Dell PowerEdge FN I/O Module Configuration Guide 9.14.1.5 May 2019 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2018 - 2019 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Chapter 1: About this Guide.........................................................................................................29 Audience.............................................................................................................................................................................. 29 Conventions........................................................................................................................................................................
Configuring a Username and Password................................................................................................................. 49 Configuring the Enable Password................................................................................................................................. 50 Configuration File Management....................................................................................................................................
Restrictions for Limiting the Number of Concurrent Sessions........................................................................ 79 Configuring Concurrent Session Limit....................................................................................................................79 Enabling the System to Clear Existing Sessions.................................................................................................. 79 Track Login Activity......................................................
Configuring Filters Without a Sequence Number.................................................................................................... 109 Established Flag................................................................................................................................................................ 110 Configure Layer 2 and Layer 3 ACLs...........................................................................................................................
Establishing Sessions for Static Routes............................................................................................................... 136 Establishing Static Route Sessions on Specific Neighbors..............................................................................137 Changing Static Route Session Parameters........................................................................................................137 Disabling BFD for Static Routes........................................
Ignore Router-ID for Some Best-Path Calculations.......................................................................................... 168 Four-Byte AS Numbers............................................................................................................................................ 168 AS4 Number Representation.................................................................................................................................. 168 AS Number Migration.........................
ETS Operation with DCBx.......................................................................................................................................236 Hierarchical Scheduling in ETS Output Policies...................................................................................................... 236 DCBx Operation...............................................................................................................................................................237 DCBx Operation......
Chapter 17: FC FPORT...............................................................................................................268 FC FPORT.........................................................................................................................................................................268 Configuring Switch Mode to FCF Port Mode.......................................................................................................... 268 Name Server..................................
Configuring the Control VLAN...............................................................................................................................298 Configuring and Adding the Member VLANs..................................................................................................... 299 Setting the FRRP Timers........................................................................................................................................ 300 Clearing the FRRP Counters..................
Configuring the Default Interface................................................................................................................................331 Enabling a Physical Interface........................................................................................................................................ 331 Physical Interfaces..........................................................................................................................................................
Splitting QSFP Ports to SFP+ Ports.......................................................................................................................... 354 Merging SFP+ Ports to QSFP 40G Ports........................................................................................................... 355 Configure the MTU Size on an Interface............................................................................................................ 355 Configuring wavelength for 10–Gigabit SFP+ optics...
Protocol Overview.......................................................................................................................................................... 382 Extended Address Space........................................................................................................................................ 382 Stateless Autoconfiguration...................................................................................................................................
Chapter 29: Intermediate System to Intermediate System........................................................ 404 IS-IS Protocol Overview................................................................................................................................................404 IS-IS Addressing.............................................................................................................................................................. 404 Multi-Topology IS-IS...........................
Clearing the MAC Address Entries....................................................................................................................... 442 Displaying the MAC Address Table....................................................................................................................... 442 Disabling MAC Address Learning on the System.............................................................................................. 443 Enabling port security...................................
Preventing MSDP from Caching a Local Source.................................................................................................... 480 Preventing MSDP from Caching a Remote Source................................................................................................ 481 Preventing MSDP from Advertising a Local Source............................................................................................... 481 Logging Changes in Peership States......................................
Protocol Overview...........................................................................................................................................................519 Autonomous System (AS) Areas........................................................................................................................... 519 Area Types..................................................................................................................................................................
Related Configuration Tasks.................................................................................................................................. 567 Enable PIM-SM................................................................................................................................................................567 Configuring S,G Expiry Timers.....................................................................................................................................
Chapter 45: Quality of Service (QoS)........................................................................................ 607 Implementation Information......................................................................................................................................... 608 Port-Based QoS Configurations..................................................................................................................................609 Setting dot1p Priorities for Incoming Traffic.......
Important Points to Remember............................................................................................................................. 648 Configuring Interfaces for Layer 2 Mode..................................................................................................................648 Enabling Rapid Spanning Tree Protocol Globally.....................................................................................................648 Adding and Removing Interfaces................
Enabling User Lockout for Failed Login Attempts.............................................................................................703 Chapter 50: Service Provider Bridging.......................................................................................704 VLAN Stacking.................................................................................................................................................................704 Configure VLAN Stacking.......................................
Enable SNMPv3 traps....................................................................................................................................................730 Reading Managed Object Values.................................................................................................................................730 Displaying the Ports in a VLAN using SNMP............................................................................................................
Upgrading a Switch Stack............................................................................................................................................ 760 Upgrading a Single Stack Unit...................................................................................................................................... 761 Stack Link Failure Detection.........................................................................................................................................
Enabling NTP..............................................................................................................................................................789 Configuring NTP Broadcasts..................................................................................................................................790 Disabling NTP on an Interface...............................................................................................................................
Configuring an NPIV Proxy Gateway......................................................................................................................... 826 Enabling Fibre Channel Capability on the Switch.............................................................................................. 827 Creating a DCB Map ................................................................................................................................................
Reconfiguring the Default VLT Settings (Optional) ........................................................................................858 Connecting a VLT Domain to an Attached Access Device (Switch or Server).........................................859 Configuring a VLT VLAN Peer-Down (Optional).............................................................................................. 859 Configure Multi-domain VLT (mVLT) (Optional)....................................................................
Displaying Stack Port Statistics............................................................................................................................. 910 Enabling Buffer Statistics Tracking ........................................................................................................................... 910 Restoring the Factory Default Settings.....................................................................................................................
1 About this Guide This guide describes the supported protocols and software features, and provides configuration instructions and examples, for the Dell Networking Operating System (OS). Dell Networking FN IOM is available with running Dell Networking OS version 9.9(0.0). The FN IOM is installed in a Dell PowerEdge FX2 server chassis. For information about how to install and perform the initial switch configuration, refer to the Getting Started Guides on the Dell Support website at http://www.dell.
NOTE: The Warning icon signals information about hardware handling that could result in injury. * (Exception). This symbol is a note associated with additional text on the page that is marked with an asterisk.
2 Before You Start To install the FN IOM in a Dell FX2 server chassis, use the instructions in the Dell Networking FN IOM Getting Started Guide that is shipped with the product. The FN IOM installs with zero-touch configuration. After you power it on, it boots up with default settings and auto-configures with software features enabled. This topic describes the default settings and software features that are automatically configured at startup.
Dell(conf)#stack-unit 0 iom-mode programmable-mux Select this mode to configure PMUX mode CLI commands. Standalone mode is the zero-touch auto configuration default mode. If you want the flexibility to configure different settings, change the FN I/O Module to PMUX mode. PMUX mode provides additional CLI commands to customize the software configuration, as needed. You can configure any of the external Ethernet ports to operate as stack links.
● VLANs: All ports are configured as members of all (4094) VLANs. All VLANs are up and can send or receive layer 2 traffic. For more information, refer to VLAN Membership. ● Data center bridging capability exchange protocol (DCBx): Server-facing ports auto-configure in auto-downstream port roles; uplink ports auto-configure in auto-upstream port roles.
Link Aggregation All uplink ports are configured in a single LAG (LAG 128). Server-facing ports are auto-configured as part of link aggregation groups if the corresponding server is configured for LACP-based network interface controller (NIC) teaming. Static LAGs are not supported. NOTE: The recommended LACP timeout is Long-Timeout mode. Link Tracking By default, all server-facing ports are tracked by the operational status of the uplink LAG.
For detailed information about how to reconfigure specific software settings, refer to the appropriate chapter.
3 Configuration Fundamentals The Dell Networking Operating System (OS) command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels. In Dell Networking OS, after you enable a command, it is entered into the running configuration file.
● EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information. ● EXEC Privilege mode has commands to view configurations, clear counters, manage configuration files, run diagnostics, and enable or disable debug operations. The privilege level is 15, which is unrestricted. You can configure a password for this mode.
Table 1.
Dell(conf-if-ma-0/0)# no ip address Dell(conf-if-ma-0/0)# Dell(conf-if-ma-0/0)# show config ! interface ManagementEthernet 0/0 no ip address no shutdown Dell(conf-if-ma-0/0)# Obtaining Help Obtain a list of keywords and a brief functional description of those keywords at any CLI mode using the ? or help command: ● To list the keywords available in the current mode, enter ? at the prompt or after a keyword. ● Enter ? after a prompt lists all of the available keywords.
Short-Cut Key Action Combination CNTL-F Moves the cursor forward one character. CNTL-I Completes a keyword. CNTL-K Deletes all characters from the cursor to the end of the command line. CNTL-L Re-enters the previous command. CNTL-N Return to more recent commands in the history buffer after recalling commands with CTRL-P or the UP arrow key. CNTL-P Recalls commands, beginning with the last command. CNTL-U Deletes the line. CNTL-W Deletes the previous word. CNTL-X Deletes the line.
NOTE: Dell accepts a space or no space before and after the pipe. To filter a phrase with spaces, underscores, or ranges, enclose the phrase with double quotation marks. The except keyword displays text that does not match the specified text. The following example shows this command used in combination with the show linecard all command.
4 Getting Started This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) during which the route processor module (RPM), switch fabric module (SFM), and line card status light emitting diodes (LEDs) blink green. The system then loads the Dell Networking operating system. Boot messages scroll up the terminal window during this process. No user interaction is required if the boot process proceeds without interruption.
Console Access The switch has two management ports available for system access: a serial console port and an out-of-bounds (OOB) port. Serial Console A universal serial bus (USB) (A-Type) connector is located at the front panel. The USB can be defined as an External Serial Console (RS-232) port, and is labeled on the chassis. The USB is present on the lower side, as you face the I/O side of the chassis, as shown.
Serial Console 44 Getting Started
External Serial Port with a USB Connector The following table list the pin assignments. Table 2. Pin Assignments USB Pin Number Signal Name Pin 1 RTS Pin 2 RX Pin 3 TX Pin 4 CTS Pin 5, 6 GND RxD Chassis GND Accessing the CLI Interface and Running Scripts Using SSH In addition to the capability to access a device using a console connection or a Telnet session, you can also use SSH for secure, protected communication with the device. You can open an SSH session and run commands or script files.
of the commands to fail for syntax error. In such cases, if you add few newline characters before the failed command, the output displays completely. Execution of commands on CLI over SSH does not notice the errors that have occurred while executing the command. As a result, you cannot identify, whether a command has failed to be processed. The console output though is redirected back over SSH. Boot Process After you follow the Installation Procedure in the Getting Started Guide, the switch boots up.
Initialized eMMC Host Controller Detected SD Card Now running in RAM - U-Boot [N64 ABI, Big-Endian] at: ffffffff8c100000 Flash: 256 MB PCIE (B0:D01:F0) : Link up. PCIE (B0:D01:F1) : No Link.
Configuring a Unique Host Name on the System While you can manually configure a host name for the system, you can also configure the system to have a unique host name. The unique host name is a combination of the platform type and the serial number of the system. The unique host name appears in the command prompt. The running configuration gets updated with the feature unique-name command. It also overwrites any existing host name configured on the system using the hostname command.
Configure a Management Route Define a path from the system to the network from which you are accessing the system remotely. Management routes are separate from IP routes and are only used to manage the system through the management port. To configure a management route, use the following command. ● Configure a management route to the network from which you are accessing the system. CONFIGURATION mode management route ip-address/mask gateway ○ ip-address: the network address in dotted-decimal format (A.B.C.
Configuring the Enable Password Access EXEC Privilege mode using the enable command. EXEC Privilege mode is unrestricted by default. Configure a password as a basic security measure. There are two types of enable passwords: ● enable password stores the password in the running/startup configuration using a DES encryption method. ● enable secret is stored in the running/startup configuration in using a stronger, MD5 encryption method.
Table 3. Forming a copy Command (continued) Location source-file-url Syntax destination-file-url Syntax For a remote file location: copy tftp://{hostip | hostname}/filepath/ filename tftp://{hostip | hostname}/ filepath/filename copy scp://{hostip | hostname}/filepath/ filename scp://{hostip | hostname}/ filepath/filename TFTP server For a remote file location: SCP server Important Points to Remember ● You may not copy a file from one remote system to another.
● Save the running-configuration to an FTP server. EXEC Privilege mode copy running-config ftp:// username:password@{hostip | hostname}/filepath/ filename ● Save the running-configuration to a TFTP server. EXEC Privilege mode copy running-config tftp://{hostip | hostname}/ filepath/filename ● Save the running-configuration to an SCP server.
3 drwx 4 drwx 5 d--6 -rwx 7 -rwx 8 -rwx 9 -rwx 10 -rwx 11 -rwx 12 -rwx 13 -rwx 4096 4096 4096 1272 10093 217155 5162 10507 4 6900 1244038 Feb Feb Feb Apr Feb Feb Mar Mar May Feb Feb 17 17 17 29 17 22 02 03 06 17 13 2011 2011 2011 2011 2011 2011 2011 2011 2011 2011 2011 00:28:00 00:28:02 00:28:02 16:15:14 20:48:02 23:14:34 04:02:58 01:17:16 22:05:06 04:43:12 04:27:16 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 TRACE_LOG_DIR CORE_DUMP_DIR ADMIN_DIR startup-config abhi-j
● Change the default directory. EXEC Privilege mode cd directory You can change the default storage location to the USB Flash, as shown. File management commands then apply to the USB Flash rather than the internal Flash. The bold lines show that no file system is specified and that the file is saved to an USB Flash.
[May 17 10:17:50]: CMD-(CLI):[show logging]by default from console [May 17 10:17:56]: CMD-(CLI):[show command-history]by default from console Example 3: service timestamps log uptime DellEMC(conf)#service timestamps log uptime DellEMC# show command-history - Repeated 1 time. [May 17 10:20:37]: CMD-(CLI):[configure]by default from console - Repeated 1 time.
When you specify the management VRF, the copy operation that is used to transfer files to and from an HTTP server utilizes the VRF table corresponding to the Management VRF to look up the destination. When you specify a nondefault VRF, the VRF table corresponding to that nondefault VRF is used to look up the HTTP server.
MD5 DellEMC# verify md5 flash:file-name SHA256 DellEMC# verify sha256 flash://file-name Examples: Entering the Hash Value for Verification MD5 DellEMC# verify md5 flash://file-name 275ceb73a4f3118e1d6bcf7d75753459 SHA256 DellEMC# verify sha256 flash://file-name e6328c06faf814e6899ceead219afbf9360e986d692988023b749e6b2093e933 Deploying FN I/O Module This section provides design and configuration guidance for deploying the Dell PowerEdge FN I/O Module (FN IOM). By default the FN IOM is in Standalone Mode.
Mode Default Settings Auth/Acct; Auth coming up) DHCP Enabled n client only mode Internet Group Management Protocol (IGMP) v2 & v3 Enabled Auto LACP LAG Enabled on all ports (Uplink created by default based on LACP PDU) All VLANS Available on all server and uplink ports Ensuring the FN IOM system is in Standalone Mode To ensure that the FN IOM is in Standalone Mode, use the show system stack-unit 0 iom-mode command.
In the following, port channel 128 is up. The port channel consists of ports TenGigabitEthernet 0/11 and TenGigabitEthernet 0/12.
NOTE: For more information on Uplink Failure Detection and all other configuration settings, see the Uplink Failure Detection (UFD) chapter. Configure Interfaces and Port Channel This section provides the commands for configuring port channels on common upstream switches that are connected to the FN IOM system. The previous illustration is applicable to the FN 410S and FN 410T servers.
To verify the status, run the following commands: Dell#show interfaces port-channel 128 Port-channel 128 is up, line protocol is up Dell#show uplink-state-group Uplink State Group: 1 Status: Enabled, Up Getting Started 61
5 Management Dell Networking OS supports management. This chapter describes the different protocols or services used to manage the Dell Networking system.
Moving a Command from EXEC Privilege Mode to EXEC Mode Remove a command from the list of available commands in EXEC mode for a specific privilege level using the privilege exec command from CONFIGURATION mode. In the command, specify a level greater than the level given to a user or terminal line, then the first keyword of each restricted command.
● moves the capture bgp-pdu max-buffer-size command from EXEC Privilege to EXEC mode by requiring a minimum privilege level 3, which is the configured level for VTY 0 ● allows access to CONFIGURATION mode with the banner command ● allows access to INTERFACE and LINE modes with the no command Dell(conf)#do show run privilege ! Dell(conf)#privilege exec level 3 capture Dell(conf)#privilege exec level 3 configure Dell(conf)#privilege exec level 4 resequence Dell(conf)#privilege exec level 3 clear arp-cache Del
Applying a Privilege Level to a Terminal Line To set a privilege level for a terminal line, use the following command. ● Configure a privilege level for a terminal line. Line mode privilege levellevel NOTE: When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configuring Logging The Dell Networking operating system tracks changes in the system using event and error messages.
● Users making configuration changes. The switch logs who made the configuration changes and the date and time of the change. However, each specific change on the configuration is not logged. Only that the configuration was modified is logged with the user ID, date, and time of the change. ● Uncontrolled shutdown. Security Logs The security log contains security events and information. RBAC restricts access to audit and security logs based on the CLI sessions’ user roles.
Clearing Audit Logs To clear audit logs, use the clear logging auditlog command in Exec mode. When RBAC is enabled, only the system administrator user role can issue this command. Example of the clear logging auditlog Command DellEMC# clear logging auditlog Configuring Logging Format To display syslog messages in a RFC 3164 or RFC 5424 format, use the logging version {0 | 1} command in CONFIGURATION mode. By default, the system log version is set to 0.
Figure 1. Setting Up a Secure Connection to a Syslog Server Pre-requisites To configure a secure connection from the switch to the syslog server: 1. On the switch, enable the SSH server DellEMC(conf)#ip ssh server enable 2. On the syslog server, create a reverse SSH tunnel from the syslog server to the Dell OS switch, using following syntax: ssh -R :: user@remote_host -nNf In the following example the syslog server IP address is 10.156.166.
Display the Logging Buffer and the Logging Configuration To display the current contents of the logging buffer and the logging settings for the system, use the show logging command in EXEC privilege mode. When RBAC is enabled, the security logs are filtered based on the user roles. Only the security administrator and system administrator can view the security logs.
Disabling System Logging By default, logging is enabled and log messages are sent to the logging buffer, all terminal lines, the console, and the syslog servers. To disable system logging, use the following commands. ● Disable all logging except on the console. CONFIGURATION mode no logging on ● Disable logging to the logging buffer. CONFIGURATION mode no logging buffer ● Disable logging to terminal lines. CONFIGURATION mode no logging monitor ● Disable console logging.
logging console level ● Specify the minimum severity level for logging to terminal lines. CONFIGURATION mode logging monitor level ● Specify the minimum severity level for logging to a syslog server. CONFIGURATION mode logging trap level ● Specify the minimum severity level for logging to the syslog history table. CONFIGURATION mode logging history level ● Specify the size of the logging buffer.
%TSM-6-SFM_DISCOVERY: Found 9 SFMs %CHMGR-5-CHECKIN: Checkin from line card 5 (type EX1YB, 1 ports) %TSM-6-PORT_CONFIG: Port link status for LC 5 => portpipe 0: OK portpipe 1: N/A %CHMGR-5-LINECARDUP: Line card 5 is up %CHMGR-5-CHECKIN: Checkin from line card 12 (type S12YC12, 12 ports) %TSM-6-PORT_CONFIG: Port link status for LC 12 => portpipe 0: OK portpipe 1: N/A %CHMGR-5-LINECARDUP: Line card 12 is up %IFMGR-5-CSTATE_UP: changed interface Physical state to up: So 12/8 %IFMGR-5-CSTATE_DN: changed interfa
Synchronizing Log Messages You can configure the system to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system. 1. Enter LINE mode. CONFIGURATION mode line {console 0 | vty number [end-number]} Configure the following parameters for the virtual terminal lines: ● number: the range is from zero (0) to 9.
● Setting or viewing network interface configuration like Internet Protocol (IP) address, network mask, gateway, and Dynamic Host Configuration Protocol (DHCP). Secure mode limits the ability to view or modify configuration, or upgrade software to the switches external USB console port and internal management network only. CMC continues to have access to other properties like power status and system health. To disable the secure mode, use no enable secure command.
Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To specify the system logging settings, use the following commands. ● Specify the directory for users using FTP to reach the system. CONFIGURATION mode ftp-server topdir dir The default is the internal flash directory. ● Specify a user name for all FTP users and configure either a plain text or encrypted password.
Denying and Permitting Access to a Terminal Line Dell Networking recommends applying only standard access control lists (ACLs) to deny and permit access to VTY lines. ● Layer 3 ACLs deny all traffic that is not explicitly permitted, but in the case of VTY lines, an ACL with no rules does not deny traffic. ● You cannot use the show ip accounting access-list command to display the contents of an ACL that is applied only to a VTY line.
1. Configure an authentication method list. You may use a mnemonic name or use the default keyword. The default authentication method for terminal lines is local and the default method list is empty. CONFIGURATION mode aaa authentication login {method-list-name | default} [method-1] [method-2] [method-3] [method-4] [method-5] [method-6] 2. Apply the method list from Step 1 to a terminal line. CONFIGURATION mode login authentication {method-list-name | default} 3.
● Telnet to the stack-unit. You do not need to configure the management port on the stack-unit to be able to telnet to it. EXEC Privilege mode telnet-peer-stack-unit ● Telnet to a device with an IPv4 address. EXEC Privilege telnet [ip-address] If you do not enter an IP address, the system enters a Telnet dialog that prompts you for one. Enter an IPv4 address in dotted decimal format (A.B.C.D). Dell# telnet 10.11.80.203 Trying 10.11.80.203... Connected to 10.11.80.203. Exit character is '^]'.
NOTE: The CONFIGURATION mode lock corresponds to a VTY session, not a user. Therefore, if you configure a lock and then exit CONFIGURATION mode, and another user enters CONFIGURATION mode, when you attempt to re-enter CONFIGURATION mode, you are denied access even though you are the one that configured the lock. NOTE: If your session times out and you return to EXEC mode, the CONFIGURATION mode lock is unconfigured.
2 vty 0 10.14.1.97 3 vty 1 10.14.1.97 Clear existing session? [line number/Enter to cancel]: When you try to create more than the permitted number of sessions, the following message appears, prompting you to close one of the existing sessions. If you close any of the existing sessions, you are allowed to login. : $ telnet 10.11.178.17 Trying 10.11.178.17... Connected to 10.11.178.17. Escape character is '^]'. Login: admin Password: Maximum concurrent sessions for the user reached.
The following example enables login activity tracking and configures the system to store the login activity details for 12 days. Dell(config)#login statistics enable Dell(config)#login statistics time-period 12 Display Login Statistics To view the login statistics, use the show login statistics command. Example of the show login statistics Command The show login statistics command displays the successful and failed login details of the current user in the last 30 days or the custom defined time period.
Example of the show login statistics user user-id command The show login statistics user user-id command displays the successful and failed login details of a specific user in the last 30 days or the custom defined time period. Dell# show login statistics user admin -----------------------------------------------------------------User: admin Last login time: 12:52:01 UTC Tue Mar 22 2016 Last login location: Line vty0 ( 10.16.127.
LINE mode no authentication login no password 8. Save the running-config. EXEC Privilege mode copy running-config startup-config 9. Set the system parameters to use the startup configuration file when the system reloads. uBoot mode setenv stconfigignore false Recovering from a Forgotten Enable Password Use the following commands if you forget the enable password. 1. Log onto the system using the console. 2. Power-cycle the chassis by switching off all of the power modules and then switching them back on.
5. Assign an IP address as the default gateway for the system. uBoot mode setenv gatewayip address 6. Reload the system.
6 802.1X 802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). This feature is named for its IEEE specification. 802.
Figure 3. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: ● The device attempting to access the network is the supplicant. The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only communicate with the authenticator in response to 802.1X requests. ● The device with which the supplicant communicates is the authenticator. The authenticator is the gate keeper of the network.
3. The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame and forwards the frame to the authentication server. 4. The authentication server replies with an Access-Challenge frame. The Access-Challenge frame requests that the supplicant prove that it is who it claims to be, using a specified method (an EAP-Method). The challenge is translated and forwarded to the supplicant by the authenticator. 5.
Figure 5. EAP Over RADIUS RADIUS Attributes for 802.1 Support Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages: Attribute 5 NAS-Port: the physical port number by which the authenticator is connected to the supplicant. Attribute 31 Calling-station-id: relays the supplicant MAC address to the authentication server. Attribute 41 NAS-Port-Type: NAS-port physical port type. 5 indicates Ethernet.
Enabling 802.1X Enable 802.1X globally and at a interface level. Figure 6. 802.1X Enabled 1. Enable 802.1X globally. CONFIGURATION mode dot1x authentication 2. Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] 3. Enable 802.1X on an interface or a range of interfaces. INTERFACE mode dot1x authentication Verify that 802.1X is enabled globally and at the interface level using the show running-config | find dot1x command from EXEC Privilege mode.
ip address 2.2.2.2/24 dot1x authentication no shutdown ! interface GigabitEthernet 2/2 ip address 1.0.0.1/24 dot1x authentication no shutdown --More-View 802.1X configuration information for an interface using the show dot1x interface command. The bold lines show that 802.1X is enabled on all ports unauthorized by default. Dell#show dot1x interface TenGigabitEthernet 2/1 802.
The example in Configuring a Quiet Period after a Failed Authentication shows configuration information for a port for which the authenticator re-transmits an EAP Request Identity frame after 90 seconds and re-transmits a maximum of 10 times. Configuring a Quiet Period after a Failed Authentication If the supplicant fails the authentication process, the authenticator sends another Request Identity frame after 30 seconds by default, but you can configure this period.
● Place a port in the Force Authorized, Force Unauthorized, or Auto state. INTERFACE mode dot1x port-control {force-authorized | force-unauthorized | auto} The default state is auto. The example shows configuration information for a port that has been force-authorized. The bold line shows the new port-control state. Dell(conf-if-gi-2/1)#dot1x port-control force-authorized Dell(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1 802.
Port Auth Status:UNAUTHORIZED Re-Authentication: Enable Untagged VLAN id: None Tx Period: 90 seconds Quiet Period: 120 seconds ReAuth Max: 10 Supplicant Timeout: 30 seconds Server Timeout: 30 seconds Re-Auth Interval:7200 seconds Max-EAP-Req: 10 Auth Type: SINGLE_HOST Auth PAE State: Initialize Backend State: Initialize Auth PAE State: Initialize Configuring Timeouts If the supplicant or the authentication server is unresponsive, the authenticator terminates the authentication process after 30 seconds by d
Configuring Dynamic VLAN Assignment with Port Authentication The system supports dynamic VLAN assignment when using 802.1X. The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the standard dot1x procedure: 1. The host sends a dot1x packet to the Dell Networking system 2. The system forwards a RADIUS REQEST packet containing the host MAC address and ingress port number 3.
Guest and Authentication-Fail VLANs Typically, the authenticator (the Dell Networking system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is configured or the VLAN that the authentication server indicates in the authentication data. NOTE: Ports cannot be dynamically assigned to the default VLAN.
dot1x auth-fail-vlan 100 max-attempts 5 no shutdown Dell(conf-if-gi-1/2)# View your configuration using the show config command from INTERFACE mode, as shown in the example in Configuring a Guest VLAN or using the show dot1x interface command from EXEC Privilege mode. Example of Viewing Configured Authentication Dell(conf-if-gi-2/1)#dot1x port-control force-authorized Dell(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1 802.
7 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) This chapter describes the access control list (ACL) VLAN group and content addressable memory (CAM) enhancements.
● A VLAN member is added or removed from a group, and previously associated VLANs exist in the group. ● The egress ACL is applied or removed from the group and the group contains VLAN members. VLAN members are added or deleted from a VLAN, which itself is a group member. ● A line card returns to the active state after going down, and this line card contains a VLAN that is a member of an ACL group. ● The ACL VLAN group is deleted and it contains VLAN members.
Configuring ACL VLAN Groups and Configuring FP Blocks for VLAN Parameters This section describes how to optimize the utilization of CAM blocks by configuring ACL VLAN groups that you can attach to VLAN interfaces and also how to configure FP blocks for different VLAN operations. Configuring ACL VLAN Groups You can create an ACL VLAN group and attach the ACL with the VLAN members. The optimization is applicable only when you create an ACL VLAN group.
Configuring FP Blocks for VLAN Parameters Use the cam-acl-vlan command to allocate the number of FP blocks for the various VLAN processes on the system. You can use the no version of this command to reset the number of FP blocks to default. By default, 0 groups are allocated for the ACL in VCAP. ACL VLAN groups or CAM optimization is not enabled by default, and you need to allocate the slices for CAM optimization. 1. Allocate the number of FP blocks for VLAN Open Flow operations.
--More-- | | | | | | | | IN-L2 FIB IN-L3 ACL IN-L3 FIB IN-L3-SysFlow | | | | 32768 12288 262141 2878 | | | | 1136 2 14 44 | | | | 31632 12286 262127 2834 The following sample output displays the CAM space utilization when Layer 2 and Layer 3 ACLs are configured: Dell#show cam-usage acl Linecard|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM ========|========|=================|=============|=============|============ 11 | 0 | IN-L2 ACL | 1008 | 0 | 1008 | | IN-L3 ACL | 12288 | 2 | 12
● To allocate the number of FP blocks for ACL VLAN optimization feature, use the cam-acl-vlan vlanaclopt <0-2> command. To reset the number of FP blocks to the default, use the no version of these commands. By default, zero groups are allocated for the ACL in VCAP. ACL VLAN groups or CAM optimization is not enabled by default, and you need to allocate the slices for CAM optimization.
8 Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. At their simplest, ACLs, prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC ACLS, refer to Layer 2.
• • • • • • • • • Configuring Set Conditions Configure a Route Map for Route Redistribution Configure a Route Map for Route Tagging Continue Clause Logging of ACL Processes Guidelines for Configuring ACL Logging Configuring ACL Logging Flow-Based Monitoring Support for ACLs Enabling Flow-Based Monitoring IP Access Control Lists (ACLs) In Dell Networking switch/routers, you can create two different types of IP ACLs: standard or extended.
ACLs and VLANs There are some differences when assigning ACLs to a VLAN rather than a physical port. For example, when using a single port-pipe, if you apply an ACL to a VLAN, one copy of the ACL entries is installed in the ACL CAM on the port-pipe. The entry looks for the incoming VLAN in the packet. Whereas if you apply an ACL on individual ports of a VLAN, separate copies of the ACL entries are installed for each port belonging to a port-pipe.
IP Fragment Handling The Dell Networking OS supports a configurable option to explicitly deny IP fragmented packets, especially second and subsequent packets. It extends the existing ACL command syntax with the fragments keyword for all Layer 3 rules applicable to all Layer protocols (permit/deny ip/tcp/udp/icmp). ● Both standard and extended ACLs support IP fragments. ● Second and subsequent fragments are allowed because a Layer 4 rule cannot be applied to these fragments.
Example of Layer 4 ACL Rules Dell(conf)#ip access-list extended ABC Dell(conf-ext-nacl)#permit tcp host 10.1.1.1 any eq 24 Dell(conf-ext-nacl)#deny ip any any fragment Dell(conf-ext-nacl) In the following example, TCP packets that are first fragments or non-fragmented from host 10.1.1.1 with TCP destination port equal to 24 are permitted. Additionally, all TCP non-first fragments from host 10.1.1.1 are permitted. All other IP packets that are non-first fragments are denied.
ip access-list standard dilling seq 15 permit tcp 10.3.0.0/16 any Dell(conf-std-nacl)# To delete a filter, use the no seq sequence-number command in IP ACCESS LIST mode. Configuring a Standard IP ACL Filter If you are creating a standard ACL with only one or two filters, you can let the system ssign a sequence number based on the order in which the filters are configured. The software assigns filters in multiples of five. 1. Configure a standard IP ACL and assign it a unique name.
CONFIGURATION mode ip access-list extended access-list-name 2. Configure a drop or forward filter. CONFIG-EXT-NACL mode seq sequence-number {deny | permit} {ip-protocol-number | icmp | ip | tcp | udp} {source mask | any | host ip-address} {destination mask | any | host ip-address} [operator port [port]] [count [byte]] [order] [fragments] When you create the filters with a specific sequence number, you can create the filters in any order and the filters are placed in the correct order.
Established Flag To obtain the functionality of est, use the following ACLs: ● permit tcp any any rst ● permit tcp any any ack Configure Layer 2 and Layer 3 ACLs Both Layer 2 and Layer 3 ACLs may be configured on an interface in Layer 2 mode. If both L2 and L3 ACLs are applied to an interface, the following rules apply: ● When the system routes the packets, only the L3 ACL governs them because they are not filtered against an L2 ACL.
interface interface slot/port 2. Configure an IP address for the interface, placing it in Layer-3 mode. INTERFACE mode ip address ip-address 3. Apply an IP ACL to traffic entering or exiting an interface. INTERFACE mode ip access-group access-list-name {in | out} [implicit-permit] [vlan vlan-range] [layer3] NOTE: The number of entries allowed per ACL is hardware-dependent. For detailed specification about entries allowed per ACL, refer to your line card documentation. 4. Apply rules to the new ACL.
ip access-group abcd in no shutdown Dell(conf-if-tengig0/0)#end Dell#configure terminal Dell(conf)#ip access-list extended abcd Dell(conf-ext-nacl)#permit tcp any any Dell(conf-ext-nacl)#deny icmp any any Dell(conf-ext-nacl)#permit 1.1.1.2 Dell(conf-ext-nacl)#end Dell#show ip accounting access-list ! Extended Ingress IP access list abcd on tengigethernet 0/0 seq 5 permit tcp any any seq 10 deny icmp any any seq 15 permit 1.1.1.
CONFIGURATION mode ip control-plane [egress filter] 2. Create a Layer 3 ACL using permit rules with the count option to describe the desired CPU traffic. CONFIG-NACL mode permit ip {source mask | any | host ip-address} {destination mask | any | host ipaddress} count Dell Networking OS Behavior: Virtual router redundancy protocol (VRRP) hellos and internet group management protocol (IGMP) packets are not affected when you enable egress ACL filtering for CPU traffic.
Creating a Prefix List To create a prefix list, use the following commands. 1. Create a prefix list and assign it a unique name. You are in PREFIX LIST mode. CONFIGURATION mode ip prefix-list prefix-name 2. Create a prefix list with a sequence number and a deny or permit action. CONFIG-NPREFIXL mode seq sequence-number {deny | permit} ip-prefix [ge min-prefix-length] [le max-prefixlength] The optional parameters are: ● ge min-prefix-length: the minimum prefix length to match (from 0 to 32).
sequence number). The show config command in PREFIX LIST mode displays the two filters with the sequence numbers 5 and 10. Dell(conf-nprefixl)#permit 123.23.0.0 /16 Dell(conf-nprefixl)#deny 133.24.56.0 /8 Dell(conf-nprefixl)#show conf ! ip prefix-list awe seq 5 permit 123.23.0.0/16 seq 10 deny 133.0.0.
If you enter the name of a nonexistent prefix list, all routes are forwarded. CONFIG-ROUTER-RIP mode distribute-list prefix-list-name in [interface] ● Apply a configured prefix list to outgoing routes. You can specify an interface or type of route. If you enter the name of a non-existent prefix list, all routes are forwarded.
To remove a remark, use the no remark command with the remark string and with or without the sequence number. If there is a matching string, the system deletes the remark. Configuring a Remark To write a remark for an ACL, follow these steps: 1. Create either an extended IPv4 or IPv6 ACL. CONFIGURATION mode ip access-list {extended | standard} access-list-name ipv6 access-list {extended | standard} access-list-name 2. Define the ACL rule.
ACL Resequencing ACL resequencing allows you to re-number the rules and remarks in an access or prefix list. The placement of rules within the list is critical because packets are matched against rules in sequential order. To order new rules using the current numbering scheme, use resequencing whenever there is no opportunity. For example, the following table contains some rules that are numbered in increments of 1.
Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ! ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1 seq 4 permit ip any host 1.1.1.1 remark 6 this remark has no corresponding rule remark 8 this remark corresponds to permit ip any host 1.1.1.2 seq 8 permit ip any host 1.1.1.2 seq 10 permit ip any host 1.1.1.3 seq 12 permit ip any host 1.1.1.4 Remarks that do not have a corresponding rule are incremented as a rule.
○ Two or more match clauses within the same route-map sequence have the same match commands (though the values are different), matching a packet against these clauses is a logical OR operation. ○ Two or more match clauses within the same route-map sequence have different match commands, matching a packet against these clauses is a logical AND operation. ● If no match is found in a route-map sequence, the process moves to the next route-map sequence until a match is found, or there are no more sequences.
To delete all instances of that route map, use the no route-map map-name command. To delete just one instance, add the sequence number to the command syntax. Dell(conf)#no route-map zakho 10 Dell(conf)#end Dell#show route-map route-map zakho, permit, sequence 20 Match clauses: interface TenGigabitEthernet 0/1 Set clauses: tag 35 level stub-area Dell# The following example shows a route map with multiple instances. The show config command displays only the configuration of the current route map instance.
Example of the match Command to Permit and Deny Routes Dell(conf)#route-map force permit 10 Dell(config-route-map)#match tag 1000 Dell(conf)#route-map force deny 20 Dell(config-route-map)#match tag 1000 Dell(conf)#route-map force deny 30 Dell(config-route-map)#match tag 1000 Configuring Match Routes To configure match criterion for a route map, use the following commands. ● Match routes whose next hop is a specific interface.
CONFIG-ROUTE-MAP mode set level {backbone | level-1 | level-1-2 | level-2 | stub-area} ● Specify a value for redistributed routes. CONFIG-ROUTE-MAP mode set metric {+ | - | metric-value} ● Specify an OSPF or ISIS type for redistributed routes. CONFIG-ROUTE-MAP mode set metric-type {external | internal | type-1 | type-2} ● Assign an IP address as the route’s next hop. CONFIG-ROUTE-MAP mode set next-hop ip-address ● Specify a tag for the redistributed routes.
In the following example, the redistribute ospf command with a route map is used in ROUTER RIP mode to apply a tag of 34 to all internal OSPF routes that are redistributed into RIP. Example of the redistribute Command Using a Route Tag ! router rip redistribute ospf 34 metric 1 route-map torip ! route-map torip permit 10 match route-type internal set tag 34 ! Continue Clause Normally, when a match is found, set clauses are executed, and the packet is then forwarded; no more route-map modules are processed.
● For non-IP packets, the ACL name, sequence number, ACL action (permit or deny), source and destination MAC addresses, EtherType, and ingress interface are the logged attributes. ● For IP Packets, the ACL name, sequence number, ACL action (permit or deny), source and destination MAC addresses, source and destination IP addresses, and the transport layer protocol used are the logged attributes.
logs is terminated. You can enter a threshold in the range of 1-100. By default, 10 ACL logs are generated if you do not specify the threshold explicitly. CONFIG-STD-NACL mode seq sequence-number {deny | permit} {source [mask] | any | host ip-address} [log [threshold-in-msgs count] ] 2. Specify the interval in minutes at which ACL logs must be generated. You can enter an interval in the range of 1-10 minutes. The default frequency at which ACL logs are generated is 5 minutes.
The port mirroring application maintains a database that contains all monitoring sessions (including port monitor sessions). It has information regarding the sessions that are enabled for flow-based monitoring and those sessions that are not enabled for flow-based monitoring. It downloads monitoring configuration to the ACL agent whenever the ACL agent is registered with the port mirroring application or when flow-based monitoring is enabled.
3. Apply the ACL to the monitored port. INTERFACE mode ip access-group access-list To view an access-list that you applied to an interface, use the show ip accounting access-list command from EXEC Privilege mode. Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#flow-based enable Dell(conf)#ip access-list ext testflow Dell(config-ext-nacl)#seq 5 permit icmp any any count bytes monitor Dell(config-ext-nacl)#seq 10 permit ip 102.1.1.
9 Bidirectional Forwarding Detection (BFD) Bidirectional forwarding detection (BFD) is a protocol that is used to rapidly detect communication failures between two adjacent systems. It is a simple and lightweight replacement for existing routing protocol link state detection mechanisms. It also provides a failure detection solution for links on which no routing protocol is used. BFD is a simple hello mechanism. Two neighboring systems running BFD establish a session using a three-way handshake.
BFD Packet Format Control packets are encapsulated in user datagram protocol (UDP) packets. The following illustration shows the complete encapsulation of a BFD control packet inside an IPv4 packet. Figure 8. BFD in IPv4 Packet Format Field Description Diagnostic Code The reason that the last session failed. State The current local session state. Refer to BFD Sessions. Flag A bit that indicates packet function.
Field Description Your Discriminator A random number generated by the remote system to identify the session. Discriminator values are necessary to identify the session to which a control packet belongs because there can be many sessions running on a single interface. Desired Min TX Interval The minimum rate at which the local system would like to send control packets to the remote system.
The session is declared down if: ● A control packet is not received within the detection time. ● Sufficient echo packets are lost. ● Demand mode is active and a control packet is not received in response to a poll packet. BFD Three-Way Handshake A three-way handshake must take place between the systems that participate in the BFD session.
Session State Changes The following illustration shows how the session state on a system changes based on the status notification it receives from the remote system. For example, if a session on a system is down and it receives a Down status notification from the remote system, the session state on the local system changes to Init. Figure 10. Session State Changes Important Points to Remember ● BFD for line card ports is hitless, but is not hitless for VLANs because they are instantiated on the RPM.
● Configure BFD for VRRP ● Configure BFD for VLANs ● Configuring Protocol Liveness Configure BFD for Physical Ports BFD on physical ports is useful when you do not enable the routing protocol. Without BFD, if the remote system fails, the local system does not remove the connected route until the first failed attempt to send a packet. When you enable BFD, the local system removes the route as soon as it stops receiving periodic control packets from the remote system.
The bold line shows the parameter changes. R1(conf-if-gi-4/24)#bfd interval 200 min_rx 200 multiplier 4 role passive R1(conf-if-gi-4/24)#do show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 1 Local Addr: 2.2.2.1 Local MAC Addr: 00:01:e8:09:c3:e5 Remote Addr: 2.2.2.
Configuring BFD for static routes is a three-step process: 1. Enable BFD globally. Refer to Enabling BFD Globally. 2. On the local system, establish a session with the next hop of a static route. Refer to Establishing Sessions for Static Routes. Related Configuration Tasks ● Changing Static Route Session Parameters ● Disabling BFD for Static Routes Establishing Sessions for Static Routes Sessions are established for all neighbors that are the next hop of a static route. Figure 11.
Establishing Static Route Sessions on Specific Neighbors You can selectively enable BFD sessions on specific neighbors based on a destination prefix-list. When you establish a BFD session using the ip route bfd command, all the next-hop neighbors in the static route become part of the BFD session. Starting with Dell Networking OS release 9.11.0.0, you can enable BFD sessions on specific next-hop neighbors. You can specify the next-hop neighbors to be part of a BFD session by including them in a prefix-list.
Disabling BFD for Static Routes If you disable BFD, all static route BFD sessions are torn down. A final Admin Down packet is sent to all neighbors on the remote systems, and those neighbors change to the Down state. To disable BFD for static routes, use the following command. ● Disable BFD for static routes. CONFIGURATION mode no ip route bfd Configure BFD for OSPF When using BFD with OSPF, the OSPF protocol registers with the BFD manager on the RPM.
Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 12. Establishing Sessions with OSPF Neighbors To establish BFD with all OSPF neighbors or with OSPF neighbors on a single interface, use the following commands. ● Establish sessions with all OSPF neighbors.
C I O R - CLI ISIS OSPF Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.2.2 2.2.2.1 Gi 2/1 Up 200 200 3 O * 2.2.3.1 2.2.3.2 Gi 2/2 Up 200 200 3 O Establishing Sessions with OSPF Neighbors for nondefault VRFs To configure BFD in a nondefault VRF, follow this procedure: ● Enable BFD globally. CONFIGURATION mode bfd enable ● Establish sessions with all OSPF neighbors in a specific VRF.
To view session parameters, use the show bfd neighbors detail command, as shown in the example in Displaying BFD for BGP Information. Disabling BFD for OSPF If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a Down state. If you disable BFD on an interface, sessions on the interface are torn down and sessions on the remote system are placed in a Down state.
CONFIGURATION mode bfd enable ● Establish sessions with all OSPFv3 neighbors in a specific VRF. ROUTER-OSPFv3 mode bfd all-neighbors ● Establish sessions with the OSPFv3 neighbors on a single interface in a specific VRF. INTERFACE mode ipv6 ospf bfd all-neighbors ● To disable BFD on a specific OSPFv3 enabled interface, use the ipv6 ospf bfd all-neighbors disable command. You can also use the no bfd enable command to disable BFD on a specific interface.
511 O3 DellEMC# Changing OSPFv3 Session Parameters Configure BFD sessions with default intervals and a default role. The parameters that you can configure are: desired tx interval, required min rx interval, detection multiplier, and system role. Configure these parameters for all OSPFv3 sessions or all OSPFv3 sessions on a particular interface. If you change a parameter globally, the change affects all OSPFv3 neighbors sessions.
Establishing Sessions with BGP Neighbors Before configuring BFD for BGP, you must first configure BGP on the routers that you want to interconnect. For example, the following illustration shows a sample BFD configuration on Router 1 and Router 2 that use eBGP in a transit network to interconnect AS1 and AS2. The eBGP routers exchange information with each other as well as with iBGP routers to maintain connectivity and accessibility within each autonomous system. Figure 13.
CONFIGURATION mode router bgp as-number 3. Add a BGP neighbor or peer group in a remote AS. CONFIG-ROUTERBGP mode neighbor {ip-address | peer-group name} remote-as as-number 4. Enable the BGP neighbor. CONFIG-ROUTERBGP mode neighbor {ip-address | peer-group-name} no shutdown 5. Configure parameters for a BFD session established with all neighbors discovered by BGP. OR Establish a BFD session with a specified BGP neighbor or peer group using the default BFD session parameters.
CONFIG-ROUTERBGPv6_ADDRESSFAMILY mode neighbor ipv6-address activate 9. Configure parameters for a BFD session established with all neighbors discovered by BGP. Or establish a BFD session with a specified BGP neighbor or peer group using the default BFD session parameters. CONFIG-ROUTERBGP mode bfd all-neighbors DellEMC(conf)#router bgp 1 DellEMC(conf-router_bgp)#neighbor 10.1.1.2 remote-as 2 DellEMC(conf-router_bgp)#neighbor 10.1.1.
address-family ipv6 unicast vrf vrf-name NOTE: Before performing this step, create the required VRF. 9. Activate the neighbor in IPv6 address family. CONFIG-ROUTERBGPv6_ADDRESSFAMILY mode neighbor ipv6-address activate 10. Configure parameters for a BFD session established with all neighbors discovered by BGP. Or establish a BFD session with a specified BGP neighbor or peer group using the default BFD session parameters.
Use BFD in a BGP Peer Group You can establish a BFD session for the members of a peer group (the neighbor peer-group-name bfd command in ROUTER BGP configuration mode). Members of the peer group may have BFD: ● Explicitly enabled (the neighbor ip-address bfd command) ● Explicitly disabled (the neighbor ip-address bfd disable command) ● Inherited (neither explicitly enabled or disabled) according to the current BFD configuration of the peer group.
I O R M V - ISIS OSPF Static Route (RTM) MPLS VRRP LocalAddr * 1.1.1.3 * 2.2.2.3 * 3.3.3.3 RemoteAddr 1.1.1.2 2.2.2.2 3.3.3.2 Interface Te 6/0 Te 6/1 Te 6/2 State Up Up Up Rx-int 200 200 200 Tx-int 200 200 200 Mult 3 3 3 Clients B B B The bold lines show the BFD session parameters: TX (packet transmission), RX (packet reception), and multiplier (maximum number of missed packets). R2# show bfd neighbors detail Session Discriminator: 9 Neighbor Discriminator: 10 Local Addr: 1.1.1.
Messages: Registration De-registration Init Up Down Admin Down : : : : : : 5 4 0 6 0 2 Interface TenGigabitEthernet 6/1 Protocol BGP Messages: Registration De-registration Init Up Down Admin Down : : : : : : 5 4 0 6 0 2 Interface TenGigabitEthernet 6/2 Protocol BGP Messages: Registration De-registration Init Up Down Admin Down : : : : : : 1 0 0 1 0 2 The bold line shows the message displayed when you enable BFD for BGP connections. R2# show ip bgp summary BGP router identifier 10.0.0.
CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Neighbor is using BGP global mode BFD configuration For address family: IPv4 Unicast BGP table version 0, neighbor version 0 Prefixes accepted 0 (consume 0 bytes), withdrawn 0 by peer, martian prefixes ignored 0 Prefixes advertised 0, denied 0, withdrawn 0 from peer Connections established 1; dropped 0 Last reset never Local host: 2.2.2.
Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once, or a session can be established with a particular neighbor. Figure 14. Establishing Sessions with All VRRP Neighbors To establish sessions with all VRRP neighbors, use the following command. ● Establish sessions with all VRRP neighbors.
LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.5.1 2.2.5.2 Gi 4/25 Down 200 200 3 V To view session state information, use the show vrrp command. The bold line shows the VRRP BFD session. R1(conf-if-gi-4/25)#do show vrrp -----------------GigabitEthernet 4/1, VRID: 1, Net: 2.2.5.1 State: Backup, Priority: 1, Master: 2.2.5.
Configure BFD for VLANs BFD on Dell Networking systems is a Layer 3 protocol. Use BFD with routed virtual local area networks (VLANs). BFD on VLANs is analogous to BFD on physical ports. If you enable the no routing protocol, and a remote system fails, the local system does not remove the connected route until the first failed attempt to send a packet. If you enable BFD, the local system removes the route when it stops receiving periodic control packets from the remote system.
LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.3.2 2.2.3.1 Vl 200 Up 200 200 3 C Changing VLAN Session Parameters BFD sessions are configured with default intervals and a default role. The parameters that you can configure are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role. You can change parameters per interface, if you make a configuration change, the change affects all sessions on that interface.
Establish Sessions on Port-Channels To establish a session, you must enable BFD at interface level on both ends of the link, as shown in the following example. The session parameters do not need to match. Figure 16. Establishing Sessions on Port-Channels To establish a session on a port-channel, use the bfd neighbor ip-address command in INTERFACE PORT-CHANNEL mode. View the established sessions using the show bfd neighbors command, as shown in Changing Port-Channel Session Parameters.
View session parameters using the show bfd neighbors detail command. Disabling BFD for Port-Channels If you disable BFD on an interface, sessions on the interface are torn down. A final Admin Down control packet is sent to all neighbors, and sessions on the remote system are placed in a Down state. To disable BFD for a port-channel, use the following command. ● Disable BFD for a port-channel.
10 Border Gateway Protocol IPv4 (BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking operating system. BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS). The primary function of the BGP is to exchange network reachability information with other BGP systems.
Figure 17. Interior BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol — a computer network in which BGP maintains the path that updated information takes as it diffuses through the network. Updates traveling through the network and returning to the same node are easily detected and discarded.
Figure 18. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor. Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies.
State Description Idle BGP initializes all resources, refuses all inbound BGP connection attempts, and initiates a TCP connection to the peer. Connect In this state the router waits for the TCP connection to complete, transitioning to the OpenSent state if successful. If that transition is not successful, BGP resets the ConnectRetry timer and transitions to the Active state when the timer expires. Active The router resets the ConnectRetry timer to zero and returns to the Connect state.
1. Router B receives an advertisement from Router A through eBGP. Because the route is learned through eBGP, Router B advertises it to all its iBGP peers: Routers C and D. 2. Router C receives the advertisement but does not advertise it to any peer because its only other peer is Router D, an iBGP peer, and Router D has already learned it through iBGP from Router B. 3.
Figure 20. BGP Best Path Selection Best Path Selection Details 1. Prefer the path with the largest WEIGHT attribute. 2. Prefer the path with the largest LOCAL_PREF attribute. 3. Prefer the path that was locally Originated via a network command, redistribute command or aggregateaddress command. a. Routes originated with the Originated via a network or redistribute commands are preferred over routes originated with the aggregate-address command. 4.
After a number of best paths are determined, this selection criteria is applied to group’s best to determine the ultimate best path. In non-deterministic mode (the bgp non-deterministic-med command is applied), paths are compared in the order in which they arrive. This method can lead to the system choosing different best paths from a set of paths, depending on the order in which they were received from the neighbors because MED may or may not get compared between the adjacent paths.
Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path. MED is one of the criteria used to determine the best path, so keep in mind that other criteria may impact selection, as shown in the illustration in Best Path Selection Criteria. One AS assigns the MED a value and the other AS uses that value to decide the preferred path. For this example, assume the MED is the only attribute applied.
Status codes: s suppressed, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed, n network Origin codes: i - IGP, e - EGP, ? - incomplete Network *> 7.0.0.0/29 *> 7.0.0.0/30 *> 9.2.0.0/16 Next Hop 10.114.8.33 10.114.8.33 10.114.8.33 Metric 0 0 10 LocPrf 0 0 0 Weight 18508 18508 18508 Path ? ? 701 i AS Path The AS path is the list of all ASs that all the prefixes listed in the update have passed through.
Implement BGP with the Dell Networking OS The following sections describe how to implement BGP on the Dell Networking OS. Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths with new ones. By default, a BGP speaker advertises only the best path to its peers for a given address prefix.
Ignore Router-ID for Some Best-Path Calculations The Dell Networking OS version 8.3.1.0 and later allows you to avoid unnecessary BGP best-path transitions between external paths under certain conditions. The bgp bestpath router-id ignore command reduces network disruption caused by routing and forwarding plane changes and allows for faster convergence. Four-Byte AS Numbers The Dell Networking OS version 7.7.1 and later supports 4-Byte (32-bit) format when configuring autonomous system numbers (ASNs).
Dynamic AS Number Notation Application The Dell Networking OS version 8.3.1.0 applies the ASN notation type change dynamically to the running-config statements. When you apply or change an asnotation, the type selected is reflected immediately in the running-configuration and the show commands (refer to the following two examples).
Dell(conf-router_bgp)#sho conf ! router bgp 100 AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated throughout the network while the migration is in progress. When migrating one AS to another, perhaps combining ASs, an eBGP network may lose its routing to an iBGP if the ASN changes.
BGP4 Management Information Base (MIB) The FORCE10-BGP4-V2-MIB enhances Dell Networking OS BGP management information base (MIB) support with many new simple network management protocol (SNMP) objects and notifications (traps) defined in draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell website. NOTE: For the Force10-BGP4-V2-MIB and other MIB documentation, refer to the Dell iSupport web page.
Traps (notifications) specified in the BGP4 MIB draft are not supported. Such traps (bgpM2Established and bgpM2BackwardTransition) are supported as part of RFC 1657.
Enabling BGP By default, BGP is not enabled on the system. The Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor or peer. In BGP, routers with an established TCP connection are called neighbors or peers. After a connection is established, the neighbors exchange full BGP routing tables with incremental updates afterward.
To view the BGP configuration, enter show config in CONFIGURATION ROUTER BGP mode. To view the BGP status, use the show ip bgp summary command in EXEC Privilege mode. The first example shows the summary with a 2-byte AS number displayed (in bold); the second example shows that the summary with a 4-byte AS number using the show ip bgp summary command (displays a 4–byte AS number in bold). R2#show ip bgp summary BGP router identifier 192.168.10.
Connections established 1; dropped 0 Last reset never Local host: 10.114.8.39, Local port: 1037 Foreign host: 10.114.8.60, Foreign port: 179 BGP neighbor is 10.1.1.1, remote AS 65535, internal link Administratively shut down BGP version 4, remote router ID 10.0.0.
● Enable ASPLAIN AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asplain NOTE: ASPLAIN is the default method the system uses and does not appear in the configuration display. ● Enable ASDOT AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot ● Enable ASDOT+ AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot+ Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.
2. Enable the peer group. CONFIG-ROUTERBGP mode neighbor peer-group-name no shutdown By default, all peer groups are disabled. 3. Create a BGP neighbor. CONFIG-ROUTERBGP mode neighbor ip-address remote-as as-number 4. Enable the neighbor. CONFIG-ROUTERBGP mode neighbor ip-address no shutdown 5. Add an enabled neighbor to the peer group. CONFIG-ROUTERBGP mode neighbor ip-address peer-group peer-group-name 6. Add a neighbor as a remote AS.
To enable a peer group, use the neighbor peer-group-name no shutdown command in CONFIGURATION ROUTER BGP mode (shown in bold). Dell(conf-router_bgp)#neighbor zanzibar no shutdown Dell(conf-router_bgp)#show config ! router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes neighbor zanzibar peer-group neighbor zanzibar no shutdown neighbor 10.1.1.1 remote-as 65535 neighbor 10.1.1.1 shutdown To disable a peer group, use the neighbor peer-group-name shutdown command in CONFIGURATION ROUTER BGP mode.
● Enable BGP Fast Fail-Over. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} fail-over To verify fast fail-over is enabled on a particular BGP neighbor, use the show ip bgp neighbors command. Because fast fail-over is disabled by default, it appears only if it has been enabled (shown in bold). Dell#sh ip bgp neighbors BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.30.
Configuring Passive Peering When you enable a peer-group, the software sends an OPEN message to initiate a TCP connection. If you enable passive peering for the peer group, the software does not send an OPEN message, but it responds to an OPEN message. When a BGP neighbor connection with authentication configured is rejected by a passive peer-group, the system does not allow another passive peer-group on the same subnet to connect with the BGP neighbor.
network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 local-as 6500 neighbor 100.10.92.9 no shutdown neighbor 192.168.10.1 remote-as 65123 neighbor 192.168.10.
● Continues saving routes received from the peer if the peer advertised it had graceful restart capability. Continues forwarding traffic to the peer. ● Flags routes from the peer as Stale and sets a timer to delete them if the peer does not perform a graceful restart. ● Deletes all routes from the peer if forwarding state information is not saved. ● Speeds convergence by advertising a special update packet known as an end-of-RIB marker.
4. Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5. Use a configured AS-PATH ACL for route filtering and manipulation. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} filter-list as-path-name {in | out} If you assign an non-existent or empty AS-PATH ACL, the software allows all routes. To view all BGP path attributes in the BGP database, use the show ip bgp paths command in EXEC Privilege mode.
Regular Expression Definition _ (underscore) Matches a ^, a $, a comma, a space, or a {, or a }. Placed on either side of a string to specify a literal and disallow substring matching. You can precede or follow numerals enclosed by underscores by any of the characters listed. | (pipe) Matches characters on either side of the metacharacter; logical OR. As seen in the following example, the expressions are displayed when using the show commands.
○ metric value: The value is from 0 to 16777215. The default is 0. ○ map-name: name of a configured route map. ● Include specific OSPF routes in IS-IS. ROUTER BGP or CONF-ROUTER_BGPv6_ AF mode redistribute ospf process-id [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name] Configure the following parameters: ○ process-id: the range is from 1 to 65535. ○ match external: the range is from 1 or 2. ○ match internal ○ metric-type: external or internal.
To configure an IP community list, use these commands. 1. Create a community list and enter COMMUNITY-LIST mode. CONFIGURATION mode ip community-list community-list-name 2. Configure a community list by denying or permitting specific community numbers or types of community.
deny deny deny deny deny deny deny deny deny deny deny 701:20 702:20 703:20 704:20 705:20 14551:20 701:112 702:112 703:112 704:112 705:112 Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. 1. Enter the ROUTE-MAP mode and assign a name to a route map. CONFIGURATION mode route-map map-name [permit | deny] [sequence-number] 2.
route-map map-name [permit | deny] [sequence-number] 2. Configure a set filter to delete all COMMUNITY numbers in the IP community list. CONFIG-ROUTE-MAP mode set comm-list community-list-name delete OR set community {community-number | local-as | no-advertise | no-export | none} Configure a community list by denying or permitting specific community numbers or types of community.
● Change the bestpath MED selection. CONFIG-ROUTER-BGP mode bgp bestpath med {confed | missing-as-best} ○ confed: Chooses the bestpath MED comparison of paths learned from BGP confederations. ○ missing-as-best: Treat a path missing an MED as the most preferred one. To view the nondefault values, use the show config command in CONFIGURATION ROUTER BGP mode. Changing the LOCAL_PREFERENCE Attribute In the Dell Networking OS, you can change the value of the LOCAL_PREFERENCE attribute.
neighbor {ip-address | peer-group-name} next-hop-self ● Sets the next hop address. CONFIG-ROUTE-MAP mode set next-hop ip-address Changing the WEIGHT Attribute To change how the WEIGHT attribute is used, enter the first command. You can also use route maps to change this and other BGP attributes. For example, you can include the second command in a route map to specify the next hop address. ● Assign a weight to the neighbor connection.
NOTE: When you configure a new set of BGP policies, to ensure the changes are made, always reset the neighbor or peer group by using the clear ip bgp command in EXEC Privilege mode. To filter routes using prefix lists, use the following commands. 1. Create a prefix list and assign it a name. CONFIGURATION mode ip prefix-list prefix-name 2. Create multiple prefix list filters with a deny or permit action.
CONFIGURATION mode router bgp as-number 5. Filter routes based on the criteria in the configured route map. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} Configure the following parameters: ● ip-address or peer-group-name: enter the neighbor’s IP address or the peer group’s name. ● map-name: enter the name of a configured route map. ● in: apply the route map to inbound routes. ● out: apply the route map to outbound routes.
bgp cluster-id cluster-id You can have multiple clusters in an AS. ● Configure the local router as a route reflector and the neighbor or peer group identified is the route reflector client. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-reflector-client When you enable a route reflector, the system automatically enables route reflection to all clients.
All Confederation routers must be either 4 Byte or 2 Byte. You cannot have a mix of router ASN support. To view the configuration, use the show config command in CONFIGURATION ROUTER BGP mode. Enabling Route Flap Dampening When EBGP routes become unavailable, they “flap” and the router issues both WITHDRAWN and UPDATE notices.
EXEC Privilege clear ip bgp dampening [ip-address mask] ● View all flap statistics or for specific routes meeting the following criteria. EXEC or EXEC Privilege mode show ip bgp flap-statistics [ip-address [mask]] [filter-list as-path-name] [regexp regular-expression] ○ ip-address [mask]: enter the IP address and mask. ○ filter-list as-path-name: enter the name of an AS-PATH ACL. ○ regexp regular-expression: enter a regular express to match on.
Changing BGP Timers To configure BGP timers, use either or both of the following commands. Timer values configured with the neighbor timers command override the timer values configured with the timers bgp command.
Enabling BGP Neighbor Soft-Reconfiguration BGP soft-reconfiguration allows for faster and easier route changing. Changing routing policies typically requires a reset of BGP sessions (the TCP connection) for the policies to take effect. Such resets cause undue interruption to traffic due to hard reset of the BGP cache and the time it takes to re-establish the session. BGP soft reconfig allows for policies to be applied to a session without clearing the BGP Session.
2. In ROUTER BGP mode, enter the following command: ROUTER BGP Mode shutdown all You can use the no shutdown all command in the ROUTER BGP mode to re-enable all the BGP interface. You can also enable or disable BGP neighbors corresponding to the IPv4 unicast or multicast groups and the IPv6 unicast groups. To enable or disable BGP neighbors corresponding to the IPv4 unicast groups: 1. Enter the router bgp mode using the following command: CONFIGURATION Mode router bgp as-number 2.
NOTE: NOTE: This behavior applies to all BGP neighbors. Meaning, BGP neighbors that were explicitly disabled before global shutdown also remain in disabled state. Enable these neighbors individually using the no shutdown command. Route Map Continue The BGP route map continue feature, continue [sequence-number], (in ROUTE-MAP mode) allows movement from one route-map entry to a specific route-map entry (the sequence number).
Most Dell Networking OS BGP IPv4 unicast commands are extended to support the IPv4 multicast RIB using extra options to the command. For a detailed description of the MBGP commands, refer to the Dell Networking OS Command Line Interface Reference Guide. ● Enables support for the IPv4 multicast family on the BGP node. CONFIG-ROUTER-BGP mode address family ipv4 multicast ● Enable IPv4 multicast support on a BGP neighbor/peer group.
Following is the show running-config command output for the above configuration. DellEMC# show running-config bgp ! router bgp 655 bgp router-id 1.1.1.1 neighbor 10.1.1.2 remote-as 20 neighbor 10.1.1.2 auto-local-address neighbor 10.1.1.2 no shutdown ! address-family ipv6 unicast neighbor 10.1.1.2 activate exit-address-family ! Example configuration performed in R2 DellEMC# configure terminal DellEMC(conf)# router bgp 20 DellEMC(conf-router_bgp)# neighbor 10.1.1.
Debugging BGP To enable BGP debugging, use any of the following commands. ● View all information about BGP, including BGP events, keepalives, notifications, and updates. EXEC Privilege mode debug ip bgp [ip-address | peer-group peer-group-name] [in | out] ● View information about BGP route being dampened. EXEC Privilege mode debug ip bgp dampening [in | out] ● View information about local BGP state changes and other BGP events.
Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) For address family: IPv4 Unicast BGP table version 1395, neighbor version 1394 Prefixes accepted 1 (consume 4 bytes), 0 withdrawn by peer Prefixes advertised 0, rejected 0, 0
Figure 25. Sample Configurations Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int gig 1/21 R1(conf-if-gi-1/21)#ip address 10.0.1.21/24 R1(conf-if-gi-1/21)#no shutdown R1(conf-if-gi-1/21)#show config ! interface GigabitEthernet 1/21 ip address 10.0.1.
R1(conf-router_bgp)#neighbor 192.168.128.3 update-source loop 0 R1(conf-router_bgp)#show config ! router bgp 99 network 192.168.128.0/24 neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 update-source Loopback 0 neighbor 192.168.128.3 no shutdown R1(conf-router_bgp)#end R1# R1#show ip bgp summary BGP router identifier 192.168.128.
neighbor 192.168.128.1 neighbor 192.168.128.3 neighbor 192.168.128.3 neighbor 192.168.128.3 R2(conf-router_bgp)#end no shutdown remote-as 100 update-source Loopback 0 no shutdown R2#show ip bgp summary BGP router identifier 192.168.128.
R3(conf)#end R3#show ip bgp summary BGP router identifier 192.168.128.3, local AS number 100 BGP table version is 1, main routing table version 1 1 network entrie(s) using 132 bytes of memory 3 paths using 204 bytes of memory BGP-RIB over all using 207 bytes of memory 2 BGP path attribute entrie(s) using 128 bytes of memory 2 BGP AS-PATH entrie(s) using 90 bytes of memory 2 neighbor(s) using 9216 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 192.168.128.
Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 1, neighbor version 1 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes adverti
neighbor AAA peer-group neighbor AAA no shutdown neighbor BBB peer-group neighbor BBB no shutdown neighbor 192.168.128.1 remote-as 99 neighbor 192.168.128.1 peer-group CCC neighbor 192.168.128.1 update-source Loopback 0 neighbor 192.168.128.1 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 peer-group BBB neighbor 192.168.128.3 update-source Loopback 0 neighbor 192.168.128.3 no shutdown R2(conf-router_bgp)#end R2# R2#show ip bgp summary BGP router identifier 192.168.128.
192.168.128.1 99 93 192.168.128.2 99 122 R3#show ip bgp neighbor 99 120 1 1 0 0 (0) (0) 00:00:15 00:00:11 BGP neighbor is 192.168.128.1, remote AS 99, external link Member of peer-group BBB for session parameters BGP version 4, remote router ID 192.168.128.
Received 138 messages, 0 in queue 7 opens, 2 notifications, 7 updates 122 keepalives, 0 route refresh requests Sent 140 messages, 0 in queue 7 opens, 4 notifications, 7 updates 122 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128
11 Configuration Cloning Configuration Cloning enables you to clone the configuration from one aggregator to one or more aggregators. You can identify the source aggregator where running configuration is check-pointed, extracted and downloaded to the target aggregator for further use. The target aggregator checks the compatibilities of the cloning file based on the version, mode and optional modules.
● Cloning detailed status displays a string that gives detailed description of cloning status. When multiple error or warning messages are present, the status is separated by the ; delimiter. ● Cloning status codes are useful when there are multiple warning or failure messages. Each warning or failure message is given a code number; this status can list the message codes that can be decoded when the cloning status string could not accommodate all the errors and warnings.
in reboot. A counter is maintained to inform the user about number of reboots required to make the target aggregator up and running with the cloning file. The counter is incremented for the first instance that would require reboot. The counter is incremented only when a conflicted or dependent instance is encountered. The counter is not incremented for the cases which are mutually exclusive. The current list identifies all command that requires reboot to take into effect. Table 9.
12 Content Addressable Memory (CAM) Content addressable memory (CAM) is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 and Layer 3 forwarding information, access-lists (ACLs), flows, and routing policies.
1. Select a cam-acl action. CONFIGURATION mode cam-acl [default | l2acl] NOTE: Selecting default resets the CAM entries to the default settings. Select l2acl to allocate space for the ACLs and QoS regions. 2. Enter the number of FP blocks for each region. EXEC Privilege mode l2acl number ipv4acl number ipv6acl number, ipv4qos number l2qos number, l2pt number ipmacacl number ecfmacl number nlbcluster number[vman-qos | vman-dual-qos number 3. Reload the system. EXEC Privilege mode reload 4.
L2Acl Ipv4Acl Ipv6Acl Ipv4Qos L2Qos L2PT IpMacAcl VmanQos VmanDualQos EcfmAcl FcoeAcl iscsiOptAcl Dell# : : : : : : : : : : : : 6 2 0 2 1 0 0 0 0 0 0 2 Configuring CAM Threshold and Silence Period This section describes how to configure CAM threshold and silence period between CAM threshold syslog warnings. The CAM threshold and silence period configuration is applicable only for Ingress L2, IPv4, IPv6 and Egress L2, IPv4, and IPv6 ACL CAM groups.
Table 11. Possible Scenarios of Syslog Warning Old CAM Threshold New CAM Threshold Current CAM Usage Syslog 90 80 85 90 95 91 98 100 100 No syslog 95 80 10 No syslog 92 90 89 No syslog DellEMC(conf)#Nov 5 19:55:12 %S6000:0 %ACL_AGENT-4ACL_AGENT_CAM_USAGE_OVER_THE_THRESHOLD: The Ipv4Acl cam region on stack-unit 0 Portpipe 0 Pipeline 0 is more than 80% Full.
13 Control Plane Policing (CoPP) Dell Networking OS supports control plane policing (CoPP). CoPP uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level.
Figure 27. CoPP Implemented Versus CoPP Not Implemented Topics: • Configure Control Plane Policing Configure Control Plane Policing The switch can process maximum of 4200 PPS (packets per second). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though Per Protocol CoPP is applied. This happens because Queue-Based Rate Limiting is applies first.
Configuring CoPP for Protocols This section lists the commands necessary to create and enable the service-policies for CoPP. For complete information about creating ACLs and QoS rules, refer to Access Control Lists (ACLs) and Quality of Service (QoS). The basics for creating a CoPP service policy are to create a Layer 2, Layer 3, and/or an IPv6 ACL rule for the desired protocol type. Then, create a QoS input policy to rate-limit the protocol traffics according to the ACL.
Dell(conf-ipv6-acl-cpuqos)#permit vrrp Dell(conf-ipv6-acl-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_200k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 200 40 peak 500 40 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_400k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 400 50 peak 600 50 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_500k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 500 50 peak 1000 50 Dell(conf-in-qos-policy-cpuqos
CONTROL-PLANE mode service-policy rate-limit-cpu-queues name Dell#conf Dell(conf)#qos-policy-input cpuq_1 Dell(conf-qos-policy-in)#rate-police 3000 40 peak 500 40 Dell(conf-qos-policy-in)#exit Dell(conf)#qos-policy-input cpuq_2 Dell(conf-qos-policy-in)#rate-police 5000 80 peak 600 50 Dell(conf-qos-policy-in)#exit Dell(conf)#policy-map-input cpuq_rate_policy cpu-qos Dell(conf-qos-policy-in)#service-queue 5 qos-policy cpuq_1 Dell(conf-qos-policy-in)#service-queue 6 qos-policy cpuq_2 Dell(conf-qos-policy-in)#s
Example of Viewing Queue Mapping for MAC Protocols Dell#show mac protocol-queue-mapping Protocol Destination Mac EtherType Queue EgPort Rate (kbps) -------- -------------------------- ----- ------ ----------ARP any 0x0806 Q5/Q6 CP _ FRRP 01:01:e8:00:00:10/11 any Q7 CP _ LACP 01:80:c2:00:00:02 0x8809 Q7 CP _ LLDP any 0x88cc Q7 CP _ GVRP 01:80:c2:00:00:21 any Q7 CP _ STP 01:80:c2:00:00:00 any Q7 CP _ ISIS 01:80:c2:00:00:14/15 any Q7 CP _ 09:00:2b:00:00:04/05 any Q7 CP Dell# To view the queue mapping for IPv6
14 Data Center Bridging (DCB) On an I/O Aggregator, data center bridging (DCB) features are auto-configured in standalone mode. You can display information on DCB operation by using show commands. NOTE: DCB features are not supported on an Aggregator in stacking mode.
● LAN traffic consists of a large number of flows that are generally insensitive to latency requirements, while certain applications, such as streaming video, are more sensitive to latency. Ethernet functions as a best-effort network that may drop packets in case of network congestion. IP networks rely on transport protocols (for example, TCP) for reliable data transmission with the associated cost of greater processing overhead and performance impact.
● PFC delay constraints place an upper limit on the transmit time of a queue after receiving a message to pause a specified priority. ● By default, PFC is enabled on an interface with no dot1p priorities configured. You can configure the PFC priorities if the switch negotiates with a remote peer using DCBX.
Table 12. ETS Traffic Groupings Traffic Groupings Description Priority group A group of 802.1p priorities used for bandwidth allocation and queue scheduling. All 802.1p priority traffic in a group must have the same traffic handling requirements for latency and frame loss. Group ID A 4-bit identifier assigned to each priority group. The range is from 0 to 7. Group bandwidth Percentage of available bandwidth allocated to a priority group.
2. Configure the PFC setting (on or off) and the ETS bandwidth percentage allocated to traffic in each priority group or whether priority group traffic should be handled with strict priority scheduling. DCB MAP mode priority-group group_num {bandwidth percentage | strict-priority} pfc {on | off} 3. Specify the priority group ID number to handle VLAN traffic for each dot1p class-of-service: 0 through 7. Leave a space between each priority group number.
Data Center Bridging in a Traffic Flow The following figure shows how DCB handles a traffic flow on an interface. Figure 30. DCB PFC and ETS Traffic Handling Data Center Bridging: Auto-DCB-Enable Mode On an Aggregator in standalone or VLT modes, the default mode of operation for data center bridging on Ethernet ports is auto-DCB-enable mode.
! flowcontrol rx on tx off dcb-map DCB_MAP_PFC_OFF protocol lldp advertise management-tlv management-address system-name dcbx port-role auto-downstream no shutdown Dell# When DCB is Enabled When an interface receives a DCBx protocol packet, it automatically enables DCB and disables link-level flow control. The dcb-map and flow control configurations are removed as shown in the following example.
Configuring Priority-Based Flow Control PFC provides a flow control mechanism based on the 802.1p priorities in converged Ethernet traffic received on an interface and is enabled by default when you enable DCB. As an enhancement to the existing Ethernet pause mechanism, PFC stops traffic transmission for specified priorities (Class of Service (CoS) values) without impacting other priority classes. Different traffic types are assigned to different priority classes.
You can enable any number of 802.1p priorities for PFC. Queues to which PFC priority traffic is mapped are lossless by default. Traffic may be interrupted due to an interface flap (going down and coming up) when you reconfigure the lossless queues for no-drop priorities in a PFC dcb-map and reapply the policy to an interface. To apply PFC, a PFC peer must support the configured priority traffic (as detected by DCBx).
● PFC mode is off (no pfc mode on). ● No PFC priority classes are configured (no pfc priority priority-range). Example: Port A —> Port B Port C —> Port B PFC no-drop queues are configured for queues 1, 2 on Port B. PFC capability is enabled on priorities 3, 4 on PORT A and C. Port B acting as Egress During the congestion, [traffic pump on priorities 3 and 4 from PORT A and PORT C is at full line rate], PORT A and C send out the PFCs to rate the traffic limit.
You can configure the size of the PFC buffer for all switches in a stack or all port pipes on a specified stack unit by entering the following commands on the master switch. ● Configure the PFC buffer for all switches in the stack. CONFIGURATION mode [no] dcb stack-unit all pfc-buffering pfc-port {1-56} pfc-queues {1-2} By default, the PFC buffer is enabled on all ports on the stack unit.
● By default, equal bandwidth is assigned to each port queue and each dot1p priority in a priority group. ● By default, equal bandwidth is assigned to each priority group in the dcb-map applied to an egress port. The sum of auto-configured bandwidth allocation to dot1p priority traffic in all ETS priority groups is 100%. ● dot1p priority traffic on the switch is scheduled according to the default dot1p-queue mapping.
Strict-priority groups: If two priority groups have strict-priority scheduling, traffic assigned from the priority group with the higher priority-queue number is scheduled first. However, when three priority groups are used and two groups have strict-priority scheduling (such as groups 1 and 3 in the example), the strict priority group whose traffic is mapped to one queue takes precedence over the strict priority group whose traffic is mapped to two queues.
On a DCBx port in an auto-upstream role, the PFC and application priority TLVs are enabled. ETS recommend TLVs are disabled and ETS configuration TLVs are enabled. Autodownstream The port advertises its own configuration to DCBx peers but is not willing to receive remote peer configuration. The port always accepts internally propagated configurations from a configuration source.
Configuration Source Election When an auto-upstream or auto-downstream port receives a DCB configuration from a peer, the port first checks to see if there is an active configuration source on the switch. ● If a configuration source already exists, the received peer configuration is checked against the local port configuration. If the received configuration is compatible, the DCBx marks the port as DCBx-enabled.
DCBx Example The following figure shows how DCBx is used on an Aggregator installed in a Dell PowerEdge FX2 server chassis in which servers are also installed. The Aggregator ports are numbered 1 to 12. Ports 1 to 8 are internal server-facing interfaces. Ports 9 to 12 are uplink ports. The uplink ports on the base module (ports 9 to 12) are used for uplinks configured as DCBx auto-upstream ports. The Aggregator is connected to third-party, top-of-rack (ToR) switches through the uplinks.
DCBx Error Messages The following syslog messages appear when an error in DCBx operation occurs. LLDP_MULTIPLE_PEER_DETECTED: DCBx is operationally disabled after detecting more than one DCBx peer on the port interface. LLDP_PEER_AGE_OUT: DCBx is disabled as a result of LLDP timing out on a DCBx peer interface. DSM_DCBx_PEER_VERSION_CONFLICT: A local port expected to receive the IEEE, CIN, or CEE version in a DCBx TLV from a remote peer but received a different, conflicting DCBx version.
Table 13. Displaying DCB Configurations (continued) Command Output master switch in a stack, you can specify a stack-unit number. The range is from 0 to 5. show interface port-type slot/port pfc statistics Displays counters for the PFC frames received and transmitted (by dot1p priority class) on an interface. show interface port-type slot/port pfc {summary | detail} Displays the PFC configuration applied to ingress traffic on an interface, including priorities and link delay.
Local ISCSI PriorityMap is 0x10 Remote FCOE PriorityMap is 0x8 Remote ISCSI PriorityMap is 0x8 Dell# show interfaces tengigabitethernet 0/4 pfc detail Interface TenGigabitEthernet 0/4 Admin mode is on Admin is enabled Remote is enabled Remote Willing Status is enabled Local is enabled Oper status is recommended PFC DCBx Oper status is Up State Machine Type is Feature TLV Tx Status is enabled PFC Link Delay 45556 pause quanta Application Priority TLV Parameters : -------------------------------------FCOE TLV
Table 14. show interface pfc summary Command Description (continued) Fields Description TLV Tx Status Status of PFC TLV advertisements: enabled or disabled. PFC Link Delay Link delay (in quanta) used to pause specified priority traffic. Application Priority TLV: FCOE TLV Tx Status Status of FCoE advertisements in application priority TLVs from local DCBx port: enabled or disabled.
Local Parameters : -----------------Local is enabled TC-grp Priority# 0 0,1,2,3,4,5,6,7 1 2 3 4 5 6 7 Bandwidth 100% 0% 0% 0% 0% 0% 0% 0% Priority# Bandwidth 0 13% 1 13% 2 13% 3 13% 4 12% 5 12% 6 12% 7 12% Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled TSA ETS ETS ETS ETS ETS ETS ETS ETS TSA ETS ETS ETS ETS ETS ETS ETS ETS Example of the show interface ets detail Command Dell# show interfaces tengigabitethernet Interface TenGigabitEthernet 0/4 Max Supported TC
0 Input Conf TLV Pkts, 0 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 0 Input Reco TLV Pkts, 0 Output Reco TLV Pkts, 0 Error Reco TLV Pkts The following table describes the show interface ets detail command fields. Table 15. show interface ets detail Command Description Field Description Interface Interface type with stack-unit and port number. Max Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured.
Example of the show stack-unit all stack-ports all pfc details Command Dell# show stack-unit all stack-ports all pfc details stack unit 0 stack-port all Admin mode is On Admin is enabled, Priority list is 4-5 Local is enabled, Priority list is 4-5 Link Delay 45556 pause quantum 0 Pause Tx pkts, 0 Pause Rx pkts stack unit 1 stack-port all Admin mode is On Admin is enabled, Priority list is 4-5 Local is enabled, Priority list is 4-5 Link Delay 45556 pause quantum 0 Pause Tx pkts, 0 Pause Rx pkts Example of th
Interface TenGigabitEthernet 0/4 Remote Mac Address 00:00:00:00:00:11 Port Role is Auto-Upstream DCBX Operational Status is Enabled Is Configuration Source? TRUE Local DCBX Compatibility mode is CEE Local DCBX Configured mode is CEE Peer Operating version is CEE Local DCBX TLVs Transmitted: ErPfi Local DCBX Status ----------------DCBX Operational Version is 0 DCBX Max Version Supported is 0 Sequence Number: 2 Acknowledgment Number: 2 Protocol State: In-Sync Peer DCBX Status: ---------------DCBX Operational
Table 16. show interface DCBx detail Command Description (continued) Field Description Local DCBx Status: Sequence Number Sequence number transmitted in Control TLVs. Local DCBx Status: Acknowledgment Number Acknowledgement number transmitted in Control TLVs. Local DCBx Status: Protocol State Current operational state of DCBx protocol: ACK or IN-SYNC. Peer DCBx Status: DCBx Operational Version DCBx version advertised in Control TLVs received from peer device.
egress queues, take into account the default dot1p-queue assignments in the following table and the maximum number of two lossless queues supported on a port. Although the system allows you to change the default dot1p priority-queue assignments, DCB policies applied to an interface may become invalid if you reconfigure dot1p-queue mapping. If the configured dcb-map remains valid, the change in the dot1p-queue assignment is allowed.
Reason Description Error Bit set For a legacy DCBx version, a peer has sent packets with an error bit set. This reason displays only when a remote peer is willing to receive a DCB configuration. Enabled with ETS DCBx is enabled but an ETS validation failure error has occurred. Mismatch (show interfaces dcbx output) PFC is down (show interfaces pfc output) One of the following PFC-specific errors has occurred: ● No MBC support. ● Configured PFC priorities exceed maximum PFC capability limit.
15 Dynamic Host Configuration Protocol (DHCP) The Aggregator is auto-configured to operate as a dynamic host configuration protocol (DHCP) client. The DHCP server, DHCP relay agent, and secure DHCP features are not supported. The DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators.
2. Servers unicast or broadcast a DHCPOFFER message in response to the DHCPDISCOVER that offers to the client values for the requested parameters. Multiple servers might respond to a single DHCPDISCOVER; the client might wait a period of time and then act on the most preferred offer. 3. The client broadcasts a DHCPREQUEST message in response to the offer, requesting the offered values. 4.
Debugging DHCP Client Operation To enable debug messages for DHCP client operation, enter the following debug commands: ● Enable the display of log messages for all DHCP packets sent and received on DHCP client interfaces. EXEC Privilege [no] debug ip dhcp client packets [interface type slot/port] ● Enable the display of log messages for the following events on DHCP client interfaces: IP address acquisition, IP address release, Renewal of IP address and lease time, and Release of an IP address.
1w2d23h: %STKUNIT0-M:CP %DHCLIENT-5-DHCLIENT-LOG: DHCLIENT_DBG_PKT: DHCP RELEASE sent in Interface Ma 0/0 1w2d23h: %STKUNIT0-M:CP %DHCLIENT-5-DHCLIENT-LOG: DHCLIENT_DBG_EVT: Interface Ma 0/0 :Transitioned to state STOPPED 1w2d23h: %STKUNIT0-M:CP %DHCLIENT-5-DHCLIENT-LOG: DHCLIENT_DBG_EVT: Interface Ma 0/0 :DHCP IP RELEASED CMD sent to FTOS in state STOPPED Dell# renew dhcp int Ma 0/0 Dell#1w2d23h: %STKUNIT0-M:CP %DHCLIENT-5-DHCLIENT-LOG: DHCLIENT_DBG_EVT: Interface Ma 0/0 :DHCP RENEW CMD Received in state S
You can override the DHCP-assigned address on the OOB management interface by manually configuring an IP address using the CLI or CMC interface. If no user-configured IP address exists for the OOB interface exists and if the OOB IP address is not in the startup configuration, the Aggregator will automatically obtain it using DHCP. You can also manually configure an IP address for the VLAN 1 default management interface using the CLI.
DHCP Client on a VLAN The following conditions apply on a VLAN that operates as a DHCP client: ● The default VLAN 1 with all ports auto-configured as members is the only L3 interface on the Aggregator. ● When the default management VLAN has a DHCP-assigned address and you reconfigure the default VLAN ID number, the Aggregator: ○ Sends a DHCP release to the DHCP server to release the IP address. ○ Sends a DHCP request to obtain a new IP address.
Option Number and Description ● 8: DHCPINFORM Parameter Request List Renewal Time Option 55 Clients use this option to tell the server which parameters it requires. It is a series of octets where each octet is DHCP option code. Option 58 Specifies the amount of time after the IP address is granted that the client attempts to renew its lease with the original server.
Remote ID (Option 37) Identifies the host from which the message is received. The default values of the Options 18 and 37 are as follows: ● Default Agent Interface ID is constructed in the format VLANID:LagID:SlotID:PortStr. When the port is fanned-out, the PortStr is represented as mainPort:subPort (all in ASCII format). ● Default Agent Remote ID is the system MAC address of the relay agent that adds Option 37 (in binary format).
========= ======== Ma 0/0 0.0.0.0/0 0.0.0.0 Vl 1 ========= 0.0.0.0 10.1.1.254/24 0.0.0.0 Renew Time ========== ----NA---08-26-2011 16:21:50 ======== INIT ===== ============== -----NA----- 10.1.1.
The DHCP relay source IPv4 or IPv6 configuration at interface level takes precedence over the DHCP relay source IPv4 or IPv6 configuration at the global level. ● Specify the type of an interface and interface-number that should be used as a DHCP relay source interface at the interface level. INTERFACE mode {ip | ipv6} dhcp relay source-interface interface Following are the steps to configure interface specific source IPv4 or IPv6 configuration for DHCP relay.
DHCP Snooping DHCP snooping is a feature that protects networks from spoofing. It acts as a firewall between the DHCP server and DHCP clients. DHCP snooping places the ports either in trusted or non-trusted mode. By default, all ports are set to the non-trusted mode. An attacker can not connect to the DHCP server through trusted ports. While configuring DHCP snooping, manually configure ports connected to legitimate servers and relay agents as trusted ports.
ip dhcp snooping 2. Specify ports connected to DHCP servers as trusted. INTERFACE mode INTERFACE PORT EXTENDER mode ip dhcp snooping trust 3. Enable DHCP snooping on a VLAN. CONFIGURATION mode ip dhcp snooping vlan name Enabling IPv6 DHCP Snooping To enable IPv6 DHCP snooping, use the following commands. 1. Enable IPv6 DHCP snooping globally. CONFIGURATION mode ipv6 dhcp snooping 2. Specify ports connected to IPv6 DHCP servers as trusted. INTERFACE mode ipv6 dhcp snooping trust 3.
Clearing the DHCP IPv6 Binding Table To clear the DHCP IPv6 binding table, use the following command. ● Delete all of the entries in the binding table. EXEC Privilege mode clear ipv6 dhcp snooping binding DellEMC# clear ipv6 dhcp snooping? binding Clear the snooping binding database Displaying the Contents of the Binding Table To display the contents of the binding table, use the following command. ● Display the DHCP snooping information.
Debugging the IPv6 DHCP To debug the IPv6 DHCP, use the following command. ● Display debug information for IPV6 DHCP. EXEC Privilege mode debug ipv6 dhcp IPv6 DHCP Snooping MAC-Address Verification Configure to enable verify source mac-address in the DHCP packet against the mac address stored in the snooping binding table. ● Enable IPV6 DHCP snooping .
16 Equal Cost Multi-Path (ECMP) Dell Networking OS supports equal cost multi-path (ECMP). Topics: • • • ECMP for Flow-Based Affinity Link Bundle Monitoring Managing ECMP Group Paths ECMP for Flow-Based Affinity Dell Networking OS supports ECMP for flow-based affinity. NOTE: IPv6 /128 routes having multiple paths do not form ECMPs. The /128 route is treated as a host entry and finds its place in the host table.
Enable link bundle monitoring using the ecmp-group command. NOTE: An ecmp-group index is generated automatically for each unique ecmp-group when you configure multipath routes to the same network. The system can generate a maximum of 512 unique ecmp-groups. The ecmp-group indexes are generated in even numbers (0, 2, 4, 6... 1022) and are for information only. To enable the link bundle monitoring feature, for link bundle monitoring with ECMP, use the ecmp-group command.
17 FC FPORT Dell Networking OS supports FC FPort on Combo port card. Topics: • • • • • • • • • • • FC FPORT Configuring Switch Mode to FCF Port Mode Name Server FCoE Maps Creating an FCoE Map Zoning Creating Zone and Adding Members Creating Zone Alias and Adding Members Creating Zonesets Activating a Zoneset Displaying the Fabric Parameters FC FPORT FC FPort can be configured on ports 9 and 10 of Combo port card in Dell FX2 chassis.
Name Server Each participant in the FC environment has a unique ID, which is called the World Wide Name (WWN). This WWN is a 64-bit address. A Fibre Channel fabric uses another addressing scheme to address the ports in the switched fabric. Each port in the switched fabric is assigned a 24-bit address by the FC switch.
NOTE: After removing and reapplying the fabric map or after modifying the FCoE map, the Fiber Channel (FC) devices do not re-login. To mitigate this issue, you must first run the shut command and then the no shutdown command on each member interface after you alter the FCOE map. Creating an FCoE Map An FCoE map consists of the following elements. ● An association between the dedicated VLAN used to carry FCoE traffic and SAN fabric where the storage arrays are installed.
fka-adv-period seconds The range is from 8 to 90 seconds. The default is 8 seconds. Zoning Dell Networking OS supports the zoning configurations for Fabric FCF Port mode operation. In FCF Port mode, the fcoe-map fabric map-name has the default Zone mode set to deny. This setting denies all the fabric connections unless included in an active zoneset. To change this setting, use the default-zone-allow command. Changing this setting to all allows all the fabric connections without zoning.
Dell(conf-fc-zone-z1)#member al1 Dell(conf-fc-zone-z1)#exit Creating Zonesets A zoneset is a grouping or configuration of zones. To create a zoneset and zones into the zoneset, use the following steps. 1. Create a zoneset. CONFIGURATION mode fc zoneset zoneset_name 2. Add zones into a zoneset.
Command Description show fc ns switch brief Display all the devices in name server database of the switch - brief version. show fc zoneset Displays the zoneset. show fc zoneset active Displays the active zoneset. show fc zone Displays the configured zone. show fc alias Displays the configured alias. show fc switch Displays the FC Switch mode and world wide name.
Node Name Class of Service Symbolic Port Name Symbolic Node Name Port Type 20:00:d4:ae:52:44:37:b2 8 Broadcom Port0 pWWN 20:01:d4:ae:52:44:37:b2 Broadcom BCM57810 FCoE 7.6.3.0 7.6.59.
Switch WWN : 10:00:aa:00:00:00:00:ac Dell(conf)# FC FPORT 275
18 FCoE Transit Dell Networking OS supports the Fibre Channel over Ethernet (FCoE) Transit feature. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FCoE transit is not supported on Fibre Channel interfaces.
FIP enables FCoE devices to discover one another, initialize and maintain virtual links over an Ethernet network, and access storage devices in a storage area network (SAN). FIP satisfies the Fibre Channel requirement for point-to-point connections by creating a unique virtual link for each connection between an FCoE end-device and an FCF via a transit switch. FIP provides functionality for discovering and logging into an FCF.
FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF. An Ethernet bridge that provides these functions is called a FIP snooping bridge (FSB). On a FIP snooping bridge, ACLs are created dynamically as FIP login frames are processed.
Figure 35. FIP Snooping on an FN IOM Switch The following sections describe how to configure the FIP snooping feature on a switch that functions as a FIP snooping bridge so that it can perform the following functions: ● Perform FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis. ● To assign a MAC address to an FCoE end-device (server ENode or storage device) after a server successfully logs in, set the FCoE MAC address prefix (FC-MAP) value an FCF uses.
● In case of a failover, the new master switch starts the required timers for the FCoE database tables. Timers run only on the master stack unit. NOTE: As a best practice, Dell Networking recommends not configuring FIP Snooping on a stacked switch. Using FIP Snooping There are four steps to configure FCoE transit. 1. Enable the FCoE transit feature on a switch to maintain FIP snooping information on the switch. 2.
Configure the FC-MAP Value You can configure the FC-MAP value to be applied globally by the switch on all or individual FCoE VLANs to authorize FCoE traffic. The configured FC-MAP value is used to check the FC-MAP value for the MAC address assigned to ENodes in incoming FCoE frames. If the FC-MAP value does not match, FCoE frames are dropped. A session between an ENode and an FCF is established by the switch-bridge only when the FC-MAP value on the FCF matches the FC-MAP value on the FIP snooping bridge.
FIP Snooping Prerequisites Before you enable FCoE transit and configure FIP snooping on a switch, ensure that certain conditions are met. A FIP snooping bridge requires data center bridging exchange protocol (DCBx) and priority-based flow control (PFC) to be enabled on the switch for lossless Ethernet connections (refer to theData Center Bridging (DCB) chapter). Dell Networking recommends also enabling enhanced transmission selection (ETS); however, ETS is recommended but not required.
fip-snooping port-mode fcf NOTE: To disable the FIP snooping feature or FIP snooping on VLANs, use the no version of a command; for example, no feature fip-snooping or no fip-snooping enable. . Displaying FIP Snooping Information Use the following show commands to display information on FIP snooping, . Table 19.
0e:fc:00:01:00:03 01:00:03 41:00:0e:fc:00:00:00:01 21:00:0e:fc:00:00:00:00 0e:fc:00:01:00:04 01:00:04 41:00:0e:fc:00:00:00:02 21:00:0e:fc:00:00:00:00 0e:fc:00:01:00:05 01:00:05 41:00:0e:fc:00:00:00:03 21:00:0e:fc:00:00:00:00 The following table describes the show fip-snooping sessions command fields. Table 20. show fip-snooping sessions Command Description Field Description ENode MAC MAC address of the ENode . ENode Interface Slot/ port number of the interface connected to the ENode.
Table 22. show fip-snooping fcf Command Description Field Description FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session. FC-MAP FC-Map value advertised by the FCF. ENode Interface Slot/number of the interface connected to the ENode. FKA_ADV_PERIOD Period of time (in milliseconds) during which FIP keep-alive advertisements are transmitted. No of ENodes Number of ENodes connected to the FCF.
Example of the show fip-snooping statistics port-channel Command Dell# show fip-snooping statistics interface port-channel 22 Number of Vlan Requests :0 Number of Vlan Notifications :2 Number of Multicast Discovery Solicits :0 Number of Unicast Discovery Solicits :0 Number of FLOGI :0 Number of FDISC :0 Number of FLOGO :0 Number of Enode Keep Alive :0 Number of VN Port Keep Alive :0 Number of Multicast Discovery Advertisement :4451 Number of Unicast Discovery Advertisement :2 Number of FLOGI Accepts :2 Numb
Table 23. show fip-snooping statistics Command Description (continued) Field Description Number of FDISC Rejects Number of FIP FDISC reject frames received on the interface. Number of FLOGO Accepts Number of FIP FLOGO accept frames received on the interface. Number of FLOGO Rejects Number of FIP FLOGO reject frames received on the interface. Number of CVLs Number of FIP clear virtual link frames received on the interface.
Figure 36. FIP Snooping on an FN IOMSwitch Configuration Example ● A server-facing port is configured for DCBx in an auto-downstream role. ● An FCF-facing port is configured for DCBx in an auto-upstream or configuration-source role. The DCBx configuration on the FCF-facing port is detected by the server-facing port and the DCB PFC configuration on both ports is synchronized. For more information about how to configure DCBx and PFC on a port, refer to the Data Center Bridging (DCB) chapter.
Example of Configuring the ENode Server-Facing Port Dell(conf)# interface tengigabitethernet 0/1 Dell(conf-if-te-0/1)# portmode hybrid Dell(conf-if-te-0/1)# switchport NOTE: A port is enabled by default for bridge-ENode links.
19 FIPS Cryptography Dell Networking OS supports federal information processing standard (FIPS) cryptography. This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms. This feature provides cryptographic algorithms conforming to various FIPS standards published by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of Commerce.
● Enable FIPS mode from a console port. CONFIGURATION fips mode enable The following warning message displays: WARNING: Enabling FIPS mode will close all SSH/Telnet connections, restart those servers, and destroy all configured host keys. Proceed (y/n) ? Generating Host-Keys The following describes hot-key generation.
● ● ● ● ● Any existing host keys (both RSA and RSA1) are deleted from system memory and NVRAM storage. FIPS mode disables. The SSH server re-enables. The Telnet server re-enables (if it is present in the configuration). New 1024–bit RSA and RSA1 host key-pairs are created. To disable FIPS mode, use the following command. ● To disable FIPS mode from a console port.
20 Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimizations, STP can take up to 50 seconds to converge (depending on the size of network and node of failure) may require 4 to 5 seconds to reconverge.
Figure 37. Normal Operating FRRP Topology A virtual LAN (VLAN) is configured on all node ports in the ring. All ring ports must be members of the Member VLAN and the Control VLAN. The Member VLAN is the VLAN used to transmit data as described earlier. The Control VLAN is used to perform the health checks on the ring. The Control VLAN can always pass through all ports in the ring, including the secondary port of the Master node.
Ring Restoration The Master node continues sending ring health frames out its primary port even when operating in the Ring-Fault state. After the ring is restored, the next status check frame is received on the Master node's Secondary port. This causes the Master node to transition back to the Normal state.
Figure 38. Multiple Rings Connected by a Single Switch Example Important FRRP Points FRRP provides a convergence time that can generally range between 150ms and 1500ms for Layer 2 networks. The Master node originates a high-speed frame that circulates around the ring. This frame, appropriately, sets up or breaks down the ring. ● The Master node transmits ring status check frames at specified intervals. ● You can run multiple physical rings on the same switch.
Important FRRP Concepts The following table lists some important FRRP concepts. Concept Explanation Ring ID Each ring has a unique 8-bit ring ID through which the ring is identified (for example, FRRP 101 and FRRP 202. Control VLAN Each ring has a unique Control VLAN through which tagged ring health frames (RHF) are sent. Control VLANs are used only for sending RHF, and cannot be used for any other purpose. Member VLAN Each ring maintains a list of member VLANs.
● If multiple rings share one or more member VLANs, they cannot share any links between them. ● Member VLANs across multiple rings are not supported in Master nodes. ● Each ring has only one Master node; all others are transit nodes. FRRP Configuration These are the tasks to configure FRRP.
● For a Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. ● For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. Slot/Port, Range: Slot and Port ID for the interface. Range is entered Slot/Port-Port. 3. Assign the Primary and Secondary ports and the control VLAN for the ports on the ring. CONFIG-FRRP mode.
● ● ● ● For For For For a a a a 10/100/1000 Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. SONET interface, enter the keyword sonet then the slot/port information. 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. Slot/Port, Range: Slot and Port ID for the interface. Range is entered Slot/Port-Port.
Viewing the FRRP Information To view general FRRP information, use one of the following commands. ● Show the information for the identified FRRP group. EXEC or EXEC PRIVELEGED mode. show frrp ring-id Ring ID: the range is from 1 to 255. ● Show the state of all FRRP groups. EXEC or EXEC PRIVELEGED mode. show frrp summary Ring ID: the range is from 1 to 255. Troubleshooting FRRP To troubleshoot FRRP, use the following information. Configuration Checks ● ● ● ● ● Each Control Ring must use a unique VLAN ID.
Example of R1 MASTER interface GigabitEthernet 1/24 no ip address switchport no shutdown ! interface GigabitEthernet 1/34 no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged GigabitEthernet 1/24,34 no shutdown ! interface Vlan 201 no ip address tagged GigabitEthernet 1/24,34 no shutdown ! protocol frrp 101 interface primary GigabitEthernet 1/24 secondary GigabitEthernet 1/34 control-vlan 101 member-vlan 201 mode master no disable Example of R2 TRANSIT interface GigabitEthernet 2/1
tagged GigabitEthernet 3/14,21 no shutdown ! interface Vlan 201 no ip address tagged GigabitEthernet 3/14,21 no shutdown ! protocol frrp 101 interface primary GigabitEthernet 3/21 secondary GigabitEthernet 3/14 control-vlan 101 member-vlan 201 mode transit no disable FRRP Support on VLT Using FRRP rings, you can inter-connect VLT domains across data centers. These FRRP rings make use of Layer2 VLANs that spawn across Data Centers and provide resiliency by detecting node or link level failures.
Example Scenario Following example scenario describes an Active-Active FRRP ring topology where the ring is blocked on a per VLAN or VLAN group basis allowing active-active FRRP ring for different set of VLANs. In this scenario, an FRRP ring named R1 is configured with VLT Node1 acting as the Master node and VLT Node2 as the transit node. Simillary, an FRRP ring named R2 is configured with VLT Node2 as the master node and VLT node1 as the trasit node.
● Only RSTP and PVST are supported in the VLT environment. Enabling either RSTP or PVST effects FRRP functionality even though these features are disabled on FRRP enabled interfaces. ● Dell Networking OS does not support coexistence of xSTP and FRRP configurations. Meaning, if there is any active FRRP ring in the system, then you cannot enable xSTP in the system globally or at the interface level. Similarly, if xSTP is enabled, then you cannot configure FRRP in the system.
21 GARP VLAN Registration Protocol (GVRP) Dell Networking OS supports GARP VLAN registration protocol (GVRP). Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GVRP, defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches. GVRP-compliant switches use GARP to register and de-register attribute values, such as VLAN IDs, with each other.
Figure 42. Global GVRP Configuration Example Basic GVRP configuration is a two-step process: 1. Enabling GVRP Globally 2. Enabling GVRP on a Layer 2 Interface Related Configuration Tasks ● Configure GVRP Registration ● Configure a GARP Timer Enabling GVRP Globally To configure GVRP globally, use the following command. ● Enable GVRP for the entire switch.
To inspect the global configuration, use the show gvrp brief command. Enabling GVRP on a Layer 2 Interface To enable GVRP on a Layer 2 interface, use the following command. ● Enable GVRP on a Layer 2 interface.
Configure a GARP Timer Set GARP timers to the same values on all devices that are exchanging information using GVRP. There are three GARP timer settings. ● Join — A GARP device reliably transmits Join messages to other devices by sending each Join message two times. To define the interval between the two sending operations of each Join message, use this parameter. The default is 200ms.
22 FIP Snooping This chapter describes about the FIP snooping concepts and configuration procedures.
FIP provides a functionality for discovering and logging in to an FCF. After discovering and logging in, FIP allows FCoE traffic to be sent and received between FCoE end-devices (ENodes) and the FCF. FIP uses its own EtherType and frame format. The below illustration about FIP discovery, depicts the communication that occurs between an ENode server and an FCoE switch (FCF).
You must enable FIP snooping on an Aggregator and configure the FIP snooping parameters. When you enable FIP snooping, all ports on the switch by default become ENode ports. Dynamic ACL generation on an Aggregator operating as a FIP snooping bridge functions as follows: ● Global ACLs are applied on server-facing ENode ports. ● Port-based ACLs are applied on ports directly connected to an FCF and on server-facing ENode ports. ● Port-based ACLs take precedence over global ACLs.
How FIP Snooping is Implemented As soon as the Aggregator is activated in an Dell PowerEdge FX2 server chassis as a switch-bridge, existing VLAN—specific and FIP snooping auto-configurations are applied. The Aggregator snoops FIP packets on VLANs enabled for FIP snooping and allows legitimate sessions. By default, all FCoE and FIP frames are dropped unless specifically permitted by existing FIP snooping-generated ACLs.
○ Tagged VLAN membership is auto-configured on each FIP snooping port that sends and receives FCoE traffic and has links with an FCF, ENode server or another FIP snooping bridge. ○ The default VLAN membership of the port should continue to operate with untagged frames. FIP snooping is not supported on a port that is configured for non-default untagged VLAN membership.
Displaying FIP Snooping Information Use the show commands from the table below, to display information on FIP snooping. Command Output show fipsnooping sessions [interface vlan vlan-id] Displays information on FIP-snooped sessions on all VLANs or a specified VLAN, including the ENode interface and MAC address, the FCF interface and MAC address, VLAN ID, FCoE MAC address and FCoE session ID number (FC-ID), worldwide node name (WWNN) and the worldwide port name (WWPN).
Command Output show fipsnooping vlan Display information on the FCoE VLANs on which FIP snooping is enabled.
show fip-snooping fcf Command Example Dell# show fip-snooping fcf FCF MAC FCF Interface Enodes ------------------------------54:7f:ee:37:34:40 Po 22 VLAN FC-MAP FKA_ADV_PERIOD ---- ------ -------------- 100 0e:fc:00 4000 No. of 2 show fip-snooping fcf Command Description Field Description FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session. FC-MAP FC-Map value advertised by the FCF.
Number Number Number Number Number of of of of of FLOGO Rejects CVL FCF Discovery Timeouts VN Port Session Timeouts Session failures due to Hardware Config :0 :0 :0 :0 :0 show fip-snooping statistics (port channel) Command Example Dell# show fip-snooping statistics interface port-channel 22 Number of Vlan Requests :0 Number of Vlan Notifications :2 Number of Multicast Discovery Solicits :0 Number of Unicast Discovery Solicits :0 Number of FLOGI :0 Number of FDISC :0 Number of FLOGO :0 Number of Enode Ke
Field Description Discovery Advertisements Number of FLOGI Number of FIP FLOGI accept frames received on the interface. Accepts Number of FLOGI Number of FIP FLOGI reject frames received on the interface. Rejects Number of FDISC Number of FIP FDISC accept frames received on the interface. Accepts Number of FDISC Number of FIP FDISC reject frames received on the interface. Rejects Number of FLOGO Accepts Number of FIP FLOGO accept frames received on the interface.
FIP Snooping Example The following figure shows an Aggregator used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 45. FIP Snooping on an Aggregator In tbe above figure, DCBX and PFC are enabled on the Aggregator (FIP snooping bridge) and on the FCF ToR switch. On the FIP snooping bridge, DCBX is configured as follows: ● A server-facing port is configured for DCBX in an auto-downstream role.
debug fip-snooping [all | acl | error | ifm | info | ipc | rx] To turn off debugging event messages, enter the no debug fip-snooping command.
23 Internet Group Management Protocol (IGMP) On an Aggregator, IGMP snooping is auto-configured. You can display information on IGMP by using show ip igmp command. Multicast is based on identifying many hosts by a single destination IP address. Hosts represented by the same IP address are a multicast group. The internet group management protocol (IGMP) is a Layer 3 multicast protocol that hosts use to join or leave a multicast group.
Figure 46. IGMP Version 2 Packet Format Joining a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier, or it may send an unsolicited report to its querier. ● Responding to an IGMP Query. ○ One router on a subnet is elected as the querier. The querier periodically multicasts (to all-multicast-systems address 224.0.0.1) a general query to all hosts on the subnet.
Figure 47. IGMP version 3 Membership Query Packet Format Figure 48. IGMP version 3 Membership Report Packet Format Joining and Filtering Groups and Sources The below illustration shows how multicast routers maintain the group and source information from unsolicited reports. ● The first unsolicited report from the host indicates that it wants to receive traffic for group 224.1.1.1. ● The host’s second report indicates that it is only interested in traffic from group 224.1.1.1, source 10.11.1.1.
Leaving and Staying in Groups The below illustration shows how multicast routers track and refreshes the state change in response to group-and-specific and general queries. ● Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 are no longer necessary.
Displaying IGMP Information Use the show commands from the below table, to display information on IGMP. If you specify a group address or interface: ● Enter a group address in dotted decimal format; for example, 225.0.0.0. ● Enter an interface in one of the following formats: tengigabitethernet slot/port, port-channel portchannel-number, or vlan vlan-number.
Last reporter Last reporter mode Last report received Group source list Source address 1.1.1.2 Member Ports: Po 1 Dell# 1.1.1.
24 Interfaces This chapter describes 100/1000/10000 Mbps Ethernet, 10 Gigabit Ethernet, and 40 Gigabit Ethernet interface types, both physical and logical, and how to configure them with the Dell Networking operating software (OS).
• • • • • • • • • • • • Bulk Configuration Defining Interface Range Macros Monitoring and Maintaining Interfaces Splitting QSFP Ports to SFP+ Ports Configuring wavelength for 10–Gigabit SFP+ optics Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port Layer 2 Flow Control Using Ethernet Pause Frames Configure MTU Size on an Interface Port-Pipes Auto-Negotiation on Ethernet Interfaces View Advanced Interface Information Enhanced Control of Remote Fault Indication Processing Interface Types The following t
Server Port AdminState is Up Pluggable media not present Interface index is 38080769 Internet address is not set Mode of IP Address Assignment : NONE DHCP Client-ID :tenG145001ec9f10005 MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 10000 Mbit Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 5d1h18m Queueing strategy: fifo Input Statistics: 34561 packets, 6266197 bytes 38 64-byte pkts, 4373 over 64-byte pkts, 21491 over 127-byte pkts 8659 over 255-byte p
! interface GigabitEthernet 9/7 no ip address shutdown ! interface GigabitEthernet 9/8 no ip address shutdown ! interface GigabitEthernet 9/9 no ip address shutdown Configuring the Default Interface You can reset the configurations applied on an interface to its factory default state. To reset the configuration, perform the following steps: 1. View the configurations applied on an interface.
● For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. 2. Enable the interface. INTERFACE mode no shutdown To confirm that the interface is enabled, use the show config command in INTERFACE mode. To leave INTERFACE mode, use the exit command or end command. You cannot delete a physical interface. Physical Interfaces The switch interfaces support Layer 2 and Layer 3 traffic over the 100/1000/10000, 10-Gigabit, and 40-Gigabit Ethernet interfaces.
Table 25. Layer modes (continued) Type of Interface Possible Modes Requires Creation Default State Shutdown (disabled for Layer 3) Configuring Layer 2 (Data Link) Mode Do not configure switching or Layer 2 protocols such as spanning tree protocol (STP) on an interface unless the interface has been set to Layer 2 mode. To set Layer 2 data transmissions through an individual interface, use the following command. ● Enable Layer 2 data transmissions through an individual interface.
no shutdown Dell(conf-if)# If an interface is in the incorrect layer mode for a given command, an error message displays (shown in bold). In the following example, the ip address command triggered an error message because the interface is in Layer 2 mode and the ip address command is a Layer 3 command only. Dell(conf-if)#show config ! interface GigabitEthernet 1/2 no ip address switchport no shutdown Dell(conf-if)#ip address 10.10.1.1 /24 % Error: Port is in Layer 2 mode Gi 1/2.
● BPDU Guard ● FEFD ● MAC learning limit ● ARP inspection Based on the automatic recovery configuration, when the interface is changed to Err-disabled state, the Dell EMC Networking OS invokes a timer for the configured time-out interval. Upon expiration of the timer, the interface is moved to operationally up state if the encountered error is fixed. If not, the interface is again moved to Err-disabled state again.
Management Interfaces The IOM management interface has both a public IP and private IP address on the internal fabric D interface. The public IP address is exposed to the outside world for Web GUI configurations/WSMAN and other proprietary traffic. You can statically configure the public IP address or obtain the IP address dynamically using the dynamic host configuration protocol (DHCP). NOTE: When you shut down a management interface, connectivity to the interface’s private IP address is disabled.
Interface index is 38080769 Internet address is not set Mode of IP Address Assignment : NONE DHCP Client-ID :tenG145001ec9bb02c2 MTU 1554 bytes, IP MTU 1500 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 2w4d2h Queueing strategy: fifo Input Statistics: 0 packets, 0 bytes 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts 0 runts,
no shutdown ! Loopback Interfaces A Loopback interface is a virtual interface in which the software emulates an interface. Packets routed to it are processed locally. Because this interface is not a physical interface, you can configure routing protocols on this interface to provide protocol stability. You can place Loopback interfaces in default Layer 3 mode. To configure, view, or delete a Loopback interface, use the following commands. ● Enter a number as the Loopback interface.
Table 26. VLAN Defaults Feature Default Mode Layer 2 (no IP address is assigned) Default VLAN ID VLAN 1 Default VLAN When an Aggregator boots up, all interfaces are up in Layer 2 mode and placed in the default VLAN as untagged interfaces. Only untagged interfaces can belong to the default VLAN. By default, VLAN 1 is the default VLAN. To change the default VLAN ID, use the default vlan-id <1–4094> command in CONFIGURATION mode. You cannot delete the default VLAN.
Configuring VLAN Membership By default, all Aggregator ports are member of all (4094) VLANs, including the default untagged VLAN 1. You can use the CLI or CMC interface to reconfigure VLANs only on server-facing interfaces (1–8) so that an interface has membership only in specified VLANs. To assign an Aggregator interface in Layer 2 mode to a specified group of VLANs, use the vlan tagged and vlan untagged commands.
Adding an Interface to a Tagged VLAN The following example shows you how to add a tagged interface (Te 0/2) to the VLANs. Enter the vlan tagged command to add interface Te 0/2 to VLANs 2 - 4, which is as shown below. Enter the show config command to verify that interface Te 0/2 is a tagged member of the VLANs.
1. Initialize the port with configurations such as admin up, portmode, and switchport. Dell#configure Dell(conf)#int tengigabitethernet 0/1 Dell(conf-if-te-0/1)#no shutdown Dell(conf-if-te-0/1)#portmode hybrid Dell(conf-if-te-0/1)#switchport 2. Configure the tagged VLANs 10 through 15 and untagged VLAN 20 on this port. Dell(conf-if-te-0/1)#vlan tagged 10-15 Dell(conf-if-te-0/1)#vlan untagged 20 Dell(conf-if-te-0/1)# 3. Show the running configurations on this port.
* 1 10 Active Active 11 12 Active Active 13 Active 14 Active 15 Active 20 Active Dell# U Te 0/3 T Po128(Te 0/4-5) T Te 0/1 T Po128(Te 0/4-5) T Po128(Te 0/4-5) T Te 0/1 T Po128(Te 0/4-5) T Te 0/1 T Po128(Te 0/4-5) T Te 0/1 T Po128(Te 0/4-5) T Te 0/1 U Po128(Te 0/4-5) U Te 0/1 You can remove the inactive VLANs that have no member ports using the following command: Dell#configure Dell(conf)#no interface vlan vlan-id vlan-id — Inactive VLAN with no member ports You can remove the tagged VLANs usin
Port Channel Implementation The Dell Networking OS supports static and dynamic port channels. ● Static — Port channels that are statically configured. ● Dynamic — Port channels that are dynamically configured using the link aggregation control protocol (LACP). For details, refer to Link Aggregation Control Protocol (LACP). There are 128 port-channels with 16 members per channel. As soon as you configure a port channel, the system treats it like a physical interface. For example, IEEE 802.
Creating a Port Channel You can create up to 128 port channels with 16 port members per group on a switch. To configure a port channel, use the following commands. 1. Create a port channel. CONFIGURATION mode interface port-channel id-number 2. Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown After you enable the port channel, you can place it in Layer 2 or Layer 3 mode.
The following example shows the port channel’s mode (L2 for Layer 2 and L3 for Layer 3 and L2L3 for a Layer 2-port channel assigned to a routed VLAN), the status, and the number of interfaces belonging to the port channel.
2. Change to the second port channel INTERFACE mode. INTERFACE PORT-CHANNEL mode interface port-channel id number 3. Add the interface to the second port channel. INTERFACE PORT-CHANNEL mode channel-member interface The following example shows moving the TenGigabitEthernet 1/8 interface from port channel 4 to port channel 3.
no tagged port-channel id number or no untagged port-channel id number ● Identify which port channels are members of VLANs. EXEC Privilege mode show vlan Assigning an IP Address to a Port Channel You can assign an IP address to a port channel and use port channels in Layer 3 routing protocols. To assign an IP address, use the following command. ● Configure an IP address and mask on the interface.
To change to another algorithm, use the second command. ● Change the default (0) to another algorithm and apply it to ECMP, LAG hashing, or a particular line card.
NOTE: This feature does not impact BMP mode. It always applies when reloading in Normal mode. Important Points to Remember ● On a new switch running the Dell Networking OS version 9.2(0.0), with no saved startup configuration, the switch comes up with all server ports as switch ports in No Shut state. When you configure STP, the switch brings up the uplink and saves the running configuration to the startup-config file.
Bulk Configuration Examples Use the interface range command for bulk configuration. ● ● ● ● ● ● ● Create a Single-Range Create a Multiple-Range Exclude Duplicate Entries Exclude a Smaller Port Range Overlap Port Ranges Commas Add Ranges Create a Single-Range The following is an example of a single range.
Overlap Port Ranges The following is an example showing how the interface-range prompt extends a port range from the smallest start port number to the largest end port number when port ranges overlap. handles overlapping port ranges.
CONFIGURATION mode interface range macro name The following example shows how to change to the interface-range configuration mode using the interface-range macro named “test.” Dell(config)# interface range macro test Dell(config-if)# Monitoring and Maintaining Interfaces Monitor interface statistics with the monitor interface command. This command displays an ongoing list of the interface status (up/down), number of packets, traffic statistics, and so on.
T - Increase refresh interval q - Quit t - Decrease refresh interval Dell Maintenance Using TDR The time domain reflectometer (TDR) is supported on all Dell Networking switch/routers. TDR is an assistance tool to resolve link issues that helps detect obvious open or short conditions within any of the four copper pairs. TDR sends a signal onto the physical cable and examines the reflection of the signal that returns.
write memory reload Merging SFP+ Ports to QSFP 40G Ports To remove FANOUT mode in 40G QSFP Ports, use the following commands. 1. Merge 4-10G ports to a single 40G port. CONFIGURATION mode no stack-unit port number portmode quad ● stack-unit: Enter the stack member unit identifier of the stack member to reset. The range is from 0 to 5. ● port : Enter the port number of the 40GbE QSFP+ port. Valid values on base module: 33 or 37; OPTM SLOT 0: 41 or 45; OPTM SLOT 1: 49 or 53.
INTERFACE mode show config Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port You can convert a QSFP or QSFP+ port to an SFP or SFP+ port using the Quad to Small Form Factor Pluggable Adapter (QSA). QSA provides smooth connectivity between devices that use Quad Lane Ports (such as the 40 Gigabit Ethernet adapters) and 10 Gigabit hardware that uses SFP+ based cabling.
valid and the output shows that pluggable media (optical cables) is inserted into these ports. This is a software limitation for this release. Layer 2 Flow Control Using Ethernet Pause Frames Ethernet pause frames allow for a temporary stop in data transmission. A situation may arise where a sending device may transmit data faster than a destination device can accept it. The destination sends a pause frame back to the source, stopping the sender’s transmission for a period of time.
Configure MTU Size on an Interface If a packet includes a Layer 2 header, the difference in bytes between the link MTU and IP MTU must be enough to include the Layer 2 header. For example, for VLAN packets, if the IP MTU is 1400, the Link MTU must be no less than 1422: 1400-byte IP MTU + 22-byte VLAN Tag = 1422-byte link MTU The MTU range is from 592 to 12000, with a default of 1500. IP MTU automatically configures.
For 100/1000/10000 Ethernet interfaces, the negotiation auto command is tied to the speed command. Auto-negotiation is always enabled when the speed command is set to 1000 in IOS. Setting the Speed and Duplex Mode of Ethernet Interfaces To discover whether the remote and local interface requires manual speed synchronization, and to manually synchronize them if necessary, use the following command sequence. 1. Determine the local interface status. Refer to the following example.
In the previous example, several ports display “Auto” in the Speed field, including port 0/1. In the following example, the speed of port 0/1 is set to 100Mb and then its auto-negotiation is disabled.
The following example lists the possible show commands that have the configured keyword available: Dell#show Dell#show Dell#show Dell#show Dell#show Dell#show Dell#show Dell#show Dell#show interfaces configured interfaces tengigabitEthernet 0 configured ip interface configured ip interface tengigabitEthernet 1 configured interfaces fortygigabitEthernet 0 configured ip interface fortygigabitEthernet 1 configured ip interface brief configured running-config interfaces configured running-config interface teng
Received 0 input symbol errors, 0 runts, 0 giants, 0 throttles 0 CRC, 0 IP Checksum, 0 overrun, 0 discarded 0 packets output, 0 bytes, 0 underruns Output 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 IP Packets, 0 Vlans, 0 MPLS 0 throttles, 0 discarded Rate info (interval 299 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.
DHCP Client-ID :3417eb0120f3 MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 10000 Mbit Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 2w6d21h Queueing strategy: fifo Input Statistics: 3106 packets, 226755 bytes 133 64-byte pkts, 2973 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 406 Multicasts, 0 Broadcasts, 2700 Unicasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Stat
● ● ● ● ● ● ● ● ● ● Ingress VLAN Next Hop 2 Next Hop 1 Egress ACLs ILM IP FLOW IP ACL IP FIB L2 ACL L2 FIB Clearing Interface Counters The counters in the show interfaces command are reset by the clear counters command. This command does not clear the counters any SNMP program captures. To clear the counters, use the following the command. ● Clear the counters used in the show interface commands for all VRRP groups, VLANs, and physical interfaces or selected ones.
25 Internet Protocol Security (IPSec) IPSec is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all packets in a communication session. Use IPSec between hosts, between gateways, or between hosts and gateways. IPSec is compatible with Telnet and file transfer protocols (FTPs) and can operate in Transport mode. In Transport mode, IPSec encrypts only the packet payload; the IP header is unchanged. This is the default mode.
auth encrypt match 0 tcp a::1 /128 0 a::2 /128 21 match 1 tcp a::1 /128 21 a::2 /128 0 match 2 tcp 1.1.1.1 /32 0 1.1.1.2 /32 21 match 3 tcp 1.1.1.1 /32 21 1.1.1.2 /32 0 3. Apply the crypto policy to management traffic.
26 IPv4 Routing The Dell Networking OS supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking operating system (OS).
NOTE: The Dell Networking OS versions 7.7.1.0 and later support 31-bit subnet masks (/31, or 255.255.255.254) as defined by RFC 3021. This feature allows you to save two more IP addresses on point-to-point links than 30-bit masks. The system supports RFC 3021 with ARP. NOTE: Even though Dell Networking OS listens to all ports, you can only use the ports starting from 35001 for IPv4 traffic. Ports starting from 0 to 35000 are reserved for internal use and you cannot use them for IPv4 traffic.
Example of the show ip interface Command Dell#show ip interface tengig 0/16 TenGigabitEthernet 0/16 is down, line protocol is down Internet address is not set IP MTU is 1500 bytes Directed broadcast forwarding is disabled Proxy ARP is enabled Split Horizon is enabled Poison Reverse is disabled ICMP redirects are not sent ICMP unreachables are not sent IP unicast RPF check is not supported Dell# Configuring Static Routes A static route is an IP address that you manually configure and that the routing protoc
The system installs a next hop that is on the directly connected subnet of current IP address on the interface (for example, if interface tengig 0/0 is on 172.31.5.0 subnet, the system installs the static route). The system also installs a next hop that is not on the directly connected subnet but which recursively resolves to a next hop on the interface's configured subnet. For example, if tengig 0/0 has ip address on subnet 2.2.2.0 and if 172.31.5.43 recursively resolves to 2.2.2.
Packet handling during MTU mismatch When you configure the MTU size on an interface, ensure that the MTU size of both ingress and egress interfaces are set to the same value for IPv4 traffic to work correctly. If there is an MTU mismatch between the ingress and egress interface, there may be a high CPU usage. If egress interface MTU size is smaller than the ingress interface, packets may get fragmented.
Enabling Directed Broadcast By default, the system drops directed broadcast packets destined for an interface. This default setting provides some protection against denial of service (DoS) attacks. To enable the system to receive directed broadcasts, use the following command. ● Enable directed broadcast. INTERFACE mode ip directed-broadcast To view the configuration, use the show config command in INTERFACE mode. Resolution of Host Names Domain name service (DNS) maps host names to IP addresses.
Specifying the Local System Domain and a List of Domains If you enter a partial domain, the system can search different domains to finish or fully qualify that partial domain. A fully qualified domain name (FQDN) is any name that is terminated with a period/dot. The Dell Networking OS searches the host table first to resolve the partial domain. The host table contains both statically configured and dynamically learnt host and IP addresses.
ARP The Dell Networking OS uses two forms of address resolution: address resolution protocol (ARP) and Proxy ARP. ARP runs over Ethernet and enables endstations to learn the MAC addresses of neighbors on an IP network. Over time, the system creates a forwarding table mapping the MAC addresses to their corresponding IP address. This table is called the ARP Cache and dynamically learned addresses are removed after a defined period of time.
● Re-enable Proxy ARP. INTERFACE mode ip proxy-arp To view if Proxy ARP is enabled on the interface, use the show config command in INTERFACE mode. If it is not listed in the show config command output, it is enabled. Only non-default information is displayed in the show config command output. Clearing ARP Cache To clear the ARP cache of dynamically learnt ARP information, use the following command. ● Clear the ARP caches for all interfaces or for a specific interface by entering the following information.
Figure 52. ARP Learning via ARP Request Beginning with the Dell Networking OS version 8.3.1.0, when you enable ARP learning via gratuitous ARP, the system installs a new ARP entry, or updates an existing entry for all received ARP requests. Figure 53. ARP Learning via ARP Request with ARP Learning via Gratuitous ARP Enabled Whether you enable or disable ARP learning via gratuitous ARP, the system does not look up the target IP.
The default is 30. The range is from 1 to 3600. ● Display all ARP entries learned via gratuitous ARP. EXEC Privilege mode show arp retries ICMP For diagnostics, the internet control message protocol (ICMP) provides routing information to end stations by choosing the best route (ICMP redirect messages) or determining if a router is reachable (ICMP Echo or Echo Reply). ICMP error messages inform the router of problems in a particular packet. These messages are sent only on unicast traffic.
Figure 54. ICMP Redirect Host H is connected to the same Ethernet segment as SW1 and SW2. SW1 and SW2 are multi-layer switches which can route packets. The default gateway of Host H is configured as SW1. Although the best route to the remote branch office host may be through SW2, Host H sends a packet destined for Host R to its default gateway — SW1.
○ UDP broadcast traffic with port number 67 or 68 are unicast to the dynamic host configuration protocol (DHCP) server per the ip helper-address configuration whether or not the UDP port list contains those ports. ○ If the UDP port list contains ports 67 or 68, UDP broadcast traffic is forwarded on those ports. Enabling UDP Helper To enable UDP helper, use the following command. ● Enable UPD helper.
Figure 55. UDP Helper with Broadcast-All Addresses UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matches the subnet broadcast address of any interface, the system changes the address to the configured broadcast address and sends it to matching interface. In the following illustration, Packet 1 has the destination IP address 1.1.1.255, which matches the subnet broadcast address of VLAN 101.
Figure 57. UDP Helper with Configured Broadcast Addresses UDP Helper with No Configured Broadcast Addresses The following describes UDP helper with no broadcast addresses configured. ● If the incoming packet has a broadcast destination IP address, the unaltered packet is routed to all Layer 3 interfaces. ● If the Incoming packet has a destination IP address that matches the subnet broadcast address of any interface, the unaltered packet is routed to the matching interfaces.
27 IPv6 Routing Internet protocol version 6 (IPv6) routing is the successor to IPv4. Due to the rapid growth in internet users and IP addresses, IPv4 is reaching its maximum usage. IPv6 will eventually replace IPv4 usage to allow for the constant expansion. This chapter provides a brief description of the differences between IPv4 and IPv6, and the Dell Networking support of IPv6. This chapter is not intended to be a comprehensive description of IPv6.
● Prefix Advertisement — Routers use “Router Advertisement” messages to announce the network prefix. Hosts then use their interface-identifier MAC address to generate their own valid IPv6 address. ● Duplicate Address Detection (DAD) — Before configuring its IPv6 address, an IPv6 host node device checks whether that address is used anywhere on the network using this mechanism. ● Prefix Renumbering — Useful in transparent renumbering of hosts in the network when an organization changes its service provider.
IPv6 Header Fields The 40 bytes of the IPv6 header are ordered, as shown in the following illustration. Figure 58. IPv6 Header Fields Version (4 bits) The Version field always contains the number 6, referring to the packet’s IP version. Traffic Class (8 bits) The Traffic Class field deals with any data that needs special handling. These bits define the packet priority and are defined by the packet Source. Sending and forwarding routers use this field to identify different IPv6 classes and priorities.
Value Description 8 Exterior Gateway Protocol (EGP) 41 IPv6 43 Routing header 44 Fragmentation header 50 Encrypted Security 51 Authentication header 59 No Next Header 60 Destinations option header NOTE: This table is not a comprehensive list of Next Header field values. For a complete and current listing, refer to the Internet Assigned Numbers Authority (IANA) web page. Hop Limit (8 bits) The Hop Limit field shows the number of hops remaining for packet processing.
When a Hop-by-Hop Options header is present, the router only needs this extension header and does not need to take the time to view further into the packet. The Hop-by-Hop Options header contains: ● Next Header (1 byte) This field identifies the type of header following the Hop-by-Hop Options header and uses the same values. ● Header Extension Length (1 byte) This field identifies the length of the Hop-by-Hop Options header in 8-byte units, but does not include the first 8 bytes.
Static and Dynamic Addressing Static IPv6 addresses are manually assigned to a computer by an administrator. Dynamic IPv6 addresses are assigned either randomly or by a server using dynamic host configuration protocol (DHCP). Even though IPv6 addresses assigned using DHCP may stay the same for long periods of time, they can change. In some cases, a network administrator may implement dynamically assigned static IPv6 addresses.
Table 29. Feature Details (continued) Feature and Functionality Dell Networking OS Release Introduction Documentation and Chapter Location ISIS for IPv6 support for distribute lists and administrative distance 9.9(0.0) Intermediate System to Intermediate System (IS-IS) OSPF for IPv6 (OSPFv3) 9.9(0.0) Equal Cost Multipath for IPv6 9.9(0.0) IPv6 Services and Management 9.9(0.0) Telnet client over IPv6 (outbound Telnet) 9.9(0.0) IPv6 IS-IS in the Dell Networking OS Command Line Reference Guide.
ICMPv6 Dell Networking OS supports ICMPv6. ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Similar to IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting. The Dell Networking OS implementation of ICMPv6 is based on RFC 4443. Generally, ICMPv6 uses two message types: ● Error reporting messages indicate when the forwarding or delivery of the packet failed at the destination or intermediate node.
nodes. Using these messages, an IPv6 device learns the link-layer addresses for neighbors known to reside on attached links, quickly purging cached values that become invalid. NOTE: If a neighboring node does not have an IPv6 address assigned, it must be manually pinged to allow the IPv6 device to determine the relationship of the neighboring node.
The lifetime parameter configures the amount of time the IPv6 host can use the IPv6 RDNSS address for name resolution. The lifetime range is 0 to 4294967295 seconds. When the maximum lifetime value, 4294967295, or the infinite keyword is specified, the lifetime to use the RDNSS address does not expire. A value of 0 indicates to the host that the RDNSS address should not be used. You must specify a lifetime using the lifetime or infinite parameter.
messages) are sent towards the RP and data is sent from senders to the RP so receivers can discover who are the senders and begin receiving traffic destined to the multicast group. For more information, refer to the Neighbor Discovery Protocol (NDP), Multicast IPv6, and Protocol Independent Multicast (IPv6) chapters in the Dell Networking OS Command Line Interface Reference Guide. Configuration Task List for IPv6 The following are configuration tasks for the IPv6 protocol.
Assigning an IPv6 Address to an Interface Dell Networking OS supports IPv6 addresses. Essentially, IPv6 is enabled in the Dell Networking OS simply by assigning IPv6 addresses to individual router interfaces. You can use IPv6 and IPv4 together on a system, but be sure to differentiate that usage carefully. To assign an IPv6 address to an interface, use the ipv6 address command.
● Enter the IPv6 Address for the device. EXEC mode or EXEC Privileged mode telnet ipv6 address ○ ipv6 address: x:x:x:x::x ○ mask: prefix length is from 0 to 128. NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing. SNMP over IPv6 Dell Networking OS supports the simple network management protocol (SNMP).
○ ○ ○ ○ ○ ○ For For For For For For all brief summary of IPv6 status and configuration, enter the keyword brief. all IPv6 configured interfaces, enter the keyword configured. a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. a loopback interface, enter the keyword loopback then the loopback number. a port-channel interface, enter the keywords port-channel then the port-channel number. a VLAN interface, enter the keyword vlan then the VLAN ID.
via 2222:2222:3333:3333::1, Gi 9/1, 00:03:16 9999:9999:9999:9999::/64 [1/0] via 8888:9999:5555:6666:1111:2222:3333:4444, 00:03:16 S Showing the Running-Configuration for an Interface To view the configuration for any interface, use the following command. ● Show the currently running configuration for the specified interface.
Secure Shell (SSH) Over an IPv6 Transport Dell Networking OS supports IPv6 secure shell (SSH). The Dell Networking OS supports both inbound and outbound SSH sessions using IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide.
28 iSCSI Optimization An Aggregator enables internet small computer system interface (iSCSI) optimization with default iSCSI parameter settings(Default iSCSI Optimization Values) and is auto-provisioned to support: iSCSI Optimization: Operation To display information on iSCSI configuration and sessions, use show commands. iSCSI optimization enables quality-of-service (QoS) treatment for iSCSI traffic.
The following figure shows iSCSI optimization between servers in a server enclosure and a storage array in which an Aggregator connects installed servers (iSCSI initiators) to a storage array (iSCSI targets) in a SAN network. iSCSI optimization running on the Aggregator is configured to use dot1p priority-queue assignments to ensure that iSCSI traffic in these sessions receives priority treatment when forwarded on Aggregator hardware. Figure 61.
● Target’s IQN ● Initiator’s TCP Port ● Target’s TCP Port If no iSCSI traffic is detected for a session during a user-configurable aging period, the session data clears. Synchronizing iSCSI Sessions Learned on VLT-Lags with VLT-Peer The following behavior occurs during synchronization of iSCSI sessions. ● If the iSCSI login request packet is received on a port belonging to a VLT lag, the information is synced to the VLT peer and the connection is associated with this interface.
If multiple IP addresses are mapped to a single TCP port, use the no iscsi target port command to remove all IP addresses assigned to the TCP port number. To remove a single IP address from the TCP port, use the no iscsi target port ip-address command. 3. (Optional) Set the QoS policy that is applied to the iSCSI flows.
Displaying iSCSI Optimization Information To display information on iSCSI optimization, use the show commands detailed in the below table: Table 30. Displaying iSCSI Optimization Information Command Output show iscsi Displays the currently configured iSCSI settings. show iscsi sessions Displays information on active iSCSI sessions on the switch that have been established since the last reload.
Up Time:00:00:01:22(DD:HH:MM:SS) Time for aging out:00:00:09:31(DD:HH:MM:SS) ISID:806978696102 Initiator Initiator Target Target IP Address TCP Port IP Address TCPPort 10.10.0.53 33432 10.10.0.
29 Intermediate System to Intermediate System Dell Networking OS supports intermediate system to intermediate system (IS-IS). ● The IS-IS protocol is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. ● The IS-IS protocol standards are listed in the Standards Compliance chapter.
● N-selector — this is always 0. The following illustration is an example of the ISO-style address to show the address format IS-IS uses. In this example, the first five bytes (47.0005.0001) are the area address. The system portion is 000c.000a.4321 and the last byte is always 0. Figure 62. ISO Address Format Multi-Topology IS-IS Multi-topology IS-IS (MT IS-IS) allows you to create multiple IS-IS topologies on a single router with separate databases.
Interface Support MT IS-IS is supported on physical Ethernet interfaces, physical synchronous optical network technologies (SONET) interfaces, port-channel interfaces (static and dynamic using LACP), and virtual local area network (VLAN) interfaces. Adjacencies Adjacencies on point-to-point interfaces are formed as usual, where IS-IS routers do not implement MT extensions.
new TLVs are IPv6 Reachability and IPv6 Interface Address. Also, a new IPv6 protocol identifier has also been included in the supported TLVs. The new TLVs use the extended metrics and up/down bit semantics. Multi-topology IS-IS adds TLVs: ● MT TLV — contains one or more Multi-Topology IDs in which the router participates. This TLV is included in IIH and the first fragment of an LSP. ● MT Intermediate Systems TLV — appears for every topology a node supports.
● ● ● ● ● ● ● ● Changing LSP Attributes Configuring the IS-IS Metric Style Configuring the IS-IS Cost Changing the IS-Type Controlling Routing Updates Configuring Authentication Passwords Setting the Overload Bit Debugging IS-IS Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address.
The IPv6 address must be on the same subnet as other IS-IS neighbors, but the IP address does not need to relate to the NET address. 6. Enable IS-IS on the IPv4 interface. ROUTER ISIS mode ip router isis [tag] If you configure a tag variable, it must be the same as the tag variable assigned in step 1. 7. Enable IS-IS on the IPv6 interface. ROUTER ISIS mode ipv6 router isis [tag] If you configure a tag variable, it must be the same as the tag variable assigned in step 1. The default IS type is level-1-2.
● A Level 2 router becomes a neighbor with another Level 2 router regardless of the area address configured. However, if the area addresses are different, the link between the Level 2 routers is only at Level 2. Configuring Multi-Topology IS-IS (MT IS-IS) To configure multi-topology IS-IS (MT IS-IS), use the following commands. 1. Enable multi-topology IS-IS for IPv6.
○ interval: wait time (the range is from 5 to 120. The default is 5.) ○ retry-times: number of times an unacknowledged restart request is sent before the restarting router gives up the graceful restart engagement with the neighbor. (The range is from 1 to 10 attempts. The default is 1.) ● Configure the time for the graceful restart timer T2 that a restarting router uses as the wait time for each database to synchronize.
To view all interfaces configured with IS-IS routing along with the defaults, use the show isis interface command in EXEC Privilege mode. Dell#show isis interface G1/34 GigabitEthernet 2/10 is up, line protocol is up MTU 1497, Encapsulation SAP Routing Protocol: IS-IS Circuit Type: Level-1-2 Interface Index 0x62cc03a, Local circuit ID 1 Level-1 Metric: 10, Priority: 64, Circuit ID: 0000.0000.000B.
net 47.0005.0001.000C.000A.4321.00 net 51.0005.0001.000C.000A.4321.00 Dell# Configuring the IS-IS Metric Style All IS-IS links or interfaces are associated with a cost that is used in the shortest path first (SPF) calculations. The possible cost varies depending on the metric style supported. If you configure narrow, transition, or narrow transition metric style, the cost can be a number between 0 and 63.
Accept wide metrics: Dell# none Configuring the IS-IS Cost When you change from one IS-IS metric style to another, the IS-IS metric value could be affected. For each interface with IS-IS enabled, you can assign a cost or metric that is used in the link state calculation. To change the metric or cost of the interface, use the following commands. ● Assign an IS-IS metric.
Default is level-1-2. ● Change the IS-type for the IS-IS process. ROUTER ISIS mode is-type {level-1 | level-1-2 | level-2} To view which IS-type is configured, use the show isis protocol command in EXEC Privilege mode. The show config command in ROUTER ISIS mode displays only non-default information, so if you do not change the IS-type, the default value (level-1-2) is not displayed. The default is Level 1-2 router.
○ ○ ○ ○ ○ Enter the type of interface and slot/port information: For the Loopback interface on the RPM, enter the keyword loopback then a number from 0 to 16383. For a port channel, enter the keywords port-channel then a number from 1 to 255. For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. For a VLAN, enter the keyword vlan then a number from 1 to 4094. ● Apply a configured prefix list to all outgoing IPv4 IS-IS routes.
Redistributing IPv4 Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the IS-IS process. With the redistribute command syntax, you can include BGP, OSPF, RIP, static, or directly connected routes in the IS-IS process. NOTE: Do not route iBGP routes to IS-IS unless there are route-maps associated with the IS-IS redistribution. To add routes from other routing instances or protocols, use the following commands.
○ ○ ○ ○ ○ ○ level-1, level-1-2, or level-2: assign all redistributed routes to a level. The default is level-2. metric value: the range is from 0 to 16777215. The default is 0. match external: the range is 1 or 2. match internal metric-type: external or internal. map-name: name of a configured route map. To view the IS-IS configuration globally (including both IPv4 and IPv6 settings), use the show running-config isis command in EXEC Privilege mode.
B233.00-00 0x00000003 0x07BF eljefe.00-00 * 0x0000000A 0xF963 eljefe.01-00 * 0x00000001 0x68DF eljefe.02-00 * 0x00000001 0x2E7F Dell.00-00 0x00000002 0xD1A7 IS-IS Level-2 Link State Database LSPID LSP Seq Num LSP Checksum B233.00-00 0x00000006 0xC38A eljefe.00-00 * 0x0000000E 0x53BF eljefe.01-00 * 0x00000001 0x68DF eljefe.02-00 * 0x00000001 0x2E7F Dell.
IS-IS Metric Styles The following sections provide additional information about the IS-IS metric styles.
Table 33. Metric Value When the Metric Style Changes (continued) Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value to 63 because the higher value is not supported. wide narrow transition default value (10) if the original value is greater than 63. A message is sent to the console.
Table 34. Metric Value when the Metric Style Changes Multiple Times (continued) Beginning Metric Style Next Metric Style Resulting Metric Value Next Metric Style Final Metric Value wide transition transition truncated value narrow transition default value (10). A message is sent to the logging buffer Leaks from One Level to Another In the following scenarios, each IS-IS level is configured with a different metric style. Table 35.
NOTE: Whenever you make IS-IS configuration changes, clear the IS-IS process (re-started) using the clear isis command. The clear isis command must include the tag for the ISIS process. The following example shows the response from the router: Dell#clear isis * % ISIS not enabled. Dell#clear isis 9999 * You can configure IPv6 IS-IS routes in one of the following three different methods: ● Congruent Topology — You must configure both IPv4 and IPv6 addresses on the interface.
R1(conf-if-gi-1/21)#isis network point-to-point R1(conf-if-gi-1/21)#ip router isis 9999 R1(conf-if-gi-1/21)#no shutdown R1(conf-if-gi-1/21)#interface GigabitEthernet 1/34 R1(conf-if-gi-1/34)# ip address 10.0.13.
Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is 172.21.212.1 to network 0.0.0.0 Destination ----------*S 0.0.0.0/0 C 10.0.12.
C C C S S 10.0.13.0/24 10.0.23.0/24 192.168.1.0/24 192.168.1.1/32 192.168.1.2/32 Direct, Gi 3/14 Direct, Gi 3/21 Direct, Lo 0 via 10.0.13.1, Gi 3/14 via 10.0.23.2, Gi 3/21 R2#show isis data IS-IS Level-1 Link State LSPID LSP Seq Num R1.00-00 0x0000000F R1.03-00 0x00000001 R2.00-00 * 0x00000007 R2.
30 Isolated Networks for Aggregators An Isolated Network is an environment in which servers can only communicate with the uplink interfaces and not with each other even though they are part of same VLAN. If the servers in the same chassis need to communicate with each other, it requires a non-isolated network connectivity between them or it needs to be routed in the TOR. Isolated Networks can be enabled on per VLAN basis.
31 Link Aggregation Unlike IOA Automated modes (Standalone and VLT modes), the IOA Programmable MUX (PMUX) can support multiple uplink LAGs. You can provision multiple uplink LAGs. The I/O Aggregator auto-configures with link aggregation groups (LAGs) as follows: ● All uplink ports are automatically configured in a single port channel (LAG 128).
Uplink LAG When the Aggregator power is on, all uplink ports are configured in a single LAG (LAG 128). Server-Facing LAGs Server-facing ports are configured as individual ports by default. If you configure a server NIC in standalone, stacking, or VLT mode for LACP-based NIC teaming, server-facing ports are automatically configured as part of dynamic LAGs. The LAG range 1 to 127 is reserved for server-facing LAGs.
● Configuring VLAN Tags for Member Interfaces (optional) ● Deleting or Disabling a Port Channel (optional) Creating a Port Channel You can create up to 128 port channels with four port members per group on the Aggregator. To configure a port channel, use the following commands. 1. Create a port channel. CONFIGURATION mode interface port-channel id-number 2. Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown After you enable the port channel, you can place it in Layer 3 mode.
Example of the show interfaces port-channel brief Command Dell#sh int port-channel brief Codes: L - LACP Port-channel O - OpenFlow Controller Port-channel L LAG 1 Mode L2 Status up Uptime 00:00:19 L 128 L2 up 00:00:36 Dell# Ports Te 0/7 Te 0/8 Te 0/9 Te 0/10 Te 0/11 (Up) (Up) (Up) (Up) (Up) The following example shows the port channel’s mode (L2 for Layer 2 and L3 for Layer 3 and L2L3 for a Layer 2-port channel assigned to a routed VLAN), the status, and the number of interfaces belonging to th
no shutdown link-bundle-monitor enable Dell(conf-if-po-128)# Reassigning an Interface to a New Port Channel An interface can be a member of only one port channel. If the interface is a member of a port channel, remove it from the first port channel and then add it to the second port channel. Each time you add or remove a channel member from a port channel, Dell Networking OS recalculates the hash algorithm for the port channel. To reassign an interface to a new port channel, use the following commands. 1.
Configuring VLAN Tags for Member Interfaces To configure and verify VLAN tags for individual members of a port channel, perform the following: 1. Configure VLAN membership on individual ports INTERFACE mode Dell(conf-if-te-0/2)#vlan tagged 2,3-4 2. Use the switchport command in INTERFACE mode to enable Layer 2 data transmissions through an individual interface INTERFACE mode Dell(conf-if-te-0/2)#switchport This switchport configuration is allowed only in PMUX mode.
In VLT mode, the global auto LAG is automatically synced to the peer VLT through ICL message. 2. Enable the auto LAG on a specific server port. Interface Configuration mode auto-lag enable Dell(conf-if-te-0/1)# auto-lag enable To disable the auto LAG, use the no auto-lag enable command. When disabled, the server port is removed from the LAG and if the server port is the last member of the LAG, the LAG itself gets removed. Any LACPDUs received on the server port are discarded.
Sample Configuration Dell# config terminal Dell(conf)# no io-aggregator auto-lag enable Dell(conf)# end Dell# show io-aggregator auto-lag status Auto LAG creation on server port(s) is disabled Dell# Dell# config terminal Dell(config)# interface tengigabitethernet 0/1 Dell(config-if-te-0/1)# no auto-lag enable Dell(config-if-te-0/1)# show config ! interface TenGigabitEthernet 0/1 mtu 12000 portmode hybrid switchport no auto-lag enable ! protocol lldp advertise management-tlv management-address system-name dc
0 packets, 0 bytes 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics: 0 packets, 0 bytes, 0 underruns 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 throttles, 0 discarded, 0 collisions, 0 wreddrops Rate info (inte
The following log message is displayed when LACP link–falback is removed: Feb 26 15:53:32: %STKUNIT0-M:CP %SMUX-5-SMUX_LACP_PDU_RECEIVED_FROM_PEER: LACP PDU received from PEER and connectivity to PEER will be restored to Uplink Port-channel 128.
Table 36.
Rate info (interval 299 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 4 packets/sec, 0.00% of line-rate Time since last interface status change: 00:11:42 show lacp 128 Command Example Dell# show lacp 128 Port-channel 128 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e8e1.e1c3 Partner System ID: Priority 32768, Address 0001.e88b.
93 Multicasts, 42 Broadcasts, 0 Unicasts 0 throttles, 0 discarded, 0 collisions, 0 wreddrops Rate info (interval 299 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 00:12:38 show lacp 1 Command Example Dell# show lacp 1 Port-channel 1 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e8e1.e1c3 Partner System ID: Priority 65535, Address 24b6.fd87.
4. Configure the port mode, VLAN, and so forth on the port-channel. Dell#configure Dell(conf)#int port-channel 10 Dell(conf-if-po-10)#portmode hybrid Dell(conf-if-po-10)#switchport Dell(conf-if-po-10)#vlan tagged 1000 Dell(conf-if-po-10)#link-bundle-monitor enable Dell#configure Dell(conf)#int port-channel 11 Dell(conf-if-po-11)#portmode hybrid Dell(conf-if-po-11)#switchport Dell(conf-if-po-11)#vlan tagged 1000 % Error: Same VLAN cannot be added to more than one uplink port/LAG.
32 Layer 2 The Aggregator supports CLI commands to manage the MAC address table: ● Clearing the MAC Address Entries ● Displaying the MAC Address Table The Aggregator auto-configures with support for Network Interface Controller (NIC) Teaming. NOTE: On an Aggregator, all ports are configured by default as members of all (4094) VLANs, including the default VLAN. All VLANs operate in Layer 2 mode.
● Display the contents of the MAC address table. EXEC Privilege mode NOTE: This command is available only in PMUX mode. show mac-address-table [address | aging-time [vlan vlan-id]| count | dynamic | interface | static | vlan] ○ ○ ○ ○ ○ ○ ○ address: displays the specified entry. aging-time: displays the configured aging-time. count: displays the number of dynamic and static entries for all VLANs, and the total number of entries. dynamic: displays only dynamic entries.
The below fig shows a topology where two NICs have been teamed together. In this case, if the primary NIC fails, traffic switches to the secondary NIC, because they are represented by the same set of addresses. Figure 64. Redundant NOCs with NIC Teaming MAC Address Station Move When you use NIC teaming, consider that the server MAC address is originally learned on Port 0/1 of the switch (see figure below). If the NIC fails, the same MAC address is learned on Port 0/5 of the switch.
MAC Move Optimization Station-move detection takes 5000ms because this is the interval at which the detection algorithm runs.
33 Link Layer Discovery Protocol (LLDP) Link layer discovery protocol (LLDP) advertises connectivity and management from the local station to the adjacent stations on an IEEE 802 LAN. LLDP facilitates multi-vendor interoperability by using standard management tools to discover and make available a physical topology for network management. The Dell Networking operating software implementation of LLDP is based on IEEE standard 801.1ab.
Figure 66. Type, Length, Value (TLV) Segment TLVs are encapsulated in a frame called an LLDP data unit (LLDPDU), which is transmitted from one LLDP-enabled device to its LLDP-enabled neighbors. LLDP is a one-way protocol. LLDP-enabled devices (LLDP agents) can transmit and/or receive advertisements, but they cannot solicit and do not respond to advertisements. There are five types of TLVs (as shown in the below table). All types are mandatory in the construction of an LLDPDU except Optional TLVs.
Related Configuration Tasks ● ● ● ● Viewing the LLDP Configuration Configuring LLDPDU Intervals Configuring a Time to Live Debugging LLDP Important Points to Remember ● LLDP is enabled by default. ● Dell Networking systems support up to eight neighbors per interface. ● Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the maximum, the system does not configure more than 8000.
1. Enter Protocol LLDP mode. CONFIGURATION or INTERFACE mode protocol lldp 2. Enable LLDP. PROTOCOL LLDP mode no disable Disabling and Undoing LLDP To disable or undo LLDP, use the following command. ● Disable LLDP globally or for an interface. disable To undo an LLDP configuration, precede the relevant command with the keyword no. Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces.
Figure 68. Configuring LLDP Optional TLVs The Dell Networking Operating System (OS) supports the following optional TLVs: Management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Management TLVs A management TLV is an optional TLVs sub-type. This kind of TLV contains essential management information about the sender. Organizationally Specific TLVs A professional organization or a vendor can define organizationally specific TLVs.
Table 38. Optional TLV Types (continued) Type TLV Description 5 System name A user-defined alphanumeric string that identifies the system. 6 System description A user-defined alphanumeric string that identifies the system. 7 System capabilities Identifies the chassis as one or more of the following: repeater, bridge, WLAN Access Point, Router, Telephone, DOCSIS cable device, end station only, or other. 8 Management address Indicates the network address of the management interface.
LLDP-MED Capabilities TLV The LLDP-MED capabilities TLV communicates the types of TLVs that the endpoint device and the network connectivity device support. LLDP-MED network connectivity devices must transmit the Network Policies TLV. ● The value of the LLDP-MED capabilities field in the TLV is a 2–octet bitmap, each bit represents an LLDP-MED capability (as shown in the following table). ● The possible values of the LLDP-MED device type are shown in the following.
NOTE: As shown in the following table, signaling is a series of control packets that are exchanged between an endpoint device and a network connectivity device to establish and maintain a connection. These signal packets might require a different network policy than the media packets for which a connection is made. In this case, configure the signaling application. Table 41.
a different power value using the max-milliwatts option with the power inline auto | static command. Dell Networking also honors the power value (power requirement) the powered device sends when the port is configured for power inline auto. Figure 72. Extended Power via MDI TLV LLDP Operation On an Aggregator, LLDP operates as follows: ● ● ● ● ● LLDP is enabled by default. LLDPDUs are transmitted and received by default. LLDPDUs are transmitted periodically. The default interval is 30 seconds.
● If DCBX is down on the receiving interface The organizational specific TLV list is limited to store 256 entries per neighbor. If TLV entries are more than 256, then the oldest entry (of that neighbor) in the list is replaced. A syslog message appears when the organization specific unrecognized TLV list exceeds more than 205 entries (80 percent of 256) for you to take action.
● Display all of the information that neighbors are advertising.
Dell(conf-lldp)#show config ! protocol lldp hello 10 Dell(conf-lldp)# Dell(conf-lldp)#no hello Dell(conf-lldp)#show config ! protocol lldp Dell(conf-lldp)# Configuring a Time to Live The information received from a neighbor expires after a specific amount of time (measured in seconds) called a time to live (TTL). The TTL is the product of the LLDPDU transmit interval (hello) and an integer called a multiplier. The default multiplier is 4, which results in a default TTL of 120 seconds.
EXEC Privilege mode clear lldp counters [interface] Debugging LLDP You can view the TLVs that your system is sending and receiving. To view the TLVs, use the following commands. ● View a readable version of the TLVs. debug lldp brief ● View a readable version of the TLVs plus a hexadecimal version of the entire LLDPDU. debug lldp detail Figure 73. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networkings OS supports all IEEE 802.1AB MIB objects.
Table 42. LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP MIB Object Description LLDP Configuration adminStatus lldpPortConfigAdminStatus Whether you enable the local LLDP agent for transmit, receive, or both. msgTxHold lldpMessageTxHoldMultiplier Multiplier value. msgTxInterval lldpMessageTxInterval Transmit Interval value. rxInfoTTL lldpRxInfoTTL Time to live for received TLVs. txInfoTTL lldpTxInfoTTL Time to live for transmitted TLVs.
Table 43.
Table 44. LLDP 802.1 Organizationally specific TLV MIB Objects (continued) TLV Type TLV Name TLV Variable System LLDP MIB Object VLAN name length Local lldpXdot1LocVlanName Remote lldpXdot1RemVlanName Local lldpXdot1LocVlanName Remote lldpXdot1RemVlanName VLAN name Table 45.
Table 45.
34 Microsoft Network Load Balancing Network Load Balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems. NLB uses a distributed methodology or pattern to equally split and balance the network traffic load across a set of servers that are part of the cluster or group.
Limitations With Enabling NLB on Switches The following limitations apply to switches on which you configure NLB: ● The NLB unicast mode uses switch flooding to transmit all packets to all the servers that are part of the VLAN. When a large volume of traffic is processed, the clustering performance might be impacted in a small way. This limitation is applicable to switches that perform unicast flooding in the software. ● The ip vlan-flooding command applies globally across the system and for all VLANs.
CONFIGURATION mode ip vlan-flooding Multicast NLB Mode To enable a switch for multicast NLB mode of functioning, perform the following steps: 1. In the multicast mode of NLB, add a static ARP entry by entering the arp ip-address multicast-mac-address command in Global configuration mode to associate an IP address with a multicast MAC address in the switch. This setting causes the multicast MAC address to be mapped to the cluster IP address for the NLB mode of operation of the switch.
35 Multicast Source Discovery Protocol (MSDP) Dell Networking OS supports multicast source discovery protocol (MSDP). Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as border gateway protocol (BGP).
Figure 74. Multicast Source Discovery Protocol (MSDP) RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected. Figure 75.
Topics: • • • • • • • • • • • • • • • • • • Anycast RP Implementation Information Configure the Multicast Source Discovery Protocol Enabling MSDP Manage the Source-Active Cache Accept Source-Active Messages that Fail the RFP Check Specifying Source-Active Messages Limiting the Source-Active Messages from a Peer Preventing MSDP from Caching a Local Source Preventing MSDP from Caching a Remote Source Preventing MSDP from Advertising a Local Source Logging Changes in Peership States Terminating a Peership Cle
The MSDP Sample Configurations show the PIM-SM configuration in this chapter for MSDP. Also, refer to PIM SparseMode (PIM-SM). 3. Enabling MSDP. 4. Peer the RPs in each routing domain with each other. Refer to Enabling MSDP. Related Configuration Tasks The following lists related MSDP configuration tasks.
Figure 76.
Figure 77.
Figure 78.
Figure 79. Configuring MSDP Enabling MSDP Enable MSDP by peering RPs in different administrative domains. 1. Enable MSDP. CONFIGURATION mode ip multicast-msdp 2. Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source R3_E600(conf)#ip multicast-msdp R3_E600(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3_E600(conf)#do show ip msdp summary Peer Addr Local Addr State Source 192.168.0.1 192.168.0.
Multicast sources in remote domains are stored on the RP in the source-active cache (SA cache). The system does not create entries in the multicast routing table until there is a local receiver for the corresponding multicast group. R3_E600#show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.
CONFIGURATION mode clear ip msdp sa-cache [group-address | local | rejected-sa] Enabling the Rejected Source-Active Cache To cache rejected sources, use the following command. Active sources can be rejected because the RPF check failed, the SA limit is reached, the peer RP is unreachable, or the SA message has a format error. ● Cache rejected sources.
Figure 80.
Figure 81.
Figure 82.
Figure 83. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. ● Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip-address list If you do not specify an access list, the peer accepts all sources that peer advertises. All sources from RPs that the ACL denies are subject to the normal RPF check. Dell(conf)#ip msdp peer 10.0.50.
Dell#ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 3 rejected SAs received, cache-size 32766 UpTime GroupAddr SourceAddr RPAddr 00:33:18 229.0.50.64 24.0.50.64 200.0.1.50 00:33:18 229.0.50.65 24.0.50.65 200.0.1.50 00:33:18 229.0.50.66 24.0.50.66 200.0.1.50 LearnedFrom 10.0.50.2 10.0.50.2 10.0.50.2 Reason Rpf-Fail Rpf-Fail Rpf-Fail Limiting the Source-Active Messages from a Peer To limit the source-active messages from a peer, use the following commands. 1.
Preventing MSDP from Caching a Remote Source To prevent MSDP from caching a remote source, use the following commands. 1. OPTIONAL: Cache sources that the SA filter denies in the rejected SA cache. CONFIGURATION mode ip msdp cache-rejected-sa 2. Prevent the system from caching remote sources learned from a specific peer based on source and group. CONFIGURATION mode ip msdp sa-filter list out peer list ext-acl As shown in the following example, R1 is advertising source 10.11.4.2.
GroupAddr SourceAddr RPAddr LearnedFrom 239.0.0.1 10.11.4.2 192.168.0.1 local R3_E600(conf)#do show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom 239.0.0.1 10.11.4.2 192.168.0.1 192.168.0.1 Expire 70 UpTime 00:27:20 Expire 1 UpTime 00:10:29 [Router 3] R3_E600(conf)#do show ip msdp sa-cache R3_E600(conf)# To display the configured SA filters for a peer, use the show ip msdp peer command from EXEC Privilege mode.
clear ip msdp peer peer-address R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.3(639) Connect Source: Lo 0 State: Established Up/Down Time: 00:04:26 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 5/0 SAs learned from this peer: 0 SA Filtering: Input (S,G) filter: myremotefilter Output (S,G) filter: none R3_E600(conf)#do clear ip msdp peer 192.168.0.1 R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 0.0.0.
1. All the RPs serving a given group are configured with an identical anycast address. 2. Sources then register with the topologically closest RP. 3. RPs use MSDP to peer with each other using a unique address. Figure 84. MSDP with Anycast RP Configuring Anycast RP To configure anycast RP, use the following commands. 1. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address. CONFIGURATION mode interface loopback 2.
ip msdp peer 5. Advertise the network of each of the unique Loopback addresses throughout the network. ROUTER OSPF mode network Reducing Source-Active Message Flooding RPs flood source-active messages to all of their peers away from the RP. When multiple RPs exist within a domain, the RPs forward received active source information back to the originating RP, which violates the RFP rule. You can prevent this unnecessary flooding by creating a mesh-group.
ip msdp originator-id Loopback 1! ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4 ip multicast-routing ! interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown ! interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown ! interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.
network 10.11.6.0/24 area 0 network 192.168.0.3/32 area 0 redistribute static redistribute connected redistribute bgp 200 ! router bgp 200 redistribute ospf 1 neighbor 192.168.0.22 remote-as 100 neighbor 192.168.0.22 ebgp-multihop 255 neighbor 192.168.0.22 update-source Loopback 0 neighbor 192.168.0.22 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.11 connect-source Loopback 0 ip msdp peer 192.168.0.22 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.22 ! ip route 192.168.0.1/32 10.11.0.
no shutdown ! interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown ! interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip address 192.168.0.2/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.2/32 area 0 redistribute static redistribute connected redistribute bgp 100 ! router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200 neighbor 192.168.0.
ip msdp peer 192.168.0.1 connect-source Loopback 0 ! ip route 192.168.0.2/32 10.11.0.23 MSDP Sample Configuration: R4 Running-Config ip multicast-routing ! interface GigabitEthernet 4/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown ! interface GigabitEthernet 4/22 ip address 10.10.42.1/24 no shutdown ! interface GigabitEthernet 4/31 ip pim sparse-mode ip address 10.11.6.43/24 no shutdown ! interface Loopback 0 ip address 192.168.0.4/32 no shutdown ! router ospf 1 network 10.11.5.
36 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves on per-VLAN spanning tree plus (PVST+). Protocol Overview MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances. In contrast, PVST+ allows a spanning tree instance for each VLAN.
• • • • • Modifying the Interface Parameters Configuring an EdgePort Flush MAC Addresses after a Topology Change MSTP Sample Configurations Debugging and Verifying MSTP Configurations Spanning Tree Variations The Dell Networking operating system (OS) supports four variations of spanning tree, as shown in the following table. Table 46. Spanning Tree Variations Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .
Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP globally, use the following commands. When you enable MSTP, all physical, VLAN, and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of the MSTI 0. ● Within an MSTI, only one path from any bridge to any other bridge is enabled. ● Bridges block a redundant path by disabling one of the link ports. 1. Enter PROTOCOL MSTP mode. CONFIGURATION mode protocol spanning-tree mstp 2. Enable MSTP.
Port path cost 2000, Port priority 128, Port Identifier 128.374 Designated root has priority 32768, address 0001.e806.953e Designated bridge has priority 32768, address 0001.e806.953e Designated port id is 128.374, designated path cost 2000 Number of transitions to forwarding state 1 BPDU (MRecords): sent 93671, received 46843 The port isnot in the Edge port mode, bpdu filter is disabled Port 384 (TenGigabitEthernet 1/31) is alternate Discarding Port path cost 2000, Port priority 128, Port Identifier 128.
Changing the Region Name or Revision To change the region name or revision, use the following commands. ● Change the region name. PROTOCOL MSTP mode name name ● Change the region revision number. PROTOCOL MSTP mode revision number The range is from 0 to 65535. The default is 0. To view the current region name and revision, use the show spanning-tree mst configuration command from EXEC Privilege mode.
The range is from 6 to 40. The default is 20 seconds. 4. Change the max-hops parameter. PROTOCOL MSTP mode max-hops number The range is from 1 to 40. The default is 20. To view the current values for MSTP parameters, use the show running-config spanning-tree mstp command from EXEC privilege mode.
Modifying the Interface Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port. ● Port cost is a value that is based on the interface type. The greater the port cost, the less likely the port is selected to be a forwarding port. ● Port priority influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost. The following lists the default values for port cost by interface.
○ If the interface to be shut down is a port channel, all the member ports are disabled in the hardware. ○ When you add a physical port to a port channel already in the Error Disable state, the new member port is also disabled in the hardware. ○ When you remove a physical port from a port channel in the Error Disable state, the error disabled state is cleared on this physical port (the physical port is enabled in the hardware).
Figure 87. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3. Create VLANs mapped to MSTP instances tag interfaces to the VLANs.
Router 2 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3. Create VLANs mapped to MSTP instances tag interfaces to the VLANs.
! (Step 3) interface Vlan 100 no ip address tagged GigabitEthernet 3/11,21 no shutdown ! interface Vlan 200 no ip address tagged GigabitEthernet 3/11,21 no shutdown ! interface Vlan 300 no ip address tagged GigabitEthernet 3/11,21 no shutdown SFTOS Example Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3.
Debugging and Verifying MSTP Configurations To debut and verify MSTP configuration, use the following commands. ● Display BPDUs. EXEC Privilege mode debug spanning-tree mstp bpdu ● Display MSTP-triggered topology change messages. debug spanning-tree mstp events To ensure all the necessary parameters match (region name, region version, and VLAN to instance mapping), examine your individual routers. To show various portions of the MSTP configuration, use the show spanning-tree mst commands.
Rem Hops: 19, Bridge Id: 32768:0001.e8d5.cbbd 4w0d4h : INST 1: Flags: 0x78, Reg Root: 32768:0001.e806.953e, Int Root Cost: 0 Brg/Port Prio: 32768/128, Rem Hops: 19 INST 2: Flags: 0x78, Reg Root: 32768:0001.e806.953e, Int Root Cost: 0 Brg/Port Prio: 32768/128, Rem Hops: 19 The bold line in the following example shows that the MSTP routers are in different regions and are not communicating with each other.
37 Multicast Features Dell Networking OS supports multicast features.
Protocol Ethernet Address PIM-SM 01:00:5e:00:00:0d ● The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fenner-traceroute-ipm. ● Multicast is not supported on secondary IP addresses. ● Egress L3 ACL is not applied to multicast data traffic if you enable multicast routing. First Packet Forwarding for Lossless Multicast Beginning with the Dell Networking OS version version 8.3.1.0, all initial multicast packets are forwarded to receivers to achieve lossless multicast.
When the multicast route limit is reached, the system displays the following: 3w1d13h: %RPM0-P:RP2 %PIM-3-PIM_TIB_LIMIT: PIM TIB limit reached. No new routes will be learnt until TIB level falls below low watermark. 3w1d13h: %RPM0-P:RP2 %PIM-3-PIM_TIB_LIMIT: PIM TIB below low watermark. Route learning will begin. To limit the number of multicast routes, use the following command. ● Limit the total number of multicast routes on the system. CONFIGURATION mode ip multicast-limit The range if from 1 to 50000.
Figure 88. Preventing a Host from Joining a Group Table 48. Preventing a Host from Joining a Group — Description Location Description 1/21 ● ● ● ● Interface GigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.12.1/24 no shutdown 1/31 ● ● ● ● Interface GigabitEthernet 1/31 ip pim sparse-mode ip address 10.11.13.1/24 no shutdown 2/1 ● ● ● ● Interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.1.
Table 48. Preventing a Host from Joining a Group — Description (continued) Location Description ● ip address 10.11.12.2/24 ● no shutdown 2/31 ● ● ● ● Interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.1/24 no shutdown 3/1 ● ● ● ● Interface GigabitEthernet 3/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown 3/11 ● ● ● ● Interface GigabitEthernet 3/11 ip pim sparse-mode ip address 10.11.13.
Preventing a Source from Registering with the RP To prevent the PIM source DR from sending register packets to RP for the specified multicast source and group, use the following command. If the source DR never sends register packets to the RP, no hosts can ever discover the source and create a shortest path tree (SPT) to it. ● Prevent a source from transmitting to a particular group.
Table 49. Preventing a Source from Transmitting to a Group — Description (continued) Location Description ● no shutdown 1/31 ● ● ● ● Interface GigabitEthernet 1/31 ip pim sparse-mode ip address 10.11.13.1/24 no shutdown 2/1 ● ● ● ● Interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.1.1/24 no shutdown 2/11 ● ● ● ● Interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.12.2/24 no shutdown 2/31 ● ● ● ● Interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.
Excessive traffic is generated when the join process from the RP back to the source is blocked due to a new source group being permitted in the join-filter. This results in the new source becoming stuck in registering on the DR and the continuous generation of UDP-encapsulated registration messages between the DR and RP routers which are being sent to the CPU. ● Prevent the PIM SM router from creating state based on multicast source and/ or group.
Printing Multicast Traceroute (mtrace) Paths Dell EMC Networking OS supports Multicast traceroute. MTRACE is an IGMP-based tool that prints the network path that a multicast packet takes from a source to a destination, for a particular group. Dell EMC Networking OS has mtrace client and mtrace transit functionality. ● MTRACE Client — an mtrace client transmits mtrace queries and print the details from received responses.
Table 50. mtrace Command Output — Explained Command Output Description Querying reverse path for source 103.103.103.3 to destination 1.1.1.1 via group 226.0.0.3 mtrace traverses the reverse path from the given destination to the given source for the given group From source (?) to destination (?) In case the provided source or destination IP can be resolved to a hostname the corresponding name will be displayed. In cases where the IP cannot be resolved, it is displayed as (?) 0 1.1.1.
Table 51. Supported Error Codes (continued) Error Code Error Name Description 0x0A NO_MULTICAST Traceroute request arrived on an interface which is not enabled for multicast. 0x81 NO_SPACE There is not enough room to insert another response data block in the packet. mtrace Scenarios This section describes various scenarios that may result when an mtrace command is issued. The following table describes various scenarios when the mtrace command is issued: Table 52.
Table 52. Mtrace Scenarios (continued) Scenario Output --------* - Any PIM enabled interface on this node You invoke a weak mtrace request by specifying only the source without specifying the mulicast tree or multicast group information for the source. Mtrace traces a path towards the source by using the RPF neighbor at each node. R1>mtrace 103.103.103.3 Type Ctrl-C to abort. Querying reverse path for source 103.103.103.
Table 52. Mtrace Scenarios (continued) Scenario Output -2 12.12.12.1 PIM Reached RP/Core shared tree ----------------------------------------------------------------- When you issue the mtrace command with the source and multicast group information, if a multicast route is not present on a particular node, then the NO ROUTE error code is displayed on the node. In this scenario, the Source Network/Mask column for that particular node displays the the value as default.
Table 52. Mtrace Scenarios (continued) Scenario Output 6.6.6.0/24 -2 20.20.20.2 PIM 6.6.6.0/24 -3 10.10.10.1 PIM Multicast disabled 6.6.6.0/24 ----------------------------------------------------------------- If the destination provided in the command is not a valid receiver for the multicast group, the last hop router for the destination provides the WRONG LAST HOP error code. If the last-hop router contains a path to the source, the path is traced irrespective of the incorrect destination.
Table 52. Mtrace Scenarios (continued) Scenario Output |Hop| OIF IP |Proto| Forwarding Code |Source Network/Mask| ---------------------------------------------------------------0 1.1.1.1 --> Destination -1 * * * * ----------------------------------------------------------------Timed out receiving responses Perhaps no local router has a route for source, the receiver is not a member of the multicast group or the multicast ttl is too low.
Table 52. Mtrace Scenarios (continued) Scenario Output R1>mtrace 6.6.6.6 4.4.4.5 Type Ctrl-C to abort. Querying reverse path for source 6.6.6.6 to destination 4.4.4.5 via RPF From source (?) to destination (?) ---------------------------------------------------------------|Hop| OIF IP |Proto| Forwarding Code |Source Network/Mask| ---------------------------------------------------------------0 4.4.4.5 --> Destination -1 4.4.4.4 PIM 6.6.6.0/24 -2 20.20.20.2 PIM 6.6.6.0/24 -3 10.10.10.1 PIM RPF Interface 6.
38 Open Shortest Path First (OSPFv2 and OSPFv3) Dell Networking OS supports open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6). This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking operating system (OS). NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are the same between OSPFv2 and OSPFv3.
Figure 90. Autonomous System Areas Area Types The backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any AS. All other areas must connect to Area 0. An OSPF backbone is responsible for distributing routing information between areas. It consists of all area border routers, networks not wholly contained in any area, and their attached routers. The backbone is the only area with a default area number. All other areas can have their Area ID assigned in the configuration.
Router Types Router types are attributes of the OSPF process. A given physical router may be a part of one or more OSPF processes. For example, a router connected to more than one area, receiving routing from a border gateway protocol (BGP) process connected to another AS acts as both an area border router and an autonomous system router. Each router has a unique ID, written in decimal format (A.B.C.D). You do not have to associate the router ID with a valid IP address.
Area Border Router (ABR) Within an AS, an area border router (ABR) connects one or more areas to the backbone. The ABR keeps a copy of the link-state database for every area it connects to, so it may keep multiple copies of the link state database. An ABR takes information it has learned on one of its attached areas and can summarize it before sending it out on other areas it is connected to. An ABR can connect to many areas in an AS, and is considered a member of each area it connects to.
For all LSA types, there are 20-byte LSA headers. One of the fields of the LSA header is the link-state ID. Each router link is defined as one of four types: type 1, 2, 3, or 4. The LSA includes a link ID field that identifies, by the network number and mask, the object this link connects to. Depending on the type, the link ID has different meanings. ● 1: point-to-point connection to another router/neighboring router. ● 2: connection to a transit network IP address of the DR.
Figure 92. Priority and Cost Examples OSPF with the Dell Networking OS The Dell Networking OS supports up to 16,000 OSPF routes for OSPFv2. The Dell Networking OS version 7.8.1.0 and later supports multiple OSPF processes (OSPF MP). The FN IOM switch supports up to 16 processes simultaneously. On OSPFv3, the system supports only one process at a time for all platforms. Prior to the Dell Networking OS version 7.8.1.0, the system supported one OSPFv2 and one OSPFv3 process ID per system.
OSPF graceful restart understands that in a modern router, the control plane and data plane functionality are separate, restarting the control plane functionality (such as the failover of the active RPM to the backup in a redundant configuration), does not necessarily have to interrupt the forwarding of data packets.
Processing SNMP and Sending SNMP Traps Only the process in default vrf can process the SNMP requests and send SNMP traps. OSPF ACK Packing The OSPF ACK packing feature bundles multiple LS acknowledgements in a single packet, significantly reducing the number of ACK packets transmitted when the number of LSAs increases. This feature also enhances network utilization and reduces the number of small ACK packets sent to a neighboring router. OSPF ACK packing is enabled by default and non-configurable.
NOTE: By default, OSPF is disabled. Configuration Task List for OSPFv2 (OSPF for IPv4) Dell Networking OS supports open shortest path first version 2 (OSPF for IPv4).
no shutdown 3. Return to CONFIGURATION mode to enable the OSPFv2 process globally. CONFIGURATION mode router ospf process-id The range is from 0 to 65535. The OSPF process ID is the identifying number assigned to the OSPF process. The router ID is the IP address associated with the OSPF process.
network ip-address mask area area-id The IP Address Format is A.B.C.D/M. The area ID range is from 0 to 65535 or A.B.C.D/M. Enable OSPFv2 on Interfaces Enable and configure OSPFv2 on each interface (configure for Layer 3 protocol), and not shutdown. You can also assign OSPFv2 to a Loopback interface as a virtual interface. OSPF functions and features, such as MD5 Authentication, Grace Period, Authentication Wait Time, are assigned on a per interface basis.
Adjacent with neighbor 13.1.1.1 (Designated Router) Dell> Loopback interfaces also help the OSPF process. OSPF picks the highest interface address as the router-id and a Loopback interface address has a higher precedence than other interface addresses. Example of Viewing OSPF Status on a Loopback Interface Dell#show ip ospf 1 int TenGigabitEthernet 13/23 is up, line protocol is up Internet Address 10.168.0.1/24, Area 0.0.0.1 Process ID 1, Router ID 10.168.253.
2.2.2.2 3.3.3.3 Dell# 1 1 0 0 0 0 0 0 0 0 1 1 To view information on areas, use the show ip ospf process-id command in EXEC Privilege mode. Configuring LSA Throttling Timers Configured LSA timers replace the standard transmit and acceptance times for LSAs. The LSA throttling timers are configured in milliseconds, with the interval time increasing exponentially until a maximum time has been reached. If the maximum time is reached, the system continues to transmit at the max-interval.
TenGigabitEthernet 0/0 is up, line protocol is down Internet Address 10.1.2.100/24, Area 1.1.1.1 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DOWN, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 0.0.0.0 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.
Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Convergence Level 0 Min LSA origination 0 msec, Min LSA arrival 1000 msec Number of area in this router is 0, normal 0 stub 0 nssa 0 Dell# Changing OSPFv2 Parameters on Interfaces In the Dell Networking OS, you can modify the OSPF settings on the interfaces. Some interface parameter values must be consistent across all interfaces to avoid routing errors.
ip ospf transmit-delay seconds ○ seconds: the range is from 1 to 65535 (the default is 1 second). The transmit delay must be the same on all routers in the OSPF network. To view interface configurations, use the show config command in CONFIGURATION INTERFACE mode. To view interface status in the OSPF process, use the show ip ospf interface command in EXEC mode. The bold lines in the example show the change on the interface. The change is reflected in the OSPF configuration.
NOTE: By default, OSPFv2 graceful restart is disabled. To enable and configure OSPFv2 graceful restart, use the following commands. 1. Enable OSPFv2 graceful-restart globally and set the grace period. CONFIG-ROUTEROSPF- id mode graceful-restart grace-period seconds The seconds range is from 40 and 3000. This setting is the time that an OSPFv2 router’s neighbors advertises it as fully adjacent, regardless of the synchronization state, during a graceful restart.
● Create a prefix list with a sequence number and a deny or permit action. CONFIG- PREFIX LIST mode seq sequence-number {deny |permit} ip-prefix [ge min-prefix-length] [le max-prefixlength] The optional parameters are: ○ ge min-prefix-length: is the minimum prefix length to match (from 0 to 32). ○ le max-prefix-length: is the maximum prefix length to match (from 0 to 32). For configuration information about prefix lists, refer to Access Control Lists (ACLs).
● ● ● ● ● ● ● Have you enabled OSPF globally? Is the OSPF process active on the interface? Are adjacencies established correctly? Are the interfaces configured for Layer 3 correctly? Is the router in the correct area type? Have the routes been included in the OSPF database? Have the OSPF routes been included in the routing table (not just the OSPF database)? Some useful troubleshooting commands are: ● show interfaces ● show protocols ● debug IP OSPF events and/or packets ● show neighbors ● show routes To
! router ospf 90 area 2 virtual-link 4.4.4.4 area 2 virtual-link 90.90.90.90 retransmit-interval 300 ! ipv6 router ospf 999 default-information originate always router-id 10.10.10.10 Dell# Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. You can copy and paste from these examples to your CLI.
OSPF Area 0 — Gl 3/1 and 3/2 router ospf 33333 network 192.168.100.0/24 area 0 network 10.0.13.0/24 area 0 network 10.0.23.0/24 area 0 ! interface Loopback 30 ip address 192.168.100.100/24 no shutdown ! interface GigabitEthernet 3/1 ip address 10.1.13.3/24 no shutdown ! interface GigabitEthernet 3/2 ip address 10.2.13.3/24 no shutdown OSPF Area 0 — Gl 2/1 and 2/2 router ospf 22222 network 192.168.100.0/24 area 0 network 10.2.21.0/24 area 0 network 10.2.22.0/24 area 0 ! interface Loopback 20 ip address 192.
Configuration Task List for OSPFv3 (OSPF for IPv6) The configuration options of OSPFv3 are the same as those options for OSPFv2, but you may configure OSPFv3 with differently labeled commands. Specify process IDs and areas and include interfaces and addresses in the process. Define areas as stub or totally stubby. The interfaces must be in IPv6 Layer-3 mode (assigned an IPv6 IP address) and enabled so that they can send and receive traffic. The OSPF process must know about these interfaces.
2. Bring up the interface. CONF-INT-type slot/port mode no shutdown Assigning Area ID on an Interface To assign the OSPFv3 process to an interface, use the following command. The ipv6 ospf area command enables OSPFv3 on an interface and places the interface in the specified area. Additionally, the command creates the OSPFv3 process with ID on the router.
Configuring Passive-Interface To suppress the interface’s participation on an OSPFv3 interface, use the following command. This command stops the router from sending updates on that interface. ● Specify whether some or all some of the interfaces are passive. CONF-IPV6-ROUTER-OSPF mode passive-interface {type slot/port} Interface: identifies the specific interface that is passive.
Enabling OSPFv3 Graceful Restart Dell Networking OS supports graceful restart for OSPFv3. For more information about graceful restart, refer to Graceful Restart. By default, OSPFv3 graceful restart is disabled and functions only in a helper role to help restarting neighbor routers in their graceful restarts when it receives a Grace LSA. To enable OSPFv3 graceful restart, enter the ipv6 router ospf process-id command to enter OSPFv3 configuration mode.
show ipv6 ospf database database-summary Dell#show run ospf ! router ospf 1 router-id 200.1.1.1 log-adjacency-changes graceful-restart grace-period 180 network 20.1.1.0/24 area 0 network 30.1.1.0/24 area 0 ! ipv6 router ospf 1 log-adjacency-changes graceful-restart grace-period 180 Dell#show ipv6 ospf database database-summary ! OSPFv3 Router with ID (200.1.1.
IPsec is a set of protocols developed by the internet engineering task force (IETF) to support secure exchange of packets at the IP layer. IPsec supports two encryption modes: transport and tunnel. ● Transport mode — encrypts only the data portion (payload) of each packet, but leaves the header untouched. ● Tunnel mode — is more secure and encrypts both the header and payload. On the receiving side, an IPsec-compliant device decrypts each packet.
security policy at an interface or area level, specify 7 for [key-encryption-type] when you enter the ipv6 ospf authentication ipsec or ipv6 ospf encryption ipsec command.
ipv6 ospf encryption {null | ipsec spi number esp encryption-algorithm [key-encryptiontype] key authentication-algorithm [key-authentication-type] key} ○ null: causes an encryption policy configured for the area to not be inherited on the interface. ○ ipsec spi number: is the security policy index (SPI) value. The range is from 256 to 4294967295. ○ esp encryption-algorithm: specifies the encryption algorithm used with ESP. The valid values are 3DES, DES, AES-CBC, and NULL.
show crypto ipsec policy Configuring IPsec Encryption for an OSPFv3 Area To configure, remove, or display IPsec encryption in an OSPFv3 area, use the following commands. Prerequisite: Before you enable IPsec encryption in an OSPFv3 area, first enable OSPFv3 globally on the router (refer to Configuration Task List for OSPFv3 (OSPF for IPv6)). The SPI value must be unique to one IPsec security policy (authentication or encryption) on the router.
To display information on the SAs used on a specific interface, enter interface interface, where interface is one of the following values: ○ For a Port Channel interface, enter the keywords port-channel number. ○ For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. ○ For a VLAN interface, enter the keywords vlan vlan-id. The valid VLAN IDs are from 1 to 4094. In the first example, the keys are not encrypted (shown in bold).
STATUS : ACTIVE inbound esp sas outbound esp sas Interface: TenGigabitEthernet 0/1 Link Local address: fe80::201:e8ff:fe40:4d11 IPSecv6 policy name: OSPFv3-1-600 inbound ah sas outbound ah sas inbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE Troubleshooting OSPFv3 The
EXEC Privilege mode show ipv6 ospf neighbor ● View debug messages for all OSPFv3 interfaces. EXEC Privilege mode debug ipv6 ospf [event | packet] {type slot/port} ○ event: View OSPF event messages. ○ packet: View OSPF packets. ○ For a Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information (for example, passive-interface gi 2/1). ○ For a port channel, enter the keywords port-channel then a number from 1 to 255.
SNMPv2-SMI::mib-2.191.1.1.7.0 = Gauge32: 0 SNMPv2-SMI::mib-2.191.1.1.8.0 = Counter32: 10088 SNMPv2-SMI::mib-2.191.1.1.9.0 = Counter32: 10076 SNMPv2-SMI::mib-2.191.1.1.10.0 = Gauge32: 7 SNMPv2-SMI::mib-2.191.1.1.11.0 = INTEGER: -1 SNMPv2-SMI::mib-2.191.1.1.12.0 = Gauge32: 0 SNMPv2-SMI::mib-2.191.1.1.13.0 = INTEGER: 2 SNMPv2-SMI::mib-2.191.1.1.14.0 = Gauge32: 100000 SNMPv2-SMI::mib-2.191.1.1.15.0 = INTEGER: 1 SNMPv2-SMI::mib-2.191.1.1.16.0 = Gauge32: 0 SNMPv2-SMI::mib-2.191.1.1.18.
SNMPv2-SMI::mib-2.191.1.1.12.0 SNMPv2-SMI::mib-2.191.1.1.13.0 SNMPv2-SMI::mib-2.191.1.1.14.0 SNMPv2-SMI::mib-2.191.1.1.15.0 SNMPv2-SMI::mib-2.191.1.1.16.0 SNMPv2-SMI::mib-2.191.1.1.18.0 SNMPv2-SMI::mib-2.191.1.1.19.0 SNMPv2-SMI::mib-2.191.1.1.20.
39 Policy-based Routing (PBR) Dell Networking OS supports policy-based routing.
To enable a PBR, you create a Redirect List. Redirect lists are defined by rules, or routing policies.
Implementing Policy-based Routing with Dell Networking OS ● Non-contiguous bitmasks for PBR ● Hot-Lock PBR Non-contiguous bitmasks for PBR Non-contiguous bitmasks for PBR allows more granular and flexible control over routing policies. Network addresses that are in the middle of a subnet can be included or excluded. Specific bitmasks can be entered using the dotted decimal format. Non-contiguous bitmask example Dell#show ip redirect-list IP redirect-list rcl0: Defined as: seq 5 permit ip 200.200.200.
● ● ● ● ● ● ● ● ● ip-address is the Forwarding router’s address FORMAT: A.B.C.D FORMAT: slot/port ip-protocol-number or protocol-type is the type of protocol to be redirected FORMAT: 0-255 for IP protocol number, or enter protocol type source ip-address or any or host ip-address is the Source’s IP address FORMAT: A.B.C.D/NN, or ANY or HOST IP address destination ip-address or any or host ip-address is the Destination’s IP address FORMAT: A.B.C.
NOTE: Starting in release 9.4(0.0), Dell Networking OS supports the use of multiple recursive routes with the same source-address and destination-address combination in a redirect policy on an router. A recursive route is a route for which the immediate next-hop address is learned dynamically through a routing protocol and acquired through a route lookup in the routing table.
ip redirect-group test ip redirect-group xyz shutdown Dell(conf-if-te-1/0)# In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect List Configuration To view the configuration redirect list configuration, use the following command in EXEC mode: 1. View the redirect list configuration and the associated interfaces.
Showing CAM PBR Configuration Example : Dell#show cam pbr stack-unit 1 port-set 0 TCP Flag: Bit 5 - URG, Bit 4 - ACK, Bit 3 - PSH, Bit 2 - RST, Bit 1 - SYN, Bit 0 - FIN Cam Port VlanID Proto Tcp Src Dst SrcIp DstIp Next-hop Egress Index Flag Port Port MAC Port ---------------------------------------------------------------------------------------------------------------06080 0 N/A IP 0x0 0 0 200.200.200.200 200.200.200.200 199.199.199.199 199.199.199.199 N/A NA 06081 0 N/A TCP 0x10 0 40 234.234.234.234 255.
EXEC mode show cam pbr show cam-usage List the redirect list configuration using the show ip redirect-list redirect-list-name command. The noncontiguous mask displays in dotted format (x.x.x.x). The contiguous mask displays in /x format. Use the show ip redirect-list (without the list name) to display all the redirect-lists configured on the device.
Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-3/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/24 any EDGE_ROUTER(conf-redirect-list)# seq 15 permit ip any any EDGE_ROUTER(conf-redirect-list)#show config ! ip redirect-list GOLD description Route GOLD traffic to ISP_GOLD. seq 5 redirect 10.99.99.254 ip 192.
Dell(conf-redirect-list)#redirect 43.1.1.2 track 4 ip host 7.7.7.7 host 144.144.144.144 Dell(conf-redirect-list)#end Verify the Status of the Track Objects (Up/Down): Dell#show track brief ResId 1 2 3 4 Resource Interface ip routing Interface ipv6 routing IP Host reachability IP Host reachability Parameter Tunnel 1 Tunnel 2 42.1.1.2/32 43.1.1.
Create Track Objects to track the Tunnel Interfaces: Dell#configure terminal Dell(conf)#track 1 interface tunnel 1 ip routing Dell(conf-track-1)#exit Dell(conf)#track 2 interface tunnel 2 ipv6 routing Dell(conf-track-2)#end Verify the Status of the Track Objects (Up/Down): Dell#show track brief ResId 1 2 Dell# Resource Interface ip routing Interface ipv6 routing Parameter Tunnel 1 Tunnel 2 State Up Up LastChange 00:00:00 00:00:00 Create a Redirect-list with Track Objects pertaining to Tunnel Interfaces
40 PIM Sparse-Mode (PIM-SM) Dell Networking OS supports protocol-independent multicast sparse-mode (PIM-SM). PIM-SM is a multicast protocol that forwards multicast traffic to a subnet only after a request using a PIM Join message; this behavior is the opposite of PIM-Dense mode, which forwards multicast traffic to all subnets until a request to stop.
2. The last-hop DR sends a PIM Join message to the RP. All routers along the way, including the RP, create an (*,G) entry in their multicast routing table, and the interface on which the message was received becomes the outgoing interface associated with the (*,G) entry. This process constructs an RPT branch to the RP. 3. If a host on the same subnet as another multicast receiver sends an IGMP report for the same multicast group, the gateway takes no action.
CONFIGURATION mode ip multicast-routing Related Configuration Tasks The following are related PIM-SM configuration tasks. ● ● ● ● Configuring S,G Expiry Timers Configuring a Static Rendezvous Point Configuring a Designated Router Creating Multicast Boundaries and Domains Enable PIM-SM You must enable PIM-SM on each participating interface. 1. Enable multicast routing on the system. CONFIGURATION mode ip multicast-routing 2. Enable PIM-Sparse mode.
(10.87.31.5, 192.1.2.1), uptime 00:01:24, expires 00:02:26, flags: FT Incoming interface: GigabitEthernet 7/11, RPF neighbor 0.0.0.0 Outgoing interface list: GigabitEthernet 4/11 GigabitEthernet 4/12 GigabitEthernet 7/13 --More-- Configuring S,G Expiry Timers By default, S, G entries expire in 210 seconds. You can configure a global expiry time (for all [S,G] entries) or configure an expiry time for a particular entry.
Configuring a Static Rendezvous Point The rendezvous point (RP) is a PIM-enabled interface on a router that acts as the root a group-specific tree; every group must have an RP. ● Identify an RP by the IP address of a PIM-enabled or Loopback interface. ip pim rp-address Dell#sh run int loop0 ! interface Loopback 0 ip address 1.1.1.1/32 ip pim sparse-mode no shutdown Dell#sh run pim ! ip pim rp-address 1.1.1.1 group-address 224.0.0.
EXEC Privilege mode show ip pim interface Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM multicast border routers (PMBRs). PMBRs connect each PIM domain to the rest of the Internet. Create multicast boundaries and domains by filtering inbound and outbound bootstrap router (BSR) messages per interface.
41 PIM Source-Specific Mode (PIM-SSM) Dell Networking OS supports PIM source-specific mode (PIM-SSM). PIM-SSM is a multicast protocol that forwards multicast traffic from a single source to a subnet. In the other versions of protocol independent multicast (PIM), a receiver subscribes to a group only. The receiver receives traffic not just from the source in which it is interested but from all sources sending to that group.
● Extended ACLs cannot be used for configuring SSM range. Be sure to create the ACL first and then apply it to the SSM range. ● The default range is always supported, so range can never be smaller than the default. Enabling PIM-SSM To enable PIM-SSM, follow these steps. 1. Create an ACL that uses permit rules to specify what range of addresses should use SSM. CONFIGURATION mode ip access-list standard name 2. Enter the ip pim ssm-range command and specify the ACL you created.
ip pim rp-address 10.11.12.2 group-address 224.0.0.0/4 ip pim ssm-range ssm R1(conf)#do show run acl ! ip access-list standard map seq 5 permit host 239.0.0.2 ! ip access-list standard ssm seq 5 permit host 239.0.0.2 R1(conf)#ip igmp ssm-map map 10.11.5.2 R1(conf)#do show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Mode Uptime Expires 239.0.0.2 Vlan 300 IGMPv2-Compat 00:00:07 Never Member Ports: Gi 1/1 239.0.0.1 Vlan 400 INCLUDE 00:00:10 Never 10.11.4.
3. The BSR collects the most efficient group-to-RP mappings and periodically updates it to all PIM routes in the network. 4. The BSR floods the RP-Set throughout the domain periodically in case new C-RPs are announced, or an RP failure occurs. Constraints 1. When a multicast group range is removed from the ACL group list, the E-BSR sends the advertisements to the group with hold-time as 0 only when the C-RP timer expires. Till the timer expires, the C-RP will act as a RP for that multicast group. 2.
Enabling RP to Server Specific Multicast Groups When you configure an RP candidate, its advertisement is sent to the entire multicast address range and the group-to-RP mapping is advertised for the entire range of multicast address. Starting with Dell EMC Networking OS 9.11.0.0, you can configure an RP candidate for a specified range of multicast group address. The Configured multicast group ranges are used by the BSR protocol to advertise the candidate RPs in the bootstrap messages.
42 Port Monitoring The Aggregator supports user-configured port monitoring. See Configuring Port Monitoring for the configuration commands to use. Port monitoring copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG).
To display information on currently configured port-monitoring sessions, use the show monitor session command from EXEC Privilege mode.
Dell(conf-mon-sess-2)#source tengig 0/1 destination tengig 0/9 direction both % Error: MD port is already being monitored. NOTE: There is no limit to the number of monitoring sessions per system, provided that there are only four destination ports per port-pipe. If each monitoring session has a unique destination port, the maximum number of session is four per port-pipe.
Remote Port Mirroring Example Remote port mirroring uses the analyzers shown in the aggregation network in Site A. The VLAN traffic on monitored links from the access network is tagged and assigned to a dedicated L2 VLAN. Monitored links are configured in two source sessions shown with orange and green circles. Each source session uses a separate reserved VLAN to transmit mirrored packets (mirrored source-session traffic is shown with an orange or green circle with a blue border).
● Reserved Vlan cannot have untagged ports. In the reserved L2 VLAN used for remote port mirroring: ● MAC address learning in the reserved VLAN is automatically disabled. ● The reserved VLAN for remote port mirroring can be automatically configured in intermediate switches by using GVRP. ● There is no restriction on the VLAN IDs used for the reserved remote-mirroring VLAN. Valid VLAN IDs are from 2 to 4094. The default VLAN ID is not supported.
source Port-channel 10 destination remote-vlan 300 direction rx no disable To display the currently configured source and destination sessions for remote port mirroring on a switch, enter the show monitor session command in EXEC Privilege mode.
NOTE: On a source switch on which you configure source ports for remote port mirroring, you can add only one port to the dedicated RPM VLAN which is used to transport mirrored traffic. You can configure multiple ports for the dedicated RPM VLAN on intermediate and destination switches. 4 Repeat 1 & 3 Step On source, intermediate, and destination switches on which mirrored traffic in the reserved L2 VLAN is transmitted.
single VLAN on the source port(s). Range: 1-4094. vlan range vlanlist selects traffic from multiple VLANs on the source port(s). In the VLAN list, separate VLAN IDs by a comma and space: vlan range vlan-id, vlan-id, vlan-id vlan range vlan-range selects traffic from a range of VLANs on the source port(s). Enter the VLAN range in the format: vlan range first_vlanID last_vlanID A space is required before and after the dash (-).
2 source remote-vlan vlan-id destination {single-interface | range {interface-list | interfacerange | mixed-interface-list}} MONITOR SESSION Associate the RPM VLAN used to transport mirrored traffic with this destination session and configure the destination ports to which an analyzer is a connected.
Configuring a RSPAN VLAN for RPM Following are the steps for configuring a RSPAN VLAN for RPM. You must repeat the below mentioned steps on source, intermediate, and destination switches. 1. Enter global configuration mode. EXEC mode configure terminal 2. Create a VLAN to transport mirrored traffic in RPM. CONFIGURATION mode interface vlan vlan-id 3. Configure the RSPAN VLAN to be used to transport mirrored traffic in RPM. VLAN INTERFACE mode mode remote-port-mirroring 4.
MONITOR SESSION mode tagged destination interface To configure destination ports as untagged ports, enter the untagged destinationcommand. Configuration Example of Remote Port Mirroring This example provides a sample configuration of remote port mirroring (RPM) on a source switch, an intermediate switch, and a destination switch based on the following illustration. Figure 96.
The below configuration example shows that the source is a source port-channel and the destination is the reserved VLAN (for example, remote-vlan 30). Configuring Remote Port Mirroring on an intermediate switch Following is a sample configuration of RPM on an intermediate switch. Configuring Remote Port Mirroring on a Destination switch Following is a sample configuration of RPM on a destination switch.
Table 55. Configuration steps for ERPM (continued) 5 no flow-based enable ERPM to be performed on a flow-by-flow basis or if you configure a VLAN source interface. Enter the no flow-based command to disable flow-based ERPM. 6 no disable Enter the no disable command to enable the ERPM session.
43 Private VLANs (PVLAN) Dell Networking OS supports private VLAN (PVLAN) feature. For syntax details about the commands described in this chapter, refer to the Private VLANs commands chapter in the Dell Networking OS Command Line Reference Guide. Private VLANs extend the Dell Networking operating system (OS) security suite by providing Layer 2 isolation between ports within the same virtual local area network (VLAN).
● Isolated port — a port that, in Layer 2, can only communicate with promiscuous ports that are in the same PVLAN. ● Promiscuous port — a port that is allowed to communicate with any other port type in the PVLAN: ○ A promiscuous port can be part of more than one primary VLAN. ○ A promiscuous port cannot be added to a regular VLAN. ● Trunk port — carries traffic between switches: ○ A trunk port in a PVLAN is always tagged. ○ In tagged mode, the trunk port carries the primary or secondary VLAN traffic.
● Creating a Primary VLAN ● Creating a Community VLAN ● Creating an Isolated VLAN Creating PVLAN ports PVLAN ports are those that will be assigned to the PVLAN. 1. Access INTERFACE mode for the port that you want to assign to a PVLAN. CONFIGURATION mode interface interface 2. Enable the port. INTERFACE mode no shutdown 3. Set the port in Layer 2 mode. INTERFACE mode switchport 4. Select the PVLAN mode.
INTERFACE VLAN mode private-vlan mode primary 4. Map secondary VLANs to the selected primary VLAN. INTERFACE VLAN mode private-vlan mapping secondary-vlan vlan-list The list of secondary VLANs can be: ● Specified in comma-delimited (VLAN-ID,VLAN-ID) or hyphenated-range format (VLAN-ID-VLAN-ID). ● Specified with this command even before they have been created. ● Amended by specifying the new secondary VLAN to be added to the list. 5. Add promiscuous ports as tagged or untagged interfaces.
1. Access INTERFACE VLAN mode for the VLAN that you want to make an isolated VLAN. CONFIGURATION mode interface vlan vlan-id 2. Enable the VLAN. INTERFACE VLAN mode no shutdown 3. Set the PVLAN mode of the selected VLAN to isolated. INTERFACE VLAN mode private-vlan mode isolated 4. Add one or more host ports to the VLAN.
Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 97. Sample Private VLAN Topology The following configuration is based on the example diagram for the FN IOM switch: ● TenGig 0/0 and TenGig 0/23 are configured as promiscuous ports, assigned to the primary VLAN, VLAN 4000. ● TenGig 0/25 is configured as a PVLAN trunk port, also assigned to the primary VLAN 4000.
● Display the specific interface configuration. INTERFACE mode and INTERFACE VLAN mode show config ● Inspect the running-config, and, with the grep pipe option, display a specific part of the running-config. show running-config | grep string The following example shows the PVLAN parts of the running-config from the S50V switch in the topology diagram previously shown. ● Display the type and status of the configured PVLAN interfaces.
Example of Viewing Private VLAN Configuration Dell#show vlan ! interface TenGigabitEthernet 1/1 no ip address switchport switchport mode private-vlan promiscuous no keepalive no shutdown ! interface TenGigabitEthernet 1/2 no ip address switchport switchport mode private-vlan host no shutdown ! interface TenGigabitEthernet 1/3 no ip address switchport switchport mode private-vlan host no shutdown ! interface TenGigabitEthernet 1/5 no ip address switchport switchport mode private-vlan trunk no shutdown interf
44 Per-VLAN Spanning Tree Plus (PVST+) Dell Networking OS supports per-VLAN spanning tree plus (PVST+).
Figure 98. Per-VLAN Spanning Tree The Dell Networking operating system (OS) supports three other variations of spanning tree, as shown in the following table. Table 56. Spanning Tree Variations Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tree Protocol (MSTP) 802 .
3. Enable PVST+. 4. Optionally, for load balancing, select a nondefault bridge-priority for a VLAN.
Figure 99. Load Balancing with PVST+ The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root, assign bridges a low non-default value for bridge priority. To assign a bridge priority, use the following command. ● Assign a bridge priority.
BPDU sent 449, received 0 The port is not in the Edge port mode, bpdu filter is disabled Port 450 (TenGigabitEthernet 5/41) is disabled Discarding Port path cost 2000, Port priority 128, Port Identifier 128.450 Designated root has priority 32768, address 001e.c9f1.00:f3 Designated bridge has priority 32768, address 001e.c9f1.00:f3 Designated port id is 128.
Modifying Interface PVST+ Parameters You can adjust two interface parameters (port cost and port priority) to increase or decrease the probability that a port becomes a forwarding port. ● Port cost — a value that is based on the interface type. The greater the port cost, the less likely the port is selected to be a forwarding port. ● Port priority — influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost.
To enable EdgePort on an interface, use the following command. ● Enable EdgePort on an interface. INTERFACE mode spanning-tree pvst edge-port [bpduguard | shutdown-on-violation] The EdgePort status of each interface is given in the output of the show spanning-tree pvst command, as previously shown. Dell Networking OS Behavior: Regarding the bpduguard shutdown-on-violation command behavior: ● If the interface to be shut down is a port channel, all the member ports are disabled in the hardware.
Figure 100. PVST+ with Extend System ID ● Augment the bridge ID with the VLAN ID. PROTOCOL PVST mode extend system-id Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32773 (priority 32768 sys-id-ext 5), Address 0001.e832.
! tagged TenGigabitEthernet 1/22,32 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 1/22,32 no shutdown ! protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 Example of PVST+ Configuration (R2) interface TenGigabitEthernet 2/12 no ip address switchport no shutdown ! interface TenGigabitEthernet 2/32 no ip address switchport no shutdown ! interface Vlan 100 no ip address tagged TenGigabitEthernet 2/12,32 no shutdown ! interface Vlan 200 no ip address tagged TenGigab
no disable vlan 300 bridge-priority 4096 Enable BPDU Filtering globally The enabling of BPDU Filtering stops transmitting of BPDUs on the operational port fast enabled ports by default. When BPDUs are received, the spanning tree is automatically prepared. By default global bpdu filtering is disabled. Enable BPDU Filter globally to filter transmission of BPDU port fast enabled interfaces. PROTOCOL PVST mode edge-port bpdu filter default Figure 101.
45 Quality of Service (QoS) Dell Networking OS supports quality of service (QoS). Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. The switch traffic has four data queues per port. All queues are serviced using the Weighted Round Robin scheduling algorithm. You can only manage prioritize queuing on egress.
Table 58. Dell Networking OS Support for Port-Based, Policy-Based, and Multicast QoS Features (continued) Feature Direction Specify an Aggregate QoS Policy Egress QoS Rate Adjustment Strict-Priority Queueing Weighted Random Early Detection Egress Create WRED Profiles Egress Figure 102.
● ● ● ● RFC RFC RFC RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 Headers 2475, An Architecture for Differentiated Services 2597, Assured Forwarding PHB Group 2598, An Expedited Forwarding PHB You cannot configure port-based and policy-based QoS on the same interface. Port-Based QoS Configurations You can configure the following QoS features on an interface.
Honoring dot1p Priorities on Ingress Traffic By default, the Dell Networking OS does not honor dot1p priorities on ingress traffic. You can configure this feature on physical interfaces and port-channels, but you cannot configure it on individual interfaces in a port channel. You can configure service-class dynamic dot1p from CONFIGURATION mode, which applies the configuration to all interfaces. A CONFIGURATION mode service-class dynamic dot1p entry supersedes any INTERFACE entries.
rate shape ● Apply rate shaping to a queue.
! policy-map-input ecn_0_pmap service-queue 0 class-map ecn_0_cmap Applying this policy-map “ecn_0_pmap” will mark all the packets with ‘ecn == 0’ as yellow packets on queue0 (default queue). Classifying Incoming Packets Using ECN and Color-Marking Explicit Congestion Notification (ECN) is a capability that enhances WRED by marking the packets instead of causing WRED to drop them when the threshold value is exceeded.
● SYN ● PSH ● RST ● URG You can now use the ‘ecn’ match qualifier along with the above TCP flag for classification.
class-map match-any class_dscp_40 match ip access-group dscp_40_non_ecn set-color yellow match ip access-group dscp_40 ! class-map match-any class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50 ! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets: ! ip access-list standard dscp_50_ecn seq 5 permit any dscp 50 ecn 1 seq 10 permit any dscp 50 e
Policy-Based QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 103. Constructing Policy-Based QoS Configurations DSCP Color Maps This section describes how to configure color maps and how to display the color map and color map configuration.
Important Points to Remember ● All DSCP values that are not specified as yellow or red are colored green (low drop precedence). ● A DSCP value cannot be in both the yellow and red lists. Setting the red or yellow list with any DSCP value that is already in the other list results in an error and no update to that DSCP list is made. ● Each color map can only have one list of DSCP values for each color; any DSCP values previously listed for that color that are not in the new DSCP list are colored green.
summary: Displays summary information about a color policy on one or more interfaces. detail: Displays detailed color policy information on an interface interface : Enter the name of the interface that has the color policy configured. Examples for Displaying a DSCP Color Policy Display summary information about a color policy for one or more interfaces. Display summary information about a color policy for a specific interface.
Dell(conf)#interface tengig 1/0 Dell(conf-if-te-1/0)#service-policy input pmap Examples f Creating a Layer 3 IPv6 Class Map The following example matches IPv6 traffic with a DSCP value of 40. Dell(conf)# class-map match-all test Dell(conf-class-map)# match ipv6 dscp 40 The following example matches IPv4 and IPv6 traffic with a precedence value of 3.
Setting DSCP Values for Egress Packets Based on Flow Match-any Layer 3 flows may have several match criteria. All flows that match at least one of the match criteria are mapped to the same queue because they are in the same class map. Setting a DSCP value from QOS-POLICY-IN mode (refer to Setting a DSCP Value for Egress Packets) assigns the same DSCP value to all of the matching flows in the class-map. The flow-based DSCP marking feature allows you to assign different DSCP to each match criteria.
! ip access-list extended AF2 seq 5 permit ip host 23.64.0.5 any seq 10 deny ip any any Dell#show cam layer3-qos interface tengigabitethernet 2/49 Cam Port Dscp Proto Tcp Src Dst SrcIp DstIp DSCP Queue Index Flag Port Port Marking ----------------------------------------------------------------------20416 1 18 IP 0x0 0 0 23.64.0.5/32 0.0.0.0/0 20 2 20417 1 18 IP 0x0 0 0 0.0.0.0/0 0.0.0.0/0 0 20418 1 0 IP 0x0 0 0 23.64.0.2/32 0.0.0.0/0 10 1 20419 1 0 IP 0x0 0 0 0.0.0.0/0 0.0.0.0/0 0 20420 1 0 IP 0x0 0 0 23.
Setting a dot1p Value for Egress Packets Configuring Policy-Based Rate Policing To configure policy-based rate policing, use the following command. ● Configure rate police ingress traffic. QOS-POLICY-IN mode rate-police Setting a DSCP Value for Egress Packets Set the DSCP value for egress packets based on ingress QOS classification. The 6 bits that are used for DSCP are also used to identify the queue in which traffic is buffered.
Allocating Bandwidth to Queue The Dell Networking recommends pre-calculating your bandwidth requirements before creating them. Make sure you apply the QoS policy to all the four queues and that the sum of the bandwidths allocated through them is exactly 100. When you apply the QoS policies through output policy map and if the sum of the bandwidth percentages configured is below or above 100, the actual bandwidth is allocated proportionally.
Create Policy Maps There are two types of policy maps: input and output. Creating Input Policy Maps There are two types of input policy-maps: Layer 3 and Layer 2. 1. Create a Layer 3 input policy map. CONFIGURATION mode policy-map-input Create a Layer 2 input policy map by specifying the keyword layer2 with the policy-map-input command. 2.
Table 60. Default DSCP to Queue Mapping (continued) DSCP/CP hex range (XXX)xxx DSCP Definition Traditional IP Precedence Internal Queue ID DSCP/CP decimal 101XXX EF (Expedited Forwarding) CRITIC/ECP 2 32–47 100XXX AF4 (Assured Forwarding) Flash Override 2 32–47 011XXX AF3 Flash 1 16–31 010XXX AF2 Immediate 1 16–31 001XXX AF1 Priority 0 0–15 000XXX BE (Best Effort) Best Effort 0 0–15 ● Enable the trust DSCP feature.
Example of Viewing Packet Classes Based on DSCP Value ! policy-map-input input-policy service-queue 1 class-map qos-BE1 service-queue 3 class-map qos-AF3 service-queue 4 class-map qos-AF4 trust diffserv fallback ! class-map match-any qos-AF3 match ip dscp 24 match ip access-group qos-AF3-ACL ! class-map match-any qos-AF4 match ip dscp 32 match ip access-group qos-AF4-ACL ! class-map match-all qos-BE1 match ip dscp 0 match ip access-group qos-BE1-ACL The packet classification logic for the configuration show
CONFIGURATION mode service-class bandwidth-percentage Applying an Input Policy Map to an Interface To apply an input policy map to an interface, use the following command. You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it. ● You cannot apply an input Layer 2 QoS policy on an interface you also configure with the vlan-stack access command.
Enabling QoS Rate Adjustment By default, while rate limiting, policing, and shaping, the Dell Networking OS does not include the Preamble, SFD, or the IFG fields. These fields are overhead; only the fields from MAC destination address to the CRC are used for forwarding and are included in these rate metering calculations.
Figure 104. Packet Drop Rate for WRED You can create a custom WRED profile or use one of the five pre-defined profiles. Table 62. Pre-Defined WRED Profiles Default Profile Name Minimum Threshold Maximum Threshold Maximum Drop Rate wred_drop 0 0 100 wred_teng_y 467 4671 100 wred_teng_g 467 4671 50 Creating WRED Profiles To create WRED profiles, use the following commands. 1. Create a WRED profile. CONFIGURATION mode wred-profile 2. Specify the minimum and maximum threshold values.
Displaying Default and Configured WRED Profiles To display the default and configured WRED profiles, use the following command. ● Display default and configured WRED profiles and their threshold values. EXEC mode show qos wred-profile Dell#show qos wred-profile Wred-profile-name wred_drop wred_teng_y wred_teng_g 0 Dell# min-threshold 0 467 467 max-threshold 0 4671 4671 max-drop-rate 100 100 50 Displaying WRED Drop Statistics To display WRED drop statistics, use the following command.
0 7 0 8 0 0 0 0 9 10 11 12 0 Dell# 0 UCAST 0 MCAST 0 MCAST 0 MCAST 0 MCAST 0 MCAST 0 5575 0 624366 217 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Classifying Layer 2 Traffic on Layer 3 Interfaces To process Layer 3 packets that contain Dot1p — (IEEE 802.1p) Packet classification (Layer 2 headers), configure VLAN tags on a physical Layer 3 interface (that is configured with an IP address and is not associated with any VLAN).
1. Create a match-any or a match-all Layer 3 class map, depending on whether you want the packets to meet all or any of the match criteria to be a member of the class. By default, a Layer 3 class map is created if you do not enter the layer2 option with the class-map command. When you create a class map, you enter the Class Map configuration mode. CONFIGURATION mode Dell (conf)#class-map match-all pp_classmap 2. Use a DSCP value as a match criterion. CLASS-MAP mode Dell (conf-class-map)#match ip dscp 5 3.
46 Routing Information Protocol (RIP) The routing information protocol (RIP) is based on a distance-vector algorithm and tracks distances or hop counts to nearby routers when establishing network connections. RIP protocol standards are listed in the Standards Compliance chapter. Topics: • • • Protocol Overview Implementation Information Configuration Information Protocol Overview RIP is the oldest interior gateway protocol. There are two versions of RIP: RIP version 1 (RIPv1) and RIP version 2 (RIPv2).
Table 63. RIP Defaults Feature Default Interfaces running RIP ● Listen to RIPv1 and RIPv2 ● Transmit RIPv1 RIP timers ● ● ● ● Auto summarization Enabled ECMP paths supported 16 update timer = 30 seconds invalid timer = 180 seconds holddown timer = 180 seconds flush timer = 240 seconds Configuration Information By default, RIP is disabled in the system. To configure RIP, you must use commands in two modes: ROUTER RIP and INTERFACE.
To view the global RIP configuration, use the show running-config command in EXEC mode or the show config command in ROUTER RIP mode. Dell(conf-router_rip)#show config ! router rip network 10.0.0.0 Dell(conf-router_rip)# When the RIP process has learned the RIP routes, use the show ip rip database command in EXEC mode to view those routes. Dell#show ip rip database Total number of routes in RIP database: 978 160.160.0.0/16 [120/1] via 29.10.10.12, 00:00:26, Fa 0/0 160.160.0.0/16 auto-summary 2.0.0.
● Define a specific router to exchange RIP information between it and the Dell Networking system. ROUTER RIP mode neighbor ip-address You can use this command multiple times to exchange RIP information with as many RIP networks as you want. ● Disable a specific interface from sending or receiving RIP routing information.
Setting the Send and Receive Version To change the RIP version globally or on an interface in the system, use the following command. To specify the RIP version, use the version command in ROUTER RIP mode. To set an interface to receive only one or the other version, use the ip rip send version or the ip rip receive version commands in INTERFACE mode. You can set one RIP version globally on the system using system.
Incoming filter for all interfaces is Default redistribution metric is 1 Default version control: receive version 2, send version 2 Interface Recv Send FastEthernet 0/0 2 1 2 Routing for Networks: 10.0.0.0 Routing Information Sources: Gateway Distance Last Update Distance: (default is 120) Dell# Generating a Default Route Traffic is forwarded to the default route when the traffic’s network is not explicitly listed in the routing table. Default routes are not enabled in RIP unless specified.
ROUTER RIP mode distance weight [ip-address mask [access-list-name]] Configure the following parameters: ○ weight: the range is from 1 to 255. The default is 120. ○ ip-address mask: the IP address in dotted decimal format (A.B.C.D), and the mask in slash format (/x). ○ access-list-name: the name of a configured IP ACL. ● Apply an additional number to the incoming or outgoing route metrics.
Figure 105. RIP Topology Example RIP Configuration on Core2 The following example shows how to configure RIPv2 on a host named Core2. Core2(conf-if-gi-2/31)# Core2(conf-if-gi-2/31)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10.0 Core2(conf-router_rip)#network 10.300.10.0 Core2(conf-router_rip)#network 10.11.10.0 Core2(conf-router_rip)#network 10.11.20.0 Core2(conf-router_rip)#show config ! router rip network 10.0.0.
E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------C 10.11.10.0/24 Direct, TenGig 2/11 0/0 C 10.11.20.0/24 Direct, TenGig 2/31 0/0 R 10.11.30.0/24 via 10.11.20.1, TenGig 2/31 120/1 C 10.200.10.0/24 Direct, TenGig 2/41 0/0 C 10.300.10.0/24 Direct, TenGig 2/42 0/0 R 192.168.1.
Core 3 RIP Output The examples in this section show the core 2 RIP output. ● To display Core 3 RIP database, use the show ip rip database command. ● To display Core 3 RIP setup, use the show ip route command. ● To display Core 3 RIP activity, use the show ip protocols command. Core3#show ip rip database Total number of routes in RIP database: 7 10.11.10.0/24 [120/1] via 10.11.20.2, 00:00:13, TenGigabitEthernet 10.200.10.0/24 [120/1] via 10.11.20.2, 00:00:13, TenGigabitEthernet 10.300.10.0/24 [120/1] via 10.
Gateway 10.11.20.2 Distance 120 Last Update 00:00:22 Distance: (default is 120) Core3# RIP Configuration Summary ! interface TenGigabitEthernet ip address 10.11.10.1/24 no shutdown ! interface TenGigabitEthernet ip address 10.11.20.2/24 no shutdown ! interface TenGigabitEthernet ip address 10.200.10.1/24 no shutdown ! interface TenGigabitEthernet ip address 10.250.10.1/24 no shutdown 2/11 2/31 2/41 2/42 router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.
47 Remote Monitoring (RMON) RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces. RMON operates with the simple network management protocol (SNMP) and monitors all nodes on a local area network (LAN) segment. RMON monitors traffic passing through the router and segment traffic not destined for the router.
OR [no] rmon hc-alarm number variable interval {delta | absolute} rising-threshold value event-number falling-threshold value event-number [owner string] Configure the alarm using the following optional parameters: ○ number: alarm number, an integer from 1 to 65,535, the value must be unique in the RMON Alarm Table. ○ variable: the MIB object to monitor — the variable must be in SNMP OID format; for example, 1.3.6.1.2.1.1.3.
this command. This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”. Dell(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 Configuring RMON Collection Statistics To enable RMON MIB statistics collection on an interface, use the RMON collection statistics command in INTERFACE CONFIGURATION mode. ● Enable RMON MIB statistics collection.
Enabling an RMON MIB Collection History Group The rmon collection history command enables an RMON MIB collection history group of statistics. In the following example, the command enables an RMON MIB collection history group of statistics with an ID number of 20 and an owner of “john”, both the sampling interval and the number of buckets use their respective defaults.
48 Rapid Spanning Tree Protocol (RSTP) Dell Networking OS supports rapid spanning tree protocol (RSTP).
● ● ● ● ● Influencing RSTP Root Selection SNMP Traps for Root Elections and Topology Changes Configure Spanning Tree Configuring Fast Hellos for Link State Detection Flush MAC Addresses after a Topology Change Important Points to Remember ● RSTP is disabled by default. ● The Dell Networking OS supports only one Rapid Spanning Tree (RST) instance. ● All interfaces in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode are automatically added to the RST topology.
PROTOCOL SPANNING TREE RSTP mode no disable To disable RSTP globally for all Layer 2 interfaces, enter the disable command from PROTOCOL SPANNING TREE RSTP mode. To verify that RSTP is enabled, use the show config command from PROTOCOL SPANNING TREE RSTP mode. The bold line indicates that RSTP is enabled. Example of Verifying that RSTP is Enabled Dell(conf-rstp)#show config ! protocol spanning-tree rstp no disable Dell(conf-rstp)# Figure 106.
BPDU : sent 121, received 9 The port is not in the Edge port mode, bpdu filter is disabled Port 378 (TenGigabitethernet 2/2) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.378 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port id is 128.
For bridge protocol data units (BPDU) filtering behavior, refer to Removing an Interface from the Spanning Tree Group. Modifying Global Parameters You can modify RSTP parameters. The root bridge sets the values for forward-delay, hello-time, and max-age and overwrites the values set on other bridges participating in the Rapid Spanning Tree group. ● Forward-delay — the amount of time an interface waits in the Listening state and the Learning state before it transitions to the Forwarding state.
Enable BPDU Filtering Globally The enabling of BPDU Filtering stops transmitting of BPDUs on the operational port fast enabled ports by default. When BPDUs are received, the spanning tree is automatically prepared. By default global bpdu filtering is disabled. Enable BPDU Filter globally to filter transmission of BPDU port fast enabled interfaces. PROTOCOL SPANNING TREE RSTP mode edge-port bpdu filter default Figure 107.
Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode an interface forwards frames by default until it receives a BPDU that indicates that it should behave otherwise; it does not go through the Learning and Listening states. The bpduguard shutdown-on-violation option causes the interface hardware to be shut down when it receives a BPDU.
A console message appears when a new root bridge has been assigned. The following example example shows the console message after the bridge-priority command is used to make R2 the root bridge (shown in bold). Dell(conf-rstp)#bridge-priority 4096 04:27:59: %RPM0-P:RP2 %SPANMGR-5-STP_ROOT_CHANGE: RSTP root changed. My Bridge ID: 4096:0001.e80b.88bd Old Root: 32768:0001.e801.cbb4 New Root: 4096:0001.e80b.
49 Security Security features are supported on the I/O Aggregator. This chapter describes several ways to provide access security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell PowerEdge FN I/O Aggregator Command Line Reference Guide. Supported Modes Standalone, PMUX, VLT, Stacking NOTE: You can also perform some of the configurations using the Web GUI - Dell Blade IO Manager.
Accessing the I/O Aggregator Using the CMC Console Only This functionality is supported on the Aggregator. You can enable the option to access and administer an Aggregator only using the chassis management controller (CMC) interface, and prevent the usage of the CLI interface of the device to configure and monitor settings. You can configure the restrict-access session command to disable access of the Aggregator using a Telnet or SSH session; the device is accessible only using the CMC GUI.
○ stop-only: use for minimal accounting; instructs the TACACS+ server to send a stop record accounting notice at the end of the requested user process. ○ tacacs+: designate the security service as TACACS+. ○ radius: designate the security service as RADIUS.
show accounting DellEMC#show accounting Active accounted actions on tty2, User admin Priv 1 Task ID 1, EXEC Accounting record, 00:00:39 Elapsed, service=shell Active accounted actions on tty3, User admin Priv 1 Task ID 2, EXEC Accounting record, 00:00:26 Elapsed, service=shell DellEMC# RADIUS Accounting Dell EMC Networking OS supports Remote Authentication Dial In User Service (RADIUS) protocol to transmit the RADIUS accounting messages between a Network Access Server (NAS) and an accounting server.
EAP STOP accounting record: Fri May 10 12:22:15 2019 NAS-IP-Address = 10.16.133.
Table 66. RADIUS Accounting Start Record Attributes for CLI user RADIUS Attribute code RADIUS Attribute Description NAS Identification Attributes 4 NAS-IP-Address IPv4 address of the NAS. 95 NAS-IPv6–Address IPv6 address of the NAS. Session Identification Attributes 1 User-Name User name. 5 NAS-Port Port on which session is connected (CLI Session-Id). 31 Calling-Station-Id Telnet/SSH client IP address.
Table 68. Use cases for CLI user to trigger RADIUS Accounting Start/Stop records (continued) CLI event Accounting type Attributes CLI user session disconnects due to Dynamic authorization Stop Stop record attributes with termination cause as Admin Reset (6). Table 69. RADIUS Accounting Start Record Attributes for dot1x supplicant RADIUS Attribute code RADIUS Attribute Description NAS Identification Attributes 4 NAS-IP-Address IPv4 address of the NAS.
Table 70. RADIUS Accounting Stop Record Attributes for dot1x supplicant (continued) RADIUS Attribute code RADIUS Attribute Description 40 Acct-Status-Type STOP 44 Acct-Session-Id | Running number 50 Acct-Multi-Session-Id || 51 Acct-Link-Count 1 46 Acct-Session Time Time the user has received the service. 49 Acct-Terminate-Cause Reason for session termination.
Table 71. Use cases for dot1x supplicant to trigger RADIUS Accounting Start/Stop records (continued) dot1x event Accounting type Attributes Disable dot1x globally/interface Stop Stop record attributes with termination cause as Port Administratively Disabled (22). AAA Authentication Dell EMC Networking OS supports a distributed client/server system implemented through authentication, authorization, and accounting (AAA) to help secure networks against unauthorized access.
● enable: use the password you defined using the enable sha256-password, enable secret, or enable password command in CONFIGURATION mode. In general, the enable secret command overrules the enable password command. If you configure the enable sha256-password command, it overrules both the enable secret and enable password commands. ● line: use the password you defined using the password command in LINE mode. ● local: use the username/password database defined in the local configuration.
Example of Enabling Authentication from the RADIUS Server Dell(config)# aaa authentication enable default radius tacacs Radius and TACACS server has to be properly setup for this. Dell(config)# radius-server host x.x.x.x key Dell(config)# tacacs-server host x.x.x.x key To use local authentication for enable secret on the console, while using remote authentication on VTY lines, issue the following commands.
Example: DellEMC(config)#radius-server host 192.100.0.12 Force all logged-in users to re-authenticate (y/n)? DellEMC(config)#no radius-server host 192.100.0.12 Force all logged-in users to re-authenticate (y/n)? AAA Authorization The Dell Networking OS enables AAA new-model by default. You can set authorization to be either local or remote. Different combinations of authentication and authorization yield different results. By default, the system sets both to local.
Configuring a Username and Password In the Dell Networking OS, you can assign a specific username to limit user access to the system. To configure a username and password, use the following command. ● Assign a user name and password. CONFIGURATION mode username name [access-class access-list-name] [nopassword | password [encryption-type] password] [privilege level] [secret] Configure the optional and required parameters: ○ name: Enter a text string up to 63 characters long.
username name [access-class access-list-name] [privilege level] [nopassword | password [encryption-type] password] [secret] Configure the optional and required parameters: ● name: enter a text string (up to 63 characters). ● access-class access-list-name: enter the name of a configured IP ACL. ● privilege level: the range is from 0 to 15. ● nopassword: do not require the user to enter a password. ● encryption-type: enter 0 for plain text or 7 for encrypted text. ● password: enter a text string.
The following example shows the Telnet session for user john. The show privilege command output confirms that john is in privilege level 8. In EXEC Privilege mode, john can access only the commands listed. In CONFIGURATION mode, john can access only the snmp-server commands. Example of Privilege Level Login and Available Commands apollo% telnet 172.31.1.53 Trying 172.31.1.53... Connected to 172.31.1.53. Escape character is '^]'.
○ level-number: The level-number you wish to set. If you enter disable without a level-number, your security level is 1. RADIUS Remote authentication dial-in user service (RADIUS) is a distributed client/server protocol. This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and a RADIUS client (the Dell EMC Networking system). The system sends user information to the RADIUS server and requests authentication of the user and password.
NOTE: The ACL name must be a string. Only standard ACLs in authorization (both RADIUS and TACACS) are supported. Authorization is denied in cases using Extended ACLs. Auto-Command You can configure the system through the RADIUS server to automatically execute a command when you connect to a specific line. The auto-command command is executed when the user is authenticated and before the prompt appears to the user. ● Automatically execute a command.
If RADIUS denies authorization, the session ends (RADIUS must not be the last method specified). Applying the Method List to Terminal Lines To enable RADIUS AAA login authentication for a method list, apply it to a terminal line. To configure a terminal line for RADIUS authentication and authorization, use the following commands. ● Enter LINE mode. CONFIGURATION mode line {aux 0 | console 0 | vty number [end-number]} ● Enable AAA login authentication for the specified RADIUS method list.
CONFIGURATION mode radius-server deadtime seconds ○ seconds: the range is from 0 to 2147483647. The default is 0 seconds. ● Configure a key for all RADIUS communications between the system and RADIUS server hosts. CONFIGURATION mode radius-server key [encryption-type] key ○ encryption-type: enter 7 to encrypt the password. Enter 0 to keep the password as plain text. ○ key: enter a string. The key can be up to 42 characters long. You cannot use spaces in the key.
Disconnect Messages Using the Disconnect Messages, the NAS can disconnect AAA and dot1x sessions. NAS can disconnect AAA sessions using either username or a combination of the username and session id. NAS can disconnect dot1x sessions using NAS-port, or calling-station ID, or both. The disconnect messages constitue one message request (DM request) and one of the following two possible responses: ● Disconnect Acknowledgement (DM-Ack) - If the session is disconnected successfully, then NAS sends a DM-Ack.
Table 75. Vendor-specific Attributes Attribute code Attribute Description ● v=6027 (Force10);Vendor-Type=1(Force10-av-pair) Length = value Table 76. DM Attributes Attribute code Attribute Description 1 User-Name(Mandatory) Name of the user associated with one or more sessions. Mandatory attributes The following tables describe the mandatory attributes for various message types: Table 77.
Table 79. CoA EAP/MAB Bounce Port (continued) Radius Attribute code Radius Attribute Description Mandatory Port on which session is terminated Yes t=26(vendor-specific);l=length;vendoridentification-attribute;Length=value; Data=”cmd=bounce-host-port” Yes Session Identification Attributes 5 NAS-Port Authorization Attributes 26 Vendor-Specific Table 80.
Error-cause Values It is possible that a Dynamic Authorization Server cannot honor Disconnect Message request or CoA request packets for some reason. The Error-Cause Attribute provides more detail on the cause of the problem. It may be included within CoA-Nak and Disconnect-Nak packets. The following table describes various error causes for the CoA and DM requests: Table 82.
○ if the dot1x feature is not enabled in the NAS-port. ○ if the NAS-port state is administratively down. CoA or DM Discard This section lists various actions that the NAS performs during CoA or DM discard. The following activities are performed by NAS: ● discards the packet, if dynamic authorization feature is not enabled in NAS. ● discards the packet, if the configured shared key entry is not found for the source IP address of the packet. ● discards the packet with invalid code field.
Configuring DAC You can configure trusted dynamic authorization clients (DACs). This setting enables you to configure more than one DAC. Duplicate configurations are not allowed. 1. Enter the following command to enter dynamic authorization mode: radius dynamic-auth 2. Enter the following command to configure DAC: client host-name Dell(conf-dynamic-auth#)client testhost Configuring the port number You can configure the port number on which the NAS receives CoA or DM requests.
● sends a DM-Ack, if it is able to successfully disconnect the admin user. ● sends a DM-Nak with an error-cause value of 506 (resource unavailable), if it is not able to disconnect the admin user. ● sends a DM-Nak with an error-cause value of 501 (administratively prohibited), if disconnect-user feature is not enabled in NAS. Configuring CoA to bounce 802.1x enabled ports Dell EMC Networking OS provides RADIUS extension commands that enables you to configure port bounce settings for the 802.
NAS takes the following actions whenever re-authentication is triggered: ● validates the CoA request and the session identification attributes. ● sends a CoA-Nak with an error-cause of 402 (missing attribute), if the CoA request does not contain both the callingstation-id as well as the NAS-port attribute. ● sends a CoA-Ack if the re-authentication of the 802.1x session is successful.
To initiate shutting down of the 802.1x enabled port, the DAC sends a standard CoA request that contains one or more session identification attributes. NAS uses the NAS-port attributes to identify the 802.1x enabled physical port. 1. Enter the following command to configure the dynamic authorization feature: radius dynamic-auth 2. Enter the following command to disable the 802.1x enabled physical port: coa-disable-port NAS administratively shuts down the 802.1x enabled port that is hosting the session.
NAS considers the new replay protection window value from next window period. The range is from 1 to 10 minutes. The default is 5 minutes. Dell(conf-dynamic-auth#)replay-prot-window 10 Rate-limiting RADIUS packets NAS enables you to allow or reject RADIUS dynamic authorization packets based on the rate-limiting value that you specify. NAS lets you to configure number of RADIUS dynamic authorization packets allowed per minute. The default value is 30 packets per minute.
CONFIGURATION mode tacacs-server host {ip-address | host} Enter the IP address or host name of the TACACS+ server. Use this command multiple times to configure multiple TACACS+ server hosts. 2. Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the TACAS+ authentication method. CONFIGURATION mode aaa authentication login {method-list-name | default} tacacs+ [...method3] The TACACS+ method must not be the last method specified. 3. Enter LINE mode.
TACACS+ Remote Authentication The system takes the access class from the TACACS+ server. Access class is the class of service that restricts Telnet access and packet sizes. If you have configured remote authorization, the system ignores the access class you have configured for the VTY line and gets this access class information from the TACACS+ server. The system must know the username and password of the incoming user before it can fetch the access class from the server.
Enabling SCP and SSH Secure shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. Dell EMC Networking OS is compatible with SSH versions 2, in both the client and server modes. SSH sessions are encrypted and use authentication. SSH is enabled by default. For details about the command syntax, refer to the Security chapter in the Dell EMC Networking OS Command Line Interface Reference Guide.
CONFIGURATION MODE copy scp: flash: 4. On Switch 2, in response to prompts, enter the path to the desired file and enter the port number specified in Step 1. EXEC Privilege Mode 5. On the chassis, invoke SCP. CONFIGURATION mode copy scp: flash: The following example shows the use of SCP and SSH to copy a software image from one switch running SSH server on UDP port 99 to the local switch. Other SSH related command include: ● ● ● ● ● ● ● ● ● ● ● ● ● ● crypto key generate : generate keys for the SSH server.
● hmac-sha2-256 ● hmac-sha1 ● hmac-sha1-96 ● hmac-md5 ● hmac-md5-96 When FIPS is enabled, the default HMAC algorithm is hmac-sha2-256, hmac-sha1, hmac-sha1-96. Example of Configuring a HMAC Algorithm The following example shows you how to configure a HMAC algorithm list. Dell(conf)# ip ssh mac hmac-sha1-96 Configuring the SSH Client Cipher List To configure the cipher list supported by the SSH client, use the ip ssh cipher cipher-list command in CONFIGURATION mode.
To view the status of DNS in the SSH server configuration, use the show running-config ip ssh command from EXEC mode. DellEMC#show running-config ip ssh ! ip ssh server dns enable ip ssh hostbased-authentication enable no ip ssh password-authentication enable ip ssh server enable Telnet To use Telnet with SSH, first enable SSH, as previously described. By default, the Telnet daemon is enabled. If you want to disable the Telnet daemon, use the following command, or disable Telnet in the startup config.
line with a deny-all access class. After users identify themselves, retrieves the access class from the local database and applies it. ( then can close the connection if a user is denied access.) NOTE: If a VTY user logs in with RADIUS authentication, the privilege level is applied from the RADIUS server only if you configure RADIUS authentication. The following example shows how to allow or deny a Telnet connection to a user. Users see a login prompt even if they cannot log in.
● Role Accounting ● Configuring AAA Authentication for Roles ● Configuring AAA Authorization for Roles ● Configuring an Accounting for Roles ● Applying an Accounting Method to a Role ● Displaying Active Accounting Sessions for Roles ● Configuring TACACS+ and RADIUS VSA Attributes for RBAC ● Displaying User Roles ● Displaying Accounting for User Roles ● Displaying Information About Roles Logged into the Switch ● Display Role Permissions Assigned to a Command Overview of RBAC With Role-Based Access Control (
Before you enable role-based only AAA authorization: 1. Locally define a system administrator user role. This gives you access to login with full permissions even if network connectivity to remote authentication servers is not available. 2. Configure login authentication on the console. This ensures that all users are properly identified through authentication no matter the access point.
● System Administrator (sysadmin). This role has full access to all the commands in the system, exclusive access to commands that manipulate the file system formatting, and access to the system shell. This role can also create user IDs and user roles. The following summarizes the modes that the predefined user roles can access.
Verify that the user role, myrole, has inherited the security administrator permissions. The output highlighted in bold indicates that the user role has successfully inherited the security administrator permissions.
The following example allows the security administrator (secadmin) to only access 10-Gigabit Ethernett interfaces and then shows that the secadmin, highlighted in bold, can now access Interface mode. However, the secadmin can only access 10-Gigabit Ethernet interfaces.
Adding and Deleting Users from a Role To create a user name that is authenticated based on a user role, use the username name password encryption-type password role role-name command in CONFIGURATION mode. Example The following example creates a user name that is authenticated based on a user role. DellEMC(conf)# username john password 0 password role secadmin The following example deletes a user role.
Users with roles and privileges are authorized with the same mechanism. There are six methods available for authorization: radius, tacacs+, local, enable, line, and none. When role-based only AAA authorization is enabled, the enable, line, and none methods are not available. Each of these three methods allows users to be authorized with either a password that is not specific to their userid or with no password at all. Because of the lack of security, these methods are not available for role-based only mode.
authorization exec ucraaa accounting commands role netadmin ucraaa line vty 8 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa line vty 9 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa ! Configuring TACACS+ and RADIUS VSA Attributes for RBAC For RBAC and privilege levels, the Dell EMC Networking OS RADIUS and TACACS+ implementation supports two vendorspecific options: privilege level and roles.
Configuring AAA Accounting for Roles To configure AAA accounting for roles, use the aaa accounting command in CONFIGURATION mode. aaa accounting {system | exec | commands {level | role role-name}} {name | default} {start-stop | wait-start | stop-only} {tacacs+} Example of Configuring AAA Accounting for Roles The following example shows you how to configure AAA accounting to monitor commands executed by the users who have a secadmin user role.
sysadmin testadmin Exec Config Interface Line Router IP Routemap Protocol MAC netadmin Exec Config Interface Line Router IP Routemap Protocol MAC Displaying Role Permissions Assigned to a Command To display permissions assigned to a command, use the show role command in EXEC Privilege mode. The output displays the user role and or permission level.
Important Points to Remember ● ● ● ● The OS image verification feature is disabled by default on the Dell EMC Networking OS. The OS image verification feature is supported for images stored in the local system only. The OS image verification feature is not supported when the fastboot or the warmboot features are enabled on the system. If OS image verification fails after a reload, the system does not load the startup configuration.
Important Points to Remember ● ● ● ● ● The startup configuration verification feature is disabled by default on the Dell EMC Networking OS. The feature is supported for startup configuration files stored in the local system only. The feature is not supported when the fastboot or the warmboot features are enabled on the system. If the startup configuration verification fails after a reload, the system does not load your startup configuration.
Enter an encryption type for the root password. ○ 0 directs the system to store the password as clear text. ○ 7 directs the system to store the password with a dynamic salt. ○ 9 directs the system to encrypt the clear text password and store the encrypted password in an inaccessible location.
50 Service Provider Bridging Dell Networking OS supports service provider bridging. Topics: • • • • • VLAN Stacking VLAN Stacking Packet Drop Precedence Dynamic Mode CoS for VLAN Stacking Layer 2 Protocol Tunneling Provider Backbone Bridging VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges, which is an amendment to IEEE 802.1Q — Virtual Bridged Local Area Networks. VLAN stacking enables service providers to use 802.
Figure 108. VLAN Stacking in a Service Provider Network Important Points to Remember ● Interfaces that are members of the Default VLAN and are configured as VLAN-Stack access or trunk ports do not switch untagged traffic. To switch traffic, add these interfaces to a non-default VLAN-Stack-enabled VLAN. ● Dell Networking cautions against using the same MAC address on different customer VLANs, on the same VLAN-Stack VLAN. Configure VLAN Stacking Configuring VLAN-Stacking is a three-step process. 1.
● Configuring Options for Trunk Ports ● Debugging VLAN Stacking ● VLAN Stacking in Multi-Vendor Networks Creating Access and Trunk Ports To create access and trunk ports, use the following commands. ● Access port — a port on the service provider edge that directly connects to the customer. An access port may belong to only one service provider VLAN. ● Trunk port — a port on a service provider bridge that connects to another service provider bridge and is a member of multiple service provider VLANs.
6 Active Dell# M Po1(Gi 13/14-15) M Gi 13/13 Configuring the Protocol Type Value for the Outer VLAN Tag The tag protocol identifier (TPID) field of the S-Tag is user-configurable. To set the S-Tag TPID, use the following command. ● Select a value for the S-Tag TPID. CONFIGURATION mode vlan-stack protocol-type The default is 9100. To display the S-Tag TPID for a VLAN, use the show running-config command from EXEC privilege mode. The system displays the S-Tag TPID only if it is a non-default value.
NUM * 1 100 101 103 Status Inactive Inactive Inactive Inactive Description Q Ports U Gi 0/1 T Gi 0/1 M Gi 0/1 Debugging VLAN Stacking To debug VLAN stacking, use the following command. ● Debug the internal state and membership of a VLAN and its ports. debug member The port notations are as follows: ● MT — stacked trunk ● MU — stacked access port ● T — 802.1Q trunk port ● U — 802.
Therefore, a mismatched TPID results in the port not differentiating between tagged and untagged traffic. Figure 109.
Figure 110.
Figure 111. Single and Double-Tag TPID Mismatch Table 84. Behaviors for Mismatched TPID Network Position Incoming Packet TPID System TPID Match Type Pre-Version 8.2.1.0 Version 8.2.1.
Table 84. Behaviors for Mismatched TPID (continued) Network Position Egress Access Point Incoming Packet TPID System TPID Match Type Pre-Version 8.2.1.0 Version 8.2.1.
Precedence Description Red Lowest-priority packets that are always dropped (regardless of congestion status). ● Honor the incoming DEI value by mapping it to the Dell Networking OS drop precedence. INTERFACE mode dei honor {0 | 1} {green | red | yellow} You may enter the command once for 0 and once for 1. Packets with an unmapped DEI value are colored green.
Figure 112. Statically and Dynamically Assigned dot1p for VLAN Stacking When configuring Dynamic Mode CoS, you have two options: ● Mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p. In this case, you must have other dot1p QoS configurations; this option is classic dot1p marking. ● Mark the S-Tag dot1p and queue the frame according to the S-Tag dot1p.
interface GigabitEthernet 0/21 no ip address switchport vlan-stack access vlan-stack dot1p-mapping c-tag-dot1p 0-3 sp-tag-dot1p 7 service-policy input in layer2 no shutdown Mapping C-Tag to S-Tag dot1p Values To map C-Tag dot1p values to S-Tag dot1p values and mark the frames accordingly, use the following commands. 1. Allocate CAM space to enable queuing frames according to the C-Tag or the S-Tag.
Figure 113. VLAN Stacking without L2PT You might need to transport control traffic transparently through the intermediate network to the other region. Layer 2 protocol tunneling enables BPDUs to traverse the intermediate network by identifying frames with the Bridge Group Address, rewriting the destination MAC to a user-configured non-reserved address, and forwarding the frames.
Figure 114. VLAN Stacking with L2PT Implementation Information ● L2PT is available for STP, RSTP, MSTP, and PVST+ BPDUs. ● No protocol packets are tunneled when you enable VLAN stacking. ● L2PT requires the default CAM profile. Enabling Layer 2 Protocol Tunneling To enable Layer 2 protocol tunneling, use the following command. 1. Verify that the system is running the default CAM profile. Use this CAM profile for L2PT. EXEC Privilege mode show cam-profile 2.
INTERFACE VLAN mode protocol-tunnel stp Specifying a Destination MAC Address for BPDUs By default, the Dell Networking OS uses a Dell Networking-unique MAC address for tunneling BPDUs. You can configure another value. To specify a destination MAC address for BPDUs, use the following command. ● Overwrite the BPDU with a user-specified destination MAC address when BPDUs are tunneled across the provider network.
originally specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat BPDUs originating from the customer network as normal data frames, rather than consuming them. The same is true for GARP VLAN registration protocol (GVRP). 802.
51 sFlow Dell Networking OS supports configuring sFlow. Topics: • • • • • • • • • • • Overview Implementation Information Enabling and Disabling sFlow Enabling sFlow Max-Header Size Extended sFlow Show Commands Configuring Specify Collectors Changing the Polling Intervals Changing the Sampling Rate Back-Off Mechanism sFlow on LAG ports Enabling Extended sFlow Overview The Dell Networking operating system (OS) supports sFlow version 5.
Important Points to Remember ● The Dell Networking OS implementation of the sFlow MIB supports sFlow configuration using the snmpset command. ● The Dell Networking OS exports all sFlow packets to the collector. A small sampling rate can equate to many exported packets. A backoff mechanism is automatically applied to reduce this amount. Some sampled packets may be dropped when the exported packet rate is high and the backoff mechanism is about to or is starting to take effect.
Configured sampling rate Actual sampling rate Counter polling interval Extended max header size :256 Samples rcvd from h/w :16384 :16384 :20 :0 Example of the show sflow command The bold line shows the sFlow default maximum header size: Dell#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 20 Global default extended maximum header size: 128 bytes Global extended information enabled: no
● Displaying Show sFlow on a Stack Unit Displaying Show sFlow Global To view sFlow statistics, use the following command. ● Display sFlow configuration information and statistics. EXEC mode show sflow The first bold line indicates sFlow is globally enabled. Dell#show sflow sFlow services are enabled Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53, Agent IP addr: 133.33.33.
Configuring Specify Collectors The sflow collector command allows identification of sFlow collectors to which sFlow datagrams are forwarded. You can specify up to two sFlow collectors. If you specify two collectors, the samples are sent to both. ● Identify sFlow collectors to which sFlow datagrams are forwarded. CONFIGURATION mode sflow collector ip-address agent-addr ip-address [number [max-datagram-size number] ] | [max-datagram-size number ] The default UDP port is 6343.
Sampling rates are configurable in powers of two. This configuration allows the smallest sampling rate possible on the hardware and also allows all other sampling rates to be available through sub-sampling. For example, if Tengig 1/0 and 1/1 are in a port-pipe, and they are configured with a sampling rate of 4096 on interface Tengig 1/0, and 8192 on Tengig 1/1, the sFlow agent does the following: 1. Configures the hardware to a sampling rate of 4096 for all ports with sFlow enabled on that port-pipe. 2.
0 UDP packets dropped 165 sFlow samples collected 69 sFlow samples dropped due to sub-sampling Stackunit 1 Port set 0 H/W sampling rate 8192 Tengig 1/16: configured rate 8192, actual rate 8192, sub-sampling rate 1 Tengig 1/17: configured rate 16384, actual rate 16384, sub-sampling rate 2 Stackunit 3 Port set 1 H/W sampling rate 16384 Tengig 3/40: configured rate 16384, actual rate 16384, sub-sampling rate 1 If you did not enable any extended information, the show output displays the following (shown in bold
52 Simple Network Management Protocol (SNMP) Network management stations use SNMP to retrieve or alter management data from network elements. A datum of management information is called a managed object; the value of a managed object can be static or variable. Network elements store managed objects in a database called a management information base (MIB).
Implementation Information The Dell Networking OS supports SNMP version 1 as defined by RFC 1155, 1157, and 1212, SNMP version 2c as defined by RFC 1901. Configuring the Simple Network Management Protocol NOTE: The configurations in this chapter use a UNIX environment with net-snmp version 5.4. This is only one of many RFC-compliant SNMP utilities you can use to manage the Aggregator using SNMP. Also, these configurations use SNMP version 2c.
snmp-server community mycommunity ro Dell# Setting Up User-Based Security (SNMPv3) When setting up SNMPv3, you can set users up with one of the following three types of configuration for SNMP read/write operations. Users are typically associated to an SNMP group with permissions provided, such as OID view. ● noauth — no password or privacy. Select this option to set up a user with no password or privacy privileges. This setting is the basic configuration.
Dell(conf)#snmp-server host 1.1.1.1 traps {oid tree} version 3 noauth ? WORD SNMPv3 user name Enable SNMPv3 traps You must configure notify option for the SNMPv3 traps to work. ● Configure an SNMPv3 traps. CONFIGURATION mode snmp-server group group-name {oid-tree} priv read name write name notify name Enter the keyword notify then a name (a string of up to 20 characters long) as the notify view name. ● Configure an SNMPv3 view for notify.
SNMPv2-MIB::sysLocation.0 = STRING: SNMPv2-MIB::sysServices.0 = INTEGER: 4 Displaying the Ports in a VLAN using SNMP Dell Networking OS identifies VLAN interfaces using an interface index number that is displayed in the output of the show interface vlan command. Example of Identifying the VLAN Interface Index Number Dell(conf)#do show interface vlan id 10 % Error: No such interface name.
Fetching Dynamic MAC Entries using SNMP The Aggregator supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs. NOTE: The table contains none of the other information provided by the show vlan command, such as port speed or whether the ports are tagged or untagged. NOTE: The 802.1q Q-BRIDGE MIB defines VLANs regarding 802.1d, as 802.1d itself does not define them.
Example of Fetching MAC Addresses Learned on a Port-Channel Use dot3aCurAggFdbTable to fetch the learned MAC address of a port-channel. The instance number is the decimal conversion of the MAC address concatenated with the port-channel number.
Example of SNMP Trap for Monitored Port-Channels [senthilnathan@lithium ~]$ snmpwalk -v 2c -c public 10.11.1.1 .1.3.6.1.4.1.6027.3.2.1.1 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.1.1 = INTEGER: 1 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.1.2 = INTEGER: 2 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.2.1 = Hex-STRING: 00 01 E8 13 A5 C7 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.2.2 = Hex-STRING: 00 01 E8 13 A5 C8 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.3.1 = INTEGER: 1107755009 SNMPv2-SMI::enterprises.6027.3.2.1.1.
Entity MIBS The Entity MIB provides a mechanism for presenting hierarchies of physical entities using SNMP tables. The Entity MIB contains the following groups, which describe the physical elements and logical elements of a managed system. The following tables are implemented for the Aggregator. ● Physical Entity: A physical entity or physical component represents an identifiable physical resource within a managed system. Zero or more logical entities may utilize a physical resource at any given time.
Enhancements 1. The dot1qVlanCurrentEgressPorts MIB attribute has been enhanced to support logical LAG interfaces. 2. Current status OID in standard VLAN MIB is accessible over SNMP. 3. The bitmap supports 42 bytes for physical ports and 16 bytes for the LAG interfaces (up to a maximum of 128 LAG interfaces). 4. A 59 byte buffer bitmap is supported and in that bitmap: ● First 42 bytes represent the physical ports. ● Next 16 bytes represent logical ports 1-128. ● An additional 1 byte is reserved for future.
MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory. The following table lists the MIB object that contains the available memory size on flash memory. Table 87. MIB Objects for Displaying the Available Memory Size on Flash via SNMP MIB Object OID Description chStackUnitFlashUsageUtil 1.3.6.1.4.1.6027.3.19.1.2.8.1.6 Contains flash memory usage in percentage.
Viewing the Software Core Files Generated by the System ● To view the viewing the software core files generated by the system, use the following command. snmpwalk -v2c -c public 192.168.60.120 .1.3.6.1.4.1.6027.3.10.1.2.10 enterprises.6027.3.10.1.2.10.1.1.1.1 = 1 enterprises.6027.3.10.1.2.10.1.1.1.2 = 2 enterprises.6027.3.10.1.2.10.1.1.1.3 = 3 enterprises.6027.3.10.1.2.10.1.1.2.1 = 1 enterprises.6027.3.10.1.2.10.1.2.1.1 = "/CORE_DUMP_DIR/flashmntr.core.gz" enterprises.6027.3.10.1.2.10.1.2.1.
SNMPv2-SMI::enterprises.6027.3.27.1.3.1.16.2107012 SNMPv2-SMI::enterprises.6027.3.27.1.3.1.17.2107012 SNMPv2-SMI::enterprises.6027.3.27.1.3.1.18.2107012 SNMPv2-SMI::enterprises.6027.3.27.1.3.1.19.2107012 SNMPv2-SMI::enterprises.6027.3.27.1.3.1.20.2107012 SNMPv2-SMI::enterprises.6027.3.27.1.3.1.21.2107012 SNMPv2-SMI::enterprises.6027.3.27.1.3.1.22.2107012 SNMPv2-SMI::enterprises.6027.3.27.1.3.1.23.2107012 SNMPv2-SMI::enterprises.6027.3.27.1.3.1.24.2107012 SNMPv2-SMI::enterprises.6027.3.27.1.3.1.25.
.1.3.6.1.4.1.6027.3.26.1.4.8.1.5.1 .1.3.6.1.4.1.6027.3.26.1.4.8.1.5.2 .1.3.6.1.4.1.6027.3.26.1.4.8.1.5.3 .1.3.6.1.4.1.6027.3.26.1.4.8.1.5.4 .1.3.6.1.4.1.6027.3.26.1.4.8.1.6.1 .1.3.6.1.4.1.6027.3.26.1.4.8.1.6.2 .1.3.6.1.4.1.6027.3.26.1.4.8.1.6.3 .1.3.6.1.4.1.6027.3.26.1.4.8.1.6.
MIB Support to Display Egress Queue Statistics Dell Networking OS provides MIB objects to display the information of the ECMP group count information. The following table lists the related MIB objects: Table 92. MIB Objects to display ECMP Group Count MIB Object OID Description dellNetInetCidrECMPGrpMax 1.3.6.1.4.1.6027.3.9.1.6 Total CAM for ECMP group. dellNetInetCidrECMPGrpUsed 1.3.6.1.4.1.6027.3.9.1.7 Used CAM for ECMP group. dellNetInetCidrECMPGrpAvl 1.3.6.1.4.1.6027.3.9.1.
INTEGER: 2097157 SNMPv2SMI::enterprises.6027.3.9.1.5.1.8.1.1.4.100.100.100.0.24.1.4.10.1.1.1.1.4.10.1.1.1 = INTEGER: 2098693 SNMPv2SMI::enterprises.6027.3.9.1.5.1.8.1.1.4.100.100.100.0.24.1.4.20.1.1.1.1.4.20.1.1.1 = INTEGER: 1258296320 SNMPv2SMI::enterprises.6027.3.9.1.5.1.8.1.1.4.100.100.100.0.24.1.4.30.1.1.1.1.4.30.1.1.1 = INTEGER: 1275078656 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.10.1.1.0.24.0.0.0.0 = "" SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.10.1.1.1.32.1.4.10.1.1.1.1.4.10.1.1.
SNMPv2-SMI::enterprises.6027.3.9.1.5.1.10.1.1.4.70.70.70.0.24.0.0.0.0 = STRING: "CP" SNMPv2SMI::enterprises.6027.3.9.1.5.1.10.1.1.4.70.70.70.1.32.1.4.127.0.0.1.1.4.127.0.0.1 = STRING: "CP" SNMPv2SMI::enterprises.6027.3.9.1.5.1.10.1.1.4.70.70.70.2.32.1.4.70.70.70.2.1.4.70.70.70.2 = STRING: "Fo 1/1/1" SNMPv2SMI::enterprises.6027.3.9.1.5.1.10.1.1.4.80.80.80.0.24.1.4.10.1.1.1.1.4.10.1.1.1 = STRING: "Fo 1/4/1" SNMPv2SMI::enterprises.6027.3.9.1.5.1.10.1.1.4.80.80.80.0.24.1.4.20.1.1.1.1.4.20.1.1.
SNMPv2SMI::enterprises.6027.3.9.1.5.1.11.1.1.4.100.100.100.0.24.1.4.10.1.1.1.1.4.10.1.1.1 = Gauge32: 0 SNMPv2SMI::enterprises.6027.3.9.1.5.1.11.1.1.4.100.100.100.0.24.1.4.20.1.1.1.1.4.20.1.1.1 = Gauge32: 0 SNMPv2SMI::enterprises.6027.3.9.1.5.1.11.1.1.4.100.100.100.0.24.1.4.30.1.1.1.1.4.30.1.1.1 = Gauge32: 0 SNMPv2-SMI::enterprises.6027.3.9.1.6.0 = Gauge32: 2048 SNMPv2-SMI::enterprises.6027.3.9.1.7.0 = Gauge32: 1 SNMPv2-SMI::enterprises.6027.3.9.1.8.
Table 94. MIB Objects for LAG MIB Object OID Description lagMIB 1.2.840.10006.300.43 Contains information about link aggregation module for managing 802.3ad. lagMIBObjects 1.2.840.10006.300.43.1 dot3adAgg 1.2.840.10006.300.43.1.1 dot3adAggTable 1.2.840.10006.300.43.1.1.1 Contains information about every Aggregator that is associated with a system. dot3adAggEntry 1.2.840.10006.300.43.1.1.1.1 Contains a list of Aggregator parameters and indexed by the ifIndex of the Aggregator.
Table 94. MIB Objects for LAG (continued) MIB Object OID Description dot3adAggPortListEntry 1.2.840.10006.300.43.1.1.2.1 Contains a list of ports associated with a given Aggregator and indexed by the ifIndex of the Aggregator. dot3adAggPortListPorts 1.2.840.10006.300.43.1.1.2.1.1 Contains a complete set of ports currently associated with the Aggregator. Viewing the LAG MIB ● To view the LAG MIB generated by the system, use the following command. snmpbulkget -v 2c -c LagMIB 10.16.148.157 1.2.840.
snmpwalk -v2c -c mycommunity 10.16.150.83 1.0.8802.1.1.2.1.4 iso.0.8802.1.1.2.1.4.1.1.6.0.2113029.2 = INTEGER: 5 iso.0.8802.1.1.2.1.4.1.1.6.0.3161092.6 = INTEGER: 5 iso.0.8802.1.1.2.1.4.1.1.6.0.3161605.2 = INTEGER: 5 iso.0.8802.1.1.2.1.4.1.1.6.0.4209668.6 = INTEGER: 5 iso.0.8802.1.1.2.1.4.1.1.6.0.4210181.2 = INTEGER: 5 iso.0.8802.1.1.2.1.4.1.1.6.0.9437185.2 = INTEGER: 5 iso.0.8802.1.1.2.1.4.1.1.7.0.2113029.2 = STRING: "fortyGigE 1/50" iso.0.8802.1.1.2.1.4.1.1.7.0.3161092.
snmpwalk -v2c -c public 10.16.150.83 1.0.8802.1.1.2.1.4.4.1.4 iso.0.8802.1.1.2.1.4.4.1.4.0.3161092.1.0.1.102.1.133 iso.0.8802.1.1.2.1.4.4.1.4.0.3161092.1.0.1.102.2.134 iso.0.8802.1.1.2.1.4.4.1.4.0.3161092.1.0.1.102.3.135 iso.0.8802.1.1.2.1.4.4.1.4.0.3161092.1.0.1.102.4.136 iso.0.8802.1.1.2.1.4.4.1.4.0.3161092.1.0.1.102.5.137 = = = = = STRING: STRING: STRING: STRING: STRING: "Dell" "Dell" "Dell" "Dell" "Dell" snmpget -v2c -c public 10.16.150.102 1.0.8802.1.1.2.1.4.4.1.4.0.1048580.2.0.1.232.16.1 iso.0.
Table 98. Interface level MIB Objects for Port Security MIB Object OID Access or Permission Description dellNetPortSecIfPortSecurity Enable 1.3.6.1.4.1.6027.3.31.1.2.1.1.1 read-only Specifies if the port security feature is enabled or disabled on an interface. dellNetPortSecIfPortSecurity Status 1.3.6.1.4.1.6027.3.31.1.2.1.1.2 read-only Represents the port security status of an interface. dellNetPortSecIfSecureMacLi mit 1.3.6.1.4.1.6027.3.31.1.2.1.1.
MIB objects for configuring MAC addresses This section describes about the MIB objects dellNetPortSecSecureStaticMacAddrTable to configure and unconfigure static MAC addresses in the system. The OID of this MIB table is 1.3.6.1.4.1.6027.3.31.1.2.2.
Table 100. MIB Objects for configuring MAC addresses MIB Object OID Access or Permission Description dellNetSecureMacIfIndex 1.3.6.1.4.1.6027.3.31.1.3.1.1.3 read-only Shows in which interface the dellNetSecureMacAddress is configured or learnt. dellNetSecureMacAddrType 1.3.6.1.4.1.6027.3.31.1.3.1.1.4 read-only Indicates if the secure MAC address is configured as a static, dynamic, or sticky.
Table 101. SNMP OIDs for Transceiver Monitoring (continued) Field (OID) Description SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.3 Optics Present SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.4 Optics Type SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.5 Vendor Name SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.6 Part Number SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.7 Serial Number SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.8 Transmit Power Lane1 SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.
53 Stacking An Aggregator auto-configures to operate in standalone mode. To use an Aggregator in a stack, you must manually configure it using the CLI to operate in stacking mode. Stacking is supported on the FN410S and FN410T Aggregators with ports 9 and 10 as the stack ports. The Aggregator supports both ring and daisy-chain topology and stacking of the same type. FN 410S and FN 410T Aggregators support two-unit in-chassis stacking and up to six units stacking across the chassis.
Master Selection Criteria A Master is elected or re-elected based on the following considerations, in order: 1. The switch with the highest priority at boot time. 2. The switch with the highest MAC address at boot time. 3. A unit is selected as Standby by the administrator, and a fail over action is manually initiated or occurs due to a Master unit failure. No record of previous stack mastership is kept when a stack loses power.
To connect stacking ports, use only SFP+ transceivers, SFP+ cables and BaseT and its supported cables (separately purchased). For example: 1. Insert a cable in port 9 on the first aggregator. 2. Connect the cable to port 10 on the next aggregator. 3. Continue this pattern on up to 6 aggregators. 4. Connect a cable from port 9 on the last aggregator to port 10 on the first aggregator. This creates a ring topology.
Adding a Stack Unit You can add a new unit to an existing stack both when the unit has no stacking ports (stack groups) configured and when the unit already has stacking ports configured. If the units to be added to the stack have been previously used, they are assigned the smallest available unit ID in the stack. To add a standalone Aggregator to a stack, follow these steps: 1. Power on the switch. 2.
2. Log on to the CLI and enter Global Configuration mode. Login: username Password: ***** Dell> enable Dell# configure 3. Configure the Aggregator to operate in standalone mode. CONFIGURATION stack-unit 0 iom-mode standalone 4. Log on to the CLI and reboot each switch, one after another, in as short a time as possible.
Troubleshooting a Switch Stack To perform troubleshooting operations on a switch stack, use the following commands on the master switch. 1. Displays the status of stacked ports on stack units. show system stack-ports 2. Displays the master standby unit status, failover configuration, and result of the last master-standby synchronization; allows you to verify the readiness for a stack failover. show redundancy 3. Displays input and output flow statistics on a stacked port.
2. The standby switch takes the master role. Data traffic on the new master switch is uninterrupted. Protocol traffic is managed by the control plane. 3. A member switch is elected as the new standby. Data traffic on the new standby is uninterrupted. The control plane prepares for operation in Warm Standby mode. Stack-Link Flapping Error Problem/Resolution: Stacked Aggregators monitor their own stack ports and disable any stack port that flaps five times within 10 seconds.
0 1 2 3 4 5 Management online PE-FN-410S-IOA PE-FN-410S-IOA 1-0(0-1864) 12 Standby online PE-FN-410S-IOA PE-FN-410S-IOA 1-0(0-1864) 12 Member not present Member not present Member not present Member not present Stack Unit in Card-Problem State Due to Configuration Mismatch ● Problem: A stack unit enters a Card-Problem state because there is a configuration mismatch between the logical provisioning stored for the stack-unit number on the master switch and the newly added unit with the same number.
Jan 3 14:01:48: %STKUNIT0-M:CP %FILEMGR-5-FILESAVED: Copied running-config to startupconfig in flash by default Synchronizing data to peer Stack-unit !!!! Dell# reload Proceed with reload [confirm yes/no]: yes Upgrading a Single Stack Unit Upgrading a single stacked switch is necessary when the unit was disabled due to an incorrect Dell Networking OS version. This procedure upgrades the image in the boot partition of the member unit from the corresponding partition in the master unit.
Figure 115. Switch A1–1 is Down Consider the following illustration where both stack ports on A1-1 are down. When it happens, A1-1 becomes a standalone Master unit and A1-2 and A1-3 form a separate stack. A2-1 is not notified of this change because A1-1 continues to send LACP PDUs with the old stack Master unit MAC address. As Server1 is not aware of the stack link failure in A1-1, it continues to send traffic leading to traffic loss. Figure 116.
The following example depicts a 5-switch stacking setup. When both stack links do not fail on the same system, this functionality does not disable internal and external ports. Figure 117.
54 Storm Control Storm control is supported on the Dell networking OS. The storm control feature allows you to control unknown-unicast, muticast, and broadcast control traffic on Layer 2 and Layer 3 physical interfaces. Dell Networking OS Behavior: The Dell Networking OS supports broadcast control (the storm-control broadcast command) for Layer 2 and Layer 3 traffic. The minimum number of packets per second (PPS) that storm control can limit is two.
storm-control multicast packets_per_second in ● Shut down the port if it receives the PFC/LLFC packets more than the configured rate. INTERFACE mode storm-control pfc-llfc pps in shutdown NOTE: PFC/LLFC storm control enabled interface disables the interfaces if it receives continuous PFC/LLFC packets. It can be a result of a faulty NIC/Switch that sends spurious PFC/LLFC packets. Configuring Storm Control from CONFIGURATION Mode To configure storm control from CONFIGURATION mode, use the following command.
55 Broadcast Storm Control On the Aggregator, the broadcast storm control feature is enabled by default on all ports, and disabled on a port when an iSCSI storage device is detected. Broadcast storm control is re-enabled as soon as the connection with an iSCSI device ends. Broadcast traffic on Layer 2 interfaces is limited or suppressed during a broadcast storm. You can view the status of a broadcast-storm control operation by using the show io-aggregator broadcast storm-control status command.
56 Spanning Tree Protocol (STP) Dell Networking OS supports spanning tree protocol (STP).
● ● ● ● ● ● ● Removing an Interface from the Spanning Tree Group Modifying Global Parameters Modifying Interface STP Parameters Enabling PortFast Prevent Network Disruptions with BPDU Guard STP Root Guard SNMP Traps for Root Elections and Topology Changes Important Points to Remember ● STP is disabled by default. ● The Dell Networking operating system (OS) supports only one spanning tree instance (0).
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled. Figure 118. Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2, use the following command. 1. If the interface has been assigned an IP address, remove it. INTERFACE mode no ip address 2. Place the interface in Layer 2 mode. INTERFACE switchport 3. Enable the interface.
no shutdown Dell(conf-if-te-1/1)# Enabling Spanning Tree Protocol Globally Enable the spanning tree protocol globally; it is not enabled by default. When you enable STP, all physical, VLAN, and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of the Spanning Tree topology. ● Only one path from any bridge to any other bridge participating in STP is enabled. ● Bridges block a redundant path by disabling one of the link ports. Figure 119.
no disable Dell# To view the spanning tree configuration and the interfaces that are participating in STP, use the show spanning-tree 0 command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. Example of Viewing Spanning Tree Configuration R2#show spanning-tree 0 Executing IEEE compatible Spanning Tree Protocol Bridge Identifier has priority 32768, address 0001.e826.
Removing an Interface from the Spanning Tree Group To remove a Layer 2 interface from the spanning tree topology, use the following command. ● Disable spanning tree on a Layer 2 interface. INTERFACE mode no spanning-tree 0 Modifying Global Parameters You can modify the spanning tree parameters. The root bridge sets the values for forward-delay, hello-time, and max-age and overwrites the values set on other bridges participating in STP.
Modifying Interface STP Parameters You can set the port cost and port priority values of interfaces in Layer 2 mode. ● Port cost — a value that is based on the interface type. The greater the port cost, the less likely the port is selected to be a forwarding port. ● Port priority — influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost. To change the port cost or priority of an interface, use the following commands.
Prevent Network Disruptions with BPDU Guard Configure the Portfast (and Edgeport, in the case of RSTP, PVST+, and MSTP) feature on ports that connect to end stations. End stations do not generate BPDUs, so ports configured with Portfast/ Edgport (edgeports) do not expect to receive BDPUs. If an edgeport does receive a BPDU, it likely means that it is connected to another part of the network, which can negatively affect the STP topology.
Figure 120. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering (refer to Removing an Interface from the Spanning Tree Group) both block BPDUs, but are two separate features. BPDU guard is used on edgeports and blocks all traffic on edgeport if it receives a BPDU. Example of Blocked BPDUs Dell#show spanning-tree 0 brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e88a.
Figure 121. BPDU Filtering Enabled Globally Interface BPDU Filtering When BPDU Filtering is enabled on an interface, it should stop sending and receiving BPDUs on the port fast enabled ports. When BPDU guard and BPDU filter is enabled on the port, then BPDU filter takes the highest precedence. By default bpdu filtering on an interface is disabled. Add your section content here. Figure 122.
Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it becomes the root bridge. You can also specify that a bridge is the root or the secondary root. To change the bridge priority or specify that a bridge is the root or secondary root, use the following command. ● Assign a number as the bridge priority or designate it as the root or secondary root.
Figure 123. STP Root Guard Prevents Bridging Loops Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with STP root guard: ● Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port.
SNMP Traps for Root Elections and Topology Changes To enable SNMP traps, use the following commands. ● Enable SNMP traps for STP state changes. snmp-server enable traps stp ● Enable SNMP traps for RSTP, MSTP, and PVST+ collectively. snmp-server enable traps xstp Displaying STP Guard Configuration To display the STP guard configuration, use the following command. The following example shows an STP network (instance 0) in which: ● Root guard is enabled on a port that is in a root-inconsistent state.
57 SupportAssist SupportAssist sends troubleshooting data securely to Dell. SupportAssist in this Dell EMC Networking OS release does not support automated email notification at the time of hardware fault alert, automatic case creation, automatic part dispatch, or reports. SupportAssist requires Dell EMC Networking OS 9.9(0.0) and SmartScripts 9.7 or later to be installed on the Dell EMC Networking device. For more information on SmartScripts, see Dell EMC Networking Open Automation guide. Figure 124.
Enable the SupportAssist service. CONFIGURATION mode support-assist activate DellEMC(conf)#support-assist activate This command guides you through steps to configure SupportAssist. Configuring SupportAssist Manually To manually configure SupportAssist service, use the following commands. 1. Accept the end-user license agreement (EULA). CONFIGURATION mode eula-consent {support-assist} {accept | reject} NOTE: Once accepted, you do not have to accept the EULA again.
support-assist DellEMC(conf)#support-assist DellEMC(conf-supportassist)# 3. (Optional) Configure the contact information for the company. SUPPORTASSIST mode contact-company name {company-name}[company-next-name] ... [company-next-name] DellEMC(conf)#support-assist DellEMC(conf-supportassist)#contact-company name test DellEMC(conf-supportassist-cmpy-test)# 4. (Optional) Configure the contact name for an individual.
[no] activity {full-transfer|core-transfer|event-transfer} DellEMC(conf-supportassist)#activity full-transfer DellEMC(conf-supportassist-act-full-transfer)# DellEMC(conf-supportassist)#activity core-transfer DellEMC(conf-supportassist-act-core-transfer)# DellEMC(conf-supportassist)#activity event-transfer DellEMC(conf-supportassist-act-event-transfer)# 2. Copy an action-manifest file for an activity to the system.
SUPPORTASSIST ACTIVITY mode [no] enable DellEMC(conf-supportassist-act-full-transfer)#enable DellEMC(conf-supportassist-act-full-transfer)# DellEMC(conf-supportassist-act-core-transfer)#enable DellEMC(conf-supportassist-act-core-transfer)# DellEMC(conf-supportassist-act-event-transfer)#enable DellEMC(conf-supportassist-act-event-transfer)# Configuring SupportAssist Company SupportAssist Company mode allows you to configure name, address and territory information of the company.
[no] contact-person [first ] last DellEMC(conf-supportassist)#contact-person first john last doe DellEMC(conf-supportassist-pers-john_doe)# 2. Configure the email addresses to reach the contact person. SUPPORTASSIST PERSON mode [no] email-address primary email-address [alternate email-address] DellEMC(conf-supportassist-pers-john_doe)#email-address primary jdoe@mycompany.com DellEMC(conf-supportassist-pers-john_doe)# 3. Configure phone numbers of the contact person.
[no] enable DellEMC(conf-supportassist-serv-default)#enable DellEMC(conf-supportassist-serv-default)# 4. Configure the URL to reach the SupportAssist remote server. SUPPORTASSIST SERVER mode [no] url uniform-resource-locator DellEMC(conf-supportassist-serv-default)#url https://192.168.1.1/index.htm DellEMC(conf-supportassist-serv-default)# Viewing SupportAssist Configuration To view the SupportAssist configurations, use the following commands: 1.
! server Dell enable url http://1.1.1.1:1337 DellEMC# 3. Display the EULA for the feature. EXEC Privilege mode show eula-consent {support-assist | other feature} DellEMC#show eula-consent support-assist SupportAssist EULA has been: Accepted Additional information about the SupportAssist EULA is as follows: By installing SupportAssist, you allow Dell to save your contact information (e.g.
58 System Time and Date System time and date settings and the network time protocol (NTP) are supported on the MXL switch platform. You can set system times and dates and maintained through the NTP. They are also set through the Dell Networking operating system (OS) command line interfaces (CLIs) and hardware settings.
Protocol Overview The NTP messages to one or more servers and processes the replies as received. The server interchanges addresses and ports, fills in or overwrites certain fields in the message, recalculates the checksum, and returns it immediately. Information included in the NTP message allows each client/server peer to determine the timekeeping characteristics of its other peers, including the expected accuracies of their clocks.
To display the system clock state with respect to NTP, use the show ntp status command from EXEC Privilege mode. Dell(conf)#do show ntp status Clock is synchronized, stratum 2, reference is 192.168.1.1 frequency is -369.623 ppm, stability is 53.319 ppm, precision is 4294967279 reference time is CD63BCC2.0CBBD000 (16:54:26.049 UTC Thu Mar 12 2012) clock offset is 997.529984 msec, root delay is 0.00098 sec root dispersion is 10.04271 sec, peer dispersion is 10032.
○ ○ ○ ○ For For For For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. a VLAN interface, enter the keyword vlan then a number from 1 to 4094. a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. the Management interface, enter the keyword ManagementEthernet then the slot/port information.
To view the NTP configuration, use the show running-config ntp command in EXEC privilege mode. The following example shows an encrypted authentication key (in bold). All keys are encrypted. Dell EMC(conf)#show running-config ntp ! ntp master ntp server 10.16.127.44 ntp server 10.16.127.86 ntp server 10.16.127.
control-key-passwd authenticates the NTPQ packets until the user changes the control-key using the ntp control-keypasswd command. To configure NTP control key password, use the following command. Configure NTP control key password. CONFIGURATION mode ntp control-key-passwd [encryption-type] password Dell Networking OS Time and Date You can set the time and date using the Dell Networking OS CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings.
○ timezone-name: enter the name of the timezone. Do not use spaces. ○ offset: enter one of the following: ■ a number from 1 to 23 as the number of hours in addition to UTC for the timezone. ■ a minus sign (-) then a number from 1 to 23 as the number of hours. Dell#conf Dell(conf)#clock timezone Pacific -8 Dell# Set Daylight Saving Time The Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year.
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ■ week-number: Enter a number from 1 to 4 as the number of the week in the month to start daylight saving time. ■ first: Enter the keyword first to start daylight saving time in the first week of the month. ■ last: Enter the keyword last to start daylight saving time in the last week of the month. start-month: Enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year.
59 Tunneling Tunneling supports RFC 2003, RFC 2473, and 4213. DSCP, hop-limits, flow label values, OSPFv2, and OSPFv3 are also supported. ICMP error relay, PATH MTU transmission, and fragmented packets are not supported. Topics: • • • • • Configuring Configuring Configuring Configuring Configuring a Tunnel Tunnel keepalive the ip and ipv6 unnumbered the Tunnel allow-remote the Tunnel Source Anylocal Configuring a Tunnel You can configure a tunnel in IPv6 mode, IPv6IP mode, and IPIP mode.
The following sample configuration shows a tunnel configured in IPIP mode (IPv4 tunnel carries IPv4 and IPv6 traffic): Dell(conf)#interface tunnel 3 Dell(conf-if-tu-3)#tunnel source 5::5 Dell(conf-if-tu-3)#tunnel destination 8::9 Dell(conf-if-tu-3)#tunnel mode ipv6 Dell(conf-if-tu-3)#ip address 3.1.1.1/24 Dell(conf-if-tu-3)#ipv6 address 3::1/64 Dell(conf-if-tu-3)#no shutdown Dell(conf-if-tu-3)#show config ! interface Tunnel 3 ip address 3.1.1.
ip address 20.1.1.1/24 ipv6 address 20:1::1/64 no shutdown Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#ip unnumbered tengigabitethernet 0/0 Dell(conf-if-tu-1)#ipv6 unnumbered tengigabitethernet 0/0 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#sho c ! interface Tunnel 1 ip unnumbered TenGigabitEthernet 0/0 ipv6 unnumbered TenGigabitEthernet 0/0 tunnel source 40.1.1.
ipv6 address 1abd::1/64 tunnel source anylocal tunnel allow-remote 40.1.1.
60 Uplink Failure Detection (UFD) Supported Modes Standalone, PMUX, VLT, Stacking Topics: • • • • • • • • • Feature Description How Uplink Failure Detection Works UFD and NIC Teaming Important Points to Remember Uplink Failure Detection (SMUX mode) Configuring Uplink Failure Detection (PMUX mode) Clearing a UFD-Disabled Interface (in PMUX mode) Displaying Uplink Failure Detection Sample Configuration: Uplink Failure Detection Feature Description UFD provides detection of the loss of upstream connectivity
Figure 126. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group. An interface in an uplink-state group can be a physical interface or a port-channel (LAG) aggregation of physical interfaces. An enabled uplink-state group tracks the state of all assigned upstream interfaces.
Figure 127. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a Link-Down state. You can configure this number and is calculated by the ratio of the upstream port bandwidth to the downstream port bandwidth in the same uplink-state group.
For example, as shown previously, the switch/ router with UFD detects the uplink failure and automatically disables the associated downstream link port to the server. To continue to transmit traffic upstream, the server with NIC teaming detects the disabled link and automatically switches over to the backup link in order to continue to transmit traffic upstream. Important Points to Remember When you configure UFD, the following conditions apply. ● You can configure up to 16 uplink-state groups.
To disable the uplink group tracking, use the no enable command. 3. Change the default timer. UPLINK-STATE-GROUP mode defer-timer seconds Dell(conf)#uplink-state-group 1 Dell(conf-uplink-state-group-1)#defer-timer 20 Dell(conf-uplink-state-group-1)#show config ! uplink-state-group 1 downstream TenGigabitEthernet 0/1-12 upstream Port-channel 128 defer-timer 20 Configuring Uplink Failure Detection (PMUX mode) To configure UFD, use the following commands. 1.
downstream disable links {number | all} ● number: specifies the number of downstream links to be brought down. The range is from 1 to 1024. ● all: brings down all downstream links in the group. The default is no downstream links are disabled when an upstream link goes down. To revert to the default setting, use the no downstream disable links command. 5.
The following example message shows the Syslog messages that display when you clear the UFD-Disabled state from all disabled downstream interfaces in an uplink-state group by using the clear ufd-disable uplink-state-group group-id command. All downstream interfaces return to an operationally up state.
○ group-id: The values are from 1 to 16.
upstream TenGigabitEthernet 0/1 Dell# Dell(conf-uplink-state-group-16)# show configuration ! uplink-state-group 16 no enable description test downstream disable links all downstream TengigabitEthernet 0/4 upstream TengigabitEthernet 0/5 upstream Port-channel 8 Sample Configuration: Uplink Failure Detection The following example shows a sample configuration of UFD on a switch/router in which you configure as follows. ● ● ● ● ● ● Configure uplink-state group 3.
Dell#show uplink-state-group detail (Up): Interface up (Dwn): Interface down (Dis): Interface disabled Uplink State Group : 3 Status: Enabled, Up Upstream Interfaces : Te 0/3(Dwn) Te 0/4(Up) Downstream Interfaces : Te 0/1(Dis) Te 0/2(Dis) Te 0/5(Up) Te 0/9(Up) Te 0/11(Up) Te 0/12(Up) Uplink Failure Detection (UFD) 809
61 PMUX Mode of the IO Aggregator This chapter provides an overview of the PMUX mode. Topics: • • • • I/O Aggregator (IOA) Programmable MUX (PMUX) Mode Configuring and Changing to PMUX Mode Configuring the Commands without a Separate User Account Virtual Link Trunking (VLT) I/O Aggregator (IOA) Programmable MUX (PMUX) Mode IOA PMUX is a mode that provides flexibility of operation with added configurability.
------------------------------------------------------0 programmable-mux programmable-mux Dell# The IOA is now ready for PMUX operations. Configuring the Commands without a Separate User Account Starting with Dell Networking OS version 9.3(0.0), you can configure the PMUX mode CLI commands without having to configure a new, separate user profile. The user profile you defined to access and log in to the switch is sufficient to configure the PMUX mode commands.
● ● ● ● Provides fast convergence if either the link or a device fails. Optimized forwarding with virtual router redundancy protocol (VRRP). Provides link-level resiliency. Assures high availability. As shown in the following example, VLT presents a single logical Layer 2 domain from the perspective of attached devices that have a virtual link trunk terminating on separate chassis in the VLT domain.
L 128 L2 up 00:00:00 Fo 0/37 Fo 0/41 (Up) (Up)<<<<<<<
○ A VLT domain supports two chassis members, which appear as a single logical device to network access devices connected to VLT ports through a port channel. ○ A VLT domain consists of the two core chassis, the interconnect trunk, backup link, and the LAG members connected to attached devices. ○ Each VLT domain has a unique MAC address that you create or VLT creates automatically. ○ ARP tables are synchronized between the VLT peer nodes.
● ● ● ● ● ● ○ In the backup link between peer switches, heartbeat messages are exchanged between the two chassis for health checks. The default time interval between heartbeat messages over the backup link is 1 second. You can configure this interval. The range is from 1 to 5 seconds. DSCP marking on heartbeat messages is CS6.
Primary and Secondary VLT Peers Primary and Secondary VLT Peers are supported on the Aggregator. To prevent issues when connectivity between peers is lost, you can designate Primary and Secondary roles for VLT peers . You can elect or configure the Primary Peer. By default, the peer with the lowest MAC address is selected as the Primary Peer. If the VLTi link fails, the status of the remote VLT Primary Peer is checked using the backup link.
Non-VLT ARP Sync In the Dell Networking OS version 9.2(0.0), ARP entries (including ND entries) learned on other ports are synced with the VLT peer to support station move scenarios. Prior to Dell Networking OS version 9.2.(0.0), only ARP entries learned on VLT ports were synced between peers. Additionally, ARP entries resulting from station movements from VLT to non-VLT ports or to different non-VLT ports are learned on the non-VLT port and synced with the peer node.
VLT Backup Link ----------------Destination: Peer HeartBeat status: HeartBeat Timer Interval: HeartBeat Timeout: UDP Port: HeartBeat Messages Sent: HeartBeat Messages Received: 10.11.200.
System Role Priority: 32768 Local System MAC address: 00:01:e8:8a:df:bc Local System Role Priority: 32768 Dell_VLTpeer2# show vlt role VLT Role ---------VLT Role: System MAC address: System Role Priority: Local System MAC address: Local System Role Priority: Secondary 00:01:e8:8a:df:bc 32768 00:01:e8:8a:df:e6 32768 Example of the show running-config vlt Command Dell_VLTpeer1# show running-config vlt ! vlt domain 30 peer-link port-channel 60 back-up destination 10.11.200.
Configure the VLT interconnect (VLTi). Dell_VLTpeer1(conf)#interface port-channel 100 Dell_VLTpeer1(conf-if-po-100)#channel-member TenGigE 0/6,7 Dell_VLTpeer1(conf-if-po-100)#no shutdown Dell_VLTpeer1(conf-if-po-100)#exit Enable VLT and create a VLT domain with a backup-link VLT interconnect trunk (VLTi). Dell_VLTpeer1(conf)#vlt domain 999 Dell_VLTpeer1(conf-vlt-domain)#peer-link port-channel 100 Dell_VLTpeer1(conf-vlt-domain)#back-up destination 10.11.206.
Verify that the port channels used in the VLT domain are assigned to the same VLAN.
Table 104. Troubleshooting VLT (continued) Description Behavior at Peer Up Behavior During Run Time Action to Take Unit ID mismatch The VLT peer does not boot up. The VLTi is forced to a down state. The VLT peer does not boot up. The VLTi is forced to a down state. A syslog error message is generated. A syslog error message is generated. Verify the unit ID is correct on both VLT peers.
62 NPIV Proxy Gateway The N-port identifier virtualization (NPIV) Proxy Gateway (NPG) feature provides FCoE-FC bridging capability on the FN 2210S Aggregator, allowing server CNAs to communicate with SAN fabrics over the FN 2210S Aggregator.
The NPIV proxy gateway aggregates multiple locally connected server CNA ports into one or more upstream N port links, conserving the number of ports required on an upstream FC core switch while providing an FCoE-to-FC bridging functionality. The upstream N ports on an FX2 can connect to the same or multiple fabrics.
Table 105. Aggregator with the NPIV Proxy Gateway: Terms and Definitions (continued) Term Description CNA port N-port functionality on an FCoE-enabled server port. A converged network adapter (CNA) can use one or more Ethernet ports. CNAs can encapsulate Fibre Channel frames in Ethernet for FCoE transport and de-encapsulate Fibre Channel frames from FCoE to native Fibre Channel.
In each FCoE map, the fabric ID, FC-MAP value, and FCoE VLAN must be unique. Use one FCoE map to access one SAN fabric. You cannot use the same FCoE map to access different fabrics. When you configure an Aggregator with the NPG, FCoE transit with FIP snooping is automatically enabled and configured using the parameters in the FCoE map applied to server-facing Ethernet and fabric-facing FC interfaces.
FKA-ADV-Period Fcf Priority Config-State Oper-State Members Fc 0/9 Te 0/4 8 128 ACTIVE UP DCB_MAP_PFC_OFF Dell(conf)#do show qos dcb-map DCB_MAP_PFC_OFF ----------------------State :In-Progress PfcMode:OFF -------------------Dell(conf)# Enabling Fibre Channel Capability on the Switch Enable the Fibre Channel capability on an Aggregator that you want to configure as an NPG for the Fibre Channel protocol.
Important Points to Remember ● If you remove a dot1p priority-to-priority group mapping from a DCB map (no priority pgid command), the PFC and ETS parameters revert to their default values on the interfaces on which the DCB map is applied. By default, PFC is not applied on specific 802.1p priorities; ETS assigns equal bandwidth to each 802.1p priority. As a result, PFC and lossless port queues are disabled on 802.
● FCF priority, the priority used by a server CNA to select an upstream FCoE forwarder (FCF). ● FIP keepalive (FKA) advertisement timeout. The values for the FCoE VLAN, fabric ID and FC-MAP must be unique. Apply an FCoE map on downstream server-facing Ethernet ports and upstream fabric-facing Fibre Channel ports. 1. Create an FCoE map that contains parameters used in the communication between servers and a SAN fabric. CONFIGURATION mode fcoe-map map-name 2.
fcoe-map map-name Dell# interface tengigabitEthernet 0/0 Dell(config-if-te-0/0)# fcoe-map SAN_FABRIC_A Dell# interface port-channel 3 Dell(config-if-te-0/0)# dcb-map SAN_DCB1 Dell(config-if-po-3)# fcoe-map SAN_FABRIC_A 3. Enable the port for FCoE transmission using the map settings. INTERFACE mode no shutdown Applying an FCoE Map on Fabric-facing FC Ports The Aggregator, with the FC ports, are configured by default to operate in N port mode to connect to an F port on an FC switch in a fabric.
Dell(config-dcbx-name)# priority-group 2 bandwidth 20 pfc on Dell(config-dcbx-name)# priority-group 4 strict-priority pfc off Dell(conf-dcbx-name)# priority-pgid 0 0 0 1 2 4 4 4 2. Apply the DCB map on a downstream (server-facing) Ethernet port: Dell(config)# interface tengigabitethernet 0/1 Dell(config-if-te-0/0)#dcb-map SAN_DCB_MAP 3. Create the dedicated VLAN to be used for FCoE traffic: Dell(conf)#interface vlan 1002 4.
Table 106. Displaying NPIV Proxy Gateway Information (continued) Command Description show npiv devices [brief] Displays information on FCoE and FC devices currently logged in to the NPG. show fc switch Displays the FC mode of operation and worldwide node (WWN) name of an Aggregator.
Dell# show fcoe-map fid_1003 Fabric Name Fabric Id Vlan Id Vlan priority FC-MAP FKA-ADV-Period Fcf Priority Config-State Oper-State Members Fc 0/9 Te 0/11 Te 0/12 fid_1003 1003 1003 3 0efc03 8 128 ACTIVE UP Table 108. show fcoe-map Field Descriptions Field Description Fabric-Name Name of a SAN fabric. Fabric ID The ID number of the SAN fabric to which FC traffic is forwarded. VLAN ID The dedicated VLAN used to transport FCoE storage traffic between servers and a fabric over the NPG.
Table 109. show qos dcb-map Field Descriptions Field Description State Complete: All mandatory DCB parameters are correctly configured. In progress: The DCB map configuration is not complete. Some mandatory parameters are not configured. PFC Mode PFC configuration in the DCB map: On (enabled) or Off. PG Priority group configured in the DCB map. TSA Transmission scheduling algorithm used in the DCB map: Enhanced Transmission Selection (ETS).
Table 110. show npiv devices brief Field Descriptions (continued) Field Description Status Operational status of the link between a server CNA port and a SAN fabric: Logged In Server has logged in to the fabric and is able to transmit FCoE traffic.
Table 111. show npiv devices Field Descriptions (continued) Field Description Enode WWNN Worldwide node name of the server CNA. FCoE MAC Fabric-provided MAC address (FPMA). The FPMA consists of the FC-MAP value in the FCoE map and the FC-ID provided by the fabric after a successful FLOGI. In the FPMA, the most significant bytes are the FC-MAP; the least significant bytes are the FC-ID. FC-ID FC port ID provided by the fabric.
63 Upgrade Procedures To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes. Get Help with Upgrades Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center. You can reach Technical Support: ● On the web: http://support.dell.
64 Virtual LANs (VLANs) Dell Networking OS supports virtual LANs (VLANs). VLANs are a logical broadcast domain or logical grouping of interfaces in a local area network (LAN) in which all data received is kept locally and broadcast to all members of the group. When in Layer 2 mode, VLANs move traffic at wire speed and can span multiple devices. The Dell Networking operating system (OS) supports up to 4093 port-based VLANs and one default VLAN, as specified in IEEE 802.1Q.
● Untagged interfaces must be part of a VLAN. To remove an untagged interface from the Default VLAN, create another VLAN and place the interface into that VLAN. Alternatively, use the no switchport command, and Dell Networking OS removes the interface from the Default VLAN. ● A tagged interface requires an additional step to remove it from Layer 2 mode. Because tagged interfaces can belong to multiple VLANs, remove the tagged interface from all VLANs using the no tagged interface command.
● Tag control information (TCI) includes the VLAN ID (2 bytes total). The VLAN ID can have 4,096 values, but two are reserved. NOTE: The insertion of the tag header into the Ethernet frame increases the size of the frame to more than the 1,518 bytes as specified in the IEEE 802.3 standard. Some devices that are not compliant with IEEE 802.3 may not support the larger frame size.
Assigning Interfaces to a VLAN You can only assign interfaces in Layer 2 mode to a VLAN using the tagged and untagged commands. To place an interface in Layer 2 mode, use the switchport command. You can further designate these Layer 2 interfaces as tagged or untagged. For more information, refer to the Interfaces chapter and Configuring Layer 2 (Data Link) Mode.
Moving Untagged Interfaces To move untagged interfaces from the Default VLAN to another VLAN, use the following commands. 1. Access INTERFACE VLAN mode of the VLAN to which you want to assign the interface. CONFIGURATION mode interface vlan vlan-id 2. Configure an interface as untagged. INTERFACE mode untagged interface This command is available only in VLAN interfaces. The no untagged interface command removes the untagged interface from a port-based VLAN and places the interface in the Default VLAN.
In the Dell Networking OS, you can place VLANs and other logical interfaces in Layer 3 mode to receive and send routed traffic. For more information, refer to Bulk Configuration. To assign an IP address, use the following command. ● Configure an IP address and mask on the interface. INTERFACE mode ip address ip-address mask [secondary] ○ ip-address mask — Enter an address in dotted-decimal format (A.B.C.D) and the mask must be in slash format (/24). ○ secondary — This is the interface’s backup IP address.
Default: the default VLAN is enabled (no default-vlan disable).
65 Virtual Link Trunking (VLT) Dell Networking OS supports virtual link trunking (VLT).
require state information coordinating between the two VLT chassis. IGMP and VLT configurations must be identical on both sides of the trunk to ensure the same behavior on both sides. Figure 130. Virtual Link Trunking Multi-domain VLT A multi-domain VLT (mVLT) configuration creates a port channel between two VLT domains by allowing two different VLT domains, using different VLT Domain ID numbers, connected by a standard LACP LAG to form a loop-free Layer 2 topology in the aggregation layer.
Figure 131. Multi-Domain VLT Example VLT Terminology The following are key VLT terms. ● Virtual link trunk (VLT) — The combined port channel between an attached device and the VLT peer switches. ● VLT backup link — The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, periodic keep alive messages between the VLT peer switches. ● VLT interconnect (VLTi) — The link used to synchronize states between the VLT peer switches. Both ends must be on 10G or 40G interfaces.
● If you reboot both VLT peers in BMP mode and the VLT LAGs are static, the DHCP server reply to the DHCP discover offer may not be forwarded by the ToR to the correct node. To avoid this scenario, configure the VLT LAGs to the ToR and the ToR port channel to the VLT peers with LACP. If supported by the ToR, enable the lacp-ungroup feature on the ToR using the lacp ungroup member-independent port-channel command. ● If the lacp-ungroup feature is not supported on the ToR, reboot the VLT peers one at a time.
○ The port channel must be in Default mode (not Switchport mode) to have VLTi recognize it. ○ The system automatically includes the required VLANs in VLTi. You do not need to manually select VLANs. ○ VLT peer switches operate as separate chassis with independent control and data planes for devices attached to non-VLT ports. ○ Port-channel link aggregation (LAG) across the ports in the VLT interconnect is required; individual ports are not supported.
● ● ● ● ● ○ VLT allows multiple active parallel paths from access switches to VLT chassis. ○ VLT supports port-channel links with LACP between access switches and VLT peer switches. Dell Networking recommends using static port channels on VLTi. ○ If VLTi connectivity with a peer is lost but the VLT backup connectivity indicates that the peer is still alive, the VLT ports on the Secondary peer are orphaned and are shut down.
interconnect fails, the VLT software on the primary switch checks the status of the remote peer using the backup link. If the remote peer is up, the secondary switch disables all VLT ports on its device to prevent loops.
VLT Port Delayed Restoration With the Dell Networking OS version 8.3.12.0, when a VLT node boots up, if the VLT ports have been previously saved in the start-up configuration, they are not immediately enabled. To ensure MAC and ARP entries from the VLT per node are downloaded to the newly enabled VLT node, the system allows time for the VLT ports on the new node to be enabled and begin receiving traffic.
Figure 132. PIM-Sparse Mode Support on VLT On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes is elected as the PIM designated router. If you configured IGMP snooping along with PIM on the VLT VLANs, you must configure VLTi as the static multicast router port on both VLT peer switches. This ensures that for first hop routers, the packets from the source are redirected to the designated router (DR) if they are incorrectly hashed.
VLT Multicast VLT multicast provides multiple alternate paths for resiliency against link and node failures. This feature supports inter-server multicast communication between top-of-rack (ToR) switches using an inter-VLAN Layer 3 routing protocol (for example, PIM, IS-IS, or OSPF). It also provides traffic resiliency during multicast routing convergence after failure without disrupting or altering multicast routing behavior. Layer 2 protocols from the ToR to the server are intra-rack and inter-rack.
VLT Unicast Routing VLT unicast locally routes packets destined for the L3 endpoint of the VLT peer. This method avoids sub-optimal routing. Peer-routing syncs the MAC addresses of both VLT peers and requires two local DA entries in TCAM. In case a VLT node is down, resiliency is provided by a timer that allows you to configure the amount of time needed for peer recovery.
RSTP Configuration RSTP is supported in a VLT domain. Before you configure VLT on peer switches, configure RSTP in the network. RSTP is required for initial loop prevention during the VLT startup phase. You may also use RSTP for loop prevention in the network outside of the VLT port channel. For information about how to configure RSTP, Rapid Spanning Tree Protocol (RSTP). Run RSTP on both VLT peer switches.
Configure RSTP on VLT Peers to Prevent Forwarding Loops (VLT Peer 2) Dell_VLTpeer2(conf)#protocol spanning-tree rstp Dell_VLTpeer2(conf-rstp)#no disable Dell_VLTpeer2(conf-rstp)#bridge-priority 0 Configuring VLT To configure virtual link trunking and create a VLT domain in which two switches are physically connected and treated as a single port channel by access devices, you must configure the following settings on each VLT peer device.
interface managementethernet slot/ port Enter the slot (0-1) and the port (0). 2. Configure an IPv4 address (A.B.C.D) or IPv6 address (X:X:X:X::X) and mask (/x) on the interface. MANAGEMENT INTERFACE mode {ip address ipv4-address/ mask | ipv6 address ipv6-address/ mask} This is the IP address to be configured on the VLT peer with the back-up destination command. 3. Ensure that the interface is active. MANAGEMENT INTERFACE mode no shutdown 4. Repeat Steps 1 to 3 on the VLT peer switch.
4. (Optional) When you create a VLT domain on a switch, the system automatically assigns a unique unit ID (0 or 1) to each peer switch. VLT DOMAIN CONFIGURATION mode unit-id {0 | 1} To explicitly configure the default values on each peer switch, use the unit-id command. Configure a different unit ID (0 or 1) on each peer switch. Unit IDs are used for internal system operations.
vlt domain domain-id The range of domain IDs is from 1 to 1000. 2. Enter the port-channel number that acts as the interconnect trunk. VLT DOMAIN CONFIGURATION mode peer-link port-channel id-number The range is from 1 to 128. 3. Enter the VLAN ID number of the VLAN where the VLT forwards packets received on the VLTi from an adjacent peer that is down. VLT DOMAIN CONFIGURATION mode peer-down-vlan vlan interface number The range is from 1 to 4094.
7. When you create a VLT domain on a switch, the system automatically assigns a unique unit ID (0 or 1) to each peer switch. The unit IDs are used for internal system operations. VLT DOMAIN CONFIGURATION mode unit-id {0 | 1} Use the unit-id command to explicitly configure the default values on each peer switch. You must configure a different unit ID (0 or 1) on each peer switch.
● Display detailed information about the VLT-domain configuration, including local and peer port-channel IDs, local VLT switch status, and number of active VLANs on each port channel. EXEC mode show vlt detail ● Display the VLT peer status, role of the local VLT switch, VLT system MAC address and system priority, and the MAC address and priority of the locally-attached VLT device. EXEC mode show vlt role ● Display the current configuration of all VLT domains or a specified group on the switch.
VLT Peer Status Version Local System MAC address Remote System MAC address Remote system version Delay-Restore timer : Up : : : : Delay-Restore Abort Threshold Peer-Routing Peer-Routing-Timeout timer Multicast peer-routing timeout Dell# : 6(3) 00:01:e8:8a:e9:91 00:01:e8:8a:e9:76 6(3) 90 seconds : 60 seconds : Disabled : 0 seconds : 150 seconds Example of the show vlt detail Command Dell_VLTpeer1# show vlt detail Local LAG Id -----------100 127 Peer LAG Id ----------100 2 Local Status Peer Status Acti
HeartBeat Messages Sent: HeartBeat Messages Received: ICL Hello's Sent: ICL Hello's Received: 987 986 148 98 Dell_VLTpeer2# show vlt statistics VLT Statistics ---------------HeartBeat Messages Sent: HeartBeat Messages Received: ICL Hello's Sent: ICL Hello's Received: 994 978 89 89 Example of the show spanning-tree rstp Command The bold section displays the RSTP state of port channels in the VLT domain. Port channel 100 is used in the VLT interconnect trunk (VLTi) to connect to VLT peer2.
CONFIGURATION mode interface port-channel port-channel id NOTE: To benefit from the protocol negotiations, Dell Networking recommends configuring VLTs used as facing hosts/ switches with LACP. Both peers must use the same port channel ID. 3. Configure the peer-link port-channel in the VLT domains of each peer unit. INTERFACE PORTCHANNEL mode channel-member 4. Configure the backup link between the VLT peer units.
Configure the backup link between the VLT peer units 1. Configure the peer 2 management ip/ interface ip for which connectivity is present in VLT peer 1. 2. Configure the peer 1 management ip/ interface ip for which connectivity is present in VLT peer 2. fniom-2#show running-config vlt ! vlt domain 5 peer-link port-channel 1 back-up destination 10.11.206.58 fniom-2# fniom-2#show interfaces managementethernet 0/0 Internet address is 10.11.206.
interface Port-channel 2 no ip address switchport vlt-peer-lag port-channel 2 no shutdown fniom-4# fniom-4#show interfaces port-channel 2 brief Codes: L - LACP Port-channel LAG Mode Status Uptime Ports L 2 L2L3 up 03:33:14 Te 0/40 (Up) fniom-4# In the ToR unit, configure LACP on the physical ports fniom-1#show running-config interface tengigabitethernet 0/48 ! interface TenGigabitEthernet 0/48 no ip address ! port-channel-protocol LACP port-channel 100 mode active fniom-1#show running-config interface tengi
------------ ----------- ------------ ------------ ------------10 10 UP UP 100, 200, 300, 400, Verify the VLT LAG is up in both VLT peer units fniom-2#show interfaces port-channel 2 brief Codes: L - LACP Port-channel LAG Mode Status Uptime Ports L 2 L2L3 up 03:43:24 Te 0/40 (Up) fniom-2# fniom-4#show interfaces port-channel 2 brief Codes: L - LACP Port-channel LAG Mode Status Uptime Ports L 2 L2L3 up 03:33:31 Te 0/18 (Up) fniom-4# PVST+ Configuration PVST+ is supported in a VLT domain.
Po Po Te Te 1 2 0/100 0/103 Interface Name ---------Po 1 Po 2 Te 0/100 Te 0/103 Dell# 128.2 128.3 128.230 128.233 Role -----Desg Desg Desg Desg 128 128 128 128 188 2000 2000 2000 PortID -------128.2 128.3 128.230 128.233 Prio ---128 128 128 128 FWD(vltI) FWD(vlt) FWD FWD Cost ------188 2000 2000 2000 0 0 0 0 Sts ----------FWD FWD FWD FWD 0 0 0 0 90b1.1cf4.9b79 128.2 90b1.1cf4.9b79 128.3 90b1.1cf4.9b79 128.230 90b1.1cf4.9b79 128.
Domain_1_Peer1(conf-vlt-domain)#back-up destination 10.16.130.
Domain_2_Peer3(conf-vlt-domain)#system-mac mac-address 00:0b:00:0b:00:0b Domain_2_Peer3(conf-vlt-domain)#unit-id 0 Configure mVLT on Peer 3 Domain_2_Peer3(conf)#interface port-channel 100 Domain_2_Peer3(conf-if-po-100)#switchport Domain_2_Peer3(conf-if-po-100)#vlt-peer-lag port-channel 100 Domain_2_Peer3(conf-if-po-100)#no shutdown Add links to the mVLT port-channel on Peer 3 Domain_2_Peer3(conf)#interface range tengigabitethernet 0/19 - 20 Domain_2_Peer3(conf-if-range-te-0/16-17)#port-channel-protocol LA
Example of Configuring PIM-Sparse Mode Enable PIM Multicast Routing on the VLT node globally. VLT_Peer1(conf)#ip multicast-routing Enable PIM on the VLT port VLANs. VLT_Peer1(conf)#interface vlan 4001 VLT_Peer1(conf-if-vl-4001)#ip address 140.0.0.
Dell_VLTpeer1(conf-if-po-100)#channel-member tengigabitethernet 0/5,6 Dell_VLTpeer1(conf-if-po-100)#no shutdown Dell_VLTpeer1(conf-if-po-100)#exit Configure the port channel to an attached device.
NUM Status Description Q Ports 10 Active U Po110(Te 0/8) T Po100(Te 0/3,4) Verifying a Port-Channel Connection to a VLT Domain (From an Attached Access Switch) On an access device, verify the port-channel connection to a VLT domain.
Table 113. Troubleshooting VLT (continued) Description Behavior at Peer Up Behavior During Run Time Action to Take System MAC mismatch A syslog error message and an A syslog error message and an Verify that the unit ID of VLT SNMP trap are generated. SNMP trap are generated. peers is not the same on both units and that the MAC address is the same on both units. Unit ID mismatch The VLT peer does not boot up. The VLTi is forced to a down state. The VLT peer does not boot up.
● Configure the VLTi link to be in trunk mode. Do not configure the VLTi link to be in access or promiscuous mode. ● You can configure a VLT LAG or port channel to be in trunk, access, or promiscuous port modes when you include the VLT LAG in a PVLAN. The VLT LAG settings must be the same on both the peers. If you configure a VLT LAG as a trunk port, you can associate that LAG to be a member of a normal VLAN or a PVLAN.
PVLAN Operations When a VLT Peer is Restarted When the VLT peer node is rebooted, the VLAN membership of the VLTi link is preserved and when the peer node comes back online, a verification is performed with the newly received PVLAN configuration from the peer. If any differences are identified, the VLTi link is either added or removed from the VLAN. When the peer node restarts and returns online, all the PVLAN configurations are exchanged across the peers.
Table 114.
Enter the same port-channel number configured with the peer-link port-channel command. NOTE: To be included in the VLTi, the port channel must be in Default mode (no switchport or VLAN assigned). 2. Remove an IP address from the interface. INTERFACE PORT-CHANNEL mode no ip address 3. Add one or more port interfaces to the port channel. INTERFACE PORT-CHANNEL mode channel-member interface interface: specify one of the following interface types: ● 1-Gigabit Ethernet: Enter gigabitethernet slot/port.
interface vlan vlan-id 6. Enable the VLAN. INTERFACE VLAN mode no shutdown 7. To obtain maximum VLT resiliency, configure the PVLAN IDs and mappings to be identical on both the VLT peer nodes. Set the PVLAN mode of the selected VLAN to primary. INTERFACE VLAN mode private-vlan mode primary 8. Map secondary VLANs to the selected primary VLAN.
The IP address of the VLT node VLAN interface is synchronized with the VLT peer over ICL when the VLT peers are up. Whenever an IP address is added or deleted, this updated information is synchronized with the VLT peer. IP address synchronization occurs regardless of the VLAN administrative state. IP address addition and deletion serve as the trigger events for synchronization. When a VLAN state is down, the VLT peer might perform a proxy ARP operation for the IP addresses of that VLAN interface.
Configure VLT LAG as VLAN-Stack Access or Trunk Port Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#switchport Dell(conf-if-po-10)#vlt-peer-lag port-channel 10 Dell(conf-if-po-10)#vlan-stack access Dell(conf-if-po-10)#no shutdown Dell#show running-config interface port-channel 10 ! interface Port-channel 10 no ip address switchport vlan-stack access vlt-peer-lag port-channel 10 no shutdown Dell# Dell(conf)#interface port-channel 20 Dell(conf-if-po-20)#switchport Dell(conf-if-po-20)#vlt-peer-lag po
Configure VLT LAG as VLAN-Stack Access or Trunk Port Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#switchport Dell(conf-if-po-10)#vlt-peer-lag port-channel 10 Dell(conf-if-po-10)#vlan-stack access Dell(conf-if-po-10)#no shutdown Dell#show running-config interface port-channel 10 ! interface Port-channel 10 no ip address switchport vlan-stack access vlt-peer-lag port-channel 10 no shutdown Dell# Dell(conf)#interface port-channel 20 Dell(conf-if-po-20)#switchport Dell(conf-if-po-20)#vlt-peer-lag po
ToR 1. Enable BFD globally. TOR(conf)# bfd enable 2. Configure a VLT peer LAG. 3. Configure the port channel for the VLT interconnect on a ToR. TOR(conf)# interface TOR(conf-if-po-111)# TOR(conf-if-po-111)# TOR(conf-if-po-111)# port-channel 10 no ip address switchport no shutdown 4. Configure a VLAN. TOR(conf)#interface vlan 100 TOR(conf-if-vl-100)#ip address 100.1.1.
3. Enable VLT and configure a VLT domain. VLT_Primary(conf)# vlt domain VLT_Primary(conf-vlt-domain)# VLT_Primary(conf-vlt-domain)# VLT_Primary(conf-vlt-domain)# 100 peer-link port-channel 100 back-up destination 10.16.206.199 peer-routing 4. Configure a VLT peer LAG. VLT_Primary(conf)#interface port-channel 10 VLT_Primary(conf-if-po-10)#no ip address VLT_Primary(conf-if-po-10)#switchport VLT_Primary(conf-if-po-10)#vlt-peer-lag port-channel 10 VLT_Primary(conf-if-po-10)#no shutdown 5. Configure a VLAN.
6. Enable BFD over OSPF. VLT_Secondary(conf)# router ospf 1 VLT_Secondary(conf-router_ospf)# network 100.1.1.0/24 area 0 VLT_Secondary(conf-router_ospf)# bfd all-neighbors Verify the BFD configuration in each node using the following show commands: ● To verify the BFD neighbors in the ToR, use show bfd neighbors command. TOR#show bfd neighbors LocalAddr RemoteAddr * 100.1.1.3 100.1.1.1 * 100.1.1.3 100.1.1.
66 Virtual Router Redundancy Protocol (VRRP) Dell Networking OS supports virtual router redundancy protocol (VRRP). Topics: • • • • • VRRP Overview VRRP Benefits VRRP Implementation VRRP Configuration Sample Configurations VRRP Overview VRRP is designed to eliminate a single point of failure in a statically routed network. VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a local area network (LAN).
Figure 134. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to converge or update routing tables.
Table 115. Recommended VRRP Advertise Intervals Recommended Advertise Interval Groups/Interface Less than 250 1 second 255 Between 250 and 450 2–3 seconds 255 Between 450 and 600 3–4 seconds 255 VRRP Configuration By default, VRRP is not configured. Configuration Task List The following list specifies the configuration tasks for VRRP.
no shutdown Dell(conf-if-te-1/1)# Configuring the VRRP Version for an IPv4 Group For IPv4, you can configure a VRRP group to use one of the following VRRP versions: ● VRRPv2 as defined in RFC 3768, Virtual Router Redundancy Protocol (VRRP) ● VRRPv3 as defined in RFC 5798, Virtual Router Redundancy Protocol (VRRP) Version 3 for IPv4 and IPv6 You can also migrate a IPv4 group from VRRPv2 to VRRP3. To configure the VRRP version for IPv4, use the version command in INTERFACE mode.
Configuring a Virtual IP Address To configure a virtual IP address, use the following commands. 1. Configure a VRRP group. INTERFACE mode vrrp-group vrrp-id The VRID range is from 1 to 255. 2. Configure virtual IP addresses for this VRID. INTERFACE -VRID mode virtual-address ip-address1 [...ip-address12] The range is up to 12 addresses. Example of the virtual-address Command Dell(conf-if-te-1/1-vrid-111)#virtual-address 10.10.10.1 Dell(conf-if-te-1/1-vrid-111)#virtual-address 10.10.10.
Setting VRRP Group (Virtual Router) Priority Setting a virtual router priority to 255 ensures that router is the “owner” virtual router for the VRRP group. VRRP elects the MASTER router by choosing the router with the highest priority. The default priority for a virtual router is 100. The higher the number, the higher the priority. If the MASTER router fails, VRRP begins the election process to choose a new MASTER router based on the next-highest priority.
○ encryption-type: 0 indicates unencrypted; 7 indicates encrypted. ○ password: plain text. Example of authentication-type Command The bold section shows the encryption type (encrypted) and the password. Dell(conf-if-te-1/1-vrid-111)#authentication-type ? Dell(conf-if-te-1/1-vrid-111)#authentication-type simple 7 force10 Example of Verifying the Configuration of VRRP Authentication The bold section shows the encrypted password.
Changing the Advertisement Interval By default, the MASTER router transmits a VRRP advertisement to all members of the VRRP group every one second, indicating it is operational and is the MASTER router. If the VRRP group misses three consecutive advertisements, the election process begins and the BACKUP virtual router with the highest priority transitions to MASTER.
For a virtual group, you can track the line-protocol state or the routing status of any of the following interfaces with the interface interface parameter: ● 10 Gigabit Ethernet: enter tengigabitethernet slot/port. ● Port channel: enter port-channel number. ● VLAN: enter vlan vlan-id where valid VLAN IDs are from 1 to 4094. For a virtual group, you can also track the status of a configured object (the track object-id command) by entering its object number.
Example of Viewing Tracking Status Dell#show track Track 2 IPv6 route 2040::/64 metric threshold Metric threshold is Up (STATIC/0/0) 5 changes, last change 00:02:16 Metric threshold down 255 up 254 First-hop interface is GigabitEthernet 13/2 Tracked by: VRRP GigabitEthernet 7/30 IPv6 VRID 1 Track 3 IPv6 route 2050::/64 reachability Reachability is Up (STATIC) 5 changes, last change 00:02:16 First-hop interface is GigabitEthernet 13/2 Tracked by: VRRP GigabitEthernet 7/30 IPv6 VRID 1 Example of Viewing VRRP
vrrp delay reload seconds This time is the gap between system boot up completion and VRRP enabling. The seconds range is from 0 to 900. The default is 0. Sample Configurations Before you set up VRRP, review the following sample configurations. VRRP for an IPv4 Configuration The following configuration shows how to enable IPv4 VRRP. This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration.
Example of Configuring VRRP for IPv4 R2(conf)#int tengig 2/31 R2(conf-if-te-2/31)#ip address 10.1.1.1/24 R2(conf-if-te-2/31)#vrrp-group 99 R2(conf-if-te-2/31-vrid-99)#priority 200 R2(conf-if-te-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-te-2/31-vrid-99)#no shut R2(conf-if-te-2/31)#show conf ! interface Tengigabitethernet 2/31 ip address 10.1.1.1/24 ! vrrp-group 99 priority 200 virtual-address 10.1.1.
67 Debugging and Diagnostics This chapter contains the following sections:.
Te 0/8 (Up) Dell#show uplink-state-group 1 detail (Up): Interface up (Dwn): Interface down Uplink State Group Defer Timer Upstream Interfaces Downstream Interfaces : : : : 1 10 Po Te Te (Dis): Interface disabled Status: Enabled, Up sec 128(Up) 0/1(Up) Te 0/2(Up) Te 0/3(Dwn) Te 0/4(Dwn) Te 0/5(Up) 0/6(Dwn) Te 0/7(Dwn) Te 0/8(Up) 2. Verify that the downstream port channel in the top-of-rack switch that connect to the Aggregator is configured correctly.
Q U T Vlans 1 2-4094 Native VlanId: 1 2. Assign the port to a specified group of VLANs (vlan tagged command) and re-display the port mode status..
Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: ● Level 0 — Level 0 diagnostics check for the presence of various components and perform essential path verifications. In addition, Level 0 diagnostics verify the identification registers of the components on the board. ● Level 1 — A smaller set of diagnostic tests.
show system brief Dell#show system brief Stack MAC : 00:1e:c9:de:03:7b -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports -----------------------------------------------------------------------------------0 Management offline PE-FN-410S-IOA PE-FN-410S-IOA 1-0(0-1862) 12 1 Member not present 2 Member not present 3 Member not present 4 Member not present 5 Member not present Dell# Trace Logs In addition to the syslog buffer, the Dell Networking OS buffers trace messages which are continuously wr
show hardware stack-unit {0-5} cpu data-plane statistics This view provides insight into the packet types entering the CPU to see whether CPU-bound traffic is internal (IPC traffic) or network control traffic, which the CPU must process. ● View the modular packet buffers details per stack unit and the mode of allocation. EXEC Privilege mode show hardware stack-unit {0-5} buffer total-buffer ● View the modular packet buffers details per unit and the mode of allocation.
Environmental Monitoring Aggregator components use environmental monitoring hardware to detect transmit power readings, receive power readings, and temperature updates. To receive periodic power updates, you must enable the following command. ● Enable environmental monitoring.
Unit0 Dell# 58 61 84 86 90 Troubleshoot an Over-Temperature Condition To troubleshoot an over-temperature condition, use the following information. 1. Use the show environment commands to monitor the temperature levels. 2. Check air flow through the system. Ensure that the air ducts are clean and that all fans are working correctly. 3. After the software has determined that the temperature levels are within normal limits, you can re-power the card safely.
Table 117. SNMP Traps and OIDs (continued) OID String OID Name Description .1.3.6.1.4.1.6027.3.10.1.2.5.1.8 chSysPortXfpTxPower OID displays the transmitting power of the connected optics. chSysPortXfpRecvTemp OID displays the temperature of the connected optics. NOTE: These OIDs only generate if you enable the enable optic-info-update-interval is enabled command. .1.3.6.1.4.1.6027.3.27.1.
Displaying Drop Counters To display drop counters, use the following commands. ● Identify which stack unit, port pipe, and port is experiencing internal drops. show hardware stack-unit 0–11 drops [unit 0 [port 0–63]] ● Display drop counters. show hardware stack-unit drops unit port ● Identify which interface is experiencing internal drops.
HOL DROPS on COS12 HOL DROPS on COS13 HOL DROPS on COS14 HOL DROPS on COS15 HOL DROPS on COS16 HOL DROPS on COS17 TxPurge CellErr Aged Drops --- Egress MAC counters--Egress FCS Drops --- Egress FORWARD PROCESSOR IPv4 L3UC Aged & Drops TTL Threshold Drops INVALID VLAN CNTR Drops L2MC Drops PKT Drops of ANY Conditions Hg MacUnderflow TX Err PKT Counter --- Error counters--Internal Mac Transmit Errors Unknown Opcodes Internal Mac Receive Errors : : : : : : : : 0 0 0 0 0 0 0 0 : 0 Drops : 0 : 0 : 0 : 0 : 0 :
txPkt(COS5) txPkt(COS6) txPkt(COS7) txPkt(UNIT0) :0 :0 :0 :0 The show hardware stack-unit cpu party-bus statistics command displays input and output statistics on the party bus, which carries inter-process communication traffic between CPUs Example of Viewing Party Bus Statistics Dell#show hardware stack-unit 2 cpu party-bus statistics Input Statistics: 27550 packets, 2559298 bytes 0 dropped, 0 errors Output Statistics: 1649566 packets, 1935316203 bytes 0 errors Displaying Stack Port Statistics The show
You must enable this utility to be able to configure the parameters for buffer statistics tracking. By default, buffer statistics tracking is disabled. 3.
4. Use show hardware buffer-stats-snapshot resource interface interface{priority-group { id | all } | queue { ucast{id | all}{ mcast {id | all} | all} to view buffer statistics tracking resource information for a specific interface.
-----------------------0 Success Power-cycling the unit(s). ....
68 Standards Compliance This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking Operating System (OS), the system also supports predecessor standards. One way to search for predecessor standards is to use the http:// tools.ietf.org/ website. Click “Browse and search IETF documents,” enter an RFC number, and inspect the top of the resulting document for obsolescence citations to related RFCs.
General Internet Protocols The following table lists the Dell Networking OS support per platform for general internet protocols. Table 118.
Network Management The following table lists the Dell Networking OS support per platform for network management protocol. Table 120.
Table 120.
Table 120. Network Management (continued) RFC# Full Name IEEE 802.1Qaz Management Information Base extension module for IEEE 802.1 organizationally defined discovery information (LDP-EXT-DOT1-DCBXMIB) IEEE 802.1Qbb Priority-based Flow Control module for managing IEEE 802.1Qbb MIB Location You can find Force10 MIBs under the Force10 MIBs subhead on the Documentation page of iSupport: https://www.force10networks.com/csportal20/KnowledgeBase/Documentation.
69 FC Flex IO Modules This part provides a generic, broad-level description of the operations, capabilities, and configuration commands of the Fiber Channel (FC) Flex IO module. FC Flex IO Module mentioned in this guide refers to FCF Port Combo Card.
By installing an FC Flex IO module, you can enable the FN IOM to directly connect to an existing FC SAN network. The FC Flex IO module uses the existing slots on the FN IOM and provides four or eight FC ports up to speed of 8 GbE per second. You can connect all of the FC ports to the same FC SAN fabric to yield FC bandwidth of up to 64GB. It is possible to connect some of the ports to a different FC SAN fabric to provide access to multiple fabric devices.
Guidelines for Working with FC Flex IO Modules The following guidelines apply to the FC Flex IO module: ● All the ports of FC Flex IO modules operate in FC mode, and do not support Ethernet mode. ● FC Flex IO modules are not supported in the chassis management controller (CMC) GUI. ● The only supported FCoE functionality is NPIV proxy gateway. Configure the other FCoE services, such as name server, zone server, and login server on an external FC switch.
● 4G or 8G Fibre Channel SFP+ optics module and LC connectors over a distance of 4 km. CAUTION: Electrostatic discharge (ESD) damage can occur if the components are mishandled. Always wear an ESDpreventive wrist or heel ground strap when handling the FC Flex IO module and its components. WARNING: When working with optical fibres, follow all the warning labels and always wear eye protection. Never look directly into the end of a terminated or unterminated fibre or connector as it may cause eye damage. 1.
Installing and Configuring the Switch After you unpack the FN IOM, refer to the flow chart in the following figure for an overview of the steps you must follow to install the blade and perform the initial configuration. Figure 136. Installing and Configuring Flowchart for FC Flex IO Modules To see if a switch is running the latest Dell Networking OS version, use the show version command. To download a Dell Networking OS version, go to http://support.dell.com.
1. Decrease the maximum temperature by 1°C (1.8°F) per 300 m (985 ft.) above 900 m (2955 ft.). 2. Relative Humidity — The operating relative humidity is 8 percent to 85 percent (non‑condensing) with a maximum humidity gradation of 10 percent per hour.
● Internal tables of the switch are then programmed to enable the gateway device to forward FCoE traffic directly back and forth between the devices. ● The FC Flex IO module sends an FC or FCoE registered state change notification (RSCN) message to the upstream or downstream devices whenever an error occurs in the appropriate direction. ● An F_Port is a port on an FC switch that connects to an N_Port of an FC device and is called a fabric port.
Data Center Bridging (DCB) Data center bridging (DCB) is supported on the FC Flex IO module installed in the FN IOM. Ethernet Enhancements in Data Center Bridging The following section describes DCB.
pauses traffic on a link according to the 802.1p priority set on a traffic type. You can create lossless flows for storage and server traffic while allowing for loss in case of LAN traffic congestion on the same physical interface. The following illustration shows how PFC handles traffic congestion by pausing the transmission of incoming traffic with dot1p priority 3. Figure 139. Priority-Based Flow Control In the system, PFC is implemented as follows: ● PFC is supported on specified 802.
Figure 140. Enhanced Transmission Selection The following table lists the traffic groupings ETS uses to select multiprotocol traffic for transmission. Table 121. ETS Traffic Groupings Traffic Groupings Description Priority group A group of 802.1p priorities used for bandwidth allocation and queue scheduling. All 802.1p priority traffic in a group must have the same traffic handling requirements for latency and frame loss. Group ID A 4-bit identifier assigned to each priority group.
dcb-map name 2. Configure the PFC setting (on or off) and the ETS bandwidth percentage allocated to traffic in each priority group, or whether the priority group traffic should be handled with strict priority scheduling. You can enable PFC on a maximum of two priority queues on an interface. Enabling PFC for dot1p priorities makes the corresponding port queue lossless. The sum of all allocated bandwidth percentages in all groups in the DCB map must be 100%. Strict-priority traffic is serviced first.
dcb-map name Dell# interface tengigabitEthernet 0/0 Dell(config-if-te-0/0)# dcb-map SAN_A_dcb_map1 Repeat Steps 1 and 2 to apply a DCB map to more than one port.You cannot apply a DCB map on an interface that has been already configured for PFC using thepfc priority command or which is already configured for lossless queues (pfc no-drop queues command).
exit 5. Apply the DCB map, created to disable the PFC operation, on the interface. INTERFACE mode dcb-map {name | default} 6. Configure the port queues that still function as no-drop queues for lossless traffic.You cannot configure PFC no-drop queues on an interface on which a DCB map with PFC enabled has been applied, or which is already configured for PFC using the pfc priority command.The maximum number of lossless queues globally supported on a port is 2.Range: 0-3.
Enabling Data Center Bridging Data center bridging is enabled by default on an FN IOM to support converged enhanced Ethernet (CEE) in a data center network. A ● ● ● ● prerequisite for configuring DCB: Priority-based flow control Enhanced transmission selection Data center bridging exchange protocol FCoE initialization protocol (FIP) snooping DCB processes virtual local area network (VLAN)-tagged packets and dot1p priority values. Untagged packets are treated with a dot1p priority of 0.
dot1p Value in Egress Queue Assignment the Incoming Frame 0 0 1 0 2 0 3 1 4 2 5 3 6 3 7 3 NOTE: If you reconfigure the global dot1p-queue mapping, an automatic re-election of the DCBX configuration source port is performed (refer to Configuration Source Election). Configure Enhanced Transmission Selection ETS provides a way to optimize bandwidth allocation to outbound 802.1p classes of converged Ethernet traffic. Different traffic types have different service needs.
If you configure only the priority group in an ETS output policy or only the dot1p priority for strict-priority scheduling, the flow is handled with group strict priority. Configuring Bandwidth Allocation for DCBx CIN After you apply an ETS output policy to an interface, if the DCBx version used in your data center network is CIN, you may need to configure a QoS output policy to overwrite the default CIN bandwidth allocation.
DCBx is a prerequisite for using DCB features, such as priority-based flow control (PFC) and enhanced traffic selection (ETS), to exchange link-level configurations in a converged Ethernet environment. DCBx is also deployed in topologies that support lossless operation for FCoE or iSCSI traffic. In these scenarios, all network devices are DCBx-enabled (DCBx is enabled end-to-end).
is generated. The network administrator must then reconfigure the peer device so that it advertises a compatible DCB configuration. The internally propagated configuration is not stored in the switch’s running configuration. On a DCBX port in an auto-downstream role, all PFC, application priority, ETS recommend, and ETS configuration TLVs are enabled. Configuration source The port is configured to serve as a source of configuration information on the switch.
Configuration Source Election When an auto-upstream or auto-downstream port receives a DCB configuration from a peer, the port first checks to see if there is an active configuration source on the switch. ● If a configuration source already exists, the received peer configuration is checked against the local port configuration. If the received configuration is compatible, the DCBx marks the port as DCBx-enabled.
NOTE: Because DCBx TLV processing is best effort, it is possible that CIN frames may be processed when DCBx is configured to operate in CEE mode and vice versa. In this case, the unrecognized TLVs cause the unrecognized TLV counter to increment, but the frame is processed and is not discarded. Legacy DCBx (CIN and CEE) supports the DCBx control state machine that is defined to maintain the sequence number and acknowledge the number sent in the DCBx control TLVs.
DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port: ● For DCBx, on a port interface, enable LLDP in both Send (TX) and Receive (RX) mode (the protocol lldp mode command; refer to the example in CONFIGURATION versus INTERFACE Configurations in the Link Layer Discovery Protocol (LLDP) chapter). If multiple DCBx peer ports are detected on a local DCBx interface, LLDP is shut down.
NOTE: You can configure the transmission of more than one TLV type at a time; for example, advertise DCBx-tlv ets-conf ets-reco. You can enable ETS recommend TLVs (ets-reco) only if you enable ETS configuration TLVs (ets-conf). To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-tlv pfc ets-reco. 6. On manual ports only: Configure the Application Priority TLVs advertised on the interface to DCBx peers.
● fcoe: enables the advertisement of FCoE in Application Priority TLVs. ● iscsi: enables the advertisement of iSCSI in Application Priority TLVs. The default is Application Priority TLVs are enabled and advertise FCoE and iSCSI. NOTE: To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-applntlv iscsi. For information about how to use FCoE and iSCSI, refer to Fibre Channel over Ethernet and iSCSI Optimization. 6.
○ config-exchng: enables traces for DCBx configuration exchanges. ○ fail: enables traces for DCBx failures. ○ mgmt: enables traces for DCBx management frames. ○ resource: enables traces for DCBx system resource frames. ○ sem: enables traces for the DCBx state machine. ○ tlv: enables traces for DCBx TLVs. Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 122.
State Machine Type is Feature TLV Tx Status is enabled PFC Link Delay 45556 pause quantams Application Priority TLV Parameters : -------------------------------------FCOE TLV Tx Status is disabled ISCSI TLV Tx Status is disabled Local FCOE PriorityMap is 0x8 Local ISCSI PriorityMap is 0x10 Remote FCOE PriorityMap is 0x8 Remote ISCSI PriorityMap is 0x8 Dell# show interfaces tengigabitethernet 0/49 pfc detail Interface TenGigabitEthernet 0/49 Admin mode is on Admin is enabled Remote is enabled Remote Willing
Table 123. show interface pfc summary Command Description (continued) Fields Description State Machine Type Type of state machine used for DCBx exchanges of PFC parameters: ● Feature: for legacy DCBx versions ● Symmetric: for an IEEE version TLV Tx Status Status of PFC TLV advertisements: enabled or disabled. PFC Link Delay Link delay (in quanta) used to pause specified priority traffic.
Priority# Bandwidth TSA 0 1 2 3 4 5 6 7 Remote Parameters: ------------------Remote is disabled Local Parameters : -----------------Local is enabled TC-grp Priority# 0 0,1,2,3,4,5,6,7 1 2 3 4 5 6 7 13% 13% 13% 13% 12% 12% 12% 12% ETS ETS ETS ETS ETS ETS ETS ETS Bandwidth 100% 0% 0% 0% 0% 0% 0% 0% TSA ETS ETS ETS ETS ETS ETS ETS ETS Priority# Bandwidth 0 13% 1 13% 2 13% 3 13% 4 12% 5 12% 6 12% 7 12% Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled 0 Input Conf T
Remote Parameters: ------------------Remote is disabled Local Parameters : -----------------Local is enabled TC-grp Priority# 0 0,1,2,3,4,5,6,7 1 2 3 4 5 6 7 Bandwidth 100% 0% 0% 0% 0% 0% 0% 0% Priority# Bandwidth 0 13% 1 13% 2 13% 3 13% 4 12% 5 12% 6 12% 7 12% Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled 0 Input Conf TLV Pkts, 0 Output Conf TLV 0 Input Traffic Class TLV Pkts, 0 Output TLV Pkts TSA ETS ETS ETS ETS ETS ETS ETS ETS TSA ETS ETS ETS ETS ETS ETS E
Table 124. show interface ets detail Command Description (continued) Field Description ETS DCBx Oper status Operational status of ETS configuration on local port: match or mismatch. State Machine Type Type of state machine used for DCBx exchanges of ETS parameters: ● Feature: for legacy DCBx versions ● Asymmetric: for an IEEE version Conf TLV Tx Status Status of ETS Configuration TLV advertisements: enabled or disabled.
4 5 6 7 8 - - Dell(conf)# show interface tengigabitethernet 0/49 dcbx detail Dell#show interface te 0/49 dcbx detail E-ETS Configuration TLV enabled e-ETS Configuration TLV disabled R-ETS Recommendation TLV enabled r-ETS Recommendation TLV disabled P-PFC Configuration TLV enabled p-PFC Configuration TLV disabled F-Application priority for FCOE enabled f-Application Priority for FCOE disabled I-Application priority for iSCSI enabled i-Application Priority for iSCSI disabled -------------------------------
Table 125. show interface DCBx detail Command Description (continued) Field Description Local DCBx Configured mode DCBx version configured on the port: CEE, CIN, IEEE v2.5, or Auto (port auto-configures to use the DCBx version received from a peer). Peer Operating version DCBx version that the peer uses to exchange DCB parameters. Local DCBx TLVs Transmitted Transmission status (enabled or disabled) of advertised DCB TLVs (see TLV code at the top of the show command output).
Figure 143. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment.
The following describes the dot1p-priority class group assignment dot1p Value in Priority Group Assignment the Incoming Frame 0 LAN 1 LAN 2 LAN 3 SAN 4 IPC 5 LAN 6 LAN 7 LAN The following describes the priority group-bandwidth assignment. Priority Group Bandwidth Assignment IPC 5% SAN 50% LAN 45% PFC and ETS Configuration Command Examples The following examples show PFC and ETS configuration commands to manage your data center traffic.
Example: When the dcb-input or dcb-output policy is configured on interfaces or stack ports with the dcb-buffer threshold policy, the following error message is displayed: %Error: Deprecated command is not supported on interfaces with dcb-buffer-threshold configured You must not modify the service-class dot1p mappings when any buffer-threshold-policy is configured on the system. Dell(conf)#service-class dot1p-mapping dot1p0 3 % Error: PFC buffer-threshold policies conflict with dot1p mappings.
NPIV Proxy Gateway Operations and Capabilities Benefits of an NPIV Proxy Gateway The FN IOM with the FC Flex IO module functions as a top-of-rack edge switch that supports Converged Enhanced Ethernet (CEE) traffic — FCoE for storage, Interprocess Communication (IPC) for servers, and Ethernet LAN (IP cloud) for data — as well as Fibre Channel (FC) links to one or more SAN fabrics.
● NPIV service to perform the association and aggregation of FCoE servers to upstream F ports on core switches (through N ports on the NPG). Conversion of server FLOGIs and FDISCs, which are received over FN IOM with the FC Flex IO module ENode ports, are converted into FDISCs addressed to the upstream F ports on core switches.
Table 126. FN IOM with the FC Flex IO module NPIV Proxy Gateway: Terms and Definitions (continued) Term Description FIP FCoE Initialization Protocol: Layer 2 protocol for endpoint discovery, fabric login, and fabric association. FIP is used by server CNAs to discover an upstream FCoE switch operating as an FCF. FIP keepalive messages maintain the connection between an FCoE initiator and an FCF.
● FCoE transit with FIP snooping is automatically enabled when you configure Fibre Channel with the FC Flex IO module on the FN IOM. To configure an NPG operation with the FC Flex IO module on the FN IOM, follow these general configuration steps: 1. 2. 3. 4. 5. 6. 7.
As a result, PFC and lossless port queues are disabled on 802.1p priorities, and all priorities are mapped to the same priority queue and equally share port bandwidth. ● To change the ETS bandwidth allocation configured for a priority group in a DCB map, do not modify the existing DCB map configuration. Instead, create a new DCB map with the desired PFC and ETS settings, and apply the new map to the interfaces to override the previous DCB map settings.
The values for the FCoE VLAN, fabric ID and FC-MAP must be unique. Apply an FCoE map on downstream server-facing Ethernet ports and upstream fabric-facing Fibre Channel ports. 1. Create an FCoE map that contains parameters used in the communication between servers and a SAN fabric. CONFIGURATION mode fcoe-map map-name 2. Configure the association between the dedicated VLAN and the fabric where the desired storage arrays are installed. The fabric and VLAN ID numbers must be the same.
fcoe-map map-name Dell# interface tengigabitEthernet 0/0 Dell(config-if-te-0/0)# fcoe-map SAN_FABRIC_A Dell# interface port-channel 3 Dell(config-if-te-0/0)# dcb-map SAN_DCB1 Dell(config-if-po-3)# fcoe-map SAN_FABRIC_A 3. Enable the port for FCoE transmission using the map settings. INTERFACE mode no shutdown Applying an FCoE Map on Fabric-facing FC Ports The FN IOM, with the FC Flex IO module FC ports, are configured by default to operate in N port mode to connect to an F port on an FC switch in a fabric.
Dell(config-dcbx-name)# priority-group 4 strict-priority pfc off Dell(conf-dcbx-name)# priority-pgid 0 0 0 1 2 4 4 4 2. Apply the DCB map on a downstream (server-facing) Ethernet port: Dell(config)# interface tengigabitethernet 1/0 Dell(config-if-te-0/0)#dcb-map SAN_DCB_MAP 3. Create the dedicated VLAN to be used for FCoE traffic: Dell(conf)#interface vlan 1002 4.
Table 127. Displaying NPIV Proxy Gateway Information (continued) Command Description show npiv devices [brief] Displays information on FCoE and FC devices currently logged in to the NPG. show fc switch Displays the FC mode of operation and worldwide node (WWN) name of the FN IOM with the FC Flex IO module.
show fcoe-map Command Examples Dell# show fcoe-map brief Fabric-Name Fabric-Id Oper-State fid_1003 1003 fid_1004 1004 Vlan-Id FC-MAP FCF-Priority Config-State 1003 1004 0efc03 0efc04 128 128 ACTIVE ACTIVE UP DOWN Dell# show fcoe-map fid_1003 Fabric Name Fabric Id Vlan Id Vlan priority FC-MAP FKA-ADV-Period Fcf Priority Config-State Oper-State Members Fc 0/0 Te 0/14 Te 0/16 fid_1003 1003 1003 3 0efc03 8 128 ACTIVE UP Table 129.
Priorities:0 1 2 4 5 6 7 PG:1 TSA:ETS Priorities:3 BW:50 PFC:ON Table 130. show qos dcb-map Field Descriptions Field Description State Complete: All mandatory DCB parameters are correctly configured. In progress: The DCB map configuration is not complete. Some mandatory parameters are not configured. PFC Mode PFC configuration in the DCB map: On (enabled) or Off. PG Priority group configured in the DCB map.
Table 131. show npiv devices brief Field Descriptions (continued) Field Description Fabric-Map Name of the FCoE map containing the FCoE/FC configuration parameters for the server CNA-fabric connection. Login Method Method used by the server CNA to log in to the fabric; for example: FLOGI - ENode logged in using a fabric login (FLOGI). FDISC - ENode logged in using a fabric discovery (FDISC).
Table 132. show npiv devices Field Descriptions (continued) Field Description FCoE VLAN ID of the dedicated VLAN used to transmit FCoE traffic from a server CNA to a fabric and configured on both the server-facing FN IOM with the FC Flex IO module port and server CNA port. Fabric Map Name of the FCoE map containing the FCoE/FC configuration parameters for the server CNA-fabric connection. Enode WWPN Worldwide port name of the server CNA port. Enode WWNN Worldwide node name of the server CNA.