid. Although static ARP entries take precedence over dynamically-learnt ARP entries, a static ARP entry that points to a wrong port is not included in the FIB or ARP entries.
PAGE 564
arp timeout Set the time interval for an ARP entry to remain in the ARP cache. Syntax arp timeout minutes Parameters minutes Defaults 240 minutes (4 hours) Command Modes INTERFACE Command History Related Commands Enter the number of minutes. The range is from 0 to 35790. The default is 240 minutes. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. show interfaces — displays the ARP timeout value for all available interfaces.
PAGE 565
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. clear host Remove one or all dynamically learned host table entries. Syntax Parameters Command Modes Command History clear host name name Enter the name of the host to delete. Enter * to delete all host table entries. EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 566
clear ip route Clear one or all routes in the routing table. Syntax clear ip route {* | ip-address mask} Parameters Command Modes Command History Related Commands * Enter an asterisk (*) to clear all learned IP routes. ip-address mask Enter a specific IP address and mask in dotted decimal format to clear that IP address from the routing table. EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 567
count value Defaults none Command Modes EXEC Privilege Command History Usage Information • For a Port Channel interface, enter the keywords port-channel then a number. The range is from 1 to 128. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/ port information. • For a VLAN, enter the keyword vlan then a number from 1 to 4094.
PAGE 568
00:12:42 : %RELAY-I-PACKET: BOOTP REPLY (Unicast) received at interface 14.4.4.1 BOOTP Reply, hops = 0, XID = 0xda4f9503, secs = 0, hwaddr = 00:60:CF:20:7B:8C, giaddr = 113.3.3.17 00:12:42 : %RELAY-I-BOOTREPLY: Forwarded BOOTREPLY for 00:60:CF:20:7B:8C to 113.3.3.254 00:12:42 : %RELAY-I-PACKET: BOOTP REQUEST (Unicast) received at interface 113.3.3.17 BOOTP Request, hops = 0, XID = 0xda4f9503, secs = 0, hwaddr = 00:60:CF:20:7B:8C, giaddr = 0.0.0.
PAGE 569
ICMP: ICMP: ICMP: ICMP: ICMP: ICMP: Usage Information src 40.40.40.40, dst 40.40.40.40, echo reply echo request sent to dst 40.40.40.40 echo request rcvd from src 40.40.40.40 src 40.40.40.40, dst 40.40.40.40, echo reply src 40.40.40.40, dst 40.40.40.40, echo reply echo request sent to dst 40.40.40.40 To stop packets from flooding the user terminal when debugging is turned on, use the count option. debug ip packet View a log of IP packets sent and received.
PAGE 570
Field Description sending, rcvd, fragment, sending broad/multicast proto, unroutable The last part of each line lists the status of the packet. TCP src= Displays the source and destination ports, the sequence number, the acknowledgement number, and the window size of the packets in that TCP packets. UDP src= Displays the source and destination ports for the UDP packets. ICMP type= Displays the ICMP type and code.
PAGE 571
Example (Error Messages) Dell#debug ip packet access-group test %Error: port operator GT not supported in access-list debug %Error: port operator LT not supported in access-list debug %Error: port operator RANGE not supported in access-list debug %Error: port operator NEQ not supported in access-list debug Dell#00:10:45: %RPM0-P:CP %IPMGR-3-DEBUG_IP_PACKET_ACL_AMBIGUOUS_EXP: Ambiguous rules not supported in access-list debug, access-list debugging is turned off Dell# ip address Assign a primary and second
PAGE 572
Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. ip domain-list Configure names to complete unqualified host names. Syntax ip domain-list name To remove the name, use the no ip domain-list name command. Parameters name Defaults Disabled. Command Modes CONFIGURATION Command History Usage Information Enter a domain name to be used to complete unqualified names (that is, incomplete domain names that cannot be resolved). Version Description 9.9(0.
PAGE 573
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. To fully enable DNS, also specify one or more domain name servers with the ip name-server command. The Dell Networking OS does not support sending DNS queries over a VLAN. DNS queries are sent out all other interfaces, including the Management port. To view current bindings, use the show hosts command.
PAGE 574
ip helper-address Specify the address of a DHCP server so that DHCP broadcast messages can be forwarded when the DHCP server is not on the same subnet as the client. Syntax ip helper-address ip-address To remove a DHCP server address, use the no ip helper-address command. Parameters ip-address Defaults Not configured. Command Modes INTERFACE Command History Usage Information Enter an IP address in dotted decimal format (A.B.C.D). Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.
PAGE 575
relayed with the same value for hops. However, the message is discarded if the hops field exceeds 16, to comply with the relay agent behavior specified in RFC 1542. Related Commands ip helper-address — specifies the destination broadcast or host address for DHCP server requests. show running-config — displays the current configuration and changes from the default values. ip host Assign a name and IP address to be used by the host-to-IP address mapping table.
PAGE 576
Defaults Not configured. Command Modes CONFIGURATION Command History Usage Information • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE. • For a VLAN interface, enter the keyword vlan. The range is from 1 to 4094. Version Description 9.9(0.0) Introduced on the FN IOM. 9.3(0.0) Introduced on the MXL platform.
PAGE 577
Defaults Not configured. Command Modes CONFIGURATION Command History Usage Information • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE. • For a VLAN interface, enter the keyword vlan. The range is from 1 to 4094. Version Description 9.9(0.0) Introduced on the FN IOM. 9.3(0.0) Introduced on the MXL platform.
PAGE 578
ip name-server Enter up to six IPv4 addresses of name servers. The order you enter the addresses determines the order of their use. Syntax ip name-server ipv4-address [ipv4-address2...ipv4-address6] To remove a name server, use the no ip name-server ip-address command. Parameters ipv4-address Enter the IPv4 address, in dotted decimal format, of the name server to be used. ipv4-address2... ipv4-address6 (OPTIONAL) Enter up five more IPv4 addresses, in dotted decimal format, of name servers to be used.
PAGE 579
To delete a specific static route, use the no ip route destination mask command. To delete all routes matching a certain route, use the no ip route destination mask command. Parameters destination Enter the IP address in dotted decimal format of the destination device. mask Enter the mask in the slash prefix format (/x) of the destination IP address. ip-address Enter the IP address of the forwarding router in dotted decimal format. interface Enter the keyword interface then the slot/port number.
PAGE 580
ip source-route Enable the system to forward IP packets with source route information in the header. Syntax ip source-route To drop packets with source route information, use the no ip route-source command. Defaults Enabled. Command Modes CONFIGURATION Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. ip tcp initial-time Define the wait duration in seconds for the TCP connection to be established.
PAGE 581
EXEC Privilege Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.3(0.0) Introduced on the MXL 10/40GbE Switch IO Module platform. ip unreachables Enable the generation of internet control message protocol (ICMP) unreachable messages. Syntax ip unreachables To disable the generation of ICMP messages, use the no ip unreachables command. Defaults Disabled. Command Modes INTERFACE Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.
PAGE 582
Usage Information When a static route (or a protocol route) overlaps with Management static route, the static route (or a protocol route) is preferred over the Management Static route. Also, Management static routes and the Management Connected prefix are not reflected in the hardware routing tables. Separate routing tables are maintained for IPv4 and IPv6 management routes. This command manages both tables. Related Commands interface ManagementEthernet — configures the Management port on the system.
PAGE 583
The following describes the show arp command shown in the following example. Example Row Heading Description Protocol Displays the protocol type. Address Displays the IP address of the ARP entry. Age(min) Displays the age (in minutes) of the ARP entry. Hardware Address Displays the MAC address associated with the ARP entry. Interface Displays the first two letters of the interfaces type and the slot/port associated with the ARP entry.
PAGE 584
Related Commands ip local-proxy-arp — enables/disables Layer 3 communication in secondary VLANs. switchport mode private-vlan — sets PVLAN mode of the selected port. show arp retries Display the configured number of ARP retries. Syntax show arp retries Command Modes Command History Related Commands • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.
PAGE 585
Field Description Flags Classifies the entry as one of the following: • perm — the entry was manually configured and will not time out • temp — the entry was learned and will time out after 72 hours of inactivity. Also included in the flag is an indication of the validity of the route: Example Related Commands • ok — the entry is valid. • ex — the entry expired. • ?? — the entry is suspect. TTL Displays the amount of time until the entry ages out of the cache.
PAGE 586
The detail information under member-info gives the MAC address, VLAN ID, and gateway of every member port of the ecmp. summary Command Modes Command History Usage Information Example • EXEC • EXEC Privilege (OPTIONAL) Enter the keyword summary to view a table listing route prefixes and the total number routes which can be entered in to CAM. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 587
Field Description Initial Size Displays the CAM size the system allocates for the corresponding mask. The system adjusts the CAM size if the number of routes for the mask exceeds the initial allocation. Example (ECMPGroup) Dell#show ip cam stack-unit 0 po 0 ecmp-group detail Example (MemberInfo) Dell#show ip cam stack-unit 0 po 0 ecmp-group member-info detail Destination EC CG ----------------1.1.1.2 0 0 2.1.1.2 0 0 1.1.1.1 0 0 2.1.1.1 0 0 1.1.1.0 0 0 2.1.1.0 0 0 100.1.1. 0 1 100.1.1. 0 1 0.0.0.
PAGE 588
Example Field Description Destination Lists the destination IP address. Gateway Displays either the word “direct” and an interface for a directly connected route or the remote IP address used to forward the traffic. First-Hop Displays the first hop IP address. Mac-Addr Displays the MAC address. Port Displays the egress-port information. VId Displays the VLAN ID. If no VLAN is assigned, zero (0) is listed. EC Displays the number of ECMP paths.
PAGE 589
Command History Usage Information Version Description 9.11(0.0) Updated the command output to include the unicast reverse path forwarding (uRPF) status. 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The following describes the show ip interface command shown in the following example. Lines Description TenGigabitEthernet 0/0... Displays the interface’s type, slot/port, and physical and line protocol status. Internet address...
PAGE 590
Example (Brief) Dell#show ip int brief Interface IP-Address GigabitEthernet 1/1 unassigned GigabitEthernet 1/2 unassigned GigabitEthernet 1/3 unassigned GigabitEthernet 1/4 unassigned GigabitEthernet 1/5 10.10.10.1 GigabitEthernet 1/6 unassigned OK? NO YES YES YES YES NO Method Manual Manual Manual Manual Manual Manual Status Protocol administratively down down up up up up up up up up administratively down down show ip management-route View the IP addresses assigned to the Management interface.
PAGE 591
Command History Example Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Dell#show ip protocols Routing Protocol is "bgp 1" Cluster Id is set to 20.20.20.3 Router Id is set to 20.20.20.
PAGE 592
Command History Usage Information Example Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The following describes the show ip route all command in the following example.
PAGE 593
100.10.10.0/24 > R 100.10.10.0/24 C 101.10.10.0/24 > R 101.10.10.0/24 Dell# via 101.10.10.
PAGE 594
Related Commands ip prefix-list — enters CONFIGURATION-IP PREFIX-LIST mode and configures a prefix list. show ip prefix-list summary — displays a summary of the configured prefix lists. show ip route summary View a table summarizing the IP routes in the switch. Syntax show ip route summary Command Modes Command History Usage Information • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 595
show ip traffic View IP, ICMP, UDP, TCP and ARP traffic statistics. Syntax show ip traffic Command Modes EXEC Privilege Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The following describes the show ip traffic summary shown in the following example. Keyword Definition unknown protocol... No receiver for these packets. Counts packets whose protocol type field is not recognized by the system.
PAGE 596
Example • IP Statistics: Bcast: Sent: Object = f10BcastPktSent, OIDs = 1.3.6.1.4.1.6027.3.3.5.1.2 • IP Statistics: Mcast: Received: Object = f10McastPktRecv, OIDs = 1.3.6.1.4.1.6027.3.3.5.1.3 • IP Statistics: Mcast: Sent: Object = f10McastPktSent, OIDs = 1.3.6.1.4.1.6027.3.3.5.1.4 • ARP Statistics: Rcvd: Request: Object = f10ArpReqRecv, OIDs = 1.3.6.1.4.1.6027.3.3.5.2.1 • ARP Statistics: Rcvd: Replies: Object = f10ArpReplyRecv, OIDs = 1.3.6.1.4.1.6027.3.3.5.2.
PAGE 597
Field Description 0 checksum error... Displays the number of packets received with the following: • Example checksum errors • bad offset to data • too short 329 packets... Displays the number of packets and bytes received in sequence. 17 dup... Displays the number of duplicate packets and bytes received. 0 partially... Displays the number of partially duplicated packets and bytes received. 7 out-of-order... Displays the number of packets and bytes received out of order.
PAGE 598
1 out-of-order packets (0 bytes) 0 packets ( 0 bytes) with data after window 0 packets after close 0 window probe packets, 0 window update packets 0 dup ack packets, 0 ack packets with unsend data 6671 ack packets (152813 bytes) Sent: 6778 Total, 0 urgent packets 7 control packets 6674 data packets (152822 bytes) 12 data packets (1222 bytes) retransmitted 85 ack only packets (5677 delayed) 0 window probe packets, 0 window update packets 0 Connections initiated, 7 connections accepted, 7 connections establis
PAGE 599
24 Internet Protocol Security (IPSec) Internet protocol security (IPSec) is an end-to-end security scheme for securing IP communications by authenticating and encrypting all packets in a session. Use IPSec between hosts, gateways, or hosts and gateways. IPSec uses a series of protocol functions to achieve information security: • Authentication Headers (AH) — Connectionless integrity and origin authentication for IP packets.
PAGE 600
To delete a transform set, use the no crypto ipsec transform-set name {ah-authentication {md5|sha1|null} | esp-authentication {md5|sha1|null} | esp-encryption {3des| cbc|des|null}} command. Parameters name Enter the name for the transform set. ah-authentication Enter the keywords ah-authentication then the transform type of operation to apply to traffic. The transform type represents the encryption or authentication applied to traffic.
PAGE 601
crypto ipsec policy Create a crypto policy used by ipsec. Syntax crypto ipsec policy name seq-num ipsec-manual To delete a crypto policy entry, use the no crypto ipsec policy name seq-num ipsec-manual command. Parameters name Enter the name for the crypto policy set. seq-num Enter the sequence number assigned to the crypto policy entry. Defaults none Command Modes CONFIGURATION Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.
PAGE 602
match Match a sequence number to the transmission control protocol (TCP)/user datagram protocol (UDP) packets. Syntax match seq-num {tcp | udp} {ipv6 | ip} port-num dest-ip dest-port-num To remove the match filter for the crypto map, use the no match seq-num command. Parameters seq-num Enter the match command sequence number. The range is from 0 to 255. tcp Enter the keyword tcp to configure a TCP access list filter. udp Enter the keyword udp to configure a UDP access list filter.
PAGE 603
inbound Specify the inbound session key for IPSec. outbound Specify the outbound session key for IPSec. ah Use the AH protocol when you select the AH transform set in the crypto policy. esp Use the ESP protocol when you select the ESP transform set in the crypto policy. spi Enter the security parameter index number. hex-key-string Enter the session key in hex format (a string of 8, 16, or 20 bytes). For DES algorithms, specify at least 16 bytes per key.
PAGE 604
show crypto ipsec policy Display the crypto policy configuration. Syntax show crypto ipsec policy name Parameters Command Modes Command History Example name Enter the name for the crypto policy set. EXEC Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 605
To delete a transform set from the crypto policy, use the no transform-set transform-set-name command. Parameters transform-setname Enter the name for the crypto policy transform set. Defaults none Command Modes CONFIG-CRYPTO-POLICY Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 606
25 IPv6 Access Control Lists (IPv6 ACLs) IPv6 ACLs and IPv6 Route Map commands are supported on Dell Networking switch. NOTE: For IPv4 ACL commands, refer to the Access Control Lists (ACL) chapter. Important Points to Remember • Certain platforms require manual CAM usage space allotment. For more information, refer to the cam-acl (Configuration) command. • Egress IPv6 ACL and IPv6 ACL on the Loopback interface is not supported. • Reference to an empty ACL permits any traffic.
PAGE 607
Parameters default l2acl 1-10 ipv4acl 1-10 ipv6acl 0-10 ipv4qos 1-10 l2qos 1-10 Command Modes Command History Usage Information Use the default CAM profile settings, and set the CAM as follows: • L3 ACL (ipv4acl): 6 • L2 ACL(l2acl): 5 • IPv6 L3 ACL (ipv6acl): 0 • L3 QoS (ipv4qos): 1 • L2 QoS (l2qos): 1 Allocate space to support IPv6 ACLs. Enter all of the profiles and a range. Enter the CAM profile name then the amount to be allotted. The total space allocated must equal 13.
PAGE 608
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. For the new settings to take effect, save the new CAM settings to the startup-config (write-mem or copy run start), then reload the system. The total amount of space allowed is 16 FP Blocks. System flow requires three blocks and these blocks cannot be reallocated. When configuring space for IPv6 ACLs, the total number of Blocks must equal 13.
PAGE 609
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.4(0.0) Added support for CoPP for OSPFv3 on the MXL 10/40GbE Switch IO Module. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Usage Information The number of entries allowed per ACL is hardware-dependent. For detailed specification on entries allowed per ACL, refer to your line card documentation.
PAGE 610
dscp (OPTIONAL) Enter the keyword dcsp to match to the IP DCSCP values. order (OPTIONAL) Enter the keyword order to specify the QoS priority for the ACL entry. The range is from 0 to 254 (where 0 is the highest priority and 254 is the lowest; lower-order numbers have a higher priority). If you do not use the keyword order, the ACLs have the lowest order by default (255). fragments Enter the keyword fragments to use ACLs to control packet fragments.
PAGE 611
host ipv6-address Enter the keyword host then the IPv6 address of the host in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zero. destination address Enter the IPv6 address of the network or host to which the packets are sent in the x:x:x:x::x format then the prefix length in the /x format. The range is from /0 to /128. The :: notation specifies successive hexadecimal fields of zero.
PAGE 612
the ingress and egress direction. Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead all traffic on the interface. This feature is particularly useful when looking for malicious traffic. It is available for Layer 2 and Layer 3 ingress and egress traffic. You may specify traffic using standard or extended access-lists. This mechanism copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port.
PAGE 613
ipv4pbr vrfv4Acl Openflow fedgovacl : : : : 0 0 0 0 Dell# Related Commands cam-acl — configures CAM profiles to support IPv6 ACLs. show cam-acl-egress Show information on FP groups allocated for egress ACLs. Syntax Command Modes Command History Example show cam-acl-egress • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 614
26 IPv6 Basics This chapter describes IPv6 basic commands.
PAGE 615
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. clear ipv6 route Clear (refresh) all or a specific route from the IPv6 routing table. Syntax Parameters clear ipv6 route {* | ipv6-address prefix-length} * Enter the * to clear (refresh) all routes from the IPv6 routing table. ipv6-address prefix-length Enter the IPv6 address in the x:x:x:x::x format then the prefix length in the /x format. The range is from /0 to /128.
PAGE 616
Command Modes Command History Usage Infomation INTERFACE (management interface only) Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. • SAA can configure up to two addresses. If any preferred prefix or valid timers time out, the corresponding address are deprecated or removed. If an address is removed due to a time-out, an address from the current unused prefix is used to create a new address.
PAGE 617
• IPv6 secondary addresses on management interfaces should not match the virtual IP address and should not be in the same subnet as the virtual IP. NOTE: Do not use the /128 prefix length on physical or port channel interfaces. You can use the /128 prefix length on loopback interfaces.
PAGE 618
To restore the default value, use the no ipv6 control-plane icmp error-rate-limit command. Parameters pps Default 100 pps Command Modes CONFIGURATION Command History Enter the maximum number of error packets generated per second. The range is from 1 to 200, where 0 disables the rate-limiting. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. ipv6 flowlabel-zero Configure system to set the flow label field in the packets to zero.
PAGE 619
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. ipv6 name-server Enter up to six IPv6 addresses of name servers. The order you enter the addresses determines the order of their use. Syntax ipv6 name-server ipv6-address [ipv6-address2... ipv6-address6] To remove a name server, use the no ipv6 name—server ipv6–address command. Parameters ipv6-address Enter the IPv6 address (X:X:X:X::X) of the name server to be used.
PAGE 620
Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. ipv6 nd dns-server Configures Recursive DNS Server (RDNSS) addresses to be distributed via IPv6 router advertisements to an IPv6 device. Syntax ipv6 nd dns-server {ipv6-RDNSS-address} {lifetime | infinite} To remove the IPv6 RDSS configuration, use no ipv6 nd dns-server {ipv6-RDNSS-address} {lifetime | infinite} Parameters ipv6-RDNSSaddress Enter the IPv6 Recursive DNS Server’s (RDNSS) address.
PAGE 621
Parameters Command Modes Command History Usage Information ipv6-prefix Enter an IPv6 prefix. prefix-length Enter the prefix then the prefix length. The length range is from 0 to 128. default Enter the keyword default to set default parameters for all prefixes. no-advertise Enter the keyword no-advertise to prevent the specified prefix from being advertised. no-autoconfig Enter the keywords no-autoconfig to disable Stateless Address Autoconfiguration.
PAGE 622
• For a loopback interface, enter the keyword loopback then a number from zero (0) to 16383. • For the null interface, enter the keyword null then zero (0). • For a port channel interface, enter the keyword port-channel then the port channel number. The range is from 1 to 128. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/ port information.
PAGE 623
X:X:X:X::X Forwarding router's address gigabitethernet Gigabit Ethernet interface loopback Loopback interface null Null interface port-channel Port-Channel interface tenGigabitethernet TenGigabit Ethernet interface fortyGigE FortyGigabit Ethernet interface tunnel Tunnel interface vlan Vlan interface Dell(conf)#ipv6 route 44::0 /64 33::1 ? <1-255> Distance metric for this route permanent Permanent route tag Set tag for this route Dell(conf)#ipv6 route 44::0 /64 33::1 Dell(conf)#ipv6 route 44::0 /64 tengigabi
PAGE 624
show ipv6 cam stack-unit Displays the IPv6 CAM entries for the specified stack-unit. Syntax show ipv6 cam stack-unit unit-number port-set {0-0} [summary | index | ipv6 address] Parameters unit-number Enter the stack unit’s ID number. The range is from 0 to 5. port-set Enter the keyword Port Set. summary (OPTIONAL) Enter the keyword summary to display a table listing network prefixes and the total number prefixes which can be entered into the IPv6 CAM.
PAGE 625
Related Commands Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. ipv6 flowlabel-zero — Configure IPv6 address auto-configuration for the management interface. show ipv6 fib stack-unit View all FIB entries. Syntax Parameters show ipv6 fib stack-unit unit-number [summary | ipv6-address] slot-number Enter the number of the stack unit. The range is from 0 to 5. summary (OPTIONAL) Enter the keyword summary to view a summary of entries in IPv6 cam.
PAGE 626
show ipv6 interface Display the status of interfaces configured for IPv6.
PAGE 627
Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Usage Information The Management port is enabled by default (no shutdown). If necessary, use the ipv6 address command to assign an IPv6 address to the Management port.
PAGE 628
300::1/64 Dell# Example (tunnel) Dell#show ipv6 interface tun 1 Tunnel 1 is up, line protocol is up IPV6 is enabled Link Local address: fe80::201:e8ff:fea7:497e Global Unicast address(es): 400::1, subnet is 400::/64 (MANUAL) Remaining lifetime: infinite Global Anycast address(es): Joined Group address(es): ff02::1 ff02::2 ff02::1:ff00:1 ff02::1:ffa7:497e ND MTU is 0 ICMP redirects are not sent DAD is enabled, number of DAD attempts: 3 ND reachable time is 20410 milliseconds ND base reachable time is 30000
PAGE 629
Example MLD Host Traffic Counters Elapsed time since counters cleared: 0028:33:52 Received Sent Valid MLD Packets 97962 18036 Reports 79962 18034 Leaves ---0 MLDv2 Queries 18000 ---MLDv1 Queries 0 ---Errors: Malformed Packets: 4510 show ipv6 route Displays the IPv6 routes.
PAGE 630
Example Field Description (undefined) Identifies the type of route: • L = Local • C = connected • S = static • R = RIP • B = BGP • IN = internal BGP • EX = external BGP • LO = Locally Originated • O = OSPF • IA = OSPF inter-area • N1 = OSPF NSSA external type 1 • N2 = OSPF NSSA external type 2 • E1 = OSPF external type 1 • E2 = OSPF external type 2 • i = IS-IS • L1 = IS-IS level-1 • L2 = IS-IS level-2 • IA = IS-IS inter-area • * = candidate default • > = non-active
PAGE 631
Example (Summary) Dell#show ipv6 route summary Route Source Active Routes connected 3 static 1 Total 4 Total 4 active route(s) using 928 bytes Dell# Non-active Routes 0 0 0 trust ipv6-diffserv Allows the dynamic classification of IPv6 DSCP. Syntax trust ipv6-diffserv To remove the definition, use the no trust ipv6-diffserv command. Defaults none Command Modes CONFIGURATION-POLICY-MAP-IN Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.
PAGE 632
27 IPv6 Border Gateway Protocol (IPv6 BGP) IPv6 Border Gateway Protocol (IPv6 BGP) is supported on Dell Networking platforms.
PAGE 633
• debug ip bgp • debug ip bgp events • debug ip bgp ipv6 dampening • debug ip bgp ipv6 unicast soft-reconfiguration • debug ip bgp keepalives • debug ip bgp notifications • debug ip bgp updates • default-metric • description • distance bgp • maximum-paths • neighbor activate • neighbor advertisement-interval • neighbor allowas-in • neighbor default-originate • neighbor description • neighbor distribute-list • neighbor ebgp-multihop • neighbor fall-over • neighbor filte
PAGE 634
• show ip bgp ipv6 unicast community • show ip bgp ipv6 unicast community-list • show ip bgp ipv6 unicast dampened-paths • show ip bgp ipv6 unicast detail • show ip bgp ipv6 unicast extcommunity-list • show ip bgp ipv6 unicast filter-list • show ip bgp ipv6 unicast flap-statistics • show ip bgp ipv6 unicast inconsistent-as • show ip bgp ipv6 unicast neighbors • show ip bgp ipv6 unicast peer-group • show ip bgp ipv6 unicast summary • show ip bgp next-hop • show ip bgp paths • show
PAGE 635
• show ip bgp ipv6 unicast filter-list • show ip bgp ipv6 unicast flap-statistics • show ip bgp ipv6 unicast inconsistent-as • show ip bgp ipv6 unicast neighbors • show ip bgp ipv6 unicast peer-group • show ip bgp ipv6 unicast summary IPv6 BGP Commands BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS). BGP version 4 (BGPv4) supports classless interdomain routing and the aggregation of routes and AS paths.
PAGE 636
NOTE: The :: notation specifies successive hexadecimal fields of zeros. Defaults advertise-map map-name (OPTIONAL) Enter the keywords advertise-map then the name of a configured route map to set filters for advertising an aggregate route. as-set (OPTIONAL) Enter the keywords as-set to generate path attribute information and include it in the aggregate. AS_SET includes AS_PATH and community information from the routes included in the aggregated route.
PAGE 637
To disable comparison of MED, use the no bgp always-compare-med command. Defaults Disabled (that is, the software only compares MEDs from neighbors within the same AS). Command Modes ROUTER BGP Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Any update without a MED attribute is the least preferred route.
PAGE 638
Usage Information Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. The software compares the MEDs only if the path contains no external autonomous system numbers. If you enable this command, use the capture bgp-pdu max-buffer-size * command to recompute the best path. bgp bestpath med missing-as-best During path selection, indicate a preference to paths with missing MED (MULTI_EXIT_DISC) over those paths with an advertised MED attribute.
PAGE 639
neighbor route-reflector-client — configures a route reflector and clients. bgp cluster-id Assign a cluster ID to a BGP cluster with more than one route reflector. Syntax bgp cluster-id {ip-address | number} To delete a cluster ID, use the no bgp cluster-id {ip-address | number} command. Parameters ip-address Enter an IP address as the route reflector cluster ID. number Enter a route reflector cluster ID as a number from 1 to 4294967295. Defaults Not configured.
PAGE 640
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. The autonomous systems configured in this command are visible to the EBGP neighbors. Each autonomous system is fully meshed and contains a few connections to other autonomous systems. The next hop, MED, and local preference information is preserved throughout the confederation. The system accepts confederation EBGP peers without a LOCAL_PREF attribute.
PAGE 641
reuse (OPTIONAL) Enter a number as the reuse value, which is compared to the flapping route’s Penalty value. If the Penalty value is less than the reuse value, the flapping route is once again advertised (or no longer suppressed). The range is from 1 to 20000. The default is 750. suppress (OPTIONAL) Enter a number as the suppress value, which is compared to the flapping route’s Penalty value.
PAGE 642
bgp enforce-first-as Disable (or enable) enforce-first-as check for updates received from EBGP peers. Syntax bgp enforce-first-as To turn off the default, use the no bgp enforce-first-as command. Defaults Enabled. Command Modes ROUTER BGP Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the 10/40GbE Switch IO Module.
PAGE 643
bgp four-octet-as-support Enable 4-byte support for the BGP process. Syntax bgp four-octet-as-support To disable fast external fallover, use the no bgp four-octet-as-support command. Defaults Disabled (supports 2-Byte format) Command Modes ROUTER BGP Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Routers supporting 4-Byte ASNs advertise that function in the OPEN message.
PAGE 644
Defaults As above Command Modes ROUTER BGP Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. This feature is advertised to BGP neighbors through a capability advertisement. In Receiver Only mode, BGP saves the advertised routes of peers that support this capability when they restart. bgp log-neighbor-changes Enable logging of BGP neighbor resets.
PAGE 645
the neighbors because MED may or may not get compared between adjacent paths. In Deterministic mode (no bgp non-deterministic-med), the system compares MED between adjacent paths within an AS group because all paths in the AS group are from the same AS. When you change the path selection from Deterministic to Non-Deterministic mode, the path selection for existing paths remains Deterministic until you enter the capture bgp-pdu max-buffer-size command to clear existing paths.
PAGE 646
Usage Information BGP uses regular expressions (regex) to filter route information. In particular, the use of regular expressions to filter routes based on AS-PATHs and communities is quite common. In a large scale configuration, filtering millions of routes based on regular expressions can be quite CPU intensive, as a regular expression evaluation involves generation and evaluation of complex finite state machines.
PAGE 647
Usage Information When you enable soft-reconfiguration for a neighbor and you execute the clear ip bgp soft in command, the update database stored in the router replays and updates are reevaluated. With this command, the replay and update process is triggered only if route-refresh request is not negotiated with the peer. If the request is negotiated (after execution of clear ip bgp soft in), BGP sends a route-refresh request to the neighbor and receives all of the peer’s updates.
PAGE 648
Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. capture bgp-pdu neighbor (ipv6) — enables route reflection between the route reflector and the clients. show capture bgp-pdu neighbor — configures a route reflector and clients. clear ip bgp * (asterisk) Reset all BGP sessions in the specified category. The soft parameter (BGP Soft Reconfiguration) clears the policies without resetting the TCP connection.
PAGE 649
Parameters as-number Enter an autonomous system (AS) number to reset neighbors belonging to that AS. If used without a qualifier, the keyword resets all neighbors belonging to that AS. The range is from 1 to 65535. flap-statistics (OPTIONAL) Enter the keywords flap-statistics to clear all flap statistics belonging to that AS or a specified address family within that AS. ipv4 (OPTIONAL) Enter the keyword ipv4 to select options for that address family.
PAGE 650
multicast (OPTIONAL) Enter the keyword multicast to select the multicast option within the selected address family. Multicast is supported on IPv4 only. soft (OPTIONAL) Enter the keyword soft to configure and activate policies without resetting the BGP TCP session; that is, BGP Soft Reconfiguration. NOTE: If you enter clear ip bgp ip6-address soft, both inbound and outbound policies are reset. Command Modes Command History in (OPTIONAL) Enter the keyword in to activate only inbound policies.
PAGE 651
Usage Information Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. After you enter this command, the software deletes the history routes and returns the suppressed routes to the active state. clear ip bgp ipv6 flap-statistics Clear BGP flap statistics, which includes number of flaps and the time of the last flap.
PAGE 652
clear ip bgp ipv6 unicast soft Clear and reapply policies for IPv6 unicast routes without resetting the TCP connection; that is, perform BGP soft reconfiguration. Syntax clear ip bgp {* | as-number | ipv4-neighbor-addr | ipv6-neighbor-addr | peergroup name} ipv6 unicast soft [in | out] Parameters * Clear and reapply policies for all BGP sessions. as-number Clear and reapply policies for all neighbors belonging to the AS. The range is from 0 to 65535 (2 Byte), from 1 to 4294967295 (4 Byte), or from 0.
PAGE 653
Command Modes Command History Usage Information in (OPTIONAL) Enter the keyword in to view only information on inbound BGP routes. out (OPTIONAL) Enter the keyword out to view only information on outbound BGP routes. EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. To view information on both incoming and outgoing routes, do not include the in and out parameters in the debugging command.
PAGE 654
Usage Information Entering a no debug ip bgp command removes all configured debug commands for BGP. debug ip bgp ipv6 dampening View information on dampened (non-active) IPv6 routes. Syntax debug ip bgp ipv6 unicast dampening [in | out] To disable debugging, use the no debug ip bgp ipv6 unicast dampening command. Parameters Command Modes Command History in (OPTIONAL) Enter the keyword in to view only inbound dampened routes.
PAGE 655
Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Usage Information This command turns on BGP soft-reconfiguration inbound debugging for IPv6 unicast routes. If no neighbor is specified, debug is turned on for all neighbors. Related Commands show ip bgp ipv6 unicast dampened-paths — views BGP dampened routes. debug ip bgp keepalives Allows you to view information about BGP keepalive messages.
PAGE 656
NOTE: The :: notation specifies successive hexadecimal fields of zeros. Command Modes Command History Usage Information peer-group peergroup-name (OPTIONAL) Enter the keywords peer-group then the name of the peer group. in (OPTIONAL) Enter the keyword in to view BGP notifications received from neighbors. out (OPTIONAL) Enter the keyword out to view BGP notifications sent to neighbors. EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.
PAGE 657
default-metric Allows you to change the metrics of redistributed routes to locally originated routes. Use this command with the redistribute command. Syntax default-metric number To return to the default setting, use the no default-metric command. Parameters number Defaults 0 Command Modes ROUTER BGP Command History Enter a number as the metric to be assigned to routes from other protocols. The range is from 1 to 4294967295. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.
PAGE 658
distance bgp Configure three administrative distances for routes. Syntax distance bgp external-distance internal-distance local-distance To return to default values, use the no distance bgp command. Parameters Defaults Command Modes Command History external-distance Enter a number to assign to routes learned from a neighbor external to the AS. The range is from 1 to 255. The default is 20. internal-distance Enter a number to assign to routes learned from a router within the AS.
PAGE 659
Defaults 1 Command Modes ROUTER BGPV6-ADDRESS FAMILY Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. If you enable this command, use the capture bgp-pdu max-buffer-size command to recompute the best path. neighbor activate This command allows the specified neighbor/peer group to be enabled for the current AFI/SAFI.
PAGE 660
NOTE: The :: notation specifies successive hexadecimal fields of zeros. Defaults Command Modes Command History peer-group-name Enter the name of the peer group to set the advertisement interval for all routers in the peer group. seconds Enter a number as the time interval, in seconds, between BGP advertisements. The range is from 0 to 600 seconds. The default is 5 seconds for internal BGP peers and 30 seconds for external BGP peers.
PAGE 661
neighbor default-originate Inject the default route to a BGP peer or neighbor. Syntax neighbor {ipv6-address | peer-group-name} default-originate [route-map mapname] To remove a default route, use the no neighbor {ipv6-address | peer-group-name} defaultoriginate [route-map map-name] command. Parameters ipv6-address Enter the IPv6 address in the x:x:x:x::x format. NOTE: The :: notation specifies successive hexadecimal fields of zeros.
PAGE 662
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. neighbor distribute-list Distribute BGP information using an established prefix list. Syntax neighbor {ipv6-address | peer-group-name} distribute-list prefix-list-name {in | out} To delete a neighbor distribution list, use the no neighbor {ipv6-address | peer-group-name} distribute-list prefix-list-name {in | out} command.
PAGE 663
NOTE: The :: notation specifies successive hexadecimal fields of zeros. peer-group-name Enter the name of the peer group. ttl (OPTIONAL) Enter the number of hops as the time to live (ttl) value. The range is from 1 to 255. The default is 255. Defaults Disabled. Command Modes ROUTER BGP Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 664
To delete a BGP filter, use the no neighbor {ipv6-address | peer-group-name} filter-list as-path-name {in | out} command. Parameters ipv6-address Enter the IPv6 address in the x:x:x:x::x format. NOTE: The :: notation specifies successive hexadecimal fields of zeros. peer-group-name Enter the name of the peer group to apply the filter to all routers in the peer group. in Enter the keyword in to filter inbound BGP routes. out Enter the keyword out to filter outbound BGP routes.
PAGE 665
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Usage Information If you configure the neighbor maximum-prefix command and the neighbor receives more prefixes than allowed by the neighbor maximum-prefix command configuration, the neighbor goes down and the show ip bgp ipv6 unicast summary command displays (prfxd) in the State/PfxRcd column for that neighbor.
PAGE 666
Defaults Disabled. Command Modes ROUTER BGPV6-ADDRESS FAMILY Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. If you configure the set ipv6 next-hop command in ROUTE-MAP mode, its configuration takes precedence over the neighbor next-hop-self command. neighbor peer-group (assigning peers) Allows you to assign one peer to a existing peer group.
PAGE 667
A peer group must exist before you add a peer to it. If the peer group is disabled (shutdown) the peers within the group are also disabled (shutdown). Related Commands capture bgp-pdu max-buffer-size — resets BGP sessions. neighbor peer-group (creating group) — creates a peer group. show ip bgp ipv6 unicast peer-group — views BGP peers. show ip bgp ipv6 unicast neighbors — views BGP neighbors configurations. neighbor peer-group (creating group) Allows you to create a peer group and assign it a name.
PAGE 668
Command Modes Command History ROUTER BGP Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Usage Information After you configure a peer group as passive, you must assign it a subnet using the neighbor subnet command. Related Commands neighbor subnet — assigns a subnet to a dynamically configured BGP neighbor. neighbor remote-as Create and specify the remote peer to the BGP neighbor.
PAGE 669
Parameters ipv6-address Enter the IPv6 address in the x:x:x:x::x format. NOTE: The :: notation specifies successive hexadecimal fields of zeros. peer-group-name Enter the name of the peer group to remove the private AS numbers. Defaults Disabled (that is, the private AS number are not removed). Command Modes ROUTER BGPV6-ADDRESS FAMILY Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 670
Usage Information Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. When you apply a route map to outbound routes, only routes that match at least one section of the route map are permitted. If you identify a peer group by name, the peers in that peer group inherit the characteristics in the Route map used in this command. If you identify a peer by IP address, the Route map overwrites either the inbound or outbound policies on that peer.
PAGE 671
Parameters ipv6-address Enter the IPv6 address in the x:x:x:x::x format. NOTE: The :: notation specifies successive hexadecimal fields of zeros. peer-group-name Enter the name of the peer group. All routers in the peer group receive routes from a route reflector. Defaults Not configured and COMMUNITY attributes are not sent to neighbors. Command Modes ROUTER BGP Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 672
neighbor soft-reconfiguration inbound Enable a BGP soft-reconfiguration and start storing updates for inbound IPv6 unicast routes. Syntax neighbor {ipv4-address | ipv6-address | peer-group-name} soft-reconfiguration inbound Parameters ipv4-address | ipv6address Enter the IP address of the neighbor for which you want to start storing inbound routing updates. peer-group-name Enter the name of the peer group for which you want to start storing inbound routing updates. Defaults Disabled.
PAGE 673
neighbor timers Set keepalive and hold time timers for a BGP neighbor or a peer group. Syntax neighbor {ipv6-address | peer-group-name} timers keepalive holdtime To return to the default values, use the no neighbor {ipv6-address | peer-group-name} timers command. Parameters ipv6-address Enter the IPv6 address in the x:x:x:x::x format. NOTE: The :: notation specifies successive hexadecimal fields of zeros.
PAGE 674
Parameters ipv6-address Enter the IPv6 address in the x:x:x:x::x format. NOTE: The :: notation specifies successive hexadecimal fields of zeros. peer-group-name Enter the name of the peer group to set the timers for all routers within the peer group. loopback interface Enter the keyword loopback then a number of the loopback interface. The range is from 0 to 16383. Defaults Not configured. Command Modes ROUTER BGP Command History Usage Information Version Description 9.9(0.
PAGE 675
network Specify the networks for the BGP process and enter them in the BGP routing table. Syntax network ipv6-address prefix-length [route-map map-name] To remove a network, use the no network ip-address mask [route-map map-name] command. Parameters ipv6-address prefix-length Enter the IPv6 address in the x:x:x:x::x format then the prefix length in the /x format. The range is from /0 to /128. NOTE: The :: notation specifies successive hexadecimal fields of zeros.
PAGE 676
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Though the system does not generate a route due to backdoor config, there is an option for injecting/sourcing a local route in presence of network backdoor config on a learned route. redistribute Redistribute routes into BGP.
PAGE 677
Parameters level-1 | level-1-2 | level-2] (OPTIONAL) Enter the type (level) of routes to redistribute. metric (OPTIONAL) Assign metric to an interface for use with IPv6 information. metric-type (OPTIONAL) The external link type associated with the default route advertised into a routing domain. You must specify one of the following: route-map mapname • external • internal (default) (OPTIONAL) Enter the keywords route-map then the name of an established route map.
PAGE 678
Usage Information Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. When you enter the redistribute ospf process-id command without any other parameters, the system redistributes all OSPF internal routes, external type 1 routes, and external type 2 routes. router bgp Enter ROUTER BGP mode to configure and enable BGP. Syntax router bgp as-number To disable BGP, use the no router bgp as-number command. Parameters as-number Defaults Not enabled.
PAGE 679
show config View the current ROUTER BGP configuration. Syntax show config Command Modes ROUTER BGPV6-ADDRESS FAMILY Command History Example Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 680
Command Modes Command History Usage Information • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. When you enable the bgp non-deterministic-med command, the show ip bgp command output for a BGP route does not list the INACTIVE reason. show ip bgp ipv6 unicast cluster-list View BGP neighbors in a specific cluster.
PAGE 681
no-export Command Modes Command History Usage Information • EXEC • EXEC Privilege Enter the keywords no-export to view all routes containing the well-known community attribute of NO_EXPORT. All routes with the NO_EXPORT (0xFFFFFF01) community attribute must not be advertised outside a BGP confederation boundary. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 682
Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. show ip bgp ipv6 unicast detail Display BGP internal information for IPv6 Unicast address family. Syntax show ip bgp ipv6 unicast detail Defaults none Command Modes Command History • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 683
show ip bgp ipv6 unicast filter-list View the routes that match the filter lists. Syntax Parameters Command Modes Command History show ip bgp ipv6 unicast filter-list as-path-name as-path-name • EXEC • EXEC Privilege Enter the name of an AS-PATH. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. show ip bgp ipv6 unicast flap-statistics View flap statistics on BGP routes.
PAGE 684
• Command History EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. show ip bgp ipv6 unicast inconsistent-as View routes with inconsistent originating autonomous system (AS) numbers; that is, prefixes that are announced from the same neighbor AS but with a different AS-Path. Syntax show ip bgp ipv6 unicast inconsistent-as Command Modes Command History • EXEC • EXEC Privilege Version Description 9.9(0.
PAGE 685
received-routes [network [networkmask] (OPTIONAL) Enter the keywords received-routes then either the network address (in dotted decimal format) or the network mask (in slash prefix format) to view all information received from neighbors. NOTE: You must configure the neighbor soft-reconfiguration inbound command prior to viewing all the information received from the neighbors.
PAGE 686
Example Lines Beginning With Description For address family: Displays IPv6 Unicast as the address family. BGP table version Displays which version of the primary BGP routing table the router and the neighbor are using. Prefixes accepted Displays the number of network prefixes accepted by the router and the amount of memory used to process those prefixes. Prefixes advertised Displays the number of network prefixes advertised, the number rejected, and the number withdrawn from the BGP routing table.
PAGE 687
'Connection Reset' Sent : 1 Recv: 0 BGP neighbor is 5ffe:11::3, remote AS 1, external link BGP version 4, remote router ID 5.5.5.
PAGE 688
Example Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 689
9000::a:2 18508 35 9000::b:14 18508 29 Dell# 32 29 0 0 0 0 0 0 00:16:43 00:13:01 0 0 show ip bgp next-hop View all next hops (using learned routes only) with current reachability and flap status. This command only displays one path, even if the next hop is reachable by multiple paths. Syntax Parameters Command Modes Command History Example show ip bgp next-hop [local-routes] local-routes • EXEC • EXEC Privilege (OPTIONAL) Show next-hop information for local routes. Version Description 9.
PAGE 690
• Command Modes Command History • EXEC • EXEC Privilege $ = (dollar sign) the end of the output string. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. show ip bgp paths as-path View all unique AS-PATHs in the BGP database. Syntax show ip bgp paths as-path Command Modes Command History • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.
PAGE 691
Command Modes Command History • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. show ip bgp regexp Allows you to view the subset of BGP routing table matching the regular expressions specified. Syntax Parameters show ip bgp regexp regular-expression [character] regular-expression [character] Enter a regular expression then use one or a combination of the following characters to match: • .
PAGE 692
Parameters Defaults Command Modes Command History Related Commands keepalive Enter the time interval (in seconds) between which the system sends keepalive messages. The range is from 1 to 65535. The default is 60 seconds. holdtimer Enter the time interval (in seconds) that the the system waits since the last keepalive message before declaring a BGP peer dead. The range is from 3 to 65535. The default is 180 seconds.
PAGE 693
aggregate-address Summarize a range of prefixes to minimize the number of entries in the routing table. Syntax Parameters aggregate-address ipv6-address prefix-length [advertise-map map-name] [as-set] [attribute-map map-name] [summary-only] [suppress-map map-name] ipv6-address prefix-length Enter the IPv6 address in the x:x:x:x::x format then the prefix length in the / x format. The range is from /0 to /128. NOTE: The :: notation specifies successive hexadecimal fields of zeros.
PAGE 694
bgp dampening Enable MBGP route dampening. Syntax bgp dampening [half-life time] [route-map map-name] To disable route dampening, use the no bgp dampening [half-life time] [route-map map-name] command. Parameters half-life time (OPTIONAL) Enter the number of minutes after which the Penalty is decreased. After the router assigns a Penalty of 1024 to a route, the Penalty is decreased by half, after the half-life period expires. The range is from 1 to 45. The default is 15 minutes.
PAGE 695
clear ip bgp ipv6 unicast dampening Clear information on route dampening. Syntax Parameters Command Modes Command History clear ip bgp dampening ipv6 unicast [network network-mask] network (OPTIONAL) Enter the IPv6 network address in x:x:x:x::x format. network-mask If you enter the network address, next enter the network mask, from 0 to 128. EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 696
debug ip bgp ipv6 unicast dampening View information on routes being dampened. Syntax debug ip bgp ipv6 unicast dampening To disable debugging, use the no debug ip bgp ipv6 unicast dampening command. Parameters Command Modes Command History dampening Enter the keyword dampening to clear route flap dampening information. EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the S4820T.
PAGE 697
Parameters ipv6-address prefix-length Enter the IPv6 address in the x:x:x:x::x format then the prefix length in the /x format. The range is from /0 to /128. NOTE: The :: notation specifies successive hexadecimal fields of zeros. updates Enter the keyword updates to view BGP update information. in (OPTIONAL) Enter the keyword in to view only BGP updates received from neighbors. out (OPTIONAL) Enter the keyword out to view only BGP updates sent to neighbors. Defaults Disabled.
PAGE 698
The higher the administrative distance assigned to a route means that your confidence in that route is low. Routes assigned an administrative distance of 255 are not installed in the routing table. Routes from confederations are treated as internal BGP routes. neighbor activate Allows you to enable a specified neighbor/peer group for the current address and subsequent address family identifier (AFI/SAFI).
PAGE 699
seconds Defaults Command Modes Command History Enter a number as the time interval, in seconds, between BGP advertisements. The range is from 0 to 600 seconds. The default is 5 seconds for internal BGP peers and 30 seconds for external BGP peers. • seconds = 5 seconds (internal peers) • seconds = 30 seconds (external peers) ROUTER BGPV6-ADDRESS FAMILY Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 700
To delete a neighbor distribution list, use the no neighbor {ipv6-address | peer-group-name} distribute-list prefix-list-name {in | out} command. Parameters ipv6-address Enter the IPv6 address in the x:x:x:x::x format. NOTE: The :: notation specifies successive hexadecimal fields of zeros. peer-group-name Enter the name of the peer group. prefix-list-name Enter the name of an established prefix list. If the prefix list is not configured, the default is permit (to allow all routes).
PAGE 701
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. neighbor maximum-prefix Control the number of network prefixes received. Syntax neighbor {ipv6-address | peer-group-name} maximum-prefix maximum [threshold] [warning-only] To return to the default values, use the no neighbor {ipv6-address | peer-group-name} maximum-prefix maximum [threshold] [warning-only] command.
PAGE 702
NOTE: The :: notation specifies successive hexadecimal fields of zeros. peer-group-name (OPTIONAL) Enter the name of the peer group. Defaults Disabled. Command Modes ROUTER BGPV6-ADDRESS FAMILY Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. If you configure the set ipv6 next-hop command in ROUTE-MAP mode, its configuration takes precedence over the neighbor next-hop-self command.
PAGE 703
NOTE: The :: notation specifies successive hexadecimal fields of zeros. peer-group-name Enter the name of the peer group. map-name Enter the name of an established route map. If the Route map is not configured, the default is deny (to drop all routes). in Enter the keyword in to filter inbound routes. out Enter the keyword out to filter outbound routes. Defaults Not configured. Command Modes ROUTER BGPV6-ADDRESS FAMILY Command History Usage Information Version Description 9.9(0.
PAGE 704
Usage Information The first time you enter this command it configures the neighbor as a route reflector and members of the routereflector cluster. Internal BGP (IBGP) speakers do not need to be fully meshed if you configure a route reflector. When all clients of a route reflector are disabled, the neighbor is no longer a route reflector. network Specify the networks for the BGP process and enter them in the BGP routing table.
PAGE 705
If the route map is not configured, the default is deny (to drop all routes). Defaults Not configured. Command Modes ROUTER BGPV6-ADDRESS FAMILY Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. If you do not configure the default-metric command, in addition to the redistribute command, or there is no route map to set the metric, the metric for redistributed static and connected is “0”.
PAGE 706
Paramters Command Modes Command History cluster-id • EXEC • EXEC Privilege (OPTIONAL) Enter the cluster id in dotted decimal format. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. show ip bgp ipv6 unicast community View information on all routes with community attributes or view specific BGP community groups.
PAGE 707
show ip bgp ipv6 unicast community-list View routes that are affected by a specific community list. Syntax Paramters Command Modes Command History show ip bgp ipv6 unicast community-list community-list-name community-listname • EXEC • EXEC Privilege Enter the name of a configured IP community list. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 708
Example R2_Training#show ip bgp ipv6 unicast detail Detail information for BGP Node bgpNdP 0x41a17000 : NdTmrP 0x41a17000 : NdKATmrP 0x41a17014 : NdTics 327741 : NhLocAS 1 : NdState 2 : NdRPMPrim 1 : NdListSoc 13 NdAuto 1 : NdEqCost 1 : NdSync 0 : NdDefOrg 0 NdV6ListSoc 14 NdDefDid 0 : NdConfedId 0 : NdMedConfed 0 : NdMedMissVal -1 : NdIgnrIllId 0 : NdRRC2C 1 : NdClstId 33686273 : NdPaTblP 0x41a19088 NdASPTblP 0x41a19090 : NdCommTblP 0x41a19098 : NhOptTransTblP 0x41a190a0 : NdRRClsTblP 0x41a190a8 NdPktPA 0
PAGE 709
• . = (period) any single character (including a white space). • * = (asterisk) the sequences in a pattern (0 or more sequences). • + = (plus) the sequences in a pattern (1 or more sequences). • ? = (question mark) sequences in a pattern (either 0 or 1 sequences). NOTE: You must enter an escape sequence (CTRL+v) prior to entering the ? regular expression. Command Modes Command History Example • EXEC • EXEC Privilege • [ ] = (brackets) a range of single-character patterns.
PAGE 710
show ip bgp ipv6 unicast neighbors Allows you to view the information exchanged by BGP neighbors. Syntax show ip bgp ipv6 unicast neighbors [ipv6-address prefix-length [advertisedroutes | dampened-routes | detail | flap-statistics | routes]] Parameters ipv6-address prefix-length (OPTIONAL) Enter the IPv6 address in the x:x:x:x::x format then the prefix length in the /x format. The range is from /0 to /128. NOTE: The :: notation specifies successive hexadecimal fields of zeros.
PAGE 711
Lines Beginning With Description • Example keepalive interval is the number of seconds between keepalive messages to help ensure that the TCP session is still alive Received messages This line displays the number of BGP messages received, the number of notifications (error messages), and the number of messages waiting in a queue for processing.
PAGE 712
For address family: IPv6 Unicast BGP table version 12, neighbor version 12 2 accepted prefixes consume 32 bytes Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 0, rejected 0, withdrawn 0 from peer Connections established 3; dropped 2 Last reset 00:00:39, due to Closed by neighbor Notification History 'OPEN error/Bad AS' Sent : 0 Recv: 1 Local host: 5ffe:10::4, Local port: 179 Foreign host: 5ffe:10::3, Foreign port: 35470 Notification History 'Connection Reset' Sent : 1 Recv: 0
PAGE 713
summary Command Modes Command History Related Commands • EXEC • EXEC Privilege (OPTIONAL) Enter the keyword summary to view status information of the peers in that peer group. The output is the same as that found in the show ip bgp ipv6 unicast summary command. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. neighbor peer-group (assigning peers) — assigns a peer to a peer-group.
PAGE 714
Field Description Dampening enabled Displayed only when dampening is enabled. Displays the number of paths designated as history, dampened, or penalized. Neighbor Displays the BGP neighbor address. AS Displays the AS number of the neighbor. MsgRcvd Displays the number of BGP messages that neighbor received. MsgSent Displays the number of BGP messages that neighbor sent. TblVer Displays the version of the BGP table that was sent to that neighbor.
PAGE 715
28 iSCSI Optimization Internet small computer system interface (iSCSI) optimization enables quality-of-service (QoS) treatment for iSCSI storage traffic. To configure and verify the iSCSI optimization feature, use the following Dell Networking Operating System (OS) commands.
PAGE 716
To remove the iSCSI session aging time, use the no iscsi aging time command. Parameters time Defaults 10 minutes Command Modes CONFIGURATION Command History Enter the aging time for the iSCSI session. The range is from 5 to 43,200 minutes. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. iscsi cos Set the QoS policy that is applied to the iSCSI flows.
PAGE 717
iscsi enable Globally enable iSCSI optimization. Syntax iscsi enable To disable iSCSI optimization, use the no iscsi enable command. Parameters enable Defaults Disabled. Command Modes CONFIGURATION Command History Usage Information Enter the keyword enable to enable the iSCSI optimization feature. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 718
Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. iscsi target port Configure the iSCSI target ports and optionally, the IP addresses on which iSCSI communication is monitored. Syntax iscsi target port [tcp-port-2...tcp-port-16]ip-address [ip-address] To remove the configured iSCSI target ports or IP addresses, use the no iscsi target port command. Parameters tcpport-2...tcpport- 16 Enter the tcp-port number of the iSCSI target ports.
PAGE 719
Session aging time: 10 Maximum number of connections is 256 -----------------------------------------------iSCSI Targets and TCP Ports: -----------------------------------------------TCP Port Target IP Address 3260 860 Related Commands • show iscsi sessions — displays information about active iSCSI sessions on the switch. • show iscsi sessions detailed — displays detailed information about active iSCSI sessions on the switch. • show run iscsi — shows run iscsi.
PAGE 720
Parameters Command Modes Command History Example isid • EXEC • EXEC Privilege Enter the session’s iSCSi ID to display detailed information about the specified iSCSi session. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Dell# show isci session detailed Session 0 : --------------------------------------------------Target:iqn.2010-11.com.ixia:ixload:iscsi-TG1 Initiator:iqn.2010-11.com.ixia.
PAGE 721
• show iscsi sessions — show iscsi session — displays detailed information about active iSCSI sessions on the switch. • show iscsi sessions detailed — displays detailed information on active iSCSI sessions on the switch.
PAGE 722
29 Intermediate System to Intermediate System (ISIS) The Dell Networking OS supports the intermediate system to intermediate system (IS-IS) protocol for IPv4 and IPv6. IS-IS is an interior gateway protocol that uses a shortest-path-first algorithm. IS-IS facilitates the communication between open systems, supporting routers passing both IP and OSI traffic. A router is considered an intermediate system. Networks are partitioned into manageable routing domains, called areas.
PAGE 723
• graceful-restart restart-wait • hello padding • hostname dynamic • ignore-lsp-errors • ip router isis • ipv6 router isis • isis circuit-type • isis csnp-interval • isis csnp-interval • isis hello-multiplier • isis hello padding • isis ipv6 metric • isis metric • isis network point-to-point • isis password • isis priority • is-type • log-adjacency-changes • lsp-gen-interval • lsp-mtu • lsp-refresh-interval • max-area-addresses • max-lsp-lifetime • maximum-path
PAGE 724
adjacency-check Verify that the “protocols supported” field of the IS-IS neighbor contains matching values to this router. Syntax adjacency-check To disable adjacency check, use the no adjacency-check command. Defaults Enabled. Command Modes • ROUTER ISIS (for IPv4) • CONFIGURATION-ROUTER-ISIS-ADDRESS-FAMILY-IPV6 (for IPv6) Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 725
Usage Information You cannot disable leaking from one level to another; however, you can regulate the rate flow from one level to another using an IP Prefix list. If you do not configure the IP Prefix list, all routes are leaked. You can find more information in IETF RFC 2966, Domain-wide Prefix Distribution with Two-Level IS-IS. area-password Configure a hash message authentication code (HMAC) password for an area.
PAGE 726
Usage Information CAUTION: Use caution when you enter this command. Back up your configuration prior to using this command or your IS-IS configuration will be erased. clear isis Restart the IS-IS process. All IS-IS data is cleared. Syntax clear isis [tag] {* | database | traffic} Parameters Command Modes Command History tag (Optional) Enter an alphanumeric string to specify the IS-IS routing tag area. * Enter the keyword * to clear all IS-IS information and restart the IS-IS process.
PAGE 727
debug isis Enable debugging for all IS-IS operations. Syntax debug isis To disable debugging of IS-IS, use the no debug isis command. Command Modes Command History Usage Information EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Entering debug isis enables all debugging parameters. To display all debugging information in one output, use this command.
PAGE 728
debug isis local-updates To debug IS-IS local update packets, enable debugging on a specific interface and provides diagnostic information. Syntax debug isis local-updates [interface] To turn off debugging, use the no debug isis local-updates [interface] command. Parameters Command Modes Command History interface (OPTIONAL) Identifies the interface type slot/port as one of the following: • For a Port Channel interface, enter the keywords port-channel then a number. The range is from 1 to 128.
PAGE 729
debug isis spf-triggers Enable debugging on the events that triggered IS-IS shortest path first (SPF) events for debugging purposes. Syntax debug isis spf-triggers To turn off debugging, use the no debug isis spf-triggers command. Command Modes Command History EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. debug isis update-packets Enable debugging on link state PDUs (LSPs) that a router detects.
PAGE 730
Defaults metric metric (OPTIONAL) Enter the keyword metric then a number to assign to the route. The range is from 0 to 16777215. route-map mapname (OPTIONAL) A default route the routing process generates if the route map is satisfied. Not configured. Command Modes Command History Usage Information • ROUTER ISIS (for IPv4) • CONFIGURATION-ROUTER-ISIS-ADDRESS-FAMILY-IPV6 (for IPv6) Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.
PAGE 731
Related Commands router isis — Enter ROUTER mode on the switch. distance Define the administrative distance for learned routes. Syntax distance weight [ip-address mask [prefix-list]] To return to the default values, use the no distance weight command. Parameters Defaults Command Modes Command History Usage Information weight The administrative distance value indicates the reliability of a routing information source. The range is from 1 to 255. (A higher relative value indicates lower reliability.
PAGE 732
Defaults Not configured. Command Modes Command History Related Commands • ROUTER ISIS (for IPv4) • CONFIGURATION-ROUTER-ISIS-ADDRESS-FAMILY-IPV6 (for IPv6) Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. • distribute-list out — suppresses networks from being advertised in updates. • redistribute — redistributes routes from one routing domain to another routing domain.
PAGE 733
• redistribute — redistributes routes from one routing domain to another routing domain. distribute-list redistributed-override Suppress flapping of routes when the same route is redistributed into IS-IS from multiple routers in the network. Syntax distribute-list redistributed-override in To return to the default, use the no distribute-list redistributed-override in command.
PAGE 734
Related Commands • area-password — configures an IS-IS area authentication password. • isis priority — configures the authentication password for an interface. graceful-restart ietf Enable graceful restart on an IS-IS router. Syntax graceful-restart ietf To return to the default, use the no graceful-restart ietf command. Parameters ietf Enter ietf to enable graceful restart on the IS-IS router. Defaults Graceful restart disabled.
PAGE 735
Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. graceful-restart t1 Set the graceful restart wait time before unacknowledged restart requests are generated. This wait time is the interval before the system sends a restart request (an IIH with RR bit set in Restart TLV) until the CSNP is received from the helping router. Syntax graceful-restart t1 {interval seconds | retry-times value} To return to the default, use the no graceful-restart t1 command.
PAGE 736
graceful-restart t3 Configure the overall wait time before graceful restart completes. Syntax graceful-restart t3 {adjacency | manual} seconds To return to the default, use the no graceful-restart t3 command. Parameters adjacency Enter the keyword adjacency so that the restarting router receives the remaining time value from its peer and adjusts its T3 value so if you have configured this option. manual Enter the keyword manual to specify a time value that the restarting router uses.
PAGE 737
Command Modes Command History Related Commands ROUTER ISIS Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. graceful-restart t3 — configures the overall wait time before graceful restart completes. hello padding Use to turn ON or OFF padding for LAN and point-to-point hello PDUs or to selectively turn padding ON or OFF for LAN or point-to-point hello PDUs.
PAGE 738
Usage Information To build name-to-systemID mapping tables through the protocol, use this command. All show commands that display systems also display the hostname. Related Commands clns host — defines a name-to-NSAP mapping. ignore-lsp-errors Ignore LSPs with bad checksums instead of purging those LSPs. Syntax ignore-lsp-errors To return to the default values, use the no ignore-lsp-errors command. Defaults In IS-IS, the default deletes LSPs with internal checksum errors (no ignore-lsp-errors).
PAGE 739
ipv6 router isis Enable the IPv6 IS-IS routing protocol and specify an IPv6 IS-IS process. Syntax ipv6 router isis [tag] To disable IS-IS routing, use the no router isis [tag] command. Parameters tag Defaults Not configured. Command Modes ROUTER ISIS Command History Usage Information (OPTIONAL) This parameter is a unique name for a routing process. A null tag is assumed if the tag option is not specified. The tag name must be unique for all IP router processes for a given router.
PAGE 740
Defaults level-1-2 Command Modes INTERFACE Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Because the default establishes Level 1 and Level 2 adjacencies, you do not need to configure this command. Routers in an IS-IS system must be configured as a Level 1-only, Level 1-2, or Level 2-only system.
PAGE 741
isis csnp-interval Configure the IS-IS complete sequence number PDU (CSNP) interval on an interface. Syntax isis csnp-interval seconds [level-1 | level-2] To return to the default values, use the no isis csnp-interval [seconds] [level-1 | level-2] command. Parameters seconds Interval of transmission time between CSNPs on multi-access networks for the designated intermediate system. The range is from 0 to 65535. The default is 10.
PAGE 742
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. The holdtime (the product of the hello-multiplier multiplied by the hello-interval) determines how long a neighbor waits for a hello packet before declaring the neighbor is down so routes can be recalculated. isis hello padding Turn ON or OFF padding of hello PDUs from INTERFACE mode.
PAGE 743
Command Modes Command History Usage Information INTERFACE Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Dell Networking recommends configuring metrics on all interfaces. Without configuring this command, the IS-IS metrics are similar to hop-count metrics. isis metric Assign a metric to an interface.
PAGE 744
Command Modes Command History INTERFACE Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. isis password Configure an authentication password for an interface. Syntax isis password [hmac-md5] password [level-1 | level-2] To delete a password, use the no isis password [password] [level-1 | level-2] command. Parameters encryption-type (OPTIONAL) Enter 7 to encrypt the password using DES.
PAGE 745
To return to the default values, use the no isis priority [value] [level-1 | level-2] command. Parameters value This value sets the router priority. The higher the value, the higher the priority. The range is from 0 to 127. The default is 64. level-1 (OPTIONAL) Specify the priority for Level 1. This setting is the default. level-2 (OPTIONAL) Specify the priority for Level 2. Defaults value = 64; level-1 (if not otherwise specified).
PAGE 746
If you are configuring only one area in your network, you do not need to run both Level 1 and Level 2 routing algorithms. You can configure the IS type as Level 1. log-adjacency-changes Generate a log messages for adjacency state changes. Syntax log-adjacency-changes To disable this function, use the no log-adjacency-changes command. Defaults Adjacency changes are not logged. Command Modes ROUTER ISIS Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.
PAGE 747
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. LSP throttling slows down the frequency at which LSPs are generated during network instability. Even though throttling LSP generations slows down network convergence, no throttling can result in a network not functioning as expected.
PAGE 748
Parameters seconds Defaults 900 seconds Command Modes ROUTER ISIS Command History Usage Information The LSP refresh interval, in seconds. This value has to be less than the seconds value specified with the max-lsp-lifetime command. The range is from 1 to 65535 seconds. The default is 900. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 749
To restore the default time, use the no max-lsp-lifetime command. Parameters seconds Defaults 1200 seconds Command Modes ROUTER ISIS Command History Usage Information The maximum lifetime of LSP in seconds. This value must be greater than the lsprefresh-interval command. The higher the value the longer the LSPs are kept. The range is from 1 to 65535. The default is 1200. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 750
metric-style To generate and accept old-style, new-style, or both styles of type, length, and values (TLV), configure a router. Syntax metric-style {narrow [transition] | transition | wide [transition]} [level-1 | level-2] To return to the default values, use the no metric-style {narrow [transition] | transition | wide [transition]} [level-1 | level-2] command. Parameters narrow Allows you to generate and accept old-style TLVs. The metric range is from 0 to 63.
PAGE 751
Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. net To configure an IS-IS network entity title (NET) for a routing process, use this mandatory command. If you did not configure a NET, the IS-IS process does not start. Syntax net network-entity-title To remove a net, use the no net network-entity-title command. Parameters network-entity-title Defaults Not configured.
PAGE 752
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Although the passive interface does not send nor receive routing updates, the network on that interface is still included in the IS-IS updates sent using other interfaces. redistribute Redistribute routes from one routing domain to another routing domain.
PAGE 753
Usage Information Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. To redistribute a default route (0.0.0.0/0), configure the default-information originate command. Changing or disabling a keyword in this command does not affect the state of the other command keywords. When an LSP with an internal metric is received, the system considers the route cost while considering the advertised cost to reach the destination.
PAGE 754
route-map mapname map-name is an identifier for a configured route map. The route map filters imported routes from the source routing protocol to the current routing protocol. If you do not specify a map-name, all routes are redistributed. If you specify a keyword, but fail to list route map tags, no routes are imported. Defaults IS-IS Level 2 routes only Command Modes Command History • ROUTER ISIS (for IPv4) • CONFIGURATION-ROUTER-ISIS-ADDRESS-FAMILY-IPV6 (for IPv6) Version Description 9.9(0.
PAGE 755
level-1 (OPTIONAL) Routes are independently redistributed into IS-IS as Level 1 routes. level-1-2 (OPTIONAL) Routes are independently redistributed into IS-IS as Level-1-2 routes. level-2 (OPTIONAL) Routes are independently redistributed into IS-IS as Level 2 routes. This setting is the default. match {external | internal} (OPTIONAL) The command used for OSPF to route and redistribute into other routing domains.
PAGE 756
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Configure a network entity title (the net command) to specify the area address and the router system ID. Enable routing on one or more interfaces to establish adjacencies and establish dynamic routing. You can configure only one IS-IS routing process to perform Level 2 routing. A level-1-2 designation performs Level 1 and Level 2 routing at the same time.
PAGE 757
Command History Example (RouterIsis) Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. The bold section identifies that Multi-Topology IS-IS is enabled in Transition mode. Dell(conf-router_isis)#show config ! router isis clns host ISIS 49.0000.0001.F100.E120.0013.00 log-adjacency-changes net 49.0000.0001.F100.E120.0013.
PAGE 758
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. The following describes the show isis database command shown in the following example. Field Description IS-IS Level-1/ Level-2 Link State Database Displays the IS-IS link state database for Level 1 or Level 2. LSPID Displays the LSP identifier. The first six octets are the System ID of the originating router.
PAGE 759
IS-IS Level-2 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL ISIS.00-00 * 0x00000006 0xCF43 580 0/0/0 ! Dell#show isis database detail ISIS.00-00 IS-IS Level-1 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL ISIS.00-00 * 0x0000002B 0x853B 1075 0/0/0 Area Address: 49.0000.0001 NLPID: 0xCC 0x8E IP Address: 10.1.1.1 IPv6 Address: 1011::1 Topology: IPv4 (0x00) IPv6 (0x8002) Metric: 10 IS OSPF.00 Metric: 10 IS (MT-IPv6) OSPF.00 Metric: 10 IP 15.1.1.0 255.255.
PAGE 760
Example Dell#show isis graceful-restart detail Configured Timer Value ====================== Graceful Restart : Enabled T3 Timer : Manual T3 Timeout Value : 30 T2 Timeout Value : 30 (level-1), 30 (level-2) T1 Timeout Value : 5, retry count: 1 Adjacency wait time : 30 Operational Timer Value ====================== Current Mode/State : T3 Time left : T2 Time left : Restart ACK rcv count : Restart Req rcv count : Suppress Adj rcv count : Restart CSNP rcv count : Database Sync count : Dell# Normal/RUNNING 0 0
PAGE 761
Command Modes Command History Example • EXEC • EXEC Privilege • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a VLAN, enter the keyword vlan then a number from 1 to 4094. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 762
• Command Modes Command History Usage Information • EXEC • EXEC Privilege For a VLAN, enter the keyword vlan then a number from 1 to 4094. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Use this command to confirm that the neighbor adjacencies are operating correctly. If you suspect that they are not, you can verify the specified area addresses of the routers by using the show isis neighbors command.
PAGE 763
• Command History Example EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. The bold section identifies that Multi-Topology IS-IS is enabled. Dell#show isis protocol IS-IS Router: System Id: F100.E120.0013 IS-Type: level-1-2 Manual area address(es): 49.0000.0001 Routing for area address(es): 49.0000.
PAGE 764
Example 764 Item Description Level-1/Level-2 Hellos (sent/rcvd) Displays the number of Hello packets sent and received. PTP Hellos (sent/ rcvd) Displays the number of point-to-point Hellos sent and received. Level-1/Level-2 LSPs sourced (new/refresh) Displays the number of new and refreshed LSPs. Level-1/Level-2 LSPs flooded (sent/rcvd) Displays the number of flooded LSPs sent and received. Level-1/Level-2 LSPs CSNPs (sent/ rcvd) Displays the number of CSNP LSPs sent and received.
PAGE 765
spf-interval Specify the minimum interval between shortest path first (SPF) calculations. Syntax spf-interval [level-l | level-2] interval seconds [initial_wait_interval seconds [second_wait_interval seconds]] To restore default values, use the no spf-interval [level-l | level-2] interval seconds [initial_wait_interval seconds [second_wait_interval seconds]] command.
PAGE 766
30 Link Aggregation Control Protocol (LACP) This chapter contains commands for Dell Networks’s implementation of the link aggregation control protocol (LACP) for creating dynamic link aggregation groups (LAGs) — known as port-channels in the Dell Networking Operating System (OS). NOTE: For static LAG commands, refer to theInterfaces chapter), based on the standards specified in the IEEE 802.3 Carrier sense multiple access with collision detection (CSMA/CD) access method and physical layer specifications.
PAGE 767
To disable LACP debugging, use the no [config | events | pdu [interface [in | out]]] command. Parameters config (OPTIONAL) Enter the keyword config to debug the LACP configuration. events (OPTIONAL) Enter the keyword events to debug the LACP event information. pdu (OPTIONAL) Enter the keyword pdu to debug the LACP Protocol Data Unit information.
PAGE 768
lacp port-priority To influence which ports will be put in Standby mode when there is a hardware limitation that prevents all compatible ports from aggregating, configure the port priority. Syntax lacp port-priority priority-value To return to the default setting, use the no lacp port-priority priority-value command. Parameters priority-value Defaults 32768 Command Modes INTERFACE Command History Enter the port-priority value. The higher the value number, the lower the priority.
PAGE 769
NOTE: LACP modes are defined in Usage Information. off Enter the keyword off to set the mode to the off state. NOTE: LACP modes are defined in Usage Information. Defaults off Command Modes INTERFACE Command History Usage Information Version 9.2(0.0) Introduced on the M I/O Aggregator. Version 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. LACP Modes Mode Function active An interface is in an active negotiating state in this mode.
PAGE 770
show lacp Display the LACP matrix. Syntax show lacp port-channel-number [sys-id | counters] Parameters Defaults port-channelnumber Enter a port-channel number. The range is from 1 to 128. sys-id (OPTIONAL) Enter the keywords sys-id and the value that identifies a system. counters (OPTIONAL) Enter the keyword counters to display the LACP counters. Without a Port Channel specified, the command clears all Port Channel counters.
PAGE 771
show interfaces port-channel — displays information on configured Port Channel groups.
PAGE 772
31 Layer 2 This chapter describes commands to configure Layer 2 features.
PAGE 773
clear mac-address-table Clear the MAC address table. Syntax Parameters clear mac-address-table dynamic {address mac-address | all | interface interface | vlan vlan-id} address macaddress Enter the keyword address then a MAC address in nn:nn:nn:nn:nn:nn format. all Enter the keyword all to delete all MAC address entries in the MAC address table.
PAGE 774
mac-address-table disable-learning Disable MAC address learning from LACP or LLDP BPDUs. Syntax mac-address-table disable-learning [lacp | lldp] Parameters lacp Enter lacp to disable MAC address learning from LACP BPDUs. lldp Enter LLDP to disable MAC address learning from LLDP BPDUs. Defaults Disabled Command Modes CONFIGURATION Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide.
PAGE 775
Version 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. mac-address-table station-move refresh-arp Ensure that address resolution protocol (ARP) refreshes the egress interface when a station move occurs due to a topology change. Syntax [no] mac-address-table station-move refresh-arp Defaults Enabled Command Modes CONFIGURATION Command History Usage Information Version 9.9(0.0) Modified the default option from none to Enabled. Version 9.2(0.0) Introduced on the M I/O Aggregator.
PAGE 776
Usage Information This command and its options are supported on physical interfaces, static LAGs, LACP LAGs, and VLANs. If you do not specify the vlan option, the MAC address counters are not VLAN-based. That is, the sum of the addresses learned on all VLANs (not having any learning limit configuration) is counted against the MAC learning limit. MAC Learning Limit violation logs and actions are not available on a per-VLAN basis.
PAGE 777
mac learning-limit station-move-violation Specify the actions for a station move violation. Syntax mac learning-limit station-move-violation {log | shutdown-both | shutdownoffending | shutdown-original} To disable a configuration, use the no mac learning-limit station-move-violation command, then the configured keyword. Parameters log Enter the keyword log to generate a syslog message on a station move violation.
PAGE 778
show cam mac stack-unit Display the content addressable memory (CAM) size and the portions allocated for MAC addresses and for MAC ACLs. Syntax show cam mac stack-unit unit_number port-set port-pipe count [vlan vlan-id] [interface interface] Parameters stack-unit unit_number (REQUIRED) Enter the keyword linecard then a stack member number to select the linecard for which to gather information. The range is 0 to 5.
PAGE 779
Command Modes Command History Usage Information static (OPTIONAL) Enter the keyword static to display only those MAC addresses specifically configured on the switch. Optionally, you can also add one of these combinations: address/mac-address, interface/interface, or vlan vlanid. address macaddress (OPTIONAL) Enter the keyword address then a MAC address in the nn:nn:nn:nn:nn:nn format to display information on that MAC address.
PAGE 780
20 Dell# Usage Information 00:00:c9:ad:f6:12 Dynamic Te 0/3 Active The following describes the show mac-address-table command shown in the following example. Column Heading Description VlanId Displays the VLAN ID number. Mac Address Displays the MAC address in nn:nn:nn:nn:nn:nn format. Type Lists whether the MAC address was manually configured (Static), learned (Dynamic), or associated with a specific port (Sticky).
PAGE 781
• Command History Example EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Dell#show mac-address-table aging-time Mac-address-table aging time : 1800 Dell# Related Commands show mac-address-table — displays the current MAC address configuration. show mac learning-limit Display MAC address learning limits set for various interfaces.
PAGE 782
Virtual LAN (VLAN) Commands The following commands configure and monitor virtual LANs (VLANs). VLANs are a virtual interface and use many of the same commands as physical interfaces. You can configure an IP address and Layer 3 protocols on a VLAN called Inter-VLAN routing. FTP, TFTP, ACLs and SNMP are not supported on a VLAN. Occasionally, while sending broadcast traffic over multiple Layer 3 VLANs, the VRRP state of a VLAN interface may continually switch between Master and Backup.
PAGE 783
Usage Information To return VLAN 1 as the Default VLAN, use the (default-vlan-id 1) command. The Default VLAN contains only untagged interfaces. Related Commands interface vlan — configures a VLAN. default-vlan disable Disable the default VLAN so that all switchports are placed in the Null VLAN until they are explicitly configured as a member of another VLAN. Defaults Enabled. Command Modes CONFIGURATION Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM.
PAGE 784
show config Display the current configuration of the selected VLAN. Syntax show config Command Modes INTERFACE VLAN Command History Example Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Dell(conf-if-vl-100)#show config ! interface Vlan 1 description a no ip address mtu 2500 shutdown Dell(conf-if-vl-100)# show vlan Display the current VLAN configurations on the switch.
PAGE 785
Usage Information The following describes the show vlan command shown in the following example. Column Heading Description (Column 1 — no heading) asterisk symbol (*) = Default VLAN • G = GVRP VLAN • P = primary VLAN • C = community VLAN • I = isolated VLAN • O = OpenFlow NUM Displays existing VLAN IDs. Status Displays the word Inactive for inactive VLANs and the word Active for active VLANs.
PAGE 786
Q: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged G - GVRP tagged, M - Vlan-stack, H - VSN tagged i - Internal untagged, I - Internal tagged, v - VLT untagged, V - VLT tagged NUM Status Description Q Ports 1 Inactive a Dell# Example (Brief) Dell#show vlan brief VLAN Name STG MAC Aging IP Address ---- -----------------------------1 0 0 unassigned 2 0 0 unassigned 20 0 0 unassigned 1002 0 0 unassigned Dell# Example (Name) Dellconf)#interface vlan 222 Dell(conf-if-vl-222)#name test Dell(conf-
PAGE 787
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. When you use the no tagged command, the interface is automatically placed in the Default VLAN as an untagged interface unless the interface is a member of another VLAN. If the interface belongs to several VLANs, remove it from all VLANs to change it to an untagged interface.
PAGE 788
The Layer 2 state of the VLAN, and hence the Layer 2 traffic, is not affected by the track ip command configuration. Related Commands interface vlan — configures a VLAN. tagged — specifies which interfaces in a VLAN are tagged. untagged Add a Layer 2 interface to a VLAN as an untagged interface. Syntax untagged interface To remove an untagged interface from a VLAN, use the no untagged interface command.
PAGE 789
32 Link Layer Discovery Protocol (LLDP) Link layer discovery protocol (LLDP) advertises connectivity and management from the local station to the adjacent stations on an IEEE 802 LAN. LLDP facilitates multi-vendor interoperability by using standard management tools to discover and make available a physical topology for network management. The Dell Networking operating software implementation of LLDP is based on IEEE standard 801.1ab.
PAGE 790
advertise dot1-tlv Advertise dot1 TLVs (Type, Length, Value). Syntax advertise dot1-tlv {port-protocol-vlan-id | port-vlan-id | vlan-name} To remove advertised dot1-tlv, use the no advertise dot1-tlv {port-protocol-vlan-id | portvlan-id | vlan-name} command. Parameters port-protocol-vlanid Enter the keywords port-protocol-vlan-id to advertise the port protocol VLAN identification TLV. port-vlan-id Enter the keywords port-vlan-id to advertise the port VLAN identification TLV.
PAGE 791
Version 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. advertise management-tlv Advertise management TLVs (Type, Length, Value). Syntax advertise management-tlv {system-capabilities | system-description | systemname} To remove advertised management TLVs, use the no advertise management-tlv {systemcapabilities | system-description | system-name} command. Parameters system-capabilities Enter the keywords system-capabilities to advertise the system capabilities TLVs to the LLDP peer.
PAGE 792
Version 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. clear lldp neighbors Clear LLDP neighbor information for all interfaces or a specific interface. Syntax clear lldp neighbors {interface} Parameters interface Defaults none Command Modes EXEC Privilege Command History Enter the following keywords and slot/port or number information: • For a 10-Gigabit Ethernet interface, enter the keyword tenGigabitEthernet then the slot/port information.
PAGE 793
rx (OPTIONAL) Enter the keyword rx to display receive-only packet information. both (OPTIONAL) Enter the keyword both to display both receive and transmit packet information. Defaults none Command Modes EXEC Privilege Command History Version 9.2(0.0) Introduced on the M I/O Aggregator. Version 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. disable Enable or disable LLDP. Syntax disable To enable LLDP, use the no disable command. Defaults Enabled, that is no disable.
PAGE 794
Version 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. mode To receive or transmit, set LLDP. Syntax mode {tx | rx} To return to the default, use the no mode {tx | rx} command. Parameters tx Enter the keyword tx to set the mode to transmit. rx Enter the keyword rx to set the mode to receive. Defaults Both transmit and receive. Command Modes CONFIGURATION (conf-lldp) and INTERFACE (conf-if-interface-lldp) Command History Related Commands Version Description 9.9(0.
PAGE 795
protocol lldp (Configuration) Enable the LLDP globally on the switch. Syntax protocol lldp To disable LLDP globally on the chassis, use the no protocol lldp command. Defaults Enabled. Command Modes CONFIGURATION (conf-lldp) Command History Version 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. protocol lldp (Interface) Enter the LLDP protocol in INTERFACE mode.
PAGE 796
Defaults none Command Modes EXEC Privilege Command History Version 8.3.16.1 Introduced on MXL 10/40GbE Switch IO Module Usage Information Omitting the keyword detail displays only the remote chassis ID, Port ID, and Dead Interval.
PAGE 797
multiplier 3 no disable Dell# LLDP-MED Commands The following are the LLDP-MED (Media Endpoint Discovery) commands. The LLDP-MED commands are an extension of the set of LLDP TLV advertisement commands. As defined by ANSI/TIA-1057, LLDP-MED provides organizationally specific TLVs (Type Length Value), so that endpoint devices and network connectivity devices can advertise their characteristics and configuration information.
PAGE 798
Related Commands protocol lldp (Configuration) — enables LLDP globally. debug lldp interface — debugs LLDP. show lldp neighbors — displays the LLDP neighbors. show running-config lldp — displays the LLDP running configuration. advertise med guest-voice-signaling To advertise a separate limited voice service for a guest user when the guest voice control packets use a separate network policy than the voice data, configure the system.
PAGE 799
Parameters coordinate-based value Enter the keywords coordinate-based then the coordinated based location in hexadecimal value of 16 bytes. civic-based value Enter the keywords civic-based then the civic based location in hexadecimal format. The range is from 6 to 255 bytes. ecs-elin value Enter the keywords ecs-elin then the Emergency Call Service (ecs) Emergency Location Identification Number (elin) numeric location string. The range is from 10 to 25 characters. Defaults unconfigured.
PAGE 800
advertise med softphone-voice To advertise softphone to enable IP telephony on a computer so that the computer can be used as a phone, configure the system. Syntax advertise med softphone-voice {vlan-id} | {priority-tagged number} To return to the default, use the no advertise med softphone-voice {vlan-id} | {prioritytagged number} command. Parameters vlan-id Enter the VLAN ID. The range is from 1 to 4094. priority-tagged number Enter the keywords priority-tagged then the Layer 2 priority.
PAGE 801
show lldp neighbors — displays the LLDP neighbors. show running-config lldp — displays the LLDP running configuration. advertise med video-conferencing To advertise dedicated video conferencing and other similar appliances that support real-time interactive video, configure the system. Syntax advertise med video-conferencing {vlan-id} | {priority-tagged number} To return to the default, use the no advertise med video-conferencing {vlan-id} | {priority-tagged number} command.
PAGE 802
Version 8.3.16.1 Related Commands Introduced on the MXL 10/40GbE Switch IO Module. debug lldp interface — debugs LLDP. show lldp neighbors — displays the LLDP neighbors. show running-config lldp — displays the LLDP running configuration. advertise med voice To advertise a dedicated IP telephony handset or other appliances supporting interactive voice services, configure the system.
PAGE 803
Command Modes Command History Related Commands CONFIGURATION (conf-lldp) 9.9(0.0) Introduced on the FN IOM. Version 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. debug lldp interface — debugs LLDP. show lldp neighbors — displays the LLDP neighbors. show running-config lldp — displays the LLDP running configuration.
PAGE 804
33 Microsoft Network Load Balancing Network Load Balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems. NLB uses a distributed methodology or pattern to equally split and balance the network traffic load across a set of servers that are part of the cluster or group.
PAGE 805
With multicast NLB mode, the data is forwarded to all the servers based on the port specified using the Layer 2 multicast command, which is the mac-address-table static multicast vlan output-range , command in CONFIGURATION mode. Limitations With Enabling NLB on Switches The following limitations apply to switches on which you configure NLB: • The NLB unicast mode uses switch flooding to transmit all packets to all the servers that are part of the VLAN.
PAGE 806
• mac-address-table static (for Multicast MAC Address) • ip vlan-flooding mac-address-table static (for Multicast MAC Address) For multicast mode of network load balancing (NLB), configure a static multicast MAC address, associate the multicast MAC address with the VLAN used to switch Layer 2 multicast traffic, and add output ports that will receive multicast streams on the VLAN.
PAGE 807
Version Description 9.3(0.0) Added support for multicast MAC address on the MXL platform. Example (Multicast) mac-address-table static 01:00:5E:01:00:01 {multicast vlan 2 output—range Te 0/2,Te 0/3} ip vlan-flooding Enable unicast data traffic flooding on VLAN member ports. Syntax ip vlan-flooding To disable, use the no ip vlan-flooding command. Command Modes Command History CONFIGURATION Version Description 9.9(0.0) Introduced on the FN IOM. 9.3(0.0) Introduced on the MXL Switch .
PAGE 808
34 Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) connects multiple PIM Sparse-Mode (PIM-SM) domains together. MSDP peers connect using TCP port 639. Peers send keepalives every 60 seconds. A peer connection is reset after 75 seconds if no MSDP packets are received. MSDP connections are parallel with MBGP connections.
PAGE 809
clear ip msdp sa-cache Clears the entire source-active cache, the source-active entries of a particular multicast group, rejected, or local source-active entries. Syntax Parameters clear ip msdp sa-cache [group-address | rejected-sa | local] group-address Enter the group IP address in dotted decimal format (A.B.C.D.).
PAGE 810
debug ip msdp Turn on MSDP debugging. Syntax debug ip msdp {event peer address | packet peer address | pim} To turn debugging off, use the no debug ip msdp {event peer address | packet peer address | pim} command. Parameters event peer address Enter the keyword event then the peer address in a dotted decimal format (A.B.C.D.). packet peer address Enter the keyword packet then the peer address in a dotted decimal format (A.B.C.D.). pim Enter the keyword pim to debug advertisement from PIM.
PAGE 811
ip msdp default-peer Define a default peer from which to accept all source-active (SA) messages. Syntax ip msdp default-peer peer address [list name] To remove the default peer, use the no ip msdp default-peer {peer address} list name command. Parameters peer address Enter the peer address in a dotted decimal format (A.B.C.D.) list name Enter the keywords list name and specify a standard access list that contains the RP address that should be treated as the default peer.
PAGE 812
To remove the peer from a mesh group, use the no ip msdp mesh-group {name} {peer address} command. Parameters name Enter a string of up to 16 characters long for as the mesh group name. peer address Enter the peer address in a dotted decimal format (A.B.C.D.). Defaults Not configured. Command Modes CONFIGURATION Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 813
ip msdp peer Configure an MSDP peer. Syntax ip msdp peer peer address [connect-source] [description] [sa-limit number] To remove the MSDP peer, use the no ip msdp peer peer address [connect-source interface] [description name] [sa-limit number] command. Parameters peer address Enter the peer address in a dotted decimal format (A.B.C.D.).
PAGE 814
ip msdp redistribute Filter local PIM SA entries in the SA cache. SAs which the ACL denies time out and are not refreshed. Until they time out, they continue to reside in the MSDP SA cache. Syntax ip msdp redistribute [list acl-name] Parameters list acl-name Defaults Not configured. Command Modes CONFIGURATION Command History Usage Information Enter the name of an extended ACL that contains permitted SAs. If you do not use this option, all local entries are blocked. Version Description 9.9(0.
PAGE 815
ip msdp sa-limit Configure the upper limit of source-active (SA) entries in SA-cache. Syntax ip msdp sa-limit number To return to the default, use the no ip msdp sa-limit number command. Parameters number Defaults 50000 Command Modes CONFIGURATION Command History Usage Information Enter the maximum number of SA entries in SA-cache. The range is from 0 to 40000. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 816
ip multicast-msdp Enable MSDP. Syntax ip multicast-msdp To exit MSDP, use the no ip multicast-msdp command. Defaults Not configured. Command Modes CONFIGURATION Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. show ip msdp Display the MSDP peer status, SA cache, or peer summary.
PAGE 817
Example (Sa-cache) Dell#show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr 224.1.1.1 172.21.220.10 172.21.3.254 Dell# Example (Summary) Dell#show ip msdp summary Peer Addr Local Addr Description 5.5.5.32 6.6.6.32 Peer1 Dell# LearnedFrom Expire UpTime 172.21.3.254 102 00:02:52 State Source Established Lo 32 SA 20 Up/Down 00:07:17 show ip msdp sa-cache rejected-sa Display the rejected SAs in the SA cache.
PAGE 818
35 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP), as implemented by the Dell Networking Operating System (OS), conforms to IEEE 802.1s.
PAGE 819
• For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/ port information. Optionally, enter an in or out parameter with the optional interface: events Command Modes Command History Example • For Receive, enter the keyword in. • For Transmit, enter the keyword out. (OPTIONAL) Enter the keyword events to debug MSTP events. EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 820
Command Modes Command History Related Commands MULTIPLE SPANNING TREE Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. protocol spanning-tree mstp — enters MULTIPLE SPANNING TREE mode. disable Enable bridge protocol data units (BPDU) filter globally to filter transmission of BPDU on port-fast enabled interfaces. Syntax edge-port bpdufilter default To disable global bpdu filter default, use the no edge-port bpdufilter default command.
PAGE 821
hello-time Set the time interval between generation of MSTB bridge protocol data units (BPDUs). Syntax hello-time seconds To return to the default value, use the no hello-time command. Parameters seconds Enter a number as the time interval between transmission of BPDUs. The range is from 1 to 10. The default is 2 seconds. Defaults 2 seconds Command Modes MULTIPLE SPANNING TREE Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.
PAGE 822
max-hops Configure the maximum hop count. Syntax max-hops number To return to the default values, use the no max-hops command. Parameters range Enter a number for the maximum hop count. The range is from 1 to 40. The default is 20. Defaults 20 hops Command Modes MULTIPLE SPANNING TREE Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 823
Usage Information Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. By default, all VLANs are mapped to MST instance zero (0) unless you use the vlan range command to map it to a non-zero instance. Although MSTP instance IDs range from 0 to 4094, only 64 active instances are supported on the switch. name The name you assign to the multiple spanning tree region. Syntax name region-name To remove the region name, use the no name command.
PAGE 824
Usage Information MSTP is not enabled when you enter MULTIPLE SPANNING TREE mode. To enable MSTP globally on the switch, enter the no disable command while in MULTIPLE SPANNING TREE mode. For more information about the multiple spanning tree protocol, refer to the Dell Networking OS Configuration Guide. Example Dell(conf)#protocol spanning-tree mstp Dell(config-mstp)#no disable Related Commands disable — disables multiple spanning tree.
PAGE 825
protocol spanning-tree mstp no disable name CustomerSvc revision 2 MSTI 10 VLAN 101-105 max-hops 5 Dell(conf-mstp)# show spanning-tree mst configuration View the multiple spanning tree configuration. Syntax Command Modes Command History show spanning-tree mst configuration • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 826
Usage Information Enable the multiple spanning tree protocol prior to using this command. Example Dell#show spanning-tree msti 0 brief MSTI 0 VLANs mapped 1-4094 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e800.0204 Root Bridge hello time 2, max age 20, forward delay 15, max hops 20 Bridge ID Priority 32768, Address 0001.e800.
PAGE 827
Number of topology changes 1, last change occured 00:00:15 ago on Gi 0/0 Port 257 (GigabitEthernet 0/0) is LBK_INC Discarding Port path cost 20000, Port priority 128, Port Identifier 128.257 Designated root has priority 32768, address 0001.e801.6aa8 Designated bridge has priority 32768, address 0001.e801.6aa8 Designated port id is 128.
PAGE 828
spanning-tree msti Configure multiple spanning tree instance cost and priority for an interface. Syntax spanning-tree msti instance {cost cost | priority priority} Parameters msti instance Enter the keyword msti and the MST instance number. The range is from zero (0) to 63. cost cost (OPTIONAL) Enter the keyword cost then the port cost value. The range is from 1 to 200000.
PAGE 829
Command Modes Command History Usage Information shutdown-onviolation (OPTIONAL) Enter the keywords shutdown-on-violation to hardware disable an interface when a BPDU is received and the port is disabled. rootguard Enter the keyword rootguard to enable root guard on an MSTP port or port-channel interface. INTERFACE Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 830
36 Multicast The multicast commands are supported by Dell Networking Operating System (OS).
PAGE 831
Related Commands Version Description 9.2.(0.0) Introduced on the MXL 10/40GbE Switch IO Module. show ip pim tib — shows the PIM tree information base. ip mroute Assign a static mroute.
PAGE 832
ip multicast-limit To limit the number of multicast entries on the system, use this feature. Syntax ip multicast-limit limit Parameters limit Defaults 15000 routes. Command Modes CONFIGURATION Command History Usage Information Enter the desired maximum number of multicast entries on the system. The range is from 1 to 50000. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 833
mtrace Trace a multicast route from the source to the receiver. Syntax Parameters Command Modes Command History Usage Information mtrace [vrf vrf-name] {source-address/hostname} [destination-address/hostname] [group-address/hostname] vrf vrf-name Enter the keyword vrf followed by the name of the VRF. If VRF name is not mentioned, the default VRF will be used. Mtrace is not supported for management VRF. source-address/ hostname Enter the source IP address in dotted decimal format (A.B.C.D).
PAGE 834
-3 2.2.2.1 PIM 103.103.103.0/24 -4 103.103.103.3 --> Source -----------------------------------------------------------------The mtrace command traverses the path of the response data block in the reverse direction of the multicast data traffic. The mtrace command traverses the reverse path to the source from the destination.
PAGE 835
Command Modes Command History Example (Static) • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2.(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Dell#show ip mroute static Mroute: 23.23.23.0/24, interface: Lo 2 Protocol: static, distance: 0, route-map: none, last change: 00:00:23 Example (Snooping) Dell#show ip mroute snooping IPv4 Multicast Snooping Table (*, 224.0.0.
PAGE 836
Example Field Description Incoming interface Displays the reverse path forwarding (RPF) information towards the source for (S,G) entries and the RP for (*,G) entries. Outgoing interface list: Lists the interfaces that meet one of the following: • a directly connected member of the Group • statically configured member of the Group • received a (*,G) or (S,G) Join message Dell#show ip mroute IP Multicast Routing Table (*, 224.10.10.
PAGE 837
RPF route/mask: 10.10.10.9/255.255.255.255 RPF type: unicast IPv6 Multicast Commands The following section contains the IPv6 multicast commands. debug ipv6 mld_host Enable the collection of debug information for MLD host transactions. Syntax [no] debug ipv6 mld_host [int-count | interface type] [slot/port-range] To discontinue collection of debug information for the MLD host transactions, use the no debug ipv6 mld_host command.
PAGE 838
Defaults 15000 routes. Command Modes CONFIGURATION Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. This feature allows you to limit the number of multicast entries on the system. This number is the total of all the multicast entries on all line cards in the system. On each line card, the multicast module only installs the maximum number of entries, depending on the configured CAM profile.
PAGE 839
37 Neighbor Discovery Protocol (NDP) The Dell Networking Operating System (OS) supports the network discovery protocol for IPv6. The neighbor discovery protocol for IPv6 is defined in RFC 2461 as part of the Stateless Address Autoconfiguration protocol. It replaces the Address Resolution Protocol used with IPv4.
PAGE 840
Command Modes Command History • EXEC • EXEC Privilege • For a Fast Ethernet interface, enter the keyword fastEthernet then the slot/port information. • For a Port Channel interface, enter the keywords port-channel then a number. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/ port information. • For a VLAN, enter the keyword vlan then the VLAN ID.
PAGE 841
Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. show ipv6 neighbors Display IPv6 discovery information. Entering the command without options shows all the IPv6 neighbor addresses stored on the control processor (CP). Syntax Parameters show ipv6 neighbors [ipv6-address] [cpu {rp1 [ipv6-address] | rp2 [ipv6address]}] [interface interface] ipv6-address Enter the IPv6 address of the neighbor in the x:x:x:x::x format.
PAGE 842
38 Object Tracking Object Tracking supports IPv4 and IPv6, and is available on the Dell Networking platforms. Object tracking allows you to define objects of interest, monitor their state, and report to a client when a change in an object’s state occurs.
PAGE 843
Example Dell#debug track all 04:35:04: %RPM0-P:RP2 %OTM-5-STATE: track 6 - Interface TenGigabitEthernet 1/2 line-protocol DOWN 04:35:04: %RPM0-P:RP2 %OTM-5-NOTIF: VRRP notification: resource ID 6 DOWN delay Configure the time delay used before communicating a change in the status of a tracked object to clients. Syntax delay {[up seconds] [down seconds]} To return to the default setting, use the no delay command.
PAGE 844
Command History Related Commands Version Description 9.7(0.0) Introduced on the MXL. • track interface ip routing – configures object tracking on the routing status of an IPv4 Layer 3 interface. • track interface line-protocol – configures object tracking on the line-protocol state of a Layer 2 interface. • track ip route metric threshold – configures object tracking on the threshold of an IPv4 route metric.
PAGE 845
show track Display information about tracked objects, including configuration, current tracked state (UP or DOWN), and the clients which are tracking an object. Syntax Parameters Command Modes Command History Usage Information Example show track [object-id [brief] | interface [brief] | ip route [brief] | resolution | [brief] | brief] object-id (OPTIONAL) Display information on the specified tracked object. The range is 1 to 500.
PAGE 846
First-hop interface is TenGigabitEthernet 1/2 Tracked by: VRRP TenGigabitEthernet 2/3 IPv6 VRID 1 Track 3 IPv6 route 2050::/64 reachability Reachability is Up (STATIC) 5 changes, last change 00:02:16 First-hop interface is TenGigabitEthernet 1/2 Tracked by: VRRP TenGigabitEthernet 2/3 IPv6 VRID 1 Usage Information Example (Brief) The following describes the show track brief command shown in the Example below. Output Description ResID Number of the tracked object. Resource Type of tracked object.
PAGE 847
Usage Information Use this command to configure the UP and/or DOWN threshold for the scaled metric of a tracked IPv4 or IPv6 route. Determine the UP/DOWN state of a tracked route by the threshold for the current value of the route metric in the routing table. To provide a common tracking interface for different clients, route metrics are scaled in the range 0 to 255, where 0 is connected and 255 is inaccessible.
PAGE 848
Command History Usage Information Version Description 9.7(0.0) Introduced on the MXL. Added support for tunnel interface. Use this command to create an object that tracks the routing state of an IPv4 Layer 2 interface: • The status of the IPv4 interface is UP only if the Layer 2 status of the interface is UP and the interface has a valid IP address.
PAGE 849
track ip route metric threshold Configure object tracking on the threshold of an IPv4 route metric. Syntax track object-id ip route ip-address/prefix-len metric threshold To return to the default setting, use the no track object-id command. Parameters object-id Enter the ID number of the tracked object. The range is 1 to 500. ip-address/ prefixlen Enter an IPv4 address in dotted decimal format. The valid IPv4 prefix lengths are from /0 to /32.
PAGE 850
track ip route reachability Configure object tracking on the reachability of an IPv4 route. Syntax track object-id ip route ip-address/prefix-len reachability [vrf vrf-name] To return to the default setting, use the no track object-id command. Parameters object-id Enter the ID number of the tracked object. The range is 1 to 500. ip-address/ prefixlen Enter an IPv4 address in dotted decimal format. The valid IPv4 prefix lengths are from /0 to /32.
PAGE 851
Parameters object-id Enter the ID number of the tracked object. The range is 1 to 500. isis resolution-value Enter the resolution used to convert the metric in the routing table for ISIS routes to a scaled metric. ospf resolutionvalue Enter the resolution used to convert the metric in the routing table for OSPF routes to a scaled metric. Defaults none Command Modes CONFIGURATION Command History Usage Information Version Description 9.7(0.0) Introduced on the MXL.
PAGE 852
Parameters Command Modes Command History Usage Information Example brief • EXEC • EXEC Privilege (OPTIONAL) Display a single line summary of information for tracked IPv6 routes. Version Description 9.7(0.0) Introduced on the MXL. The following describes the show track ipv6 route command shown in the Example below. Output Description Track object-id Displays the number of the tracked object.
PAGE 853
Example (Brief) Ouput Description Last Change Time since the last change in the state of the tracked object. Dell#show track ipv6 route brief ResId Resource Parameter State LastChange 2 IPv6 route metric threshold 2040::/64 Up 00:02:36 3 IPv6 route reachability 2050::/64 Up 00:02:36 track interface ipv6 routing Configure object tracking on the routing status of an IPv6 Layer 3 interface.
PAGE 854
track ipv6 route metric threshold Configure object tracking on the threshold of an IPv4 route metric. Syntax track object-id ipv6 route ipv6-address/prefix-len metric threshold To return to the default setting, use the no track object-id command. Parameters object-id Enter the ID number of the tracked object. The range is 1 to 500. ipv6-address/ prefix-len Enter an IPv6 address in X:X:X:X::X format. The valid IPv6 prefix lengths are from /0 to / 128.
PAGE 855
track ipv6 route reachability Configure object tracking on the reachability of an IPv6 route. Syntax track object-id ipv6 route ip-address/prefix-len reachability To return to the default setting, use the no track object-id command. Parameters object-id Enter the ID number of the tracked object. The range is 1 to 500. ipv6-address/ prefix-len Enter an IPv6 address in X:X:X:X::X format. The valid IPv6 prefix lengths are from /0 to / 128.
PAGE 856
ospf resolutionvalue Defaults none Command Modes CONFIGURATION Command History Usage Information Enter the resolution used to convert the metric in the routing table for OSPF routes to a scaled metric. Version Description 9.7(0.0) Introduced on the MXL. Use this command to configure the protocol-specific resolution value that converts the actual metric of an IPv6 route in the routing table to a scaled metric in the range 0 to 255.
PAGE 857
39 Open Shortest Path First (OSPFv2 and OSPFv3) The Switch supports open shortest path first version 2 (OSPFv2) for IPv4 and version 3 (OSPFv3) for IPv6. Up to 16 OSPF instances can be run simultaneously on the Switch. OSPF is an Interior Gateway Protocol (IGP), which means that it distributes routing information between routers in a single Autonomous System (AS). OSPF is also a link-state protocol in which all routers contain forwarding tables derived from information about their links to their neighbors.
PAGE 858
• ip ospf dead-interval • ip ospf hello-interval • ip ospf message-digest-key • ip ospf mtu-ignore • ip ospf network • ip ospf priority • ip ospf retransmit-interval • ip ospf transmit-delay • log-adjacency-changes • maximum-paths • mib-binding • network area • passive-interface • redistribute • redistribute bgp • redistribute isis • router-id • router ospf • show config • show ip ospf • show ip ospf asbr • show ip ospf database • show ip ospf database asbr-summa
PAGE 859
• debug ipv6 ospf • debug ipv6 ospf spf • default-information originate • graceful-restart grace-period • graceful-restart mode • ipv6 ospf area • ipv6 ospf authentication • ipv6 ospf bfd all-neighbors • ipv6 ospf cost • ipv6 ospf dead-interval • ipv6 ospf encryption • ipv6 ospf graceful-restart helper-reject • ipv6 ospf hello-interval • ipv6 ospf priority • ipv6 router ospf • maximum-paths • passive-interface • redistribute • router-id • show crypto ipsec policy • s
PAGE 860
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information In the Dell Networking operating software, cost is defined as reference bandwidth. Related Commands area stub — creates a stub area. area nssa Specify an area as a not so stubby area (NSSA). Syntax area area-id nssa [default-information-originate] [no-redistribution] [nosummary] To delete an NSSA, use the no area area-id nssa command.
PAGE 861
mask Specify a mask for the destination prefix. Enter the full mask (for example, 255.255.255.0). not-advertise (OPTIONAL) Enter the keywords not-advertise to set the status to DoNotAdvertise (that is, the Type 3 summary-LSA is suppressed and the component networks remain hidden from other areas.) Defaults Not configured. Command Modes ROUTER OSPF Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 862
auto-cost Specify how the OSPF interface cost is calculated based on the reference bandwidth method. Syntax auto-cost [reference-bandwidth ref-bw] To return to the default bandwidth or to assign cost based on the interface type, use the no auto-cost [reference-bandwidth] command. Parameters ref-bw (OPTIONAL) Specify a reference bandwidth in megabits per second. The range is from 1 to 4294967. The default is 100 megabits per second. Defaults 100 megabits per second.
PAGE 863
neighbor router-id Defaults none Command Modes EXEC Privilege Command History Related Commands • For Port Channel groups, enter the keywords port-channel then a number. The range is from 1 to 128. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a VLAN, enter the keyword vlan then a number from 1 to 4094. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/ port information.
PAGE 864
Field Description 8:14 Displays the time stamp. OSPF Displays the OSPF process ID: instance ID. v: Displays the OSPF version. The system supports version 2 only. t: Displays the type of packet sent: • 1 - Hello packet • 2 - database description • 3 - link state request • 4 - link state update • 5 - link state acknowledgement l: Displays the packet length. rid: Displays the OSPF router ID. aid: Displays the Autonomous System ID. chk: Displays the OSPF checksum.
PAGE 865
Example Field Description dr: Displays the IP address of the designated router. bdr: Displays the IP address of the Border Area Router. Dell#debug ip ospf 1 packet OSPF process 90, packet debugging is on Dell# 08:14:24 : OSPF(100:00): Xmt. v:2 t:1(HELLO) l:44 rid:192.1.1.1 aid:0.0.0.1 chk:0xa098 aut:0 auk: keyid:0 to:Gi 4/3 dst:224.0.0.5 netmask:255.255.255.0 pri:1 N-, MC-, E+, T-, hi:10 di:40 dr:90.1.1.1 bdr:0.0.0.
PAGE 866
default-metric Change the metrics of redistributed routes to a value useful to OSPF. Use this command with the redistribute command. Syntax default-metric number To return to the default values, use the no default-metric [number] command. Parameters number Defaults Disabled. Command Modes ROUTER OSPF Command History Related Commands Enter a number as the metric. The range is from 1 to 16777214. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.
PAGE 867
To delete the settings, use the no distance weight [ip-address mask access-list-name] command. Parameters weight Specify an administrative distance. The range is from 1 to 255. The default is 110. ip-address (OPTIONAL) Enter a router ID in the dotted decimal format. If you enter a router ID, include the mask for that router address. mask (OPTIONAL) Enter a mask in dotted decimal format or /n format. access-list-name (OPTIONAL) Enter the name of an IP standard access list, up to 140 characters.
PAGE 868
distribute-list in Apply a filter to incoming routing updates from OSPF to the routing table. Syntax distribute-list prefix-list-name in [interface] To delete a filter, use the no distribute-list prefix-list-name in [interface] command. Parameters prefix-list-name Enter the name of a configured prefix list. interface (OPTIONAL) Enter one of the following keywords and slot/port or number information: Defaults Not configured.
PAGE 869
Command Modes Command History Usage Information ROUTER OSPF Version Description heading 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The distribute-list out command applies to routes autonomous system boundary routers (ASBRs) redistributes into OSPF. It can be applied to external type 2 and external type 1 routes, but not to intra-area and inter-area routes.
PAGE 870
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. In OSPF, flooding is the most resource-consuming task. The flooding algorithm, described in RFC-2328, requires that OSPF flood LSAs (Link State Advertisements) on all interfaces, as governed by LSA’s flooding scope (see Section 13 of the RFC).
PAGE 871
Command Modes Command History ROUTER OSPF Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. graceful-restart mode Enable the graceful restart mode. Syntax graceful-restart mode [planned-only | unplanned-only] To disable graceful restart mode, use the no graceful-restart mode command. Parameters planned-only (OPTIONAL) Enter the keywords planned-only to indicate graceful restart is supported in a planned restart condition only.
PAGE 872
Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. ip ospf auth-change-wait-time OSPF provides a grace period while OSPF changes its interface authentication type. During the grace period, OSPF sends out packets with new and old authentication scheme until the grace period expires. Syntax ip ospf auth-change-wait-time seconds To return to the default, use the no ip ospf auth-change-wait-time command. Parameters seconds Defaults zero (0) seconds.
PAGE 873
ip ospf cost Change the cost associated with the OSPF traffic on an interface. Syntax ip ospf cost cost To return to default value, use the no ip ospf cost command. Parameters cost Enter a number as the cost. The range is from 1 to 65535. Defaults The default cost is based on the reference bandwidth. Command Modes INTERFACE Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 874
ip ospf hello-interval Specify the time interval between the hello packets sent on the interface. Syntax ip ospf hello-interval seconds To return to the default value, use the no ip ospf hello-interval command. Parameters seconds Defaults 10 seconds Command Modes INTERFACE Command History Enter the number of seconds for the interval. The range is from 1 to 65535. The default is 10 seconds. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.
PAGE 875
After the reply is received and the new key is authenticated, delete the old key. Dell recommends keeping only one key per interface. NOTE: The MD5 secret is stored as plain text in the configuration file with service password encryption. Write down or otherwise record the key. You cannot learn the key once it is configured. Use caution when changing the key. ip ospf mtu-ignore Disable OSPF MTU mismatch detection upon receipt of database description (DBD) packets.
PAGE 876
ip ospf priority To determine the designated router for the OSPF network, set the priority of the interface. Syntax ip ospf priority number To return to the default setting, use the no ip ospf priority command. Parameters number Defaults 1 Command Modes INTERFACE Command History Usage Information Enter a number as the priority. The range is from 0 to 255. The default is 1. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 877
ip ospf transmit-delay To send a link state update packet on the interface, set the estimated time elapsed. Syntax ip ospf transmit-delay seconds To return to the default value, use the no ip ospf transmit-delay command. Parameters seconds Enter the number of seconds as the interval between retransmission. The range is from 1 to 3600. The default is 1 second. This value must be greater than the transmission and propagation delays for the interface.
PAGE 878
Parameters number Specify the number of paths. The range for OSPFv2 is from 1 to 16. The default for OSPFv2 is 4 paths. The range for OSPFv3 is from 1 to 64. The default for OSPFv3 is 8 paths. Defaults 4 Command Modes ROUTER OSPF for OSPFv2 ROUTER OSPFv3 for OSPFv3 Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Added support for OSPFv3. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 879
area-id Enter the OSPF area ID as either a decimal value or in a valid IP address. Decimal value range is from 0 to 65535. IP address format is dotted decimal format A.B.C.D. NOTE: If the area ID is smaller than 65535, it is converted to a decimal value. For example, if you use an area ID of 0.0.0.1, it is converted to 1. Command Modes Command History Usage Information ROUTER OSPF Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 880
Usage Information Although the passive interface does not send or receive routing updates, the network on that interface is still included in OSPF updates sent using other interfaces. The default keyword sets all interfaces as passive. You can then configure individual interfaces, where adjacencies are desired, using the no passive-interface interface command.
PAGE 881
metric metric-value (OPTIONAL) Enter the keyword metric then a number. The range is from 0 (zero) to 16777214. metric-type typevalue (OPTIONAL) Enter the keywords metric-type then one of the following: 1 = OSPF External type 1 • 2 = OSPF External type 2 route-map mapname (OPTIONAL) Enter the keywords route-map then the name of the route map. tag tag-value (OPTIONAL) Enter the keyword tag then a number. The range is from 0 to 4294967295. Defaults Not configured.
PAGE 882
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. redistribute isis Redistribute IS-IS routing information throughout the OSPF instance.
PAGE 883
To remove the fixed router ID, use the no router-id ip-address command. Parameters ip-address Defaults none. Command Modes ROUTER OSPF Command History Enter the router ID in the IP address format. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information You can configure an arbitrary value in the IP address format for each router. However, each router ID must be unique.
PAGE 884
show config Display the non-default values in the current OSPF configuration. Syntax show config Command Modes ROUTER OSPF Command History Example Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Dell(conf-router_ospf)#show config ! router ospf 3 passive-interface FastEthernet 0/1 Dell(conf-router_ospf)# show ip ospf Display information on the OSPF process configured on the switch.
PAGE 885
Line Beginning with Description “Convergence Level” “Min LSA....” Displays the intervals set for LSA transmission and acceptance. “Number of...” Displays the number and type of areas configured for this process ID. Example Dell#show ip ospf 10 Routing Process ospf 10 with ID 1.1.1.
PAGE 886
You can determine if an ASBR is in a directly connected area (or not) by the flags. For ASBRs in a directly connected area, E flags are set. In the following example, router 1.1.1.1 is in a directly connected area since the Flag is E/-/-/. For remote ASBRs, the E flag is clear (-/-/-/). Example Dell#show ip ospf 1asbr RouterID 3.3.3.3 1.1.1.1 Dell# Flags -/-/-/ E/-/-/ Cost Nexthop 2 10.0.0.2 0 0.0.0.0 Interface Area Gi 0/1 1 0 show ip ospf database Display all LSA information.
PAGE 887
Link ID 10.2.3.2 10.2.4.2 Link ID 0.0.0.0 1.1.1.1 10.1.1.0 10.1.2.0 10.2.2.0 10.2.3.0 10.2.4.0 11.1.1.0 11.1.2.0 12.1.2.0 13.1.1.0 13.1.2.0 172.16.1.0 Dell> Related Commands Network (Area 0.0.0.0) ADV Router Age Seq# Checksum 13.1.1.1 676 0x80000003 0x6592 192.68.135.2 908 0x80000055 0x683e Type-5 AS External ADV Router Age Seq# 192.68.135.2 908 0x80000052 192.68.135.2 908 0x8000002a 11.1.2.1 718 0x80000002 11.1.2.1 718 0x80000002 11.1.2.1 718 0x80000002 11.1.2.1 718 0x80000002 13.1.1.1 1184 0x80000068 11.
PAGE 888
Example Field Description LS Age Displays the LSA’s age. Options Displays the optional capabilities available on router. The following options can be found in this item: • TOS-capability or No TOS-capability is displayed depending on whether the router can support Type of Service. • DC or No DC is displayed depending on whether the originating router can support OSPF over demand circuits. • E or No E is displayed on whether the originating router can accept AS External LSAs.
PAGE 889
show ip ospf database external Display information on the AS external (type 5) LSAs. Syntax Parameters show ip ospf process-id database external [link-state-id] [adv-router ipaddress] process-id Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process. link-state-id (OPTIONAL) Specify LSA ID in dotted decimal format.
PAGE 890
Example Field Description Length Displays the length in bytes of the LSA. Network Mask Displays the network mask implemented on the area. Metrics Type Displays the external type. TOS Displays the Type of Service (TOS) options. Option 0 is the only option. Metric Displays the LSA metric. Forward Address Identifies the address of the forwarding router. Data traffic is forwarded to this router. If the forwarding address is 0.0.0.0, data traffic is forwarded to the originating router.
PAGE 891
Parameters process-id Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process. link-state-id (OPTIONAL) Specify LSA ID in dotted decimal format.
PAGE 892
LS age: 1372 Options: (No TOS-capability, DC, E) LS type: Network Link State ID: 202.10.10.2 Advertising Router: 20.20.20.8 LS Seq Number: 0x80000006 Checksum: 0xa35 Length: 36 Network Mask: /24 Attached Router: 20.20.20.8 Attached Router: 20.20.20.9 Attached Router: 20.20.20.7 Network (Area 0.0.0.1) LS age: 252 Options: (TOS-capability, No DC, E) LS type: Network Link State ID: 192.10.10.2 Advertising Router: 192.10.10.
PAGE 893
show ip ospf database opaque-area Display the opaque-area (type 10) LSA information. Syntax Parameters show ip ospf process-id database opaque-area [link-state-id] [adv-router ipaddress] process-id Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process. link-state-id (OPTIONAL) Specify LSA ID in dotted decimal format.
PAGE 894
Example Item Description Opaque ID Displays the Opaque type-specific ID (the remaining 24 bits of the Link State ID). Dell>show ip ospf 1 database opaque-area OSPF Router with ID (3.3.3.3) (Process ID 1) Type-10 Opaque Link Area (Area 0) LS age: 1133 Options: (No TOS-capability, No DC, E) LS type: Type-10 Opaque Link Area Link State ID: 1.0.0.1 Advertising Router: 10.16.1.
PAGE 895
Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. show ip ospf database — displays OSPF database information. show ip ospf database opaque-link Display the opaque-link (type 9) LSA information. Syntax Parameters show ip ospf process-id database opaque-link [link-state-id] [adv-router ipaddress] process-id Enter the OSPF process ID to show a specific process.
PAGE 896
adv-router ipaddress Command Modes Command History Usage Information Example • EXEC • EXEC Privilege • the router’s OSPF router ID for Type 1 LSAs or Type 4 LSAs • the default destination (0.0.0.0) for Type 5 LSAs (OPTIONAL) Enter the keywords adv-router then the IP address of an Advertising Router to display only the LSA information about that router. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 897
Router (Area 0) LS age: 967 Options: (No TOS-capability, No DC, E) LS type: Router Link State ID: 1.1.1.10 Advertising Router: 1.1.1.10 LS Seq Number: 0x8000012f Checksum: 0x3357 Length: 144 AS Boundary Router Area Border Router Number of Links: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 192.68.129.1 (Link Data) Router Interface address: 192.68.129.1 Number of TOS metric: 0 TOS 0 Metric: 1 Link connected to: a Transit Network (Link ID) Designated Router address: 192.68.130.
PAGE 898
adv-router ipaddress Command Modes Command History Usage Information Example • EXEC • EXEC Privilege • the router’s OSPF router ID for Type 1 LSAs or Type 4 LSAs • the default destination (0.0.0.0) for Type 5 LSAs (OPTIONAL) Enter the keywords adv-router then the IP address of an Advertising Router to display only the LSA information about that router. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 899
LS Seq Number: 0x80000054 Checksum: 0xb5a2 Length: 28 Network Mask: /24 TOS: 0 Metric: 1 LS age: 9 Options: (No TOS-capability, No DC, E) LS type: Summary Network Link State ID: 192.68.32.0 Advertising Router: 1.1.1.10 LS Seq Number: 0x80000016 Checksum: 0x987c Length: 28 Network Mask: /24 TOS: 0 Metric: 1 LS age: 7 Options: (No TOS-capability, No DC, E) LS type: Summary Network Link State ID: 192.68.33.0 Advertising Router: 1.1.1.
PAGE 900
Command History Usage Information Example Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The following describes the show ip ospf process-id interface command shown in the following example. Item Description TenGigabitEthernet ... This line identifies the interface type slot/port and the status of the OSPF protocol on that interface. Internet Address...
PAGE 901
Loopback interface is treated as a stub Host. Dell> show ip ospf neighbor Display the OSPF neighbors connected to the local router. Syntax Parameters Command Modes Command History Usage Information Example show ip ospf process-id neighbor process-id Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process. EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.
PAGE 902
Defaults none Command Modes • EXEC • EXEC Privilege Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. This command is useful in isolating routing problems between the OSPF and the RTM. For example, if a route is missing from the RTM/FIB but is visible from the display output of this command, the problem is with downloading the route to the RTM.
PAGE 903
neighbor router-id Defaults Command Modes Command History Usage Information (OPTIONAL) Enter the keyword neighbor then the neighbor’s router-id in dotted decimal format (A.B.C.D.). none • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The following describes the show ip ospf statistics process-id global command shown in the following example.
PAGE 904
Example Error Type Description Nbr-State LSA, LSR, and LSU are received from a neighbor with stats less than the loading state. Auth-Error Simple authentication error. MD5-Error MD5 error Cksum-Err Checksum Error Version Version mismatch AreaMismatch Area mismatch Conf-Issue The received hello packet has a different hello or dead interval than the configuration. No-Buffer Buffer allocation failure. Seq-no A sequence no errors occurred during the database exchange process.
PAGE 905
• The LSU Q length and its highest mark for each neighbor • The LSR Q length and its highest mark for each neighbor Example (Statistics) Dell#show ip ospf 10 statistics Interface TenGigabitEthernet 4/45 Error packets (Receive statistics) Intf-Down 0 Non-Dr 0 Self-Org Wrong-Len 0 Invld-Nbr 0 Nbr-State Auth-Error 0 MD5-Error 0 Cksum-Err Version 0 AreaMisMatch 0 Conf-Issue SeqNo-Err 0 Unknown-Pkt 0 Bad-LsReq RtidZero 0 Neighbor ID 3.1.1.
PAGE 906
show ip ospf topology Display routers in directly connected areas. Syntax show ip ospf process-id topology Parameters Defaults process-id Enter the OSPF Process ID to show a specific process. If no Process ID is entered, command applies only to the first OSPF process. none Command Modes Command History • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 907
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The area range command summarizes routes for the different areas. With the not-advertise parameter configured, you can use this command to filter out some external routes. For example, if you want to redistribute static routes to OSPF, but you don't want OSPF to advertise routes with prefix 1.1.0.0, you can configure the summary-address 1.1.0.0 255.255.0.
PAGE 908
Dell(conf-router_ospf-1)#show config ! router ospf 1 timers spf 2 5 msec Dell(conf-router_ospf-1)# Dell(conf-router_ospf-1)#end Dell# timers throttle lsa all Configure LSA transmit intervals. Syntax timers throttle lsa all {start-interval | hold-interval | max-interval} To return to the default, use the no timers throttle lsa command. Parameters Defaults Command Modes Command History Usage Information start-interval Set the minimum interval between initial sending and resending the same LSA.
PAGE 909
Parameters arrival-time Defaults 1000 msec Command Modes ROUTER OSPF Command History Set the interval between receiving the same LSA repeatedly, to allow sufficient time for the system to accept the LSA. The range is from 0 to 600,000 milliseconds. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. OSPFv3 Commands The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) remain unchanged.
PAGE 910
For SHA-1 authentication, the key must be 40 hex digits (non-encrypted) or 80 hex digits (encrypted). Defaults Not configured. Command Modes ROUTER OSPFv3 Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Before you enable IPsec authentication on an OSPFv3 area, you must first enable OSPFv3 globally on the router.
PAGE 911
key Text string used in encryption. The required lengths of a non-encrypted or encrypted key are: 3DES - 48 or 96 hex digits; DES - 16 or 32 hex digits; AES-CBC -32 or 64 hex digits for AES-128 and 48 or 96 hex digits for AES-192. authenticationalgorithm Specifies the authentication algorithm to use for encryption. Valid values are MD5 or SHA1. key-encryptiontype (OPTIONAL) Specifies if the authentication key is encrypted. Valid values: 0 (key is not encrypted) or 7 (key is encrypted).
PAGE 912
auto-cost Specify how the OSPF interface cost is calculated based on the reference bandwidth method. Syntax auto-cost [reference-bandwidth ref-bw] To return to the default bandwidth or to assign cost based on the interface type, use the no auto-cost [reference-bandwidth ref-bw] command. Parameters ref-bw (OPTIONAL) Specify a reference bandwidth in megabits per second. The range is from 1 to 4294967. The default is 100 megabits per second. Defaults 100 megabits per second.
PAGE 913
Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. debug ipv6 ospf bfd Display debug information and interface types for BFD on OSPF IPv6 packets. Syntax [no] debug ipv6 ospf bfd [interface] To cancel the debug command, use the no debug ipv6 ospf command.
PAGE 914
fe80:0000:0000:0000:0201:e8ff:fe8b:7720 Interface Te 0/2 IfIndex 34145282 00:59:27 : OSPFv3INFO: BFD parameters interval 100 min_rx 100 mult 3 role active 00:59:27 : OSPFv3INFO: BFD parameters interval 100 min_rx 100 mult 3 role active 00:59:27 : OSPFv3INFO: Completed Enabling BFD for NBRIP fe80:0000:0000:0000:0201:e8ff:fe8b:7720 Aug 25 11:19:59: %STKUNIT0-M:CP %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Init for neighbor fe80::201:e8ff:fe8b:7720 on interface Te 0/2 (diag: NBR_DN) Aug 25 11:20:00:
PAGE 915
• For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/ port information. • For a port channel interface, enter the keywords port-channel then a number. • For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. Command Modes EXEC Privilege Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Usage Information Example Version Description 9.11.
PAGE 916
default-information originate Configure the system to generate a default external route into an OSPFv3 routing domain. Syntax default-information originate [always] [metric metric-value] [metric-type typevalue] [route-map map-name] To return to the default values, use the no default-information originate command. Parameters always (OPTIONAL) Enter the keyword always to specify that default route information must always be advertised.
PAGE 917
Usage Information Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. By default, OSPFv3 graceful restart is disabled and functions only in a helper role to help restarting neighbor routers in their graceful restarts when it receives a Grace LSA. To enable OSPFv3 graceful restart, enter the ipv6 router ospf command to enter OSPFv3 configuration mode and then configure a grace period using the graceful-restart grace-period command.
PAGE 918
ipv6 ospf area Enable IPv6 OSPF on an interface. Syntax ipv6 ospf process id area area id To disable OSPFv6 routing for an interface, use the no ipv6 ospf process-id area area-id command. Parameters process-id Enter the process identification number. area area-id Specify the OSPF area. The range is from 0 to 65535. Defaults none Command Modes INTERFACE Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 919
For SHA-1 authentication, the key must be 40 hex digits (non-encrypted) or 80 hex digits (encrypted). Defaults Not configured. Command Modes INTERFACE Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 920
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. This command provides the flexibility to fine-tune the timer values based on individual interface needs when you configure the ipv6 ospf bfd command in CONFIGURATION mode. Any timer values specified with this command overrides timers set using the bfd all-neighbors command.
PAGE 921
Parameters seconds Defaults 40 seconds (Ethernet). Command Modes INTERFACE Command History Usage Information Enter the time interval in seconds. The range is from 1 to 65535 seconds. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. By default, the dead interval is four times longer than the default ipv6 ospf hello-interval command. ipv6 ospf encryption Configure an IPsec encryption policy for OSPFv3 packets on an IPv6 interface.
PAGE 922
key-encryptiontype (OPTIONAL) Specifies if the authentication key is encrypted. Valid values: 0 (key is not encrypted) or 7 (key is encrypted). key Text string used in authentication. For MD5 authentication, the key must be 32 hex digits (non-encrypted) or 64 hex digits (encrypted). For SHA-1 authentication, the key must be 40 hex digits (non-encrypted) or 80 hex digits (encrypted). Defaults Not configured. Command Modes INTERFACE Command History Usage Information Version Description 9.9(0.
PAGE 923
The graceful-restart role command is not supported in OSPFv3. When you enable the helper-reject role on an interface, you reconfigure an OSPFv3 router to function in a “restarting-only” role. ipv6 ospf hello-interval Specify the time interval between the hello packets sent on the interface. Syntax Parameters ipv6 ospf hello—interval seconds seconds Defaults 10 seconds (Ethernet).
PAGE 924
ipv6 router ospf Enable OSPF for IPv6 router configuration. Syntax ipv6 router ospf process-id To exit OSPF for IPv6, use the no ipv6 router ospf process-id command. Parameters process-id Defaults none Command Modes CONFIGURATION Command History Enter the process identification number. The range is from 1 to 65535. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 925
To return all OSPF interfaces (current and future) to active, use the no passive-interface default command. Parameters Command Modes Default Enter the keyword default to make all OSPF interfaces (current and future) passive. interface Enter the following keywords and slot/port or number information: • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/ port information.
PAGE 926
connected Enter the keyword connected to redistribute routes from physically connected interfaces. static Enter the keyword static to redistribute manually configured routes. metric metric-value Enter the keyword metric then the metric value. The range is from 0 to 16777214. The default is 20. metric-type typevalue (OPTIONAL) Enter the keywords metric-type then the OSPFv3 link state type of 1 or 2 for default routes.
PAGE 927
router-id Designate a fixed router ID. Syntax router-id ip-address To return to the previous router ID, use the no router-id ip-address command. Parameters ip-address Enter the router ID in the dotted decimal format. Defaults The router ID is selected automatically from the set of IPv4 addresses configured on a router. Command Modes ROUTER OSPFv3 for OSPFv3 Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Added support for OSPFv3. 8.3.16.
PAGE 928
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. The show crypto ipsec policy command output displays the AH and ESP parameters configured in IPsec security policies, including the SPI number, keys, and algorithms used. When configured in a helper-reject role, an OSPFv3 router ignores the Grace LSAs that it receives from a restarting OSPFv3 neighbor.
PAGE 929
Parameters database-summary (OPTIONAL) Enter the keywords database-summary to view a summary of database LSA information. grace-lsa (OPTIONAL): Enter the keywords grace-lsa to display the Type-11 Grace LSAs sent and received on an OSPFv3 router. Defaults none Command Modes EXEC EXEC Privilege Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator.
PAGE 930
Usage Information If you enable BFD at the global level, show ipv6 ospf interface shows the BFD provisioning. If you enable BFD at the interface level, show ipv6 ospf interface shows the BFD interval timers. Example Dell#show ipv6 ospf interface Tengigabitethernet 1/0 TenGigabitEthernet 1/0 is up, line protocol is up Link Local Address fe80::201:e8ff:fe17:5bbd, Interface ID 67420217 Area 0, Process ID 1, Instance ID 0, Router ID 11.1.1.
PAGE 931
To return to the default, use the no timers spf command. Parameters delay Enter a number as the delay. The range is from 0 to 2147483647. The default is 5 seconds. holdtime Enter a number as the hold time. The range is from 0 to 2147483647. The default is 10 seconds. msec Enter the keyword msec to specify the time interval value in milli seconds. NOTE: If you do not specify the msec option, the timer values are considered as seconds.
PAGE 932
40 Policy-based Routing (PBR) Policy-based routing (PBR) allows you to apply routing policies to specific interfaces. To enable PBR, create a redirect list and apply it to the interface. After the redirect list is applied to the interface, all traffic passing through the interface is subject to the rules defined in the redirect list. PBR is supported by the Dell Networking operating software (OS).
PAGE 933
ip redirect-group Apply a redirect list (policy-based routing) on an interface. You can apply multiple redirect lists to an interface by entering this command multiple times. Syntax ip redirect-group redirect-list-name To remove a redirect list from an interface, use the no ip redirect-group name command. Parameters redirect-list-name Enter the name of a configured redirect list. Defaults none Command Modes INTERFACE (conf-if-vl-) Command History Usage Information Version Description 9.9(0.
PAGE 934
Defaults none Command Modes CONFIGURATION Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.4(0.0) Introduced on the MXL 10/40GbE Switch IO Module. 8.4.2.1 Introduced on the C-Series and S-Series. 8.4.2.0 Introduced on the E-Series TeraScale. 6.5.3.0 Introduced on the E-Series ExaScale. permit Configure a permit rule. A permit rule excludes the matching packets from PBR classification and routes them using conventional routing.
PAGE 935
• operator Defaults none Command Modes REDIRECT-LIST Command History urg = urgent field (OPTIONAL) For TCP and UDP parameters only. Enter one of the following logical operand: • eq = equal to • neq = not equal to • gt = greater than • lt= less than • range = inclusive range of ports (you must specify two ports for the portcommand parameter.) Version Description 9.9(0.0) Introduced on the FN IOM. 9.4(0.0) Introduced on the MXL 10/40GbE Switch IO Module. 8.4.2.
PAGE 936
bit • ip for any internet protocol • tcp for transmission control protocol • udp for user datagram protocol (OPTIONAL) For the TCP protocol type only, enter one or a combination of the following TCP flags: • ack = acknowledgement • fin = finish (no more data from the user) • psh = push function • rst = reset the connection • syn = synchronize sequence number • urg = urgent field Enter the IP address of the network or host from which the packets were sent.
PAGE 937
seq Configure a filter with an assigned sequence number for the redirect list.
PAGE 938
operator • eq = equal to • neq = not equal to • gt = greater than • lt= less than • range = inclusive range of ports (you must specify two ports for the port command parameter.) source port Enter the keywords source-port then the port number to be matched in the ACL rule in the ICAP rule destination-port Enter the keywords destination-port then the port number to be matched in the ACL rule in the ICAP rule.
PAGE 939
Version Description 9.4(0.0) Added support for removing the Sonet interface on the MXL 10/40GbE Switch IO Module. 7.4.1.0 Introduced. Usage Information The show cam pbr command displays the PBR CAM content.
PAGE 940
seq 35 redirect 42.1.1.2 icmp host 8.8.8.8 any, Next-hop reachable (via Vl 20) seq 40 redirect 43.1.1.2 tcp 155.55.2.0/24 222.22.2.0/24, Next-hop reachable (via Vl 30) seq 45 redirect 31.1.1.2 track 200 ip 12.0.0.0 255.0.0.197 13.0.0.0 255.0.0.
PAGE 941
41 PIM-Sparse Mode (PIM-SM) The protocol-independent multicast (PIM) commands are supported by the Dell Networking Operating System (OS).
PAGE 942
• ipv6 pim join-filter • ipv6 pim query-interval • ipv6 pim neighbor-filter • ipv6 pim register-filter • ipv6 pim rp-address • ipv6 pim rp-candidate • ipv6 pim sparse-mode • ipv6 pim spt-threshold • show ipv6 pim bsr-router • show ipv6 pim interface • show ipv6 pim neighbor • show ipv6 pim rp • show ipv6 pim tib IPv4 PIM-Sparse Mode Commands The following describes the IPv4 PIM-sparse mode (PIM-SM) commands.
PAGE 943
Usage Information If you use this command on a local VLT node, all multicast routes from the local PIM TIB, the entire multicast route table, and all the entries in the data plane are deleted. The local VLT node sends a request to the peer VLT node to download multicast routes learned by the peer. Both local and synced routes are removed from the local VLT node multicast route table. The peer VLT node clears synced routes from the node.
PAGE 944
ip pim bsr-border Define the border of PIM domain by filtering inbound and outbound PIM-BSR messages per interface. Syntax ip pim bsr-border To return to the default value, use the no ip pim bsr-border command. Defaults Disabled. Command Modes INTERFACE Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. This command is applied to the subsequent PIM-BSR.
PAGE 945
ip pim dr-priority Change the designated router (DR) priority for the interface. Syntax ip pim dr-priority priority-value To remove the DR priority value assigned, use the no ip pim dr-priority command. Parameters priority-value Defaults 1 Command Modes INTERFACE Command History Usage Information Enter a number. Preference is given to larger/higher number. The range is from 0 to 4294967294. The default is 1. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.
PAGE 946
Example Dell(conf)# ip access-list extended iptv-channels Dell(config-ext-nacl)# permit ip 10.1.2.3/24 225.1.1.0/24 Dell(config-ext-nacl)# permit ip any 232.1.1.0/24 Dell(config-ext-nacl)# permit ip 100.1.1.0/16 any Dell(config-if-te-1/1)# ip pim join-filter iptv-channels Dell(config-if-te-1/1)# ip pim join-filter iptv-channels Related Commands ip access-list extended — configure an access list based on IP addresses or protocols.
PAGE 947
ip pim query-interval Change the frequency of PIM Router-Query messages. Syntax ip pim query-interval seconds To return to the default value, use the no ip pim query-interval seconds command. Parameters seconds Defaults 30 seconds Command Modes INTERFACE Command History Enter a number as the number of seconds between router query messages. The range is from 0 to 65535. The default is 30 seconds. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.
PAGE 948
To remove an RP address, use the no ip pim rp-address address {group-address groupaddress mask} override command. Parameters address Enter the RP address in dotted decimal format (A.B.C.D). group-address group-address mask Enter the keywords group-address then a group-address mask, in dotted decimal format (/xx), to assign that group address to the RP. override Enter the keyword override to override the BSR updates with static RP. The override takes effect immediately during enable/disable.
PAGE 949
Command Modes Command History Usage Information CONFIGURATION Version Description 9.11.0.0 Introduced the acl-name keyword. 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Priority is stored at BSR router when receiving a Candidate-RP-Advertisement. ip pim sparse-mode Enable PIM sparse mode and IGMP on the interface. Syntax ip pim sparse-mode To disable PIM sparse mode and IGMP, use the no ip pim sparse-mode command. Defaults Disabled.
PAGE 950
Usage Information Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. This command configures an expiration timer for all S.G entries, unless they are assigned to an Extended ACL. ip pim spt-threshold To switch to the shortest path tree when the traffic reaches the specified threshold value, configure the PIM router. Syntax ip pim spt-threshold value | infinity To return to the default value, use the no ip pim spt-threshold command.
PAGE 951
When designated-router flooding is disabled, PIM-SM snooping only forwards the multicast traffic, which belongs to a multicast group for which the switch receives a join request, on the port connected towards the designated router. If the PIM DR flood is not disabled (default setting): Related Commands • Multicast traffic is transmitted on the egress port towards the PIM DR if the port is not the incoming interface. • Multicast traffic for an unknown group is sent on the port towards the PIM DR.
PAGE 952
Example Field Description Address Lists the IP addresses of the interfaces participating in PIM. Interface List the interface type, with either slot/port information or ID (VLAN or Port Channel), of the interfaces participating in PIM. Ver/Mode Displays the PIM version number and mode for each interface participating in PIM: • v2 = PIM version 2 • S = PIM Sparse mode Nbr Count Displays the number of PIM neighbors discovered over this interface.
PAGE 953
Field Description Uptime/expires Displays the amount of time the neighbor has been up then the amount of time until the neighbor is removed from the multicast routing table (that is, until the neighbor hold time expires). Ver Displays the PIM version number. • DR prio/Mode Example v2 = PIM version 2 Displays the Designated Router priority and the mode.
PAGE 954
Example (Mapping) Dell#sh ip pim rp mapping Group(s): 224.0.0.0/4 RP: 165.87.20.4, v2 Info source: 165.87.20.5, via bootstrap, priority 0 Uptime: 00:03:11, expires: 00:02:46 RP: 165.87.20.3, v2 Info source: 165.87.20.5, via bootstrap, priority 0 Uptime: 00:03:11, expires: 00:03:03 Dell# Example (Address) Dell#sh ip pim rp 229.1.2.1 Group RP 229.1.2.1 165.87.20.4 Dell# show ip pim snooping interface Display information on VLAN interfaces with PIM-SM snooping enabled.
PAGE 955
Example (#2) Dell#show ip pim snooping interface Interface Ver Nbr DR DR Count Prio Vlan 2 v2 3 1 165.87.32.2 show ip pim snooping neighbor Display information on PIM neighbors learned through PIM-SM snooping. Syntax Parameters Command Modes Command History Usage Information show ip pim snooping neighbor [vlan vlan-id] vlan vlan-id • EXEC • EXEC Privilege (OPTIONAL) Enter a VLAN ID to display information about PIM neighbors that PIM-SM snooping discovered on a specified VLAN.
PAGE 956
show ip pim snooping tib Display information from the tree information base (TIB) PIM-SM snooping discovered about multicast group members and states. Syntax show ip pim snooping tib [vlan vlan-id] [group-address [source-address]] Parameters Command Modes Command History Usage Information 956 vlan vlan-id (OPTIONAL) Enter a VLAN ID to display TIB information PIM-SM snooping discovered on a specified VLAN. The valid VLAN IDs range is from 1 to 4094.
PAGE 957
Field Example Description • statically configured member of the Group • received a (*,G) Join message Dell#show ip pim snooping tib PIM Multicast Snooping Table Flags: J/P - (*,G) Join/Prune, j/p - (S,G) Join/Prune SGR-P - (S,G,R) Prune Timers: Uptime/Expires * : Inherited port (*, 225.1.2.1), uptime 00:00:01, expires 00:02:59, RP 165.87.70.1, flags: J Incoming interface: Vlan 2, RPF neighbor 0.0.0.0 Outgoing interface list: TenGigabitEthernet 4/5 RPF 165.87.32.
PAGE 958
0 passive PIM interfaces 3 active PIM neighbors TIB summary: 1/1 (*,G) entries in PIM-TIB/MFC 1/1 (S,G) entries in PIM-TIB/MFC 0/0 (S,G,Rpt) entries in PIM-TIB/MFC 0 0 0 0 PIM nexthops RPs sources Register states Message summary: 2582/2583 Joins sent/received 5/0 Prunes sent/received 0/0 Candidate-RP advertisements sent/received 0/0 BSR messages sent/received 0/0 State-Refresh messages sent/received 0/0 MSDP updates sent/received 0/0 Null Register messages sent/received 0/0 Register-stop messages sent/rec
PAGE 959
Example Field Description uptime Displays the amount of time the entry has been in the PIM route table. expires Displays the amount of time until the entry expires and is removed from the database. RP Displays the IP address of the RP/source for this entry.
PAGE 960
Outgoing interface list: TenGigabitEthernet 0/8 show running-config pim Display the current configuration of PIM-SM snooping. Syntax show running-config pim Command Modes EXEC Privilege Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Example Dell#show running-config pim ! ip pim snooping enable Related Commands ip pim sparse-mode — enables PIM-SM snooping.
PAGE 961
Parameters interface • For a Loopback interface, enter the keyword loopback then a number from 0 to 16383. • For a Port Channel interface, enter the keywords port-channel then a number. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a VLAN, enter the keyword vlan then a number from 1 to 4094. hash-mask-length (OPTIONAL) Enter the hash mask length for RP selection. The range is from 0 to 128. The default is 126.
PAGE 962
ipv6 pim join-filter Permit or deny PIM Join/Prune messages on an interface using an access list. This command prevents the PIM-SM router from creating state based on multicast source and/or group. Syntax ipv6 pim join-filter access-list Parameters access-list Enter the name of an extended access list. in Enter the keyword in to apply the access list to inbound traffic. out Enter the keyword out to apply the access list to outbound traffic.
PAGE 963
ipv6 pim neighbor-filter Prevent the system from forming a PIM adjacency with a neighboring system. Syntax Parameters ipv6 pim neighbor-filter {access-list} access-list Defaults none Command Modes CONFIGURATION Command History Usage Information Enter the name of a standard access list. Maximum 16 characters. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Do not enter this command before creating the access-list.
PAGE 964
To remove an RP address, use the no ipv6 pim re-address address group-address mask override command. Parameters address Enter the IPv6 RP address in the x:x:x:x::x format. NOTE: The :: notation specifies successive hexadecimal fields of zero. group-address group-address mask Enter the keywords group-address then the group address in the x:x:x:x::x format and then the mask in /nn format to assign that group address to the RP.
PAGE 965
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. ipv6 pim sparse-mode Enable IPv6 PIM sparse mode on the interface. Syntax ipv6 pim sparse-mode To disable IPv6 PIM sparse mode, use the no ipv6 pim sparse-mode command. Defaults Disabled. Command Modes INTERFACE Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 966
show ipv6 pim bsr-router View information on the Bootstrap router (v2). Syntax show ipv6 pim bsr-router Command Modes Command History Example • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 967
show ipv6 pim neighbor Displays IPv6 PIM neighbor information. Syntax Parameters Command Modes Command History Example show ipv6 pim neighbor [detail] detail • EXEC • EXEC Privilege (OPTIONAL) Enter the keyword detail to displayed PIM neighbor detailed information. Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 968
ff0e::226:1:2:2 14::1 Dell Example (Mapping) Dellshow ipv6 pim rp mapping PIM Group-to-RP Mappings Group(s): ff00::/8 RP: 14::1, v2 Info source: 14::1, via bootstrap, priority 192 Uptime: 00:03:37, expires: 00:01:53 Group(s): ff00::/8, Static RP: 14::2, v2 Dell show ipv6 pim tib View the IPv6 PIM multicast-routing database (tree information base — tib).
PAGE 969
RPF neighbor: TenGigabitEthernet 0/3, fe80::201:e8ff:fe00:6265 Outgoing interface list: TenGigabitEthernet 1/1 (25::1, ff0e::226:1:2:1), uptime 00:09:54, expires 00:00:00,flags: CJ RPF neighbor: TenGigabitEthernet 0/3, fe80::201:e8ff:fe00:6265 Outgoing interface list: TenGigabitEthernet 1/1 Dell# PIM-Sparse Mode (PIM-SM) 969
PAGE 970
42 Port Monitoring The port monitoring feature allows you to monitor network traffic by forwarding a copy of each incoming or outgoing packet from one port to another port. Important Points to Remember • Port monitoring is supported on physical ports and logical interfaces, such as Port Channels and virtual local area networks (VLANs). • The monitoring (destination, “MG”) and monitored (source, “MD”) ports must be on the same switch.
PAGE 971
Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 9.4(0.0) Added support for the RPM / ERPM. 8.3.16.1 Introduced on the M I/O Aggregator. monitor session — enables a monitoring session. erpm Configure the source and destination IP address for ERPM traffic. Syntax erpm source-ip ip-address dest-ip ip-address [gre-protocol value] To remove the configuration, use the no erpm source-ip IP-address dest-ip IP-address [greprotocol value] command.
PAGE 972
To disable flow-based monitoring, use the no flow-based enable command. Defaults Disabled, that is flow-based monitoring is not applied. Command Modes MONITOR SESSION (conf-mon-sess-session-ID) Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.4(0.0) Added support for the RPM/ERPM. 9.3(0.0) Introduced on the MXL 10/40GbE Switch IO Module platform. 8.1.1.0 Introduced on the E-Series ExaScale. 7.4.1.0 Introduced on the E-Series.
PAGE 973
Version Description 8.3.16.1 Introduced on the M I/O Aggregator. Usage Information The monitor command is saved in the running configuration at Monitor Session mode level and can be restored after a chassis reload. Example Dell(conf)# monitor session 60 Dell(conf-mon-sess-60) Related Command show monitor session — displays the monitor session. show running-config monitor session — displays the running configuration of a monitor session.
PAGE 974
Command History Example Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the M I/O Aggregator. Dell(conf-mon-sess-1)#show config ! monitor session 1 source TenGigabitEthernet 0/1 destination Port-channel 1 direction rx show monitor session Display the monitor information of a particular session or all sessions. Syntax show monitor session {session-ID} To display monitoring information for all sessions, use the show monitor session command.
PAGE 975
Defaults Command Modes Command History none • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the M I/O Aggregator. Usage Information The monitoring command is saved in the running configuration at the Monitor Session mode level and can be restored after a chassis reload.
PAGE 976
interface direction {rx | tx | both} • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/ port information. • For a port channel interface, enter the keyword LAG then port channel and the portchannel id . Enter the one of the following keywords and slot/port information: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information.
PAGE 977
43 Private VLAN (PVLAN) Private VLANs extend the Dell Networking OS security suite by providing Layer 2 isolation between ports within the same private VLAN. A private VLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair. The Dell Networking OS private VLAN implementation is based on RFC 3069. For more information, refer to the following commands. The command output is augmented in the Dell Networking OS version 7.8.1.
PAGE 978
Topics: • ip local-proxy-arp • private-vlan mapping secondary-vlan • private-vlan mode • show interfaces private-vlan • show vlan private-vlan • show vlan private-vlan mapping • switchport mode private-vlan ip local-proxy-arp Enable/disable Layer 3 communication between secondary VLANs in a private VLAN. Syntax [no] ip local-proxy-arp To disable Layer 3 communication between secondary VLANs in a private VLAN, use the no ip localproxy-arp command in INTERFACE VLAN mode for the primary VLAN.
PAGE 979
private-vlan mapping secondary-vlan Map secondary VLANs to the selected primary VLAN. Syntax [no] private-vlan mapping secondary-vlan vlan-list To remove specific secondary VLANs from the configuration, use the no private-vlan mapping secondary-vlan vlan-list command syntax. Parameters vlan-list Defaults none Command Modes INTERFACE VLAN Command History Usage Information Related Commands Enter the list of secondary VLANs to associate with the selected primary VLAN.
PAGE 980
primary Defaults none Command Modes INTERFACE VLAN Command History Usage Information Enter the keyword primary to configure the VLAN as a primary VLAN. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The VLAN: • can be in only one mode, either community, isolated, or primary. • mode ode to community or isolated even before associating it to a primary VLAN.
PAGE 981
Usage Information Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. This command has two types of display — a list of all PVLAN interfaces or for a specific interface. Examples of both types of output are shown below. The following describes the show interfaces private-vlan command shown in the following examples. Example (All) Field Description Interface Displays the type of interface and associated slot and port number.
PAGE 982
Defaults primary (OPTIONAL) Enter the keyword primary to display VLANs configured as primary VLANs, along with their interfaces. primary_vlan (OPTIONAL) Enter a private VLAN ID or secondary VLAN ID to display interface details about the designated PVLAN. interface interface (OPTIONAL) Enter the keyword interface and an interface ID to display the PVLAN configuration of the designated interface.
PAGE 983
100 200 isolated isolated Yes Yes Gi 2/2,4-6 Gi 3/2,4-6 Example (Community) Dell# show vlan private-vlan community Primary Secondary Type Active Ports ------- --------- --------- ------ ----------10 primary Yes Gi 2/1,3 101 community Yes Gi 2/7-10 20 primary Yes Po 10, 12-13 Gi 3/1 201 community No 202 community Yes Gi 3/11-12 Example (Specific) Dell# show vlan private-vlan interface Gi 2/1 Primary Secondary Type Active Ports ------- --------- --------- -------------------10 primary Yes Gi 2/1 Usage
PAGE 984
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced the on MXL 10/40GbE Switch IO Module. Usage Information The output of this command, shown below, displays the community and isolated VLAN IDs that are associated with each primary VLAN.
PAGE 985
Example Dell#conf Dell(conf)#interface GigabitEthernet 2/1 Dell(conf-if-te-2/1)#switchport mode private-vlan promiscuous Dell(conf)#interface GigabitEthernet 2/2 Dell(conf-if-te-2/2)#switchport mode private-vlan host Dell(conf)#interface GigabitEthernet 2/3 Dell(conf-if-te-2/3)#switchport mode private-vlan trunk Dell(conf)#interface port-channel 10 Dell(conf-if-te-2/3)#switchport mode private-vlan promiscuous Related Commands private-vlan mode — sets the mode of the selected VLAN to community, isolated,
PAGE 986
44 Per-VLAN Spanning Tree Plus (PVST+) The Dell Networking Operating System (OS) implementation of per-VLAN spanning tree plus (PVST+) is based on the IEEE 802.1w standard spanning tree protocol, but it creates a separate spanning tree for each VLAN configured. NOTE: For easier command line entry, the plus (+) sign is not used at the command line.
PAGE 987
disable Disable PVST+ globally. Syntax disable To enable PVST+, use the no disable command. Defaults Disabled. Command Modes CONFIGURATION (conf-pvst) Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. protocol spanning-tree pvst — enter PVST+ mode. edge-port bpdufilter default Enable BPDU Filter globally to filter transmission of BPDU on port fast enabled interfaces.
PAGE 988
Example Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Dell(conf-pvst)#do show spanning-tree pvst vlan 2 brief VLAN 2 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 001e.c9f1.00f3 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 001e.c9f1.
PAGE 989
Dell(conf-pvst)#vlan 2 bridge-priority 4096 Dell(conf-pvst)#vlan 3 bridge-priority 16384 Dell(conf-pvst)# Dell(conf-pvst)#show config ! protocol spanning-tree pvst no disable vlan 2 bridge-priority 4096 vlan 3 bridge-priority 16384 Dell# Usage Information After you enable PVST+, the device runs an STP instance for each VLAN it supports. Related Commands disable — disables PVST+. show spanning-tree pvst — displays the PVST+ configuration.
PAGE 990
Field Description Instance PVST instance. Sts Port state: root-inconsistent (INCON Root), forwarding (FWD), listening (LIS), blocking (BLK), or shut down (EDS Shut). Guard Type Type of STP guard configured (Root, Loop, or BPDU guard). Bpdu Filter Yes - Bpdu filter Enabled No - Bpdu filter Disabled Example (Brief) Dell# show spanning-tree pvst vlan 2 brief VLAN 2 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 001e.c9f1.
PAGE 991
Port 459 (TenGigabitEthernet 0/5) is designated Forwarding Port path cost 2000, Port priority 128, Port Identifier 128.459 Designated root has priority 32768, address 001e.c9f1.00:f3 Designated bridge has priority 32768, address 001e.c9f1.00:f3 Designated port id is 128.
PAGE 992
bpduguard Enter the keyword portfast to enable Portfast to move the interface into Forwarding mode immediately after the root fails. Enter the keyword bpduguard to disable the port when it receives a BPDU. shutdown-onviolation (OPTIONAL) Enter the keywords shutdown-on-violation to hardware disable an interface when a BPDU is received and the port is disabled. bpdufilter (OPTIONAL) Enter the keyword bpdufilter to stop sending and receiving BPDUs on port fast enabled ports.
PAGE 993
no shutdown Dell(conf-if-te-0/1)#end Dell# Related Commands show spanning-tree pvst — views the PVST+ configuration. spanning-tree pvst err-disable Place ports in an Err-Disabled state if they receive a PVST+ BPDU when they are members an untagged VLAN. Syntax spanning-tree pvst err-disable cause invalid-pvst-bpdu Defaults Enabled; ports are placed in the Err-Disabled state if they receive a PVST+ BPDU when they are members of an untagged VLAN.
PAGE 994
changes. However, if a standards-based flush mechanism is needed, you can turn this knob command on to enable flushing MAC addresses after receiving every topology change notification. vlan bridge-priority Set the PVST+ bridge-priority for a VLAN or a set of VLANs. Syntax vlan vlan-id bridge-priority value To return to the default value, use the no vlan bridge-priority command. Parameters vlan vlan-range Enter the keyword vlan then the VLAN numbers. The range is from 1 to 4094.
PAGE 995
Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. vlan bridge-priority — sets the bridge-priority value. vlan hello-time — changes the time interval between BPDUs. vlan max-age — changes the time interval before PVST+ refreshes. show spanning-tree pvst — displays the PVST+ configuration. vlan hello-time Set the time interval between generation of PVST+ and BPDUs.
PAGE 996
Parameters vlan vlan-range Enter the keyword vlan then the VLAN numbers. The range is from 1 to 4094. max-age seconds Enter the keywords max-age then the time interval, in seconds, that the system waits before refreshing configuration information. The range is from 6 to 40 seconds. The default is 20 seconds. Defaults 20 seconds Command Modes CONFIGURATION (conf-pvst) Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.
PAGE 997
45 Quality of Service (QoS) The Dell Networking Operating System (OS) commands for quality of service (QoS) include traffic conditioning and congestion control.
PAGE 998
• rate shape • service-policy input • service-policy output • service-queue • set • show qos class-map • show qos policy-map • show qos policy-map-input • show qos policy-map-output • show qos qos-policy-input • show qos qos-policy-output • show qos statistics • show qos wred-profile • test cam-usage • trust • wred • wred ecn • wred-profile • dscp • qos dscp-color-map • qos dscp-color-policy • show qos dscp-color-policy • show qos dscp-color-map Global Configura
PAGE 999
service-class dot1p-mapping This command maps an 802.1p priority to an internal traffic class. Syntax Parameters Command Modes Command History service-class dot1p-mapping user-priority user-priority The user-priority value ranges from 0 to 7. CONFIGURATION Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Per-Port QoS Commands Per-port QoS (port-based QoS) allows you to define the QoS configuration on a per-physical-port basis.
PAGE 1000
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The dot1p-priority command changes the priority of incoming traffic on the interface. The system places traffic marked with a priority in the correct queue and processes that traffic according to its queue.
PAGE 1001
Related Commands rate-police — specifies traffic policing on the selected interface. rate shape Shape the traffic output on the selected interface. Syntax Parameters rate shape [kbps] rate [burst-KB] kbps Enter the keyword kbps to specify the rate limit in Kilobits per second (Kbps). Make the following value a multiple of 64. The range is from 0 to 40000000. The default granularity is Megabits per second (Mbps). rate Enter the outgoing rate in multiples of 10 Mbps. The range is from 10 to 10000.
PAGE 1002
Command Modes Command History Usage Information dot1p Queue ID 7 3 • INTERFACE • CONFIGURATION Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. To honor all incoming 802.1p markings on incoming switched traffic on the interface, enter this command. By default, this facility is not enabled (that is, the 802.1p markings on incoming traffic are not honored).
PAGE 1003
queues are superseded by ETS configurations. This is to provide compatibility with DCBX. Therefore, Dell Networking OS recommends disabling ETS when you wish to apply these features exclusively. After you disable ETS on an interface, the configured parameters are applied. strict-priority unicast Configure a unicast queue as a strict-priority (SP) queue.
PAGE 1004
Parameters percentage Enter the percentage assignment of weight to the class/queue. The range is from 1 to 100% (granularity 1%). Defaults none Command Modes CONFIGURATION (conf-qos-policy-out) Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information The unit of bandwidth percentage is 1%.
PAGE 1005
Related Commands ip access-list extended — configures an extended IP ACL. ip access-list standard — configures a standard IP ACL. match ip access-group — configures the match criteria based on the access control list (ACL). match ip precedence — identifies the IP precedence values as match criteria. match ip dscp configures the match criteria based on the DSCP value. match ip access-group — configures a match criterion for a class map based on the contents of the designated MAC ACL.
PAGE 1006
crypto key zeroize rsa Removes the generated RSA host keys and zeroize the key storage location. Syntax crypto key zeroize rsa Defaults none Command Modes CONFIGURATION Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Version Description 9.8(1.0) Introduced on the Z9100-ON. 9.8(0.0P5) Introduced on the S4048-ON. 9.8(0.0P2) Introduced on the S3048-ON. 9.7(0.
PAGE 1007
Version Description 9.7(0.0) Introduced on the S6000–ON. 9.5(0.1) Introduced on the Z9500. 9.5(0.0) Introduced on the Z9000, S6000, S4820T, S4810, MXL match ip access-group Configure match criteria for a class map, based on the access control list (ACL). Syntax match ip access-group access-group-name [set-ip-dscp value] To remove ACL match criteria from a class map, use the no match ip access-group access-groupname [set-ip-dscp value] command.
PAGE 1008
Command History This guide is platform-specific. For command information about other platforms, refer to the relevant Dell Networking OS Command Line Reference Guide. The following is a list of the Dell Networking OS version history for this command. Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.4(0.0) Introduced on the MXL switch. To access this command, enter the class-map command. After the class map is identified, you can configure the match criteria.
PAGE 1009
To remove the description, use the no description {description} command. Parameters description Enter a description to identify the policies (80 characters maximum). Defaults none Command Modes CONFIGURATION (policy-map-input and policy-map-output; conf-qos-policy-in and conf-qos-policy-out; wred) Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1010
Usage Information To access this command, enter the class-map command. After the class map is identified, you can configure the match criteria. The match ip dscp and match ip precedence commands are mutually exclusive. Up to 64 IP DSCP values can be matched in one match statement. For example, to indicate IP DCSP values 0 1 2 3 4 5 6 7, enter either the match ip dscp 0,1,2,3,4,5,6,7 or match ip dscp 0-7 command.
PAGE 1011
NOTE: Only one of the IP precedence values must be a successful match criterion, not all of the specified IP precedence values must match. Related Commands class-map — identifies the class map. match mac access-group Configure a match criterion for a class map, based on the contents of the designated MAC ACL. Syntax Parameters match mac access-group {mac-acl-name} mac-acl-name Defaults none Command Modes CLASS-MAP Command History Enter a MAC ACL name.
PAGE 1012
match mac vlan Configure a match criterion for a class map based on VLAN ID. Syntax match mac vlan number Parameters number Defaults none Command Modes CLASS-MAP Command History Enter the VLAN ID. The range is from 1 to 4094. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information To access this command, enter the class-map command. You can match against only one VLAN ID.
PAGE 1013
policy-map-input Create an input policy map. Syntax policy-map-input policy-map-name [layer2] To remove an input policy map, use the no policy-map-input policy-map-name [layer2] command. Parameters policy-map-name Enter the name of the policy map in character format (32 characters maximum). layer2 (OPTIONAL) Enter the keyword layer2 to specify a Layer 2 Class Map. The default is Layer 3. Defaults Layer 3 Command Modes CONFIGURATION Command History Version Description 9.9(0.
PAGE 1014
Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information To assign traffic to different flows using QoS policy, use the Output Policy map. This command enables PolicyMap-Output Configuration mode (conf-policy-map-out). Related Commands service-queue — assigns a class map and QoS policy to different queues. policy-aggregate — allows an aggregate method of configuring per-port QoS using policy maps.
PAGE 1015
To remove an existing output QoS policy, use the no qos-policy-output qos-policy-name command. Parameters qos-policy-name Defaults none Command Modes CONFIGURATION Command History Enter your output QoS policy name in character format (32 characters maximum). Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1016
Related Commands rate police — specifies traffic policing on the selected interface. qos-policy-input — creates a QoS output policy. rate shape Shape the traffic output on the selected interface. Syntax rate shape [kbps] rate [burst-KB] Parameters kbps Enter the keyword kbps to specify the rate limit in Kilobits per second (Kbps). Make the following value a multiple of 64. The range is from 0 to 40000000. The default granularity is Megabits per second (Mbps).
PAGE 1017
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. You can attach a single policy-map to one or more interfaces to specify the service-policy for those interfaces. A policy map attached to an interface can be modified. NOTE: The service-policy commands are not allowed on a port channel.
PAGE 1018
Parameters queue-id Enter the value used to identify a queue. The range is from 0 to 3 (four queues per interface; four queues are reserved for control traffic). class-map classmap-name (OPTIONAL) Enter the keyword class-map then the class map name assigned to the queue in character format (32 character maximum). NOTE: This option is available under policy-map-input only.
PAGE 1019
show qos class-map View the current class map information. Syntax Parameters Defaults Command Modes Command History Example show qos class-map [class-name] class-name (Optional) Enter the name of a configured class map. none • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Dell#show qos class-map Class-map match-any CM Match ip access-group ACL Related Commands class-map — identifies the class map.
PAGE 1020
• Command History Example (IPv4) EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1021
Policy-map-input PolicyMapInput Aggregate Qos-policy-name AggPolicyIn Queue# Class-map-name Qos-policy-name 0 ClassMap1 qosPolicyInput Dell# show qos policy-map-output View the output QoS policy map details. Syntax Parameters Defaults Command Modes Command History Example show qos policy-map-output [policy-map-name] [qos-policy-output qos-policyname] policy-map-name Enter the policy map name. qos-policy-output qos-policy-name Enter the keyword qos-policy-output then the QoS policy name.
PAGE 1022
Command History Example Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Dell#show qos qos-policy-input Qos-policy-input QosInput Rate-police 100 50 peak 100 50 Dscp 32 Dell# show qos qos-policy-output View the output QoS policy details. Syntax show qos qos-policy-output [qos-policy-name] Parameters Defaults qos-policy-name Enter the QoS policy name.
PAGE 1023
• wred-profile interface interface Defaults Command Modes Command History Example For a 10–Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/po Enter the keywords wred-profile and optionally one of the following keywords and slot/port or nu • For a 40–Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port informatio • For a 10–Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/po Enter one of the following keywords and sl
PAGE 1024
Defaults none Command Modes Command History Example • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Dell#show qos wred-profile Wred-profile-name min-threshold max-threshold wred_drop 0 0 wred_teng_y 467 4671 wred_teng_g 467 4671 wred_fortyg_y 467 4671 wred_fortyg_g 467 4671 test cam-usage Checks the Input Policy Map configuration for the CAM usage.
PAGE 1025
Field Description CAM Partition The CAM space where the rules are added. Available CAM Indicates the free CAM space, in the partition, for the classification rules. NOTE: The CAM entries reserved for the default rules are not included in the Available CAM column; free entries, from the default rules space, cannot be used as a policy map for the classification rules.
PAGE 1026
Defaults none Command Modes CONFIGURATION (conf-policy-map-in) Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. When you configure trust, matched bytes/packets counters are not incremented in the show qos statistics command. Dynamic mapping honors packets marked according to the standard definitions of DSCP. The following lists the default mapping. Table 2.
PAGE 1027
Pre-defined Profiles: wred_drop, wred-ge_y, wred_ge_g, wred_teng_y, wred_teng_. ecn When you configure wred ecn command, instead of droppping the packets exponentially, Explicit Congestion Notification (ECN) marking is made on the packets. Defaults none Command Modes CONFIGURATION (conf-qos-policy-out) Command History Version Description 9.9(0.0) Introduced on the FN IOM. 9.2(0.0) Introduced on the M I/O Aggregator. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1028
When you enable wred ecn, and the number of packets in the queue is between the minimum threshold and the maximum threshold, one of the following two scenarios can occur: • If the transmission endpoints are ECN-capable and traffic is congested, and the WRED algorithm determines that the packet should have been dropped based on the drop probability, the packet is transmitted and marked so the routers know the system is congested and can slow transmission rates.
PAGE 1029
To remove a color policy map profile, use the no dscp {yellow | red} [dscp-list] command. Parameters Yellow Enter the yellow keyword. Traffic marked as yellow delivers traffic to the egress queue which either transmits the packet if it has available bandwidth or drops the packet due to no ability to send. Red Enter the red keyword. Traffic marked as red is dropped. dscp-list Enter a list of IP DSCP values. The dscp-list parameter specifies the full list of IP DSCP value(s) for the specified color.
PAGE 1030
qos dscp-color-map Configure the DSCP color map. Syntax qos dscp-color-map map-name To remove a color map, use the no qos dscp-color-map map-name command. Parameters map-name Enter the name of the DSCP color map. The map name can have a maximum of 32 characters. Defaults None Command Modes CONFIGURATION Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Version Description 9.8(1.
PAGE 1031
Parameters color-map-profilename Enter the color map profile name. The name can have a maximum of 32 characters. Defaults None Command Modes CONFIG-INTERFACE Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Version Description 9.8(1.0) Introduced on the Z9100-ON. 9.8(0.0P5) Introduced on the S4048-ON. 9.8(0.0P2) Introduced on the S3048-ON. 9.7(0.0) Introduced on the S6000-ON.
PAGE 1032
Version Description 9.8(0.0P5) Introduced on the S4048-ON. 9.8(0.0P2) Introduced on the S3048-ON. 9.7(0.0) Introduced on the S6000-ON. 9.5.0.0 Introduced on the Z9000, S6000, S4820T, S4810, and MXL. Example Related Commands • show qos dscp-color-map — displays DSCP color maps. show qos dscp-color-map Display the DSCP color map for one or all interfaces. Syntax show qos dscp-color-map map-name Parameters map-name Enter the name of the color map.
PAGE 1033
46 Routing Information Protocol (RIP) Routing information protocol (RIP) is a distance vector routing protocol. The Dell Networking Operating System (OS) supports both RIP version 1 (RIPv1) and RIP version 2 (RIPv2). The implementation of RIP is based on IETF RFCs 2453 and RFC 1058. For more information about configuring RIP, refer to the Dell Networking OS Configuration Guide.
PAGE 1034
auto-summary Restore the default behavior of automatic summarization of subnet routes into network routes. This command applies only to RIP version 2. Syntax auto-summary To send sub-prefix routing information, use the no auto-summary command. Defaults Enabled. Command Modes ROUTER RIP Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. clear ip rip Update all the RIP routes in the routing table.
PAGE 1035
• Command Modes Command History For a VLAN, enter the keyword vlan then a number from 1 to 4094. database (OPTIONAL) Enter the keyword database to display messages when there is a change to the RIP database. events (OPTIONAL) Enter the keyword events to debug only RIP protocol changes. trigger (OPTIONAL) Enter the keyword trigger to debug only RIP trigger extensions. EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1036
To return the default metric to the original values, use the no default-metric command. Parameters number Defaults 1 Command Modes ROUTER RIP Command History Specify a number. The range is from 1 to 16. The default is 1. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information This command ensures that route information being redistributed is converted to the same metric value.
PAGE 1037
mask If you enter an IP address, also enter a mask for that IP address, in either dotted decimal format or /prefix format (/x). prefix-name (OPTIONAL) Enter a configured prefix list name. Defaults weight = 120 Command Modes ROUTER RIP Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. default-metric — assigns one distance metric to all routes learned using the redistribute command.
PAGE 1038
To delete the filter, use the no distribute-list prefix-list-name out command. Parameters prefix-list-name Enter the name of a configured prefix list. interface (OPTIONAL) Identifies the interface type slot/port as one of the following: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/ port information.
PAGE 1039
ip rip receive version To receive specific versions of RIP, set the interface. The RIP version you set on the interface overrides the version command in ROUTER RIP mode. Syntax ip rip receive version [1] [2] To return to the default, use the no ip rip receive version command. Parameters 1 (OPTIONAL) Enter the number 1 for RIP version 1. 2 (OPTIONAL) Enter the number 2 for RIP version 2. Defaults RIPv1 and RIPv2 Command Modes INTERFACE Command History Version Description 9.9(0.
PAGE 1040
Related Commands ip rip receive version — sets the RIP version for the interface to receive traffic. version — sets the RIP version for the switch software. ip split-horizon Enable split-horizon for RIP data on the interface. As described in RFC 2453, the split-horizon scheme prevents any routes learned over a specific interface to be sent back out that interface. Syntax ip split-horizon To disable split-horizon, use the no ip split-horizon command.
PAGE 1041
To delete a neighbor setting, use the no neighbor ip-address command. Parameters ip-address Defaults Not configured. Command Modes ROUTER RIP Command History Usage Information Enter the IP address, in dotted decimal format, of a router with which to exchange information. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. When a neighbor router is identified, unicast data exchanges occur. Multiple neighbor routers are possible.
PAGE 1042
To delete an offset list, use the no offset-list prefix-list-name {in | out} offset [interface] command. Parameters prefix-list-name Enter the name of an established Prefix list to determine which incoming routes are modified. offset Enter a number from zero (0) to 16 to be applied to the incoming route metric matching the access list specified. If you set an offset value to zero (0), no action is taken.
PAGE 1043
passive-interface Suppress routing updates on a specified interface. Syntax passive-interface interface To delete a passive interface, use the no passive-interface interface command. Parameters interface Defaults Not configured. Command Modes ROUTER RIP Command History Enter the following information: • For a Port Channel interface, enter the keywords port-channel then a number. The range is from 1 to 128.
PAGE 1044
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information To redistribute the default route (0.0.0.0/0), configure the default-information originate command. Related Commands default-information originate — generates a default route for RIP traffic. redistribute ospf Redistribute routing information from an OSPF process.
PAGE 1045
Command Modes Command History CONFIGURATION Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information To enable RIP, assign a network address using the network command. Example Dell(conf)#router rip Dell(conf-router_rip)# Related Commands network — enables RIP. show config Display the changes you made to the RIP configuration. The default values are not shown.
PAGE 1046
Usage Information Example The following describes the show ip rip database command shown in the following example. Field Description Total number of routes in RIP database Displays the number of RIP routes stored in the RIP database. 100.10.10.0/24 directly connected Lists the routes directly connected. 150.100.0.0 redistributed Lists the routes learned through redistribution. 209.9.16.0/24... Lists the routes and the sources advertising those routes.
PAGE 1047
neighbor 20.20.20.20 redistribute ospf 999 version 2 timers basic Manipulate the RIP timers for routing updates, invalid, holddown times, and flush time. Syntax timers basic update invalid holddown flush To return to the default settings, use the no timers basic command. Parameters Defaults Command Modes Command History Usage Information update Enter the number of seconds to specify the rate at which RIP routing updates are sent. The range is from zero (0) to 4294967295. The default is 30 seconds.
PAGE 1048
2 Enter the keyword 2 to specify RIP version 2. Defaults The system sends RIPv1 and receives RIPv1 and RIPv2. Command Modes ROUTER RIP Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. ip rip receive version — sets the RIP version the interface receives. ip rip send version — sets the RIP version the interface sends.
PAGE 1049
47 Remote Monitoring (RMON) The Dell Networking Operating System (OS) remote monitoring (RMON) is based on IEEE standards, providing both 32-bit and 64-bit monitoring and long-term statistics collection.
PAGE 1050
rmon alarm Set an alarm on any MIB object. Syntax rmon alarm number variable interval {delta | absolute} rising-threshold value event-number falling-threshold value event-number [owner string] To disable the alarm, use the no rmon alarm number command. Parameters number Enter the alarm integer number from 1 to 65535. The value must be unique in the RMON alarm table. variable Enter the MIB object to monitor. The variable must be in the SNMP OID format; for example, 1.3.6.1.2.1.1.3.
PAGE 1051
rmon collection history Enable the RMON MIB history group of statistics collection on an interface. Syntax rmon collection history {controlEntry integer} [owner name] [buckets number] [interval seconds] To remove a specified RMON history group of statistics collection, use the no rmon collection history {controlEntry integer} command. Parameters controlEntry integer Enter the keyword controlEntry to specify the RMON group of statistics using a value.
PAGE 1052
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. rmon event Add an event in the RMON event table. Syntax rmon event number [log] [trap community] [description string] [owner name] To disable RMON on an interface, use the no rmon event number command. Parameters number Assign an event number in integer format from 1 to 65535. The number value must be unique in the RMON event table.
PAGE 1053
interval Time, in seconds, the alarm monitors the MIB variables; this is the alarmSampleType in the RMON alarm table. The range is from 5 to 3600 seconds. delta Enter the keyword delta to test the change between MIB variables. This is the alarmSampleType in the RMON alarm table. absolute Enter the keyword absolute to test each MIB variable directly. This is the alarmSampleType in the RMON alarm table.
PAGE 1054
log table: 2 entries, 552 bytes Dell# show rmon alarms Display the contents of the RMON alarm table. Syntax show rmon alarms [index] [brief] Parameters index (OPTIONAL) Enter the table index number to display just that entry. brief (OPTIONAL) Enter the keyword brief to display the RMON alarm table in an easy-toread format. Defaults none Command Modes EXEC Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1055
22 Dell# 1.3.6.1.2.1.1.3 show rmon events Display the contents of the RMON event table. Syntax Parameters show rmon events [index] [brief] index (OPTIONAL) Enter the table index number to display just that entry. brief (OPTIONAL) Enter the keyword brief to display the RMON event table in an easy-toread format. Defaults none Command Modes EXEC Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1056
show rmon hc-alarm Display the contents of RMON High-Capacity alarm table. Syntax show rmon hc-alarm [index] [brief] Parameters index (OPTIONAL) Enter the table index number to display just that entry. brief (OPTIONAL) Enter the keyword brief to display the RMON High-Capacity alarm table in an easy-to-read format. Defaults none Command Modes EXEC Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1057
brief Defaults none Command Modes EXEC Command History (OPTIONAL) Enter the keyword brief to display the RMON Ethernet history table in an easy-to-read format Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Example (Index) Dell#show rmon history 6001 RMON history control entry 6001 interface: ifIndex.
PAGE 1058
Example (Index) Dell#show rmon log 2 RMON log entry, alarm table index 2, log index 1 log time: 14638 (THU AUG 12 22:10:40 2004) description: 2 Dell# Example (Brief) Dell#show rmon log br eventIndex description -----------------------------2 2 4 4 Dell# show rmon statistics Display the contents of RMON Ethernet statistics table. Syntax show rmon statistics [index] [brief] Parameters index (OPTIONAL) Enter the table index number to display just that entry.
PAGE 1059
HC 64bytes packets overflow: 0 HC 64bytes packets: 0 HC 65-127 bytes packets overflow: 0 HC 65-127 bytes packets: 0 HC 128-255 bytes packets overflow: 0 HC 128-255 bytes packets: 0 HC 256-511 bytes packets overflow: 0 HC 256-511 bytes packets: 0 HC 512-1023 bytes packets overflow: 0 HC 512-1023 bytes packets: 0 HC 1024-1518 bytes packets overflow: 0 HC 1024-1518 bytes packets: 0 Dell# Example (Brief) Dell#show rmon statistics br index ifIndex interface ---------------------------------------6001 100974631
PAGE 1060
48 Rapid Spanning Tree Protocol (RSTP) The Dell Networking Operating System (OS) implementation of rapid spanning tree protocol (RSTP) is based on the IEEE 802.1w standard spanning-tree protocol. The RSTP algorithm configures connectivity throughout a bridged local area network (LAN) that is comprised of LANs interconnected by bridges. bridge-priority Set the bridge priority for RSTP. Syntax bridge-priority priority-value To return to the default value, use the no bridge-priority command.
PAGE 1061
• For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/ port information. Optionally, enter an in or out parameter with the optional interface: events Command Modes Command History Example • For Receive, enter in. • For Transmit, enter out. (OPTIONAL) Enter the keyword events to debug RSTP events. EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1062
Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. protocol spanning-tree rstp — enters SPANNING TREE mode on the switch. forward-delay Configure the amount of time the interface waits in the Listening State and the Learning State before transitioning to the Forwarding State. Syntax forward-delay seconds To return to the default setting, use the no forward-delay command.
PAGE 1063
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The hello time is encoded in BPDUs in increments of 1/256ths of a second. The standard minimum hello time in seconds is 1 second, which is encoded as 256. Millisecond hello times are encoded using values less than 256; the millisecond hello time equals (x/1000)*256.
PAGE 1064
Parameters priority-value Enter a number as the bridge priority value in increments of 4096. The range is from 0 to 61440. The default is 32768. Defaults Disabled Command Modes CONFIGURATION (conf-rstp) Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. protocol spanning-tree rstp To configure RSTP, enter RSTP mode. Syntax protocol spanning-tree rstp To exit RSTP mode, use the exit command.
PAGE 1065
no disable bridge-priority 16384 spanning-tree rstp Configure an RSTP interface with one of these settings: port cost, edge port with optional bridge port data unit (BPDU) guard, port priority, loop guard, or root guard. Syntax Parameters spanning-tree rstp {cost port-cost | edge-port [bpduguard [shutdown-onviolation]] | bpdufilter | priority priority | {rootguard}} cost port-cost Enter the keyword cost then the port cost value. The range is from 1 to 200000.
PAGE 1066
Error Disable state if a BPDU appears and a message is logged so that the administrator can take corrective action. NOTE: A port configured as an edge port, on an RSTP switch, immediately transitions to the Forwarding state. Only configure ports connected to end-hosts as edge ports. Consider an edge port similar to a port with a spanning-tree portfast enabled. If you do not enable shutdown-on-violation, BPDUs are still sent to the RPM CPU.
PAGE 1067
bpduguard (OPTIONAL) Enter the keyword portfast to enable Portfast to move the interface into Forwarding mode immediately after the root fails. Enter the keyword bpduguard to disable the port when it receives a BPDU. shutdown-onviolation (OPTIONAL) Enter the keywords shutdown-on-violation to hardware disable an interface when a BPDU is received and the port is disabled.
PAGE 1068
no shutdown Dell# tc-flush-standard Enable the MAC address flushing after receiving every topology change notification. Syntax tc-flush-standard To disable, use the no tc-flush-standard command. Defaults Disabled Command Modes CONFIGURATION (conf-rstp) Command History Usage Information 1068 Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. By default, the system implements an optimized flush mechanism for RSTP.
PAGE 1069
49 Security This chapter contains various types of security commands offered in the Dell Networking Operating System (OS). The commands are listed in the following sections: • AAA Accounting Commands • Authorization and Privilege Commands • Authentication and Password Commands • RADIUS Commands • TACACS+ Commands • SSH Server and SCP Commands • Secure DHCP Commands For configuration details, refer to the Security chapter in the Dell Networking OS Configuration Guide.
PAGE 1070
To disable AAA Accounting, use the no aaa accounting {system | exec | command level} {name | default}{start-stop | wait-start | stop-only} {tacacs+} command. Parameters system Enter the keyword system to send accounting information of any other AAA configuration. exec Enter the keyword exec to send accounting information when a user has logged in to EXEC mode.
PAGE 1071
tacacs-server host — specifies a TACACS+ server host. aaa accounting suppress Prevent the generation of accounting records of users with the user name value of NULL. Syntax aaa accounting suppress null-username To permit accounting records to users with user name value of NULL, use the no aaa accounting suppress null-username command. Defaults Accounting records are recorded for all users. Command Modes CONFIGURATION Command History Usage Information Version Description 9.9(0.
PAGE 1072
Related Commands aaa accounting — enables AAA Accounting and creates a record for monitoring the accounting function. crypto key zeroize rsa Removes the generated RSA host keys and zeroize the key storage location. Syntax crypto key zeroize rsa Defaults none Command Modes CONFIGURATION Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Version Description 9.8(1.
PAGE 1073
Task ID 16, EXEC Accounting record, 00:00:04 Elapsed, service=shell Dell# Related Commands aaa accounting — enables AAA Accounting and creates a record for monitoring the accounting function. Authorization and Privilege Commands To set command line authorization and privilege levels, use the following commands. authorization Apply an authorization method list to terminal lines.
PAGE 1074
Parameters commands level Enter the keyword commands then the command privilege level for command level authorization. role role-name Enter the keyword role then the role name. name Define a name for the list of authorization methods. default Define the default list of authorization methods. local Use the authorization parameters on the system to perform authorization. tacacs+ Use the TACACS+ protocol to perform authorization. none Enter the keyword none to apply no authorization.
PAGE 1075
Usage Information By default, access to commands are determined by the user’s role (if defined) or by the user’s privilege level. If the aaa authorization role-only command is enabled, then only the user’s role is used. Before you enable role-based only AAA authorization: Related Commands 1 Locally define a system administrator user role.This will give you access to login with full permissions even if network connectivity to remote authentication servers is not available.
PAGE 1076
local Use the authorization parameters on the system to perform authorization. tacacs+ Use the TACACS+ protocol to perform authorization. none Enter the keyword none to apply no authorization. Defaults none Command Modes CONFIGURATION Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. privilege level (CONFIGURATION mode) Change the access or privilege level of one or more commands.
PAGE 1077
privilege level (LINE mode) Change the access level for users on the terminal lines. Syntax privilege level level To delete access to a terminal line, use the no privilege level level command. Parameters level level Enter the keyword level then a number for the access level. The range is from 0 to 15. Level 1 is EXEC mode and Level 15 allows access to all CLI modes. Defaults level = 15 Command Modes LINE Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.
PAGE 1078
• ... method2 tacacs+: use the TACACS+ server(s) configured with the tacacs-server host command. (OPTIONAL) In the event of a “no response” from the first method, the system applies the next configured method. Defaults Use the enable password. Command Modes CONFIGURATION Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. By default, the Enable password is used.
PAGE 1079
... method4 • line: use the password the password command defines in LINE mode. Not available if role-only is in use. • none: no authentication. Not available if role-only is in use. • radius: use the RADIUS servers configured with the radius-server host command. • tacacs+: use the TACACS+ servers configured with the tacacs-server host command. (OPTIONAL) Enter up to four additional methods.
PAGE 1080
aaa reauthenticate enable Enable re-authentication of user whenever there is a change in the authenticators. Syntax aaa reauthenticate enable To disable the re-authentication option, use the no aaa reauthenticate enable command. Defaults Disabled Command Modes CONFIGURATION Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Usage Information Version Description 9.11(0.
PAGE 1081
Command Modes Command History Related Commands LINE Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. line — applies an authentication method list to the designated terminal lines. ip access-list standard — names (or selects) a standard access list to filter based on the IP address. ip access-list extended — names (or selects) an extended access list based on the IP addresses or protocols.
PAGE 1082
“abcd CNTL v ]e”. When the password is created, you do not use the CNTL + v key combination and enter “abcd]e”. NOTE: The question mark (?) is not a supported character. Related Commands show running-config — views the current configuration. privilege level (CONFIGURATION mode) — controls access to the command modes within the switch. enable restricted Allows Dell Networking technical support to access restricted commands.
PAGE 1083
Enter a 5 then a text string as the hidden password. The text string must be a password that was already encrypted by a Dell Networking router. Use this parameter only with a password that you copied from the show runningconfig file of another Dell Networking router. password Enter a text string, up to 32 characters long, as the clear text password. Defaults No password is configured. level = 15. Command Modes CONFIGURATION Command History Usage Information Version Description 9.9(0.
PAGE 1084
password Enter a text string, up to 32 characters long, as the clear text password. Defaults No password is configured. level = 15. Command Modes CONFIGURATION Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Related Commands Version Description 9.10(0.0) Introduced on the MXL. • show running-config — views the current configuration.
PAGE 1085
password Specify a password for users on terminal lines. Syntax password [encryption-type] password To delete a password, use the no password password command. Parameters encryption-type password (OPTIONAL) Enter either zero (0) or 7 as the encryption type for the password entered. The options are • 0 is the default and means the password is not encrypted and stored as clear text. • 7 means that the password is encrypted and hidden. Enter a text string up to 32 characters long.
PAGE 1086
To return to the default, use the no password-attributes [min-length number] [max-retry number] [lockout-period minutes] [character-restriction [upper number] [lower number] [numeric number] [special-char number]] command. Parameters min-length number (OPTIONAL) Enter the keywords min-length then the number of characters. The range is from 0 to 32 characters. max-retry number (OPTIONAL) Enter the keywords max-retry then the number of maximum password retries. The range is from 0 to 16.
PAGE 1087
To store new passwords as clear text, use the no service password-encryption command. Defaults Enabled. Command Modes CONFIGURATION Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information CAUTION: Encrypting passwords with this command does not provide a high level of security. When the passwords are encrypted, you cannot return them to plain text unless you re-configure them.
PAGE 1088
show users Allows you to view information on all users logged in to the switch. Syntax show users [all] Parameters Command Modes Command History Usage Information Example all (OPTIONAL) Enter the keyword all to view all terminal lines in the switch. EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 9.5(0.0) Introduced the support for roles on the MXL 10/40GbE Switch. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1089
• VTY: the range is from 1 to 30 seconds, the default is 30 seconds. • Console: the range is from 1 to 300 seconds, the default is 0 seconds (no timeout). • AUX: the range is from 1 to 300 seconds, the default is 0 seconds (no timeout). Defaults See the defaults settings shown in Parameters. Command Modes LINE Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1090
privilege level Enter the keyword privilege then a number from zero (0) to 15. role role-name Enter the keyword role followed by the role name to associate with that user ID. secret Enter the keyword secret then the encryption type. sha256-password Enter the keyword sha256-password then the encryption-type or the password. Defaults The default encryption type for password option is 0. The default encryption type for secret option is 5. The default encryption type for sha256-password option is 8.
PAGE 1091
ip radius source-interface Specify an interface’s IP address as the source IP address for RADIUS connections. Syntax ip radius source-interface interface To delete a source interface, use the no ip radius source-interface command. Parameters interface Defaults Not configured. Command Modes CONFIGURATION Command History Enter the following keywords and slot/port or number information: • For Loopback interfaces, enter the keyword loopback then a number from zero (0) to 16838.
PAGE 1092
radius-server host Configure a RADIUS server host. Syntax radius-server host {hostname | ipv4-address} [auth-port port-number] [retransmit retries] [timeout seconds] [key [encryption-type] key] Parameters hostname Enter the name of the RADIUS server host. ipv4-address Enter the IPv4 address (A.B.C.D) of the RADIUS server host. auth-port portnumber (OPTIONAL) Enter the keywords auth-port then a number as the port number. The range is from zero (0) to 65535. The default port-number is 1812.
PAGE 1093
radius-server key — sets an authentication key for RADIUS communications. radius-server retransmit — sets the number of times the RADIUS server attempts to send information. radius-server timeout — sets the time interval before the RADIUS server times out. radius-server key Configure a key for all RADIUS communications between the switch and the RADIUS host server. Syntax radius-server key [encryption-type] key To delete a password, use the no radius-server key command.
PAGE 1094
Parameters retries Defaults 3 retries Command Modes CONFIGURATION Command History Related Commands Enter a number of attempts that the system tries to locate a RADIUS server. The range is from zero (0) to 100. The default is 3 retries. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. radius-server host — configures a RADIUS host.
PAGE 1095
interface for INTERFACE modes line for LINE mode route-map for Route-map mode router for Router mode addrole Enter the keyword addrole to add permission to the command. You cannot add or delete rights for the sysadmin role. deleterole Enter the keyword deleterole to remove access to the command. You cannot add or delete rights for the sysadmin role. role-name Enter a text string for the name of the user role up to 63 characters.
PAGE 1096
Defaults Disabled. Command Modes EXEC Privilege Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. ip tacacs source-interface Specify an interface’s IP address as the source IP address for TACACS+ connections. Syntax ip tacacs source-interface interface To delete a source interface, use the no ip tacacs source-interface command. Parameters interface Defaults Not configured.
PAGE 1097
port number (OPTIONAL) Enter the keyword port then a number as the port to be used by the TACACS+ server. The range is from zero (0) to 65535. The default is 49. timeout seconds (OPTIONAL) Enter the keyword timeout then the number of seconds the switch waits for a reply from the TACACS+ server. The range is from 0 to 1000. The default is 10 seconds. key key (OPTIONAL) Enter the keyword key then a string up to 42 characters long as the authentication key.
PAGE 1098
Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The key configured with this command must match the key configured on the TACACS+ daemon. SSH Server and SCP Commands The Dell Networking OS supports secure shell (SSH) protocol versions 1.5 and 2.0. SSH is a protocol for secure remote login over an insecure network. SSH sessions are encrypted and use authentication.
PAGE 1099
Related Commands ip ssh server — enables the SSH server. show crypto — displays the SSH host public keys. debug ip ssh Enables collecting SSH debug information. Syntax debug ip ssh {client | server} To disable debugging, use the no debug ip ssh {client | server} command. Parameters client Enter the keyword client to enable collecting debug information on the client. server Enter the keyword server to enable collecting debug information on the server. Defaults Disabled on both client and server.
PAGE 1100
ip ssh authentication-retries Configure the maximum number of attempts that should be used to authenticate a user. Syntax ip ssh authentication-retries 1-10 Parameters 1-10 Enter the number of maximum retries to authenticate a user. The range is from 1 to 10. The default is 3. Defaults 3 Command Modes CONFIGURATION Command History Usage Information Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1101
ip ssh cipher Configure the list of ciphers supported on both SSH client and SCP. Syntax Parameters Defaults ip ssh cipher cipher-list cipher cipher-list Enter the keyword cipher and then a space-delimited list of ciphers that the SSH client supports. The following ciphers are available.
PAGE 1102
ip ssh connection-rate-limit Configure the maximum number of incoming SSH connections per minute. Syntax ip ssh connection-rate-limit 1-10 Parameters 1-10 Enter the number of maximum numbers of incoming SSH connections allowed per minute. The range is from 1 to 10 per minute. The default is 10 per minute. Defaults 10 per minute Command Modes CONFIGURATION Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1103
ip ssh rhostsfile — trusted hosts and users for rhost authentication. ip ssh key-size Configure the size of the server-generated RSA SSHv1 key. Syntax Parameters ip ssh key-size 512-869 512-869 Defaults Key size 768 Command Modes CONFIGURATION Command History Usage Information Enter the key-size number for the server-generated RSA SSHv1 key. The range is from 512 to 869. The default is 768. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.
PAGE 1104
When FIPS mode is enabled: • hmac-sha2–256 • hmac-sha1 • hmac-sha1–96 When FIPS mode is disabled: • hmac-sha2-256 • hmac-sha1 • hmac-sha1–96 • hmac-md5 • hmac-md5-96 Command Modes CONFIGURATION Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Usage Information Version Description 9.10(0.
PAGE 1105
ip ssh pub-key-file Specify the file used for host-based authentication. Syntax Parameters ip ssh pub-key-file {WORD} WORD Defaults none Command Modes CONFIGURATION Command History Usage Information Enter the file name for the host-based authentication. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. This command specifies the file used for the host-based authentication.
PAGE 1106
volume rekeylimit Enter the keywords volume then the amount of volume in megabytes. The range is from 1 to 4096 to megabytes. The default is 1024 megabytes Defaults The default time is 60 minutes. The default volume is 1024 megabytes. Command Modes CONFIGURATION mode Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Version Description 9.8(1.0) Introduced on the Z9100-ON. 9.8(0.
PAGE 1107
ip ssh rsa-authentication (Config) Enable RSA authentication for the SSHv2 server. Syntax ip ssh rsa-authentication enable To disable RSA authentication, use the no ip ssh rsa-authentication enable command. Parameters enable Defaults Disabled. Command Modes CONFIGURATION Command History Enter the keyword enable to enable RSA authentication for the SSHv2 server. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1108
following file: flash://ADMIN_DIR/ssh/authorized-keys-username (where username is the user associated with this terminal). NOTE: The no form of this command deletes the file flash://ADMIN_DIR/ssh/ authorizedkeys-username file. Related Commands show ip ssh rsa-authentication — displays the RSA authorized keys. ip ssh rsa-authentication (Config) — enables RSA authentication. ip ssh server Configure an SSH server.
PAGE 1109
The following HMAC algorithms are available: • hmac-sha1 • hmac-sha1-96 • hmac-sha2-256 When FIPS is enabled, the default HMAC algorithm is hmac-sha1-96. When FIPS is not enabled, the default HMAC algorithms are the following: kex key-exchangealgorithm • hmac-md5 • hmac-md5-96 • hmac-sha1 • hmac-sha1-96 • hmac-sha2-256 Enter the keyword kex and then a space-delimited list of key exchange algorithms supported by the SSH server.
PAGE 1110
Usage Information This command enables the SSH server and begins listening on a port. If a port is not specified, listening is on SSH default port 22. NOTE: Starting with Dell Networking OS Release 9.2(0.0), SSH server is enabled by default. Example Dell# conf Dell(conf)# ip ssh server port 45 Dell(conf)# ip ssh server enable Dell# Related Commands show ip ssh — displays the ssh information. show accounting Display the active accounting sessions for each online user.
PAGE 1111
rsa1 Defaults none Command Modes EXEC Command History Enter the keyword rsa1 to display the host SSHv1 RSA public key. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information This command is useful if the remote SSH client implements Strict Host Key Checking. You can copy the host key to your list of known hosts.
PAGE 1112
Example Dell#show ip ssh SSH server : enabled. SSH server version : v1 and v2. SSH server vrf : default. SSH server ciphers : 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128ctr,aes192-ctr,aes256-ctr. SSH server macs : hmac-sha2-256, hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96. SSH server kex algorithms : diffie-hellman-group-exchange-sha1,diffie-hellmangroup1-sha1,diffie-hellman-group14-sha1. Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled.
PAGE 1113
show ip ssh rsa-authentication Display the authorized-keys for the RSA authentication. Syntax Parameters show ip ssh rsa-authentication {my-authorized-keys} my-authorized-keys Defaults none Command Modes EXEC Command History Display the RSA authorized keys. Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information This command displays the contents of the flash:/ADMIN_DIR/ssh/authorized-keys.username file.
PAGE 1114
Defaults none Command Modes EXEC Privilege Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Examples Version Description 9.8(1.0) Introduced on the Z9100-ON. 9.8(0.0P5) Introduced on the S4048-ON. 9.8(0.0P2) Introduced on the S3048-ON. 9.7(0.0) Introduced on the S6000-ON. 9.5(0.1) Introduced on the Z9500. 9.5(0.
PAGE 1115
Example Related Commands Field Description Host(s) Displays the terminal line status. Location Displays the IP address of the user. Dell# show users Authorization Mode: Line User * 0 console 0 2 vty 0 admin 3 vty 1 ad 4 vty 2 ad1 5 vty 3 ad1 6 vty 4 admin 7 vty 5 ad Dell# role or privilege Role Priv Host(s) unassigned 1 idle unassigned 1 idle unassigned 15 idle sysadmin 1 idle sysadmin 1 idle unassigned 1 idle unassigned 15 idle Location 10.16.127.35 10.16.127.145 10.16.127.141 10.16.127.145 10.
PAGE 1116
secadmin sysadmin netoperator testadmin Related Commands • Exec Config Exec Config Interface Line Router IP Route-map Protocol MAC netadmin Exec Config Interface Line Router IP Route-map Protocol MAC userrole — create user roles. ssh Open an SSH connection specifying the host name, username, port number and version of the SSH client.
PAGE 1117
Secure DHCP Commands The dynamic host configuration protocol (DHCP) as defined by RFC 2131 provides no authentication or security mechanisms. Secure DHCP is a suite of features that protects networks that use dynamic address allocation from spoofing and attacks. clear ip dhcp snooping Clear the DHCP binding table. Syntax clear ip dhcp snooping binding Defaults none Command Modes EXEC Privilege Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.
PAGE 1118
Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information When enabled, no learning takes place until you enable snooping on a VLAN. After disabling DHCP Snooping, the binding table is deleted and Option 82, IP Source Guard, and Dynamic ARP Inspection are disabled. Related Commands ip dhcp snooping vlan — enables DHCP Snooping on one or more VLANs.
PAGE 1119
lease time Defaults Command Modes Command History Related Commands Enter the keyword lease then the amount of time the IP address is leased. The range is from 1 to 4294967295. none • EXEC • EXEC Privilege Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. show ip dhcp snooping — displays the contents of the DHCP binding table. ip dhcp snooping database renew Renew the binding table.
PAGE 1120
ip dhcp source-address-validation Enable IP source guard. Syntax [no] ip dhcp source-address-validation Defaults Disabled. Command Modes INTERFACE Command History Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. ip dhcp snooping vlan Enable DHCP Snooping on one or more VLANs. Syntax [no] ip dhcp snooping vlan name Parameters name Defaults Disabled.
PAGE 1121
Command History Related Commands Version Description 9.9(0.0) Introduced on the FN IOM. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. clear ip dhcp snooping — clears the contents of the DHCP binding table. secure-cli enable Enable the secured CLI mode. Syntax secure-cli enable Command Modes CONFIGURATION Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide.
PAGE 1122
encryption-type Enter an encryption type for the password that you enter. • 0 directs the system to store the password as clear text. It is the default encryption type when using the password option. • 8 to indicate that a password encrypted using a sha256 hashing algorithm follows. This encryption type is available with the sha256-password option only, and is the default encryption type for this option. • 7 to indicate that a password encrypted using a DES hashing algorithm follows.
PAGE 1123
inherit existing-rolename Enter the inherit keyword then specify the system defined role to inherit permissions from (sysadmin, secadmin, netadmin, netoperator). Defaults none Command Modes CONFIGURATION Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Usage Information Version Description 9.8(1.0) Introduced on the Z9100-ON. 9.8(0.0P5) Introduced on the S4048-ON. 9.8(0.
PAGE 1124
ICMP Vulnerabilities The Internet Control Message Protocol (ICMP) is a network-layer Internet protocol that provides message packets to report errors and other information regarding IP packet processing back to the source. Dell Networking OS mainly addresses the following ICMP vulnerabilities: • ICMP Mask Reply • ICMP Timestamp Request • ICMP Replies • IP ID Values Randomness You can configure the Dell Networking OS to drop ICMP reply messages.
PAGE 1125
ICMPv6 Message Types Who are you reply (140) Mtrace response (200) Mtrace messages (201) NOTE: The Dell Networking OS does not suppress the following ICMPv6 message types: • Packet too big (2) • Echo request (128) • Multicast listener query (130) • Multicast listener report (131) • Multicast listener done (132) • Router solicitation (133) • Router advertisement (134) • Neighbor solicitation (135) • Neighbor advertisement (136) • Redirect (137) • Router renumbering (138) • MLD v2 liste
PAGE 1126
50 sFlow sFlow monitoring system includes an sFlow Agent and an sFlow Collector. • The sFlow Agent combines the flow samples and interface counters into sFlow datagrams and forwards them to the sFlow Collector. • The sFlow Collector analyses the sFlow Datagrams received from the different devices and produces a network-wide view of traffic flows.
PAGE 1127
sflow collector Configure a collector device to which sFlow datagrams are forwarded. Syntax sflow collector {ip-address} agent-addr {ip-address} [number [max-datagram-size number]] | [max-datagram-size number] To delete a configured collector, use the no sflow collector {ip-address} agent-addr {ipv4address} [number [max-datagram-size number]] | [max-datagram-size number] command. Parameters sflow collector ipaddress Enter the IPv4 (A.B.C.D) of the sFlow collector device.
PAGE 1128
Defaults Disabled. Command Modes CONFIGURATION Command History Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information sFlow is disabled by default. In addition to this command, you must enable sFlow on individual interfaces where you want sFlow sampling. Related Commands sflow enable (Global) — enables sFlow on interfaces. sflow ingress-enable Enable sFlow ingress on interfaces.
PAGE 1129
Command History Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information The Dell Networking OS version 7.8.1.0 and later enhances the sflow implementation for real time traffic analysis to provide extended gateway information in cases where the destination IP addresses are learned by different routing protocols and for cases where the destination is reachable over ECMP. Related Commands show sflow — displays the sFlow configuration.
PAGE 1130
Defaults 20 seconds Command Modes CONFIGURATION Command History Usage Information Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The polling interval for an interface is the maximum number of seconds between successive samples of counters sent to the collector. This command changes the global default counter polling (20 seconds) interval. You can configure an interface to use a different polling interval.
PAGE 1131
8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information Sample-rate is the average number of packets skipped before the sample is taken. This command changes the global default sampling rate. You can configure an interface to use a different sampling rate than the global sampling rate. If the value entered is not a correct power of 2, the command generates an error message with the previous and next power of 2 value. Select one of these two packet numbers and re-enter the command.
PAGE 1132
• Command History EXEC Privilege Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information The dropEvent counter (sFlow samples dropped due to sub-sampling) shown in the following example always displays a value of zero.
PAGE 1133
Example Dell#show sflow stack-unit 1 Stack-Unit 1 Samples rcvd from h/w :0 Total UDP packets exported :0 UDP packets dropped :0 Dell# sFlow 1133
PAGE 1134
51 Service Provider Bridging Service provider bridging is composed of virtual local area network (VLAN) Stacking, Layer 2 Protocol Tunneling, and Provider Backbone Bridging as described in the Dell Networking OS Configuration Guide. This chapter includes commands for the Dell Networking operating software Layer 2 Protocol Tunneling (L2PT). L2PT enables protocols to tunnel through an 802.1q tunnel. For more information, see VLAN Stacking, Spanning Tree Protocol (STP), and GARP VLAN Registration (GVRP).
PAGE 1135
For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/ port information. in | out | both Enter the keyword in, out, or both to debug incoming interfaces, outgoing interfaces, or both incoming and outgoing interfaces. vlan vlan-id Enter the keyword vlan then the VLAN ID. The range is from 1 to 4094. count value Enter the keyword count then the number of debug outputs.
PAGE 1136
protocol-tunnel destination-mac Overwrite the BPDU destination MAC address with a specific value. Syntax protocol-tunnel destination-mac xstp address Parameters stp Change the default destination MAC address used for L2PT to another value. Defaults The default destination MAC is 01:01:e8:00:00:00. Command Modes CONFIGURATION Command History Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1137
Command History Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Example Dell# Dell#conf Dell(conf)#protocol-tunnel rate-limit 1000 Dell(conf)# Related Commands show protocol-tunnel — displays tunneling information for all VLANs. show running-config — displays the current configuration. show protocol-tunnel Display protocol tunnel information for all or a specified VLAN-Stack VLAN.
PAGE 1138
52 Simple Network Management Protocol (SNMP) and Syslog This chapter contains commands to configure and monitor the simple network management protocol (SNMP) v1/v2/v3 and Syslog.
PAGE 1139
• logging facility • logging history • logging history size • logging monitor • logging on • logging source-interface • logging synchronous • logging trap • logging version • show logging • show logging driverlog stack-unit • show logging auditlog • terminal monitor SNMP Commands The following SNMP commands are available in the Dell Networking OS.
PAGE 1140
Example Version Description 9.8(0.0P2) Introduced on the S3048-ON. 9.5(0.1) Introduced on the Z9500. 9.5(0.0) Introduced on the MXL. Dell(conf)# clear logging auditlog Related Commands • show logging auditlog — display the audit log. show snmp Display the status of SNMP network elements. Syntax show snmp Command Modes Command History • EXEC • EXEC Privilege Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1141
• Command History Example EXEC Privilege Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Dell#show snmp engineID Local SNMP engineID: 0000178B02000001E80214A8 Remote Engine ID IP-addr Port 80001F88043132333435 172.31.1.3 5009 80001F88043938373635 172.31.1.3 5008 Dell# Related Commands snmp-server engineID — configures local and remote SNMP engines on the router. show snmp group Display the group name, security model, status, and storage type of each group.
PAGE 1142
Command History Example Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Dell#show snmp user User name: v1v2creadu Engine ID: 0000178B02000001E80214A8 storage-type: nonvolatile active Authentication Protocol: None Privacy Protocol: None Dell# snmp ifmib ifalias long Display the entire description string through the Interface MIB, which would be truncated otherwise to 63 characters.
PAGE 1143
ro Enter the keyword ro to specify read-only permission. rw Enter the keyword rw to specify read-write permission. security-name name (Optional) Enter the keywords security-name then the security name as defined by the community MIB. access-list-name (Optional) Enter a standard IPv4 access list name (a string up to 16 characters long). Defaults none Command Modes CONFIGURATION Command History Usage Information Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1144
snmp-server contact Configure contact information for troubleshooting this SNMP node. Syntax snmp-server contact text To delete the SNMP server contact information, use the no snmp-server contact command. Parameters text Defaults none Command Modes CONFIGURATION Command History Enter an alphanumeric text string, up to 55 characters long. Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. snmp-server enable traps Enable SNMP traps.
PAGE 1145
• Defaults Not enabled. Command Modes CONFIGURATION Command History Usage Information authentication • coldstart • linkdown • linkup • syslog-reachable • syslog-unreachable Version Description 9.8(0.0) Added the following two SNMP notification options: syslog-reachable and syslog-unreachable. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The system supports up to 16 SNMP trap receivers. If you do not configure this command, no traps controlled by this command are sent.
PAGE 1146
Command History Usage Information Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Changing the value of the SNMP Engine ID has important side effects. A user’s password (entered on the command line) is converted to a message digest algorithm (MD5) or secure hash algorithm (SHA) security digest. This digest is based on both the password and the local Engine ID. The command line password is then destroyed, as required by RFC 2274.
PAGE 1147
read name (OPTIONAL) Enter the keyword read then a name (a string of up to 20 characters long) as the read view name. The default is GlobalView and is assumed to be every object belonging to the internet (1.3.6.1) OID space. write name (OPTIONAL) Enter the keyword write then a name (a string of up to 20 characters long) as the write view name. notify name (OPTIONAL) Enter the keyword notify then a name (a string of up to 20 characters long) as the notify view name.
PAGE 1148
• Version 1 is the least secure version. • Version 3 is the most secure of the security modes. • Version 2c allows transmission of informs and counter 64, which allows for integers twice the width of what is normally allowed. The default is version 1. auth (OPTIONAL) Enter the keyword auth to specify authentication of a packet without encryption. noauth (OPTIONAL) Enter the keyword noauth to specify no authentication of a packet.
PAGE 1149
Usage Information In order to configure the router to send SNMP notifications, enter at least one snmp-server host command. If you enter the command with no keywords, all trap types are enabled for the host. If you do not enter an snmpserver host command, no notifications are sent. In order to enable multiple hosts, issue a separate snmp-server host command for each host. You can specify multiple notification types in the command for each host.
PAGE 1150
Command History Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. snmp-server packetsize Set the largest SNMP packet size permitted. Wen the SNMP server is receiving a request or generating a reply, use the snmp-server packetsize global configuration command. Syntax snmp-server packetsize byte-count Parameters byte-count Defaults 8 Command Modes CONFIGURATION Command History Enter one of the following values 8, 16, 24 or 32.
PAGE 1151
snmp-server user Configure a new user to an SNMP group.
PAGE 1152
aes128 (OPTIONAL) Enter the keyword aes128 to initiate the AES128-CFB encryption algorithm for transmission of SNMP packets. priv password (OPTIONAL) Enter a text string (up to 20 characters long) password that enables the host to encrypt the contents of the message it sends to the agent and decrypt the contents of the message it receives from the agent. Minimum: eight characters long. access-list-name (Optional) Enter the standard IPv4 access list name (a string up to 16 characters long).
PAGE 1153
Syntax snmp-server user name {group_name remote ip-address udp-port port-number} [1 | 2c | 3] [encrypted] [auth {md5 | sha} auth-password] [priv {des56 | aes128–cfb} priv– password] [access access-list-name | ipv6 access-list-name | access-listname ipv6 access-list-name] To remove a user from the SNMP group, use the no snmp-server user name {group_name remote ip-address udp-port port-number} [1 | 2c | 3] [encrypted] [auth {md5 | sha} auth-password] [priv {des56 | aes128–cfb} priv-password] [access access-l
PAGE 1154
To remove an SNMPv3 view, use the no snmp-server view view-name oid-tree {included | excluded} command. Parameters view-name Enter the name of the view (not to exceed 20 characters). oid-tree Enter the OID sub tree for the view (not to exceed 20 characters). included (OPTIONAL) Enter the keyword included to include the MIB family in the view. excluded (OPTIONAL) Enter the keyword excluded to exclude the MIB family in the view.
PAGE 1155
Defaults none Command Modes EXEC Privilege Command History Related Commands Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. show logging — displays logging settings and system messages in the internal buffer. default logging buffered Return to the default setting for messages logged to the internal buffer.
PAGE 1156
Usage Information Version Description 9.10(0.0) Introduced on the S6100–ON. 9.8(1.0) Introduced on the Z9100–ON. 9.8(0.0P5) Introduced on the S4048-ON. 9.8(0.0P2) Introduced on the S3048-ON. 9.7(0.0) Introduced on the S6000-ON. 9.5(0.1) Introduced on the Z9500. 9.5(0.0) Introduced on the S4810, S4820T, S6000, Z9000, and MXL. This command is available with or without RBAC enabled. When RBAC is enabled you can restrict access to audit and security logs based on the CLI sessions’ user roles.
PAGE 1157
default logging trap Return to the default settings for logging messages to the Syslog servers. Syntax default logging trap Defaults level = 6 or informational Command Modes CONFIGURATION Command History Related Commands Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. logging trap — limit messages logged to the Syslog servers based on severity. logging Configure an IP address or host name of a Syslog server where logging messages are sent.
PAGE 1158
logging buffered Enable logging and specify which messages are logged to an internal buffer. By default, all messages are logged to the internal buffer. Syntax logging buffered [level] [size] To return to the default values, use the default logging buffered command. To disable logging stored to an internal buffer, use the no logging buffered command.
PAGE 1159
Command History Related Commands Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. clear logging — clears the logging buffer. default logging console — returns the logging console parameters to the default setting. show logging — displays the logging setting and system messages in the internal buffer. logging facility Configure the Syslog facility used for error messages sent to Syslog servers.
PAGE 1160
Defaults local7 Command Modes CONFIGURATION Command History Related Commands Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. logging — enables logging to a Syslog server. logging on — enables logging. logging history Specify which messages are logged to the history table of the switch and the SNMP network management station (if configured). Syntax logging history level To return to the default values, use the no logging history command.
PAGE 1161
Command History Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Usage Information When the number of messages reach the limit you set with the logging history size command, older messages are deleted as newer ones are added to the table. Related Commands show logging — displays information logged to the history buffer. logging monitor Specify which messages are logged to Telnet applications.
PAGE 1162
logging buffered — sets the logging buffered parameters. logging console — sets the logging console parameters. logging monitor — sets the logging parameters for the terminal connections. logging source-interface Specify that the IP address of an interface is the source IP address of Syslog packets sent to the Syslog server. Syntax logging source-interface interface To disable this command and return to the default setting, use the no logging source-interface command.
PAGE 1163
level level Enter the keyword level then a number as the severity level. A high number indicates a low severity level and vice versa. The range is from 0 to 7. The default is 2. all Enter the keyword all to turn off all. limit number-ofbuffers Enter the keyword limit then the number of buffers to be queued for the terminal after which new messages are dropped. The range is from 20 to 300. The default is 20. Defaults Disabled.
PAGE 1164
logging version Displays syslog messages in a RFC 3164 or RFC 5424 format. Syntax logging version {0|1} Defaults 0 Command Modes CONFIGURATION Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Usage Information Version Description 9.10(0.0) Introduced on the S6100–ON. 9.8(1.0) Introduced on the Z9100–ON. 9.8(0.0P5) Introduced on the S4048-ON. 9.8(0.
PAGE 1165
summary Command Modes Command History • EXEC • EXEC Privilege (OPTIONAL) Enter the keyword summary to view a table showing the number of messages per type and per slot. Slots *7* and *8* represent RPMs. Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1166
show logging driverlog stack-unit Display the driver log for the specified stack member. Syntax show logging driverlog stack-unit unit# Parameters defaults stack-unit unit# Enter the keywords stack-unit then the stack member ID of the switch for which you want to display the driver log. The range is from 0 to 1. none Command Modes Command History Usage Information • EXEC • EXEC Privilege Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module..
PAGE 1167
terminal monitor Configure the system to display messages on the monitor/terminal. Syntax terminal monitor To return to default settings, use the terminal no monitor command. defaults Command Modes Command History Related Commands Disabled. • EXEC • EXEC Privilege Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. logging monitor — sets the logging parameters on the monitor/terminal.
PAGE 1168
53 Stacking For more information about using the Switch stacking feature, see the Stacking MXL 10/40GbE Switches chapter in the Dell Networking OS Configuration Guide. NOTE: The terms stack-unit-id, unit-id, stack-unit-number, stack-number, and unit-number mentioned in this chapter refers to the stack-unit-number.
PAGE 1169
The unit does not reboot until it is manually rebooted. Related Commands show redundancy — displays the current redundancy status. redundancy force-failover stack-unit Force the standby unit in the stack to become the management unit. Syntax redundancy force-failover stack-unit Defaults Not enabled. Command Modes EXEC Privilege Command History Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1170
2 3 4 5 Member Member Member Member online online online online MXL-10/40GbE MXL-10/40GbE MXL-10/40GbE MXL-10/40GbE MXL-10/40GbE MXL-10/40GbE MXL-10/40GbE MXL-10/40GbE 9-1-0-853 9-1-0-853 9-1-0-853 9-1-0-853 56 56 56 56 Dell#reset stack-unit ? <0-5> Unit number id Dell#reset stack-unit 0 % Error: Reset of master unit is not allowed. Dell(standby)#reset stack-unit 3 % Error: Reset of stack units from standby is not allowed.
PAGE 1171
Last failover type: None -- Last Data Block Sync Record: ------------------------------------------------Stack Unit Config: no block sync done Start-up Config: no block sync done Runtime Event Log: no block sync done Running Config: no block sync done ACL Mgr: no block sync done LACP: no block sync done STP: no block sync done SPAN: no block sync done Dell# Related Commands redundancy disable-auto-reboot — prevents the system from auto-rebooting if it fails.
PAGE 1172
1/33 1/37 1/49 1/53 2/33 2/37 2/49 2/53 Example (Status) Example (Topology) 2/37 0/33 0/41 2/49 0/37 1/33 1/53 0/45 40 40 40 40 40 40 40 40 Dell# show system stack-ports Topology: Ring Interface Link Speed Admin (Gb/s) Status 0/33 40 up 0/37 40 up 0/41 40 up 0/45 40 up 1/33 40 up 1/37 40 up 1/49 40 up 1/53 40 up 2/33 40 up 2/37 40 up 2/49 40 up 2/53 40 up up up up up up up up up up up up up up up up up status Link Trunk Status Group up up up up up up up up up up up up Dell# show system stack-ports T
PAGE 1173
Command History Related Commands Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. • reload — reboots the system. • show system — displays the current status of all stack members or a specific member. stack-unit stack-group Configure a 40GbE port for stacking mode. Syntax Parameters Command Modes Command History Related Commands stack-unit unit number stack-group group number unit number <0–5> Number of the member stack unit. The valid values are from 0 to 5.
PAGE 1174
Related Commands • reload — reboots the system. • show system — displays the status of all stack members or a specific member. stack-unit provision Preconfigure a logical stacking ID of a switch that joins the stack. This is an optional command that is executed on the management unit. Syntax stack-unit 0–5] provision {MXL-10/40GbE} Parameters Command Modes Command History Related Commands 0–5 Enter a stack member identifier, from 0 to 5, of the switch that you want to add to the stack.
PAGE 1175
Example Dell#stack-unit 0 renumber 2 Renumbering master unit will reload the stack. Proceed to renumber [confirm yes/ no]: Related Commands • reload — reboots the system. • redundancy disable-auto-reboot — resets the designated stack member. • show system — displays the current status of all stack members or a specific member.
PAGE 1176
54 Storm Control The Dell Networking Operating System (OS) storm control feature allows you to limit or suppress traffic during a traffic storm. Storm control is supported on the Dell Networking OS. Important Points to Remember • Interface commands can only be applied on physical interfaces (virtual local area networks [VLANs] and link aggregation group [LAG] interfaces are not supported). • An INTERFACE-level command only supports storm control configuration on ingress.
PAGE 1177
Command Modes Command History Example • EXEC • EXEC Privilege Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Dell#show storm-control broadcast tengigabitethernet 3/8 Broadcast storm control configuration Interface Direction Packets/Second ---------------------------------------TenGig 3/8 Ingress 1000 Dell# show storm-control multicast Display the storm control multicast configuration.
PAGE 1178
show storm-control unknown-unicast Display the storm control unknown-unicast configuration. Syntax show storm-control unknown-unicast [interface] Parameters Defaults interface (OPTIONAL) Enter one of the following interfaces to display the interface specific storm control configuration: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/ port information.
PAGE 1179
8.3.16.1 Usage Information Introduced on the MXL 10/40GbE Switch IO Module. Broadcast storm control is valid on Layer 2/Layer 3 interfaces only. Layer 2 broadcast traffic is treated as unknown-unicast traffic. storm-control broadcast (Interface) Configure the percentage of broadcast traffic allowed on an interface. Syntax storm-control broadcast [packets_per_second in] To disable broadcast storm control on the interface, use the no storm-control broadcast [packets_per_second in] command.
PAGE 1180
storm-control multicast (Configuration) Configure the packets per second (pps) of multicast traffic. Syntax storm-control multicast packets_per_second in To disable storm-control for multicast traffic into the network, use the no storm-control multicast packets_per_second in command. Parameters packets_per_secon d Enter the packets per second of multicast traffic allowed into the network. The range is from 0 to 33554368.
PAGE 1181
To disable storm control for unknown-unicast traffic, use the no storm-control unknown-unicast [packets_per_second in] command. Parameters packets_per_secon d Defaults none Command Modes CONFIGURATION Command History Usage Information Enter the packets per second of broadcast traffic allowed into the network. The range is from 0 to 33554368. Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1182
55 Spanning Tree Protocol (STP) The commands in this chapter configure and monitor the IEEE 802.1d spanning tree protocol (STP). Topics: • bridge-priority • debug spanning-tree • description • disable • forward-delay • hello-time • max-age • portfast bpdufilter default • protocol spanning-tree • show config • show spanning-tree 0 • spanning-tree 0 bridge-priority Set the bridge priority of the switch in an IEEE 802.1D spanning tree.
PAGE 1183
debug spanning-tree Enable debugging of the spanning tree protocol and view information on the protocol. Syntax debug spanning-tree {stp-id [all | bpdu | events | exceptions] | protocol} To disable debugging, use the no debug spanning-tree command. Parameters Command Modes Command History stp-id Enter zero (0). The switch supports one spanning tree group with a group ID of 0. protocol Enter the keyword for the type of STP to debug, either mstp, pvst, or rstp.
PAGE 1184
disable Disable the spanning tree protocol globally on the switch. Syntax disable To enable Spanning Tree Protocol, use the no disable command. Defaults Enabled (that is, the spanning tree protocol is disabled.) Command Modes SPANNING TREE Command History Related Commands Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. portfast bpdufilter default — enters SPANNING TREE mode.
PAGE 1185
Parameters seconds Defaults 2 seconds Command Modes SPANNING TREE Command History Related Commands Enter a number as the time interval between transmission of BPDUs. The range is from 1 to 10. The default is 2 seconds. Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. forward-delay — changes the wait time before STP transitions to the Forwarding state. max-age — changes the wait time before STP refreshes protocol configuration information.
PAGE 1186
9.9(0.0) Introduced on the FN MXL. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. protocol spanning-tree To enable and configure the spanning tree group, enter SPANNING TREE mode. Syntax protocol spanning-tree stp-id To disable the Spanning Tree group, use the no protocol spanning-tree stp-id command. Parameters stp-id Defaults Not configured. Command Modes CONFIGURATION Command History Enter zero (0). The system supports one spanning tree group, group 0. Version Description 8.3.
PAGE 1187
show spanning-tree 0 Display the spanning tree group configuration and status of interfaces in the spanning tree group. Syntax Parameters Command Modes Command History Usage Information show spanning-tree 0 [active | brief | guard | interface interface | root | summary] 0 Enter 0 (zero) to display information about that specific spanning tree group. active (OPTIONAL) Enter the keyword active to display only active interfaces in spanning tree group 0.
PAGE 1188
Example Field Description “Timers” Lists the values for the following bridge timers: hold time, topology change, hello time, max age, and forward delay. “Times” List the number of seconds since the last: • hello time • topology change • notification • aging “Port 1...” Displays the Interface type slot/port information and the status of the interface (Disabled or Enabled). “Port path...” Displays the path cost, priority, and identifier for the interface. “Designated root...
PAGE 1189
Dell# Example (Brief) Dell#show span 0 brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768 Address 0001.e800.0a56 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e800.0a56 Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID -------------- ------ ---- ---- --- ----- -----------------Gi 1/1 8.26 8 4 FWD 0 32768 0001.e800.0a56 8.26 Gi 1/2 8.27 8 4 FWD 0 32768 0001.
PAGE 1190
spanning-tree 0 Assigns a Layer 2 interface to STP instance 0 and configures a port cost or port priority, or enables loop guard, root guard, or the Portfast feature on the interface. Syntax spanning-tree stp-id {cost cost | {rootguard} | portfast [bpduguard [shutdownon-violation]| bpdufilter] | priority priority} To disable Spanning Tree group on an interface, use the no spanning-tree stp-id {cost cost | {rootguard} | portfast [bpduguard [shutdown-on-violation] | bpdufilter] | priority priority} command.
PAGE 1191
STP root guard is supported on a port or port-channel enabled in any Spanning Tree mode: Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP), and Per-VLAN Spanning Tree Plus (PVST+). Root guard is supported on any STP-enabled port or port-channel except when used as a stacking port. When enabled on a port, root guard applies to all VLANs configured on the port.
PAGE 1192
56 SupportAssist SupportAssist sends troubleshooting data securely to Dell. SupportAssist in this Dell Networking OS release does not support automated email notification at the time of hardware fault alert, automatic case creation, automatic part dispatch, or reports. SupportAssist requires Dell Networking OS 9.9(0.0) and SmartScripts 9.7 or later to be installed on the Dell Networking device. For more information on SmartScripts, see Dell Networking Open Automation guide.
PAGE 1193
Usage Information Example Version Description 9.11(0.0) Introduced on the M I/O Aggregator and FN IOM. 9.10(0.0) Introduced on the C9010, Z9100–ON, S6100–ON, and S3100 series. 9.9(0.0) Introduced on the S4810, S4820T, S3048–ON, S4048–ON, S5000, S6000, S6000–ON, Z9500, MXL. • When you run the command, the system displays a message with the information directing to the URL for further information.
PAGE 1194
Reject the EULA: Dell(conf)#eula-consent support-assist reject Aug 24 22:35:38: %STKUNIT1-M:CP %SUPPORT_ASSIST-6-SUPASSIST_EVT: Event monitor service stopped I do not accept the terms of the license agreement. The SupportAssist feature has been deactivated and can no longer be used. To enable SupportAssist configurations, accept the terms of the license agreement by configuring this command 'eula-consent support-assist accept'.
PAGE 1195
Usage Information Version Description 9.11(0.0) Introduced on the M I/O Aggregator and FN IOM. 9.10(0.1) Introduced on the S6010-ON and S4048T-ON. 9.10(0.0) Introduced on the S3148. 9.10(0.0) Introduced on the C9010, Z9100–ON, S6100–ON, and S3100 series. 9.9(0.0) Introduced on the S4810, S4820T, S3048–ON, S4048–ON, S5000, S6000, S6000–ON, Z9500, MXL. You are guided through a series of queries to configure SupportAssist.
PAGE 1196
SupportAssist Commands Dell Networking OS supports the following SupportAssist mode commands. activity Move to the SupportAssist Activity mode for an activity. Allow the user to configure customized details for a specific activity. Syntax activity {activity-name} To remove all customized detail for a specific activity, use the no activity {activity-name} command. Parameters activity-name Enter one of the following keywords: • Enter the keyword full-transfer to enable or disable full transfer.
PAGE 1197
Parameters company-name Enter the name for the company. If there are multiple words in the name, use optional additional fields. company-nextname (OPTIONAL) Enter the next components of the company name, up to 5 components are allowed. Command Modes SUPPORTASSIST Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Usage Information Version Description 9.11(0.
PAGE 1198
Usage Information Each contact person must be unique by their name. You can configure only one contact person. It is not possible to remove the first name or last name. The no form of the command removes the entire contactperson entry. This command is optional for SupportAssist service configuration. enable Enable all activities and severs for the SupportAssist service. Syntax enable all To disable the SupportAssist activities temporarily, use the no enable all command.
PAGE 1199
Command History Usage Information This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Version Description 9.11(0.0) Introduced on the M I/O Aggregator and FN IOM. 9.10(0.0) Introduced on the C9010, Z9100–ON, S6100–ON, and S3100 series. 9.9(0.0) Introduced on the S4810, S4820T, S3048–ON, S4048–ON, S5000, S6000, S6000–ON, Z9500, MXL.
PAGE 1200
Usage Information Version Description 9.9(0.0) Introduced on the S4810, S4820T, S3048–ON, S4048–ON, S5000, S6000, S6000–ON, Z9500, MXL. The remote file specification for full transfer includes the protocol that is used to copy the file from the remote system. The default Manifest-file for full transfer includes records like alarms, logs, operational, and configuration data. Related Commands • action-manifest install — configure the action-manifest to use for a specific activity.
PAGE 1201
• action-manifest remove — remove the action-manifest file for an activity. action-manifest remove Remove the action-manifest file from Dell Networking OS. Syntax Parameters Command Modes action-manifest remove } local-file-name Enter the name of the local action-manifest file. Allowable characters are: a to z, A to Z, 0 to 9, -, _, and space.
PAGE 1202
Related Commands Version Description 9.11(0.0) Introduced on the M I/O Aggregator and FN IOM. 9.10(0.0) Introduced on the C9010, Z9100–ON, S6100–ON, and S3100 series. 9.9(0.0) Introduced on the S4810, S4820T, S3048–ON, S4048–ON, S5000, S6000, S6000–ON, Z9500, MXL. • action-manifest get — copy an action-manifest file for an activity to the system. • action-manifest install — configure the action-manifest to use for a specific activity.
PAGE 1203
address Configure the address information for the company. Syntax address [city company-city] [{province | region | state} name] [country company-country] [{postalcode | zipcode] company-code] To remove a portion of the company address information, use the no address [city | province | region | state | country | postalcode | zipcode] command. For example, to remove the city alone, use the no address city command. To remove the complete company contact information, use the no address command.
PAGE 1204
street-address Configure the street address information for the company. Syntax street-address {address1} [address2]…[address8] To remove the street address, use the no street-address command. Parameters address1 Enter the street address for the company. address2..address8 (OPTIONAL) Enter the street address of the company site. Up to 8 fields are allowed. Command Modes SUPPORTASSIST COMPANY Command History This guide is platform-specific.
PAGE 1205
SupportAssist Person Commands Dell Networking OS supports the following SupportAssist Person mode commands. email-address Configure the email addresses to reach the contact person. Syntax email-address primary email-address [alternate email-address] To remove an email address, use the no email-address command. To remove the primary and the alternate email addresses, use the no email-address primary and no email-address alternate commands respectively.
PAGE 1206
Parameters primary phone Enter the keyword primary then the primary phone number for the person. alternate phone Enter the keyword alternate then the alternate phone number for the person. Command Modes SUPPORTASSIST PERSON Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Usage Information Version Description 9.11(0.0) Introduced on the M I/O Aggregator and FN IOM. 9.10(0.
PAGE 1207
• phone — configure phone numbers to reach the contact person. time-zone Configure the time zone for contacting the person. Syntax time-zone zone +-HH:MM[start-time HH:MM] [end-time HH:MM] To remove the time zone, use the no time-zone [zone | start-time | end-time] command. Parameters zone +-HH:MM Enter the keyword zone then a time difference from GMT expressed as HH:MM. This number may be preceded by either a + or – sign.
PAGE 1208
NOTE: The :: notation specifies successive hexadecimal fields of zeros. NOTE: To use the IPv6 address, the Open Automation package should also support IPv6 communications. For this purpose, SupportAssist requires Dell Networking Open Automation 9.10(0.0) package or later. port port-number Enter the keyword port then the TCP/IP port number. The port number range is from 80 to 100000. username userid (OPTIONAL) Enter the keyword username then the user ID used for the proxy server.
PAGE 1209
Related Commands Version Description 9.9(0.0) Introduced on the S4810, S4820T, S3048–ON, S4048–ON, S5000, S6000, S6000–ON, Z9500, MXL. • server — configure the name of the remote SupportAssist server. url Configure the URL to reach the SupportAssist remote server. Syntax url uniform-resource-locator To delete the URL for the server, use the no url command.
PAGE 1210
Command History Example This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Version Description 9.11(0.0) Introduced on the M I/O Aggregator and FN IOM. 9.10(0.0) Introduced on the C9010, Z9100–ON, S6100–ON, and S3100 series. 9.9(0.0) Introduced on the S4810, S4820T, S3048–ON, S4048–ON, S5000, S6000, S6000–ON, Z9500, MXL.
PAGE 1211
show running-config Display the current configuration and changes from the default values. Syntax Parameters show running-config support-assist support-assist Enter the keyword support-assist to view the detailed configuration for the feature. Command Modes EXEC Privilege Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Example Version Description 9.11(0.
PAGE 1212
Command History Example This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Version Description 9.11(0.0) Introduced on the M I/O Aggregator and FN IOM. 9.10(0.0) Introduced on the C9010, Z9100–ON, S6100–ON, and S3100 series. 9.9(0.0) Introduced on the S4810, S4820T, S3048–ON, S4048–ON, S5000, S6000, S6000–ON, Z9500, MXL.
PAGE 1213
57 System Time and Date The commands in this chapter configure time values on the system, either using the Dell Networking Operating System (OS), or the hardware, or using the network time protocol (NTP). With NTP, the switch can act only as a client to an NTP clock host. For more information, refer to the “Network Time Protocol” section of the Management chapter in the Dell Networking OS Configuration Guide.
PAGE 1214
year Defaults Not configured. Command Modes EXEC Privilege Command History Usage Information Enter a four-digit number as the year. The range is from 1993 to 2035. Version Description 9.9(0.0) Introduced on the FN MXL. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. You can change the order of the month and day parameters to enter the time and date as time day month year. You cannot delete the software clock. The software clock runs only when the software is up.
PAGE 1215
offset Defaults Not configured. Command Modes CONFIGURATION Command History Related Commands (OPTIONAL) Enter the number of minutes to add during the summer-time period. The range is from 1 to1440. The default is 60 minutes. Version Description 9.9(0.0) Introduced on the FN MXL. 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. clock summer-time recurring — sets a date (and time zone) on which to convert the switch to daylight saving time each year.
PAGE 1216
end-day Enter the weekday name that you want daylight saving time to end. Enter the weekdays using the three letter abbreviations; for example Sun, Sat, Mon, and so on. The range is from Sun to Sat. end-month Enter the name of one of the 12 months in English. end-time Enter the time in hours:minutes:seconds. For the hour variable, use the 24-hour format; example, 17:15:00 is 5:15 pm. offset (OPTIONAL) Enter the number of minutes to add during the summer-time period. The range is from 1 to 1440.
PAGE 1217
debug ntp Display network time protocol (NTP) transactions and protocol messages for troubleshooting. Syntax debug ntp {adjust | all | authentication | events | loopfilter | packets | select | sync} To disable debugging of NTP transactions, use the no debug ntp {adjust | all | authentication | events | loopfilter | packets | select | sync} command. Parameters Command Modes Command History adjust Enter the keyword adjust to display information on NTP clock adjustments.
PAGE 1218
ntp authentication-key Specify a key for authenticating the NTP server. Syntax ntp authentication-key number md5 [0 | 7] key Parameters number Specify a number for the authentication key. The range is from 1 to 4294967295. This number must be the same as the number parameter configured in the ntp trusted-key command. md5 Specify that the authentication key is encrypted using MD5 encryption algorithm. 0 Specify that authentication key is entered in an unencrypted format (default).
PAGE 1219
Command History Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. ntp disable Prevent an interface from receiving NTP packets. Syntax ntp disable To re-enable NTP on an interface, use the no ntp disable command. Defaults Disabled (that is, if you configure an NTP host, all interfaces receive NTP packets) Command Modes INTERFACE Command History Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1220
Command Modes CONFIGURATION Command History This guide is platform-specific. For command information about other platforms, refer to the relevant Dell Networking OS Command Line Reference Guide. The following is a list of the Dell Networking OS version history for this command. Version Description 9.6(0.0) Introduced on the MXL.
PAGE 1221
key keyid (OPTIONAL) Enter the keyword key and a number as the NTP peer key. The range is from 1 to 4294967295. prefer (OPTIONAL) Enter the keyword prefer to indicate that this peer has priority over other servers. version number (OPTIONAL) Enter the keyword version and a number to correspond to the NTP version used on the server. The range is from 1 to 4. Defaults Not configured. Command Modes CONFIGURATION Command History Usage Information Version Description 9.6(0.0) Added support for VRF.
PAGE 1222
8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. ntp trusted-key Set a key to authenticate the system to which NTP synchronizes. Syntax ntp trusted-key number To delete the key, use the no ntp trusted-key number command. Parameters number Defaults Not configured. Command Modes CONFIGURATION Command History Enter a number as the trusted key ID. The range is from 1 to 4294967295. Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1223
Time source is RTC hardware Summer time starts 00:00:00 UTC Wed Mar 14 2012 Summer time ends 00:00:00 pacific Wed Nov 7 2012 Dell# Related Commands clock summer-time recurring — displays the time and date from the switch hardware clock. show ntp associations Display the NTP master and peers. Syntax Command Modes Command History Usage Information Example show ntp associations • EXEC • EXEC Privilege Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1224
192.200.0.2 0.0.0.0 16 256 0 0.00 0.000 16000.0 * master (synced), # master (unsynced), + selected, - candidate Dell# Related Commands show ntp status — displays the current NTP status. show ntp vrf associations Displays the NTP servers configured for the VRF instance . Syntax show ntp [vrf] associations. Command Modes EXEC EXEC Privilege Command History This guide is platform-specific.
PAGE 1225
Field Description “root dispersion is...” Displays the root and path dispersion. “peer mode is...” State what NTP mode the switch is. This should be Client mode. Example Dell#show ntp status Clock is unsynchronized, stratum 16, no reference clock frequency is 0.000 ppm, stability is 0.000 ppm, precision is 4294967279 reference time is 00000000.00000000 (6:28:16.000 UTC Thu Feb 7 2036) clock offset is 0.000000 msec, root delay is 0.00000 sec root dispersion is 0.00000 sec, peer dispersion is 0.
PAGE 1226
58 Tunneling Tunneling is supported on the Dell Networking OS. tunnel-mode Enable a tunnel interface. Syntax tunnel mode {ipip | ipv6 | ipv6ip}[decapsulate-any] To disable an active tunnel interface, use the no tunnel mode command. Parameters ipip Enable tunnel in RFC 2003 mode and encapsulate IPv4 and/or IPv6 datagrams inside an IPv4 tunnel. ipv6 Enable tunnel in RFC 2473 mode and encapsulate IPv4 and/or IPv6 datagrams inside an IPv6 tunnel.
PAGE 1227
To delete the current tunnel source address, use the no tunnel source command. Parameters ip-address Enter the source IPv4 address in A.B.C.D format. ipv6–address Enter the source IPv6 address in X:X:X:X::X format. interface-typenumber • For a 100/1000 Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. • For a 1–Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information.
PAGE 1228
unlimited Enter the keyword unlimited to specify the unlimited number of keepalive probe packets. Defaults Tunnel keepalive is disabled. Command Modes INTERFACE TUNNEL Command History Usage Information Version Description 9.4(0.0) Introduced on the MXL. When configured, the system will send ICMP echo probe packets at the configured interval and expect a response within the configured number of attempts, else the tunnel interface will be declared operational down.
PAGE 1229
tunnel dscp Configure the method to set the DSCP in the outer tunnel header. Syntax tunnel dscp {mapped | } To use the default tunnel mapping behavior, use the no tunnel dscp value command. Parameters mapped Enter the keyword mapped to map the original packet DSCP (IPv4)/Traffic Class (IPv6) to the tunnel header DSCP (IPv4)/Traffic Class (IPv6) depending on the mode of tunnel. value Enter a value to set the DSCP value in the tunnel header. The range is from 0 to 63.
PAGE 1230
To establish a logical tunnel to the particular destination address, use the destination address of the outer tunnel header. If you configure a tunnel interface or source address, the tunnel destination must be compatible. tunnel flow-label Configure the method to set the IPv6 flow label value in the outer tunnel header. Syntax tunnel flow-label value To return to the default value of 0, use the no tunnel flow-label value command.
PAGE 1231
ip unnumbered Configure a tunnel interface to operate without a unique explicit IPv4 address and select the interface from which the tunnel will borrow its address. Syntax ip unnumbered {interface-type interface-number} Use the no ip unnumbered command to set the tunnel back to default logical address. If the tunnel was previously operational, this will make the tunnel interface operationally down, unless the tunnel also has an IPv6 address configured..
PAGE 1232
9.4(0.0) Usage Information Introduced on the MXL. The ip unnumbered command will fail in two condition: • If the logical ip address is configured. • If the tunnel mode is ipv6ip (where ip address over tunnel interface is not possible). To ping the unnumbered tunnels the logical address route information should be present in both the ends. NOTE: The ipv6 unnumbered command can specify an interface name that does not yet exist, or does not yet have a configured IPv6 address.
PAGE 1233
59 u-Boot All commands in this chapter are in u-Boot mode. These commands are supported on the Dell Networking Operating System (OS) MXL 10/40GbE Switch Module platform. To access this mode, press any key when the following line appears on the console during a system boot. Hit any key to stop autoboot: Enter u-Boot immediately, as the BOOT_USER# prompt. NOTE: This chapter describes only a few commands available in u-Boot mode. NOTE: You cannot use the Tab key to complete commands in this mode.
PAGE 1234
Command Modes Command History uBoot Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. boot selection Change the ROM bootstrap bootflash partition. Syntax boot selection [a | b] Command Modes uBoot Command History Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. boot show net config retries Show the number of retries for network boot configuration failure.
PAGE 1235
BOOT_USER # boot zero Clears the primary, secondary, or default boot parameters. Syntax boot zero [primary | secondary | default] Command Modes uBoot Command History Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. default gateway Set the default gateway IP address. Syntax default-gateway Command Modes uBoot Command History Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. enable Change the access privilege level.
PAGE 1236
Example BOOT_USER # help ***** Dell Force10 Boot Interface Help Information ***** Current access level: USER LEVEL Use "syntax help" for more information on syntax.
PAGE 1237
Defaults No password is configured. level = 15. Command Modes CONFIGURATION Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Related Commands Version Description 9.10(0.0) Introduced on the S6100–ON, S6000, S6000–ON, S5000, S4810, S4820T, S3048–ON, S4048–ON, MXL, FN IOM, C9010, S3100, and Z9100-ON. • show running-config — views the current configuration.
PAGE 1238
no interface management ethernet ip address Clear the management port IP address and mask. Syntax no interface management ethernet ip address Command Modes uBoot Command History Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. reload Reload the MXL switch. Syntax reload Command Modes uBoot Command History Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. show boot blc Show the boot loop counter value.
PAGE 1239
Command Modes Command History Example uBoot Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. BOOT_USER # show boot selection ROM BOOTSTRAP SELECTOR PARMETERS: ================================ Next ROM bootstrap set to occur from Bootflash partition A. Last ROM bootstrap occurred from Bootflash partition B. BOOT_USER # show bootflash Show summary of boot flash information. Syntax show bootflash Command Modes uBoot Command History Example Version Description 8.3.16.
PAGE 1240
Command History Example Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. BOOT_USER # show bootvar PRIMARY OPERATING SYSTEM BOOT PARAMETERS: ======================================== boot device : tftp file name : premnath Management Etherenet IP address : 10.16.130.134/16 Server IP address : 10.16.127.35 Default Gateway IP address : 15.0.0.
PAGE 1241
8.3.16.1 Example Introduced on the MXL 10/40GbE Switch IO Module. BOOT_USER # show interface management ethernet Management ethernet IP address: 10.16.130.134/16 BOOT_USER # show interface management port config Show the management port boot characteristics. Syntax show interface management port config Command Modes uBoot Command History Example Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1242
default-gateway - set the default gateway ip address enable [user|admin] change access privilege level help display help menu -(36%)-Use to continue, q to stop: BOOT_USER # 1242 u-Boot
PAGE 1243
60 Uplink Failure Detection (UFD) Uplink failure detection (UFD) provides detection of the loss of upstream connectivity and, if you use this with network interface controller (NIC) teaming, automatic recovery from a failed link.
PAGE 1244
Command History Related Commands Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. • downstream — assigns a port or port-channel to the uplink-state group as a downstream interface. • upstream — assigns a port or port-channel to the uplink-state group as an upstream interface. • uplink-state-group — creates an uplink-state group and enables the tracking of upstream links.
PAGE 1245
uplink-state-group 3 description Testing UFD feature Related Commands uplink-state-group — creates an uplink-state group and enables the tracking of upstream links. downstream Assign a port or port-channel to the uplink-state group as a downstream interface. Syntax downstream interface To delete an uplink-state group, enter the no downstream interface command.
PAGE 1246
downstream auto-recover Enable auto-recovery so that UFD-disabled downstream ports in an uplink-state group automatically come up when a disabled upstream port in the group comes back up. Syntax downstream auto-recover To disable auto-recovery on downstream links, use the no downstream auto-recover command. Defaults The auto-recovery of UFD-disabled downstream ports is enabled. Command Modes UPLINK-STATE-GROUP Command History Related Commands Version Description 8.3.16.
PAGE 1247
• uplink-state-group — creates an uplink-state group and enables the tracking of upstream links. enable Re-enable upstream-link tracking for an uplink-state group after it has been disabled. Syntax enable To disable upstream-link tracking without deleting the uplink-state group, use the no enable command. Parameters group-id Enables debugging on the specified uplink-state group. The valid group-id values are from 1 to 16.
PAGE 1248
Related Commands • show uplink-state-group — displays the status information on a specified uplink-state group or all groups. • uplink-state-group — creates an uplink-state group and enables the tracking of upstream links. show uplink-state-group Display status information on a specified uplink-state group or all groups. Syntax show uplink-state-group [group-id] [detail] Parameters Defaults Displays status information on a specified uplink-state group or all groups.
PAGE 1249
Uplink State Group Upstream Interfaces Downstream Interfaces Related Commands : 16 Status: Disabled, Up : Gi 0/41(Dwn) Po 8(Dwn) : Gi 0/40(Dwn) • show running-config uplink-state-group — displays the current configuration of one or more uplink-state groups. • uplink-state-group — create an uplink-state group and enables the tracking of upstream links. uplink-state-group Create an uplink-state group and enable the tracking of upstream links on a switch/ router.
PAGE 1250
upstream Assign a port or port-channel to the uplink-state group as an upstream interface. Syntax upstream interface To delete an uplink-state group, use the no upstream interface command.
PAGE 1251
61 VLAN Stacking With the virtual local area network (VLAN)-stacking feature (also called stackable VLANs and QinQ), you can “stack” VLANs into one tunnel and switch them through the network transparently. For more information about basic VLAN commands, refer to the Virtual LAN (VLAN) Commands section in the Layer 2 chapter.
PAGE 1252
Command History Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. dei honor Honor the incoming DEI value by mapping it to a system drop precedence. Enter the command once for 0 and once for 1. Syntax dei honor {0 | 1} {green | red | yellow} Parameters 0|1 Enter the bit value you want to map to a color. green | red | yellow Choose a color: • Green: High priority packets that are the least preferred to be dropped.
PAGE 1253
Usage Information You must first enable DEI for this configuration to take effect. Related Commands dei enable — enables DEI. member Assign a stackable VLAN access or trunk port to a VLAN. The VLAN must contain the vlan-stack compatible command in its configuration. Syntax member interface To remove an interface from a Stackable VLAN, use the no member interface command.
PAGE 1254
Gi Gi Gi Gi 0/1 0/1 8/9 8/40 0 1 1 0 Green Yellow Red Yellow Dell#show interface dei-honor Default Drop precedence: Green Interface CFI/DEI Drop precedence --------------------------------------------Te 0/1 0 Green Te 0/1 1 Yellow Te 1/2 1 Red Te 1/3 0 Yellow Related Commands dei honor — honors the incoming DEI value. show interface dei-mark Display the dei mark configuration.
PAGE 1255
8.3.16.1 Usage Information Introduced on the MXL 10/40GbE Switch IO Module. Prior to enabling this command, to place the interface in Layer 2 mode, enter the switchport command. To remove the access port designation, remove the port (using the no member interface command) from all stackable VLAN enabled VLANs. vlan-stack compatible Enable the stackable VLAN feature on a VLAN. Syntax vlan-stack compatible To disable the Stackable VLAN feature on a VLAN, use the no vlan-stack compatible command.
PAGE 1256
Parameters c-tag-dot1p value Enter the keyword c-tag-dot1p then the customer dot1p value that is mapped to a service provider do1p value. The range is from 0 to 5. sp-tag-dot1p value Enter the keyword sp-tag-dot1p then the service provider dot1p value. The range is from 0 to 5. Defaults none Command Modes INTERFACE Command History Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1257
Command Modes Command History Usage Information INTERFACE Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. Prior to using this command, to place the interface in Layer 2 mode, execute the switchport command. To remove the trunk port designation, first remove the port (using the no member interface command) from all stackable VLAN-enabled VLANs. Starting with the Dell Networking OS version 7.8.1.
PAGE 1258
Example Dell(config)#vlan-stack protocol-type 88A8 Dell(config)#interface gigabitethernet 3/10 Dell(conf-if-gi-3/10)#no shutdown Dell(conf-if-gi-3/10)#switchport Dell(conf-if-gi-3/10)#vlan-stack access Dell(conf-if-gi-3/10)#exit Dell(config)#interface tenGigabitethernet 8/0 Dell(conf-if-te-10/0)#no shutdown Dell(conf-if-te-10/0)#portmode hybrid Dell(conf-if-te-10/0)#switchport Dell(conf-if-te-10/0)#vlan-stack trunk Dell(conf-if-te-10/0)#exit Dell(config)#interface vlan 20 Dell(conf-if-vlan)#vlan-stack comp
PAGE 1259
62 Virtual Link Trunking (VLT) VLT allows physical links between two chassis to appear as a single virtual link to the network core. VLT eliminates the requirement for Spanning Tree protocols by allowing link aggregation group (LAG) terminations on two separate distribution or core switches, and by supporting a loop-free topology.
PAGE 1260
Parameters ip–address Enter the IPv4 or IPv6 address of the backup destination. interval seconds Enter the keyword interval to specify the time interval to send hello messages. The range is from 1 to 5 seconds. The default is 1 second. Defaults Not configured. Command Modes VLT DOMAIN Usage Information You can only enable either IPv4 or IPv6. Command History Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1261
marked for re-download. Both local and synced routes are removed from the multicast route table. The peer VLT node clears synced routes from the node. If you use this command on a peer VLT node, only the synced routes are deleted from the multicast route table. delay-restore abort-threshold Increase the Boot Up timer to some value (>60 seconds). Syntax delay-restore abort-threshold To remove use the no delay-restore abort-threshold command.
PAGE 1262
multicast peer-routing timeout Configure the time for a VLT node to retain synced multicast routes or synced multicast outgoing interface (OIF) after a VLT peer node failure. Syntax multicast peer-routing timeout value To restore the default value, use the no multicast peer-routing timeout command. Parameters value Enter the timeout value in seconds. The range is from 1 to 1200. The default is 150. Default Not configured.
PAGE 1263
9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. peer-routing-timeout Configure the timeout for the software to wait before connecting to a VLT peer with a Down status. This command is applicable for both IPV6/ IPV4. Syntax peer-routing-timeout value To restore the default value, use the no peer-routing-timeout command. Parameters Command Modes Command History Usage Information value Enter the timeout value in seconds. The range is from 1 to 65535. The default value is 0 (no timeout).
PAGE 1264
show ip mroute View the multicast routing table. Syntax show ip mroute [static | group-address [source-address] | count | snooping [vlan vlan-id] [group-address [source-address]] | summary | vlt [group-address | count] Parameters Static (OPTIONAL) Enter the keyword static to view static multicast routes. group-address [source-address] (OPTIONAL) Enter the multicast group-address to view only routes associated with that group.
PAGE 1265
Field Description Outgoing interface list: Lists the interfaces that meet one of the following: • a directly connected member of the Group • statically configured member of the Group • received a (*,G) or (S,G) Join message Example (static) Dell#show ip mroute static Mroute: 23.23.23.0/24, interface: Lo 2 Protocol: static, distance: 0, route-map: none, last change: 00:00:23 Example (snooping) Dell#show ip mroute snooping IPv4 Multicast Snooping Table (*, 224.0.0.
PAGE 1266
Default Not configured. Command Modes EXEC Command History Example Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Dell# show vlt backup-link VLT Backup Link ----------------Destination: Peer HeartBeat status: HeartBeat Timer Interval: HeartBeat Timeout: UDP Port: HeartBeat Messages Sent: HeartBeat Messages Received: 10.11.198.130 Up 1 3 34998 634 473 show vlt brief Displays summarized status information about VLT domains currently configured on the switch.
PAGE 1267
show vlt detail Displays detailed status information about VLT domains currently configured on the switch. Syntax show vlt detail Default Not configured. Command Modes EXEC Command History Example Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1268
Example Dell#show vlt mismatch Domain ----------Parameters Local ------------ ----------System-Mac 00:00:00:0a:0a:0a Vlan-config -----------Vlan-ID Local Mode --------- -----------2000 -3000 L3 Dell# Peer --------00:00:00:00:00:00 Peer Mode ---------L2 -- Example for Q-in-Q Dell#show vlt mismatch Implementation over Domain -----VLT Parameters Local -------------PB for stp Enabled Peer ---Disabled Vlan-type-config ---------------Codes:: P - Primary, C - Community, I - Isolated, N - Normal vlan, M - Vla
PAGE 1269
Default Not configured. Command Modes EXEC Command History Example Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. Dell#show vlt role VLT Role ---------VLT Role: System MAC address: Primary Role Priority: Local System MAC address: Local System Role Priority: Local Unit Id: Dell# Primary 00:00:00:0a:0a:0a 700 00:01:e8:d7:3f:bd 700 0 show vlt statistics Displays statistics on VLT operations. Syntax show vlt statistics Default Not configured.
PAGE 1270
ARP-sync Pkts Sent:0 ARP-sync Pkts Rcvd:0 ARP Reg Request sent:18 ARP Reg Request rcvd:16 VLT NDP Statistics -------------------NDP NA VLT Tunnel Pkts sent:0 NDP NA VLT Tunnel Pkts Rcvd:0 NDP NA Non-VLT Tunnel Pkts sent:0 NDP NA Non-VLT Tunnel Pkts Rcvd:0 Ndp-sync Pkts Sent:0 Ndp-sync Pkts Rcvd:0 Ndp Reg Request sent:17 Ndp Reg Request rcvd:15 VLT Multicast Statistics ------------------------------Info Pkts Sent: 0 Info Pkts Rcvd: 0 Reg Request Sent: 0 Reg Request Rcvd: 0 Reg Response Sent: 0 Reg Response R
PAGE 1271
unit-id Explicitly configure the default unit ID of a VLT peer switch. Syntax Parameters unit-id id id Enter the system unit ID for VLT. The range is from 0 to 1. Defaults Automatically assigned based on the MAC address of each VLT peer. The peer with the lower MAC address is assigned unit 0; the peer with the higher MAC address is assigned unit 1. Command Modes VLT DOMAIN Command History Usage Information Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1272
Defaults Not configured. Command Modes INTERFACE PORT-CHANNEL Command History Version Description 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module. show vlt private-vlan Display the association of private VLAN (PVLAN) with the VLT LAG. You can configure VLT peer nodes in a PVLAN on the switch. Syntax show vlt private-vlan Command Modes EXEC Command History Version Description 9.3(0.0) Introduced on the MXL 10/40GbE Switch IO Module platform.
PAGE 1273
63 Virtual Router Redundancy Protocol (VRRP) Virtual router redundancy protocol (VRRP) is supported by the Dell Networking Operating System (OS) for IPv4 and IPv6. The following commands apply to both VRRP IPv4 and IPv6: • advertise-interval • description • disable • hold-time • preempt • priority • show config • track • virtual-address VRRP Ipv6 are in the VRRP for IPv6 Commands section.
PAGE 1274
advertise-interval Set the time interval between VRRP advertisements. Syntax advertise-interval {seconds | centisecs centisecs} To return to the default settings, use the no advertise-interval command. Parameters seconds Enter a number of seconds. The range is from 1 to 255. The default is 1 second. centisecs centisecs Enter the keyword centisecs followed by the number of centisecs in multiple of 25 centisecs. The range is 25 to 4075 centisecs in multiples of 25 centisecs.
PAGE 1275
Usage Information The given password is encrypted by the system and the show config displays an encrypted text string for any of the encrypted typed used. clear counters vrrp Clear the counters maintained on VRRP operations. Syntax Parameters Command Modes Command History clear counters vrrp [vrrp-id] vrrp-id (OPTIONAL) Enter the number of the VRRP group ID. The range is from 1 to 255. EXEC Privilege Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
PAGE 1276
Command History Usage Information Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. If you do not specify options, debug is active on all interfaces and all VRRP groups. description Configure a short text string describing the VRRP group. Syntax description text To delete a VRRP group description, use the no description command. Parameters text Defaults Not enabled. Command Modes VRRP Command History Enter a text string up to 80 characters long.
PAGE 1277
To return to the default value, use the no hold-time command. Parameters seconds Enter a number of seconds. The range is from 0 to 65535. The default is zero (0) seconds. centisecs centisecs Enter the keyword centisecs then the number of centisecs in units of 25 centisecs. The range is from 0 to 65525 in units of 25 centisecs. Defaults zero (0) seconds Command Modes VRRP Command History Version Description 9.5(0.0) Introduced the support for centisecs on the MXL 10/40GbE Switch. 8.3.16.
PAGE 1278
Command History Usage Information Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. To guarantee that a VRRP group becomes MASTER, configure the VRRP group’s virtual address with same IP address as the interface’s primary IP address and change the priority of the VRRP group to 255. If you set the priority command to 255 and the virtual-address is not equal to the interface’s primary IP address, an error message appears.
PAGE 1279
brief Command Modes Command History Usage Information • EXEC • EXEC Privilege Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The following describes the show vrrp brief command shown in the following example. Item Description Interface Lists the interface type, slot and port on which the VRRP group is configured. Grp Displays the VRRP group ID. Pri Displays the priority value assigned to the interface.
PAGE 1280
Item Description • master (MASTER virtual router) • backup (BACKUP virtual router) the interface’s priority and the IP address of the MASTER. Hold Down:... Adv rcvd:... Example 1280 This line displays additional VRRP configuration information: • Hold Down displays the hold down timer interval in seconds. • Preempt displays TRUE if preempt is configured and FALSE if preempt is not configured. • AdvInt displays the Advertise Interval in seconds.
PAGE 1281
Up GigabitEthernet 12/17 priority-cost 10 Dell> track Monitor an interface and lower the priority value of the VRRP group on that interface if it is disabled. Syntax track interface [priority-cost cost] To disable monitoring, use the no track interface command.
PAGE 1282
Defaults Not configured. Command Modes VRRP Command History Usage Information Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The VRRP group only becomes active and sends VRRP packets when a virtual IP address is configured. When you delete the virtual address, the VRRP group stops sending VRRP packets. A system message appears after you enter or delete the virtual-address command.
PAGE 1283
Parameters seconds Defaults 0 Command Modes INTERFACE Command History Usage Information Enter the number of seconds for the delay. The range is from 0 to 900 (0 indicates no delay). Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. This command applies to all the VRRP configured interfaces on a system. When used with the vrrp delay minimum CLI, the later timer rules the VRRP enabling.
PAGE 1284
clear counters vrrp ipv6 Clear the counters recorded for IPv6 VRRP groups. Syntax clear counters vrrp ipv6 [vrid | vrf instance] Parameters vrid (OPTIONAL) Enter the number of an IPv6 VRRP group. The range is from 1 to 255. vrf instance (OPTIONAL) Enter the name of a VRF instance (32 characters maximum) to clear the counters of all IPv6 VRRP groups in the specified VRF. Defaults Not configured Command Modes INTERFACE Command History Version Description 8.3.16.
PAGE 1285
Command History Usage Information Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. If no options are specified, debug is active on all interfaces and all VRRP groups. show vrrp ipv6 View the IPv6 VRRP groups that are active. If no VRRP groups are active, the system returns No Active VRRP group. Syntax Parameters show vrrp ipv6 [vrid] [interface] [brief] vrid (OPTIONAL) Enter the virtual router identifier for the VRRP group to view only that group.
PAGE 1286
Line Beginning with Description Hold Down:... This line displays additional VRRP configuration information: Adv rcvd:... Example • Hold Down displays the hold down timer interval in seconds. • Preempt displays TRUE if preempt is configured and FALSE if preempt is not configured. • AdvInt displays the Advertise Interval in seconds. This line displays counters for the following: • Adv rcvd displays the number of VRRP advertisements received on the interface.
PAGE 1287
Command History Usage Information Version Description 8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module. The VRRP group only becomes active and sends VRRP packets when a link-local virtual IP address is configured. When you delete the virtual address, the VRRP group stops sending VRRP packets. • When VRF microcode is not loaded in CAM, the VRID for a VRRP group is the same as the VRID number configured with the vrrp-group or vrrp-ipv6-group command.
PAGE 1288
Usage Information You can use the both command to migrate from VRRPv2 to VRRPv3. When you set the VRRP protocol version to both, the switch sends only VRRPv3 advertisements but can receive either VRRPv2 or VRRPv3 packets. To migrate an IPv4 VRRP group from VRRPv2 to VRRPv3: 1 Set the switches with the lowest priority to both. 2 Set the switch with the highest priority to version 3. 3 Set all the switches from both to version 3.
PAGE 1289
64 ICMP Message Types This chapter lists and describes the possible ICMP message type resulting from a ping. The first three columns list the possible symbol or type/code. For example, you would receive a ! or 03 as an echo reply from your ping. Table 5. ICMP messages and their definitions Symbol Type Code . Query Error Timeout (no reply) ! 0 U 3 C Description 3 echo reply . destination unreachable: 0 network unreachable . 1 host unreachable . 2 protocol unreachable .
PAGE 1290
Symbol Type & 11 Code Query Error time exceeded: 0 time-to-live equals 0 during transit . 1 time-to-live equals 0 during reassembly . 12 1290 Description parameter problem: 1 IP header bad (catchall error) . 2 required option missing . 13 0 timestamp request . 14 0 timestamp reply . 15 0 information request (obsolete) . 16 0 information reply (obsolete) . 17 0 address mask request . 18 0 address mask reply .
PAGE 1291
65 SNMP Traps This chapter lists the traps sent by the Dell Networking Operating System (OS). Each trap is listed by the fields Message ID, Trap Type, and Trap Option. Table 6.
PAGE 1292
Message ID Trap Type Trap Option NONE NONE ENVMON TEMP ENVMON TEMP ENVMON TEMP ENVMON TEMP ENVMON NONE ENVMON NONE ENVMON NONE ENVMON NONE ENVMON NONE ENVMON NONE ENVMON NONE PROTO NONE PROTO NONE %RPM0-P:CP %SNMP-4-RMON_HC_FALLING_THRESHOLD: RMON highcapacity falling threshold alarm from SNMP OID RESV N/A CHM_MIN_ALRM_TEMP %CHMGR-2-MINOR_TEMP: Minor alarm: chassis temperature CHM_MIN_ALRM_TEMP_CLR %CHMRG-5-MINOR_TEMP_CLR: Minor alarm cleared: chassis temperature normal
PAGE 1293
Message ID Trap Type Trap Option PROTO NONE PROTO NONE PROTO NONE ETS NONE ETS NONE ETS NONE ETS NONE PFC NONE PFC NONE %VRRP-6-VRRP_MASTER: vrid-%d on %s entering MASTER VRRP_PROTOCOL_ERROR VRRP_PROTOERR: VRRP protocol error on %S BGP4_ESTABLISHED %TRAP-5-PEER_ESTABLISHED: Neighbor %a, state %s BGP4_BACKW_XSITION %TRAP-5-BACKWARD_STATE_TRANS: Neighbor %a, state %s ETS_TRAP_TYPE_MODULE_STATUS_CHA NGE %DIFFSERV-5-ETS_TRAP_TYPE_MODULE_STATUS_CHANGE: ETS Module status changed to enabled %D
PAGE 1294
Message ID Trap Type Trap Option PFC NONE PFC NONE FIPS NONE FIPS NONE FIPS NONE FIPS NONE FIPS NONE FIPS NONE FIPS NONE ENTITY NONE %DIFFSERV-5-PFC_TRAP_TYPE_ADMIN_MODE_CHANGE : PFC Admin mode changed to off for port %s PFC_TRAP_TYPE_OPER_STATE_CHANGE %DIFFSERV-5-PFC_TRAP_TYPE_OPER_STATE_CHANGE: PFC Oper state changed to init for port %s %DIFFSERV-5-PFC_TRAP_TYPE_OPER_STATE_CHANGE: PFC Oper state changed to off for port %s %DIFFSERV-5-PFC_TRAP_TYPE_OPER_STATE_CHANGE: PFC Oper state c
PAGE 1295
66 FC Flex IO Modules This part provides a generic, broad-level description of the operations, capabilities, and configuration commands of the Fiber Channel (FC) Flex IO module. Topics: • FC Flex IO Modules • Data Center Bridging (DCB) for FC Flex IO Modules • NPIV Proxy Gateway for FC Flex IO Modules FC Flex IO Modules This part provides a generic, broad-level description of the operations, capabilities, and configuration commands of the Fiber Channel (FC) Flex IO module.
PAGE 1296
description (for FCoE maps) In an FCoE map, add a text description of the FCoE and FC parameters used to transmit storage traffic over an M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module NPIV proxy gateway in a converged fabric. M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module Syntax description text Parameters text Defaults None Command Modes FCOE MAP Command History Version 9.3(0.0) Enter a maximum of 32 characters.
PAGE 1297
switch to operate as an FCoE-FC bridge between an FC SAN and an FCoE network by providing FCoE-enabled servers and switches with the necessary parameters to log in to a SAN fabric. Use the fcoe-map command to create an FCoE map. On an M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module NPIV proxy gateway, you cannot apply an FCoE map on fabric-facing FC ports and server-facing Ethernet ports.
PAGE 1298
You must first create a VLAN and then specify the configured VLAN ID in the fabric-id vlan command. Otherwise, the following error message is displayed. FTOS(conf-fcoe-f)#fabric-id 10 vlan 10 % Error: Vlan 10 does not exist Related Commands fcoe-map — creates an FCoE map which contains the parameters used in the communication between servers and a SAN fabric. show fcoe-map— displays the Fibre Channel and FCoE configuration parameters in FCoE maps.
PAGE 1299
The range of FC-MAP values is from 0EFC00 to 0EFCFF. Defaults None Command Modes FCoE MAP Command History Usage Information Version Description 9.6(0.0) Supported on the FN 2210S Aggregator. 9.3(0.0) Introduced on the M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module. The FC-MAP value you enter must match the FC-MAP value used by an FC switch or FCoE forwarder (FCF) in the fabric. An FCF switch accepts only FCoE traffic that uses the correct FC-MAP value.
PAGE 1300
Command Modes • Keepalive: enable • Vlan priority: 3 CONFIGURATION INTERFACE Command History Usage Information Version 9.3(0.0) Introduced on the M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module. An FCoE map is a template used to map FCoE and FC parameters in a converged fabric.
PAGE 1301
Usage Information To delete the FIP keepalive time period from an FCoE map, enter the no fka-adv-erpiod command. Related Commands fcoe-map — creates an FCoE map which contains the parameters used in the communication between servers and a SAN fabric. show fcoe-map— displays the Fibre Channel and FCoE configuration parameters in FCoE maps.
PAGE 1302
keepalive In an FCoE map, enable the monitoring of FIP keepalive messages (if it is disabled). M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module Syntax keepalive Parameters None Defaults FIP keepalive monitoring is enabled on Ethernet and Fibre Channel interfaces. Command Modes FCOE MAP Command History Usage Information Version 9.3(0.0) Introduced on the M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module.
PAGE 1303
Usage Information Use the show fcoe-map command to display the FC and FCoE parameters used to configure server-facing Ethernet (FCoE) and fabric-facing FC ports in all FCoE maps on an M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module NPIV proxy gateway. In each FCoE map, the values for the fabric ID and FC-MAP that identify the SAN fabric to which FC storage traffic is sent, and the FCoE VLAN to be used must be unique.
PAGE 1304
Example Field Description Oper-State Operational status of link to the fabric: Up (link is up and transmitting FC traffic), Down (link is down and not transmitting FC traffic), Link-wait (link is up and waiting for FLOGI to complete on peer FC port), or Removed (port has been shut down). Members M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module Ethernet and FC ports that are members of the dedicated FCoE VLAN that carries storage traffic to the specified fabric.
PAGE 1305
Usage Information Use the show npiv devices command to display information on the server CNA, server-facing Ethernet and fabric-facing FC ports, and the SAN fabric in each server-fabric connection over an M I/O Aggregator and MXL 10/40GbE Switch with the FC Flex IO module NPIV proxy gateway. The following table describes the show npiv devices brief output shown in the example below.
PAGE 1306
Example Related Commands 1306 Field Description Fabric Map Name of the FCoE map containing the FCoE/FC configuration parameters for the server CNA-fabric connection. Enode WWPN Worldwide port name of the server CNA port. Enode WWNN Worldwide node name of the server CNA. FCoE MAC Fabric-provided MAC address (FPMA). The FPMA consists of the FC-MAP value in the FCoE map and the FC-ID provided by the fabric after a successful FLOGI.
PAGE 1307
67 X.509v3 X.509v3 is a standard for public key infrastructure (PKI) to manage digital certificates and public key encryption. This standard specifies a format for public-key certificates or digital certificates. Dell Networking OS supports X.509v3 standards.
PAGE 1308
Usage Information The following RBAC roles are allowed to issue this command: • sysadmin • secadmin Before deleting a CA certificate, the system checks whether that certificate is an issuer of other installed certificate on the system. If so, the system informs you to delete other installed certificates first. Related Commands crypto ca-cert installcrypto cert generatecrypto ca-cert install crypto ca-cert install Downloads and installs the certificate of a Certificate Authority (CA) on to the device.
PAGE 1309
crypto cert delete Deletes a trusted certificate. Syntax crypto cert delete Defaults NA. Command Modes EXEC Privilege Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. The following is a list of the Dell Networking OS version history for this command: Usage Information Version Description 9.11.0.0 Introduced the command.
PAGE 1310
cert-path Enter the path to locally store the self-signed certificate or CSR. The path can be a full path or a relative path. If the system accepts this path, a notification is sent indicating the location where the CSR file is stored. You can then export the CSR to a CA using the “copy” command. Following is an example of a path that you can specify: flash:// certs/s4810-001-request.csr. key-file Enter the keyword key-file to specify the private key.
PAGE 1311
Usage Information Version Description 9.11.0.0 Introduced the command. The following RBAC roles are allowed to issue this command: • sysadmin • secadmin If the cert-file option is not specified in the command, then the system interactively prompts you to fill in various fields of the certificate signing request (CSR). You are prompted to fill out some metadata information for the certificate.
PAGE 1312
NOTE: After the certificate is successfully installed, the private key is deleted from the specified location and copied to the hidden location in NVRAM. password passphrase (Optional) Enter the keyword password followed by the password phrase used to decrypt the private key. NOTE: You can generate the private key and certificate on another host. While doing so, you must keep the private key encrypted with a passphrase so that the private key is not compromised during transport.
PAGE 1313
crypto x509 ocsp Configures the OCSP behavior. Syntax Parameters crypto x509 ocsp [nonce] [sign-requests] nonce Enter the keyword nonce to use the nonce feature for the OCSP requests to OCSP responder communication. This is a one-time value that must be returned in the OCSP response. If the OCSP responder is using precomputed responses, then it does not reply with the nonce. The nonce feature is off by default. The no version of the command disables the nonce feature.
PAGE 1314
reject Defaults Enter the keyword reject to reject the presented certificate and log in if OCSP retrieval fails. crypto x509 revocation ocsp accept Command Modes Command History • CONFIGURATION Mode This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. The following is a list of the Dell Networking OS version history for this command: Related Commands Version Description 9.11.0.0 Introduced this command.
PAGE 1315
logging secure Creates a log file for various events related to X.509v3 certificates. Syntax Parameters logging {hostname} {secure | tcp | udp} [vrf vrf-name] [sha1 fingerprint] [port port-number] hostname Enter the name of the host or device for which you wish to record logs corresponding to the certificates. NOTE: The hostname can be an IPV4 address, an IPV6 address, or a DNS hostname—with or without DNS suffix.
PAGE 1316
Related Commands • crypto cert install • crypto ca-cert install • crypto cert generate crypto x509 ca-keyid Creates a per-certificate configuration context using the specified subject key identifier. Syntax crypto x509 ca-keyid subject-key-identifier Use to the no crypto x509 ca-keyid command to remove this configuration. Parameters Defaults subject-keyidentifier Enter the content of the SubjectKeyIdentifier field from the CA certificate.
PAGE 1317
ocsp-server Configures OCSP server on a CA. Syntax Parameters ocsp-server url [nonce] [sign-requests] url Enter the URL for the OCSP responder using standard URI format. Either http or https protocol can be used. For example, http://[1100::101]:8888. nonce Enter the keyword nonce to use the nonce feature for the OCSP requests to OCSP responder communication. This number is a one-time value that must be returned in the OCSP response.
PAGE 1318
Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. The following is a list of the Dell Networking OS version history for this command: Usage Information Version Description 9.11.0.0 Introduced this command.
PAGE 1319
show crypto cert Displays the certificate information that is specified. Syntax Parameters show crypto cert {path} path (OPTIONAL) Enter the path to a local file where a certificate chain is stored in PEM format. If a path is not specified, display the certificate that is currently installed on the system. Defaults None. Command Modes EXEC Privilege Command History This guide is platform-specific.