Dell EMC Networking N-Series N1100-ON, N1500, N2000, N2100-ON, N2200-ON, N3000ON, N3100-ON, and N3200-ON Switches CLI Reference Guide Version 6.6.
Notes NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ____________________ Information in this publication is subject to change without notice. Copyright © 2020 Dell EMC Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. This product is protected by U.S.
Contents 1 Dell EMC Networking CLI Introduction . . . . . . . . . . . . . 95 . . . . . . . . . . . . . . . . . . . . 95 Command Groups . Mode Types . . . . . . . . . . . . . . . . . . 95 . . . . . . . . . . . . . . . . . . . . 101 Layer 2 Commands Security Commands 156 . . . . . . . . . . . . Switch Management Commands . 201 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Introduction . 155 . . . . . . . . . . . . . . Layer 3 Routing Commands . Using the CLI 139 . . . .
3 Layer 2 Switching Commands 271 . . . . . . . . ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273 ACL Logging . . . . . . . . . . . . . . . . . . . . 273 ip access-list . . . . . . . . . . . . . . . . . . . . 276 deny | permit (IP ACL). . . . . . . . . . . . . . . . deny | permit (Mac-Access-List-Configuration) ip access-group . . 283 . . . . . . . . . . . . . . . . . . 286 mac access-group . . . . . . . . . . . . . . . . . mac access-list extended . . . . .
switchport port-security (Global Configuration) . . 304 switchport port-security (Interface Configuration) 308 show mac address-table multicast . show mac address-table . . . . . . . . . 313 . . . . . . . . . . . . . 314 show mac address-table address show mac address-table count . . . . . . . . . 315 . . . . . . . . . . 316 show mac address-table dynamic . . . . . . . . . show mac address-table interface . . . . . . . . . 318 . . . . . . . . . . 319 . . . . . . . . . . . 320 . . . . .
show isdp entry . . . . . . . . . . . . . . . . . . . 333 show isdp interface . . . . . . . . . . . . . . . . . 334 show isdp neighbors . . . . . . . . . . . . . . . . 335 . . . . . . . . . . . . . . . . . . 336 show isdp traffic DHCP Layer 2 Relay Commands . . . . . . . . . . . . . . . . .338 dhcp l2relay (Global Configuration) . . . . . . . . dhcp l2relay (Interface Configuration) 338 . . . . . . . 339 dhcp l2relay circuit-id . . . . . . . . . . . . . . . 339 dhcp l2relay remote-id .
ip dhcp snooping . . . . . . . . . . . . . . . . . . ip dhcp snooping binding . . . . . . . . . . . . . . ip dhcp snooping database . . . . . . . . . . . . . ip dhcp snooping database write-delay ip dhcp snooping limit 352 353 . . . . . . 354 . . . . . . . . . . . . . . . 354 ip dhcp snooping log-invalid ip dhcp snooping trust 351 . . . . . . . . . . . . 355 . . . . . . . . . . . . . . . 356 ip dhcp snooping verify mac-address show ip dhcp snooping . . . . . . . . 357 . . . . . . . . .
ipv6 dhcp snooping limit . . . . . . . . . . . . . . ipv6 dhcp snooping log-invalid . ipv6 dhcp snooping trust 368 . . . . . . . . . . 369 . . . . . . . . . . . . . . 370 ipv6 dhcp snooping verify mac-address . . . . . . 371 ipv6 verify binding . . . . . . . . . . . . . . . . . 372 ipv6 verify source . . . . . . . . . . . . . . . . . . 372 show ipv6 dhcp snooping. . . . . . . . . . . . . . show ipv6 dhcp snooping binding . . . . . . . . . show ipv6 dhcp snooping database . . . . . . .
ip arp inspection vlan . . . . . . . . . . . . . . . . permit ip host mac host . show arp access-list 386 . . . . . . . . . . . . . . 387 . . . . . . . . . . . . . . . . 387 show ip arp inspection . . . . . . . . . . . . . . . 388 Ethernet Configuration Commands . . . . . . . . . . . . . .392 clear counters description . . . . . . . . . . . . . . . . . . . 393 . . . . . . . . . . . . . . . . . . . . . 394 default (interface). duplex . . . . . . . . . . . . . . . . . . 394 . . . . . . . .
show interfaces detail . . . . . . . . . . . . . . . show interfaces status . . . . . . . . . . . . . . . show interfaces transceiver 423 . . . . . . . . . . . . . . . 424 . . . . . . . . . . . . . . . . . . . 426 show statistics switchport show storm-control . . . . . . . . . . . . . . 428 . . . . . . . . . . . . . . . . 430 show storm-control action . . . . . . . . . . . . . 431 . . . . . . . . . . . . . . . . . . . . . . 432 . . . . . . . . . . . . . . . . . . . . . . . .
ethernet cfm mep active . . . . . . . . . . . . . . ethernet cfm mep archive-hold-time . . . . . . . . 446 . . . . . . . . . . . . . . . 447 . . . . . . . . . . . . . . . . . 447 ethernet cfm mip level ping ethernet cfm . 445 traceroute ethernet cfm . . . . . . . . . . . . . . show ethernet cfm errors . . . . . . . . . . . . . show ethernet cfm domain . . . . . . . . . . . . . show ethernet cfm maintenance-points local . . . 449 450 451 . 453 . . . . . . . . . . .
inclusion-list . . . . . . . . . . . . . . . . . . . . ethernet tcn-propagation . . . . . . . . . . . . . . 469 . . . . . . . . . . . . . . . . . . . . 470 . . . . . . . . . . . . . . . . . . . . . . . . 471 aps-channel level . raps-vlan g8032 467 . . . . . . . . . . . . . . . . . . . . . . 473 . . . . . . . . . . . . . . . . . . . . . . . . 474 show ethernet ring g8032 configuration . . . . . . 475 show ethernet ring g8032 brief . . . . . . . . . . .
show green-mode interface-id . show green-mode . . . . . . . . . . 493 . . . . . . . . . . . . . . . . . 497 show green-mode eee-lpi-history interface . . . . 498 GMRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .501 gmrp enable . . . . . . . . . . . . . . . . . . . . clear gmrp statistics . . . . . . . . . . . . . . . . show gmrp configuration . . . . . . . . . . . . . . 502 502 503 GVRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ip igmp snooping vlan immediate-leave . . . . . . 520 ip igmp snooping vlan groupmembership-interval . 521 ip igmp snooping vlan last-member-query-interval 521 ip igmp snooping vlan mcrtrexpiretime ip igmp snooping report-suppression . . . . . . 522 . . . . . . . 523 ip igmp snooping unregistered floodall ip igmp snooping vlan mrouter . . . . . . . 524 . . . . . . . . . . 525 IGMP Snooping Querier Commands . . . . . . . . . . . . .527 ip igmp snooping querier . . . . . . . . . . . . . .
ip device tracking probe . . . . . . . . . . . . . . ip device tracking probe interval . 546 . . . . . . . . . 547 ip device tracking probe count . . . . . . . . . . . 548 ip device tracking probe delay . . . . . . . . . . . 549 ip device tracking probe auto-source fallback . . . 550 . . . . . . . . . . . . 551 clear ip device tracking. . . . . . . . . . . . . . . 552 show ip device tracking . . . . . . . . . . . . . . 553 ip device tracking maximum IPv6 Access List Commands . . . .
show ipv6 mld snooping . . . . . . . . . . . . . . show ipv6 mld snooping groups . . . . . . . . . . show ipv6 mld snooping mrouter . . . . . . . . . . 575 577 578 IPv6 MLD Snooping Querier Commands . . . . . . . . .580 ipv6 mld snooping querier . . . . . . . . . . . . . ipv6 mld snooping querier (VLAN mode) . ipv6 mld snooping querier address . . . . . . 581 . . . . . . . . 581 ipv6 mld snooping querier election participate . . 582 . . . . . 583 . . . . . . 584 . . . . . . . . . .
action . . . . . . . . . . . . . . . . . . . . . . . . link-dependency group . add 597 . . . . . . . . . . . . . . 598 . . . . . . . . . . . . . . . . . . . . . . . . . 598 depends-on . . . . . . . . . . . . . . . . . . . . . show link-dependency . . . . . . . . . . . . . . . 599 600 LLDP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .602 clear lldp remote-data . . . . . . . . . . . . . . . 603 . . . . . . . . . . . . . . . . . 603 . . . . . . . . . . . . . . . . . . .
show lldp local-device show lldp med . . . . . . . . . . . . . . . 616 . . . . . . . . . . . . . . . . . . . 617 show lldp med interface . . . . . . . . . . . . . . show lldp med local-device detail . . . . . . . . . 618 . . . . . . . . . . . 620 . . . . . . . . . . . . . 622 . . . . . . . . . . . . . . . . 623 show lldp med remote-device show lldp remote-device . show lldp statistics . 618 Loop Protection Commands . . . . . . . . . . . . . . . . . . . .627 keepalive (Interface Config) .
show vpc . . . . . . . . . . . . . . . . . . . . . . show vpc brief . . . . . . . . . . . . . . . . . . . show vpc consistency-parameters 645 . . . . . . . . . . 647 . . . . . . . . . . . . . 648 . . . . . . . . . . . . . . . . . . . 648 show vpc peer-keepalive . show vpc statistics . system-mac . . . . . . . . . . . . . . . . . 650 . . . . . . . . . . . . . . . . . . . . 651 . . . . . . . . . . . . . . . . . . . 652 . . . . . . . . . . . . . . . . . . . . . . . . .
show mvr . . . . . . . . . . . . . . . . . . . . . . 664 show mvr members . . . . . . . . . . . . . . . . . 666 show mvr interface . . . . . . . . . . . . . . . . . 667 . . . . . . . . . . . . . . . . . . 668 show mvr traffic Port Channel Commands . . . . . . . . . . . . . . . . . . . . . . .671 Static LAGS . . . . . . . . . . . . . . . . . . . . . 672 VLANs and LAGs . . . . . . . . . . . . . . . . . . 673 LAG Thresholds . . . . . . . . . . . . . . . . . . . 673 . . . . . . . . . . . .
show interfaces port-channel show lacp . . . . . . . . . . . . 683 . . . . . . . . . . . . . . . . . . . . . 685 show statistics port-channel . . . . . . . . . . . . 686 Port Monitor Commands . . . . . . . . . . . . . . . . . . . . . . .689 monitor capture (Global Configuration) . . . . . . 690 . . . . . . . . . 691 . . . . . . . . . . . . . . . 692 . . . . . . . . . . . . . . . . . . 697 . . . . . . . . . . . . . . . . . . . .
class-map rename . . . . . . . . . . . . . . . . . classofservice dot1p-mapping . . . . . . . . . . . classofservice ip-dscp-mapping . 717 . . . . . . . . . 718 . . . . . . . . . . . . . . . . 721 . . . . . . . . . . . . . . . . . . . 722 classofservice trust . conform-color. 716 cos-queue min-bandwidth . . . . . . . . . . . . . 724 cos-queue random-detect . . . . . . . . . . . . . 725 . . . . . . . . . . . . . . . . . . 728 . . . . . . . . . . . . . . . . . . . . . . . 729 . . . . .
match ethertype . . . . . . . . . . . . . . . . . . 742 match ip6flowlbl . . . . . . . . . . . . . . . . . . 743 . . . . . . . . . . . . . . . . . . . 744 match ip dscp . match ip precedence . match ip tos . . . . . . . . . . . . . . . . 745 . . . . . . . . . . . . . . . . . . . . 746 match protocol . . . . . . . . . . . . . . . . . . . match source-address mac 747 . . . . . . . . . . . . 749 match srcip . . . . . . . . . . . . . . . . . . . . . 750 match srcip6 . . . . . . . . . . .
show classofservice dot1p-mapping . . . . . . . . show classofservice ip-dscp-mapping . . . . . . . 769 . . . . . . . . . . . . . 771 . . . . . . . . . . . . . . . . . . . . 772 show classofservice trust show diffserv 768 show diffserv service interface . . . . . . . . . . 773 show diffserv service brief . . . . . . . . . . . . . 774 show interfaces cos-queue . . . . . . . . . . . . 775 show interfaces random-detect show interfaces traffic . . . . . . . . . . 777 . . . . . . . . . . .
show spanning-tree . . . . . . . . . . . . . . . . show spanning-tree summary . . . . . . . . . . . 802 . . . . . . . . . . . . . 804 . . . . . . . . . . . . . . . . . . . 805 show spanning-tree vlan . spanning-tree . 794 spanning-tree auto-portfast . . . . . . . . . . . . 805 spanning-tree backbonefast . . . . . . . . . . . . 806 spanning-tree bpdu flooding . . . . . . . . . . . . 807 spanning-tree bpdu-protection . spanning-tree cost . . . . . . . . . . 808 . . . . . . . . . . . . .
spanning-tree portfast bpdufilter default. spanning-tree portfast default . . . . . 821 . . . . . . . . . . . 822 spanning-tree port-priority (Interface Configuration) 823 spanning-tree priority. . . . . . . . . . . . . . . . spanning-tree tcnguard . . . . . . . . . . . . . . spanning-tree transmit hold-count . 825 . . . . . . . . 826 . . . . . . . . . . . . . . 827 . . . . . . . . . . . . . . . . . 828 spanning-tree uplinkfast spanning-tree vlan 825 . . . . . . . . . 829 . . . . . . .
udld timeout interval . . . . . . . . . . . . . . . . udld enable (Interface Configuration) udld port 839 . . . . . . . 840 . . . . . . . . . . . . . . . . . . . . . . 841 show udld . . . . . . . . . . . . . . . . . . . . . . 842 VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .844 Double VLAN Mode . . . . . . . . . . . . . . . . . Independent VLAN Learning 845 . . . . . . . . . . . . 845 Protocol Based VLANs . . . . . . . . . . . . . . .
show switchport ethertype . show vlan . . . . . . . . . . . . . 862 . . . . . . . . . . . . . . . . . . . . . 863 show vlan association mac . . . . . . . . . . . . . show vlan association subnet show vlan private-vlan 865 . . . . . . . . . . . 865 . . . . . . . . . . . . . . . 866 switchport access vlan . . . . . . . . . . . . . . . 867 switchport dot1q ethertype (Global Configuration) 869 switchport dot1q ethertype (Interface Configuration) 871 switchport general forbidden vlan . . . . . .
vlan association mac . . . . . . . . . . . . . . . . vlan association subnet vlan makestatic . 887 . . . . . . . . . . . . . . 888 . . . . . . . . . . . . . . . . . . 889 vlan protocol group . . . . . . . . . . . . . . . . . vlan protocol group add protocol. vlan protocol group name 889 . . . . . . . . . 890 . . . . . . . . . . . . . 891 vlan protocol group remove . . . . . . . . . . . . 892 Switchport Voice VLAN Commands . . . . . . . . . . . . .893 switchport voice vlan . . . . . . . .
clear mvrp statistics mvrp . . . . . . . . . . . . . . . . . 909 . . . . . . . . . . . . . . . . . . . . . . . . 910 mvrp global mvrp periodic state machine . show mvrp . . . . . . . . . . . 912 . . . . . . . . . . . . . . . . . . . . . 913 show mvrp statistics 4 911 . . . . . . . . . . . . . . . . . . . . . Security Commands . 914 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917 AAA Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
aaa authentication dot1x default . . . . . . . . . . 929 . . . . . . . . . . . . . 930 . . . . . . . . . . . . . . 932 . . . . . . . . . . . . . . . . . 934 aaa authentication enable aaa authentication login aaa authorization . aaa authorization network default radius . . . . . 937 . . . . . . . . . . . . . . 938 . . . . . . . . . . . . . . . . . . 939 aaa ias-user username . aaa new-model . aaa server radius dynamic-author . authentication command . . . . . . . . . 940 . . . . . . . .
clear authentication authentication-history enable password . . . . 955 . . . . . . . . . . . . . . . . . . 956 ip http authentication . . . . . . . . . . . . . . . . 957 ip https authentication . . . . . . . . . . . . . . . 958 . . . . . . . . . . . . . . . . . . . . . . . . . 960 mab password (AAA IAS User Configuration) . . . . . . 961 . . . . . . . . . . . . . . . 962 show aaa ias-users . . . . . . . . . . . . . . . . . 963 show aaa statistics . . . . . . . . . . . . . . . . .
Administrative Profiles Commands . . . . . . . . . . . . .980 admin-profile . . . . . . . . . . . . . . . . . . . . 981 description (Administrative Profile Configuration) . 982 rule . . . . . . . . . . . . . . . . . . . . . . . . . show admin-profiles . . . . . . . . . . . . . . . . show admin-profiles brief show cli modes . 983 984 . . . . . . . . . . . . . 985 . . . . . . . . . . . . . . . . . . 985 E-mail Alerting Commands . . . . . . . . . . . . . . . . . . . . .987 logging email . . . . .
show mail-server . 999 . . . . . . . . . . . . . . . . . RADIUS Commands . . . . . . . . . . . . . . . . . . . . . . . . . .1001 RADIUS-based Dynamic VLAN Assignment . . . 1001 . . . . . . . . 1002 . . . . . . . . . . . . . . . . . . . . . 1004 RADIUS Change of Authorization. acct-port attribute 6 . . . . . . . . . . . . . . . . . . . . . 1004 attribute 8 . . . . . . . . . . . . . . . . . . . . . 1006 attribute 25 . . . . . . . . . . . . . . . . . . . . 1006 attribute mac format . . . .
radius server attribute 4 . . . . . . . . . . . . . 1021 radius server attribute 6 . . . . . . . . . . . . . 1022 radius server attribute 8 . . . . . . . . . . . . . 1023 radius server attribute 25 . . . . . . . . . . . . . 1024 radius server attribute 32 . . . . . . . . . . . . . 1025 radius server attribute 44 . . . . . . . . . . . . . 1026 radius server attribute mac format . radius server attribute 168 . . . . . . . 1027 . . . . . . . . . . . . 1029 . . . . . . . . . . . 1030 .
source-ip timeout . . . . . . . . . . . . . . . . . . . . . 1051 . . . . . . . . . . . . . . . . . . . . . . 1051 usage authmgr . . . . . . . . . . . . . . . . . . 1052 TACACS+ Commands . . . . . . . . . . . . . . . . . . . . . . . . .1054 key . . . . . . . . . . . . . . . . . . . . . . . . 1054 port . . . . . . . . . . . . . . . . . . . . . . . . 1056 priority . . . . . . . . . . . . . . . . . . . . . . show tacacs . . . . . . . . . . . . . . . . . . . 1056 1057 tacacs-server host . . .
dot1x port-control . . . . . . . . . . . . . . . . . 1072 authentication host-mode . . . . . . . . . . . . 1073 authentication max-users . . . . . . . . . . . . 1076 authentication port-control . . . . . . . . . . . . 1077 . . . . . . . . . . . . . 1079 . . . . . . . . . . . . . . . 1080 authentication periodic . clear dot1x statistics dot1x system-auth-control . . . . . . . . . . . . 1080 . . . . . . . . . . . . . . 1081 . . . . . . . . . . . . . . . . . . .
clear authentication authentication–history . 802.1x Advanced Features . . 1104 . . . . . . . . . . . . 1105 authentication event no-response . . . . . . . . authentication timeout guest-vlan-period . . . . 1106 . . . . . . . . . . . . . 1107 . . . . . . . . . . . . . . 1108 authentication event fail show dot1x advanced 1105 Captive Portal Commands . . . . . . . . . . . . . . . . . . . . .1110 Captive Portal Administrative Profile Commands 1110 authentication timeout . . . . . . . . . . .
locale . . . . . . . . . . . . . . . . . . . . . . . name (Captive Portal) . . . . . . . . . . . . . . . 1119 . . . . . . . . . . . . . . . . . . . . . 1120 . . . . . . . . . . . . . . . . . . . . . . 1120 protocol . redirect 1119 redirect-url . . . . . . . . . . . . . . . . . . . . session-timeout . verification 1121 . . . . . . . . . . . . . . . . . 1122 . . . . . . . . . . . . . . . . . . . . 1123 Captive Portal Client Connection Commands . . 1124 . . . . . . 1124 . . . . . . . .
user session-timeout . . . . . . . . . . . . . . . Captive Portal Status Commands. . . . . . . . . show captive-portal configuration . . . . . . . . show captive-portal configuration interface . 1134 1134 . . 1135 . . . 1136 . . . . 1137 . . . . . 1138 . . . . . . . . . . . . . . . . . . . . 1138 show captive-portal configuration locales . show captive-portal configuration status Captive Portal User Group Commands . user group 1133 . . . . . . . . . . . . . . 1138 . . . . . . . . . . .
storm-control multicast . storm-control unicast . . . . . . . . . . . . . . 1151 . . . . . . . . . . . . . . 1152 Management ACL Commands . . . . . . . . . . . . . . . . .1155 deny (management) . . . . . . . . . . . . . . . management access-class . management access-list . . . . . . . . . . . 1157 . . . . . . . . . . . . . 1158 no priority (management) . permit (management) . 1156 . . . . . . . . . . . . 1159 . . . . . . . . . . . . . .
passwords strength minimum lowercase-letters 1171 passwords strength minimum numeric-characters 1172 passwords strength minimum special-characters 1173 passwords strength max-limit consecutive-characters . . . . . . . . . . . . . 1173 passwords strength max-limit repeated-characters 1174 passwords strength minimum character-classes 1175 passwords strength exclude-keyword . enable password encrypted . . . . . 1176 . . . . . . . . . . . 1177 show passwords configuration. show passwords result . . .
key-string . ssh . . . . . . . . . . . . . . . . . . . . 1189 . . . . . . . . . . . . . . . . . . . . . . . . 1191 ssh session-limit ssh time-out . . . . . . . . . . . . . . . . . . 1191 . . . . . . . . . . . . . . . . . . . 1192 show crypto key mypubkey . . . . . . . . . . . . show crypto key pubkey-chain ssh . . . . . . . 1194 . . . . . . . . . . . . . . . . . . . 1195 . . . . . . . . . . . . . . . . . . . . . 1196 show ip ssh . show ssh 5 1193 Data Center Technology Commands . .
ARP Aging arp . . . . . . . . . . . . . . . . . . . . 1219 . . . . . . . . . . . . . . . . . . . . . . . . 1219 arp cachesize . . . . . . . . . . . . . . . . . . . arp dynamicrenew arp purge 1221 . . . . . . . . . . . . . . . . 1221 . . . . . . . . . . . . . . . . . . . . . 1223 arp resptime . . . . . . . . . . . . . . . . . . . 1224 arp retries . . . . . . . . . . . . . . . . . . . . . 1224 arp timeout . . . . . . . . . . . . . . . . . . . . 1225 clear arp-cache. . . . . . . . . . .
show bfd neighbor . . . . . . . . . . . . . . . . 1238 Border Gateway Protocol Commands . . . . . . . . . .1242 router bgp . . . . . . . . . . . . . . . . . . . . . address-family . . . . . . . . . . . . . . . . . . address-family ipv4 vrf address-family ipv6 . 1243 . . . . . . . . . . . . . . 1245 . . . . . . . . . . . . . . . 1246 address-family vpnv4 unicast aggregate-address . 1242 . . . . . . . . . . 1247 . . . . . . . . . . . . . . .
bgp log-neighbor-changes . . . . . . . . . . . . 1260 . . . . . . . . . . . . . . . . . 1261 bgp router-id . . . . . . . . . . . . . . . . . . . 1262 clear ip bgp . . . . . . . . . . . . . . . . . . . . 1263 bgp maxas-limit . clear ip bgp counters . . . . . . . . . . . . . . . 1264 default-information originate (BGP Router Configuration) . . . . . . . . . . . . . . . . . . . 1265 default-information originate (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . . . . .
ip bgp fast-external-fallover ip community-list . . . . . . . . . . . 1279 . . . . . . . . . . . . . . . . . 1280 ip extcommunity-list . . . . . . . . . . . . . . . 1282 match extcommunity . . . . . . . . . . . . . . . 1285 maximum-paths (BGP Router Configuration) . . . 1286 maximum-paths (IPv6 Address Family Configuration) 1287 maximum-paths ibgp (BGP Router Configuration) 1288 maximum-paths ibgp (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . . . . . neighbor activate .
neighbor filter-list (IPv6 Address Family Configuration) 1304 neighbor inherit peer . neighbor local-as . . . . . . . . . . . . . . . 1305 . . . . . . . . . . . . . . . . 1306 neighbor maximum-prefix (BGP Router Configuration) 1308 neighbor maximum-prefix (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . . . . . 1310 neighbor next-hop-self (BGP Router Configuration) 1312 neighbor next-hop-self (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . . . . .
neighbor route-reflector-client (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . . . . . 1325 neighbor send-community (BGP Router Configuration) . . . . . . . . . . . . . . . . . . . 1326 neighbor send-community (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . . . . . neighbor shutdown . neighbor timers . . . . . . . . . . . . . . . . 1328 . . . . . . . . . . . . . . . . . 1329 neighbor update-source . . . . . . . . . . . . . network (BGP Router Configuration) .
show bgp ipv6 neighbors . . . . . . . . . . . . . show bgp ipv6 neighbors advertised-routes . show bgp ipv6 neighbors policy 1353 . . 1358 . . . . . . . . . 1360 show bgp ipv6 neighbors received-routes . . . . 1361 show bgp ipv6 statistics . . . . . . . . . . . . . 1363 show bgp ipv6 summary . . . . . . . . . . . . . 1365 show bgp ipv6 update-group . . . . . . . . . . . show bgp ipv6 route-reflection . show ip bgp . 1368 . . . . . . . . . 1370 . . . . . . . . . . . . . . . . . . .
show ip bgp template . show ip bgp traffic . . . . . . . . . . . . . . 1397 . . . . . . . . . . . . . . . . 1398 show ip bgp update-group . . . . . . . . . . . . 1400 . . . . . . . . . . . . . . . . 1403 . . . . . . . . . . . . . . . . . . 1408 . . . . . . . . . . . . . . . . . . . . 1410 show ip bgp vpn4 . template peer . timers bgp . timers policy-apply delay . graceful-restart . . . . . . . . . . . . . 1411 . . . . . . . . . . . . . . . . . 1412 graceful-restart-helper . . . . . . .
show ip community-list . show ip prefix-list . . . . . . . . . . . . . . 1429 . . . . . . . . . . . . . . . . 1430 show ipv6 prefix-list clear ip prefix-list . . . . . . . . . . . . . . . . 1432 . . . . . . . . . . . . . . . . 1434 clear ipv6 prefix-list . . . . . . . . . . . . . . . . clear ip community-list . set as-path . . . . . . . . . . . . . 1436 . . . . . . . . . . . . . . . . . . . . 1437 set comm-list delete set community . . . . . . . . . . . . . . . 1438 . . . . . . . . . . .
ip igmp last-member-query-count . . . . . . . . ip igmp last-member-query-interval 1452 . . . . . . . 1453 ip igmp mroute-proxy . . . . . . . . . . . . . . . 1454 ip igmp query-interval . . . . . . . . . . . . . . 1455 ip igmp query-max-response-time ip igmp robustness . . . . . . . . 1456 . . . . . . . . . . . . . . . . 1456 ip igmp startup-query-count . . . . . . . . . . . ip igmp startup-query-interval . . . . . . . . . . 1458 . . . . . . . . . . . . . . . . . . 1459 . . . . . . .
show ip igmp proxy-service groups detail . . . . 1469 IP Helper/DHCP Relay Commands . . . . . . . . . . . . .1471 ip dhcp relay maxhopcount . . . . . . . . . . . . 1473 . . . . . . . . . . . . 1474 . . . . . . . . . . . . . 1475 ip dhcp relay minwaittime clear ip helper statistics ip dhcp relay information check . . . . . . . . . ip dhcp relay information check-reply ip dhcp relay information option 1476 . . . . . . 1477 . . . . . . . . . 1478 ip dhcp relay information option-insert . .
ip icmp echo-reply . . . . . . . . . . . . . . . . ip icmp error-interval . 1495 . . . . . . . . . . . . . . 1496 ip load-sharing . . . . . . . . . . . . . . . . . . 1497 ip netdirbcast . . . . . . . . . . . . . . . . . . . 1498 ip policy route-map . . . . . . . . . . . . . . . . 1498 . . . . . . . . . . . . . . . . . . . . 1500 . . . . . . . . . . . . . . . . . . . . . . 1501 ip redirects ip route ip route default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show ip brief . . . . . . . . . . . . . . . . . . . show ip interface . show ip policy. . . . . . . . . . . . . . . . . 1524 . . . . . . . . . . . . . . . . . . 1526 show ip protocols . show ip route . . . . . . . . . . . . . . . . . 1526 . . . . . . . . . . . . . . . . . . 1531 show ip route preferences . . . . . . . . . . . . 1534 . . . . . . . . . . . . . 1535 . . . . . . . . . . . . . . . . . . 1536 . . . . . . . . . . . . . . . . . . . 1538 show ip route summary . show ip traffic.
ipv6 mld last-member-query-interval . ipv6 mld host-proxy . . . . . . . 1551 . . . . . . . . . . . . . . . 1551 ipv6 mld host-proxy reset-status . . . . . . . . . ipv6 mld host-proxy unsolicit-rprt-interval . ipv6 mld query-interval . . . . 1553 . . . . . . . . . . . . . 1553 ipv6 mld query-max-response-time ipv6 nd dad attempts . . . . . . . 1554 . . . . . . . . . . . . . . . 1555 ipv6 nd ra hop-limit unspecified . . . . . . . . . 1556 . . . . . . . . . . 1556 . . . . . . . . . . . .
ipv6 route . . . . . . . . . . . . . . . . . . . . . ipv6 route distance . . . . . . . . . . . . . . . . ipv6 unicast-routing 1570 . . . . . . . . . . . . . . . 1571 . . . . . . . . . . . . . . . . 1572 . . . . . . . . . . . . . . . . . . 1572 ipv6 unreachables show ipv6 brief 1568 show ipv6 interface . . . . . . . . . . . . . . . . show ipv6 mld groups. . . . . . . . . . . . . . . show ipv6 mld interface . . . . . . . . . . . . . show ipv6 mld host-proxy . . . . . . . . . . . .
show ipv6 vlan . . . . . . . . . . . . . . . . . . 1596 traceroute ipv6 . . . . . . . . . . . . . . . . . . 1597 Loopback Interface Commands . . . . . . . . . . . . . . . .1599 interface loopback . . . . . . . . . . . . . . . . show interfaces loopback . . . . . . . . . . . . 1599 1600 IP Multicast Commands . . . . . . . . . . . . . . . . . . . . . .1602 clear ip mroute . . . . . . . . . . . . . . . . . . ip multicast boundary . ip mroute . . . . . . . . . . . . . . 1604 . . . . . . . . . .
show ip mfc . . . . . . . . . . . . . . . . . . . . show ip multicast . . . . . . . . . . . . . . . . . show ip pim boundary . . . . . . . . . . . . . . show ip multicast interface . show ip mroute . 1618 1619 . . . . . . . . . . . 1619 . . . . . . . . . . . . . . . . . 1620 show ip mroute group . . . . . . . . . . . . . . show ip mroute source . 1621 . . . . . . . . . . . . . 1622 . . . . . . . . . . . . . . 1622 . . . . . . . . . . . . . . . . . . . 1623 show ip mroute static .
ipv6 pim dr-priority . . . . . . . . . . . . . . . . ipv6 pim hello-interval . . . . . . . . . . . . . . 1636 1637 ipv6 pim join-prune-interval . . . . . . . . . . . 1637 ipv6 pim register-threshold . . . . . . . . . . . . 1638 . . . . . . . . . . . . . . . 1639 ipv6 pim rp-address . ipv6 pim rp-candidate. . . . . . . . . . . . . . . 1639 ipv6 pim sparse-mode . . . . . . . . . . . . . . 1640 . . . . . . . . . . . . . . . . . . . 1641 ipv6 pim ssm show ipv6 pim . . . . . . . . . . . .
delay . . . . . . . . . . . . . . . . . . . . . . . 1659 icmp-echo . . . . . . . . . . . . . . . . . . . . 1660 frequency . . . . . . . . . . . . . . . . . . . . . 1661 . . . . . . . . . . . . . . . . . . . . . . 1663 timeout threshold . . . . . . . . . . . . . . . . . . . . . vrf (IP SLA) . . . . . . . . . . . . . . . . . . . . clear ip sla statistics . . . . . . . . . . . . . . . show ip sla configuration . 1665 1667 . . . . . . . . . . . . 1667 . . . . . . . . . . . . . . . 1669 .
area nssa no-redistribute. area nssa no-summary . . . . . . . . . . . . . 1680 . . . . . . . . . . . . . 1680 area nssa translator-role . . . . . . . . . . . . . area nssa translator-stab-intv . . . . . . . . . . 1682 . . . . . . . . . . . . 1683 . . . . . . . . . . . . . . . . . . . . . 1685 area range (Router OSPF) area stub 1681 area stub no-summary area virtual-link . . . . . . . . . . . . . . . 1686 . . . . . . . . . . . . . . . . . 1687 . . . . . . . . .
Configuration) . . . . . . . . . . . . . . . . . . . 1700 default-metric . . . . . . . . . . . . . . . . . . . 1702 . . . . . . . . . . . . . . . . . . . 1702 distance ospf distribute-list out enable . . . . . . . . . . . . . . . . . . 1703 . . . . . . . . . . . . . . . . . . . . . . 1704 exit-overflow-interval . . . . . . . . . . . . . . . 1705 . . . . . . . . . . . . . . . . 1706 . . . . . . . . . . . . . . . . . . . 1707 external-lsdb-limit ip ospf area . . . . . . . . . . . . . . .
network area nsf . . . . . . . . . . . . . . . . . . . . 1719 . . . . . . . . . . . . . . . . . . . . . . . . 1720 nsf helper . . . . . . . . . . . . . . . . . . . . . nsf helper strict-lsa-checking nsf restart-interval 1721 . . . . . . . . . . 1722 . . . . . . . . . . . . . . . . 1722 passive-interface default . . . . . . . . . . . . . 1723 passive-interface . . . . . . . . . . . . . . . . . 1724 redistribute (OSPF) . . . . . . . . . . . . . . . . 1725 . . . . . . . . . . . . . . . .
show ip ospf range . . . . . . . . . . . . . . . . show ip ospf statistics . . . . . . . . . . . . . . show ip ospf stub table . show ip ospf traffic . 1755 . . . . . . . . . . . . . . . 1756 . . . . . . . . . . . . show ip ospf virtual-links brief 1758 . . . . . . . . . . 1759 . . . . . . . . . . . . . . . 1760 timers pacing lsa-group timers spf 1753 . . . . . . . . . . . . . show ip ospf virtual-links . timers pacing flood . 1752 . . . . . . . . . . . . . 1761 . . . . . . . . . . .
area virtual-link . . . . . . . . . . . . . . . . . . 1772 area virtual-link dead-interval . . . . . . . . . . 1774 area virtual-link hello-interval . . . . . . . . . . 1775 area virtual-link retransmit-interval area virtual-link transmit-delay . . . . . . . . 1776 . . . . . . . . . 1776 default-information originate (Router OSPFv3 Configuration) . . . . . . . . . . . . . . . . . . . 1777 default-metric . . . . . . . . . . . . . . . . . . . 1778 . . . . . . . . . . . . . . . . . . .
ipv6 ospf transmit-delay . . . . . . . . . . . . . 1789 ipv6 router ospf . . . . . . . . . . . . . . . . . . 1790 maximum-paths . . . . . . . . . . . . . . . . . . 1791 . . . . . . . . . . . . . . . . . . . . . . . . 1792 nsf . nsf helper . . . . . . . . . . . . . . . . . . . . . nsf helper strict-lsa-checking 1793 . . . . . . . . . . 1793 nsf restart-interval . . . . . . . . . . . . . . . . 1794 passive-interface . . . . . . . . . . . . . . . . . 1795 . . . . . . . . . . . .
show ipv6 ospf interface vlan . . . . . . . . . . 1811 . . . . . . . . . . . . . 1812 . . . . . . . . . . . . . . 1813 show ipv6 ospf neighbor show ipv6 ospf range . show ipv6 ospf stub table. . . . . . . . . . . . . show ipv6 ospf virtual-links . . . . . . . . . . . . show ipv6 ospf virtual-link brief timers throttle spf . 1814 1815 . . . . . . . . . 1816 . . . . . . . . . . . . . . . . 1816 IPv6 Policy-Based Routing Commands . . . . . . . . .1819 ipv6 policy route-map . . . . . . . . .
Routing Information Protocol Commands . . . . . . .1834 auto-summary . . . . . . . . . . . . . . . . . . 1834 default-information originate (Router RIP Configuration) . . . . . . . . . . . . . . . . . . . 1835 default-metric . . . . . . . . . . . . . . . . . . . 1835 . . . . . . . . . . . . . . . . . . . 1836 distance rip . . . . . . . . . . . . . . . . . . 1837 . . . . . . . . . . . . . . . . . . . . . . 1838 distribute-list out enable . hostroutesaccept . ip rip . . . . . . . . . . . . .
tunnel destination . . . . . . . . . . . . . . . . . 1851 tunnel mode ipv6ip . . . . . . . . . . . . . . . . 1852 . . . . . . . . . . . . . . . . . . 1852 tunnel source . Unicast Reverse Path Forwarding Commands . . .1854 system urpf enable . . . . . . . . . . . . . . . . ip verify unicast source . . . . . . . . . . . . . . 1854 1856 Virtual Router Commands . . . . . . . . . . . . . . . . . . . . .1859 Commands in this Section . . . . . . . . . . . . 1860 . . . . . . . . . . . . . . . . . .
vrrp description . vrrp ip . . . . . . . . . . . . . . . . . . 1871 . . . . . . . . . . . . . . . . . . . . . . 1872 vrrp mode . . . . . . . . . . . . . . . . . . . . . vrrp preempt vrrp priority . . . . . . . . . . . . . . . . . . . 1874 . . . . . . . . . . . . . . . . . . . . 1875 vrrp timers advertise vrrp timers learn . . . . . . . . . . . . . . . 1876 . . . . . . . . . . . . . . . . . 1877 vrrp track interface . . . . . . . . . . . . . . . . 1878 . . . . . . . . . . . . . . . .
track interface track ip route 7 . . . . . . . . . . . . . . . . . . 1894 . . . . . . . . . . . . . . . . . . . 1895 clear vrrp statistics . . . . . . . . . . . . . . . . 1896 show vrrp statistics . . . . . . . . . . . . . . . . 1897 Switch Management Commands . . . . . 1899 Application Deployment . . . . . . . . . . . . . . . . . . . . . .1900 application install . . . . . . . . . . . . . . . . . 1900 application start . . . . . . . . . . . . . . . . . 1901 application stop . . . . .
macro global apply . . . . . . . . . . . . . . . . 1915 macro global trace . . . . . . . . . . . . . . . . 1916 macro global description . . . . . . . . . . . . . 1917 macro apply . . . . . . . . . . . . . . . . . . . . 1917 macro trace . . . . . . . . . . . . . . . . . . . . 1918 macro description . . . . . . . . . . . . . . . . show parser macro . . . . . . . . . . . . . . . . 1919 1919 Clock Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .1921 Real-time Clock . . . .
clock set . . . . . . . . . . . . . . . . . . . . . clock timezone hours-offset no clock timezone . . . . . . . . . . . 1932 . . . . . . . . . . . . . . . . 1933 clock summer-time recurring . . . . . . . . . . 1933 . . . . . . . . . . . . . 1934 . . . . . . . . . . . . . . 1935 . . . . . . . . . . . . . . . . . . . . 1936 clock summer-time date no clock summer-time show clock 1931 Command Line Configuration Scripting Commands 1938 script apply . . . . . . . . . . . . . . . . . . . .
File System Commands . . . . . . . . . . . . . . Command Line Interface Scripting . 1948 . . . . . . . 1948 . . . . . . . . . . . . . . . . . . . 1948 . . . . . . . . . . . . . . . . . . . . 1949 copy . . . . . . . . . . . . . . . . . . . . . . . . 1950 delete . . . . . . . . . . . . . . . . . . . . . . . 1960 . . . . . . . . . . . . . . . . . . . . . . . . . 1961 boot system . clear config dir erase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
clear ip dhcp binding . . . . . . . . . . . . . . . 1979 clear ip dhcp conflict . . . . . . . . . . . . . . . 1979 . . . . . . . . . . . . . . . . . . 1980 . . . . . . . . . . . . . . . . . . . 1981 client-identifier client-name . default-router . . . . . . . . . . . . . . . . . . . dns-server (IP DHCP Pool Config) . . . . . . . . domain-name (IP DHCP Pool Config) . 1982 . . . . . . 1983 . . . . . . . . . . . . . . . . 1983 . . . . . . . . . . . . . . . . . . . . . . . .
show ip dhcp binding . . . . . . . . . . . . . . . 1998 show ip dhcp conflict . . . . . . . . . . . . . . . 1999 show ip dhcp global configuration . show ip dhcp pool . . . . . . . 2000 . . . . . . . . . . . . . . . . 2000 show ip dhcp server statistics . . . . . . . . . . 2001 DHCPv6 Server Commands . . . . . . . . . . . . . . . . . . . .2003 clear ipv6 dhcp . . . . . . . . . . . . . . . . . . dns-server (IPv6 DHCP Pool Config) . . . . . . .
server . . . . . . . . . . . . . . . . . . . . . . . 2021 debug . . . . . . . . . . . . . . . . . . . . . . . 2022 enable . . . . . . . . . . . . . . . . . . . . . . . 2023 proxy-ip-address . . . . . . . . . . . . . . . . . source-interface vlan-id url . 2024 . . . . . . . . . . . . . 2025 . . . . . . . . . . . . . . . . . . . . . . . . 2026 show hiveagent debug . . . . . . . . . . . . . . show hiveagent source-interface show hiveagent status 2027 . . . . . . . . 2027 . . . . . . . .
ip host . . . . . . . . . . . . . . . . . . . . . . . ip name-server . . . . . . . . . . . . . . . . . . ip name-server source-interface . . . . . . . . . ipv6 address (Interface Configuration) . 2042 2043 . . . . . 2044 . . . . . . . . . . . . . 2046 . . . . . . . . . . . . . . . . 2047 ipv6 address (OOB Port) ipv6 address dhcp 2041 ipv6 enable (Interface Configuration) . . . . . . 2048 ipv6 enable (OOB Configuration) . . . . . . . . . 2049 ipv6 gateway (OOB Configuration) . . . . .
history size line . . . . . . . . . . . . . . . . . . . . 2061 . . . . . . . . . . . . . . . . . . . . . . . . 2062 login authentication . . . . . . . . . . . . . . . 2063 login-banner . . . . . . . . . . . . . . . . . . . 2064 motd-banner . . . . . . . . . . . . . . . . . . . 2064 password (Line Configuration) . . . . . . . . . . 2065 . . . . . . . . . . . . . . . . . . . . . 2066 . . . . . . . . . . . . . . . . . . . . . . . 2067 show line speed terminal length . . . . . . . . . . .
power inline priority power inline reset . . . . . . . . . . . . . . . 2083 . . . . . . . . . . . . . . . . 2083 power inline usage-threshold . . . . . . . . . . 2084 . . . . . . . . . . . 2085 . . . . . . . . . . . . . . . . 2086 clear power inline statistics show power inline show power inline firmware-version . . . . . . . 2089 RMON Commands . . . . . . . . . . . . . . . . . . . . . . . . . . .2090 rmon alarm . . . . . . . . . . . . . . . . . . . . rmon collection history .
debug authentication interface. . . . . . . . . . 2112 . . . . . . . . . . . . . . . . . 2112 debug bfd . . . . . . . . . . . . . . . . . . . . . 2113 debug cfm . . . . . . . . . . . . . . . . . . . . . 2114 debug auto-voip debug clear . . . . . . . . . . . . . . . . . . . . debug console . . . . . . . . . . . . . . . . . . debug crashlog . . . . . . . . . . . . . . . . . . debug dhcp packet . . . . . . . . . . . . . . . . 2115 2116 2119 . . . . . . . . . . . . 2120 . . . . . . . . .
debug ipv6 mcache . debug ipv6 mld . . . . . . . . . . . . . . . 2131 . . . . . . . . . . . . . . . . . . 2131 debug ipv6 ospfv3 packet. . . . . . . . . . . . . 2132 debug ipv6 pimdm . . . . . . . . . . . . . . . . 2133 debug ipv6 pimsm . . . . . . . . . . . . . . . . . 2134 debug isdp . . . . . . . . . . . . . . . . . . . . 2135 debug lacp . . . . . . . . . . . . . . . . . . . . 2135 debug mldsnooping . debug ospf . . . . . . . . . . . . . . . 2136 . . . . . . . . . . . . . . . . . .
exception protocol . . . . . . . . . . . . . . . . exception switch-chip-register 2149 . . . . . . . . . 2152 . . . . . . . . . . . . . . 2152 show debugging . . . . . . . . . . . . . . . . . 2153 show exception . . . . . . . . . . . . . . . . . . 2154 ip http timeout-policy . show supported mibs . . . . . . . . . . . . . . . 2156 . . . . . . . . . . . . . . . . . . . 2161 . . . . . . . . . . . . . . . . . . . . 2161 snapshot bgp write core . Sflow Commands . . . . . . . . . . . . . .
show snmp engineid . . . . . . . . . . . . . . . 2177 show snmp filters . . . . . . . . . . . . . . . . . 2178 show snmp group . . . . . . . . . . . . . . . . . 2179 . . . . . . . . . . . . . . . . . 2181 show snmp user show snmp views . show trapflags . . . . . . . . . . . . . . . . 2182 . . . . . . . . . . . . . . . . . . 2183 snmp-server community . . . . . . . . . . . . . snmp-server community-group. snmp-server contact 2184 . . . . . . . . . 2186 . . . . . . . . . . . . . . .
contact-company . . . . . . . . . . . . . . . . . 2208 . . . . . . . . . . . . . . . . . 2209 . . . . . . . . . . . . . . . . . . . . . . 2210 contact-person . enable . proxy-ip-address server . . . . . . . . . . . . . . . . . . 2211 . . . . . . . . . . . . . . . . . . . . . . 2212 show eula-consent support-assist . . . . . . . . 2213 . . . . . . . . . . . 2214 . . . . . . . . . . . . . . . . . . 2215 . . . . . . . . . . . . . . . . . . . . . . . . 2216 show support-assist status .
logging file . . . . . . . . . . . . . . . . . . . . logging monitor . logging on . . . . . . . . . . . . . . . . . . 2231 . . . . . . . . . . . . . . . . . . . . 2232 logging protocol logging snmp . . . . . . . . . . . . . . . . . 2233 . . . . . . . . . . . . . . . . . . . 2234 logging source-interface . logging traps . . . . . . . . . . . . 2235 . . . . . . . . . . . . . . . . . . . 2236 logging web-session port 2229 . . . . . . . . . . . . . . . 2237 . . . . . . . . . . . . . . . . .
clear counters stack-ports . connect . . . . . . . . . . . . 2251 . . . . . . . . . . . . . . . . . . . . . 2252 disconnect exit . . . . . . . . . . . . . . . . . . . . 2253 . . . . . . . . . . . . . . . . . . . . . . . . 2254 hardware profile portmode . hostname . . . . . . . . . . . 2255 . . . . . . . . . . . . . . . . . . . . . 2258 initiate failover . . . . . . . . . . . . . . . . . . 2259 . . . . . . . . . . . . . . . . . . . 2260 locate . . . . . . . . . . . . . . . . . . . . . .
show buffers . . . . . . . . . . . . . . . . . . . show checkpoint statistics . show cut-through mode . . . . . . . . . . . 2278 . . . . . . . . . . . . . 2279 show hardware profile portmode . . . . . . . . 2280 . . . . . . . . . . . . . . 2281 . . . . . . . . . . . . . . . . . 2282 show idprom interface show interfaces. show interfaces advanced firmware . . . . . . . 2284 . . . . . . . . . . . . . . . . 2285 . . . . . . . . . . . . . . . . . 2285 . . . . . . . . . . . . . . . . . . .
show system . . . . . . . . . . . . . . . . . . . 2313 show system fan . . . . . . . . . . . . . . . . . 2314 show system id . . . . . . . . . . . . . . . . . . 2315 show system power . . . . . . . . . . . . . . . show system temperature . . . . . . . . . . . . 2317 . . . . . . . . . . . . . . . . 2318 . . . . . . . . . . . . . . . . . . . . 2321 show tech-support show users show version stack . . . . . . . . . . . . . . . . . . . 2322 . . . . . . . . . . . . . . . . . . . . . . .
show ip telnet . . . . . . . . . . . . . . . . . . . 2341 Time Ranges Commands . . . . . . . . . . . . . . . . . . . . . .2342 time-range [name] . . . . . . . . . . . . . . . . 2342 absolute . . . . . . . . . . . . . . . . . . . . . . 2343 periodic . . . . . . . . . . . . . . . . . . . . . . 2344 show time-range . . . . . . . . . . . . . . . . . 2346 USB Flash Drive Commands . . . . . . . . . . . . . . . . . . .2348 Validation of Files Downloaded/Uploaded from USB Device . . . . . . . . . .
quit . . . . . . . . . . . . . . . . . . . . . . . . 2358 Web Server Commands . . . . . . . . . . . . . . . . . . . . . . .2360 Web Sessions. . . . . . . . . . . . . . . . . . . 2360 common-name . . . . . . . . . . . . . . . . . . 2361 . . . . . . . . . . . . . . . . . . . . . . 2361 country crypto certificate generate . crypto certificate import . . . . . . . . . . . 2362 . . . . . . . . . . . . . 2365 crypto certificate request . . . . . . . . . . . . 2367 . . . . . . . . . . . . . . .
quit . . . . . . . . . . . . . . . . . . . . . . . . show crypto certificate mycertificate show ip http server status . . . . . . 2379 . . . . . . . . . . . . 2380 show ip http server secure status state . 2379 . . . . . . . . 2381 . . . . . . . . . . . . . . . . . . . . . . . 2382 A Appendix A: List of Commands . . . . . .
Dell EMC Networking CLI 1 Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Introduction The Command Line Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, the user has greater configuration flexibility.
Table 1-1. System Command Groups Command Group Description Layer 2 Commands ACL Configures and displays ACL information. MAC Address Table Configures bridging address tables. Auto-VoIP Configures auto VoIP for IP phones on a switch. CDP Interoperability Configures Cisco® Discovery Protocol (CDP). DHCP L2 Relay Enables the Layer 2 DHCP relay agent for an interface. DHCP Snooping Configures DHCP snooping and displays DHCP snooping information.
Table 1-1. System Command Groups (continued) Command Group Description IPv6 MLD Snooping Configures IPv6 MLD Snooping. IPv6 MLD Snooping Querier Configures IPv6 Snooping Querier and displays IPv6 Snooping Querier information. IP Source Guard Configures IP source guard and displays IP source guard information. iSCSI Optimization Configures special QoS treatment for traffic between iSCSI initiators and target systems. Link Dependency Configures and displays link dependency information.
Table 1-1. System Command Groups (continued) Command Group Description AAA Configures connection security including authorization and passwords. Administrative Profiles Commands Group commands into a profile and assign a profile to a user upon authentication. E-mail Alerting Configures e-mail capabilities. RADIUS Configures and displays RADIUS information. TACACS+ Configures and displays TACACS+ information. 802.1x Configures and displays commands related to 802.1x security protocol.
Table 1-1. System Command Groups (continued) Command Group Description DVMRP (Mcast) Configures DVMRP operations. GMRP Configures GMRP and displays GMRP information. IGMP (Mcast) Configures IGMP operations. IGMP Proxy (Mcast) Manages IGMP Proxy on the system. IP Helper/DHCP Relay Configures relay of UDP packets. IP Routing (IPv4) Configures IP routing and addressing. IPv6 Routing Configures IPv6 routing and addressing.
Table 1-1. System Command Groups (continued) Command Group Description Switch Management Commands Application Deployment Manages Dell-supplied applications. Auto-Install Automatically configures switch when a configuration file is not found. CLI Macro Configures CLI Macro and displays CLI Macro information. Clock Configures the system clock. Command Line Configuration Scripting Manages the switch configuration files.
Table 1-1. System Command Groups (continued) Command Group Description Time Ranges Configures time ranges and displays time range information. USB Flash Drive Configures USB flash drive and displays USB flash drive information. User Interface Describes user commands used for entering CLI commands. Web Server Configures web-based access to the switch. Mode Types The tables on the following pages use these abbreviations for Command Mode names.
• HAC—Hive Agent Sever Configuration • IC — Interface Configuration • IP — IP Access List Configuration • IPAF4—IPv4 Address Family Configuration • IPAF—IPv6 Address Family Configuration • IPSLA—IP SLA Configuration • IPSLAE—IP SLA ICMP Echo Configuration • IR — Interface Range • KC — Key Chain • KE — Key • L — Logging • LC — Line Configuration • LD — Link Dependency • MA — Management Access-level • MC — MST Configuration • MD —MLAG Domain Configuration • MDC — Maintenance D
• RIP — Router RIP Configuration • RC — Router Configuration • RM—Route Map Configuration • ROSPF — Router Open Shortest Path First • ROSV3 — Router Open Shortest Path First Version 3 • S—Support • SAC—Support Assist Configuration • SC — Stack Configuration • SP — SSH Public Key • SK — SSH Public Key-chain • TC — TACACS Configuration • TKC—Track Configuration • TRC — Time Range Configuration • UB—U-boot • UE — User Exec • VC — VLAN Configuration (reached via vlan command) •
Modea Command Description deny | permit (IP ACL) ML The deny command denies traffic if the conditions defined in the deny statement are matched. The permit command allows traffic if the conditions defined in the permit statement are matched. ML deny | permit (Mac-Access- The deny command denies traffic if the List-Configuration) conditions defined in the deny statement are matched. The permit command allows traffic if the conditions defined in the permit statement are matched.
MAC Address Table Command Description Modea clear mac address-table Removes any learned entries from the forwarding database. PE mac address-table agingtime Sets the address table aging time. GC mac address-table multicast Forbids adding a specific multicast address to forbidden address specific ports. GC mac address-table static Registers MAC-layer multicast addresses to the GC bridge forwarding table, and adds static ports to the group.
Auto-VoIP Command Modea Description switchport voice detect auto Enables the VoIP Profile on all the interfaces of GC or the switch. IC show switchport voice a. Displays the status of auto-voip on an interface PE or all interfaces. For the meaning of each Mode abbreviation, see Mode Types. CDP Interoperability Command Description Modea clear isdp counters Clears the ISDP counters. PE clear isdp table Clears entries in the ISDP table.
DHCP L2 Relay Command Description Modea dhcp l2relay (Global Configuration) Enables the Layer 2 DHCP Relay agent for an interface or globally. GC or IC dhcp l2relay (Interface Configuration) Enables DHCP L2 Relay for an interface. IC dhcp l2relay circuit-id Enables user to set the DHCP Option 82 Circuit ID for a VLAN. GC dhcp l2relay remote-id Enables user to set the DHCP Option 82 Remote ID for a VLAN. GC dhcp l2relay trust Configures an interface to trust a received DHCP Option 82.
DHCP Snooping Command Description Modea clear ip dhcp snooping binding Clears all DHCP Snooping entries. PE clear ip dhcp snooping statistics Clears all DHCP Snooping statistics. PE ip dhcp snooping Enables DHCP snooping globally or on a specific VLAN. GC or IC ip dhcp snooping binding Configures a static DHCP Snooping binding. GC ip dhcp snooping database Configures the persistent location of the DHCP GC snooping database.
Dynamic ARP Inspection Command Description Modea arp ip access-list Creates an ARP ACL. GC clear ip arp inspection statistics Resets the statistics for Dynamic ARP Inspection on all VLANs. PE ip arp inspection filter Configures the ARP ACL to be used for a single GC VLAN or a range of VLANs to filter invalid ARP packets. ip arp inspection limit Configures the rate limit and burst interval values for an interface.
Command Description Modea duplex Configures the duplex operation of a given Ethernet interface IC flowcontrol Configures the flow control on a given interface. GC or IC forward-error-correction Configures the forward error correction for 25G/50G/100G Ethernet interfaces IC interface Enters the interface configuration mode to configure parameters for an interface. GC or IC interface range Enters the interface configuration mode to execute a command on multiple ports at the same time.
Modea Command Description show statistics Displays statistics for one port or for the entire PE switch. show statistics switchport Displays detailed statistics for a specific port or PE for the entire switch. show storm-control Displays the storm control configuration. show storm-control action Displays the storm control action configuration PE for one or all interfaces. shutdown Disables interfaces. IC speed Configures the speed of a given Ethernet interface when not using auto-negotiation.
Command Description Modea ethernet cfm mep enable Enables a MEP at the specified level and direction. IC ethernet cfm mep active Activates a MEP at the specified level and direction. IC ethernet cfm mep archivehold-time Maintains internal information on a missing MEP. IC ethernet cfm mip level Creates a Maintenance Intermediate Point (MIP) at the specified level.
Ethernet Ring Protection Command Description Modea ethernet ring g8032 profile Creates Ethernet ring profile and enters Ethernet ring profile configuration mode GC timer Configures the timer expiry values for an Ethernet ring profile. ERP non-revertive Enables non-revertive mode for an Ethernet ring profile. ERP ethernet ring g8032 Creates an Ethernet ring and enters Ethernet Ring Configuration mode GC port0 Configures a link to participate in Ethernet ring protection as an East ring link.
a. Command Description Modea show ethernet ring g8032 configuration Shows the Ethernet Ring Protection configuration. PE, GC show ethernet ring g8032 brief Shows the operational overview of Ethernet ring protection. PE, GC show ethernet ring g8032 status Shows the status of Ethernet ring protection. PE, GC show ethernet ring g8032 port status Shows the status of Ethernet ring protection for the selected interface.
Command Modea Description PE show green-mode interface- Displays the green-mode configuration and id operational status of the port. This command is also used to display the per port configuration and operational status of the green-mode. The status is shown only for the modes supported on the corresponding hardware platform whether enabled or disabled. show green-mode Displays the green-mode configuration for the PE whole system.
a. For the meaning of each Mode abbreviation, see Mode Types. IGMP Snooping Modea Command Description ip igmp snooping In Global Configuration mode, Enables GC Internet Group Management Protocol (IGMP) snooping. show ip igmp snooping groups Displays multicast groups learned by IGMP snooping. UE show ip igmp snooping mrouter Displays information on dynamically learned multicast router interfaces.
IGMP Snooping Querier Modea Command Description ip igmp snooping Enables/disables IGMP Snooping Querier on GC or the system (Global Configuration mode) or on VC a VLAN. ip igmp snooping querier election participate Enables the Snooping Querier to participate in VC the Querier Election process when it discovers the presence of another Querier in the VLAN. ip igmp snooping querier query-interval Sets the IGMP Querier Query Interval time.
IP Addressing Command Description Modea clear host Deletes entries from the host name-to-address cache. PE clear ip address-conflictdetect Clears the address conflict detection status in the switch. PE interface out-of-band Enters into OOB interface configuration mode. GC ip address Configures an IP address on an in-band interface. ip address (Out-of-Band) Sets an IP address for the out-of-band interface.
Command Description Modea ipv6 enable (OOB Configuration) Enables IPv6 operation on the out-of-band interface. IC ipv6 gateway (OOB Configuration) Configures the address of the IPv6 gateway. IC show hosts Displays the default domain name, a list of UE name server hosts, static and cached list of host names and addresses. show ip address-conflict Displays the status information corresponding to the last detected address conflict.
IPv6 MLD Snooping Command Description Modea ipv6 mld snooping vlan groupmembership-interval Sets the MLD Group Membership Interval time on a VLAN or interface. VC ipv6 mld snooping vlan immediate-leave Enables or disables MLD Snooping immediate- VC leave admin mode on a selected interface or VLAN. ipv6 mld snooping vlan last- Sets the MLD Maximum Response time for an IC or listener-query-interval interface or VLAN.
Modea Command Description ipv6 mld snooping querier election participate Enables the Snooping Querier to participate in VC the Querier Election process when it discovers the presence of another Querier in the VLAN. ipv6 mld snooping querier query-interval Sets the MLD Querier Query Interval time. ipv6 mld snooping querier timer expiry Sets the MLD Querier timer expiration period. GC show ipv6 mld snooping querier Displays MLD Snooping Querier information. a.
Link Dependency Modea Command Description action Indicates if the link-dependency group should LD mirror or invert the status of the depended on interfaces. link-dependency group Enters the link-dependency mode to configure GC a link-dependency group. add Adds member gigabit Ethernet port(s) to the LD dependency list. depends-on Adds the dependent Ethernet ports or port channels list. show link-dependency Shows the link dependencies configured on a PE particular group. a.
Command Description Modea lldp receive Enables the LLDP receive capability. IC lldp timers Sets the timing parameters for local data transmission on ports enabled for LLDP. GC lldp transmit Enables the LLDP advertise capability. IC lldp tlv-select Specifies which optional TLVs in the 802.1AB IC basic management set will be transmitted in the LLDPDUs. show lldp Displays the current LLDP configuration summary. PE show lldp interface Displays the current LLDP interface state.
Command Description Modea show keepalive Displays the global loop protect configuration. PE show keepalive statistics Displays the loop protect status for one or all PE interfaces. a. For the meaning of each Mode abbreviation, see Mode Types. MLAG Command Description Modea clear vpc statistics Clears the counters for the keepalive messages transmitted and received by the MLAG switch. PE feature vpc Enables debug traces for the specified protocols. GC feature vpc Globally enables MLAG.
Command Description Modea show vpc consistencyparameters Displays MLAG-related configuration information in a format suitable for comparison with the other MLAG peer. PE show vpc consistencyfeatures Displays MLAG-related configuration information in a format suitable for comparison with the other MLAG peer. PE show vpc peer-keepalive Displays the peer MLAG switch’s IP address PE used by the dual control plane detection protocol.
Command Description Modea mvr mode Changes the MVR mode type. GC mvr querytime Sets the MVR query response time. GC mvr vlan Sets the MVR multicast VLAN. GC mvr immediate Enables MVR Immediate Leave mode. IC mvr type Sets the MVR port type. IC mvr vlan group Use to participate in the specific MVR group. IC show mvr Displays global MVR settings. PE show mvr members Displays the MVR membership groups allocated. PE show mvr interface Displays the MVR enabled interface configuration.
Command Description Modea show interfaces portchannel Displays port-channel information. PE show lacp Displays LACP information for ports. PE show statistics port-channel Displays port-channel statistics. a. PE For the meaning of each Mode abbreviation, see Mode Types. Port Monitor Modea Command Description monitor capture (Global Configuration) Captures packets transmitted or received from GC the CPU.
Command Description Modea class-map rename Changes the name of a DiffServ class. GC classofservice dot1pmapping Maps an 802.1p priority to an internal traffic class for a switch. GC or IC classofservice ip-dscpmapping Maps an IP DSCP value to an internal traffic class. GC classofservice trust Sets the class of service trust mode of an interface. GC or IC conform-color Specifies the precoloring of packets conforming PCMC to or exceeding the specified rate(s).
Command Description Modea match cos Adds to the specified class definition a match condition for the Class of Service value. CMC match destination-address mac Adds to the specified class definition a match condition based on the destination MAC address of a packet. CMC match any Allows matching on any of the specified match CMC conditions. match dstip Adds to the specified class definition a match condition based on the destination IP address of a packet.
Modea Command Description match source-address mac Adds to the specified class definition a match CMC condition based on the source MAC address of the packet. match srcip Adds to the specified class definition a match condition based on the source IP address of a packet. match srcip6 Adds to the specified class definition a match v6CMC condition based on the source IPv6 address of a packet.
Modea Command Description redirect PCMC Specifies that all incoming packets for the associated traffic stream are redirected to a specific egress interface (Ethernet port or portchannel). service-policy Attaches a policy to an interface in a particular GC or direction. IC show class-map Displays all configuration information for the specified class. show classofservice dot1pmapping Displays the current 802.1p priority mapping PE to internal traffic classes for a specific interface.
Command Description Modea traffic-shape Specifies the maximum transmission bandwidth limit for the interface as a whole. GC or IC vlan priority Assigns a default VLAN priority tag for untagged frames ingressing an interface. IC a. For the meaning of each Mode abbreviation, see Mode Types. Spanning Tree Command Description Modea clear spanning-tree detected-protocols Restarts the protocol migration process on all interfaces or on the specified interface.
Command Description Modea spanning-tree cost Configures the spanning tree path cost for a port. IC spanning-tree disable Disables spanning tree on a specific port. IC spanning-tree forward-time Configures the spanning tree bridge forward time. GC spanning-tree guard Selects whether loop guard or root guard is enabled on an interface. IC spanning-tree loopguard Enables loop guard on all ports. GC spanning-tree max-age Configures the spanning tree bridge maximum GC age.
Command Modea Description spanning-tree transmit hold- Set the maximum number of BPDUs that a count bridge is allowed to send within a hello time window (2 seconds). GC spanning-tree uplinkfast Configures the rate at which gratuitous frames GC are sent after a switchover to an alternate port and enables Direct Link Rapid Convergence. spanning-tree vlan Enables per VLAN spanning tree on a VLAN.
Modea Command Description udld port Selects the UDLD operating mode on a specific IC interface. show udld Displays the global settings for UDLD. a. PE For the meaning of each Mode abbreviation, see Mode Types. VLAN Modea Command Description interface vlan Enters the VLAN interface configuration mode. GC interface range vlan Enters the interface configuration mode to configure multiple VLANs. GC name (VLAN Configuration) Configures a name to a VLAN.
Command Description Modea show vlan association mac Displays the VLAN associated with a specific configured MAC address. PE show vlan association subnet Displays the VLAN associated with a specific configured IP subnet. PE show vlan private-vlan Displays information about the configured private VLANs. PE switchport access vlan Configures the PVID VLAN ID when the interface is in access mode.
Command Description Modea switchport trunk encapsulation dot1q Use this command for compatibility. This command performs no action. IC or IR vlan Configures a VLAN. GC vlan association mac Associates a MAC address to a VLAN. VC vlan association subnet Associates an IP subnet to a VLAN. VC vlan makestatic Changes a GVRP dynamically created VLAN to GC a static VLAN. vlan protocol group Adds protocol-based VLAN groups to the system.
Multiple MAC Registration Protocol Command Description Modea clear mmrp statistics Clears the MMRP statistics for an interface or all interfaces. PE mmrp Enables MMRP on a specific interface. IC, IR mmrp global Globally enables MMRP. GC mmrp periodic state machine Globally enables the MMRP periodic state machine. GC show mmrp Displays the MMRP configuration for an interface or globally. PE, GC show mmrp statistics Displays the MMRP statistics for an interface or PE, globally. GC a.
Security Commands AAA Command Description Modea aaa accounting Creates an accounting method list GC aaa accounting delay-start Delays the sending of Acct-Start packets to RADIUS accounting server(s) GC aaa accounting update Enables the sending of interim accounting packets to RADIUS accounting server(s). GC aaa authentication dot1x default Specifies an authentication method for 802.1x clients.
Command Description Modea clear (IAS) Deletes all IAS users. PE clear authentication statistics Clears the authentication statistics. PE clear authentication authentication-history Clears the authentication history logs. PE enable password Sets a local password to control access to the normal level. GC ip http authentication Specifies authentication methods for http. GC ip https authentication Specifies authentication methods for https.
Modea Command Description username Establishes a username-based authentication GC system. Optionally allows the specification of an Administrative Profile for a local user. username unlock Transfers local user passwords between devices GC without having to know the passwords. a. For the meaning of each Mode abbreviation, see Mode Types Administrative Profiles Command Description Modea admin-profile Creates an administrative profile.
Command Modea Description logging email message-type Sets the lowest severity level at which SNMP to-addr traps are logged. GC logging email message-type Configures the To address field of the e-mail. to-addr GC logging email from-addr GC Configures the From address of the e-mail. logging email message-type Configures the subject. subject GC logging email logtime GC Configures the value of how frequently the queued messages are sent.
RADIUS Command Description Modea acct-port Sets the port that connects to the RADIUS accounting server. R attribute 6 Configures processing of the RADIUS Service- R Type attribute. attribute 8 Configures the switch to send the RADIUS Framed-IP-Address attribute in the AccessRequest message sent to a specific RADIUS authentication server.
Modea Command Description deadtime Improves RADIUS response times when a server R is unavailable by causing the unavailable server to be skipped. key Sets the authentication and encryption key for all R RADIUS communications between the switch and the RADIUS daemon. msgauth Enables the message authenticator attribute to R be used for the RADIUS Authenticating server being configured.
Modea Command Description radius server attribute mac format GC Globally enables the switch to send the RADIUS Class attribute as supplied by the RADIUS server in accounting messages sent to the accounting server. radius server attribute 168 Enables the switch to send the RADIUS Framed-IPv6-Address attribute in accounting messages sent to the RADIUS accounting server. GC radius server dead-criteria Configures the condition upon which a RADIUS server is considered unreachable (dead).
Modea Command Description show aaa servers Displays the list of configured RADIUS servers UE or and the values configured for the global PE parameters of the RADIUS client. show radius statistics Shows the statistics for an authentication or accounting server. UE or PE source-ip Specifies the source IP address to be used for communication with RADIUS servers. R timeout Sets the timeout value in seconds for the designated RADIUS server. R usage authmgr Specifies the usage type of the server.
802.1x Command Description Modea dot1x eapolflood Enables the capability of creating VLANs dynamically when a RADIUS-assigned VLAN does not exist in the switch. GC dot1x eapolflood Enables the flooding of received IEEE 802.1x frames in the VLAN. GC clear authentication sessions Begins the initialization sequence on the specified port. PE mab Enables MAB on an interface.
Command Description Modea dot1x system-auth-control Enables 802.1x globally. GC authentication monitor Enables authentication monitor mode globally. GC dot1x timeout Sets the values of the various 802.1x state machine timers. IC authentication timer reauthenticate Sets the number of seconds between reauthentication attempts. IC auth-type Sets the accepted authorization types for RADIUS CoA clients. DRC client Sets the CoA client parameters.
Command Description Modea authentication event noresponse Sets the guest VLAN on a port. IC authentication timeout guest-vlan-period Sets the number of seconds that the switch waits before authorizing the client if the client is a dot1x unaware client. IC authentication event fail Specifies the unauthenticated VLAN on a port. IC show dot1x advanced Displays 802.1X advanced features for the switch or specified interface. a. PE For the meaning of each Mode abbreviation, see Mode Types.
Command Description Modea locale Associates an interface with a captive portal configuration. CPI name (Captive Portal) Configures the name for a captive portal configuration. CPI protocol Configures the protocol mode for a captive portal configuration. CPI redirect Enables the redirect mode for a captive portal configuration. CPI redirect-url Configures the redirect URL for a captive portal CPI configuration.
Command Description Modea user-logout Enables captive portal users to log out of the portal. CPI user name Modifies the user name for a local captive portal CP user. user password Creates a local user or changes the password for CP an existing user. user session-timeout Sets the session timeout value for a captive portal user. CP show captive-portal configuration Displays the operational status of each captive portal configuration.
Modea Command Description dos-control sipdip Enables Source IP Address = Destination IP GC Address (SIP=DIP) Denial of Service protection. dos-control tcpflag Enables TCP Flag Denial of Service protections. GC dos-control tcpfrag Enables TCP Fragment Denial of Service protection.
Command Description Modea show management accesslist Displays management access-lists. PE a. For the meaning of each Mode abbreviation, see Mode Types. Password Management Command Description Modea passwords aging Implements aging on the passwords such that users are required to change passwords when they expire. GC passwords history Enables the administrator to set the number of GC previous passwords that are stored to ensure that users do not reuse their passwords too frequently.
Modea Command Description passwords strength maxlimit repeated-characters Enforces a maximum repeated characters that a GC password should contain. passwords strength minimum character-classes GC Enforces the minimum number of character classes (uppercase letters, lowercase letters, numeric characters and special characters) that a password must contain. passwords strength exclude- Enforces a maximum number of consecutive keyword characters that a password can contain.
Modea Command Description ip ssh server Enables the switch to be configured from a SSH GC server connection. key-string Manually specifies a SSH public key. ssh Establishes an outboard connection to a remote PE SSH server from the switch console. ssh session-limit Limits the number of outbound SSH sessions. GC ssh time-out Configures the delay upon which idle SSH sessions are terminated. GC show crypto key mypubkey Displays its own SSH public keys stored on the PE switch.
Modea Command Description openflow Enables OpenFlow on the switch (if disabled) GC and enters into OpenFlow configuration mode. passive Sets the switch to wait for the controller to initiate the connection. OFC protocol-version Selects the version of the protocol in which to operate. OFC show openflow Displays OpenFlow configuration and status. PE, GC a. For the meaning of each Mode abbreviation, see Mode Types.
Command Description Modea ip proxy-arp Enables proxy ARP on a router interface. IC show arp Displays the Address Resolution Protocol (ARP) PE cache. a. For the meaning of each Mode abbreviation, see Mode Types. BFD Command Description Modea feature bfd Enables BFD on the router. GC bfd echo Enables BFD echo mode on an interface. IC bfd interval Configures BFD session parameters for a VLAN IC routing interface.
Command Description Modea address-family ipv6 Specifies IPv6 configuration parameters. BR aggregate-address Configures a summary address for BGP. BR or IPAF bgp aggregate-differentmeds (BGP Router Configuration) Controls the aggregation of routes with different multi-exit discriminator (MED) attributes. BR bgp aggregate-differentAllows IPv6 routes with different MEDs to be meds (IPv6 Address Family aggregated.
Command Description Modea clear ip bgp Resets peering sessions with all of a subnet of BGP peers. PE clear ip bgp counters Resets all BGP counters to 0. PE default-information originate (BGP Router Configuration) Enables BGP to originate a default route. BR default-information originate (IPv6 Address Family Configuration) Allows BGP to originate an IPv6 default route.
Modea Command Description ip bgp-community newformat Displays BGP standard communities in AA:NN GC format. ip bgp fast-external-fallover Configures fast external failover behavior for a specific routing interface. IC ip community-list Creates or configures a BGP community list. GC ip extcommunity-list Creates an extended community list to configure VRF route filtering. GC match extcommunity Matches BGP extended community list attributes.
Modea Command Description neighbor connect-retryinterval Configure the initial connection retry time for a BR specific neighbor. neighbor default-originate (BGP Router Configuration) Configures BGP to originate a default route to a BR specific neighbor. neighbor default-originate (IPv6 Address Family Configuration) Configures BGP to originate a default IPv6 route to a specific neighbor. IPAF neighbor description Records a text description of a neighbor.
Modea Command Description neighbor password Enables MD5 authentication of TCP segments BR sent to and received from a neighbor, and to configure an authentication key. neighbor prefix-list (BGP Router Configuration) Filters advertisements sent to a specific BR neighbor based on the destination prefix of each route. neighbor prefix-list (IPv6 Address Family Configuration) Specifies an IPv6 prefix list to filter routes received from or advertised to a given peer.
Command Description Modea neighbor timers Overrides the global keepalive and hold timer values as well as set the keepalive and hold timers for a specific neighbor. BR neighbor update-source Configures BGP to use a specific IP address as BR the source address for the TCP connection with a neighbor. network (BGP Router Configuration) Configures BGP to advertise an address prefix.
Command Description Modea show bgp ipv6 listen range Displays information about IPv6 BGP listen ranges. PE show bgp ipv6 neighbors Displays neighbors with IPv4 or IPv6 peer addresses that are enabled for the exchange of IPv6 prefixes. PE show bgp ipv6 neighbors advertised-routes Displays IPv6 routes advertised to a specific neighbor. PE show bgp ipv6 neighbors policy Displays the inbound and outbound IPv6 policies configured for a specific peer.
Command Description Modea show ip bgp neighbors Shows details about BGP neighbor configuration and status. UE show ip bgp neighbors advertised-routes Displays the list of routes advertised to a specific neighbor. PE show ip bgp neighbors received-routes Displays the list of routes received from a specific neighbor. PE show ip bgp neighbors policy Displays the inbound and outbound IPv4 policies configured for a specific peer.
Command Description Modea graceful-restart Enables the graceful restart and the graceful restart helper capability. BR graceful-restart-helper Enables the graceful restart helper capability. BR a. For the meaning of each Mode abbreviation, see Mode Types. BGP Routing Policy Command Description Modea ip as-path access-list Create an AS path access list. GC ip bgp-community newformat Displays BGP standard communities in AA:NN GC format.
Command Description Modea show ipv6 prefix-list Displays the contents of IPv6 prefix lists. PE or GC clear ip prefix-list Resets the IPv4 prefix-list counters. PE clear ipv6 prefix-list Resets the IPv6 prefix-list counters. PE clear ip community-list Resets the IPv6 prefix-list counters. PE set as-path Prepends one or more AS numbers to the AS path in a BGP route. RC set comm-list delete Removes BGP communities from an inbound or outbound UPDATE message.
Modea Command Description dns-server (IP DHCP Pool Config) Sets the IPv4 DNS server address which is DP provided to a DHCP client by the DHCP server. domain-name (IP DHCP Pool Config) Sets the DNS domain name which is provided to a DHCP client by the DHCP server. DP hardware-address Specifies the MAC address of a client to be manually assigned an address. DP host Specifies a manual binding for a DHCP client host. DP ip dhcp bootp automatic Enables automatic BOOTP address assignments.
Modea Command Description show ip dhcp conflict Displays DHCP address conflicts for all relevant PE interfaces or a specified interface. show ip dhcp global configuration Displays the DHCP global configuration. PE show ip dhcp pool Displays the configured DHCP pool or pools. UE or PE show ip dhcp server statistics Displays the DHCP server binding and message PE counters. a. For the meaning of each Mode abbreviation, see Mode Types.
Command Description Modea show ipv6 dhcp interface Displays DHCPv6 information for all relevant interfaces or a specified interface. UE, PE, GC show ipv6 dhcp pool Displays the configured DHCP pool. PE show ipv6 dhcp statistics Displays the DHCPv6 server name and status. UE a. For the meaning of each Mode abbreviation, see Mode Types. DHCPv6 Snooping Command Description Modea clear ipv6 dhcp snooping binding Clears all IPv6 DHCP snooping entries.
Command Description Modea ipv6 verify source Configures an interface to filter incoming traffic from sources that are not present in the DHCP binding database. IC show ipv6 dhcp snooping Displays the IPv6 DHCP snooping configuration. UE or PE show ipv6 dhcp snooping binding Displays the IPv6 DHCP snooping configuration. UE or PE show ipv6 dhcp snooping database Displays IPv6 DHCP snooping configurations related to database persistency.
Command Description Modea show ip dvmrp prune Displays the table that lists the router’s upstream prune information. PE show ip dvmrp route Displays the multicast routing information for DVMRP. PE a. For the meaning of each Mode abbreviation, see Mode Types. GMRP Command Description Modea gmrp enable Enables GMRP globally or on a port. GC or IC clear gvrp statistics Clears all the GMRO statistics information. PE show gmrp configuration Displays GMRP configuration. GC or IC a.
Command Description Modea ip igmp robustness Configures the robustness that allows tuning of the interface. IC ip igmp startup-query-count Sets the number of queries sent out on startup — at intervals equal to the startup query interval for the interface. IC ip igmp startup-queryinterval Sets the interval between general queries sent IC at startup on the interface. ip igmp version Configures the version of IGMP for an interface. IC show ip igmp Displays system-wide IGMP information.
Modea Command Description show ip igmp-proxy groups Displays a table of information about multicast PE groups that IGMP Proxy reported. show ip igmp proxy-service groups detail Displays complete information about multicast PE groups that IGMP Proxy has reported. a. For the meaning of each Mode abbreviation, see Mode Types. IP Helper/DHCP Relay Command Modea Description ip dhcp relay maxhopcount Configures the maximum allowable relay agent GC hops for BootP/DHCP Relay on the system.
Command Description Modea ip helper-address (global configuration) Configures the relay of certain UDP broadcast packets received on any interface. GC ip helper-address (interface Configures the relay of certain UDP broadcast configuration) packets received on a specific interface. IC ip helper enable Enables relay of UDP packets. GC show ip helper-address Displays the IP helper address configuration. PE show ip dhcp relay Displays the BootP/DHCP Relay information.
Command Description Modea ip unnumbered Identifies an interface as an unnumbered interface and specifies the numbered interface providing the borrowed address. IC ip unnumbered gratuitousarp accept Enables installation of a static interface route to IC the unnumbered peer upon receiving a gratuitous ARP. ip unreachables Enables the generation of ICMP Destination Unreachable messages. IC match ip address Specify IP address match criteria for a route map.
Command Description Modea show ip route preferences Displays detailed information about the route preferences. PE show ip route summary Shows the number of all routes, including best PE and non-best routes. show ip traffic Displays IP statistical information. UE or PE show ip vlan Displays the VLAN routing information for all VLANs with routing enabled. PE show route-map Displays the route maps. PE show routing heap summary Displays a summary of the memory allocation from the routing heap.
Command Description Modea ipv6 mld last-memberquery-interval Sets the last member query interval for the MLD interface, which is the value of the maximum response time parameter in the group specific queries sent out of this interface. IC (VC) ipv6 mld host-proxy Enables MLD Proxy on the router. IC ipv6 mld host-proxy reset- Resets the host interface status parameters of IC status the MLD Proxy router.
Modea Command Description ipv6 nd nud retry Configures the exponential backoff multiple GC to be used in the calculation of the next timeout value for Neighbor Solicitation transmission during NUD (neighbor unreachabililty detection) following the exponential backoff algorithm. ipv6 nd other-config-flag Sets the other stateful configuration flag in router advertisements sent from the interface. ipv6 nd prefix Sets the IPv6 prefixes to include in the router IC advertisement.
Modea Command Description show ipv6 brief Displays the IPv6 status of forwarding mode PE and IPv6 unicast routing mode. show ipv6 interface Shows the usability status of IPv6 interfaces. PE show ipv6 mld groups Displays information about multicast groups PE that MLD reported. show ipv6 mld interface Displays MLD related information for an interface. PE show ipv6 mld host-proxy Displays a summary of the host interface status parameters.
Command Description Modea traceroute ipv6 Discovers the routes that packets actually take when traveling to their destination through the network on a hop-by-hop basis. PE a. For the meaning of each Mode abbreviation, see Mode Types. IP Service Level Agreement Command Description Modea ip sla Creates and confirms an IP Service Level Agreement (SLAs) operation and enters IP SLA configuration mode. GC ip sla schedule Starts an IP SLA.
Command Description Modea clear ip sla statistics Clears IP SLA statistical information for a given IP SLA operation or for all IP SLAs. PE show ip sla configuration Displays the configuration values (including UE, PE, all defaults) for a specified IP SLA operation GC or all operations. show ip sla statistics Displays the statistics and the current operational status of a specified IP SLA operation or of all operations.
Command Description Modea ip pim Administratively configures PIM mode for IP multicast routing on a VLAN interface. IC ip pim bsr-border Administratively disables bootstrap router (BSR) messages from being sent or received through an interface. IC ip pim bsr-candidate Configures the router to advertise itself as a bootstrap router (BSR). GC ip pim dense-mode Administratively configures PIM dense mode for IP multicast routing.
Modea Command Description show ip mroute group Displays the multicast configuration settings of PE entries in the multicast mroute table. show ip mroute source Displays the multicast configuration settings of PE entries in the multicast mroute table. show ip mroute static Displays all the static routes configured in the static mcast table. PE show ip pim Displays information about the interfaces enabled for PIM. UE or PE show ip pim bsr-router Displays the bootstrap router (BSR) information.
Modea Command Description ipv6 pim bsr-border Prevents bootstrap router (BSR) messages from IC being sent or received through an interface. ipv6 pim bsr-candidate Configures the router to announce its candidacy as a bootstrap router (BSR). GC ipv6 pim dense-mode Administratively configures PIM dense mode for IPv6 multicast routing. GC ipv6 pim dr-priority Sets the priority value for which a router is elected as the designated router (DR).
Modea Command Description show ipv6 pim neighbor Displays IPv6 PIMSM neighbors learned on the PE or routing interfaces. GC show ipv6 pim rp-hash Displays which rendezvous point (RP) is being PE or selected for a specified group. GC show ipv6 pim rp mapping Displays all group-to-RP mappings of which the PE or router is aware (either configured or learned GC from the bootstrap router (BSR). a. For the meaning of each Mode abbreviation, see Mode Types.
Command Description Modea area virtual-link Creates the OSPF virtual interface for the specified area-id and neighbor router. ROSPF area virtual-link authentication Configures the authentication type and key for ROSPF the OSPF virtual interface identified by the area ID and neighbor ID. area virtual-link deadinterval Configures the dead interval for the OSPF virtual ROSPF interface on the virtual interface identified by area-id and neighbor router.
Command Description Modea distribute-list out Specifies the access list to filter routes received from the source protocol. ROSPF enable Resets the default administrative mode of OSPF ROSPF in the router (active). exit-overflow-interval Configures the exit overflow interval for OSPF. ROSPF external-lsdb-limit Configures the external LSDB limit for OSPF. ROSPF ip ospf area Enables OSPFv2 and sets the area ID of an interface.
Modea Command Description network area Enables OSPFv2 on an interface and sets its area ROSPF ID if the IP address of an interface is covered by this network command. nsf Enables OSPF graceful restart. ROSPF nsf helper Allow OSPF to act as a helpful neighbor for a restarting router. ROSPF nsf helper strict-lsachecking Set an OSPF helpful neighbor exit helper mode whenever a topology change occurs.
Command Description Modea show ip ospf interface Displays the information for the IFO object or virtual interface tables. PE show ip ospf interface brief Displays brief information for the IFO object or virtual interface tables. PE show ip ospf interface stats Displays the statistics for a specific interface. PE show ip ospf lsa-group Displays the number of self-originated LSAs within each LSA group. PE, GC show ip ospf neighbor Displays information about OSPF neighbors.
Command Description Modea area nssa default-infooriginate (Router OSPFv3 Config) Configures the metric value and type for the default route advertised into the NSSA. ROSV3 area nssa no-redistribute Configures the NSSA ABR so that learned external routes will not be redistributed to the NSSA. ROSV3 area nssa no-summary Configures the NSSA so that summary LSAs are ROSV3 not advertised into the NSSA. area nssa translator-role Configures the translator role of the NSSA.
Command Description Modea distance ospf Sets the route preference value of OSPF in the router. ROSV3 enable Resets the default administrative mode of OSPF ROSV3 in the router (active). exit-overflow-interval Configures the exit overflow interval for OSPF. ROSV3 external-lsdb-limit Configures the external LSDB limit for OSPF. ROSV3 arp Enables OSPF on a router interface or loopback interface. IC ipv6 ospf area Sets the OSPF area to which the specified router IC interface belongs.
Modea Command Description nsf helper strict-lsachecking Requires that an OSPF helpful neighbor exit ROSV3 helper mode whenever a topology change occurs. nsf restart-interval Configures the length of the grace period on the ROSV3 restarting router. passive-interface Sets the interface or tunnel as passive. passive-interface default Enables the global passive mode by default for all ROSV3 interfaces.
Command Description Modea show ipv6 ospf interface vlan Displays OSPFv3 configuration and status information for a specific VLAN. PE show ipv6 ospf neighbor Displays information about OSPF neighbors. PE show ipv6 ospf range Displays information about the area ranges for the specified area identifier. PE show ipv6 ospf stub table Displays the OSPF stub table. PE show ipv6 ospf virtuallinks Displays the OSPF Virtual Interface information PE for a specific area and neighbor.
a. For the meaning of each Mode abbreviation, see Mode Types. Router Discovery Protocol Command Description Modea encapsulation Enables Router Discovery on an interface. IC ip irdp holdtime Configures the value, in seconds, of the hold- IC time field of the router advertisement sent from this interface. ip irdp maxadvertinterval Configures the maximum time, in seconds, IC allowed between sending router advertisements from the interface.
Modea Command Description distribute-list out Specifies the access list to filter routes received RIP from the source protocol. enable Resets the default administrative mode of RIP in the router (active). RIP hostroutesaccept Enables the RIP hostroutesaccept mode. RIP ip rip Enables RIP on a router interface. IC ip rip authentication Sets the RIP Version 2 Authentication Type and IC Key for the specified interface.
Command Description Modea tunnel destination Specifies the destination transport address of the tunnel. IC tunnel mode ipv6ip Specifies the mode of the tunnel. IC tunnel source Specifies the source transport address of the tunnel, either explicitly or by reference to an interface. IC a. For the meaning of each Mode abbreviation, see Mode Types. Unicast Reverse Path Forwarding Command Description Modea system urpf enable Globally enables uRPF checking of routes.
Virtual Router Redundancy Command Description Modea ip vrrp Enables the administrative mode of Virtual Router Redundancy Protocol (VRRP) for the router. GC vrrp accept-mode Enables the VRRP Master to accept ping packets sent to one of the virtual router’s IP addresses. IC vrrp authentication Sets the authentication details value for the virtual router configured on a specified interface. IC vrrp description Assigns a description to the VRRP group.
Command Description Modea show vrrp interface Displays all configuration information and VRRP router statistics of a virtual router configured on a specific interface. UE or PE a. For the meaning of each Mode abbreviation, see Mode Types.
Virtual Router Redundancy Protocol version 3 Commands Command Description Modea fhrp version vrrp v3 Enables Virtual Router Redundancy Protocol version 3 (VRRPv3) configuration on the switch. Creates a Virtual Router Redundancy Protocol version 3 (VRRPv3) group and enter VRRPv3 Group Configuration mode.
Command Description Modea timers advertise Configures the interval between successive advertisements by the master virtual router in a Virtual Router Redundancy Protocol version 3 (VRRPv3) group. Disables a Virtual Router Redundancy Protocol version 3 (VRRPv3) group configuration. Sets the primary or secondary IP address of the switch within a Virtual Router Redundancy Protocol version 3 (VRRPv3) group.
Command Description Modea application start Schedules a Dell-supplied application for immediate execution on the stack master. GC application stop Stops a Dell-supplied application if the application is executing on the stack master. GC show application Displays installed applications and optionally displays application files. GC a. For the meaning of each Mode abbreviation, see Mode Types.
CLI Macro Command Description Modea macro name Creates a user-defined macro. GC macro global apply Use to apply a macro. GC macro global trace Applies and traces a macro. GC macro global description Appends a line to the global macro description. GC macro apply Use to apply a macro. IC macro trace Applies and traces a macro. IC macro description Appends a line to the macro description. IC show parser macro Displays information about defined macros. PE a.
Command Description Modea sntp unicast client enable Enables clients to use Simple Network Time Protocol (SNTP) predefined Unicast clients. GC clock timezone hours-offset Sets the offset to Coordinated Universal Time. GC no clock timezone Resets the time zone settings. clock summer-time recurring Sets the summertime offset to UTC recursively GC every year. clock summer-time date Sets the summertime offset to UTC. GC no clock summer-time Resets the summertime configuration.
Command Description Modea erase Erases the startup configuration, the backup configuration, or the backup image. PE filedescr Adds a description to a file. PE rename Renames the file present in flash. PE show backup-config Displays contents of a backup configuration file. PE show bootvar Displays the active system image file that the switch loads at startup. UE show running-config Displays the contents of the currently running configuration file.
Modea Command Description server Configures a HiveAgent server (HiveManager HAC NG) and enter HiveAgent server configuration mode. debug Enables HiveAgent debug capability. HAC enable Enables a HiveAgent server. HAC proxy-ip-address Configures a proxy server to be used to contact HAC the HiveManager NG.
Command Description Modea exec-banner Enables exec banner on the console, telnet or SSH connection. LC exec-timeout Configures the interval that the system waits for LC user input before Privileged Exec mode timeout. history Enables the command history function. history size Changes the command history buffer size for a LC particular line. line Identifies a specific line for configuration and enters the line configuration command mode.
Command Description Modea test copper-port tdr Diagnoses with TDR (Time Domain Reflectometry) technology the quality and characteristics of a copper cable attached to a port. PE a. For the meaning of each Mode abbreviation, see Mode Types. Power Over Ethernet (PoE) Command Description Modea power inline Enables/disables the ability of the port to deliver power.
RMON Command Description Modea rmon alarm Configures alarm conditions. GC rmon collection history Enables a Remote Monitoring (RMON) MIB history statistics group on an interface. IC rmon event Configures an RMON event. GC rmon hcalarm Configures high capacity alarms. GC show rmon alarm Displays alarm configurations. UE show rmon alarms Displays the alarms summary table. UE and PE show rmon collection history Displays the requested group of statistics.
Command Description Modea debug console Enables the display of debug trace output on the login session in which it is executed. PE debug crashlog Displays the crash log contents on the console. PE or GC debug dhcp packet Displays debug information about DHCPv4 PE client activities and traces DHCP v4 packets to and from the local DHCPv4 client. debug dot1x Enables dot1x packet tracing. PE debug igmpsnooping Enables tracing of IGMP Snooping packets transmitted and/or received by the switch.
Command Description Modea debug ipv6 pimdm Traces PIMDMv6 packet reception and transmission. PE debug ipv6 pimsm Traces PIMSMv6 packet reception and transmission. PE debug isdp Traces ISDP packet reception and transmission. PE debug lacp Traces of LACP packets received and transmitted by the switch. PE debug mldsnooping Traces MLD snooping packet reception and transmission. PE debug ospf Enables tracing of OSPF packets received and transmitted by the switch.
Command Description Modea exception switch-chipregister Enables the dumping of the switch chip registers in case of an exception. GC ip http timeout-policy Configures the timeout policy for closing HTTP GC and HTTPS sessions to the local HTTP server. show debugging Displays packet tracing configurations. PE show exception Displays the core dump configuration parameters, the current or previous exception log, or the core dump file listing.
Command Description Modea sflow sampling (Interface Mode) Enables a new sflow sampler instance for this data source if rcvr_idx is valid. IC sflow source-interface Selects the interface from which to use the IP GC address inserted in the source IP address field of transmitted sFlow packets. show sflow agent Displays the sflow agent information. PE show sflow destination Displays all the configuration information related to the sFlow receivers.
Modea Command Description snmp-server enable traps Enables SNMP traps globally or enables specific GC SNMP traps. snmp-server engineID local Specifies the Simple Network Management GC Protocol (SNMP) engine ID on the local switch. snmp-server filter Creates or updates an SNMP server filter entry. GC snmp-server group Configures a new SNMP group or a table that maps SNMP users to SNMP views. GC snmp-server host Specifies the recipient of SNMP notifications.
Modea Command Description proxy-ip-address Configures a proxy server to be used to contact SAC the SupportAssist servers. server Configures a SupportAssist server and enter SupportAssist server configuration mode. SAC show eula-consent support- Reviews the EULA details whenever desired. assist PE show support-assist status Displays information on the SupportAssist feature status PE, GC support-assist Enables support-assist configuration mode if the EULA has been accepted.
Command Description Modea logging monitor Enables logging messages to telnet and SSH sessions with the default severity level. GC logging on Enables error messages logging. GC logging protocol Logs messages in RFC5424 of RFC 3164 format. GC logging snmp Enables SNMP Set command logging. GC logging source-interface Selects the interface from which to use the IP address in the source IP address field of transmitted SYSLOG packets.
Command Description Modea banner motd acknowledge Acknowledges message-of-the-day banner. GC buffers Configures the rising and falling thresholds for GC the issuance of the message buffer SNMP trap and notification via a SYSLOG message. clear checkpoint statistics Clears the statistics for the checkpointing process. GC clear counters stackports Clears the statistics for all stack-ports. PE connect Connects to the serial console of a different stack member.
Command Description Modea reload Reloads the operating system. PE set description Associates a text description with a switch in the stack. SG slot Configures a slot in the system. GC show banner Displays banner information. PE show buffers Displays the system allocated buffers. UE or PE show checkpoint statistics Displays the statistics for the checkpointing process. PE show cut-through mode Show the cut-through mode on the switch.
Command Description Modea show process cpu Checks the CPU utilization for each process currently running on the switch. PE show process proc-list Lists the configured and in-use resources for PE or GC each application known to the Process Manager. show sessions Displays a list of the open console sessions. PE show slot Displays information about all the slots in the system or for a specific slot. UE show supported cardtype Displays information about all card types supported in the system.
Command Description Modea standby Configures the standby in the stack. SG switch renumber Changes the identifier for a switch in the stack. GC telnet Logs into a host that supports Telnet. PE traceroute Discovers the IP routes that packets actually take when traveling to their destinations. PE traceroute ipv6 Discovers the IP routes that packets actually take when traveling to their destinations. PE update bootcode Updates the boot code on one or more switches. PE a.
a. For the meaning of each Mode abbreviation, see Mode Types. USB Flash Drive Command Description Modea unmount usb Makes the USB flash device inactive. PE show usb Displays the USB flash device details. PE dir usb Displays the USB device contents and memory PE statistics. recover Mounts the USB stick, copies the image from the USB root level directory into RAM, and executes the image. a. UB For the meaning of each Mode abbreviation, see Mode Types.
Web Server Command Description Modea common-name Specifies the common-name for the device. CC country Specifies the country. CC crypto certificate generate Generates a HTTPS certificate. GC crypto certificate import Imports a certificate signed by the Certification GC Authority for HTTPS. crypto certificate request Generates and displays a certificate request for PE HTTPS. duration Specifies the duration in days.
Command Description Modea show ip http server status Displays the HTTP server status information. PE show ip http server secure status Displays the HTTP secure server status information. UE or PE state Specifies the state or province name. CC a. For the meaning of each Mode abbreviation, see Mode Types.
Dell EMC Networking CLI 224
2 Using the CLI Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Introduction This section describes the basics of entering and editing the Dell EMC Networking N1100-ON, N1500, N2000, N2100-ON, N2200-ON, N3000-ON, N3100-ON, and N3200-ON Series Command Line Interface (CLI) commands and defines the command hierarchy. It also explains how to activate the CLI and implement its major functions.
command syntax requirements and in some instances parameters required to complete the command. The standard command to request context-sensitive help is the > key. Two instances where the help information can be displayed are: • Keyword lookup — The > key is entered in place of a command. A list of all valid commands and corresponding help messages is displayed. • Partial keyword lookup — A command is incomplete and the > key is entered in place of a parameter.
Table 2-1. History Buffer Keyword Source or Destination Up-arrow key Recalls commands in the history buffer, beginning with the most recent command. Repeats the key sequence to recall successively older commands. + Down-arrow key + Returns to more recent commands in the history buffer after recalling commands with the up-arrow key. Repeating the key sequence recalls more recent commands in succession.
console(config-if-Gi1/0/1)#show interface status Port Name Duplex Speed State Neg Link Status Flow Control --------- ------------------------- --------- ------------- --------- --------- -----------Gi1/0/1 N/A Unknown Auto Down Inactive Gi1/0/2 N/A Unknown Auto Down Inactive Gi1/0/3 N/A Unknown Auto Down Inactive Gi1/0/4 N/A Unknown Auto Down Inactive Gi1/0/5 N/A Unknown Auto Down Inactive Gi1/0/6 N/A Unknown Auto Down Inactive CLI Output Filtering Many CLI show commands inclu
– “Grep”-like control for modifying the displayed output to only show the user-desired content. • Filter displayed output to only include lines containing a specified string match. • Filter displayed output to exclude lines containing a specified string match. • Filter displayed output to only include lines including and following a specified string match. • Filter displayed output to only include a specified section of the content (e.g. “interface 0/1”) with a configurable end-of-section delimiter.
Short Form Commands The CLI supports the short forms of all commands. As long as it is possible to recognize the entered command unambiguously, the CLI accepts the short form of the command as if the user typed the full command. Keyboard Shortcuts The CLI has a range of keyboard shortcuts to assist in editing the CLI commands. The help command, when used in the User Exec and Privileged Exec modes, displays the keyboard short cuts. Table 2-2 contains the CLI shortcuts displayed by the help command.
Table 2-2. CLI Shortcuts Keyboard Key Description Delete previous character + Go to beginning of line + Go to end of line + Go forward one character + Go backward one character + Delete current character + Delete to beginning of line + Delete to the end of the line.
) or a blank. In these cases, it may be necessary to enclose the entire string in double or single quotes for the command line parser to properly interpret the parameter. Command Scripting The CLI can be used as a programmable management interface. To facilitate this function, the exclamation point and any characters entered after the exclamation point up until the end of the line are treated as a comment and ignored by the CLI.
Table 2-3. CLI Command Notation Conventions Convention Example Description [ ] square brackets [value] In a command line, square brackets indicate an optional parameter that one can enter in place of the brackets and text inside them. { } curly braces {choice1|choice2} In a command line inclusive brackets indicate a selection of compulsory parameters separated by the | character. One option must be selected.
gi2/0/10 identifies the Gigabit interface 10 in slot 0 within the second unit on a non-blade switch. Table 2-4 below lists the supported interface type tags. • Unit # — The unit number is greater than 1 only in a stacking solution where a number of switches are stacked to form a virtual switch. In this case, the Unit# indicates the logical position of the switch in a stack. The range is 1–12. The unit value is 1 for standalone switches.
Table 2-4.
Loopback Interfaces Loopback interfaces are represented in the CLI by the keyword loopback followed by the variable loopback-id, which can assume values from 0–7. Port Channel Interfaces Port-channel (or LAG) interfaces are represented in the CLI by the keyword port-channel followed by the variable port-channel-number. When listed in command line output, port channel interfaces are preceded by the characters Po.
to the left of the hyphen must always be less than or equal to the number to the right of the hyphen, e.g. interface range Gi1/0/10-1 is not valid. (#, #, #) — a list of interfaces. For example, (1/0/1, 1/0/1,1/0/3, 1/0/5) indicates that the operation applies to the Ethernet interfaces 1, 3, and 5 on unit 1. The interfaces may or may not be consecutive, nor must the interfaces be of the same type. (#, #-#, #) — ranges and non-consecutive interfaces listed together.
tunnel 7 loopback 3 Example #2 console(config-if-Gi1/0/23)#show vlan VLAN ----1 Name --------------default Ports ------------Po1-128, Gi1/0/1-24, Te1/0/1-2 Type -------------Default RSPAN Vlan --------------------------------------------------------------------None console(config-if-Gi1/0/23)#show slot 2/0 Slot.............................. Slot Status....................... Admin State....................... Power State....................... Configured Card: Model Identifier...............
Card Description............... Configured Card: Model Identifier............... Card Description............... Pluggable......................... Dell 24 Port 10G Fiber Dell Networking N3024F Dell 24 Port 10G Fiber No Entering Network Addresses MAC Addresses MAC addresses are specified in 3 groups of four upper or lower case hexadecimal characters separated by periods with no spaces, e.g. 0011.2233.FFee or by eight pairs of upper or lower case hexadecimal characters separated by colons, e.g.
Any host: 0000:0000:0000:0000:0000:0000:0000:0000 becomes :: The prefix length, if specified, ranges from 1 to 128 and is specified by a forward slash and a decimal number indicating the significant bits of the address, e.g. 3ffe:ffff:100:f101:0:0:0:/64. No spaces are allowed between the last address digit or colon and the forward slash.
CLI Command Modes Since the set of CLI commands is very large, the CLI is structured as a command-tree hierarchy, where related command sets are assigned to command modes for easier access. At each level, only the commands related to that level are available to the user and only those commands are shown in the context sensitive help for that level.
When starting a session, the initial mode is the User Exec mode (privilege level 0). Only a limited subset of commands is available in this mode. This level is reserved for tasks that do not change the configuration. To enter the next level, Privileged Exec mode (privilege level 1) may be required if configured by the administrator. Privileged Exec mode provides access to commands that can not be executed in the User Exec mode and permits access to Global Configuration mode.
Global Configuration Mode Global Configuration commands allow the operator to change the configuration of the switch. The Privileged Exec mode command configure (or configure terminal) is used to enter Global Configuration mode. console(config)# The following are the Global Configuration submodes: • SNMP v3 Host Configuration — Configures the parameters for the SNMP v3 server host. • SNMP Community Configuration — Configures the parameters for the SNMP server community.
• Policy Class — Use the class command to access the QoS Policy-class mode to attach or remove a diffserv class from a policy and to configure the QoS policy class. • Class-Map — This mode consists of class creation/deletion and matching commands. The class matching commands specify layer 2, layer 3 and general match criteria. Use the class-map class-map-name commands to access the QoS Class Map Configuration mode to configure QoS class maps.
Pre-configured capabilities become active only when enabled (typically via an admin mode control) or when the required hardware is present (or both). For example, a port can be pre-configured with both trunk and access mode information. The trunk mode information is applied only when the port is placed into trunk mode and the access mode information is only applied when the port is placed into access mode. Likewise, OSPF routing can be configured in the switch without being enabled on any port.
Identifying the Switch and Command Mode from the System Prompt The system prompt provides the user with the name of the switch (hostname) and identifies the command mode. The following is a formal description of the system command prompt: [device name][([command mode-[object]])][# | >] [device name] — is the name of the managed switch, which is typically the user-configured hostname established by the hostname command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Privileged Exec console# Use the enable command to enter into this mode. This mode is password protected. Use the exit command, or press + to return to the User Exec mode. Global Configuration console(config)# From Privileged Exec mode, use the configure command. Use the exit command, or press + to return to the Privileged Exec mode.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method IPv6 Address Family Configuration From BGP Router console (config-router-af)# Configuration mode, use the address-family ipv6 command. To exit to BGP Router Configuration mode, use the exit command, or press + to Privileged Exec mode. Management Access-List From Global Configuration mode, use the management access-list command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method MAC Access List From Global Configuration mode, use the mac access-list command. Command Prompt Exit or Access Previous Mode console(config-mac-accesslist)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. console(config-pubkeySSH Public Key- From Global chain)# Chain Configuration mode, use the crypto key pubkeychain ssh command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode RADIUS Server Configuration From Global Configuration mode, use the radius server host command. console(Config-authradius)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. RADIUS Dynamic Authorization console(config-radius-da)# From Global Configuration, use the aaa server radius dynamic-author command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode SNMP Community Configuration From Global Configuration mode, use the snmp-server community command. console(config-snmp)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode Crypto Certificate Generation From Global Configuration mode, use the crypto certificate number generate command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Logging From Global Configuration mode, use the logging command. console(config-logging)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. MST From Global Configuration mode, use the spanning-tree mst configuration command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Virtual Router Config console(config-vrfFrom Global XXX)#where XXX is the VRF Configuration mode, use the ip vrf name. command. To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode Router RIP Config From Global Configuration mode, use the router rip command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Track Configuration Mode Switch (config-track)# From Global Configuration mode, use the track object-number ip sla operationnumber command. To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. IP SLA Configuration Mode Switch (config-ip-sla)# From Global Configuration mode, use the ip sla operation-number command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode 10 Gigabit Ethernet From Global Configuration mode, use the interface tengigabitethernet command. Or, use the abbreviation interface te. console (config-ifTeunit/slot/port# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Tunnel From Global Configuration mode, use the interface tunnel command. Or, use the abbreviation interface tu. console(config-tunneltunnel- To exit to Global id)# Configuration Loopback Exit or Access Previous Mode mode, use the exit command, or press + to Privileged Exec mode. console(configFrom Global configuration mode, loopbackloopback-id)# use the interface loopback command.
Using CLI Functions and Tools The CLI has been designed to manage the switch’s configuration file system and to manage switch security. A number of resident tools exist to support these and other functions. Configuration Management All managed systems have software images and databases that must be configured, backed up and restored. Two software images may be stored on the system, but only one of them is active. The other one is a backup image.
To use the copy command, the user specifies the source file and the destination file. For example, copy tftp://remotehost/pub/backupfile backupconfig copies a file from the remote TFTP server to a local backup configuration file. In this case, if the local configuration file does not exist, then it is created by the command. If it does exist, it is overwritten. If there is not enough space on the local file system to accommodate the file, an error is flagged.
• startup-config — This file refers to the special configuration image stored in flash memory which is loaded when the system next reboots. The user may copy a particular configuration file (remote or local) to this special file name and reboot the system to force it to use a particular configuration. • active & backup — These files refer to software images. The active image will be loaded when the system next reboots.
User Accounts Management The CLI provides configuration of authentication for switch administrators or network users either through remote authentication servers supporting TACACS+ or RADIUS or through a set of locally managed user accounts. The setup wizard asks the user to create the initial administrator account and password at the time the system is booted. The following rules and specifications apply: • The administrator may create additional administrator accounts.
If the account is created and maintained locally, each account is given an access level at the time of account creation. If the administrator is authenticated through remote authentication servers, the authentication server is configured to pass the access level to the CLI when the account is authenticated. When RADIUS is used, the Vendor-Specific Option field returns the access level. Two vendor specific options are supported. These are CISCO-AV-Pairs(Shell:priv-lvl=x) and Dell RADIUS VSA (user-group=x).
• The switch maintains at most the last 1000 system events in the inmemory log. Security Logs The system log records security events including the following: • User login. • User logout. • Denied login attempts. • User attempt to exceed security access level. • Denied attempts by external management system to access the system.
• SNMPv3 and the security information for used this protocol. For each of these management profiles, the administrator defines the list of hosts or subnets from which the management profiles may be used. The management ACL capability only applies to VLANs configured on in-band ports and may not be configured on the out-of-band management port. Other CLI Tools and Capabilities The CLI has several other capabilities associated with its primary functions.
Scanning devshell symbols file... 47544 symbols, loading... Done. PCI unit 0: Dev 0xb842, Rev 0x02, Chip BCM56842_A0, Driver BCM56840_B0 SOC unit 0 attached to PCI device BCM56842_A0 Adding BCM transport pointers Configuring CPUTRANS TX Configuring CPUTRANS RX <186> Aug 26 08:18:23 0.0.0.0-1 General[72162340]: bootos.c(166) 4 %% Event(0xaaaaaaaa) started! (Unit 1 - Waiting to select management unit)> Applying Global configuration, please wait ... Applying Interface configuration, please wait ...
Enter Choice# Creating tmpfs filesystem on /mnt/download for download...done. Current Active Image# /dev/mtd7 Which Image to Update Active (/dev/mtd7) OR Back-Up (/dev/mtd6)? Select (A/B): B You selected to update Back-Up Image /dev/mtd6... Select Mode of Transfer (Press T/X/Y/Z for TFTP/XMODEM/YMODEM/ZMODEM) []:T Please ensure TFTP server is running to begin Transfer... Enter Server IP []:10.27.9.99 Enter Host IP []:10.27.22.99 Enter Host Subnet Mask [255.255.255.0]:255.255.252.0 Enter Gateway IP []:10.27.
Boot Main Menu ============== 1 2 3 4 5 9 10 11 12 13 14 - Start Operational Code Select Baud Rate Retrieve Logs Load New Operational Code Display Operational Code Details Reboot Restore Configuration to Factory Defaults Activate Backup Image Start Password Recovery Boot ONIE (Rescue Mode) Boot Diagnostics Enter Choice# 11 Current Active Image# /dev/mtd7 Checking for valid back-up image at /dev/mtd6...done. Activating Back-Up Image /dev/mtd6...done.
wizard, and enter CLI mode to manually configure the switch. You must respond to the next question to run the setup wizard within 60 seconds, otherwise the system will continue with normal operation using the default system configuration. Note: You can exit the setup wizard at any point by entering [ctrl+z]. Would you like to run the setup wizard (you must answer this question within 60 seconds)? [Y/N] n Thank you for using the Dell Easy Setup Wizard. You will now enter CLI mode.
AeroHive HiveManager NG EULA This switch includes a feature that enables it to work with HiveManager (an optional management suite), by sending the switch’s service tag number to HiveManager to authenticate your entitlement to use HiveManager. If you wish to disable this feature, you should run command “eula-consent hiveagent reject” immediately upon powering up the switch for the first time, or at any time thereafter.
Password = ******** Out-of-band IP address = DHCP VLAN1 Router Interface IP = 0.0.0.0 0.0.0.0 Proxy Server Address: 192.168.0.3 Proxy Server Port: 443 Proxy Server User Name: Proxy Server Password: Monitoring Traps from CLI It is possible to connect to the CLI session and monitor the events or faults that are being sent as traps from the system. This feature is equivalent to the alarm-monitoring window in a typical network management system.
Using the CLI 270
Layer 2 Switching Commands 3 The sections that follow describe commands that conform to the OSI model data link layer (Layer 2). Layer 2 commands provide a logical organization for transmitting data bits on a particular medium. This layer defines the framing, addressing, and checksum functions for Ethernet packets.
Ethernet CFM Commands IPv6 MLD Snooping Commands Port Monitor Commands — Layer 2 Switching Commands 272
ACL Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria.
particular classifier rule. The ACL logging feature allows these hardware "hit" counts to be collected on a per-rule basis and reported periodically to the network administrator using the system logging facility and an SNMP trap. The Dell EMC Networking ACL syntax supports a log parameter that enables hardware hit count collection and reporting.
Table 3-1. Common Ethertypes EtherType Protocol 0x0800 Internet Protocol version 4 (IPv4) 0x0806 Address Resolution Protocol (ARP) 0x0842 Wake-on LAN Packet 0x8035 Reverse Address Resolution Protocol (RARP) 0x8100 VLAN tagged frame (IEEE 802.1Q) 0x86DD Internet Protocol version 6 (IPv6) 0x8808 MAC Control 0x8809 Slow Protocols (IEEE 802.3) 0x8870 Jumbo frames 0x888E EAP over LAN (EAPOL – 802.
ip access-list Use the ip access-list command in Global Configuration mode to create an Access Control List (ACL) that is identified by the parameter list-name and to enter IPv4-Access-List configuration mode. If parameterized with the name of an existing access list, additional match clauses are added to the end of the access list. Syntax ip access-list list-name [extended] no ip access-list list-name • list-name—Access-list name up to 31 characters in length.
Syntax [sequence-number]{deny | permit} {ipv4-protocol | 0-255 | every} {srcip srcmask | any | host srcip} [{range {portkey | startport} {portkey | endport}} | {eq | neq | lt | gt} {portkey | 0-65535} ] {dstip dstmask | any | host dstip} [{range {portkey | startport} {portkey | endport}} | {eq | neq | lt | gt} {portkey | 0-65535}] [flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack] [+urg | -urg] [established]] [icmp-type icmptype [icmp-code icmp-code] | icmp-message icmp-message] [ig
• • [{{eq | neq | lt | gt} {portkey | number} | range startport endport}]— Specifies the layer 4 source or destination port match condition for the TCP/UDP ACL rule. When the protocol is SCTP, TCP or UDP, a source or destination port number, which ranges from 0-65535, or a portkey, which can be one of the following keywords: domain, echo, ftp, ftp-data, http, smtp, snmp, telnet, tftp, www, bgp, pop2, pop3, ntp, rip, time, who may be entered.
• [precedence precedence | tos tos [tosmask] | dscp dscp]—Specifies the TOS for an IP/TCP/UDP ACL rule depending on a match of precedence or DSCP values using the parameters dscp, precedence, or tos tosmask. • flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack] [+urg | -urg] [established]—Specifies that the IP/TCP/UDP ACL rule matches on the TCP flags.
– IPv4 ICMP message types: echo echo-reply host-redirect mobileredirect net-redirect net-unreachable redirect packet-too-big portunreachable source-quench router-solicitation router-advertisement time-exceeded ttl-exceeded unreachable • igmp-type igmp-type—When igmp-type is specified, IP ACL rule matches on the specified IGMP message type (i.e., a number from 0 to 255). • fragments—Specifies the rule matches packets that are non-initial fragments (fragment bit asserted).
Default Configuration No ACLs are configured by default. An implicit deny all condition is added by the system after the last MAC or IP/IPv6 access group if no route-map is configured on the interface. Command Mode Ipv4-Access-List Configuration mode User Guidelines Administrators are cautioned to specify permit and deny rule matches as fully as is possible in order to avoid false matches.
Ethertype Protocol 0x9100 Q in Q In order to provide the greatest amount of flexibility in configuring ACLs, the permit/deny syntax allows combinations of matching criteria that may not make sense when applied in practice. Port ranges are not supported for ACLs configured in egress (out) accessgroups. This means that only the eq operator is supported in an egress (out) ACL. The protocol type must be sctp, tcp or udp to specify a port range.
Command History Updated in 6.3.0.1 firmware. Description updated in the 6.4 release. Example console(config)#ip access-list ipv4 console(config-ip-acl)#100 deny ip any any precedence 3 deny | permit (Mac-Access-List-Configuration) Use the deny command in Mac-Access-List Configuration mode to deny traffic if the conditions defined in the deny statement are matched. Use the permit command in Mac-Access-List Configuration mode to allow traffic if the conditions defined in the permit statement are matched.
• sequence-number—Identifies the order of application of the permit/deny statement. If no sequence number is assigned, permit/deny statements are assigned a sequence number beginning at 1000 and incrementing by 10. Statements are applied in hardware beginning with the lowest sequence number. Sequence numbers only have applicability within an access group, i.e. the ordering applies within the access-group scope. The range for sequence numbers is 1– 2147483647.
• queue-id —0-6, where n is number of user configurable queues available for that hardware platform. The queue ID is the internal queue number (traffic class), not the CoS value. Use the show classofservice command to display the assignment of CoS and DSCP values to internal queue numbers. • mirror—Copies the traffic matching this rule to the specified interface. • redirect—Forwards traffic matching this rule to the specified Ethernet interface.
Command History Updated in 6.3.0.1 firmware. Secondary VLAN option added in 6.3.5 release. Example The following example configures a MAC ACL to deny traffic from MAC address 0806.c200.0000. console(config)#mac access-list extended DELL123 console(config-mac-access-list)#500 deny 0806.c200.0000 0000.0000.0000 any ip access-group Use the ip access-group command in Global and Interface Configuration modes to apply an IP-based ACL on an interface or a group of interfaces.
User Guidelines The Global Configuration mode command configures the ACL on all Ethernet and port-channel interfaces, whereas the interface mode command does so for the selected interface. Dell EMC Networking switches support configuration of multiple access groups. Packets are matched against group entries, from lowest sequence number to highest. Configuring an access-group, using the same sequence number as an existing entry, replaces the original group entry.
mac access-group Use the mac access-group command in Global Configuration or Interface Configuration mode to attach a specific MAC Access Control List (ACL) to an interface. Syntax mac access-group name [in | out | control-plane] [sequence] no mac access-group name [in | out | control-plane] • name — Name of the existing MAC access list. (Range: 1-31 characters) • [in | out | control-plane]— The packet direction. in applies the accesslist to ingress packets.
sequence number. If the sequence number is not specified for this command, a sequence number is selected that is one greater than the highest sequence number currently in use for this interface and direction. The optional control-plane keyword allows the application of an egress MAC ACL on the CPU port. This command specified in Interface Configuration mode only affects a single interface.
User Guidelines Use this command to create a mac access control list. The CLI mode is changed to Mac-Access-List Configuration when this command is successfully executed. Example The following example creates MAC ACL and enters MAC-Access-ListConfiguration mode. console(config)#mac access-list extended dell-networking mac access-list extended rename Use the mac access-list extended rename command in Global Configuration mode to rename the existing MAC Access Control List (ACL).
remark Use the remark command to add a comment to an ACL rule. Use the no form of the command to remove a comment from an ACL rule. Syntax remark comment no remark comment • comment—Each remark line is limited to 100 characters. The remark may consist of characters in the range A-Z, a-z, 0-9, and special characters like space, hyphen, underscore. The total length of the remark must not exceed 100 characters. Default Configuration No remarks are present by default.
Command History Updated in 6.3.0.
• blockall—To block all the PDU’s with MAC of 01:00:00:0c:cc:cx (x-don’t care) from being forwarded. Default Configuration The default is that none of the listed protocol PDUs are blocked. UDLD is blocked by default. No other protocol is blocked by default. Command Mode Interface Configuration (Ethernet, Port-channel) User Guidelines To specify multiple protocols, enter the protocol parameters together on the command line, separated by spaces.
User Guidelines This command is not supported on the N1500 Series switches. Example console#show service-acl interface te1/0/1 console(config-if-Te1/0/1)#show service-acl interface te1/0/1 Service-acl Interface Te1/0/1 Protocol --------------CDP VTP DTP UDLD PAGP SSTP ALL Mode ---------Disabled Disabled Disabled Enabled Disabled Disabled Disabled show access-lists interface Use the show access-lists interface command to display interface ACLs.
User Guidelines There are no user guidelines for this command. Examples console#show access-lists interface control-plane ACL Type -------IPv6 ACL Name ------------------------------ip61 Sequence Number --------------1000 show ip access-lists Use the show ip access-lists command to display an IP ACL and time-range parameters. Syntax show ip access-lists [accesslistname] • accesslistname—The name used to identify the IP ACL. Default Configuration This command has no default configuration.
For an ACL with multiple match rules, processing occurs in order until a rule is matched. Only the counter associated with the matching rule is incremented. (e.g., consider an ACL with three rules, rule 1 does not match, and rule 2 is matched. Rule 3 is not processed. The counters for rule 1 and rule 3 are not incremented.) If an ACL rule is configured with a rate limit, the counter value is the matched packet count (i.e., both the forwarded and dropped packets are counted).
Rule Number: 1 Action......................................... Match All...................................... Protocol....................................... Source IP Address.............................. Source IP Mask................................. Source Layer 4 Operator........................ Source L4 Port Keyword......................... Destination IP Address......................... TCP Flags...................................... permit FALSE 6(tcp) 1.2.3.4 0.0.0.
console#show ipv6 access-lists Current number of ACLs: 4 Maximum number of ACLs: 100 IPv6 ACL Name Rules Count Interface(s) Direction ---------------------- ------ ----- ------------ --------IPV6-DACL-IN-Gi1/0/9#d 1 246 Gi1/0/9 Inbound IPV6-VDACL-IN-Gi1/0/9#d 1 0 Gi1/0/9 Inbound Display with the ACL name for any of the above (no #d required in command): console#show ip access-lists IP-DACL-IN-Gi1/0/9 IP ACL Name: IP-DACL-IN-Gi1/0/9#d Inbound Interface(s): Gi1/0/9 Rule Number: 50 Action.....................
User Guidelines The hit counter applies to the ACL, not to the interface. It shows the sum of all matching packets across all interfaces to which the ACL is applied. For an ACL applied to multiple interfaces, the hit counter will be identical for all interfaces. Command History Updated in 6.3.0.1 firmware. Updated User Guidelines in 6.3.0.5 firmware.
MAC Address Table Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Dell EMC Networking switches implement a MAC Learning Bridge is compliance with IEEE 802.1Q. The switches implement independent VLAN learning (IVL).
Syntax clear mac address-table dynamic [address mac-addr | interface interface-id | vlan vlan-id] • mac-addr—Delete the specified MAC address. • interface-id—Delete all dynamic MAC addresses on the specified Ethernet port or port channel. • vlan-id—Delete all dynamic MAC addresses for the specified VLAN. The range is 1 to 4093. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines.
Default Configuration 300 seconds Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example In this example the MAC Address Table aging time is set to 400. console(config)#mac address-table aging-time 400 mac address-table multicast forbidden address Use the mac address-table multicast forbidden address command in Global Configuration mode to forbid adding a specific multicast address to specific ports.
Default Configuration No forbidden addresses are defined. Command Mode Global Configuration mode User Guidelines Before defining forbidden ports, ensure that the multicast group is registered. Changing an unregistered multicast address to forbidden on an mrouter port will effectively forbid the multicast group on all ports on the switch as it inhibits the source of the multicast group. Examples In this example the MAC address 0100.5e02.0203 is forbidden on port 2/0/9 within VLAN 8.
Default Configuration No static addresses are defined. The default mode for an added address is permanent. Command Mode Global Configuration mode User Guidelines The MAC address may be a unicast or multicast MAC address. Static MAC addresses are never overridden by dynamically learned addresses. This has implications for protocols like IGMP snooping, where statically configuring the MAC address of a multicast router keeps IGMP snooping from dynamically adding the multicast router to a different port.
Default Configuration Port security is disabled by default. No MAC addresses are learned or configured by default. Command Mode Global Configuration mode User Guidelines Port security must be enabled globally and on the interface or VLAN in order to be active. Disabling port security globally does not remove sticky MAC address configuration from the running-config.
Static locking allows the administrator to specify a list of host MAC addresses that are admitted on a port. The behavior of packets is the same as for dynamic locking: only packets with a known source MAC address can be admitted and forwarded. Any packets with source MAC addresses that are not configured are discarded. The switch treats this as violation and supports send a SNMP port-security trap.
Enable port security/MAC locking globally and on an interface, enable sticky mode on the interface and convert all dynamic addresses on the interface to sticky. console(config)#switchport port-security console(config)#interface gi1/0/3 console(config-if-gi1/0/3)#switchport port-security console(config-if-gi1/0/3)#switchport port-security mac-address sticky Add a statically locked MAC address to trunk port Gi1/0/3 and VLAN 33.
console(config)#do write switchport port-security (Interface Configuration) Use the switchport port-security command to enable or configure port security (MAC locking) globally. Use the no form of the command to disable port security globally.
Default Configuration By default, port security is not enabled and VLAN port security is not enabled. The default behavior is to drop unknown packets when the limit is exceeded. There is no default action. Notifications are not sent by default. No static or sticky MAC addresses are learned or configured by default. The default number of dynamic MAC addresses per interface is 600 (300 for the N1500 Series switches). The default number of static MAC addresses per interface is 100.
When a port security enabled link goes down, all of the dynamically learned addresses are removed from the MAC forwarding database. When the link is restored, that port can once again learn MAC addresses up to the administrator specified limit. A dynamically learned MAC address is eligible to be aged out if another packet with that MAC address is not seen within the age-out time. Dynamically learned MAC addresses are also eligible to be re-learned on another port if station movement occurs.
Enabling sticky mode configuration converts all the existing dynamically learned MAC addresses on an interface to sticky. It also converts the last violation MAC address to sticky, even if the dynamic limit is set to 0. These MAC addresses will not age out and will appear in the running-config. In addition, new addresses learned on the interface will also become sticky.
Command History Updated in 6.3.0.1 firmware. Additional VLAN security parameters added in the 6.6.1 firmware release. Example Enable port security/MAC locking globally and on an interface. console(config)#switchport port-security console(config)#interface gi1/0/3 console(config-if-gi1/0/3)#switchport port-security Enable port security/MAC locking globally and on an interface, enable sticky mode on the interface and convert all dynamic addresses on the interface to sticky.
console(config)#vlan 33 console(config-vlan33)#interface gi1/0/3 console(config-if-Gi1/0/3)#switchport mode trunk console(config-if-Gi1/0/3)#switchport port-security mac-address sticky console(config)#do write Convert all sticky MAC addresses on trunk port 33 to sticky MAC addresses and save the running-config so the configuration will persist across reboots.
displayed. The vlan parameter requests display of entries associated with the specified VLAN. The format parameter requests that addresses be displayed in the specified format. The vlan, address, and format parameters may all be specified together. A MAC address can be displayed in IP format only if it is in the range 01:00:5e:00:00:00 through 01:00:5e:7f:ff:ff. Static multicast MAC addresses can be added via the mac address-table static command.
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Use the show mac address-table multicast to display multicast MAC address entries along with forbidden multicast MAC entries. Example In this example, all classes of entries in the mac address-table are displayed. console#show mac address-table Aging time is 300 Sec Vlan ---0 1 1 10 90 Mac Address ---------------001E.C9AA.
• interface-id—Display information for a specific interface. Valid interfaces include Ethernet ports and port channels. • vlan-id—Display entries for the specific VLAN only. The range is 1 to 4093. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example In this example, the mac address table entry for 0000.E26D.2C2A is displayed.
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example In this example, all dynamic entries in the mac address-table are displayed. console#show mac address-table dynamic Aging time is 300 Sec Vlan Mac Address Type Port ---- -------------- ------- ------------1 0000.0001.0000 Dynamic Gi1/0/1 1 0000.8420.5010 Dynamic Gi1/0/1 1 0000.E26D.2C2A Dynamic Gi1/0/1 1 0000.E89A.596E Dynamic Gi1/0/1 1 0001.
User Guidelines This command has no user guidelines. Example In this example, all classes of entries in the bridge-forwarding database for Gigabit Ethernet interface 1/0/1 are displayed. console#show mac address-table interface gigabitethernet 1/0/1 Aging time is 300 Sec Vlan Mac Address Type Port ---- -------------- ---------------1 0000.0001.0000 Dynamic Gi1/0/1 1 0000.8420.5010 Dynamic Gi1/0/1 1 0000.E26D.2C2A Dynamic Gi1/0/1 1 0000.E89A.596E Dynamic Gi1/0/1 1 0001.02F1.
User Guidelines This command has no user guidelines. Example In this example, all static entries in the bridge-forwarding database are displayed. console#show mac address-table static Vlan Mac Address Type Port ---- -------------- --------1 0001.0001.0001 Static Gi1/0/1 show mac address-table vlan Use the show mac address-table vlan command in User Exec or Privileged Exec mode to display all entries in the bridge-forwarding database for the specified VLAN.
Aging time is 400 Sec Vlan Mac Address -------- --------------------1 1418.7715.1BAA 1 1418.7715.47E8 1 2047.47BA.F696 1 B8CA.3AD5.DF1A Type ----------Dynamic Management Dynamic Static Port --------------------Gi2/0/29 CPU Gi2/0/29 Gi2/0/29 show port-security Use the show ports security command to display port security (MAC locking) configuration.
Field Description Admin Mode The configured global administrative status of port MAC locking. This information is shown if only an interface parameter is given: Field Description Interface Identifier The interface identifier. Status The port security administrative status (enabled/disabled). Max-dynamic The dynamic MAC address limit. Max-static The static address limit. Protect Trap issued on violation (enabled/disabled). Frequency The frequency of trap issuance (in seconds).
Field Description Statically Configured MAC Address Statically configured MAC addresses. VLAN ID The VLAN identifier of the MAC address. Sticky Indicates if the secure MAC address is sticky. This information is shown if the violation parameter is given: Field Description MAC address The source MAC address of the last packet discarded on the interface. These are packets with unknown MAC addresses, e.g., as in the case of the dynamic limit set to 0.
Auto-VoIP Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Voice over Internet Protocol (VoIP) allows network users to make telephone calls using a computer network over a data network like the Internet. With the increased prominence of delay-sensitive applications (voice, video, and other multimedia applications) deployed in networks today, proper QoS configuration ensures high-quality application performance.
Syntax show switchport voice [ interface-id ] • interface-id —An Ethernet or port channel interface identifier. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines See the debug auto-voip command for assistance in troubleshooting AutoVoIP issues. This command accepts an Ethernet interface identifier or a port channel identifier.
Gi1/0/16 Gi1/0/17 Gi1/0/18 Gi1/0/19 Gi1/0/20 Gi1/0/21 Gi1/0/22 Gi1/0/23 Gi1/0/24 Po1 Po2 Po3 Po4 Po5 Po6 Po7 Po8 Po9 Po10 Po11 Po12 Po13 Po14 Po15 Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 The following example shows command output when a port is specified: console#show switchport voice
switchport voice detect auto The switchport voice detect auto command is used to enable the VoIP Profile on all the interfaces of the switch (global configuration mode) or for a specific interface (interface configuration mode).Use the no form of the command to disable the VoIP Profile. Syntax switchport voice detect auto no switchport voice detect auto Default Configuration This feature is disabled by default.
CDP Interoperability Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Industry Standard Discovery Protocol (ISDP) is a proprietary Layer 2 network protocol which inter-operates with Cisco network equipment and is used to share information between neighboring devices. Dell EMC Networking switches participate in the ISDP protocol and are able to both discover and be discovered by devices that support the Cisco Discovery Protocol (CDP).
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command. Example console#clear isdp table isdp advertise-v2 The isdp advertise-v2 command enables the sending of ISDP version 2 packets from the device. Use the no form of this command to send version 1 packets. Syntax isdp advertise-v2 no isdp advertise-v2 Default Configuration ISDP sends version 2 packets by default.
isdp enable The isdp enable command enables ISDP on the switch. User the “no” form of this command to disable ISDP. Use this command in global configuration mode to enable the ISDP function on the switch. Use this command in interface mode to enable sending ISDP packets on a specific interface. Syntax isdp enable no isdp enable Default Configuration ISDP is enabled. Command Mode Global Configuration mode. Interface Configuration (Ethernet) mode.
Syntax isdp holdtime time no isdp holdtime • time—The time in seconds (range 10–255 seconds). Default Configuration The default holdtime is 180 seconds. Command Mode Global Configuration mode User Guidelines This command specifies the amount of time the partner device should maintain the ISDP information. The local device uses the hold time in packets received from the partner device. Configuring the hold time locally does not change the amount of time displayed by the show isdp command.
Default Configuration The default timer is 30 seconds. Command Mode Global Configuration mode User Guidelines Configuring the timer to a low value on a large number interfaces may affect system processing due to CPU overload. Use the show process cpu command to examine the system load. Example The following example sets the isdp timer value to 40 seconds. console(config)#isdp timer 40 show isdp The show isdp command displays global ISDP settings.
Version 2 Advertisements............. Neighbors table last time changed.... Device ID............................ Device ID format capability.......... Device ID format..................... Enabled 0 days 00:06:01 QTFMPW82400020 Serial Number Serial Number show isdp entry The show isdp entry command displays ISDP entries. If a device id specified, then only the entry about that device is displayed. Syntax show isdp entry {all | deviceid} • all—Show ISDP settings for all devices.
Advertisement Version 2 Entry last changed time 0 days 00:13:50 Version: Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000 I9K91S-M), Version 12.2(25)EWA9, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 21-Mar-07 12:20 by tinhuang show isdp interface The show isdp interface command displays ISDP settings for the specified interface.
Gi1/0/7 Gi1/0/8 Gi1/0/9 Enabled Enabled Enabled console#show isdp interface gigabitethernet 1/0/1 Interface --------------Gi1/0/1 Mode ---------Enabled show isdp neighbors The show isdp neighbors command displays the list of neighboring devices. Syntax show isdp neighbors [interface-id][detail] • interface-id—A Ethernet interface identifier. Default Configuration There is no default configuration for this command.
IP Address: 172.20.1.18 IP Address: 172.20.1.18 Capability Router IGMP Platform cisco WS-C4948 Interface Gi1/0/1 Port ID GigabitEthernet1/1 Native VLAN 234 Holdtime 162 Advertisement Version 2 Entry last changed time 0 days 00:55:20 Version: Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I9K91S-M), Version 12.2(25)EWA9, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc.
ISDP ISDP ISDP ISDP ISDP Checksum Error............................ Transmission Failure...................... Invalid Format............................ Table Full................................ Ip Address Table Full.....................
DHCP Layer 2 Relay Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches In the majority of network configurations, DHCP clients and their associated servers do not reside on the same IP network or subnet. Therefore, some kind of third-party agent is required to transfer DHCP messages between clients and servers. Such an agent is known as a DHCP Relay agent. The DHCP Relay agent accepts DHCP requests from any routed interface, including VLANs.
Example console(config)#dhcp l2relay dhcp l2relay (Interface Configuration) Use the dhcp l2relay command to enable DHCP L2 Relay for an interface. Use the no form of this command to disable DHCP L2 Relay for an interface. Syntax dhcp l2relay no dhcp l2relay Default Configuration DHCP L2Relay is disabled on all interfaces by default. Command Mode Interface Configuration (Ethernet, Port-channel). User Guidelines There are no user guidelines for this command.
• vlan-list —A list of VLAN IDs. List separate, non-consecutive VLAN IDs separated by commas (without spaces). Use a hyphen to designate a range of IDs. (Range: 1–4093) Default Configuration Setting the DHCP Option 82 Circuit ID is disabled by default. Command Mode Global Configuration User Guidelines There are no user guidelines for this command.
Command Mode Global Configuration. User Guidelines There are no user guidelines for this command. Example console(config)#dhcp l2relay remote-id dslforum vlan 10,20-30 dhcp l2relay trust Use the dhcp l2relay trust command to configure an interface to mandate Option-82 on receiving DHCP packets. Syntax dhcp l2relay trust no dhcp l2relay trust Default Configuration DHCP Option 82 is discarded by default. Configuration Mode Interface Configuration (Ethernet, Port-channel).
Syntax dhcp l2relay vlan vlan-list no dhcp l2relay vlan vlan-list • vlan-list — A list of VLAN IDs. List separate, non-consecutive VLAN IDs separated by commas (without spaces). Use a hyphen to designate a range of IDs. (Range: 1–4093) Default Configuration DHCP L2 Relay is disabled on all VLANs by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
User Guidelines There are no user guidelines for this command. Example console #show dhcp l2relay all DHCP L2 Relay is Enabled.
User Guidelines There are no user guidelines for this command. Command History Port-channel capability added in version 6.5 firmware. Example console#show dhcp l2relay interface all DHCP L2 Relay is Enabled. Interface L2RelayMode TrustMode ---------- ----------- -------------0/2 Enabled untrusted 0/4 Disabled trusted show dhcp l2relay stats interface Use the show dhcp l2relay stats interface command to display DHCP L2 Relay statistics specific to interfaces.
DHCP L2 Relay is Enabled. Interface UntrustedServer UntrustedClient TrustedServer TrustedClient MsgsWithOpt82MsgsWithOpt82 MsgsWithoutOpt82 MsgsWithoutOpt82 ------------------------------------ ---------------- ------------Gi1/0/1 0 0 0 0 Gi1/0/2 0 0 3 7 Gi1/0/3 0 0 0 0 show dhcp l2relay agent-option vlan Use the show dhcp l2relay agent-option vlan command to display DHCP L2 Relay Option-82 configuration specific to VLANs.
10 Enabled Disabled --NULL— show dhcp l2relay vlan Use the show dhcp l2relay vlan command to display whether DHCP L2 Relay is globally enabled on the specified VLAN or VLAN range. Syntax show dhcp l2relay vlan vlan-list • vlan-list—Show information for the specified VLAN range. List separate, nonconsecutive VLAN IDs separated by commas (without spaces). Use a hyphen to designate a range of IDs. (Range: 1–4093) Default Configuration This command has no default configuration.
• vlan-list—Show information for the specified VLAN range. List separate, nonconsecutive VLAN IDs separated by commas (without spaces). Use a hyphen to designate a range of IDs. (Range: 1–4093) Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay circuit-id vlan 300 DHCP L2 Relay is Enabled.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay remote-id vlan 200 DHCP L2 Relay is Enabled. VLAN ID Remote Id -------------------200 remote_22 clear dhcp l2relay statistics interface Use the show dhcp l2relay statistics interface command to reset the DHCP L2 Relay counters to zero.
DHCP Snooping Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches DHCP Snooping is a security feature that monitors DHCP messages between DHCP clients and DHCP server to filter harmful DHCP messages and build a bindings database of {MAC address, IP address, VLAN ID, interface} tuples that are considered authorized. The DHCP snooping application processes incoming DHCP messages.
Syntax clear ip dhcp snooping binding {* | interface interface-id} • *—Clear all DHCP Snooping entries. • interface-id—Clear all DHCP Snooping entries on the specified interface. The interface may be an Ethernet interface or a port-channel. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec User Guidelines There are no user guidelines for this command. Command History Port-channel capability added in version 6.5 firmware.
Example console#clear ip dhcp snooping statistics ip dhcp snooping Use the ip dhcp snooping command to enable DHCP snooping globally, or on a range of VLANs. Use the “no” form of this command to disable DHCP snooping. Syntax ip dhcp snooping [vlan vlan-list] no ip dhcp snooping Default Configuration DHCP Snooping is globally disabled by default. DHCP Snooping is not enabled on any VLAN by default.
console(config-if-vlan1)#exit console(config)#interface gi1/0/4 console(config-if-Gi1/0/4)#ip dhcp snooping trust ip dhcp snooping binding Use the ip dhcp snooping binding command to configure a static DHCP Snooping binding. Use the “no” form of this command to remove a static binding. Syntax ip dhcp snooping binding mac-address vlan vlan-id ip-address interface interface-id no ip dhcp snooping binding mac-address • mac-address —The client's MAC address.
ip dhcp snooping database Use the ip dhcp snooping database command to configure the persistent storage location of the DHCP snooping database. This can be local to the switch or on a remote machine. Syntax ip dhcp snooping database {local | tftp://hostIP/filename} • hostIP—The IP address of the remote host. • filename —The name of the file for the database on the remote host. The filename may contain any printable character except a question mark and is checked only when attempting to open the file.
ip dhcp snooping database write-delay Use the ip dhcp snooping database write-delay command to configure the interval in seconds at which the DHCP Snooping database will be stored in persistent storage. Use the “no” form of this command to reset the write delay to the default. Syntax ip dhcp snooping database write-delay seconds no ip dhcp snooping database write-delay • seconds—The write delay (Range: 15–86400 seconds). Default Configuration The write delay is 300 seconds by default.
• seconds — Interval over which to measure a burst of packets. (Range: 1–15 seconds). Default Configuration By default, DCHP messages do not cause an interface to be disabled. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command is available in Ethernet interface configuration mode or port channel interface configuration mode.
Syntax ip dhcp snooping log-invalid no ip dhcp snooping log-invalid Default Configuration Logging of filtered messages is disabled by default. Invalid DHCP messages are not logged by default. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command is available in Ethernet interface configuration mode or port channel configuration mode.
Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines Configuring an interface as trusted disables DHCP snooping validation of DHCP packets and exposes the port to IPv4 DHCP DoS attacks. Configuring an interface as untrusted indicates that the switch should firewall DHCP messages and act as if the port is connected to a device outside the DMZ.
User Guidelines There are no user guidelines for this command. Example console(config)#ip dhcp snooping verify mac-address show ip dhcp snooping Use the show ip dhcp snooping command to display the DHCP snooping global configuration. Syntax show ip dhcp snooping Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
show ip dhcp snooping binding Use the show ip dhcp snooping binding command to display the DHCP snooping binding entries. Syntax show ip dhcp snooping binding [{static | dynamic}] [interface interface-id | port-channel port-channel-number] [vlan vlan-id] • static | dynamic — Use these keywords to filter by static or dynamic bindings. • interface-id — The Ethernet interface for which to show bindings. • port-channel-number—The port channel for which to show bindings.
show ip dhcp snooping database Use the show ip dhcp snooping database command to display the DHCP snooping configuration related to the database persistence. Syntax show ip dhcp snooping database Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show ip dhcp snooping database agent url: write-delay: /10.
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
User Guidelines The following fields are displayed by this command: Fields Description MAC Verify Failures The number of DHCP messages that were filtered on an untrusted interface because of source MAC address and client MAC address mismatch. Client Ifc Mismatch The number of DHCP release and Deny messages received on the different ports than previously learned. DHCP Server Msgs The number of DHCP server messages received on untrusted ports.
DHCPv6 Snooping Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches clear ipv6 dhcp snooping binding Use the clear ipv6 dhcp snooping binding command to clear all IPv6 DHCP Snooping entries. Syntax clear ipv6 dhcp snooping binding {* | interface interface-id} • *—Clears all snooping bindings. • interface-id—Clears all snooping bindings on a specified Ethernet interface. Default Configuration This command has no default configuration.
Default Configuration This command has no default configuration. Command Modes User Exec, Privileged Exec User Guidelines The IPv6 snooping statistics are also cleared by the clear counters command. Example (console)#clear ipv6 dhcp snooping statistics ipv6 dhcp snooping Use the ipv6 dhcp snooping command to globally enable IPv6 DHCP snooping. Use the no form of the command to globally disable IPv6 DHCP snooping.
MAC address to the DHCP client hardware address. If there is a mismatch, DHCP snooping logs a message and drops the packet. The network administrator can disable this option using the no ip v6 dhcp snooping verify mac-address for DHCPv6. DHCP snooping always forwards client messages on trusted interfaces within the VLAN. If DHCP relay or/and DHCP server are enabled simultaneously with DHCP snooping, the DHCP client message will be sent to the DHCP relay or/and DHCP server to process further.
console(config)#ipv6 dhcp snooping vlan 5-10,15,30 console(config)#interface Te1/0/1 console(config-if-Te1/0/1)#switchport mode access console(config-if-Te1/0/1)#switchport access vlan 10 console(config-if-Te1/0/1)#no ipv6 dhcp snooping trust ipv6 dhcp snooping binding Use the ipv6 dhcp snooping binding command to configure a static IPv6 DHCP snooping binding. Use the no form of the command to remove the entry from the binding database.
ipv6 dhcp snooping database Use the ipv6 dhcp snooping database command to configure the persistent location of the DHCP snooping database. This can be a local or remote file on a TFTP server. Syntax ipv6 dhcp snooping database {local | tftp://hostIP/filename} no ipv6 dhcp snooping database Default Configuration By default, the local database is used.
no ipv6 dhcp snooping write-delay • seconds—The period of time between successive writes of the binding database to persistent storage. (Range 15-86400 seconds.) Default Configuration By default, the write delay is 300 seconds. Command Modes Global Configuration mode User Guidelines The binding database is cached in memory and written to storage every writedelay seconds.
User Guidelines The switch hardware rate limits DHCP packets sent to the CPU from snooping enabled interfaces to 512 Kbps. To prevent DHCP packets from being used in a DoS attack when DHCP snooping is enabled, the snooping application allows configuration of rate limiting for received DHCP packets. DHCP snooping monitors the receive rate on each interface separately. If the receive rate exceeds the configured limit within the configured interval, DHCP snooping diagnostically disables the interface.
Logging invalid messages can use valuable CPU resources if the switch receives such messages at a high rate. To avoid allowing the switch to be vulnerable to a DoS attack, DHCP snooping only logs invalid messages if the user has enabled logging. Logging is enabled on individual interfaces so that only messages on interfaces of interest are logged. To further protect the system, invalid message logging is rate limited to 1 per second.
ipv6 dhcp snooping verify mac-address Use the ipv6 dhcp snooping verify mac-address command to enable the additional verification of the source MAC address with the client hardware address in the received DHCP message. Syntax ipv6 dhcp snooping verify mac-address no ipv6 dhcp snooping verify mac-address Default Configuration By default, MAC address verification is not enabled.
ipv6 verify binding Use the ipv6 verify binding command to configure a static IP source guard binding. Syntax ipv6 verify binding mac-address vlan vlan-id ip-address interface interface id no ipv6 verify binding mac-address vlan vlan-id ip-address interface interface id • mac-address —A valid mac address in standard format. • vlan-id —A configured VLAN id. (Range 1-4093. • ip-address —A valid IPv6 address. • interface-id—A valid interface ID in short or long format.
no ipv6 verify source • port-security — Enables filtering based upon source IP address, VLAN and MAC address. Default Configuration By default, no sources are blocked. Command Modes Interface Configuration mode (Ethernet and port-channel) User Guidelines DHCP snooping should be enabled on any interfaces for which ipv6 verify source is configured.
Command Modes User Exec, Privileged Exec (all show modes) User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines There are no user guidelines for this command.
Example (console)#show ipv6 dhcp snooping database agent url: /10.131.13.79:/sai1.txt write-delay: 5000 show ipv6 dhcp snooping interfaces Use the show ipv6 dhcp snooping interfaces command to show the DHCP Snooping status of IPv6 interfaces. Syntax show ipv6 dhcp snooping interfaces [interface id] • interface id—A valid Ethernet or port-channel interface. Default Configuration There is no default configuration for this command.
show ipv6 dhcp snooping statistics Use the show ipv6 dhcp snooping statistics command to display IPv6 dhcp snooping filtration statistics. Syntax show ipv6 dhcp snooping statistics Default Configuration This command has no default configuration. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines The following statistics are displayed.
Gi1/0/6 0 0 0 show ipv6 source binding Use the show ipv6 source binding command to display the IPv6 Source Guard configurations on all ports, on an individual port, or on a VLAN. Syntax show ipv6 source binding [{dhcp-snooping | static}] [interface interface-id] [vlan vlan-id] • dhcp-snooping — Displays the DHCP snooping bindings. • static —Displays the statically configured bindings. Default Configuration This command has no default configuration.
Syntax show ipv6 verify [interface if-id] • if-id—A valid interface ID (Ethernet) Default Configuration There is no default configuration for this command.
show ipv6 verify source Use the show ipv6 verify source command to display the IPv6 Source Guard configurations on all ports. Syntax show ipv6 verify source Default Configuration There is no default configuration for this command. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines If MAC address filtering is not configured on the interface, the MAC Address field is empty. If port security is disabled on the interface, the MAC Address field displays permit-all.
Dynamic ARP Inspection Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches Dynamic ARP Inspection (DAI) is a security feature that rejects invalid or malicious ARP packets. The feature prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its neighbors. The attacker sends ARP requests or responses mapping another station IP address to its own MAC address.
Example console(config)#arp access-list tier1 clear ip arp inspection statistics Use the clear ip arp inspection statistics command to reset the statistics for Dynamic Address Resolution Protocol (ARP) inspection on all VLANs. Syntax clear ip arp inspection statistics Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command.
Default Configuration No ARP ACL is configured. Command Mode Global Configuration mode User Guidelines If the static keyword is given, packets that do not match a permit statement are dropped without consulting the DHCP snooping bindings. Example console(config)#ip arp inspection filter tier1 vlan 2-10 static console(config)#ip arp inspection filter tier1 vlan 20-30 ip arp inspection limit Use the ip arp inspection limit command to configure the rate limit and burst interval values for an interface.
Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines If ARP packets are received on a port at a rate that exceeds the threshold for a specified time, that port will be diagnostically disabled. The threshold is configurable up to 300 pps, and the burst is configurable up to 15s long. The default is 15 pps and 1s burst. Use the no shut command to bring the port back in to service.
Example console(config-if-Gi1/0/3)#ip arp inspection trust ip arp inspection validate Use the ip arp inspection validate command to enable additional validation checks on received ARP packets. Syntax ip arp inspection validate {[src-mac] [dst-mac] [ip]} no ip arp inspection validate {[src-mac] [dst-mac] [ip]} • src-mac —For validating the source MAC address of an ARP packet. • dst-mac —For validating the destination MAC address of an ARP packet. • ip —For validating the IP address of an ARP packet.
Example console(config)#ip console(config)#ip console(config)#ip console(config)#ip arp arp arp arp inspection inspection inspection inspection validate validate validate validate src-mac dst-mac ip src-mac ip dst-mac ip ip ip arp inspection vlan Use the ip arp inspection vlan command to enable Dynamic ARP Inspection on a single VLAN or a range of VLANs. Use the no form of this command to disable Dynamic ARP Inspection on a single VLAN or a range of VLANs.
permit ip host mac host Use the permit ip host mac host command to configure an IP address and MAC address combination used in ARP packet validation. Use the “no” form of this command to delete the ARP ACL rule. Syntax permit ip host sender-ip mac host sender-mac no permit ip host sender-ip mac host sender-mac • sender-ip — Valid IP address used by a host. • sender-mac —Valid MAC address in combination with the above sender-ip used by a host.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show arp access-list ARP access list H2 permit ip host 1.1.1.1 mac host 00:01:02:03:04:05 permit ip host 1.1.1.2 mac host 00:03:04:05:06:07 ARP access list H3 ARP access list H4 permit ip host 2.1.1.
validation and invalid IP validation. List separate, non-consecutive VLAN IDs separated by commas (without spaces). Use a hyphen to designate a range of IDs. (Range: 1–4093) Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following information is displayed for each VLAN when a VLAN range is supplied: Field Description VLAN The VLAN-ID for each displayed row.
IP Address Validation................. Disabled VLAN ---1 Configuration Log Invalid ACL Name Static flag ------------- ----------- -------------------------------- ---------Disabled Enabled Following is an example of the show ip arp inspection interfaces command.
Field Description VLAN The VLAN-ID for each displayed row. Configuration Whether DAI is enabled on the VLAN. Log Invalid Whether logging of invalid ARP packets is enabled on the VLAN. ACL Name ARP ACL Name if configured on the VLAN. Static flag If the ARP ACL is configured static on the VLAN.
Ethernet Configuration Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Dell EMC Networking switches support a variety of configuration options to optimize network operations. Features such as flow-control and jumbo frames are supported along with a variety of commands to display traffic statistics as well as limit the effects of network loops or other network issues.
On a storm control enabled interface, if the ingress rate of that type of packet (L2 broadcast, multicast, or unicast) is greater than the configured threshold level (as a percentage of port speed or as an absolute packets-per-second rate), the switch forwarding-plane discards the excess traffic. The speed command controls interface link speeds and auto-negotiation. If speed is set to something other than auto, auto-negotiation is disabled on the interface.
Example In the following example, the counters for port Gi1/0/1 are cleared. console#clear counters gigabitethernet 1/0/1 description Use the description command in Interface Configuration mode to add a description to an interface. To remove the description use the no form of this command. Syntax description string no description • string — Comment or a description of the port attached to this interface.
Syntax default [interface-id] • interface-id—An Ethernet or port channel, loopback, tunnel or VLAN interface identifier. Default Configuration This command has no defaults. Command Mode Global Configuration mode User Guidelines This command returns an Ethernet, port channel, VLAN, tunnel or loopback interface to the interface defaults as follows: • Trunk and general mode configuration is removed. • The interface is set to access mode using VLAN 1. • The port is removed from all access-groups.
duplex Use the duplex command in Interface Configuration mode to configure the duplex operation of a given Ethernet interface. To restore the default, use the no form of this command. Syntax duplex {full | half | auto {full | half | both}} no duplex • auto—Enable auto-negotiation for the port and advertise the configured capabilities. • half—Enable half-duplex operation. • full—Enable full-duplex operation. • both—Enable auto-negotiation of full and half duplex operation.
To enable auto-negotiation on a port, and configure the speed or duplex, it is necessary to enter the speed or duplex command using the auto parameter. The port will negotiate the medium, speed, and duplex settings with the link partner. To disable auto-negotiation on a port, it is necessary to enter the speed command without using the auto parameter.
User Guidelines Dell EMC Networking switches implement receive flow control only. They never issue a flow control PAUSE frame when congested, but do respect received flow control PAUSE frames received from other switches. Disabling flow control causes the switch to ignore received PAUSE frames. Interface specific configuration overrides any global configuration. Changing the flow control setting on a copper port restarts auto-negotiation and causes a brief link-flap while auto-negotiation occurs.
Inherit enables BASE FEC or RS-FEC for 25G/50G/100G DACs, based on the technology ability and FEC capability. Enabling FEC with auto-negotiation advertises the FEC capability in the (F2, F3, F0, F1) bits D44:D47 of the base link codeword and, additionally for 25G/50G interfaces, in the F1/F2/F3/F4 bits in the Unformatted Next Page (UP-1). For 100GBASE-CR4 and 100GBASE-SR4 interfaces, inherit advertises Clause 91 RS-FEC.
interface Use this command to configure parameters for Ethernet and port-channel interfaces. While in Global Configuration mode, enter the interface command with a specific interface. To exit to Global Configuration mode, enter exit. To return to Privileged Exec mode, press Ctrl-Z or enter end. Additional forms of the interface command enable configuring VLANs, tunnels, the loopback interface, the out-of-band interface, and ranges of interfaces.
loss on other ports that are not congested or flow controlled. See http://www.ieee802.org/3/cm_study/public/september04/thaler_3_0904.pdf for more information. Example The following example enables Gigabit port 2 on stack member 1 for configuration. console(config)# interface gigabitethernet 1/0/2 interface range Use the interface range command in Global Configuration mode to execute a command on multiple ports at the same time.
Command Mode Global Configuration, Interface Range and Interface modes User Guidelines Commands under the interface range context are executed independently on each active interface in the range. If the command returns an error on one of the active interfaces, it does not stop executing commands on other active interfaces.
Syntax link debounce time [ timeout ] no link debounce time • timeout—An integer value in the range of 100–5000 milliseconds. The timeout value must be a multiple of 100. Default Configuration Ethernet interfaces do not have debounce enabled by default. Command Mode Interface (Ethernet) Configuration mode, Interface Range mode. User Guidelines The link bounce time configures a link bounce hysteresis on link loss of link. Loss of link signal starts a link bounce timer.
Example The following example disables the link debounce timer for interface gi1/0/1. switch# conf t console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#no link debounce time The following example sets the link debounce timer for interface gi1/0/1 to 500 ms. switch# conf t console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#link debounce time 500 rate-limit cpu Use the rate-limit cpu command to reduce the amount of unknown unicast/multicast packets forwarded to the CPU.
The rate limiting for unknown packets occurs on the internal CPU port and does not affect hardware based traffic routing/forwarding in any way. Typically, the switch examines the received packets in software to check if there is a forwarding entry, create a forwarding entry (e.g.
---------- ------------------- -------- -------- -------1129 osapiTimer 0.00% 0.00% 0.01% 1133 _interrupt_thread 0.09% 0.01% 0.00% 1137 bcmCNTR.0 0.24% 0.31% 0.31% 1142 bcmRX 23.00% 27.01% 18.01% 1147 ipMapForwardingTas 32.97% 37.11% 29.92% 1155 bcmLINK.0 0.34% 0.36% 0.36% 1156 cpuUtilMonitorTask 0.09% 0.05% 0.04% 1170 nim_t 0.09% 0.08% 0.07% 1208 dot1s_timer_task 0.00% 0.00% 0.01% 1222 snoopTask 0.00% 0.00% 0.01% 1291 RMONTask 0.00% 0.02% 0.03% 1293 boxs Req 0.00% 0.01% 0.
The link status field shows the hardware status followed by the keepalive status. The hardware status show “Up” when link is detected, “Down” when no link is detected, “Err-disable” when the port is error-disabled, and “Shut” when the port is administratively shut down. The keepalive status shows “None” when keepalives are disabled or the port is down, “Up” when keepalives are enabled and no loop is detected and “Down” when keepalives are enabled and a loop is detected.
Term Parameter Description Multicast Storm mcast-storm Multicast storm auto-recovery. SFP Mismatch sfp-mismatch SFP mismatch auto-recovery. SFP Plus Mismatch sfpplusmismatch SFP+ transceiver inserted in SFP port autorecovery. Spanning Tree spanning-tree Spanning-tree auto-recovery. UDLD udld UDLD auto-recovery. Unicast Storm ucast-storm Unicast storm auto-recovery. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Updated in version 6.
Transmit Percent Utilization : ................ Total Packets Received Without Errors.......... Unicast Packets Received....................... Multicast Packets Received..................... Broadcast Packets Received..................... Total Packets Received with MAC Errors......... Jabbers Received............................... Fragments/Undersize Received................... Alignment Errors............................... FCS Errors..................................... Overruns........................
Syntax show interfaces advertise [{gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The priority resolution field indicates the auto-negotiated link speed and duplex. The clock field indicates whether the local interface has autonegotiated to clock master or clock slave.
Port: Gi1/0/1 Type: Gigabit - Level Link State: Down Auto Negotiation: Enabled 802.
show interfaces configuration Use the show interfaces configuration command in User Exec mode to display the configuration for all configured interfaces. Syntax show interfaces configuration [{gigabitethernet unit/slot/port| port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
console#show interfaces configuration gigabitethernet 1/0/1 Port Description Duplex Speed Neg MTU Admin State --------- ------------------------------ ------ ------- ---- ----- ----Gi1/0/1 Full 1000 Auto 1518 Up show interfaces counters Use the show interfaces counters command in User Exec mode to display traffic seen by the interface.
User Guidelines The following table describes the fields shown in the display: Field Description InOctets Counted received octets. InUcastPkts Counted received unicast packets. InMcastPkts Counted received multicast packets. InBcastPkts Counted received broadcast packets. OutOctets Counted transmitted octets. OutUcastPkts Counted transmitted unicast packets. OutMcastPkts Counted transmitted multicast packets. OutBcastPkts Counted transmitted broadcast packets.
Field Description Transmitted Pause Frames Counted MAC Control frames transmitted on this interface with an opcode indicating the PAUSE operation. Received PFC Frames A count of the received Priority Flow Control (PFC) frames. Transmitted PFC Frames A count of the transmitted PFC frames. Receive Packets Discarded Count of frames discarded on receipt due to any reason. Transmit Packets Discarded Count of packets queued for transmission and discarded for any reason.
Counters Description Rcv-Err Total packets received with MAC errors—Receive errors is the count of packets received with a MAC error. This indicate a physical layer issue between the MAC and PHY or transceiver as the PHY should discard malformed packets. UnderSize Fragments/undersize packets received— Fragments/undersize is the count of packets received which are less than 64 octets in length. Fragments are an artifact of 10/100m shared media operation.
Gi1/0/19 Gi1/0/20 0 0 0 0 0 0 0 0 Port OutTotalPkts OutUcastPkts OutMcastPkts OutBcastPkts --------- ---------------- ---------------- ---------------- --------------Gi1/0/1 0 0 0 0 Gi1/0/2 0 0 0 0 Gi1/0/3 0 0 0 0 Gi1/0/4 0 0 0 0 Gi1/0/5 0 0 0 0 Gi1/0/6 0 0 0 0 Gi1/0/7 0 0 0 0 Gi1/0/8 0 0 0 0 Gi1/0/9 0 0 0 0 Gi1/0/10 0 0 0 0 Gi1/0/11 0 0 0 0 Gi1/0/12 0 0 0 0 The following example displays counters for Ethernet port Te1/0/1.
show interfaces debounce Use the show interfaces debounce command to list the debounce information for one or multiple interfaces. If no parameter is given, all Ethernet interfaces are shown. Syntax show interfaces debounce [ interface-id ] • interface-id—An Ethernet interface identifier (i.e., a 1G, 10G, or 40G Ethernet interface) in standard interface format. Default Configuration Ethernet interfaces have a 100 ms debounce time enabled.
Syntax show interfaces description [gigabitethernet unit/slot/port | port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port] Default Configuration This command has no default configuration. Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the description for all interfaces.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays detailed status and configuration of the specified interface.
------------------------------------ ----------Forbidden VLANS: VLAN Name -----------------------------------Port Gi1/0/1 Enabled State: Disabled Role: Disabled Port id: 128.1 Port Cost: 0 Port Fast: No (Configured: no ) Root Protection: No Designated bridge Priority: 32768 Address: 1418.7715.2368 Designated port id: 0.
Field Description Port The port or port channel number. Oob means Out-of-Band Management Interface. Description Description of the port. This field may be truncated in the command output. Duplex Displays the port Duplex status. VLAN The VLAN membership for the port is enclosed in parentheses. The currently active PVID and Voice VLAN ID, if any, are also shown. In some cases, the PVID assigned may not be the configured PVID, for example, when RADIUS assigns a PVID to the interface.
Port Description Duplex Speed Link State --------- --------------- ------ ------- ---- -----Gi1/0/1 N/A Unknown Auto Down Gi1/0/2 N/A Unknown Auto Down Flow Ctrl ----Off Off Gi1/0/3 Gi1/0/4 N/A N/A Unknown Auto Down Unknown Auto Down Off Off Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Gi1/0/9 N/A N/A N/A N/A N/A Unknown Unknown Unknown Unknown Unknown Off Off Off Off Off Oob Type --oob -----------------------------Out-Of-Band Neg Auto Auto Auto Auto Auto Down Down Down Down Down M VLAN - -----------
User Guidelines This command only supports the display of 10G and 40G transceivers. Example The following example shows the qualifications status of the optics on the switch. console#show interfaces transceiver Port ------------Te1/0/9 Te1/0/11 Te1/0/13 Te1/0/15 Te1/0/17 Dell EMC Qualified -----------------Yes Yes N/A No No The following example shows static parameters of the optics along with the qualifications status.
Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command displays Ethernet interfaces configured in trunk or general mode that are link up. Port channels are also shown if the port channel status is up.The fields displayed are as follows: • Port—The Ethernet or port channel interface name. • Description—The configured port description.
Gi1/0/6 Po1 Po1 T T (11)33-64 (11)33-64 11,33-64 11,33-64 show statistics Use the show statistics command to display detailed statistics for a specific port or for the internal CPU interface. Syntax show statistics {gigabitethernet unit/slot/port |switchport | port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port} • unit/slot/port—A valid Ethernet interface identifier. See Interface Naming Conventions for interface representation.
Frames Frames Frames Frames Frames Frames Frames Received Received Received Received Received Received Received 64 Octets..................... 65-127 Octets................. 128-255 Octets................ 256-511 Octets................ 512-1023 Octets............... 1024-1518 Octets.............. > 1518 Octets................. 0 0 0 0 0 0 0 Total Frames Received Without Errors.......... Unicast Frames Received....................... Multicast Frames Received.....................
Multiple Collision Frames..................... 0 Late Collision Frames......................... 0 Excessive Collision Frames.................... 0 Frames Frames Frames Frames Frames Frames Frames Frames Frames RX RX RX RX RX RX RX RX RX and and and and and and and and and TX TX TX TX TX TX TX TX TX 64 Octets.................... 65-127 Octets................ 128-255 Octets............... 256-511 Octets............... 512-1023 Octets.............. 1024-1518 Octets............. 1519-2047 Octets............
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines It is possible to enter interface configuration mode from global configuration mode or from interface configuration mode.
Packets Transmitted Without Errors............. Unicast Packets Transmitted.................... Multicast Packets Transmitted.................. Broadcast Packets Transmitted.................. Transmit Packets Discarded..................... 0 0 0 0 0 Most Address Entries Ever Used................. 3 Address Entries Currently in Use............... 3 Maximum VLAN Entries........................... Most VLAN Entries Ever Used.................... Static VLAN Entries............................
console#show storm-control 802.3x Flow Control Mode.......................
User Guidelines This command has no user guidelines. Examples console#show storm-control action all Bcast Mcast Ucast Port Action Action Action -------- ---------- ---------- ---------Gi1/0/1 Shutdown Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 shutdown Use the shutdown command in Interface Configuration mode to disable an interface. To restart a disabled interface, use the no form of this command. Syntax shutdown no shutdown Default Configuration The interface is enabled.
console(config-if-Gi1/0/5)# shutdown The following example reenables Gigabit Ethernet port 1/0/5. console(config)#interface gigabitethernet 1/0/5 console(config-if-Gi1/0/5)# no shutdown speed Use the speed command in Interface Configuration mode to configure the speed of a given Ethernet interface. To restore the default, use the no form of this command.
Command Mode Interface Configuration (Ethernet) mode User Guidelines Not all interfaces are capable of supporting all speeds. Refer to the Hardware Overview section of the Users Configuration Guide for a description of the capabilities of a particular interface. The speed command is only applicable to Ethernet ports. It gives an error if used on stacking ports or port-channels. Use the auto parameter to enable auto-negotiation on an interface.
negotiation enabled. The default behavior is to enable auto-negotiation when an SFP transceiver is inserted into an SFP+ port, unless a fixed speed is configured. Likewise, SFP+ ports connected via copper Direct Attach Cables must have auto-negotiation enabled if the link partner is also capable of performing auto-negotiation. If the link partner cannot perform auto-negotiation, then a fixed speed must be utilized. In all cases, the link partners need compatible settings, e.g.
Port protection occurs within a single switch. Protected port configuration does not affect traffic between ports on two different switches. No traffic forwarding is possible between two protected ports. Ports in a protected group will not forward traffic to other ports in the group. Syntax switchport protected groupid no switchport protected • groupid--Identifies which group this port will be protected in. (Range: 0-2) Default Configuration No protected switchports are defined.
Syntax switchport protected groupid name name no switchport protected groupid name • groupid — Identifies which group the port is to be protected in. (Range: 0–2) • name — Name of the group. (Range: 0-32 characters) Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example assigns the name “protected” to group 1.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example identifies test as the protected group. console#show switchport protected 0 Name......................................... test show system mtu Use the show system mtu command to display the configured MTU. The MTU is set using the global system jumbo mtu command. This command deprecates the show interfaces mtu command.
system jumbo mtu Use the system jumbo mtu command to globally configure the link Maximum Transmission Unit (MTU) on all interfaces, IP/IPv6 interfaces, VLAN interfaces, and port channel interfaces for forwarded and systemgenerated frames. The link MTU is the size of the largest Ethernet frame that can be transmitted on an interface without fragmentation. Frames received on an interface are dropped if they exceed the link MTU.
The allowed range is 1298 to 9216. This allows for configuration of an IPv4 and IPv6 MTU of 1280 to 9198. In conformance with RFC 2460, the system performs IPv6 path MTU discovery for IPv6 packets originated by the switch. This may result in individual connections using an IPv6 MTU less than that configured by the network operator.
Ethernet CFM Commands Dell EMC Networking N1500/N2200/N3200 Series Switches Connectivity Fault Management (CFM) is the OAM Protocol provision for end-to-end service layer OAM in carrier Ethernet networks. CFM provides mechanisms to support the operator in performing connectivity checks, fault detection, fault verification and isolation, and fault notification per service in the network domain of interest. Unlike Ethernet OAM defined in IEEE 802.
• domain-name—Name of the maintenance domain. Alphanumeric string of up to 43 characters. Default Configuration No CFM domains are preconfigured. Command Mode Global Configuration mode User Guidelines Each domain must have a unique name and level, for example, one cannot create a domain qwerty at level 2 if domain qwerty already exists at level 1. Likewise, one cannot create a domain dvorak at level 2 if a domain of any name exists at level 2.
Command Mode Maintenance Domain Configuration mode User Guidelines This command has no user guidelines. Example console(config-cfm-mdomain)#service serv1 vlan 10 ethernet cfm cc level Use the ethernet cfm cc level command in Global Configuration mode to initiate sending continuity checks (CCMs) at the specified interval and level on a VLAN monitored by an existing domain. Use the no form of the command to cease send CCMs.
Example console(config)#ethernet cfm cc level 1 vlan 15 interval 10 Command History Command introduced in firmware release 6.6.1. ethernet cfm mep level Use the ethernet cfm mep level command in Interface Configuration mode to create a Maintenance End Point (MEP) on an interface at the specified level and direction. MEPs are configured per Maintenance Association per Maintenance Domain. Use the no form of the command to delete a MEP.
ethernet cfm mep enable Use the ethernet cfm mep enable command in Interface Configuration mode to enable a MEP at the specified level and direction. Use the no form of the command to disable the MEP. Syntax ethernet cfm mep enable level 0-7 vlan vlan-id mpid 1-8191 • level—Maintenance association level • mpid—Maintenance entity identifier • vlan—VLAN on which the MEP operates. The range is 1-4093. Default Configuration No MEPs are preconfigured.
• mpid—Maintenance entity identifier • vlan—VLAN on which the MEP operates. The range is 1-4093. Default Configuration No MEPs are preconfigured. Command Mode Interface Configuration User Guidelines This command has no user guidelines. ethernet cfm mep archive-hold-time Use the ethernet cfm mep archive-hold-time command in Interface Configuration mode to maintain internal information on a missing MEP. Use the no form of the command to return the interval to the default value.
console(config)#ethernet cfm mep archive-hold-time 1200 ethernet cfm mip level Use the ethernet cfm mip level command in Interface Configuration mode to create a Maintenance Intermediate Point (MIP) at the specified level. The MEPs are configured per Maintenance Domain per interface. Use the no form of the command to delete a MIP. Syntax ethernet cfm mip level 0-7 • level—Maintenance association level Default Configuration No MIPs are preconfigured.
• mac-addr—The destination MAC address for which the connectivity needs to be verified. Either MEP ID or the MAC address option can be used. • remote-mpid—The MEP ID for which connectivity is to be verified; i.e. the destination MEP ID. • domain—Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). • vlan-id—A VLAN associated with the maintenance domain. Range: 1-4093. • mpid—The MEP ID from which the loopback message needs to be transmitted.
• mac-addr—The destination MAC address for which the connectivity needs to be verified. Either MEP ID or the MAC address option can be used. • remote-mpid—The MEP ID for which connectivity is to be verified; i.e. the destination MEP ID. • domain—Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). • vlan-id—A VLAN associated with the maintenance domain. Range: 1-4093. • mpid—The MEP ID from which the loopback message needs to be transmitted.
Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines • Level—The maintenance association level • SVID—The service identifier • MPID—The maintenance endpoint identifier • DefRDICcm—A remote MEP reported the RDI bit in a CCM. • DefMACStatus—Some remote MEP reported its Interface Status TLV as something other then isUp.
• domain—Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines Refer to IEEE 802.1ag for an explanation of the maintenance association level and MEP ID. Typically, these are assigned by the top level network service provider.
show ethernet cfm maintenance-points remote Use the show ethernet cfm maintenance-points remote command to display the configured remote maintenance points. Syntax show ethernet cfm maintenance-points remote {level 0-7 | domain domainname | detail [mac mac-address | mep mpid] [domain domain-name | level 0-7] [vlan vlan-id]} • domain—Name of the maintenance domain (an alphanumeric string of up to 43 characters in length).
• Service Id—The configured service identifier Example console# show ethernet cfm maintenance-points remove level 1 -----MEP Id -----1 ------RMEP Id ------2 ----- ----------------- ---- ----------------- ----------Level MAC VLAN Expiry Timer(sec) Service Id ----- ----------------- ---- ----------------- ----------1 00:11:22:33:44:55 10 25 serv1 show ethernet cfm statistics Use the show ethernet cfm maintenance-points remote command to display the CFM statistics.
• Bad MSDU Loopback Replies received—Count of the number of loopback replies received with a MAC Service Data Unit that did not match the corresponding LBM • Unexpected LTR's received—A count of the number of Link Trace Replies fore which no LTM was sent Example show Ethernet cfm statistics [domain | level <0-7>] Console# show ethernet cfm statistics -----------------------------------------------------------------Statistics for 'Domain: domain1, Level: 1, Vlan: 11, MEP Id: 1' ------------
Ethernet Ring Protection Commands Dell EMC Networking N1500/N2200/N3200 Series Switches only The Ethernet Ring Protection (ITU-T G.8032/Y.1344 (08/15) feature is a highly reliable and stable protection switching mechanism and a protocol for Ethernet layer network rings. Ethernet rings allow a wide-range of multipoint connectivity that is highly economic due to their reduced number of links.
Ethernet Ring Protection does not support Non-Stop Forwarding. A stack failover is destructive to the ring, even when configured on stack units that are not rebooted during the stack failover. Fault detection depends on the configured CCM transmission period. Fault detection may occur in milliseconds depending on the value of the CCM transmission period. Ethernet Ring Protection does not operate in a stack configuration. Do not configure Ethernet Ring Protection in a stack.
a defect still exists on the trail that started the timer. If it does, that defect will be reported to protection switching. Range: 0 to 10000 ms in increments of 100 ms, for example, a value of 500 implies 500 milliseconds. • wait-to-restore timer—When a fault condition is cleared, the traffic channel reverts after the expiry of a WTR timer (if no fault condition is present). This timer is used to avoid toggling protection states in case of intermittent defects. Range: 1 to 12 minutes.
Syntax non-revertive no non-revertive Default Configuration The default operational mode is revertive. Command Mode Ethernet Ring Profile Configuration mode User Guidelines Two operational modes are supported: revertive and non-revertive. In revertive mode, when all failures in the link are removed, traffic is restored to the working transport entity and the Ring Protection Link (RPL) is blocked.
no ethernet ring g8032 ring-name • ring-name—The name of an Ethernet ring to be configured (up to 32 characters) Default Configuration By default, no Ethernet rings are defined. Command Mode Global Configuration mode User Guidelines Map an Ethernet ring profile to an Ethernet ring using the profile command in Ethernet Ring Configuration mode. Configure the East/West links using the Port0/Port1 commands respectively. Set the ring scope using the ring-scope command.
Syntax port0 interface interface-id no port0 interface • interface-id—A physical (Ethernet) interface identifier. Default Configuration By default, there is no port0 configuration. Command Mode Ethernet Ring Configuration mode User Guidelines This command enables an Ethernet link to participate in Ethernet ring protection. In the ITU-T G.8032 standard, port0 and port1 are referred to as East and West ring links, respectively. The port0 interface should be an interface connected to a G.8032 ring.
no port1 • interface-id—A physical (Ethernet) interface identifier. • none—Configure the West interface as a local endpoint for an open ring. Default Configuration No port1 configuration is present by default. Command Mode Ethernet Ring Configuration mode User Guidelines This command enables an Ethernet link to participate in Ethernet ring protection. In the ITU-T G.8032 standard, port0 and port1 are referred to as East and West ring links, respectively.
Default Configuration Rings are closed by default. Command Mode Ethernet Ring Configuration mode User Guidelines This command configures the Ethernet ring as sub-ring. In a sub-ring, only one ring port may be configured per node. This command must be configured on every ring node in the sub-ring, not just on the interconnected nodes of the ring. Example This example configures an open ring node for interface Te1/0/1.
Command Mode Ethernet Ring Configuration mode User Guidelines Each ring node can participate in eight physical rings and each ring can have up to two Ethernet Ring Protection (ERP) instances. The total number of instances supported on a ring node are two. Each ERP instance is uniquely identified by the combination of instance ID and R-APS VLAN ID. All the ring nodes that are part of a logical ring should have the same instance ID and R-APS VLAN ID.
• profile-name—The name of an existing Ethernet ring protection profile. The maximum length of a profile name is 32 characters. Default Configuration There are no associated profiles by default. Command Mode Ethernet Ring Instance Configuration mode User Guidelines This command associates the Ethernet ring protection properties from the named profile with the Ethernet Ring instance. This command is optional.
Syntax rpl {port0 | port1} {owner | neighbor} no rpl • port0—Configure the East port as owner or neighbor. • port1—Configure the West port as RPL owner or neighbor. • neighbor—Assign port0 or port1 and the RPL owner. • owner—Assign port0 or port1 as the RPL owner. Default Configuration There are no associated RPLs by default. Command Mode Ethernet Ring Instance Configuration mode User Guidelines This command configures the Ethernet Ring Protection Link (RPL) and role.
console console console console (config-erp-ring1)#port0 interface te1/0/1 (config-erp-ring1)#port1 interface te1/0/2 (config-erp-ring1)#instance 1 (config-erp-inst-1)#rpl port1 owner On the adjacent switch: console console console console console console (config)# ethernet ring g8032 ring1 (config-erp-ring1)#timer hold-off 500 (config-erp-ring1)#port0 interface te1/0/1 (config-erp-ring1)#port1 interface te1/0/2 (config-erp-ring1)#instance 1 (config-erp-inst-1)#rpl port0 neighbor Command History Command
User Guidelines This command configures the list of VLANs that are protected by the ERP instance. Only VLANs that are participating in both the ring ports of an instance are monitored by the ERP instance. A VLAN may only be configured for one instance. Configuring a VLAN in more than one ERP instance causes undefined behavior. Example This example configures a closed ring node for interface Te1/0/1 and Te1/0/2 using data VLANs 101-103. It assumes that VLANs 100-103 are already created.
ethernet tcn-propagation Use the ethernet tcn-propagation command to enable topology change notification from a sub-ring to the major ring. Use the no form of the command to disable TCN propagation. Syntax ethernet tcn-propagation g8032 to g8032 Default Configuration TCN propagation is disabled by default. Command Mode Interface (Ethernet) Configuration mode User Guidelines This command enables topology change propagation from sub-ring to a major ring.
console (config-if-Te1/0/2)#ethernet tcn-propagation g8032 to g8032 Command History Command introduced in firmware release 6.6.1. aps-channel Use the aps-channel command to enter into Ethernet Ring Protection APSchannel Configuration mode. Use the exit command to exit the APSChannel Configuration mode. Syntax aps-channel Default Configuration This command has no default configuration.
console console console console console console console console console console console console console console (config)#interface te1/0/1 (config-if-Te1/0/1)#switchport mode trunk (config-if-Te1/0/1)#interface Te1/0/2 (config-if-Te1/0/2)#switchport mode trunk (config-if-Te1/0/2)#exit (config)# ethernet ring g8032 ring1 (config-erp-ring1)#port0 interface te1/0/1 (config-erp-ring1)#port1 interface te1/0/2 (config-erp-ring1)#instance 1 (config-erp-inst-1)#rpl port1 owner (config-erp-inst-1)#inclusion-list vl
User Guidelines It is necessary to configure an Ethernet Maintenance CFM domain and associated MEPs between the links to be protected. Connectivity Fault Management CCMs must be configured to operate at the specified maintenance level to achieve protection switching from causes other than an interface down event. Example This example configures a closed ring node for interface Te1/0/1 and Te1/0/2 using data VLANs 101-103. It assumes that VLANs 100-103 are already created.
raps-vlan Use the raps-vlan command to associate the VLAN to be used for R-APS messages for the ERP instance. Use the no form of the command to disassociate the ERP instance from the VLAN. Syntax raps-vlan vlan-id no raps-vlan vlan-id • vlan-id—The ID of an existing VLAN. Default Configuration This command has no default configuration. Command Mode Ethernet Ring Instance APS Configuration mode User Guidelines It is strongly recommended that no other traffic be configured to use the APS VLAN.
console console console console console console console console console (config)# ethernet ring g8032 ring1 (config-erp-ring1)#port0 interface te1/0/1 (config-erp-ring1)#port1 interface te1/0/2 (config-erp-ring1)#instance 1 (config-erp-inst-1)#rpl port1 owner (config-erp-inst-1)#inclusion-list vlan-ids 101-103 (config-erp-inst-1)#aps-channel (config-erp-inst-1-aps)#level 7 (config-erp-inst-1-aps)#raps-vlan 100 Command History Command introduced in firmware release 6.6.1.
• Clear—The Clear command: a Clears an active local administrative command (for example, forced switch or manual switch). b Triggers reversion before the Wait-to-Restore (WTR) or Wait-toBlock (WTB) timer expires in case of revertive operation. c Triggers reversion in case of a non-revertive operation. • Forced switch—This action command attempts to forcefully cause a ring protection switch by applying a block on the ring port on the local switch.
Command Mode Privileged Exec mode, Global Configuration mode, and all Configuration submodes User Guidelines The following information is shown: Table 3-3.
Inclusion-list VLAN IDs………1500-1799 APS channel Level……………………………5 RAPS-VLAN……………………20 Oper State………………………TRUE console#show ethernet ring g8032 configuration Ethernet ring……………………ring1 Port0……………………………0/1 Port1……………………………0/2 Open-ring: no Instance ………………………..1 Profile…………………………..profile1 RPL…………………………….port0 RPL Owner Inclusion-list VLAN IDs………1000-1299 APS channel Level……………………………6 RAPS-VLAN…………………..10 OperState………………………TRUE Instance………………………..2 Profile………………………….erp RPL…………………………….
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode, and all Configuration submodes User Guidelines The following fields are displayed: Table 3-4. show ethernet ring g8032 brief command output Field Description RingName Ethernet ring name Instance Instance Identifier Node Type Ring node role (Owner, Neighbor, or None) Node State State of the ring node (Init, Idle, Protection, Pending, ForcedSwitch, and ManualSwitch).
show ethernet ring g8032 status Use the show ethernet ring g8032 status command to show the status of Ethernet ring protection. Syntax show ethernet ring g8032 status [ring-name] [ instance [instance-id]] • ring-name—The Ethernet ring name. • instance-id—The Ethernet ring instance. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode, and all Configuration submodes User Guidelines The following fields are displayed: Table 3-5.
Table 3-5. show ethernet ring g8032 status command output Field Description R-APS Level Level that is used in R-APS messages. Profile Profile that is mapped for the instance. If the profile is not configured, the command output displays Not Configured. Also displays the default values for timers and revertive mode. Example console#show ethernet ring g8032 status ring1 instance 1 Ethernet ring………………………..ring1 Instance……………………………1 Node Type …………………… ….
Remote R-APS…………………….NodeId 00:0a:f7:94:e4:0a, BPR: 0 R-APS Level………………………6 Profile………………………………profile1 WTR interval…………………….. 1 minutes Guard interval……………………..2000 milliseconds HoldOffTimer…………………….0 seconds Revertive mode…………………..Enabled Command History Command introduced in firmware release 6.6.1. show ethernet ring g8032 port status Use the show ethernet ring g8032 port status command to show the status of Ethernet ring protection for the selected interface.
Table 3-6. show ethernet ring g8032 port status command output Field Description Protected VLAN list A list of the protected VLANs. State State of the ring node (Init, Idle, Protection, Pending, ForcedSwitch, and ManualSwitch). Example console#show ethernet ring g8032 port status interface gigabitethernet 1/0/10 Port0.......................................... Ethernet Ring.................................. Instance....................................... Protected VLAN list..........................
Table 3-7. show ethernet ring g8032 profile command output Field Description Profile name The name of the profile. WTR interval When all faults are cleared, the period to wait before restoring the original traffic channel. Guard interval The period to wait before invoking a protection switch. Holdoff interval The period to wait before reporting a defect to protection switching. Revertive mode If enabled, revert to the original traffic channel when all faults are cleared.
console#show ethernet ring g8032 profile p1 Ethernet ring profile name..................... WTR interval................................. Guard interval............................... Holdoff interval............................. Revertive mode............................... p1 8 minutes 30 milliseconds 0 milliseconds Disabled Command History Command introduced in firmware release 6.6.1.
• FS—force switch • MS—manual switch • SF—R-APS signal fail Example console#show ethernet ring g8032 statistics Statistics for Ethernet ring r1 instance 1 FOP PM detected: 0 FOP TO detected: 1 R-APS Message Type Port0(Tx/Rx) Port1(Tx/Rx) ---------------------- --------------- --------------NR 566/770 546/766 NR,RB 0/0 0/0 FS 0/0 0/0 MS 0/0 0/0 SF 29/28 9/9 console# console#show ethernet ring g8032 statistics r1 instance 1 Statistics for Ethernet ring r1 instance 1 FOP PM detected: 0 FOP TO detected: 1
Syntax show ethernet ring g8032 summary Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode, and all Configuration submodes User Guidelines The following fields are displayed: Table 3-8. show ethernet ring g8032 summary command output Field Description NodeID The MAC address of the RPL owner node. Init The number of times the node entered the Init state. Idle The number of times the node entered the Idle state.
Manual Switch Forced Switch Pending 0 0 1 Command History Command introduced in firmware release 6.6.1.
Green Ethernet Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Dell EMC Networking switches support various Green Ethernet modes, i.e., power saving modes, namely: • Energy-Detect Mode • Energy Efficient Ethernet These modes can enable significant operational cost reductions through direct power savings and reducing cooling costs. Green mode commands are only valid for copper Ethernet interfaces.
green-mode energy-detect This command enables a Dell EMC proprietary mode of power reduction on ports that are not connected to another interface. Use the no form of the command to disable energy-detect mode on the interface(s). Syntax green-mode energy-detect no green-mode energy-detect Default Configuration On N1100-ON, N1500, N2000, N2100-ON, N2200-ON, N3000-ON, N3100ON, and N3200-ON switches, energy-detect is enabled by default on the 1G copper interfaces.
green-mode eee Use the green-mode eee command mode to enable EEE low power idle mode on an interface. Use the no form of the command to disable the feature. Syntax green-mode eee no green-mode eee Default Configuration EEE is enabled by default on capable interfaces. Command Mode Interface Configuration User Guidelines The command enables both send and receive sides of a link to disable some functionality for power savings when lightly loaded.
Use the no form of the command to return the configuration to the default. Syntax green-mode eee tx-idle-time <600-4294967295> green-mode eee tx-wake-time <0-65535> no green-mode eee {tx-idle-time|tx-wake-time} Default Configuration By default, the transmit idle time is 600 micro-seconds and the transmit wake time is 8 micro-seconds.
• The EEE LPI history table entries • The Cumulative Power savings estimates for a specified interface or for all the interfaces based upon the argument. Syntax clear green-mode statistics {interface-id | all} • interface-id—An Ethernet interface identifier. See Interface Naming Conventions for interface representation. • all—All Ethernet interfaces. Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines This command has no user guidelines.
Command Mode Global Configuration User Guidelines This value is applied globally on all interfaces on the stack. LPI history is only collected on combo ports when the copper port is enabled. Use the no form of the command to set the sampling interval or max-samples values to the default. Examples Use the command below to set the EEE LPI History sampling interval to the default.
User Guidelines This command is also used to display the per port configuration and operational status of the green-mode. The status is shown only for the modes supported on the corresponding hardware platform whether enabled or disabled. This command output provides the following information. Term Description Energy Detect Energy-detect admin mode Energy-detect mode is enabled or disabled. Energy-detect operational status Energy detect mode is currently active or inactive.
Term Description Rx Low Power Idle Duration (μSec) This field indicates duration of Tx LPI state in 10us increments. Shows the total duration of Tx LPI since the EEE counters are last cleared. Tw_sys_tx (μSec) Integer that indicates the value of Tw_sys that the local system can support. This value is updated by the EEE DLL Transmitter state diagram. This variable maps into the aLldpXdot3LocTxTwSys attribute.
Term Description Remote Fallback Tw_sys (μSec) Integer that indicates the value of fallback Tw_sys that the remote system is advertising.This attribute maps to the variable RemFbSystemValue as defined in 78.4.2.3. Tx_dll_enabled Initialization status of the EEE transmit Data Link Layer management function on the local system. Tx_dll_ready Data Link Layer ready: This variable indicates that the tx system initialization is complete and is ready to update/receive LLDPDU containing EEE TLV.
Remote Tw_sys_tx Echo(usec).......21 Remote Tw_sys_rx (usec)...........21 Remote Tw_sys_tx Echo(usec).......21 Remote fallback Tw_sys (usec).....21 Tx DLL enabled....................Yes Tx DLL ready......................Yes Rx DLL enabled....................Yes Rx DLL ready......................Yes Cumulative Energy Saving (W * H)..2.37 Time Since Counters Last Cleared..1 day 20 hr 47 min 34 sec show green-mode Use the show green-mode command to display the green-mode configuration for the whole system.
Term Description EEE EEE Config EEE Admin Mode is enabled or disabled. Example console#show green-mode Current Power Consumption (mW)................. 11545 Power Saving /Stack (%)........................ 3 Cumulative Energy Saving /Stack (W * H)........
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines On combo ports, samples are only collected on the copper ports when enabled. The following fields are displayed by this command. Term Description Sampling Interval Interval at which EEE LPI statistics is collected. Total No. of Samples to Keep Maximum number of samples to keep.
------ -------------------3 00:00:00:09 2 00:00:00:40 1 00:00:01:11 -------------3 4 3 -------------3 7 10 Layer 2 Switching Commands 500
GMRP Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The GARP Multicast Registration Protocol (GMRP) provides a mechanism that allows networking devices to dynamically register (and deregister) Group membership information with the MAC networking devices attached to the same segment, and for that information to be disseminated across all networking devices in the bridged LAN that support Extended Filtering Services.
This ensures that the networking device receives multicast frames from all ports but forwards them through only those ports for which GMRP has created Group registration entry (for that multicast address). Registration entries created by GMRP ensures that frames are not transmitted on LAN segments which neither have registered GMRP participants nor are in the path through the active topology between the sources of the frames and the registered group members.
Syntax clear gmrp statistics [{gigabitethernet unit/slot/port | port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example clears all the GMRP statistics information on port Gi1/0/8.
User Guidelines This command has no user guidelines.
GVRP Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches GARP VLAN Registration Protocol (GVRP) is used to propagate VLAN membership information throughout the network. GVRP is based on the Generic Attribute Registration Protocol (GARP), which defines a method of propagating a defined attribute (that is, VLAN membership) throughout the network.
Example The following example clears all the GVRP statistics information on interface Gi1/0/8. console# clear gvrp statistics gigabitethernet 1/0/8 garp timer Use the garp timer command in Interface Configuration mode to adjust the GARP application join, leave, and leaveall GARP timer values. To reset the timer to default values, use the no form of this command. Syntax garp timer {join | leave | leaveall} timer_value no garp timer • join — Indicates the time in centiseconds that PDUs are transmitted.
User Guidelines This command is available in Ethernet interface configuration mode and port channel interface configuration mode. The following relationships for the various timer values must be maintained: • Leave time must be greater than or equal to three times the join time. • Leaveall time must be greater than the leave time. Set the same GARP timer values on all Layer 2-connected devices.
Example The following example globally enables GVRP on the device. console(config)#gvrp enable gvrp enable (Interface Configuration) Use the gvrp enable command in Interface Configuration mode to enable GVRP on an interface. To disable GVRP on an interface, use the no form of this command. Syntax gvrp enable no gvrp enable Default Configuration GVRP is disabled on all interfaces by default.
gvrp registration-forbid Use the gvrp registration-forbid command in Interface Configuration mode to deregister all VLANs on a port and prevent any dynamic registration on the port. To allow dynamic registering for VLANs on a port, use the no form of this command. Syntax gvrp registration-forbid no gvrp registration-forbid Default Configuration Dynamic registering and deregistering for each VLAN on the port is not forbidden.
Syntax gvrp vlan-creation-forbid no gvrp vlan-creation-forbid Default Configuration By default, dynamic VLAN creation is enabled. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command is available in Ethernet interface configuration mode and port channel interface configuration mode. Example The following example disables dynamic VLAN creation on port 1/0/8.
User Guidelines This command is valid for Ethernet and port-channel interfaces. If no interface-id parameter is given, all interfaces are shown.
Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If no interface-id parameter is given, all interfaces are shown. Example The following example displays GVRP error statistics information.
Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example This example shows output of the show gvrp statistics command.
IGMP Snooping Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Snooping of Internet Group Management Protocol (IGMP) messages is a feature that allows Dell EMC Networking switches to forward multicast traffic intelligently on the switch. Multicast traffic is traffic that is destined to a host group. Host groups are identified by the destination MAC address, i.e.
and thus not detectable by the switch. If a query is not received on an interface within a specified length of time (multicast router present expiration time), that interface is removed from the list of interfaces with multicast routers attached. The multicast router present expiration time is configurable using management. The default value for the multicast router expiration time is zero, which indicates an infinite time-out (that is, no expiration).
Enabling IGMP snooping on a VLAN in which L3 multicast is enabled is recommended. If a multicast source is connected to a VLAN on which both L3 multicast and IGMP/MLD snooping are enabled, the multicast source is forwarded to the mrouter ports, including the internal mrouter port. If IGMP snooping is disabled, multicast data plane packets are flooded in the VLAN. IGMP snooping (and IGMP querier) validates IGMP packets. As part of the validation, IGMP checks for the router alert option.
Command Mode User Exec, Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console(config)#show ip igmp snooping Admin Mode..................................... IGMP Router-Alert check........................ Multicast Control Frame Count.................. SSM FDB Capacity............................... SSM FDB Current Entries........................ SSM FDB High Water Mark. ......................
Default Configuration This command has no default configuration. Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines To see the full multicast address table (including static addresses) use the show mac address-table command. Example This example shows IGMPv2 snooping entries console(config)#show ip igmp snooping groups Vlan ---1 Group ----------------------224-239.129|1.2.
Flooding Unregistered to All Ports............. Disabled Vlan 1: -------IGMP Snooping Admin Mode....................... Immediate Leave Mode........................... Group Membership Interval...................... Last Member Query Interval..................... Multicast Router Expiry Time................... Enabled Disabled 260 10 300 Report Suppression Mode........................
ip igmp snooping vlan immediate-leave This command enables or disables IGMP Snooping immediate-leave mode on a selected VLAN. Syntax ip igmp snooping vlan vlan-id immediate-leave no ip igmp snooping vlan vlan-id immediate-leave • vlan id — A VLAN identifier (range 1-4093). Default Configuration IGMP snooping immediate-leave mode is disabled on VLANs by default.
ip igmp snooping vlan groupmembership-interval This command sets the IGMP Group Membership Interval time on a VLAN. Syntax ip igmp snooping vlan vlan-id groupmembership-interval time no ip igmp snooping vlan vlan-id groupmembership-interval • vlan-id — A VLAN identifier (Range 1-4093). • time — IGMP group membership interval time in seconds. (Range: 2– 3600) Default Configuration The default group membership interval time is 260 seconds.
Syntax ip igmp snooping vlan vlan-id last-member-query-interval time no ip igmp snooping vlan vlan-id last-member-query-interval • vlan-id — A VLAN identifier (Range 1-4093). • time — Number of seconds after which a host is considered to have left the group. (Range: 1-25) Default Configuration The default maximum response time is 10 seconds.
Syntax ip igmp snooping vlan vlan-id mcrtexpiretime time no ip igmp snooping vlan vlan-id mcrtexpiretime • vlan-id — A VLAN identifier (Range 1-4093). • time— Multicast router present expiration time. (Range: 1–3600) Default Configuration The default multicast router present expiration time is 300 seconds. Command Mode Global Configuration mode User Guidelines The expiry time is configured for an individual VLAN.
• vlan-id — A VLAN identifier (Range 1-4093). Default Configuration Report suppression is enabled by default. Command Mode Global Configuration mode User Guidelines When IGMP report suppression is enabled, the switch only sends the first report received for a group in response to a query. Report suppression is only applicable to IGMPv1 and IGMPv2. Example The following example sets the snooping report suppressions time to 10 seconds.
User Guidelines There is no equivalent MLD command since this setting applies to both protocols. Example console(config)#ip igmp snooping unregistered floodall ip igmp snooping vlan mrouter This command statically configures a port as connected to a multicast router for a specified VLAN. Use the no form of this command to remove the static binding.
multicast packets received in the VLAN. This behavior can be used to ensure that IGMP snooping will selectively forward IPv4 multicast data traffic in a VLAN even if no dynamically discovered IPv4 multicast router has been discovered. Multicast data plane traffic from multicast sources in a VLAN is always forwarded to the mrouter ports in the VLAN. Multicast control plane packets (those addressed to the reserved 224.0.0.
IGMP Snooping Querier Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The IGMP Snooping Querier is an extension to the IGMP Snooping feature. IGMP Snooping Querier allows the switch to simulate an IGMP router in a Layer 2-only network, thus removing the need to have an IGMP Router to collect and refresh the multicast group membership information. The querier function simulates a small subset of the IGMP router functionality.
Default Configuration The IGMP Snooping Querier feature is globally disabled on the switch. When enabled, the IGMP Snooping Querier stops sending queries if it detects IGMP queries from a multicast-enabled router. The Snooping Querier periodically (querier timer expiry) wakes up and listens for IGMP queries, and if found, goes back to sleep. If no IGMP queries are heard, then the Snooping Querier will resume querying.
snooping (and snooping querier) will discard the packet. Use the no ip igmp snooping router-alert-check command to disable checking for the router alert option. Example The following example enables IGMP snooping querier in Global Configuration mode. console(config)#ip igmp snooping querier vlan 1 address 10.19.67.
to participate in the querier election but to stop sending queries as soon as it discovers the presence of another querier in the VLAN. If the switch detects another querier in the VLAN, it will cease sending queries for the querier timeout period. Example The following example configures the snooping querier to participate in the querier election on VLAN 10.
Example The following example sets the query interval to 1800: console(config)#ip igmp snooping querier query-interval 1800 ip igmp snooping querier timer expiry This command sets the IGMP querier timer expiration period which is the time period that the switch remains in non-querier mode after it has discovered that there is a multicast querier in the network. The no form of this command sets the IGMP querier timer expiration period to its default value.
ip igmp snooping querier version This command sets the IGMP version of the query that the snooping switch is going to send periodically. The no form of this command sets the IGMP Querier Version to its default value. Syntax ip igmp snooping querier version version no ip igmp snooping querier version • version — IGMP version. (Range: 1–2) Default Configuration The querier version default is 2. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all submodes User Guidelines When the optional argument vlan-id is not used, the command shows the following information. Parameter Description IGMP Snooping Querier Indicates whether or not IGMP Snooping Querier is active on the switch. IGMP Version Indicates the version of IGMP that will be used while sending out the queries.
Parameter Description VLAN Operational Indicates the time to wait before removing a Leave from a host Max Response Time upon receiving a Leave request. This value is calculated dynamically from the Queries received from the network. If the Snooping Switch is in Querier state, then it is equal to the configured value. Querier Election Participate Mode Indicates whether the IGMP Snooping Querier participates in querier election if it discovers the presence of a querier in the VLAN.
Interface Error Disable and Auto Recovery Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Interface error disable automatically disables an interface when an error is detected; no traffic is allowed until the interface is either manually re-enabled or, if auto recovery is configured, the configured auto recovery time interval has passed.
• link-flap — Link flap recovery. • loop-protect — Loop Protection auto-recovery. • port-security — Port security MAC locking auto-recovery. • mcast-storm — Multicast Storm auto-recovery. • sfp-mismatch — SFP mismatch auto-recovery. • sfpplus-mismatch — SFP+ transceiver inserted in SFP port auto-recovery. • spanning-tree — Spanning-tree auto-recovery. • udld — UDLD auto-recovery. • ucast-storm — Unicast Storm auto-recovery. Default Configuration No recovery causes are enabled by default.
Command History Implemented in version 6.3.0.1 firmware. Additional causes added in version 6.5 firmware. Updated in version 6.6 firmware to add 802.1x auto-recovery. Example The following example enables auto-recovery for all causes. console(config)#errdisable recovery cause all errdisable recovery interval Use the errdisable recovery interval command to configure the interval for error recovery of interfaces disabled due to any cause. Use the no form of the command to reset the interval to the default.
Interfaces recovered by auto-recovery issue a log message indicating that recovery is being attempted. <13> Sep 25 14:38:32 10.130.135.107-1 UDLD[nim_t]: udld_util.c(1829) 87 %% Interface Gi1/0/1 is restored from the error disabled state. Command History Implemented in version 6.3.0.1 firmware. Example The following example sets the error recovery timer to 30 seconds.
<13> Sep 25 14:38:32 10.130.135.107-1 UDLD[nim_t]: udld_util.c(1829) 87 %% Interface Gi1/0/1 is restored from the error disabled state. The following information is displayed. Term Parameter Description ARP inspection arp-inspection ARP inspection auto-recovery. BPDU Guard bpduguard BPDU guard auto-recovery. Broadcast Storm bcast-storm Broadcast storm auto-recovery. BPDU Storm bpdustorm BPDU storm auto-recovery. Denial of Service denial-ofservice Denial of Service auto-recovery.
Reason -----------------ARP Inspection BPDU Guard Broadcast Storm BPDU Storm Denial of Service DHCP Rate Limit Keep Alive Loop Protection Port Security Multicast Storm SFP Mismatch SFP Plus Mismatch Spanning Tree UDLD Unicast Storm Auto-recovery Status --------------------Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Interval for auto-recovery of error disabled interfaces: 300 seconds show interfaces status err-disab
When the interval expires, the system examines the error disabled interfaces and recovers them if recovery for the indicated cause is enabled. Only a single timer is used and recovery occurs when the timer expires, not when the interface time expires. The recovery delay time indicates the number of seconds until the interface is eligible for recovery if auto-recovery is enabled for the indicated cause. Interfaces recovered by auto-recovery issue a log message indicating that recovery is being attempted.
Command History Implemented in version 6.3.0.1 firmware. Modified in version 6.5 firmware.
IP Device Tracking Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches ip device tracking Use the ip device tracking command to enable device tracking for IPv4 hosts. Syntax ip device tracking no ip device tracking Default Configuration IP device tracking is disabled by default. Command Mode Global Configuration mode User Guidelines IP device tracking (IPDT) maintains a table of attached IPv4 host addresses.
For each device entry in the IPDT table, ARP probe is sent periodically to check the reachability of the device. If there are no ARP responses received for the configured number of retransmit ARP probes, the device entry is marked inactive. IPDT does not send ARP probes for entries already present in the ARP table until they age out and ARP packets are exchanged. When IPDT is enabled for the first time, it may take up to 20 minutes (or the configured ARP timeout) for the IPDT table to populate.
If the device entry is modified during that delay interval, the initial probe delay timer is canceled and the probe retransmit timer is started. Whenever the device entry is updated from ARP Snooping or DHCP Snooping, the probe retransmit timer is restarted. Entries in the IPDT table are added on the following events: • ARP snooping detected a new device. • DHCP snooping issued a new address binding.
• The state of associated interface changes from forwarding to nonforwarding. • If DHCP snooping is disabled, entries added via DHCP snooping are marked INACTIVE. • The DHCP lease associated with the table entry is terminated or deleted. Only ARP packets that are validated by Dynamic ARP Inspection (if enabled) are processed by IPDT.
Syntax ip device tracking probe no ip device tracking probe Default Configuration IP device tracking probes are enabled by default. Command Mode Global Configuration mode User Guidelines Invoking the no form of the command (no ip device tracking probe) causes all the ACTIVE state entries in the IPDT table to remain in the ACTIVE state until the port moves to non-forwarding state or lease of those entries are removed. Command History Command introduced in version 6.6.0 firmware.
Default Configuration The default probe interval is 30 seconds. Command Mode Global Configuration mode User Guidelines Systems with a large number of ports should consider the use of a larger probe interval. Command History Command introduced in version 6.6.0 firmware. Example This example globally enables IPDT and sets the probe interval to 1 minute.
User Guidelines Systems with a large number of ports should consider the use of a larger missed response count. Command History Command introduced in version 6.6.0 firmware. Example This example globally enables IPDT and sets the missed probe count to 6. console(config)#ip device tracking console(config)#ip device tracking probe count 6 ip device tracking probe delay Use the ip device tracking probe delay command to configure the time to wait after a link up event before sending an ARP probe.
User Guidelines Reducing the delay allows IPDT to discover devices more quickly. Reducing the delay to too small of a value may cause IPDT to query a device during the quiet period after the host has sent a gratuitous ARP. The ARP probe may confuse the host and require the host interface to be reset. Use of the ip device tracking probe auto-source fallback may help to ameliorate this issue. Some network implementations have had good results with the delay set to around 10 seconds.
Default Configuration The source IP address in the probe packet for non-routing interfaces is set to the 0.0.0.0 address. Command Mode Global Configuration mode User Guidelines This command only applies to non-routed interfaces. Command History Command introduced in version 6.6.0 firmware. Example This example globally enables IPDT and sets the source IP address in the ARP packet destined to 10.5.5.20 to 10.5.5.1.
Command Mode Interface (Ethernet or Port-Channel) Configuration mode User Guidelines Invoking the normal form of the command (ip device tracking maximum value) clears all the entries learned on a specified interface and sets the maximum entries to be learned on that interface. Configuring the maximum limit to 0 effectively disables IPDT on the interface.
• mac mac-address—Clears the entries matching the mac-address. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode User Guidelines After clearing the table entries, ARP probes are sent to repopulate the table. Command History Command introduced in version 6.6.0 firmware. Example This example clears the IPDT entries on interface Gi1/0/1.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes User Guidelines The following fields are displayed: Field Description IP Address Learned IPv4 address of the device. MAC Address MAC address associated with the learned IPv4 address. VLAN VLAN identifier associated with an interface on which device is learned. Interface Interface name on which device is learned.
-----------------------------------------------------------------------------IP Address MAC Address Vlan Interface Time-left Time-since State Source to inactive inactive -----------------------------------------------------------------------------10.21.1.1 01:02:03:04:05:06 2 Gi1/0/1 30 0 ACTIVE ARP Total number interfaces enabled: 1 Enabled interfaces: Gi1/0/1 console#show ip device tracking all count IP Device Tracking ARP Entries Count .......... 40 IP Device Tracking DHCP Entries Count .........
-----------------------------------------------------------------------------IP Address MAC Address Vlan Interface Time-left Time-since State Source to inactive inactive -----------------------------------------------------------------------------10.21.1.1 01:02:03:04:05:06 2 Gi1/0/1 50 0 ACTIVE ARP 20.21.1.
IPv6 Access List Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria.
[sequence number] {deny | permit} {ipv6-protocol | number | every} {source-ipv6-prefix/prefix-length | any | host source-ipv6-address} [{range {portkey | startport} {portkey | endport} | {eq | neq | lt | gt} {portkey | 065535}] {destination-ipv6-prefix/prefix-length | any | host destination-ipv6address} [{range {portkey | startport} {portkey | endport} | {eq | neq | lt | gt} {portkey | 0-65535}] [flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack] [+urg | -urg] [established]] [flow-la
data, http, ntp, pop2, pop3, rip, smtp, snmp, telnet, tftp, telnet, time, who and www. Each of these keywords translates into its equivalent destination port number. • – When “range” is specified, IPv6 ACL rule matches only if the layer 4 port number falls within the specified port range. The startport and endport parameters identify the first and last ports that are part of the port range. They have values from 0 to 65535. The ending port must have a value equal or greater than the starting port.
• • – When “+” is specified, a match occurs if specified flag is set in the TCP header. – When “-” is specified, a match occurs if specified flag is *NOT* set in the TCP header. – When “established” is specified, a match occurs if specified either RST or ACK bits are set in the TCP header. – This option is visible only if the protocol is tcp.
• fragments—Specifies the rule matches packets that are non-initial fragments (fragment bit asserted). Not valid for rules that match L4 information such as TCP port number since that information is carried in the initial packet. IPv6 fragments contain an IPv6 Fragment extension header. • routing—Specifies that IP ACL rule matches on routed packets. Routed packets contain an IPv6 “routing” extension header.
User Guidelines A rule may either deny or permit traffic according to the specified classification fields. At a minimum, either the every keyword or the protocol, source address, and destination address values must be specified. The source and destination IPv6 address fields may be specified using the keyword any to indicate a match on any value in that field.
If a permit|deny clause is entered with the same sequence number as an existing rule, the configuration is denied with an error message. An implicit deny all condition is added by the system after the last MAC or IP/IPv6 access group if no route-map is configured on the interface. Every permit/deny rule that does not have a rate-limit parameter is assigned a counter. If counter resources become exhausted, a warning is issued and the rule is applied to the hardware without the counter.
console(config)#ipv6 access-list STOP_HTTP console(Config-ipv6-acl)#deny tcp 2001:DB8::0/32 any eq http console(Config-ipv6-acl)#permit every ipv6 access-list The ipv6 access-list command creates an IPv6 Access Control List (ACL) consisting of classification fields defined for the IP header of an IPv6 frame. Syntax ipv6 access-list name no ipv6 access-list name • name — Alphanumeric string of 1 to 31 characters uniquely identifying the IPv6 access list.
ipv6 access-list rename The ipv6 access-list rename command changes the name of an IPv6 Access Control List (ACL). This command fails if an IPv6 ACL with the new name already exists. Syntax ipv6 access-list rename name newname • name — the name of an existing IPv6 ACL. • newname — alphanumeric string from 1 to 31 characters uniquely identifying the IPv6 access list. Default Configuration There is no default configuration for this command.
• name — Alphanumeric string of 1 to 31 characters uniquely identifying the IPv6 access list. • in — The access list is applied to ingress packets. • out—The access list is applied to egress packets. • control-plane—The access list is applied to ingress control plane packets. This parameter is only available in Global Configuration mode. • seq-num — Order of access list relative to other access lists already assigned to this interface and direction.
Example The following example attaches an IPv6 access control list to an interface. console(config-if-Gi1/0/1)#ipv6 traffic-filter DELL_IP6 in Command History Syntax updated in the 6.4 release. show ipv6 access-lists Use the show ipv6 access-lists command in User Exec and Privileged Exec mode to display an IPv6 access list and all of the rules that are defined for the IPv6 ACL. Use the [name] parameter to identify a specific IPv6 ACL to display.
IPv6-ACL 43981900 asdasd 3981901 1 Gi1/0/8 Inbound 2 Gi1/0/7 Inbound console#show ipv6 access-lists IPv6-ACL IPV6 ACL Name: IPv6-ACL Inbound Interface(s): Gi1/0/8 Rule Number: 1 Action......................................... Match All...................................... Protocol....................................... Source IPV6 Address............................ Destination IPV6 Address....................... Destination Layer 4 Operator................... Destination L4 Port Keyword...........
IPv6 MLD Snooping Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches In IPv6, Multicast Listener Discover (MLD) snooping performs functions similar to IGMP snooping in IPv4. With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data, instead of being flooded to all ports in a VLAN. This list is constructed by snooping IPv6 multicast control packets.
• vlan-id — A VLAN identifier (Range 1-4093). • time — MLD group membership interval time in seconds. (Range: 23600) Default Configuration The default group membership interval time is 260 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console(config)#ipv6 mld snooping vlan 2 groupmembership-interval 1500 ipv6 mld snooping vlan immediate-leave This command enables or disables MLD Snooping immediate-leave mode on a selected VLAN.
User Guidelines Enabling immediate-leave allows the switch to immediately remove the Layer 2 LAN interface from its forwarding table entry upon receiving an MLD done message for that multicast group without first sending out MAC-based general queries to the interface. Enable immediate-leave admin mode only on VLANs where only one host is connected to each Layer 2 LAN port.
User Guidelines MLD listener message suppression is equivalent to IGMP report suppression. When MLD listener message suppression is enabled, the switch only sends the first report received for a group in response to a query. Listener message suppression is only applicable to MLDv1.
ipv6 mld snooping vlan mcrtrexpiretime The ipv6 mld snooping mcrtrexpiretime command sets the multicast router present expiration time. Syntax ipv6 mld snooping vlan vlan-id mcrtrexpiretime time no ipv6 mld snooping vlan vlan-id mcrtrexpiretime • vlan-id — A VLAN identifier (Range 1-4093). • time — Multicast router present expiration time in seconds. (Range: 1– 3600) Default Configuration The default multicast router present expiration time is 300 seconds. Command Mode Global Configuration mode.
• vlan-id — A VLAN identifier (Range 1-4093). • interface-id— The next-hop interface to the multicast router. Default Configuration There are no multicast router ports configured by default. Command Mode Global Configuration mode. User Guidelines MLD snooping will forward IPv6 multicast data packets in the VLAN if a static mrouter port is configured.
User Guidelines Use this command without parameters to globally enable MLD Snooping. Use the no form of the command to disable MLD Snooping. Use the vlan parameter to enable MLD Snooping on a specific VLAN. It is recommended that IGMP snooping should be enabled whenever MLD snooping is enabled to ensure that unwanted pruning of multicast protocol packets used by other protocols does not occur. Enabling MLD snooping on an IPv6 L3 multicast router is recommended.
User Guidelines With no optional arguments, the command displays the following information: • Admin Mode — Indicates whether or not MLD Snooping is active on the switch. • Multicast Control Frame Count— Displays the total number of IGMP or PIM packets which have been received (same as IPv4). • Flooding Unregistered to All Ports—Indicates if Flooding Unregistered to All Ports is enabled.
Example console(config)#show ipv6 mld snooping Admin Mode..................................... Multicast Control Frame Count.................. SSM FDB Capacity............................... SSM FDB High Water Mark........................ SSM FDB Current Entries........................ Flooding Unregistered to All Ports............. Enable 6255 64 1 1 Disabled Vlan 1: -------MLD Snooping Admin Mode........................ Immediate Leave Mode........................... Group Membership Interval...........
User Guidelines This user guideline applies to all switch models.To see the full multicast address table (including static addresses) use the show mac address-table multicast command. Example This example shows MLDv2 snooping entries console#show ipv6 mld snooping groups Vlan ---1 Group ----------------------3333.0000.
User Guidelines MLD snooping forwards IPv6 multicast data plane packets to mrouter ports, including statically configured mrouter ports. If a static mrouter port is configured in a VLAN, MLD snooping will forward multicast data plane packets received on the VLAN even if the interface is down. This behavior can be used to ensure that MLD snooping will selectively forward IPv6 multicast data traffic even if no dynamically discovered IPv6 multicast router has been discovered.
IPv6 MLD Snooping Querier Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The MLD Snooping Querier is an extension of the MLD snooping feature. MLD Snooping Querier allows the switch to simulate an MLD router in a Layer 2-only network, thus removing the need to have an MLD router to collect the multicast group membership information. The querier function simulates a small subset of the MLD router functionality.
User Guidelines It is not recommended the MLD Snooping Querier be enabled on a switch enabled for IPv6 multicast routing. Example console(config)#ipv6 mld snooping querier ipv6 mld snooping querier (VLAN mode) Use the ipv6 mld snooping querier command in VLAN mode to enable MLD Snooping Querier on a VLAN. Use the no form of this command to disable MLD Snooping Querier on a VLAN. Syntax ipv6 mld snooping querier vlanvlan-id no ipv6 mld snooping querier vlan vlan-id • vlan-id — A VLAN identifier.
Syntax ipv6 mld snooping querier address prefix[/prefix-length] no ipv6 mld snooping querier address • prefix — An IPv6 address prefix. • prefix-length — Designates how many of the high-order contiguous bits of the address make up the prefix. Default Configuration There is no global MLD Snooping Querier address configured by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Command Mode Global Configuration mode User Guidelines When enabled, if there is another querier in the network and the local querier is in election mode, then the querier with the lower IP address is elected and the other querier stops querying. If the local querier is not in election mode and another querier is detected, the local querier stops querying.
ipv6 mld snooping querier timer expiry Use the ipv6 mld snooping querier timer expiry command to set the MLD Querier timer expiration period. Use the no form of this command to reset the timer expiration period to the default. Syntax ipv6 mld snooping querier timer expiry timer ipv6 mld snooping querier timer expiry • timer — The time that the switch remains in Non-Querier mode after it has discovered that there is a multicast querier in the network.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines When the optional argument vlan vlan-id is not used, the command shows the following information: Parameter Description MLD Snooping Querier Mode Indicates whether or not MLD Snooping Querier is active on the switch. Querier Address Shows the IP Address which will be used in the IPv6 header while sending out MLD queries.
Operational State Indicates whether MLD Snooping Querier is in “Querier” or “Non-Querier” state. When the switch is in Querier state it will send out periodic general queries. When in Non-Querier state it will wait for moving to Querier state and does not send out any queries. Operational Version Indicates the version of MLD that will be used while sending out the queries. This is defaulted to MLD v1 and it can not be changed.
IP Source Guard Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches IP Source Guard (IPSG) is a security feature that filters IP packets based on source ID. The source ID may either be source IP address or a {source IP address, source MAC address} pair. The network administrator configures whether enforcement includes the source MAC address. The network administrator can configure static authorized source IDs.
Default Configuration By default, no sources are blocked. Command Mode Interface Configuration mode (Ethernet and port channel) User Guidelines DHCP snooping should be enabled on any ports for which ip verify source is configured. If ip verify source is configured on an interface for which DHCP snooping is disabled, or for which DHCP snooping is enabled and the port is trusted, incoming traffic on the interface is dropped. Incoming traffic is filtered based on the source IP address and VLAN.
Default Configuration By default, there are no static bindings configured. Command Mode Global Configuration mode User Guidelines The configured IP address and MAC address are used to match the source IP address and source MAC address for packets received on the interface. Hosts sending packets using the configured source IP address and source MAC address are trusted on the interface. Example console(config)#ip verify binding 00:11:22:33:44:55 vlan 1 1.2.3.
• ip: IPv4 address filtering • ipv6: IPv6 address filtering • ipv6-mac: IPv6 plus MAC address filtering • N/A: No filtering is configured on the interface Example console(config-if-Gi1/0/5)#show ip verify Interface ----------Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Gi1/0/9 Filter Type ----------ip ipv4-mac N/A N/A ipv4-mac N/A N/A N/A N/A console(config-if-Gi1/0/5)#show ip verify interface gi1/0/5 Interface ----------Gi1/0/5 Filter Type ----------ipv6-mac show ip verify so
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show ip verify source interface gigabitethernet 1/0/1 Interface Filter Type IP Address MAC Address Vlan ----------- ----------- --------------- ----------------- ----Gi1/0/1 ip 1.2.3.4 00:12:32:43:54:66 1 show ip source binding Use the show ip source binding command to display all bindings (static and dynamic).
iSCSI Optimization Commands Dell EMC Networking N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches iSCSI Optimization provides a means of performing configuration specific to storage traffic and optionally giving traffic between iSCSI initiator and target systems special Quality of Service (QoS) treatment. iSCSI Optimization is best applied to mixed-traffic networks where iSCSI packets constitutes a portion of overall traffic.
iSCSI Optimization borrows ACL lists from the global system pool. ACL lists allocated by iSCSI Optimization reduce the total number of ACLs available for use by the network operator. Enabling iSCSI Optimization uses one ACL list to monitor for iSCSI sessions for the application of any CoS treatment. iscsi cos Use the iscsi cos command in Global Configuration mode to set the quality of service profile that will be applied to iSCSI flows.
In general, the use of iSCSI CoS is not required. By default, iSCSI flows are assigned to the highest VPT/DSCP value that is mapped to the highest queue not used for stack management or the voice VLAN. Make sure you configure the relevant Class of Service parameters for the queue in order to complete the setting. Configuring the VPT/DSCP value sets the QoS profile which selects the egress queue to which the frame is mapped. The default setting for egress queues scheduling is Weighted Round Robin (WRR).
Default Configuration iSCSI is enabled by default. Command Mode Global Configuration mode User Guidelines This command modifies the running config to enable flow control on all interfaces. Monitoring for EqualLogic Storage arrays via LLDP is enabled by this command. Upon detection of an EQL array, the specific interface involved will have spanning-tree portfast enabled and unicast storm control disabled. These changes appear in the running config.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example The following example displays the iSCSI configuration.
Link Dependency Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Link dependency allows the link status of a group of interfaces to be made dependent on the link status of other interfaces. The effect is that the link status of a group that depends on another interface either mirrors or inverts the link status of the depended-on interface. Circular dependencies are not allowed. For example, if port-channel 1 in group 1 depends on port-channel 2.
Example console(config-depend-1)#action up link-dependency group Use the link-dependency group command to enter the link-dependency mode and configure a link-dependency group. Syntax link-dependency group GroupId no link-dependency group GroupId • GroupId — Link dependency group identifier. (Range: 1–72) Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The preference of a group is to remain in the up state.
• intf-list — List of Ethernet interface identifiers or port channel identifiers or ranges. Separate nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports. Default Configuration This command has no default configuration. Command Mode Link Dependency mode User Guidelines Adding an interface to a dependency list brings the interface down until the depends-on command is entered. The link status will then follow the interface specified in the depends-on command.
Default Configuration This command has no default configuration. Command Mode Link Dependency mode User Guidelines Circular dependencies are not allowed, i.e. interfaces added to the group may not also appear in the depends-on list of the same group or a different group. If an interface appears in the add list of any group, the interfaces in the corresponding depends-on list may not refer back to the interfaces in the add group.
User Guidelines Configure a link dependency group prior to using this command. Example The following command shows link dependencies for all groups. console#show link-dependency GroupId Member Ports Ports Depended On Link Action Group State ------- ----------------------------------------------------1 Gi4/0/2-3,Gi4/0/5 Gi4/0/10-12 Link Up Up/Down The following command shows link dependencies for group 1 only.
LLDP Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The IEEE 802.1AB standard defines the Link Layer Discovery Protocol (LLDP). This protocol allows stations residing on an IEEE802 LAN to advertise major capabilities, physical descriptions, and management information to physically adjacent devices, allowing a network management system (NMS) to access and display this information.
The receive function accepts incoming LLDPDU frames and stores information about the remote stations. Both local and remote data may be displayed by the user interface and retrieved using SNMP as defined in the LLDP MIB definitions. The component maintains one remote entry per physical network connection. The LLDP component manages a number of statistical parameters representing the operation of each transmit and receive function on a per-port basis.
Syntax clear lldp statistics Default Configuration By default, the statistics are only cleared on a system reset. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example displays how to reset all LLDP statistics. console#clear lldp statistics debug lldp Use the debug lldp command to display LLDP debug information. Use the no form of the command to halt the display of LLDP debug information.
User Guidelines Decode of LLDP packet information is limited. If possible, it is preferable to attach the Wireshark tool to the switch CPU to obtain a full decode, if an out-of-band port is available. Refer to the Remote Capture example in the User’s Configuration Guide. Command History Command introduced in version 6.5 firmware. lldp med This command is used to enable/disable LLDP-MED on an interface. By enabling MED, the transmit and receive functions of LLDP are effectively enabled.
Syntax lldp med confignotification no lldp med confignotification Command Mode Interface Configuration (Ethernet) mode Default Value By default, notifications are disabled on all Ethernet interfaces. User Guidelines There are no guidelines for this command. Example console(config)#lldp med confignotification lldp med faststartrepeatcount This command is used to set the value of the fast start repeat count.
Example console(config)# lldp med faststartrepeatcount 2 lldp med-tlv-select This command is used to specify which optional TLVs in the LLDP MED set are transmitted in the LLDPDUs. There are certain conditions that have to be met for a port to be MED compliant. These conditions are explained in the normative section of the ANSI/TIA-1057 specification. For example, the MED TLV 'capabilities' is mandatory. By disabling transmission of the MED capabilities TLV, MED is effectively disabled on the interface.
lldp notification Use the lldp notification command in Interface Configuration mode to enable remote data change notifications. To disable notifications, use the no form of this command. Syntax lldp notification no lldp notification Default Configuration By default, notifications are disabled on all supported interfaces. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines.
• interval — The smallest interval in seconds at which to send remote data change notifications. (Range: 5–3600 seconds) Default Configuration The default value is 5 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to set the interval value to 10 seconds.
Example The following example displays how to enable the LLDP receive capability. console(config-if-Gi1/0/3)#lldp receive lldp timers Use the lldp timers command in Global Configuration mode to set the timing parameters for local data transmission on ports enabled for LLDP. To return any or all parameters to factory default, use the no form of this command.
Examples The following example displays how to configure LLDP to transmit local information every 1000 seconds. console(config)#lldp timers interval 1000 The following example displays how to set the timing parameter at 1000 seconds with a hold multiplier of 8 and a 5 second delay before reinitialization. console(config)#lldp timers interval 1000 hold 8 reinit 5 lldp transmit Use the lldp transmit command in Interface Configuration mode to enable the LLDP advertise (transmit) capability.
lldp tlv-select Use the lldp tlv-select command to specify which optional type-length-value settings (TLVs) in the 802.3 AB basic management set will be transmitted in the LLDPDUs. To disable transmission of an optional TLV, use the no form of this command. To return the configuration to the default, use the no form of the command with no arguments.
The string configured by the hostname command is transmitted by the system-name TLV. If no TLV argument is given, the configuration remains unchanged. Use the show lldp remote-device all command to see the advertised LLDP neighbor information. The management address TLV is type 8. The switch will send the address of the service port, if available, otherwise, the IP address of the switch, if defined, otherwise, the MAC address of the switch. The interface numbering subtype sent is always IfIndex.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the current LLDP configuration summary. console#show lldp LLDP Global Configuration Transmit Interval............................ Transmit Hold Multiplier..................... Reinit Delay................................. Notification Interval........................
User Guidelines This command has no user guidelines. Examples This example show how the information is displayed when you use the command with the all parameter.
Interface Link Transmit Receive Notify TLVs Mgmt --------- ---- -------- -------- -------- ------- ---Gi1/0/1 Up Enabled Enabled Enabled 0,1,2,4 Y TLV Codes: 0 – Port Description, 1 – System Name, 2 – System Description, 3 – System Capabilities, 4-Port VLAN show lldp local-device Use the show lldp local-device command to display the advertised LLDP local data. This command can display summary information or detail for each interface.
console# show lldp local-device detail Gi1/0/1 LLDP Local Device Detail Interface: Gi1/0/1 Chassis ID Subtype: MAC Address Chassis ID: 00:62:48:00:00:00 Port ID Subtype: Interface Name Port ID: Gi1/0/1 Port VLAN: 22 System Name: System Description: Routing Port Description: System Capabilities Supported: bridge, router System Capabilities Enabled: bridge Management Address: Type: IPv4 Address: 192.168.17.25 show lldp med This command displays a summary of the current LLDP MED configuration.
show lldp med interface This command displays a summary of the current LLDP MED configuration for a specific interface. Syntax show lldp med interface {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port| all} • all — Shows information for all valid LLDP interfaces.
Syntax show lldp med local-device detail {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port} Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes Default Value Not applicable Example Console#show lldp med local-device detail gi1/0/8 LLDP MED Local Device Detail Interface: Gi1/0/8 Network Policies Media Policy Application Type : voice Vlan ID: 10 Priority: 5 DSCP: 1 Unknown: False Tagged: True Media Policy Application Type : streamingvideo Vlan ID: 20 Pri
Extended POE Device Type: pseDevice Extended POE PSE Available: 0.3 watts Source: primary Priority: critical Extended POE PD Required: 0.2 watts Source: local Priority: low show lldp med remote-device This command displays the current LLDP MED remote data. This command can display summary information or detail for each interface.
Local Interface --------Gi1/0/13 Gi1/0/16 Gi1/0/23 RemoteID ---------1 2 6 Device Class -------------------Class I Class II Not Defined Console#show lldp med remote-device detail Gi1/0/1 LLDP MED Remote Device Detail Local Interface: 1/0/1 Capabilities MED Capabilities Supported: capabilities, networkpolicy, location, extendedpse MED Capabilities Enabled: capabilities, networkpolicy Device Class: Endpoint Class I Network Policies Media Policy Application Type : voice Vlan ID: 10 Priority: 5 DSCP: 1 Unkno
Device Type: pseDevice Extended POE PSE Available: 0.3 Watts Source: primary Priority: critical Extended POE PD Required: 0.2 Watts Source: local Priority: low show lldp remote-device Use the lldp remote-device command to display the current LLDP remote data. This command can display summary information or detail for each interface. Syntax show lldp remote-device {detail interface | interface | all} • detail — Includes detailed version of remote data.
Examples These examples show current LLDP remote data, including a detailed version.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following examples shows an example of the display of current LLDP traffic statistics. The output is abbreviated for the all form of the command. console#show lldp statistics all LLDP Device Statistics Last Update.................................. 0 days 22:58:29 Total Inserts.........
Total Drops.................................. 0 Total Ageouts................................ 0 Tx Rx TLV Interface Total Total Discards Errors Ageout Discards --------- ----- ----- -------- ------ ------ -------Gi1/0/7 2297 2298 0 0 0 0 TLV Unknowns -------0 TLV MED ---0 TLV 802.1 ----0 TLV 802.3 ----10 The following table explains the fields in this example. Fields Description Last Update The value of system of time the last time a remote data entry was created, modified, or deleted.
Fields Description TLV MED Number of OUI specific MED (Media Endpoint Device) TLVs received. TLV Number of OUI specific TLVs received. TLV 802.3 Number of OUI specific 802.3 specific TLVs received.
Loop Protection Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Loop protection detects physical and logical loops between Ethernet ports on a device. Loop protection must be enabled globally before it can be enabled at the interface level. keepalive (Interface Config) Use the keepalive command in Interface Configuration mode to enable loop protection on an interface. Use the no form of the command to return the configuration to the defaults.
• Data: 0 Since all switch ports share the same MAC address, if any interface receives CTP packets transmitted by the switch in excess of the configured limit, that interface is error disabled with a Loop Protection cause. Looped CTP packets received on a routed interface are ignored and will not error-disable the interface. This is because routed interfaces receiving a packet addressed to the router will not unicast flood the packet to the VLAN. The switch never sends a response to received CTP packets.
Syntax keepalive [ period [ count ] ] no keepalive • period – Configures the interval for the transmission of keepalive packets. Default: 10 seconds • count – Configures the number of consecutive CTP packets addressed to and received by the local switch before the interface is error disabled. Default: 3 packets. Default Configuration Loop protection is disabled globally by default. The default period is 10 seconds. The default count is 3 packets.
This example configures the CTP transmit interval to 5 seconds. If an interface receives two CTP packets, it error disables the interface. console(config)#keepalive 5 2 In the next example, if the CTP transmit interval is configured to 5 seconds, if an interface receives three CTP packets, it will error disable the interface. console(config)#no keepalive keepalive action Use the keepalive action command to configure the action taken when a loop is detected on an interface.
Command History Implemented in version 6.3.0.1 firmware. Syntax corrected in 6.4 release. Example The following example configures loop protection to log detected loop conditions without error disabling the port. console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#keepalive action log-only show keepalive Use the show keepalive command to display the global loop protect configuration. Syntax show keepalive Default Configuration There is no default configuration.
Command History Implemented in version 6.3.0.1 firmware. Example updated in 6.4 version. Example console#show keepalive Keepalive Service.............................. Enabled Transmit Interval.............................. 10 Retry Count.................................... 3 show keepalive statistics Use the show keepalive statistics command to display the loop protect status for one or all interfaces.
Loop Count The number of CTP packets detected. Time Since Last Loop The last time a loop was detected. Rx Action Action when a loop is detected (Error disable, Log). Port Status Current port status (Enable, Disable). Command History Implemented in version 6.3.0.1 firmware.
MLAG Commands Dell EMC Networking N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches MLAG enables a LAG to be created across two independent switches, so that some member ports of a MLAG can reside on one switch and the other members of a MLAG can reside on another switch. The partner switch on the remote side can be a MLAG-unaware unit. To the MLAG unaware switch, the MLAG appears to be a single LAG connected to a single switch.
Syntax feature vpc no feature vpc Default Configuration By default, the MLAG feature is not globally enabled. Command Modes Global Configuration mode User Guidelines The MLAG configuration is retained even when the feature is disabled. The peer link will not be enabled if the VPC feature is not enabled. MLAG role election occurs if the MLAG feature is enabled and the keepalive state machine is enabled.
Command Modes MLAG Domain Configuration mode User Guidelines Use of the Dual Control Plane Detection Protocol is optional. It provides a second layer of redundancy beyond that provided by the peer link protocol. System that operate without the DCPDP protocol enabled (and use static LAGs) run the risk of a split brain scenario in the case of peer link failure. Example console(config)#vpc domain 1 console(config-vpc 1)#peer-keepalive enable console(config-vpc 1)#peer-keepalive destination 192.168.0.
User Guidelines This command configures the DCPDP transmission and timeout values. If an MLAG switch does not receive DCPDP messages from the peer for the configured timeout value, it takes the decision to transition its role (if required). Command History Introduced in version 6.2.0.1 firmware.
User Guidelines Changes to the DCPDP configuration do not take effect until the protocol is disabled and then re-enabled. Both the local switch and the MLAG peer switch must be configured identically. The recommended procedure to update these parameters is to disable the DCPDP protocol on both switches, configure the new parameters on both switches, and then re-enable the DCPDP protocol on both switches. The Dual Control Plane Detection Protocol is a UDP-based protocol.
Syntax peer-keepalive enable no peer-keepalive enable Default Configuration The peer keepalive protocol is disabled by default. Command Modes MLAG Domain Configuration mode User Guidelines MLAG will not become operational until the peer keepalive protocol detects a peer and syncs the peer information. Peer keepalive timeout state transitions are suppressed if the Dual Control Plan Detection (DCPDP) is enabled and detects that the peer is still alive.
processes control traffic and sends LACP and BPDU packets with a unique source MAC address (the system MAC of the local switch). The MLAG connected devices become aware that they are connected to two devices and, if LACP is enabled, block the links to one of the peers as a new actor ID is received. STP re-convergence may also occur in this scenario. Example console(config)#vpc domain 1 console(config-vpc 1)#peer-keepalive enable console(config-vpc 1)#peer-keepalive destination 192.168.0.2 source 192.168.0.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-vpc 1)# peer-keepalive timeout 10 role priority Use the role priority command to configure the priority value used on a switch for primary/secondary role selection. The primary switch is responsible for maintaining and propagating spanning-tree and link-aggregation to the secondary switch. Use the no form of the command to return the switch priority to the default value.
Changes to the priority value are not preemptive. The keepalive role selection state machine is not restarted even if the keepalive priority is modified post election. This means that priority value changes in a running MLAG domain do not affect the selection of the primary and secondary switches. In order for changes to take effect, disable the VPC with the no feature vpc command and re-enable it.
Self member ports -----------------------Gi1/0/2 Gi1/0/6 Status --------Up Down show vpc brief Use the show vpc brief command to display the MLAG global status. The command displays the current MLAG operational mode as well as the peerlink and keepalive status is also displayed. The number of configured and operational MLAGs along with the system MAC and role are also displayed. Syntax show vpc brief Default Configuration There is no default configuration for this command.
Example console#show vpc brief VPC domain id is not configured. console#show vpc brief VPC Domain ID...................................2 VPC admin status................................Disabled Keepalive admin status..........................Disabled VPC operational status..........................Disabled Self role.......................................None Peer role.......................................None Peer detection admin status.....................Disabled Operational VPC MAC......................
Interface...................................... Po3 Configured Vlans............................... 1,10,11,12,13,14,15,16,17 VPC Interface State............................ Active show vpc consistency-parameters Use the show vpc consistency parameters on both MLAG peers to display MLAG related configuration information in a format suitable for comparison with the other MLAG peer.
VPC VPC VPC VPC VPC MST System MAC Address System Priority System MAC Address System Priority Domain ID VLAN Configuration Instance ------------1 2 4 32767 00:1E:C9:DE.
-----------Gi1/0/1 Gi1/0/2 --------100 100 -------Full Full MST VLAN Configuration Instance ------------1 2 Associated VLANS ----------------------------------7,8 4,5 RSTP-PV Configuration: STP Port Priority: VLAN ------ <0-240> Port Priority ----------------<0-240> Cost --------------------------Auto | <1- 200000000> show vpc consistency-features Use the show vpc consistency parameters on both MLAG peers to display MLAG related configuration information in a format suitable for comparison with
show vpc peer-keepalive Use the show vpc peer-keepalive command to display the peer MLAG switch’s IP address used by the Dual Control Plane Detection Protocol. The port used for the Dual Control Plane Detection Protocol is shown, as well as if peer detection is enabled or not. If enabled, the detection status is displayed. Syntax show vpc peer-keepalive Default Configuration There is no default configuration for this command.
Syntax show vpc role Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode and above User Guidelines A VPC domain ID must be configured for this command to display the VPC role. Example console# show vpc role Self ---VPC domain ID...................................1 Keepalive config mode.......................... Enabled Keepalive operational mode..................... Enabled Role Priority.................................. 100 Configured VPC MAC....
show vpc statistics Use the show vpc statistics command to display the counters for the keepalive messages transmitted and received by the MLAG switch. Syntax show vpc statistics {peer-keepalive | peer-link} Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode and above User Guidelines There are no user guidelines for this command. Example (console)# show vpc statistics peer-keepalive Total transmitted.......................................
Peer Peer Peer Peer Peer Peer Peer link link link link link link link BPDU’s Tx error.............................. BPDU’s received from peer.................... BPDU’s Rx error.............................. LACPDU’s transmitted to peer................. LACPDU’s Tx error............................ LACPDU’s received from peer.................. LACPDU’s Rx error............................ (console)#show vpc statistics peer-link Peer link control messages transmitted.........
User Guidelines The VPC domain MAC address must be the same on both MLAG peer devices. The MAC address is a unicast MAC address in aa:bb:cc:dd:ee:ff format and is not equal to the physical MAC address of either the primary VPC or secondary VPC device. The configured VPC domain MAC address is exchanged during role election and, if configured differently on the peer devices, VPC does not become operational.
User Guidelines The system priority must be configured identically on all VPC peers. If the configured VPC system priority is different on any VPC peer, the VPC will not come up. The system-priority is present in the LACP PDUs that are sent out on VPC member ports. When the VPC system priority is configured after a VPC primary device is elected, the already agreed operational VPC system priority is used in the LACP PDUs instead of the newly configured VPC system priority.
This configuration must be present on both the primary and secondary switches. The port channel number and VPC number can be different from each other but the mapping must be the same on the primary and secondary MLAG peers (i.e., the port channel number must map to the same VPC number on both MLAG peers). Command Modes Port-channel mode User Guidelines The peer keepalive protocol is required for MLAG operation. Configure a LAG between the two MLAG peers as an MLAG peer link before executing this command.
Default Configuration By default, no MLAG domains are configured. Command Modes Global Configuration mode User Guidelines Only one MLAG domain per MLAG is supported. This command creates a VPC domain with the specified domain-id and enters into the VPC domain configuration mode. Only one VPC domain can be created on a given device. The domain-id of the VPC domain should be equal to the one configured on the other VPC peer with this device wants to form a VPC pair.
Syntax vpc peer-link no vpc peer-link Default Configuration There are no peer links configured by default. Command Modes Port-channel configuration mode User Guidelines This configuration must the present on both the primary and secondary switches. The peer keepalive protocol is required for MLAG operation. Configure and enable a LAG between the two MLAG peers as an MLAG peer link before executing this command.
Multicast VLAN Registration Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Series Switches Multicast VLAN registration (MVR) is a method for consolidating multicast traffic from multiple VLANs onto a single VLAN. A typical usage scenario would be the distribution of a multicast group to a switch using a single VLAN where the switch has users in different VLANs subscribing to the multicast group.
mvr Use the mvr command in Global Configuration and Interface Configuration modes to enable MVR. Use the no form of this command to disable MVR. Syntax mvr no mvr Default Configuration The default value is Disabled. Command Mode Global Configuration, Interface Configuration User Guidelines MVR can only be configured on Ethernet interfaces. mvr group Use the mvr group command in Global Configuration mode to add an MVR membership group. Use the no form of the command to remove an MVR membership group.
Command Mode Global Configuration User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message None Error Completion Message • Not an IP multicast group address • Illegal IP multicast group address Example console(config)#mvr console(config)#mvr group 239.0.1.0 31 console(config)#mvr vlan 10 mvr mode Use the mvr mode command in Global Configuration mode to change the MVR mode type.
User Guidelines This command has no user guidelines. mvr querytime Use the mvr querytime command in Global Configuration mode to set the MVR query response time. The query time is the maximum time to wait for an IGMP membership report on a receiver port before removing the port from the multicast group after receiving a leave message. The query time only applies to receiver ports and is specified in tenths of a second. Use the no form of the command to set the MVR query response time to the default value.
console(config)#mvr mode dynamic console(config)#mvr querytime 10 mvr vlan Use the mvr vlan command in Global Configuration mode to set the MVR multicast VLAN. Use the no form of the command to set the MVR multicast VLAN to the default value. Syntax mvr vlan vlan-id no mvr vlan • vlan-id—Specifies the port on which multicast data is expected to be received. Source ports should belong to this VLAN. Default Configuration The default value is 1.
Syntax mvr immediate no mvr immediate Default Configuration The default value is Disabled. Command Mode Interface Configuration User Guidelines Immediate leave should only be configured on ports with a single receiver. When immediate leave is enabled, a receiver port will leave a group on receipt of a leave message. Without immediate leave, upon receipt of a leave message, the port sends an IGMP query and waits for an IGMP membership report.
• source—Configure the port as a source port. Source ports are ports over which multicast data is received or sent. Default Configuration The default value is None. Command Mode Interface Configuration User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message None Error Completion Message • Port is a Trunk port, operation failed. • Receiver port in mVLAN, operation failed.
Syntax mvr vlan vlan-id group A.B.C.D no mvr vlan vlan-id group A.B.C.D • vlan-id—The VLAN over which multicast data from the specified group is to be received. • A.B.C.D.—The multicast group for which multicast data is to be received over the specified VLAN. Default Configuration This command has no default configuration. Command Mode Interface Configuration User Guidelines This command statically configures a port to receive the specified multicast group on the specified VLAN.
Syntax show mvr Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message None Error Completion Message MVR disabled The following table explains the output parameters. Parameter Description MVR Running MVR running state. It can be enabled or disabled.
MVR MVR MVR MVR MVR multicast VLAN....................... Max Multicast Groups................. Current multicast groups............. Global query response time........... Mode................................. 1200 64 1 10 (tenths of sec) compatible show mvr members Use the show mvr members command to display the MVR membership groups allocated. Syntax show mvr members [A.B.C.D] • A.B.C.D—A valid multicast address in IPv4 dotted notation.
Parameter Description Members The list of ports which participates in the specific MVR group. Examples console#show mvr members MVR Group IP Status -------------------------------224.1.1.1 INACTIVE Members --------------------Gi1/0/1, Gi1/0/2, Gi1/0/3 console#show mvr members 224.1.1.1 MVR Group IP Status -------------------------------224.1.1.
Message Type Message Description Error Completion Message MVR disabled The following table explains the output parameters. Parameter Description Port Interface number Type The MVR port type. It can be None, Receiver, or Source type. Status The interface status. It consists of two characteristics: 1 active or inactive indicating if port is forwarding. 2 inVLAN or notInVLAN indicating if the port is part of any VLAN Immediate Leave The state of immediate mode. It can be enabled or disabled.
Syntax show mvr traffic Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message None Error Completion Message MVR disabled Examples The following table explains the output parameters. Parameter Description IGMP Query Received Number of received IGMP Queries.
console#show mvr traffic IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP Query Received............................ Report V1 Received........................ Report V2 Received........................ Leave Received............................ Query Transmitted......................... Report V1 Transmitted..................... Report V2 Transmitted..................... Leave Transmitted......................... Packet Receive Failures................... Packet Transmit Failures..................
Port Channel Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches A port channel is a set of one or more links that can be aggregated together to form a bonded channel (Link Aggregation Group or LAG or port channel). Individual conversations in a particular direction always travel over a single link in the port channel, however, in aggregate, the bandwidth usage of all of the links is fairly evenly distributed.
unable to buffer the requisite number of frames will show excessive frame discard. Configuring copper and fiber ports together in an aggregation group is not recommended. If a dynamic LAG member sees an LACPDU that contains information different from the currently configured default partner values, that particular member drops out of the LAG. This configured member does not aggregate with the LAG until all the other active members see the new information.
VLANs and LAGs When Ethernet interfaces are added to a LAG, they are removed from all existing VLAN membership and take on the VLAN membership of the LAG. When members are removed from a LAG, the members regain the Ethernet interface VLAN membership as per the configuration. LAG Thresholds In many implementations, a LAG is declared as up if any one of its member ports is active. This enhancement provides configurability for the minimum number of member links to be active to declare a LAG up.
• Source/Destination IP and source/destination TCP/UDP Port fields of the packet. Enhanced LAG Hashing Dell EMC Networking devices based on Broadcom XGS-IV silicon support configuration of hashing algorithms for each LAG interface. The hashing algorithm is used to distribute traffic load among the physical ports of the LAG while preserving the per-flow packet order. NOTE: Enhanced hashing mode is not supported on the N1100ON/N1500 Series switches.
Flexible Assignment of Ports to LAGs Assignment of interfaces to dynamic LAGs is based upon a maximum of 144 interfaces assigned to dynamic LAGs, a maximum of 128 dynamic LAGs and a maximum of 8 interfaces per dynamic LAG. For example, 128 LAGs may be assigned 2 interfaces each or 18 LAGs may be assigned 8 interfaces each. NOTE: The N1100-ON/N1500 Series switches support 64 port channels.
console(config-if-Gi1/0/5)# channel-group 1 mode on The following example shows how port gi1/0/6 is configured to port-channel 2 with LACP (dynamic LAG). console(config)# interface gigabitethernet 1/0/6 console(config-if-Gi1/0/6)# channel-group 2 mode active interface port-channel Use the interface port-channel command in Global Configuration mode to enter port-channel configuration mode. Syntax interface port-channel port-channel-number Default Configuration This command has no default configuration.
• port-channel-range — List of port-channels to configure. Separate nonconsecutive port-channels with a comma and no spaces. A hyphen designates a range of port-channels. (Range: valid port-channel) • all — All the channel-ports. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Commands in the interface range context are executed independently on each interface in the range.
• 4 — Destination IP and destination TCP/UDP port • 5 — Source/destination MAC, VLAN, EtherType, and source MODID/port • 6 — Source/destination IP and source/destination TCP/UDP port • 7 — Enhanced hashing mode. This mode is not available on Dell EMC Networking N1100-ON/N1500 Series switches. Default Configuration The default hashing mode is 7—Enhanced hashing mode. On Dell EMC Networking N1100-ON/N1500 Series switches, the default hashing mode is 5.
Default Configuration The default port priority value is 1. Command Mode Interface Configuration (Ethernet) mode Interface Range mode User Guidelines Per IEEE 802.1AX-2008 Section 5.6, ports are selected for aggregation by each switch based upon the port priority assigned by the switch with the higher system priority, starting with the highest priority port of the switch with the higher switch priority, and working downward through the ordered list of port priority values for the ports.
no lacp system-priority • value — System priority value. (Range: 1–65535) Default Configuration The default system priority value is 1. Command Mode Global Configuration mode User Guidelines Per IEEE 802.1AX-2008 Section 5.
Syntax lacp timeout {long | short} no lacp timeout • long — Specifies a long timeout value. • short — Specifies a short timeout value. Default Configuration The default port timeout value is long. Command Mode Interface Configuration (Ethernet) mode Interface Range mode User Guidelines The LACP time-out setting indicates a local preference for the rate of LACPDU transmission and the period of time before invalidating received LACPDU information. This setting is negotiated with the link partner.
Syntax port-channel local-preference no port-channel local-preference Default Configuration By default, port channels are not configured with local preference. Command Mode Interface Configuration (port-channel) mode User Guidelines For a LAG that contains links distributed across stacking units, the default behavior is to distribute locally received ingress traffic across all LAG links in the stack per the selected hashing algorithm.
port-channel min-links Use the port-channel min-links command in Interface Configuration (portchannel) mode to set the minimum number of links that must be up in order for the port channel interface to be declared up. Use the no form of the command to return the configuration to the default value (1). Syntax port-channel min-links <1-8> no port-channel min-links • min-links—The minimum number of links that must be active before the link is declared up. Range 1-8. The default is 1.
Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The command displays the following information. Parameter Description Channel Number of the port channel to show. This parameter is optional. If the port channel number is not given, all the channel groups are displayed. (Range: Valid port-channel number, 1 to 48). • Ports—The ports that are members of the port-channel.
show lacp Use this command to display LACP information for Ethernet ports. Syntax show lacp {gigabitethernet unit/slot/port| tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}[parameters | statistics] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
port Admin priority: port oper priority: port Oper timeout: LACP Activity: Aggregation: synchronization: collecting: distributing: expired: port Gi1/0/1 LACP Statistics: LACP PDUs send: LACP PDUs received: 0 0 LONG PASSIVE NOTAGGREGATABLE FALSE FALSE FALSE FALSE 0 0 show statistics port-channel Use the show statistics port-channel command to display statistics about a specific port-channel.
Packets Packets Packets Packets Packets Packets Packets Packets Packets Packets Packets Packets Received 512-1023 Octets............... Received 1024-1518 Octets.............. Received > 1518 Octets................. RX and TX 64 Octets.................... RX and TX 65-127 Octets................ RX and TX 128-255 Octets............... RX and TX 256-511 Octets............... RX and TX 512-1023 Octets.............. RX and TX 1024-1518 Octets............. RX and TX 1519-2047 Octets.............
FCS Errors..................................... 0 Underrun Errors................................ 0 Total Transmit Packets Discarded............... Single Collision Frames........................ Multiple Collision Frames...................... Excessive Collision Frames..................... 0 0 0 0 802.3x Pause Frames Transmitted................ GVRP PDUs received............................. GVRP PDUs Transmitted.......................... GVRP Failed Registrations......................
Port Monitor Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Dell EMC Networking switches allow the user to monitor traffic with an external network analyzer. The external network analyzer can use any of the Ethernet ports as a probe port. The probe port transmits a mirror copy of the traffic being probed. SPAN and RSPAN encapsulation is supported.
• Once configured, there is no network connectivity on the probe (destination) port. The probe port does not forward any traffic and does not receive any traffic. The probe tool attached to the probe port is unable to ping the networking device or ping through the networking device, and no device is able to ping the probe tool.
User Guidelines Packets that are transmitted or received by the switch CPU may be captured to the switch file system, to local memory, or sent to a WireShark client. Packets captured to the switch file system are stored in pcap format and may be copied from the system and opened with WireShark or TShark or other utilities. Packets sent to the console are written in ASCII hex format. When WireShark is configured and connected to the switch, packet capture is controlled by WireShark.
Syntax monitor capture {start [transmit | receive | all] | stop} • Transmit—Capture packets transmitted by the switch CPU. • Receive—Capture packets forwarded to the switch CPU. • All—Capture both transmitted and received packets. Default Configuration Capture is not enabled by default. By default, both transmitted and received packets are captured. Command Modes Privileged Exec mode User Guidelines In general, starting packet capture erases the previous capture buffer contents.
• file—Captured packets are sent to the file system. Default Configuration By default, remote capture is configured. Command Modes Global Configuration mode User Guidelines Only one file, remote, or line may be specified. Setting the mode takes effect immediately. Use the monitor capture start command to start the capture. Memory Capture: Captured packets can be displayed on the console using the show monitor capture packets command.
and saved into the RAM. Capturing packets can be stopped manually before 128 packets have been captured using the monitor capture stop command to halt packet capture. If capturing is in progress, the show monitor capture packets command displays only captured packets that have not yet been displayed during capturing session. If capturing is stopped, the first (after stopping) show monitor capture packets command displays packets which have not yet been displayed during capturing session.
If capturing is in progress, the show monitor capture packets command displays only the captured packets that have not yet been displayed during the capturing session. If capturing is stopped, the first (after stopping) show monitor capture packets command displays the packets that have not yet been displayed during the capturing session. The next show monitor capture packets command displays up to 128 captured packets.
The remote capture application listens on the configured TCP port for a connection request. Wireshark must send a request to that port to establish a connection. Once the socket connection to Wireshark has been established, captured CPU packets are written to the data socket. Wireshark receives the packets and processes them locally. This continues until the session is terminated by either end.
monitor session Use the monitor session command in Global Configuration mode to configure the source and destination for mirroring. Packets are copied from the source to the destination. Use the no form of the command to disable the monitoring session.
• mode—Enable session mirroring. Use the no form of the command to disable monitoring. • remove-rspan-tag—Remove the RSPAN tag from packets transmitted on the probe port. Default Configuration The default is to mirror both transmit and receive directions. If neither tx or rx is configured, both directions are monitored. Command Mode Global Configuration mode User Guidelines Use the source interlace parameter to specify the interface to monitor.
• Any other combination of up to 4 total ingress or egress mirroring may be active. Destination (probe) interfaces do not perform MAC learning and drop ingress traffic (forwarding is disabled and incoming packets are dropped). Routing, spanning-tree, and port channel configuration are operationally disabled on probe ports. Destination interfaces must be dedicated to the monitoring function (i.e., connected to a PC running WireShark or some other packet decoder).
Monitored traffic is encapsulated in the RSPAN VLAN on the reflector port on the source switch. On a source switch, when both an RSPAN VLAN and reflector port are configured on a trunk or general mode port with other VLANs, the interface can also carry traffic on the other VLANs. For example, an uplink interface (trunk port) can carry both the RSPAN traffic and other traffic. Do not configure the RSPAN VLAN as a native VLAN on interfaces other than the uplink/transit/downlink interfaces.
Bidirectional mirroring of multiple ports in a network may result in duplicate packets transmitted on the probe port (one copy for the receive side and another copy for the transmit side). Configuring the mirroring as rx only may help to reduce this issue. RSPAN VLANs must be configured with the remote-span command prior to configuration in an RSPAN session. RSPAN intermediate switches may also be configured with multiple sources feeding into an existing RSPAN VLAN.
console(config)#vlan 723 console(config-vlan723)#remote-span console(config-vlan723)#exit console(config)#interface Te1/0/1 console(config-if-Te1/0/1)#switchport mode trunk console(config-if-Te1/0/1)#exit console(config)#monitor session 1 source interface gi1/0/3 both console(config)#monitor session 1 destination remote vlan 723 reflector-port Te1/0/1 console(config)#monitor session 1 mode console(config)#show monitor session 1 Session Admin mode Type Source ports Both Destination port Destination RSPAN VLA
remote-span Use this command to configure a VLAN as an RSPAN VLAN. Use the no form of the command to remove the remote SPAN characteristics from a VLAN and revert it to a normal MAC learning VLAN. Syntax remote-span no remote-span Default Configuration There is no default configuration for this command. Command Modes VLAN Configuration mode. User Guidelines Remote-span VLANs must be configured as a tagged VLAN on trunk or general mode ports on RSPAN transit switches.
Default Configuration This command has no default configuration. Command Modes Privileged Exec mode (all SHOW modes) User Guidelines This command has no user guidelines. Example console#show monitor capture Operational Status............................. Current Capturing Type......................... Capturing Traffic Mode......................... Line Wrap Mode................................. RPCAP Listening Port........................... RPCAP dump file size (KB)......................
Gi1/0/1 Length = 94 [RECEIVE] =================== 02:29:25.0000 0000 33 33 00 00 00 01 00 11 88 0010 86 dd 60 00 00 00 00 24 00 0020 00 00 00 00 88 ff fe 2f 8e 0030 00 00 00 00 00 00 00 00 00 0040 01 00 82 00 43 62 27 10 00 0050 00 00 00 00 00 00 00 00 00 =================== Gi1/0/1 Length = 94 [RECEIVE] =================== 02:29:26.
Examples The following example shows port monitor status. console(config)#show monitor session 1 Session Admin mode Type Source ports Both Destination ports IP access-group : : : : : : : 1 Disabled Local session Te1/0/10 Te2/0/20 a1 The following example shows the detailed status of the port based mirroring session that is constrained to a local switch.
RX Only Source RSPAN VLAN Destination Ports Dest RSPAN VLAN : : : : 100 None None 999 The following example shows the detailed status of a VLAN session on destination switch, where session is span across multiple switches.
Example The following example shows the RSPAN VLANs configured on the switch.
QoS Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Quality of Service (QoS) technologies are intended to provide guaranteed timely delivery of specific application data to a particular destination. In contrast, standard IP-based networks are designed to provide best effort data delivery service. Best effort service implies that the network delivers the data in a timely fashion, although there is no guarantee.
ACLs can be configured to apply to a VLAN instead of an interface. Traffic tagged with a VLAN ID (either receive-tagged or tagged by ingress process such as PVID) is evaluated for a match regardless of the interface on which it is received. Layer 2 ACLs The Layer 2 ACL feature provides access list capability by allowing classification on the Layer 2 header of an Ethernet frame, including the 802.1Q VLAN tag(s).
CoS mapping tables, port default priority, and hardware queue parameters may be configured on LAG interfaces as well as Ethernet port interfaces. Queue Mapping The priority of a packet arriving at an interface is used to steer the packet to the appropriate outbound CoS queue through a mapping table. Network packets arriving at an ingress port are directed to one of n queues in an egress port(s) based on the translation of packet priority to CoS queue.
DiffServ Standard IP-based networks are designed to provide “best effort” data delivery service. Best effort service implies that the network delivers the data in a timely fashion, although there is no guarantee that it will meet the latency or bandwidth requirements. During times of congestion, packets may be delayed, sent sporadically, or dropped. For typical Internet applications, such as email and file transfer, a slight degradation in service is acceptable and in many cases unnoticeable.
User Guidelines The queue id is the internal queue number (traffic class), not the CoS value. Use the show classofservice command to display the assignment of CoS and DSCP values to internal queue numbers. Example The following example displays how to change the queue ID to 4 for the associated traffic stream.
Example The following example shows how to specify the DiffServ class name of “DELL.” console(config)#class-map match-all DELL console(config-classmap)#exit console(config)#policy-map DELL1 in console(config-policy-map)#class DELL class-map Use the class-map command in Global Configuration mode to define a new DiffServ class of type match-all. To delete an existing class, use the no form of this command.
Enter the class-map command with the match-all/match-any parameter and a nonexistent class-map-name to create a new class map. The class-mapname must not be the same as any other class map or access group name. Use the no class-map form of the command without a match-all/match-any parameter to delete an existing class map. The match-all parameter indicates that all of the match criteria configured in the class map must be met for the packet to be processed by the class map.
console(config-classmap)#match access-group name voice-pass console(config-classmap)#match access-group name voice-all console(config- classmap)#exit console(config)#class-map match-all port-default console(config-classmap)#match access-group name default console(config- classmap)#exit console(config)#policy-map inbound in console(config-policy-map)#class voice-all console(config-policy-classmap)#mark ip dscp af41 console(config-policy-classmap)#exit console(config-policy-map)#class port-default console(con
Example The following example displays how to change the name of a DiffServ class from “DELL” to “DELL1.” console(config)#class-map rename DELL DELL1 console(config)# classofservice dot1p-mapping Use the classofservice dot1p-mapping command in Global Configuration mode to map an IEEE 802.1p user priority to an internal traffic class. In Interface Configuration mode, the mapping is applied only to packets received on that interface. Use the no form of the command to remove mapping between an 802.
Command Mode Global Configuration or Interface Configuration (Ethernet, Port-channel) mode User Guidelines None Example The following example globally configures a mapping for user priority 1 and traffic class 2. If trust mode is enabled for 802.1p (classofservice trust dot1p), packets received on any interface marked with IEEE 802.1p priority 1 will be assigned to internal CoS queue 2.
IP DSCP Traffic Class (queue-id) 0(be/cs0) 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8(cs1) 0 9 0 10(af11) 0 11 0 12(af12) 0 13 0 14(af13) 0 15 0 16(cs2) 0 17 0 18(af21) 0 19 0 20(af22) 0 21 0 22(af23) 0 23 0 24(cs3) 1 25 1 26(af31) 1 Layer 2 Switching Commands 719
IP DSCP Traffic Class (queue-id) 27 1 28(af32) 1 29 1 30(af33) 1 31 1 32(cs4) 2 33 2 34(af41) 2 35 2 36(af42) 2 37 2 38(af43) 2 39 2 40(cs5) 2 41 2 42 2 43 2 44 2 45 2 46(ef) 2 47 2 48(cs6) 3 49 3 50 3 51 3 52 3 53 3 54 3 Layer 2 Switching Commands 720
IP DSCP Traffic Class (queue-id) 55 3 56(cs7) 3 57 3 58 3 59 3 60 3 61 3 62 3 63 3 Command Mode Global Configuration mode User Guidelines The switch may be configured to trust either DSCP or CoS values, but not both. Setting the trust mode does not affect ACL packet matching, e.g. it is still possible to use an ACL that matches on a received CoS value and assigns the packet to a queue even when DSCP is trusted.
Syntax classofservice trust {dot1p | untrusted | ip-dscp} no classofservice trust • dot1p — Specifies that the mode be set to trust IEEE 802.1p packet markings. • untrusted — Sets the Class of Service Trust Mode to Untrusted. • ip-dscp — Specifies that the mode be set to trust IP DSCP packet markings. Default Configuration By default, the switch trusts IEEE 802.1p markings.
Syntax conform-color {class-map-name} [exceed-color { class-map-name } ] Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines This command must be preceded by a police command. If the conform-color command is not entered, the police algorithm uses the color-blind version, meaning in the incoming color is ignored. The conform-color command can be used with any of the three police algorithms.
Example The following example uses a simple policer to color TCP packets that exceed an average rate of 1000 Kbps or a burst size of 16 Kbytes as red. Conforming packets (those in CoS queue 1) are pre-colored green prior to metering. After metering, non-conforming packets are colored red. Both green and red packets are transmitted, but may be subject to further color-based action on egress.
Command Mode Global Configuration mode or Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command changes the scheduling policy for packet transmission of the selected CoS queues. It does not change the packet buffering policy nor does it reserve packet buffers to a CoS queue. The maximum number of queues supported per interface is seven.
Syntax cos-queue {random-detect queue-id1 [queue-id2..queue-idn]} no cos-queue {random-detect queue-id1 [queue-id2..queue-idn]} • queue-id—An integer indicating the internal CoS queue-id which is to be enabled for WRED. Range 0-6. Up to 7 queues may be simultaneously specified. Default Configuration WRED queue management policy is disabled by default. Tail-drop queue management policy is enabled by default.
N1500 Series Switches N1500 Series switches support a simple RED capability. The N1500 Series switch does not support configuration of the maximum threshold nor can the threshold or drop probability be configured for non-TCP traffic. Only the minimum threshold (min-thresh) and drop probability (drop-prob-scale) may be configured for the TCP colors green/yellow/red. The maximum threshold may not be configured nor can the threshold or drop probability be configured for non-TCP traffic.
This example configures simple RED on an N1500 series switch. CoS queue 1 is globally configured for simple RED with a congestion threshold of 50% and a drop probability of 0.781% for green colored traffic.
Strict priority scheduling is most useful when it is desirable that low-bit-rate time-sensitive traffic be queued ahead of other traffic. The administrator must be careful to limit the bandwidth assigned to the strict priority queue to avoid potential denial of service attacks. See the “Enterprise Voice VLAN Configuration With QoS” section in the Users Configuration Guide for a rate limiting example.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to set the DiffServ operational mode to active. console(Config)#diffserv drop Use the drop command in Policy-Class-Map Configuration mode to specify that all packets for the associated traffic stream are to be dropped at ingress. NOTE: This command is not available on the N1500 Series switches. Syntax drop Default Configuration This command has no default configuration.
mark cos Use the mark cos command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified class of service value in the user priority field of the 802.1p header. If the packet does not already contain this header, one is inserted. NOTE: This command is not available on the N1500 Series switches. Syntax mark cos cos-value • cos-value — Specifies the CoS value as an integer.
mark ip-dscp Use the mark ip-dscp command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified IP DSCP value. NOTE: This command is not available on the N1500 Series switches.
mark ip-precedence Use the mark ip-precedence command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified IP precedence value. NOTE: This command is not available on the N1500 Series switches. Syntax mark ip-precedence prec-value • prec-value — Specifies the IP precedence value as an integer. (Range: 0–7) Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines.
match access-group Use the match access-group command to add ACL match criteria to a class map. Use the no form of the command to remove the ACL match criteria. Syntax match access-group name name no match access-group name name • name—The name of an access-list. Only MAC, IPv4, and IPv6 access-lists are allowed. Default Configuration No access-lists are configured for a class-map.
If a packet matches a deny ACL class specified in a class-map, the packet does not match, no further matching is performed, and the class-map clause is not matched. No counters are instantiated for ACLs referenced in a class map. Command History Command introduced in version 6.5 firmware. Example The following example configures an access list arp-list with a policy that implements a simple policer for ARP packets coming from any of the hosts listed in the access list.
match class-map Use the match class-map command to add to the specified class definition the set of match conditions defined for another class. Use the no form of this command to remove from the specified class definition the set of match conditions defined for another class. NOTE: This command is not available on the N1500 Series switches.
• The total number of class rules formed by the complete reference class chain (including both predecessor and successor classes) must not exceed a platform-specific maximum. In some cases, each removal of a refclass rule reduces the maximum number of available rules in the class definition by one. Example The following example adds match conditions defined for the Dell class to the class currently being configured.
Example The following example displays adding a match condition to the specified class. console(config-classmap)#match cos 1 match destination-address mac Use the match destination-address mac command in Class-Map Configuration mode to add a match condition based on the destination MAC address of a packet. NOTE: This command is not available on the N1500 Series switches.
match any Use the match any command in Class-Map Configuration mode to allow matching on any of the specified match conditions. Use the no form of the command to remove the ACL match criteria and revert to match-all behavior. Syntax match any no match any Default Configuration The default matching for a class map is to match on all specified match conditions.
Example The following example configures a MAC access list arp-list with a policy that implements a simple policer for ARP packets coming from any of the hosts listed in the access list. Apply the policy to an interface using the servicepolicy in command in Interface Configuration mode. console(config)#mac access-list extended arp-list console(config-mac-access-list)#permit 00:01:02:03:04:05 0000.0000.0000 0x0806 console(config-mac-access-list)#permit 00:03:04:05:06:07 0000.0000.
Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays adding a match condition using the specified IP address and bit mask. console(config-classmap)#match dstip 10.240.1.1 255.255.255.1 match dstip6 The match dstip6 command adds a match condition based on the destination IPv6 address of a packet. NOTE: This command is not available on the N1500 Series switches.
Example console(config-classmap)#match dstip6 2001:DB8::0/32 match dstl4port Use the match dstl4port command in Class-Map Configuration mode to add a match condition based on the destination layer 4 port of a packet using a single keyword or a numeric notation. NOTE: This command is not available on the N1500 Series switches. Syntax match dstl4port {portkey | port-number} • portkey — Specifies one of the supported port name keywords. A match condition is specified by one layer 4 port number.
NOTE: This command is not available on the N1500 Series switches. Syntax match ethertype {keyword | 0x0600-0xffff} • keyword — Specifies either a valid keyword or a valid hexadecimal number. The supported keywords are appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp. (Range: 0x0600– 0xFFFF) Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines.
Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command. Example The following example adds a rule to match packets whose IPv6 Flow Label equals 32312.
User Guidelines This DSCP field is defined as the high-order six bits of the Service type octet in the IP header. The low-order two bits are not checked. The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation. To specify a match on all DSCP values, use the match ip tos tosbits tosmask command with tosbits set to “0” (zero) and tosmask set to hex “03.
User Guidelines The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation. To specify a match on all precedence values, use the match ip tos tosbits tosmask command with tosbits set to “0” (zero) and tosmask set to hex “1F.” Example The following example displays adding a match condition based on the value of the IP precedence field.
User Guidelines The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation. This specification is the free form version of the IP DSCP/Precedence/TOS match specification in that you have complete control of specifying which bits of the IP Service Type field are checked.
• igmp—Match IGMP protocol packets (Ethertype 0x0800 and IPv4 protocol 2).
Example The following example displays adding a match condition based on the “ip” protocol name keyword. console(config-classmap)#match protocol ip match source-address mac Use the match source-address mac command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source MAC address of the packet. NOTE: This command is not available on the N1500 Series switches.
match srcip Use the match srcip command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source IP address of a packet. NOTE: This command is not available on the N1500 Series switches. Syntax match srcip ipaddr ipmask • ipaddr — Specifies a valid IP address. • ipmask — Specifies a valid IP address bit mask. Note that although this IP address bit mask is similar to a subnet mask, it does not need to be contiguous.
Syntax match srcip6 source-ipv6-prefix/prefix-length • source-ipv6-prefix — IPv6 prefix in IPv6 global address format. • prefix-length — IPv6 prefix length value. Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command.
Command Mode Class-Map Configuration mode User Guidelines Only one srcl4port matching criteria can be specified. To remove the matching criteria, delete the class map. Example The following example displays how to add a match condition using the “snmp” port name keyword. console(config-classmap)#match srcl4port snmp match vlan Use the match vlan command in Class-Map Configuration mode to add to the specified class definition a match condition based on the value of the layer 2 VLAN Identifier field.
Example The following example displays adding a match condition for the VLAN ID “2.” console(config-classmap)#match vlan 2 mirror Use the mirror command in Policy-Class-Map Configuration mode to mirror all the data that matches the class defined to the destination port specified. NOTE: This command is not available on the N1500 Series switches. Syntax mirror interface • interface — Specifies the Ethernet port to which data needs to be copied.
Syntax police-simple {datarate burstsize conform-action {drop | set-prec-transmit cos | set-dscp-transmit dscpval | transmit} [violate-action {drop | set-cos transmit cos | set-prec-transmit cos | set-dscp-transmit dscpval | transmit}]} • datarate — Data rate in kilobits per second (Kbps). (Range: 1– 4294967295) • burstsize — Burst size in Kbytes (Range: 1–128) • conform action — Configures the action taken for packets that do not exceed the data rate or the burst size: – drop: Drop the packet.
User Guidelines The simple form of the police command uses a single data rate and burst size, resulting in two outcomes: conform and violate. Conforming packets are colored green and non-conforming packets are colored red for use by the WRED mechanism. Only one style of police command (simple, single-rate or two-rate) is allowed for a given class instance in a particular policy. The conform-color command can be used to pre-color packets prior to policing.
– set-dscp-transmit dscp-val: Remark the DSCP in the packet to dscpval and transmit. (Range 0-63) – set-cos-transmit 802.1p-priority: Remark the 802.1p priority in the packet to 802.1p-priority and transmit. (Range 0-7) – transmit: Transmit the packet unmodified. Default Configuration There no default configuration for this command.
Syntax police-two-rate datarate burstsize peak-data-rate excess-burstsize conformaction action exceed-action action violate-action action • datarate — Data rate in kilobits per second (Kbps). (Range: 1– 4294967295) • burstsize — Burst size in Kbytes (Range: 1–128) • peak-data-rate— Peak data rate in kilobits per second (Kbps). (Range 14294967295) • excess-burstsize — Excess burst size in kilobits per seconds (Kbps). (Range 1-128) • action— The action to take according to the color.
Peak Burst Size (PBS) A packet is colored red if it exceeds the PIR, yellow if it exceeds the CIR, but not the PIR, and green if it does not exceed either. A trTCM is useful when a peak rate needs to be enforced separately from a committed rate. The CIR and PIR are measured in Kbps (not pps as indicated in the RFC), the CBS in Kbytes, and the PBS in Kbytes. It is recommended that the CBS and PBS be configured to be larger than the largest expected IP packet.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The CLI mode is changed to Policy-Class-Map Configuration when this command is successfully executed. The policy type dictates which of the individual policy attribute commands are valid within the policy definition. Example The following example shows how to establish a new ingress DiffServ policy named “DELL.
• queue-id—The internal class of service queue (range 0-6). The queue-id is not the same as the CoS value received in incoming packets. Use the show classofservice dot1p-mapping command to display the CoS value to internal CoS queue mapping. • min-thresh—The minimum threshold at which to begin dropping, based on the configured maximum drop probability for each color and for nonTCP packets. Range 0 to 250. At or below the minimum threshold, no packets are dropped.
Queue ID WRED Minimum Threshold WRED Maximum Threshold WRED Drop Probability Scale ECN Enabled 4 40/30/20/100 100/ 90/ 80/100 10/ 10/ 10/ 10 No 5 40/30/20/100 100/ 90/ 80/100 10/ 10/ 10/ 10 No 6 40/30/20/100 100/ 90/ 80/100 10/ 10/ 10/ 10 No Command Mode Global Configuration mode, Interface Configuration mode (Ethernet and port-channel), Interface Range mode User Guidelines Interface configuration overrides the global configuration.
For a given network, the minimum and maximum WRED thresholds should be calculated to give a reasonable amount of buffering to TCP flows given the switch buffer capacity. WRED thresholds are applied individually to each physical interface. For the Dell EMC NetworkingN2000/N3000-ON Series switches, a threshold of 100% corresponds to a buffer occupancy of 295428 bytes queued for transmission on an interface.
Explicit Congestion Notification (ECN): ECN capability is an end-to-end feedback mechanism. Both ends of the TCP connection must participate. When ECN is enabled, packets marked as ECN capable and selected for discard by WRED are marked CE and are not dropped. In cases of extreme congestion, ECN capable packets may be dropped. Use the show interfaces traffic command to see color aware drops and congestion levels.
100%: 100 Examples This example configures simple RED on an N1500 series switch. CoS queue 1 is globally configured for simple RED with a congestion threshold of 50% and a drop probability of 0.781% for green colored traffic.
size to ½ the difference between the previous size and the current instantaneous queue size, set the weighting constant to 1. To update the current queue size to 1/4 the difference between the previous size and the current instantaneous queue size, set the weighting constant to 2, .... The average queue size is calculated for each physical interface independently.
service-policy Use the service-policy command in either Global Configuration mode (for all system interfaces) or Interface Configuration mode (for a specific interface) to attach a policy to an interface. To return to the system default, use the no form of this command. NOTE: This command is not available on the N1500 Series switches.
fail. Applying a policy globally applies the policy to all physical interfaces. The policy appears in the running-config as part of the individual interface configuration. Example The following example shows how to attach a service policy named “DELL” to all interfaces for packets ingressing the switch. console(config)#service-policy in DELL show class-map Use the show class-map command to display all configuration information for the specified class.
Class Name ------------------------------cee ipv4 stop_http_class Type ACL Identifier or Reference Class Name ----- -------------------------------------All acl (IP ) All Any console#show class-map ipv4 Class Name..................................... ipv4 Class Type..................................... All Match Rule Count............................... 1 Match Criteria Values ---------------------------- -------------------------------------------Source IP Address 2.2.2.2 (255.255.255.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If the interface is specified, the IEEE 802.1p mapping table of the interface is displayed. If omitted, the global configuration settings are displayed. The following table lists the parameters in the example and gives a description of each. Parameter Description User Priority The 802.1p user priority value.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
28(af32) 29 30(af33) 31 32(cs4) 33 34(af41) 35 36(af42) 37 38(af43) 39 40(cs5) 41 42 43 44 45 46(ef) 47 48(cs6) 49 50 51 52 53 54 55 56(cs7) 57 58 59 60 61 62 63 1 1 1 1 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 show classofservice trust Use the show classofservice trust command to display the current trust mode setting for a specific interface.
Syntax show classofservice trust [{gigabitethernet unit/slot/port| port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If the interface is specified, the port trust mode of the interface is displayed. If omitted, the port trust mode for global configuration is shown.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the DiffServ information. console#show diffserv DiffServ Admin mode.......................... Class Table Size Current/Max................. Class Rule Table Size Current/Max............ Policy Table Size Current/Max................ Policy Instance Table Size Current/Max....... Policy Attribute Table Size Current/Max......
User Guidelines This command has no user guidelines. Example console#show diffserv service interface gigabitethernet 1/0/1 in DiffServ Admin Mode........................... Enable Interface..................................... Gi1/0/1 Direction..................................... In No policy is attached to this interface in this direction. show diffserv service brief Use the show diffserv service brief command to display all interfaces in the system to which a DiffServ policy has been attached.
Po47 Gi1/0/1 Po48 Gi1/0/2 In In In In Down Down Down Down DELL DELL DELL DELL show interfaces cos-queue Use the show interfaces cos-queue command to display the class-of-service queue configuration for the specified interface. Syntax show interfaces cos-queue [{gigabitethernet unit/slot/port | port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
2 3 4 5 6 0 0 0 0 0 Weighted Weighted Weighted Weighted Weighted Tail Tail Tail Tail Tail Drop Drop Drop Drop Drop This example displays the COS configuration for the specified interface Gi1/0/1. console#show interfaces cos-queue gigabitethernet 1/0/1 Interface...................................... Gi1/0/1 Interface Shaping Rate......................... 0 Queue Id -------0 1 2 3 4 5 6 Min.
Parameter Description Minimum Bandwidth The minimum transmission bandwidth guarantee for the queue, expressed as a percentage. A value of 0 means bandwidth is not guaranteed and the queue operates using best-effort scheduling. This value is a configured value. Scheduler Type Indicates whether this queue is scheduled for transmission using a strict priority or a weighted scheme. This value is a configured value.
rate commands), all packets are colored green. Use the show interfaces cosqueue command to show the global or per interface scheduler type and queue management types. The N1500 Series switch does not support configuration of the maximum threshold nor can the threshold or drop probability be configured for nonTCP traffic. Example Example 1 This example shows ECN enabled for green color packets on CoS queues 0 and 1.
show interfaces traffic Use the show interfaces traffic command to display traffic information. Syntax show interfaces traffic [interface-id] interface-id—A valid Ethernet interface specifier. Port-channels are not allowed with this command as the queuing and drops occur on the individual interfaces and not on the port channel. Default Configuration The default is to show the global traffic class group configuration.
Field Description WRED TX Queue The instantaneous number of packets queued for transmission on the interface as smoothed by the exponential weighting function. The above counters are cleared by the clear counters command. The queue sizes cannot be cleared as they are instantaneous. The N1100-ON Series switches do not support accounting for color drops. The color drop counters are fixed at 0 on those switches.
User Guidelines This command displays interface transmit and receive utilization in bits/sec and packets/sec. The transmit utilization and transmit packet counts include packets generated by the CPU. Buffer utilization is the count of cells queued for transmission on a port. A buffer utilization value of less than 10 generally indicates that the port is not experiencing congestion and packets are transmitted as soon as they are queued for output.
Field Description Rx Util The receive utilization which is the link utilization in the receive direction as a percentage of operational speed (range 0-100). The utilization is derived by dividing the link speed by the number of bytes received averaged over the last sampling interval. Tx Util The transmit utilization. The link utilization in the transmit direction as a percentage of operational speed (range 0-100).
thresholds for buffering on the port are reached. A conscientious network operator might want to examine why the devices attached to Gi1/0/5 and Gi1/0/6 are sending so much traffic to Gi1/0/2 attached devices and either redistribute the devices, rate-limit traffic egressing the devices attached to Gi1/0/5 and Gi1/0/6, or increase the number of links available for the device attached to Gi1/0/2.
User Guidelines This command has no user guidelines. Example The following example displays the DiffServ information. console#show Policy Name ----------POLY1 DELL policy-map Policy Type ----------xxx xxx Class Members ------------DellClass DellClass show policy-map interface Use the show policy-map interface command to display policy-oriented statistics information for the specified interface. NOTE: This command is not available on the N1500 Series switches.
Example The following example displays the statistics information for port te1/0/1. console#show policy-map interface te1/0/1 in Interface..................................... Operational Status............................ Policy Name................................... Interface Summary: Class Name.................................... In Offered Packets............................ In Discarded Packets..........................
Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Gi1/0/9 Gi1/0/10 Down Down Down Down Down Down Down Down DELL DELL DELL DELL DELL DELL DELL DELL traffic-shape Use the traffic-shape command in Global Configuration mode and Interface Configuration mode to specify the maximum transmission bandwidth limit for the interface as a whole. To restore the default interface shaping rate value, use the no form of this command.
Traffic shaping may cause congestion and packet loss if the aggregate ingress rate for an interface persistently exceeds the egress traffic shape rate. Example The following example rate limits interface gi1/0/1 to a maximum bandwidth of 1024 Kbps. console(config-if-Gi1/0/1)#traffic-shape 1024 Kbps vlan priority Use the vlan priority command to assign a default VLAN priority tag for untagged frames ingressing an interface. Syntax vlan priority cos-value • cos-value – A value ranging from 0-7.
Spanning Tree Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The Multiple Spanning Tree Protocol (MSTP) component complies with IEEE 802.1 by efficiently segregating VLAN traffic over separate interfaces for multiple instances of Spanning Tree. IEEE 802.1D, Spanning Tree and IEEE w, Rapid Spanning Tree are supported through the IEEE 802.1s implementation. The difference between the RSTP and STP (IEEE 802.
port. In this way, the root guard enforces the position of the root bridge. In MSTP scenario the port may be designated in one of the instances while being alternate in the CIST, and so on. Root guard is a per port (not a per port per instance command) configuration so all the MSTP instances this port participates in should not be in root role. STP BPDU Filtering - STP BPDU filtering applies to all operational edge ports.
User Guidelines This feature is used only when working in RSTP or MSTP mode. Example The following example restarts the protocol migration process (forces the renegotiation with neighboring switches) on Gi1/0/1. console#clear spanning-tree detected-protocols gigabitethernet 1/0/1 exit (mst) Use the exit command in MST mode to exit the MST configuration mode and apply all configuration changes. Syntax exit Default Configuration MST configuration.
Syntax instance instance-id {add | remove} vlan vlan-list • instance-ID — ID of the MST instance. (Range: 1-4094) • vlan-list — VLANs to be added to the existing MST instance. To specify a range of VLANs, use a hyphen. To specify a series of VLANs, use a comma. (Range: 1-4094) Default Configuration VLANs are mapped to the common and internal spanning tree (CIST) instance (instance 0).
console(config)#spanning-tree mode mst console(config)#spanning-tree mst 1 priority 8192 console(config)#spanning-tree mst 2 priority 28672 console(config)#spanning-tree mst configuration console(config-mst)#instance 1 add vlan 2-199 console(config-mst)#instance 1 add vlan 350 console(config-mst)#instance 1 add vlan 400-449 console(config-mst)#instance 1 add vlan 500-1999 console(config-mst)#instance 1 add vlan 2200-2499 console(config-mst)#instance 1 add vlan 2600-2799 console(config-mst)#instance 1 add vl
Command Mode MST mode User Guidelines When configuring the switch in MSTP mode, be sure to configure the MST region name. For multiple switches to become members of the same region, the configuration name, the configuration revision and mapping of VLANs to MSTIs must be identical. Example The following example sets the configuration name to “region1”.
User Guidelines When configuring the switch in MSTP mode, be sure to configure the MST region name. For multiple switches to become members of the same region, the configuration name, the configuration revision and mapping of VLANs to MSTIs must be identical. Example The following example sets the configuration revision to 1. console(config)#spanning-tree mst configuration console(config-mst)#revision 1 show spanning-tree Use the show spanning-tree command to display the spanning-tree configuration.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Command History Modified in version 6.5 firmware. Examples The following examples display spanning-tree information. MST information is shown in this form of the command regardless of the spanning tree mode.
console#show spanning-tree gi1/0/1 Port: Gi1/0/1 Enabled State: Forwarding Port ID: 128.1 Port Fast: No Designated Bridge Priority: 32768 Designated Port ID: 128.1 CST Regional Root: 80:00:00:1E:C9:DE:D4:47 Root Guard..................................... Loop Guard..................................... TCN Guard...................................... Auto Portfast.................................. BPDU Filter Mode............................... Time Since Counters Last Cleared...............
State: Disabled Port ID: 128.3 Root Protection: No Designated Bridge Priority: 32768 Designated Port ID: 0.0 CST Regional Root: 80:00:00:1E:C9:DE:D4:47 BPDUs: Sent: 0, Received: 0 Role: Disabled Port Cost: 0 Address: 001E.C9DE.
console#show spanning-tree blockedports Spanning Tree: Enabled (BPDU Flooding: Disabled) Mode: rstp CST Regional Root: 80:00:00:1E:C9:DE:D4:47 Regional Root Path Cost: 0 ###### MST 0 Vlan Mapped: 1-10 ROOT ID Priority 32768 Address 001E.C9DE.D447 This Switch is the Root. Hello Time: 2s Max Age: 20s Forward Delay: 15s Interfaces Name State Prio.Nbr Cost Sts Role RestrictedPort --------- -------- --------- --------- ---- ----- -------------Te1/0/2 Enabled 128.
RLQ response PDUs received (all VLANs)......... 0 RLQ request PDUs sent (all VLANs).............. 0 RLQ response PDUs sent (all VLANs)............. 0 This example shows spanning-tree configured in mstp mode. Output is shown for each VLAN that is a member of an MST domain.
This Switch is the Root. Hello Time: 2s Max Age: 20s Forward Delay: 15s Interfaces Name --------Gi1/0/1 Gi1/0/2 State -------Enabled Enabled Prio.Nbr --------128.1 128.2 Cost --------20000 20000 Sts ---FWD FWD Role ----Desg Desg RestrictedPort -------------No No ###### MST 3 Vlan Mapped: 6-10 ROOT ID Priority 32768 Address 001E.C9DE.D447 This Switch is the Root. Hello Time: 2s Max Age: 20s Forward Delay: 15s Interfaces Name --------Gi1/0/1 Gi1/0/2 State -------Enabled Enabled Prio.Nbr --------128.
Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Enabled Enabled Enabled Enabled 128.5 128.6 128.7 128.8 0 0 0 0 DIS DIS DIS DIS Disb Disb Disb Disb No No No No This example shows spanning-tree configured in rstp mode. Output is shown for each interface.
Gi1/0/2 Enabled 128.2 20000 Forwarding Root Te1/0/1 Enabled 128.49 2000 Forwarding Designated Te1/0/2 Enabled 128.50 2000 Discarding Backup VLAN 2 RootID Priority 32770 Address 001E.C9DE.D447 Cost 0 Port This switch is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec BridgeID Priority 32770 (priority 32768 sys-id-ext 2) Address 001E.C9DE.D447 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface State Prio.
Spanning Tree Admin Mode Enabled or disabled Spanning Tree Version Version of currently supported (IEEE 802.1s, IEEE 802.1w, or IEEE 802.1d) based upon the mode parameter. BPDU Protection Mode Enabled or disabled. BPDU Filter Mode Enabled or disabled. BPDU Flooding Mode Enabled or disabled. IndirectLink Rapid Convergence Backbone-fast for RSTP-PV is enabled or disabled. DirectLink Rapid Convergence Enables/Disables DRC by setting switch priority to 49152.
Configuration Format Selector..... 0 show spanning-tree vlan Use the show spanning-tree vlan command to display spanning tree information per VLAN and also list out the port roles and states as well as port cost. Syntax show spanning-tree vlan { vlan-list | all } • vlan-list — A list of VLANs or VLAN ranges separated by commas and with no embedded blank spaces. VLAN ranges are of the form X-Y where X and Y are valid VLAN identifiers and X < Y. • all—Show all VLANs.
Gi1/0/1 Gi1/0/2 Designated Forwarding Designated Forwarding 20000 20000 128.1 128.2 spanning-tree Use the spanning-tree command in Global Configuration mode to enable spanning-tree functionality. To disable spanning-tree functionality, use the no form of this command. Syntax spanning-tree no spanning-tree Default Configuration Spanning-tree is enabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
Default Configuration Auto portfast mode is enabled by default. Command Mode Interface Configuration (Ethernet, Port Channel) mode User Guidelines There are no user guidelines for this command. Example The following example enables spanning-tree functionality on Gigabit ethernet interface 4/0/1.
User Guidelines IRC can be configured even if the switch is configured for MST(RSTP) or RSTP-PV mode. It only has an effect when the switch is configured for STP-PV mode. If an IRC-enabled switch receives an inferior BPDU from its designated switch on a root or blocked port, it sets the maximum aging time on the interfaces on which it received the inferior BPDU if there are alternative (blocked) paths to the designated switch.
spanning-tree bpdu-protection Use the spanning-tree bpdu-protection command in Global Configuration mode to enable BPDU guard on a switch. Use the no form of this command to resume the default status of BPDU guard function. Syntax spanning-tree bpdu-protection no spanning-tree bpdu-protection Default Configuration BPDU guard is not enabled. Command Mode Global Configuration mode User Guidelines The administrator should ensure that interfaces on which BDPU guard is enabled are configured as edge ports.
console(config)#spanning-tree bpdu-protection spanning-tree cost Use the spanning-tree cost command in Interface Configuration mode to configure the externally advertised spanning-tree path cost for a port. To return to the default port path cost, use the no form of this command. The path cost is used in the selection of an interface for the forwarding or blocking states. Use the no form of the command to automatically select the path cost based upon the speed of the interface.
User Guidelines Dell EMC Networking spanning tree uses long values for spanning tree costs. The range for path cost for a port is 0-200,000,000. The range for path cost for a VLAN is 1-200,000,000. Use the no form of the command to calculate the cost based on the interface speed. A zero path cost causes the switch to calculate the path cost based upon the speed of the interface.
Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command has no user guidelines. Example The following example disables spanning-tree on Gi1/0/5.
2*(Forward-Time - 1) >= Max-Age. Example The following example configures spanning-tree bridge forward time to 25 seconds. console(config)#spanning-tree forward-time 25 spanning-tree guard The spanning-tree guard command selects whether loop guard or root guard is enabled on an interface. If neither is enabled, the port operates in accordance with the multiple spanning tree protocol. Use the “no” form of this command to disable loop guard or root guard on the interface.
spanning-tree loopguard Use the spanning-tree loopguard command to enable loop guard on all ports. Use the “no” form of this command to disable loop guard on all ports. Syntax spanning-tree loopguard default no spanning-tree loopguard default Default Configuration Loop guard is disabled by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables spanning-tree loopguard functionality on all ports.
Default Configuration The default max-age for IEEE STP is 20 seconds. Command Mode Global Configuration mode User Guidelines When configuring the Max-Age the following relationships should be satisfied: 2*(Forward-Time - 1) >= Max-Age Max-Age >= 2*(Hello-Time + 1) Example The following example configures the spanning-tree bridge maximum-age to 10 seconds.
User Guidelines There are no user guidelines for this command. Example console(config)#spanning-tree max-hops 32 spanning-tree mode Use the spanning-tree mode command in Global Configuration mode to configure the spanning-tree protocol. To return to the default configuration, use the no spanning-tree form of this command. Syntax spanning-tree mode {stp | rstp | mst | pvst | rapid-pvst} • stp — Spanning Tree Protocol (STP) is enabled. • rstp — Rapid Spanning Tree Protocol (RSTP) is enabled.
If configuring the switch to MSTP mode, be sure to configure the MST region name. For multiple switches to become members of the same region, the configuration name, the configuration revision and mapping of VLANs to MSTIs must be identical. In the STP-PV or RSTP-PV modes, BPDUs contain per-VLAN information instead of the common spanning-tree information (MST/RSTP). RSTP-PV maintains independent spanning tree information about each configured VLAN. RSTP-PV uses IEEE 802.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines For two or more switches to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number and the same name. Example The following example configures an MST region.
The default configuration is: • Ethernet (10 Mbps) — 2,000,000 • Fast Ethernet (100 Mbps) — 200,000 • Gigabit Ethernet (1000 Mbps) — 20,000 • Port-Channel — 20,000 Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines Use the spanning-tree cost command to configure MST instance 0 (the common spanning tree instance). Use the show spanning-tree active command to display the spanning tree costs.
Default Configuration The default port-priority for IEEE STP is 128. The default priority for a portchannel is 96. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines The priority will be set to the nearest multiple of 4096 if not an exact multiple of 4096. Example The following example configures the port priority of Gigabit Ethernet interface 1/0/5 to 144.
Command Mode Global Configuration mode User Guidelines The priority value must be a multiple of 4096. The priority will be set to the nearest multiple of 4096 if not an exact multiple of 4096. Bridge priority configuration is given preference over the root primary/secondary configuration. Root primary/secondary configuration is given preference over the DRC configuration. The switch with the lowest priority is selected as the root of the spanning tree.
User Guidelines This command only applies to access ports. The command is to be used only with interfaces connected to end stations. Otherwise, an accidental topology loop could cause a data packet loop and disrupt switch and network operations. An interface with portfast mode enabled is moved directly to the spanning tree forwarding state when linkup occurs without waiting the standard forward-time delay. Example The following example enables portfast on Gi1/0/5.
A port enabled for BPDU filtering does not receive or send any BPDUs. It is possible that a network loop may result if BPDU filtering is enabled on a port connected to anything other than an end system. BPDU filtering is appropriate for configuration on portfast enabled interfaces that are connected to end system hosts where it is desired to not send BPDUs to the host or receive BPDUs from the host.
NOTE: This command should be used with care. An interface with portfast mode enabled is moved directly to the spanning tree forwarding state when linkup occurs without waiting for the standard forward-time delay. Setting a port connected to another switch into portfast mode may cause an accidental topology loop and disrupt switch and network operations. Example The following example enables portfast mode on all access ports.
User Guidelines If the VLAN parameter is given, the priority is configured only for the selected VLANs (applies only when pvst or rapid-pvst mode is selected). Configuration without the VLAN parameter configures the port priority for RSTP, STP-PV, and RSTP-PV. If an interface is configured with both the spanning-tree vlan vlan-id portpriority priority command and the spanning-tree port-priority priority command, the spanning-tree vlan vlan-id port-priority priority value is used as the port priority.
spanning-tree priority Use the spanning-tree priority command in Global Configuration mode to configure the spanning-tree priority. The priority value is used to determine which bridge is elected as the root bridge. To reset the default spanning-tree priority use the no form of this command. Syntax spanning-tree priority priority no spanning-tree priority • priority — Priority of the bridge. (Range: 0–61440) Default Configuration The default bridge priority for IEEE STP is 32768.
Syntax spanning-tree tcnguard no spanning-tree tcnguard Default Configuration TCN propagation is disabled by default. Command Mode Interface Configuration (Ethernet, Port Channel) mode User Guidelines There are no user guidelines for this command. Example The following example configures spanning-tree tcnguard on 4/0/1.
User Guidelines There are no user guidelines for this command. Example The following example sets the maximum number of BPDUs sent to 6. console(config)#spanning-tree transmit hold-count 6 spanning-tree uplinkfast Use the spanning-tree uplinkfast command to configure the rate at which gratuitous frames are sent (in packets per second) after a switchover to an alternate port on STP-PV and RSTP-PV configured switches and enable Direct Link Rapid Convergence on STP-PV switches.
priority to 49152. Path costs have an additional 3000 added when DRC is enabled. This reduces the probability that the switch will become the root switch. DRC immediately changes to an alternate root port on detecting a root port failure and change the new root port directly to the forwarding state. A TCN is sent for this event.
• vlan-list–A single VLAN ID or a list of VLAN IDs in comma delineated or range format with no embedded blanks. Range 1-4093. Default Configuration By default, each configured VLAN is automatically associated with a per VLAN spanning tree instance. If more than eight VLANs are configured, the excess VLANs do not participate in per VLAN spanning tree.
• forward-time — The interval (time spent in listening and learning states) before transitioning a port to the forwarding state. (Range: 4-30 seconds) Default Configuration The default forward delay time is 15. Command Modes Global Configuration Mode User Guidelines Set this value to a lower number to accelerate the transition to forwarding.
Command Modes Global Configuration Mode User Guidelines This command can be configured even if the switch is configured for MST(RSTP) mode. It is only used when the switch is configured for STP-PV or RSTP-PV modes. Set this value to a lower number to accelerate discovery of topology changes. Use the no form of the command to return the hello time to its default value.
User Guidelines Set this value to a lower number to accelerate discovery of topology changes. The network operator must take into account the end to end BPDU propagation delay and message age overestimate for their specific topology when configuring this value. The default setting of 20 seconds is suitable for a network of diameter 7, lost message value of 3, transit delay of 1, hello interval of 2 seconds, overestimate per bridge of 1 second, and a BPDU delay of 1 second.
Command Modes Global Configuration mode User Guidelines This command can be configured even if the switch is configured for MST (RSTP) mode. It is only used when the switch is configured for STP-PV or RSTP-PV modes. The logic sets the bridge priority to a value lower (primary) or next lower (secondary) than the lowest bridge priority for the specified VLAN or a range of VLANs. This command only applies when STP-PV or RSTP-PV is enabled.
Valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. The default value is 32768. If the value configured is not among the specified values, it will be rounded off to the nearest valid value. Command Modes Global Configuration mode User Guidelines This command can be configured even if the switch is configured for MST(RSTP) mode. It is only used when the switch is configured for STP-PV or RSTP-PV modes.
UDLD Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The UDLD feature detects unidirectional links on physical ports. A unidirectional link is a forwarding anomaly in a Layer 2 communication channel in which a bi-directional link stops passing traffic in one direction. UDLD must be enabled on the both sides of the link in order to detect a unidirectional link.
recognize only the sending failures on unidirectional links. If all devices in the network support UDLD, this functionality is enough to detect all unidirectional links. Processing UDLD Traffic from Neighbors Every UDLD-capable device collects information about all other UDLDcapable devices. Each device populates UDLD echo packets with collected neighbor information to help neighbors identify unidirectional links.
UDLD will put the port into the diagnostically disabled state in the following cases: a When there is a loopback, the device ID and port ID sent out on a port is received back. b UDLD PDU is received from a partner does not have its own details (echo). c Bidirectional connection is established and no UDLD packets are received from the partner device within three times the message interval. d In aggressive mode, when the partner does not respond to an ECHO within 7 seconds.
console(config)#udld enable udld reset Use the udld reset command to reset (enable) all interfaces disabled by UDLD. Syntax udld reset Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines The following commands will reset an interface disabled by UDLD: • Use udld reset to reset all interfaces disabled by UDLD. • The shutdown command followed by no shutdown interface configuration command.
Use the no form of the command to return the message transmission interval to the default value. Syntax udld message time message-interval no udld message time • message-interval—UDLD message transmit interval in seconds. Range is 7 to 90 seconds. Default Configuration The default message transmit interval is 15 seconds. Command Mode Global Configuration mode User Guidelines Lower message time values will detect the unidirectional links more quickly at the cost of higher CPU utilization.
no udld timeout interval • timeout-interval—UDLD timeout interval. Range is 5 to 60 seconds. Default Configuration The default timeout interval is 5 seconds. Command Mode Global Configuration mode User Guidelines This command sets the time interval used to determine if the link has bidirectional or unidirectional connectivity. If no ECHO replies are received within three times the message interval, then the link is considered to have unidirectional connectivity.
User Guidelines UDLD cannot be enabled on a port channel. Instead, enable UDLD on the physical interfaces of a port channel. Example This example enables UDLD on an interface. UDLD must also be enabled globally. console(config-if-Te1/0/1)#udld enable udld port Use the udld port command in Interface (physical) Configuration mode to select the UDLD operating mode on a specific interface. Use the no form of the command to reset the operating mode to the default (normal).
show udld Use the show udld command in User Exec or Privileged Exec mode to display the global settings for UDLD. Syntax show udld [interface-id|all] Default Configuration This command has no default setting. Command Mode Privileged Exec or User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines When no interface is specified, the following fields are shown: Field Description Admin Mode The global administrative mode of UDLD.
Field Description UDLD Status The status of the link as determined by UDLD. The options are: • Undetermined – UDLD has not collected enough information to determine the state of the port. • Not applicable – UDLD is disabled, either globally or on the port. • Shutdown – UDLD has detected a unidirectional link and shutdown the port. That is, the port is in the D-Disable state. • Bidirectional - UDLD has detected a bidirectional link.
VLAN Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Dell EMC Networking 802.1Q VLANs are an implementation of the Virtual Local Area Network, specification 802.1Q. Operating at Layer 2 of the OSI model, the VLAN is a means of parsing a single network into logical user groups or organizations as if they physically resided on a dedicated LAN segment of their own.
Double VLAN Mode An incoming frame is identified as tagged or untagged based on Tag Protocol Identifier (TPID) value it contains. The IEEE 802.1Q standard specifies a TPID value (0x8100) to recognize an incoming frame as tagged or untagged. Any valid Ethernet frame with a value of 0x8100 in the 12th and 13th bytes is recognized as a tagged frame. Dell EMC Networking N-Series switches can be configured to enable the port in double-VLAN (QinQ) mode.
Protocol Based VLANs The main purpose of Protocol-based VLANs (PBVLANs) is to selectively process packets based on their upper-layer protocol by setting up protocolbased filters. Packets are bridged through user-specified ports based on their protocol. In PBVLANs, the VLAN classification of a packet is based on its protocol (IP, IPX, NetBIOS, and so on). PBVLANs help optimize network traffic because protocol-specific broadcast messages are sent only to end stations using that protocol.
Private VLAN Commands The Dell EMC Networking Private VLAN feature separates a regular VLAN domain into two or more subdomains. Each subdomain is defined (represented) by a primary VLAN and a secondary VLAN. The primary VLAN ID is the same for all subdomains that belong to a private VLAN. The secondary VLAN ID differentiates subdomains from each another and provides Layer 2 isolation between ports of the same private VLAN.
traffic of multiple primary VLANs towards the upstream router as well as the traffic for regular VLANs. • Isolated trunk port Isolated trunk ports carry tagged traffic of multiple secondary (isolated) VLANs and regular VLANs to and from downstream devices that are private VLAN unaware. Downstream devices connected to isolated trunk ports communicate with the private VLAN aware switches using isolated VLANs and normal VLANs. Isolated trunk ports may be part of multiple private VLANs.
Figure 3-1. Private VLANs Isolated VLAN An endpoint connected over an isolated VLAN is allowed to communicate with endpoints connected to promiscuous ports only. Endpoints connected to adjacent endpoints over an isolated VLAN cannot communicate with each other. Community VLAN An endpoint connected over a community VLAN is allowed to communicate with the endpoints within the community and can also communicate with any configured promiscuous port.
In order to enable Private VLAN operation across multiple switches which are not stacked, the inter-switch links should carry VLANs which belong to a private VLAN. The trunk ports which connect neighbor switches have to be assigned to the primary, isolated, and community VLANs of a private VLAN. In regular VLANs, ports in the same VLAN switch traffic at L2. However for private VLAN, the promiscuous port is in the primary VLAN whereas the isolated or community ports are in the secondary VLAN.
Command Mode VLAN Configuration or Global Configuration modes User Guidelines Assigning an IP address to a VLAN interface enables Layer 3 on the VLAN interface. If IP routing is globally enabled and an IP address is assigned, the router will route packets to and from the VLAN. When an interface is enabled for routing using the interface vlan command, the port will no longer be operationally enabled as a protected port on the interface.
• vlan-id — A list of valid VLAN IDs to add. Separate nonconsecutive VLAN IDs with a comma and no spaces; use a hyphen to designate a range of IDs. (Range: 1–4093) • all — All existing static VLANs. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The VLANs in the interface range must by configured and enabled for routing prior to use in the vlan range command.
Syntax name vlan–name no name • vlan–name—The name of the VLAN. Must be 1–32 characters in length. Default Configuration The default VLAN name is default. Command Mode VLAN Configuration mode User Guidelines The VLAN name may include any alphanumeric characters including a space, underscore, or dash. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name.
• association—Defines an association between the primary VLAN and secondary VLANs. • primary—Specify that the selected VLAN is the primary VLAN. • community—Specify that the selected VLAN is the community VLAN. • isolated—Specify that the selected VLAN is the isolated VLAN. • add—Associates a secondary VLAN with the primary VLAN. • remove—Deletes the secondary VLAN association with the primary VLAN. • vlan-list—A list of secondary VLAN ids to be mapped to a primary VLAN.
console(config)# vlan console(config-vlan)# console(config-vlan)# console(config)# vlan console(config-vlan)# console(config-vlan)# console(config)# vlan console(config-vlan)# console(config-vlan)# console(config)# vlan console(config-vlan)# console(config-vlan)# 1001 private-vlan exit 1002 private-vlan exit 1003 private-vlan exit 20 private-vlan end isolated community community association 1001-1003 protocol group Use the protocol group command in VLAN Configuration mode to attach a VLAN ID to the pr
User Guidelines This command has no user guidelines. Example The following example displays how to attach the VLAN ID “100” to the protocol-based VLAN group “3.” console(config-vlan)#protocol group 3 100 protocol vlan group Use the protocol vlan group command in Interface Configuration mode to add the physical unit/slot/port interface to the protocol-based group identified by groupid. A group may have more than one interface associated with it.
Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example displays how to add an Ethernet interface to the group ID of “2.” console(config-if-Gi1/0/1)#protocol vlan group 2 protocol vlan group all Use the protocol vlan group all command in Global Configuration mode to add all physical interfaces to the protocol-based group identified by groupid. A group may have more than one interface associated with it.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to add all physical interfaces to the protocol-based group identified by group ID “2.” console(config)#protocol vlan group all 2 show dot1q-tunnel Use the show dot1q-tunnel command to display the QinQ status for each interface.
Example console(config)#show dot1q-tunnel interface all Interface --------Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Mode ------Disable Disable Disable Disable Disable Disable EtherType -------------802.1 802.1 802.1 802.1 802.1 802.1 show interfaces switchport Use the show interfaces switchport command to display the complete switchport VLAN configuration for all possible switch mode configurations: access, dot1q-tunnel, general, trunk, and (private VLAN) host or (private VLAN) promiscuous.
The command displays the following information. Parameter Description Private-vlan hostassociation Displays the VLAN association for the private-VLAN host ports. Private-vlan mapping Displays the VLAN mapping for the private-VLAN promiscuous ports. Private-vlan trunk native VLAN Displays native VLAN for the promiscuous ports. Private-vlan trunk normal VLANs Displays a list of normal VLANs for the promiscuous trunk ports.
Default Priority: 0 Protected: Disabled Forbidden VLANS: VLAN Name -----------73 Out show port protocol Use the show port protocol command to display the Protocol-Based VLAN information for either the entire system or for the indicated group. Syntax show port protocol {group-id | all} • group-id — The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command. • all — Enter all to show all interfaces.
show switchport ethertype Use the show switchport ethertype to display the configured Ethertype for each interface. Syntax show switchport ethertype [ interface interface-id | all ] • interface-id—A physical interface or port channel. • all—All interfaces. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode and all Show modes User Guidelines Up to three additional TPIDs can be configured. The 802.
Interface EtherType Secondary TPIDs --------- --------- --------------Gi1/0/1 802.1 console(config-vlan10)#show switchport ethertype interface all console(config)#show switchport ethertype interface gi1/0/1 Interface --------Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 EtherType Secondary TPIDs --------- --------------802.1 802.1 VMAN 802.1 802.1 802.1 show vlan Use the show vlan command to display detailed information, including interface information and dynamic VLAN type, for a specific VLAN or RSPAN VLAN.
• Ports—The port membership for the VLAN • Type—The type of VLAN (default, static, dynamic) Example This shows all VLANs and RSPAN VLANs. console#show vlan VLAN ----1 Name --------------default Ports ------------Po1-128, Gi1/0/1-48 10 Type -------------Default Static RSPAN Vlan -----------------------------------------------------------------10 This example shows information for a specific VLAN ID.
show vlan association mac Use the show vlan association mac command to display the VLAN associated with a specific configured MAC address. If no MAC address is specified, the VLAN associations of all the configured MAC addresses are displayed. Syntax show vlan association mac [mac-address] • mac-address — Specifies the MAC address to be entered in the list. (Range: Any valid MAC address) Default Configuration This command has no default configuration.
Syntax show vlan association subnet [ip-address ip-mask] • ip-address — Specifies IP address to be shown • ip-mask — Specifies IP mask to be shown Default Configuration This command has no default configuration.
Default Configuration This command has no default setting. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Do not configure private VLANs on ports configured with any of these features: • Link Aggregation Control Protocol (LACP) • Multicast VLAN Registration (MVR) • Voice VLAN It is recommended that the private VLAN host ports be configured as spanning-tree portfast. The command displays the following information.
no switchport access vlan • vlan-id — The identifier of the VLAN associated with the access port. Default Configuration This command has no default values. Command Mode Interface Configuration (Ethernet and port channel) mode User Guidelines This command configures the interface access mode VLAN membership. The no form of the command sets the access mode VLAN membership to VLAN 1. It is possible to configure the access mode VLAN identifier when the port is in general or trunk mode.
switchport dot1q ethertype (Global Configuration) Use the switchport dot1q ethertype command to define additional QinQ tunneling TPIDs for matching in the outer VLAN tag of received frames. Use the no form of the command to remove the configured TPIDs. Syntax switchport dot1q ethertype { vman | custom 1-65535 } no switchport dot1q ethertype { vman | custom 1-65535 } • vman—Define the Ethertype as 0x88A8. • custom—Define the Ethertype as a 16 bit user defined value (in decimal).
Packets are always transmitted by the system using the primary TPID value in the outer VLAN tag. It is not possible to configure an inner VLAN TPID value. The inner VLAN TPID value is always 802.1Q (0x8100). Use the switchport dot1q ethertype Interface Configuration mode command to apply a configured TPID value to an interface.
switchport dot1q ethertype (Interface Configuration) Use the switchport dot1q ethertype command to apply previously defined QinQ tunneling TPIDs to a service provider interface. Use the no form of the command to remove the configured TPIDs. Syntax switchport dot1q ethertype { 802.1Q | vman | custom 0-65535 } [primarytpid] no switchport dot1q ethertype { 802.1Q |vman | custom 0-65535 } [primary-tpid] • 802.1Q—Allow ingress frames with Ethertype 0x8100. • vman—Define the Ethertype as 0x88A8.
The outer VLAN tag in tagged packets received on the interface is compared against the configured list of TPIDs. Frames that do not match any of the configured TPIDs are forwarded normally, i.e. without QinQ processing. Frames transmitted on the interface are always transmitted with the primary TPID inserted in the outer VLAN tag. Use the no form of the command to remove the TPID from an interface. Defining a new primary TPID command overwrites the existing primary TPID for an interface.
switchport general forbidden vlan Use the switchport general forbidden vlan command in Interface Configuration mode to forbid adding specific VLANs to a general mode port. To revert to allowing the addition of specific VLANs to the port, use the remove parameter of this command. Syntax switchport general forbidden vlan {add vlan-list | remove vlan-list} • add vlan-list — List of valid VLAN IDs to add to the forbidden list. Separate nonconsecutive VLAN IDs with a comma and no spaces.
switchport general acceptable-frame-type tagged-only Use the switchport general acceptable-frame-type tagged-only command in Interface Configuration mode to discard untagged frames at ingress. To enable untagged frames at ingress, use the no form of this command. Syntax switchport general acceptable-frame-type tagged-only no switchport general acceptable-frame-type tagged-only Default Configuration All frame types are accepted at ingress.
• add vlan-list — List of VLAN IDs to add. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs. • remove vlan-list — List of VLAN IDs to remove. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs. • tagged — Sets the port to transmit tagged packets for the VLANs. If the port is added to a VLAN without specifying tagged or untagged, the default is untagged.
Syntax switchport general ingress-filtering disable no switchport general ingress-filtering disable Default Configuration Ingress filtering is enabled. Command Mode Interface Configuration Ethernet and port-channel mode User Guidelines Ingress filtering, when enabled, discards received frames that are not tagged with a VLAN for which the port is a member. If ingress filtering is disabled, tagged frames from all VLANs are processed by the switch.
Default Configuration The default value for the vlan-id parameter is 1 when the VLAN is enabled. Otherwise, the value is 4093. Command Mode Interface Configuration Ethernet and port-channel mode User Guidelines Setting a new PVID does NOT remove the previously configured PVID VLAN from the port membership. Example The following example shows how to configure the PVID for 1/0/8, when the interface is in general mode.
configured with a native VLAN. A trunk port only transmits tagged packets for member VLANs other than the native VLAN and untagged packets for the native VLAN. • general—Full 802.1Q support VLAN interface. A general mode port is a combination of both trunk and access ports capabilities. It is possible to fully configure all VLAN features on a general mode port. Both tagged and untagged packets may be accepted and transmitted. Default Configuration The default switchport mode is access.
Command Mode Interface mode (Ethernet and port channel), Interface range mode (Ethernet and port channel) User Guidelines This command configures a customer edge (CE) port for QinQ tunneling. The dot1q-tunnel mode is an overlay on switchport access mode. In particular, configuring the access mode PVID sets the outer dot1q-tunnel VLAN ID. Changing the switchport mode to access, general, or trunk, effectively disables tunneling on the interface. Customer edge ports can be physical ports or port channels.
appear in the frame. Due to the internal processing of QinQ tagging, the TPID of ingress frames mirrored from the SP port will always be 0x8100. In addition, packets forwarded internally across a stacking link may have different tags applied than packets forwarded on a local egress port. This is due to the processing required for forwarding across a stack. Example This example configures ports Gi1/0/10 through Gi1/0/24 as CE ports using VLAN 10 as the service provider VLAN ID.
• trunk secondary—Configures an interface as a private VLAN isolated trunk port. These ports can carry traffic of several secondary VLANs and normal VLANs. Default Configuration This command has no default configuration. By default, a port is neither configured as promiscuous or host.
Syntax switchport private-vlan {host-association primary-vlan-id secondary-vlan-id| mapping primary-vlan-id {add|remove} secondary-vlan-list} | mapping trunk primary-vlan-id { secondary-vlan-list | add secondary-vlan-list | remove secondary-vlan-list } | trunk { native vlan vlan-if | allowed vlan vlanlist } | association trunk primary-vlan-id secondary-vlan-id} no switchport private-vlan {host-association|mapping | mapping trunk primary-vlan-id | trunk allowed vlan-list | trunk native vlan vlan-id | associa
• association trunk—Associates a primary VLAN with a secondary isolated VLAN. Multiple private VLAN pairs may be configured. Default Configuration This command has no default association or mapping configuration. Command Mode Interface Configuration (Ethernet or port-channel) User Guidelines The no switchport private-vlan mapping trunk primary-vlan-id syntax removes the mapping of the trunk port to the primary VLAN (and all the secondary VLANs) specified.
switchport trunk Use the switchport trunk command in Interface Configuration mode to configure VLAN membership for a trunk port or to set the native VLAN for an interface in Trunk Mode. Syntax switchport trunk {allowed vlan vlan–list | native vlan vlan–id} no switchport trunk { allowed | native } vlan • vlan–list—Set the list of allowed VLANs that can receive and send traffic on this interface in tagged format when in trunking mode. The default is all.
VLAN 1 is the default native VLAN on a trunk port. The default allowed VLAN membership on a trunk port is all VLANs. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode Interface Range mode Port-Channel Range mode User Guidelines Untagged traffic received on a trunk port is forwarded on the native VLAN, if configured. To drop untagged traffic on a trunk port, remove the native VLAN from the trunk port. (Ex.
Default Configuration Dell EMC Networking switches use dot1q encapsulation on trunk ports by default. Command Mode Interface config mode, Interface range mode (including port-channels) User Guidelines This command performs no action. Dell EMC Networking switches always use dot1q encapsulation on trunk mode ports. Command History Introduced in version 6.2.0.1 firmware. Example This example demonstrates compatibility.
User Guidelines Deleting the VLAN assigned as the PVID on an access port will cause VLAN 1 to be assigned as the PVID for the access port. Deleting the VLAN assigned as the native VLAN for a trunk port will cause the trunk port to discard untagged frames received on the port. Creating a VLAN adds it to the allowed list for all trunk ports except those where it is specifically excluded. Ports and port channels can be configured with VLANs that do not exist. They will not forward traffic on nonexisting VLANs.
Example The following example associates MAC address with VLAN ID 1. console(config)# vlan 1 console(config-vlan-1)#vlan association mac 0001.0001.0001 vlan association subnet Use the vlan association subnet command in VLAN Configuration mode to associate a VLAN to a specific IP-subnet. Only packets with a matching source IP address are placed into the VLAN. Syntax vlan association subnet ip-address subnet-mask no vlan association subnet ip-address subnet-mask • ip-address — Source IP address.
vlan makestatic This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 24093. Syntax vlan makestatic vlan-id • vlan-id — Valid VLAN ID. Range is 2–4093. Default Configuration This command has no default configuration.
no vlan protocol group group-id • group-id — The protocol-based VLAN group ID, to create a protocolbased VLAN group. To see the created protocol groups, use the show port protocol all command. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
• ethertype value — The protocol you want to add. The ethertype value can be any valid hexadecimal number in the range 0x0600 to 0xffff. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to add the “ip” protocol to the protocol based VLAN group identified as “2.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console(config)# vlan protocol group name 1 usergroup vlan protocol group remove Use the vlan protocol group remove command in Global Configuration mode to remove the protocol-based VLAN group identified by groupid.
Switchport Voice VLAN Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Series Switches The Voice VLAN feature enables switch ports to carry voice traffic with an administrator-defined priority so as to enable prioritization of voice traffic over data traffic. Using Voice VLAN helps to ensure that the sound quality of an IP phone is protected from deterioration when the data traffic utilization on the port is high.
traffic to a queue and also remarks the CoS or DSCP values in the voice traffic. See the User Configuration Guide for more information. Voice VLAN is recommended for enterprise-wide deployment of voice services on the IP network. switchport voice vlan This command is used to enable the voice VLAN capability on the switch. Syntax switchport voice vlan no switchport voice vlan Command Mode Global Configuration User Guidelines Voice VLAN must be configured on access or general mode ports.
Syntax switchport voice vlan {vlan-id | dot1p priority | none | untagged | priority extend trust|override-authentication| dscp value} no switchport voice vlan [priority extend][override-authentication] • vlan-id—Configure an existing VLAN as the voice VLAN. This VLAN ID is also sent to the phone via LLDP-MED/CDP unless the none parameter is also specified. • dot1p—Enable LLDP-MED/CDP to configure the phone to send the specified 802.1p priority in voice packets.
User Guidelines Enable voice VLAN using the following steps: • Create one or more voice VLANs on the switch. • Configure the interface in access or general mode. • Enable voice VLAN globally and add a voice VLAN on the desired interfaces. • Optionally configure 802.1X MAC or port-based authentication on the interface and globally. If using MAC based authentication, also: • Configure one or more RADIUS servers on the switch.
In authentication host-mode multi-domain-multi-host, a voice packet is switched based on the source MAC address of the IP phone. If override authentication is enabled, voice packets received are switched regardless of the 802.1X authentication state. Likewise, voice packets from the switch are transmitted over the port regardless of the 802.1x authentication state when the override option is enabled.
Command History Description updated in 6.3.0.5 release. Syntax updated in release 6.5.1.0. Example This example configures an interface to use VLAN 100 as the voice VLAN and sends LLDP configuration in the Network Policy TLV to the phone to assign VLAN 100 to 802.1p priority 5. The data priority is trusted by default.
console(config-if-G11/0/10)#authentication host-mode multi-auth 5 Enable the voice VLAN feature on the interface. Voice packets are tagged using VLAN 25. console(config-if-Gi1/0/10)#switchport voice vlan 25 6 Allow access to the voice VLAN regardless of the 802.1X port authentication state. console(config-if-Gi1/0/10)#switchport voice vlan overrideauthentication console(config-if-Gi1/0/10)#show voice vlan interface gi1/0/10 Interface......................................
Default Value trust Example console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#voice vlan data priority untrust console(config-if-Gi1/0/1)#voice vlan data priority trust authentication event server dead action authorize voice Use the authentication event server dead action authorize voice command to allow voice VLAN access when no AAA server can be contacted. Use the no form of the command to disable voice VLAN access in such cases.
authenticating phones do not have access to the critical voice VLAN service. Only 802.1X-capable devices are eligible for critical voice VLAN treatment. This restriction is not enforced by configuration. Enable critical voice VLAN using the following steps: • Create the voice VLAN on the switch. • Configure the interface in access or general mode. • Configure MAC based authentication on the interface. • Configure one or more RADIUS servers on the switch and enable 802.1X globally.
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines • When the interface parameter is not specified, only the global mode of the voice VLAN is displayed. • When the interface parameter is specified, the following is displayed: Output Description Interface The interface ID. Voice VLAN Interface Mode The admin mode of the voice VLAN on the interface. Voice VLAN ID The voice VLAN ID. Voice VLAN Priority The 802.
Multiple MAC Registration Protocol Commands Dell EMC Networking N2000/N2100X-ON/N2200X-ON/N3000EON/N3100X-ON/N3200-ON Series Switches This section covers commands related to Multiple MAC Registration Protocol (MMRP). MMRP is an implementation of IEEE 802.1ak. MMRP supports registration of MAC address/VLAN pairs in support of Audio-Visual Bridging. clear mmrp statistics This command clears the MMRP statistics for an interface or all interfaces.
Example This example clears the MMRP counters on port channel 1 console#clear mmrp statistics po1 mmrp This command enables MMRP on a specific interface. Use the no form of the command to disable MMRP on an interface. Syntax mmrp no mmrp Default Configuration By default, MMRP is disabled globally and on all interfaces. Command Mode Interface Configuration (Ethernet and port channel) and Interface Range (Ethernet and port channel) User Guidelines MMRP is not compatible with GVRP/GMRP.
Example This example enables MMRP on port channel 1. console(config)#interface po1 console(config-if-Po1)#mmrp mmrp global Use the mmrp global command to globally enable MMRP. Use the no form of the command to globally disable MMRP. Syntax mmrp global no mmrp global Default Configuration By default, MMRP is disabled globally and on all interfaces. Command Mode Global Configuration User Guidelines MMRP is not compatible with GVRP/GMRP. Do not enable MMRP on switches enabled for GVRP/GMRP.
Command History Introduced in version 6.2.0.1 firmware. Example This example enables MMRP globally. console(config)#mmrp global mmrp periodic state machine Use this command to globally enable the MMRP periodic state machine. Use the no form of the command to globally disable the MMRP periodic state machine. Syntax mmrp periodic state machine no mmrp periodic state machine Default Configuration By default, the MMRP periodic state machine is disabled globally.
show mmrp Use this command to display the MMRP configuration for an interface or globally. Syntax show mmrp [ summary | interface [ interface-id | summary ] ] • summary—Show the global MMRP configuration. • interface-id—Show the MMRP configuration for the specified interface. • interface summary—Show the per interface MMRP configuration for all interfaces. Default Configuration This command has no defaults.
--------Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 --------Disabled Disabled Disabled Disabled show mmrp statistics Use this command to display the MMRP statistics for an interface or globally. Syntax show mmrp statistics {interface-id} • interface-id—Displays the MMRP statistics for the specified interface. Default Configuration By default, the global statistics are displayed. Command Mode Privileged Exec, Global Configuration, and all submodes User Guidelines MMRP is not compatible with GMRP.
Multiple VLAN Registration Protocol Commands Dell EMC Networking N2000/N2100X-ON/N2200X-ON/N3000EON/N3100X-ON/N3200-ON Series Switches This section covers commands related to Multiple VLAN Registration Protocol (MVRP). MVRP is an implementation of IEEE 802.1ak in support of Audio-Video Bridging. Dell EMC Networking MVRP supports registration (dynamic VLAN creation) and propagation of VLAN membership information.
Example This example clears the MVRP counters on port channel 1 console#clear mmrp statistics po1 mvrp This command enables MVRP on a specific interface. Use the no form of the command to disable MVRP on an interface. Syntax mvrp no mvrp Default Configuration By default, MVRP is disabled globally and on all interfaces. Command Mode Interface Configuration (Ethernet and port channel) and Interface Range (Ethernet and port channel) User Guidelines MVRP is not compatible with GVRP/GMRP.
Example This example enables MVRP on port channel 1 console(config)#interface po1 console(config-if-Po1)#mvrp mvrp global Use the mvrp global command to globally enable MVRP. Use the no form of the command to globally disable MVRP. Syntax mvrp global no mvrp global Default Configuration By default, MVRP is disabled globally and on all interfaces. Command Mode Global Configuration mode User Guidelines MVRP is not compatible with GVRP/GMRP. Do not enable MVRP on switches enabled for GVRP/GMRP.
If a VLAN is configured as forbidden on an interface and MVRP requests registration (dynamic creation) of the same VLAN, MVRP does not configure the port association. MVRP is only supported on trunk or general mode ports. This command is only available on the N4000 Series switches. Command History Introduced in version 6.2.0.1 firmware. Example This example enables MVRP globally. console(config)#mvrp global mvrp periodic state machine Use this command to globally enable the MVRP periodic state machine.
Command History Introduced in version 6.2.0.1 firmware. Example This example enables the MVRP periodic state machine. console(config)#mvrp periodic state machine show mvrp Use this command to display the MVRP configuration for an interface or globally. Syntax show mvrp [ summary | interface [ interface-id | summary ] ] • summary—Show the global MMRP configuration. • interface-id—Show the MMRP configuration for the specified interface.
console#show mvrp summary MVRP global state.............................. Disabled MVRP Periodic State Machine state.............. Disabled VLANs created via MVRP......................... 20-45, 3001-3050 The following shows example CLI display output for the command. (Switching) #show mvrp interface 0/12 MVRP interface state........................... Enabled VLANs declared................................. 20-45, 3001-3050 VLANs registered...............................
MVRP MVRP MVRP MVRP MVRP messages received with bad header......... messages received with bad format......... messages transmitted...................... messages failed to transmit............... Message Queue Failures.................... 0 0 16 0 0 The following shows example CLI display output for the command. (Switching) #show mvrp statistics 0/12 Port........................................... MVRP messages received......................... MVRP messages received with bad header.........
Layer 2 Switching Commands 916
4 Security Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Security commands enable network operators to administer security for administrator access to the switch management console or web interface as well as to configure restrictions of network access for network attached devices.
AAA Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Dell EMC Networking switches support authentication of network users and switch administrators via a number of methods. Management access to the switch is via telnet, HTTP, SSH, or the serial console (SNMP access is discussed in the SNMP Commands section).
To authenticate a switch administrator, the authentication methods in the APL for the access line are attempted in order until an authentication attempt returns a success or failure return code. If a method times out, the next method in the list is attempted. The component requesting authentication is unaware of the ultimate authentication source. If a method in the preference list does not support the concept of time-out, subsequent entries in the list are never attempted.
Accounting notification is sent when the administrator exits exec mode. The duration of the exec session is logged in the accounting notice. Accounting notifications are sent at the end of each administrator executed command. In the case of commands like reload, and clear config, an exception is made and the stop accounting notice is sent at the beginning of the command.
Command Authorization Dell EMC Networking switches support per command or enable authorization using a TACACS server. See the authorization command in this section for further information. Additionally, the RADIUS or TACACS server can be configured to assign an administrative profile to a switch administrator. The administrative profile identifies groups of commands which may be executed by the administrator. See the Administrative Profiles Commands section for further information on this capability.
The Internal Authentication Server feature provides support for the creation of users for IEEE 802.1x access only, i.e. without switch management access. This feature maintains a separate database of users allowed for 802.1x access. The authentication method ias is available in the list of methods supported by authentication to support user database lookup. The ias method cannot be added in the same authentication list that has other methods like local, radius and reject.
MAC Authentication Bypass (MAB) provides 802.1x unaware clients controlled access to the network using the devices’ MAC address as an identifier. This requires that the known and allowable MAC address and corresponding access rights be prepopulated in the authentication server. Port access by MAB clients is allowed via local authentication if the user database has corresponding entries added for the MAB clients with user name and password attributes set to the MAC address of MAB clients.
When a client network device that supports 802.1x is connected to an unauthorized port that is 802.1x enabled with no unauthenticated VLAN configured and the client attempts and fails to authenticate, the port remains in the unauthorized state and the client is not granted access to the network. If an unauthenticated VLAN is configured for the port and the 802.
Default Configuration Accounting is not enabled by default. Command Mode Global Configuration User Guidelines An accounting list is identified by the default keyword or a user-specified list_name. Accounting records, when enabled for a line-mode, can be sent at both the beginning and at the end of the session (start-stop) or only at the end (stop-only). If none is specified, accounting is disabled for the specified list.
• Use the no aaa accounting exec or no aaa accounting commands to disable aaa accounting and optionally delete an accounting method list. Example The following shows several examples of the command.
Syntax aaa accounting delay-start [extended-time delay_value] no aaa accounting delay-start • delay_value—The maximum number of seconds to wait before sending the Acct-Start packet to the RADIUS accounting server. Range: 1 to 300 seconds. Default Configuration By default, the switch will wait up to the maximum of maximum number of retries (radius server retransmit) multiplied by the timeout (radius server timeout).
Syntax aaa accounting update {[newinfo][periodic minutes]} no aaa accounting update • periodic minutes—The number of minutes to wait before sending the Interim-Update packet to the RADIUS accounting server. The range for minutes is from 1 to 10081. • newinfo—Send the Interim-Update packet to the RADIUS accounting server whenever new information is available. Default Configuration By default, the sending of Interim-Update packets is disabled. There is no default time period.
aaa authentication dot1x default Use the aaa authentication dot1x default command in Global Configuration mode to specify an authentication method for 802.1x clients to access network resources. Use the no form of the command to return the authentication method to its default settings. Syntax aaa authentication dot1x default {ias|none|radius} no aaa authentication dot1x default The following methods may be configured: • ias—Use the internal authentication server user database for authentication.
The ias method utilizes the internal authentication server for authentication. Configure the ias database with the aaa ias-user command. Authentication via the internal authentication server only supports the EAP-MD5 method. Command History Syntax updated in version 6.6 firmware. Example The following example configures 802.1x authentication to use no authentication. Absent any other configuration, this command allows all 802.1x users to pass traffic through the switch.
Keyword Source or destination enable Uses the enable password for authentication. line Uses the line password for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication. Default Configuration The default enable list is enableList. It is used by console, telnet, and SSH and only contains the method enable and none.
NOTE: Requests sent by the switch to a RADIUS server include the username “$enabx$”, where x is the requested privilege level in decimal. For enable to be authenticated on RADIUS servers, add “$enabx$” users to them. The login user ID is also sent to TACACS+ servers for enable authentication. Example The following example configures enable authentication to use the enable method for accessing higher privilege levels.
Default Configuration The default login lists are defaultList and networkList. defaultList is used by the console and only contains the method none. networkList is used by telnet and SSH and only contains the method local. Command Mode Global Configuration mode User Guidelines The default and optional list names created with the aaa authentication login command are used with the login authentication command.
aaa authorization Use the aaa authorization command to enable authorization and optionally create an authorization method list. A list may be identified by a userspecified list-name or the keyword default. Use the no form of the command to disable authorization and optionally delete an authorization list. Syntax aaa authorization {commands|exec|network}{default|list-name} {method1 [method2]} no aaa authorization {commands|exec|network} {default|list-name} • exec—Provides Exec authorization.
Authorization is not enabled by default. Authorization supports Exec authorization and network authorization for RADIUS. Only TACACS is supported for command authorization. Setting a none or local method for authorization authorizes Exec access for all functions.
If no authorization server is available or configured, the function is denied unless the none method is configured in the list. If authorization is configured on the console, this can lead to situations where the console denies administrative access. Therefore, it is recommended that the console authorization only be enabled with due regard to the risks involved. If none is configured as the last method after radius or tacacs, no authorization is performed if the RADIUS/TACACS servers are down.
console(config)#aaa authorization exec exec-list radius none Apply the AML to an access line mode (SSH): console(config)#line ssh console(config-ssh)#authorization exec exec-list Display the authorization methods: console#show authorization methods Exec Authorization List Methods --------------------------------------------------------dfltExecAuthList none exec-list radius none Command Authorization List ---------------------------dfltCmdAuthList telnet-list Line --------Console Telnet SSH Methods ------
Command Mode Global Configuration mode User Guidelines The RADIUS server can place a port in a particular VLAN based on the result of the authentication. VLAN assignment must be configured on the external RADIUS server using the RADIUS TUNNEL-TYPE attribute and others. See RADIUS Commands and Security Commands for further information.
no aaa ias-user username user Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines This command has no user guidelines. Examples console#configure console(config)#aaa ias-user username client-1 console(config-ias-user)#exit console(config)#no aaa ias-user username client-1 aaa new-model The aaa new-model command in Global Configuration mode is a no-op command. It is present only for compatibility purposes.
Example The following example configures the switch to use the new model command set. console(config)# aaa new-model aaa server radius dynamic-author Use this command to enter dynamic RADIUS server configuration mode. Syntax aaa server radius dynamic-author Default Configuration By default, no dynamic RADIUS servers are configured. Command Mode Global Configuration User Guidelines Configuring a dynamic RADIUS server causes the system to begin listening on the default port 3799 for RADIUS CoA requests.
If a valid authenticated RFC 3575 Disconnect-Request request is received from a configured server and the session cannot be found, the switch returns a Disconnect-NAK message with the 503 Session Context Not Found response code. Four additional types of CoA requests are supported: • Re-authenticate Session: Upon receipt of a re-authenticate request for a host currently authenticated by 802.1x, the switch sends an EAPOL EAP-Request/EAPIdentity Request to the host without de-authorizing the host.
NAK response is returned with 501 Administratively Prohibited response code. • Bounce Port: A bounce port request disables the port for 10 seconds (terminating all sessions on the port) and then re-enables the port. The termination disables access to the network for all hosts on the port by disabling the link and may cause the hosts to attempt to re-authenticate when the link is brought up. Therefore, it is recommended that the bounce port request only be used for ports configured in 802.1X auto mode.
console(config)# dot1x system-auth-control console(config)# interface range gi1/0/1-24 console(config-if)# authentication port-control auto console(config-if)# authentication host-mode multi-auth console(config-if)# exit console(config)# radius server 1.1.1.1 console(Config-radius)#primary console(Config-radius)#exit console(config)# radius server 2.2.2.2 console(Config-radius)#exit console(config)# radius server 3.3.3.3 console(Config-radius)#key “That’s your secret.
By default, RADIUS CoA disable host port requests are honored. Command Mode Global Configuration mode User Guidelines A RADIUS CoA bounce host port command disables the port for 10 seconds by bringing the link down and then re-enables the port. The authentication command bounce-port ignore disables processing of bounce host port CoA requests and effectively prevents a link flap on the requested RADIUS authenticated port.
console(config)# authentication command bounce-port ignore The following example sets the switch to ignore CoA disable host port commands. console(config)# authentication command disable-port ignore authentication critical recovery Use the authentication critical recovery command to control the load placed on RADIUS servers. Syntax authentication critical recovery max-reauth number-of-clients no authentication critical recovery max-reauth number-of-clients • number-of-clients—The maximum number of 802.
Example The following example sets the switch to rate limit reauthentication requests to 20 per second. console(config)# authentication critical recovery max-reauth 20 authentication dynamic-vlan enable Use the authentication dynamic-vlan enable command to enable the switch to create VLANs dynamically when a RADIUS–assigned VLAN does not exist in the switch. Use the no form of the command to disable this capability.
authentication enable Use this command to globally enable the Authentication Manager. Interface configuration set with the authentication order command takes effect only if the Authentication Manager is enabled. Use the no form of this command to disable the Authentication Manager. Syntax authentication enable no authentication enable Default Configuration The default value is Disabled.
• reinitialize—Re-authenticate hosts, potentially into the critical data VLAN. • authorize—Hosts on the data VLAN are switched to the critical data VLAN without re-authentication. • vlan-id—The critical data VLAN identifier. Default Configuration By default, critical data VLAN capability is not enabled. Command Mode Interface (Ethernet) Configuration mode User Guidelines The command configures the critical data VLAN ID.
Example The following example configures an interface to support a critical data VLAN (100) and to re-authenticate hosts when no RADIUS server is reachable. console(config)#vlan 100 console(config-vlan100)#interface gi1/0/1 console(config-if-Gi1/0/1)#authentication event server dead action reinitialize vlan 100 authentication event server alive action This command configures the actions to take when at least one authentication server is reachable.
Example The following example configures an interface to support a critical data VLAN (100) and to reauthenticate hosts when no RADIUS server is reachable and again when at least one RADIUS server becomes reachable.
Example The following example allows open access to all network resources when no ACL is configured and enabled on the interface. console(config-Gi1/0/1)# authentication open authentication order This command sets the order of authentication methods used on a port. Use the no form of this command to return the port to the default authentication order.
Example console(config-if-Gi1/0/1)# authentication order dot1x mab captive-portal console(config-if-Gi1/0/1)# no authentication order authentication priority Use this command to set the priority for the re-authentication methods used on a port. Use the no form of this command to return the port to the default order of priority for the authentication methods.
authentication timer restart Use this command to set the interval after which reauthentication starts. This timer starts only if all the authentication methods fail. Use the no form of this command to set the authentication restart timer to factory default value. Syntax authentication timer restart time no authentication timer restart • time—The time, in seconds, after which reauthentication starts, if all the authentication methods have failed. Range: 300-65535.
Syntax authentication violation { protect | restrict | shutdown } no authentication violation • protect—Drop incoming packets from the offending host. • restrict—Generate a log when a violation occurs. • shutdown—Error disable the interface. Default Configuration The default violation mode is restrict. Command Mode Interface (Ethernet) Configuration mode User Guidelines This command should not be confused with the port security capability.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command. Example console#clear aaa ias-users clear authentication statistics Use this command to clear the authentication statistics. Syntax clear authentication statistics {interface-id | all} Default Configuration There is no default configuration for this command.
Syntax clear authentication authentication-history {all|interface-id} • all—Clear all authentication history. • interface-id—A physical (Ethernet) interface identifier. Default Configuration This command has no default configuration. Command Modes Privileged Exec mode User Guidelines The all parameter clears all 802.1X and Authentication Manager history on the switch. Use of the interface parameter clears the history for the specific interface.
if the name is surrounded by double quotes. To use the ! character as part of the username or password string, it should be enclosed within quotation marks. For example, username “test!xyz” password “test!xyz”. • encrypted — Encrypted password entered, copied from another switch configuration. Default Configuration This command has no default configuration.
Syntax ip http authentication {method1 [method2...]} no ip http authentication • method1 [method2...] — Specify at least one from the following table: Keyword Source or destination local Uses the local username database for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication. Default Configuration The local user database is checked.
Syntax ip https authentication {method1 [method2...]} no ip https authentication • method1 [method2...] — Specify at least one from the following table: Keyword Source or destination local Uses the local username database for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication. Default Configuration The local user database is checked.
mab Use the mab command to configure the switch to enable MAC Authentication Bypass (MAB) authentication for devices connected to the interface. Use the no form of this command to disable MAB on an interface.
Command History Updated syntax in version 6.5 Updated syntax in version 6.6 firmware. Example The following example sets MAC Authentication Bypass on interface gigabitethernet 1/0/2: console(config-if-Gi1/0/2)#authentication port-control auto console(config-if-Gi1/0/2)#mab password (AAA IAS User Configuration) Use the password command in aaa IAS User Configuration mode to configure a password for an IAS user. The password is composed of up to 64 alphanumeric characters.
Example console#configure console(config)#aaa ias-user username client-1 console(config-ias-user)#password client123 console(config-ias-user)#no password The following is an example of adding a MAB Client to the IAS user database with MAC address f81f.3ccc.b157. Be sure to enter the password in upper case letters or authentication will fail with an “MD5 Validation Failure” as the password hash does not match.
Example The following example shows the prompt sequence for executing the password command. console>password Enter old password:******** Enter new password:******** Confirm new password:******** show aaa ias-users Use the show aaa ias-users command to display configured IAS users and their attributes. Passwords configured are not shown in the show command output. Syntax show aaa ias-users Default Configuration This command has no default configuration.
Syntax show aaa statistics Default Configuration This command has no default setting. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
User Guidelines This command has no user guidelines. Examples console#show accounting methods AcctType MethodName MethodType Method1 Method2 -----------------------------------------------------------------Exec dfltExecList start-stop tacacs Commands dfltCmdList stop-only tacacs Dot1x dfltDot1xList start-stop Line EXEC Method List Command Method List ------------------------------------------------Console none none Telnet none none SSH none none Command History Example updated in the 6.4 release.
aaa accounting aaa accounting update newinfo : Disabled update periodic : 5 minutes Command History Introduced in the 6.5.2 release. show authentication Use this command to display the authentication status for a specific interface or all interfaces. Syntax show authentication [interface {interface-id | all}] • interface-id—Display information for an individual Ethernet (physical) interface. • all—Display information for all interfaces.
Output Parameter Description Port Control Mode The configured control mode for this port. Possible values are force-unauthorized | auto | unauthorized. Host Mode The authentication host mode configured on the interface. Authentication Restart Time The time in seconds after which reauthentication starts. Configured Method The order of authentication methods used on the interface. Order Enabled Method Order The order of authentication methods used on the interface.
Output Parameter Description Authentication The action to be undertaken for voice clients when all RADIUS Server Dead Action servers are found dead. for Voice Authentication Server Alive Action The action to be undertaken for data clients when a RADIUS server comes alive after all configured RADIUS servers were found dead. Command History Output updated in version 6.6 firmware. Example The following example shows the output for a single Ethernet interface.
Syntax show authentication authentication-history {all | interface-id [ detail ] | failed-auth-only } • interface-id—Display information for a single Ethernet (physical) interface identifier. Default Configuration There is no default configuration for this command.
-------------------May 07 2018 13:02:41 May 07 2018 13:01:33 --------Gi1/0/2 Gi1/0/2 ----------------58:05:94:1C:00:00 58:05:94:1C:00:00 -----------Unauthorized Unauthorized -----802.1X 802.1X show authentication methods Use the show authentication methods command to display information about the authentication methods. Syntax show authentication methods Default Configuration This command has no default configuration.
Telnet SSH networkList networkList HTTPS HTTP DOT1X enableNetList enableNetList :local :local : show authentication statistics Use this command to display the Authentication Manager statistics on one or more interfaces. Syntax show authentication statistics interface-id • interface-id—An Ethernet interface identifier. Default Configuration There is no default configuration for this command.
show authorization methods Use the show authorization methods command to display the configured authorization method lists. Syntax show authorization methods Default Configuration This command has no default setting. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Command authorization is supported only for the line, telnet, and SSH access methods.
show mab Use the show mab command to display the authenticated MAB clients. Syntax show mab [interface ] • interface-id—An interface (Ethernet) identifier. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command displays the configuration and status of MAB authenticated hosts. Command History Command introduced in version 6.6 firmware.
Interface --------Gi1/0/10 Admin Mode ----------Enabled Auth-type --------eap-md5 show users accounts Use the show users accounts command to display the local user status with respect to user account lockout and password aging. Syntax show users accounts Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines User accounts are distinct from the IAS user accounts.
Example The following example displays information about the local user database. console(config)#show users accounts UserName Privilege ------------------------ --------admin 15 Administrative Profile(s): Password Password Lockout Aging Expiry date -------- -------------------- -------200 Jan 13 1915 00:32:12 False show users login-history Use the show users login-history command in Global Configuration mode to display information about the login history of users.
Jan 19 2005 08:42:31 Jan 19 2005 08:49:52 John Betty SSH Telnet 172.16.0.1 172.16.1.7 Command History Syntax updated in 6.4 release. username Use the username command in Global Configuration mode to add a new user to the local user (switch administrator) database. The default privilege level is 1. The command optionally allows the specification of an Administrative Profile for a local user. Use the no form of this command to remove the username from the local user database.
• profile—The name of the administrative profile(s) to apply to this user. An administrative profile is mutually exclusive with a privilege level. • encrypted—Encrypted password entered, copied from another switch configuration. Password strength checking is not applied to the encrypted string. Default Configuration The default privilege level is 1.
Message Type Message Description Successful Completion Message No message is displayed. Error Completion Message Could not set user password! Reason behind the failure 1 Exceeds Minimum Length of a Password. Password should be in the range of 8-64 characters in length. Set minimum password length to 0 by using the passwords min-length 0 command.
Syntax username username unlock Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command applies to switch administrator (privilege level 15) accounts. Privilege level 0 cannot log into the switch. There is effectively no difference between privilege level 1 and 15.
Administrative Profiles Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The administrative profiles capability provides the network administrator control over which commands a user (switch administrator) is allowed to execute. The administrator is able to group commands into a “profile” and assign a profile to a user upon authentication. This provides more granularity than simply allowing read-only and read-write users.
passes enable authentication, the user is permitted access to all commands. This is also true if none of the Administrative Profiles provided are configured on the switch. RADIUS and TACACS+ The network administrator may configure a custom attribute to be provided by the server during authentication. The RADIUS and TACACS+ applications process this custom attribute and provide this data to the User Manager for configuring the user profile.
Example console(config)#admin-profile qos console(admin-profile)# description (Administrative Profile Configuration) Use the description command in Administrative Profile Configuration mode to add a description to an administrative profile. Use the no form of this command to delete the description. Syntax description text no description • text—A description of, or comment about, the administrative profile. To include white space, enclose the description in quotes. Range: 1 to 128 printable characters.
rule Use the rule command to add a rule to an administrative profile. Use the no form of this command to delete a rule. Syntax rule number {deny|permit} {command command-string|mode modename} no rule number • number—The sequence number of the rule. Rules are applied from the highest sequence number to the lowest. Range: 1 to 256. • command-string—Specifies which commands to permit or deny. The command-string may contain spaces and regular expressions.
show admin-profiles Use the show admin-profiles command to show the administrative profiles. If the optional profile name parameter is used, only that profile will be shown. Syntax show admin-profiles [name profile-name] • profile-name—The name of the administrative profile to display. Default Configuration This command has no default configuration.
3 permit mode class-map show admin-profiles brief Use the show admin-profiles brief command to list the names of the administrative profiles defined on the switch. Syntax show admin-profiles brief Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines These are the generic mode names to be used in the rule command above. These are not the same as the prompt which is displayed in a particular mode.
E-mail Alerting Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches E-mail Alerting is an extension of the logging system. The Dell EMC Networking logging system allows the user to configure a variety of destinations for log messages. This feature adds e-mail configuration capabilities, by which the log messages are sent to a configured SMTP server such that an operator may receive the log in an e-mail account of their choice.
logging email Use the logging email command in Global Configuration mode to enable email alerting and set the lowest severity level for which log messages are emailed. Use the no form of the command to disable e-mail alerting. Syntax logging email [severity] no logging email • severity—If you specify a severity level, log messages at or above the severity level are e-mailed. The severity level may either be specified by keyword or as an integer from 0 to 7.
time specified in the logging email logtime command) and then e-mailed in a single e-mail message. If you set the non-urgent severity level to the same value as the urgent severity level, then no log messages are e-mailed nonurgently. See the logging email urgent command to specify the urgent severity level. The command no logging email disables all e-mail alerting.
Command Mode Global Configuration mode User Guidelines Log messages at or above this severity level are considered urgent. By default, Emergency and Alert log messages are considered urgent. Urgent log messages are e-mailed immediately, one log message per e-mail message, and do not wait for the log time to expire. Urgent log messages are not e-mailed unless you enable e-mail alerting with the logging email command.
Urgent | non-urgent | both—The priority with which the email is queued. Urgent email is sent immediately. Non-urgent email is queued and sent periodically. Example console(config)#logging email message-type urgent to-addr admin123@dell.com Command History Example added in the 6.4 release. logging email from-addr Use the logging email from-addr command in Global Configuration mode to configure the From address of the e-mail. Use the no form of this command to remove the e-mail source address.
logging email message-type subject Use the logging email message-type subject command in Global Configuration mode to configures subject of the e-mail. Use the no form of this command to remove the existing subject and return to the default subject. Syntax logging email message-type message-type subject subject no logging email message-type message-type subject Default Configuration This command has no default configuration.
• time duration—Time in minutes. Range: 30 – 1440. Default Configuration The default value is 30 minutes. Command Mode Global Configuration User Guidelines This command has no user guidelines. Example console(config)#logging email logtime 50 Command History Example added in the 6.4 release. logging email test message-type Use the logging email test message-type command in Global Configuration mode to test whether or not an e-mail is being sent to an SMTP server.
User Guidelines This command has no user guidelines. Example console(config)#logging email test message-type urgent message-body urgentlog Command History Example added in the 6.4 release. show logging email statistics Use the show logging email statistics command to show the statistics about the e-mails. The command displays information on how many e-mails are sent, how many e-mails failed, how long it has been since the last e-mail was sent.
clear logging email statistics Use the clear logging email statistics command to clear the e-mail alerting statistics. Syntax clear logging email statistics Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines This command has no user guidelines. Example console#clear logging email statistics Command History Example added in the 6.4 release.
Default Configuration The default value is disabled. Command Mode Mail Server Configuration User Guidelines This command has no user guidelines. Example console(config)#mail-server 10.131.1.11 console(mail-server)#security tlsv1 Command History Example added in the 6.4 release. mail-server ip-address | hostname Use the mail-server ip-address | hostname command in Global Configuration mode to configure the SMTP server IP address and change the mode to Mail Server Configuration mode.
Field Default Email Alert Security Protocol none Email Alert Username admin Email Alert Password admin Command Mode Global Configuration User Guidelines The server address can be in the IPv4, IPv6, or DNS FQDN name format. port (Mail Server Configuration Mode) Use the port command in Mail Server Configuration mode to configure the TCP port to use for communication with the SMTP server. The default for no security is 25 (SMTP). The port for TLSv1 is port 465. The range is 1025 to 65535.
console(mail-server)#port 1024 Command History Example added in the 6.4 release. Description updated in the 6.4 release. username (Mail Server Configuration Mode) Use the username command in Mail Server Configuration mode to configure the username required by the authentication. Use the no form of the command to revert the username to the default value. Syntax username username no username Default Configuration The default value for username is admin.
password (Mail Server Configuration Mode) Use the password command in Mail Server Configuration mode to configure the password required to authenticate to the e-mail server. Use the no form of the command to revert the password to the default value. Syntax password password no password Default Configuration The default value for password is admin. Command Mode Mail Server Configuration User Guidelines This command has no user guidelines. Example console(config)#mail-server 10.131.1.
Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show mail-server all Mail Servers Configuration: No of mail servers configured......................1 Email Email Email Email Email Alert Alert Alert Alert Alert Mail Server Address.................. 10.131.1.11 Mail Server Port........................ 465 SecurityProtocol.............
RADIUS Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Authentication of users in a large network can be significantly simplified by making use of a single database of accessible information supplied by an Authentication Server. These servers commonly use the Remote Authentication Dial In User Service (RADIUS) protocol as defined by RFC 2865.
assigned VLAN does not exist on the supplicant connected interface, the assigned VLAN is dynamically created. See the aaa authorization network default radius command for further information. This implies that the client can connect from any port and be assigned to the appropriate VLAN, which may be already configured on an uplink interface. This gives flexibility for clients to move around the network with out requiring the operator to perform additional provisioning for each network interface.
denied network access. Dell EMC Networking switches also support the proprietary VSA subscriber commands bounce-host-port, disable-host-port, and reauthenticate. If the session cannot be located, the device returns a Disconnect-NAK message with the “Session Context Not Found” error-code attribute. If the session is located, the device terminates the session. After the session has been completely removed, the device returns a Disconnect-ACK message.
acct-port Use the acct-port command to set the port on which the RADIUS accounting server listens for connections. Use the no form of this command to reset the port to the default. Syntax acct-port port no acct-port • port — The layer 4 port number of the accounting server (Range: 1 65535). Default Configuration The default value of the port number is 1813. Command Mode RADIUS Server Accounting mode User Guidelines There are no user guidelines for this command.
Default Configuration By default, the Service-Type is not included in the Access-Request message sent to the authentication server. Command Mode RADIUS Server Configuration User Guidelines on-for-login—If the on-for-login parameter is enabled, the Service-Type TLV is send in the Access-Request message. mandatory—If the mandatory parameter is enabled, the Service-Type attribute is required and validated in the Access-Accept packet received from the RADIUS server.
attribute 8 Use the attribute 8 command to configure the switch to send the RADIUS Framed-IP-Address attribute in the Access-Request message sent to a specific RADIUS authentication server. The switch sends the IP address of the host attempting to authenticate in the Framed-IP-Address attribute in the AccessRequest sent to the authentication server.
Syntax attribute 25 include-in-access-req no attribute 25 include-in-access-req Default Configuration By default, the Class attribute is included in the accounting messages sent to the accounting server if received in the Access-Accept from the RADIUS authentication server. Command Mode RADIUS Server Configuration User Guidelines The switch sends the Class attribute value supplied by the RADIUS server in the Access-Accept message if enabled.
Syntax attribute { 30 | 31 | 32 } mac format { ietf | unformatted | legacy } [lowercase | upper-case] no attribute { 30 | 31 | 32 } mac format • ietf—Format the MAC address as 18-DB-F2-25-B2-D4. The default is upper case. • unformatted—Format the MAC address as 18dbf225b2d4. The default is lower case. • legacy—Format the MAC address as 18:db:f2:25:b2:d4. The default is lower case. • lower-case—Format hexadecimal characters using the character set [0-9af].
This command overrides the global configuration for attribute 30, 31, or 32. Use the mab request format attribute 1 command to configure formatting the User-Name attribute. Use the radius server attribute mac format command to globally configure MAC address formatting. Command History Introduced in version 6.3.0.1 firmware. Updated in release 6.5.0 to remove formatting of the User-Name attribute. Updated in release 6.6.0 to add formatting of attributes 30 and 31.
Command Mode RADIUS Server Configuration mode User Guidelines The format parameter is a text string. Use quotes to include embedded spaces. Command History Command introduced in version 6.6.0.1 firmware. attribute 44 Use the attribute 44 command to enable sending the Acct-Session-ID in Access-Request messages. Use the no form of the command to cease sending the Acct-Session-ID in Access-Request messages.
attribute 168 Use the attribute 168 include-in-access-req command to enable the switch to send the RADIUS Framed-IPv6-Address attribute in Access-Request messages sent to the RADIUS authentication server. Syntax attribute 168 include-in-access-req no attribute 168 include-in-access-req Default Configuration By default, RADIUS attribute 168 is not sent. Command Mode RADIUS Server Configuration mode.
authentication event fail retry Use the authentication event fail retry command to select the number of times authentication is reattempted by the user for an IEEE 802.1X supplicant. Use the no form of the command to return the number of maximum attempts to the default value.
This command sets the limit for retring failed authentications for RADIUS. The switch attempts authentication based on the selected method and if authentication returns an error (as opposed to a failure), the next authentication method is attempted regardless of this setting.
Command Mode RADIUS Server Configuration mode User Guidelines User must enter the mode corresponding to a specific RADIUS Server Configuration before executing this command. Example The following example sets the port number 2412 for authentication requests. console(config)#radius server auth 192.143.120.123 console(config-auth-radius)#auth-port 2412 automate-tester Use the automate-tester command to configure liveness checking. Use the no form of the command to disable liveness checking.
User Guidelines RADIUS servers configured with a test username and a non-zero deadtime are tested periodically for liveness. Liveness of a server is determined by sending an Access-Request to the server using a configurable dummy login. If an Access-Reject is returned, the server is marked alive and is available for use for authentication. The radius deadtime configured retries and timeouts are applied. It is suggested that the configured values be the same as the normal RADIUS values.
Syntax deadtime deadtime • deadtime — The amount of time that the unavailable server is skipped over. (Range: 0-2000 minutes) Default Configuration The default deadtime interval is 0 minutes, that is, the server will never be marked dead. Command Mode RADIUS Server Configuration mode User Guidelines If only one RADIUS server is configured, it is recommended to use a deadtime interval of 0. Setting the deadtime to 0 indicates to the switch that the server should never be marked dead.
• 0—The key string that follows is the unencrypted shared secret. The length is 1–128 characters. • 7—The key string that follows is the encrypted shared secret. The length is exactly 256 characters. • key-string — The key string in encrypted or unencrypted form. In encrypted form, it must be 256 characters in length. In unencrypted form, it may be up to 128 characters in length. Default Configuration There is no key configured by default.
msgauth Use the msgauth command to enable the message authenticator attribute to be used for the RADIUS Authenticating server being configured. Use the “no” form of this command to disable the message authenticator attribute. Syntax msgauth no msgauth Default Configuration The message authenticator attribute is enabled by default. Command Mode RADIUS Server Configuration mode User Guidelines There are no user guidelines for this command.
Default Configuration The default RADIUS server group name is Default-RADIUS-Server. Command Mode RADIUS Server Configuration mode User Guidelines Assigning a name to multiple RADIUS servers associates the servers into a list. Server groups may be used to control which authentication servers are prioritized for traffic. Names may consist of alphanumeric characters and the underscore, dash and blanks. Embed the name in double quotes to use a name with blanks.
console(config-auth-radius)#no name primary Use the primary command to specify that a configured server should be the primary server in a server group. Syntax primary Default Configuration There is no primary authentication server by default. Command Mode RADIUS Server Configuration mode User Guidelines Multiple primary servers can be configured for each server group.
Default Configuration The default priority is 0. Command Mode RADIUS Server Configuration mode User Guidelines User must enter the mode corresponding to a specific RADIUS server before executing this command. The highest priority is 0, with higher values indicating progressively lower priorities. Example The following example specifies a priority of 10 for the designated server. console(config)#radius server auth 192.143.120.
Command Mode Global Configuration mode User Guidelines This command does not alter the address in the IP header in Access-Requests transmitted to the RADIUS server. It only configures the NAS-IP-Address attribute sent to the RADIUS server inside the RADIUS Access-Request packet. This capability is useful when configuring multiple RADIUS clients (switches) to simulate a single RADIUS client for scalability.
Command Mode Global Configuration User Guidelines on-for-login—This parameter globally configures the switch to send the RADIUS Service-Type attribute in the Access-Request message sent to all RADIUS authentication servers. The switch sends the Service-Type value Administrative (6) for administrators attempting to access the switch console and sends Service-Type value Login (1) for users attempting to access the network.
Default Configuration By default, RADIUS attribute 8 is not sent. Command Mode Global Configuration User Guidelines If accounting is enabled and the address is available to the switch, the switch will send the IPv4 address in the Access-Request, Acct-Start/AcctInterim/Acct-Stop messages sent to the RADIUS server. The switch discovers the client IPv4 address via its inclusion in the RADIUS Access-Accept, via DHCPv4 snooping.
Syntax radius server attribute 25 include-in-access-req no radius server attribute 25 include-in-access-req Default Configuration By default, the switch sends the Class attribute to the accounting server if received in the Access-Accept from the RADIUS authentication server. Command Mode Global Configuration User Guidelines The switch sends the Class attribute value supplied by the RADIUS server in the RADIUS Access-Accept message if enabled.
The format parameter is a text string of 2-128 characters and may include the following format specifiers: %m : NAS MAC address %i : NAS IP address %h : NAS host name %d : NAS domain name Default Configuration By default, the format specifier is %m. Command Mode Global Configuration User Guidelines The format parameter is a text string. Use quotes to include embedded spaces. The MAC address format may be altered by configuration of the radius server attribute 32 mac format command.
Syntax radius server attribute 44 include-in-access-request no radius server attribute 44 include-in-access-request Default Configuration By default, the Acct-Session-ID is not sent in Access-Request messages. Command Mode Global Configuration mode User Guidelines The Acct-Session-ID is the same as the session identifier used in accounting messages. Command History Command introduced in version 6.6.0.1 firmware.
• ietf—Format the MAC address as 18-DB-F2-25-B2-D4. The default is upper case. • unformatted—Format the MAC address as 18dbf225b2d4. The default is lower case. • legacy—Format the MAC address as 18:db:f2:25:b2:d4. The default is lower case. • lower-case—Format hexadecimal characters using the character set [0-9af]. • upper-case—Format hexadecimal characters using the character set [0-9AF].
Example This example globally configures the format of the MAC address sent in the Calling-Station-Id attribute to IETF lower case. It also configures interface Gi1/0/1 to use MAB. For this command to have any affect, MAB must be configured on the switch in an active authentication list, IEEE 802.1X must be configured, and a RADIUS server must also be configured.
After an Access-Accept has been received by the switch and the switch grants the host access to the network, it may take a few seconds before the DHCPv6 transaction completes. Use the aaa accounting delay-start command to delay the sending of the Acct-Start packet to the accounting server. Accounting messages are not sent for hosts placed in the Guest VLAN. Use the show authentication clients command to display the RADIUS Server supplied IPv6 address, if any.
User Guidelines Use this command in conjunction with the automate-tester command to enable testing of RADIUS servers. When all RADIUS servers have been declared dead, 802.1x authenticated clients may be migrated to the critical data VLAN or critical voice VLAN. Newly authenticating clients will be authenticated to the critical data or voice VLAN. Command History Command introduced in version 6.6.0.1 firmware. Example This example globally sets the dead criteria to two attempts with a 10 second timeout.
User Guidelines If only one RADIUS server is configured, it is recommended that the deadtime interval be left at 0. Setting the deadtime to 0 will cause the switch to always send a RADIUS request to the RADIUS server if the server is selected. If a RADIUS server is currently active and responsive, that server will be used until it no longer responds. RADIUS servers whose deadtime interval has not expired are skipped when searching for a new RADIUS server to contact.
User Guidelines RADIUS servers are keyed by the host name/IP address, therefore it is advisable to use unique server host names. Use the show aaa servers {accounting|authentication} command to display the hostname/IP address to list name mapping. Multiple authentication servers may be configured with the same name using the name command. Dell EMC Networking implements a two-level hierarchy for RADIUS servers. The top level is a list of servers which is alphabetically ordered by name.
Server IP address — 192.168.10.1 Server Name — name1 Type — primary console(config)#radius server 192.168.10.1 console(config-auth-radius)#name name1 console(config-auth-radius)#primary The following shows an example configuration with two servers (list1 and list2), each of which has a Primary and Secondary IP addresses: console(config)#show aaa servers authentication * Host Address ---- -----------1.2.3.1 4.3.2.2 4.3.2.1 1.2.3.5 1.2.3.
Default Configuration The default is an empty string. Command Mode Global Configuration User Guidelines In an Access-Request, encrypted passwords are sent using the RSA Message Digest algorithm (MD5). If no encryption parameter (7) is present, the key string is interpreted as an unencrypted shared secret. Keys are always displayed in their encrypted form in the running configuration. The encryption algorithm is the same across switches.
• acct—Configure load balancing for accounting servers. • radius—Configure load balancing for the default RADIUS server list. • name—Configure load balancing for the named server list. • least-outstanding—Configure least outstanding request load balancing. • batch-size—Configure the number of outstanding requests to send to a server. Default Configuration By default, all RADIUS servers are part of the Default-RADIUS-Server list. The default batch size is 25 requests.
Example This example globally sets load balancing for the default RADIUS list using a batch size of 5. Probes are sent to the RADIUS server after two minutes with no activity to that server. console(config)#radius server auth 4.3.2.4 console(config-auth-radius)#radius-server dead-criteria time 10 tries 2 console(config-auth-radius)#automate-tester username dummy idle-time 2 console(config-auth-radius)#exit console(config)#radius server auth 4.3.2.
Example The following example configures the number of times the RADIUS client attempts to retransmit requests to the RADIUS server to five attempts. console(config)#radius server retransmit 5 radius server source-ip Use the radius server source-ip command to specify the source IPv4 address used in the IP header for communication with RADIUS servers. To return to the default, use the no form of this command. 0.0.0.0 is interpreted as a request to use the IPv4 address of the outgoing IP interface.
radius server source-interface Use the radius server source-interface command to select the interface from which to use the IP address in the source IP address field of transmitted RADIUS packets. Use the no form of the command to revert to the default IP address. Syntax radius server source-interface {loopback loopback-id | vlan vlan-id} no radius server source-interface • loopback-id — A loopback interface identifier. • vlan-id—A VLAN identifier.
console(config-if-vlan1)#exit console(config)#radius server source-interface vlan 1 radius server timeout Use the radius server timeout command in Global Configuration mode to set the interval for which a switch waits for a server to reply. To restore the default, use the no form of this command. Syntax radius server timeout timeout no radius server timeout • timeout — Specifies the timeout value in seconds. (Range: 1–30) Default Configuration The default value is 15 seconds.
Default Configuration By default, VSA Attribute 26, Vendor ID 9, and Sub-type 1 are not processed by the switch. Command Mode Global Configuration mode User Guidelines This command does not affect processing of any VSA’s other than VSA Attribute :q1 26, Vendor ID 9, Sub-type 1. It does not affect processing of Voice VLAN or Admin/Login. Predefined ACL Selection using VSA Attribute 26 This method selects an ACL that is already configured on the switch.
ipv6:inacl=Named_IPv6_ACL Dynamic ACL Definition This method uses ACL syntax to create a new ingress ACL on the switch: ip:inacl[#number]={extended-access-control-list} ipv6:inacl[#number]={ extended-access-control-list} • The ip token indicates an IPv4 ACL definition follows the equals sign. • The ipv6 token indicates an IPv6 ACL definition follows the equals sign. • #number is the ACL sequence number in decimal format. Range 1– 2147483647.
or configured with both ip:traffic-class and inacl rules and identifying the affected interface. If Accounting is enabled, the Acct-Start packet is not sent. An EAP-Failure is sent to the 802.1X client. Command History Command introduced in firmware version 6.5.2. retransmit Use the retransmit command in RADIUS Server Configuration mode to specify the number of times the RADIUS client retransmits requests to the RADIUS server. Syntax retransmit retries • retries — Specifies the retransmit value.
show aaa servers Use the show aaa servers command to display the list of configured RADIUS servers and the values configured for the global parameters of the RADIUS servers. Syntax show aaa servers [accounting | authentication] [name [servername]] • accounting—This optional parameter will cause accounting servers to be displayed. • authentication—This optional parameter will cause authentication servers to be displayed.
Field Description Named Accounting Server Groups The number of configured named accounting RADIUS server groups. Timeout The configured timeout value, in seconds, for request retransmissions. Retransmit The configured value of the maximum number of times a request packet is retransmitted. Dead Time The configured length of time an unavailable RADIUS server is skipped. RADIUS Accounting Mode A global parameter to indicate whether the accounting mode for all the servers is enabled or not.
Example console#show aaa servers IP address Usage ------------------10.130.50.107 10.130.50.107 Type Port TimeOut Retran. DeadTime Source IP Prio. ----- ----- ------- ------- -------- ------------- ----- -Auth Acct 1812 1813 Global N/A Global N/A Global N/A Global values -------------------------------------------Number of Configured Authentication Servers.... Number of Configured Accounting Servers........ Number of Named Authentication Server Groups... Number of Named Accounting Server Groups...
Number Number Number Number Number Number Number Radius of CoA ACK Responses Sent...................... of CoA NAK Responses Sent...................... of Coa Requests Ignored........................ of CoA Missing/Unsupported Attribute Requests. of CoA Session Context Not Found Requests..... of CoA Invalid Attribute Value Requests........ of Administratively Prohibited Requests........ Server VSA Authentication:.....................
User Guidelines The hostname parameter may be a fully or partially qualified domain name. A hostname consists of a series of labels separated by periods. Each label may be a maximum of 63 characters in length. The maximum length of the hostname parameter is 256 characters. Refer to RFC 1035 Section 2.3.1 for more information. The following fields are displayed for accounting servers: Field Description RADIUS Name of the accounting server. Accounting Server Name Server Host Address IP address of the host.
Field Description Unknown Types The number of packets unknown type which were received from this server on accounting port. Packets Dropped The number of RADIUS packets received from this server on accounting port and dropped for some other reason. The following fields are displayed for authentication servers: Field Description RADIUS Server Name Name of the authenticating server. Server Host Address IP address of the host.
Field Description Unknown Types The number of packets unknown type which were received from this server on the authentication port. Packets Dropped The number of RADIUS packets received from this server on authentication port and dropped for some other reason. Example console#show radius statistics accounting 192.168.37.200 RADIUS Accounting Server Name................. Host Address.................................. Round Trip Time............................... Requests...............................
source-ip Use the source-ip command in RADIUS Server Configuration mode to specify the source IP address to be used for communication with RADIUS servers. 0.0.0.0 is interpreted as a request to use the IP address of the outgoing IP interface. Syntax source-ip source • source — A valid source IP address. Default Configuration The IP address is of the outgoing IP interface.
Default Configuration The default value is 15 seconds. Command Mode RADIUS Server Configuration mode User Guidelines The administrator must enter the mode corresponding to a specific RADIUS server before executing this command. This command overrides the global configuration for the selected server. Example The following example specifies the timeout setting for the designated RADIUS Server. console(config)#radius server host 192.143.120.
User Guidelines The administrator must enter the auth or acct mode corresponding to a specific RADIUS server before executing this command. This command has no effect on accounting servers. Use this command to restrict the types of authentication sent to a particular RADIUS server. The login selection restricts authentication requests to switch administrator logins. The authmgr setting restricts authentication requests to 802.1x and MAB authentications. Command History Syntax updated in version 6.
TACACS+ Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches TACACS+ provides access control for networked devices via one or more centralized servers, similar to RADIUS this protocol simplifies authentication by making use of a single database that can be shared by many clients on a large network.
Syntax key [0|7] key-string no key • 0—The key string that follows is the unencrypted shared secret. The length is 1–128 characters. • 7—The key string that follows is the encrypted shared secret. The length is 256 characters. • key-string — Specifies the key string in encrypted or unencrypted form. It may be up to 128 characters in length in unencrypted format and 256 characters in length in encrypted format.
Example The following example sets the authentication encryption key. console(config-tacacs)#key “This is a key string” console(config-tacacs)#key 0 “This is a key string” port Use the port command in TACACS Configuration mode to specify a port number on which a TACACS server listens for connections. Syntax port [port-number] • port-number — The server port number. If left unspecified, the default port number is 49. (Range: 0–65535) Default Configuration The default port number is 49.
• priority — Specifies the priority for servers. 0 (zero) is the highest priority. (Range: 0–65535). Default Configuration If left unspecified, this parameter defaults to 0 (zero). Command Mode TACACS Configuration mode User Guidelines This command has no user guidelines. Example The following example shows how to specify a server priority of 10000. console(config-tacacs)#priority 10000 show tacacs Use the show tacacs command to display the configuration and statistics of a TACACS+ server.
Examples The following example displays TACACS+ server settings. console#show tacacs Global Timeout: 5 Server Address --------------10.254.24.162 Port ----49 Timeout ------Global Priority -------0 Source Interface ----------------Loopback 0 tacacs-server host Use the tacacs-server host command in Global Configuration mode to configure a TACACS+ server. This command enters into the TACACS+ configuration mode. To delete the specified hostname or IP address, use the no form of this command.
Example The following example specifies a TACACS+ host. console(config)#tacacs-server host 172.16.1.1 console(config-tacacs)# tacacs-server key Use the tacacs-server key command in Global Configuration mode to set the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ daemon. To disable the key, use the no form of this command.
If no encryption parameter is present, the key string is interpreted as an unencrypted shared secret. Keys are always displayed in their encrypted form in the running configuration. In an Access-Request, encrypted passwords are sent using the RSA Message Digest algorithm (MD5). The encryption algorithm is the same across switches. Encrypted passwords may be copied from one switch and pasted into another switch. Command History Updated in version 6.3.0.1 firmware.
Command Mode Global Configuration User Guidelines The source interface must have an assigned IP address (either manually or via another method such as DHCP). Loopback interfaces are not supported on the Dell EMC N1100-ON Series switches. Command History Introduced in version 6.3.0.1 firmware.
User Guidelines This command has no user guidelines. Example The following example sets the timeout value as 30. console(config)#tacacs-server timeout 30 timeout Use the timeout command in TACACS Configuration mode to specify the timeout value in seconds. If no timeout value is specified, the global value is used. Syntax timeout [timeout] • timeout — The timeout value in seconds. (Range: 1–30) Default Configuration If left unspecified, the timeout defaults to the global value.
802.1x NAS Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Local Area Networks (LANs) are often deployed in environments that permit the attachment of unauthorized devices. The networks also permit unauthorized users to attempt to access the LAN through existing equipment. In such environments, the administrator may desire to restrict access to the services offered by the LAN.
to be able to identify the short-comings in the configuration of a 802.1x authentication on the switch without affecting the network access to the users of the switch. There are three important aspects to this feature after activation: 1 To allow successful authentications using the returned information from authentication server.
Command Mode Global Configuration mode User Guidelines Local processing of IEEE 802.1x frames must be disabled (no dot1x systemauth-control) for this capability to be enabled. This capability is useful in situations where the authenticator device is placed one or more hops away from the authenticating host. The intervening switch will flood all received IEEE 802.1x frames in the VLAN. Flooding of IEEE 802.
When used with an interface parameter, this command clears all 802.1X sessions on the interface by removing the authentication information, reseting the 802.1X state machine, and denying network access to the authenticated device. Use with caution. Command History Syntax updated in version 6.6 firmware. default mab Use the default mab command to configure the switch to transmit EAP or CHAP or PAP credentials to the RADIUS server for MAB-authenticated devices connected to the interface.
1–User-Name—MAC address of MAB device. 3–CHAP-Password = Encrypted User Name. 4–NAS-IP-Address—IP address of the switch. 5–NAS-Port—Our internal port number. 6–Service-Type is set to 10 (Call-Check). 12–Framed-MTU—Port/switch MTU—header length (for example, 1500). 30–Called Station ID—MAC address of device (in xx:xx:xx:xx:xx:xx format). 31–Calling-Station ID—Switch MAC address. 60–CHAP-Challenge (if auth type is CHAP). 61–NAS-Port-Type (Ethernet 15). 87–NAS-Port-Id (e.g.
30–Called Station ID—MAC address of device (in xx:xx:xx:xx:xx:xx format). 31–Calling-Station ID—Switch MAC address. 61–NAS-Port-Type (Ethernet 15). The Calling Station ID is formatted per the attribute 31 command. The User-Name attribute is formatted per the attribute 1 command. The Access-Request attribute is formatted for PAP authentication. Command History Command introduced in version 6.5 firmware.
User Guidelines A MAC address consists of 12 hexadecimal digits. The MAC address of the authentication station is sent in the User-Name attribute in a RADIUS Access-Request for MAC Authentication Bypass configured stations. The following table shows some example formats: MAC Address Group Size Separator Case Formatted Address 18DBF225B2D4 1 . Lower 1.8.d.b.f.2.2.5.b.2.d.
User Guidelines This command limits the number of EAP Request/Identity messages. EAP Request/Identity messages are sent to identify if the connected host is 802.1X capable. This setting controls how long the switch will wait to identify non802.1X capable hosts on ports configured to authenticate with a method other than 802.1X. Use the dot1x max-req command to limit the number of EAP Request messages other than EAP Request/Identity. Command History Command introduced in version 6.5 firmware.
This command limits the number of times an EAP-Request is sent without receiving an EAP-Response. EAP-Requests are sent during the 802.1X authentication process to 802.1X aware hosts. Use the dot1x max-reauth-req command to limit the number of repeated EAP Request/Identity messages. Example The following example sets the number of times that the switch sends an EAP-request frame for which no EAP-Response is received to 6.
dot1x port-control Use the dot1x port-control command in Interface Configuration mode to configure the 802.1x mode of authentication on the port. Use the no form of the command to return the mode to the default. Syntax dot1x port-control {force-authorized | force-unauthorized | auto | macbased} no dot1x port-control • auto — Enables 802.1x authentication on the interface and causes the port to transition to the authorized or unauthorized state based on the 802.
Default Configuration The default port-control mode is auto except as noted. The default portcontrol mode for the N2200 is force-authorized. Command Mode Interface Configuration (Ethernet) mode User Guidelines It is recommended that you disable spanning tree or enable spanning-tree portfast mode on 802.1x edge ports (ports in auto state that are connected to end stations) in order to go immediately to the forwarding state after successful authentication.
• multi-host—Allow multiple hosts access to the network on an authenticated interface. One host must authenticate on the interface to allow access to other hosts. • multi-domain-multi-host—Allow one data device and one voice device to authenticate. Once the data device is authenticated, unrestricted access to the data VLAN for any host is allowed. • single-host—Allow a single authenticated device access to the network.
typically segregated by VLANs. The RADIUS server attribute “CiscoAVPair = "device-traffic-class=voice" is used to identify a voice client. Use switchport mode general to support RADIUS VLAN assignment for hosts. • multi-host—Allow multiple hosts access to the network on an authenticated interface. A host must authenticate on the interface before network access is granted. However once authentication succeeds, access is granted to all hosts connected to the port.
Command History Syntax added in version 6.6 firmware. Example The following example globally configures an interface to allow a single host to authenticate. console(config)# authentication host-mode single-host authentication max-users Use the authentication max-users command in Interface Configuration mode to set the maximum number of clients supported on the port when multi-auth host mode is enabled on the port.
When configuring an interface for both a data and voice device, set the maxusers limit to 3 if the voice device first authenticates or otherwise uses the data VLAN prior to switching over to the voice VLAN. Command History Syntax updated in version 6.6 firmware. Example The following example configures an interface for a data and voice device. The voice device is a typical IP phone that utilizes the data VLAN to obtain configuration via HTTP prior to authenticating onto the voice VLAN.
• force-unauthorized — Denies all access through this interface by forcing the port to transition to the unauthorized state, ignoring all attempts by the client to authenticate. The switch cannot provide authentication services to the client through the interface. VLAN assignment is not supported in this mode. Default Configuration The default port-control mode is auto (N1100, N1500, N2000, N2100, N3000E, N3100 switch models). The default port-control mode is forceauthorized (N2200, N3200 switch models).
authentication periodic Use the authentication periodic command in Interface Configuration mode to enable periodic re-authentication of the client. To return to the default setting, use the no form of this command. Syntax authentication periodic no authentication periodic Default Configuration Periodic reauthentication is disabled.
clear dot1x statistics Use the clear dot1x statistics command to clear the statistics for a specified interface or all interfaces. Syntax clear dot1x statistics [interface ID] • interface ID—An Ethernet (physical) interface identifier. Default Configuration This command has no default configuration Command Mode Privileged Exec mode User Guidelines This command clears all 802.1X statistics for an interface or for all interfaces on the switch. Command History Command introduced in version 6.6 firmware.
Command Mode Global Configuration mode User Guidelines Devices connected to interfaces on which IEEE 802.1X authentication is enabled will be required to authenticate before accessing network resources. This command enables 802.1X authentication globally. IEEE 802.1x must also be enabled on an interface in order for authentication to be enabled. It is possible to configure IEEE 802.1x while not enabled globally. Use the dot1x system-auth-control command to activate the configuration.
User Guidelines Monitor mode is intended to test network access controls in a test environment. Monitor mode always allows access to network resources, even if authentication fails, and therefore should never be used in a production network with real end users. Command History Command updated in version 6.6 firmware. Example The following command enables 802.1x monitor mode globally. Clients are always authenticated in monitor mode.
• seconds — Time in seconds that the switch remains in the quiet state following a failed authentication exchange with the client. (Range: 0– 65535 seconds) Default Configuration Each timer has a default as follows: • quiet-period: 60 seconds • tx-period: 30 seconds • supp-timeout: 30 seconds • server-timeout: 30 seconds Command Mode Interface Configuration (Ethernet) mode User Guidelines Change the default value of the 802.
During the quiet period, the switch does not accept or initiate any authentication requests. To provide a faster response time to the 802.1X clients, enter a smaller number than the default. Supp-timeout: The default timeout value is set per IEEE 802.1x. This value is used in conjunction with the dot1x timeout server-timeout command to limit the amount of time a supplicant can remain in a pending authentication state.
Syntax authentication timer reauthenticate {seconds|server} no authentication timer reauthenticate • seconds — Number of seconds between re-authentication attempts. (Range: 300–4294967295) • server— Utilize the Session-Timeout (RADIUS attribute 27) value received from the RADIUS server. Default Configuration The default re-authentication period is 3600 seconds. By default, the switch will utilize the value sent by the authentication server, if any.
auth-type Use this command to set the accepted authorization types for RADIUS CoA clients. Use the no form of the command to set the authorization type to the default (all). Syntax auth-type { all | any |session-key} no auth-type • all—Selects all CoA client authentication types. All session identification attributes must match for the authentication to succeed. • any—Selects any CoA client authentication type. Any session identification attribute may match for the authentication to succeed.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-radius-da)# auth-type all client Use this command to enter the CoA client parameters. Syntax client {ip-address | hostname } [ server-key [0 | 7] key-string ] no client {ip-address | hostname } • ip-address—The IPv4 address of a CoA client. The IPv4 address is entered in dotted-quad notation. • hostname—The fully qualified domain name (FQDN) of a CoA client. Maximum length of a host FQDN is 255 characters.
The server-key, if configured, overrides the global shared secret for this client only. Messages received from a RADIUS CoA client are validated against the configured servers. Messages received from unconfigured RADIUS CoA clients are silently discarded. Command History Introduced in version 6.2.0.1 firmware. Example The following example configures RADIUS servers at 1.1.1.1, 2.2.2.2, and 3.3.3.3 and CoA clients at 3.3.3.3, 4.4.4.4, and 5.5.5.5.
console(config-radius-da)# exit console(config)#dot1x system-auth-control console(config)#clear authentication sessions ignore Use this command to set the switch to ignore certain authentication/session identification parameters from RADIUS CoA clients. Use the no form of the command to restore checking of the specific authentication parameters as configured by the auth-type command.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-radius-da)# ignore session-key port Use this command to set the port on which to listen for CoA and disconnect requests from authorized RADIUS CoA clients. Syntax port port–number no port • port-number—An integer in the range of 1025–65535 Default Configuration The default is port 3799. Command Modes Dynamic RADIUS Configuration User Guidelines Only one port may be defined and it is used by all RADIUS CoA clients.
server-key Use this command to configure a global shared secret that is used for all dynamic RADIUS clients that do not have an individual shared secret configured. Use the no form of the command to remove the global shared secret configuration. Syntax server-key [0 | 7] key-string no server-key • 0—An unencrypted key is to be entered. • 7—An encrypted key is to be entered. • key-string—The key string in encrypted or unencrypted form. In encrypted form, it must be 256 characters in length.
global shared secret and a third server 3.3.3.3 using a server specific shared secret. CoA disconnect requests are accepted from these servers. Any authentication type is allowed for CoA disconnect requests.
• all—All interfaces (Ethernet). Default Configuration By default, newly configured users are authorized to authenticate on all interfaces. Use the no dot1x user username all command to remove the user from all ports and then use the dot1x user username to add the user to specific ports. Command Mode Global Configuration mode User Guidelines Use this command to restrict authentication to a subset of interfaces. The list is maintained per interface.
• statistics—Display message tx/rx counts • interface-id—An interface (Ethernet) identifier. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Use this command with no parameters to display the global 802.1X configuration. Use the statistics parameter to display statistics information for a port.
Field Description Supplicant Timeout The timer used by the authenticator state machine on this port to timeout the supplicant. The value is expressed in seconds and will be in the range of 1 and 65535. Server Timeout The timer used by the authenticator on this port to timeout the authentication server. The value is expressed in seconds and will be in the range of 1 and 65535.
The following shows example CLI display output for the statistics. console #show dot1x statistics gi1/0/1 Port........................................... EAPOL Frames Received.......................... EAPOL Frames Transmitted....................... EAPOL Start Frames Transmitted................. EAPOL Logoff Frames Received................... EAP Resp/Id frames transmitted................. EAP Response frames transmitted................ EAP Req/Id frames transmitted..................
User Guidelines The following table explains the output parameters. Parameter Description Time Stamp Exact time at which the event occurs. Interface Ethernet interface on which the event occurs. MAC-Address Supplicant/Client MAC Address VLAN assigned VLAN assigned to the client/port on authentication. VLAN assigned Reason Type of VLAN ID assigned i.e Guest VLAN, Unauth, Auth Status Authentication Status Reason Actual reason behind the successful or failure authentication.
console#show authentication authentication-history gi1/0/1 Time Stamp Interface MAC-Address VLANID Auth Status --------------------- --------- ----------------- ------ ---------Mar 22 2010 01:16:31 Gi1/0/1 00:01:02:03:04:05 111 Authorized Mar 22 2010 01:18:22 Gi1/0/1 00:00:00:03:04:05 0 Unauthorized console#show authentication authentication-history gi1/0/1 failed-auth-only Time Stamp Interface MAC-Address VLANID Auth Status --------------------- --------- ----------------- ------ ---------Mar 22 2010 01:18
Field Description Username The username associated with the client. VLAN Assigned Reason This can take one of the following values: • Default VLAN—The client has been authenticated on the port default VLAN and the authentication server is not RADIUS. • RADIUS—RADIUS is used for authenticating the client. • Voice VLAN—The client is identified as a Voice device. • Critical VLAN—The client has been authenticated on the Critical VLAN.
Field Description Filter ID Identifies the Filter ID returned by the RADIUS server when the client was authenticated. This is a configured DiffServ policy name on the switch. DACL Identifies the Downloadable ACL returned by the RADIUS server when the client was authenticated. Acct Session ID The Accounting Session ID associated with the client session. Command History Command syntax show dot1x clients deprecated in favor of show authentication clients in version 6.6 firmware.
show dot1x interface This command shows the status and configuration of an IEEE 802.1x configured interface. Syntax show dot1x interface interface-id Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The command accepts Ethernet interface identifiers. The following describes the fields in the output.
Administrative Mode............... Disabled Dynamic VLAN Creation Mode........ Disabled Monitor Mode...................... Disabled Port Admin Mode ------- -----------------Gi1/0/10 auto Oper Mode -----------N/A Reauth Control -------FALSE Quiet Period................................... Transmit Period................................ Maximum Request-Identities..................... Maximum Requests............................... Max Users...................................... VLAN Assigned...............
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following table describes the significant fields shown in the display. Field Description Port The interface for which counters are displayed. EAPOL Frames Received The number of valid EAPOL frames of any type that have been received by this Authenticator. EAPOL Frames Transmitted The number of EAPOL frames of any type that have been transmitted by this Authenticator.
Field Description Last EAPOL Frame Source The source MAC address carried in the most recently received EAPOL frame. Example The following example displays 802.1x statistics for the specified interface. console#show dot1x interface gigabitethernet 1/0/2 statistics Port......................................... Gi1/0/2 EAPOL Frames Received.......................... 0 EAPOL Frames Transmitted....................... 0 EAPOL Start Frames Received.................... 0 EAPOL Logoff Frames Received............
User Guidelines This command clears all 802.1x and authentication manager history on the switch. Command History The clear dot1x authentication–history syntax was deprecated in favor of the clear authentication authentication-history in version 6.6 firmware. Example This examples clears all entries from the authentication log. console#clear authentication authentication-history 802.
User Guidelines If configured, the guest VLAN is the VLAN to which 802.1X unaware clients are assigned. Configure the guest VLAN before using this command. By default, the switch retries authentication one time before assigning a supplicant to the guest VLAN. Command History Syntax updated in version 6.6 firmware. Example The following example sets the guest VLAN on Gigabit Ethernet 1/0/2 to VLAN 10.
User Guidelines It is recommended that the user set the authentication timeout guest-vlanperiod to at least three times the dot1x timeout tx-period timer so that at least three EAP Requests are sent, before assuming that the client is an 802.1X unaware client. An 802.1X unaware client is one that does not respond to EAP-Request/Identity frames and does not send EAPOL-Start or EAPResponse/Identity frames. Example The following example sets the 802.1X timeout guest vlan period to 100 seconds.
User Guidelines The unauthenticated VLAN is the VLAN to which supplicants that fail 802.1x authentication are assigned. By default, the switch will retry authentication one time before assigning a user to the unauthenticated VLAN. Configure the unauthenticated VLAN before using this command. Command History Syntax updated in version 6.6 firmware. Example The following example sets the unauthenticated VLAN on Gi1/0/21/0/2 to VLAN 20.
User Guidelines The output of this command has been updated in release 2.1 to remove the Multiple Hosts column and add an Unauthenticated VLAN column, which indicates whether an unauthenticated VLAN is configured on a port. The command has also been updated to show the Guest VLAN ID (instead of the status) since it is now configurable per port. Example The following example displays 802.1x advanced features for the switch.
Captive Portal Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The Captive Portal feature is a software implementation that blocks both wired and wireless clients from accessing the network until user verification has been established. Verification can be configured to allow access for both guest and authenticated users. Authenticated users must be validated against a database of authorized Captive Portal users before access is granted.
Command Mode Captive Portal Configuration mode. User Guidelines If the user does not enter their credentials within the configured timeout, the user must initiate authentication again by sending another HTTP/HTTPS request. Example console(config-cp)#authentication timeout 600 console(config-cp)#no authentication timeout captive-portal Use the captive-portal command to enter the captive portal configuration mode.
Syntax enable no enable Default Configuration Captive Portal is disabled by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-cp)#enable http port Use the http port command to configure an additional HTTP port for captive portal to listen for connections. Use the “no” form of this command to remove the additional HTTP port from monitoring.
User Guidelines The port number should not be set to a value that might conflict with other wellknown protocol port numbers used on this switch. Do not configure HTTP captive portal on an interface for which front panel switch management is enabled using the default HTTP port number. Example console(config-cp)#http port 32768 console(config-cp)#no http port https port Use the https port command to configure an additional HTTPS port for captive portal to monitor.
console(config-cp)#no https port show captive-portal Use the show captive-portal command to display the status of the captive portal feature. Syntax show captive-portal Default Configuration There is no default configuration for this command Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal Administrative Mode....................... Operational Status............
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal status Additional HTTP Port........................... Additional HTTP Secure Port.................... Authentication Timeout......................... Supported Captive Portals...................... Configured Captive Portals..................... Active Captive Portals......................... Local Supported Users...
Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-cp 2)#block configuration Use the configuration command to enter the captive portal instance mode. The captive portal configuration identified by CP ID 1 is the default CP configuration. The system supports a total of ten CP configurations. Use the “no” form of this command to delete a configuration. The default configuration (1) cannot be deleted.
enable Use the enable command to enable a captive portal configuration. Use the no form of this command to disable a configuration. Syntax enable no enable Default Configuration Configurations are enabled by default Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-cp 2)#no enable group Use the group command to configure the group number for a captive portal configuration.
Default Configuration The default group number is 1. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-cp 2)#group 2 interface Use the interface command to associate an interface with a captive portal configuration. Use the no form of this command to remove an association. Syntax interface interface no interface interface • interface — An interface or range of interfaces.
locale The locale command is not intended to be a user command. The administrator must use the Web UI to create and customize captive portal web content. This command is primarily used by the show running-config command and process as it provides the ability to save and restore configurations using a text based format. Syntax locale web-id • web-id — The locale number (Range: 1–3) Default Configuration Locale 1 is configured by default. Command Mode Captive Portal Instance mode.
Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-cp 2)#name cp2 protocol Use the protocol command to configure the protocol mode for a captive portal configuration. Syntax protocol {http | https} Default Configuration The default protocol mode is http. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command.
no redirect Default Configuration Redirect mode is disabled by default. Command Mode Captive Portal Instance mode. User Guidelines Enabling redirect mode will configure the redirect-url with an empty URL. Use the redirect-url command to configure the URL to be sent to the HTTP response. Example console(config-cp 2)#redirect redirect-url Use the redirect-url command to configure the redirect URL for a captive portal configuration.
User Guidelines The administrator must enable redirect mode before executing this command. It is not necessary to enter the http/https header information. Only enter the host name and other information that might be required to perform the redirect. HTTP to HTTPS redirection and HTTPS to HTTP redirection are not supported. Example console(config-cp 2)#redirect-url www.dell.com session-timeout Use the session-timeout command to configure the session timeout for a captive portal configuration.
Example console(config-cp 2)#session-timeout 86400 console(config-cp 2)#no session-timeout verification Use the verification command to configure the verification mode for a captive portal configuration. Syntax verification { guest | local | radius } • guest — Allows access for unauthenticated users (users that do not have assigned user names and passwords). • local — Authenticates users against the local user database. • radius — Authenticates users against a remote RADIUS database.
Captive Portal Client Connection Commands captive-portal client deauthenticate Use the captive-portal client deauthenticate command to deauthenticate a specific captive portal client. Syntax captive-portal client deauthenticate macaddr • macaddr — Client MAC address. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal client status Client MAC Address Client IP Address Protocol ------------------ ----------------- -------0002.BC00.1290 10.254.96.47 https 0002.BC00.1291 10.254.96.48 https 0002.BC00.1292 10.254.96.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal configuration client status CP ID CP Name Client MAC Address Client IP Address ----- --------------- ------------------ ----------------1 cp1 0002.BC00.1290 10.254.96.47 0002.BC00.1291 10.254.96.48 2 cp2 0002.BC00.1292 10.254.96.49 3 cp3 0002.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal interface client status Client Client Intf Intf Description MAC Address IP Address ------ ----------------------------------- ----------------- --------------Gi1/0/1 Unit: 1 Slot: 0 Port: 1 Gigabit 0002.BC00.1290 10.254.96.47 0002.BC00.1291 10.
Syntax show captive-portal interface configuration [cp-id] status • cp-id — Captive Portal ID. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode. User Guidelines There are no user guidelines for this command. Example console#clear captive-portal users no user Use the no user command to delete a user from the local user database. If the user has an existing session, it is disconnected. Syntax no user user-id • user-id — User ID (Range: 1–128). Default Configuration There is no default configuration for this command.
show captive-portal user Use the show captive-portal user command to display all configured users or a specific user in the captive portal local user database. Syntax show captive-portal user [user-id] • user-id — User ID (Range: 1–128). Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
user group Use the user group command to associate a group with a captive portal user. Use the “no” form of this command to disassociate a group and user. A user must be associated with at least one group so the last group cannot be disassociated. Syntax user user-id group group-id • user-id — User ID (Range: 1–128). • group-id — Group ID (Range: 1–10). Default Configuration A user is associated with group 1 by default. Command Mode Captive Portal Configuration mode.
Default Configuration User-logout is disabled by default. Command Mode Captive-portal Instance mode User Guidelines There are no user guidelines for this command. Example In this example, all classes of entries in the mac address-table are displayed.
Example console(config-cp)#user 1 name johnsmith user password Use the user password command to create a local user or change the password for an existing user. Syntax user user-id password {password | encrypted enc-password} • user-id — User ID (Range: 1–128). • password — User password (Range: 8–64 characters). • enc-password — User password in encrypted form. Default Configuration There are no users configured by default. Command Mode Captive Portal Configuration mode.
no user user-id session-timeout • user-id — User ID (Range: 1–128). • timeout — Session timeout. 0 indicates use global configuration (Range: 0–86400 seconds). Default Configuration The global session timeout is used by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command.
User Guidelines There are no user guidelines for this command. Example console#show captive-portal configuration 1 CP ID..................................... 1 CP Name................................... cp1 Operational Status........................ Disabled Disable Reason............................ Administrator Disabled Blocked Status............................ Not Blocked Configured Locales........................ 1 Authenticated Users.......................
CP Name................................... cp1 Operational Block Interface Interface Description Status Status --------- ---------------------------------------- ------------ --------Gi1/0/1 Unit: 1 Slot: 0 Port: 1 Gigabit - Level Disabled Blocked console#show captive-portal configuration 1 interface gi1/0/1 CP ID..................................... 1 CP Name................................... cp1 Interface................................. Gi1/0/1 Interface Description.....................
en show captive-portal configuration status Use the show captive-portal configuration status command to display information about all configured captive portal configurations or about a specific captive portal configuration. Syntax show captive-portal configuration [ cp-id ] status • cp-id — Captive Portal ID. Default Configuration There is no default configuration for this command.
Captive Portal User Group Commands user group Use the user group command to create a user group. Use the no form of this command to delete a user group. The default user group (1) cannot be deleted. Syntax user group group-id no user group group-id group-id — Group ID (Range: 1–10). Default Configuration User group 1 is created by default and cannot be deleted. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command.
Default Configuration There is no default configuration for this command. Command Mode Captive Portal Configuration mode User Guidelines The new group-id must already exist. Example console(config-cp)#user group 2 console(config-cp)#user 1 group 2 console(config-cp)#user group 2 moveusers 3 user group name Use the user group name command to configure a group name. Syntax user group group-id name name • group-id — Group ID (Range: 1–10). • name — Group name (Range: 1–32 alphanumeric characters).
Denial of Service Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The Dell EMC Networking DoS capability supports a package of filters intended to provide network administrators the ability to reduce network exposure to common attack vectors. The following list shows the DoS attack detection Dell EMC Networking supports.
• – TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and – TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and – TCP Sequence Number = 0 or TCP Flags SYN and FIN set. TCP Offset: – • TCP SYN: – • TCP Flags FIN and URG and PSH set and TCP Sequence Number = 0. ICMP V6: – • TCP Flags SYN and FIN set. TCP FIN & URG & PSH: – • TCP Flag SYN set. TCP SYN & FIN: – • Checks for TCP header offset =1. Limiting the size of ICMPv6 Ping packets.
Default Configuration Denial of Service is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines a minimum TCP header size of 20. Packets entering with a smaller header size are dropped. console(config)#dos-control firstfrag 20 dos-control icmp Use the dos-control icmp command in Global Configuration mode to enable Maximum ICMP Packet Size Denial of Service protections.
User Guidelines This command has no user guidelines. Example The following example activates the Maximum ICMP Packet Denial of Service protection with a maximum packet size of 1023. console(config)#dos-control icmp 1023 dos-control l4port Use the dos-control l4port command in Global Configuration mode to enable L4 Port Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack.
dos-control sipdip Use the dos-control sipdip command in Global Configuration mode to enable Source IP Address = Destination IP Address (SIP=DIP) Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress with SIP=DIP, the packets is dropped if the mode is enabled. Syntax dos-control sipdip no dos-control sipdip Default Configuration Denial of Service is disabled.
Syntax dos-control tcpflag no dos-control tcpflag Default Configuration Denial of Service is disabled. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example The following example activates TCP Flag Denial of Service protections. console(config)#dos-control tcpflag dos-control tcpfrag Use the dos-control tcpfrag command in Global Configuration mode to enable TCP Fragment Denial of Service protection.
User Guidelines This command has no user guidelines. Example The following example activates TCP Fragment Denial of Service protection. console(config)#dos-control tcpfrag rate-limit cpu Use the rate-limit cpu command to reduce the amount of unknown unicast/multicast packets forwarded to the CPU on CoS queues 0 and 1.
When the ARP or neighbor table is filled, the switch cannot accommodate new entries. In this case, there is no value in receiving the unresolved IPv4/IPv6 packets. Likewise, in cases of a L2 network re-convergence, a large number of neighbors may not be discovered but may be transmitting traffic. In the case of multicast data, certain multicast topologies using multi-access VLANs may result in packets being forwarded to the CPU with no associated PIM or MFDB state.
1137 bcmCNTR.0 0.19% 0.28% 0.30% 1142 bcmRX 18.00% 12.04% 11.10% 1155 bcmLINK.0 0.39% 0.37% 0.36% 1156 cpuUtilMonitorTask 0.09% 0.04% 0.04% 1170 nim_t 0.09% 0.07% 0.07% 1222 snoopTask 0.09% 0.02% 0.02% 1243 ipMapForwardingTask 27.30% 24.19% 29.06% 1257 tRtrDiscProcessingT 0.09% 0.01% 0.00% 1291 RMONTask 0.00% 0.02% 0.03% 1293 boxs Req 0.00% 0.01% 0.01% ------------------------------ -------- -------- -------Total CPU Utilization 55.91% 45.40% 48.
ICMP Mode.................................Disable Max ICMP Pkt Size.........................512 show system internal pktmgr Use the show system internal pktmgr command to display the configured CPU rate limit for unknown packets in packets per second. Syntax show system internal pktmgr internal control sw-rate-limit Default Configuration This command has no default configuration.
• rate — The configured rate in packets per second. (Range: 0-14880000) • action shutdown—Places the interface in the D-disable state if the threshold is exceeded. • action trap—Logs a message and issue a trap if the threshold is exceeded. Default Configuration By default, broadcast storm control is disabled on all Ethernet interfaces. The default threshold for broadcast traffic is 5% of link bandwidth. The default behavior is to rate limit (drop) traffic exceeding the configured threshold.
Example The following example configures any port to drop excess broadcast traffic and issue a log and trap if the received broadcast traffic exceeds 10% of link bandwidth: console(config)#interface range gi1/0/1-24 console(config-if)#storm-control broadcast level 10 console(config-if)#storm-control broadcast action trap console(config-if)#exit storm-control multicast Use the storm-control multicast command in Interface Configuration mode to enable multicast storm storm control for an interface.
User Guidelines Multicast storm control applies to unknown multicast (i.e., multicast groups that are not control plane traffic and are not currently active on any interface). This is multicast traffic that normally is flooded in the VLAN. Multicast storm control can issue a trap and drop traffic in excess of the configured rate (level), or shut down the ingress port if the rate is exceeded. Multicast storm control can only be enabled on Ethernet interfaces. It cannot be configured on port channels.
Syntax storm-control unicast [level level |rate rate|action{shutdown|trap}] no storm-control unicast [level | rate] • level— The configured rate as a percentage of link bandwidth (Range: 0100) • rate—The configured rate in packets per second. (Range: 0-14880000) • action—The configured action: shutdown or trap. Default Configuration By default, unicast storm control is not enabled on any interfaces. The default threshold for unicast traffic is 5% of link bandwidth.
Example The following example configures any port to rate limit DLF traffic rate to 5% of link bandwidth: console(config)#interface range gi1/0/1-24 console(config-if)#storm-control unicast level 5 console(config-if)#exit Security Commands 1154
Management ACL Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches In order to ensure the security of the switch management features, the administrator may elect to configure a management access control list. The Management Access Control and Administration List (ACAL) component is used to ensure that only known and trusted devices are allowed to remotely manage the switch via TCP/IP.
deny (management) Use the deny command in Management Access-List Configuration mode to set conditions for disallowing packets to flow to the switch management function. Syntax deny vlan vlan-id | [service service] [priority priority] deny ip-source ip-address [mask mask | prefix-length] [ vlan vlan-id ][service service] [priority priority] • vlan vlan-id — A valid VLAN identifier. • ip-address — Source IP address. • mask mask — Specifies the network mask of the source IP address.
console(config)# management access-list mlist console(config-macal)# deny management access-class Use the management access-class command in Global Configuration mode to restrict switch management connections. To disable any restrictions, use the no form of this command. Syntax management access-class {console-only | name} no management access-class • name — A valid access-list name. (Range: 1–32 characters) • console-only — The switch can be managed only from the console.
console(config)# management access-class mlist management access-list Use the management access-list command in Global Configuration mode to define an access list for management, and enter the access-list configuration mode for editing the access list conditions. Once in access-list configuration mode, access conditions are configured with the deny and permit commands. To remove an access list, use the no form of this command.
Examples The following example shows how to permit access to switch management via VLAN interface 9. Be sure to restrict access to this VLAN to the fewest ports possible remembering that, by default, trunk mode ports are members of all VLANs.
User Guidelines A rule with the specified priority-value must exist in order to be removed. Command History Command introduced in version 6.5 firmware. permit (management) Use the permit command in Management Access-List configuration mode to set conditions for allowing packets to flow to the switch management function.
Command Mode Management Access-list Configuration mode User Guidelines Rules with gigabitethernet, tengigabitethernet, fortygigabitethernet, vlan, and port-channel parameters are valid only if an IP address is defined on the appropriate interface. If the priority-value is not specified when inputing a rule, the system assigns the lowest numbered unused priority-value in the range 1–64. If a rule is input with an existing priority-value, the original rule is overwritten.
Syntax show management access-class Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the management access-list information.
User Guidelines This command has no user guidelines. Example The following example displays the active management access-list.
Password Management Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The Password Management component supports configuration of strength checks intended to ensure that network operators utilize passwords that are difficult to crack. In addition, the administrator can age passwords, ensure that operators do not reuse passwords, and lock out operator accounts when multiple attempts to enter incorrect passwords are detected.
logging in must enter the correct password within that count. Otherwise, that user is locked out form further remote switch access. Only an administrator with read/write access can reactivate that user. The user lockout feature is disabled by default. The user lockout feature applies to all users on all ports. The administrator can access the serial port even if he/she is locked out and reset the password or clear the config to regain control of the switch.
• Maximum number of consecutive numbers (such as 1234). • Maximum number of repetition of characters or numbers (such as 1111 or aaaa). • Minimum password length. Configuring a minimum or maximum limit of 0 (as applicable) means the restriction is disabled. If enabled, the password strength feature applies to all login passwords (user, line, and enable). NOTE: To change a password, use the passwords command, which is described in AAA Commands.
console(config)#passwords aging 100 passwords history As administrator, use the passwords history command in Global Configuration mode to set the number of previous passwords that are stored for each user account. When a local user changes his or her password, the user is not able to reuse any password stored in password history. This setting ensures that users do not reuse their passwords often. The default is 0. Use the no form of this command to set the password history to the default value of 0.
read/write access can reactivate a locked user account. Password lockout does not apply to logins from the serial console. Use the no form of this command to set the password lockout count to the default value. Syntax passwords lock-out 1-5 no passwords lock-out Default Configuration The default value is 0 or no lockout count is enforced. Command Mode Global Configuration mode. User Guidelines Password lockout only applies to users with authentication configured to local.
Default Configuration By default, the minimum password length is 8 characters. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures user bob with password xxxyymmmm and user level 15. (config)# username bob password xxxyyymmm privilege 15 passwords strength-check Use the passwords strength-check command in Global Configuration mode to enable the Password Strength feature.
passwords passwords passwords passwords passwords passwords strength strength strength strength strength strength minimum lowercase-letters minimum special-characters minimum numeric-characters max-limit consecutive-characters max-limit repeated-characters minimum character-classes Minimum strength validation validates a password containing a character in the corresponding character class.
Syntax passwords strength minimum uppercase-letters 0–16 no passwords strength minimum uppercase-letters Default Configuration The default value is 1. Command Mode Global Configuration User Guidelines This limit is not enforced unless the passwords strength minimum uppercase-letters command is configured with a value greater than 0. In other words, with a configuration of 0, a password consisting entirely of upper case letters will pass the minimum strength check criteria.
User Guidelines This limit is not enforced unless the passwords strength minimum lowercaseletters command is configured with a value greater than 0. In other words, a password consisting entirely of lower case letters will pass the minimum strength check criteria. Example console(config)#passwords strength minimum lowercase-letters 6 passwords strength minimum numericcharacters Use this command to enforce a minimum number of numeric numbers that a password should contain. The valid range is 0–16.
passwords strength minimum special-characters Use this command to enforce a minimum number of special characters that a password may contain. The valid range is 0–16. The default is 1. A setting of 0 means no restriction. Special characters are one of the following characters (`! $ % ^ & * ( ) _ - + = { [ } ] : ; @ ' ~ # | \ < , > . / ) Use the no form of this command to reset the minimum special characters to the default value.
Examples of consecutive characters are ABCDEF or 123456 or !”#$%&’(). Use the no form of this command to reset the maximum consecutive characters accepted to the default value. Syntax passwords strength max-limit consecutive–characters 0–15 no passwords strength max-limit consecutive-characters Default Configuration The default value is 0. Command Mode Global Configuration User Guidelines This command has no user guidelines.
Default Configuration The default value is 0. Command Mode Global Configuration User Guidelines This command has no user guidelines. Example console(config)# passwords strength max-limit repeated-characters 3 passwords strength minimum character-classes Use this command to enforce a minimum number of character classes that a password must contain. Character classes are uppercase letters, lowercase letters, numeric characters and special characters. The valid range is 0-4. The default is 0.
User Guidelines This command is used to enable password character class checking using the parameters set by the following commands: • passwords strength minimum uppercase-letters • passwords strength minimum lowercase-letters • passwords strength minimum special-characters • passwords strength minimum numeric-characters A value greater than 0 specifies the minimum number of character class tests a password must contain.
no passwords strength exclude–keyword [string] Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines This command has no user guidelines. Example console(config)#passwords strength exclude-keyword dell enable password encrypted This command is used by an Administrator to transfer the enable password between devices without having to know the password.
Syntax show passwords configuration Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed by this command. Parameter Description Minimum Password Length Minimum number of characters required when changing passwords. Password History Number of passwords to store for reuse prevention. Password Aging Length in days that a password is valid.
Parameter Description Maximum Password Consecutive Characters Maximum number of consecutive characters required that the password should contain when configuring passwords. Maximum Password Repeated Characters Maximum number of repetition of characters that the password should contain when configuring passwords. Minimum Password Character Classes Minimum number of character classes (uppercase, lowercase, numeric and special) required when configuring passwords.
Syntax show passwords result Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the command output. console#show passwords result Last User whose password is set....................... dell Password strength check............................
SSH Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Management access to the switch is supported via telnet, SSH, or the serial console. The Dell EMC Networking supports secure shell (SSH) and secure sockets layer (SSL) to help ensure the security of network transactions. Keys and certificates can be generated externally (that is, offline) and downloaded to the target or generated directly by the Dell EMC Networking switch.
the private key is never displayed to the user. DSA keys, along with other switch credentials, are distributed to all units in a stack on a configuration save. Use the crypto key zeroize dsa command to remove the DSA key pair from the system. Private keys should never be shared with unauthorized users. This command generates the following private/public key pair in the ssh_host_dsa_key and ssh_host_dsa_key.pub files. Both the RSA and DSA keys must be generated to enable the SSH server.
in the switch configuration; they are saved in the file system and the private key is never displayed to the user. RSA keys, along with other switch credentials, are distributed to all units in a stack on a configuration save. Use the crypto key zeroize rsa command to remove RSA key pair from the system. Private keys should never be shared with unauthorized users. This command generates the private public key pairs in the following files: ssh_host_rsa_key and ssh_host_rsa_key.
Example The following example configures a public key for administrator bob, enables the SSH server, and enables public key authentication over SSH.
crypto key zeroize {rsa|dsa} Use the crypto key zeroize {rsa|dsa} command in Global Configuration mode to delete the RSA or DSA public and private keys from the switch. Syntax crypto key zeroize {rsa|dsa} Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode. User Guidelines The crypto key zeroize rsa command removes the following files: ssh_host_key ssh_host_rsa_key ssh_host_key.pub ssh_host_rsa_key.
ip scp server enable Use the ip scp server enable command to enable SCP server functionality for SCP push operations on the switch, which allows files to be transferred from the host device to the switch using the SCP protocol. To allow the SCP file transfers from the host system to the switch, the SCP server must be enabled on the switch. Use the no form of the command to disable SCP server functionality.
scp switch-config.txt user@10.27.6.122:startup-config scp icos-3.2.2.45.stk user@10.27.6.122:active scp icos-3.2.2.49.stk user@10.27.6.122:backup ip ssh port Use the ip ssh port command in Global Configuration mode to specify the TCP port to be used by the SSH server. To use the default port, use the no form of this command. Syntax ip ssh port port-number no ip ssh port • port-number — Port number for use by the SSH server. (Range: 1025– 65535) Default Configuration The default value is 22.
ip ssh pubkey-auth Use the ip ssh pubkey-auth command in Global Configuration mode to enable public key authentication for incoming SSH sessions. To disable this function, use the no form of this command. Syntax ip ssh pubkey-auth no ip ssh pubkey-auth Default Configuration The function is disabled. Command Mode Global Configuration mode User Guidelines Public key authentication allows administrators with an SSH client access to the switch without requiring a password.
Default Configuration The SSH server is disabled by default. Command Mode Global Configuration mode User Guidelines To generate SSH server keys, use the commands crypto key generate rsa and crypto key generate dsa commands. These keys are required to allow the SSH server to operate. Dell EMC Networking N-Series switches support the SSH service over IPv4 or IPv6. SSH is configured to require a password on accounts that attempt to log into the switch.
• key-string — The UU-encoded DER format is the same format as the authorized keys file used by OpenSSH. Default Configuration By default, the key-string is empty. Command Mode SSH Public Key Configuration mode User Guidelines The key string is the public key of the specified type (RSA or DSA) generated by the administrator. The administrator will need access to both the public and private key on the host to log in without authenticating via password. DSA is considered less secure than RSA.
ssh Use the ssh command to establish an outboard connection to a remote SSH server from the switch console. Syntax ssh [-l login-name] [-p port] {ip-address | hostname } • ip-address — An IP address in numeric format. Both IPv4 and IPv6 addresses are supported. • hostname — A hostname that can be resolved by the configured DNS. • login-name — The user identity configured on the target host. • port — The TCP port number configured on the target host for receiving SSH connections.
Syntax ssh session-limit • limit — The number of outbound SSH sessions supported. The range is 0 to 5. Default Configuration The default limit is 5 sessions. Command Mode Global Configuration mode User Guidelines Setting the limit to 0 disables establishment of new outbound SSH connections. Existing connections are not affected. Example This command disables new outbound SSH sessions. console(config)#ssh session-limit 0 Command History Command introduced in firmware release 6.6.2.
Command Mode Global Configuration mode User Guidelines This command terminates a session that is idle for the configured number of minutes. Idle means no keystrokes have been sent. Configuring the idleperiod to 0 disables idle session termination and is not recommended. Example This command configures the idle period to two minutes. console(config)#ssh time-out 2 Command History Command introduced in firmware release 6.6.2.
Example The following example displays the SSH public keys on the switch.
Example The following example displays all SSH public keys stored on the switch. console#show crypto key pubkey-chain ssh Username Fingerprint -------- ------------------------------------------------bob 9A:CC:01:C5:78:39:27:86:79:CC:23:C5:98:59:F1:86 john 98:F7:6E:28:F2:79:87:C8:18:F8:88:CC:F8:89:87:C8 The following example displays the SSH public called “dana.
DSA key was generated. SSH Public Key Authentication is enabled. Active incoming sessions: IP Address User Name Idle Time ------------- -------------------- -------------10.240.1.122 John 00:00:00 SessionTime -------------00:00:08 show ssh Use the show ssh command to display the outbound SSH configuration and session count. Syntax show ssh Default Configuration This command has no default configuration.
5 Data Center Technology Commands Dell EMC Networking N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches The data center technology commands allow network operators to deploy centralized controllers capable of controlling network flows on an individualized basis.
OpenFlow Commands Dell EMC Networking N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches The OpenFlow feature configures the switch to be managed by a centralized OpenFlow Controller using the OpenFlow protocol. Openflow is not supported in a stacking environment. The OpenFlow agent has been validated with the Helium release of OpenDaylight (ODL). controller Use the controller command to configure a connection to an OpenFlow controller.
User Guidelines If connection to the controller over an interface other than the OOB interface is desired, use the OpenFlow mode command prior to issuing this command. Issuing the mode command after a connection has been established drops the connection. The connections are then re-attempted over the new interface as specified by the mode command. If the OOB interface is used to connect to the OpenFlow controllers, the controllers should be on the same subnet as the OOB interface.
hardware profile openflow Use the hardware profile openflow command to select the forwarding mode for the OpenFlow hybrid capability. Use the no form of the command to select the default forwarding capability. Syntax hardware profile openflow { full-match | layer2-match } no hardware profile openflow • full-match—Perform full matching when configured in OpenFlow 1.0 mode. • layer2-match—Perform L2 matching when configured in OpenFlow 1.0 mode.
Example The following example configures OpenFlow 1.0 full matching, configures a connection to the controller at IPv4 address 1.2.3.4 TCP port 3435 using SSL security, and enables OpenFlow 1.0 on the switch. console(config)#hardware profile openflow full-match console(config)#openflow WARNING! OpenFlow does not operate on stack members. Enable OpenFlow on stand-alone switches only. console(config-of-switch)#controller ipv4 1.2.3.4 port 3435 security ssl console(config-of-switch)#protocol-version 1.
Only IPv4 addresses are supported for OpenFlow controllers. OpenFlow operates on the stack master only. Flows may not be configured on stack members. Failover to the stack standby unit is not supported. OpenFlow should only be enabled on stand-alone switches and should not be enabled on stacks of switches. This restriction is not enforced. Command History Introduced in version 6.3.0.1 firmware. Example This example configures an interface using VLAN 10 with IPv4 address 1.2.3.
no mode • auto—Automatically select the switch IP address • static—Use the configured static IP address • oob—Use the OOB interface IP address Default Configuration By default, the switch selects an IP address automatically (auto mode). Command Mode OpenFlow Configuration User Guidelines This command configures the switch to select an IP address from a particular type of interface. The selected IP address is used as the local end-point of the IP connections to the OpenFlow controllers.
If the switch is configured in static mode, OpenFlow will remain operationally disabled until a static IPv4 address is configured, the IPv4 address matches exactly an IPv4 address on a VLAN interface, and the VLAN interface is operationally enabled. If the OOB interface is manually selected as the OpenFlow IP address then the Open Flow feature becomes enabled immediately, even if there is no IP address assigned to the service port.
openflow Use the openflow command to enable OpenFlow on the switch (if disabled) and enter into OpenFlow configuration mode. Use the exit command to return to Global Configuration mode. Syntax openflow no openflow Default Configuration The OpenFlow capability is disabled by default. No controllers are configured by default. OpenFlow 1.3 mode is selected by default when OpenFlow is enabled. The OpenFlow protocol operates over the OOB interface by default.
Example This example enables OpenFlow 1.3 on a switch and configures a connection the controller at IPv4 address 1.2.3.4 TCP port 3435 using SSL security. console(config)#openflow WARNING! OpenFlow does not operate on stack members. Enable OpenFlow on stand-alone switches only. console(config-of-switch)#controller ipv4 1.2.3.4 port 3435 security ssl passive Use the passive command to set the switch to accept connections initiated by a controller.
OpenFlow operates on the stack master only. Flows may not be configured on stack members. Failover to the stack standby unit is not supported. OpenFlow should only be enabled on stand-alone switches and should not be enabled on stacks of switches. This restriction is not enforced. Command History Introduced in version 6.3.0.1 firmware. Example This example configures a connection to the controller at IPv4 address 1.2.3.
Command Mode OpenFlow Configuration User Guidelines If the administrator changes the OpenFlow variant while the OpenFlow feature is enabled, the switch automatically disables and re-enables the OpenFlow feature causing all flows to be deleted and connections to the controllers to be dropped. OpenFlow operates on the stack master only. Flows may not be configured on stack members. Failover to the stack standby unit is not supported.
• switch controllers—Show information about configured controllers • switch flows—Show information regarding flows • switch groups—Show information regarding OpenFlow groups • switch tables—Show information regarding the switch tables Default Configuration When invoked with no parameters, the show openflow command shows summary information regarding OpenFlow. Command Mode Privileged Exec and Global Configuration User Guidelines OpenFlow operates on the stack master only.
Parameter Description OpenFlow Variant OpenFlow Protocol Variant. The OpenFlow protocol can be “OpenFlow 1.0” or “OpenFlow 1.3”. Default Table The Hardware Table used as the target for flows installed by an OpenFlow 1.0 controller which is not enhanced to handle multiple hardware tables. Passive Mode The OpenFlow passive mode set by the ‘passive’ command. When the switch tables parameter is given, the following information is displayed: Parameter Description Flow Table.
When the switch groups parameter is given, the following information is displayed: Parameter Description Group Type Type of Group: Indirect, All, Select, etc. Group Id Unique ID for the Group Reference Count This count indicates how many Select groups are referring to the current Indirect group. Reference Count is used only for Indirect groups. Duration The time since the group was created. Bucket Count Number of Buckets in the group.
Example This output shows an operationally disabled switch: console#show openflow Administrative Mode............................ Administrative Status.......................... Disable Reason................................. IP Address..................................... IP Mode........................................ Static IP Address.............................. Network MTU.................................... OpenFlow Variant............................... Default Table.................................
Flow Insertion Count.....................1 Flow Deletion Count......................0 Insertion Failure Count..................0 Flow Table Description: The forwarding database maps non-multicast MAC addresses and the ports on which these addresses are located. This example shows the output for OpenFlow 1.3 using the switch tables parameter: console#show openflow switch tables Flow Table..................................... 60 Flow Table Name................................ Openflow 1.3 Maximum Size......
Group Id 12345678 type “Indirect” ================================= Ref Count 1 : Duration 8 : Bucket Count 1 Bucket Entry List: -----------------Bucket Index 25 : Output Port 1 Src MAC 00:00:00:00:00:AB : Dst MAC 00:00:00:00:00:CD VLAN 101 : Reference Group Id NA Group Id 23456789 type “All” ============================ Ref Count NA : Duration 10 : Bucket Count Bucket Entry List: -----------------Bucket Index Src MAC VLAN 26 : Output Port NA : Dst MAC 102 : Reference Group Id 2 NA NA Bucket Index
console#show openflow switch flows Flow: 00000000 Flow Table: 60 Match Criteria: Ingress port: Gi1/0/1 VLAN ID: Src MAC: Dst MAC: IP Protocol: Action: Drop Duration (secs): 55 Packet Count: 12321 Type: “1DOT0” Priority: 1 Type: Untagged MAC Egress Port: VLAN PCP: Src IP: Dst IP: TOS: EtherType: 0x0800 Src IP Port: Dst IP Port: DSCP: Idle (secs): 45 HW Priority: 2131 In HW: Yes This example shows the output for OpenFlow 1.
Action: Duration (secs): 2 Packet Count: 9879 Idle (secs): 0 HW Priority: 786743 In HW: Yes Data Center Technology Commands 1216
Layer 3 Routing Commands 6 The sections that follow describe commands that conform to the OSI model’s Network Layer (Layer 3). Layer 3 Routing commands enable routing protocols to perform a series of exchanges over various data links to route data between any two nodes in a network. These commands define the addressing and routing structure of the Internet. The Dell EMC N1100-ON Series switches do not support routing.
ARP Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000EON/N3100-ON/N3200-ON Series Switches When a host has an IP packet to send on an Ethernet network, it must encapsulate the IP packet in an Ethernet frame. The Ethernet header requires a destination MAC address. If the destination IP address is on the same network as the sender, the sender uses the Address Resolution Protocol (ARP) to determine the MAC address associated with destination IP address.
ARP Aging Dynamic entries in the ARP cache are aged. When an entry for a neighbor router reaches its maximum age, the system sends an ARP request to the neighbor router to renew the entry. Entries for neighbor routers should remain in the ARP cache as long as the neighbor continues to respond to ARP requests. ARP cache entries for neighbor hosts are renewed more selectively.
• interface-id—An optional IP numbered or unnumbered (VLAN) interface identifier. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. Only IPv4 addresses are supported with the vrf parameter. The vrf parameter is only available on the N3000-ON/N3100-ON/N3200-ON switches.
arp cachesize Use the arp cachesize command in Global Configuration mode to configure the maximum number of entries in the ARP cache. To return the maximum number of ARP cache entries to the default value, use the no form of this command. Syntax arp cachesize integer no arp cachesize • integer — Maximum number of ARP entries in the cache. Use the show sdm prefer command to display the supported ARP cache size. Default Configuration The switch defaults to using the maximum allowed cache size.
Syntax arp dynamicrenew no arp dynamicrenew Default Configuration The default state is enabled. Command Mode Global Configuration mode User Guidelines When an ARP entry reaches its maximum age, the system must decide whether to retain or delete the entry. If the entry has recently been used to forward data packets, the system will renew the entry by sending an ARP request to the neighbor. If the neighbor responds, the age of the ARP cache entry is reset to 0 without removing the entry from the hardware.
arp purge Use the arp purge command to cause the specified IP address to be removed from the ARP cache. Only entries of type dynamic or gateway are affected by this command. The arp purge command optionally removes a static ARP entry in the selected VRF. Syntax arp purge [vrf vrf-name] ip-address [ interface interface-id] • vrf-name—The name of the VRF associated with the ARP entry which is to be removed. If no VRF is specified, the ARP entry is associated with the global ARP table is removed.
Example The following example removes the specified IP address from arp cache. console#arp purge 192.168.1.10 arp resptime Use the arp resptime command in Global Configuration mode to configure the ARP request response time-out. To return the response time-out to the default value, use the no form of this command. Syntax arp resptime integer no arp resptime • integer — IP ARP entry response time out. (Range: 1-10 seconds) Default Configuration The default value is 1 second.
Syntax arp retries integer no arp retries • integer — The maximum number of requests for retries. (Range: 0-10) Default Configuration The default value is 4 retries. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines 6 as the maximum number of retries. console(config)#arp retries 6 arp timeout Use the arp timeout command in Global Configuration mode to configure the ARP entry age-out time.
User Guidelines This command has no user guidelines. Example The following example defines 900 seconds as the timeout. console(config)#arp timeout 900 clear arp-cache Use the clear arp-cache command to remove all ARP entries of type dynamic from the ARP cache. Syntax clear arp-cache [vrf vrf-name] [gateway] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, counters for the default (global) router instance is cleared.
clear arp-cache management Use the clear arp-cache management command to clear all entries that show as management arp entries in the show arp command. Syntax clear arp-cache management Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example In the example below, out-of-band management entries are shown, for example, those from the out-of-band interface. console#show arp Age Time (seconds)...........
ip local-proxy-arp Use the ip local proxy-arp command in Interface Configuration mode to enable proxying of ARP requests. This allows the switch to respond to ARP requests within a subnet where routing is not enabled. Syntax ip local-proxy-arp no ip local-proxy-arp Default Configuration Proxy arp is disabled by default. Command Mode Interface (VLAN) Configuration User Guidelines This command has no user guidelines. Example This example enables proxying of ARP requests on VLAN 10.
Syntax ip proxy-arp no ip proxy-arp Default Configuration Enabled is the default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The ip proxy-arp command is not available in interface range mode. Example The following example enables proxy arp for VLAN 15. (config)#interface vlan 15 console(config-if-vlan15)#ip proxy-arp show arp Use the show arp command to display all entries in the Address Resolution Protocol (ARP) cache.
Command Mode User Exec and Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The show arp command will display static (user-configured) ARP entries regardless of whether they are reachable over an interface or not. The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. Example The following example shows show arp command output.
Bidirectional Forwarding Detection Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches Bidirectional Forwarding Detection (BFD) verifies bidirectional connectivity between forwarding engines, which can be a single hop or multiple hops away. The protocol works over any underlying transmission mechanism and protocol layer with a wide range of detection times, especially in scenarios where fast failure detection is required in data plane level for multiple concurrent sessions.
The BFD feature provides notification to BGP or OSPF when an interface is detected to not be in a forwarding state. No other routing protocols are supported. BFD is supported in the default VRF only. BFD should be configured on routed interfaces only. BFD should not be configured on mirrored ports or on interfaces enabled for IEEE 802.1x. BFD is supported across link aggregation groups, but does not detect individual LAG member link failure. BFD does not operate on the out-of-band interface.
Command Mode Interface (VLAN) Configuration and Interface (VLAN) range mode. User Guidelines BFD echo mode enables fast sending and turnaround of BFD echo packets. Use the bfd slow-timer command to adjust the sending of BFD control plane packets when BFD echo mode is enabled. Command History Introduced in version 6.2.0.1 firmware.
• detection-time-multiplier—Specifies the number of BFD control packets which, if missed consecutively, will cause a session to be declared down. Its range is 3 to 50 with a default value of 3. Default Configuration The default transmit-interval is 100ms. The default minimum-receive-interval is 100ms. The default detection-time-multiplier is 3. Command Mode Interface (VLAN) mode. User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.2.0.1 firmware.
Syntax bfd slow-timer receive-interval no bfd slow-timer • receive-interval—The slow transmission interval. Range 1000–30000 milliseconds. Default Configuration The default receive-interval is 2000 ms. Command Mode Global Configuration mode User Guidelines The argument receive-interval refers to the slow transmission interval for BFD Control packets. This timer is only used when the BFD echo function is enabled.
Default Configuration BFD is not enabled by default. Command Mode Interface (VLAN) Configuration mode User Guidelines BFD processing notifies OSPF of L3 connectivity issues with the peer. The interface must be a VLAN interface enabled for routing. BFD must also be enabled in OSPF router configuration mode in order to BFD processing to occur. Command History Introduced in version 6.3.0.1 firmware.
Default Configuration BFD is not enabled by default. Command Mode Interface (VLAN) Configuration mode User Guidelines BFD processing notifies OSPFv3 of level 3 connectivity issues with the peer. The interface must be a VLAN interfaced enabled for routing. BFD must also be enabled in OSPFv3 router configuration mode for BFD processing to occur. Command History Introduced in version 6.3.0.1 firmware.
• ipv6-address—The IPv6 address of a configured neighbor reachable over an IPv6 VLAN routing interface. • vlan-id—If specified, the VLAN on which the IPv6 address is configured. Default Configuration No BFD neighbors are configured by default. Command Mode Router BGP Configuration mode User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.2.0.1 firmware. Example console(config)# router bgp console(config-router)# neighbor 172.16.11.
Command Mode User mode, Privileged Exec mode, Global Configuration mode, all show modes User Guidelines The local address displayed in the output is the IP address of the interface through which the neighbor is connected. Update is displayed in the format dd hh:mm:ss where: • dd is days • hh is hours • mm is minutes • ss is seconds The operational intervals are the intervals used as a result of negotiation with the BFD link partner. The following information is displayed.
Parameters Description Actual TX Echo interval The transmitting interval being used for echo packets. Minimum receive interval The minimum interval at which the system can receive BFD control packets. Detection interval multiplier The number of BFD control packets that must be missed in a row to declare a session down. My discriminator Unique Session Identifier for Local BFD Session. Your discriminator Unique Session Identifier for Remote BFD Session.
Rx Count....................................... 107 Drop Count.....................................
Border Gateway Protocol Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches This section describes the commands you use to view and configure Border Gateway Protocol (BGP), which is an exterior gateway routing protocol that you use to route traffic between autonomous systems. The BGP CLI commands are available in the N3000-ON/N3100-ON/N3200-ON Series switches. CAUTION: The commands in this section are in one of three functional groups.
Command Mode Global Configuration mode User Guidelines The no router bgp command disables BGP and all BGP configurations revert to default values. Alternatively, the administrator can use the no enable command in BGP router configuration mode to disable BGP globally without clearing the BGP configuration. ASNs 0, 56320–64511, and 65535 are reserved and cannot be used. Command History Introduced in version 6.2.0.1 firmware. Command updated in version 6.6 firmware.
Command Mode Peer Template Configuration mode User Guidelines This command enters address family configuration mode within the peer template. Policy commands configured within this mode apply to the address family.
console(config-router)# neighbor 172.20.1.2 remote-as 65001 console(config-router)# neighbor 172.20.2.
User Guidelines Commands entered in this mode enable peering with BGP neighbors in this VRF instance. All the neighbor specific commands are given in this mode as well. VRF configuration is disabled by default. Command History Introduced in version 6.3.0.1 firmware. Example console(config-router)# address-family ipv4 vrf Red address-family ipv6 Use the address-family ipv6 command to enter IPv6 family configuration mode to specify IPv6 configuration parameters.
ASNs 0, 56320–64511, and 65535 are reserved cannot be used. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)# address-family ipv6 address-family vpnv4 unicast Use the address-family vpnv4 unicast command to configure a BGP routing session to advertise VPN IPv4 prefixes. Use the no form of this command to delete the VPN IPv4 configuration.
• neighbor ip-address activate • neighbor ip-address send-community extended Command History Introduced in version 6.3.0.1 firmware. Example The following example shows how to enter the VPN-IPv4 address family mode and to distribute VPN4-IPv4 addresses to a neighbor with the extended community attribute: console(config)# router bgp 10 console(config-router)# neighbor 1.1.1.1 remote-as 5000 console(config-router)# address-family vpnv4 unicast console(config-router-af)# neighbor 1.1.1.
• prefix-length—The length of the IPv6 prefix given as part of the ipv6prefix. This is required if a prefix is specified. A decimal value in the range 0 to 128 that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address) in /length format. A slash must precede the decimal value in /length format. • as-set— If the as-set option is configured, the aggregate is advertised with a non-empty AS_PATH.
BGP accepts up to 128 summary addresses for each address family. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#aggregate-address 10.27.21.0 255.255.255.0 bgp aggregate-different-meds (BGP Router Configuration) Use the bgp aggregate-different-meds command to control the aggregation of routes with different multi-exit discriminator (MED) attributes. By default, BGP only aggregates routes that have the same MED value.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#bgp aggregate-different-meds bgp aggregate-different-meds (IPv6 Address Family Configuration) Use the bgp aggregate-different-meds command to allow IPv6 routes with different MEDs to be aggregated. Syntax bgp aggregate-different-meds no bgp aggregate-different-meds Default Configuration By default, all the routes aggregated by a given aggregate address must have the same MED value.
Example console(config-router-af)#bgp aggregate-different-meds bgp always-compare-med Use this command to compare MED values during the decision process in paths received from different autonomous systems. To revert to the default behavior, only comparing MED values from paths received from neighbors in the same AS, use the no form of this command.
Example console(config-router)#bgp always-compare-med bgp client-to-client reflection (BGP Router Configuration) Use the bgp client-to-client reflection command to enable client-to-client reflection. By default, a route reflector reflects routes received from its clients to its other clients. However, if a route reflector’s clients have a full iBGP mesh, the route reflector does not reflect to the clients.
In BGP Router Configuration mode, this command only affects advertisement of IPv4 routes. The same command is available in AddressFamily IPv6 Configuration mode for IPv6 routes. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#bgp client-to-client reflection bgp client-to-client reflection (IPv6 Address Family Configuration) Use the bgp client-to-client reflection command to enable client-to-client reflection.
effect is to fully mesh the clients within a cluster. When clients are fully meshed, there is no need for the cluster’s route reflectors to reflect client routes to other clients within the cluster. When client-to-client reflection is disabled, a route reflector continues to reflect routes from non-clients to clients and from clients to non-clients. The same command is available in BGP Router Configuration mode for IPv4 routes. Command History Introduced in version 6.2.0.1 firmware.
User Guidelines A route reflector and its clients form a cluster. Since a cluster with a single route reflector has a single point of failure, a cluster may be configured with multiple route reflectors. To avoid sending multiple copies of a route to a client, each route reflector in a cluster should be configured with the same cluster ID. Route reflectors with the same cluster ID must have the same set of clients; otherwise, some routes may not be reflected to some clients.
User Guidelines BGP assigns the default local preference to each path received from an external peer. (BGP retains the LOCAL_PREF on paths received from internal peers.) BGP also assigns the default local preference to locallyoriginated paths. If you change the default local preference, the local preference on paths previously received is not changed; it is only applied to paths received after the change.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)# bgp fast-external-fallover bgp fast-internal-fallover Use the bgp fast-internal-fallover command to configure BGP to immediately reset the adjacency with an internal peer when there is a loss of reachability to an internal peer. Syntax bgp fast-internal-fallover no bgp fast-internal-fallover Default Configuration By default, fast internal fallover is enabled.
bgp listen Use the bgp listen command to create an IPv4 listen range and associates it with the specified peer template. The bgp listen command also activates the IPv4 or IPv6 BGP dynamic neighbors feature. Use the no form of the command to remove an IPv4 or IPv6 listen range.
User Guidelines This command can be used to configure IPv4 BGP neighbors (BGP Router Configuration mode) as well as IPv6 BGP neighbors (IPv6 Address Family Configuration mode). Use the limit keyword and max-number argument to define the global maximum number of IPv4 BGP dynamic neighbors that can be created. BGP dynamic neighbors are configured using a range of IP addresses. Each range can be configured as a subnet IP address.
no bgp log-neighbor-changes Default Configuration Neighbor state changes are not logged by default. Command Mode BGP Router Configuration mode User Guidelines Both backward and forward adjacency state changes are logged. Forward state changes, except for transitions to the Established state, are logged at the Informational severity level. Backward state changes and forward changes to Established are logged at the Notice severity level Command History Introduced in version 6.2.0.1 firmware.
Command Mode BGP Router Configuration mode User Guidelines If BGP receives a path whose AS PATH attribute is longer than the configured limit, BGP sends a NOTIFICATION and resets the adjacency. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#bgp maxas-limit 1 bgp router-id Use the bgp router-id command to set the BGP router ID. Syntax bgp router-id router-id no bgp router-id • router-id—An IPv4 address in dotted quad notation.
BGP is enabled by default once the administrator has specified the local AS number with the router bgp command and configured a router ID with the bgp router-id command. BGP is not operable until a BGP router ID has been assigned. The BGP administrative state (as set by the enable command) has no operational effect until a router id is assigned to the BGP router. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#bgp router-id 10.27.21.
• listen range – Reset all adjacencies that are included in the listen subnet range. • soft—BGP resends all updates to the neighbors and reprocesses updates from the neighbors. • in | out—If the in keyword is given, updates from the neighbor are reprocessed. If the out keyword is given, updates are resent to the neighbor. If neither keyword is given, updates are reprocessed in both directions. Default Configuration There is no default configuration.
Syntax clear ip bgp [vrf vrf-name] counters • vrf-name—This optional parameter identifies the VRF for which to clear counters. If not given, the default VRF counters are cleared. Default Configuration There is no default configuration. Command Mode Privileged Exec mode User Guidelines There are no user guidelines. Command History Introduced in version 6.3.0.1 firmware.
Default Configuration By default BGP does not originate a default route. If a default route is redistributed into BGP, BGP does not advertise the default route unless the default-information originate command has been given. The always option is disabled by default. Command Mode BGP Router Configuration mode User Guidelines Origination of the default route is not subject to a prefix filter configured with the distribute-list out command. Command History Introduced in version 6.2.0.1 firmware.
Default Configuration By default BGP does not originate a default route. If a default route is redistributed into BGP, BGP does not advertise the default route unless the default-information originate command has been given. The always option is disabled by default. Command Mode IPv6 Address Family Configuration mode User Guidelines Origination of the default route is not subject to a prefix filter configured with the distribute-list out command. Command History Introduced in version 6.2.0.1 firmware.
Command Mode BGP Router Configuration mode User Guidelines There are no user guidelines. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#default-metric 1 default metric (IPv6 Address Family Configuration) This command sets the metric of redistributed IPv6 routes when a metric is not configured in the redistribute command. Syntax default-metric value no default-metric • value—The value to as the MED. The range is 1 to 4,294,967,295.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#default-metric 1 distance Use this command to set the preference (also known as administrative distance) of BGP routes to specific destinations. Syntax distance distance [ prefix wildcard-mask [prefix-list] ] no distance distance [ prefix wildcard-mask [prefix-list] ] • distance—The preference value for matching routes. The range is 1 to 255.
can be overlap between the prefix and mask configured for different commands. When there is overlap, the command whose prefix and wildcard mask are the longest match for a neighbor’s address is applied to routes from that neighbor. An ECMP route’s distance is determined by applying distance commands to the neighbor that provided the best path. The distance command is not applied to existing routes.
• external-distance—The preference value for routes learned from external peers. The range is 1 to 255. • internal-distance—The preference value for routes learned from internal peers. The range is 1 to 255. • local-distance—The preference value for locally-originated routes. The range is 1 to 255.
Syntax distance bgp external-distance internal-distance local-distance no distance bgp • external-distance—The preference value for routes learned from external peers. The range is 1 to 255. • internal-distance—The preference value for routes learned from internal peers. The range is 1 to 255. • local-distance—The preference value for locally-originated routes. The range is 1 to 255.
distribute-list prefix in Use this command to configure a filter that restricts the routes that BGP accepts from all neighbors based on destination prefix. Syntax distribute-list prefix list-name in no distribute-list prefix list-name in • list-name—A prefix list used to filter routes received from all peers based on destination prefix. Default Configuration No distribute lists are defined by default.
Syntax distribute-list prefix list-name out [ protocol | connected | static ] no distribute-list prefix list-name out [ protocol | connected | static ] • prefix list-name—A prefix list used to filter routes advertised to neighbors. • protocol|connected|static—(Optional) When a route source is specified, the distribute list applies to routes redistributed from that source. Only routes that pass the distribute list are redistributed. The protocol value may be either rip or ospf.
Syntax distribute-list prefix list-name out [ protocol | connected | static ] no distribute-list prefix list-name out [ protocol | connected | static ] • prefix list-name—A prefix list used to filter routes advertised to neighbors. • protocol|connected|static—(Optional) When a route source is specified, the distribute list applies to routes redistributed from that source. Only routes that pass the distribute list are redistributed. The protocol value may be either rip or ospf.
Syntax enable no enable Default Configuration By default, BGP is enabled once the administrator has specified the local AS number with the router bgp command and configured a router id with bgp router-id. Command Mode BGP Router Configuration mode User Guidelines When disabling BGP using no enable, BGP retains its configuration. The no router bgp command resets all BGP configuration to default values.
no ip as-path access-list as-path-list-number • as-path-list-number—A number from 1 to 500 uniquely identifying the list. All AS path access list commands with the same as-path-list-number are considered part of the same list. • permit—Permit routes whose AS Path attribute matches the regular expression. • deny—Deny routes whose AS Path attribute matches the regular expression.
Up to 128 AS path access lists can be configured, with up to 64 statements each. To enter the question mark within a regular expression, first enter CTRL-V to prevent the CLI from interpreting the question mark as a request for help. Special Character/Symbol Behavior asterisk * Matches zero or more sequences of the pattern. brackets [] Designates a range of single-character patterns. caret ^ Matches the beginning of the input string. dollar sign $ Matches the end of the input string.
console(config-router)# neighbor 172.20.1.1 remote-as 200 console(config-router)# neighbor 172.20.1.1 filter-list 1 in ip bgp-community new-format Use this command to display BGP standard communities in AA:NN format. To display BGP standard communities as 32-bit integers, use the no form of this command. Syntax ip bgp-community new-format no ip bgp-community new-format Default Configuration Standard communities are displayed in AA:NN format.
no ip bgp fast-external-fallover • permit—Enables fast external fallover on the interface, regardless of the global configuration of the feature. • deny—Disables fast external fallover on the interface, regardless of the global configuration of the feature. Default Configuration Fast external fallover is enabled globally by default. There is no default interface configuration.
• deny—Indicates that matching routes are denied. • community-number—From zero to sixteen community numbers formatted as a 32-bit integers or in AA:NN format, where AA is a 2-byte autonomous system number and NN is a 16 bit integer. The range is 1 to 4,294,967,295 (any 32-bit integer other than 0). Communities are separated by spaces. • no-advertise—The well-known standard community: NO_ADVERTISE (0xFFFFFF02), which indicates the community is not to be advertised.
If more than the maximum allowed communities are configured, the excess entries are ignored. Command History Introduced in version 6.2.0.1 firmware. Example console(config)# ip community-list standard test permit ip extcommunity-list Use the ip extcommunity-list command to create an extended community list to configure VRF route filtering. Use the no form of the command to configure VRF route filtering.
– 32-bit AS number: a 32-bit value (Ex: 65527:60110) Default Configuration No subnets are associated with a BGP listen subnet range, and the BGP dynamic neighbor feature is not activated. Command Mode Global Config mode User Guidelines This command is used to configure numbered extended community lists. Extended community attributes are used to filter routes for VRFs. All the standard rules of access lists apply to the configuration of extended community lists.
when a site is multi-homed. The SOO extended community attribute is configured using a route map in both outbound and inbound directions. The SOO should not be configured for stub sites or sites that are not multi-homed Command History Introduced in version 6.3.0.1 firmware. Command updated in version 6.6 firmware. Example The following example shows the creation of an extended community list that permits routes from route target 1:1 and site of origin 2:2 and denies routes from route target 3:3 and 4:4.
match extcommunity Use the match extcommunity command to match BGP extended community list attributes. Use the no form of this command to remove the match extcommunity from the configuration and BGP extended community list attribute entry. NOTE: This command is effective only if BGP is running on the router. Syntax match extcommunity standard-list no match extcommunity standard-list • standard-list—A standard list identifier that identifies one or more permit or deny groups of extended communities.
(R1)(config-route-map)# exit maximum-paths (BGP Router Configuration) Use this command to specify the maximum number of next hops BGP may include in an Equal Cost Multipath (ECMP) route derived from paths received from neighbors outside the local autonomous system. Syntax maximum-paths number-of-paths no maximum-paths • number-of-paths—The maximum number of next hops in a BGP route. The range is from 1 to 32 unless the platform or currently selected SDM template further restricts the range.
Example console(config-router)#maximum-paths 5 maximum-paths (IPv6 Address Family Configuration) Use this command to limit the number of ECMP next hops in IPv6 routes from external peers. Syntax maximum-paths number-of-paths no maximum-paths • number-of-paths—The maximum number of next hops in a BGP route. The range is from 1 to 32 unless the platform or SDM template further restricts the range. Default Configuration BGP advertises a single next hop by default.
Example console(config-router-af)#maximum-paths 5 maximum-paths ibgp (BGP Router Configuration) Use this command to specify the maximum number of next hops BGP may include in an Equal Cost Multipath (ECMP) route derived from paths received from neighbors within the local autonomous system. Syntax maximum-paths ibgp number-of-paths no maximum-paths ibgp • number-of-paths—The maximum number of next hops in a BGP router.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#maximum-paths ibgp 5 maximum-paths ibgp (IPv6 Address Family Configuration) Use this command to limit the number of ECMP next hops in IPv6 routes from internal peers. Syntax maximum-paths ibgp number-of-paths no maximum-paths ibgp • number-of-paths—The maximum number of next hops in a BGP router. The range is from 1 to 32 unless the platform or SDM template further restricts the range.
• N20xx 1-1 Configure the data-center version of the desired SDM template to increase the ECMP paths. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#maximum-paths ibgp 5 neighbor activate Use this command to enable the exchange of IPv6 routes with a neighbor. To disable the exchange of IPv6 addresses, use the no form of this command.
User Guidelines The neighbor address must be the same IP address used in the neighbor remote-as command to create the peer. When IPv6 is enabled or disabled for a neighbor, the adjacency is brought down and restarted to communicate to the change to the peer. Completely configure IPv6 policy for the peer before activating the peer. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware.
• seconds—The minimum time between route advertisement, in seconds. The range is 0 to 600 seconds. Default Configuration The default value is 30 seconds for external peers and 5 seconds for internal peers. Command Mode BGP Router Configuration mode User Guidelines RFC 4271 recommends the interval for internal peers be shorter than the interval for external peers to enable fast convergence within an autonomous system.
no neighbor { ipv6-address [interface interface-id]} advertisement-interval • interface-id—A routing interface identifier. • ipv6-address—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. • seconds—The minimum time between route advertisement, in seconds. The range is 0 to 600 seconds. Default Configuration The default value is 30 seconds for external peers and 5 seconds for internal peers.
neighbor allowas-in Use the neighbor allowas-in command to accept prefixes even if local ASN is part of the AS_PATH attribute. Use the no form of the command to disable acceptance of prefixes if the local ASN is part of the AS_PATH.
Command History Introduced in version 6.3.0.1 firmware. Example console(config)# router console(config-router)# console(config-router)# console(config-router)# console(config-router)# bgp 65000 neighbor 172.20.1.2 remote-as 65001 neighbor 172.20.1.2 allowas-in 1 neighbor 2001::2 remote-as 65003 neighbor 2001::2 allowas-in 3 neighbor connect-retry-interval Use this command in to configure the initial connection retry time for a specific neighbor.
IPv4 Address Family Configuration mode User Guidelines If a neighbor does not respond to an initial TCP connection attempt, the switch retries three times. The first retry is after the retry interval configured with neighbor connect-retry-interval. Each subsequent retry doubles the previous retry interval. So by default, the TCP connection is retried after 2, 4, and 8 seconds. If none of the retries is successful, the adjacency is reset to the IDLE state and the IDLE hold timer is started.
Default Configuration No default is originated by default. Command Mode BGP Router Configuration mode User Guidelines By default, a neighbor-specific default has no MED and the Origin is IGP. Attributes may be set using an optional route map. A neighbor-specific default is only advertised if the Adj-RIB-Out does not include a default learned by other means, either from the default-information originate (BGP Router Configuration) command or a default learned from a peer.
neighbor default-originate (IPv6 Address Family Configuration) To configure BGP to originate a default IPv6 route to a specific neighbor, use the neighbor default-originate command in IPv6 Address Family configuration mode. Syntax neighbor { ip-address | ipv6-address [interface interface-id]} defaultoriginate [route-map map-name] • interface-id—A routing interface identifier (VLAN interface). • ip-address—The neighbor’s IPv4 address. • ipv6-address —The neighbor’s IPv6 address.
Origination of the default route is not subject to a prefix filter configured with the command distribute-list prefix out (BGP Router Configuration). A route map may be configured to set attributes on the default route sent to the neighbor. If the route map includes a match ip-address term, that term is ignored. If the route map includes match community or match as-path terms, the default route is not advertised. If there is no route map with the route map name given, the default route is not advertised.
Default Configuration No description is configured by default. Command Mode BGP Router Configuration mode IPv4 Address Family Configuration mode User Guidelines The VLAN interface must also be specified if a link-local address is specified. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware.
• interface interface-id —The local VLAN routing interface over which the IPv6 neighbor can be reached or is auto-detected. Use the vlan keyword and a VLAN ID. Range 1-4093. • autodetect interface interface-id — The VLAN routing interface on which the neighbor’s link local IPv6 address is auto detected. Use the vlan keyword and a VLAN ID. Range 1-4093. • hop-count — The maximum hop-count allowed to reach the neighbor. The allowed range is 1–255. Default Configuration The default hop count is 64.
The IPv6 Link Local Address Auto Detect feature eliminates the need for the network administrator to configure the link local IPv6 address of every neighbor. Instead of specifying the link local IPv6 address, the network administrator can use a special keyword “autodetect” to refer to the link local IPv6 address of the neighbor.
Syntax neighbor { ip-address | ipv6-address [ interface interface-id ]} filter-list aspath-list-number {in | out} no neighbor { ip-address | ipv6-address [ interface interface-id ]} filter-list as-path-list-number {in | out} • interface-id—A routing interface identifier (VLAN interface). • ip-address—The neighbor’s IPv4 address. • ipv6-address —The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified.
Example console(config-router)#neighbor FE80::0202:B3FF:FE1E:8329 interface vlan 10 filter-list 1 in neighbor filter-list (IPv6 Address Family Configuration) This command filters BGP to apply an AS path access list to UPDATE messages received from or sent to a specific neighbor. Filtering for IPv6 is independent of filtering configured for IPv4. If an UPDATE message includes both IPv4 and IPv6 NLRI, it could be filtered for IPv4 but accepted for IPv6 or vice versa.
User Guidelines If you assign a neighbor filter list to a nonexistent AS path access list, all routes are filtered. The VLAN interface must also be specified if a link-local address is specified. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#neighbor FE80::0202:B3FF:FE1E:8329 interface vlan 10 filter-list 1 in neighbor inherit peer To configure a BGP peer to inherit peer configuration parameters from a peer template, use the neighbor inherit peer command.
Command Mode BGP Router Configuration mode, IPv4 Address Family Configuration mode User Guidelines Neighbor session and policy parameters can be configured once in a peer template and inherited by multiple neighbors, eliminating the need to configure the same parameters for each neighbor. Parameters are inherited from the peer template specified and from any templates it inherits from. A neighbor can inherit directly from only one peer template. Command History Introduced in version 6.2.0.1 firmware.
• ip-address — The neighbor’s IPv4 address. • ipv6-address [ interface interface-id] — The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. • autodetect interface interface-id — The VLAN routing interface on which the neighbor’s link local IPv6 address is auto detected. • local-as as-number — The AS number to advertise as the local AS in the AS PATH sent to the neighbor.
• The router replaces the global AS of the router with the configured local-as when advertising the routes to the peer on which this command is configured. • As well the local-as is not prepended to the routes received from the neighbor on which this command is configured. This command is allowed only on external BGP neighbors. A neighbor can inherit this configuration from a peer template. When the local-as is configured for a peer, the BGP peer adjacency gets reset.
• interface-id—If the neighbor’s IPv6 address is a link local address, the local VLAN routing interface must also be specified. • maximum—The maximum number of prefixes BGP will accept from this neighbor. Range 0-4294967295. Values greater than the free space in the route table are not enforced. • threshold—The percentage of the maximum number of prefixes BGP configured for this neighbor.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#neighbor FE80::0202:B3FF:FE1E:8329 interface vlan 10 maximum-prefix unlimited neighbor maximum-prefix (IPv6 Address Family Configuration) In IPv6 address family configuration mode, the neighbor maximum-prefix command specifies the maximum number of IPv6 prefixes that BGP will accept from a given neighbor.
• unlimited—Do not enforce any prefix limit. Use this option when inbound filtering will reduce the number received prefixes such that they will fit in the routing table. Exceeding the capacity of the routing table will cause the adjacency to be shut down unless the warning-only option is configured. • warning-only—(Optional) If BGP receives more than the maximum number of prefixes, BGP writes a log message rather than shutting down the adjacency.
neighbor next-hop-self (BGP Router Configuration) The neighbor next-hop-self command configures BGP to set the next hop attribute to a local IP address when advertising a route to an internal peer. Normally, BGP retains the next hop attribute received from the external peer. Syntax neighbor { ip-address | ipv6-address [ interface interface-id ]} next-hop-self no neighbor { ip-address | ipv6-address [ interface interface-id ]} next-hopself • ip-address – The neighbor’s IPv4 address.
Example console(config-router)#neighbor FE80::0202:B3FF:FE1E:8329 interface vlan 10 next-hop-self neighbor next-hop-self (IPv6 Address Family Configuration) In IPv6 address family configuration mode, the neighbor next-hop-self command configures BGP to use a local address as the IPv6 next hop when advertising IPv6 routes to a specific peer.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#neighbor FE80::0202:B3FF:FE1E:8329 interface vlan 10 next-hop-self neighbor password Use the neighbor password command to enable MD5 authentication of TCP segments sent to and received from a neighbor, and to configure an authentication key.
User Guidelines MD5 must either be enabled or disabled on both peers. The same password must be configured on both peers. After a TCP connection is established, if the password on one end is changed, then the password on the other end must be changed to match before the hold time expires. Using the default hold times, both passwords must be changed within 120 seconds to guarantee the connection is not dropped. The VLAN interface must also be specified if a link-local address is specified.
• out—Apply the prefix list to advertisements to be sent to this neighbor. Default Configuration No prefix list is configured. Command Mode BGP Router Configuration mode User Guidelines Only one prefix list may be defined for each neighbor in each direction. If a prefix list that does not exist is assigned, all prefixes are permitted. The VLAN interface must also be specified if a link-local address is specified. Command History Introduced in version 6.2.0.1 firmware.
• ipv6-address—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. This command is available in IPv6 address family mode. • interface vlan vlan-id—The local interface/VLAN ID over which the IPv6 neighbor can be reached. Range: 1-4093. • in—Apply the prefix list to advertisements received from this neighbor. • out—Apply the prefix list to advertisements to be sent to this neighbor.
no neighbor { ip-address | ipv6-address [interface vlan vlan-id] | autodetect interface interface-id } remote-as • ip-address—The neighbor’s IPv4 address. For external peers, this address must be an IPv4 address on the link that connects the two peers. For internal peers, the neighbor address can be any address, such as the IPv4 address of a loopback interface. • ipv6-address—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified.
Example console(config-router)#neighbor 10.130.14.55 remote-as 10 neighbor remove-private-as Use the neighbor remove-private-as command to remove private AS numbers when advertising IPv4 routes to an external peer. To stop removing private AS numbers, use the no form of this command.
range, it is treated as a private ASN when removing or replacing private ASNs. ASNs in the range 64496-64511 and 65536-65551 are for documentation purposes only and should never be used in a network. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#neighbor 10.130.14.55 remove-private-as neighbor rfc5549-support Use the neighbor rfc5549-support command to enable advertisement of IPv4 routes over IPv6 next hops selectively to an external BGP IPv6 peer.
When the Extended Next Hop Encoding capability is not received from a neighbor, Dell EMC Networking does not advertise the RFC 5549 routes to the neighbor. The Dell EMC Networking solution is interoperable with routers that do not support RFC 5549. Command History Introduced in version 6.3.0.1 firmware. Example The following example results in the connected IPv4 networks 1.1.1.0/24 and 2.2.2.0/24 advertised with next hop set to 2001::1 only to eBGP IPv6 peer 2001::2 and not to eBGP peer 2002::2.
no neighbor ip-address route-map map-name { in | out } • ip-address—The neighbor’s IP address. • route-map map-name—The name of the route map to be used to filter route updates on the specified interface. • in | out—Whether the route map is applied to incoming or outgoing routes. Default Configuration No route maps are applied by default. Command Mode A route map can be used to change the local preference, MED, or AS Path of a route.
Syntax neighbor { ip-address | ipv6-address [ interface vlan vlan-id ]} route-map map-name { in | out } no neighbor { ip-address | ipv6-address [ interface vlan vlan-id]} route-map map-name { in | out } • ip-address—The neighbor’s IP address. • ipv6-address—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. Valid in IPv6 address family mode.
Example console(config-router-af)#neighbor 10.130.14.55 route-map test in neighbor route-reflector-client (BGP Router Configuration) To configure an internal peer as an IPv4 route reflector client, use the neighbor route-reflector-client command. Syntax neighbor ip-address route-reflector-client no neighbor ip-address route-reflector-client • ip-address—The neighbor’s IPv4 address. Default Configuration Peers are not route reflector clients by default.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#neighbor 10.130.14.55 route-reflector-client neighbor route-reflector-client (IPv6 Address Family Configuration) To configure an internal peer as an IPv4 route reflector client, use the neighbor route-reflector-client command.
If you configure multiple route reflectors within a cluster, you must configure each route reflector in the cluster with the same cluster ID. Use the bgp cluster-id command to configure a cluster ID. An external peer may not be configured as a route reflector client. When reflecting a route, BGP ignores the set statements in an outbound route map to avoid causing the receiver to compute routes that are inconsistent with other routers in the AS. Command History Introduced in version 6.2.0.1 firmware.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#neighbor 10.130.14.55 send-community neighbor send-community (IPv6 Address Family Configuration) In IPv6 address family configuration mode, the neighbor send-community command tells BGP to send the COMMUNITIES attribute with routes advertised to the peer.
Example console(config-router-af)#neighbor 10.130.14.55 send-community neighbor shutdown Use the neighbor shutdown command to administratively disable communications with a specific BGP neighbor. The effect is to gracefully bring down the adjacency with the neighbor. If the adjacency is up when the command is given, the peering session is dropped and all route information learned from the neighbor is purged.
User Guidelines When a neighbor is shut down, BGP first sends a NOTIFICATION message with a Cease error code. When an adjacency is administratively shut down, the adjacency stays down until administratively re-enabled (using no neighbor shutdown). Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console(config-router)#neighbor 10.130.14.
• keepalive—The time, in seconds, between BGP KEEPALIVE packets sent to a neighbor. The range is 0 to 65,535 seconds. A small internal jitter is applied to the keepalive interval timer in order to reduce the CPU load that may occur when multiple timers expire simultaneously. • holdtime—The time, in seconds, that BGP continues to consider a neighbor to be alive without receiving a BGP KEEPALIVE or UPDATE packet from the neighbor.
Syntax neighbor { ip-address | ipv6-address [ interface vlan vlan-id ] | autodetect interface interface-id }} update-source interface no neighbor { ip-address | ipv6-address [ interface vlan vlan-id ] | autodetect interface interface-id }} update-source • ip-address—The neighbor’s IPv4 address. This is the IP address of the neighbor on the connected link. • ipv6-address—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified.
It is common to use an IP address on a loopback interface as an update source because a loopback interface is always reachable as long as any routing interface is up. The peering session will stay up as long as the loopback interface remains reachable. If you use an IP address on a routing interface, then the peering session will go down if that interface goes down. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console(config-router)#neighbor 10.130.
• prefix-length—The length of the IPv6 prefix given as part of the ipv6prefix. Required if a prefix is specified. A decimal value in the range 1 to 128 that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address) in /length format. A slash mark must precede the decimal value in /length format. • rm-name—The name of a route map used to filter prefixes or set attributes of prefixes advertised by this network.
network (IPv6 Address Family Configuration) In IPv6 address family configuration mode, the network command identifies network IPv6 prefixes that BGP originates in route advertisements to its neighbors. Syntax network prefix mask network-mask [ route-map rm-name ] no network prefix mask network-mask [ route-map rm-name ] network ipv6-prefix/prefix-length [ route-map rm-name ] no network ipv6-prefix/prefix-length • prefix—An IPv4 address prefix in dotted decimal notation.
User Guidelines BGP supports up to 64 networks. The network command may also be used specify a default route (network 0.0.0.0 mask 0.0.0.0). If a route map is configured to set attributes on the advertised routes, match as-path and match community terms in the route map are ignored. A match ip-address prefix-list term is honored in this context. If the route map includes such a match term, the network is only advertised if the prefix list permits the network prefix.
Example console(config-router)#redistribute rip rd Use the rd command to configure a BGP routing session to advertise VPNIPv4 prefixes. Use the no form of this command to delete the VPN-IPv4 configuration. Syntax rd route-distinguisher no rd route-distinguisher— A 2-byte or an 8-byte value to be prepended to an IPv4 prefix to create a VPN IPv4 prefix.
Once an RD has been configured, it may not be reconfigured. Use the no form of the command to remove the RD before configuring a new RD value. This command is effective only if BGP is running on the router. Command History Introduced in version 6.3.0.1 firmware.
is configured for BGP (default metric command), the MED is set to the default metric. If both a default metric and a metric value are not configured, the prefix is advertised without an MED attribute. • match—(Optional) By default, if BGP is configured to redistribute OSPF routes, BGP only redistributes internal routes (OSPF intra-area and interarea routes). Use of the match option configures BGP to also redistribute specific types of external routes, or to disable redistribution of internal OSPF routes.
The RIP metric is a hop count. The metric for a redistributed route limits the distance the route can be redistributed in the RIP network. Since the maximum valid metric in a RIP network is 15, redistributing routes into RIP with a metric of 12 implies that the route can only be redistributed across 3 hops in the RIP network. In conformance with RFC 1475, information learned via BGP from peers within the same AS is not redistributed to OSPF.
• match—(Optional) By default, if BGP is configured to redistribute OSPF routes (redistribute ospf command), BGP only redistributes internal routes (OSPF intra-area and inter-area routes). Use of the match option configures BGP to also redistribute specific types of external or internal routes, or to disable redistribution of OSPF routes. The match option is only valid for OSPF originated routes. Successive redistribute commands are additive.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#redistribute rip route-target Use the route-target command to create a list of export, import, or both route target (RT) extended communities for the specified VRF instance. Use the no form of the command to remove the route target from a VRF instance.
Command Mode Privileged Exec mode User Guidelines Configure the route-target command once for each target extended community. Routes that are learned and carry a specific route-target extended community are imported into all VRFs configured with that particular extended community as an import route target. The configured export RT is advertised as an extended community in the MPBGP format to the eBGP peer. An RT is either: • ASN related – Composed of an autonomous system number and an arbitrary number.
Syntax set extcommunity rt value [additive] no set extcommunity rt • • value — Specifies the route target extended community value. This value can be entered in one of the following formats: – 16-bit AS number: a 32-bit value (Ex: 64496:11) – 32-bit IPv4 address: a 16-bit value (Ex: 10.1.1.1:22) – 32-bit AS number: a 32-bit value (Ex: 65537:60110) additive–Adds a route target to the existing route target list without replacing any existing route targets.
Example The following example shows how to set the extended community attribute for route target with route-maps. (R1)(Config)# ip extcommunity-list 10 permit rt 1:1 (R1)(config)# route-map SEND_OUT permit 10 (R1)(config-route-map)# match extcommunity 13 (R1)(config-route-map)# set extcommunity rt 10:10 additive (R1)(config-route-map)# exit set extcommunity soo Use the set extcommunity soo command to set BGP extended community attributes for the site of origin.
User Guidelines The site of origin (SOO) extended communities attribute is configured with the soo keyword. This attribute uniquely identifies the site from which the Provider Edge (PE) router learned the route. All routes learned from a particular site must be assigned the same SOO extended community attribute, whether a site is connected to a single PE router or multiple PE routers. Configuring this attribute prevents routing loops from occurring when a site is multi-homed.
• ipv6-prefix—An IPv6 network prefix. This argument must be in the form where the address is specified in hexadecimal using 16-bit values between 0x00 and 0xff and separated by colons. Limits the output to a specific prefix. • prefix-length—The length of the IPv6 prefix given as part of the ipv6prefix. This is required if a prefix is specified.
Status codes • s—The route is aggregated into an aggregate address configured with the summary-only option • *—Dell EMC Networking BGP never displays invalid routes; so this code is always displayed (to maintain consistency with the industry standard) • >—Indicates that BGP has selected this path as the best path to the destination • i—If the route is learned from an internal peer Network IPv6 Destination prefix Next Hop The route’s BGP next hop Metric Multi-Exit Discriminator LocPrf The local pref
Syntax show bgp ipv6 aggregate address-group Default Configuration There is no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed. Field Description Prefix/Len Destination prefix and prefix length. AS Set Indicates if an empty AS path is advertised with the aggregate address (N) or an AS SET is advertised with the set of AS numbers for the paths contributing to the aggregate (Y).
show bgp ipv6 community Use this command to display IPv6 routes that belong to the specified set of communities. This command replaces and deprecates the show ipv6 bgp community command Syntax show bgp ipv6 community communities [ exact-match ] • communities—A string of zero or more community values, which may be in either format and may contain the well-known community keywords noadvertise and no-export. The output displays routes that belong to every community specified in the command.
Status codes • s—The route is aggregated into an aggregate address configured with the summary-only option • *—Dell EMC Networking BGP never displays invalid routes; so this code is always displayed (to maintain consistency with the industry standard) • >—Indicates that BGP has selected this path as the best path to the destination • i—If the route is learned from an internal peer Network IPv6 Destination prefix Next Hop The route’s BGP next hop Metric Multi-Exit Discriminator LocPrf The local pref
• exact-match—Displays only routes that are an exact match for the set of communities in the matching community list statement. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed. Field Description BGP table version Each time phase 2 of the BGP decision process runs to select new BGP routes, this number is incremented.
Example BGP table version is 0, local router ID is 65.1.1.1 Status Codes: s suppressed, * valid, > best, i - internal Origin Codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPref Path ------------------ --------------- --------- ---------- ---------- show bgp ipv6 listen range Use the show bgp ipv6 listen range command to display information about IPv6 BGP listen ranges.
2001::20 0 ACTIVE Listen Range.................................. 2002::1/64 Inherited Template............................ template_2002 Member ASN State --------------------------------------- ----- ----------- show bgp ipv6 neighbors Use this command to display neighbors with IPv4 or IPv6 peer addresses that are enabled for the exchange of IPv6 prefixes. This command deprecates and replaces the show ipv6 bgp neighbors command.
• If the peer is configured as “autodetect”, the “Remote Address” shows detected IPv6 address or “Unresolved” in case if the peer is not detected by the autodetect feature. • “Autodetect status” is displayed only if the peer is configured as “autodetect”. The field shows one of the following statuses: • Peer is detected • Peer is not detected • Multiple peers are detected The following fields are displayed. Field Description Remote Address The neighbor’s IPv6 address.
IPv4 Unicast Support Indicates whether IPv4 unicast routes can be exchanged with this peer. Both indicates that IPv4 is active locally and the neighbor indicated support for IPv4 unicast in its OPEN message. Sent indicates that IPv4 unicast is active locally, but the neighbor did not include this AFI/SAFI pair in its OPEN message. IPv4 unicast is always enabled locally and cannot be disabled. IPv6 Unicast Support Indicates whether IPv6 unicast routes can be exchanged with this peer.
Prefix Limit The maximum number of prefixes this router is willing to accept from this neighbor. Prefix Warning Threshold Percentage of the prefix limit that causes a warning message to be logged. Warning Only on Prefix Limit Whether to shutdown a neighbor that exceeds the prefix limit. TRUE if the event is logged without shutting down the neighbor. Minimum Advertisement Interval The minimum time between UPDATE messages sent to this neighbor.
Prefixes Withdrawn A running count of the number of prefixes included in the Withdrawn Routes portion of UPDATE messages, to and from this neighbor. Prefixes Current The number of prefixes currently advertised to or received from this neighbor. For inbound prefixes, this count only includes prefixes that passed inbound policy. Prefixes Accepted The number of prefixes from this neighbor that are eligible to become active in the local RIB.
Configured Hold Time.......................... Configured Keep Alive Time.................... Negotiated Hold Time.......................... Keep Alive Time............................... MD5 Password.................................. 90 sec 30 sec 30 sec 10 sec password Last Error (Sent).............................. Last SubError.................................. Time Since Last Error.......................... Established Transitions........................ Established Time..............................
• ipv6-address [interface interface-id]—The IPv6 address of a BGP peer. If the peer address is an IPv6 link local address, the interface that defines the scope of the link local address must be given. • autodetect interface interface-id—(Optional) The routing interface on which the neighbor’s link local IPv6 address is auto detected. The interface ID must be a VLAN routing interface. Default Configuration There is no default configuration for this command.
Origin The value of the origin attribute. • i—IGP • e—EGP • ?—Incomplete Command History Introduced in version 6.2.0.1 firmware. Modified in version 6.3.0.1 firmware. Example console#show bgp ipv6 neighbors fe80::211:12ff:fe06:4 interface vl10 advertised-routes BGP table version is 10, local router ID is 0.0.0.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed. Field Description Neighbor The peer address of a neighbor. Policy A neighbor-specific BGP policy. Template If the policy is inherited from a peer template, this field lists the template name. Command History Introduced in version 6.2.0.1 firmware. Modified in version 6.3.0.
policy. The output and format as the same as for show IP bgp neighbors received-routes, except that they list IPv6 routes. Also, the command displays a list of IPv4 routes received from a specific neighbor with RFC5549. This command deprecates and replaces the show ipv6 bgp neighbors received-routes command.
Origin The value of the Origin attribute as received from the peer. Command History Introduced in version 6.2.0.1 firmware. Modified in version 6.3.0.1 firmware. Example console#show bgp ipv6 neighbors 1010:10::103 routes Local router ID is 0.0.0.
Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes. User Guidelines The following fields are displayed. Field Description Delta T How long since the decision process was run. hours:minutes:seconds if the elapsed time is less than 24 hours. Otherwise, days:hours. Phase The phase of the decision process that was run. Upd Grp Outbound update group ID. Only applies when phase 3 is run.
Modified in version 6.3.0.1 firmware.
Traps Whether BGP traps are enabled. Maximum Paths The maximum number of next hops in an external BGP route. Maximum Paths iBGP The maximum number of next hops in an internal BGP route. Default Keep Alive Time The configured keepalive time used by all peers that have not been configured with a peer-specific keepalive time. Default Hold Time The configured hold time used by all peers that have not been configured with a peer-specific hold time.
MsgSent The number of BGP messages sent to this neighbor State The adjacency state. One of IDLE, CONNECT, ACTIVE, OPEN SENT, OPEN CNFRM, EST Up/Down Time How long the adjacency has been in the ESTABLISHED state, or, if the adjacency is down, how long it has been down. In days:hours:minutes:seconds Pfx Rcvd The number of IPv6 prefixes received from the neighbor Command History Introduced in version 6.2.0.1 firmware. Modified in version 6.3.0.1 firmware.
show bgp ipv6 update-group Use this command to report the status of IPv6 outbound groups and their members. Output and format are the same as for show ip bgp update-group. This command deprecates and replaces the show ipv6 bgp update-group command. Syntax show bgp ipv6 update-group [ group-index | ipv4-address | ipv6-address [ interface interface-id ] | autodetect interface interface-id ] • group-index—If specified, this option restricts the output to a single update group.
Fields Description Version The update version. Delta T The amount of time elapsed since the update send process executed. hours::minutes::seconds. Duration How long the update send process took, in milliseconds UPD Built The number of UPDATE messages built. UPD Sent The number of UPDATE messages successfully transmitted to group members. Normally a copy of each UPDATE message built is sent to each group member. Paths Sent The number of paths advertised.
Update Version The number of times phase 3 of the BGP decision process has run for this group to determine which routes should be advertised to the group. Number of UPDATEs Sent The number of UPDATE messages that have been sent to this group. Incremented once for each UPDATE regardless of the number of group members. Time Since Last UPDATE Time since an UPDATE message was last sent to the group. If no UPDATE has been sent to the group, the status is “Never.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If a route reflector client is configured with an outbound route map, the output warns that set statements in the route map are ignored when reflecting routes to this client. The following information is displayed. Field Description Cluster ID The cluster ID used by this router.
Clients: Non-client Internal Peers: show ip bgp To view routes in the BGP routing table, use the show ip bgp command. The output lists both the best and non-best paths to each destination.
Field Description BGP table version Each time phase 2 of the BGP decision process runs to select new BGP routes, this number is incremented.
show ip bgp aggregate-address Use the show ip bgp aggregate-address command to list the aggregate addresses that have been configured and indicates whether each is currently active. Syntax show ip bgp [vrf vrf-name] aggregate-address • vrf vrf-name — Displays the aggregate address information associated with the named VRF. Default Configuration By default, information about the global VRF is shown. Command Mode Privileged Exec mode, Global Configuration mode, and all sub-modes.
Example console#show ip bgp aggregate-address Prefix/Len ------------------1.2.3.0/24 10.10.10.0/24 AS Set -----N N Summary Only -----------N N Active -----N N show ip bgp community The show ip bgp community displays route information for the communities listed in the specified community. Syntax show ip bgp [vrf vrf-name] community communities [exact-match] • vrf vrf-name—Displays the aggregate address information associated with the named VRF.
Example console#show ip bgp community BGP table version is 0, local router ID is 65.1.1.1 Status Codes: s suppressed, * valid, > best, i - internal Origin Codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPref Path Origin ------------------ --------------- ---------- ---------- ------------- --- show ip bgp community-list The show ip bgp community-list command lists the routes that are allowed by the specified community list.
Example console(config)#show ip bgp community-list test BGP table version is 0, local router ID is 65.1.1.1 Status Codes: s suppressed, * valid, > best, i - internal Origin Codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPref Path Origin ------------------ --------------- ---------- --------- ------------- ------ show ip bgp extcommunity-list Use the show ip bgp extcommunity-list command to display all the permit and deny attributes of the given extended community list.
RT The route target extended community attribute. deny Denies access for a matching condition. Command History Introduced in version 6.3.0.1 firmware. Example console#show ip bgp extcommunity-list 1 Standard extended community-list list1 permit RT:1:100 RT:2:100 deny RT:6:600 permit RT:5:200 permit SOO:9:900 show ip bgp listen range Use the show ip bgp listen range command to display information about IPv4 BGP listen ranges.
Example console(config-router)#show ip bgp listen range Listen Range .................................. 10.27.0.0/16 Inherited Template ............................ template_10_27 Member ASN State ---------------- ----- ----------10.27.8.189 65001 OPENCONFIRM 10.27.128.235 0 ACTIVE Listen Range .................................. 15.15.0.0/24 Inherited Template ............................
User Guidelines Since IPv4 prefixes can only be exchanged over IPv4 peering, the neighboraddress parameter must be an IPv4 peer address. This option limits the output to show a single neighbor. If no neighbor address is specified, the command shows all neighbors enabled for IPv4 prefix exchange. If the vrf-name argument is specified, information pertaining to that VRF is displayed. The following fields are displayed.
Local Interface Address The IPv4 address used as the source IP address in packets sent to this neighbor. Configured Hold Time The time, in seconds, that this router proposes to this neighbor as the hold time Configured Keep Alive Time The configured KEEPALIVE interval for this neighbor. Negotiated Hold Time The minimum configured hold time and the hold time in the OPEN message received from this neighbor.
Time Elapsed Since Last Update How long since an UPDATE message has been received from this neighbor.
Path attribute length error A received path attribute has a length value that exceeds the remaining length of the path attributes field. Invalid ORIGIN code A received UPDATE message included an invalid ORIGIN code. Unexpected first ASN in AS path The AS Path attribute from an external peer did not include the peer’s AS number as the first AS. Invalid AS path segment type The AS Path includes a segment with an invalid segment type. Invalid BGP NEXT HOP The BGP NEXT HOP is not a valid unicast address.
Connection Retry Interval ..................... Neighbor Capabilities ......................... Next Hop Self ................................. IPv4 Unicast Support .......................... IPv6 Unicast Support .......................... Template Name ................................. Update Source ................................. Configured Hold Time .......................... Configured Keep Alive Time .................... Prefix Limit .................................. Prefix Warning Threshold .......
Neighbor Capabilities ......................... Next Hop Self ................................. Update Source.................................. Local Interface Address ....................... Configured Hold Time .......................... Configured Keep Alive Time..................... Negotiated Hold Time .......................... Keep Alive Time ............................... Prefix Limit................................... Prefix Warning Threshold....................... Warning Only On Prefix Limit....
Established Time .............................. secs 0 days 00 hrs 00 mins 10 show ip bgp neighbors advertised-routes The show ip bgp neighbors advertised-routes command displays the list of routes advertised to a specific neighbor. These are the routes in the adjacent RIB out for the neighbor’s outbound update group Syntax show ip bgp [vrf vrf-name] neighbors ip-address advertised-routes • ip-address—The IPv4 address of a neighbor.
Status codes p—The route has been updated in Adj-RIB-Out since the last UPDATE message was sent. Transmission of an UPDATE message is pending. Network Destination prefix Next Hop The BGP NEXT HOP as advertised to the peer. Local Pref The local preference. Local preference is never advertised to external peers. Metric The value of the Multi Exit Discriminator, if the MED is advertised to the peer. Path The AS path.
Syntax show ip bgp [vrf vrf-name]neighbors ip-address {receivedroutes|routes|rejected-routes} • vrf vrf-name — Displays the aggregate address information associated with the named VRF. • ip-address—The IPv4 address of a BGP neighbor. • Received-routes—Display the routes received by a particular neighbor prior to filtering. • Routes—Display both the received and advertised routes. • Rejected-routes—Display the routes rejected from the specified neighbor.
Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console #show ip bgp neighbors 172.20.101.100 received-routes local router ID is 20.1.1.1 Origin codes: i - IGP, e - EGP, ? - incomplete Network 172.20.1.0/24 20.1.1.0/24 Next Hop 172.20.101.1 172.20.101.1 Metric 10 Local Pref Path 100 20 10 100 20 Origin i ? console#show ip bgp neighbors 10.10.10.3 routes Local router ID is 0.0.0.
Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes User Guidelines If the vrf-name argument is specified, information pertaining to that VRF is displayed. The following fields are displayed. Fields Description Neighbor The peer address of a neighbor. Policy A neighbor-specific BGP policy. Template If the policy is inherited from a peer template, this field lists the template name. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.
show ip bgp route-reflection This command displays all global configuration related to IPv4 route reflection, including the cluster ID and whether client-to-client route reflection is enabled, and lists all the neighbors that are configured as route reflector clients. Syntax show ip bgp [vrf vrf-name] route-reflection • vrf vrf-name — Displays the aggregate address information associated with the named VRF. Default Configuration By default, information about the global VRF is shown.
Clients A list of this router’s internal peers which have been configured as route reflector clients. Non-client Internal Peers A list of this router’s internal peers that are not configured as route reflector clients. Routes from nonclient peers are reflected to clients and vice-versa. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console # show ip bgp route-reflection Cluster ID........................ 1.1.1.
Default Configuration By default, information about the global VRF is shown. Command Mode User Exec mode, Privileged Exec mode, Global Config mode and all submodes. User Guidelines If the vrf-name argument is specified, information pertaining to that VRF is displayed. The following information is displayed. Fields Description Delta T How long since the decision process was run. hours:minutes:seconds if the elapsed time is less than 24 hours. Otherwise, days:hours.
Mods The number of routes modified. Always 0 for phase 1. Dels The number of routes deleted. Always 0 for phase 1. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware.
The following information is displayed. Fields Description Admin Mode Whether BGP is globally enabled. BGP Router ID The configured router ID Local AS Number The router’s AS number Traps Whether BGP traps are enabled. Maximum Paths The maximum number of next hops in an external BGP route. Maximum Paths iBGP The maximum number of next hops in an internal BGP route.
Route Map The name of the route map used to filter redistributed routes. Neighbor The IP address of a neighbor. ASN The neighbor’s ASN. MsgRcvd The number of BGP messages received from this neighbor. MsgSent The number of BGP messages sent to this neighbor. State The adjacency state. One of IDLE, CONNECT, ACTIVE, OPEN SENT, OPEN CNFRM, EST. Up/Down Time How long the adjacency has been in the ESTABLISHED state, or, if the adjacency is down, how long it has been down.
ospf match: int Neighbor ASN MsgRcvd MsgSent State Up/Down Time Pfx Rcvd ---------------- ----- -------- -------- ------------- -------------- -----10.10.10.10 65000 2269 4666 ESTABLISHED 0:00:17:15 0 show ip bgp template The show ip bgp template command lists the routes that are allowed by the specified community list. Syntax show ip bgp template [ template-name ] • template-name—(Optional) Limits the output to a single template Default Configuration There is no default configuration for this command.
Example console#show ip bgp template Template Name ------------peer-grp1 AF ---- IPv4 Configuration ----------------------------timers 5 15 password rivendell advertisement-interval 15 peer-grp2 IPv4 IPv4 IPv6 IPv6 prefix-list strider in maximum-prefix 100 prefix-list gandolf in maximum-prefix 200 peer-grp3 IPv6 send-community IPv4 update-source loopback 0 next-hop-self peer-grp4 show ip bgp traffic The show ip bgp traffic command list the routes that are allowed by the specified community list
The output shows when BGP counters were last cleared (using clear ip bgp counters). Clearing counters resets all values in this output to 0 except for the high water mark for the work queues. The first table lists the number of BGP messages of each type that this router has sent and received. Following the table is a maximum send and receive UPDATE message rate. These rates report the busiest one-second interval. The queue statistics table reports information for BGP work queues.
MIB Queries 0 0 0 5 show ip bgp update-group This command reports the status of IPv4 outbound update groups and their members. Syntax show ip bgp [vrf vrf-name] update-group [group-index | peer-address ] • vrf vrf-name — Displays the aggregate address information associated with the named VRF. • group-index—(Optional) If specified, this option restricts the output to a single update group.
UPD Built The number of UPDATE messages built. UPD Sent The number of UPDATE messages successfully transmitted to group members. Normally a copy of each UPDATE message built is sent to each group member. Paths Sent The number of paths advertised. Pfxs Adv The number of prefixes advertised. Pfxs Wd The number of prefixes withdrawn. The following information is displayed. Fields Description Update Group ID Unique identifier for outbound update group.
Time Since Last UPDATE Time since an UPDATE message was last sent to the group. If no UPDATE has been sent to the group, the status is “Never.” Current Prefixes The number of prefixes currently advertised to the group. Current Paths The number of paths currently advertised to the group. Prefixes Advertised The total number of prefixes advertised to the group since the group was formed.
Version 10 11 12 13 14 15 16 17 18 19 Delta T Duration UPD Built UPD Sent Paths Sent Pfxs Adv 00:33:49 100 6 288 5 1250 00:33:49 0 4 192 3 750 00:33:49 0 2 96 1 250 00:33:49 0 2 96 1 250 00:33:49 0 1 48 0 0 00:33:49 100 8 384 7 1750 00:33:49 0 3 144 2 500 00:31:49 0 4 192 3 750 00:23:49 100 4 192 3 750 00:03:49 100 6 288 5 1250 Update Group ID............................ Peer Type.................................. Minimum Advertisement Interval............. Send Community.............................
• rd route-distinguisher—Displays the NLRI prefixes that match the named route distinguisher. • vrf vrf-name—Displays the NLRI prefixes associated with the named VRF instance. • ip-prefix/length — IP address of a network in the routing table and the length of the mask (0 to 32). The slash mark must be included. • statistics — Displays BGP VPNv4 statistics Default Configuration There is no default configuration.
The command output provides the following information. Term Description BGP table version Each time phase 2 of the BGP decision process runs to select new BGP routes, this number is incremented Status codes One of the following: • s: The route is aggregated into an aggregate address configured with the summary-only option. • *: BGP never displays invalid routes; so this code is always displayed (to maintain consistency with the industry standard).
Term Description Type Whether the path is received from an internal or external peer. IGP Cost The interior gateway cost (e.g., OSPF cost) to the BGP NEXT HOP. Peer (Peer ID) The IP address of the peer that sent this route, and its router ID. BGP Next Hop The BGP NEXT HOP attribute. Atomic Aggregate If the ATOMIC AGGEGATE attribute is attached to the path. Aggregator The AS number and router ID of the speaker that aggregated the route. Communities The BGP communities attached to the path.
*> 25.95.16.0/24 *> 25.14.8.0/24 120.10.1.1 120.10.1.1 10 10 Route Distinguisher *> 174.20.1.0/24 *> 26.95.16.0/24 *> 26.14.8.0/24 : 3:30 (for VRF yellow) 130.10.1.1 10 130.10.1.1 10 130.10.1.1 10 100 100 20 10 i 20 10 i 100 100 100 20 10 i 20 10 i 20 10 i The following example shows VPNv4 routing entries for VRF named red: (R1) # show ip bgp vpnv4 vrf red BGP table version is 5, local router ID is 20.1.1.
AS Path.................................... Origin..................................... Type....................................... IGP Cost................................... Peer (Peer ID)............................. BGP Next Hop............................... Extended Community......................... 18 50 27 Incomplete External 10 200.1.1.1 (18.24.1.3) 200.1.1.
• address-family • allowas-in • connect-retry-interval • description • ebgp-multihop • fall-over • local-as • password • remote-as • rfc5549-support • shutdown • timers • update-source See the associated neighbor commands for a description of parameters and keywords. Note that Dell EMC Networking does not support a remote-as asnumber command in this mode. The neighbor’s AS number must be specified when the neighbor is created. Command History Introduced in version 6.2.0.
console(config-rtr-tmplt)# exit console(config-router)# neighbor 172.20.1.2 console(config-router)# neighbor 172.20.2.2 console(config-router)# address-family ipv6 console(config-router)# neighbor 172.20.1.2 console(config-router)# neighbor 172.20.2.2 inherit peer AGGR inherit peer AGGR activate activate timers bgp The timers bgp command configures the default keepalive and hold timers that BGP uses for all neighbors unless specifically overridden by the neighbor timers command.
The new values are not applied to adjacencies already in the ESTABLISHED state. A new keepalive or hold time is applied the next time an adjacency is formed. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#timers bgp 1000 500 timers policy-apply delay This command configures the delay after which any change to the global or per BGP neighbor inbound/outbound policies are applied.
For any change in the outbound policies applicable to a neighbor, the WITHDRAW packets are sent followed by the UPDATE packets when they are applied after the delay timeout. In case of changes to other neighbor attributes like send-community, remove-private-asn, etc. the WITHDRAW packets are not sent instead, the new UPDATEs are sent after the delay timeout. Command History Command introduced in version 6.6 firmware.
Command History Command introduced in version 6.6 firmware. graceful-restart-helper This command enables the graceful restart helper capability. Syntax graceful-restart-helper no graceful-restart-helper Default Configuration Graceful restart capability is disabled by default. Graceful restart helper capability is enabled by default.
BGP Routing Policy Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches Exterior routing protocols like BGP use industry-standard routing policy to filter and modify routing information exchanged with peers.
• regexp—A regular expression used to match the AS path attribute of a BGP path where the AS path is treated as an ASCII string. Default Configuration No AS path lists are configured by default. There are no default values for any of the parameters of this command. Command Mode Global Configuration User Guidelines The AS path attribute is a list of the autonomous system numbers along the path to the destination. An AS path access list is an ordered sequence of statements.
Special Character Symbol Behavior caret ^ Matches the beginning of the input string. dollar sign $ Matches the end of the input string. hyphen – Separates the end points of a range. period . Matches any single character, including white space. plus sign + Matches 1 or more sequences of the pattern. question mark ? Matches 0 or 1 occurrences of the pattern.
Command Mode Global Configuration User Guidelines RFC 1997 specifies that the first two bytes of a community number are considered to be an autonomous system number. The new format displays a community number as the ASN followed by a 16-bit AS-specific number. Example console(config)#ip bgp-community new-format ip community-list To create or configure a BGP community list, use the ip community-list command in global configuration mode. To delete a community list, use the no form of this command.
• no-export-subconfed—The well-know standard community: NO_EXPORT_SUBCONFED (0xFFFFFF03), which indicates the routes are not to be advertised to external BGP peers. Default Configuration No community lists are configured by default. Command Mode Global Configuration User Guidelines A community list statement with no community values is considered a match for all routes, regardless of their community membership. So the statement ip community-list bullseye permit is a permit all statement.
• list-name—The text name of the prefix list. Up to 32 characters. • seq number—(Optional) The sequence number for this prefix list statement. Prefix list statements are ordered from lowest sequence number to highest and processed in that order. If a sequence number is not specified, the system automatically selects a sequence number five larger than the last sequence number in the list. Two statements may not be configured with the same sequence number. The value ranges from 1 – 4,294,967,294.
User Guidelines Prefix lists allow matching of route prefixes with those specified in the prefix list. Each prefix list includes of a sequence of prefix list entries ordered by their sequence numbers. A router sequentially examines each prefix list entry to determine if the route’s prefix matches that of the entry. An empty or nonexistent prefix list permits all prefixes. An implicit deny is assumed if a given prefix does not match any entries of a prefix list.
Syntax ip prefix-list list-name description text no ip prefix-list list-name description • list-name—The text name of the prefix list. • text—Text description of the prefix list. Up to 80 characters Default Configuration No description is configured by default. Command Mode Global Configuration User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.2.0.1 firmware.
• seq number—(Optional) The sequence number for this prefix list statement. Prefix list statements are ordered from lowest sequence number to highest and applied in that order. If you do not specify a sequence number, the system automatically selects a sequence number five larger than the last sequence number in the list. Two statements may not be configured with the same sequence number. The sequence number ranges from 1 – 4,294,967,294.
Default Configuration No prefix lists are configured by default. Command Mode Global Configuration User Guidelines The ipv6 prefix-list command is used to create IPv6 prefix lists. These are similar to ip prefix lists except that the lists are IPv6 specific. An IPv6 prefix list can contain only IPv6 addresses. Prefix lists allow matching of route prefixes against those specified in the prefix list. Each prefix list includes of a sequence of prefix list entries ordered by sequence numbers.
Command History Introduced in version 6.2.0.1 firmware. Example The following example configures a prefix list that allows routes with one of two specific destination prefixes, 2001::/64 and 5F00::/48: console(config)# ipv6 prefix-list apple seq 10 permit 2001:: /64 console(config)# ipv6 prefix-list apple seq 20 permit 5F00:: FFFF:FFFF:FFFF:: The following example renumbers the apple prefix list beginning at sequence number 10.
User Guidelines If a new match as-path statement is entered in a route map statement that already has a match as-path statement, the AS path list numbers in the new statement are added to the existing match term, up to the maximum number of lists in a statement. A route is considered a match if it matches any one or more of the AS path access lists to which the statement refers. Command History Introduced in version 6.2.0.1 firmware.
User Guidelines If the community list returns a permit action, the route is considered a match. If the match statement refers to a community list that is not configured, no routes are considered to match the statement. no match community list exact-match removes the match statement from the route map. (It doesn’t simply remove the exact-match option.) The command no match community removes the match term and all its community lists. Command History Introduced in version 6.2.0.1 firmware.
User Guidelines If multiple prefix lists are specified in one statement, a match occurs if a prefix matches any one of the prefix lists. If a match ip address statement is configured within a route map section that already has a match ip address statement, the new prefix lists are added to the existing set of prefix lists, and a match occurs if any prefix list in the combined set matches the prefix. The command no match ip address prefix-list removes the match term and all its prefix lists.
User Guidelines If multiple prefix lists are specified in one statement, a match occurs if a prefix matches any one of the prefix lists. If a match ipv6 address statement is configured within a route map section that already has a match ipv6 address statement, the new prefix lists are added to the existing set of prefix lists, and a match occurs if any prefix list in the combined set matches the prefix. The command no match ip address prefix-list removes the match term and all its prefix lists.
User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.2.0.1 firmware. Example console#show ip as-path-access-list AS path access list 1 deny _100_ deny ^100$ AS path access list 2 deny _200_ deny ^200$ show ip community-list This command displays the contents of AS path access lists. Syntax show ip community-list [community-list-name | detail [community-listname]] • community-list-name—(Optional) A standard community list name.
Command History Introduced in version 6.2.0.1 firmware. Example console#show ip community-list Standard community list buzz permit 100:200 permit 100:300 permit 100:400 Standard community list woody permit 200:1 permit 200:2 permit 200:3 show ip prefix-list This command displays the contents of IPv4 prefix lists.
Default Configuration No prefix lists are configured by default. Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes.
Command History Introduced in version 6.2.0.1 firmware. Example console#show ip prefix-list fred ip prefix-list fred: count: 3, range entries: 3, sequences: 5 - 15, refcount: 0 seq 5 permit 10.10.1.1/20 ge 22 seq 10 permit 10.10.1.2/20 le 30 seq 15 permit 10.10.1.
• prefix-length - The length of the IPv6 prefix given as part of the ipv6-prefix. Required if a prefix is specified. A decimal value in the range 0 to 128 that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address) in /length format. A slash mark must precede the decimal value in /length format. • seq – (Optional) Applies the sequence number to the prefix list entry.
Command History Introduced in version 6.2.0.1 firmware.
Default Configuration No prefix lists are configured by default. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command is used to clear prefix-list hit counters. The hit count is a value indicating the number of matches to a specific prefix list entry. The counters are also cleared by the global clear counters command. Command History Introduced in version 6.2.0.1 firmware. Example console# clear ip prefix-list orange 20.0.0.
Default Configuration No prefix lists are configured by default. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command is used to clear the IPv6 prefix-list hit counters. The hit count is a value indicating the number of matches to a specific prefix list entry. The counters are also cleared by the global clear counters command. Command History Introduced in version 6.2.0.1 firmware.
User Guidelines This command is used to clear the community list hit counters. The hit count is a value indicating the number of matches to a specific list entry. The counters are also cleared by the global clear counters command. Command History Introduced in version 6.2.0.1 firmware. Example The command below clears the counters only for the matching community apple.
User Guidelines This command is normally used to insert one or more instances of the local AS number at the beginning of the AS_PATH attribute of a BGP route. Doing so increases the AS path length of the route. The AS path length has a strong influence on BGP route selection. Changing the AS path length can influence route selection on the local router or on routers to which the route is advertised.
Default Configuration No communities are removed from UPDATE messages by default. Command Mode Route Map Configuration User Guidelines A route map with this set command can be used to remove selected communities from inbound and outbound routes. When a community list is applied to a route for this purpose, each of the route’s communities is submitted to the community list one at a time. Communities permitted by the list are removed from the route.
• community-number—One to sixteen community numbers, either as a 32bit integers or in AA:NN format. Communities are separated by spaces. The well-known communities no-advertise and no-export are also accepted. • no-advertise—The well-known standard community: NO_ADVERTISE (0xFFFFFF02) which indicates the community is not to be advertised. • no-export—The well-known standard community: NO_EXPORT, (0xFFFFFF01), which indicates the routes are not to be advertised outside the community.
set ipv6 next-hop (BGP) To set the IPv6 next hop of a route, use the set ipv6 next-hop command in route-map configuration mode. To remove a set command from a route map, use the no form of this command. Syntax set ipv6 next-hop ipv6-address no set ipv6 next-hop • ipv6-address—The IPv6 address set as the Network Address of Next Hop field in the MP_NLRI attribute of an UPDATE message.
set local-preference To set the local preference of specific BGP routes, use the set local-preference command in route-map configuration mode. To remove a set command from a route map, use the no form of this command. Syntax set local-preference value no set local-preference value • value—A local preference value, from 0 to 4,294,967,295 (any 32 bit integer). Default Configuration There is no default configuration for this command.
Syntax set metric value no set metric value • value—A local preference value, from 0 to 4,294,967,295 (any 32 bit integer). Default Configuration There is no default configuration for this command. Command Mode Route Map Configuration User Guidelines This command sets the Multi Exit Discriminator (MED) when used in a BGP context.
DVMRP Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches Distance Vector Multicast Routing Protocol (DVMRP) is a dense mode multicast protocol and is most appropriate for use in networks where bandwidth is relatively plentiful and there is at least one multicast group member in each subnet. DVMRP assumes that all hosts are part of a multicast group until it is informed of multicast group changes.
User Guidelines PIM must be disabled before DVMRP can be enabled. This command enables IGMP/MLD. Disabling IGMP/MLD may operationally disable multicast routing. Dell EMC Networking switches support IP/IPv6 unnumbered interfaces. DVMRP is capable of operating over unnumbered interfaces. Example The following example sets VLAN 15’s administrative mode of DVMRP to active.
console(config)#interface vlan 15 console(config-if-vlan15)#ip dvmrp metric 5 show ip dvmrp Use the show ip dvmrp command to display the system-wide information for DVMRP. Syntax show ip dvmrp Default Configuration This command has no default condition. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays system-wide information for DVMRP.
Syntax show ip dvmrp interface vlan vlan-id • vlan-id — Valid VLAN ID. Default Configuration This command has no default condition. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays interface information for VLAN 11 DVMRP. console(config)#show ip dvmrp interface vlan 11 Interface Mode................................. Interface Metric...............................
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the neighbor information for DVMRP. console(config)#show ip dvmrp neighbor No neighbors available. show ip dvmrp nexthop Use the show ip dvmrp nexthop command to display the next hop information on outgoing interfaces for routing multicast datagrams.
-------------- -------------- --------- ------ show ip dvmrp prune Use the show ip dvmrp prune command to display the table that lists the router’s upstream prune information. Syntax show ip dvmrp prune Default Configuration This command has no default condition. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Default Configuration This command has no default. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the multicast routing information for DVMRP.
IGMP Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches The Dell Network N1500/N2000/N2100-ON/N2200-ON Series switches support limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. Internet Group Management Protocol (IGMP) is the multicast group membership discovery protocol used for IPv4 multicast groups. Three versions of IGMP exist. Versions one and two are widely deployed.
IGMPv3 is a major revision of the protocol and provides improved group membership latency. When a host joins a new multicast group on an interface, it immediately sends an unsolicited IGMP Report message for that group. IGMPv2 introduced a Leave Group message, which is sent by a host when it leaves a multicast group for which it was the last host to send an IGMP Report message.
Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets 10 as the number of VLAN 2 Group-Specific Queries.
Example The following example configures 2 seconds as the Maximum Response Time inserted in VLAN 15’s Group-Specific Queries. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp last-member-query-interval 20 ip igmp mroute-proxy This command configures downstream IGMP proxy on the selected VLAN interface associated with multicast hosts.
A multicast routing protocol (e.g. PIM) should be enabled whenever IGMP is enabled. L3 IP multicast must be enabled for IGMP to operate. Example The following example globally enables IGMP the IGMP proxy service on VLAN 1. console(config)#ip multicast-routing console(config)#interface vlan 1 console(config-if-vlan1)#ip igmp mroute-proxy ip igmp query-interval Use the ip igmp query-interval command in Interface Configuration mode to configure the query interval for the specified interface.
console(config-if-vlan15)#ip igmp query-interval 10 ip igmp query-max-response-time Use the ip igmp query-max-response-time command in Internet Configuration mode to configure the maximum response time interval for the specified interface. It is the maximum query response time advertised in IGMPv2 queries on this interface. The time interval is specified in seconds. Syntax ip igmp query-max-response-time seconds no ip igmp query-max-response-time • seconds — Maximum response time.
Syntax ip igmp robustness robustness no ip igmp robustness • robustness — Robustness variable. (Range: 1-255) Default Configuration The default robustness value is 2. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example configures a robustness value of 10 for VLAN 15.
Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets for VLAN 15 the number of queries sent out on startup at 10. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp startup-query-count 10 ip igmp startup-query-interval Use the ip igmp startup-query-interval command in Interface Configuration mode to set the interval between general queries sent at startup on the interface.
console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp startup-query-interval 10 ip igmp version Use the ip igmp version command in Interface Configuration mode to configure the version of IGMP for an interface. Syntax ip igmp version version • version — IGMP version. (Range: 1-3) Default Configuration The default version is 3. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays system-wide IGMP information. console#show ip igmp IGMP Admin Mode............................. Enabled IGMP Router-Alert check.....................
User Guidelines This command has no user guidelines. Example The following example displays the registered multicast groups for VLAN 3. console#show ip igmp groups vlan 3 detail Multicast IP Address --------------225.0.0.5 REGISTERED MULTICAST GROUP DETAILS Version1 Version2 Group Last Up Expiry Host Host Compat Reporter Time Time Timer Timer Mode ------------ ---------- --------- -------------- ----1.1.1.
console#show ip igmp interface vlan 11 Interface..................................... 11 IGMP Admin Mode............................... Enable Interface Mode................................ Enable IGMP Version.................................. 3 Query Interval (secs)......................... 125 Query Max Response Time (1/10 of a second).... 100 Robustness..................................... 2 Startup Query Interval (secs)................. 31 Startup Query Count............................
show ip igmp interface stats Use the show ip igmp interface stats command in User Exec mode to display the IGMP statistical information for the interface. The statistics are only displayed when the interface is enabled for IGMP. Syntax show ip igmp interface stats vlan vlan-id • vlan-id — Valid VLAN ID Default Configuration This command has no default configuration.
IGMP Proxy Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches IGMP Proxy is used by the router on IPv4 systems to enable the system to issue IGMP host messages on behalf of hosts that the system discovered through standard IGMP router interfaces, thus acting as proxy to all its hosts residing on its router interfaces. Dell EMC Networking supports IGMP Version 3, Version 2 and Version 1. Version 3 adds support for source filtering [SSM] is interoperable with Versions 1 and 2.
User Guidelines This command enables IGMP proxy on the VLAN interface. Use this command to enable sending of IGMP messages received on interfaces configured with the ip igmp mroute-proxy command to an attached multicast router. PIM and DVMRP are not compatible with IGMP proxy. Disable PIM/DVMRP before enabling IGMP proxy. Multicast routing must be enabled for the IGMP proxy service to become operationally enabled. This command enables IGMP/MLD.
Example The following example resets the host interface status parameters of the IGMP Proxy router. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp proxy-service reset-status ip igmp proxy-service unsolicit-rprt-interval Use the ip igmp proxy-service unsolicit-rprt-interval command in Interface Configuration mode to set the unsolicited report interval for the IGMP Proxy router. This command is valid only if IGMP Proxy on the interface is enabled.
Syntax show ip igmp proxy-service Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays a summary of the host interface status parameters. console#show ip igmp proxy-service Interface Index............................... vlan13 Admin Mode.................................... Enable Operational Mode....
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example fails to display status parameters because IGMP Proxy is not enabled. console#show ip igmp proxy-service interface Interface Index................................
User Guidelines This command has no user guidelines. Example The following example attempts to display a table of information about multicast groups that IGMP Proxy reported. console#show ip igmp proxy-service groups Interface Index................................ vlan13 Group Address Last Reporter Up Time Member State ------------- --------------- -----------------225.0.1.1 13.13.13.1 7 DELAY-MEMBER 225.0.1.2 13.13.13.
------------225.0.1.1 225.0.1.2 --------------13.13.13.1 13.13.13.
IP Helper/DHCP Relay Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000EON/N3100-ON/N3200-ON Series Switches The IP Helper feature provides the ability for a router to forward configured UDP broadcast packets to a particular IP address over a routed interface. This allows applications to reach servers on non-local subnets.
Table 6-1. UDP Destination Ports Protocol UDP Port Number IEN-116 Name Service 42 DNS 53 NetBIOS Name Server 137 NetBIOS Datagram Server 138 TACACS Server 49 Time Service 37 DHCP 67 Trivial File Transfer Protocol 69 ISAKAMP 500 Mobile IP 434 NTP 123 PIM Auto RP 496 RIP 520 Certain pre-existing DHCP relay options do not apply to relay of other protocols. The administrator may optionally set a DHCP maximum hop count or minimum wait time.
configuration for the destination UDP port. If so, the relay agent unicasts the packet to the configured server IP addresses. Otherwise the packet is not relayed. The relay agent only relays packets that meet the following conditions: • The destination MAC address must be the all-ones broadcast address (FF:FF:FF:FF:FF:FF). • The destination IP address must be the IPv4 broadcast address (255.255.255.255) or a directed broadcast address for the receiving interface.
Command Mode Global Configuration mode, Virtual Router Configuration mode. User Guidelines Enable DHCP Relay using the ip helper enable command. When in Virtual Router Configuration mode, this command operates within the context of the virtual router instance. When in Global Configuration mode, the command operates on the global router instance. Virtual Router Configuration mode is only available on the N3000ON/N3100-ON/N3200-ON switches. Example The following example defines a maximum hopcount of 6.
Command Mode Global Configuration mode, Virtual Router Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. When the BOOTP relay agent receives a BOOTREQUEST message, it might use the seconds-since-client- began-booting field of the request as a factor in deciding whether to relay the request or not. When in Virtual Router Configuration mode, this command operates within the context of the virtual router instance.
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. Example console#clear ip helper statistics ip dhcp relay information check Use the ip dhcp relay information check command to enable DHCP Relay to check that the relay agent information option in forwarded BOOTREPLY messages is valid. If an invalid message is received, the relay agent drops it.
Virtual Router Configuration mode is only available on the N3000ON/N3100-ON/N3200-ON switches. Example The following example enables relay information check globally: console(config)#ip dhcp relay information check ip dhcp relay information check-reply Use the ip dhcp relay information check-reply command to enable DHCP Relay to check that the relay agent information option in forwarded BOOTREPLY messages is valid. If an invalid message is received, the relay agent drops it.
Example The following example enables relay information check on the interface: console(config)#interface vlan 10 console(config-if-vlan10)#ip dhcp relay information check-reply ip dhcp relay information option Use the ip dhcp relay information option command in Global Configuration mode to globally enable insertion of the circuit ID option and remote agent ID mode for BootP/DHCP Relay on the system (also called option 82).
Example The following example enables the circuit ID and remote agent ID options. console(config)#ip dhcp relay information option ip dhcp relay information option-insert Use the ip dhcp relay information option-insert command in Interface Configuration mode to enable the circuit ID option and remote agent ID mode for BootP/DHCP Relay on the interface (also called option 82). Use the no form of the command to return the configuration to the default.
ip dhcp relay information option server-override Use the ip dhcp relay information option server-override command to enable sending sub-option 5 (link-election) and sub-option 11 (server override) in option 82. Syntax ip dhcp relay information option server-override no ip dhcp relay information option server-override Default Configuration Sending of sub-option 5 (link-selection) and sub-option 11 (server-override) is not enabled globally, nor or any interface.
Configuring the command globally enables server-override globally (on all routing interfaces). Any DHCP packet received from a DHCP Client will have sub-option 5 and sub-option 11 for option 82 added to the packet. When this command is issued in interface config mode, server-override is enabled for that interface only. Configure this option on the DHCPDISCOVER incoming interface, that is, the DHCP host facing interface. Refer to RFC 5107 DHCP Server Identifier Override Suboption for further information.
• IPv4-address—A valid, reachable IPv4 address on the switch. Default Configuration No DHCP Relay source interface is configured by default. Command Mode Global Configuration mode, Interface Configuration mode User Guidelines The ip dhcp relay source-interface command is used to specify an interface whose IP address is passed as relay agent IP address. When the command is used in global configuration mode, the source interface is set globally.
• dest-udp-port — A destination UDP port number from 1 to 65535. This parameter need not be configured for DHCP. It must be configured for all other protocols which are to be relayed. • port-name — The destination UDP port may be optionally specified by its name. Whether a port is specified by its number or its name has no effect on behavior.
console#config console(config)#ip helper-address 10.1.1.1 dhcp console(config)#ip helper-address 10.1.2.1 dhcp To relay UDP packets received on any interface for all default ports (see Table 6-1) to the server at 20.1.1.1, use the following commands: console#config console(config)#ip helper-address 20.1.1.1 Command History Description revised in 6.3.5 release.
netbios-dgm (port 138), netbios-ns (port 137), ntp (port 123), pim-autorp (port 496), rip (port 520), tacacs (port 49), tftp (port 69), and time (port 37). Other ports must be specified by number. Default Configuration No helper addresses are configured. Command Mode Interface Configuration (VLAN) mode.
This command takes precedence over an ip helper-address command given in global configuration mode. With the following configuration, the relay agent relays DHCP packets received on any interface other than VLAN 5 and VLAN 6 to 192.168.40.1, relays DHCP and DNS packets received on VLAN 5 to 192.168.40.2, relays SNMP traps (port 162) received on interface VLAN 6 to 192.168.23.1, and drops DHCP packets received on VLAN 6: console#config console(config)#ip helper-address 192.168.40.
This command replaces the bootpdhcprelay enable command, but affects not only relay of DHCP packets, but also relay of any other protocols for which an IP helper address has been configured. When in Virtual Router Configuration mode, this command operates within the context of the virtual router instance. When in Global Configuration mode, the command operates on the global router instance. Virtual Router Configuration mode is only available on the N3000ON/N3100-ON/N3200-ON switches.
The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. The following output is shown: Field Description Interface The relay configuration is applied to packets that arrive on this interface. This field is set to “any” for global IP helper entries. UDP Port The relay configuration is applied to packets whose destination UDP port is this port. Entries whose UDP port is identified as “any” are applied to packets with the destination UDP ports listed in Table 6-1.
• vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. • vlan-id—A valid VLAN identifier. Default Configuration The command has no default configuration. Command Mode User Exec and Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
Syntax show ip helper statistics [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
UDP client The number of valid UDP packets received. This count includes messages received DHCP messages and all other protocols relayed. Conditions are similar to those for the first statistic in this table. UDP client messages relayed The number of UDP packets relayed. This count includes DHCP messages relayed as well as all other protocols. The count is incremented for each server to which a packet is sent.
Packets with expired TTL....................... 0 Packets that matched a discard entry...........
IP Routing Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000EON/N3100-ON/N3200-ON Series Switches The Dell Network N1500/N2000/N2100-ON/N2200-ON series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. Dell EMC Networking routing provides the base Layer 3 support for Local Area Network (LAN) and Wide Area Network (WAN) environments.
The addition of a preference option has a side benefit. The preference option allows the operator to control the preference of individual static routes relative to routes learned from other sources (such as OSPF). When routes from different sources have the same preference, Dell EMC Networking routing prefers a static route over a dynamic route.
User Guidelines This command has no user guidelines. Example The following example applies SNAP encapsulation for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#encapsulation snap ip icmp echo-reply Use the ip icmp echo-reply command to enable or disable the generation of ICMP Echo Reply messages. Use the no form of this command to prevent the generation of ICMP Echo Replies.
ip icmp error-interval Use the ip icmp error-interval command to limit the rate at which IPv4 ICMP error messages are sent. The rate limit is configured as a token bucket with two configurable parameters: Burst-size and burst-interval. To disable ICMP rate limiting, set burst-interval to zero. Use the no form of this command to return burst-interval and burst-size to their default values.
ip load-sharing Use the ip load-sharing command to configure the hash algorithm for ECMP routes. Syntax ip load-sharing mode {inner|outer} no ip load-sharing • mode—Load sharing mode (range 1 to 6) The possible hashing modes are: 1 Source IP address. 2 Destination IP address. 3 Source and destination IP address. 4 Source IP address and source TCP/UDP port number. 5 Destination IP address and destination TCP/UDP port number.
Example In the following example, the load sharing mode is configured to use the destination IP addresses. This might be appropriate for distributing traffic destined to be a set of servers with different IP addresses but deploying identical services as determined by the destination port number. console(config)# ip load-sharing 2 ip netdirbcast Use the ip netdirbcast command in Interface Configuration mode to enable the forwarding of network-directed broadcasts.
Syntax ip policy route-map map-tag no ip policy route-map map-tag • map-tag—Name of the route map to use for policy based routing. It must match a map tag specified by the route-map command. Default Configuration No route maps are configured by default. Command Mode Interface Configuration (VLAN) mode User Guidelines Policy-based routing must be configured on the VLAN interface that receives the packets, not on the VLAN interface from which the packets are sent.
A route-map statement must contain at least one of the match and one of the set conditions specified above in order it to be eligible to be applied to hardware. If not, the route-map is not applied to hardware. An ACL referenced in a route-map may not be edited. Instead, create a new ACL with the desired changes and update the route-map with the edited ACL. Route-maps and DiffServ cannot operate on the same interface due to allocation of conflicting resources.
Command Mode Global Configuration mode, Virtual Router Configuration mode, Interface Configuration (VLAN) mode User Guidelines When in virtual router configuration mode, this command operates within the context of the virtual router instance. When in global config mode, the command operates on the global router instance. Virtual Router Configuration mode is only available on the N3000ON/N3100-ON/N3200-ON switches.
• nexthopip—The next-hop IPv4 address is specified in the argument nexthopip. Packets matching the destination route are forwarded to the next hop IP address. The next hop may be a numbered or unnumbered interface. • vlan-id—A configured VLAN routing interface identifier for a VRF or an IP unnumbered interface. If a VLAN routing interface for a VRF is specified, it imports the associated subnet into the default routing instance from the VRF associated with the VLAN.
Specifying the preference of a static route controls whether a static route is more or less preferred than routes from dynamic routing protocols. The preference also controls whether a static route is more or less preferred than other static routes to the same destination. This command creates a static route in a specified virtual router instance referred to by name ‘vrf-name’ by taking an optional vrf argument.
Command History Command updated in version 6.6 firmware. Examples Route Leaking Example 1 The following shows the configuration for VRF red-1 configured in VLAN 10. A static global route for the 172.16.0.0 with a next hop of 172.16.0.2 is injected into VRF red-1. configure vlan 10 exit ip vrf red-1 ip routing exit ip routing ip route vrf red-1 172.16.0.0 255.240.0.0 172.16.0.2 interface vlan 1 ip address 172.16.0.1 255.240.0.0 exit interface vlan 10 ip vrf forwarding red-1 ip address 192.168.0.1 255.255.
Subnet 8.0.0.0/24 is a directly connected subnetwork in VLAN 30 in virtual router Red. Subnet 66.6.6.x is reachable via VLAN 30 in vrf Red. The first ip route command below leaks the 66.6.6.x subnet from vrf Red into the default routing table. The second ip route command configures a gateway for the default routing table. The next ip route commands leak the 9.0.0.x route from the default route table into the virtual router Red. The last ip route command configures the 66.6.6.
S U - Unnumbered Peer, L - Leaked Route * Indicates the best (lowest metric) route for the subnet. Default Gateway is 9.0.0.2 S *0.0.0.0/0 [253/0] via 9.0.0.2, Vl10 C *9.0.0.0/24 [0/1] directly connected, L *66.6.6.0/24 [1/0] via 0.0.0.
Default Configuration Default value of preference is 1. Command Mode Global Configuration mode User Guidelines For routed management traffic: 1 Router entries are checked for applicable destinations. 2 The globally assigned default-gateway is consulted. If DHCP is enabled on multiple in-band interfaces and the system learns a different default gateway on each, the system retains the first default gateway it learns and ignores any others.
ip route distance Use the ip route distance command in Global Configuration mode to set the default distance (preference) for static routes. Lower route preference values are preferred when determining the best route. The ip route and ip route default commands allow optional setting of the distance of an individual static route. The default distance is used when no distance is specified in these commands.
This command is only available on the N3000-ON/N3100-ON/N3200-ON switches. Example The following example sets the default route metric to 80. console(config)#ip route distance 80 ip routing Use the ip routing command in Global Configuration mode to globally enable IPv4 routing on the router. To disable IPv4 routing globally, use the no form of the command. Syntax ip routing no ip routing Default Configuration Disabled is the default configuration.
Example The following example enables IPv4 routing for VLAN 15 console(config)#vlan 15 console(config-vlan15)#interface vlan 15 console(config-if-vlan15)#ip address 10.0.3.2 /8 console(config-if-vlan15)#exit console(config)#ip routing ip unnumbered This command is used to identify an interface as an unnumbered interface and specify the numbered interface providing the borrowed address. The numbered interface must be a loopback interface. To stop borrowing an address, use the no form of the command.
route will never be installed in the routing table because the next hop is not in a local subnet. If a static route is configured on R1 using R2’s IP address as next hop, the static route will be installed in the routing table. R1 will ARP for the next hop address. R2 will ignore the ARP Request because the source IP address is not in a local subnet. It is a misconfiguration to enable OSPF on both ends of an unnumbered interface without setting the OSPF network type to point-to-point.
User Guidelines IP unnumbered interfaces are supported in the default VRF only. The interface should be configured as able to borrow an IP address, i.e. a routing interface with no IP address. Normally, the static ARP entry is only installed if the IP address matches one of the local subnets. In case of unnumbered interfaces, static ARP entries created for the unnumbered-peer do not match any of the local subnets.
Example console(config-if-vlan10)#ip unreachables match ip address Use this command to specify IP address match criteria for a route map. Use the no form of this command to delete a match statement from a route map. Syntax match ip address access-list-name [access-list-name] no match ip address [access-list-name] • access-list-name—The access-list name that identifies the named IP ACLs. The name can be up to 31 characters in length.
• ACLs inherit the priority of the route map. This overrides the priority of the including access group. • Route maps do not have a implicit deny all at the end of the list. Instead, non-matching packets for a permit route map use the routing table. Example The example below creates two access lists (R1 and R2) and two route-maps with IP address match clauses and that associate the route-map to an interface. In the example, the ip policy route-map equal-access command is applied to interface VLAN 11.
console(config)#interface vlan 12 console(config-if-vlan12)#ip address 10.1.1.1 255.255.255.0 console(config-if-vlan12)#ip policy route-map equal-access console(config)#interface vlan 13 console(config-if-vlan13)#ip address 192.168.6.5 255.255.255.0 console(config)#interface vlan 16 console(config-if-vlan16)#ip address 172.16.7.6 255.255.255.
console(config)#access-list 2 permit every Request denied. Another application using this ACL restricts the number of rules allowed. console(config)#ip access-list madan console(config-ipv4-acl)#permit udp any any Request denied. Another application using this ACL restricts the number of rules allowed. match length Use this command to configure packet length matching criteria for a route map. Use the no form of this command to delete a match statement from a route map.
Example console(config-route-map)#match length 64 1500 match mac-list Use this command to configure MAC ACL match criteria for a route map. Use the no form of this command to delete the match statement from a route map. Syntax match mac-list mac-list-name [mac-list-name] no match mac-list [mac-list-name] • mac-list-name—The MAC ACL name that identifies the MAC ACLs. The name can be between 0 and 31 characters. Default Configuration There is no default configuration for this command.
Syntax route-map map-tag [permit | deny] [sequence-number] no route-map map-tag [permit | deny] [sequence-number] • map-tag—Text name of the route map. Route maps with the same name are grouped together in order of their sequence numbers. A route map name may be up to 32 characters long and comprised of any printable character except a question mark. Enclose the map-tag in quotes to embed blanks in the name. • permit—(Optional) Permit routes that match all of the match conditions in the route map.
The prefix list identifies the prefixes that may be redistributed. Route maps are ordered from lowest to greatest sequence number, with lower sequence numbers being considered first. If no sequence number is specified, the system assigns a value ten greater than the last statement in the route map. The range is 0 to 65,535. One use of a route map is to limit the redistribution of routes to a specified range of route prefixes. The redistribution command specifies a route map which refers to a prefix list.
Default Configuration There is no default configuration for this command. Command Mode Route Map mode User Guidelines A route-map statement used for policy based routing is configured as permit or deny. If the statement is marked as deny, traditional destination-based routing is performed on the packet meeting the match criteria. If the statement is marked as permit and the packet meets all the match criteria, the set clauses in the route-map statement are applied.
Default Configuration There is no default configuration for this command. Command Mode Route Map mode User Guidelines A packet is routed to the next hop specified by this command only if there is no active explicit route for the packet’s destination address in the routing table. A default route in the routing table is not considered an explicit route for an unknown destination address. Only one of set ip next-hop, set ip default next-hop, or set interface null0 may be specified in a route map.
Command Mode Route Map mode User Guidelines Use this route map clause to override active routes in the routing table. This command affects all matching packet types and is used if an active route for the next hop exists in the routing table. The next hop IP address must be associated with a directly connected subnet on the router. If no resolvable active interface is present in the route table, the packet is routed using the default routing table.
• 7—Sets the network control precedence. Default Configuration There is no default configuration for this command. Command Mode Route Map mode User Guidelines The set ip precedence clause may be combined with set ip next-hop or set ip default next-hop clause in a route map. Example console(config-route-map)#set ip precedence 5 show ip brief Use the show ip brief command to display all the summary information of the IP.
The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. Example The following example displays IP summary information. console#show ip brief Default Time to Live........................... Routing Mode................................... ICMP Rate Limit Interval....................... ICMP Rate Limit Burst Size..................... ICMP Echo Replies.............................. ICMP Redirect Mode............................. Maximum Next Hops..............................
The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. The Method field contains one of the following values. Field Description DHCP The address is leased from a DHCP server. Manual The address is manually configured. Command History Command output updated in version 6.6 firmware. Example console#show ip interface Default Gateway................................ 0.0.0.0 L3 MAC Address................................. 001E.C9DE.
ICMP Redirects................................. Interface Suppress Status...................... Interface Name................................. Unicast Reverse Path Forwarding Mode........... Unicast Reverse Path Forwarding Allow-Default.. Enabled Unsuppressed rt1_0_7 Strict False show ip policy Use the show ip policy command to display the route maps used for policy based routing on the router interfaces. Syntax show ip policy map-name • map-name—The name of a specific route map.
Syntax show ip protocols [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
Parameter Description Distance The default administrative distance (or route preference) for external, internal, and locally-originated BGP routes. The table that follows lists ranges of neighbor addresses that have been configured to override the default distance with a neighborspecific distance. If a neighbor’s address falls within one of these ranges, routes from that neighbor are assigned the configured distance.
Parameter Description Metric Type The metric type to advertise for redistributed routes of this type. Subnets Whether OSPF redistributes subnets of classful addresses, or only classful prefixes. Dist List A distribute list used to filter routes of this type. Only routes that pass the distribute list are redistributed. Number of Active Areas The number of OSPF areas with at least one interface running on this router. Also broken down by area type.
------172.20.0.0 172.21.0.0 -------0.0.255.255 0.0.255.255 -------40 45 -------None 1 Prefix List In............................ PfxList1 Prefix List Out........................... None Neighbors: 172.20.1.100 Filter List In........................ Filter List Out....................... Prefix List In........................ Prefix List Out....................... Route Map In.......................... Route Map Out......................... 172.20.5.1 Prefix List Out.......................
--------0/25 ---RIPv2 ---RIPv2 show ip route Use the show ip route command to display the current state of the routing table. The output of the command also displays the IPv4 address of the default gateway and the default route associated with the gateway. This command deprecates the show ip route connected command.
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. If the subnet mask is specified, then only routes with an exact match are displayed. For example: show ip route 192.168.2.
N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2 S U - Unnumbered Peer, L - Leaked Route, T - Truncated ECMP Route * Indicates the best (lowest metric) route for the subnet. C S U S U 3.0.0.0/24 [0/0] directly connected, Vl10 6.1.0.6/32 [0/0] via Vl20 6.2.0.6/32 [0/0] via Vl20 The following example shows an ECMP route with only one path. console#show ip route summary Connected Routes............................... Static Routes.................................. Kernel Routes.................
console#show ip route static Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static B - BGP Derived, E - Externally Derived, IA - OSPF Inter Area E1 - OSPF External Type 1, E2 - OSPF External Type 2 N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2 S U - Unnumbered Peer, L - Leaked Route No default gateway is configured. S 10.0.0.0/8 [1/0] via Vl10 S U 6.1.0.6/32 [0/0] via Vl20 S U 6.2.0.6/32 [0/0] via Vl20 The following example shows a tracked route.
Local.......................................... Static......................................... OSPF Intra-area routes......................... OSPF Inter-area routes......................... OSPF External routes........................... RIP............................................ BGP External................................... BGP Internal................................... BGP Local...................................... Configured Default Gateway..................... DHCP Default Gateway............
RIP Routes..................................... BGP Routes..................................... External..................................... Internal..................................... Local........................................ OSPF Routes.................................... Intra Area Routes............................ Inter Area Routes............................ External Type-1 Routes....................... External Type-2 Routes....................... Reject Routes.................................
• vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command displays statistics for the software IP stack, not the hardware routing information.
IcmpInErrors................................... IcmpInDestUnreachs............................. IcmpInTimeExcds................................ IcmpInParmProbs................................ IcmpInSrcQuenchs............................... IcmpInRedirects................................ IcmpInEchos.................................... IcmpInEchoReps................................. IcmpInTimestamps............................... IcmpInTimestampReps............................ IcmpInAddrMasks.................
Example The following example displays VLAN routing information. console#show ip vlan MAC Address used by Routing VLANs: 00:00:00:01:00:02 VLAN ID IP Address Subnet Mask ------- --------------- --------------10 0.0.0.0 0.0.0.0 20 0.0.0.0 0.0.0.0 show route-map Use this command to display the route maps. Syntax show route-map map-name Default Configuration This command has no default configuration.
console #show ip policy Interface ------------ Route-Map ----------------------------------------- console #show route-map simplest route-map simplest permit 10 Match clauses: ip address (access-lists) : 1 Set clauses: ip next-hop 3.3.3.3 ip precedence 3 Policy routing matches: 0 packets, 0 bytes route-map simplest permit 20 Match clauses: ip address (access-lists) : 1 Set clauses: ip default next-hop 4.4.4.
route-map simplest permit 10 Match clauses: ip address (access-lists) : 1 Set clauses: ip next-hop 3.3.3.3 ip precedence 3 Policy routing matches: 0 packets, 0 bytes route-map simplest permit 20 Match clauses: ip address (access-lists) : 1 Set clauses: ip default next-hop 4.4.4.
show routing heap summary Use the show routing heap summary command to display a summary of the memory allocation from the routing heap. The routing heap is a section of memory set aside when the system boots for use by the routing applications. Syntax show routing heap summary Default Configuration This command has no default setting. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The command displays the following information.
Memory Memory Memory In Use In Use................... 149598 bytes on Free List............. 78721 bytes Available in Heap........ 92365249 bytes High Water Mark..........
IPv6 Routing Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches The Dell Network N1500/N2000/N2100-ON/N2200-ON series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. The IPv6 version of the routing table manager provides a repository for IPv6 routes learned by dynamic routing protocols or static configuration.
User Guidelines This command has no user guidelines. Example The following example clears all entries in the IPv6 neighbor table. console(config)#clear ipv6 neighbors clear ipv6 statistics Use the clear ipv6 statistics command to clear IPv6 statistics for all interfaces or for a specific interface, including loopback and tunnel interfaces. IPv6 statistics display in the output of the show ipv6 traffic command.
ipv6 address Use the ipv6 address command in Interface Configuration mode to configure an IPv6 address on an interface (including VLAN, tunnel and loopback interfaces) and to enable IPv6 processing on this interface. Multiple globally reachable addresses can be assigned to an interface by using this command. There is no need to assign a link-local address by using this command since one is automatically created. IPv6 addresses can be expressed in eight blocks.
Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines Configuring a static link local address replaces any previously configured address, including the automatically generated address. Command History Command updated in version 6.6 firmware. Example The following example configures an IPv6 address and enables IPv6 processing.
Example The following example enables IPv6 routing, which has not been configured with an explicit IPv6 address. console(config)#vlan 15 console(config-vlan)#interface vlan 15 console(config-if-vlan15)#ipv6 enable ipv6 hop-limit Use the ipv6 hop-limit command to configure the hop limit used in IPv6 PDUs originated by the router. Use the no form of the command to return the hop limit to the default setting.
no ipv6 host name • name — Host name. • ipv6-address — IPv6 address of the host. Default Configuration No IPv6 hosts are defined. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example console(config)#ipv6 host Dell 2001::DB8:0 ipv6 icmp error-interval Use the icmp error-interval command to limit the rate at which ICMP error messages are sent. The rate limit is configured as a token bucket with two configurable parameters: Burst-size and burst interval.
The default burst-size is 100 messages. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 icmp error-interval 2000 20 ipv6 mld last-member-query-count The ipv6 mld last-member-query-count command sets the number of listener-specific queries sent before the router assumes that there are no local members on the interface. Use the “no” form of this command to set the last member query count to the default.
ipv6 mld last-member-query-interval The ipv6 mld last-member-query-interval command sets the last member query interval for the MLD interface, which is the value of the maximum response time parameter in the group-specific queries sent out of this interface. Use the “no” form of this command to set the last member query interval to the default.
Syntax ipv6 mld host-proxy [interface vlan-id] no ipv6 mld host-proxy [interface vlan-id] Default Configuration MLD Proxy is disabled by default. Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld host-proxy ipv6 mld host-proxy reset-status Use the ipv6 mld host-proxy reset-status command to reset the host interface status parameters of the MLD Proxy router.
Example console(config-if-vlan3)#ipv6 mld host-proxy reset-status ipv6 mld host-proxy unsolicit-rprt-interval Use the ipv6 mld host-proxy unsolicit-rprt-interval command to set the unsolicited report interval for the MLD Proxy router. This command is only valid when MLD Proxy is enabled on the interface. Use the “no” form of this command to reset the MLD Proxy router's unsolicited report interval to the default value.
Syntax ipv6 mld query-interval query-interval no ipv6 mld query-interval • query-interval — Query interval (Range: 1–3600). Default Configuration The default query interval is 125 seconds. Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld query-interval 130 ipv6 mld query-max-response-time The ipv6 mld query-max-response-time command sets MLD query maximum response time for the interface.
Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld query-max-response-time 4500 ipv6 nd dad attempts Use the ipv6 nd dad attempts command in Interface Configuration mode to set the number of duplicate address detection probes transmitted while doing neighbor discovery. Duplicate address detection verifies that an IPv6 address on an interface is unique.
ipv6 nd ra hop-limit unspecified Use the ipv6 nd ra hop-limit unspecified command to configure the hop limit sent in router alert messages. Use the no form of the command to send the default hop limit of 64. Syntax ipv6 nd ra hop-limit unspecified no ipv6 nd ra hop-limit unspecified Default Configuration The default TTL is 64.
Syntax ipv6 nd managed-config-flag no ipv6 nd managed-config-flag Default Configuration False is the default configuration. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example In the following example, the end node uses DHCPv6.
User Guidelines This command has no user guidelines. Example The following example sets the interval between router advertisements for advertised neighbor solicitations at 5000 ms. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd ns-interval 5000 ipv6 nd nud max-multicast-solicits Configures the maximum number of multicast neighbor solicitations sent during neighbor resolution or during NUD (neighbor unreachability detection).
Example console (config)#ipv6 nd nud max-multicast-solicits 5 ipv6 nd nud max-unicast-solicits Configures the maximum number of unicast neighbor solicitations sent during neighbor resolution or during NUD (neighbor unreachability detection). Use the no form of the command to reset the value to the default.
ipv6 nd nud retry This command configures the exponential backoff multiple to be used in the calculation of the next timeout value for Neighbor Solicitation transmission during NUD (neighbor unreachability detection) following the exponential backoff algorithm. Use the no form of the command to return the backoff multiple to the default. Syntax ipv6 nd nud retry backoff-multiple no ipv6 nd nud retry • backoff-multiple—The value ranges from 1 to 5.
exponential backoff timing for retransmissions, there is a higher probability that the cache entry is removed resulting in the disruption of the existing traffic. Another significant benefit of delayed neighbor solicitation retransmission is higher robustness against transient failures, such as spanning tree reconvergence and other layer 2 issues that can take many seconds to resolve.
Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example sets to true the “other stateful configuration” flag in router advertisements console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd other-config-flag ipv6 nd prefix Use the ipv6 nd prefix command to configure parameters associated with prefixes that the router advertises in its router advertisements.
Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines The router advertises its global IPv6 prefixes in its router advertisements (RAs). An RA only includes the prefixes of the IPv6 addresses configured on the interface where the RA is transmitted. Addresses are configured using the ipv6 address interface configuration command.
Command Mode Interface Configuration (Ethernet, port-channel) User Guidelines RA Guard drops all incoming IPv6 router advertisement and router redirect messages. RA Guard may be configured on L2 or L3 interfaces. Command History Introduced in version 6.2.0.1 firmware. Example The following example configures an unnamed RA Guard policy to drop all RA advertisements and router redirect messages on IPv6 routing enabled interface Gi1/0/1 (VLAN 10).
Default Configuration 600 is the default value for seconds. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines The minimum interval cannot be larger than 75% of the maximum interval. Example The following example sets the transmission interval between router advertisements at 1000 seconds.
User Guidelines This command has no user guidelines. Example The following example sets at 1000 seconds the value that is placed in the Router Lifetime field of the router advertisements. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd ra-lifetime 1000 ipv6 nd reachable-time Use the ipv6 nd reachable-time command in Interface Configuration mode to set the router advertisement time to consider a neighbor reachable after neighbor discovery confirmation.
console(config-if-vlan15)#ipv6 nd reachable-time 5000 ipv6 nd suppress-ra Use the ipv6 nd suppress-ra command in Interface Configuration mode to suppress router advertisement transmission on an interface. Syntax ipv6 nd suppress-ra no ipv6 nd suppress-ra Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines.
Default Configuration IPv6 ICMP redirects are enabled by default. Command Mode Interface VLAN Configuration mode User Guidelines In general, an IPv6 ICMP redirect is sent if: • The packet is not addressed to the router. • The packet will be forwarded over the interface on which it was received. • The router determines that a better first-hop resides on the same VLAN as the source of the packet.
no ipv6 route ipv6-prefix/prefix-length {next-hop-address | Null0 | vlan vlan-id | tunnel tunnel-id} [track ] no ipv6 route ipv6-prefix/prefix-length ipv6-address preference no ipv6 route ipv6-prefix/prefix-length interface-type ipv6-address no ipv6 route ipv6-prefix/prefix-length interface • ipv6-prefix—An IPv6 prefix representing the subnet that can be reached via the next-hop neighbor.
User Guidelines Enter a track track-number in the ipv6 route command to specify that the static route is installed in the routing table only if the configured SLA tracking object is up. When the track object is down, the route is removed from the Route Table. Only one tracking object can be associated with a static route at a time. Configuring a different tracking object replaces the previously configured tracking object.
Default Configuration Default value of integer is 1. Command Mode Global Configuration mode User Guidelines Lower route distance values are preferred when determining the best route. Example The following example sets the default distance to 80. console(config)#ipv6 route distance 80 ipv6 unicast-routing Use the ipv6 unicast-routing command in Global Configuration mode to enable forwarding of IPv6 unicast datagrams.
ipv6 unreachables Use the ipv6 unreachables command to enable the generation of ICMPv6 Destination Unreachable messages. Use the no form of this command to prevent the generation of ICMPv6 Destination Unreachable messages. Syntax ipv6 unreachables no ipv6 unreachables Default Configuration ICMPv6 Destination Unreachable messages are enabled by default. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command.
User Guidelines This command has no user guidelines. Example The following example displays the IPv6 status of forwarding mode and IPv6 unicast routing mode. console#show ipv6 brief IPv6 Unicast Routing Mode.................... IPv6 Hop Limit............................... ICMPv6 Rate Limit Error Interval............. ICMPv6 Rate Limit Burst Size.................
User Guidelines The Method field contains one of the following values. Field Description Auto The IPv6 address is automatically generated using IPv6 auto address configuration (RFC 2462). Config The IPv6 address is manually configured. DHCP The IPv6 address is leased from a DHCP server. TENT Tentative address. The long form of the command includes the same annotations and shows whether address autoconfiguration or DHCP client are enabled on the interface.
The following example displays the long form of the command, and indicates whether address autoconfiguration or DHCP client are enabled on the interface. When the interface acts as a host interface, the output also shows the default gateway on the interface, if one exists. console#show ipv6 interface vlan2 IPv6 is enabled IPv6 Prefix is ................................ FE80::211:88FF:FE2A:3E3C/128 2017::A42A:26DB:1049:43DD/128 [DHCP] Routing Mode...................................
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed as a table when vlan vlan-id is specified: Field Description Number of (*, G) entries Displays the number of groups present in the MLD Table. Number of (S, G) entries Displays the number of include and exclude mode sources present in the MLD Table. Group Address The address of the multicast group.
Compatibility Mode The compatibility mode of the multicast group on this interface. The values it can take are MLDv1 and MLDv2. Version 1 Host Timer The time remaining until the router assumes there are no longer any MLD version-1 Hosts on the specified interface. The following table is displayed to indicate all the sources associated with this group: Field Description Source Address The IP address of the source. Uptime Time elapsed in seconds since the source has been known.
Up Time (hh:mm:ss).......................... 00:04:23 Expiry Time (hh:mm:ss)........................ -----Group Address................................ FF1E::4 Interface..................................... vlan 6 Up Time (hh:mm:ss).......................... 00:04:23 Expiry Time (hh:mm:ss)........................ ------ show ipv6 mld interface The show ipv6 mld interface command is used to display MLD related information for an interface.
Query Interval This field indicates the configured query interval for the interface. Query Max Response Time This field indicates the configured maximum query response time (in seconds) advertised in MLD queries on this interface. Robustness This field displays the configured value for the tuning for the expected packet loss on a subnet attached to the interface. Startup Query Interval This value indicates the configured interval between General Queries sent by a Querier on startup.
Number of Groups The current number of membership entries for this interface. Example console#show ipv6 mld interface vlan 2 Interface................................... vlan 2 MLD Global Admin Mode....................... Enabled MLD Interface Admin Mode.................... Disabled MLD Operational Mode........................ Disabled MLD Version................................. 2 Query Interval (secs)....................... 100 Query Max Response Time(milli-secs)........ 1111 Robustness..................
Admin Mode Indicates whether MLD Proxy is enabled or disabled. This is a configured value. Operational Mode Indicates whether MLD Proxy is operationally enabled or disabled. This is a status parameter. Version The present MLD host version that is operational on the proxy interface. Number of Multicast Groups The number of multicast groups that are associated with the MLD-Proxy interface.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The following parameters are displayed by this command: Field Description Interface The MLD Proxy interface. Group Address The IP address of the multicast group.
show ipv6 mld host-proxy groups detail Use the show ipv6 mld host-proxy groups detail command to display information about multicast groups that MLD Proxy reported. Syntax show ipv6 mld host-proxy groups detail Default Configuration There is no default configuration for this command.
Group Source List The list of IP addresses of the sources attached to the multicast group. Expiry Time The time left for a source to get deleted. Example console#show ipv6 mld host-proxy groups Interface................................ vlan 10 Group Address Last Reporter Up Time Member State Filter Mode Sources ------------- ---------------- --------- ----------------- ------------- --FF1E::1 FE80::100:2.
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The following parameters are displayed only when MLD Proxy is enabled: Parameter Description Interface The MLD Proxy interface. The column headings of the table associated with the interface are as follows: Parameter Description Ver The MLD version. Query Rcvd Number of MLD queries received. Report Rcvd Number of MLD reports received. Report Sent Number of MLD reports sent.
Syntax show ipv6 mld traffic Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed: Field Description Valid MLD Packets Received The number of valid MLD packets received by the router. Valid MLD Packets Sent The number of valid MLD packets sent by the router. Queries Received The number of valid MLD queries received by the router.
Queries Received............................... Queries Sent................................... Reports Received............................... Reports Sent................................... Leaves Received................................ Leaves Sent.................................... Bad Checksum MLD Packets....................... Malformed MLD Packets..........................
console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#switchport access vlan 10 console(config-if-Gi1/0/1)#exit console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#ipv6 nd raguard attach-policy console(config-if-Gi1/0/1)#show ipv6 nd raguard policy Ipv6 RA-Guard Configured Interfaces Interface --------------Gi1/0/1 Role ------Host show ipv6 neighbors Use the show ipv6 neighbors command to display information about the IPv6 neighbors.
show ipv6 protocols Use the show ipv6 protocols command to display information about the configured IPv6 routing protocols Syntax show ipv6 protocols Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode, all Configuration submodes. User Guidelines There are no user guidelines for this command. Example console#show ipv6 protocols Routing Protocol .............................. BGP Router ID ................................
Neighbors: 2001::1 Filter List In ............................ 1 Filter List Out ........................... 1 Routing Protocol .............................. Router ID ..................................... OSPF Admin Mode ............................... Maximum Paths ................................. Routing for networks .......................... Distance ...................................... Default Route Advertise ....................... Always ........................................ Metric ..........
• preferences—Display the routing preferences. • static—Show static routes only. • summary—Show a summary of the route types. • vlan vlan-id—A VLAN identifier. • loopback loopback-id—A loopback identifier. • tunnel tunnel-id—A tunnel identifier. Default Configuration This command has no default configuration.
The following example shows a tracked route: console#show ipv6 route track-table ipv6 route 2001:B66::/32 4001::1 track 15 state is [up] show ipv6 route preferences Use the show ipv6 route preferences command to show the preference value associated with the type of route. Lower numbers have a greater preference. Syntax show ipv6 route preferences Default Configuration This command has no default configuration.
show ipv6 route summary Use the show ipv6 route summary command to display a summary of the routing table for all routes, including best and non-best routes. Use best to display the count summary for only best routes. Syntax show ipv6 route summary [best] • best — Displays the count summary for only best routes. Default Configuration This command has no default configuration.
Reject Routes.................................. 0 Total routes................................... 0 show ipv6 snooping counters Use this command to display the RA guard dropped packet counters. Syntax show ipv6 snooping counters [interface interface-id ] • interface-id—An interface identifier (Ethernet or port-channel). Default Configuration By default, no RA guard policies are applied to any interface.
Syntax show ipv6 traffic [vlan vlan-id | tunnel tunnel-id | loopback loopback-id] • vlan-id — Valid VLAN ID, shows information about traffic on a specific interface or, without the optional parameter, shows information about traffic on all interfaces. • tunnel-id — Tunnel identifier. (Range: 0-7) • loopback-id — Loopback identifier. (Range: 0-7) Default Configuration This command has no default configuration.
Datagrams Fragments Multicast Multicast Failed To Fragment....................... Created.................................. Datagrams Received....................... Datagrams Transmitted.................... 0 0 0 0 console> show ipv6 traffic vlan 11 Interface ........................................ 11 IPv6 STATISTICS Total Datagrams Received........................... 0 Received Datagrams Locally Delivered............... 0 Received Datagrams Discarded Due To Header Errors..
User Guidelines This command has no user guidelines. Example The following example displays IPv6 VLAN routing interface addresses. console#show ipv6 vlan MAC Address used by Routing VLANs: 00:02:BC:00:30:68 VLAN ID IPv6 Address/Prefix Length ------- --------------------------------------1 traceroute ipv6 Use the traceroute ipv6 command to determine the path and measure the transit delay to another device in the network. The transit delays are measured for each hop in the network.
• size—The packet size padding in bytes. (Range 0-39936, default 0). • source—Use the specified source IP address, loopback address, VLAN address, tunnel or out-of-band interface address in the transmitted packets. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec and User Exec modes User Guidelines Traceroute operates by sending a sequence of Internet Control Message Protocol (ICMP) echo request packets.
Loopback Interface Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000EON/N3100-ON/N3200-ON Series Switches Dell EMC Networking provides for the creation, deletion, and management of loopback interfaces. They are dynamic interfaces that are created and deleted by user configuration. A loopback interface is always expected to be up. As such, it provides a means to configure a stable IP address on the device which may be referred to by other switches in the network.
Example The following example enters the Interface Loopback 1 configuration mode. console(config)#interface loopback 1 console(config-if-loopback0)#ip address 192.168.22.1 255.255.255.255 console(config-if-loopback0)#exit console(config)#ex console#ping 192.168.22.1 Pinging 192.168.22.1 with 0 bytes of data: Reply Reply Reply Reply From From From From 192.168.22.1: 192.168.22.1: 192.168.22.1: 192.168.22.1: icmp_seq icmp_seq icmp_seq icmp_seq = = = = 0. 1. 2. 3.
1 loopback 1 0.0.0.0 0 0 console# show interfaces loopback 1 Interface Link Status.......................... Up IP Address..................................... 0.0.0.0 0.0.0.0 MTU size.......................................
IP Multicast Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches The Dell Network N1500/N2000/N2100-ON/N2200-ON Series switches support limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. The Dell EMC Networking multicast component is best suited for video and audio traffic requiring multicast packet control for optimal operation.
mandatory. Discovering the local domain-name server is the intended use of multicast messages on remote networks when there is less than one server per network. • Applications used for datacasting: Since multimedia transmission has become increasingly popular, multicast transmission use has increased. Multicast transmission may be used to efficiently accommodate this type of communication. For instance, the audio and video signals are captured, compressed and transmitted to a group of receiving stations.
Example The following example deletes all entries from the IP multicast routing table: console# clear ip mroute * The following example deletes from the IP multicast routing table all entries that match the given multicast group address (239.1.2.1), irrespective of which source is sending for this group: console# clear ip mroute 239.1.2.1 The following example deletes from the IP multicast routing table all entries that match the given multicast group address (239.1.2.
Example The following example adds an administrative scope multicast boundary. console(config)#interface vlan 15 console(config-if-vlan15)#ip multicast boundary 239.5.5.5 255.255.255.255 ip mroute Use the ip mroute command to create a static multicast route for a source range. Use the no form of this command to delete a static multicast route. Syntax ip mroute source-address mask rpf-address preference no ip mroute source-address mask • source-address — The IP address of the multicast data source.
ip multicast-routing Use the ip multicast-routing command in Global Configuration mode to set the administrative mode of the IP multicast forwarder in the router to active. It enables both IPv4 and IPv6 multicast routing. For multicast routing to become operational, IGMP must be currently enabled. Enabling PIM or DVMRP enables IGMP. Syntax ip multicast-routing no ip multicast-routing Default Configuration This command has no default configuration.
This command enables both IPv4 and IPv6 multicast routing. Multicast source data is flooded/forwarded by default in the VLAN on which it is received. For this reason, multi-access VLANs are not recommended for multicast routing interfaces. Example The following example enables IP multicast on the router. console#configure console(config)#ip multicast-routing Command History User Guidelines updated in release 6.3.5. User Guidelines updated in release 6.4 release.
Example The following example applies a ttlvalue of 5 to the VLAN 15 routing interface. console(config)#interface vlan 15 console(config-if-vlan15)#ip multicast ttl-threshold 5 ip pim Use the ip pim command in Interface (VLAN) Configuration mode to administratively configure PIM mode for IP multicast routing on a VLAN interface. Enabling or disabling PIM mode concurrently enables/disables IGMP. Use the no form of the command to disable PIM on the interface.
ip pim bsr-border The ip pim bsr-border command is used in Interface (VLAN) Configuration mode to administratively disable bootstrap router (BSR) messages on the interface. Use the no form of this command to return the configuration to the default. Syntax ip pim bsr-border no ip pim bsr-border Default Configuration BSR messages are enabled on the interface by default. Command Mode Interface (VLAN) Configuration mode User Guidelines This command only has an effect if sparse mode is enabled.
• hash-mask-length —Length of the BSR hash to be ANDed with the multicast group address. (Range 0–32 bits). Default 0. • bsr-priority—The advertised priority of the BSR candidate. Range 0-255. Default 0. • interval—(Optional) Indicates the RP candidate advertisement interval. The range is from 1 to 16383 seconds. The default value is 60 seconds. Default Configuration None - the router does not advertise itself as a BSR candidate.
User Guidelines Only one of sparse or dense mode can be configured on a router. IGMP is automatically enabled if PIM is enabled and disabled when PIM is disabled. ip multicast-routing may be operationally enabled or disabled by this command. PIM is not compatible with DVMRP. DVMRP must be disabled before enabling PIM.
Example console(if-vlan10)#ip pim dr-priority 32768 ip pim hello-interval The ip pim hello-interval command in Interface (VLAN) Configuration mode to administratively configure the frequency of PIM Hello messages on the specified interface. Use the no form of this command to return the configuration to the default. Syntax ip pim hello-interval interval no ip pim hello-interval • interval — The number of seconds between successive hello transmissions. Range: 0–18000 seconds. Default is 30.
Syntax ip pim join-prune-interval interval no ip pim join-prune-interval • interval — The number of seconds between successive join-prune transmissions. Range: 0–18000 seconds. Default is 60. Default Configuration The default join/prune interval is 60 seconds. Command Mode Interface (VLAN) Configuration mode User Guidelines This command only has an effect if sparse mode is enabled.
• override—A flag indicating that the static entry should override dynamically learned entries for the configured multicast group. Default Configuration None —no static multicast groups are configured for an RP. Command Mode Global Configuration mode User Guidelines A maximum of 32 multicast group ranges may be defined for each rendezvous point. The configured ranges may not overlap. Command History Updated guidelines in version 6.5 firmware. Example console(config)#ip pim rp-address 192.168.21.1 239.
• interval—(Optional) Indicates the RP candidate advertisement interval. The range is from 1 to 16383 seconds. The default value is 60 seconds. Default Configuration None - the router does not advertise itself as an RP candidate by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ip pim rp-candidate vlan 10 239.1.0.0 255.255.0.
IP multicast must be enabled for PIM to operate. ip multicast-routing is not disabled or enabled by this command. It is recommended that IGMP snooping be disabled if IP multicast is enabled unless specifically required. PIM is not compatible with DVMRP. DVMRP must be disabled before enabling PIM.
Example console(config)#ip pim ssm 239.0.10.0 255.255.255.0 show ip mfc Use the show ip mfc command to display the multicast forwarding cache. Syntax show ip mfc Default Configuration This command does not have a default configuration. Command Mode Privileged Exec mode, Global Config mode, all sub-modes. User Guidelines This command display both the IPv4 and IPv6 MFC entries. The following information is displayed. Field Description MFC IPv4 Mode Enabled when IPv4 multicast routing is operational.
MFC IPv4 Mode.................................. Disabled MFC IPv6 Mode.................................. Disabled MFC Entry Count................................ 0 Current multicast IPv4 protocol................ PIMSM Current multicast IPv6 protocol................ No protocol enabled. Total software forwarded packets...............
show ip pim boundary Use the show ip pim boundary command to display all the configured administrative scoped multicast boundaries. Syntax show ip pim boundary {vlan vlan-id | all} • vlan-id — Valid VLAN ID. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
• type number—Interface type and number for which to display IP multicast information. VLAN Vlan-ID is the only supported type and number. Default Configuration Show information for all multicast interfaces. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the multicast information for VLAN 15.
User Guidelines This command has no user guidelines. Example console#show ip mroute IP Multicast route table Expiry Up Time Source IP Group IP (mm:ss) (hh:mm:ss) RPF Neighbor Flags --------------- --------------- -------- ----------- --------------- ----192.168.0.11 239.0.5.7 3:03 15:54:12 192.168.0.
show ip mroute source Use the show ip mroute source command to display the multicast configuration settings such as flags, timer settings, incoming and outgoing interfaces, RPF neighboring routers, and expiration times of all the entries in the multicast mroute table containing the sourceipaddr or sourceipaddr | groupipaddr pair value(s). Syntax show ip mroute source sourceipaddr {summary} • sourceipaddr — IP address of source. Default Configuration This command has no default configuration.
• sourceipaddr — IP address of source. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the static routes configured in the static mcast table. console#show ip mroute static MULTICAST STATIC ROUTES Source IP Source Mask RPF Address Preference --------------- --------------- --------------- ---------1.1.1.
User Guidelines The following information is displayed: Field Description PIM Mode The routers that are enabled for PIM. Example console#show ip pim PIM Mode............................. None If no routers are enabled for PIM, the following message is displayed. None of the routing interfaces are enabled for PIM. show ip pim bsr-router The show ip pim bsr-router command displays information about a bootstrap router (BSR).
BSR address IP address of the BSR. BSR Priority The configured BSR priority. BSR Hash Mask Length The configured hash mask length (32 bits maximum). Next Bootstrap Message Time remaining (in hours, minutes, and seconds) until a in BSR message is sent. Next Candidate RP Advertisement Time remaining (in hours, minutes, and seconds) until the next RP advertisement is sent. Example console#show ip pim bsr-router BSR Address............................. 192.168.10.1 BSR Priority............................
Field Description Join-prune Interval Join-prune interval value DR Priority DR Priority configured on this interface BSR Border Whether or not this interface is configured as a BSR Border Neighbor Count Number of PIM Neighbors learned on this interface Designated-Router IP address of the elected DR on the interface Default Configuration There is no default configuration for this command.
show ip pim neighbor Use the show ip pim neighbor command in User Exec or Privileged Exec modes to display PIM neighbors discovered by PIMv2 Hello messages. If the interface number is not specified, this command displays the neighbors discovered on all the PIM-enabled interfaces. Syntax show ip pim neighbor [vlan vlan-id] • vlan-id — A valid VLAN ID for which multicast routing has been enabled. Default Configuration This command has no default configuration.
--------------- --------192.168.10.2 VLAN0001 192.168.20.2 VLAN0010 ----------- ----------00:02:55 00:01:15 00:03:50 00:02:10 If no neighbors are learned on any of the interfaces, the following message is displayed. No neighbors are learned on any interface. show ip pim rp-hash The show ip pim rp-hash command displays the rendezvous point (RP) selected for the specified group address. Syntax show ip pim rp-hash group-address • group-address — A valid multicast address supported by RP.
show ip pim rp mapping The show ip pim rp mapping command is used in User Exec and Privileged Exec modes to display the mappings for the PIM group to the active rendezvous points. Syntax show ip pim rp mapping [rp-address |candidate|static] rp-address — An RP address. Default configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed.
No RP-Group mappings exist on this router. If no static RP Group mapping exists on the router, the following message is displayed: No Static RP-Group mappings exist on this router. show ip pim statistics Use the show ip pim statistics command to display the count of PIM sparse mode received control packets per VLAN. Syntax show ip pim statistics [vlan vlan-id] vlan-id — The VLAN for which PIM sparse mode statistics are displayed. Default configuration There is no default configuration for this command.
Field Description Assert Number of PIM Assert messages CRP Number of PIM Candidate RP Advertisement messages.
IPv6 Multicast Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches The Dell Network N1500/N2000/N2100-ON/N2200-ON Series switches support limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. clear ipv6 mroute This command is used to selectively clear dynamic IPv6 multicast entries from the cache.
Example The following example deletes all entries from the IPv6 multicast routing table: console# clear ipv6 mroute * The following example deletes from the IPv6 multicast routing table all entries that match the given multicast group address (FF4E::1), irrespective of which source is sending for this group: console# clear ipv6 mroute FF4E::1 The following example deletes from the IPv6 multicast routing table all entries that match the given multicast group address (FF4E::1) and the multicast source addre
Example console(config-if-vlan3)#ipv6 pim ipv6 pim bsr-border Use the ipv6 pim bsr-border command to prevent bootstrap router (BSR) messages from being sent or received through an interface. Use the no form of this command to disable the interface from being the BSR border. Syntax ipv6 pim bsr-border no ipv6 pim bsr-border Default Configuration BSR-border is disabled by default. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command.
• hash-mask-len — The length of a mask that is to be ANDed with the group address before the hash function is called. All groups with the same seed hash correspond to the same RP. For example, if this value is 24, only the first 24 bits of the group addresses matter. This allows you to get one RP for multiple groups. (Range 0–128 bits). • priority — The priority of the candidate BSR. The BSR with the higher priority is preferred.
no ipv6 pim Default Configuration PIM dense mode is disabled by default. Command Mode Global Configuration mode User Guidelines Only one of sparse or dense mode can be configured on a router. DVMRP must be disabled before enabling PIM. Example console(config)#ipv6 pim dense ipv6 pim dr-priority Use the ipv6 pim dr-priority command to set the priority value for which a router is elected as the designated router (DR). Use the no form of this command to set the priority to the default.
Example console(config-if-vlan3)#ipv6 pim dr-priority 10 ipv6 pim hello-interval Use the ipv6 pim hello-interval command to configure the PIM-SM Hello Interval for the specified interface. Use the no form of this command to set the hello interval to the default. Syntax ipv6 pim hello-interval interval no ipv6 pim hello-interval • interval — The hello interval (Range: 0–18000 seconds). Default Configuration The default hello interval is 30 seconds.
Default Configuration The default join/prune interval is 60 seconds. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 pim join-prune-interval 90 ipv6 pim register-threshold Use the ipv6 pim register-threshold command to configure the Register Threshold rate for the RP router to switch to the shortest path. Use the no form of this command to set the register threshold rate to the default.
ipv6 pim rp-address Use the ipv6 pim rp-address command to statically configure the RP address for one or more multicast groups. The optional keyword override indicates that if there is a conflict, the RP configured with this command prevails over the RP learned by BSR. Use the no form of this command to remove the RP address for one or more multicast groups.
Syntax ipv6 pim rp-candidate vlan vlan-id group-address/prefixlength [interval c_rp_interval ] no ipv6 pim rp-candidate vlan vlan-id • vlan-id — A valid VLAN ID value. • group-address — The group address to display. • prefixlength — This parameter specifies the prefix length of the IP address for the media gateway. (Range: 1–128) • c_rp_interval—The Candidate RP advertisement interval (range 1-16383 seconds, default 60 seconds).
Default Configuration IPv6 PIM sparse mode is disabled by default. Command Mode Global Configuration mode User Guidelines Only one of sparse or dense mode can be configured on a router. DVMRP must be disabled before enabling PIM. Example console(config)#ipv6 pim sparse-mode ipv6 pim ssm Use the ipv6 pim ssm command to define the Source Specific Multicast (SSM) range of multicast addresses.
Example console(config)#ipv6 pim ssm ff1e::/64 show ipv6 pim Use the show ipv6 pim command to display global status of IPv6 PIMSM and its IPv6 routing interfaces. Syntax show ipv6 pim Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console(config)#show ipv6 pim PIM Mode.......................................
• candidate—Show the IPv6 PIM candidate bootstrap router information. • elected—Show the IPv6 elected PIM bootstrap router information. Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines Field descriptions are shown in the following table.
show ipv6 mroute Use the show ipv6 mroute command to display a summary or all the details of the multicast table. Syntax show ipv6 mroute [group groupip [summary] | source sourceip [summary] | static summary] • group—Show the multicast route information for the specified multicast group. • source—Show the multicast route information for the specified multicast source. • static—Show the multicast route information for the specified static multicast group. • summary—Summarize the information.
Multicast Route Table Summary Source IP Group IP Protocol IIF OIF Expiry --------------- --------------- -------- --------- --------- ------* FF43::5 PIMSM Vl11 Vl13 2001::5 FF43::5 PIMSM Vl12 Vl11 Vl13 console#show ipv6 mroute source 2001::5 ? | summary Press enter to execute the command. Output filter options. Display the IPV6 multicast routing table summary.
Source IP Group IP Protocol IIF OIF Expiry --------------- --------------- -------- --------- --------- ------* FF43::5 PIMSM Vl11 Vl13 2001::5 FF43::5 PIMSM Vl12 Vl11 Vl13 show ipv6 mroute group Use the show ipv6 mroute group command to display the multicast configuration settings such as flags, timer settings, incoming and outgoing interfaces, RPF neighboring routers, and expiration times of all the entries in the multicast mroute table containing the groupipaddr value.
* 2001::5 FF43::5 FF43::5 00:00 02:54 00:01:00 00:00:35 :: 2001::5 RPT SPT console#show ipv6 mroute group FF43::5 summary Multicast Route Table Summary Source IP Group IP Protocol IIF OIF Expiry --------------- --------------- -------- --------- --------- -----* FF43::5 PIMSM Vl11 Vl13 2001::5 FF43::5 PIMSM Vl12 Vl11 Vl13 show ipv6 mroute source Use the show ipv6 mroute source command to display the multicast configuration settings such as flags, timer settings, incoming and outgoing interfaces, RPF
| summary Press enter to execute the command. Output filter options. Display the IPV6 multicast routing table summary.
Example console#show ipv6 pim interface vlan 6 Slot/Port...................................... IP Address..................................... Hello Interval (secs).......................... Join Prune Interval (secs)..................... Neighbor Count................................. Designated Router.............................. DR Priority.................................... BSR Border.....................................
show ipv6 pim rp-hash Use the show ipv6 pim rp-hash command to display which rendezvous point (RP) is being selected for a specified group. Syntax show ipv6 pim rp-hash group-address group-address — Group IP address supported by RP. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
• static—Show static rendezvous point mappings. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show ipv6 pim rp mapping Group Address.................................. RP Address..................................... origin......................................... Group Address................................
User Guidelines This command only displays output if pim sparse-mode is enabled. The following counters are displayed in the output. Field Description Stat Rx: Packets received. Tx: Packets transmitted. Interface The PIM enabled routing interface. Hello Number of PIM Hello messages. Register Number of PIM Register messages. Reg-Stop Number of PIM Register-Stop messages. Join/Pru Number of PIM Join/Prune messages. BSR Number of PIM Boot Strap messages. Assert Number of PIM Assert messages.
===================================================================== Vl10 Rx 0 0 0 0 0 0 0 Tx 2 0 0 0 0 0 0 Invalid Packets Received - 0 --------------------------------------------------------------------- Layer 3 Routing Commands 1653
IP Service Level Agreement Commands Dell EMC Networking N2000E/N2100E-ON/N2200-ON/N3000-ON Series Switches The IP service-level agreement (SLA) feature allows users to monitor network performance between routers or from a router to a remote IP device. N2000/N2100-ON/N2200-ON/N3000E-ON Series supports the following measurement capabilities: • Remote IP reachability tracking. • Round-trip-time threshold monitoring These metrics are collected by measuring ICMP response time and connectivity.
User Guidelines Start configuring an IP SLA operation by using the ip sla command. This command specifies an identification number for the operation. Once this command is entered, the router enters IP SLA configuration mode. At a minimum, an SLA consists of an operation, a tracking object and one or more routes. Routes are associated with a tracking object which is mapped to an operation. Operations may be scheduled.
ip sla schedule Use the ip sla schedule command to start an IP SLA. Use the no form of the command to stop an IP SLA operation. Syntax ip sla schedule operation-number no ip sla schedule operation-number • operation-number—The number used to identify an IP SLA operation. The range is 1 to 128. Default Configuration By default, there are no operations configured.
After an IP SLA has been scheduled, the configuration may not be modified. To modify the configuration of the operation, first stop the operation by using the no ip schedule command and then modify the configuration. Alternatively, delete the IP SLAs operation (using the no ip sla command) and then reconfigure the operation with the new operation parameters. Command History Command introduced in version 6.6 firmware.
Default Configuration By default, there are no tracking objects configured. The default tracking type is reachability. Command Mode Global Configuration mode User Guidelines An operation return-code value is maintained by every IP SLA operation. This return code is interpreted by the associated tracking object. The return code may return OK, OverThreshold, or Timeout. Two facets of an IP SLAs operation can be tracked: reachability and state.
console(config)# track 2 ip sla 5 state In the following example, the tracking process is configured to track the reachability of IP SLAs operation 6: console(config)# track 3 ip sla 6 reachability delay Use the delay command to configure a delay for acting upon tracking object reachability state changes. Use the no form of the command to return the delay time to the default.
Example In the following example, SLA 55 is created with an ICMP echo to 172.16.1.175 and then scheduled. Tracking object 10 is created using the default reachability test and is associated with IP SLAs operation 55 and then an up delay of 5 seconds and a down delay of 3 seconds is configured: console(config)#ip sla 55 console(config-ip-sla)#icmp-echo 172.16.1.
The type of IP operation (ICMP echo) must be configured before any other operational parameter. To change the operation values (destination-ipaddress or source-interface-name) of an existing scheduled IP SLAs ICMP echo operation, stop the IP SLA operation using the no ip sla schedule operation-number or delete the IP SLA operation (using the no ip sla global configuration command) and then reconfigure the operation with the desired values.
no frequency • seconds —Number of seconds between the IP SLAs operations. The range is 1 to 3600. Default Configuration The default is 60 seconds. Command Mode IP SLA ICMP Echo Configuration mode (config-ip-sla-echo). User Guidelines The IP SLA operation will repeat at a given frequency for the lifetime of the operation. For example, the ICMP Echo operation with a frequency of 60 sends an ICMP Echo Request packet once every 60 seconds for the lifetime of the operation.
Example The following example shows how to configure an IP SLAs ICMP echo operation (operation 11) to repeat every 80 seconds. This example shows the frequency (IP SLA) command being used in an IPv4 network in ICMP echo configuration mode within IP SLA configuration mode. console(config)#ip sla 11 console(config-ip-sla)#icmp-echo 152.15.10.
The recommended guidelines for configuring the frequency, timeout and threshold commands of the IP SLAs ICMP Echo operation are: (frequency seconds) > (timeout milliseconds) > (threshold milliseconds) This command is supported in IPv4 networks and also for IPv6 networks where IPv6 addresses are supported. Command History Command introduced in version 6.6 firmware.
User Guidelines The value specified for this command must not be greater than the value specified for the timeout command. The threshold value configured by this command is used only to calculate network monitoring statistics created by an IP SLA’s operation. For the IP SLA’s ICMP Echo operation, the threshold (IP SLA) command sets the upper threshold value for the round-trip time (RTT) measurement.
Default Configuration By default, IP SLA operations occur in the Default VRF. Command Mode IP SLA ICMP Echo Configuration mode (config-ip-sla-echo). User Guidelines This command identifies the VPN for the operation being configured. The vrf (IP SLA) command is supported only for IPv4 networks. This command is not supported in IPv6 networks to configure an IP SLAs operation that supports IPv6 addresses. Command History Command introduced in version 6.6 firmware.
clear ip sla statistics Use the clear ip sla statistics command to clear IP SLA statistical information for a given IP SLA operation or for all IP SLAs. Syntax clear ip sla statistics [operation-number] • operation-number—(Optional) IP SLA number of a specific operation whose statistics need to be cleared. Default Configuration By default, IP SLA operation statistics are cleared. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines.
• operation-number—(Optional) IP SLA number of a specific operation associated with the statistics to display. Default Configuration By default, IP SLA operation configurations are shown. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all submodes User Guidelines This command has no user guidelines. Command History Command introduced in version 6.6 firmware. Example IP SLAs Internet Control Message Protocol (ICMP) echo operations support both IPv4 and IPv6 addresses.
Entry number: 3 Type of operation: echo Target address/Source address: 2001:DB8:100::1/2001:0DB8:200::FFFE Operation timeout (milliseconds): 5000 Vrf Name: Schedule: Next Scheduled Start Time: Pending Trigger Operation frequency (seconds): 60 Life: Forever Threshold (milliseconds): 5000 show ip sla statistics Use the show ip sla statistics command to see the statistics and the current operational status of a specified IP SLA operation or of all operations.
Example console# show ip sla statistics details Round Trip Time (RTT) for Index 1 Type of operation: icmp-echo Latest RTT: 1 ms Latest operation start time: 47 milliseconds Latest operation return code: OK Over thresholds occurred: FALSE Number of successes: 14 Number of failures: 0 Operation time to live: Forever Operational state of entry: Active show track Use the show track to display detailed information for all tracking objects or for a specific track-object.
User Guidelines The show track brief command shows limited information in a tabular format. The other invocations of the command display more detailed information. Command History Command introduced in version 6.6 firmware. Example The example below shows detailed information for all track objects.
Latest RTT (millisecs) 1500 The example below shows brief information for all track objects associated with IP SLA operation 1. console#show track ip sla 1 Track 10 13 Object ip sla ip sla 1 1 Parameter reachability state Value Last Change Up 01:12:36 Up 00:34:08 The example below shows brief information for all track objects.
OSPF Commands Dell EMC Networking N2000/N2100-ON/N2200-ON/N3000EON/N3100-ON/N3200-ON Series Switches The Dell Network N1500/N2000/N2100-ON/N2200-ON series support limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. OSPF is a link-state protocol. Dell EMC Networking OSPF supports variablelength subnet masks. Dell EMC Networking OSPF only operates over VLAN interfaces. OSPF operates within a hierarchy.
The Dell EMC Networking routing OSPF NSSA feature supports RFC 3101, The OSPF Not-So-Stubby Area (NSSA) Option.
• Configured Statically: If an operator configures multiple static routes to the exact same destination but with different next hops, those routes are treated as a single route with two next hops. • Learned Dynamically: Routing protocols can learn ECMP routes. For example, if OSPF is configured on both links connecting Router A to Router B with interface addresses 10.1.1.2 and 10.1.2.2 respectively, and Router B advertises its connection to 20.0.0.0/ 8, then Router A computes an OSPF route to 20.0.0.
Passive Interfaces The passive interface feature is used to disable sending OSPF routing updates on an interface. An OSPF adjacency will not be formed on such an interface. On a passive interface, subnet prefixes for IP addresses configured on the interface will continue to be advertised as stub networks. Graceful Restart The Dell EMC Networking implementation of OSPFv2 supports graceful restart as specified in RFC 3623.
Default Configuration 10 is the default configuration for integer. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example identifies a stub area of 10 and default cost of 100. console(config)#router ospf console(config-router)#area 10 default-cost 100 area nssa (Router OSPF) Use the area nssa command in Router OSPF Configuration mode to configure the specified area ID to function as an NSSA.
– • • A metric type of nssa-external 2 (default) role—The translator role where role is one of the following: – always - The router assumes the role of the translator when it becomes a border router. – candidate - The router to participate in the translator election process when it attains border router status. interval—The period of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router.
area nssa default-info-originate (Router OSPF Config) Use the area nssa default-info-originate command in Router OSPF Configuration mode to configure the metric value and type for the default route advertised into the NSSA. The metric type can be comparable (nssaexternal 1) or noncomparable (nssa-external 2). Use the no form of the command to return the metric value and type to the default value.
area nssa no-redistribute Use the area nssa no-redistribute command in Router OSPF Configuration mode to configure the NSSA Area Border router (ABR) so that learned external routes are not redistributed to the NSSA. Syntax area area-id nssa no-redistribute no area area-id nssa no-redistribute • area-id — Identifies the OSPF NSSA to configure. (Range: IP address or decimal from 0–4294967295) Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode.
Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the NSSA so that summary LSAs are not advertised into the NSSA. console(config-router)#area 20 nssa no-summary area nssa translator-role Use the area nssa translator-role command in Router OSPF Configuration mode to configure the translator role of the NSSA.
User Guidelines This command has no user guidelines. Example The following example configures the translator role of the NSSA. console(config-router)#area 20 nssa translator-role always area nssa translator-stab-intv Use the area nssa translator-stab-intv command in Router OSPF Configuration mode to configure the translator stability interval of the NSSA. Syntax area area-id nssa translator-stab-intv integer no area area-id nssa translator-stab-intv • area-id — Identifies the OSPF NSSA to configure.
area range (Router OSPF) Use the area range command in Router OSPF Configuration mode to configure a summary prefix that an area border router advertises for a specific area. There are two types of area ranges. An area range can be configured to summarize intra-area routes. An ABR advertises the range rather than the specific intra-area route as a type 3 summary LSA. Also, an area range can be configured at the edge of an NSSA to summarize external routes reachable within the NSSA.
type 3 summary LSA is not advertised, but contained networks are suppressed. This behavior is equivalent to specifying the not-advertise option. If the range is configured for type 7 to type 5 translation, a type 5 LSA is sent if the metric is set to 16,777,215; however, other routers will not compute a route from a type 5 LSA with this metric. Default Configuration No area ranges are configured by default. No cost is configured by default.
If the user tries to configure both types of ranges for the same prefix and area: A T3 range with the same prefix is already configured on this area. If the network mask is invalid: console (config-router)#area 1 range 0.0.0.0 0.0.0.0 summarylink An area range mask must have contiguous ones and be no longer than 31 bits. If the prefix is not a valid area range prefix: console (config-router)#area 1 range 0.0.0.0 255.0.0.0 summarylink Cannot create this area range because it represents a default route.
External LSAs and Summary LSAs can significantly reduce the link state database of routers within the stub area. Use the no form of the command to remove the stub area. Syntax area area-id stub no area area-id stub • area-id — Identifies the area identifier of the OSPF stub. (Range: IP address or decimal from 0–4294967295) Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode.
no area area-id stub no-summary • area-id — Identifies the OSPF area to configure. (Range: IP address or decimal from 0–4294967295) Default Configuration Disabled is the default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command creates a totally stubby area when used in conjunction with the area stub command. Example The following example prevents the Summary LSA from being advertised into the area 3 NSSA. Area 3 will be configured as a totally stubby area.
no area area-id virtual-link router-id [authentication [message-digest | null]] [hello-interval] [retransmit-interval] [transmit-delay] [dead-interval] [[authentication-key] | [message-digest-key]] • area-id—Identifies the OSPF stub area to configure. (Range: IP address or decimal from 0-4294967295) • router-id—Valid IP address. • authentication—Specifies authentication type. • message-digest —Specifies that message-digest authentication is used. • null—No authentication is used.
Parameter Default hello-interval seconds 10 seconds retransmit-interval seconds 5 seconds transmit-delay seconds 1 second dead-interval seconds 40 seconds authentication-key key No key is predefined. message-digest-key key-id md5 key No key is predefined. Command Mode Router OSPF Configuration mode. User Guidelines Unauthenticated interfaces cannot be configured with an authentication key. Use the area virtual-link authentication command to enable configuration of an authentication key.
area virtual-link authentication Use the area virtual-link authentication command in Router OSPF Configuration mode to configure the authentication type and key for the OSPF virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the authentication type to the default value.
console(config-router)#area 10 virtual-link 192.168.2.7 authentication console(config-router)#area 10 virtual-link 192.168.2.7 authentication encrypt test123 1001010 area virtual-link dead-interval Use the area virtual-link dead-interval command in Router OSPF Configuration mode to configure the dead interval for the OSPF virtual interface on the virtual interface identified by area-id and neighbor router. Use the no form of the command to return the dead interval to the default value.
area virtual-link hello-interval Use the area virtual-link hello-interval command in Router OSPF Configuration mode to configure the hello interval for the OSPF virtual interface on the virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the hello interval to the default value. Syntax area area-id virtual-link neighbor-id hello-interval seconds no area area-id virtual-link neighbor-id hello-interval • area-id — Identifies the OSPF area to configure.
area virtual-link retransmit-interval Use the area virtual-link retransmit-interval command in Router OSPF Configuration mode to configure the retransmit interval for the OSPF virtual interface on the virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the retransmit interval to the default value.
area virtual-link transmit-delay Use the area virtual-link transmit-delay command in Router OSPF Configuration mode to configure the transmit delay for the OSPF virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the transmit delay to the default value. Syntax area area-id virtual-link neighbor-id transmit-delay seconds no area area-id virtual-link neighbor-id transmit-delay • area-id — Identifies the OSPF area to configure.
bandwidth is defined by the “bandwidth” command. Because the default reference bandwidth is 100 Mbps, OSPF uses the same default link cost for all interfaces whose bandwidth is 100 Mbps or greater. To change the reference bandwidth, use the auto-cost command, specifying the reference bandwidth in megabits per second. The different reference bandwidth can be independently configured for OSPFv2 and OSPFv3.
Syntax bandwidth bw • bw — Interface bandwidth in Kbps (Range: 1–10000000). Default Configuration The default reference bandwidth is 10 Mbps Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example The following example configures the interface bandwidth to 500000 Kbps. console(config-if-vlan1)#bandwidth 500000 bfd Use the bfd command to enable processing of BFD events by OSPF on all interfaces enabled for BFD.
User Guidelines BFD processing notifies OSPF of layer 3 connectivity issues with the peer. The interface must be a VLAN interface enabled for routing. BFD event notification must also be enabled in VLAN interface mode in order for processing of BFD events to occur. Command History Introduced in version 6.3.0.1 firmware. Example The following example console#configure console(config)#ip routing console(config)#interface vlan 3 console(config-if-vlan3)#ip address 192.168.0.
User Guidelines There are no user guidelines for this command. Example console(config-router)#capability opaque clear ip ospf Use the clear ip ospf command to reset specific OSPF states. If no parameters are specified, OSPF is disabled and then re-enabled. Syntax clear ip ospf [{configuration | redistribution | counters | neighbor [interface vlan vlan id [neighbor id]]}] [vrf vrf-name] • configuration — Reset the OSPF configuration to factory defaults.
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. Example The following example shows the options for the clear ip ospf command. console#clear ip ospf ? Press enter to execute the command.
compatible rfc1583 Use the compatible rfc1583 command in Router OSPF Configuration mode to enable OSPF 1583 compatibility. Use the no form of the command to disable it. Syntax compatible rfc1583 no compatible rfc1583 Syntax Description This command has no arguments or keywords. Default Configuration Compatible with RFC 1583. Command Mode Router OSPF Configuration mode.
Syntax default-information originate [always] [metric metric-value] [metric-type type-value] no default-information originate [metric] [metric-type] • always—Always advertise default routes. • metric-value—The metric (or preference) value of the default route. (Range: 1–16777214) • type-value—One of the following: 1 External type-1 route. 2 External type-2 route. Default Configuration The default configuration is no default-information originate. The default metric is none and the default type is 2.
default-metric Use the default-metric command in Router OSPF Configuration mode to set a default for the metric of distributed routes. Use the no form of the command to remove the metric from the distributed routes. If the area has not been previously created, it is created by this command. If the area already exists, the default-metric information is added or modified. Syntax default-metric metric-value no default-metric • metric-value — The metric (or preference) value of the default route.
Syntax distance ospf {[intra-area dist1] [inter-area dist2] [external dist3]} no distance ospf {intra-area | inter-area | external} • intra-area dist1—Used to select the best path within an area when there are two or more routes to the same destination from two different routing protocols (Range: 1–255). • inter-area dist2—Used to select the best path from one area to another area when there are two or more routes to the same destination from two different routing protocols (Range: 1–255).
Syntax distribute-list name out {bgp | rip | static | connected} no distribute-list name out {bgp | rip | static | connected} • name—The name used to identify an existing ACL. The range is 1–31 characters. • bgp—Apply the specified access list when BGP is the source protocol. • rip—Apply the specified access list when RIP is the source protocol. • static—Apply the specified access list when packets come through the static route.
Syntax enable no enable Default Configuration Enabled is the default configuration. Command Mode Router OSPF Configuration mode. User Guidelines The no form of the enable command removes the OSPF router configuration from the running config. It does not, however, reset the OSPF configuration. For example, following no enable with the enable command restores the OSPF configuration to the running config. OSPF must be disabled in order to assign or change the router ID.
Default Configuration 0 seconds is the default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets the exit overflow interval for OSPF at 10 seconds. console(config-router)#exit-overflow-interval 10 external-lsdb-limit Use the external-lsdb-limit command in Router OSPF Configuration mode to configure the external LSDB limit for OSPF. If the value is -1, then there is no limit.
User Guidelines The external LSDB limit MUST be set identically in all routers attached to the OSPF backbone and/or any regular OSPF area. Example The following example configures the external LSDB limit for OSPF with the number of non-default AS-external-LSAs set at 20. console(config-router)#external-lsdb-limit 20 ip ospf area The ip ospf area command enables OSPFv2 and sets the area ID of an interface. This command supersedes the effects of network area command.
ip ospf authentication Use the ip ospf authentication command in the Interface Configuration mode to set the OSPF Authentication Type and Key for the specified interface. Use the no form of the command to return the authentication type to the default value. Syntax ip ospf authentication {none | {simple key} | {encrypt key key-id}} no ip ospf authentication • encrypt — MD5 encrypted authentication key. • key — Authentication key for the specified interface.
ip ospf cost Use the ip ospf cost command in Interface Configuration mode to configure the cost on an OSPF interface. Use the no form of the command to return the cost to the default value. Syntax ip ospf cost interface-cost no ip ospf cost • interface-cost — Specifies the cost (link-state metric) of the OSPF interface. (Range: 1–65535) Default Configuration 10 is the default link-state metric configuration. Command Mode Interface Configuration (VLAN) mode.
Default Configuration By default, LSAs are flooded on all interfaces in a routed VLAN. Command Mode Interface Configuration mode User Guidelines This command is only applicable to OSPFv2 routing configurations. ip ospf dead-interval Use the ip ospf dead-interval command in Interface Configuration to set the OSPF dead interval for the specified interface. Use the no form of the command to return the interval to the default value.
console(config-if-vlan1)#ip ospf dead-interval 30 ip ospf hello-interval Use the ip ospf hello-interval command in Interface Configuration mode to set the OSPF hello interval for the specified interface. Use the no form of the command to return the interval to the default value. Syntax ip ospf hello-interval seconds no ip ospf hello-interval • seconds — Number of seconds to wait before sending Hello packets from the interface. (Range: 1–65535) Default Configuration 10 is the default number of seconds.
Database Description packet is rejected and the OSPF adjacency is not established. Use the no form of the command to enable OSPF maximum transmission unit (MTU) mismatch detection. Syntax ip ospf mtu-ignore no ip ospf mtu-ignore Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example disables OSPF MTU mismatch detection on VLAN interface 15.
Default Configuration Interfaces operate in broadcast mode by default. Command Mode Interface Configuration (VLAN) mode. User Guidelines OSPF treats interfaces as broadcast interfaces by default. Loopback interfaces have a special loopback network type, which cannot be changed. When there are only two routers on the network, OSPF can operate more efficiently by treating the network as a point-to-point network.
Command Mode Interface Configuration (VLAN) mode. User Guidelines A value of 1 is the highest router priority. A value of 0 indicates that the interface is not eligible to become the designated router on this network. Example The following example sets the OSPF priority for the VLAN 15 router at 100.
Example The following example sets the OSPF retransmit Interval for VLAN 15 at 50 seconds. console(config-if-vlan1)#ip ospf retransmit-interval 50 ip ospf transmit-delay Use the ip ospf transmit-delay command in Interface Configuration mode to set the OSPF Transit Delay for the specified interface. Use the no form of the command to return the delay to the default value.
Use the no form of the command to disable state change logging. Syntax log-adjacency-changes [detail] no log-adjacency-changes [detail] • detail—(Optional) When this keyword is specified, all adjacency state changes are logged. Otherwise, OSPF only logs transitions to FULL state and when a backwards transition occurs. Default Configuration Adjacency changes are not logged by default. Command Mode OSPFv2 Router Configuration mode User Guidelines State changes are logged with INFORMATIONAL severity.
• metric—(Optional) Metric to send in summary LSAs when in stub router mode. Range is 1 to 16,777,215. Default is 16,711,680 (0xFF0000). Default Configuration By default, OSPF is not in stub router mode. Command Mode OSPFv2 Global Configuration mode User Guidelines When OSPF is in stub router mode, as defined by RFC 3137, OSPF sets the metric in the non-stub links in its router LSA to LsInfinity. Other routers therefore compute very long paths through the stub router, and prefer any alternate path.
may issue the command no max-metric router-lsa on-startup. The command no max-metric router-lsa summary-lsa causes OSPF to send summary LSAs with metrics computed using normal procedures defined in RFC 2328. maximum-paths Use the maximum-paths command in Router OSPF Configuration mode to set the number of paths that OSPF can report for a given destination. Use the no form of the command to reset the number to the default value.
Example The following example sets the number of paths at 2 that OSPF can report for a given destination. console(config-router)#maximum-paths 2 network area The network area command enables OSPFv2 on an interface and sets its area ID if the ip-address of an interface is covered by this network command. Use the “no” form of this command to disable OSPFv2 on an interface.
OSPF only advertises IP subnets for secondary IP addresses if the secondary address is within the range of a network area command for the same area as the primary address on the same interface. When a network area command is deleted, matching interfaces are reevaluated against all remaining network area commands. Ones in the wildcard mask indicate “don't care” bits in the network address. Example console(config-router)#network 10.50.50.0 0.0.0.
executes a graceful restart, it informs its neighbors that the OSPF control plane is restarting, but that it will be back shortly. Helpful neighbors continue to advertise to the rest of the network that they have full adjacencies with the restarting router, avoiding announcement of a topology change and everything that goes with that (i.e., flooding of LSAs, SPF runs). Helpful neighbors continue to forward packets through the restarting router.
nsf helper strict-lsa-checking Use the nsf-helper strict-lsa-checking command to require that an OSPF helpful neighbor exit helper mode whenever a topology change occurs. Use the “no” form of this command to allow OSPF to continue as a helpful neighbor in spite of topology changes. Syntax nsf [ietf] helper strict-lsa-checking no nsf [ietf] helper strict-lsa-checking • ietf —This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations.
Syntax nsf [ietf] restart-interval seconds no nsf [ietf] restart-interval • ietf — This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations. Since the IETF implementation is the only one supported, this keyword is optional. • seconds — The number of seconds that the restarting router asks its neighbors to wait before exiting helper mode. The restarting router includes the restart interval in its grace LSAs (range 1–1800 seconds).
Default Configuration Global passive mode is disabled by default. Command Mode Router OSPF Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-router)#passive-interface passive-interface Use the passive-interface command to set the interface as passive. It overrides the global passive mode that is currently effective on the interface. Use the “no” form of this command to set the interface as non-passive.
redistribute (OSPF) Use the redistribute command in Router OSPF Configuration mode to configure OSPF protocol to allow redistribution of routes from the specified source protocol/routers. Use the no version of the command to disable redistribution from the selected source or to reset options to their default values.
User Guidelines When redistributing a route metric, the receiving protocol must understand the metric. The OSPF metric is a cost value equal to 108/ link bandwidth in bits/sec. For example, the OSPF cost of GigabitEthernet is 108/108 = 1. The RIP metric is a hop count with a maximum value of 15 (infinity). If no metric value is specified, the metric redistributed for a type 1 route is the sum of the external cost and the internal cost used to reach that route.
User Guidelines The router-id must be set in order for OSPF to become operationally enabled. It is recommended that the router ID be set to the IP address of a loopback interface to ensure that the router remains up internally. Example The following example defines the router ID as 5.5.5.5. console(config)#router ospf console(config-router)#router-id 5.5.5.5 router ospf Use the router ospf command in Global Configuration mode to enter Router OSPF mode and globally enable OSPF.
The no form of the command removes all OSPF configuration (including interface configuration) for the specified VRF Example The following example enters into router OSPF mode. console(config)#router ospf console(config-router)# show ip ospf Use the show ip ospf command to display information relevant to the OSPF router. This command has been modified to show additional fields. Syntax show ip ospf [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates.
Some of the information below displays only if you enable OSPF and configure certain features. The following fields may be displayed: Field Description Router ID A 32-bit integer in dotted decimal format identifying the router about which information is displayed. This is a configured value. OSPF Admin Mode Shows whether OSPF is administratively enabled or disabled.
Default Passive Setting When enabled, OSPF interfaces are passive by default. Maximum Paths Shows the maximum number of paths that OSPF can report for a given destination. Default Metric Default metric for redistributed routes. Stub Router Configuration One of Always, Startup, or None. Stub Router Startup Time Configured value in seconds. This row is only listed if OSPF is configured to be a stub router at startup.
Stub Router Time The remaining time until OSPF exits stub router mode. This Remaining row is only listed if OSPF is in startup stub router mode. External LSDB Overflow OSPF enters this state when the number of external LSAs exceeds a configured limit, as described in RFC 1765. External LSA Count Shows the number of external (LS type 5) link-state advertisements in the link-state database.
NSF Restart Interval The number of seconds a helpful neighbor allows a restarting router to complete its graceful restart. NSF Restart Status Whether the router is currently performing a graceful restart. NSF Restart Age The number of seconds until a graceful restart expires. Only non-zero when the router is in graceful restart. NSF Restart Exit Reason The reason the previous graceful restart ended. Possible values are Not attempted, In progress, Completed, Timed out, Topology change, and Manual clear.
Maximum Paths............................ Default Metric........................... Default Metric........................... Stub Router Configuration................ Summary LSA Metric Override.............. 4 Not configured Not configured None Disabled BFD Enabled.............................. NO Default Route Advertise.................. Always................................... Metric................................... Metric Type..............................
Exit Overflow Interval......................... 0 Spf Delay Time................................. 5 Spf Hold Time.................................. 10 Flood Pacing Interval.......................... 33 ms LSA Refresh Group Pacing Time.................. 60 sec Opaque Capability.............................. Enable AutoCost Ref BW................................ 100 Mbps Default Passive Setting........................ Disabled Maximum Paths.................................. 4 Default Metric...................
Syntax show ip ospf abr [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
• vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
Translator Role................................ Candidate Translator Stability Interval.................. 2000 Translator State............................... Disabled Example #3 The following example shows the length of the area’s flood queue for LSAs waiting to be flooded within the area. console #show ip ospf area 1 AreaID......................................... External Routing............................... Spf Runs....................................... Area Border Router Count......................
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. Example console#show ip ospf asbr Type Router Id Cost Area ID ----INTRA INTRA ---------1.1.1.1 4.4.4.4 ---1 10 -------0.0.0.1 0.0.0.1 Next Hop Next Hop Intf ----------- ----------10.1.12.1 vlan10 10.1.24.
• summary — Display the LSA database summary information. • ls-id — Specifies the link state ID (LSID). (Range: IP address or an integer in the range of 0–4294967295) • adv-router — Display the LSAs that are restricted by the advertising router. To specify a router, enter the IP address of the router. • self-originate — Display the LSAs in that are self-originated. • opaque-area— Display the area opaque LSAs. • opaque-as— Display AS opaque LSAs. • opaque-link— Display link opaque LSAs.
Network Link States (Area 0.0.0.0) Link Id Adv Router Age Sequence Chksm Options Rtr Opt --------------- --------------- ----- -------- ------ ------- ----2.2.2.2 20.20.20.20 1165 80000005 f86d -E--O- Network Summary States (Area 0.0.0.0) Link Id Adv Router Age Sequence Chksm Options Rtr Opt --------------- --------------- ----- -------- ------ ------- ----5.2.0.0 0.0.0.0 1360 80000007 242e ------ Summary ASBR States (Area 0.0.0.
show ip ospf database database-summary Use the show ip ospf database database-summary command to display the number of each type of LSA in the database for each area and for the router. The command also displays the total number of LSAs in the database. This command has been modified. Syntax show ip ospf database database-summary [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown.
Summary ASBR Shows Number of summary ASBR LSAs in the database. Type-7 Ext Shows Total number of Type-7 external LSAs in the database. SelfOriginated Type-7 Shows Total number of self originated AS external LSAs in the OSPFv3 link state database. Opaque Link Shows Number of opaque link LSAs in the database. Opaque Area Shows Number of opaque area LSAs in the database. Subtotal Shows Number of entries for the identified area. Opaque AS Shows Number of opaque AS LSAs in the database.
Type-7 Ext..................................... Opaque Link.................................... Opaque Area.................................... Type-5 Ext..................................... Self-Originated Type-5 Ext..................... Opaque AS...................................... Total.......................................... 0 0 0 0 0 0 0 show ip ospf interface Use the show ip ospf interface command to display the information for the VLAN or loopback interface.
Subnet Mask.................................... Secondary IP Address(es)....................... OSPF Admin Mode................................ OSPF Area ID................................... OSPF Network Type.............................. Router Priority................................ Retransmit Interval............................ Hello Interval................................. Dead Interval.................................. LSA Ack Interval............................... Iftransit Delay Interval........
show ip ospf interface brief Use the show ip ospf interface brief command to display brief information for the IFO object or virtual interface tables. Syntax show ip ospf interface brief [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration.
show ip ospf interface stats Use the show ip ospf interface stats command to display the statistics for a specific interface. The information is only displayed if OSPF is enabled. Syntax show ip ospf interface stats vlan vlan-id • vlan-id — Valid VLAN ID. Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Syntax show ip ospf lsa-group [vrf vrf-name] • vrf-name—The name of the VRF instance from which to display the selforiginated LSA groups. Default Configuration There are no self-originated LSA groups by default. Command Mode Privileged Exec mode, Global Configuration mode, and all sub-modes User Guidelines The following fields are displayed: Field Description Total selforiginated LSAs The number of LSAs the router is currently originating.
Pacing group limit: 400 Number of self-originated LSAs within each LSA group... Group Start Age 0 60 120 180 240 300 360 420 480 540 600 660 720 780 840 900 960 1020 1080 1140 1200 1260 Group End Age 59 119 179 239 299 359 419 479 539 599 659 719 779 839 899 959 1019 1079 1139 1199 1259 1319 Count 96 88 102 95 95 92 48 58 103 99 119 110 106 122 110 99 135 101 94 115 110 111 show ip ospf neighbor Use the show ip ospf neighbor command to display locally derived information about OSPF neighbors.
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. The following information is output. Field Description Interface The name of the interface on which the adjacency is formed.
Field Description Retransmission Queue Length The number of LSAs sent to the neighbor's retransmit queue waiting for the neighbor to acknowledge. Restart Helper Status One of two values: • Helping — This router is acting as a helpful neighbor to this neighbor. A helpful neighbor does not report an adjacency change during graceful restart, but continues to advertise the restarting router as a FULL adjacency.
Field Description Restart Helper Exit Reason One of the following values: • Restart Reason — When the router is in helpful neighbor mode, the output includes the restart reason the restarting router sent in its grace LSA. The Restart Reason is the value in the Graceful Restart Reason TLV in the grace LSA sent by the restarting router.
console#show ip ospf neighbor 3.3.3.3 Interface...................................... 0/25 Neighbor IP Address............................ 172.20.25.3 Interface Index................................ 25 Area Id........................................ 0.0.0.0 Options........................................ 0x2 Router Priority................................ 1 Dead timer due in (secs)....................... 10 Up Time........................................ 4 days 3 hrs 33 mins 36 secs State...................
The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. The following information is displayed. Field Description Prefix The summary prefix. Subnet Mask The subnetwork mask of the summary prefix. Type S (Summary Link) or E (External Link) Action Advertise or Suppress Cost Metric to be advertised when the range is active. If a static cost is not configured, the field displays Auto. If the action is Suppress, the field displays N/A.
Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. This command outputs the following.
Example console# show ip ospf statistics Area 0.0.0.
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. Example The following example displays the OSPF stub table. console(config)#show ip ospf stub table AreaId TypeofService Metric Val Import SummaryLSA ------------- ------------0.0.0.
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. The clear ip ospf counters command does not clear the message queue high water marks. The following is output. Parameter Description OSPFv2 Packet Statistics The number of packets of each type sent and received since OSPF counters were last cleared.
LSAs Retransmitted................0 LS Update Max Receive Rate........20 pps LS Update Max Send Rate...........10 pps Number of LSAs Received T1 (Router).......................10 T2 (Network)......................0 T3 (Net Summary)..................300 T4 (ASBR Summary).................15 T5 (External).....................20 T7 (NSSA External)................0 T9 (Link Opaque)..................0 T10 (Area Opaque).................0 T11 (AS Opaque)...................0 Total.............................
Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. OSPF must be enabled for this command to display the virtual interfaces. Example The following example displays the OSPF Virtual Interface information for area 10 and its neighbor.
Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines OSPF must be enabled for this command to display the virtual interface information. Example The following example displays the OSPF Virtual Interface information in the system. console#show ipv6 ospf virtual-link brief Hello Dead Retransmit Area ID Neighbor Interval Interval Interval ------- --------------- -------- ---------0.0.0.2 5.5.5.
User Guidelines OSPF distributes routing information in Link State Advertisements (LSAs), which are bundled into Link State Update (LS Update) packets. To reduce the likelihood of sending a neighbor more packets than it can buffer, OSPF rate limits the transmission of LS Update packets. By default, OSPF sends up to 30 updates per second on each interface (1/the pacing interval). Use this command to adjust the LS Update transmission rate.
Command History Command introduced in version 6.5 firmware. Example console(config-router6)#timers pacing lsa-group 90 timers spf Use the timers spf command to configure the SPF delay and hold time. Use the no form of the command to reset the numbers to the default value. Syntax timers spf delay-time hold-time no timers spf • delay-time — SPF delay time. (Range: 0–65535 seconds) • hold-time — SPF hold time. (Range: 0–65535 seconds) Default Configuration The default value for delay-time is 5.
OSPFv3 Commands Dell EMC Networking N2200-ON/N3000E-ON/N3100-ON/N3200-ON Series Switches The Dell Network N1500/N2000/N2100-ON series support limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. area default-cost (Router OSPFv3) Use the area default-cost command in Router OSPFv3 Configuration mode to configure the monetary default cost for the stub area.
console(config)#ipv6 router ospf console(config-rtr)#area 1 default-cost 100 area nssa (Router OSPFv3) Use the area nssa command in Router OSPF Configuration mode to configure the specified area ID to function as an NSSA. If the area has not been previously created, this command creates the area and then applies the NSSA distinction. If the area already exists, the NSSA distinction is added or modified. Use the no form of the command to remove the NSSA distinction from the area.
Default Configuration If no metric is defined, 10 is the default configuration. The default role is candidate. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures not-so-stubby-area 10 as an NSSA.
• metric — Metric value for default route. (Range: 1-16777214) • comparable — Metric Type (nssa-external 1). • non-comparable — Metric Type (nssa-external 2). Default Configuration If no metric is defined, 10 is the default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the default metric value for the default route advertised into the NSSA.
Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the area 1 NSSA ABR so that learned external routes will not be redistributed to the NSSA. console(config)#ipv6 router ospf console(config-rtr)#area 1 nssa no-redistribute area nssa no-summary Use the area nssa no-summary command in Router OSPFv3 Configuration mode to configure the NSSA so that summary LSAs are not advertised into the NSSA.
console(config)#ipv6 router ospf console(config-rtr)#area 1 nssa no-summary area nssa translator-role Use the area nssa translator-role command in Router OSPFv3 Configuration mode to configure the translator role of the NSSA. Use the no form of the command to remove the configuration. Syntax area areaid nssa translator-role {always | candidate} no area areaid nssa translator-role • areaid — Valid OSPF area identifier.
area nssa translator-stab-intv Use the area nssa translator-stab-intv command in Router OSPFv3 Configuration mode to configure the translator stability interval of the NSSA. The stability interval is the period of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router. Syntax area areaid nssa translator-stab-intv seconds no area areaid nssa translator-stab-intv • areaid — Valid OSPF area identifier.
configured to summarize intra-area routes. An ABR advertises the range rather than the specific intra-area route as a type 3 summary LSA. Also, an area range can be configured at the edge of an NSSA to summarize external routes reachable within the NSSA. The range is advertised as a type 5 external LSA. Use the no form of the command to remove the summary prefix configuration for routes learned in the specified area.
area stub Use the area stub command in Router OSPFv3 Configuration mode to create a stub area for the specified area ID. If the area has not been previously created, this command creates the area and then applies the stub distinction. A stub area is characterized by the fact that AS External LSAs are not propagated into the area. Removing AS External LSAs and Summary LSAs can significantly reduce the size of the link state database of routers within the stub area.
Syntax area area-id stub no-summary no area area-id stub no-summary • area-id — Valid OSPFv3 area identifier. • so-summary — Disable the import of Summary LSAs for the stub area identified by area-id. Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example prevents Summary LSAs from being advertised into the area 1 NSSA.
no area area-id virtual-link router-id id [hello-interval] [retransmit-interval] [transmit-delay] [dead-interval] • area-id—Valid OSPFv3 area identifier (or decimal value in the range of 04294967295). • router-id—Identifies the Router ID or valid IP address of the neighbor. • hello-interval seconds—Number of seconds to wait before sending hello packets to the OSPF virtual interface.
User Guidelines This command has no user guidelines. Example The following example creates the OSPF virtual interface for area 1 and its neighbor router. console(config)#ipv6 router ospf console(config-rtr)#area 1 virtual-link 2 The following example configures a 20-second dead interval, a hello interval of 20 seconds, a retransmit interval of 20 seconds, and a 20-second transmit delay for the OSPF virtual interface on the virtual interface identified by area 1 and its neighbor.
User Guidelines This command has no user guidelines. Example The following example configures a 20-second dead interval for the OSPF virtual interface on the virtual interface identified by area 1 and its neighbor.
console(config-rtr)#area 1 virtual-link 2 hello-interval 20 area virtual-link retransmit-interval Use the area virtual-link retransmit-interval command in Router OSPFv3 Configuration mode to configure the retransmit interval for the OSPF virtual interface on the virtual interface identified by areaid and neighbor. Syntax area areaid virtual-link neighbor retransmit-interval seconds no area areaid virtual-link neighbor retransmit-interval • areaid — Valid OSPFv3 area identifier.
Syntax area areaid virtual-link neighbor transmit-delay seconds no area areaid virtual-link neighbor transmit-delay • areaid — Valid OSPFv3 area identifier. • neighbor — Router ID of neighbor. • seconds — Transmit delay interval. (Range: 0-3600) Default Configuration 1 is the default value for seconds. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines.
• always—Always advertise default routes. • metric-value— • type-value—The metric (or preference) value of the default route. (Range: 1–16777214) • One of the following: 1 External type-1 route. 2 External type-2 route. Default Configuration The default metric is none and the default type is 2. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets a default of 100 for the metric of distributed routes. console(config)#ipv6 router ospf console(config-rtr)#default-metric 100 distance ospf The distance ospf command sets the preference values of OSPF route types in the router. Lower route preference values are preferred when determining the best route.
Router OSPFv3 Configuration mode. User Guidelines There are no user guidelines for this command. Example The following example sets a route preference value of 100 for intra OSPF in the router. console(config)#ipv6 router ospf console(config-rtr)#distance ospf intra 100 enable Use the enable command in Router OSPFv3 Configuration mode to enable administrative mode of OSPF in the router (active). Syntax enable no enable Default Configuration Enabled is the default state.
exit-overflow-interval Use the exit-overflow-interval command in Router OSPFv3 Configuration mode to configure the exit overflow interval for OSPF. It describes the number of seconds after entering Overflow state that a router will wait before attempting to leave the Overflow State. This allows the router to originate non-default AS-external-LSAs again. When set to 0, the router will not leave Overflow State until restarted.
non-default AS-external- LSAs in it database. The external LSDB limit MUST be set identically in all routers attached to the OSPF backbone and/or any regular OSPF area. Syntax external-lsdb-limit limit no external-lsdb-limit • limit — External LSDB limit for OSPF (Range: -1-2147483647) Default Configuration -1 is the default value for limit. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines.
Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example enables OSPF on VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf ipv6 ospf area Use the ipv6 ospf area areaid command in Interface Configuration mode to set the OSPF area to which the specified router interface belongs.
console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf area 100 ipv6 ospf cost Use the ipv6 ospf cost command in Interface Configuration mode to configure the cost on an OSPF interface. Use the no form of the command to return the cost to the default value. Syntax ipv6 ospf cost interface-cost no ipv6 ospf cost • interface-cost — Specifies the cost (link-state metric) of the OSPF interface. (Range: 1–65535) Default Configuration 10 is the default link-state metric configuration.
no ipv6 ospf dead-interval • seconds — A valid positive integer, which represents the length of time in seconds that a router's Hello packets have not been seen before its neighbor routers declare that the router is down. The value for the length of time must be the same for all routers attached to a common network. This value should be some multiple of the Hello Interval (i.e. 4). (Range: 1-65535) Default Configuration 40 seconds is the default value of seconds.
Default Configuration 10 seconds is the default value of seconds. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines This command has no user guidelines. Example The following example sets the OSPF hello interval at 15 seconds. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf hello-interval 15 ipv6 ospf mtu-ignore Use the ipv6 ospf mtu-ignore command in Interface Configuration mode to disable OSPF maximum transmission unit (MTU) mismatch detection.
the neighbor. By default, if the MTU is larger than the router can accept, the Database Description packet is rejected and the OSPF adjacency is not established. Example The following example disables OSPF maximum transmission unit (MTU) mismatch detection. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf mtu-ignore ipv6 ospf network Use the ipv6 ospf network command in Interface Configuration mode to change the default OSPF network type for the interface.
network type eliminates the overhead of the OSPF designated router election. It is normally not useful to set a tunnel to OSPF network type broadcast. Example The following example changes the default OSPF network type to point-topoint. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf network point-to-point ipv6 ospf priority Use the ipv6 ospf priority command in Interface Configuration mode to set the OSPF priority for the specified router interface.
ipv6 ospf retransmit-interval Use the ipv6 ospf retransmit-interval command in Interface Configuration mode to set the OSPF retransmit interval for the specified interface. Syntax ipv6 ospf retransmit-interval seconds no ipv6 ospf retransmit-interval • seconds — The number of seconds between link-state advertisement retransmissions for adjacencies belonging to this router interface. This value is also used when retransmitting database description and link-state request packets.
• seconds — OSPF transmit delay for the specified interface. In addition, it sets the estimated number of seconds it takes to transmit a link state update packet over this interface. (Range: 1 to 3600 seconds) Default Configuration No default value. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines This command has no user guidelines. Example The following example sets the OSPF Transmit Delay at 100 seconds for VLAN 15.
User Guidelines This command has no user guidelines. Example Use the following command to enable OSPFv3. console(config)#ipv6 router ospf maximum-paths Use the maximum-paths command in Router OSPFv3 Configuration mode to set the number of paths that OSPF can report for a given destination. Syntax maximum-paths maxpaths no maximum-paths • maxpaths — Number of paths that can be reported. (Range: 1-2) Default Configuration 2 is the default value for maxpaths.
nsf Use this command to enable OSPF graceful restart. Use the no form of this command to disable graceful restart. Syntax nsf [ietf] [planned-only] no nsf [ietf] • ietf — This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations. Since the IETF implementation is the only one supported, this keyword is optional. • planned-only — This keyword indicates that OSPF should only perform a graceful restart when the restart is planned (i.e.
nsf helper Use the nsf-helper to allow OSPF to act as a helpful neighbor for a restarting router. Use the no form of this command to prevent OSPF from acting as a helpful neighbor. Syntax nsf helper[planned-only] no nsf helper • planned-only — This keyword indicates that OSPF should only help a restarting router performing a planned restart.
no nsf [ietf] helper strict-lsa-checking • ietf —This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations. Since the IETF implementation is the only one supported, this keyword is optional. Default Configuration A helpful neighbor exits helper mode when a topology change occurs. Command Mode Router OSPFv3 Configuration mode User Guidelines The restarting router is unable to react to topology changes.
• seconds — The number of seconds that the restarting router asks its neighbors to wait before exiting helper mode. The restarting router includes the restart interval in its grace LSAs (range 1–1800 seconds). Default Configuration The default restart interval is 120 seconds.
User Guidelines There are no user guidelines for this command. Example console(config-router)#passive-interface vlan 1 passive-interface default The passive-interface default command enables the global passive mode by default for all interfaces. It overrides any interface level passive mode. Use the “no” form of this command to disable the global passive mode by default for all interfaces. Any interface previously configured to be passive reverts to nonpassive mode.
Syntax redistribute protocol [metric metric-value] [tag tag-value] [route-map routetag] no redistribute protocol • protocol —One of the following: – static—Specifies that static routes are to be redistributed. – connected—Specifies that connected routes are to be redistributed. – bgp—Specifies BGP originated routes are to be redistributed. • metric-value — Metric value used for default routes. (Range: 0-16777214) • tag-value— Insert the specified tag value into redistributed routes.
router-id Use the router-id command in Router OSPFv3 Configuration mode to set a 4-digit dotted-decimal number uniquely identifying the Router OSPF ID. Syntax router-id router-id • router-id — Router OSPF identifier. (Range: 0-4294967295) Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines.
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Some of the information below displays only if you enable OSPF and configure certain features. The following fields may be displayed: Field Description Router ID A 32-bit integer in dotted decimal format identifying the router about which information is displayed. This is a configured value. OSPF Admin Mode Shows whether OSPF is administratively enabled or disabled.
Metric Type Shows whether the metric for the default route is advertised as External Type 1 or External Type 2. Number of Active Areas The number of OSPF areas to which the router is attached on interfaces that are up. ABR Status Shows whether the router is an OSPF Area Border Router. ASBR Status Indicates whether the router is an autonomous system border router. Router automatically becomes an ASBR when it is configured to redistribute routes learned from another protocol.
Retransmit List Entries The current number of entries on all neighbors’ retransmit lists. Maximum Number The maximum number of entries that can be on neighbors’ of Retransmit retransmit lists at any given time. This is the sum for all Entries neighbors. When OSPF receives an LSA and cannot allocate a new retransmit list entry, the router does not acknowledge the LSA, expecting the sender to retransmit.
Example The following example enables OSPF traps. console#show ipv6 ospf Router ID...................................... OSPF Admin Mode................................ ASBR Mode...................................... ABR Status..................................... Exit Overflow Interval......................... External LSA Count............................. External LSA Checksum.......................... New LSAs Originated............................ LSAs Received..................................
Example console#show ipv6 ospf abr Type Router Id Cost Area ID ---INTRA INTRA Next Hop Next Hop Intf -------- ---- -------- ----------------------- ----3.3.3.3 10 0.0.0.1 FE80::211:88FF:FE2A:3CB3 vlan11 4.4.4.4 10 0.0.0.1 FE80::210:18FF:FE82:8E1 vlan12 show ipv6 ospf area Use the show ipv6 ospf area command to display information about the area. Syntax show ipv6 ospf area areaid • areaid — Identifier for the OSPF area being displayed. Default Configuration This command has no default configuration.
show ipv6 ospf asbr The show ipv6 ospf asbr command displays the internal OSPFv3 routes to reach Autonomous System Boundary Routes (ASBR). This command takes no options. Syntax show ipv6 ospf asbr Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show ipv6 ospf asbr Type Router Id Cost Area ID ---INTRA INTRA --------1.1.1.1 4.4.
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes show ipv6 ospf database Use the show ipv6 ospf database command to display information about the link state database when OSPFv3 is enabled.
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If no parameters are entered, the command displays the LSA headers. Optional parameters specify the type of link state advertisements to display. The information below is only displayed if OSPF is enabled. Example The following example displays information about the link state database when OSPFv3 is enabled. console#show ipv6 ospf database Router Link States (Area 0.0.0.
Router Link States (Area 0.0.0.1) Adv Router Link Id Age Sequence Csum Options Rtr Opt -------------- --------------- ----- -------- ---- ------- ------1.1.1.1 0 1 8000002E 35AD V6E--R- --V-B 2.2.2.2 0 0 8000004A D2F3 V6E--R- ----B Network Link States (Area 0.0.0.1) Adv Router Link Id Age Sequence Csum Options Rtr Opt -------------- --------------- ----- -------- ---- ------- ------1.1.1.1 634 621 80000001 B9E2 V6E--RInter Network States (Area 0.0.0.
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the number of each type of LSA in the database and the total number of LSAs in the database. console#show ipv6 ospf database database-summary OSPF Router with ID (0.0.0.2) Router database summary Router......................................... 0 Network........................................ 0 Inter-area Prefix..
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the information in VLAN 11’s virtual interface tables. console#show ipv6 ospf interface vlan 11 IP Address..................................... ifIndex........................................ OSPF Admin Mode................................ OSPF Area ID................................... Router Priority............
User Guidelines This command has no user guidelines. Example The following example displays brief ospf interface information. console#show ipv6 ospf interface brief Admin Interface Mode Area ID --------- -------- -------- Hello Dead Retrax LSA Router Int. Int. Int. Retrax Ack Prior. Cost Val. Val. Val. Delay Intval ------ ----- ----- ----- ------ ------ ----- show ipv6 ospf interface stats Use the show ipv6 ospf interface stats command to display the statistics for a specific interface.
Area Border Router Count....................... 1 AS Border Router Count......................... 0 Area LSA Count................................. 6 IPv6 Address................................... FE80::202:BCFF:FE00:3146/1283FFE::2/64 OSPF Interface Events.......................... 53 Virtual Events................................. 13 Neighbor Events................................ 6 External LSA Count............................. 0 LSAs Received.................................. 660 Originate New LSAs...
User Guidelines This command has no user guidelines. Example The following example displays OSPF interface VLAN information. console#show ipv6 ospf interface vlan 10 IPv6 Address............................. ifIndex.................................. OSPF Admin Mode.......................... OSPF Area ID............................. Router Priority.......................... Retransmit Interval...................... Hello Interval........................... Dead Interval............................
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following examples display information about OSPF neighbors, in the first case in a summary table, and in the second in a table specific to tunnel 1.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays information about the area ranges for area 1.
Example The following example displays the OSPF stub table. console#show ipv6 ospf stub table AreaId TypeofService Metric Val ------------ ---------------------0.0.0.10 Normal 1 Import SummaryLSA ----------------Enable show ipv6 ospf virtual-links Use the show ipv6 ospf virtual-links command to display the OSPF Virtual Interface information for a specific area and neighbor or for all areas in the system.
Iftransit Delay Interval....................... Retransmit Interval............................ State.......................................... Metric......................................... Neighbor State................................. 1 5 point-to-point 10 Full show ipv6 ospf virtual-link brief Use the show ipv6 ospf virtual-link brief command to display the OSPFV3 Virtual Interface information for all areas in the system.
Syntax timers throttle spf spf-start spf-hold spf-maximum no timers throttle spf • spf-start—Configures the delay used when no SPF calculation has been scheduled during the current wait interval. (Range: 1–60000 milliseconds) • spf-hold—Configures the initial wait interval. (Range: 1–60000 milliseconds) • spf-maximum—Configures the maximum wait interval. (Range: 1–60000 milliseconds) Default Configuration The default value for spf-start is 2000 milliseconds.
Example console(config-router6)#timers throttle spf 3000 6000 18000 Layer 3 Routing Commands 1818
IPv6 Policy-Based Routing Commands Dell EMC Networking N3000E/N3100E-ON/N3200-ON Series Switches Use IPv6 Policy-Based Routing commands to configure and view policy-based routing for IPv6. ipv6 policy route-map Use this command to identify a route map to use for policy-based IPv6 routing on an interface. Syntax ipv6 policy route-map route-map-name no ipv6 policy route-map route-map-name • route-map-name—The name of the route map to use for policy-based routing.
the entire sequence of route-maps needs to be removed from the interface and added back again in order to have the changed route-map configuration be effective. If the administrator removes match or set terms in a route-map intermittently, the counters corresponding to the removed match term are reset to zero. A route-map statement must contain eligible match/set conditions for policy based routing in order to be applied to hardware.
match ipv6 address Use this command to specify IPv6 address match criteria for a route map. Use the no form of this command to delete a match statement from a route map. Syntax match ip address access-list-name [access-list-name] no match ip address access-list-name [access-list-name] • access-list-name—The access-list name that identifies the named IPv6 ACL. The name can be up to 31 characters in length. Default Configuration This command has no default configuration.
• Route maps do not have a implicit deny all at the end of the list. Instead, non-matching packets for a permit route map use the routing table. Command History Command introduced in version 6.6 firmware. Example The following sequence shows how to create a route-mao with a match clause using an IPv6 ACL and applies the route map to an interface. This example presumes VLAN 10 is already created and ipv6 routing is globally enabled.
• vlan-id—The VLAN over which the IPv6 link-local address may be reached. • link-local-address—The IPv6 link-local address of the adjacent router. Default Configuration This command has no default configuration. Command Mode Route Map mode. User Guidelines The set ipv6 next-hop command affects all incoming packet types and is always used if configured and the next hop is resolved. A check is made periodically to see if the next-hop is resolved.
• ipv6-address—The IPv6 address of the next hop to which packets are routed. It must be the address of an adjacent router (for example, the next hop must be in a subnet configured on the local router). A maximum of 16 next-hop IPv6 addresses can be specified. • vlan-id—The VLAN over which the IPv6 link-local address may be reached. • link-local-address—The IPv6 link-local address of the adjacent router. Default Configuration This command has no default configuration. Command Mode Route Map mode.
no set ipv6 precedence 0-7 Parameter Description 0 Sets the routine precedence. 1 Sets the priority precedence. 2 Sets the immediate precedence. 3 Sets the Flash precedence. 4 Sets the Flash override precedence. 5 Sets the critical precedence. 6 Sets the internetwork control precedence. 7 Sets the network control precedence. Default Configuration This command has no default configuration. Command Mode Route Map mode.
Syntax show ipv6 policy Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes. User Guidelines This command has no user guidelines. Command History Command introduced in version 6.6 firmware.
Router Discovery Protocol Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches Routers can be configured to periodically send router discovery messages to announce their presence to locally attached hosts. The router discovery message advertises one or more IP addresses on the router that hosts can use as their default gateway.
• minadvertinterval seconds—Minimum time in seconds allowed between sending router advertisements from the interface. (Range: 3 to value of maximum advertisement interval in seconds) • preference number—Preference of the address as a default router address, relative to other router addresses on the same subnet. (Range: 2147483648 to 2147483647) • address address—IP address for router discovery advertisements. (Range: 224.0.0.1 [all-hosts IP multicast address] or 255.255.255.
Syntax ip irdp holdtime integer no ip irdp holdtime • integer — Integer value in seconds of the holdtime field of the router advertisement sent from this interface. The holdtime must be no less than the maximum advertisement interval and cannot be greater than 9000 seconds. Default Configuration The holdtime defaults to 3 times the maximum advertisement interval. Command Mode Interface Configuration (VLAN) mode.
• integer — Maximum time in seconds allowed between sending router advertisements from the interface. (Range: 4 or the minimum advertisement interval, whichever is greater, and 1800 seconds) Default Configuration 600 seconds is the default value. Command Mode Interface Configuration (VLAN) mode. User Guidelines The default values of the minimum advertisement interval and the holdtime depend on the value of the maximum advertisement interval.
no ip irdp minadvertinterval • integer — Minimum time in seconds allowed between sending router advertisements from the interface. (Range: 3 to value of maximum advertisement interval in seconds) Default Configuration The default value is 0.75 times the maximum advertisement interval. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example sets minimum advertisement interval at 100 seconds for VLAN 15.
Command Mode Interface Configuration (VLAN) mode User Guidelines If a subnet includes any hosts that do not accept IP multicast packets, send router advertisements to the limited broadcast address.
Example The following example sets the ip irdp preference to 1000 for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip irdp preference 1000 show ip irdp Use the show ip irdp command to display the router discovery information for all interfaces, or for a specified interface. Syntax show ip irdp [vlan vlan-id ] • vlan-id — Valid VLAN ID Default Configuration This command has no default configuration.
Routing Information Protocol Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000EON/N3100-ON/N3200-ON Series Switches The Routing Information Protocol (RIP) has been a long-standing protocol used by routers for exchanging route information. RIP is a distance vector protocol whereby each route is characterized by the number of gateways, or hops, a packet must traverse to reach its intended destination.
Example console(config-router)#auto-summary default-information originate (Router RIP Configuration) Use the default-information originate command in Router RIP Configuration mode to control the advertisement of default routes. Syntax default-information originate no default-information originate Default Configuration The default configuration is no default-information originate. Command Mode Router RIP Configuration mode.
• number-value — Metric for the distributed routes. (Range: 1-15) Default Configuration Default metric is not configured by default. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets a default of 12 for the metric of distributed routes. console(config-router)#default-metric 12 distance rip Use the distance rip command in Router RIP Configuration mode to set the route preference value of RIP in the router.
User Guidelines This command has no user guidelines. Example The following example sets the route preference value of RIP in the router at 100. console(config-router)#distance rip 100 distribute-list out Use the distribute-list out command in Router RIP Configuration mode to specify the access list to filter routes received from the source protocol. Use the no form of the command to remove the access list from the specified source protocol.
User Guidelines The access list has an implicit deny all, so it is advisable to have a permit statement somewhere on the access list. The BGP parameter is only available in firmware versions enabled for BGP. Example The following example elects access list ACL40 to filter routes received from the source protocol. console(config-router)#distribute-list ACL40 out static enable Use the enable command in Router RIP Configuration mode to reset the default administrative mode of RIP in the router (active).
hostroutesaccept Use the hostroutesaccept command in Router RIP Configuration mode to enable the RIP hostroutesaccept mode. Use the no form of the command to disable the RIP hostroutesaccept mode. Syntax hostroutesaccept no hostroutesaccept Default Configuration Enabled is the default configuration. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines.
Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example console(config-if-vlan2)#ip rip console(config-if-vlan2)#no ip rip ip rip authentication Use the ip rip authentication command in Interface Configuration Mode to set the RIP Version 2 Authentication Type and Key for the specified VLAN. Use the no form of the command to return the authentication to the default value.
Example The following example sets the RIP Version 2 Authentication Type and Key for VLAN 11. console(config-if-vlan11)#ip rip authentication encrypt pass123 35 ip rip receive version Use the ip rip receive version command in Interface Configuration mode to configure the interface to allow RIP control packets of the specified version(s) to be received. Use the no form of the command to return the version to the default value.
ip rip send version Use the ip rip sent version command in Interface Configuration mode to configure the interface to allow RIP control packets of the specified version to be sent. Use the no form of the command to return the version to the default value. Syntax ip rip send version {rip1 | rip1c | rip2 | none} no ip rip send version • rip1 — Send RIP version 1 formatted packets. • rip1c — Send RIP version 1 compatibility mode, which sends RIP version 2 formatted packets via broadcast.
Syntax redistribute ospf [metric integer] [match [internal] [external 1] [external 2] [nssa-external 1] [nssa-external 2]] no redistribute [ospf | bgp | static | connected] redistribute {bgp | connected | static} [metric integer] • metric integer — Specifies the metric to use when redistributing the route. Range: 0-15. • match internal — Adds internal matches to any match types presently being redistributed.
Dell EMC Networking RIP does not support sending a tag value. Redistribution of BGP-originated routes is only available on BGP-enabled routers. Redistribution of BGP-originated routes into RIP is not recommended. Example console(config-router)#redistribute ospf metric 10 match nssa-external 1 console(config-router)#redistribute connected metric 1 router rip Use the router rip command in Global Configuration mode to enter Router RIP mode.
Syntax show ip rip Default Configuration The command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays information relevant to the RIP router. console#show ip rip RIP Admin Mode................................. Split Horizon Mode............................. Auto Summary Mode.............................. Host Routes Accept Mode..............
Syntax show ip rip interface vlan vlan-id • vlan-id — Valid VLAN ID. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays information related to the VLAN 15 RIP interface. console#show ip rip interface vlan 15 Interface...................................... IP Address.....................................
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays general information for each RIP interface. console#show ip rip interface brief Send Receive Interface IP Address Version Version ---------- ----------------- ----------vlan1 0.0.0.0 RIP-2 Both vlan2 0.0.0.
Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example The following example does not use split horizon.
Tunnel Interface Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches Dell EMC Networking provides for the creation, deletion, and management of tunnel interfaces. They are dynamic interfaces that are created and deleted by user configuration. Tunnel interfaces are used for the following purposes. • IPv4 tunnels • IPv6 tunnels Each router interface (port or VLAN interface) may have associated tunnel interfaces. Each interface can have multiple tunnel interfaces.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example The following example enables the interface configuration mode for tunnel 1. console(config)#interface tunnel 1 console(config-if-tunnel1)# show interfaces tunnel Use the show interfaces tunnel command to display the parameters related to tunnel such as tunnel mode, tunnel source address and tunnel destination address.
Examples The following examples show the parameters related to an individual tunnel and to all tunnel interfaces. console#show interfaces tunnel 1 Interface Link Status.......................... down MTU size....................................... 1480 bytes console#show interfaces tunnel TunnelId Interface TunnelMode ------------------------1 tunnel 1 IPv6OVER4 2 tunnel 2 IPv6OVER4 SourceAddress ------------10.254.25.14 DestinationAddress ---------------10.254.25.10 10.254.20.
tunnel mode ipv6ip Use the tunnel mode ipv6ip command in Interface Configuration mode to specify the mode of the tunnel. Syntax tunnel mode ipv6ip [6to4] no tunnel mode • 6to4 — Sets the tunnel mode to automatic. Default Configuration This command has no default configuration. Command Mode Interface Configuration (Tunnel) mode. User Guidelines This command has no user guidelines. Example The following example specifies ipv6ip mode for tunnel 1.
• interface-type—Valid interface type. VLAN is the only type supported. • interface-number—Valid interface number. Default Configuration This command has no default configuration. Command Mode Interface Configuration (Tunnel) mode. User Guidelines This command has no user guidelines. Example The following example specifies VLAN 11 as the source transport address of the tunnel.
Unicast Reverse Path Forwarding Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches Unicast Reverse Path Forwarding (uRPF) is a powerful security tool that helps limit the problems that are caused by malformed or spoofed IP source addresses by discarding IP packets that lack a verifiable IP source address. For example, DoS attacks like Smurf and Tribe Flood Network (TFN) forge or rapidly change source IP addresses to cause a flood of useless packets that choke the network.
Command Mode Global Configuration mode User Guidelines This command enables the uRPF feature in hardware. When the uRPF check is enabled, the route table is checked for source and destination IP match in parallel. For this reason, the route table capacity is reduced once this feature is enabled. A message to this effect is displayed to the user. This command enables the mode for both v4 and v6.
Unicast RPF strict mode may be used on interfaces for which all packets received on an interface are guaranteed to originate from the subnet assigned to the interface. For example, a subnet composed only of end stations fulfills this requirement. Likewise, an access layer network or a branch office where there is only one path into and out of the network meets the requirement. In general, uRPF should be deployed on the downstream interfaces, preferably at the edge of the network.
When allow-default is set in loose mode (any), if the source IP address is not found but a default route is present in the table, the uRPF check will pass. When allow-default is set in strict mode (rx), it will prevent the incoming packet's source IP address to have a route out of a different interface than received. The strict mode option with the default route is used typically on the upstream interface. Default Configuration By default uRPF checking is disabled on interfaces.
console(config-Gi10/7)#ip verify unicast source reachable-via rx console(config-Gi10/7)#no ip verify unicast source reachable-via Layer 3 Routing Commands 1858
Virtual Router Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches Dell EMC Networking VRF is an implementation of Virtual Routing and Forwarding (VRF). Virtual Routing and Forwarding allows multiple independent instances for the forwarding plane to exist simultaneously. This allows the administrator to segment the network without incurring the costs of multiple routers. Each VRF operates as an independent VPN. The IP addresses assigned to each VPN may overlap.
2 In global config mode, create the pool of VLANs. console#configure terminal console(config)#vlan 100-109 console(config-vlan100-109)#exit 3 Assign the VLAN to an interface. console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#switchport access vlan 100 console(config-if-Gi1/0/1)#exit 4 Create the VRF and enable routing. console(config)#ip vrf red console(config-vrf-red)#ip routing console(config-vrf-red)#exit 5 Assign IP addresses to the interfaces.
Syntax description text • text—Descriptive text. Enclose the description in quotes if embedded blanks are desired. Default Configuration No descriptive text is assigned. Command Mode Virtual Router Configuration User Guidelines There are no user guidelines for this command. Example The following example shows the assignment of descriptive text to a VRF.
• vrf-name—The name of a VRF. The name must consist of printable ASCII characters other than a question mark and may not have leading or trailing spaces. Spaces may be included if the name is enclosed in quotes. The maximum length of a VRF name is 32 characters. Default Configuration A single global VRF is created when routing is enabled. Command Mode Global Configuration mode User Guidelines This command is only available on the N3000-ON/N3100-ON/N3200-ON switches.
Syntax ip vrf forwarding vrf-name no ip vrf forwarding • vrf-name—The name of the VRF with which to associate the interface. Default Configuration All interfaces are members of the global routing instance. Command Mode Interface (VLAN) Configuration mode, Interface Range (VLAN) Configuration mode, Interface (Loopback) Configuration mode User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
console(config-if-vlan100)#ip vrf forwarding Red console(config-if-vlan100)#exit console(config)#interface vlan 200 console(config-if-vlan100)#ip vrf forwarding Blue console(config-if-vlan100)#exit maximum routes This command reserves the number of routes allowed and sets the maximum limit on the number of routes for a virtual router instance in the total routing table space for the router, provided there is enough free space in the router’s total routing table.
combination of platform and SDM template. If a size larger than the total routing table size is given, the size is silently truncated to the maximum routing table size. Example The following example reserves 100 routes for VRF Red. console(config)#ip vrf Red console(config-vrf-Red)#ip routing console(config-vrf-Red)#maximum routes 100 console(config-vrf-Red)#exit show ip vrf This command shows the interfaces associated with a VRF instance.
This command is only available on the N3000-ON/N3100-ON/N3200-ON switches. Example console(config)#show ip vrf Number of VRs.........3 Name Identifier Route Distinguisher --------- -------------- ------------------Red 2 2:200 Blue 4 4:400 Green 3 3:300 console(config)#show ip vrf Red detail VRF Identifier.................... Description....................... Route Distinguisher............... Maximum Routes.................... Warning-only......................
Virtual Router Redundancy Protocol Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches An end station running IP needs to know the address of its first hop router. While some network administrators choose to install dynamic router discovery protocols such as DHCP, others prefer to statically allocate router addresses. If the router identified by such a statically allocated address goes down, the end station loses connectivity.
RFC defines a new configuration option that allows the router to accept any packet sent to a VRRP address, regardless of whether the VRRP Master is the address owner. The Pingable VRRP Interface feature, when enabled, allows the VRRP master to respond to both fragmented and unfragmented ICMP echo requests packets destined to a VRRP address (or addresses). A virtual router in backup state discards these.
Interface Tracking For interface tracking, VRRP is a routing event client. When a routing interface goes up or down (or routing is disabled globally, implying all routing interfaces are down), VRRP checks if the interface is tracked. If so, it adjusts the priority. Interface tracking is useful for tracking interfaces that are not configured for VRRP. Only IP interfaces are tracked. Route Tracking The network operator may perform this task to track the reachability of an IP route.
User Guidelines This command has no user guidelines. Example The following example enables VRRP protocol on the router. console(config)#ip vrrp vrrp accept-mode Use the vrrp accept-mode command in Interface (VLAN) Configuration mode to enable the VRRP Master to accept ping packets sent to one of the virtual router’s IP addresses from an external device. Use the no form of the command to disable responding to ping packets.
Syntax vrrp group authentication {none | simple key} no vrrp group authentication • group—The virtual router identifier. (Range: 1-255) • none—Indicates authentication type is none. • simple—Authentication type is a simple text password. • key—The key for simple authentication. (Range: String values) Default Configuration None is the default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines.
Default Configuration No description is present. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command accepts any printable characters for the name other than a question mark. Descriptions containing spaces must be enclosed in quotes. Example The following example creates virtual router group 5 on VLAN 15 and configures its description.
Command Mode Interface Configuration (VLAN) mode. User Guidelines The virtual router IP addresses must be a valid host address on the local subnet based on the IP address and subnet mask configured on the VLAN interface. The VRRP IP address cannot be either the broadcast address or a network address. To configure vrrp, perform the following steps: 1 Enable ip routing in global configuration mode. 2 Enable ip vrrp globally. 3 Set an IP address on the desired interface where VRRP is to be configured.
• vr-id — The virtual router identifier. (Range: 1-255) Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example enables the virtual router for VLAN 15.
User Guidelines As per the VRRP RFC, when preemption is enabled, the backup router discards the advertisements until the masterdowntimer starts. This feature requires immediate sending of advertisements when the preemption case occurs and the delay is 0. This is a violation according to the RFC 3768. Delay, if configured, will cause the VRRP router to wait the specified number of seconds before issuing an advertisement claiming master ownership.
User Guidelines The VRRP router with the highest numerical value for priority will become the VR master. When the VRRP priorities are equal, the router with the numerically highest IP address will win the election and become master. If the VRRP router is the owner of the VR IP address, its priority will be 255, and this value cannot be changed. Example The following example sets the priority value for the virtual router 5 on VLAN 15.
Example The following example sets the frequency at which the VLAN 15 virtual router 5 sends a virtual router advertisement. console(config-if-vlan15)#vrrp 5 timers advertise 10 vrrp timers learn Use the vrrp timers learn command in Interface Configuration mode to configure the router, when it is acting as backup virtual router for a Virtual Router Redundancy Protocol (VRRP) group, to learn the advertisement interval used by the master virtual router.
vrrp track interface Use the vrrp track interface command in Interface Configuration mode to alter the priority of the VRRP router based on the availability of its interfaces. It is useful for tracking interfaces that are not configured for VRRP. Only routing interfaces may be tracked. A tracked interface is up if routing on that interface is up. Otherwise, the tracked interface is down.
Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example adds VLAN 2 to the virtual router tracked list (with a priority decrement value of 20.) (config-if-vlan10)#vrrp 1 track interface vlan 2 decrement 20 vrrp track ip route Use the vrrp track ip route command to track the route reachability. When the tracked route is deleted, the priority of the VRRP router is decremented by the value specified in the priority argument.
Default Configuration There are no routes tracked by default. The default decrement priority is 10. Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example The following example adds the route 2.2.2.0/24 to the virtual router tracked list (with a priority decrement value of 20). console(config-if-vlan10)#vrrp 1 track ip route 2.2.2.
User Guidelines This command has no user guidelines. Example The following example displays detailed VRRP status. console# show vrrp Admin Mode..................................... Router Checksum Errors......................... Router Version Errors.......................... Router VRID Errors............................. Vlan 7 – Group 1 Primary IP Address............................. VMAC Address................................... Authentication Type............................ Priority.................
Track Track Track Track Track Track Interface................................ Interface State ......................... Interface DecrementPriority ............. Route (pfx/len) ......................... Route Reachable ......................... Route DecrementPriority ................. vlan 3 Down 20 10.10.10.0/24 False 20 console#show vrrp brief Interface Grp Prio IP Address Mode State --------- --- ---- -------------- ------ -----------V1 1 2 60 0.0.0.0 Disable Initialize V1 2 5 70 192.168.5.
Example The following example displays all configuration information about the VLAN 15 virtual router. console#show vrrp interface vlan 15 Vlan 7 – Group 1 Primary IP Address........................... 192.168.5.55 VMAC Address................................ 0000.5E00.0101 Authentication Type............................ None Priority....................................... 100 Configured Priority............................ 100 Advertisement Interval (secs).................. 10 Accept Mode..................
Virtual Router Redundancy Protocol v3 Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches VRRPv3 provides address redundancy for both IPv4 and IPv6 router addresses. VRRPv3 support is similar to VRRP support. Table 6-3 provides a summary of the differences. Table 6-3. VRRPv2 and VRRPv3 Differences VRRPv2 VRRPv3 Supports redundancy to IPv4 addresses. Supports redundancy to IPv4 and IPv6 addresses. Supports authentication. Does not support authentication.
fhrp version vrrp v3 Use the fhrp version vrrp v3 command to enable Virtual Router Redundancy Protocol version 3 (VRRPv3) configuration on the switch. To disable the VRRPv3 and possibly enable VRRPv2, use the no form of this command. Syntax fhrp version vrrp v3 no fhrp version vrrp v3 Default Configuration VRRPv3 is not enabled by default.
Syntax vrrp group-id address-family {ipv4 | ipv6} no vrrp group-id address-family {ipv4 | ipv6} • group-id—Virtual router group number. The range is from 1 to 255. • address-family—Specifies the address-family for this VRRP group. • ipv4—(Optional) Specifies IPv4 address. • ipv6—(Optional) Specifies IPv6 address. Default Configuration This command has no default configuration.
• ipv6—(Optional) Indicates the Virtual router group belongs to the IPv6 address family. • vlan vlan-id—(Optional) Indicates the VLAN number to which the Virtual router belongs. • vr-id—(Optional) VRRPv3 Virtual router group number. The range is from 1 to 255. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
V3 Down 222 Track Route(pfx/len) --------------------14.14.14.0/24 Reachable --------True Decrement-Priority -----------------14 accept-mode Use this command to control whether a virtual router in master state will accept packets addressed to the address owner’s Virtual IP address as its own if it is not the Virtual IP address owner. By default this mode is disabled. To disable this function, use the no form of this command.
preempt Use this command to configure the virtual router to preemptively take over as master virtual router for a Virtual Router Redundancy Protocol version 3 (VRRPv3) group if it has higher priority than the current master virtual router. To disable preemption, use the no form of the command. Syntax preempt [delay minimum centiseconds] no preempt • delay minimum centiseconds—(Optional) Number of seconds that the device will delay before issuing an advertisement claiming master ownership.
priority Use this command to set the priority level of the device within a Virtual Router Redundancy Protocol version 3 (VRRPv3) group. The priority level controls which device becomes the master virtual router. To set the priority to the default, use the no form of this command. Syntax priority level no priority • level—Priority of the device within the VRRP group. The range is from 1 to 254. Default Configuration The default priority is 100.
timers advertise Use this command to configure the interval between successive advertisements by the master virtual router in a Virtual Router Redundancy Protocol version 3 (VRRPv3) group. To restore the default value, use the no form of this command. Syntax timers advertise centiseconds no timers advertise • centiseconds—Time interval between successive advertisements by the master virtual router. The unit of the interval is in centiseconds. The valid range is 1 to 4095 centiseconds.
console(config-if-vrrp)#timers advertise 50 shutdown Use the shutdown command to disable a Virtual Router Redundancy Protocol version 3 (VRRPv3) group configuration. Syntax shutdown no shutdown Default Configuration VRRPv3 Groups are disabled by default. Command Mode VRRPv3 Group Configuration mode User Guidelines Use the no shutdown command to update the virtual router state after completing configuration. Command History Command introduced in version 6.6 firmware.
no address ip-address secondary • ip-address—IPv4 or IPv6 address, it can be specified in one of the following formats: ipv4-address, ipv6-link-local-address, ipv6address/prefix-len. • primary—(Optional) Set primary IP address of the VRRPv3 group. • secondary—(Optional) Set additional IP address of the VRRPv3 group. Default Configuration No address is configured by default. If the primary or secondary option is not specified, the primary IP address is set.
console(config)#fhrp version vrrp v3 console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#vrrp group 1 address-family ipv4 console(config-if-vrrp)# address 101.1.0.10 primary console(config-if-vrrp)#no shutdown track interface Use this command to configure tracking of an IP interface for the device within a Virtual Router Redundancy Protocol version 3 (VRRPv3) group. To disable interface tracking, use the no form of the command.
console(config-if-vrrp)#track interface vlan 10 track ip route Use the track ip route command to configure tracking of the IP route for the device within a Virtual Router Redundancy Protocol (VRRPv3) group. To disable object tracking, use the no form of this command. Syntax track ip route ip-address/prefix-len [decrement number] no track ip route ip-address/prefix-len [decrement number] • ip-address/prefix-len—Prefix and prefix length of the route to be tracked.
clear vrrp statistics Use this command to clear VRRP statistical information for given interface of the device within a Virtual Router Redundancy Protocol version 3 (VRRPv3) group and IP address family. Syntax clear vrrp statistics [{ipv4| ipv6} vlan vlan-id vr-id] • ipv4—(Optional) Indicates the Virtual router group belongs to an IPv4 address family. • ipv6—(Optional) Indicates the Virtual router group belongs to an IPv6 address family.
console#clear vrrp statistics show vrrp statistics This command displays statistics for a selected Virtual Router Redundancy Protocol version 3 (VRRPv3) group or displays the global statistics. Syntax show vrrp statistics [{ipv4| ipv6} vlan vlan-id vr-id] • ipv4—(Optional) Indicates the Virtual router group belongs to an IPv4 address family. • ipv6—(Optional) Indicates the Virtual router group belongs to an IPv6 address family.
Example console#show vrrp statistics ipv6 vlan 11 2 Master Transitions............................. New Master Reason.............................. Advertisements Received........................ Advertisements Sent............................ Advertisement Interval Errors.................. IP TTL Errors.................................. Last Protocol Error Reason..................... Zero Priority Packets Received................. Zero Priority Packets Sent.....................
Switch Management Commands 7 Switch management commands are applicable to all Dell EMC Networking.
Application Deployment This section contains commands to manage Dell-supplied or end-user generated applications. application install Use the application install command to install or remove an application. Syntax application install filename [start-on-boot] [auto-restart] [cpu-sharing percent] [max-megabytes max-megabytes] no application install filename • • • • • filename — Name of the file containing the executable or script that is started as a Linux process for the application.
Command Mode Global Configuration User Guidelines Application names may be up to 16 characters in length. The name specified in the application-name parameter must match the filename output of the show application command exactly. Application names are case sensitive. Command History Introduced in version 6.3.0.1 firmware. Example console(config)#no application install support-assist This action will terminate the support-assist agent and remove it permanently from the switch.
Application names may be up to 16 characters in length. The name specified in the application-name parameter must match the filename output of the show application command exactly. Application names are case sensitive. Example console#application start support-assist Command History Introduced in version 6.3.0.1 firmware. Example added in the 6.4 release. application stop Use the application stop command to stop an application if the application is executing on the stack master.
Command History Introduced in version 6.3.0.1 firmware. Example console#application stop support-assist This action will terminate the support-assist agent. Are you sure you wish to continue (Y/N): show application Use the show application command to display installed applications and optionally display application files. Syntax show application [files] • files — Displays the files present in the application directory of the switch’s file system. These applications may or may not be installed.
Max-CPU-Util Configured application CPU utilization limit expressed as a percentage. “None” if unlimited. Max-memory Configured application memory limit in megabytes. “None” if unlimited. The show application files command format displays the following information: Parameter Definition filename Name of the application file. File size Number of bytes the file occupies in the file system. Directory Size Number of bytes for all the files in the application directory.
Auto-Install Commands Auto-Install provides automatic update of the image and configuration of Dell EMC Networking devices on boot up from a TFTP server as controlled by received DHCP options. It plays a critical role in the Dell EMC Networking offering of touchless or low-touch provisioning, in which configuration and imaging of a device is greatly simplified. This is highly desirable as device can be setup with minimum interaction from a skilled technician.
boot auto-copy-sw Use the boot auto-copy-sw command to enable or disable Stack Firmware Synchronization. Use the no form of the command to disable Stack Firmware Synchronization. Syntax boot auto-copy-sw no boot auto-copy-sw Default Configuration Stack firmware synchronization is disabled by default. Command Mode Global Config User Guidelines The configuration on the master switch controls the stack as if it is a single switch.
Command Mode Global Configuration User Guidelines The configuration on the stack master switch controls the stack as if it is a single switch. A stack member with a different version of firmware is not allowed to join the stack. No configuration steps need to be taken on the member switches to downgrade the firmware version. Configuration migration during a downgrade is not assured.
Command Mode Global Configuration mode User Guidelines The configuration on the master switch controls the stack as if it is a single switch. No configuration steps need to be taken on the member switches to enable rebooting the member switches after auto-install downloads a new firmware version.
User Guidelines A configuration file (CLI commands) may be downloaded during the AutoInstall process via DHCP configuration or via UCSB configuration. Refer to the DHCP and USB Auto-Configuration topic in the User’s Configuration Guide for more information. Example console# console#configure console(config)#boot host auto-save console(config)#no boot host auto-save boot host dhcp Use the boot host dhcp command in Global Configuration mode to enable Auto-Install and Auto Configuration on the switch.
Example console# console#configure console(config)#boot host dhcp console(config)#no boot host dhcp boot host retry-count The boot host retry-count command sets the number of attempts to download a configuration. Use the no form of this command to reset the number of attempts to download a configuration to the default. Syntax boot host retry-count count no boot host retry-count • count — The number of attempts to download a configuration (Range: 1–6).
Syntax show auto-copy-sw Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The show switch command also displays the switch firmware synchronization status.
User Guidelines This command has no user guidelines. Example console#show boot Auto-Install Mode.............................. Enabled AutoInstall Operational Mode................... Disabled Auto-Install State............................. AutoInstall is completed. The host retry count value is: 6 Auto Save mode is Disabled Auto Reboot mode is Enabled.
CLI Macro Commands CLI Macros provides a convenient way to save and distribute common configurations. A CLI macro is a set of the CLI commands having a unique name. When a CLI macro is applied, the CLI commands contained within the macro are executed and added to the Running Configuration File. When the macro is applied to an interface, the existing configuration is not lost; the new commands are added configuration.
• profile-compellent-nas, the interface configuration, used when connecting the switch to a Dell Compellent NAS. macro name Use the macro name command in Global Configuration mode to create a user-defined macro. Use the no form of the command to delete a macro. Syntax macro name name no macro name name • name—The name of the macro. A macro name can consist of any printable characters, including blanks and excluding question marks. A macro name may be up to 31 characters in length.
Macro Context Name Service global profile-compellent-nas Configure a port for connection to a Compellent NAS. Command Mode Global Configuration mode User Guidelines The predefined macros are useful in globally configuring the switch or a specific interface in the configuration context indicated. The macros contain a short series of commands with suggested settings for the switch or interface when used in a particular type of service. Macros consist of text commands with one command per line.
Default Configuration No parameters are substituted unless supplied on the command line. Command Mode Global Configuration mode User Guidelines Commands applied are additive in nature. That is, they do not remove existing configuration information by default. macro global trace Use the macro global trace command in Global Configuration mode to apply and trace a macro. The trace command will display each line of the macro as it is executed and list any errors encountered.
Commands applied are additive in nature. That is, they do not remove existing configuration information by default. macro global description Use the macro global description command in Global Configuration mode to append a line to the global macro description. Use the no form of the command to clear the description. Syntax macro global description line • line—The macro description. All text up to the new line is included in the description. Default Configuration There is no description by default.
• value—The string to be substituted within the macro for the specified parameter name. Default Configuration No parameters are substituted unless supplied on the command line. Command Mode Interface Configuration mode User Guidelines Commands applied are additive in nature. That is, they do not remove existing configuration information by default. macro trace Use the macro trace command in Interface Configuration mode to apply and trace a macro.
User Guidelines The line number of the first error encountered is printed. The script is aborted after the first error. Commands applied are additive in nature. That is, they do not remove existing configuration information by default. macro description Use the macro description command in Interface Configuration mode to append a line to the macro description. Use the no form of the command to clear the description. Syntax macro description line • line—The macro description.
• • • • • brief—Shows the list of defined macros and their type. description—Shows the macro descriptions. name—Shows an individual macro, including its contents. macro—The name of the macro to display. interface-id—The interface for which to show the macro description. Default Configuration No parameters are substituted unless supplied on the command line.
Clock Commands Real-time Clock The Dell EMC Networking supports a real-time clock that maintains the system time across reboots. The system time is used to timestamp messages in the logging subsystem as well as for the application of time based ACLs. The administrator has the ability to configure and view the current time, time zone, and summer time settings. The earliest date that can be configured is Jan 1, 2010.
show sntp configuration Use the show sntp configuration command to show the configuration of the Simple Network Time Protocol (SNTP). Syntax show sntp configuration Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Loopback interfaces are not supported on the N1100-ON Series switches. Example The following example displays the current SNTP configuration of the device.
Syntax show sntp server Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples console#show sntp server Server Server Server Server Server Server Server Host Address: Type: Stratum: Reference Id: Mode: Maximum Entries: Current Entries: 2001::01 IPv6 2 NTP Srv: 158.108.96.
Last Update Time: Dec 22 07:30:31 2009 Last Attempt Time: Dec 22 07:32:41 2009 Last Update Status: Server Unsynchronized Total Unicast Requests: 157 Failed Unicast Requests: 2 show sntp status Use the show sntp status command to show the status of the Simple Network Time Protocol (SNTP). Syntax show sntp status Default Configuration This command has no default configuration.
sntp authenticate Use the sntp authenticate command in Global Configuration mode to require server authentication for received Network Time Protocol (NTP) traffic. To disable the feature, use the no form of this command. Syntax sntp authenticate no sntp authenticate Default Configuration No authentication. Command Mode Global Configuration mode User Guidelines The command is relevant for both Unicast and Broadcast.
• value—value (Range: 1-8 characters) Default value No authentication is defined. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Examples The following examples define the authentication key for SNTP.
Example The following example enables a Simple Network Time Protocol (SNTP) Broadcast client. console(config)# sntp broadcast client enable sntp client poll timer Use the sntp client poll timer command in Global Configuration mode to set the polling time for the Simple Network Time Protocol (SNTP) client. To return to the default settings, use the no form of this command. Syntax sntp client poll timer seconds no sntp client poll timer • seconds — Polling interval.
sntp server Use the sntp server command in Global Configuration mode to configure an SNTP server address or a host name. The server address can be either an IPv4 address or an IPv6 address. Use the no form of this command to unconfigure an SNTP server address or a host name. Syntax sntp server {ip-address | ipv6-address | hostname} [priority priority][key key_id][poll] no sntp server {ip-address | ipv6-address | hostname} • • • • • ip-address — IP address of the server. hostname — Hostname of the server.
Example The following example configures the device to accept Simple Network Time Protocol (SNTP) traffic from the server at IP address 192.1.1.1. console(config)# sntp server 192.1.1.1 sntp source-interface Use the sntp source-interface command to select the interface from which to use the IP address in the source IP address field of transmitted SNTP packets. Use the no form of the command to revert to the default IP address.
Example console#conf console(config)#interface vlan 1 console(config-if-vlan1)#ip address dhcp console(config-if-vlan1)#exit console(config)#sntp source-interface vlan 1 sntp trusted-key Use the sntp trusted-key command in Global Configuration mode to authenticate the identity of a system to which Simple Network Time Protocol (SNTP) will synchronize. To disable authentication of the identity of the system, use the no form of this command.
sntp unicast client enable Use the sntp unicast client enable command in Global Configuration mode to enable a client to use Simple Network Time Protocol (SNTP) predefined Unicast clients. To disable an SNTP Unicast client, use the no form of this command. Syntax sntp unicast client enable no sntp unicast client enable Default Configuration The SNTP Unicast client is disabled. Command Mode Global Configuration mode User Guidelines Use the sntp server command to define SNTP servers.
Command Mode Global Configuration User Guidelines It is advisable to set both the time and date. Examples console(config)#clock set 19:20:31 console(config)#clock set 04/01/2019 clock timezone hours-offset Use the clock timezone [hours-offset] [minutes minutes-offset] [zone acronym] command to set the offset to Coordinated Universal Time (UTC). If the optional parameters are not specified, they will be read as either '0' or '\0, as appropriate.
no clock timezone Use the no clock timezone command to reset the time zone settings. Syntax no clock timezone Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines This command has no specific user guidelines.
• • offset — Number of minutes to add during the summertime. (Range:1– 1440) acronym — The acronym for the time zone to be displayed when summertime is in effect.
• acronym — The acronym for the time zone to be displayed when summertime is in effect. (Range: Up to four upper or lower case alphabetic characters) Default Configuration This command has no default configuration.
Example console(config)#no clock summer-time show clock Use the show clock command to display the time and date from the system clock. Use the show clock detail command to show the time zone and summertime configuration. Syntax show clock [detail] Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Begins at first Sunday of April at 2:00. Ends at last Sunday of October at 2:00. Offset is 60 minutes.
Command Line Configuration Scripting Commands The Configuration Scripting feature allows the user to generate textformatted files representing the current system configuration. These configuration script files can be uploaded to a computer and edited, then downloaded to the system and applied to the system. This feature allows the flexibility of creating command configuration scripts that can be applied to several switches with minor or no modifications.
Example The following example applies the config.scr script to the switch. console#script apply config.scr script delete Use the script delete command to delete a specified script. Syntax script delete {scriptname | all} • scriptname — Script name of the file being deleted. (Range 1-31 characters) Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example displays all scripts present on the switch. console#script list Configuration Script Name Size(Bytes) -------------------------------- ----------0 configuration script(s) found. 2048 Kbytes free. script show Use the script show command to display the contents of a script file.
Example The following example displays the contents of the script file config.scr. console#script show config.scr interface gigabitethernet 1/0/1 ip address 176.242.100.100 255.255.255.0 exit script validate Use the script validate command to validate a script file by parsing each line in the script file.The validate option is intended for use as a tool in script development. Validation identifies potential problems though it may not identify all problems with a given script.
CLI Output Filtering Commands show xxx|include “string” The command xxx is executed and the output is filtered to only show lines containing the "string" match. All other non-matching lines in the output are suppressed. Syntax show xxx|include “string” Default Configuration This command has no default configuration. User Guidelines This command has no user guidelines. Command History Command introduced in version 6.6.0 firmware. Example The following shows an example of the CLI command.
Syntax show xxx|include “string” exclude “string2” Default Configuration This command has no default configuration. User Guidelines This command has no user guidelines. Command History Command introduced in version 6.6.0 firmware. Example The following shows example of the CLI command.
Command History Command introduced in version 6.6.0 firmware. Example The following shows an example of the CLI command. (Routing) #show interface 0/1 Packets Received Without Error................. Packets Received With Error.................... Broadcast Packets Received..................... Receive Packets Discarded...................... Packets Transmitted Without Errors............. Transmit Packets Discarded..................... Transmit Packet Errors......................... Collision Frames........
Command History Command introduced in version 6.6.0 firmware. Example The following shows an example of the CLI command.
(Routing) #show running-config | section “interface 0/1” interface 0/1 no spanning-tree port mode exit show xxx|section “string” “string2” The command xxx is executed and the output is filtered to only show lines included within the section(s) identified by lines containing the “string” match and ending with the first line containing the “string2” match. If multiple sessions matching the specified string match criteria are part of the base output, then all instances are displayed.
Default Configuration This command has no default configuration. User Guidelines This command has no user guidelines. Command History Command introduced in version 6.6.0 firmware.
Configuration and Image File Commands File System Commands CLI commands allow the user to show the contents of the current directory in the flash file system (dir command). These files may also be deleted from the flash using the delete command or renamed with the rename command. Also, the syntax of the copy command has been changed slightly to add additional flash targets and sources for the above commands.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines Use the show bootvar command to find out which image is the active image. Example console#boot system ? active backup Unit to be used for this command executes on this Marks the given image as re-boots. Marks the given image as re-boots. operation. If absent, node. active for subsequent active for subsequent console#show version Machine Description............... System Model ID...
Syntax clear config Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example restores the switch to its default configuration. console#clear config copy Use the copy command to copy files within the switch and to upload and download files from and to the switch.
Parameter Description source-url The location URL or or reserved keyword of the source file being copied. (Range: 1-160 characters.) List of valid source parameters for uploading from the switch: backup-config Uploads Backup Config file. active|backup Uploads code file. log-files Uploads the system logs. operational-log Uploads Operational Log file. running-config Uploads system config file. script Uploads Configuration Script file. startup-config Uploads Startup Config file.
Parameter Description destination-url The URL or reserved keyword of the destination file. (Range: 1-160 characters. List of valid destination parameters for downloading to the switch: application [filename] Download a PYTHON application. backup-config Downloads a backup config file using FTP, SFTP, or TFTP. ca-root [index] A Certificate Authority (CA) root or intermediate X.509 PEM-encoded certificate file. The contents of the source URL are copied into the CAindex.pem file on the switch.
Parameter Description destination-url openflow-ssl-cert (cont.) An OpenFlow client certificate file. The contents of the source URL are copied into the of-cert.pem file on the switch. script Downloads a configuration script by FTP, SFTP, or TFTP. startup-config Downloads a startup configuration file using FTP or TFTP. ias-users Downloads the ias-users database file.
• • • • • filename is extracted from the source url. If the filename has a .tar or .tgz extension, the archive is unpacked in the user-apps directory and deleted after unpacking. If there is an error during unpacking, the file is deleted anyway. If the file name does not include a .tar or .tgz extension, it is simply copied into the user-apps directory as is. username — The user name for logging into the remote server via SSH.
Reserved Keyword Description tftp: Source or destination URL for a TFTP network server. The syntax for this alias is tftp:[[//location]/directory]/filename. An out-ofband IP address can be specified as described in the User Guidelines. usb: Source or destination URL for a file on a mounted USB file system. flash: Source or destination URL for the switch flash-based file system. backup-config Represents the backup configuration file.
Script download performs syntax checking of downloaded scripts. If a syntax error is detected, the user is prompted to save the file. If no error is detected, the file is saved using the target file name. Downloaded scripts are executed from privileged exec mode and should contain a configure command as the first line of the script in order to enter global configuration mode.
Configuration saved! Example – Downloading new code to the switch console#copy tftp://10.27.9.99/jmclendo/N3000-ONv6.0.1.3.stk backup Transfer Mode.................................. Server IP Address.............................. Source File Path............................... Source Filename................................ Data Type...................................... Destination Filename........................... TFTP 10.27.9.99 jmclendo/ N3000-ONv6.0.1.3.
Example – Downloading and applying ias users file console#copy tftp://10.131.17.104/aaa_users.txt ias-users Transfer Mode.................................. TFTP Server IP Address.............................. 10.131.17.104 File Path...................................... ./ File Name...................................... aaa_users.txt Data Type......................................
linux>tar czf ha.tgz hiveagent_pr hiveagent_pr_s On the switch, issue the following command: console#copy tftp://172.25.122.22/ha.tgz application See what files are installed: console#show application files OpEN application process directory contents: 62 53926 53926 74062 1143002 1143002 10517 2544 3461 4465 12464 3729 8707 16358 SupportAssist ah_ha.conf ah_ha.conf_s hiveagent hiveagent_pr hiveagent_pr_s sa-main.pyc saCommitUpl.pyc saGetConfig.pyc saGlobal.pyc saSendChunk.pyc saStartUpl.pyc saSubmitTop.
-rwx -rw -rwx -rwx 62 3461 53926 1143002 Jul Jul May May 19 19 05 05 2016 2016 2016 2016 13:44:02 13:44:01 12:17:12 12:17:12 SupportAssist saGetConfig.pyc ah_ha.conf_s hiveagent_pr Total Size: 215265280 Bytes Used: 2535481 Bytes Free: 212729799 Command History Description and options revised in 6.3.5 release. delete Use the delete command to delete files from flash. Files cannot be deleted from the USB device.
User Guidelines The file name may optionally include the path to the file, e.g., delete crashlogs/crash.0. Example console#delete file1.scr Delete file1.scr (Y/N)?y dir Use the dir command to print the contents of the flash file system or of a subdirectory. Syntax dir [subdir] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines.
-rw-rw- 0 2497 Jan 28 2022 23:05:12 Jan 21 2022 22:37:38 olog0.txt fastpath.cfg Total Size: 1001914368 Bytes Used: 128319488 Bytes Free: 873594880 erase Use the erase command to erase the startup configuration, the backup configuration, or the backup image, or a Dell-supplied application. Syntax erase {filename | startup-config | backup | backup-config | application filename} • • • • • filename—The name of a file on the flash drive.
Syntax filedescr {active | backup} description no filedescr {active | backup} • • active | backup—Image file. description—Block of descriptive text. (Range: 0-128 characters) Default Configuration No description is attached to the active or backup image. Use the show bootvar command to display the image description. Command Mode Privileged Exec mode User Guidelines The description accepts any printable characters except a question mark.
• dest — Destination file name Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines Renaming the image1 or image2 files may cause the switch to not boot. Example console#rename file1.scr file2.scr show backup-config Use the show backup-config command to display the contents of the backup configuration file. Syntax show backup-config Default Configuration This command has no default configuration.
!Current Configuration: !System Description “Dell Networking N4032, 6.0.0.0, Linux 2.6.32.9" !System Software Version 6.0.0.0 !Cut-through mode is configured as disabled ! configure slot 1/0 1 ! Dell Networking N4032 stack member 1 1 ! N4032 exit interface vlan 1 exit snmp-server engineid local 800002a203001122334455 exit show bootvar Use the show bootvar command in User Exec mode to display the active system image file that the device loads at startup. Syntax show bootvar [unit] • unit —Unit number.
Image Descriptions active : backup : Images currently available on Flash unit active backup current-active next-active ----- ------------ ------------ ----------------- ----------------1 6.0.0.0 9.25.16.57 6.0.0.0 6.0.0.0 show running-config Use the show running-config command to display the contents of the currently running configuration file, including banner configuration.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example This example shows the truncated output for the configuration of interface Gi1/0/1. Since the all parameter is given, both the non-default and the default values are shown.
show startup-config Use the show startup-config command to display the startup configuration file contents. Syntax show startup-config Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the contents of the startup-config file.
write Use the write command to copy the running configuration image to the startup configuration. Syntax write Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command is equivalent to the copy running-config startup-config command functionally.
DHCP Client Commands Dell EMC Networking switches support an embedded DHCP client. Any IP interface can use DHCP to obtain an IP address. The DHCP client can run on multiple interfaces simultaneously. For IPv4, an IP interface can either use manually configured addresses or be enabled for DHCP. The options are mutually exclusive. When the operator enables DHCPv4 on an IP interface, all manually configured IP addresses on that interface are removed from the running configuration.
Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines The DHCP client sends a DHCP RELEASE message telling the DHCP server that it no longer needs the IP address, and that the IP address can be reassigned to another client. The interface method does not change and will still be DHCP even after issuing this command.
Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines If the interface has a leased IPv4 address when this command is issued, the DHCP client sends a DHCP REQUEST message telling the DHCP server that it wants to continue using the IP address.
Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command lists all IPv4 addresses currently leased from a DHCP server on an IP interface. This command only applies to IP interfaces. To see the IPv4 address leased on the out-of-band interface, use the command Maximum Next Hops.............................. 16 out-of-band. This command output provides the following information.
Lease: 2 days 23 hrs 47 mins 24 secs Renewal: 1 days 11 hrs 47 mins 24 secs Rebind: 2 days 14 hrs 47 mins 24 secs Retry count: 0 Switch Management Commands 1974
DHCP Server Commands Dell EMC Networking N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches DHCP is based on the Bootstrap Protocol (BOOTP). It also captures the behavior of BOOTP relay agents and DHCP participants can inter operate with BOOTP participants. The host RFC’s standardize the configuration parameters which can be supplied by the DHCP server to the client. After obtaining parameters via DHCP, a DHCP client should be able to exchange packets with any other host in the Internet.
• Using DHCP a centralized management policy can be implemented as the DHCP server keeps information about all the subnets. This allows a system operator to update a single server when configuration changes take place. ip dhcp pool Use the ip dhcp pool command in Global Configuration mode to define a DHCP address pool that can be used to supply addressing information to DHCP clients. Upon successful completion, this command puts the user into DHCP Pool Configuration mode.
In DHCP Pool Configuration mode, the administrator can configure the address space and other parameters to be supplied to DHCP clients. By default, the DHCP server assumes that all addresses specified are available for assignment to clients. Use the ip dhcp excluded-address command in Global Configuration mode to specify addresses that should never be assigned to DHCP clients.
console(config)#service dhcp console (config)#ip dhcp pool “Printer LP32 R1-101” console(config-dhcp-pool)#client-identifier 00:23:12:43:23:54 console(config-dhcp-pool)#host 10.1.1.1 255.255.255.255 console(config-dhcp-pool)#client-name PRT_PCL_LP32_R1-101 Example 2 – Dynamic Address Pool console(config)#service dhcp console(config)#ip dhcp pool “Windows PCs” console(config-dhcp-pool)#network 192.168.21.0 /24 console(config-dhcp-pool)#domain-name power-connect.com console(config-dhcp-pool)#dns-server 192.
clear ip dhcp binding Use the clear ip dhcp binding command to remove automatic DHCP server bindings. Syntax clear ip dhcp binding {ip-address | *} • *—Clear all automatic dhcp bindings. • ip-address—Clear a specific binding. Default Configuration The command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example console#clear ip dhcp binding 1.2.3.
Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example console#clear ip dhcp conflict * client-identifier Use the client-identifier command in DHCP Pool Configuration mode to identify a Microsoft DHCP client to be manually assigned an address. Use the no form of the command to remove the client identifier configuration. Syntax client-identifier unique-identifier no client-identifier • unique-identifier—The identifier of the Microsoft DHCP client.
Example console(config-dhcp-pool)#client-identifier 01:03:13:18:22:33:11 console(config-dhcp-pool)#host 192.168.21.34 32 client-name Use the client-name command in DHCP Pool Configuration mode to specify the host name of a DHCP client. Use the no form of the command to remove the client name configuration. Syntax client-name name no client-name • name—The name of the DHCP client. The client name is specified as up to 31 printable characters. Default Configuration There is no default client name.
default-router Use the default-router command in DHCP Pool Configuration mode to set the IPv4 address of one or more routers for the DHCP client to use. Use the no form of the command to remove the default router configuration. Use the show ip dhcp pool command to display pool configuration parameters. Syntax default-router {ip-address1}[ip address2] no default-router • ip-address1—The IPv4 address of the first default router for the DHCP client.
• ip-address1—A valid IPv4 address. Default Configuration This command has no default configuration. Command Mode IP DHCP Pool Configuration mode User Guidelines This command has no user guidelines. domain-name (IP DHCP Pool Config) Use the domain-name command in IP DHCP Pool Configuration mode to set the DNS domain name which is provided to a DHCP client by the DHCP server. The DNS name is an alphanumeric string up to 255 characters in length. Use the no form of the command to remove the domain name.
Syntax hardware-address hardware-address no hardware-address • hardware-address—MAC address of the client. Either the XXXX.XXXX.XXXX or XX:XX:XX:XX:XX:XX form of MAC address may be used where X is a hexadecimal digit. Default Configuration There are no default MAC address manual bindings. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters.
• prefix-length—A decimal number ranging from 1-30. Default Configuration The default is a 1 day lease. Command Mode DHCP Pool Configuration mode User Guidelines Use the client-identifier or hardware-address command prior to using this command for an address pool. Use the show ip dhcp pool command to display pool configuration parameters. Example console(config-dhcp-pool)#client-identifier 00:23:12:43:23:54 console(config-dhcp-pool)#host 192.168.21.
User Guidelines This command has no user guidelines. Example console#ip dhcp bootp automatic ip dhcp conflict logging Use the ip dhcp conflict logging command in Global Configuration mode to enable DHCP address conflict detection. Use the no form of the command to disable DHCP conflict logging. Syntax ip dhcp conflict logging no ip dhcp conflict logging Default Configuration Conflict logging is enabled by default.
Syntax ip dhcp excluded-address low-address {high-address} no ip dhcp excluded-address low-address {high-address} • low-address —An IPv4 address indicating the starting range for exclusion from automatic DHCP address assignment. • high-address—An IPv4 address indicating the ending range for exclusion from automatic DHCP address assignment. The high-address must be numerically greater than the low-address.
• count—The number of ping packets sent to detect an address in use. The default is 2 packets. Range 0, 2-10. A value of 0 turns off address detection. Use the no form of the command to return the setting to the default value. Default Configuration The command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
Default Configuration The default lease is 1 day. Command Mode DHCP Pool Configuration mode User Guidelines The Dell EMC Networking DHCP server does not offer infinite duration DHCP leases. The maximum lease offered is 60 days, which corresponds to an “infinite” setting in the UI. Example The following examples sets a lease period of 1 day, 12 minutes and 59 seconds. console(config)#ip dhcp pool asd console(config-dhcp-pool)#network 10.0.0.0 255.0.0.
Default Configuration There is no default name server configured. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. Up to eight name server addresses may be specified. The NetBIOS WINS information is conveyed in the Option 44 TLV of the DHCP OFFER, DCHP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages. Example console(config-dhcp-pool)#netbios-name-server 192.168.21.1 192.168.22.
User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. The NetBIOS node type information is conveyed in the Option 46 TLV of the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages.
next-server Use the next-server command in DHCP Pool Configuration mode to set the IPv4 address of the TFTP server to be used during auto-install. Use the no form of the command to remove the next server configuration. Syntax next-server ip-address no next-server • ip-address—The IPv4 address of the TFTP server to use during autoconfiguration. Default Configuration There is no default IPv4 next server configured.
Syntax option code {ascii string1|hex[string1...string8]|ip[ip-address1...ipaddress8]} no option code • code—The DHCP TLV option code. • ascii string1—An ASCII character string. Strings with embedded blanks must be wholly contained in quotes. • hex string1—A hexadecimal string containing the characters [0-9A-F]. The string should not begin with 0x. A hex string consists of two characters which are parsed to fill a single byte. Multiple values are separated by blanks.
• 0x12 - TLV length - 18 bytes • 0x05 - Sub-option code 5 • 0x10 - Sub-option length - 16 bytes • 0x6175746f696e7374616c6c5f646863.70 - Sub-option value “autoinstall_dhcp” Options that accept only fixed length strings need only have the relevant data bytes specified on the command line. The switch will build the TLV and insert the specified data bytes into the option.
Table 7-1.
Table 7-1.
Table 7-1. Option Codes and Lengths (continued) Option Code Fixed Length Minimum Length Multiple Of 76 (STDA Server) – 4 4 Options 19, 20, 27, 29, 30, 31, 34, 36, and 39 only accept hex 00 or hex 01 values. Example console(config-dhcp-pool)#option console(config-dhcp-pool)#option console(config-dhcp-pool)#option console(config-dhcp-pool)#option console(config-dhcp-pool)#option 4 ascii “ntpservice.com “ 42 ip 192.168.21.
sntp Use the sntp command in DHCP Pool Configuration mode to set the IPv4 address of the NTP server to be used for time synchronization of the client. Use the no form of the command to remove the NTP server configuration. Syntax sntp ip-address no sntp • ip-address—The IPv4 address of the NTP server to use for time services. Default Configuration There is no default IPv4 NTP server configured.
Default Configuration The command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console(config)# show ip dhcp binding IP address Hardware Address Expires ----------------------------------10.10.10.
User Guidelines This command has no user guidelines. show ip dhcp global configuration Use the show ip dhcp global configuration command to display the DHCP global configuration. Syntax show ip dhcp server statistics Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. show ip dhcp server statistics Use the show ip dhcp server statistics command to display the DHCP server binding and message counters. Syntax show ip dhcp server statistics Default Configuration This command has no default configuration.
--------------DHCP OFFER..................................... 132 DHCP ACK....................................... 132 DHCP NACK......................................
DHCPv6 Server Commands Dell EMC Networking N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches clear ipv6 dhcp Use the clear ipv6 dhcp command to clear DHCPv6 statistics for all interfaces or for a specific interface. Syntax clear ipv6 dhcp {statistics | interface vlan vlan-id statistics} • vlan-id — Valid VLAN ID. • statistics — Indicates statistics display if VLAN is specified. Default Configuration This command has no default configuration.
Syntax dns-server ipv6-address no dns-server ipv6-address • ipv6-address —Valid IPv6 address. Default Configuration This command has no default configuration. Command Mode IPv6 DHCP Pool Configuration mode User Guidelines This command has no user guidelines. domain-name (IPv6 DHCP Pool Config) Use the domain-name command in IPv6 DHCP Pool Configuration mode to set the DNS domain name which is provided to a DHCPv6 client by the DHCPv6 server. DNS domain name is configured for stateless server support.
Example The following example sets the DNS domain name “test”, which is provided to a DHCPv6 client by the DHCPv6 server. console(config)#ipv6 dhcp pool addrpool console(config-dhcp6s-pool)#domain-name test console(config-dhcp6s-pool)#no domain-name test ipv6 dhcp pool This capability requires the IPv6 DHCP service to be enabled. Use the service dhcpv6 command to enable the DHCPv6 service. Use the ipv6 dhcp pool command in Global Configuration mode to enter IPv6 DHCP Pool Configuration mode.
ipv6 dhcp relay Use the ipv6 dhcp relay command in Interface Configuration mode to configure an interface for DHCPv6 relay functionality. Syntax ipv6 dhcp relay {destination relay-address [interface vlan vlan-id] | interface vlan vlan-id} | remote-id {duid-ifid | user-defined-string} no ipv6 dhcp relay • destination — Keyword that sets the relay server IPv6 address. • relay-address — An IPv6 address of a DHCPv6 relay server. • interface — Sets the relay server interface. • vlan-id — A valid VLAN ID.
Up to 10 relay destinations may be configured per interface. If a destination relay address has global scope, then the interface option (option 18) is not required. If the destination relay address scope is link local (FE80::) or multicast (FF00::/8), then the destination interface option (Option 18) must be configured. If no relay destination is configured, then a relay interface must be configured and the DHCPV6-ALLAGENTS multicast address (i.e.
Command Mode Interface Configuration (VLAN, Tunnel) mode User Guidelines This feature requires the IPv6 DHCP service. Enable the IPv6 DHCP service using the service dhcpv6 command. The ipv6 dhcp server command enables DHCP for IPv6 service on a specified interface using the pool for prefix delegation and other configuration through that interface. The rapid-commit keyword enables the use of the two-message exchange for prefix delegation and other configuration.
prefix-delegation Use the prefix-delegation command in IPv6 DHCP Pool Configuration mode to define multiple IPv6 prefixes within a pool for distributing to specific DHCPv6 Prefix delegation clients. Syntax prefix-delegation ipv6-prefix/prefix-length client-DUID [name hostname] [valid-lifetime {valid-lifetime | infinite}] [preferred-lifetime {preferredlifetime | infinite}] no prefix-delegation ipv6-prefix/prefix-length • prefix/prefix-length—Delegated IPv6 prefix. • client-DUID—Client DUID (e.g.
Example The following example defines a Multiple IPv6 prefix and client DUID within a pool for distributing to specific DHCPv6 Prefix delegation clients. console(config)#ipv6 dhcp pool addrpool console(config-dhcp6s-pool)#prefix-delegation 2020:1::1/64 00:01:00:09:f8:79:4e:00:04:76:73:43:76 The following example defines a unique local address prefix with the MAC address 00:1D:BA:06:37:64 converted to EUI-64 format and a preferred lifetime of 5 days.
show ipv6 dhcp Use the show ipv6 dhcp command to display the DHCPv6 server name and status. Syntax show ipv6 dhcp Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The DUID value of the server will only appear in the output when a DHCPv6 lease is active. Example The following example displays the DHCPv6 server name and status.
Command Mode Privileged Exec and User Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the configured DHCP pool based on the entered IPv6 address. console#show ipv6 dhcp binding 2020:1:: show ipv6 dhcp interface Use the show ipv6 dhcp interface command in User Exec or Privileged Exec mode to display configuration and status information about an IPv6 DHCP specified interface or all interfaces.
The command output provides the following information for an interface configured in client mode. Not all fields will be shown for an inactive client. Term Description Mode Displays whether the specified interface is in Client, Relay, or Server mode. State State of the DHCPv6 Client on this interface. The valid values are: INACTIVE, SOLICIT, REQUEST, ACTIVE, RENEW, REBIND, RELEASE. Server DUID DHCPv6 Unique Identifier of the DHCPv6 Server on this interface.
Examples The following examples display DHCPv6 information for VLAN 11 when configured in relay mode. console#show ipv6 dhcp interface tunnel IPv6 Interface................................. Mode........................................... Relay Addresses................................ Relay Remote ID................................ Option Flags................................... tunnel 5 Relay :: vlan 110 lvl7india console#show ipv6 dhcp interface vlan 2047 IPv6 Interface.................................
IPv6 Interface................................. Mode........................................... State.......................................... Server DUID.................................... 00:03:00:01:00:13:c4:db:6c:00 T1 Time........................................ T2 Time........................................ Interface IAID................................. Leased Address................................. Preferred Lifetime............................. Valid Lifetime.................................
Total DHCPv6 Packets Transmitted............... 0 console#show ipv6 dhcp interface vlan 10 statistics DHCPv6 Client Interface Vl10 Statistics --------------------------------------------------------DHCPv6 Advertisement Packets Received................. 0 DHCPv6 Reply Packets Received......................... 0 Received DHCPv6 Advertisement Packets Discarded....... 0 Received DHCPv6 Reply Packets Discarded............... 0 DHCPv6 Malformed Packets Received.....................
console#show ipv6 dhcp pool test DHCPv6 Pool: test show ipv6 dhcp statistics Use the show ipv6 dhcp statistics command in User Exec mode to display the global DHCPv6 server and relay statistics. Syntax show ipv6 dhcp statistics Default Configuration This command has no default configuration. Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the DHCPv6 server name and status.
DHCPv6 Relay-reply Packets Transmitted......... 0 DHCPv6 Relay-forward Packets Transmitted....... 0 Total DHCPv6 Packets Transmitted...............
HiveAgent Commands The commands in this section enable configuration of the Dell HiveAgent. HiveAgent commands are not supported on the N2200 or N3200 Series switches. eula-consent Use the eula-consent command to accept or decline the end-user license agreement (EULA) for the hive agent. If accepted, the latest version of the HiveAgent starts. If declined, all Hive Agent applications are stopped.
This command can be executed multiple times. It overwrites the previous information each time. The collected information is stored in the runningconfig. The administrator must write the configuration in order to persist it across reboots. If the administrator clears the config, this information must be reconfigured. Command History Introduced in version 6.3.0.1 firmware.
Command Mode Global Configuration User Guidelines This command enters HiveAgent Configuration mode. It allows the administrator to configure HiveAgent information. The configured information is stored in the running config. Use the write command to save the information into the startup-config. Command History Introduced in version 6.3.0.1 firmware. Example In this example, the HiveAgent EULA has been accepted.
server-name — The name of the server. The server name has a maximum length of 20 characters. Any printable character other than a question mark may be used in the server name. Enclose the server name in quotes if an embedded blank is desired in the server name. Default Configuration The default server HiveManagerNG is configured. Command Mode HiveAgent Configuration User Guidelines The server-name is used as a reference only and is not required to be used as part of a URL definition.
Command Mode HiveAgent Configuration mode User Guidelines This command enables HiveAgent debug. Command History Command introduced in version 6.5 firmware. Example console(config)#hiveagent console(conf-hiveagent)#debug enable Use the enable command to enable a HiveAgent server. Use the no form of the command to disable a HiveAgent server. Syntax enable no enable Default Configuration By default, the default server is enabled. It may be disabled using the no enable form of the command.
Example console(config)# hiveagent console(conf-hiveagent)#server HiveManagerNG console(conf-hiveagent-HiveManagerNG)#enable proxy-ip-address Use the proxy-ip-address command to configure a proxy server to be used to contact the HiveManager NG. Use the no form of the command to remove the proxy server information.
User Guidelines Passwords are always stored and displayed as encrypted, even if entered in unencrypted format. Example console(config)#support-assist console(conf-support-assist)#server 10.0.0.1 console(conf-support-assist-10.0.0.1)#proxy-ip-address 10.0.0.2 port 1025 username admin password 0 password Command History Introduced in version 6.3.0.1 firmware.
Command History Command introduced in version 6.5 firmware. Example console(config)#interface vlan 1 console(conf-vlan1)#ip address 172.16.32.11 /24 console(conf-vlan1)#exit console(config)#hiveagent console(conf-hiveagent)#source interface vlan-id 1 url Use the url command to configure the URL to reach on HiveManager NG. Use the no form of the command to remove the URL information.
Example console(config)#hiveagent console(conf-hiveagent)" server HiveManagerNG console(conf-hiveagent-HiveManagerNG)#url cloud-rd.aerohive.com show hiveagent debug Use the show hiveagent debug command to view information on HiveAgent debug configuration. Status may also be obtained from the HiveManager NG web page. Syntax show hiveagent debug Default Configuration This command has no defaults.
Default Configuration This command has no defaults. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The source VLAN must have an IP address assigned for it to be used by HiveAgent. Command History Command introduced in version 6.5 firmware. Example console(config)# hiveagent console(conf-hiveagent)#source interface vlan-id 1 show hiveagent status Use the show hiveagent status command to display information on the HiveAgent configuration.
Command History Introduced in version 6.3.0.1 firmware. Example console# show hiveagent status HiveAgent: Enabled EULA: Accepted HiveManager Server Name: HiveManagerNG HiveManager NG (enabled): HiveAgent Version.............................. HiveAgent Status............................... HiveAgent AssociationUrl....................... HiveAgent AssociationMethod.................... HiveAgent PollUrl.............................. HiveAgent RedirectorFQDN....................... HiveAgent RedirectorResponse.
Command History Introduced in version 6.3.0.1 firmware. Example console#show eula-consent hiveagent HiveAgent EULA has been: Accepted This switch includes a feature that enables it to work with HiveManager (an optional management suite), by sending the switch’s service tag number to HiveManager to authenticate your entitlement to use HiveManager.
IP Addressing Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Interfaces on the Dell EMC Networking switches support a variety of capabilities to support management of the switch. In addition to performing switching and routing of network traffic, Dell EMC Networking switches act as a host for management of the switch.
Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example deletes all entries from the host name-to-address cache. console#clear host * clear ip address-conflict-detect Use the clear ip address-conflict-detect command to clear the address conflict detection status in the switch. Syntax clear ip address-conflict-detect [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates.
interface out-of-band Use the interface out-of-band command to enter into OOB interface configuration mode. Syntax interface out-of-band Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines This command is not available on the N1100-ON/N1500/N2000/N2100ON/N2200-ON Series switches.
• subnet-mask — Subnet mask of the interface • prefix-length — Length of the prefix. Must be preceded by a forward slash (/). (Range: 1-30 bits) • secondary — Indicates the IP address is a secondary address. Default Configuration The N1100/N1500/N2000/N2100-ON/N2200-ON default IPv4 address assignment method is DHCP on VLAN 1. The N3000-ON/N3100-ON/N3200-ON default IPv4 address assignment method on VLAN 1 is none, and the default address assignment on the outof-band port is DHCP.
A VLAN interface configured for DHCP address assignment will send the following text string in DHCP Option 60 of the DHCPDISCOVER message to assist the DHCP server in identification of the switch: "DellEMC;;;". The left and right angle brackets and quotation marks are not sent. An example option 60 string might be: DellEMC;N2128PX-ON;6.5.2.0;TW06G93K282986CR0040 IP addresses assigned to Ethernet interfaces support up to 31 bit subnet masks.
Command Mode Interface (Out-of-Band) Configuration mode User Guidelines When setting the netmask/prefix length on an IPv4 address, a space is required between the address and the mask or prefix length. Setting an IP address on the out-of-band port enables switch management over the out-ofband port. The ip address none command clears the currently assigned IPv4 address and sets the IP address configuration method to none.
ip address-conflict-detect run Use the ip address-conflict-detect run command in Global Configuration mode to trigger the switch to run active address conflict detection by sending gratuitous ARP packets for IPv4 addresses on the switch. Syntax ip address–conflict–detect run Default Configuration This command has no default configuration. Command Mode Global Configuration mode, Virtual Router Configuration mode.
Default Configuration DHCPv4 is disabled by default on routing interfaces. Command Mode Interface (VLAN) Configuration mode User Guidelines This command only applies to VLAN routing interfaces. When DHCP is enabled on a routing interface, the system automatically deletes all manually configured IPv4 addresses on the interface. • The command no ip address removes the interface’s primary address (Manual/DHCP) including the secondary addresses, if configured, and sets the Interface method to None.
Examples To enable DHCPv4 on vlan 2: console#config console(config)#interface vlan 2 console(config-if-vlan2)#ip address dhcp ip default-gateway Use the ip default-gateway command to configure a default gateway (router). Syntax ip default-gateway ip-address no ip default-gateway ip-address • ip-address—Valid IPv4 address of an attached router. Default Configuration No default gateway is defined.
Virtual Router Configuration mode is only available on the Dell EMC Networking N3000-ON/N3100-ON/N3200-ON switches. Setting a default gateway on the in-band network may make indirectly connected hosts on the out-of-band network unreachable. Dell EMC N1100ON switches support configuration of a single default gateway. If a subsequent gateway is configured, the prior configuration is overwritten. Dell EMC N1100-ON switches do not support routing. Example The following example sets the default-gateway to 10.1.
ip domain-name Use the ip domain-name command in Global Configuration mode to define a default domain name used to complete unqualified host names. To delete the default domain name, use the no form of this command. Syntax ip domain-name name no ip domain-name • name — Default domain name used to complete an unqualified host name. Do not include the initial period that separates the unqualified host name from the domain name (Range: 1-255 characters).
• name — Host name. • address — IP address of the host. Default Configuration No host is defined. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines a static host name-to-address mapping in the host cache. console(config)#ip host accounting.dell.com 176.10.23.1 ip name-server Use the ip name-server command in Global Configuration mode to define available IPv4 or IPv6 name servers.
User Guidelines Server preference is determined by entry order. Up to eight servers can be defined in one command or by using multiple commands. Use the show hosts command to display the configured name servers. Example The following example sets the available name server. console(config)#ip name-server 176.16.1.
User Guidelines The source interface must have an assigned IP address (assigned either manually or via another method such as DHCP). The use of a source interface allows firewalls devices to identify DNS packets as coming from a specific switch. If the source interface is not specified, the primary address of the outbound interface is used as the source interface. If the specified interface is down, the DNS client falls back to it’s original (unconfigured) behavior.
Syntax ipv6 address {prefix/prefix-length [eui64] | autoconfig | dhcp} no ipv6 address • prefix — The IPv6 address to be configured. • prefix-length — Designates how many of the high-order contiguous bits of the address make up the prefix. • eui64 — The optional EUI-64 field designates that IPv6 processing on the interfaces is enabled using an EUI-64 interface ID in the low order 64 bits of the address. If this option is used, the value of prefix_length must be 64 bits.
The optional eui64 parameter indicates that the IPv6 address is configured to use the EUI-64 interface ID in the low order 64 bits of the address. If this parameter is specified, the prefix-length must be 64. Example Configure IPv6 routing on vlan 10 and obtain an address via DHCP. Assumes vlan 10 already exists.
• dhcp—Obtain the prefix via DHCP. Default Configuration No address is assigned to the out-of-band interface by default. Command Mode Interface (out-of-band) Configuration mode User Guidelines When DHCPv6 is enabled on the Out-of-Band interface, the system automatically deletes all manually configured IPv6 addresses on the interface. DHCPv6 can be enabled on the Out-of-Band interface only when IPv6 auto configuration or DHCPv6 is not enabled on any of the in-band management interfaces.
Command Mode Interface (VLAN) Configuration mode User Guidelines This command only applies to VLAN routing interfaces. When DHCPv6 is enabled on a VLAN routing interface, the system automatically deletes all manually configured IPv6 addresses on the interface. Use the no ipv6 address dhcp command to release a leased address and to disable DHCPv6 on an interface. The command no ipv6 address does not disable the DHCPv6 client on the interface.
User Guidelines Command execution automatically configures the interface with a link-local address. This command is not required if an IPv6 global address is configured on the interface. Example The following example enables IPv6 routing on a VLAN which has not been configured with an explicit IPv6 address.
ipv6 gateway (OOB Configuration) Use the ipv6 gateway command in Interface (out-of-band) Configuration mode to configure the address of the IPv6 gateway. The gateway is used as a default route for packets addressed to network devices not present on the local subnet. Use the no form of the command to remove the gateway configuration. Syntax ipv6 gateway ipv6-address no ipv6 gateway • ipv6-address—An IPv6 address (not a prefix). Default Configuration By default, no IPv6 gateway is configured.
Default Configuration This command has no default configuration. Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays information about IP hosts. console>show hosts Host name: dellswitch Default domain: dell.com Name/address lookup is enabled DNS source interface: loopback 1 Name servers (Preference order): 176.16.1.18 176.16.1.
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. The command provides the following information.
show ip helper-address Use the show ip helper-address command to display IP helper addresses configuration. Syntax show ip helper-address [vrf vrf-name][intf-address] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. • intf-address — IP address of a routing interface in dotted quad notation. (Range: Any valid IP address) Default Configuration This command has no default configuration.
Any dhcp No 0 192.168.40.1 show ipv6 dhcp interface out-of-band statistics Use the show ipv6 dhcp interface out-of-band statistics command to display IPv6 DHCP statistics for the out-of-band interface. Syntax show ipv6 dhcp interface out-of-band statistics Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command is only supported on platforms equipped with an out-of-band port.
show ipv6 interface out-of-band Use the show ipv6 interface out-of-band command to show the IPv6 out-ofband port configuration. Syntax show ipv6 interface out-of-band Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command is only available on switches equipped with an out-of-band interface. Example console(config-if)#show ipv6 interface out-of-band IPv6 Administrative Mode......
Line Commands Authentication commands related to line configuration mode are in DHCP Client Commands. accounting Use the accounting command in Line Configuration mode to apply an accounting method to a line config. Use the no form of the command to return the accounting for the line mode to the default. Syntax accounting {exec|commands} [default|list-name] no accounting • • • • exec—Provides accounting for a user Exec terminal session. commands—Provides accounting for all user-executed commands.
Examples Use the following command to enable exec type accounting for telnet. console(config)#line telnet console(config-telnet)# accounting exec default authorization Use the authorization command to apply a command authorization method to a line config. Use the no form of the command to return the authorization for the line mode to the default.
command and responds with either a PASS or FAIL response. If approved, the command is executed. Otherwise, the command is denied and an error message is shown to the user. If contact with the authorization method fails, then the next method in the list is attempted. Examples Use the following command to enable TACACS command authorization for telnet.
Example The following example specifies the default authentication method when accessing a higher privilege level console. console(config)# line console console(config-line)# enable authentication default exec-banner Use the exec-banner command to enable exec banner on the console, telnet or SSH connection. To disable, use the no form of the command. Syntax exec-banner no exec-banner • MESSAGE — Quoted text Default Configuration This command has no default configuration.
Syntax exec-timeout minutes [seconds] no exec-timeout • • minutes — Integer that specifies the number of minutes. (Range: 0– 65535) seconds — Additional time intervals in seconds. (Range: 0–59) Default Configuration The default configuration is 10 minutes. Command Mode Line (telnet, console, ssh) Configuration mode User Guidelines To specify no timeout, enter the exec-timeout 0 command.
Command Mode Line Interface mode User Guidelines This command has no user guidelines. Example The following example disables the command history function for the current terminal session. console(config-line)# no history history size Use the history size command in Line Configuration mode to change the command history buffer size for a particular line. To reset the command history buffer size to the default setting, use the no form of this command.
console(config-line)#history size 20 line Use the line command in Global Configuration mode to identify a specific line for configuration and enter the line configuration command mode. Syntax line {console | telnet | ssh} • • • console — Console terminal line. telnet — Virtual terminal for remote console access (Telnet). ssh — Virtual terminal for secured remote console access (SSH). Default Configuration This command has no default configuration.
console(config)#line telnet console(config-line)# login authentication Use the login authentication command in Line Configuration mode to specify the login authentication method list for a line (console, telnet, or SSH). To return to the default specified by the authentication login command, use the no form of this command. Syntax login authentication {default | list-name} no login authentication • • default — Uses the default list created with the aaa authentication login command.
login-banner Use the login-banner command to enable login banner on the console, telnet or SSH connection. To disable, use the no form of the command. Syntax login-banner no login-banner • MESSAGE — Quoted text Default Configuration This command has no default configuration. Command Mode Line Configuration User Guidelines This command has no user guidelines. Example console(config-telnet)# no login-banner motd-banner Use the motd-banner command to enable motd on the console, telnet or SSH connection.
Command Mode Line Configuration User Guidelines This command has no user guidelines. Example console(config-telnet)# motd-banner password (Line Configuration) Use the password command in Line Configuration mode to specify a password on a line. To remove the password, use the no form of this command. NOTE: For commands that configure password properties, see Password Management Commands. Syntax password password [encrypted] no password • • password — Password for this level.
Example The following example specifies a password “mcmxxyyy” on a line. console(config-line)# password mcmxxyyy show line Use the show line command to display line parameters. Syntax show line [console | telnet | ssh] • • • console — Console terminal line. telnet — Virtual terminal for remote console access (Telnet). ssh — Virtual terminal for secured remote console access (SSH). Default Configuration This command has no default configuration.
History:....................................... 10 SSH configuration: Remote Connection Login Timeout(mins)(secs).... 10 minutes 0 seconds History:....................................... 10 speed Use the speed command in Line Configuration mode to set the line BAUD rate. Use the no form of the command to restore the default settings. Syntax speed {bps} no speed • bps — BAUD rate in bits per second (bps). The options are 2400, 9600, 19200, 38400, 57600, and 115200.
terminal length Use the terminal length command to set the terminal length. Use the no form of the command to reset the terminal length to the default. Syntax terminal length value no terminal length • value — The length in number of lines. Range: 0–512 Default Configuration This default value is 24. Command Mode Privileged Exec mode User Guidelines Setting the terminal length to 0 disables paging altogether.
PHY Diagnostics Commands show copper-ports tdr Use the show copper-ports tdr command to display the stored information regarding cable lengths. Syntax show copper-ports tdr [interface] • interface — A valid Ethernet interface identifier. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The copper-related commands do not apply to the stacking or 10GBaseT ports.
show fiber-ports optical-transceiver Use the show fiber-ports optical-transceiver command to display the optical transceiver diagnostics. Syntax show fiber-ports optical-transceiver [interface] • interface — A valid SFP, XFP or SFP+ port. Default Configuration This command has no default configuration.
Syntax test copper-port tdr interface • interface — A valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines. This command prompts the user to shut down the port for the duration of the test. Passive or active direct attach SFP/SFP+ cables are not based on 1000BaseT technology and do not support TDR testing. Use the show copper-ports tdr command to view the test results.
Power Over Ethernet Commands Dell EMC Networking PoE N1100P-ON, N1108EP-ON, N1524P, N1548P, N2024P, N2048P, N2124PX-ON, N2148PX-ON, N300EP-ON, N3132PX-ON switches implement the PoE, PoE+, or PoE 60W for power sourcing equipment (PSE), depending on the switch model. IEEE 802.3at allows power to be supplied to Class 4 powered devices (PD) that require power up to 30 Watts or PoE 60W (UPoE) to Class 4 devices on certain ports. This allows deployment of powered devices that require more power than the IEEE 802.
The static power management feature allows operators to reserve a guaranteed amount of power for a PoE port. This is useful for powering up devices which draw variable amounts of power and provide them an assured power range within which to operate. Class based power management allocates power at class limits as opposed to user defined limits. In the Dynamic Power management feature, power is not reserved for a given port at any point of time.
User Guidelines Auto enables the switch to deliver power to the powered device. The power inline management parameter should be set to class-based mode to enable power negotiation via LLDP-MED. Dell EMC Networking PoE-enabled ports should not be connected to other Power Sourcing Equipment (PSE) with PoE enabled. If the switch detects PSE equipment supplying power to a port, PoE power is disabled on the port.
• dot3bt+legacy —Enable 802.3bt, 802.3at, 802.3af and pre-9802.3af device detection. This is only available on the N2200PX-ON/N3200PON/N3200PX-ON/N3200PXE-ON switches. Default Configuration The default value is dot3at+legacy. IEEE 802.3bt+legacy detection is enabled by default for the N2200PX-ON/N3200P-ON/N3200PXON/N3200PXE-ON switches. Command Mode Global Configuration mode User Guidelines If no unit number is specified, the entire stack is configured.
power inline four-pair forced Use this command to force 4-pair power feed on an interface. Use the no form of the command to use the default 2-pair power feed. Syntax power inline four-pair forced no power inline four-pair forced Default Configuration The default detection and power feed is four-pair power for ports that are capable of 60W power delivery. The default detection and power feed is Alt-A two-pair power for ports that are not capable of feeding four-pair power.
Example This example configures forced 60W 4-pair power mode on interface Gi1/0/1 console#configure console(config)#interface gi/10/1 console(config-if-Gi1/0/1)#power inline four-pair forced power inline limit Use the power inline limit command to configure a specific power limit for a port. Use the no form of this command to set the power limit to the default.
The maximum configurable power limit is 30000 milliwatts for two-pair power. The maximum configurable power limit is 60000 milliwatts for fourpair power. The actual power delivered in two-pair or four-pair mode may exceed the user-defined limit. Refer to the Class Power Limits and Margin table in the Dell EMC Networking User’s Configuration Guide for more information. Example This example configures interface Gi1/0/1 to deliver 60W four-pair power.
Temperature (C)................................. 39 Command History Description revised in 6.3.5 release. Command updated in firmware release 6.6.1. power inline management Use the power inline management command in Global Configuration mode to set the power management type. Use the no form of this command to set the management mode to the default.
If no unit is specified, all members of the stack are configured. Static, dynamic and class-based modes differ in how the available power is calculated and how much power may be delivered to the Powered Device. Refer to the PoE section in the User’s Configuration Guide for information on Powered Device detection, power allocation methods, and the PoE guard band. Example In the following example, no port is specified so the command displays global configuration and status of all the ports.
power inline poe-ha Use the power inline poe-ha command to enable Perpetual PoE. Syntax power inline poe-ha [unit unit-id] no power inline poe-ha [unit unit-id] Default Configuration Perpetual PoE is disabled by default. Fast PoE is enabled by default and cannot be disabled. Command Mode Global Configuration mode User Guidelines Perpetual PoE Perpetual PoE allows the switch to supply power to PDs during reboot.
Fast PoE is only available on the N1100EP-ON, N2200PX-ON, N3200P-ON, N3200PX-ON, and N3200PXE-ON Series switches. Command History Command introduced in version 6.4.3 firmware. Command updated in firmware release 6.6.1. Example This example enables Perpetual PoE. console(config)#power inline poe-ha power inline powered-device The power inline powered-device command adds a comment or description of the powered device type to enable the user to remember what is attached to the interface.
power inline priority The power inline priority command configures the port priority level, for the delivery of power to an attached device. The switch may not be able to supply power to all connected devices, so the port priority is used to determine which ports will supply power if adequate power capacity is not available for all enabled ports. For ports that have the same priority level, the lower-numbered port has higher priority.
Syntax power inline reset Default Configuration This command has no default configuration. Command Mode Interface Configuration User Guidelines This command is useful if the port is stuck in an Error state. Power to the powered devices may be interrupted as the port is reset. power inline usage-threshold The power inline usage-threshold command configures the system power usage threshold level at which lower priority ports are disconnected.
User Guidelines If no unit number is specified, all stack members are configured. The power limit beyond which ports are disconnected has a configurable range as a percentage of total available power for the individual unit. The maximum power available is given in the table shown in the power inline management command. The usage threshold check calculates the actual consumed power and compares it against the (unit power maximum multiplied by the threshold)/100.
show power inline Use the show power inline command to report current PoE configuration and status. If no port is specified, the command displays global configuration and status of all the ports. If a port is specified, then the command displays the details for the single port. Use the detailed parameter to show power limits, detection type and high power mode for the interface. The detailed parameter is not available on N2200 and N3200 devices.
Admin Displays the requested power delivery state, which is either Auto or Never. Status Displays the operational state which is one of Off, Searching, On, Faulty, Testing, TestFail, Requesting, or Overload. Class Displays the class power range for a single interface or the (Measured/Assigned) class, which is one of Class0, Class1, Class2, Class3, Class4, Class5, Class6, Class7, Class8, or Unknown. Total Power The switch input power (watts).
Temperature The temperature as detected on the PoE chip (degrees centigrade). If the reported temperature is greater than 205°C, the real temperature is 256°C—the reported temperature. Examples console#show power inline Unit Status =========== Unit........................................... Power.......................................... Total Power.................................... Threshold Power................................ Consumed Power................................. Usage Threshold...........
Short Counter.................................. Denied Counter................................. Absent Counter................................. Invalid Signature Counter...................... Output Voltage (Volts)......................... Output Current (mAmps)......................... Temperature (C)................................ 0 0 0 0 53 0 39 Command History Example updated in 6.4 release. Description and outputs updated in firmware release 6.6.2.
RMON Commands The Dell EMC Networking SNMP component includes an RMON (remote monitoring) agent. RMON is a base technology used by network management applications to manage a network. Troubleshooting and network planning can be accomplished through the network management applications. The network monitor monitors traffic on a network and records selected portions of the network traffic and statistics. The collected traffic and statistics are retrieved using SNMP.
• • • • • event-number—The index of the Event that is used when a rising or falling threshold is crossed. (Range: 1- 65535) delta—The sampling method for the selected variable and calculating the value to be compared against the thresholds. If the method is delta, the selected variable value at the last sample is subtracted from the current value, and the difference compared with the thresholds.
• • • Falling threshold — 10 Rising threshold event index — 1 Falling threshold event index — 1 console(config)#rmon alarm 1 1.3.6.1.2.1.2.2.1.1.10.5 10 50000 10 1 1 rmon collection history Use the rmon collection history command in Interface Configuration mode to enable a Remote Monitoring (RMON) MIB history statistics group on an interface. To remove a specified RMON history statistics group, use the no form of this command. Also see the show rmon collection history command.
User Guidelines This command cannot be executed on multiple ports using the interface range command. Example The following example enables a Remote Monitoring (RMON) MIB history statistics group on port 1/0/8 with the index number “1” and a polling interval period of 2400 seconds. console(config)#interface gigabitethernet 1/0/8 console(config-if-Gi1/0/8)#rmon collection history 1 interval 2400 rmon event Use the rmon event command in Global Configuration mode to configure an event.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures an event with the trap index of 10. console(config)#rmon event 10 log rmon hcalarm Use the rmon hcalarm to configure high capacity alarms.Use the no form of the command to remove the alarm.
• • • • falling-threshold-high value-64—Falling threshold value (−(263) to 263 − 1) falling-event-index—Event to trigger when the rising threshold is crossed (1–65535). startup {rising|falling|rising-falling]—The event that is sent when this entry is first set to active. If the first sample after this entry is configured is greater than or equal to the rising threshold and startup rising or startup rising-falling is configured, a single rising event is generated.
Default Configuration This command has no default configuration. Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays RMON 1 alarms. console> show rmon alarm 1 Alarm 1 ------OID: 1.3.6.1.2.1.2.2.1.10.
Field Description Sample Type The method of sampling the variable and calculating the value compared against the thresholds. If the value is absolute, the value of the variable is compared directly with the thresholds at the end of the sampling interval. If the value is delta, the value of the variable at the last sample is subtracted from the current value, and the difference compared with the thresholds. Startup Alarm The alarm that may be sent when this entry is first set.
Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the alarms summary table: console> show rmon alarms Index OID -------------------------1 1.3.6.1.2.1.2.2.1.10.1 2 1.3.6.1.2.1.2.2.1.10.1 3 1.3.6.1.2.1.2.2.1.10.
Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the entry. Interface The sampled Ethernet interface. Interval The interval in seconds between samples. Requested Samples The requested number of samples to be saved. Granted Samples The granted number of samples to be saved.
Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the event. Description A comment describing this event. Type The type of notification that the device generates about this event. Can have the following values: none, log, trap, log-trap. In the case of log, an entry is made in the log table for each event.
• number—The alarm index (Range: 1-65535) Default Configuration This command has no default configuration. Command Modes Privileged Exec (all show modes) User Guidelines This command has no user guidelines. Example console#show rmon hcalarm 2 Alarm 2 ---------OID: ifInOctets.
Syntax show rmon history index [throughput | errors | other] [period seconds] • • • • • index — The requested set of samples. (Range: 1–65535) throughput — Displays throughput counters. errors — Displays error counters. other — Displays drop and collision counters. period seconds — Specifies the requested period time to display. (Range: 0–2147483647) Default Configuration This command has no default configuration.
Field Description CRC Align The number of packets received during this sampling interval that had a length (excluding framing bits but including FCS octets) between 64 and 1518 octets, inclusive, but had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).
Maximum table size: 270 Time Octets Packets Broadcast -------------------- --------- ----------- -----09-Mar-2005 18:29:32 303595962 357568 3289 09-Mar-2005 18:29:42 287696304 275686 2789 Multicast % -------- -7287 19 5878 20 The following example displays RMON Ethernet Statistics history for errors on index number 1.
Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following table describes the significant fields shown in the display: Field Description Event An index that uniquely identifies the event. Description A comment describing this event. Time The time this entry was created. Example The following examples display the RMON logging table.
Syntax show rmon statistics {gigabitethernet unit/slot/port| port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port} Default Configuration This command has no default configuration.
Field Description Undersize Pkts The total number of packets received less than 64 octets long (excluding framing bits, but including FCS octets) and otherwise well formed. Oversize Pkts The total number of packets received longer than 1518 octets (excluding framing bits, but including FCS octets) and otherwise well formed.
Example The following example displays RMON Ethernet Statistics for port Te1/0/1.
Serviceability Commands Debug commands cause the output of the enabled trace to display on a serial port or telnet console. Note that the output resulting from enabling a debug trace always displays on the serial port. The output resulting from enabling a debug trace displays on all login sessions for which any debug trace has been enabled. The configuration of a debug command remains in effect the whole login session.
no debug aaa { accounting | coa | pod } • • • accounting—Trace events for RADIUS accounting server interactions. coa—Trace events for RADIUS CoA server interactions (such as, RADIUS bounce host port, disable host port, …). pod—Trace events for RADIUS POD (RADIUS Disconnect-Request) server instructions. Default Configuration No debug tracing is enabled by default. Command Mode Global Configuration mode User Guidelines Debug commands should be used with caution.
debug arp Use the debug arp command to enable tracing of ARP packets. Use the no form of this command to disable tracing of ARP packets. Use of the optional vrf parameter executes the command within the context of the VRF specific routing table. Syntax debug arp [vrf vrf-name] no debug arp • vrf-name—The name of the VRF associated with the routing table context used by the command. If no vrf is specified, the global routing table context is used.
debug authentication interface Use this command to enable Authentication Manager debug traces for the interface.Use the no form of this command to set the debug trace to factory default value. Syntax debug authentication {event | all} interface-id no debug authentication {event | all} interface-id • • • event—Traces Authentication Manager debug events. all—Enables all Authentication Manager debugs. interface-id—The interface to trace. Default Configuration Default value is disabled.
no debug auto-voip [H323 | SCCP | SIP] Default Configuration Auto VOIP tracing is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug auto-voip debug bfd Use this command to enable the display of BFD events or packets.
User Guidelines Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. Example console# configure console(config)# vlan 100 console(config-vlan100)# exit console(config)# interface vlan 100 console(config-if-vlan100)# bfd interval 100 min_rx 100 multiplier 5 debug cfm Use the debug cfm command to enable CFM debugging. Use the no form of the command to disable debugging.
User Guidelines Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. Example The following examples enables display of CFM events on the console. console#debug cfm event debug clear Use the debug clear command to disable all debug traces. Syntax debug clear Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode.
Syntax debug console Default Configuration Display of debug traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug console debug crashlog Use this command to display the crash log contents on the console.
• add-param— Default Configuration By default, this command displays all crash logs for the specified index. Command Modes Privileged Exec mode, User Config mode, all show modes User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.2.0.1 firmware. Example This example displays the most recent crash log for the stack master.
r05: r10: r15: r20: r25: r30: 00000000 00000000 00000000 00000000 00000000 00000000 r01: r06: r11: r16: r21: r26: r31: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 r02: r07: r12: r17: r22: r27: 00000000 00000000 00000000 00000000 00000000 00000000 r03: r08: r13: r18: r23: r28: 00000000 00000000 00000000 00000000 00000000 00000000 r04: r09: r14: r19: r24: r29: 00000000 00000000 00000000 00000000 00000000 00000000 $0x083da883$ $0x083c9955$ $0x0804b8f6$ $0x0012e40c$ $0x083c73c3$ $0x
$0839a928$ ewaNetTelnetData + 0x30 $083a7b73$ ewsTelnetParse + 0x2b9 $08387592$ ewsParse + 0x162a $08372fbc$ ewsRun + 0x149 $08395caf$ ewmain + 0x17c $083996de$ emweb_main + 0x1a3 $083d6f71$ osapi_task_wrapper + 0xa6 $00134e99$ ????? $0021873e$ ????? ----------------------------------------- debug dhcp packet Use the debug dhcp packet command to display debug information about DHCPv4 client activities and to trace DHCPv4 packets to and from the local DHCPv4 client.
The second example is for transmit flow. console#debug dhcp packet transmit The third example is for receive flow. console#debug dhcp packet receive debug dhcp server packet Use this command to trace DHCPv4 packets to and from the local DHCPv4 server. To disable debugging, use the no form of this command. Syntax debug dhcp server packet no debug dhcp server packet Default Configuration DHCP server packet tracing is disabled by default.
Syntax debug dot1x packet [receive | transmit] no debug dot1x packet [receive | transmit] Default Configuration Display of dot1x traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug.
User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug igmpsnooping packet debug ip acl Use the debug ip acl command to enable debug of IP Protocol packets matching the ACL criteria. Use the “no” form of this command to disable IP ACL debugging. Syntax debug ip acl acl no debug ip acl acl • acl — The number of the IP ACL to debug.
debug ip bgp To enable debug tracing of BGP events, use the debug ip bgp command. To disable debug tracing, use the no form of this command.
Default Configuration Debug tracing is not enabled by default. By default, debug capability for the the global VRF is configured. Command Mode Global Configuration mode User Guidelines Debug messages are sent to the system log at the DEBUG severity level. To print them on the console, enable console logging at the DEBUG level (logging console debug). The debug options enabled for a specific peer are the union of the options enabled globally and the options enabled specifically for the peer.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode User Guidelines Debug messages are sent to the system log at the DEBUG severity level. To display them on the console, enable console logging at the DEBUG level (logging console debug). Command History Command introduced in version 6.6.0 firmware. debug ip dvmrp Use the debug ip dvmrp to trace DVMRP packet reception and transmission.
User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug ip dvmrp packet debug ip igmp Use the debug ip igmp command to trace IGMP packet reception and transmission. The receive option traces only received IGMP packets and the transmit option traces only transmitted IGMP packets. When neither keyword is used in the command, then all IGMP packet traces are dumped.
debug ip mcache Use the debug ip mcache command for tracing MDATA packet reception and transmission. The receive option traces only received data packets and the transmit option traces only transmitted data packets. When neither keyword is used in the command, then all data packet traces are dumped. Vital information such as source address, destination address, packet length, and the interface on which the packet is received or transmitted is displayed on the console.
Use the no form of this command to disable debug tracing of PIMDM packet reception and transmission. Syntax debug ip pimdm packet [receive | transmit] no debug ip pimdm packet [receive | transmit] Default Configuration Display of PIMDM traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug.
Default Configuration Display of PIMSM traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug ip pimsm packet debug ip vrrp To enable debug tracing of VRRP events, use the debug ip vrrp command in Privileged Exec mode. To disable debug tracing, use the no form of the command.
The debug options enabled for a specific peer are the union of the options enabled globally and the options enabled specifically for the peer. Enabling one of the packet type options enables packet tracing in both the inbound and outbound directions. Command History Command introduced in version 6.6 firmware. debug ipv6 dhcp Use the debug ipv6 dhcp command to display debug information about DHCPv6 client activities and to trace DHCPv6 packets to and from the local DHCPv6 client.
debug ipv6 mcache Use the debug ipv6 mcache command to trace MDATAv6 packet reception and transmission. The receive option traces only received data packets and the transmit option traces only transmitted data packets. When neither keyword is used in the command, then all data packet traces are dumped. Vital information such as source address, destination address, packet length, and the interface on which the packet is received or transmitted is displayed on the console.
packet length, and the interface on which the packet is received or transmitted is displayed on the console. Use the “no” form of this command to disable MLD tracing. Syntax debug ipv6 mld packet [receive | transmit] no debug ipv6 mld packet [receive | transmit] Default Configuration Display of MLD traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution.
User Guidelines Debug output should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug output. Use of debug-level logging when performing operations such as switch failover is not recommended. Debug messages are sent to the system log at the DEBUG severity level. To print them on the console, enable console logging at the DEBUG level (logging console debug). Command History Command introduced in firmware release 6.6.1.
User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug ipv6 pimdm packet debug ipv6 pimsm Use the debug ipv6 pimsm command to trace PIMSMv6 packet reception and transmission. The receive option traces only received PIMSMv6 packets and the transmit option traces only transmitted PIMSMv6 packets.
debug isdp Use the debug isdp command to trace ISDP packet reception and transmission. The receive option traces only received ISDP packets and the transmit option traces only transmitted ISDP packets. When neither keyword is used in the command, then all ISDP packet traces are dumped. Vital information such as source address, destination address, control packet type, packet length, and the interface on which the packet is received or transmitted is displayed on the console.
no debug lacp packet Default Configuration Display of LACP traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug lacp packet debug mldsnooping Use the debug mldsnooping command to trace MLD snooping packet reception and transmission.
Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug mldsnooping debug ospf Use the debug ospf command to enable tracing of OSPF packets received and transmitted by the switch. Use the no form of this command to disable tracing of OSPF packets.
Only IPv4 addresses are supported with the vrf parameter. This command is only available on the N3000-ON/N3100-ON/N3200-ON switches. Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug ospf packet debug ospfv3 packet Use the debug ospfv3 packet command to enable tracing of OSPFv3 packets received and transmitted by the switch.
Example console#debug ospfv3 packet Command History Command introduced in firmware release 6.6.1. debug ping Use the debug ping command to enable tracing of ICMP echo requests and responses. This command traces pings on the network port and on the routing interfaces. Use the no form of this command to disable tracing of ICMP echo requests and responses. Use of the optional vrf parameter executes the command within the context of the VRF specific routing table.
Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example The following example displays. console#debug ping packet debug rip Use the debug rip command to enable tracing of RIP requests and responses. Use the no form of this command to disable tracing of RIP requests and responses. Syntax debug rip packet no debug rip packet Default Configuration Display of RIP traces is disabled by default.
Syntax debug sflow packet no debug sflow packet Default Configuration Display of sFlow traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug sflow packet debug spanning-tree Use the debug spanning-tree command to trace spanning tree BPDU packet reception and transmission.
Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug spanning-tree bpdu debug tacacs Use the debug tacacs command to enable debug tracing of TACACS+ debugging.
Debug messages are sent to the system log at the DEBUG severity level. To print them on the console, enable console logging at the DEBUG level (logging console debug). Command History Command introduced in firmware release 6.6.1. debug transfer Use the debug transfer command to enable debug tracing of file transfers. Syntax debug transfer no debug transfer Default Configuration This command has no default configuration.
debug udld Use the debug udld command to enable the display of UDLD packets or event processing. Use the no form of the command to disable debugging. Syntax debug udld {packet [receive|transmit]|events} no debug udld {packet [receive|transmit]|events} • • • • Packet—Display transmitted and received UDLD packets. Receive—Debug packets received by the switch. Transmit—Debug packets transmitted by the switch. Events—Display UDLD events. Default Configuration By default, debugging is disabled.
no debug vpc [{peer-keepalive [packet]| peer-link {control-message | datamessage} | peer detection | core] • • • • peer-keepalive—Displays the debug traces for the keepalive state machine transitions. The packet option enables debug traces for the keepalive packets exchanged between the MLAG peer devices on the peer link. peer-link—In error cases, enables the debug traces for the control messages or data messages exchanged between the MLAG devices on the peer link.
Syntax debug vrrp all no debug vrrp all Default Configuration The display of VRRP traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. exception core-file Use the exception core-file command to configure the core dump file name. Use the no form of the command the reset the core file name to the default.
Command Modes Global Configuration mode User Guidelines The configuration parameters are not validated when this command is entered. Use the write core test command to validate the configured parameters and that the core dump is likely to succeed. An average core file is around 450 KB. Example copy times are as follows: • • TFTP: 13mins (different subnet) USB: 3 mins Administrators should ensure that a cleanly formatted USB flash drive of at least 1G is used for collection of a the full core dump.
• • • • • • • ftp-server—Transfer the core information to an FTP server. username—The login id on the FTP server nopassword—The user id configured on the FTP server does not require a password. password—The user id configured on the FTP server requires a password. file-path—The directory to prepend to the core file name. protocol dhcp—Obtain the out-of-band port address via DHCP for core dump transfer.
If no DHCP server is available for assignment of addresses to switches, the exception dump stack-ip-address protocol static add command should be used once for each member of the stack. It is recommended that these addresses be unique in the network. The stack master will distribute the addresses to the stack members for use on the out-of-band port only during crash dump transfer. In addition, for the purposes of transferring the core file to the server, a unique MAC address is assigned to the stack unit.
• • • • • password – the user id configured on the FTP server requires a password. password—The password associated with the user id on the FTP server. ip address—The IPv4 address of an FTP or TFTP server. usb — Store the core dump on a USB device. A USB device must be inserted into the switch front panel. none — Core dumps are disabled. Stack-ip-address parameters: • • • • • ipv4-address—The address used by the of the out-of-band port of the switch during crash dump transfer.
addresses be unique in the network. The stack master will distribute the addresses to the stack members for use on the out-of-band port only during crash dump transfer. In addition, for the purposes of transferring the core file to the server, a unique MAC address is assigned to the stack unit. As crash dump retrieval is not reliable on the front panel ports, the TFTP and FTP parameters are not available on the N1100-ON/N1500/N2000/N2100ON/N2200-ON series switches. Use the USB crash dump capability instead.
exception switch-chip-register Use the exception switch-chip-register command to enable dumping the switch chip registers in case of an exception. The register dump is taken only for the master unit and not for the stack member units. Use the no form of the command to disable dumping of the switch-chip registers. Syntax exception switch-chip-register no exception switch-chip-register Default Configuration By default, switch register dumps are disabled.
Default Configuration The default values are as follows: • • idle—180 seconds. Range: 1-3600 life—1800 seconds. Range: 1-86400 Command Mode Global Configuration User Guidelines This command configures the timeout for both HTTP and HTTPS sessions. Changes to the parameters affect existing sessions. Reducing the time parameters may close existing sessions. The idle timeout closes sessions in which no activity is detected (e.g., no commands are entered).
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Enabled packet tracing configurations are displayed. Example console#show debugging Authentication manager all debug traces enabled on Gi1/0/1 show exception Use the show exception command to display the core dump configuration parameters, the current or previous exception log, or the core dump file listing.
User Guidelines An exception log or core dump file is generated in the rare event that the switch firmware fails. Dell support personnel may ask administrators to provide the exception log information to assist in issue resolution.
Protocol....................................... Switch-chip-register........................... Compression mode............................... Stack IP Address Protocol...................... Stack IP Address: IP Address Net Mask Gateway --------------- --------------- --------------- none False TRUE dhcp Assigned Unit --------------- show supported mibs Use the show supported mibs command to display the implemented SNMP MIBs.
HCNUM-TC DELL-REF-MIB SNMP-COMMUNITY-MIB SNMP-FRAMEWORK-MIB SNMP-MPD-MIB SNMP-NOTIFICATION-MIB SNMP-TARGET-MIB SNMP-USER-BASED-SM-MIB SNMP-VIEW-BASED-ACM-MIB USM-TARGET-TAG-MIB DELL-POWER-ETHERNET-MIB POWER-ETHERNET-MIB SFLOW-MIB DELL-SFLOW-MIB DELL-ISDP-MIB DELL-UDLD-MIB DELL-BOXSERVICES-PRIVATE-MIB DIFFSERV-DSCP-TC IANA-ADDRESS-FAMILY-NUMBERS-MIB DELL-DHCPSERVER-PRIVATE-MIB DELL-DHCPCLIENT-PRIVATE-MIB DELL-DNS-RESOLVER-CONTROL-MIB DELL-DENIALOFSERVICE-PRIVATE-MIB DELL-GREENETHERNET-PRIVATE-MIB Etherne
LLDP-MIB LLDP-EXT-DOT3-MIB LLDP-EXT-MED-MIB DELL-LLPF-PRIVATE-MIB DISMAN-PING-MIB DNS-SERVER-MIB DNS-RESOLVER-MIB SMON-MIB DELL-OUTBOUNDTELNET-PRIVATE-MIB Telnet DELL-TIMERANGE-MIB DELL-TIMEZONE-PRIVATE-MIB DISMAN-TRACEROUTE-MIB LAG-MIB RFC 1213 - RFC1213-MIB RFC 1493 - BRIDGE-MIB RFC 2674 - P-BRIDGE-MIB RFC 2674 - Q-BRIDGE-MIB RFC 2737 - ENTITY-MIB RFC 2863 - IF-MIB RFC 3635 - Etherlike-MIB DELL-SWITCHING-MIB Management Information Base module for LLDP configuration, statistics, local system dat
DELL-INVENTORY-MIB DELL-PORTSECURITY-PRIVATE-MIB INET-ADDRESS-MIB IANAifType-MIB DELL-LOGGING-MIB MAU-MIB DELL-MVR-PRIVATE-MIB DELL-SNTP-CLIENT-MIB DELL-VPC-MIB IEEE8021-PAE-MIB DELL-DOT1X-ADVANCED-FEATURES-MIB Advanced DELL-DOT1X-AUTHENTICATION-SERVERMIB DELL-RADIUS-AUTH-CLIENT-MIB RADIUS-ACC-CLIENT-MIB RADIUS-AUTH-CLIENT-MIB TACACS-CLIENT-MIB DELL-CAPTIVE-PORTAL-MIB DELL-AUTHENTICATION-MANAGER-MIB DELL-MGMT-SECURITY-MIB RFC 1724 - RIPv2-MIB RFC 1850 - OSPF-MIB RFC 1850 - OSPF-TRAP-MIB RFC 2787 - VRRP-M
DELL-BGP-MIB DELL-QOS-MIB DELL-QOS-ACL-MIB DELL-QOS-COS-MIB DELL-QOS-AUTOVOIP-MIB DELL-QOS-DIFFSERV-PRIVATE-MIB DELL-QOS-ISCSI-MIB RFC 2932 - IPMROUTE-MIB draft-ietf-magma-mgmd-mib-03 RFC 5060 - PIM-STD-MIB RFC 5240 - PIM-BSR-MIB DVMRP-STD-MIB IANA-RTPROTO-MIB DELL-MULTICAST-MIB IPMROUTE-STD-MIB MGMD-STD-MIB DELL-NSF-MIB configure RFC 2465 - IPV6-MIB RFC 2466 - IPV6-ICMP-MIB RFC 3419 - TRANSPORT-ADDRESS-MIB DELL-ROUTING6-MIB DELL-DHCP6SERVER-PRIVATE-MIB DELL-IPV6-LOOPBACK-MIB DELL-IPV6-TUNNEL-MIB Dell-LAN
Dell-Vendor-MIB This MIB allows Dell Networking devices to be integrated into Dell ITA management system. snapshot bgp Use the snapshot bgp command in support mode to dump the current state of BGP for use by support personnel. Syntax snapshot bgp Default Configuration There is no default configuration. Command Mode Support mode User Guidelines This command has no user guidelines. Command History Introduced in version 6.2.0.1 firmware.
Default Configuration This command has no default configuration. Command Modes Privileged Exec mode User Guidelines Using the write core command reboots the switch. The write core command is useful when the device malfunctions, but has not crashed. The write core test command is useful for validating the core dump setup. For example, if the protocol is configured as tftp, the command write core test communicates with the tftp server and informs the administrator if the tftp server can be contacted.
Sflow Commands sFlow® is the standard for monitoring high-speed switched and routed networks. sFlow technology is built into network equipment and gives complete visibility into network activity, enabling effective management and control of network resources. The sFlow monitoring system consists of an sFlow Agent (embedded in a switch or router or in a stand-alone probe) and a central sFlow Collector. The sFlow Agent uses sampling technology to capture traffic statistics from the device it is monitoring.
• • • owner_string — The identity string for the receiver. A receiver is not enabled until the owner string is assigned. The default is an empty string. The identity string must be set before assigning a receiver to a sampler or poller. (Range: 1–127 characters). rcvr_timeout — The time, in seconds, remaining before the sampler or poller is released and stops sending samples to the receiver. Setting a value of 0 for the timeout value permanently configures the sflow receiver.
Example console(config)#sflow 1 destination owner 1 timeout 2000 console(config)#sflow 1 destination maxdatagram 500 console(config)#sflow 1 destination 30.30.30.1 560 sflow polling Use the sflow polling command to enable a new sflow poller instance for this data source if rcvr_idx is valid. An sflow poller sends counter samples to the receiver. Use the “no” form of this command to reset poller parameters to the defaults.
Example console(config)#sflow 1 polling gigabitethernet 1/0/1-10 200 sflow polling (Interface Mode) Use the sflow polling command in Interface Mode to enable a new sflow poller instance for this interface if rcvr_idx is valid. An sflow poller sends counter samples to the receiver. Use the no form of this command to reset poller parameters to the defaults. Syntax sflow rcvr-index polling poll-interval no sflow rcvr-index polling • • rcvr-index — The sFlow Receiver associated with the poller (Range: 1 8).
sflow sampling Use the sflow sampling command to enable a new sflow sampler instance for this data source if rcvr_idx is valid. An sflow sampler collects flow samples to send to the receiver. Use the “no” form of this command to reset sampler parameters to the default.
Lowering the sampling rate (higher numerical value) will help to ensure that all collected samples can be sent to the receiver. The sflow instance must be configured using the sflow destination owner command before this command can successfully execute. Example console(config)#sflow 1 sampling gigabitethernet 1/0/2 1500 50 sflow sampling (Interface Mode) Use the sflow sampling command in Interface Mode to enable a new sflow sampler instance for this data source if rcvr_idx is valid.
User Guidelines Lower sampling numbers cause more samples to be collected and increase the load on the CPU. Setting a sampling rate of 1024 on a large number of ports may tax the CPU beyond it's ability to deliver the packets to the receiver. Lowering the sampling rate (higher numerical value) will help to ensure that all collected samples can be sent to the receiver.
User Guidelines The source interface must have an assigned IP address (either manually or via another method such as DHCP). Use the show sflow source-interface command to display the assigned source interface. This command is not supported on Dell EMC N1100-ON switches. Dell EMC N1100-ON switches support configuration of a single IP address in interface vlan configuration mode. That IP address is used as the source interface address for this function.
sFlow Version Uniquely identifies the version and implementation of this MIB. The version string must have the following structure: MIB Version; Organization; Software Revision where: MIB Version: 1.3, the version of this MIB. Organization: Dell Corp. Revision: 1.0 IP Address The IP address associated with this agent. Example console#show sflow agent sFlow Version.......................... 1.3;Dell Inc.;10.23.18.28 IP Address............................. 10.27.21.
Owner String The identity string for receiver, the entity making use of this sFlowRcvrTable entry. Time Out The time (in seconds) remaining before the receiver is released and stops sending samples to sFlow receiver. IP Address The destination IP address (the sFlow receiver host). Address Type 1 for IPv4 and 2 for IPv6. Port The destination Layer4 UDP port for sFlow datagrams. Datagram Version The sFlow record format version. For example, 5 indicates sFlow version 5.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed: Poller Data Source The sFlowDataSource (unit/slot/port) for this sFlow sampler. This agent will support Ethernet ports only. Receiver Index The sFlowReceiver associated with this sFlow counter poller.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed: Sampler Data Source The sFlowDataSource (unit/slot/port) for this sFlow sampler. This agent will support Ethernet ports only. Receiver Index The sFlowReceiver configured for this sFlow sampler. Packet Sampling Rate The statistical sampling rate for packet sampling from this source.
Command Mode Privileged Exec, Global Configuration, and all sub-modes User Guidelines Use the sflow source-interface command to assign an IP address other than the default for transmitted sFlow packets. This command is not supported on Dell EMC N1100-ON switches. Dell EMC N1100-ON switches support configuration of a single IP address in interface vlan configuration mode. That IP address is used as the source interface address for this function.
SNMP Commands The SNMP component provides a machine-to-machine interface for the Dell EMC Networking product family. This includes the ability to configure the network device, view settings and statistics, and upload or download code or configuration images. The agent includes a get-bulk command to reduce network management traffic when retrieving a sequence of Management Information Base (MIB) variables and an elaborate set of error codes for improved reporting to the network control station.
Example The following example displays the SNMP communications status. console(config)#show snmp Community-String Community-Access View Name IP Address IP Mask -------------------- ---------------- ---------------- ----------- -------private Read/Write Default All All public Read Only Default 1.1.1.1 255.255.255.
Syntax show snmp engineid Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The SNMP engine ID uniquely identifies the SNMP agent to other SNMPv3 stations. The SNMP engine ID is not cleared by the clear config command. The SNMP engine ID must be unique for the administrative domain. Example The following example displays the SNMP engine ID.
User Guidelines Per RFC 2573, an implicit exclude all filter is present at the beginning of every filter list. This implicit filter is not shown in the output of this command. Example The following examples display the configuration of filters with and without a filter name specification. console # show snmp filters Name OID Tree Type ------------------- --------------------------------user-filter1 1.3.6.1.2.1.1 Included user-filter1 1.3.6.1.2.1.1.7 Excluded user-filter2 1.3.6.1.2.1.2.2.1.*.
User Guidelines The group name accepts any printable characters except a question mark. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may accept entries up to the first illegal character or reject the entry entirely. The following table contains field descriptions.
Prefix Model Level Read Write Notify --------------------- ---------- ----- ------------- -------- -------- ------DefaultWrite "" V1 NoAuth-NoPriv Default Default Default DefaultWrite "" V2 NoAuth-NoPriv Default Default Default DefaultWrite "" V3 NoAuth-NoPriv Default Default Default DefaultWrite "" V3 Auth-NoPriv Default Default Default DefaultWrite "" V3 Auth-Priv Default Default Default Command History The example was updated in release 6.4.
Console # show snmp user Name Group Name Auth Priv Meth Meth Remote Engine ID --------------- --------------- ---- ---- ------------------bob user-group MD5 DES 800002a20300fce3900106 john user-group SHA DES 800002a20300fce3900106 Console # show snmp users bob Name Group Name Auth Priv Meth Meth Remote Engine ID --------------- --------------- ---- ---- ------------------bob user-group MD5 DES 800002a20300fce3900106 show snmp views Use the show snmp views command to display the configuration of views.
----------- ----------------------- --------- user-view1 1.3.6.1.2.1.1 Included user-view1 1.3.6.1.2.1.1.7 Excluded user-view2 1.3.6.1.2.1.2.2.1.*.1 Included show trapflags Use the show trapflags command to display the trap settings. Syntax show trapflags [vrf {vrf-name}][ospf|ospfv3|captive-portal] • • • • vrf-name—The name of an existing VRF instance. ospf—Display OSPFv2 specific trap settings. ospfv3—Display OSPFv3 specific trap settings.
Mbuf Threshold Flag............................ CPU Threshold Flag............................. Spanning Tree Flag............................. PoE Traps...................................... VRRP trap...................................... ACL Traps...................................... BGP Traps...................................... DVMRP Traps.................................... OSPFv2 Traps................................... PIM Traps...................................... OSPFv3 traps....................
• • • • rw—Indicates read-write access. su—Indicates SNMP administrator access. ip-address—Specifies the IP address or subnet of the management station(s). If no IP address is specified, all management stations are permitted. Both IPv4 and IPv6 addresses are accepted.
The community name may include any printable characters except a question mark, an at sign, or a backslash. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may accept entries up to the first illegal character or reject the entry entirely. Command History Modified in version 6.5 firmware.
bits with no intervening spaces, or the IP address may be followed by an IPv4 mask in dotted quad notation. The range of IPv4 significant bits is 1 to 31 bits. Default Configuration No community group is defined. Command Mode Global Configuration mode User Guidelines The group-name parameter can be used to restrict the access rights of a community string. When it is specified, the software: • • Generates an internal security-name.
no snmp-server contact • text — Character string, 1 to 255 characters, describing the system contact information. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays setting up the system contact point as “Dell_Technical_Support”.
• • • • • • • • • • • • • • • • • cp-type — {all, client-auth-failure, client-connect, client-db-full, clientdisconnect} vrf-name—The name of a VRF instance for OSPF traps.
• • • • • • • • • • • • link—Enable sending a trap when a link (interface) transitions to the active state or the inactive state. violation—Enable sending a trap when a port security MAC locking violation occurs. vrf-name—The name of an existing VRF instance dvmrp—Enable DVMRP traps. port-security —Enable traps on port security violations. ospf—Enable OSPF event traps. ospfv3—Enable OSPFv3 event traps. pim—Enable PIM traps (pim-sm and pim-dm). poe —Enable PoE traps.
Refer to the description of the Global Configuration mode process cpu command for setting the rising and falling thresholds for the sending of the CPU occupancy trap. Command History Introduced in version 6.2.0.1 firmware. Example The following example displays the options for the snmp-server enable traps command.
To remove the configured engine ID, use the no form of this command. Syntax snmp-server engineID local {engineid-string | default} no snmp-server engineID local • • engineid-string — The character string that identifies the engine ID. The engine ID is a concatenated hexadecimal string. Each byte in hexadecimal character strings is two hexadecimal digits. Each byte can be separated by a period or colon.
switch, as required by RFC 2274. Because of this deletion, if the local value of engineID changes, the security digests of SNMPv3 users will be invalid and the users will have to be reconfigured. Example The following example configures the Engine ID automatically. console(config)# snmp-server engineID local default snmp-server filter Use the snmp-server filter command in Global Configuration mode to create or update a Simple Network Management Protocol (SNMP) server filter entry.
User Guidelines An SNMP server filter identifies the objects to be included or excluded from notifications sent to a server per RFC 2573 Section 6 "NotificationFiltering." This command can be entered multiple times for the same filter record. Later lines take precedence when an object identifier is included in two or more lines. The filter name may include any printable characters except a question mark. Enclose the string in double quotes to include spaces within the name.
• • • • • • • • • • v1 — Indicates the SNMP Version 1 security model. v2 — Indicates the SNMP Version 2 security model. v3 — Indicates the SNMP Version 3 security model. noauth — Indicates no authentication of a packet. Applicable only to the SNMP Version 3 security model. auth — Indicates authentication of a packet without encrypting it. Applicable only to the SNMP Version 3 security model. priv — Indicates authentication of a packet with encryption. Applicable only to the SNMP Version 3 security model.
Example The following example attaches a group called user-group to SNMPv3 and assigns to the group the privacy security level and read access rights to a view called user-view. console(config)#snmp-server view user-view iso included console(config)#snmp-server group user-group v3 priv read user-view snmp-server host Use the snmp-server host command in Global Configuration mode to specify the recipient of Simple Network Management Protocol notifications.
• filtername— A string that is the name of the RFC 2573 Section 6 filter that defines the traps/informs sent to this host. If unspecified, all traps/informs are sent (Range: 1-30 characters.) Use the snmp-server filter command to define a filter. Default Configuration The default configuration is 3 retries, and 15 seconds timeout. No hosts are configured by default. No notifications are sent by default.
snmp-server location Use the snmp-server location command in Global Configuration mode to set the system location string. To remove the location string, use the no form of this command. Syntax snmp-server location text no snmp-server location • text — Character string describing the system location. (Range: 1 to 255 characters.) Default Configuration This command has no default configuration.
Syntax snmp-server user username groupname [remote engineid-string] [ { authmd5 password | auth-sha password | auth-md5-key md5-key | auth-sha-key sha-key } [priv-des password | priv-des-key des-key | priv-aes128 password | priv-aes128-key aes-key ] ] no snmp-server user username • • • • • • • • • • • • • • username — Specifies the name of the user on the host that connects to the agent. (Range: 1-32 characters.) groupname — Specifies the name of the group to which the user belongs.
Default Configuration No user entry exists. Command Mode Global Configuration mode User Guidelines If the SNMP local engine ID is changed, configured users will no longer be able to connect and will need to be re-configured (deleted from the configuration and added back). Use of MD5 authentication in conjunction with AES privacy is discouraged as it results in a weak cypher. Utilize SHA authentication when using AES privacy.
no snmp-server view view-name [oid-tree ] • • • • view-name — Specifies the label for the view record that is being created or updated. The name is used to reference the record. (Range: 1-30 characters.) oid-tree — Specifies the object identifier of the ASN.1 subtree to be included or excluded from the view. To identify the subtree, specify a text string consisting of numbers, such as 1.3.6.2.4, or a word, such as system.
console(config)# snmp-server view user-view ifEntry.*.1 included console(config)#snmp-server view "A beautiful view!" 1.1.2.1 included snmp-server v3-host Use the snmp-server v3-host command in Global Configuration mode to specify the recipient of Simple Network Management Protocol Version 3 (SNMPv3) notifications. To remove the specified host, use the no form of this command.
• • port — UDP port of the host to use. The default is 162. (Range: 165535.) filtername — A string that is the name of the filter that define the filter for this host. If unspecified, does not filter anything. (Range: 1-30 characters.) Default Configuration The default configuration is 3 retries and 15 seconds timeout. Command Mode Global Configuration mode User Guidelines The username can include any printable characters except a question mark.
snmp-server source-interface Use the snmp-server source-interface command to select the interface from which to use the IP address in the source IP address field of transmitted SNMP traps and informs. Use the no form of the command to revert to the default IP address. Syntax snmp-server source-interface { loopback loopback-id | vlan vlan-id } no snmp-server source-interface • • loopback-id — A loopback interface identifier. vlan-id — A VLAN identifier.
console(config-if-vlan1)#exit console(config)#snmp-server source-interface vlan 1 Switch Management Commands 2205
SupportAssist Commands The commands in this section enable configuration of SupportAssist. eula-consent Use the eula-consent command to accept or reject the end-user license agreement (EULA) for the SupportAssist service. Syntax eula-consent {support-assist} {accept | reject} • • • support-assist—Enter the keyword support-assist to either accept or reject the EULA for the SupportAssist service. accept — Accepts the EULA for the specified service. reject — Rejects the EULA for the specified service.
Example Example 1 console(config)# eula-consent support-assist accept I accept the terms of the license agreement. You can reject the license agreement by configuring this command 'eula-consent support-assist reject'. By installing SupportAssist, you allow Dell to save your contact information (e.g. name, phone number and/or email address) which would be used to provide technical support for your Dell products and services.
contact-company Use the contact-company command to configure the contact information to be sent to the SupportAssist server. Use the no form of the command to remove the contact information. Syntax contact-company name company street-address streetaddress address city city country country postcode postcode • • • • • company — The company for the technical contact person. Maximum of 256 printable characters. streetaddress — The street address for the technical contact person.
Command History Introduced in version 6.3.0.1 firmware. Example console(config)# support-assist console(conf-support-assist)#contact-company name “Dell Inc.“ street-address “5 Round Rock Way“ city “Round Rock, TX“ country USA postcode 78665 contact-person Use the contact-person command to configure the contact information to be sent to the SupportAssist server. Use the no form of the command to remove the contact information.
User Guidelines The email address must conform to RFC 5322 sections 3.2.3 and 3.4.1 and RFC 5321. Additionally, the character set is further restricted to ASCII characters. This information is transmitted to Dell if the SupportAssist service is enabled. This command can be executed multiple times. It overwrites the previous information each time. The collected information is stored in the runningconfig. The administrator must write the configuration in order to persist it across reboots.
User Guidelines Only one SupportAssist server may be enabled. If contact with the server fails, the switch sleeps for the quiet period (default 1 hour) before attempting contact again. Command History Introduced in version 6.3.0.1 firmware. Example console(config)# support-assist console(conf-support-assist)#server New-Server console(conf-support-assist-NewServer)#enable proxy-ip-address Use the proxy-ip-address command to configure a proxy server to be used to contact the SupportAssist servers.
Default Configuration By default, no proxy is configured. By default, passwords are entered as unencrypted and are always displayed and stored encrypted Command Mode Support Assist Configuration User Guidelines Passwords are always stored and displayed as encrypted, even if entered in unencrypted format. Command History Introduced in version 6.3.0.1 firmware. server Use the server command to configure a SupportAssist server and enter SupportAssist server configuration mode.
Command Mode Support Assist Configuration User Guidelines The server-name is used as a reference only and is not required to be used as part of a URL definition. Up to four additional servers may be configured. Use the exit command to exit from Support Assist Server configuration mode. Command History Introduced in version 6.3.0.1 firmware.
Command History Introduced in version 6.3.0.1 firmware. Example console#show eula-consent support-assist SupportAssist EULA has been: Accepted Additional information about the SupportAssist EULA is as follows: By installing SupportAssist, you allow Dell to save your contact information (e.g. name, phone number and/or email address) which would be used to provide technical support for your Dell products and services.
Default Configuration This command has no defaults. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no guidelines for this command. Command History Introduced in version 6.3.0.1 firmware. Example console# show support-assist status SupportAssist: Enabled SupportAssist Server: https://stor.g3.ph.dell.com (resolved) EULA: Accepted Proxy Server: 172.167.33.
Default Configuration By default, a server named “default” is configured. It may be disabled by the administrator. Command Mode Global Configuration User Guidelines This command enters support-assist-conf mode. It allows the administrator to configure SupportAssist information. The configured information is stored in the running config. Use the write command to save the information into the startup-config. Command History Introduced in version 6.3.0.1 firmware.
Syntax url uniform-resource-locator no url uniform-resource-locator — A text string for the URL using one of the following formats: http://[username:password@]:/ https://[username:password@]:/ Default Configuration By default, no URL is configured. Command Mode Support Assist Configuration User Guidelines The hostip for the server may be specified as an IPv4 address, an IPv6 address or as a DNS hostname.
SYSLOG Commands The Dell EMC Networking supports a centralized logging service with support for local in-memory logs, crash dump logs, and forwarding messages to SYSLOG servers. All switch components use the logging service.
<189> Oct 24 02:10:26 10.27.23.197-1 CMDLOGGER[emWeb]: cmd_logger_api.c(83) 438 %% NOTE CLI:EIA-232::logging buffered info If enabled, the CLI command logger subsystem begins to log commands immediately after the user is authenticated. After authentication, the CLI generates an explicit message and invokes the command logger. The format of the message at login is: <189> Jan 10 18:58:56 10.27.21.22-2 CMDLOGGER[209809328]: cmd_logger_api.c(83) 361 %% NOTE CLI:10.27.21.
clear logging file Use the clear logging file command to clear messages from the logging file. Syntax clear logging file Default Configuration There is no default configuration for the command. Command Mode Privileged Exec User Guidelines This command has no user guidelines. Example The following example shows the clear logging file command and confirmation response.
Command Mode Logging mode User Guidelines After entering the view corresponding to a specific SYSLOG server, the command can be executed to set the description of the server. Example The following example sets the SYSLOG server description. console(config-logging)#description "syslog server 1" level Use the level command in Logging mode to specify the severity level of SYSLOG messages. To reset to the default value, use the no form of the command.
is voluminous, cryptic, and because of the large number of messages generated, can adversely affect switch operations. Only set the logging level to debug under the direction of support personnel. Example The following example sets the SYSLOG message severity level to alert. console(config-logging)#level alerts logging cli-command Use the logging cli-command in Global Configuration mode to enable CLI command logging.
File Logging: Level emergencies. Messages : 0 logged, 323 ignored Switch Auditing : enabled CLI Command Logging: disabled Web Session Logging : disabled SNMP Set Command Logging : disabled Logging facility level : local7 0 Messages dropped due to lack of resources Buffer Log: <189> Jan 10 18:59:09 10.27.21.22-2 CMDLOGGER[209809328]: cmd_logger_api.c(83) 367 %% NOTE CLI:EIA-232:----:configure <190> Jan 10 18:59:17 10.27.21.22-2 CLI_WEB[209809328]: cmd_logger_api.
• • anon—Use anonymous authentication (that is, anonymous mode with no authentication). x509—Use mutual authentication (both client and server side). An optional certificate index can be used to identify a specific server and client certificate pair. Default Configuration When enabling x509 authentication, a default (non-indexed) certificate pair is used if present and no certificate index has been specified. The default SYSLOG server port number is 514.
<190> Jan 01 00:00:06 0.0.0.0-1 General[fp_main_task]: bootos.
Sequence Number The message sequence number for this stack component. Sequence numbers may be skipped because of filtering but are always monotonically increasing on a per stack member basis. Severity The message severity. One of: EMER - Emergency, ALRT Alert, CRIT - Critical, ERR - Error, WARN - Warning, NOTE Notice, INFO - Informational, DBG - Debug Message An informative message regarding the event. Example The following example configures the named server as an available SYSLOG server.
Syntax logging buffered [severity–level] no logging buffered • severity–level—(Optional) The number or name of the desired severity level. Range: – [0 | emergencies] – [1 | alerts] – [2 | critical] – [3 | errors] – [4 | warnings] – [5 | notifications] – [6 | informational] – [7 | debugging] Default Configuration The default value for level is informational. Command Mode Global Configuration mode User Guidelines All the SYSLOG messages are logged to the internal buffer.
logging console Use the logging console command in Global Configuration mode to limit messages logged to the console based on severity. To disable logging to the console terminal, use the no form of this command. Syntax logging console [severity–level] no logging console • severity–level—(Optional) The number or name of the desired severity level.
Example The following example limits messages logged to the console based on severity level “alerts”. console(config)#logging console alerts logging facility Use the logging facility command in Global Configuration mode to configure the facility to be used in log messages. Syntax logging facility facility no logging facility • facility—The facility that will be indicated in the message. (Range: local0, local1, local2, local3, local4, local5, local6, local7).
Syntax logging file [severity–level-number | type] no logging file • severity–level—(Optional) The number or name of the desired severity level. Range: – [0 | emergencies] – [1 | alerts] – [2 | critical] – [3 | errors] – [4 | warnings] – [5 | notifications] – [6 | informational] – [7 | debugging] Default Configuration The default severity level is emergencies.
Example The following example limits SYSLOG messages stored in the logging file to severity level “warnings” and above (numerically lower). console(config)#logging file warnings logging monitor Use the logging monitor command in Global Configuration mode to enable logging messages to telnet and SSH sessions at the specified severity level. Use the no logging monitor command to disable logging messages.
User Guidelines Use the terminal monitor command to enable the asynchronous display of system messages within an individual telnet or SSH session. Use the logging monitor command to globally configure the severity of logged messages within all telnet/SSH sessions. Messages logged telnet and SSH sessions are filtered based on severity. Selecting a severity level will log that severity and higher (numerically lower) level messages.
logging protocol Use this command to log messages in RFC5424 format, including time zone and subsecond resolution time stamps. Use the no form of this command to set the logging to the default format. Syntax logging protocol {protocol-selector} no logging protocol • protocol-selector—One of the following: – 0 – Generate RFC3164 format messages – 1 – Generate RFC5424 format messages Default Configuration Messages are logged in RFC3164 format by default (logging protocol 0).
console(config)#logging protocol 0 console(config)# <190> Oct 18 07:09:15 0.0.0.0-1 RADIUS[radius_task]: radius_api.c(10450) 58 %% INFO RADIUS: Sending RADIUS server state change event to interested users: 1 <189> Oct 18 07:09:15 0.0.0.0-1 TRAPMGR[trapTask]: traputil.c(721) 26 %% NOTE Unit 1 is the new stack master, Old stack master unit is 0 The following example shows the logging format when logging protocol is set to 1. console(config)#logging protocol 1 console(config)# <190>1 2017-10-18T07:09:23.
no logging snmp Default Configuration By default, logging snmp is disabled. Command Mode Global Configuration mode User Guidelines To see SNMP Set command logs use the show logging command. Example console(config)#logging snmp logging source-interface Use the logging source-interface command to select the interface from which to use the IP address in the source IP address field of transmitted SYSLOG packets. Use the no form of the command to revert to the default IP address.
User Guidelines This command is not supported on Dell EMC N1100-ON switches. Dell EMC N1100-ON switches support configuration of a single IP address in interface vlan configuration mode. That IP address is used as the source interface address for this function.. Command History Introduced in version 6.3.0.1 firmware.
– info (6) – debug (7) Default Configuration The default severity level is info(6). Command Mode Global Configuration mode User Guidelines You can filter log messages that appear in the buffered log by severity level. You can specify the severity level of log messages that are e-mailed.
Example console(config)#logging web-session <133> Jan 12 13:51:55 10.130.185.29-6 CLI_WEB[emWeb]: cmd_logger_api.c(140) 9788 %% NOTE WEB:10.130.65.150:admin:session[0] created <133> Jan 12 13:51:55 10.130.185.29-6 CLI_WEB[emWeb]: cmd_logger_api.c(140) 9789 %% NOTE WEB:10.130.65.150:admin:User admin logged in port Use the port command in Logging Configuration mode to specify the port number of a SYSLOG server to which SYSLOG messages are sent. To reset to the default value, use the no form of the command.
show logging Use the show logging command to display all logging information, including auditing status and logging protocol version. Syntax show logging Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Command History Updated output in version 6.5.
SYSLOG Server Details: 0.0.0.0 : Level informational. Messages : 0 dropped 0 Messages dropped due to lack of resources Buffer Log: <186> Oct 18 07:09:12 0.0.0.0-1 General[fp_main_task]: bootos.c(191) 10 %% CRIT Event(0xaaaaaaaa) <189> Oct 18 07:09:12 0.0.0.0-1 BSP[fp_main_task]: bootos.c(175) 9 %% NOTE BSP initialization complete, starting switch firmware. <190> Oct 18 07:09:12 0.0.0.0-1 OSAPI[fp_main_task]: osapi_crash.c(1297) 8 %% INFO Oldest crashlog (5) will be deleted if another crash happens.
Syntax show logging file Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the state of logging messages sorted in the logging file.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the SYSLOG server settings. console#show syslog-servers IP address Port Severity Description ---------------------------------------------192.180.2.275 14 Info 7 192.180.2.
User Guidelines Use the terminal monitor command enables system messages to be displayed in a Telnet or SSH session. Use the no terminal monitor command to disable the display of system messages on the terminal for Telnet and SSH sessions. Use the logging monitor command to display logging messages in a Telnet or SSH session. Terminal monitor and logging monitor are enabled on console sessions by default.
System and Stack Management Commands asset-tag Use the asset-tag command in Global Configuration mode to specify the switch asset tag. To remove the existing asset tag, use the no form of the command. Syntax asset-tag [unit] tag no asset-tag [unit] • • unit — Switch number. (Range: 1–12) tag — The switch asset tag. Default Configuration No asset tag is defined by default.
banner exec Use the banner exec command to set the message that is displayed after a successful login. Use the no form of the command to remove the set message. Syntax banner exec MESSAGE no banner exec • MESSAGE — Quoted text Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The exec message may consist of multiple lines. Enter a quote to complete the message and return to configuration mode.
Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The login banner can consist of multiple lines. Enter a quote to end the banner text and return to the configuration prompt. Up to 2000 characters may be entered into a banner. Each line entered will consume an extra two characters to account for the carriage return and line feed. Different terminal emulators will exhibit different behaviors when logging in over SSH.
User Guidelines The motd banner can consist of multiple lines. Enter a quote to end the banner text and return to the configuration prompt. Up to 2000 characters may be entered into a banner. Each line entered will consume an extra two characters to account for the carriage return and line feed. The motd banner is usually displayed prior to logging into the switch, although some protocols, for example SSH, may enforce different behavior. See the user guidelines for banner motd acknowledge for some examples.
User Guidelines Various terminal emulators exhibit different behaviors with regards to the MOTD and the acknowledge prompt, for example, TeraTerm and putty. There are also different behaviors based upon the protocol used (SSH versus telnet). See below for some examples where the MOTD prompt occurs either before or after the acknowledge prompt. The banner motd in this example is “If you need to utilize this device or otherwise make changes to the configuration, you may contact Kevin at x911.
[root@kevin ~]# ssh 192.168.12.84 -l dellradius If you need to utilize this device or otherwise make changes to the configuration, you may contact Kevin at x911. Please, be advised this unit is under test by Kevin. dellradius@192.168.12.84's password: Press 'y' to continue (within 30 seconds) (y/n) Welcome to the N3024 in the Bottom Chassis - 192.168.12.190. This unit is located in A2 and is currently under test.
Syntax buffers {rising-threshold rising-threshold-val | falling-threshold fallingthreshold-val | severity severity-level} no buffers {rising-threshold | falling-threshold | severity } • • • rising-threshold-val—The rising message buffer threshold over which a trap will be issued. This is a percentage of messages buffers utilized and ranges from 0 to 100. falling-threshold-val—The falling threshold value.
The falling-threshold-val should be configured to be less than or equal to the rising-threshold-val. Command History Introduced in version 6.2.0.1 firmware. Example console(config)#buffers rising-threshold 90 clear checkpoint statistics Use the clear checkpoint statistics command to clear the statistics for the checkpointing process. Syntax clear checkpoint statistics Default Configuration This command has no default configuration.
Syntax clear counters stack-ports Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command resets all statistics shown by the show switch stack-ports counters and the show switch stack-ports diag commands. Example console#clear counters stack-ports connect Use this command to connect the serial console of a different stack member to the local unit.
User Guidelines This command is available from the Unit prompt on a member unit serial port. The user need not be currently connected over the serial port to connect to another unit. The stack member being connected to must be up and running and connected as part of the stack. This command connects the the serial console from the target stack member to the local unit. There is only one console session allowed per stack.
Command Mode Privileged Exec mode. User Guidelines This command forcibly logs out and disconnects a Telnet, SSH, HTTP or HTTPs session. Use the show sessions command to display the session identifier. The session identifier ranges from 0-42. The all parameter disconnects all telnet, SSH, HTTP or HTTPs sessions. It is not possible to disconnect the EIA-232 (serial console) session. exit Use this command to disconnect the serial connection to a remote unit.
To disconnect a remote session to a stack member established from the stack manager. Stack-Master#connect 2 Remote session started. Type “exit” to exit the session. (Unit 2 - CLI unavailable - please connect to master on Unit 1)>exit Stack-Master# Example 2: To disconnect a remote session to the stack master established from a stack member.
Syntax hardware profile portmode {1x40g | 4x10g } hardware profile portmode {1x100g | 2x50g | 4x25g } no hardware profile portmode The available modes depend on the platform. N2200 only: • • 1x40g: Configure the port as a single 40G port using four lanes. 4x10g: Configure the port as four 10G ports, each on a separate lane. N3200 only: • • • • 1x100g: Configure the port as a single 1x100G port using one lane. 2x50g: Configure the port as two 50G ports, each on a separate lane.
Ethernet, the two stack ports, the 2x50G Ethernet ports, and the 4x25G Ethernet ports show as detached. Likewise, when the port is configured in stack mode, all of the associated Ethernet ports will show as detached. NOTE: This command does not operate in interface range mode. NOTE: This command is only valid on the N2200-ON and N3200-ON switches. It issues an error response if used on any other switch model. Example Change N3200 2x50G stacking ports to 100G Ethernet.
Command History Command updated in firmware release 6.6.2. hostname Use the hostname command in Global Configuration mode to specify or modify the switch host name. To restore the default host name, use the no form of the command. Syntax hostname name no hostname • name — The name of the host. (Range: 1–255 characters) The command allows spaces in the host name when specified in double quotes. For example, #snmp-server v3-host “host name”. Default Configuration No host name is configured.
initiate failover To manually force a failover from the management unit to the backup unit in a stack, use the initiate failover command in Stack Configuration mode. The initiate failover command checks for stack port errors and NSF synchronization prior to initiating failover. If stack port errors are found, or if the NSF status is not synchronized, a message is displayed and the user is prompted to continue or abort the operation (see example, below).
Example-Stack Port Errors console(config-stack)#initiate failover Warning! Stack errors detected on the following interfaces: Interface ---------------Gi1/0/1 Gi1/0/3 Error Count ---------------12 22 NSF Status: Not synchronized Stack port errors or lack of NSF synchronization may indicate a non-redundant stack topology exists. Fail-over on a non-redundant topology may cause the stack to split! Management unit will be reloaded.
User Guidelines This command has no user guidelines. Example console(config-if-Gi1/0/1)#load-interval 150 locate Use the locate command to locate a switch by LED blinking. Syntax locate [switch unit] [time time] • • switch unit—If multiple devices are stacked, you can choose which switch to identify. time time —LED blinking duration in seconds. Range 1-3600 seconds. Default Configuration Default value is 20 seconds.
logout Use this command to disconnect the serial connection to the remote unit on the stack member. Syntax logout Default Configuration There is no default configuration for this command. Command Modes User Exec mode on the stack master. Unit prompt on the stack member. User Guidelines This command is available in User Exec mode on the master unit serial port and from the Unit prompt on member unit serial ports. The user need not be currently connected over the serial port to connect to another unit.
(Unit 2 - CLI unavailable - please connect to master on Unit 1)> member Use the member command in Stack Configuration mode to preconfigure a switch stack member. Execute this command on the Management Switch. To remove a stack-member configuration from the stack, use the no form of the command. The no form of the command may not be used if the member is present in the stack. Syntax member unit switchindex no member unit • • unit — The switch identifier of the switch to be added or removed from the stack.
memory free low-watermark Use the memory free low-watermark command to configure the notification of a low memory condition on the switch. for the issuance of the CPU overload SNMP trap and notification via a SYSLOG message. Use the no form of the command to return the threshold to its default value. Syntax memory free low-watermark processor [kb] no memory free low-watermark processor • kb—The amount of free memory (in Kilobytes) below which a trap is issued and a message is logged.
nsf Use this command to enable non-stop forwarding. The no form of the command will disable NSF. Syntax nsf no nsf Default Configuration Non-stop forwarding is enabled by default. Command Mode Stack Configuration mode User Guidelines Nonstop forwarding allows the forwarding plane of stack units to continue to forward packets while the control and management planes restart as a result of a power failure, hardware failure, or software fault on the stack management unit.
Syntax ping [vrf vrf-name] {[ ip ]ip-address | hostname | { ipv6 { interface interface-id | vlan vlan-id | loopback loopback-id | out-of-band | tunnel tunnel-id} link-local-address | ipv6-address | hostname} [count count] [ interval interval] [ size size] [source { ip-address | ipv6-address | interface-id | vlan vlan-id | out-of-band}] • • • • • • • • • • • • • • ip-address—The IPv4 address to ping. ipv6-address—The IPv6 address to ping. link-local-address — The link local IPv6 address to ping.
Default Configuration The default mode is IPv4. The command defaults to an IPv4 address. The default ping count is 4. The default interval is 1 second. The default packet size is 0 data bytes. The packet size is specified in bytes and refers to the packet payload, not the frame size. Packets are padded to extend the frame to the minimum legal frame length by default.
If a host name is specified, a DNS server must be configured locally on the switch and the host name must resolve to an IPv4/IPv6 address as appropriate for the syntax entered. The command allows spaces in the host name when specified in double quotes, even though host names may only consist of letters, numbers and the hyphen character. The hostname parameter may be a fully or partially qualified domain name. A hostname consists of a series of labels separated by periods.
Reply From 2030:1::1: icmp_seq = 2. time <10 msec. Reply From 2030:1::1: icmp_seq = 3. time <10 msec. process cpu threshold Use the process cpu threshold command to configure the rising and falling thresholds for the issuance of the CPU overload SNMP trap and notification via a SYSLOG message. Use the no form of the command to return the thresholds to their default values.
EMWA(current_period) = EMA(prev_period) + (currentUtilization – EMA(prev_period)) * weight where weight = 2 / ((TotalTimePeriod/samplePeriod) + 1). The sample period is 5 seconds. The utilization monitoring time period can be configured from 5 secs to 86400 seconds in multiples of 5 seconds. Setting a threshold or interval to 0 disables that individual function. The falling-threshold percentage should be configured to be less than or equal to the rising-threshold percentage.
Default Configuration There is no default configuration for this command. Command Modes User Exec mode on the stack master. Unit prompt on the stack member. User Guidelines This command is available in User Exec mode on the master unit serial port and from the Unit prompt on member unit serial ports. The user need not be currently connected over the serial port to connect to another unit. The stack member being connected to must be up and running and connected as part of the stack.
Syntax reload [stack–member–number] • stack–member–number—The stack member to be reloaded. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines If no unit is specified, all units in a stack are reloaded. When copying firmware onto the switch in a stacked configuration, use the show sfs and show version commands to check the status of stack firmware synchronization prior to a reboot.
Stack port errors may indicate a non-redundant stack topology exists. Failover on a non-redundant topology may cause the stack to split! Are you sure you want to reload the stack? (y/n) service unsupported-transceiver Use this command to avoid the following on using an unsupported optic. • • Logging of a message. Generation of SNMP trap. Use the no form of this command to set the transceiver support to the factory default.
set description Use the set description command in Stack Configuration mode to associate a text description with a switch in the stack. Syntax set description unit description • • unit — The switch identifier. (Range: 1–12) description — The text description. (Range: 1–80 alphanumeric characters) Default Configuration This command has no default configuration. Command Mode Stack Configuration mode User Guidelines This command has no user guidelines.
• • • • • • • • • • • • • • • Dell EMC Networking N2024P Dell EMC Networking N2048 Dell EMC Networking N2048P Dell EMC Networking N3024 Dell EMC Networking N3024F Dell EMC Networking N3024P Dell EMC Networking N3048 Dell EMC Networking N3048P Dell EMC Networking N4032 Dell EMC Networking N4032F Dell EMC Networking N4064 Dell EMC Networking N4064F Dell SFP+ Card Dell QSFP Card Dell 10GBase-T Card Use the no form of the command to return the unit/slot configuration to the default value.
User Guidelines The card index (CID) can be obtained by executing the show supported cardtype command. Administrators may issue multiple consecutive slot commands addressing a particular unit/slot without issuing an intervening no slot command. Example console(config)#slot 1/3 3 console(config)#slot 1/3 4 show banner Use the show banner command to display banner information. Syntax show banner Default Configuration This command has no default configuration.
Line Telnet....................... Disable ===login===== Banner:MOTD Line Console...................... Enable Line SSH.......................... Enable Line Telnet....................... Enable ===motd===== show buffers Use the show buffers command to display the system allocated buffers. Syntax show buffers Default Configuration There is no default configuration.
Message Buffer Utilization -------------------------0 of 246 total buffers used Receive Attempts Failures %Failure ------------------------------------------------Norm 0 0 0% Mid2 0 0 0% Mid1 0 0 0% Mid0 0 0 0% High 0 0 0% Transmit Attempts Failures %Failure ------------------------------------------------All 145 0 0% Monitoring Parameters --------------------Rising Threshold................................ 0% Falling Threshold............................... 0% Trap Severity................................
User Guidelines When nonstop forwarding is enabled on a stack, the stack's management unit checkpoints operational data to the backup unit. If the backup unit takes over as the management unit, the control plane on the new management unit uses the checkpointed data when initializing its state. Checkpoint statistics track the amount of data checkpointed from the management unit to the backup unit. Example console#show checkpoint statistics Messages Checkpointed.....................6708 Bytes Checkpointed...
Current mode : Enable Configured mode : Disable (This mode is effective on next reload) show hardware profile portmode Use the show hardware profile portmode command to display the hardware profile information for the 40G ports. The user can optionally specify an interface or all 40G interfaces are displayed. Syntax show hardware profile portmode [interface-id] Default Configuration This command has no default setting.
show idprom interface Use this command to display the optics EEPROM contents in user-readable format. Syntax show idprom interface interface-id • interface-id—The Ethernet interface. Default Configuration This command has no default configuration. Command Modes User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows the optic parameters in user readable format.
show interfaces Use the show interfaces command to display the traffic statistics for one or multiple interfaces. If no parameter is given, all interfaces are shown. Syntax show interfaces interface-id • interface-id—The ID for any valid Ethernet interface (that is, a 1G, 10G, or 40G interface in standard interface format or a port-channel identifier). Default Configuration This command has no default configuration.
VLAN Membership Mode: ......................... Trunk Mode VLAN Membership: .............................. (1),2-3,101-113,813,3232 MTU Size : .................................... 1518 Port Mode [Duplex] : .......................... Full Port Speed : .................................. 1000 Link Flaps : .................................. 0 Link Debounce Flaps : ......................... 0 Auto-Negotiation Status : ...................... Auto Burned MAC Address : .......................... 001E.C9DE.
Utilization is shown in Kbps.
Te1/0/5 0x411 BCM8727 show memory cpu Use the show memory cpu command to check the total and available RAM space on the switch. Syntax show memory cpu Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines No specific guidelines. Example console#show memory cpu Total Memory........................... 262144 KBytes Available Memory Space.................
Command Mode Privileged Exec, Global Configuration mode, and all sub-modes User Guidelines The following information is displayed. Parameter Description Queue ID The queue identifier. Queue Name The queue name Messages in Queue The number of messages currently queued. Threads Waiting to Send The number of threads waiting to send a message on the queue. Threads Waiting to Receive The number of threads waiting to receive a message from the queue.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The Global Status Parameters for NSF are explained as follows: Parameter Description Range Default NSF Administrative Status Whether nonstop forwarding is Enabled administratively enabled or disabled Disabled Enabled NSF Operational Status Indicates whether NSF is enabled on the stack.
Parameter Description Range Time Since Last Restart Time since the current management Time Stamp card became the active management card. For the backup manager, the value is set to 0d 00:00:00 Restart in progress Whether a restart is in progress. A restart is not considered complete until all hardware tables have been fully reconciled.
Status...................................... Stale Time Since Last Copy........................ 0 days 4 hrs 53 mins 22 secs Time Until Next Copy........................ 28 seconds Unit ---1 2 3 NSF Support ----------Yes Yes Yes show power-usage-history Use the show power-usage-history command to display the history of unit power consumption for the unit specified in the command and total stack power consumption. Historical samples are not saved across switch reboots/reloads.
Current Power Consumption (Watts)............. 56.2 Sample No. Time Since The Sample Was Recorded ------ -------------------3 00:00:00:13 2 00:00:00:43 1 00:00:01:12 Power Consumption On This Unit (Watts) ----------56.2 56.2 54.3 Power Consumption Per Stack (Watts) ----------56.2 56.2 54.3 show process app-list Use the show process app-list command to display the system applications. Syntax show process app-list Default Configuration This command does not have a default configuration.
Fields Description ID Application ID assigned by the Process Manager. Name Application Name PID Application Linux Process ID. Admin-Status Flag indicating if the application is administratively enabled. Auto-Restart Flag indicating if the Process Manager should automatically restart the application if the application fails. Running-Status Flag indicating if the application is running. Command History Introduced in version 6.2.0.1 firmware.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed. Fields Description ID Application ID assigned by the Process Manager. Name Application Name PID Application Linux Process ID. Memory-limit Configured memory limit for the application, in Megabytes.
show process cpu Use the show process cpu command to check the CPU utilization for each process currently running on the switch. Syntax show process cpu Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines No specific guidelines.
3d48bd0 MAC Age Task 0.00% 0.00% 0.03% 40fdbf0 bcmLINK.0 0.00% 0.14% 0.46% 4884e70 tL7Timer0 0.00% 0.06% 0.02% 48a1250 osapiMonTask 0.00% 0.32% 0.17% 4969790 BootP 0.00% 0.00% 0.01% 4d71610 dtlTask 0.00% 0.06% 0.05% 4ed00e0 hapiRxTask 0.00% 0.06% 0.03% 562e810 DHCP snoop 0.00% 0.00% 0.06% 58e9bc0 Dynamic ARP Inspection 0.00% 0.06% 0.03% 62038a0 dot1s_timer_task 0.00% 0.00% 0.03% 687f360 dot1xTimerTask 0.00% 0.06% 0.07% 6e23370 radius_task 0.00% 0.00% 0.01% 6e2c870 radius_rx_task 0.00% 0.06% 0.
User Guidelines The following fields are displayed. Fields Description PID Application Linux Process ID Process-Name Linux process name Application ID-VRID-Name Name of the application that started the process and the application ID assigned by the Process Manager. The VRID is the virtual router with which this application is associated. The VRID is 0 for processes associated with the default router and on platforms which do not support the virtual routing feature.
show router-capability Use this command to display the router capabilities of the loaded firmware image. Syntax show router-capability Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes. User Guidelines The capabilities in the switch firmware are determined during the build process. Command History Introduced in version 6.3.0.1 firmware. Updated in version 6.5 firmware. Examples This example displays the capabilities of an N3000-ONv6.5.x.x firmware build.
Syntax show sessions Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays a list of open sessions from remote hosts. console#show sessions Session User Name ID ------- ---------------------0 1 admin 11 admin Connection from Idle Time ----------------- -------EIA-232 00:00:00 10.130.128.17 00:00:05 10.27.192.
show slot Use the show slot command to display information about all the slots in the system or detailed information for a specific slot. Syntax show slot [slot/port] Default Configuration This command has no default configuration. Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Switch slots are populated with cards (see the show supported cardtype command below). However, not all slots are available to be externally populated.
Parameter Description Configured Card Model Identifier The model identifier of the card preconfigured in the slot. Model identifier is a 32-character field used to identify a card. Pluggable Cards are pluggable or non-pluggable in the slot. If you supply a value for slot/port, the following additional information appears as shown in the table below. Parameter Description Inserted Card Model Identifier The model identifier of the card inserted in the slot.
Syntax show supported cardtype [cardindex] • cardindex — Displays the index into the database of the supported card types. This index is used when preconfiguring a slot. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If a card index is entered, then the command displays information about specific card types supported in the system.
Parameter Description Model Identifier The model identifier for the supported card type. Card Description The description for the supported card type. Example This example shows the supported card types for the Dell EMC Networking N3000-ON switch.
Default Configuration This command has no default configuration. Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The switch SID is used when preconfiguring switches in a stack using the member command in config-stack mode. The following table describes the fields in the first example. Field Description Switch Index (SID) This field displays the index into the database of supported switch types.
Example The following example displays the information for supported switch types. console#show supported switchtype SID Switch Model ID --- -------------------------------1 N4032 2 N4032F 3 N4064 4 N4064F The following example displays the format of the show supported switchtype command. console#show supported switchtype 1 Switch Type....................... 0xd8420001 Model Identifier.................. N4032 Switch Description................ Dell Networking N4032 Supported Cards: Slot....................
show switch stack–ports show switch stack–ports counters { all | } show switch stack–ports diag {all | } { verbose } show switch stack–ports stack-path {all | from-unit to-unit } • • • • • • • • • • unit—The stack member number. stack–ports—Display summary stack-port information for all units. counters—Display summary data counter information for all units. diag—Display stacking diagnostics for each unit. stack-path—Display the active path from one stacking unit to another.
The show switch stack-member-number command also shows details of the switch configuration including the SFS last attempt status for the specified unit. If there is a stack firmware synchronization (SFS) operation in progress, the switch status will show as Updating Code. The show switch command may show an SDM Mismatch value in the Switch Status field. This value indicates that the unit joined the stack, but is running a different SDM template than the management unit.
Unit Description Plugged-in Model Identifier This field displays the model identifier for this switch. Model Identifier is a 32-character field assigned by Dell to identify the switch. If no physical unit is present for the unit number, this field is empty. Switch Status This field displays the switch status. Possible values are OK, Unsupported, Code Mismatch, Config Mismatch, SDM Mismatch Not Present, Updating Code, or STM Mismatch Switch Description This field displays the switch description.
Unit Description Standby Status This field indicates whether the switch is the Standby Switch. Preconfigured Model Identifier This field displays the model identifier of a preconfigured switch ready to join the stack. The Model Identifier is a 32-character field assigned by Dell to identify the switch. Plugged-In Model Identifier This field displays the model identifier of the switch physically present in the stack. The Model Identifier is a 32-character field assigned by Dell to identify the switch.
Serial Number..................... CN0H0F6C2829831P0023A00 Up Time........................... 3 days 1 hrs 16 mins 20 secs Example-Stack Ports This example displays information about the stack ports.
--- ---------- --------- ------------- ------------- ------------- --------1 Mgmt Sw N3024 N3024 OK 6.0.0.0 2 Stack Mbr N3024 N3024 Updating Code 6.0.0.0 console#show switch 1 Switch............................ Management Status................. Switch Type....................... Preconfigured Model Identifier.... Plugged-in Model Identifier....... Switch Status..................... Switch Description................ Detected Code Version............. Detected Code in Flash............
Rx out of sync................................. No buffer...................................... Collect sem wait count......................... Collect sem dispatch count..................... 0 0 0 0 ------------------------------------RPC statistics/counters from unit 1 ------------------------------------Client RPC request count....................... Client RPC reply count......................... Client RPC fail to xmit count.................. Client RPC response timedout count.............
Tx Tx Tx Tx Tx Tx Tx Tx Tx Rx CoS[2] reserve.............................. CoS[3] reserve.............................. CoS[4] reserve.............................. CoS[5] reserve.............................. CoS[6] reserve.............................. CoS[7] reserve.............................. pkt pool size............................... available pkt pool size..................... failed/error count.......................... pkt pool size...............................
RX tunnelling out pkts discarded............... OAM events in.................................. OAM events in discarded........................ OAM events out................................. OAM events out discarded....................... BFD events in.................................. BFD events in discarded........................ BFD events out................................. BFD events out discarded....................... Fabric events in............................... Fabric events in discarded......
show system Use the show system command to display system information. Syntax show system [unit] • unit — The unit number. Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The temperature and power sections are only displayed for switches that have temperature or power monitoring capability.
Unit Description Temperature (Celsius) ---- ------------------ ----------1 MAC 33 1 PHY 34 Fans: Unit ---1 1 Description ----------Fan-1 Fan-2 Status ------Failure Failure Power Supplies: Unit Description ---1 1 1 ----------System PS-1 PS-2 Status Average Power (Watts) ----------- ---------Non-critical 39.8 Failure No Power N/A Current Power (Watts) -------39.
User Guidelines This command has no user guidelines. Example console>show system fan Fans: Unit Description Status ---- ----------- -----1 Fan 1 OK 1 Fan 2 OK 1 Fan 3 OK show system id Use the show system id command to display the system identity information. Syntax show system id [unit] • unit — The unit number. Default Configuration This command has no default configuration.
---- ------------------------1 at-N3024-X00-0010 sn-a128 ------------ show system power Use the show system power command to display information about the system level power consumption. Syntax show system power Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command is only available on switches with a power monitoring circuit.
show system temperature Use the show system temperature command to display information about the system temperature and fan status. Syntax show system temperature Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The system temperature is read from one or more sensors placed at critical locations on the PCB.
System Thermal Conditions: Unit Temperature State (Celsius) ---- ----------- ----------1 34 OK Temperature Sensors: Unit Description Temperature (Celsius) ---- ------------------ ----------1 MAC 33 1 PHY 34 show tech-support Use the show tech-support command to display system and configuration information for use in debugging or contacting technical support.
• show interfaces transceiver properties Syntax show tech-support [ bgp | bgp-ipv6 | ospf | ospfv3 | bfd ] [file | usb] • • • • • • • bgp — Show detailed information specific to BGP. bgp-ipv6 — Show detailed information specific to BGP IPv6. ospf — Show detailed information specific to OSPF. ospfv3 — Show detailed information specific to OSPFv3. bfd — Show detailed information specific to BFD. file — Write the output to a file in the local flash instead of the console.
• • • • show ethernet cfm errors (N2200/N3000-ON/N3100-ON/N3200-ON series only) show power inline firmware-version show version show interfaces transceiver properties Tech support files are named tech-supportXXX.txt, where XXX is the date and time stamp of the form YYMMDDHHMMSS. YY is the last two digits of the year, MM is the month, DD is the day of the month, HH is the hour in 24-hour format, MM is the minute, and SS is the second. Use the copy flash://techsupportXXX.
unit active backup current-active next-active ---- ----------- ----------- -------------- -------------1 6.0.0.0 6.0.0.0 6.0.0.0 Operating System............................... Linux 2.6.32 Additional Packages............................ FTOS QoS FTOS Multicast FTOS Stacking FTOS Routing FTOS Data Center ***************** Show SysInfo ****************** System Location................................ System Contact................................. System Object ID...............................
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The command also shows which administrative profiles have been assigned to local user accounts and to show which profiles are active for logged-in users. Example The following example displays a list of active users and the information about them.
Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command shows the version information for the stack master if no arguments are given. Example console#show version Machine Description............... System Model ID................... Machine Type...................... Serial Number..................... Manufacturer...................... Burned In MAC Address............. System Object ID.................. CPU Version..........
Machine Description............... System Model ID................... Machine Type...................... Serial Number..................... Manufacturer...................... Burned In MAC Address............. System Object ID.................. CPU Version....................... SOC Version....................... HW Version........................ CPLD Versions..................... Image File........................ Software Capability...............
stack-port Use the stack-port command in Stack Configuration mode to configure ports as either Stacking ports or as Ethernet ports. NOTE: This command is only valid on the N1100-ON, N1500, N2100-ON, N2200-ON, N3100-ON, and N3200-ON switches. It issues an error response if used on any other switch model.
is not supported. Reboot the switch and examine the output of the show switch stack-ports command to determine the active configuration. The clear config command does not change the stacking port mode. Only the stackport command can change the operating mode of the stacking port and it only takes effect after a reboot. The stack-port configuration mode does not appear in the running config. Use the show switch stack-port command to display configuration and status of stacking ports.
The use of 10G stacking links on the N3200-ON is not recommended when 100G uplinks are utilized. If packet loss on the stacking links or stack splits are encountered in this configuration, the stacking links must be upgraded to at least 50G. Command History Added the speed parameter in version 6.5. Syntax updated in firmware release 6.6.1. The 100g/10g syntax was added in firmware release 6.6.2.
This command persists across reboots, therefore, administrators should use this command with caution during stack upgrade procedures. Example console(config-stack)#stack-port tengigabitethernet 1/2/1 shutdown Disabling a stack port will cause the stack to attempt to re-converge. Application messages will appear in the logs during stack convergence. Before shutting down a stack link, please ensure that your stack is in an active ring topology in order to avoid a stack split.
User Guidelines This unit comes up as the master when the stack failover occurs. Use the no form of this command to reset to default, in which case, a standby is automatically selected from the existing stack units if there is no preconfiguration. Examples console(config)#stack console(config-stack)#standby 2 Command History User Guidelines updated in the 6.4 release. switch renumber Use the switch renumber command in Global Configuration mode to change the identifier for a switch in the stack.
This command may be executed on the stack master or a standalone unit.This command reboots the renumbered switch. After renumbering a switch, it is important to let the master switch synchronize the NSF state before proceeding with additional stack management operations. Use the show nsf command to check the NSF state. If the switch shows Warm Restart Ready as Yes, then the master switch state is synchronized with the standby switch.
Press ENTER to execute the command. port Enter the TCP port number. Default Configuration port — Telnet TCP port (decimal 23) on the host. Command Mode User Exec, Privileged Exec mode User Guidelines The hostname parameter may be a fully or partially qualified domain name. A hostname consists of a series of labels separated by periods. Each label may be a maximum of 63 characters in length. The maximum length of the hostname parameter is 256 characters. Refer to RFC 1035 Section 2.3.
• • • • • • • • • • • • • vrf-name—The name of the VRF associated with the routing table context used by the command. If no vrf is specified, the global routing table context is used. ipaddress—Valid IP address of the destination host. hostname—Hostname of the destination host. (Range: 1–256 characters). The command allows spaces in the host name when specified in double quotes.
The default maxTtl is 30 hops. The default maxFail is 5 probes. Command Mode User Exec mode and Privileged Exec mode User Guidelines Use of the optional VRF parameter executes the command within the context of the VRF-specific routing table. Traceroute operates by sending a sequence of Internet Control Message Protocol (ICMP) echo request packets. The time-to-live (TTL) value, is used in determining the intermediate routers through which the packet flows toward the destination address.
Command History Syntax updated in 6.4 release. traceroute ipv6 Use the traceroute command to discover the routers that packets traverse when traveling to their destination. Syntax traceroute ipv6 ipv6address|hostname [init-ttl initTtl] [max-ttl maxTtl] [max-fail maxFail] [interval interval] [count count] [port port] [size size][source {src-ip-address|vlan vlan-id|loopback loopback-id}] • • ipv6address—Valid IPv6 address of the destination host. hostname—Hostname of the destination host.
• • • • size—The size, in bytes, of the payload of the Echo Requests sent (Range: 0–39936 bytes). The default is 0. src-ip-address—The IPv4 source address to use in the ICMP echo request packets. vlan-id—The source VLAN over which to send the echo request. loopback-id—A configured loopback ID Default Configuration The default count is 3 probes. The default interval is 3 seconds. The default size is 0 data bytes. The default port is 33434. The default initTtl is 1 hop. The default maxTtl is 30 hops.
Examples The following example discovers the routes that packets will actually take when traveling to the destination specified in the command. (console)# traceroute ipv6 2001::2 init-ttl 1 max-ttl 4 max-fail 0 interval 1 count 3 port 33434 size 43 Traceroute to 2001::2, 4 hops max, 43 byte packets: 1 2001::2 708 msec 41 msec 11 msec 2 2001::2 12 msec 13 msec 12 msec 3 2001::2 14 msec 9 msec 11 msec Command History Syntax and description updated in 6.4 release.
This command does not reboot the stack members after the update completes. Do not reload or power off stack members during the update process as it may cause a switch to fail on a subsequent boot. It is recommended that the stack be rebooted after a bootcode update to ensure that all stack members are properly updated. Example The following example updates the bootcode on stack unit 2.
Telnet Server Commands The Telnet protocol (outlined in RFC 854) allows users (clients) to connect to multiuser computers (servers) on the network. Telnet is often employed when a user communicates with a remote login service. Telnet is the terminal emulation protocol in the TCP/IP suite. Telnet uses TCP as the transport protocol to initiate a connection between server and client.
Press 'y' to continue (within 30 seconds) (y/n) Welcome to the N3024 in the Bottom Chassis - 192.168.12.190. This unit is located in A2 and is currently under test. console 2 SSH (Linux Terminal): [root ~]# ssh 192.168.12.84 -l dellradius If you need to utilize this device or otherwise make changes to the configuration, you may contact the owner at x38525. Please, be advised this unit is under test. dellradius@192.168.12.
ip telnet server disable The ip telnet server disable command is used to enable/disable the Telnet service on the switch. Syntax ip telnet server disable no ip telnet server disable Command Mode Global Configuration User Guidelines No specific guidelines. Default Value This feature is enabled by default. Dell EMC Networking N-Series switches support the Telnet service over IPv4 and IPv6.
Command Mode Global Configuration User Guidelines The Telnet server TCP port should not be set to a value that might conflict with other well-known protocol port numbers used on this switch.
Time Ranges Commands Time ranges are used with time-based ACLs to restrict their application due to specific time slots. time-range [name] Use the time-range command with no parameter to globally enable or disable the event notification service of the time range component. Use the time range command with a parameter to create a new time range or edit an existing time range. Use the no form of the command with no parameter to disable the event notification service.
Use the optional name parameter to create a time range consisting of one absolute time entry and/or one or more periodic time entries. If a time range with the name already exists, the command enters Time-Range Configuration mode to allow updating the named time range entries. Adding a conflicting periodic time range to an absolute time range will cause the time range to become inactive. For example, consider an absolute time range from 8:00 AM Tuesday March 1st 2011 to 10 PM Tuesday March 1st 2011.
Default Configuration This command has no default configuration. Command Mode Time Range Configuration User Guidelines Only one absolute time entry is allowed per time-range. The time parameter is referenced to the currently configured time zone. Adding a conflicting periodic time range to an absolute time range will cause the time range to become inactive. For example, consider an absolute time range from 8:00 AM Tuesday March 1st 2011 to 10 PM Tuesday March 1st 2011.
Other possible values are: • – daily -- Monday through Sunday – weekdays -- Monday through Friday – weekend -- Saturday and Sunday – If the ending days of the week are the same as the starting days of the week, they can be omitted. time—The first occurrence of this argument is the starting hours:minutes which the configuration that referenced the time range starts going into effect.
Thursday, Friday) but with after-work hours (9pm to 11pm). The administrator wants to permit/deny HTTP traffic for this time-range, but the entire time-range is invalid due to conflicting entries. The absolute entry is forced to inactive because the periodic entry time is not yet in effect.
Parameter Description Number of Time Ranges Number of time ranges configured in the system. Time Range Name Name of the time range. Time Range Status Status of the time range (active/inactive). Absolute start Start time and day for absolute time entry. Absolute end End time and day for absolute time entry. Periodic Entries Number of periodic entries in a time-range. Periodic start Start time and day for periodic entry. Periodic end End time and day for periodic entry.
USB Flash Drive Commands When available, a USB flash drive can be used to configure, upgrade and provide consistency to a switching network. A USB flash drive can be plugged in sequentially to a set of routers/switches to upgrade to newer software versions without depending on the network to upgrade the switches with new firmware. New switches can be preloaded with configuration prior to deployment. The USB Configuration Port provides access to an optional secondary storage capability to the switch.
Files downloaded from USB flash drive are not copied to RAM to perform validations. Instead, the file is directly read from the USB flash device and copied to buffers to perform the necessary validations. Downloading and Uploading of Files After the file validations are successful, the switch proceeds with downloading of files from the USB flash device to the switch or uploading of files from the switch to the USB flash drive. The status of file download / upload is shown on the console.
show usb Use the show usb command to display the USB flash device details. Syntax show usb device Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines The following table explains the output parameters. Parameter Description Device Status This field specifies the current status of device. • Active if device is plugged-in and the device is recognized by the switch. • Inactive if device is not mounted.
Example The following example is the output if the device is plugged into the USB slot. console#show usb device Device Status.................................. Manufacturer................................... Product Name................................... Device Serial Number........................... Class Code..................................... Subclass Code.................................. Protocol....................................... Vendor ID...................................... Product ID......
User Guidelines Only the first 32 characters of the file name are displayed, even if the file name is longer. Examples console#dir usb Attr Size(bytes) drwx 2640 drwx 0 -rw96 -rw14363703 drwx 1024 Total Size: Bytes Used: Bytes Free: console#dir Creation Time Feb 02 2022 00:26:43 Feb 19 2014 15:22:53 Jan 28 2022 23:05:45 Jan 22 2022 03:36:08 Jan 22 2022 03:36:08 Name . .. snmpOprData.cfg image1.
recover The recover command is implemented as a u-boot environment variable. It mounts the USB stick, copies the image from the USB root level directory into RAM, and executes the image. Syntax recover • image-name—The name of a valid firmware stack file located in the root of the mounted USB stick. Default Configuration This command has no default configuration. Command Mode u-boot mode User Guidelines There is no validation of the image.
User Interface Commands configure terminal Use the configure terminal command to enter Global Configuration mode. This command is equivalent to the configure command with no terminal argument. Syntax configure [terminal] Default Configuration This command has no default configuration.
• line — Command to be executed. It must be an unambiguous command from the Privileged Exec mode. Commands such as configure are forbidden. Command line completion for the line parameter is supported. Users may only execute commands for which they have the appropriate privileges. Default Configuration This command has no default configuration. Command Mode All modes except Privileged Exec and User Exec modes. User Guidelines Command completion using the space bar is available when using this command.
erase exit filedescr help locate logout monitor ping quit release reload rename renew script show telnet terminal test traceroute udld unmount write Delete a file. Exit privileged exec mode. Set a text description for an image file. Display help for various special keys. Blink the locator LED. Exit this session. Any unsaved changes are lost. Configure packet monitoring. Send ICMP echo packets to a specified IP address. Exit this session. Any unsaved changes are lost.
User Guidelines If there is no authentication method defined for enable, then a privilege level 1 user is not allowed to execute this command. Example The following example shows how to enter privileged mode. console>enable console# end Use the end command to return the CLI command mode back to the privileged execution mode or user execution mode. Syntax end Default Configuration This command has no default configuration.
Syntax exit Default Configuration This command has no default configuration. Command Mode All command modes. In User Exec mode, this command behaves identically to the quit command. User Guidelines There are no user guidelines for this command. Example The following example changes the configuration mode from Interface Configuration mode to User Exec mode to the login prompt.
User Guidelines There are no user guidelines for this command. Example The following example closes an active terminal session.
Web Server Commands If enabled, the Dell EMC Networking is manageable via industry standard web browsers. User privilege levels are the same as for the CLI. Over 95% of the management functions are available via the web interface, including configuration and firmware upgrades. Web Sessions The HTTP protocol does not provide support for persistent connections. Connections are constantly made and broken so there is no way to know who is accessing the web interface or for how long they are doing so.
common-name Use the common-name command in Crypto Certificate Generation or Crypto Certificate Request mode to specify the common-name for the switch. Syntax common-name common-name • common-name —Specifies the fully qualified URL or IP address of the switch. If left unspecified, this parameter defaults to the lowest IP address of the switch when the certificate is generated. (Range: 1–64 characters.) Default Configuration This command has no default configuration.
• country — Specifies the country name. (Range: 2 characters) Default Configuration This command has no default configuration. Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command. The user can enter any two printable characters other than a question mark. Example The following example displays how to specify the country as “us.
User Guidelines This command is not saved in the router switch configuration; however, the certificate and keys generated by this command are saved in the private configuration. If the RSA keys do not exist, the key-generate command in Crypto Certificate Generation mode must be used. The key-generate subcommand regenerates the RSA key pair. At least the common name must be configured for a certificate to be valid.
Example The following example generates a self-signed HTTPS certificate. The exit command attempts to generate the self-signed certificate. Use the end command to exit Crypto Certificate Generate mode without generating a certificate. console(config)#crypto certificate 1 generate console(config-crypto-cert)#key-generate console(config-crypto-cert)#common-name DELL-Switch101 console(config-crypto-cert)#country US console(config-crypto-cert)#duration 3650 console(config-crypto-cert)#email no-reply@dell.
YDi3nj9rk3XjyT5pq5VR4YnECfGKcvKsz5fDAgMBAAGgADANBgkqhkiG9w0BAQUF AAOBgQCd7MvbUt2yb0+piCazzvwyEpfXZckgY8B9tFaUgxD6plc88xbfRDIKQXor K85z4bDogjxDZuYTnvZV4aZJLshGUmUZS4cin2TaxHHIf5gI597x5FFYBFTKqSl4 YhfgJtA2BJ/W23xmCrIT00ZINIfwf+PN6cDt2R3ag3hC/+otXw== -----END CERTIFICATE REQUEST----- crypto certificate import Use the crypto certificate import command in Global Configuration mode to import a certificate signed by a Certification Authority for HTTPS.
Depending on the browser, browser version, and level of checking, it may be possible to use the switch generated self-signed certificate to enable HTTPS connections. First generate the certificate using the switch fully-qualified domain name for the certificate common name. For example, if the switch FQDN is dhcp-1-23-4.dns.dell.com, set the certificate common name to dhcp-1-2-34.dns.dell.com when generating the certificate. Add the certificate to the host and/or browser trusted certificate store.
Certificate imported successfully console(config)#show crypto certificate mycertificate 1 -----BEGIN CERTIFICATE----MIIDBDCCAewCCQCP5mFCRmauaDANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMC VVMxCzAJBgNVBAgMAk5DMRAwDgYDVQQHDAdSYWxlaWdoMRIwEAYDVQQKDAlEZWxs LEluYy4xEzARBgNVBAsMCk5ldHdvcmtpbmcxGDAWBgNVBAMMD0RlbGwgTmV0d29y a2luZzEgMB4GCSqGSIb3DQEJARYRbm9yZXBsYXlAZGVsbC5jb20wHhcNMTYwNjA5 MTc0NjAyWhcNMTcxMDIyMTc0NjAyWjB6MQ0wCwYDVQQDDARERUxMMRgwFgYDVQQL DA9EZWxsIE5ldHdvcmtpbmcxEzARBgNVBAcMClJvdW5kIFJvY2sxCzAJBgNVBAgM AlRYMQ
Command Mode Privileged Exec mode User Guidelines Use this command to generate a certificate request to send to a Certification Authority. The certificate request is generated in Base64-encoded X.509 format. Before generating a certificate request, you must first generate a self-signed certificate using the crypto certificate generate command in order to sign the certificate request.
-----END CERTIFICATE REQUEST----- duration Use the duration command in Crypto Certificate Generation mode to specify the duration of certificate validity. Syntax duration days • days — Specifies the number of days a certification would be valid. If left unspecified, the parameter defaults to 365 days. (Range: 30–3650 days) Default Configuration This command defaults to 365 days.
• address—A valid email address conforming to the addr-spec in RFC 5322. Default Configuration By default, no email address is configured. Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines An email address consists of a local-port, an @ symbol, and a case-sensitive domain name. Embedded spaces are not supported. The domain name should be a fully-qualified domain name. The email address is not validated by the switch.
User Guidelines The HTTP TCP port should not be set to a value that might conflict with other well-known protocol port numbers used on this switch. Example The following example shows how the http port number is configured to 10013. console(config)#ip http port 10013 ip http server Use the ip http server command to enable the switch to allow HTTP access to the switch. To disable this function use the no form of this command.
ip http secure-certificate Use the ip http secure-certificate command to configure the active certificate for HTTPS. To return to the default setting, use the no form of this command. Syntax ip http secure-certificate number no ip http secure-certificate • number—Specifies the certificate number. (Range: 1–2) Default Configuration The default value of the certificate number is 1.
• port-number— Port number for use by the secure HTTP server. (Range: 1025–65535) Default Configuration This default port number is 443. Command Mode Global Configuration mode User Guidelines The HTTPS TCP port should not be set to a value that might conflict with other well known protocol port numbers used on this switch. It is not possible for the administrator to directly configure the port number to 443 as 443 is out of range.
User Guidelines The switch must be configured with RSA and DSA keys (crypto key generate) prior to enabling the HTTP server. Optionally, the switch may be provisioned with up to two signed certificates. Dell EMC Networking N-Series switches support HTTPS over IPv4 and IPv6. Example The following example enables the switch to be configured from a browser using HTTPS. console(config)#ip http secure-server ip scp server enable Use the ip scp server enable command to enable the internal SCP server.
Command History Command introduced in version 6.6 firmware. Example This example shows the command used on a host computer to copy the startup configuration onto the switch located at 192.168.0.1 using the admin account. key-generate Use the key-generate command in Crypto Certificate Generation mode to generate a new RSA key prior to generating the certificate key.
Example The following example displays how to generate the SSL RSA key 2048 bytes in length. console(config-crypto-cert)#key-generate 2048 location Use the location command in Crypto Certificate Generation or Crypto Certificate Request mode to specify the location or city name. Syntax location location • location — Specifies the location or city name. (Range: 1–64 characters) Default Configuration This command has no default configuration.
• • number— The number of the SSH certificate to remove(between 1 to 2). openflow—Remove the openflow certificate and associated information. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The no crypto certificate openflow command erases the Certificate Authority certificates used for validating the OpenFlow Controllers from the switch. Issuing this command automatically disables and re-enables the OpenFlow feature.
Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines The name should not be abbreviated and should contain suffixes, such as Inc., Corp., or LLC. Enclose the parameter in quotes to embed spaces within the name. The organization name is not validated by the switch. organization-unit Use the organization-unit command in Crypto Certificate Generation or Crypto Certificate Request mode to specify the organization unit.
quit Use the quit command to exit from crypto certificate generate mode, crypto certificate import mode, or crypto certificate request mode without performing the action. Syntax quit Default Configuration This command has no default configuration. Command Mode Crypto Certificate Request, Crypto Certificate Generate User Guidelines This command exits from the crypto certificate request or crypto certificate generate mode and discards any information entered.
Default configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes Example The following example displays the SSL certificate of a sample switch.
Syntax show ip http server status Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the HTTP server configuration. console#show ip http server status HTTP server enabled.
Example The following example displays an HTTPS server configuration with DH Key exchange enabled. console#show ip http server secure status HTTPS server enabled. Port: 443 DH Key exchange enabled. Certificate 1 is active Issued by: www.verisign.com Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: DC789788 DC88A988 127897BC BB789788 Subject: /CN=DELL/OU=Dell Networking/L=Round Rock/ST=TX/C=US/emailAddress= no-reply@dell.
Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command. Example The following example shows how to specify the state of “TX.
Switch Management Commands 2384
Appendix A: List of Commands A aaa accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 924 aaa accounting delay-start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 926 aaa accounting update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 927 aaa authentication dot1x default . . . . . . . . . . . . . . . . . . . . . . . . . . . . 929 aaa authentication enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
area nssa no-summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1680, 1767 area nssa translator-role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1681, 1768 area nssa translator-stab-intv . . . . . . . . . . . . . . . . . . . . . . . . . . 1682, 1769 area range (Router OSPF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1683 area range (Router OSPFv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1769 area stub . . . . . . . . . . . . . .
authentication event server dead action authorize voice . . . . . . . . . 900 authentication host-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1073 authentication max-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1076 authentication monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1081 authentication open . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 950 authentication order . . . . . . . . . . .
bgp listen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . bgp log-neighbor-changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . bgp maxas-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . bgp router-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . block . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
clear dot1x statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1080 clear gmrp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502 clear green-mode statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491 clear gvrp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505 clear host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
clear vpc statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 634 clear vrrp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1896 client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1087 client-identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1980 client-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
debug bfd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2113 debug cfm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2114 debug clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2115 debug console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2115 debug crashlog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
default mab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1066 default metric (BGP Router Configuration) . . . . . . . . . . . . . . . . . . 1267 default metric (IPv6 Address Family Configuration) . . . . . . . . . . . 1268 default-information originate (BGP Router Configuration) . . . . . . 1265 default-information originate (IPv6 Address Family Configuration) 1266 default-information originate (Router OSPF Configuration) . . . .
distribute-list prefix out (IPv6 Address Family Configuration) . . . 1274 dns-server (IP DHCP Pool Config) . . . . . . . . . . . . . . . . . . . . . . . . . 1982 dns-server (IPv6 DHCP Pool Config) . . . . . . . . . . . . . . . . . . . . . . . . 2003 do . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2354 domain-name (IP DHCP Pool Config) . . . . . . . . . . . . . . . . . . . . . . 1983 domain-name (IPv6 DHCP Pool Config) . . . . . . . . . . . . . . . .
ethernet cfm mep level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444 ethernet cfm mip level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447 ethernet ring g8032 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459 ethernet ring g8032 profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456 ethernet tcn-propagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
H hardware profile openflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1200 hardware profile portmode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2255 hardware-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1983 hashing-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677 history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ip arp inspection vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386 ip as-path access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1276, 1414 ip bgp fast-external-fallover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1279 ip bgp-community new-format . . . . . . . . . . . . . . . . . . . . . . . . 1279, 1416 ip community-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1280, 1417 ip default-gateway . . . .
ip helper enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1486 ip helper-address (global configuration) . . . . . . . . . . . . . . . . . . . . . . 1482 ip helper-address (interface configuration) . . . . . . . . . . . . . . . . . . . 1484 ip host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2041 ip http authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 957 ip http port . . .
ip igmp version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ip irdp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ip irdp holdtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ip irdp maxadvertinterval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ip irdp minadvertinterval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ip irdp multicast . .
ip policy route-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1498 ip prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1418 ip prefix-list description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1420 ip proxy-arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1228 ip redirects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ipv6 dhcp snooping trust . . . . . . . . . . . . . . . . . . . . . . . . . 370, 1443, 2018 ipv6 dhcp snooping verify mac-address . . . . . . . . . . . . . 371, 1443, 2018 ipv6 enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1547 ipv6 enable (Interface Config) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2048 ipv6 enable (OOB Config) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2049 ipv6 gateway (OOB Config) . . . . . . . . . .
ipv6 nd ra-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1564 ipv6 nd ra-lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1565 ipv6 nd reachable-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1566 ipv6 nd suppress-ra . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1567 ipv6 ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
iscsi cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iscsi enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iscsi target port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . isdp advertise-v2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . isdp enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2223 logging audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2226 logging buffered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2226 logging cli-command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2222 logging console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
macro name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1914 macro trace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1918 mail-server ip-address | hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . 996 management access-class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1157 management access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1158 mark cos . . .
maximum-paths ibgp (IPv6 Address Family Configuration) . . . . . 1289 max-metric router-lsa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1716 member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2263 mirror . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 753 mmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 904 mmrp global . . .
neighbor ebgp-multihop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1300 neighbor fall-over bfd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1237 neighbor filter-list (BGP Router Configuration) . . . . . . . . . . . . . . . 1302 neighbor filter-list (IPv6 Address Family Configuration) . . . . . . . . 1304 neighbor inherit peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1305 neighbor local-as . . . . . . . . . . . . . . . . . .
nsf helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1721, 1793 nsf helper strict-lsa-checking . . . . . . . . . . . . . . . . . . . . . . . . . . 1722, 1793 nsf restart-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1722, 1794 O openflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1205 open-ring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2265 ping ethernet cfm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447 police-simple . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 753 police-single-rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 755 police-two-rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
R radius server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1032 radius server attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1021 radius server attribute 168 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1029 radius server attribute 25 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1024 radius server attribute 32 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
renew dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1971 retransmit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1043 revision (mst) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793 rmon alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2090 rmon collection history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
set interface null0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1519 set ip default next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1520 set ip next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1521 set ip precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1522 set ipv6 default next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show bgp ipv6 community-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1350 show bgp ipv6 listen range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1352 show bgp ipv6 neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1353 show bgp ipv6 neighbors advertised-routes . . . . . . . . . . . . . . . . . . . 1358 show bgp ipv6 neighbors policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1360 show bgp ipv6 neighbors received-routes . . .
show dhcp l2relay interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343 show dhcp l2relay remote-id vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347 show dhcp l2relay stats interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344 show dhcp l2relay vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346 show dhcp lease . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1972 show diffserv . . . .
show hiveagent status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2028 show hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2050 show idprom interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2281 show idprom interface interface-id . . . . . . . . . . . . . . . . . . . . . . . . . . . 409 show interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show ip bgp summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1394 show ip bgp update-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1400 show ip bgp vpn4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1403 show ip brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1523 show ip community-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show ip igmp snooping querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532 show ip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1524 show ip irdp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1833 show ip mcast mroute static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1622 show ip mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1531 show ip route preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1534 show ip route static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1534 show ip route summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1535 show ip sla configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show ipv6 mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1644 show ipv6 mroute group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1646 show ipv6 mroute source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1647 show ipv6 neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1588 show ipv6 ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show iscsi sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 596 show isdp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332 show isdp entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333 show isdp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334 show isdp neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show monitor session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705 show msg-queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2156, 2285 show mvr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 664 show mvr interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667 show mvr members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show sflow agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2170 show sflow destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2171 show sflow polling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2172 show sflow sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2173 show slot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show tech-support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2318 show time-range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2346 show track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1670 show trapflags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2183 show udld . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
snmp-server contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2187 snmp-server enable traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2188 snmp-server engineID local . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2191 snmp-server filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2193 snmp-server group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
spanning-tree portfast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 820 spanning-tree portfast bpdufilter default . . . . . . . . . . . . . . . . . . . . . . 821 spanning-tree portfast default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 822 spanning-tree port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 823 spanning-tree port-priority (Interface Configuration) . . . . . . . . . . . . 823 spanning-tree priority . . . . . . . . . . .
switchport mode dot1q-tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 878 switchport mode private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 880 switchport port-security (Global Configuration) . . . . . . . . . . . . . . . . 304 switchport port-security (Interface Configuration) . . . . . . . . . . . . . . 308 switchport private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 881 switchport protected . . . . . . . . . . . . . . . . . .
traceroute ethernet cfm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448 traceroute ipv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1597, 2334 track interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1894 track ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1895 track ip sla . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
vlan protocol group add protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . 890 vlan protocol group name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 891 vlan protocol group remove . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 892 vpc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 653 vpc domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Printed in the U.S.A. www.dell.com | support.dell.