Dell EMC Networking N-Series N1100-ON, N1500, N2000, N2100-ON, N2200-ON, N3000ON, and N3100-ON Switches CLI Reference Guide Version 6.6.
Notes NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ____________________ Information in this publication is subject to change without notice. Copyright © 2019 Dell EMC Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. This product is protected by U.S.
Contents 1 Dell EMC Networking CLI Introduction . . . . . . . . . . . . . 97 . . . . . . . . . . . . . . . . . . . . 97 Command Groups . Mode Types . . . . . . . . . . . . . . . . . . 97 . . . . . . . . . . . . . . . . . . . . 103 Layer 2 Commands Security Commands Data Center Commands . . . . 156 . . . . . . . . . . . . . . 156 Layer 3 Routing Commands . 201 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Introduction . 157 . . . . . . . . . . . .
3 Layer 2 Switching Commands . . . . . . . . 271 ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272 ACL Logging . . . . . . . . . . . . . . . . . . . . Commands in this Section ip access-list . . . . . . . . . . . . . 275 . . . . . . . . . . . . . . . . . . . . 275 deny | permit (IP ACL). . . . . . . . . . . . . . . . deny | permit (Mac-Access-List-Configuration) ip access-group 276 . . 282 . . . . . . . . . . . . . . . . . . 285 mac access-group . . . . . . .
mac address-table multicast forbidden address . mac address-table static . . 303 . . . . . . . . . . . . . 304 switchport port-security (Global Configuration) . . 305 switchport port-security (Interface Configuration) 308 show mac address-table multicast . show mac address-table . . . . . . . . . 314 . . . . . . . . . . . . . 315 show mac address-table address show mac address-table count . . . . . . . . . 316 . . . . . . . . . . 317 show mac address-table dynamic . . . . . . . . .
isdp enable . . . . . . . . . . . . . . . . . . . . . isdp holdtime isdp timer 331 . . . . . . . . . . . . . . . . . . . . 332 . . . . . . . . . . . . . . . . . . . . . . 333 show isdp . . . . . . . . . . . . . . . . . . . . . . show isdp entry . . . . . . . . . . . . . . . . . . . 333 334 show isdp interface . . . . . . . . . . . . . . . . . 335 show isdp neighbors . . . . . . . . . . . . . . . . 336 . . . . . . . . . . . . . . . . . .
show dhcp l2relay circuit-id vlan . . . . . . . . . . 348 show dhcp l2relay remote-id vlan . . . . . . . . . 349 clear dhcp l2relay statistics interface . . . . . . . 349 DHCP Snooping Commands . . . . . . . . . . . . . . . . . . . .351 Commands in this Section . . . . . . . . . . . . . clear ip dhcp snooping binding . . . . . . . . . . . clear ip dhcp snooping statistics . ip dhcp snooping 352 352 . . . . . . . . . 353 . . . . . . . . . . . . . . . . . . 353 ip dhcp snooping binding . .
clear ipv6 dhcp snooping statistics ipv6 dhcp snooping . . . . . . . . . 367 . . . . . . . . . . . . . . . . 367 ipv6 dhcp snooping vlan . . . . . . . . . . . . . . ipv6 dhcp snooping binding . . . . . . . . . . . . ipv6 dhcp snooping database . . . . . . . . . . . ipv6 dhcp snooping database write-delay ipv6 dhcp snooping limit 369 370 . . . . . 371 . . . . . . . . . . . . . . 372 ipv6 dhcp snooping log-invalid . ipv6 dhcp snooping trust 368 . . . . . . . . . . 373 . . . . . . . . . .
Commands in this Section arp ip access-list . . . . . . . . . . . . . 385 . . . . . . . . . . . . . . . . . . 385 clear ip arp inspection statistics . . . . . . . . . . 386 ip arp inspection filter . . . . . . . . . . . . . . . 387 ip arp inspection limit . . . . . . . . . . . . . . . . 387 ip arp inspection trust . . . . . . . . . . . . . . . 388 ip arp inspection validate . ip arp inspection vlan . . . . . . . . . . . . . . 389 . . . . . . . . . . . . . . . 390 . . . . . . . . . . .
rate-limit cpu . . . . . . . . . . . . . . . . . . . . show interfaces. . . . . . . . . . . . . . . . . . . show interfaces advertise . . . . . . . . . . . . . show interfaces configuration show interfaces counters 407 409 412 . . . . . . . . . . . 414 . . . . . . . . . . . . . 415 show interfaces debounce . . . . . . . . . . . . . 420 show interfaces description . . . . . . . . . . . . 421 . . . . . . . . . . . . . . . 422 show interfaces detail show interfaces status . . . . . . . .
system jumbo mtu . . . . . . . . . . . . . . . . . 441 Ethernet CFM Commands . . . . . . . . . . . . . . . . . . . . . .443 Commands in this Section . . . . . . . . . . . . . 443 . . . . . . . . . . . . . . . . 444 . . . . . . . . . . . . . . . . . . . . . . . 445 ethernet cfm domain service ethernet cfm cc level . . . . . . . . . . . . . . . . ethernet cfm mep level . . . . . . . . . . . . . . . ethernet cfm mep enable . ethernet cfm mep active 446 . . . . . . . . . . . . . 447 . . . . .
ethernet ring g8032 . . . . . . . . . . . . . . . . . 462 port0. . . . . . . . . . . . . . . . . . . . . . . . . 463 port1. . . . . . . . . . . . . . . . . . . . . . . . . 464 open-ring . . . . . . . . . . . . . . . . . . . . . . 465 instance . . . . . . . . . . . . . . . . . . . . . . . 466 . . . . . . . . . . . . . . . . . . . . . . . 467 . . . . . . . . . . . . . . . . . . . . . . . . . 468 profile . rpl . inclusion-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Energy-Detect Mode . . . . . . . . . . . . . . . . Energy Efficient Ethernet . . . . . . . . . . . . . . green-mode energy-detect . green-mode eee 491 491 . . . . . . . . . . . . 492 . . . . . . . . . . . . . . . . . . 493 green-mode eee { tx-idle-time | tx-wake-time} . . . 493 clear green-mode statistics . . . . . . . . . . . . 494 green-mode eee-lpi-history . . . . . . . . . . . . 495 show green-mode interface-id . show green-mode . . . . . . . . . . 496 . . . . . . . . . . . . . . .
gvrp vlan-creation-forbid . show gvrp configuration . . . . . . . . . . . . . 513 . . . . . . . . . . . . . . 514 show gvrp error-statistics show gvrp statistics . . . . . . . . . . . . . 515 . . . . . . . . . . . . . . . . 516 IGMP Snooping Commands . . . . . . . . . . . . . . . . . . . .518 Commands in this Section ip igmp snooping . . . . . . . . . . . . . 519 . . . . . . . . . . . . . . . . . . 519 show ip igmp snooping . . . . . . . . . . . . . . . 521 show ip igmp snooping groups .
ip igmp snooping querier timer expiry . . . . . . . 535 . . . . . . . . . 536 . . . . . . . . . . 536 ip igmp snooping querier version. show ip igmp snooping querier . Interface Error Disable and Auto Recovery Commands 540 Commands in this Section . . . . . . . . . . . . . 540 errdisable recovery cause . . . . . . . . . . . . . 540 errdisable recovery interval show errdisable recovery . . . . . . . . . . . . 542 . . . . . . . . . . . . . 543 show interfaces status err-disabled . . . . .
ipv6 access-list . . . . . . . . . . . . . . . . . . . ipv6 access-list rename ipv6 traffic-filter . 568 . . . . . . . . . . . . . . 569 . . . . . . . . . . . . . . . . . . 569 show ipv6 access-lists . . . . . . . . . . . . . . . 571 IPv6 MLD Snooping Commands . . . . . . . . . . . . . . . . .573 Commands in this Section . . . . . . . . . . . . . 573 ipv6 mld snooping vlan groupmembership-interval 574 ipv6 mld snooping vlan immediate-leave . . . . . .
ipv6 mld snooping querier query-interval . . . . . 587 . . . . . . 588 . . . . . . . . . . 589 ipv6 mld snooping querier timer expiry . show ipv6 mld snooping querier IP Source Guard Commands . . . . . . . . . . . . . . . . . . . .592 Commands in this Section . . . . . . . . . . . . . 592 ip verify source . . . . . . . . . . . . . . . . . . . 592 ip verify binding . . . . . . . . . . . . . . . . . . . 594 . . . . . . . . . . . . . . . . . . . 594 show ip verify . show ip verify source .
LLDP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .608 Commands in this Section . . . . . . . . . . . . . 609 . . . . . . . . . . . . . . . 609 . . . . . . . . . . . . . . . . . 610 . . . . . . . . . . . . . . . . . . . . . 611 . . . . . . . . . . . . . . . . . . . . . . 611 clear lldp remote-data clear lldp statistics debug lldp . lldp med . lldp med confignotification . . . . . . . . . . . . . lldp med faststartrepeatcount . . . . . . . . . . . 613 . . . . . . . . .
show lldp med remote-device . . . . . . . . . . . 626 . . . . . . . . . . . . . 628 . . . . . . . . . . . . . . . . 630 show lldp remote-device . show lldp statistics . Loop Protection Commands . . . . . . . . . . . . . . . . . . . .633 Commands in this Section . . . . . . . . . . . . . keepalive (Interface Config) 633 . . . . . . . . . . . . 633 . . . . . . . . . . . . . 635 keepalive action . . . . . . . . . . . . . . . . . . 636 show keepalive . . . . . . . . . . . . . . . . . . .
show vpc consistency-parameters . . . . . . . . 651 . . . . . . . . . . 653 . . . . . . . . . . . . . 654 . . . . . . . . . . . . . . . . . . . 655 show vpc consistency-features show vpc peer-keepalive . show vpc role . show vpc statistics . system-mac . . . . . . . . . . . . . . . . . 656 . . . . . . . . . . . . . . . . . . . . 658 system-priority vpc . . . . . . . . . . . . . . . . . . . 659 . . . . . . . . . . . . . . . . . . . . . . . . . 660 vpc domain . . . . . . . . . . . . . . .
show mvr members . . . . . . . . . . . . . . . . . 673 show mvr interface . . . . . . . . . . . . . . . . . 674 . . . . . . . . . . . . . . . . . . 676 show mvr traffic Port Channel Commands . . . . . . . . . . . . . . . . . . . . . . .678 Static LAGS . . . . . . . . . . . . . . . . . . . . . 679 VLANs and LAGs . . . . . . . . . . . . . . . . . . 680 LAG Thresholds . . . . . . . . . . . . . . . . . . . 680 . . . . . . . . . . . . . . . . . . . . 680 LAG Hashing Enhanced LAG Hashing. .
show interfaces port-channel show lacp . . . . . . . . . . . . 691 . . . . . . . . . . . . . . . . . . . . . 692 show statistics port-channel . . . . . . . . . . . . 694 Port Monitor Commands . . . . . . . . . . . . . . . . . . . . . . .697 Commands in this Section . . . . . . . . . . . . . monitor capture (Global Configuration) . . . . . . 698 . . . . . . . . . 700 . . . . . . . . . . . . . . . 700 . . . . . . . . . . . . . . . . . . 705 . . . . . . . . . . . . . . . . . . . .
class . . . . . . . . . . . . . . . . . . . . . . . . class-map . . . . . . . . . . . . . . . . . . . . . . class-map rename . . . . . . . . . . . . . . . . . classofservice dot1p-mapping . . . . . . . . . . . classofservice ip-dscp-mapping . 723 725 726 . . . . . . . . . 727 . . . . . . . . . . . . . . . . 730 . . . . . . . . . . . . . . . . . . . 731 classofservice trust . conform-color. 722 cos-queue min-bandwidth . . . . . . . . . . . . . 733 cos-queue random-detect . . . . . . . .
match dstip6 . . . . . . . . . . . . . . . . . . . . 750 match dstl4port . . . . . . . . . . . . . . . . . . . 751 match ethertype . . . . . . . . . . . . . . . . . . 751 match ip6flowlbl . . . . . . . . . . . . . . . . . . 752 . . . . . . . . . . . . . . . . . . . 753 match ip dscp . match ip precedence . match ip tos . . . . . . . . . . . . . . . . 754 . . . . . . . . . . . . . . . . . . . . 755 match protocol . . . . . . . . . . . . . . . . . . . 756 . . . . . . . . . . . .
service-policy . . . . . . . . . . . . . . . . . . . . show class-map . . . . . . . . . . . . . . . . . . show classofservice dot1p-mapping . . . . . . . . show classofservice ip-dscp-mapping . 776 777 . . . . . . 778 . . . . . . . . . . . . . 780 . . . . . . . . . . . . . . . . . . . . 781 show classofservice trust show diffserv 775 show diffserv service interface . . . . . . . . . . 782 show diffserv service brief . . . . . . . . . . . . . 783 show interfaces cos-queue . . . . . . .
instance (mst) . . . . . . . . . . . . . . . . . . . . 800 name (MST) . . . . . . . . . . . . . . . . . . . . . 802 revision (mst) . . . . . . . . . . . . . . . . . . . . 803 show spanning-tree . . . . . . . . . . . . . . . . show spanning-tree summary . . . . . . . . . . . 812 . . . . . . . . . . . . . 813 . . . . . . . . . . . . . . . . . . . 814 show spanning-tree vlan . spanning-tree . 804 spanning-tree auto-portfast . . . . . . . . . . . . 815 spanning-tree backbonefast . . . .
spanning-tree mst port-priority . . . . . . . . . . . 828 . . . . . . . . . . . . . 829 . . . . . . . . . . . . . . . 830 spanning-tree mst priority spanning-tree portfast spanning-tree portfast bpdufilter default. spanning-tree portfast default . . . . . 831 . . . . . . . . . . . 832 spanning-tree port-priority (Interface Configuration) 833 spanning-tree priority. . . . . . . . . . . . . . . . spanning-tree tcnguard . . . . . . . . . . . . . . 835 . . . . . . . . 836 . . . . . . . . . .
Commands in this Section . . . . . . . . . . . . . udld enable (Global Configuration) . udld reset . . . . . . . . . 847 . . . . . . . . . . . . . . . . . . . . . 848 udld message time . . . . . . . . . . . . . . . . . udld timeout interval . . . . . . . . . . . . . . . . udld enable (Interface Configuration) udld port 847 849 850 . . . . . . . 850 . . . . . . . . . . . . . . . . . . . . . . 851 show udld . . . . . . . . . . . . . . . . . . . . . . 852 VLAN Commands . . . . . . . . . .
protocol vlan group . . . . . . . . . . . . . . . . . protocol vlan group all show dot1q-tunnel . . . . . . . . . . . . . . . 869 . . . . . . . . . . . . . . . . . 870 show interfaces switchport show port protocol . . . . . . . . . . . . 871 . . . . . . . . . . . . . . . . . 873 show switchport ethertype . show vlan . 868 . . . . . . . . . . . . 873 . . . . . . . . . . . . . . . . . . . . . 875 show vlan association mac . . . . . . . . . . . . . . . . . . . . . . . . 877 . . . . . . . .
switchport private-vlan . switchport trunk . . . . . . . . . . . . . . 893 . . . . . . . . . . . . . . . . . . 895 switchport trunk encapsulation dot1q vlan . . . . . . . 897 . . . . . . . . . . . . . . . . . . . . . . . . . 898 vlan association mac . vlan association subnet vlan makestatic . 899 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 900 . . . . . . . . . . . . . . . . . . 900 vlan protocol group . 901 . . . . . . . . . . . . . . . . . . . . . . . . . 902 . . . . . .
Administrative Accounting . . . . . . . . . . . . . 919 . . . . . . . . . . . . . 920 . . . . . . . . . . . . . . . . 920 Accounting Method Lists . Access Line Modes . Command Authorization . . . . . . . . . . . . . . 921 Network Authentication . . . . . . . . . . . . . . 921 Local 802.1x Authentication Server . . . . . . . . 921 . . . . . . . . . . . . 922 . . . . . . . . . . . . . . . . . . . . 923 MAC Authentication Bypass Guest VLAN . Unauthenticated VLAN . . . . . . . . . . . . .
authentication command . . . . . . . . . . . . . . authentication critical recovery . . . . . . . . . . authentication dynamic-vlan enable . authentication enable 944 945 . . . . . . . 946 . . . . . . . . . . . . . . . 947 authentication event server dead action . . . . . . 948 authentication event server alive action . . . . . . 949 authentication open . . . . . . . . . . . . . . . . 950 authentication order . . . . . . . . . . . . . . . . 951 authentication priority . . . . . . . .
show aaa statistics . . . . . . . . . . . . . . . . . 964 show accounting methods . . . . . . . . . . . . . 964 show accounting update . . . . . . . . . . . . . . 965 . . . . . . . . . . . . . . . . 966 show authentication show authentication authentication-history . . . . 969 show authentication methods . . . . . . . . . . . 970 show authentication statistics . . . . . . . . . . . 971 . . . . . . . . . . . . 972 . . . . . . . . . . . . . . . . . . . . .
Commands in this Section logging email . . . . . . . . . . . . . 987 . . . . . . . . . . . . . . . . . . . . 988 logging email urgent 989 . . . . . . . . . . . . . . . . logging email message-type to-addr . logging email from-addr . . . . . . . 990 . . . . . . . . . . . . . . 991 logging email message-type subject . logging email logtime . . . . . . . . 992 . . . . . . . . . . . . . . . 993 logging email test message-type . . . . . . . . . . 994 show logging email statistics . . . . .
attribute 6 . . . . . . . . . . . . . . . . . . . . . 1006 attribute 8 . . . . . . . . . . . . . . . . . . . . . 1007 attribute 25 . . . . . . . . . . . . . . . . . . . . 1008 attribute 31 . . . . . . . . . . . . . . . . . . . . 1009 attribute 32 . . . . . . . . . . . . . . . . . . . . 1010 attribute 44 . . . . . . . . . . . . . . . . . . . . 1011 attribute 168 . . . . . . . . . . . . . . . . . . . . authentication event fail retry auth-port . . . . . . . . . . 1013 . . . . . . . . .
radius server attribute 44 . . . . . . . . . . . . . radius server attribute mac format . radius server attribute 168 . . . . . . . 1029 . . . . . . . . . . . . 1030 radius server dead-criteria . . . . . . . . . . . . 1031 . . . . . . . . . . . . . 1032 . . . . . . . . . . . . . . . . . . . 1033 radius server deadtime . radius server 1028 radius server key . . . . . . . . . . . . . . . . . radius server load-balance . 1035 . . . . . . . . . . . 1037 radius server retransmit . . . . .
key . . . . . . . . . . . . . . . . . . . . . . . . 1056 port . . . . . . . . . . . . . . . . . . . . . . . . 1057 priority . . . . . . . . . . . . . . . . . . . . . . show tacacs . . . . . . . . . . . . . . . . . . . 1058 1058 tacacs-server host . . . . . . . . . . . . . . . . 1059 tacacs-server key . . . . . . . . . . . . . . . . 1060 tacacs-server source-interface . . . . . . . . . 1061 . . . . . . . . . . . . . . 1062 . . . . . . . . . . . . . . . . . . . . . .
authentication max-users . . . . . . . . . . . . authentication port-control . . . . . . . . . . . . 1080 . . . . . . . . . . . . . 1081 . . . . . . . . . . . . . . . 1082 authentication periodic . clear dot1x statistics dot1x system-auth-control . . . . . . . . . . . . 1083 . . . . . . . . . . . . . . 1084 . . . . . . . . . . . . . . . . . . . 1085 authentication monitor dot1x timeout authentication timer reauthenticate . . . . . . . 1087 . . . . . . . . . . . . . . . . . . . . .
authentication event no-response . . . . . . . . 1109 . . . . . . . . . 1110 . . . . . . . . . . . . . 1111 . . . . . . . . . . . . . . 1112 dot1x timeout guest-vlan-period authentication event fail show dot1x advanced Captive Portal Commands . . . . . . . . . . . . . . . . . . . . .1114 Commands in this Section . . . . . . . . . . . . 1114 . . . . . . . . . . . . . . 1116 . . . . . . . . . . . . . . . . . . 1116 . . . . . . . . . . . . . . . . . . . . . .
redirect . . . . . . . . . . . . . . . . . . . . . . redirect-url . . . . . . . . . . . . . . . . . . . . session-timeout . verification 1126 1126 . . . . . . . . . . . . . . . . . 1127 . . . . . . . . . . . . . . . . . . . . 1128 captive-portal client deauthenticate . . . . . . . 1129 . . . . . . . . 1129 show captive-portal configuration client status . 1130 show captive-portal interface client status 1131 show captive-portal client status . . .
user group . . . . . . . . . . . . . . . . . . . . user group moveusers user group name 1143 . . . . . . . . . . . . . . 1143 . . . . . . . . . . . . . . . . . 1144 Denial of Service Commands . . . . . . . . . . . . . . . . . .1145 Commands in this Section . . . . . . . . . . . . 1146 . . . . . . . . . . . . . . . 1147 . . . . . . . . . . . . . . . . . 1147 dos-control firstfrag dos-control icmp dos-control l4port . . . . . . . . . . . . . . . . . 1148 dos-control sipdip . . . . . . . .
no priority (management) . permit (management) . . . . . . . . . . . . . 1165 . . . . . . . . . . . . . . 1165 show management access-class show management access-list . . . . . . . . . 1167 . . . . . . . . . 1168 Password Management Commands . . . . . . . . . . . .1169 Configurable Minimum Password Length . . . . 1169 . . . . . . . . . . . . . . . . 1169 . . . . . . . . . . . . . . . . . 1169 . . . . . . . . . . . . . . . . . . . 1169 Password History .
passwords strength max-limit repeated-characters 1180 passwords strength minimum character-classes 1181 passwords strength exclude-keyword . enable password encrypted . . . . . 1182 . . . . . . . . . . . 1183 show passwords configuration. show passwords result . . . . . . . . . . 1183 . . . . . . . . . . . . . 1185 SSH Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1187 Commands in this Section . . . . . . . . . . . . 1187 crypto key generate dsa . . . . . . . . . . . . .
show ip ssh . 5 . . . . . . . . . . . . . . . . . . . Data Center Technology Commands . . 1200 1203 OpenFlow Commands . . . . . . . . . . . . . . . . . . . . . . . .1204 Commands in this Section controller . . . . . . . . . . . . 1204 . . . . . . . . . . . . . . . . . . . . . 1204 hardware profile openflow . . . . . . . . . . . . 1206 . . . . . . . . . . . . . . . . . . . 1207 . . . . . . . . . . . . . . . . . . . . . . . 1209 ipv4 address mode openflow passive . . . . . . . . . . . . .
arp resptime . . . . . . . . . . . . . . . . . . . 1230 arp retries . . . . . . . . . . . . . . . . . . . . . 1231 arp timeout . . . . . . . . . . . . . . . . . . . . 1231 clear arp-cache. . . . . . . . . . . . . . . . . . clear arp-cache management . . . . . . . . . . 1233 . . . . . . . . . . . . . . . . 1234 . . . . . . . . . . . . . . . . . . . 1234 . . . . . . . . . . . . . . . . . . . . . 1235 ip local-proxy-arp . ip proxy-arp .
address-family ipv4 vrf address-family ipv6 . . . . . . . . . . . . . . . 1254 . . . . . . . . . . . . . . . 1255 address-family vpnv4 unicast aggregate-address . . . . . . . . . . . 1256 . . . . . . . . . . . . . . . 1257 bgp aggregate-different-meds (BGP Router Configuration) . . . . . . . . . . . . . . . . . . . 1259 bgp aggregate-different-meds (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . . . . . 1260 bgp always-compare-med . . . . . . . . . . . .
clear ip bgp counters . . . . . . . . . . . . . . . 1273 default-information originate (BGP Router Configuration) . . . . . . . . . . . . . . . . . . . 1274 default-information originate (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . default metric (BGP Router Configuration) . . . . 1275 1276 default metric (IPv6 Address Family Configuration) 1277 distance . . . . . . . . . . . . . . . . . . . . . . distance bgp (BGP Router Configuration) . . . .
maximum-paths (BGP Router Configuration) . . . 1294 maximum-paths (IPv6 Address Family Configuration) 1295 maximum-paths ibgp (BGP Router Configuration) 1296 maximum-paths ibgp (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . . . . . neighbor activate . . . . . . . . . . . . . . . . . 1298 1299 neighbor advertisement-interval (BGP Router Configuration) . . . . . . . . . . . . . . . . . . . 1300 neighbor advertisement-interval (IPv6 Address . . . . . . . . . . . . . . 1301 . . .
neighbor inherit peer . neighbor local-as . . . . . . . . . . . . . . . 1314 . . . . . . . . . . . . . . . . 1315 neighbor maximum-prefix (BGP Router Configuration) 1317 neighbor maximum-prefix (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . 1319 neighbor next-hop-self (BGP Router Configuration) 1320 neighbor next-hop-self (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . . . . . neighbor password . . . . . . . . . . . . . . . .
neighbor send-community (BGP Router Configuration) 1335 neighbor send-community (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . . . . . neighbor shutdown . neighbor timers . . . . . . . . . . . . . . . . 1337 . . . . . . . . . . . . . . . . . 1338 neighbor update-source . . . . . . . . . . . . . network (BGP Router Configuration) . . . . . . . network (IPv6 Address Family Configuration) rd 1336 1339 1341 . . 1343 . . . . . . . . . . . . . . . . . . . . . . . . .
show bgp ipv6 neighbors policy . . . . . . . . . show bgp ipv6 neighbors received-routes . 1369 . . . 1370 show bgp ipv6 statistics . . . . . . . . . . . . . 1372 show bgp ipv6 summary . . . . . . . . . . . . . 1374 show bgp ipv6 update-group . . . . . . . . . . . show bgp ipv6 route-reflection . show ip bgp . 1377 . . . . . . . . . 1379 . . . . . . . . . . . . . . . . . . . 1381 show ip bgp aggregate-address show ip bgp community . . . . . . . . . 1383 . . . . . . . . . . . . .
show ip bgp update-group . . . . . . . . . . . . 1409 . . . . . . . . . . . . . . . . 1412 . . . . . . . . . . . . . . . . . . 1417 . . . . . . . . . . . . . . . . . . . . 1419 show ip bgp vpn4 . template peer . timers bgp . timers policy-apply delay . graceful-restart . . . . . . . . . . . . . 1420 . . . . . . . . . . . . . . . . . 1421 graceful-restart-helper . . . . . . . . . . . . . . 1422 BGP Routing Policy . . . . . . . . . . . . . . . . . . . . . . . . . .
show ip prefix-list . . . . . . . . . . . . . . . . . show ipv6 prefix-list clear ip prefix-list . . . . . . . . . . . . . . . . 1442 . . . . . . . . . . . . . . . . 1444 clear ipv6 prefix-list . . . . . . . . . . . . . . . . clear ip community-list . set as-path 1445 . . . . . . . . . . . . . 1446 . . . . . . . . . . . . . . . . . . . . 1447 set comm-list delete set community . . . . . . . . . . . . . . . 1448 . . . . . . . . . . . . . . . . . . 1449 . . . . . . . . . . . . . 1450 . .
Commands in this Section . . . . . . . . . . . . ip igmp last-member-query-count . . . . . . . . ip igmp last-member-query-interval 1462 1462 . . . . . . . 1463 ip igmp mroute-proxy . . . . . . . . . . . . . . . 1464 ip igmp query-interval . . . . . . . . . . . . . . 1465 ip igmp query-max-response-time ip igmp robustness . . . . . . . . 1466 . . . . . . . . . . . . . . . . 1467 ip igmp startup-query-count . . . . . . . . . . . . . . . . . . . . . 1468 . . . . . . . . . . . . . . . . .
show ip igmp proxy-service interface show ip igmp-proxy groups . . . . . . . 1479 . . . . . . . . . . . 1479 show ip igmp proxy-service groups detail . . . . 1480 IP Helper/DHCP Relay Commands . . . . . . . . . . . . .1482 Commands in this Section . . . . . . . . . . . . ip dhcp relay maxhopcount . . . . . . . . . . . . 1485 . . . . . . . . . . . . 1486 . . . . . . . . . . . . . 1487 ip dhcp relay minwaittime clear ip helper statistics ip dhcp relay information check . . . . . . . . .
Commands in this Section encapsulation . . . . . . . . . . . . . 1502 . . . . . . . . . . . . . . . . . . 1503 ip icmp echo-reply . . . . . . . . . . . . . . . . ip icmp error-interval . 1503 . . . . . . . . . . . . . . 1504 ip load-sharing . . . . . . . . . . . . . . . . . . 1505 ip netdirbcast . . . . . . . . . . . . . . . . . . . 1506 ip policy route-map . . . . . . . . . . . . . . . . 1507 . . . . . . . . . . . . . . . . . . . . 1509 . . . . . . . . . . . . . . . . . . . . . .
set ip next-hop . . . . . . . . . . . . . . . . . . set ip precedence show ip brief . . . . . . . . . . . . . . . . 1531 . . . . . . . . . . . . . . . . . . . 1532 show ip interface . show ip policy. . . . . . . . . . . . . . . . . 1533 . . . . . . . . . . . . . . . . . . 1535 show ip protocols . show ip route . . . . . . . . . . . . . . . . . 1535 . . . . . . . . . . . . . . . . . . 1539 show ip route preferences . . . . . . . . . . . . 1543 . . . . . . . . . . . . . 1544 . . . . . .
ipv6 host . . . . . . . . . . . . . . . . . . . . . ipv6 icmp error-interval . . . . . . . . . . . . . . ipv6 mld last-member-query-count . . . . . . . . ipv6 mld last-member-query-interval . ipv6 mld host-proxy . . . . . . . . . . . . . . . . 1560 ipv6 mld query-interval . . . . . . . . . 1562 . . . . . . . . . . . . . 1563 . . . . . . . 1563 . . . . . . . . . . . . . . . 1564 ipv6 nd ra hop-limit unspecified . . . . . . . . . 1565 . . . . . . . . . . 1566 . . . . . . . . . . . . . .
ipv6 nd reachable-time . . . . . . . . . . . . . . 1575 . . . . . . . . . . . . . . . 1576 . . . . . . . . . . . . . . . . . . . 1576 . . . . . . . . . . . . . . . . . . . . . 1577 ipv6 nd suppress-ra . ipv6 redirect ipv6 route ipv6 route distance . . . . . . . . . . . . . . . . ipv6 unicast-routing . . . . . . . . . . . . . . . 1580 . . . . . . . . . . . . . . . . 1581 . . . . . . . . . . . . . . . . . . 1581 ipv6 unreachables show ipv6 brief 1579 show ipv6 interface . . . . . . . . .
show ipv6 route summary . . . . . . . . . . . . show ipv6 snooping counters 1602 . . . . . . . . . . 1603 . . . . . . . . . . . . . . . . . 1604 show ipv6 vlan . . . . . . . . . . . . . . . . . . 1605 traceroute ipv6 . . . . . . . . . . . . . . . . . . 1606 show ipv6 traffic Loopback Interface Commands . . . . . . . . . . . . . . . .1608 Commands in this Section interface loopback . . . . . . . . . . . . 1608 . . . . . . . . . . . . . . . . 1608 show interfaces loopback . . . . . . . .
ip pim join-prune-interval . ip pim rp-address . . . . . . . . . . . . . 1622 . . . . . . . . . . . . . . . . 1623 ip pim rp-candidate . . . . . . . . . . . . . . . . 1624 ip pim sparse-mode . . . . . . . . . . . . . . . . 1625 . . . . . . . . . . . . . . . . . . . . 1626 ip pim ssm . show ip mfc . . . . . . . . . . . . . . . . . . . . show ip multicast . . . . . . . . . . . . . . . . . show ip pim boundary . . . . . . . . . . . . . . 1628 1629 . . . . . . . . . . . . . . . . .
clear ipv6 mroute . . . . . . . . . . . . . . . . . ipv6 pim (VLAN Interface config) . ipv6 pim bsr-border . . . . . . . . . 1643 . . . . . . . . . . . . . . . 1644 ipv6 pim bsr-candidate . . . . . . . . . . . . . . 1645 . . . . . . . . . . . . . . 1646 . . . . . . . . . . . . . . . . 1646 ipv6 pim dense-mode . ipv6 pim dr-priority 1642 ipv6 pim hello-interval . . . . . . . . . . . . . . 1647 ipv6 pim join-prune-interval . . . . . . . . . . . 1648 ipv6 pim register-threshold . . . . .
show ipv6 pim statistics . . . . . . . . . . . . . 1662 IP Service Level Agreement Commands . . . . . . . .1665 ip sla . . . . . . . . . . . . . . . . . . . . . . . ip sla schedule . . . . . . . . . . . . . . . . . . 1667 . . . . . . . . . . . . . . . . . . . . 1668 . . . . . . . . . . . . . . . . . . . . . . . 1670 track ip sla delay 1665 icmp-echo . . . . . . . . . . . . . . . . . . . . 1671 frequency . . . . . . . . . . . . . . . . . . . . . 1672 . . . . . . . . . . . . . . . . . . .
Commands in this Section . . . . . . . . . . . . area default-cost (Router OSPF) area nssa (Router OSPF) 1687 . . . . . . . . . 1689 . . . . . . . . . . . . . 1689 area nssa default-info-originate (Router OSPF Config) 1691 area nssa no-redistribute. area nssa no-summary . . . . . . . . . . . . . 1692 . . . . . . . . . . . . . 1693 area nssa translator-role . . . . . . . . . . . . . area nssa translator-stab-intv . . . . . . . . . . 1694 . . . . . . . . . . . . 1695 . . . . . . . . . . .
clear ip ospf . . . . . . . . . . . . . . . . . . . . clear ip ospf stub-router compatible rfc1583 1710 . . . . . . . . . . . . . 1711 . . . . . . . . . . . . . . . . 1712 default-information originate (Router OSPF Configuration) . . . . . . . . . . . . . . . . . . . 1712 default-metric . . . . . . . . . . . . . . . . . . . 1714 . . . . . . . . . . . . . . . . . . . 1714 distance ospf distribute-list out enable . . . . . . . . . . . . . . . . . . 1715 . . . . . . . . . . . . . . . . . .
ip ospf transmit-delay. . . . . . . . . . . . . . . log adjacency-changes. . . . . . . . . . . . . . 1727 . . . . . . . . . . . . . . 1728 . . . . . . . . . . . . . . . . . 1730 . . . . . . . . . . . . . . . . . . . 1731 . . . . . . . . . . . . . . . . . . . . . . . . 1732 max-metric router-lsa maximum-paths . network area nsf . 1727 nsf helper . . . . . . . . . . . . . . . . . . . . . nsf helper strict-lsa-checking nsf restart-interval 1733 . . . . . . . . . . 1734 . . . . . . . . . .
show ip ospf interface brief . . . . . . . . . . . 1757 show ip ospf interface stats . . . . . . . . . . . 1758 . . . . . . . . . . . . . 1758 . . . . . . . . . . . . . . 1760 . . . . . . . . . . . . . . . . 1764 show ip ospf lsa-group . show ip ospf neighbor show ip ospf range show ip ospf statistics . . . . . . . . . . . . . . show ip ospf stub table . show ip ospf traffic . . . . . . . . . . . . . . 1767 . . . . . . . . . . . . . . . 1768 show ip ospf virtual-links . . . . . . . . .
area nssa translator-stab-intv . . . . . . . . . . 1782 . . . . . . . . . . . 1783 . . . . . . . . . . . . . . . . . . . . . 1784 area range (Router OSPFv3) area stub area stub no-summary area virtual-link . . . . . . . . . . . . . . . 1785 . . . . . . . . . . . . . . . . . 1785 area virtual-link dead-interval . . . . . . . . . . 1787 area virtual-link hello-interval . . . . . . . . . . 1788 area virtual-link retransmit-interval area virtual-link transmit-delay . . . . . . . . 1789 . .
ipv6 ospf mtu-ignore . . . . . . . . . . . . . . . 1799 . . . . . . . . . . . . . . . . 1800 . . . . . . . . . . . . . . . . . 1801 ipv6 ospf network . ipv6 ospf priority ipv6 ospf retransmit-interval . . . . . . . . . . . 1802 . . . . . . . . . . . . . 1803 ipv6 router ospf . . . . . . . . . . . . . . . . . . 1803 maximum-paths . . . . . . . . . . . . . . . . . . 1804 . . . . . . . . . . . . . . . . . . . . . . . . 1805 ipv6 ospf transmit-delay nsf . nsf helper . . . . . . . . . . .
show ipv6 ospf database database-summary show ipv6 ospf interface . . 1820 . . . . . . . . . . . . . 1821 show ipv6 ospf interface brief . . . . . . . . . . 1822 show ipv6 ospf interface stats . . . . . . . . . . 1823 show ipv6 ospf interface vlan . . . . . . . . . . 1824 . . . . . . . . . . . . . 1825 . . . . . . . . . . . . . . 1826 show ipv6 ospf neighbor show ipv6 ospf range . show ipv6 ospf stub table. . . . . . . . . . . . . show ipv6 ospf virtual-links . . . . . . . . . . . .
ip irdp maxadvertinterval . . . . . . . . . . . . . 1843 . . . . . . . . . . . . . 1844 . . . . . . . . . . . . . . . . . 1845 ip irdp minadvertinterval ip irdp multicast . ip irdp preference . show ip irdp . . . . . . . . . . . . . . . . . 1845 . . . . . . . . . . . . . . . . . . . 1846 Routing Information Protocol Commands . . . . . . .1848 Commands in this Section auto-summary . . . . . . . . . . . . 1848 . . . . . . . . . . . . . . . . . .
show ip rip interface . . . . . . . . . . . . . . . show ip rip interface brief split-horizon . 1860 . . . . . . . . . . . . 1861 . . . . . . . . . . . . . . . . . . . 1862 Tunnel Interface Commands . . . . . . . . . . . . . . . . . .1863 Commands in this Section interface tunnel . . . . . . . . . . . . . 1863 . . . . . . . . . . . . . . . . . 1863 show interfaces tunnel . . . . . . . . . . . . . . 1864 tunnel destination . . . . . . . . . . . . . . . . . 1865 tunnel mode ipv6ip . . . .
VRRP Route/Interface Tracking . . . . . . . . . 1883 . . . . . . . . . . . . . . . . 1884 . . . . . . . . . . . . . . . . . . 1884 Interface Tracking Route Tracking Commands in this Section ip vrrp . . . . . . . . . . . . . 1884 . . . . . . . . . . . . . . . . . . . . . . 1885 vrrp accept-mode . . . . . . . . . . . . . . . . . 1885 vrrp authentication . . . . . . . . . . . . . . . . 1886 . . . . . . . . . . . . . . . . . 1887 . . . . . . . . . . . . . . . . . . . . . .
show vrrp . . . . . . . . . . . . . . . . . . . . . accept-mode . . . . . . . . . . . . . . . . . . . 1904 . . . . . . . . . . . . . . . . . . . . . 1905 . . . . . . . . . . . . . . . . . . . . . . 1906 preempt . priority timers advertise. . . . . . . . . . . . . . . . . . 1907 . . . . . . . . . . . . . . . . . . . . . 1908 . . . . . . . . . . . . . . . . . . . . . . 1908 shutdown address track interface track ip route 7 1902 . . . . . . . . . . . . . . . . . . 1910 . . . . . . . . .
boot auto-copy-sw allow-downgrade . . . . . . 1923 . . . . . . . . . . . . . . 1924 . . . . . . . . . . . . . . . 1924 . . . . . . . . . . . . . . . . . . 1925 boot host auto-reboot boot host auto-save boot host dhcp boot host retry-count . . . . . . . . . . . . . . . 1926 . . . . . . . . . . . . . . . 1927 . . . . . . . . . . . . . . . . . . . . 1927 show auto-copy-sw show boot . CLI Macro Commands . . . . . . . . . . . . . . . . . . . . . . . .1929 Commands in this Section macro name .
show sntp server . . . . . . . . . . . . . . . . . 1939 show sntp status . . . . . . . . . . . . . . . . . 1940 sntp authenticate . . . . . . . . . . . . . . . . . 1941 sntp authentication-key . . . . . . . . . . . . . . sntp broadcast client enable . . . . . . . . . . . 1943 . . . . . . . . . . . . . . . 1943 . . . . . . . . . . . . . . . . . . . . 1944 sntp client poll timer sntp server sntp source-interface . sntp trusted-key . . . . . . . . . . . . . . . 1945 . . . . . . . . . . .
script list . . . . . . . . . . . . . . . . . . . . . script show . . . . . . . . . . . . . . . . . . . . script validate . . . . . . . . . . . . . . . . . . . 1956 1956 1957 CLI Output Filtering Commands . . . . . . . . . . . . . . . .1959 show xxx|include “string” . . . . . . . . . . . . show xxx|include “string” exclude “string2” . . 1959 . . . . . . . . . . . . 1960 . . . . . . . . . . . . . 1961 show xxx|exclude “string” show xxx|begin “string” 1959 show xxx|section “string” . . . .
rename . . . . . . . . . . . . . . . . . . . . . . show backup-config show bootvar . 1980 . . . . . . . . . . . . . . . 1981 . . . . . . . . . . . . . . . . . . 1982 show running-config . . . . . . . . . . . . . . . 1983 show startup-config . . . . . . . . . . . . . . . 1985 . . . . . . . . . . . . . . . . . . . . . . . 1986 write. DHCP Client Commands . . . . . . . . . . . . . . . . . . . . . .1987 Commands in this Section . . . . . . . . . . . . 1987 release dhcp . . . . . . . . . . .
hardware-address host . . . . . . . . . . . . . . . . 2001 . . . . . . . . . . . . . . . . . . . . . . . . 2002 ip dhcp bootp automatic . . . . . . . . . . . . . 2003 ip dhcp conflict logging . . . . . . . . . . . . . . 2004 ip dhcp excluded-address . . . . . . . . . . . . 2004 . . . . . . . . . . . . . . . 2005 . . . . . . . . . . . . . . . . . . . . . . . 2006 ip dhcp ping packets lease netbios-name-server . . . . . . . . . . . . . . . 2007 . . . . . . . . . . . . . . . . 2008 . .
dns-server (IPv6 DHCP Pool Config) . . . . . . . domain-name (IPv6 DHCP Pool Config) 2021 . . . . . 2021 ipv6 dhcp pool . . . . . . . . . . . . . . . . . . 2022 ipv6 dhcp relay . . . . . . . . . . . . . . . . . . 2023 ipv6 dhcp server . . . . . . . . . . . . . . . . . 2024 prefix-delegation . . . . . . . . . . . . . . . . . 2026 . . . . . . . . . . . . . . . . . . 2027 service dhcpv6 show ipv6 dhcp . . . . . . . . . . . . . . . . . . show ipv6 dhcp binding. . . . . . . . . . . . . .
url . . . . . . . . . . . . . . . . . . . . . . . . . show hiveagent debug . . . . . . . . . . . . . . show hiveagent source-interface show hiveagent status 2043 2044 . . . . . . . . 2044 . . . . . . . . . . . . . . 2045 show eula-consent hiveagent . . . . . . . . . . 2046 IP Addressing Commands . . . . . . . . . . . . . . . . . . . . .2048 Commands in this Section clear host . . . . . . . . . . . . . 2048 . . . . . . . . . . . . . . . . . . . . 2049 clear ip address-conflict-detect . . .
ipv6 address (OOB Port) ipv6 address dhcp . . . . . . . . . . . . . 2064 . . . . . . . . . . . . . . . . 2065 ipv6 enable (Interface Configuration) . . . . . . 2066 ipv6 enable (OOB Configuration) . . . . . . . . . 2066 ipv6 gateway (OOB Configuration) . . . . . . . . 2067 . . . . . . . . . . . . . . . . . . . . 2068 show hosts show ip address-conflict . . . . . . . . . . . . . 2069 . . . . . . . . . . . . . 2070 show ipv6 dhcp interface out-of-band statistics .
motd-banner . . . . . . . . . . . . . . . . . . . password (Line Configuration) . . . . . . . . . . 2083 . . . . . . . . . . . . . . . . . . . . . 2084 . . . . . . . . . . . . . . . . . . . . . . . 2085 show line speed 2083 terminal length . . . . . . . . . . . . . . . . . . 2086 PHY Diagnostics Commands . . . . . . . . . . . . . . . . . .2088 show copper-ports tdr . . . . . . . . . . . . . . show fiber-ports optical-transceiver . test copper-port tdr . 2088 . . . . . . 2089 . . . . . .
clear power inline statistics show power inline . . . . . . . . . . . 2105 . . . . . . . . . . . . . . . . 2105 show power inline firmware-version . . . . . . . 2107 RMON Commands . . . . . . . . . . . . . . . . . . . . . . . . . . .2109 Commands in this Section rmon alarm . . . . . . . . . . . . 2109 . . . . . . . . . . . . . . . . . . . . 2109 rmon collection history . rmon event . . . . . . . . . . . . . 2111 . . . . . . . . . . . . . . . . . . . . 2112 rmon hcalarm . . . . . . . . . .
debug auto-voip . . . . . . . . . . . . . . . . . 2133 debug bfd . . . . . . . . . . . . . . . . . . . . . 2134 debug cfm . . . . . . . . . . . . . . . . . . . . . 2134 debug clear . . . . . . . . . . . . . . . . . . . . debug console . . . . . . . . . . . . . . . . . . debug crashlog . . . . . . . . . . . . . . . . . . debug dhcp packet . . . . . . . . . . . . . . . . debug dhcp server packet debug dot1x . 2135 2136 2137 2139 . . . . . . . . . . . . 2140 . . . . . . . . . . . . . . . .
debug ipv6 mld . . . . . . . . . . . . . . . . . . debug ipv6 ospfv3 packet. 2152 . . . . . . . . . . . . 2153 debug ipv6 pimdm . . . . . . . . . . . . . . . . 2153 debug ipv6 pimsm . . . . . . . . . . . . . . . . . 2154 debug isdp . . . . . . . . . . . . . . . . . . . . 2155 debug lacp . . . . . . . . . . . . . . . . . . . . 2156 debug mldsnooping . debug ospf . . . . . . . . . . . . . . . 2156 . . . . . . . . . . . . . . . . . . . . 2157 . . . . . . . . . . . . . . . 2158 . . . .
exception switch-chip-register . . . . . . . . . 2172 . . . . . . . . . . . . . . 2173 show debugging . . . . . . . . . . . . . . . . . 2174 show exception . . . . . . . . . . . . . . . . . . 2174 ip http timeout-policy . show supported mibs . . . . . . . . . . . . . . . 2176 . . . . . . . . . . . . . . . . . . . 2181 . . . . . . . . . . . . . . . . . . . . 2182 snapshot bgp write core . Sflow Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show snmp . . . . . . . . . . . . . . . . . . . . show snmp engineid 2198 . . . . . . . . . . . . . . . 2199 show snmp filters . . . . . . . . . . . . . . . . . 2200 show snmp group . . . . . . . . . . . . . . . . . 2201 . . . . . . . . . . . . . . . . . 2202 show snmp user show snmp views . show trapflags . . . . . . . . . . . . . . . . 2203 . . . . . . . . . . . . . . . . . . 2204 snmp-server community . . . . . . . . . . . . . . . . . . . . . . 2208 . . . . . . . . . . . . . . .
Commands in this Section eula-consent . . . . . . . . . . . . 2227 . . . . . . . . . . . . . . . . . . . 2227 contact-company . . . . . . . . . . . . . . . . . 2229 . . . . . . . . . . . . . . . . . 2230 . . . . . . . . . . . . . . . . . . . . . . 2231 contact-person . enable . proxy-ip-address server . . . . . . . . . . . . . . . . . . 2232 . . . . . . . . . . . . . . . . . . . . . . 2233 show eula-consent support-assist . . . . . . . . 2234 . . . . . . . . . . . 2236 . . . . . . . .
logging buffered . . . . . . . . . . . . . . . . . 2249 logging console . . . . . . . . . . . . . . . . . . 2250 . . . . . . . . . . . . . . . . . . 2251 . . . . . . . . . . . . . . . . . . . . 2252 logging facility logging file logging monitor . logging on . . . . . . . . . . . . . . . . . . 2253 . . . . . . . . . . . . . . . . . . . . 2254 logging protocol logging snmp . . . . . . . . . . . . . . . . . 2255 . . . . . . . . . . . . . . . . . . . 2257 . . . . . . . . . . . . 2257 . .
banner motd acknowledge . buffers . . . . . . . . . . . 2271 . . . . . . . . . . . . . . . . . . . . . . 2273 clear checkpoint statistics . . . . . . . . . . . . clear counters stack-ports . connect . . . . . . . . . . . . 2275 . . . . . . . . . . . . . . . . . . . . . 2276 disconnect exit 2275 . . . . . . . . . . . . . . . . . . . . 2277 . . . . . . . . . . . . . . . . . . . . . . . . 2278 hostname . . . . . . . . . . . . . . . . . . . . . 2279 . . . . . . . . . . . . . . . . . .
slot . . . . . . . . . . . . . . . . . . . . . . . . 2296 show banner . . . . . . . . . . . . . . . . . . . 2297 show buffers . . . . . . . . . . . . . . . . . . . 2298 show checkpoint statistics . show cut-through mode . . . . . . . . . . . 2299 . . . . . . . . . . . . . 2300 show hardware profile portmode . . . . . . . . 2301 . . . . . . . . . . . . . . 2302 . . . . . . . . . . . . . . . . . 2303 show idprom interface show interfaces. . . . . . . 2305 . . . . . . . . . . . . . . .
show supported switchtype . . . . . . . . . . . 2323 show switch . . . . . . . . . . . . . . . . . . . 2325 show system . . . . . . . . . . . . . . . . . . . 2334 show system fan . . . . . . . . . . . . . . . . . 2336 show system id . . . . . . . . . . . . . . . . . . 2336 show system power . . . . . . . . . . . . . . . show system temperature . . . . . . . . . . . . 2338 . . . . . . . . . . . . . . . . 2339 . . . . . . . . . . . . . . . . . . . .
Commands in this Section . . . . . . . . . . . . 2360 . . . . . . . . . . . . . 2360 . . . . . . . . . . . . . . . . . . . 2361 ip telnet server disable . ip telnet port show ip telnet . . . . . . . . . . . . . . . . . . . 2361 Time Ranges Commands . . . . . . . . . . . . . . . . . . . . . .2363 time-range [name] . . . . . . . . . . . . . . . . 2363 absolute . . . . . . . . . . . . . . . . . . . . . . 2364 periodic . . . . . . . . . . . . . . . . . . . . . . 2365 show time-range . . . .
do . . . . . . . . . . . . . . . . . . . . . . . . . enable . 2375 . . . . . . . . . . . . . . . . . . . . . . 2377 end . . . . . . . . . . . . . . . . . . . . . . . . 2378 exit . . . . . . . . . . . . . . . . . . . . . . . . 2379 quit . . . . . . . . . . . . . . . . . . . . . . . . 2379 Web Server Commands . . . . . . . . . . . . . . . . . . . . . . .2381 Web Sessions. . . . . . . . . . . . . . . . . . . Commands in this Section . . . . . . . . . . . . 2382 . . . . . . . . . . . . . . .
key-generate location . . . . . . . . . . . . . . . . . . . 2396 . . . . . . . . . . . . . . . . . . . . . . 2397 no crypto certificate . . . . . . . . . . . . . . . 2398 . . . . . . . . . . . . . . . . 2399 . . . . . . . . . . . . . . . . . 2399 . . . . . . . . . . . . . . . . . . . . . . . . 2400 organization-name organization-unit quit show crypto certificate mycertificate show ip http server status . . . . . . 2401 . . . . . . . . . . . . 2402 . . . . . . . . 2402 . . . . . . . . .
Dell EMC Networking CLI 1 Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Introduction The Command Line Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, the user has greater configuration flexibility.
Table 1-1. System Command Groups Command Group Description Layer 2 Commands ACL Configures and displays ACL information. MAC Address Table Configures bridging address tables. Auto-VoIP Configures auto VoIP for IP phones on a switch. CDP Interoperability Configures Cisco® Discovery Protocol (CDP). DHCP L2 Relay Enables the Layer 2 DHCP relay agent for an interface. DHCP Snooping Configures DHCP snooping and displays DHCP snooping information.
Table 1-1. System Command Groups (continued) Command Group Description IPv6 MLD Snooping Configures IPv6 MLD Snooping. IPv6 MLD Snooping Querier Configures IPv6 Snooping Querier and displays IPv6 Snooping Querier information. IP Source Guard Configures IP source guard and displays IP source guard information. iSCSI Optimization Configures special QoS treatment for traffic between iSCSI initiators and target systems. Link Dependency Configures and displays link dependency information.
Table 1-1. System Command Groups (continued) Command Group Description 802.1x Configures and displays commands related to 802.1x security protocol. Captive Portal Blocks clients from accessing network until user verification is established. Denial of Service Provides several Denial of Service options. Management ACL Configures and displays management access-list information. Password Management Provides password management. SSH Configures SSH authentication.
Table 1-1. System Command Groups (continued) Command Group Description IP Helper/DHCP Relay Configures relay of UDP packets. IP Routing (IPv4) Configures IP routing and addressing. IPv6 Multicast Manages IPv6 multicasting on the system. IPv6 Routing Configures IPv6 routing and addressing. IP Service Level Agreement Monitors network performance between routers or from a router to a remote IP device. Loopback Interface (IPv6) Manages loopback configurations.
Table 1-1. System Command Groups (continued) Command Group Description Auto-Install Automatically configures switch when a configuration file is not found. CLI Macro Configures CLI Macro and displays CLI Macro information. Clock Configures the system clock. Command Line Configuration Scripting Manages the switch configuration files. Configuration and Image Manages file system and Command Line Interface Files scripting commands. DHCP Client Configures an interface to obtain an IP address via DHCP.
Table 1-1. System Command Groups (continued) Command Group Description User Interface Describes user commands used for entering CLI commands. Web Server Configures web-based access to the switch. Mode Types The tables on the following pages use these abbreviations for Command Mode names.
• IPAF4—IPv4 Address Family Configuration • IPAF—IPv6 Address Family Configuration • IPSLA—IP SLA Configuration • IPSLAE—IP SLA ICMP Echo Configuration • IR — Interface Range • KC — Key Chain • KE — Key • L — Logging • LC — Line Configuration • LD — Link Dependency • MA — Management Access-level • MC — MST Configuration • MD —MLAG Domain Configuration • MDC — Maintenance Domain Configuration • ML — MAC-List Configuration • MSC — Mail Server Configuration • MT — MAC-acl • O
• ROSPF — Router Open Shortest Path First • ROSV3 — Router Open Shortest Path First Version 3 • S—Support • SAC—Support Assist Configuration • SC — Stack Configuration • SP — SSH Public Key • SK — SSH Public Key-chain • TC — TACACS Configuration • TKC—Track Configuration • TRC — Time Range Configuration • UB—U-boot • UE — User Exec • VC — VLAN Configuration (reached via vlan command) • VRC—VRF Configuration • VR—Virtual Router Configuration • VRRP—VRRPv3 Group Configuration •
Modea Command Description deny | permit (IP ACL) ML The deny command denies traffic if the conditions defined in the deny statement are matched. The permit command allows traffic if the conditions defined in the permit statement are matched. ML deny | permit (Mac-Access- The deny command denies traffic if the List-Configuration) conditions defined in the deny statement are matched. The permit command allows traffic if the conditions defined in the permit statement are matched.
MAC Address Table Command Description Modea clear mac address-table Removes any learned entries from the forwarding database. PE mac address-table agingtime Sets the address table aging time. GC mac address-table multicast Forbids adding a specific multicast address to forbidden address specific ports. GC mac address-table static Registers MAC-layer multicast addresses to the GC bridge forwarding table, and adds static ports to the group.
Auto-VoIP Command Modea Description switchport voice detect auto Enables the VoIP Profile on all the interfaces of GC or the switch. IC show switchport voice a. Displays the status of auto-voip on an interface PE or all interfaces. For the meaning of each Mode abbreviation, see Mode Types. CDP Interoperability Command Description Modea clear isdp counters Clears the ISDP counters. PE clear isdp table Clears entries in the ISDP table.
DHCP L2 Relay Command Description Modea dhcp l2relay (Global Configuration) Enables the Layer 2 DHCP Relay agent for an interface or globally. GC or IC dhcp l2relay (Interface Configuration) Enables DHCP L2 Relay for an interface. IC dhcp l2relay circuit-id Enables user to set the DHCP Option 82 Circuit ID for a VLAN. GC dhcp l2relay remote-id Enables user to set the DHCP Option 82 Remote ID for a VLAN. GC dhcp l2relay trust Configures an interface to trust a received DHCP Option 82.
DHCP Snooping Command Description Modea clear ip dhcp snooping binding Clears all DHCP Snooping entries. PE clear ip dhcp snooping statistics Clears all DHCP Snooping statistics. PE ip dhcp snooping Enables DHCP snooping globally or on a specific VLAN. GC or IC ip dhcp snooping binding Configures a static DHCP Snooping binding. GC ip dhcp snooping database Configures the persistent location of the DHCP GC snooping database.
Dynamic ARP Inspection Command Description Modea arp ip access-list Creates an ARP ACL. GC clear ip arp inspection statistics Resets the statistics for Dynamic ARP Inspection on all VLANs. PE ip arp inspection filter Configures the ARP ACL to be used for a single GC VLAN or a range of VLANs to filter invalid ARP packets. ip arp inspection limit Configures the rate limit and burst interval values for an interface.
Command Description Modea description Adds a description to an interface. IC default (interface) Configures the interface to the defaults. GC duplex Configures the duplex operation of a given Ethernet interface IC flowcontrol Configures the flow control on a given interface. GC or IC interface Enters the interface configuration mode to configure parameters for an interface.
Command Description Modea show interfaces trunk Display active trunk interface information. PE or GC show statistics Displays statistics for one port or for the entire PE switch. show statistics switchport Displays detailed statistics for a specific port or PE for the entire switch. show storm-control Displays the storm control configuration. show storm-control action Displays the storm control action configuration PE for one or all interfaces. shutdown Disables interfaces.
Modea Command Description ethernet cfm mep level Creates a Maintenance End Point (MEP) on an IC interface at the specified level and direction. ethernet cfm mep enable Enables a MEP at the specified level and direction. IC ethernet cfm mep active Activates a MEP at the specified level and direction. IC ethernet cfm mep archivehold-time Maintains internal information on a missing MEP. IC ethernet cfm mip level Creates a Maintenance Intermediate Point (MIP) at the specified level.
Ethernet Ring Protection Command Description Modea ethernet ring g8032 profile Creates Ethernet ring profile and enters Ethernet ring profile configuration mode GC timer Configures the timer expiry values for an Ethernet ring profile. ERP non-revertive Enables non-revertive mode for an Ethernet ring profile. ERP ethernet ring g8032 Creates an Ethernet ring and enters Ethernet Ring Configuration mode GC port0 Configures a link to participate in Ethernet ring protection as an East ring link.
a. Command Description Modea show ethernet ring g8032 configuration Shows the Ethernet Ring Protection configuration. PE, GC show ethernet ring g8032 brief Shows the operational overview of Ethernet ring protection. PE, GC show ethernet ring g8032 status Shows the status of Ethernet ring protection. PE, GC show ethernet ring g8032 port status Shows the status of Ethernet ring protection for the selected interface.
Command Modea Description PE show green-mode interface- Displays the green-mode configuration and id operational status of the port. This command is also used to display the per port configuration and operational status of the green-mode. The status is shown only for the modes supported on the corresponding hardware platform whether enabled or disabled. show green-mode Displays the green-mode configuration for the PE whole system.
a. For the meaning of each Mode abbreviation, see Mode Types. IGMP Snooping Modea Command Description ip igmp snooping In Global Configuration mode, Enables GC Internet Group Management Protocol (IGMP) snooping. show ip igmp snooping groups Displays multicast groups learned by IGMP snooping. UE show ip igmp snooping mrouter Displays information on dynamically learned multicast router interfaces.
IGMP Snooping Querier Modea Command Description ip igmp snooping Enables/disables IGMP Snooping Querier on GC or the system (Global Configuration mode) or on VC a VLAN. ip igmp snooping querier election participate Enables the Snooping Querier to participate in VC the Querier Election process when it discovers the presence of another Querier in the VLAN. ip igmp snooping querier query-interval Sets the IGMP Querier Query Interval time.
IP Addressing Command Description Modea clear host Deletes entries from the host name-to-address cache. PE clear ip address-conflictdetect Clears the address conflict detection status in the switch. PE interface out-of-band Enters into OOB interface configuration mode. GC ip address Configures an IP address on an in-band interface. ip address (Out-of-Band) Sets an IP address for the out-of-band interface.
Command Description Modea ipv6 enable (OOB Configuration) Enables IPv6 operation on the out-of-band interface. IC ipv6 gateway (OOB Configuration) Configures the address of the IPv6 gateway. IC show hosts Displays the default domain name, a list of UE name server hosts, static and cached list of host names and addresses. show ip address-conflict Displays the status information corresponding to the last detected address conflict.
IPv6 MLD Snooping Command Description Modea ipv6 mld snooping vlan groupmembership-interval Sets the MLD Group Membership Interval time on a VLAN or interface. VC ipv6 mld snooping vlan immediate-leave Enables or disables MLD Snooping immediate- VC leave admin mode on a selected interface or VLAN. ipv6 mld snooping vlan last- Sets the MLD Maximum Response time for an IC or listener-query-interval interface or VLAN.
Modea Command Description ipv6 mld snooping querier election participate Enables the Snooping Querier to participate in VC the Querier Election process when it discovers the presence of another Querier in the VLAN. ipv6 mld snooping querier query-interval Sets the MLD Querier Query Interval time. ipv6 mld snooping querier timer expiry Sets the MLD Querier timer expiration period. GC show ipv6 mld snooping querier Displays MLD Snooping Querier information. a.
Link Dependency Modea Command Description action Indicates if the link-dependency group should LD mirror or invert the status of the depended on interfaces. link-dependency group Enters the link-dependency mode to configure GC a link-dependency group. add Adds member gigabit Ethernet port(s) to the LD dependency list. depends-on Adds the dependent Ethernet ports or port channels list. show link-dependency Shows the link dependencies configured on a PE particular group. a.
Command Description Modea lldp receive Enables the LLDP receive capability. IC lldp timers Sets the timing parameters for local data transmission on ports enabled for LLDP. GC lldp transmit Enables the LLDP advertise capability. IC lldp tlv-select Specifies which optional TLVs in the 802.1AB IC basic management set will be transmitted in the LLDPDUs. show lldp Displays the current LLDP configuration summary. PE show lldp interface Displays the current LLDP interface state.
Command Description Modea show keepalive Displays the global loop protect configuration. PE show keepalive statistics Displays the loop protect status for one or all PE interfaces. a. For the meaning of each Mode abbreviation, see Mode Types. MLAG Command Description Modea clear vpc statistics Clears the counters for the keepalive messages transmitted and received by the MLAG switch. PE feature vpc Enables debug traces for the specified protocols. GC feature vpc Globally enables MLAG.
Command Description Modea show vpc consistencyparameters Displays MLAG-related configuration information in a format suitable for comparison with the other MLAG peer. PE show vpc consistencyfeatures Displays MLAG-related configuration information in a format suitable for comparison with the other MLAG peer. PE show vpc peer-keepalive Displays the peer MLAG switch’s IP address PE used by the dual control plane detection protocol.
Command Description Modea mvr mode Changes the MVR mode type. GC mvr querytime Sets the MVR query response time. GC mvr vlan Sets the MVR multicast VLAN. GC mvr immediate Enables MVR Immediate Leave mode. IC mvr type Sets the MVR port type. IC mvr vlan group Use to participate in the specific MVR group. IC show mvr Displays global MVR settings. PE show mvr members Displays the MVR membership groups allocated. PE show mvr interface Displays the MVR enabled interface configuration.
Command Description Modea show interfaces portchannel Displays port-channel information. PE show lacp Displays LACP information for ports. PE show statistics port-channel Displays port-channel statistics. a. PE For the meaning of each Mode abbreviation, see Mode Types. Port Monitor Modea Command Description monitor capture (Global Configuration) Captures packets transmitted or received from GC the CPU.
Command Description Modea class-map rename Changes the name of a DiffServ class. GC classofservice dot1pmapping Maps an 802.1p priority to an internal traffic class for a switch. GC or IC classofservice ip-dscpmapping Maps an IP DSCP value to an internal traffic class. GC classofservice trust Sets the class of service trust mode of an interface. GC or IC conform-color Specifies the precoloring of packets conforming PCMC to or exceeding the specified rate(s).
Command Description Modea match cos Adds to the specified class definition a match condition for the Class of Service value. CMC match destination-address mac Adds to the specified class definition a match condition based on the destination MAC address of a packet. CMC match any Allows matching on any of the specified match CMC conditions. match dstip Adds to the specified class definition a match condition based on the destination IP address of a packet.
Modea Command Description match source-address mac Adds to the specified class definition a match CMC condition based on the source MAC address of the packet. match srcip Adds to the specified class definition a match condition based on the source IP address of a packet. match srcip6 Adds to the specified class definition a match v6CMC condition based on the source IPv6 address of a packet.
Modea Command Description redirect PCMC Specifies that all incoming packets for the associated traffic stream are redirected to a specific egress interface (Ethernet port or portchannel). service-policy Attaches a policy to an interface in a particular GC or direction. IC show class-map Displays all configuration information for the specified class. show classofservice dot1pmapping Displays the current 802.1p priority mapping PE to internal traffic classes for a specific interface.
Command Description Modea traffic-shape Specifies the maximum transmission bandwidth limit for the interface as a whole. GC or IC vlan priority Assigns a default VLAN priority tag for untagged frames ingressing an interface. IC a. For the meaning of each Mode abbreviation, see Mode Types. Spanning Tree Command Description Modea clear spanning-tree detected-protocols Restarts the protocol migration process on all interfaces or on the specified interface.
Command Description Modea spanning-tree cost Configures the spanning tree path cost for a port. IC spanning-tree disable Disables spanning tree on a specific port. IC spanning-tree forward-time Configures the spanning tree bridge forward time. GC spanning-tree guard Selects whether loop guard or root guard is enabled on an interface. IC spanning-tree loopguard Enables loop guard on all ports. GC spanning-tree max-age Configures the spanning tree bridge maximum GC age.
Command Modea Description spanning-tree transmit hold- Set the maximum number of BPDUs that a count bridge is allowed to send within a hello time window (2 seconds). GC spanning-tree uplinkfast Configures the rate at which gratuitous frames GC are sent after a switchover to an alternate port and enables Direct Link Rapid Convergence. spanning-tree vlan Enables per VLAN spanning tree on a VLAN.
Modea Command Description udld port Selects the UDLD operating mode on a specific IC interface. show udld Displays the global settings for UDLD. a. PE For the meaning of each Mode abbreviation, see Mode Types. VLAN Modea Command Description interface vlan Enters the VLAN interface configuration mode. GC interface range vlan Enters the interface configuration mode to configure multiple VLANs. GC name (VLAN Configuration) Configures a name to a VLAN.
Command Description Modea show vlan association mac Displays the VLAN associated with a specific configured MAC address. PE show vlan association subnet Displays the VLAN associated with a specific configured IP subnet. PE show vlan private-vlan Displays information about the configured private VLANs. PE switchport access vlan Configures the PVID VLAN ID when the interface is in access mode.
Command Description Modea switchport trunk encapsulation dot1q Use this command for compatibility. This command performs no action. IC or IR vlan Configures a VLAN. GC vlan association mac Associates a MAC address to a VLAN. VC vlan association subnet Associates an IP subnet to a VLAN. VC vlan makestatic Changes a GVRP dynamically created VLAN to GC a static VLAN. vlan protocol group Adds protocol-based VLAN groups to the system.
Modea Command Description switchport voice vlan override-authentication Allow voice traffic on unauthorized voice VLAN IC port. switchport voice vlan untagged Configure the phone to send untagged voice traffic. IC authentication event server Allows voice VLAN access when no AAA dead action authorize voice server can be contacted. IC show voice vlan a. Displays various properties of the voice VLAN. PE For the meaning of each Mode abbreviation, see Mode Types.
Command Description Modea aaa server radius dynamicauthor Enters radius dynamic authorization mode. GC authentication critical recovery Controls the load placed on RADIUS servers. GC authentication enable Globally enables the Authentication Manager. GC authentication order Sets the order of authentication methods used IC on a port. authentication priority Sets the priority for the authentication methods IC used on a port.
Modea Command Description show authentication methods Displays information about the authentication PE methods. show authentication statistics Displays the Authentication Manager statistics PE on one or more interfaces. show authorization methods Displays the configured authorization method lists. PE show users accounts Displays information about the local user database. PE show users login-history Displays information about login histories of users.
a. For the meaning of each Mode abbreviation, see Mode Types. E-mail Alerting Command Description Modea logging email Enables e-mail alerting and sets the lowest severity level for which log messages are emailed. GC logging email urgent Sets the lowest severity level at which log messages are e-mailed in an urgent manner. GC logging email message-type Sets the lowest severity level at which SNMP to-addr traps are logged.
Command Description Modea password (Mail Server Configuration Mode) Configures the password required to authenticate to the e-mail server. MSC show mail-server Displays the configuration of all the mail servers PE or a particular mail server. a. For the meaning of each Mode abbreviation, see Mode Types. RADIUS Command Description Modea acct-port Sets the port that connects to the RADIUS accounting server. R attribute 6 Configures processing of the RADIUS Service- R Type attribute.
Modea Command Description deadtime Improves RADIUS response times when a server R is unavailable by causing the unavailable server to be skipped. key Sets the authentication and encryption key for all R RADIUS communications between the switch and the RADIUS daemon. msgauth Enables the message authenticator attribute to R be used for the RADIUS Authenticating server being configured.
Modea Command Description radius server deadtime Improves RADIUS response times when servers GC are unavailable. Causes the unavailable servers to be skipped. radius server Specifies a RADIUS server host. GC radius server key Sets the authentication and encryption key for all RADIUS communications between the switch and the RADIUS daemon. GC radius server retransmit Specifies the number of times the software searches the list of RADIUS server hosts.
TACACS+ Modea Command Description key Specifies the authentication and encryption key TC for all TACACS communications between the device and the TACACS server. port Specifies a server port number. TC priority Specifies the order in which servers are used. TC show tacacs Displays TACACS+ server settings and statistics. PE tacacs-server host Specifies a TACACS+ server host.
Modea Command Description default mab Configures the switch to transmit EAP, PAP, or IC CHAP credentials to the RADIUS server for MAB-authenticated devices connected to the interface. mab request format Configures the format of the MAC address sent IC, in the User-Name attribute. GC dot1x max-reauth-req IC Sets the maximum number of times that the switch sends Extensible Authentication Protocol EAP-Request/Identity frames to which no response is received before restarting the authentication process.
Modea Command Description ignore Sets the switch to ignore certain authentication DRC parameters from dynamic RADIUS clients. port Sets the port on which to listen for CoA and disconnect requests from authorized dynamic RADIUS clients. server-key Configures a global shared secret that is used for DRC all dynamic RADIUS clients that do not have an individual shared secret configured. show dot1x Displays 802.1X status for the switch or the specified interface.
Captive Portal Command Description Modea authentication timeout Configures the authentication timeout. CP captive-portal Enables the captive portal configuration mode. GC enable Globally enables captive portal. http port Configures an additional HTTP port for captive CP portal to monitor. https port Configures an additional HTTPS port for captive portal to monitor. CP show captive-portal Displays the status of captive portal.
Command Description Modea verification Configures the verification mode for a captive portal configuration. CPI captive-portal client deauthenticate De-authenticates a specific captive portal client. PE show captive-portal client status Displays client connection details or a connection summary for connected captive portal users. PE show captive-portal configuration client status Displays the clients authenticated to all captive PE portal configurations or a to specific configuration.
Command Description Modea show captive-portal configuration interface Displays information about all interfaces assigned to a captive portal configuration or about a specific interface assigned to a captive portal configuration. PE show captive-portal configuration locales Displays locales associated with a specific captive portal configuration.
Command Description Modea show dos-control Displays Denial of Service configuration information. PE show system internal pktmgr Displays the configured CPU rate limit for unknown packets in packets per second. PE storm-control broadcast Enables Broadcast storm control. IC storm-control multicast Enables the switch to count multicast packets together with broadcast packets. IC storm-control unicast Enables unicast storm control. IC a.
Modea Command Description passwords history Enables the administrator to set the number of GC previous passwords that are stored to ensure that users do not reuse their passwords too frequently. passwords lock-out GC Enables the administrator to strengthen the security of the switch by enabling the user lockout feature. When a lockout count is configured, a user who is logging in must enter the correct password within that count.
Command Description Modea show passwords configuration Displays the configuration parameters for password configuration. PE show passwords result Displays the last password set result information. PE a. For the meaning of each Mode abbreviation, see Mode Types. SSH Command Description Modea crypto key generate dsa Generates DSA key pairs for the switch. GC crypto key generate rsa Generates RSA key pairs for the switch.
Multiple Registration Protocol Commands MVRP Modea Command Description clear mvrp statistics Clears the MVRP statistics for an interface or PE all interfaces. mvrp Enables MVRP on a specific interface. IC IR mvrp global Globally enables MVRP. GC mvrp periodic state machine Globally enables the MVRP periodic state machine. GC show mvrp Displays the MVRP configuration for an interface or globally. PE Displays the MVRP statistics for an interface or globally. PE show mvrp statistics a.
Modea Command Description openflow Enables OpenFlow on the switch (if disabled) GC and enters into OpenFlow configuration mode. passive Sets the switch to wait for the controller to initiate the connection. OFC protocol-version Selects the version of the protocol in which to operate. OFC show openflow Displays OpenFlow configuration and status. PE, GC a. For the meaning of each Mode abbreviation, see Mode Types.
Command Description Modea ip proxy-arp Enables proxy ARP on a router interface. IC show arp Displays the Address Resolution Protocol (ARP) PE cache. a. For the meaning of each Mode abbreviation, see Mode Types. BFD Command Description Modea feature bfd Enables BFD on the router. GC bfd echo Enables BFD echo mode on an interface. IC bfd interval Configures BFD session parameters for a VLAN IC routing interface.
Command Description Modea address-family ipv6 Specifies IPv6 configuration parameters. BR aggregate-address Configures a summary address for BGP. BR or IPAF bgp aggregate-differentmeds (BGP Router Configuration) Controls the aggregation of routes with different multi-exit discriminator (MED) attributes. BR bgp aggregate-differentAllows IPv6 routes with different MEDs to be meds (IPv6 Address Family aggregated.
Command Description Modea clear ip bgp Resets peering sessions with all of a subnet of BGP peers. PE clear ip bgp counters Resets all BGP counters to 0. PE default-information originate (BGP Router Configuration) Enables BGP to originate a default route. BR default-information originate (IPv6 Address Family Configuration) Allows BGP to originate an IPv6 default route.
Modea Command Description ip bgp-community newformat Displays BGP standard communities in AA:NN GC format. ip bgp fast-external-fallover Configures fast external failover behavior for a specific routing interface. IC ip community-list Creates or configures a BGP community list. GC ip extcommunity-list Creates an extended community list to configure VRF route filtering. GC match extcommunity Matches BGP extended community list attributes.
Modea Command Description neighbor connect-retryinterval Configure the initial connection retry time for a BR specific neighbor. neighbor default-originate (BGP Router Configuration) Configures BGP to originate a default route to a BR specific neighbor. neighbor default-originate (IPv6 Address Family Configuration) Configures BGP to originate a default IPv6 route to a specific neighbor. IPAF neighbor description Records a text description of a neighbor.
Modea Command Description neighbor password Enables MD5 authentication of TCP segments BR sent to and received from a neighbor, and to configure an authentication key. neighbor prefix-list (BGP Router Configuration) Filters advertisements sent to a specific BR neighbor based on the destination prefix of each route. neighbor prefix-list (IPv6 Address Family Configuration) Specifies an IPv6 prefix list to filter routes received from or advertised to a given peer.
Command Description Modea neighbor timers Overrides the global keepalive and hold timer values as well as set the keepalive and hold timers for a specific neighbor. BR neighbor update-source Configures BGP to use a specific IP address as BR the source address for the TCP connection with a neighbor. network (BGP Router Configuration) Configures BGP to advertise an address prefix.
Command Description Modea show bgp ipv6 listen range Displays information about IPv6 BGP listen ranges. PE show bgp ipv6 neighbors Displays neighbors with IPv4 or IPv6 peer addresses that are enabled for the exchange of IPv6 prefixes. PE show bgp ipv6 neighbors advertised-routes Displays IPv6 routes advertised to a specific neighbor. PE show bgp ipv6 neighbors policy Displays the inbound and outbound IPv6 policies configured for a specific peer.
Command Description Modea show ip bgp neighbors Shows details about BGP neighbor configuration and status. UE show ip bgp neighbors advertised-routes Displays the list of routes advertised to a specific neighbor. PE show ip bgp neighbors received-routes Displays the list of routes received from a specific neighbor. PE show ip bgp neighbors policy Displays the inbound and outbound IPv4 policies configured for a specific peer.
Command Description Modea graceful-restart Enables the graceful restart and the graceful restart helper capability. BR graceful-restart-helper Enables the graceful restart helper capability. BR a. For the meaning of each Mode abbreviation, see Mode Types. BGP Routing Policy Command Description Modea ip as-path access-list Create an AS path access list. GC ip bgp-community newformat Displays BGP standard communities in AA:NN GC format.
Command Description Modea show ipv6 prefix-list Displays the contents of IPv6 prefix lists. PE or GC clear ip prefix-list Resets the IPv4 prefix-list counters. PE clear ipv6 prefix-list Resets the IPv6 prefix-list counters. PE clear ip community-list Resets the IPv6 prefix-list counters. PE set as-path Prepends one or more AS numbers to the AS path in a BGP route. RC set comm-list delete Removes BGP communities from an inbound or outbound UPDATE message.
Modea Command Description dns-server (IP DHCP Pool Config) Sets the IPv4 DNS server address which is DP provided to a DHCP client by the DHCP server. domain-name (IP DHCP Pool Config) Sets the DNS domain name which is provided to a DHCP client by the DHCP server. DP hardware-address Specifies the MAC address of a client to be manually assigned an address. DP host Specifies a manual binding for a DHCP client host. DP ip dhcp bootp automatic Enables automatic BOOTP address assignments.
Modea Command Description show ip dhcp conflict Displays DHCP address conflicts for all relevant PE interfaces or a specified interface. show ip dhcp global configuration Displays the DHCP global configuration. PE show ip dhcp pool Displays the configured DHCP pool or pools. UE or PE show ip dhcp server statistics Displays the DHCP server binding and message PE counters. a. For the meaning of each Mode abbreviation, see Mode Types.
Command Description Modea show ipv6 dhcp pool Displays DHCPv6 information for all relevant interfaces or a specified interface. PE show ipv6 dhcp pool Displays the configured DHCP pool. PE show ipv6 dhcp statistics Displays the DHCPv6 server name and status. UE a. For the meaning of each Mode abbreviation, see Mode Types. DHCPv6 Snooping Command Description Modea clear ipv6 dhcp snooping binding Clears all IPv6 DHCP snooping entries.
Command Description Modea ipv6 verify source Configures an interface to filter incoming traffic from sources that are not present in the DHCP binding database. IC show ipv6 dhcp snooping Displays the IPv6 DHCP snooping configuration. UE or PE show ipv6 dhcp snooping binding Displays the IPv6 DHCP snooping configuration. UE or PE show ipv6 dhcp snooping database Displays IPv6 DHCP snooping configurations related to database persistency.
Command Description Modea show ip dvmrp prune Displays the table that lists the router’s upstream prune information. PE show ip dvmrp route Displays the multicast routing information for DVMRP. PE a. For the meaning of each Mode abbreviation, see Mode Types. GMRP Command Description Modea gmrp enable Enables GMRP globally or on a port. GC or IC clear gvrp statistics Clears all the GMRO statistics information. PE show gmrp configuration Displays GMRP configuration. GC or IC a.
Command Description Modea ip igmp robustness Configures the robustness that allows tuning of the interface. IC ip igmp startup-query-count Sets the number of queries sent out on startup — at intervals equal to the startup query interval for the interface. IC ip igmp startup-queryinterval Sets the interval between general queries sent IC at startup on the interface. ip igmp version Configures the version of IGMP for an interface. IC show ip igmp Displays system-wide IGMP information.
Modea Command Description show ip igmp-proxy groups Displays a table of information about multicast PE groups that IGMP Proxy reported. show ip igmp proxy-service groups detail Displays complete information about multicast PE groups that IGMP Proxy has reported. a. For the meaning of each Mode abbreviation, see Mode Types. IP Helper/DHCP Relay Command Modea Description ip dhcp relay maxhopcount Configures the maximum allowable relay agent GC hops for BootP/DHCP Relay on the system.
Command Description Modea show ip helper-address Displays the IP helper address configuration. PE show ip dhcp relay Displays the BootP/DHCP Relay information. UE or PE show ip helper statistics Displays the number of DHCP and other UDP PE packets processed and relayed by the UDP relay agent. a. For the meaning of each Mode abbreviation, see Mode Types. IP Routing Modea Command Description encapsulation Configures the link layer encapsulation type for IC the packet.
Command Description Modea ip unreachables Enables the generation of ICMP Destination Unreachable messages. IC match ip address Specify IP address match criteria for a route map. RM match length Configures packet length matching criteria for a RM route map. match mac-list Configures MAC ACL match criteria for a route RM map. route-map Creates a policy based route map. GC set interface null0 Routes packets to interface null 0.
Command Description Modea show ip vlan Displays the VLAN routing information for all VLANs with routing enabled. PE show route-map Displays the route maps. PE show routing heap summary Displays a summary of the memory allocation from the routing heap. a. PE For the meaning of each Mode abbreviation, see Mode Types. IPv6 Routing Command Description Modea arp Clears all entries in the IPv6 neighbor table or an entry on a specific interface.
Command Modea Description ipv6 mld host-proxy reset- Resets the host interface status parameters of IC status the MLD Proxy router. ipv6 mld host-proxy unsolicit-rprt-interval Sets the unsolicited report interval for the MLD Proxy router. IC ipv6 mld query-interval Sets the MLD router's query interval for the interface. IC ipv6 mld query-maxresponse-time Sets MLD querier's maximum response time IC for the interface.
Command Description Modea ipv6 nd raguard attachpolicy Enables RA Guard policy on an interface. IC ipv6 nd ra-interval Sets the transmission interval between router IC advertisements. ipv6 nd ra-lifetime Sets the value that is placed in the Router Lifetime field of the router advertisements sent from the interface. ipv6 nd reachable-time Sets the router advertisement time to IC consider a neighbor reachable after neighbor discovery confirmation.
Modea Command Description show ipv6 mld host-proxy groups detail Displays information about multicast groups PE that MLD Proxy reported. show ipv6 mld host-proxy interface Displays a detailed list of the host interface status parameters. show ipv6 mld traffic Displays MLD statistical information for the PE router. show ipv6 nd raguard policy Displays the RA Guard policy on all interfaces PE or GC for which it is enabled. show ipv6 neighbors Displays information about IPv6 neighbors.
Command Description Modea ip sla schedule Starts an IP SLA. GC track ip sla Create and configures an IP Service Level Agreement (SLAs) tracking object and enters IP SLA Track Configuration mode. GC delay Configures a delay for acting upon tracking TKC object reachability state changes. icmp-echo Configures an IP Service Level TKC frequency Configures the rate at which a specified IP Service Level Agreement (SLA) operation repeats.
Loopback Interface Command Description Modea interface loopback Enters the Interface Loopback configuration mode. GC show interfaces loopback Displays information about configured loopback interfaces. PE a. For the meaning of each Mode abbreviation, see Mode Types. Multicast Command Description Modea arp Adds an administrative scope multicast boundary. IC ip mroute Creates a static multicast route for a source range.
Command Description Modea ip pim rp-address Defines the address of a PIM RP for a specific multicast group range. GC ip pim rp-candidate Configures the router to advertise itself to the bootstrap router (BSR) as a PIM candidate rendezvous point (RP) for a specific multicast group range. IC ip pim sparse-mode Administratively configures PIM sparse mode for IP multicast routing.
Modea Command Description show ip pim neighbor UE or Displays PIM neighbors discovered by PIMv2 Hello messages. If no interface is specified, the PE command displays the neighbors discovered on all PIM-enabled interfaces. show ip pim rp-hash Displays the rendezvous point (RP) selected for UE or the specified group address. PE show ip pim rp mapping Displays the mappings for the PIM group to the UE or active rendezvous points (RPs).
Modea Command Description ipv6 pim rp-address Statically configures the Rendezvous Point (RP) GC address for one or more multicast groups. ipv6 pim rp-candidate Configures the router to advertise itself as a PIM candidate rendezvous point (RP) to the bootstrap router (BSR). GC ipv6 pim sparse-mode Administratively configures PIM sparse mode for multicast routing. GC ipv6 pim ssm Defines the Source Specific Multicast (SSM) range of multicast addresses.
Command Modea Description area nssa (Router OSPF) Configures the specified area ID to function as an ROSPF NSSA. area nssa default-infooriginate (Router OSPF Config) Configures the metric value and type for the default route advertised into the NSSA. ROSPF area nssa no-redistribute Configures the NSSA Area Border router (ABR) so that learned external routes are not redistributed to the NSSA. ROSPF area nssa no-summary Configures the NSSA so that summary LSAs are ROSPF not advertised into the NSSA.
Command Modea Description area virtual-link transmit- Configures the transmit delay for the OSPF ROSPF delay virtual interface on the virtual interface identified by the area ID and neighbor ID. auto-cost Allows user to change the reference bandwidth used in computing link cost. ROSPF bandwidth Allows user to change the bandwidth used in computing link cost. IC bfd Enables processing of BFD events by OSPF on all ROSPF, interfaces enabled for BFD.
Command Description Modea ip ospf dead-intervall Sets the OSPF dead interval for the specified interface. IC ip ospf hello-interval Sets the OSPF hello interval for the specified interface. IC ip ospf mtu-ignore Disables OSPF maximum transmission unit (MTU) mismatch detection. IC ip ospf network Configure OSPF to treat an interface as a point- IC to-point, rather than broadcast interface. ip ospf priority Sets the OSPF priority for the specified router interface.
Command Description Modea passive-interface Sets the interface or tunnel as passive. ROSPF redistribute (BGP) Configures OSPF protocol to allow redistribution ROSPF of routes from the specified source protocol/routers. router-id Sets a 4-digit dotted-decimal number uniquely identifying the router OSPF ID. ROSPF router ospf Enters Router OSPF mode. GC show ip ospf Displays information relevant to the OSPF router.
Command Description Modea show ip ospf stub table Displays the OSPF stub table. PE show ip ospf virtual-links Displays the OSPF Virtual Interface information PE for a specific area and neighbor. show ip ospf virtual-links Displays the OSPF Virtual Interface information PE brief for all areas in the system. timers pacing flood Adjusts the rate at which OSPFv2 sends LS Update packets OG timers pacing lsa-group Tunes how OSPF groups LSAs for periodic refresh.
Command Description Modea area stub no-summary Disables the import of Summary LSAs for the stub area identified by areaid. ROSV3 area virtual-link Creates the OSPF virtual interface for the specified areaid and neighbor. ROSV3 area virtual-link deadinterval Configures the dead interval for the OSPF virtual ROSV3 interface on the virtual interface identified by areaid and neighbor.
Command Description Modea ipv6 ospf hello-interval Sets the OSPF hello interval for the specified interface. IC ipv6 ospf mtu-ignore Disables OSPF maximum transmission unit (MTU) mismatch detection. IC ipv6 ospf network Changes the default OSPF network type for the interface. IC ipv6 ospf priority Sets the OSPF priority for the specified router interface. IC ipv6 ospf retransmitinterval Sets the OSPF retransmit interval for the specified interface.
Command Description Modea show ipv6 ospf abr Displays the internal OSPFv3 routes to reach Area Border Routers (ABR). PE show ipv6 ospf area Displays information about the area. PE show ipv6 ospf asbr Displays the internal OSPFv3 routes to reach Autonomous System Boundary Routes (ASBR). PE show ipv6 ospf borderrouters Displays internal OSPFv3 routers to reach Area Border Routers (ABR) and Autonomous System Boundary Routers (ASBR).
IPv6 Policy-Based Routing Command Description Modea ipv6 policy route-map Identifies a route map to use for policybased IPv6 routing on an interface. IC match ipv6 address Specifies an IPv6 address match criteria for a route map. RM set ipv6 next-hop Specifies an adjacent next-hop router in RM the path toward the destination to which the packets should be forwarded.
Modea Command Description ip irdp minadvertinterval Configures the minimum time, in seconds, IC allowed between sending router advertisements from the interface. ip irdp multicast Sends router advertisements as IP multicast packets. IC ip irdp preference Configures the preference of the address as a default router address relative to other router addresses on the same subnet. IC show ip irdp Displays the router discovery information for all PE interfaces, or for a specified interface. a.
Command Description Modea ip rip receive version Configures the interface to allow RIP control packets of the specified version(s) to be received. IC ip rip send version Configures the interface to allow RIP control packets of the specified version to be sent. IC redistribute (RIP) Configures OSPF protocol to allow redistribution of routes from the specified source protocol/routers. PIP router rip Enters Router RIP mode. GC show ip rip Displays information relevant to the RIP router.
Unicast Reverse Path Forwarding Command Description Modea system urpf enable Globally enables uRPF checking of routes. GC ip verify unicast source Enable loose uRPF checks on an interface. IC a. For the meaning of each Mode abbreviation, see Mode Types. Virtual Router Command Description Modea description Assigns descriptive text to the VRF instance. VR ip vrf Creates a virtual router with a specified name GC and enters Virtual Router Configuration mode.
Command Description Modea vrrp description Assigns a description to the VRRP group. IC vrrp ip Sets the virtual router IP address value for an interface. IC vrrp mode Enables the virtual router configured on an interface. Enabling the status field starts a virtual router. IC vrrp preempt Sets the preemption mode value for the virtual IC router configured on a specified interface. vrrp priority Sets the priority value for the virtual router configured on a specified interface.
Virtual Router Redundancy Protocol version 3 Commands Command Description Modea fhrp version vrrp v3 Enables Virtual Router Redundancy Protocol version 3 (VRRPv3) configuration on the switch. Creates a Virtual Router Redundancy Protocol version 3 (VRRPv3) group and enter VRRPv3 Group Configuration mode.
Command Description Modea timers advertise Configures the interval between successive advertisements by the master virtual router in a Virtual Router Redundancy Protocol version 3 (VRRPv3) group. Disables a Virtual Router Redundancy Protocol version 3 (VRRPv3) group configuration. Sets the primary or secondary IP address of the switch within a Virtual Router Redundancy Protocol version 3 (VRRPv3) group.
Command Description Modea application start Schedules a Dell-supplied application for immediate execution on the stack master. GC application stop Stops a Dell-supplied application if the application is executing on the stack master. GC show application Displays installed applications and optionally displays application files. GC a. For the meaning of each Mode abbreviation, see Mode Types.
CLI Macro Command Description Modea macro name Creates a user-defined macro. GC macro global apply Use to apply a macro. GC macro global trace Applies and traces a macro. GC macro global description Appends a line to the global macro description. GC macro apply Use to apply a macro. IC macro trace Applies and traces a macro. IC macro description Appends a line to the macro description. IC show parser macro Displays information about defined macros. PE a.
Command Description Modea sntp unicast client enable Enables clients to use Simple Network Time Protocol (SNTP) predefined Unicast clients. GC clock timezone hours-offset Sets the offset to Coordinated Universal Time. GC no clock timezone Resets the time zone settings. clock summer-time recurring Sets the summertime offset to UTC recursively GC every year. clock summer-time date Sets the summertime offset to UTC. GC no clock summer-time Resets the summertime configuration.
Command Description Modea erase Erases the startup configuration, the backup configuration, or the backup image. PE filedescr Adds a description to a file. PE rename Renames the file present in flash. PE show backup-config Displays contents of a backup configuration file. PE show bootvar Displays the active system image file that the switch loads at startup. UE show running-config Displays the contents of the currently running configuration file.
Modea Command Description server Configures a HiveAgent server (HiveManager HAC NG) and enter HiveAgent server configuration mode. debug Enables HiveAgent debug capability. HAC enable Enables a HiveAgent server. HAC proxy-ip-address Configures a proxy server to be used to contact HAC the HiveManager NG.
Command Description Modea exec-banner Enables exec banner on the console, telnet or SSH connection. LC exec-timeout Configures the interval that the system waits for LC user input before Privileged Exec mode timeout. history Enables the command history function. history size Changes the command history buffer size for a LC particular line. line Identifies a specific line for configuration and enters the line configuration command mode.
Command Description Modea test copper-port tdr Diagnoses with TDR (Time Domain Reflectometry) technology the quality and characteristics of a copper cable attached to a port. PE a. For the meaning of each Mode abbreviation, see Mode Types. Power Over Ethernet (PoE) Command Description Modea power inline Enables/disables the ability of the port to deliver power.
RMON Command Description Modea rmon alarm Configures alarm conditions. GC rmon collection history Enables a Remote Monitoring (RMON) MIB history statistics group on an interface. IC rmon event Configures an RMON event. GC rmon hcalarm Configures high capacity alarms. GC show rmon alarm Displays alarm configurations. UE show rmon alarms Displays the alarms summary table. UE and PE show rmon collection history Displays the requested group of statistics.
Command Description Modea debug console Enables the display of debug trace output on the login session in which it is executed. PE debug crashlog Displays the crash log contents on the console. PE or GC debug dhcp packet Displays debug information about DHCPv4 PE client activities and traces DHCP v4 packets to and from the local DHCPv4 client. debug dot1x Enables dot1x packet tracing. PE debug igmpsnooping Enables tracing of IGMP Snooping packets transmitted and/or received by the switch.
Command Description Modea debug ipv6 pimdm Traces PIMDMv6 packet reception and transmission. PE debug ipv6 pimsm Traces PIMSMv6 packet reception and transmission. PE debug isdp Traces ISDP packet reception and transmission. PE debug lacp Traces of LACP packets received and transmitted by the switch. PE debug mldsnooping Traces MLD snooping packet reception and transmission. PE debug ospf Enables tracing of OSPF packets received and transmitted by the switch.
Command Description Modea exception switch-chipregister Enables the dumping of the switch chip registers in case of an exception. GC ip http timeout-policy Configures the timeout policy for closing HTTP GC and HTTPS sessions to the local HTTP server. show debugging Displays packet tracing configurations. PE show exception Displays the core dump configuration parameters, the current or previous exception log, or the core dump file listing.
Command Description Modea sflow sampling (Interface Mode) Enables a new sflow sampler instance for this data source if rcvr_idx is valid. IC sflow source-interface Selects the interface from which to use the IP GC address inserted in the source IP address field of transmitted sFlow packets. show sflow agent Displays the sflow agent information. PE show sflow destination Displays all the configuration information related to the sFlow receivers.
Modea Command Description snmp-server enable traps Enables SNMP traps globally or enables specific GC SNMP traps. snmp-server engineID local Specifies the Simple Network Management GC Protocol (SNMP) engine ID on the local switch. snmp-server filter Creates or updates an SNMP server filter entry. GC snmp-server group Configures a new SNMP group or a table that maps SNMP users to SNMP views. GC snmp-server host Specifies the recipient of SNMP notifications.
Modea Command Description proxy-ip-address Configures a proxy server to be used to contact SAC the SupportAssist servers. server Configures a SupportAssist server and enter SupportAssist server configuration mode. SAC show eula-consent support- Reviews the EULA details whenever desired. assist PE show support-assist status Displays information on the SupportAssist feature status PE, GC support-assist Enables support-assist configuration mode if the EULA has been accepted.
Command Description Modea logging monitor Enables logging messages to telnet and SSH sessions with the default severity level. GC logging on Enables error messages logging. GC logging protocol Logs messages in RFC5424 of RFC 3164 format. GC logging snmp Enables SNMP Set command logging. GC logging source-interface Selects the interface from which to use the IP address in the source IP address field of transmitted SYSLOG packets.
Command Description Modea banner motd acknowledge Acknowledges message-of-the-day banner. GC buffers Configures the rising and falling thresholds for GC the issuance of the message buffer SNMP trap and notification via a SYSLOG message. clear checkpoint statistics Clears the statistics for the checkpointing process. GC clear counters stackports Clears the statistics for all stack-ports. PE connect Connects to the serial console of a different stack member.
Command Description Modea reload Reloads the operating system. PE set description Associates a text description with a switch in the stack. SG slot Configures a slot in the system. GC show banner Displays banner information. PE show buffers Displays the system allocated buffers. UE or PE show checkpoint statistics Displays the statistics for the checkpointing process. PE show cut-through mode Show the cut-through mode on the switch.
Command Description Modea show process cpu Checks the CPU utilization for each process currently running on the switch. PE show process proc-list Lists the configured and in-use resources for PE or GC each application known to the Process Manager. show sessions Displays a list of the open console sessions. PE show slot Displays information about all the slots in the system or for a specific slot. UE show supported cardtype Displays information about all card types supported in the system.
Command Description Modea standby Configures the standby in the stack. SG switch renumber Changes the identifier for a switch in the stack. GC telnet Logs into a host that supports Telnet. PE traceroute Discovers the IP routes that packets actually take when traveling to their destinations. PE traceroute ipv6 Discovers the IP routes that packets actually take when traveling to their destinations. PE update bootcode Updates the boot code on one or more switches. PE a.
a. For the meaning of each Mode abbreviation, see Mode Types. USB Flash Drive Command Description Modea unmount usb Makes the USB flash device inactive. PE show usb Displays the USB flash device details. PE dir usb Displays the USB device contents and memory PE statistics. recover Mounts the USB stick, copies the image from the USB root level directory into RAM, and executes the image. a. UB For the meaning of each Mode abbreviation, see Mode Types.
Web Server Command Description Modea common-name Specifies the common-name for the device. CC country Specifies the country. CC crypto certificate generate Generates a HTTPS certificate. GC crypto certificate import Imports a certificate signed by the Certification GC Authority for HTTPS. crypto certificate request Generates and displays a certificate request for PE HTTPS. duration Specifies the duration in days.
Command Description Modea show ip http server status Displays the HTTP server status information. PE show ip http server secure status Displays the HTTP secure server status information. UE or PE state Specifies the state or province name. CC a. For the meaning of each Mode abbreviation, see Mode Types.
Dell EMC Networking CLI 224
2 Using the CLI Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Introduction This section describes the basics of entering and editing the Dell EMC Networking N1100-ON, N1500, N2000, N2100-ON, N2200-ON, N3000-ON, and N3100-ON Series Command Line Interface (CLI) commands and defines the command hierarchy. It also explains how to activate the CLI and implement its major functions.
command syntax requirements and in some instances parameters required to complete the command. The standard command to request context-sensitive help is the > key. Two instances where the help information can be displayed are: • Keyword lookup — The > key is entered in place of a command. A list of all valid commands and corresponding help messages is displayed. • Partial keyword lookup — A command is incomplete and the > key is entered in place of a parameter.
History Buffer Every time a command is entered in the CLI, it is recorded in an internally managed Command History buffer. Commands are stored in the buffer, which operates on a First In First Out (FIFO) basis. These commands can be recalled, reviewed, modified, and reissued. This buffer is not preserved after switch resets. Table 2-1. History Buffer Keyword Source or Destination Up-arrow key Recalls commands in the history buffer, beginning with the most recent command.
number of lines displayed in a page. When the paging prompt appears, press the space bar to display the next page of output or the enter key to display the next line of output.
– Supports enabling/disabling paginated output for all show CLI commands. When disabled, output is displayed in its entirety. When enabled, output is displayed page-by-page such that content does not scroll off the terminal screen until the user presses a key to continue. -More-- or (q)uit is displayed at the end of each page. – When pagination is enabled, press the return key to advance a single line, press q or Q to stop pagination, or press any other key to advance a whole page.
section Display portion of lines For new commands for the feature, see CLI Output Filtering Commands. Command Completion CLI can complete partially entered commands when the user presses the or key. If a command entered is not complete, is not valid, or if some parameters of the command are not valid or missing, an error message is displayed to assist in entering the correct command. By pressing the key, an incomplete command is changed into a complete command.
Table 2-2. CLI Shortcuts Keyboard Key Description Delete previous character + Go to beginning of line + Go to end of line + Go forward one character + Go backward one character + Delete current character + Delete to beginning of line + Delete to the end of the line.
) or a blank. In these cases, it may be necessary to enclose the entire string in double or single quotes for the command line parser to properly interpret the parameter. Command Scripting The CLI can be used as a programmable management interface. To facilitate this function, any characters entered after the character are treated as a comment and ignored by the CLI. Also, the CLI allows the user to disable session timeouts.
Table 2-3. CLI Command Notation Conventions Convention Example Description [ ] square brackets [value] In a command line, square brackets indicate an optional parameter that one can enter in place of the brackets and text inside them. { } curly braces {choice1|choice2} In a command line inclusive brackets indicate a selection of compulsory parameters separated by the | character. One option must be selected.
gi2/0/10 identifies the Gigabit interface 10 in slot 0 within the second unit on a non-blade switch. Table 2-4 below lists the supported interface type tags. • Unit # — The unit number is greater than 1 only in a stacking solution where a number of switches are stacked to form a virtual switch. In this case, the Unit# indicates the logical position of the switch in a stack. The range is 1–12. The unit value is 1 for standalone switches.
Table 2-4.
Loopback Interfaces Loopback interfaces are represented in the CLI by the keyword loopback followed by the variable loopback-id, which can assume values from 0–7. Port Channel Interfaces Port-channel (or LAG) interfaces are represented in the CLI by the keyword port-channel followed by the variable port-channel-number. When listed in command line output, port channel interfaces are preceded by the characters Po.
to the left of the hyphen must always be less than or equal to the number to the right of the hyphen, e.g. interface range Gi1/0/10-1 is not valid. (#, #, #) — a list of interfaces. For example, (1/0/1, 1/0/1,1/0/3, 1/0/5) indicates that the operation applies to the Ethernet interfaces 1, 3, and 5 on unit 1. The interfaces may or may not be consecutive, nor must the interfaces be of the same type. (#, #-#, #) — ranges and non-consecutive interfaces listed together.
tunnel 7 loopback 3 Example #2 console(config-if-Gi1/0/23)#show vlan VLAN ----1 Name --------------default Ports ------------Po1-128, Gi1/0/1-24, Te1/0/1-2 Type -------------Default RSPAN Vlan --------------------------------------------------------------------None console(config-if-Gi1/0/23)#show slot 2/0 Slot.............................. Slot Status....................... Admin State....................... Power State....................... Configured Card: Model Identifier...............
Card Description............... Configured Card: Model Identifier............... Card Description............... Pluggable......................... Dell 24 Port 10G Fiber Dell Networking N3024F Dell 24 Port 10G Fiber No Entering Network Addresses MAC Addresses MAC addresses are specified in 3 groups of four upper or lower case hexadecimal characters separated by periods with no spaces, e.g. 0011.2233.FFee or by eight pairs of upper or lower case hexadecimal characters separated by colons, e.g.
Any host: 0000:0000:0000:0000:0000:0000:0000:0000 becomes :: The prefix length, if specified, ranges from 1 to 128 and is specified by a forward slash and a decimal number indicating the significant bits of the address, e.g. 3ffe:ffff:100:f101:0:0:0:/64. No spaces are allowed between the last address digit or colon and the forward slash.
CLI Command Modes Since the set of CLI commands is very large, the CLI is structured as a command-tree hierarchy, where related command sets are assigned to command modes for easier access. At each level, only the commands related to that level are available to the user and only those commands are shown in the context sensitive help for that level.
When starting a session, the initial mode is the User Exec mode (privilege level 0). Only a limited subset of commands is available in this mode. This level is reserved for tasks that do not change the configuration. To enter the next level, Privileged Exec mode (privilege level 1) may be required if configured by the administrator. Privileged Exec mode provides access to commands that can not be executed in the User Exec mode and permits access to Global Configuration mode.
Global Configuration Mode Global Configuration commands allow the operator to change the configuration of the switch. The Privileged Exec mode command configure (or configure terminal) is used to enter Global Configuration mode. console(config)# The following are the Global Configuration submodes: • SNMP v3 Host Configuration — Configures the parameters for the SNMP v3 server host. • SNMP Community Configuration — Configures the parameters for the SNMP server community.
• Policy Class — Use the class command to access the QoS Policy-class mode to attach or remove a diffserv class from a policy and to configure the QoS policy class. • Class-Map — This mode consists of class creation/deletion and matching commands. The class matching commands specify layer 2, layer 3 and general match criteria. Use the class-map class-map-name commands to access the QoS Class Map Configuration mode to configure QoS class maps.
Pre-configured capabilities become active only when enabled (typically via an admin mode control) or when the required hardware is present (or both). For example, a port can be pre-configured with both trunk and access mode information. The trunk mode information is applied only when the port is placed into trunk mode and the access mode information is only applied when the port is placed into access mode. Likewise, OSPF routing can be configured in the switch without being enabled on any port.
Identifying the Switch and Command Mode from the System Prompt The system prompt provides the user with the name of the switch (hostname) and identifies the command mode. The following is a formal description of the system command prompt: [device name][([command mode-[object]])][# | >] [device name] — is the name of the managed switch, which is typically the user-configured hostname established by the hostname command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Privileged Exec console# Use the enable command to enter into this mode. This mode is password protected. Use the exit command, or press + to return to the User Exec mode. Global Configuration console(config)# From Privileged Exec mode, use the configure command. Use the exit command, or press + to return to the Privileged Exec mode.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method IPv6 Address Family Configuration From BGP Router console (config-router-af)# Configuration mode, use the address-family ipv6 command. To exit to BGP Router Configuration mode, use the exit command, or press + to Privileged Exec mode. Management Access-List From Global Configuration mode, use the management access-list command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method MAC Access List From Global Configuration mode, use the mac access-list command. Command Prompt Exit or Access Previous Mode console(config-mac-accesslist)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. console(config-pubkeySSH Public Key- From Global chain)# Chain Configuration mode, use the crypto key pubkeychain ssh command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode RADIUS Server Configuration From Global Configuration mode, use the radius server host command. console(Config-authradius)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. RADIUS Dynamic Authorization console(config-radius-da)# From Global Configuration, use the aaa server radius dynamic-author command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode SNMP Community Configuration From Global Configuration mode, use the snmp-server community command. console(config-snmp)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode Crypto Certificate Generation From Global Configuration mode, use the crypto certificate number generate command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Logging From Global Configuration mode, use the logging command. console(config-logging)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. MST From Global Configuration mode, use the spanning-tree mst configuration command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Virtual Router Config console(config-vrfFrom Global XXX)#where XXX is the VRF Configuration mode, use the ip vrf name. command. To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode Router RIP Config From Global Configuration mode, use the router rip command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Track Configuration Mode Switch (config-track)# From Global Configuration mode, use the track object-number ip sla operationnumber command. To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. IP SLA Configuration Mode Switch (config-ip-sla)# From Global Configuration mode, use the ip sla operation-number command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode 10 Gigabit Ethernet From Global Configuration mode, use the interface tengigabitethernet command. Or, use the abbreviation interface te. console (config-ifTeunit/slot/port# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Tunnel From Global Configuration mode, use the interface tunnel command. Or, use the abbreviation interface tu. console(config-tunneltunnel- To exit to Global id)# Configuration Loopback Exit or Access Previous Mode mode, use the exit command, or press + to Privileged Exec mode. console(configFrom Global configuration mode, loopbackloopback-id)# use the interface loopback command.
Using CLI Functions and Tools The CLI has been designed to manage the switch’s configuration file system and to manage switch security. A number of resident tools exist to support these and other functions. Configuration Management All managed systems have software images and databases that must be configured, backed up and restored. Two software images may be stored on the system, but only one of them is active. The other one is a backup image.
To use the copy command, the user specifies the source file and the destination file. For example, copy tftp://remotehost/pub/backupfile backupconfig copies a file from the remote TFTP server to a local backup configuration file. In this case, if the local configuration file does not exist, then it is created by the command. If it does exist, it is overwritten. If there is not enough space on the local file system to accommodate the file, an error is flagged.
• startup-config — This file refers to the special configuration image stored in flash memory which is loaded when the system next reboots. The user may copy a particular configuration file (remote or local) to this special file name and reboot the system to force it to use a particular configuration. • active & backup — These files refer to software images. The active image will be loaded when the system next reboots.
User Accounts Management The CLI provides configuration of authentication for switch administrators or network users either through remote authentication servers supporting TACACS+ or RADIUS or through a set of locally managed user accounts. The setup wizard asks the user to create the initial administrator account and password at the time the system is booted. The following rules and specifications apply: • The administrator may create additional administrator accounts.
If the account is created and maintained locally, each account is given an access level at the time of account creation. If the administrator is authenticated through remote authentication servers, the authentication server is configured to pass the access level to the CLI when the account is authenticated. When RADIUS is used, the Vendor-Specific Option field returns the access level. Two vendor specific options are supported. These are CISCO-AV-Pairs(Shell:priv-lvl=x) and Dell RADIUS VSA (user-group=x).
• The switch maintains at most the last 1000 system events in the inmemory log. Security Logs The system log records security events including the following: • User login. • User logout. • Denied login attempts. • User attempt to exceed security access level. • Denied attempts by external management system to access the system.
• SNMPv3 and the security information for used this protocol. For each of these management profiles, the administrator defines the list of hosts or subnets from which the management profiles may be used. The management ACL capability only applies to in-band ports and may not be configured on the out-of-band management port. Other CLI Tools and Capabilities The CLI has several other capabilities associated with its primary functions.
Scanning devshell symbols file... 47544 symbols, loading... Done. PCI unit 0: Dev 0xb842, Rev 0x02, Chip BCM56842_A0, Driver BCM56840_B0 SOC unit 0 attached to PCI device BCM56842_A0 Adding BCM transport pointers Configuring CPUTRANS TX Configuring CPUTRANS RX <186> Aug 26 08:18:23 0.0.0.0-1 General[72162340]: bootos.c(166) 4 %% Event(0xaaaaaaaa) started! (Unit 1 - Waiting to select management unit)> Applying Global configuration, please wait ... Applying Interface configuration, please wait ...
Enter Choice# 4 Creating tmpfs filesystem on /mnt/download for download...done. Current Active Image# /dev/mtd7 Which Image to Update Active (/dev/mtd7) OR Back-Up (/dev/mtd6)? Select (A/B): B You selected to update Back-Up Image /dev/mtd6... Select Mode of Transfer (Press T/X/Y/Z for TFTP/XMODEM/YMODEM/ZMODEM) []:T Please ensure TFTP server is running to begin Transfer... Enter Server IP []:10.27.9.99 Enter Host IP []:10.27.22.99 Enter Host Subnet Mask [255.255.255.0]:255.255.252.0 Enter Gateway IP []:10.
Operational Code -- Boot Main Menu 1 2 3 4 5 9 10 11 12 - Start Operational Code Select Baud Rate Retrieve Logs Load New Operational Code Display Operational Code Details Reboot Restore Configuration to Factory Defaults Activate Backup Image Start Password Recovery Enter Choice# 11 Current Active Image# /dev/mtd7 Checking for valid back-up image at /dev/mtd6...done. Activating Back-Up Image /dev/mtd6...done.
system configuration. Note: You can exit the setup wizard at any point by entering [ctrl+z]. Would you like to run the setup wizard (you must answer this question within 60 seconds)? [Y/N] n Thank you for using the Dell Easy Setup Wizard. You will now enter CLI mode. Applying Interface configuration, please wait ...
This switch includes a feature that enables it to work with HiveManager (an optional management suite), by sending the switch’s service tag number to HiveManager to authenticate your entitlement to use HiveManager. If you wish to disable this feature, you should run command “eula-consent hiveagent reject” immediately upon powering up the switch for the first time, or at any time thereafter.
VLAN1 Proxy Proxy Proxy Proxy Router Server Server Server Server Interface IP = 0.0.0.0 0.0.0.0 Address: 192.168.0.3 Port: 443 User Name: Password: Monitoring Traps from CLI It is possible to connect to the CLI session and monitor the events or faults that are being sent as traps from the system. This feature is equivalent to the alarm-monitoring window in a typical network management system. The user enables display of events or monitor traps from the CLI by entering the command logging console.
Using the CLI 270
Layer 2 Switching Commands 3 The sections that follow describe commands that conform to the OSI model data link layer (Layer 2). Layer 2 commands provide a logical organization for transmitting data bits on a particular medium. This layer defines the framing, addressing, and checksum functions for Ethernet packets.
ACL Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria.
particular classifier rule. The ACL logging feature allows these hardware "hit" counts to be collected on a per-rule basis and reported periodically to the network administrator using the system logging facility and an SNMP trap. The Dell EMC Networking ACL syntax supports a log parameter that enables hardware hit count collection and reporting.
Table 3-1. Common Ethertypes EtherType Protocol 0x0800 Internet Protocol version 4 (IPv4) 0x0806 Address Resolution Protocol (ARP) 0x0842 Wake-on LAN Packet 0x8035 Reverse Address Resolution Protocol (RARP) 0x8100 VLAN tagged frame (IEEE 802.1Q) 0x86DD Internet Protocol version 6 (IPv6) 0x8808 MAC Control 0x8809 Slow Protocols (IEEE 802.3) 0x8870 Jumbo frames 0x888E EAP over LAN (EAPOL – 802.
Commands in this Section This section explains the following commands: ip access-list mac access-list extended rename deny | permit (IP ACL) remark deny | permit (Mac-Access-ListConfiguration) service-acl input ip access-group show service-acl interface mac access-group show ip access-lists mac access-list extended show mac access-lists ip access-list Use the ip access-list command in Global Configuration mode to create an Access Control List (ACL) that is identified by the parameter list-name a
User Guidelines Access lists use the extended access list format. Multiple permit and deny clauses and actions may be specified without requiring the access list name to be entered each time. Permit and deny clauses are entered in order from the first match clause when in Access List Configuration mode. ACL names are global. An IPv6 access list cannot have the same name as an IPv4 access list. Access list names can consist of any printable character except a question mark.
• {deny | permit}–Specifies whether the IP ACL rule permits or denies the matching traffic. • {ipv4-protocol | number| every}—Specifies the protocol to match for the IP ACL rule. • • – IPv4 protocols: eigrp, gre, icmp, igmp, ip, ipinip, ospf, tcp, udp, pim, arp, sctp – number: a protocol number in decimal, for example, 8 for EGP – every: Match any protocol (don’t care) srcip srcmask | any | host srcip—Specifies a source IP address and netmask to match for the IP ACL rule.
• – When “gt” is specified, IP ACL rule matches if the layer 4 destination port number is greater than the specified port number or portkey. It is equivalent to specifying the range as to 65535. – When “neq” is specified, IP ACL rule matches only if the layer 4 destination port number is not equal to the specified port number or portkey.
– • This option is visible only if protocol is “tcp”. [icmp-type icmp-type [icmp-code icmp-code] | icmp-message icmpmessage] —Specifies a match condition for ICMP packets. – When icmp-type is specified, IP ACL rule matches on the specified ICMP message type, a number from 0 to 255. – When icmp-code is specified, IP ACL rule matches on the specified ICMP message code, a number from 0 to 255. – Specifying icmp-message implies both icmp-type and icmp-code are specified.
• assign-queue queue-id—Specifies the assign-queue, which is the queue identifier to which packets matching this rule are assigned. The queue ID is the internal queue number (traffic class), not the CoS value. Use the show classofservice command to display the assignment of CoS and DSCP values to internal queue numbers. • {mirror | redirect} interface-id—Specifies the mirror or redirect Ethernet interface to which packets matching this rule are copied or forwarded, respectively.
Ethertype Protocol 0x0806 Address Resolution Protocol (ARP) 0x0842 Wake-on LAN Packet 0x8035 Reverse Address Resolution Protocol (RARP) 0x8100 VLAN tagged frame (IEEE 802.1Q) 0x86DD Internet Protocol version 6 (IPv6) 0x8808 MAC Control 0x8809 Slow Protocols (IEEE 802.3) 0x8870 Jumbo frames 0x888E EAP over LAN (EAPOL – IEEE 802.
or bound to a VLAN, then the ACL rule is applied immediately. If a time range with the specified name exists, and the IP ACL containing this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule is applied when the time-range with a specified name becomes active. The ACL rule is removed when the time-range with a specified name becomes inactive. An implicit deny all condition is added by the system after the last MAC or IP/IPv6 access group if no route-map is configured on the interface.
then the ACL rule is applied when the time-range with a specified name becomes active. The ACL rule is removed when the time-range with a specified name becomes inactive. Use the no form of the command to delete an existing permit/deny clause.
• secondary-vlan eq—VLAN identifier. (Range 0-4095). This matches the inner VLAN of a double-tagged packet. It does not match single or untagged packets. • cos—Class of service. (Range 0-7) • log—Specifies that this rule is to be logged if the permit/deny rule has been matched one or more times since the expiry of the last logging interval. The logging interval is 5 minutes. • time-range-name—Use the time-range parameter to impose a time limitation on the MAC ACL rule as defined by the parameter.
User Guidelines The assign-queue and redirect parameters are only valid for permit commands. An implicit deny all condition is added by the system after the last MAC or IP/IPv6 access group if no route-map is configured on the interface. Every permit/deny rule that does not have a rate-limit parameter is assigned a counter. If counter resources become exhausted, a warning is issued and the rule is applied to the hardware without the counter.
• out—The access list is applied to egress packets. • control-plane—The access list is applied to egress control plane packets only. This is only available in Global Configuration mode. • seqnum — Precedence for this interface and direction. A lower sequence number has higher precedence. Range: 1 – 4294967295. Default is 1. Default Configuration This command has no default configuration.
Examples console(config)#ip access-list aclname console(config-ip-acl)#exit console(config)#ip access-group aclname in console(config)#no ip access-group aclname in console(config)#ip access-list aclname1 console(config-ip-acl)#exit console(config)#ip access-group aclname1 out console(config)#interface te1/0/1 console(config-if-Te1/0/1)#ip access-group aclname out 2 console(config-if-Te1/0/1)#no ip access-group aclname out Command History Example and description updated in the 6.4 release.
User Guidelines If the access-list specified in the command does not exist, an error is given. The ACLs in the access-group are configured in hardware when the interface becomes active. Resource contention issues will only become apparent at that time. It is recommended that ACLs be configured on an active interface as a check prior to deployment in the network.
Syntax mac access-list extended name no mac access-list extended name • name — Name of the access list. (Range: 1-31 characters) Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Use this command to create a mac access control list. The CLI mode is changed to Mac-Access-List Configuration when this command is successfully executed. Example The following example creates MAC ACL and enters MAC-Access-ListConfiguration mode.
Command Mode Global Configuration mode User Guidelines Command fails if the new name is the same as the old one. Example The following example shows the mac access-list extended rename command. console(config)#mac access-list extended DELL1 console(config-mac-access-list)#exit console(config)#mac access-list extended rename DELL1 DELL2 remark Use the remark command to add a comment to an ACL rule. Use the no form of the command to remove a comment from an ACL rule.
User Guidelines The administrator can use the remark keyword to add comments to ACL rule entries belonging to an IPv4, IPv6, MAC or ARP ACL. Remarks are associated with the ACL rule that is created immediately after the remarks are created. When the ACL rule is removed, the associated remarks are also deleted. Remarks are shown only in show running-config and are not displayed in show ip access-lists. The no remark command removes the first matching remark from an ACL access-list.
Syntax service-acl input {blockcdp | blockvtp | blockdtp | blockudld | blockpagp | blocksstp | blockall} no service-acl input [blockcdp | blockvtp | blockdtp | blockudld | blockpagp | blocksstp | blockall] • blockcdp—To block CDP PDU’s from being forwarded. • blockvtp—To block VTP PDU’s from being forwarded. • blockdtp—To block DTP PDU’s from being forwarded. • blockudld—To block UDLD PDU’s from being forwarded. • blockpagp—To block PAgP PDU’s from being forwarded.
Syntax show service-acl interface {interface-id | all} • interface-id—An Ethernet interface identifier or a port channel interface identifier. See Interface Naming Conventions for interface representation. Default Configuration UDLD is blocked by default. No other protocol is blocked by default. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command is not supported on the N1500 Series switches.
• interface-id—The interface identifier (Ethernet, port-channel, or VLAN). • in—Show the ingress ACLs. • out—Show the egress ACLs. • control-plane—Show the control plane ACLs. Default Configuration No ACLs are configured by default. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command displays information about the attributes “icmp-type”, “icmpcode”, “igmp-type,” “fragments,” “routing,” and “source and destination L4 port ranges.” It displays the committed rate, committed burst size and the ACL rule hit count of packets matching the ACL rule. This matching packet counter value rolls over upon reaching the maximum value (18446744073709551615 or 264 -1).
TO_FRM UPLINKS Allow-192-168-0-x 2 5 3 437 0 7617636 Gi1/0/26 Gi1/0/26 Gi1/0/29 Inbound Outbound Inbound The following example displays the IP ACLs configured on a device. console#show ip access-lists asdasd IP ACL Name: asdasd Inbound Interface(s): Gi1/0/7 Rule Number: 1 Action......................................... Match All...................................... Protocol....................................... Source IP Address.............................. Source IP Mask...........................
The following examples show Dynamic ACLs configured for both the data and voice VLAN.
Default Configuration This command has no default configuration Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The hit counter applies to the ACL, not to the interface. It shows the sum of all matching packets across all interfaces to which the ACL is applied. For an ACL applied to multiple interfaces, the hit counter will be identical for all interfaces. Command History Updated in 6.3.0.1 firmware. Updated User Guidelines in 6.3.0.5 firmware.
Rule Number: 2 Action......................................... Source MAC Address............................. Source MAC Mask................................ EtherType...................................... VLAN........................................... ACL Hit Count.................................. permit 0000.1133.2244 FFFF.0000.
MAC Address Table Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Dell EMC Networking switches implement a MAC Learning Bridge is compliance with IEEE 802.1Q. The switches implement independent VLAN learning (IVL).
Commands in this Section This section explains the following commands: clear mac address-table show mac address-table multicast show mac address-table dynamic mac address-table agingtime show mac address-table show mac address-table interface mac address-table multicast show mac address-table forbidden address address – mac address-table static show mac address-table count show mac address-table static switchport port-security (Interface Configuration) show mac address-table count show mac addr
User Guidelines This command has no user guidelines. Example In this example, the mac address-table tables are cleared. console#clear mac address-table dynamic mac address-table aging-time Use the mac address-table aging-time command in Global Configuration mode to set the aging time of the address. To restore the default, use the no form of the mac address-table aging-time command.
mac address-table multicast forbidden address Use the mac address-table multicast forbidden address command in Global Configuration mode to forbid adding a specific multicast address to specific ports. To allow the multicast group, use the no form of this command.
Examples In this example the MAC address 0100.5e02.0203 is forbidden on port 2/0/9 within VLAN 8. console(config)#mac address-table multicast forbidden address vlan 8 0100.5e02.0203 add interface gigabitethernet 2/0/9 mac address-table static Use the mac address table static command in Global Configuration mode to add a static MAC-layer station source address to the bridge table. To delete the MAC address, use the no form of the mac address table static command.
The maximum number of static MAC addresses that may be configured on a port is limited by the switchport port-security maximum command. This command may be invoked multiple times with different interfaces (and the same VLAN) when used with a multicast MAC address. Example The following example adds a permanent static MAC address c2f3.220a.12f4 to the MAC address table. console(config)# mac address-table static c2f3.220a.
Port security allows the network administrator to secure interfaces or VLANs by specifying (or learning) the allowable MAC addresses on a given port. Packets with a matching source MAC address are forwarded normally. All other host packets are discarded. Port security operates on access, trunk and general mode ports. Two methods are used to implement Port MAC locking: dynamic locking and static locking. Static locking further has an optional sticky mode.
Sticky mode configuration converts all the existing dynamically learned MAC addresses on an interface to sticky. This means that they will not age out and will appear in the running-config. In addition, new addresses learned on the interface will also become sticky. Note that sticky is not the same as static – the difference is that all sticky addresses for an interface are removed from the running-config when the interface is taken out of sticky mode.
Add a sticky mode statically locked MAC address to trunk port Gi1/0/3 and VLAN 33. console(config)#vlan 33 console(config-vlan33)#interface gi1/0/3 console(config-if-Gi1/0/3)#switchport mode trunk console(config-if-Gi1/0/3)#switchport port-security mac-address sticky 0011.2233.4455 vlan 33 Remove a sticky mode MAC address from trunk port Gi1/0/3 and VLAN 33.
Syntax switchport port-security [dynamic { value | vlan {vlan-id | range vlanrange } maximum limit } | mac-address {mac-address vlan vlan-id | sticky [mac-addr vlan vlan-id ] } | maximum {val} | violation {protect | shutdown} ] no switchport port-security [dynamic [vlan {vlan-id | range vlan-range} ] | mac-address { mac-addr vlan vlan-id| sticky} | maximum | violation ] • mac-address — The static MAC address to be configured on the interface and VLAN.
The default number of dynamic MAC addresses per interface is 600 (300 for the N1500 Series switches). The default number of static MAC addresses per interface is 100. Both limits are subject to the total MAC address limit supported by the system. Command Mode Interface (Ethernet and port-channel) Configuration mode. Interface Range mode - Only when using switchport port-security syntax.
Static locking allows the administrator to specify a list of MAC addresses that are allowed on a port. The behavior of packets is the same as for dynamic learning once the dynamic limit has been reached: only packets with a known source MAC address can be forwarded. Any packets with source MAC addresses that are not configured are discarded. The switch treats this as violation.
switchport port-security mac-address sticky 0011.2233.4455 vlan 33 Statically locked MAC addresses appear in the running-config in the following form: switchport port-security mac-address 0011.2233.4455 vlan 33 In order for sticky or static MAC addresses to survive a reboot, the configuration must be saved. Dynamic port security may be implemented on a VLAN or interface basis.
Enable port security/MAC locking globally and on an interface, enable sticky mode on the interface and convert all dynamic addresses on the interface to sticky. console(config)#switchport port-security console(config)#interface gi1/0/3 console(config-if-gi1/0/3)#switchport port-security console(config-if-gi1/0/3)#switchport port-security mac-address sticky Add a statically locked MAC address to trunk port Gi1/0/3 and VLAN 33.
show mac address-table multicast Use the show mac address-table multicast command to display multicast MAC address table information. Syntax show mac address-table multicast [count]|[[vlan vlan-id] [address {macmulticast-address | ip-multicast-address}] [format {ip | mac}]] • vlan-id — A valid VLAN ID value. • mac-multicast-address — A valid MAC multicast address. • ip- multicast-address — A valid IP multicast address. • format — Multicast address display format. Can be ip or mac.
Example In this example, multicast MAC address table information is displayed. console#show mac address-table multicast Vlan ----1 MAC Address ------------------0100.5E05.0505 Type ------Static Ports ------------------ Forbidden ports for multicast addresses: Vlan ---1 MAC Address ----------------------0100.5E05.0505 Ports --------------------------- NOTE: A multicast MAC address maps to multiple IP addresses, as shown above. Command History The description was updated in the 6.4 release.
Example In this example, all classes of entries in the mac address-table are displayed. console#show mac address-table Aging time is 300 Sec Vlan ---0 1 1 10 90 Mac Address ---------------001E.C9AA.AE19 001E.C9AA.AC19 001E.C9AA.AE1B 001E.C9AA.AE1B 001E.C9AA.
User Guidelines This command has no user guidelines. Example In this example, the mac address table entry for 0000.E26D.2C2A is displayed. console#show mac address-table address 0000.E26D.2C2A Vlan Mac Address Type Port ---- -------------- -------- ------------1 0000.E26D.2C2A Dynamic Gi1/0/1 show mac address-table count Use the show mac address-table count command in User Exec or Privileged Exec mode to display the number of addresses present in the Forwarding Database.
console#show mac address-table count Capacity: 8192 Used: 109 Static addresses: 2 Secure addresses: 1 Dynamic addresses: 97 Internal addresses: 9 show mac address-table dynamic Use the show mac address-table command in User Exec or Privileged Exec mode to display all dynamic entries in the bridge-forwarding database. Syntax show mac address-table dynamic [address mac-address] [interface interfaceid] [vlan vlan-id] • mac-address—A MAC address.
---1 1 1 1 1 -------------0000.0001.0000 0000.8420.5010 0000.E26D.2C2A 0000.E89A.596E 0001.02F1.0B33 ------Dynamic Dynamic Dynamic Dynamic Dynamic ------------Gi1/0/1 Gi1/0/1 Gi1/0/1 Gi1/0/1 Gi1/0/1 show mac address-table interface Use the show mac address-table command in User Exec or Privileged Exec mode to display all entries in the mac address-table. Syntax show mac address-table interface interface-id [vlan vlan-id] • interface-id —Specify an interface type.
1 1 1 0000.E26D.2C2A Dynamic Gi1/0/1 0000.E89A.596E Dynamic Gi1/0/1 0001.02F1.0B33 Dynamic Gi1/0/1 show mac address-table static Use the show mac address-table static command in User Exec or Privileged Exec mode to display static entries in the bridge-forwarding database. Syntax show mac address-table static [address mac-address] [interface interface-id] [vlan vlan-id] • mac-address —A MAC address. • interface-id —Specify an interface type; valid interfaces include Ethernet ports and port channels.
show mac address-table vlan Use the show mac address-table vlan command in User Exec or Privileged Exec mode to display all entries in the bridge-forwarding database for the specified VLAN. Syntax show mac address-table [vlan vlan-id] • vlan-id—Specify a valid VLAN; the range is 1 to 4093. Default Configuration This command has no default configuration.
Syntax show port-security [ interface-id | all | dynamic interface-id | static interfaceid | violation interface-id] • interface-id —An Ethernet or port channel interface identifier. • all—Display information for all interfaces. Default Configuration Port security is disabled by default. No port security MAC addresses are learned or configured by default. The maximum static MAC address limit is 100 MAC addresses. The maximum dynamic MAC address limit is 600 MAC addresses.
Field Description Max-dynamic The dynamic MAC address limit. Max-static The static address limit. Protect Trap issued on violation (enabled/disabled). Frequency The frequency of trap issuance (in seconds). Shutdown Shut down (err-disable) interface on violation (enabled/disabled). Sticky Mode Sticky mode configuration (enabled/disabled). This information is shown if the dynamic parameter is given: Field Description Dynamically Learned MAC Address Dynamically learned MAC addresses.
Field Description MAC address The source MAC address of the last packet discarded on the interface. These are packets with unknown MAC addresses, e.g., as in the case of the dynamic limit set to 0. VLAN ID The VLAN identifier of the discarded packet, if applicable. Command History Updated in 6.3.0.1 firmware.
Auto-VoIP Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Voice over Internet Protocol (VoIP) allows network users to make telephone calls using a computer network over a data network like the Internet. With the increased prominence of delay-sensitive applications (voice, video, and other multimedia applications) deployed in networks today, proper QoS configuration ensures high-quality application performance.
show switchport voice Use the show switchport voice command to show the status of Auto-VoIP on an interface or all interfaces. Syntax show switchport voice [ interface-id ] • interface-id —An Ethernet or port channel interface identifier. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines See the debug auto-voip command for assistance in troubleshooting AutoVoIP issues.
Gi1/0/10 Gi1/0/11 Gi1/0/12 Gi1/0/13 Gi1/0/14 Gi1/0/15 Gi1/0/16 Gi1/0/17 Gi1/0/18 Gi1/0/19 Gi1/0/20 Gi1/0/21 Gi1/0/22 Gi1/0/23 Gi1/0/24 Po1 Po2 Po3 Po4 Po5 Po6 Po7 Po8 Po9 Po10 Po11 Po12 Po13 Po14 Po15 Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6
switchport voice detect auto The switchport voice detect auto command is used to enable the VoIP Profile on all the interfaces of the switch (global configuration mode) or for a specific interface (interface configuration mode).Use the no form of the command to disable the VoIP Profile. Syntax switchport voice detect auto no switchport voice detect auto Default Configuration This feature is disabled by default.
CDP Interoperability Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Industry Standard Discovery Protocol (ISDP) is a proprietary Layer 2 network protocol which inter-operates with Cisco network equipment and is used to share information between neighboring devices. Dell EMC Networking switches participate in the ISDP protocol and are able to both discover and be discovered by devices that support the Cisco Discovery Protocol (CDP).
User Guidelines There are no user guidelines for this command. Example console#clear isdp counters clear isdp table The clear isdp table command clears entries in the ISDP table. Syntax clear isdp table Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command.
Default Configuration ISDP sends version 2 packets by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#isdp advertise-v2 isdp enable The isdp enable command enables ISDP on the switch. User the “no” form of this command to disable ISDP. Use this command in global configuration mode to enable the ISDP function on the switch. Use this command in interface mode to enable sending ISDP packets on a specific interface.
console(config)#isdp enable console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#isdp enable isdp holdtime The isdp holdtime command configures the hold time for ISDP packets that the switch transmits. The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it. The range is given in seconds. Use the no form of this command to reset the holdtime to the default.
isdp timer The isdp timer command sets period of time between sending new ISDP packets. The range is given in seconds. Use the “no” form of this command to reset the timer to the default. Syntax isdp timer time no isdp timer • time—The time in seconds (range: 5–254 seconds). Default Configuration The default timer is 30 seconds. Command Mode Global Configuration mode User Guidelines Configuring the timer to a low value on a large number interfaces may affect system processing due to CPU overload.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show isdp Timer................................ Hold Time............................ Version 2 Advertisements............. Neighbors table last time changed.... Device ID............................ Device ID format capability.......... Device ID format.....................
Example console#show isdp entry Switch Device ID N2000/N3000-ON Series Switch Address(es): IP Address: 172.20.1.18 IP Address: 172.20.1.18 Capability Router IGMP Platform cisco WS-C4948 Interface Gi1/0/1 Port ID Gi1/0/1 Native VLAN 234 Holdtime 64 Advertisement Version 2 Entry last changed time 0 days 00:13:50 Version: Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000 I9K91S-M), Version 12.2(25)EWA9, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.
User Guidelines This command accepts an Ethernet interface identifier. Example console#show isdp interface all Interface --------------Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Gi1/0/9 Mode ---------Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled console#show isdp interface gigabitethernet 1/0/1 Interface --------------Gi1/0/1 Mode ---------Enabled show isdp neighbors The show isdp neighbors command displays the list of neighboring devices.
User Guidelines The information displayed varies based upon the information received from the ISDP neighbor.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show isdp traffic ISDP Packets Received.......................... ISDP Packets Transmitted....................... ISDPv1 Packets Received........................ ISDPv1 Packets Transmitted..................... ISDPv2 Packets Received........................ ISDPv2 Packets Transmitted..................... ISDP Bad Header..................
DHCP Layer 2 Relay Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches In the majority of network configurations, DHCP clients and their associated servers do not reside on the same IP network or subnet. Therefore, some kind of third-party agent is required to transfer DHCP messages between clients and servers. Such an agent is known as a DHCP Relay agent. The DHCP Relay agent accepts DHCP requests from any routed interface, including VLANs.
dhcp l2relay (Global Configuration) Use the dhcp l2relay command to enable Layer 2 DHCP Relay functionality. The subsequent commands mentioned in this section can only be used when the L2-DHCP Relay is enabled. Use the no form of this command to disable L2-DHCP Relay. Syntax dhcp l2relay no dhcp l2relay Default Configuration DHCP L2 Relay is disabled by default. Command Mode Global Configuration. User Guidelines There are no user guidelines for this command.
Command Mode Interface Configuration (Ethernet, Port-channel). User Guidelines There are no user guidelines for this command. Example console(config-if-Gi1/0/1)#dhcp l2relay dhcp l2relay circuit-id Use the dhcp l2relay circuit-id command to enable setting the DHCP Option 82 Circuit ID for a VLAN. When enabled, the interface number is added as the Circuit ID in DHCP option 82. Use the no form of this command to disable setting the DHCP Option 82 Circuit ID.
dhcp l2relay remote-id Use the dhcp l2relay remote-id command to enable setting the DHCP Option 82 Remote ID for a VLAN. When enabled, the supplied string is used for the Remote ID in DHCP Option 82. Use the no form of this command to disable setting the DHCP Option 82 Remote ID. Syntax dhcp l2relay remote-id remoteId vlan vlan-list no dhcp l2relay remote-id vlan vlan-list • remoteId —The string to be used as the remote ID in the Option 82 (Range: 1 128 characters). • vlan-list —A list of VLAN IDs.
Default Configuration DHCP Option 82 is discarded by default. Configuration Mode Interface Configuration (Ethernet, Port-channel). User Guidelines There are no user guidelines for this command. Example console(config-if-Gi1/0/1)#dhcp l2relay trust dhcp l2relay vlan Use the dhcp l2relay vlan command to enable the L2 DHCP Relay agent for a set of VLANs. All DHCP packets which arrive on interfaces in the configured VLAN are subject to L2 Relay processing.
Example console(config)#dhcp l2relay vlan 10,340-345 show dhcp l2relay all Use the show dhcp l2relay all command to display the summary of DHCP L2 Relay configuration. Syntax show dhcp l2relay all Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console #show dhcp l2relay all DHCP L2 Relay is Enabled.
show dhcp l2relay interface Use the show dhcp l2relay interface command to display DHCP L2 Relay configuration specific to interfaces. Syntax show dhcp l2relay interface {all | interface-id} • all—Show all interfaces. • interface-id—Show the specified interface information. The interface may be an Ethernet interface or a port-channel. Default Configuration This command has no default configuration.
Syntax show dhcp l2relay stats interface {all | interface-id} • all—Show all interfaces. • interface-id—An Ethernet interface. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay stats interface all DHCP L2 Relay is Enabled.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console# show dhcp l2relay agent-option vlan 5-10 DHCP L2 Relay is Enabled.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay vlan 100 DHCP L2 Relay is Enabled. DHCP L2 Relay is enabled on the following VLANs: 100 show dhcp l2relay circuit-id vlan Use the show dhcp l2relay circuit-id vlan command to display whether DHCP L2 Relay is globally enabled and whether the DHCP Circuit-ID option is enabled on the specified VLAN or VLAN range.
DHCP L2 Relay is Enabled. DHCP Circuit-Id option is enabled on the following VLANs: 300 show dhcp l2relay remote-id vlan Use the show dhcp l2relay remote-id vlan command to display whether DHCP L2 Relay is globally enabled and shows the remote ID configured on the specified VLAN or VLAN range. Syntax show dhcp l2relay remote-id vlan vlan-list • vlan-list—Show information for the specified VLAN range. List separate, nonconsecutive VLAN IDs separated by commas (without spaces).
Syntax clear dhcp l2relay statistics interface {all | interface-id} • all—Show all interfaces. • interface-id—An Ethernet interface. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command.
DHCP Snooping Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches DHCP Snooping is a security feature that monitors DHCP messages between DHCP clients and DHCP server to filter harmful DHCP messages and build a bindings database of {MAC address, IP address, VLAN ID, interface} tuples that are considered authorized. The DHCP snooping application processes incoming DHCP messages.
Commands in this Section This section explains the following commands: clear ip dhcp snooping binding ip dhcp snooping trust clear ip dhcp snooping statistics ip dhcp snooping verify mac-address ip dhcp snooping show ip dhcp snooping ip dhcp snooping binding show ip dhcp snooping binding ip dhcp snooping database show ip dhcp snooping database ip dhcp snooping database write-delay show ip dhcp snooping interfaces ip dhcp snooping limit show ip dhcp snooping statistics ip dhcp snooping log-inva
Command History Port-channel capability added in version 6.5 firmware. clear ip dhcp snooping statistics Use the clear ip dhcp snooping statistics command to clear all DHCP Snooping statistics. Syntax clear ip dhcp snooping statistics Default Configuration There is no default configuration for this command. Command Mode Privileged Exec User Guidelines There are no user guidelines for this command.
Command Mode Global Configuration mode User Guidelines To enable DHCP snooping, do the following: 1 Enable DHCP Snooping globally. 2 Enable DHCP Snooping per VLAN. 3 Configure at least one DHCP Snooping trusted port via which the DHCP server may be reached. The bindings database populated by DHCP snooping is used by several other services, including IP source guard and dynamic ARP inspection. DHCP snooping must be enabled for these services to operate.
• interface-id —The interface on which the client is authorized. The interface may be an Ethernet interface identifier or a port channel interface identifier. Default Configuration There are no static or dynamic DHCP snooping bindings by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ip dhcp snooping binding 00:00:00:00:00:01 vlan 10 10.131.12.
User Guidelines There are no user guidelines for this command. Example The following example configures the storage location of the snooping database as local. console(config)#ip dhcp snooping database local The following example configures the storage location of the snooping database as remote. console(config)#ip dhcp snooping database tftp://10.131.11.1/db.
ip dhcp snooping limit Use the ip dhcp snooping limit command to diagnostically disable itself if the rate of received DHCP messages exceeds the configured limit. Use the no shutdown command to re-enable the interface. Use the no form of this command to disable automatic shutdown of the interface. Syntax ip dhcp snooping limit {rate rate [burst interval seconds]} no ip dhcp snooping limit • rate— The maximum number of packets per second allowed (Range: 0– 300 pps).
The administrator can configure the rate and burst interval. Rate limiting is configured independently on each Ethernet or port-channel interface and may be enabled on both DHCP trusted and untrusted interfaces. The rate limit is configurable in the range of 0-300 packets per second and the burst interval in the range of 1-15 seconds. In general, a rate limit of under 100 pps is valid for untrusted interfaces.
ip dhcp snooping trust Use the ip dhcp snooping trust command to configure a port as trusted. Use the no form of this command to configure a port as untrusted. Syntax ip dhcp snooping trust no ip dhcp snooping trust Default Configuration Ports are untrusted by default.
ip dhcp snooping verify mac-address Use the ip dhcp snooping verify mac-address command to enable the verification of the source MAC address with the client MAC address in the received DHCP message. Use the “no” form of this command to disable verification of the source MAC address. Syntax ip dhcp snooping verify mac-address no ip dhcp snooping verify mac-address Default Configuration Source MAC address verification is disabled by default.
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show ip dhcp snooping binding Total number of bindings: 2 MAC Address ----------------00:02:B3:06:60:80 00:02:FE:06:13:04 IP Address --------------210.1.1.3 210.1.1.
Example console#show ip dhcp snooping database agent url: write-delay: /10.131.13.79:/sai1.txt 5000 show ip dhcp snooping interfaces Use the show ip dhcp snooping interfaces command to show the DHCP Snooping status of the interfaces. Syntax show ip dhcp snooping interfaces [interface-id] • interface-id — A valid Ethernet or port-channel interface. Default Configuration There is no default configuration for this command.
Gi1/0/15 Yes 15 1 show ip dhcp snooping statistics Use the show ip dhcp snooping statistics command to display the DHCP snooping filtration statistics. Syntax show ip dhcp snooping statistics Default Configuration There is no default configuration for this command.
Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Gi1/0/9 Gi1/0/10 Gi1/0/11 Gi1/0/12 Gi1/0/13 Gi1/0/14 Gi1/0/15 Gi1/0/16 Gi1/0/17 Gi1/0/18 Gi1/0/19 Gi1/0/20 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Layer 2 Switching Commands 365
DHCPv6 Snooping Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches This section explains the following commands: clear ipv6 dhcp snooping binding ipv6 dhcp snooping verify mac-address clear ipv6 dhcp snooping binding ipv6 verify binding ipv6 dhcp snooping ipv6 verify source ipv6 dhcp snooping vlan show ipv6 dhcp snooping ipv6 dhcp snooping binding show ipv6 dhcp snooping binding ipv6 dhcp snooping database show ipv6 dhcp snooping database ipv6 dh
Command Modes User Exec, Privileged Exec User Guidelines This command has no user guidelines. Example (console)#clear ipv6 dhcp snooping binding clear ipv6 dhcp snooping statistics Use the clear ipv6 dhcp snooping statistics command to clear all IPv6 DHCP Snooping statistics. Syntax clear ipv6 dhcp snooping statistics Default Configuration This command has no default configuration.
Syntax ipv6 dhcp snooping no ipv6 dhcp snooping Default Configuration By default, DHCP snooping is not enabled. Command Modes Global Configuration mode User Guidelines The DHCP snooping application processes incoming DHCP messages. For RELEASE and DECLINE messages from a DHCPv6 client and RECONFIGURE messages from a DHCPv6 server received on an untrusted interface, the application compares the receive interface and VLAN with the client’s interface and VLAN in the bindings database.
Syntax ipv6 dhcp snooping vlan vlan-list no ipv6 dhcp snooping vlan-list • vlan-list —A single VLAN, one or more VLANs separated by commas, or two VLANs separated by a single dash indicating all VLANs between the first and second inclusive. Multiple VLAN identifiers can be entered provided that no embedded spaces are contained within the vlan-list. Default Configuration By default, DHCP snooping is not enabled on any VLANs.
• mac-address—A valid mac address in standard format. • vlan-id —A configured VLAN id. (Range 1-4093) • ip-address—A valid IPv6 address. • interface-id—A valid Ethernet interface ID in short or long format. • port-channel-number—A valid port channel identifier. Default Configuration By default, no static DHCP bindings are configured. Command Modes Global Configuration mode User Guidelines Static bindings do not age out of the DHCP binding database.
User Guidelines The DHCP binding database is persistently stored on a configured external server or locally in flash, depending on the user configuration. A row-wise checksum is placed in the text file that is stored on the configured TFTP server. On switch startup, the switch reads the text file and uses the contents to build the DHCP snooping database. If the calculated checksum value equals the stored checksum, the switch uses the entries from the binding file and populates the binding database.
ipv6 dhcp snooping limit Use the ipv6 dhcp snooping limit command configures an interface to be diagnostically disabled if the rate of received DHCP messages exceeds the configured limit. Use the no shutdown command to reenable the interface. Use the no form of the command to disable diagnostic disabling of the interface. Syntax ipv6 dhcp snooping limit {rate pps [burst interval seconds]} no ipv6 dhcp snooping limit • pps—The rate in packets per interval. (Range 0-300.
The administrator can configure the rate and burst interval. Rate limiting is configured independently on each Ethernet interface and may be enabled on both trusted and untrusted interfaces. The rate limit is configurable in the range of 0-300 packets per second and the burst interval in the range of 1-15 seconds. ipv6 dhcp snooping log-invalid Use the ipv6 dhcp snooping log-invalid command to configure the port to log invalid received DHCP messages.
ipv6 dhcp snooping trust Use the ipv6 dhcp snooping trust command to configure an interface as trusted. Use the no form of the command to return the interface to the default configuration. Syntax ipv6 dhcp snooping trust no ipv6 dhcp snooping trust Default Configuration By default, interfaces are untrusted.
no ipv6 dhcp snooping verify mac-address Default Configuration By default, MAC address verification is not enabled. Command Modes Global Configuration mode User Guidelines DHCP MAC address verification operates on DHCP messages received over untrusted interfaces. The source MAC address of DHCP packet is different from the client hardware if: • A DHCP discovery/request broadcast packet that was forwarded by the relay agent. • A DHCP unicast request packet was routed in renew process.
Syntax ipv6 verify binding mac-address vlan vlan-id ip-address interface interface id no ipv6 verify binding mac-address vlan vlan-id ip-address interface interface id • mac-address —A valid mac address in standard format. • vlan-id —A configured VLAN id. (Range 1-4093. • ip-address —A valid IPv6 address. • interface-id—A valid interface ID in short or long format. Default Configuration By default, no static IP Source Guard entries are configured.
Default Configuration By default, no sources are blocked. Command Modes Interface Configuration mode (Ethernet and port-channel) User Guidelines DHCP snooping should be enabled on any interfaces for which ipv6 verify source is configured. If ipv6 verify source is configured on an interface for which DHCP snooping is disabled, or for which DHCP snooping is enabled and the interface is trusted, incoming traffic on the interface is dropped. Traffic is filtered based on the source IP address and VLAN.
User Guidelines This command has no user guidelines.
Command Modes User Exec, Privileged Exec (all show modes) User Guidelines There are no user guidelines for this command.
write-delay: 5000 show ipv6 dhcp snooping interfaces Use the show ipv6 dhcp snooping interfaces command to show the DHCP Snooping status of IPv6 interfaces. Syntax show ipv6 dhcp snooping interfaces [interface id] • interface id—A valid Ethernet or port-channel interface. Default Configuration There is no default configuration for this command. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines If no parameter is given, all interfaces are shown.
Syntax show ipv6 dhcp snooping statistics Default Configuration This command has no default configuration. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines The following statistics are displayed. Parameter Description MAC Verify Failures The number of DHCP messages that got filtered on an untrusted interface because of the source MAC address and client hardware address mismatch.
show ipv6 source binding Use the show ipv6 source binding command to display the IPv6 Source Guard configurations on all ports, on an individual port, or on a VLAN. Syntax show ipv6 source binding [{dhcp-snooping | static}] [interface interface-id] [vlan vlan-id] • dhcp-snooping — Displays the DHCP snooping bindings. • static —Displays the statically configured bindings. Default Configuration This command has no default configuration.
Default Configuration There is no default configuration for this command.
Syntax show ipv6 verify source Default Configuration There is no default configuration for this command. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines If MAC address filtering is not configured on the interface, the MAC Address field is empty. If port security is disabled on the interface, the MAC Address field displays permit-all. The filter type is one of the following: • ipv6-mac: User has configured MAC address filtering on this interface.
Dynamic ARP Inspection Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON Series Switches Dynamic ARP Inspection (DAI) is a security feature that rejects invalid or malicious ARP packets. The feature prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its neighbors. The attacker sends ARP requests or responses mapping another station IP address to its own MAC address.
• acl-name — A valid ARP ACL name (Range: 1–31 characters). Default Configuration There are no ARP ACLs created by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#arp access-list tier1 clear ip arp inspection statistics Use the clear ip arp inspection statistics command to reset the statistics for Dynamic Address Resolution Protocol (ARP) inspection on all VLANs.
ip arp inspection filter Use the ip arp inspection filter command to configure an ARP ACL to be used for a single VLAN or a range of VLANs to filter invalid ARP packets. Use the “no” form of this command to remove the ARP ACL. Syntax ip arp inspection filter acl-name vlan vlan-list [static] no ip arp inspection filter acl-name vlan vlan-list [static] • acl-name —The name of a valid ARP ACL. (Range: 1–31 characters) • vlan-list —A list of VLAN identifiers.
Syntax ip arp inspection limit {none | rate pps [burst interval seconds]} no ip arp inspection limit • none — To set no rate limit. • pps — The number of packets per second (Range: 0–300). • seconds — The number of seconds (Range: 1–15). Default Configuration The default rate limit is 15 packets per second. The default burst interval is 1 second.
Default Configuration Interfaces are configured as untrusted by default. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines ARP responses received on a trusted interface are not checked against the DHCP snooping bindings. They are entered into the ARP cache without filtering.
User Guidelines By default Dynamic ARP Inspection validates the source MAC address and source IP address in received ARP responses against the DHCP Snooping bindings. ARP responses that fail the check are discarded without updating the ARP cache. This command enables additional validation checks on ARP response packets before updating the ARP cache. Any combination of checks is allowed. Each command invocation overrides the current configuration.
Command Mode Global Configuration mode User Guidelines Dynamic ARP Inspection validates the source MAC address and source IP address in received ARP responses against the DHCP Snooping bindings. ARP responses that fail the check are discarded without updating the ARP cache.
Example console(Config-arp-access-list)#permit ip host 1.1.1.1 mac host 00:01:02:03:04:05 show arp access-list Use the show arp access-list command to display the configured ARP ACLs with the rules. Giving an ARP ACL name as the argument would display only the rules in that ARP ACL. Syntax show arp access-list [acl-name] • acl-name — A valid ARP ACL name (Range: 1–31 characters). Default Configuration There is no default configuration for this command.
Syntax show ip arp inspection [interfaces [interface-id] | statistics [vlan vlan-list] | vlan vlan-list] • interfaces [interface-id]—Display the Dynamic ARP Inspection configuration on all the DAI enabled interfaces. Giving an interface argument, it displays the values for that interface only. • statistics [vlan vlan-list]—Display the statistics of the ARP packets processed by Dynamic ARP Inspection. Given vlan-list argument, it displays the statistics on all DAI-enabled VLANs in that range.
DHCP Permits The number of packets permitted due to DHCP snooping binding database match. ACL Permits The number of packets permitted due to ARP ACL rule match. Bad Src MAC The number of packets dropped due to Source MAC validation failure. Bad Dest MAC The number of packets dropped due to Destination MAC validation failure. Invalid IP The number of packets dropped due to invalid IP checks. Example Following is an example of the show ip arp inspection command.
VLAN DHCP ACL DHCP ACL Bad Src Bad Dest Invalid Drops Drops Permits Permits MAC MAC IP ---- ---------- ---------- ---------- ---------- ---------- ---------- -----10 11 1 65 25 1 1 0 20 1 0 8 2 0 1 1 The following global parameters are displayed when no parameters are given: Parameter Description Source Mac Validation If Source Mac validation of ARP frame is enabled. Destination Mac Validation If Destination Mac validation of ARP Response frame is enabled.
Ethernet Configuration Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Dell EMC Networking switches support a variety of configuration options to optimize network operations. Features such as flow-control and jumbo frames are supported along with a variety of commands to display traffic statistics as well as limit the effects of network loops or other network issues.
On a storm control enabled interface, if the ingress rate of that type of packet (L2 broadcast, multicast, or unicast) is greater than the configured threshold level (as a percentage of port speed or as an absolute packets-per-second rate), the switch forwarding-plane discards the excess traffic. The speed command controls interface link speeds and auto-negotiation. If speed is set to something other than auto, auto-negotiation is disabled on the interface.
• stack-ports—Clears stack-port statistics. • switchport—Clear all the interface counters • interface-id—An Ethernet or port-channel identifier. If specified, counters are cleared for the individual interface. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines Use of the clear counters command with no parameters indicates that both switch and all interface statistics are to be cleared.
Default Configuration By default, the interface does not have a description. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command has no user guidelines. Example The following example adds a description to the Ethernet port 5.
• The interface is set to access mode using VLAN 1. • The port is removed from all access-groups. • The port is removed from port-channels. • Speed/duplex are set to defaults. • Spanning tree is enabled. • Loop protection, BFD, and UDLD are disabled. • Port MAC locking is disabled. • Static MAC address entries referencing the interface are removed. • Private VLAN configuration is removed. Use of this command may cause the interface to drop the link.
Default Configuration Auto-negotiation is enabled by default on copper ports and for 1000BASE-X ports. Command Mode Interface Configuration (Ethernet) mode User Guidelines The duplex command is only available on the Dell EMC Networking N1500, and N2200 Series switches. Other switch models support full duplex operation only. Configuration of auto-negotiation or fixed operation is performed by the speed command.
flowcontrol Use the flowcontrol command in Global Configuration mode to configure the flow control. To disable flow control, use the no form of this command. Syntax flowcontrol receive {on | off} no flowcontrol receive Default Configuration Flow Control is enabled by default. Command Mode Global Configuration and Interface Configuration modes User Guidelines Dell EMC Networking switches implement receive flow control only.
interface Use this command to configure parameters for Ethernet and port-channel interfaces. While in Global Configuration mode, enter the interface command with a specific interface. To exit to Global Configuration mode, enter exit. To return to Privileged Exec mode, press Ctrl-Z or enter end. Additional forms of the interface command enable configuring VLANs, tunnels, the loopback interface, the out-of-band interface, and ranges of interfaces.
loss on other ports that are not congested or flow controlled. See http://www.ieee802.org/3/cm_study/public/september04/thaler_3_0904.pdf for more information. Example The following example enables Gigabit port 2 on stack member 1 for configuration. console(config)# interface gigabitethernet 1/0/2 interface range Use the interface range command in Global Configuration mode to execute a command on multiple ports at the same time.
Command Mode Global Configuration, Interface Range and Interface modes User Guidelines Commands under the interface range context are executed independently on each active interface in the range. If the command returns an error on one of the active interfaces, it does not stop executing commands on other active interfaces.
Syntax link debounce time [ timeout ] no link debounce time • timeout—An integer value in the range of 100–5000 milliseconds. The timeout value must be a multiple of 100. Default Configuration Ethernet interfaces do not have debounce enabled by default. Command Mode Interface (Ethernet) Configuration mode, Interface Range mode. User Guidelines The link bounce time configures a link bounce hysteresis on link loss of link. Loss of link signal starts a link bounce timer.
Example The following example disables the link debounce timer for interface gi1/0/1. switch# conf t console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#no link debounce time The following example sets the link debounce timer for interface gi1/0/1 to 500 ms. switch# conf t console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#link debounce time 500 rate-limit cpu Use the rate-limit cpu command to reduce the amount of unknown unicast/multicast packets forwarded to the CPU.
The rate limiting for unknown packets occurs on the internal CPU port and does not affect hardware based traffic routing/forwarding in any way. Typically, the switch examines the received packets in software to check if there is a forwarding entry, create a forwarding entry (e.g.
---------- ------------------- -------- -------- -------1129 osapiTimer 0.00% 0.00% 0.01% 1133 _interrupt_thread 0.09% 0.01% 0.00% 1137 bcmCNTR.0 0.24% 0.31% 0.31% 1142 bcmRX 23.00% 27.01% 18.01% 1147 ipMapForwardingTas 32.97% 37.11% 29.92% 1155 bcmLINK.0 0.34% 0.36% 0.36% 1156 cpuUtilMonitorTask 0.09% 0.05% 0.04% 1170 nim_t 0.09% 0.08% 0.07% 1208 dot1s_timer_task 0.00% 0.00% 0.01% 1222 snoopTask 0.00% 0.00% 0.01% 1291 RMONTask 0.00% 0.02% 0.03% 1293 boxs Req 0.00% 0.01% 0.
The link status field shows the hardware status followed by the keepalive status. The hardware status show “Up” when link is detected, “Down” when no link is detected, “Err-disable” when the port is error-disabled, and “Shut” when the port is administratively shut down. The keepalive status shows “None” when keepalives are disabled or the port is down, “Up” when keepalives are enabled and no loop is detected and “Down” when keepalives are enabled and a loop is detected.
Term Parameter Description Multicast Storm mcast-storm Multicast storm auto-recovery. SFP Mismatch sfp-mismatch SFP mismatch auto-recovery. SFP Plus Mismatch sfpplusmismatch SFP+ transceiver inserted in SFP port autorecovery. Spanning Tree spanning-tree Spanning-tree auto-recovery. UDLD udld UDLD auto-recovery. Unicast Storm ucast-storm Unicast storm auto-recovery. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Updated in version 6.
Transmit Percent Utilization : ................ Total Packets Received Without Errors.......... Unicast Packets Received....................... Multicast Packets Received..................... Broadcast Packets Received..................... Total Packets Received with MAC Errors......... Jabbers Received............................... Fragments/Undersize Received................... Alignment Errors............................... FCS Errors..................................... Overruns........................
Syntax show interfaces advertise [{gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The priority resolution field indicates the auto-negotiated link speed and duplex. The clock field indicates whether the local interface has autonegotiated to clock master or clock slave.
Port: Gi1/0/1 Type: Gigabit - Level Link State: Down Auto Negotiation: Enabled 802.
Field Description Description The port designated IEEE shorthand identifier. For example 1000Base-T refers to 1000 Mbps baseband signaling including both Tx and Rx transmissions. Duplex Displays the port Duplex status. Speed Refers to the port speed. Neg Describes the Auto-negotiation status. MTU The Maximum Transmission Unit. Admin State Displays whether the port is enabled or disabled.
• fortygigabitethernet—Shows the traffic for the specified 40-Gigabit Ethernet port. Default Configuration This command has no default configuration. Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following table describes the fields shown in the display: Field Description InOctets Counted received octets. InUcastPkts Counted received unicast packets. InMcastPkts Counted received multicast packets.
Field Description Excessive Collisions Counted frames for which transmission fails due to excessive collisions. Received packets dropped > MTU Count of received frames dropped due to frame length greater than the configured MTU. Transmitted oversized packets Count of frames transmission > 1518 octets. Internal MAC Rx Errors A count of frames for which reception fails due to an internal MAC sublayer receive error.
Counters Description FCS-Err Frame Check Sequence errors—FCS errors are the count of packets received which did not have a valid CRC. See RFC1271 etherStatsCRCAlignErrors for further information. This indicates a physical impairment. Possible causes include bad cables, not fully inserted cables, failed transceivers, or incompatible settings (peers do not have compatible settings).
Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Gi1/0/9 Gi1/0/10 Gi1/0/11 Gi1/0/12 Gi1/0/13 Gi1/0/14 Gi1/0/15 Gi1/0/16 Gi1/0/17 Gi1/0/18 Gi1/0/19 Gi1/0/20 0 0 0 0 0 0 0 0 0 0 11447 0 0 51119 0 0 0 0 0 0 0 0 0 0 0 0 0 0 6867 0 0 12196 0 0 0 0 0 0 0 0 0 0 0 0 0 0 4580 0 0 38917 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 Port OutTotalPkts OutUcastPkts OutMcastPkts OutBcastPkts --------- ---------------- ---------------- ---------------- --------------Gi1/0/1 0 0 0 0 Gi1/0/2 0 0 0 0 Gi1/0/3 0 0 0 0 Gi1/0/
Te1/0/13 40620964 40620547 FCS Errors: ................................... Single Collision Frames: ...................... Late Collisions: .............................. Excessive Collisions: ......................... Multiple Collisions: .......................... Received packets dropped > MTU: ............... Transmitted oversized packets: ................ Internal MAC Rx Errors: ....................... Received Pause Frames: ........................ Transmitted Pause Frames: .....................
Command History Introduced in version 6.2.0.1 firmware. Example The following example shows the output for representative interfaces. console#show interfaces debounce Interface Debounce Time (ms) Flaps --------- ------------------ ------Gi1/0/1 500 0 show interfaces description Use the show interfaces description command in User Exec mode to display the description for all configured interfaces.
Gi2/0/2 Port Description ----- ---------------------------------------------------------------------Po1 show interfaces detail Use the show interfaces detail command to display detailed status and configuration of the specified interface. Syntax show interfaces detail interface-id • interface-id—An Ethernet interface identifier or port channel identifier. Default Configuration This command has no default configuration.
VLAN Membership mode: Access Mode Operating parameters: PVID: 1 Ingress Filtering: Enabled Acceptable Frame Type: Admit All Default Priority: 0 GVRP status: Disabled Protected: Disabled Port Gi1/0/1 is member in: VLAN Name Egress rule Type ------------------------------------ -----------------1 default Untagged Default Static configuration: PVID: 1 Ingress Filtering: Enabled Acceptable Frame Type: Admit All Port Gi1/0/1 is statically configured to: VLAN Name Egress rule ------------------------------------
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Port channels are only displayed if configured. Use the show interfaces portchannel command to display configured and unconfigured port channels. Interfaces configured as stacking ports will show as detached in the output of the show interfaces status command. The link state indicates the physical connectivity state of the link.
Mode VLAN A – Access Native T – Trunk (Native),List D – Dot1q tunnel Outer P – Private VLAN Promiscuous (Primary), Secondary List H–Private VLAN Host (Primary), Secondary G– General (PVID), All the tagged and untagged VLANs. Example The following example displays the status for all configured interfaces.
show interfaces transceiver Use the show interfaces transceiver command to display the optic static parameters as well as the Dell EMC qualification. Syntax show interfaces transceiver [properties] • properties—Displays the static parameters for the optics. Default Configuration This command has no default configuration. Command Modes User Exec, Privileged Exec modes. User Guidelines This command only supports the display of 10G and 40G transceivers.
Te1/0/9 Te1/0/11 Te1/0/13 Te1/0/15 Te1/0/17 SFP+ SFP+ SFP SFP+ SFP+ 10GBASE-LRM 10GBASE-LRM 1GBASE-SX 10GBASE-SR 10GBASE-SR ANF0L5J ANF0L5R PCC1PT5 AD1125A002R AD0815E00PC Yes Yes N/A No No show interfaces trunk Use the show interfaces trunk command to display active trunk interface information. Syntax show interfaces trunk [interface-id] • interface-id—An Ethernet or port channel interface identifier. Default Configuration This command has no default configuration.
Command History Command introduced in version 6.5 firmware.
User Guidelines Statistics are only collected for Ethernet interfaces, port-channel interfaces, and the switch CPU interface. Command History Modified in version 6.5 firmware. Command output updated in version 6.6 firmware. Examples The following example shows statistics for port gi1/0/1. console#show statistics gi1/0/1 Total Frames Received (Octets)................ Frames Received 64 Octets..................... Frames Received 65-127 Octets................. Frames Received 128-255 Octets................
Frames Transmitted 128-255 Octets............. Frames Transmitted 256-511 Octets............. Frames Transmitted 512-1023 Octets............ Frames Transmitted 1024-1518 Octets........... Frames Transmitted > 1518 Octets.............. Max Frame Size................................ 0 0 0 0 0 1518 Total Frames Transmitted Successfully......... Unicast Frames Transmitted.................... Multicast Frames Transmitted.................. Broadcast Frames Transmitted.................. Jumbo Frames Transmitted.
show statistics switchport Use the show statistics command to display detailed statistics for a specific port or for the entire switch. Syntax show statistics {interface-id |switchport} • interface-id—The interface ID. See Interface Naming Conventions for interface representation. • switchport—Displays statistics for the entire switch. Default Configuration This command has no default configuration.
Multicast Packets Transmitted ifHCOutMulticastPkts Broadcast Packets Transmitted ifHCOutBroadcastPkts Transmit Packets Discarded ifOutDiscards Example The following example shows statistics for the CPU interface. console#show statistics switchport Total Packets Received (Octets)................ Packets Received Without Error................. Unicast Packets Received....................... Multicast Packets Received..................... Broadcast Packets Received.....................
show storm-control Use the show storm-control command to display the configuration of storm control. Syntax show storm-control [all | {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Disable Disable Disable Disable Disable Disable Disable 5 5 5 5 5 5 5 Disable Disable Disable Disable Disable Disable Disable 5 5 5 5 5 5 5 Disable Disable Disable Disable Disable Disable Disable 5 5 5 5 5 5 5 Enabled Enabled Enabled Enabled Enabled Enabled Enabled show storm-control action Use the show storm-control action command to display the storm control action configuration for one or all interfaces.
shutdown Use the shutdown command in Interface Configuration mode to disable an interface. To restart a disabled interface, use the no form of this command. Syntax shutdown no shutdown Default Configuration The interface is enabled. Command Mode Interface Configuration (Ethernet, Port-Channel, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Examples The following example disables Gigabit Ethernet port 1/0/5.
Syntax speed {10 | 100 | 1000 | 10000 | 25000 | 40000 | { auto [ 10 | 100 | 1000 | 2500 | 5000 | 10000 | 25000 | 40000 [10 | 100 | 1000 | 2500 | 5000 | 10000| 25000 | 40000] … } } no speed • auto—Enable the port for auto-negotiation. • 10—Enable the port for 10 Mbps operation. • 100—Enable the port for 100 Mbps operation. • 1000—Enable the port for 1 Gbps operation. • 2500—Enable the port for 2.5 Gbps operation. • 5000—Enable the port for 5 Gbps operation.
arbitrated by the auto-negotiation process. Auto-negotiation is required on 2.5G/5G/10G/40G copper ports and is always recommended for copper ports regardless of the speed setting. SFP+ ports utilizing a copper DAC cable are considered copper ports. Auto-negotiation is also required on 1000Base-X ports (including SFP fiber ports.) If using combinations of the 10, 100, 1000, 2500, 5000, 10000, 25000, or 40000 keywords with the auto keyword. the port only advertises the specified speeds.
Example The following example configures Gigabit Ethernet port 1/0/5 to advertise 100-Mbps operation only via auto-negotiation. console(config)#interface gigabitethernet 1/0/5 console(config-if)#speed auto 100 Command History The speed 10000 syntax was introduced in the 6.3.6 release. The 2500 and 5000 speeds were introduced in the 6.3.5 release. The description was updated in the 6.4 release. Syntax updated in firmware release 6.6.1.
User Guidelines When an interface is enabled for routing using the interface vlan command, the port will no longer be operationally enabled as a protected port on the interface. Likewise, making an interface a member of a LAG or a probe (monitor session or RSPAN destination) port operationally disables port protection. Example The following example configures Ethernet port 1/0/1 as a member of protected group 1.
Example The following example assigns the name “protected” to group 1. console(config)#switchport protected 1 name protected show switchport protected Use the show switchport protected command to display the status of all the interfaces, including protected and unprotected interfaces. Syntax show switchport protected groupid • groupid — Identifies which group the port is to be protected in. (Range: 0–2) Default Configuration This command has no default configuration.
Syntax show system mtu Default Configuration The default mtu size is 1518 bytes (1522 bytes for VLAN tagged frames). Command Modes Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no usage guidelines.
Default Configuration The default MTU size is 1518 bytes (1522 bytes for VLAN tagged frames). Command Modes Global Configuration mode User Guidelines Dell EMC Networking N-Series switches do not fragment received packets. The IPv4 and IPv6 MTU are set to the link MTU minus 18 bytes. IP packets forwarded in software are dropped if they exceed the IP MTU. Packets originated on the router, such as OSPF packets, may be fragmented by the IP stack.
Ethernet CFM Commands Dell EMC Networking N1500/N2200 Series Switches Connectivity Fault Management (CFM) is the OAM Protocol provision for end-to-end service layer OAM in carrier Ethernet networks. CFM provides mechanisms to support the operator in performing connectivity checks, fault detection, fault verification and isolation, and fault notification per service in the network domain of interest. Unlike Ethernet OAM defined in IEEE 802.
ethernet cfm mep active show ethernet cfm maintenance-points remote ethernet cfm mep archive-hold-time show ethernet cfm statistics ethernet cfm mip level – ethernet cfm domain Use the ethernet cfm domain command in Global Configuration mode to enter into Maintenance Domain Configuration mode for an existing domain. Use the optional level parameter to create a domain and enter into maintenance domain Configuration mode.
console(config-cfm-mdomain)# service Use the service command in Maintenance Domain Configuration mode to associate a VLAN with a maintenance domain. Use the no form of the command to remove the association. Syntax service service-name vlan vlan-id • service-name—Unique service identifier. • vlan-id—VLAN ID representing a service instance that is monitored by this maintenance association. The range is 1-4093. Default Configuration No VLANs are associated with a maintenance domain by default.
• vlan-id—VLAN ID representing a service instance that is monitored by this maintenance association. The range is 1-4093. • msecs—Time interval between successive transmissions for all MEPs in the Maintenance Association. The possible values are 3.3, 10, 100, 1000, 10000, 60000, and 600000 milliseconds. The default is 3.3millisecond. Default Configuration CCMs are not sent by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
Default Configuration No MEPs are preconfigured. Command Mode Interface Configuration mode User Guidelines This command has no user guidelines. Example The following example creates a maintenance endpoint at level 1 with mpid 1010 on vlan 10. console(config-if-Gi1/0/3)#ethernet cfm mep level 1 direction up mpid 1010 vlan 10 ethernet cfm mep enable Use the ethernet cfm mep enable command in Interface Configuration mode to enable a MEP at the specified level and direction.
Example The following example enables a maintenance endpoint at level 1 with mpid 1010 on vlan 10. console(config-if-Gi1/0/3)#ethernet cfm mep enable level 1 vlan 10 mpid 1010 ethernet cfm mep active Use the ethernet cfm mep active command in Interface Configuration mode to activate a MEP at the specified level and direction. Use the no form of the command to deactivate the MEP.
• hold-time—The time in seconds to maintain the data for a missing MEP before removing the data. The default value is 600 seconds. Default Configuration No MEPs are preconfigured. Command Mode Interface Configuration User Guidelines The hold time should generally be less than the CCM message interval. Example The following example sets the hold time for maintaining internal information regarding a missing MEP.
User Guidelines Refer to IEEE 802.1ag for an explanation of maintenance association levels. Typically, this value is assigned by the top level network service provider. Example console(config-if-Gi1/0/1)# ethernet cfm mip level 7 ping ethernet cfm Use the ping ethernet cfm command to generate a loopback message (LBM) from the configured MEP.
User Guidelines This command has no user guidelines. Example console #ping ethernet cfm mac 00:11:22:33:44:55 level 1 vlan 10 mpid 1 count 10 traceroute ethernet cfm Use the traceroute ethernet command to generate a link trace message (LTM) from the configured MEP.
User Guidelines This command has no user guidelines. Example console # traceroute ethernet cfm remote-mpid 32 level 7 vlan 11 mpid 12 show ethernet cfm errors Use the show ethernet cfm errors command to display the cfm errors. Syntax show ethernet cfm errors {domain domain-id | level 0-7} • level—Maintenance association level • domain—Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). Default Configuration This command has no default configuration.
• DevXconCCM—The MEP has received at least one CCM from either another MAID or a lower MD level whose CCM interval has not yet timed out.
show ethernet cfm maintenance-points local Use the show ethernet cfm maintenance-points local command to display the configured local maintenance points. Syntax show ethernet cfm maintenance-points local {level 0-7 | interface interfaceid | domain domain-name} • level—Maintenance association level • domain—Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). • interface-id—Show all MPs associated with the interface.
• MEP-Active—The MEP administrative status • Operational Status—The MEP operational status • MAC—The MAC address associated with the MEP.
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines Refer to IEEE 802.1ag for an explanation of the maintenance association level and MEP ID. Typically, these are assigned by the top level network service provider.
Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines Refer to IEEE 802.1ag for an explanation of the maintenance association level. Typically, maintenance levels are assigned by the top level network service provider.
Statistics for 'Domain: domain1, Level: 1, Vlan: 11, MEP Id: 2' -----------------------------------------------------------------Out-of-sequence CCM's received : 0 CCM's transmitted : 1 In-order Loopback Replies received : 5 Out-of-order Loopback Replies received: 5 Bad MSDU Loopback Replies received : 0 Loopback Replies transmitted : 0 Unexpected LTR's received : 0 -----------------------------------------------------------------Statistics for 'Domain: domain1, Level: 1, Vlan: 11, MEP Id: 3' --------------
Ethernet Ring Protection Commands Dell EMC Networking N1500/N2200 Series Switches only The Ethernet Ring Protection (ITU-T G.8032/Y.1344 (08/15) feature is a highly reliable and stable protection switching mechanism and a protocol for Ethernet layer network rings. Ethernet rings allow a wide-range of multipoint connectivity that is highly economic due to their reduced number of links. ethernet ring g8032 profile This command creates Ethernet ring profile and enters Ethernet ring profile configuration mode.
Ethernet Ring Protection does not support Non-Stop Forwarding. A stack failover is destructive to the ring, even when configured on stack units that are not rebooted during the stack failover. Fault detection depends on the configured CCM transmission period. The N3000 and N2000 switches support software-based CCM messaging only. All other switches support hardware-based CCM messaging. Fault detection on the N2000/N3000 series switches is on the order of seconds.
will be reported to protection switching. Range: 0 to 10000 ms in increments of 100 ms, for example, a value of 500 implies 500 milliseconds. • wait-to-restore timer—When a fault condition is cleared, the traffic channel reverts after the expiry of a WTR timer (if no fault condition is present). This timer is used to avoid toggling protection states in case of intermittent defects. Range: 1 to 12 minutes.
no non-revertive Default Configuration The default operational mode is revertive. Command Mode Ethernet Ring Profile Configuration mode User Guidelines Two operational modes are supported: revertive and non-revertive. In revertive mode, when all failures in the link are removed, traffic is restored to the working transport entity and the Ring Protection Link (RPL) is blocked. In non-revertive mode, the RPL continues to be used for traffic, even after all switch conditions have been resolved.
• ring-name—The name of an Ethernet ring to be configured (up to 32 characters) Default Configuration By default, no Ethernet rings are defined. Command Mode Global Configuration mode User Guidelines Map an Ethernet ring profile to an Ethernet ring using the profile command in Ethernet Ring Configuration mode. Configure the East/West links using the Port0/Port1 commands respectively. Set the ring scope using the ring-scope command.
no port0 interface • interface-id—A physical (Ethernet) interface identifier. Default Configuration By default, there is no port0 configuration. Command Mode Ethernet Ring Configuration mode User Guidelines This command enables an Ethernet link to participate in Ethernet ring protection. In the ITU-T G.8032 standard, port0 and port1 are referred to as East and West ring links, respectively. The port0 interface should be an interface connected to a G.8032 ring. This command enables the G.
• none—Configure the West interface as a local endpoint for an open ring. Default Configuration No port1 configuration is present by default. Command Mode Ethernet Ring Configuration mode User Guidelines This command enables an Ethernet link to participate in Ethernet ring protection. In the ITU-T G.8032 standard, port0 and port1 are referred to as East and West ring links, respectively. Use the none parameter to configure West protection in a sub-ring as the endpoint of an open ring.
Default Configuration Rings are closed by default. Command Mode Ethernet Ring Configuration mode User Guidelines This command configures the Ethernet ring as sub-ring. In a sub-ring, only one ring port may be configured per node. This command must be configured on every ring node in the sub-ring, not just on the interconnected nodes of the ring. Example This example configures an open ring node for interface Te1/0/1.
Command Mode Ethernet Ring Configuration mode User Guidelines Each ring node can participate in eight physical rings and each ring can have up to two Ethernet Ring Protection (ERP) instances. The total number of instances supported on a ring node are two. Each ERP instance is uniquely identified by the combination of instance ID and R-APS VLAN ID. All the ring nodes that are part of a logical ring should have the same instance ID and R-APS VLAN ID.
• profile-name—The name of an existing Ethernet ring protection profile. The maximum length of a profile name is 32 characters. Default Configuration There are no associated profiles by default. Command Mode Ethernet Ring Instance Configuration mode User Guidelines This command associates the Ethernet ring protection properties from the named profile with the Ethernet Ring instance. This command is optional.
Syntax rpl {port0 | port1} {owner | neighbor} no rpl • port0—Configure the East port as owner or neighbor. • port1—Configure the West port as RPL owner or neighbor. • neighbor—Assign port0 or port1 and the RPL owner. • owner—Assign port0 or port1 as the RPL owner. Default Configuration There are no associated RPLs by default. Command Mode Ethernet Ring Instance Configuration mode User Guidelines This command configures the Ethernet Ring Protection Link (RPL) and role.
console console console console (config-erp-ring1)#port0 interface te1/0/1 (config-erp-ring1)#port1 interface te1/0/2 (config-erp-ring1)#instance 1 (config-erp-inst-1)#rpl port1 owner On the adjacent switch: console console console console console console (config)# ethernet ring g8032 ring1 (config-erp-ring1)#timer hold-off 500 (config-erp-ring1)#port0 interface te1/0/1 (config-erp-ring1)#port1 interface te1/0/2 (config-erp-ring1)#instance 1 (config-erp-inst-1)#rpl port0 neighbor Command History Command
User Guidelines This command configures the list of VLANs that are protected by the ERP instance. Only VLANs that are participating in both the ring ports of an instance are monitored by the ERP instance. A VLAN may only be configured for one instance. Configuring a VLAN in more than one ERP instance causes undefined behavior. Example This example configures a closed ring node for interface Te1/0/1 and Te1/0/2 using data VLANs 101-103. It assumes that VLANs 100-103 are already created.
ethernet tcn-propagation Use the ethernet tcn-propagation command to enable topology change notification from a sub-ring to the major ring. Use the no form of the command to disable TCN propagation. Syntax ethernet tcn-propagation g8032 to g8032 Default Configuration TCN propagation is disabled by default. Command Mode Interface (Ethernet) Configuration mode User Guidelines This command enables topology change propagation from sub-ring to a major ring.
console (config-if-Te1/0/2)#ethernet tcn-propagation g8032 to g8032 Command History Command introduced in firmware release 6.6.1. aps-channel Use the aps-channel command to enter into Ethernet Ring Protection APSchannel Configuration mode. Use the exit command to exit the APSChannel Configuration mode. Syntax aps-channel Default Configuration This command has no default configuration.
console console console console console console console console console console console console console console (config)#interface te1/0/1 (config-if-Te1/0/1)#switchport mode trunk (config-if-Te1/0/1)#interface Te1/0/2 (config-if-Te1/0/2)#switchport mode trunk (config-if-Te1/0/2)#exit (config)# ethernet ring g8032 ring1 (config-erp-ring1)#port0 interface te1/0/1 (config-erp-ring1)#port1 interface te1/0/2 (config-erp-ring1)#instance 1 (config-erp-inst-1)#rpl port1 owner (config-erp-inst-1)#inclusion-list vl
User Guidelines It is necessary to configure an Ethernet Maintenance CFM domain and associated MEPs between the links to be protected. Connectivity Fault Management CCMs must be configured to operate at the specified maintenance level to achieve protection switching from causes other than an interface down event. Example This example configures a closed ring node for interface Te1/0/1 and Te1/0/2 using data VLANs 101-103. It assumes that VLANs 100-103 are already created.
raps-vlan Use the raps-vlan command to associate the VLAN to be used for R-APS messages for the ERP instance. Use the no form of the command to disassociate the ERP instance from the VLAN. Syntax raps-vlan vlan-id no raps-vlan vlan-id • vlan-id—The ID of an existing VLAN. Default Configuration This command has no default configuration. Command Mode Ethernet Ring Instance APS Configuration mode User Guidelines It is strongly recommended that no other traffic be configured to use the APS VLAN.
console console console console console console console console console (config)# ethernet ring g8032 ring1 (config-erp-ring1)#port0 interface te1/0/1 (config-erp-ring1)#port1 interface te1/0/2 (config-erp-ring1)#instance 1 (config-erp-inst-1)#rpl port1 owner (config-erp-inst-1)#inclusion-list vlan-ids 101-103 (config-erp-inst-1)#aps-channel (config-erp-inst-1-aps)#level 7 (config-erp-inst-1-aps)#raps-vlan 100 Command History Command introduced in firmware release 6.6.1.
• Clear—The Clear command: a Clears an active local administrative command (for example, forced switch or manual switch). b Triggers reversion before the Wait-to-Restore (WTR) or Wait-toBlock (WTB) timer expires in case of revertive operation. c Triggers reversion in case of a non-revertive operation. • Forced switch—This action command attempts to forcefully cause a ring protection switch by applying a block on the ring port on the local switch.
Command Mode Privileged Exec mode, Global Configuration mode, and all Configuration submodes User Guidelines The following information is shown: Table 3-3.
Inclusion-list VLAN IDs………1500-1799 APS channel Level……………………………5 RAPS-VLAN……………………20 Oper State………………………TRUE console#show ethernet ring g8032 configuration Ethernet ring……………………ring1 Port0……………………………0/1 Port1……………………………0/2 Open-ring: no Instance ………………………..1 Profile…………………………..profile1 RPL…………………………….port0 RPL Owner Inclusion-list VLAN IDs………1000-1299 APS channel Level……………………………6 RAPS-VLAN…………………..10 OperState………………………TRUE Instance………………………..2 Profile………………………….erp RPL…………………………….
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode, and all Configuration submodes User Guidelines The following fields are displayed: Table 3-4. show ethernet ring g8032 brief command output Field Description RingName Ethernet ring name Instance Instance Identifier Node Type Ring node role (Owner, Neighbor, or None) Node State State of the ring node (Init, Idle, Protection, Pending, ForcedSwitch, and ManualSwitch).
show ethernet ring g8032 status Use the show ethernet ring g8032 status command to show the status of Ethernet ring protection. Syntax show ethernet ring g8032 status [ring-name] [ instance [instance-id]] • ring-name—The Ethernet ring name. • instance-id—The Ethernet ring instance. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode, and all Configuration submodes User Guidelines The following fields are displayed: Table 3-5.
Table 3-5. show ethernet ring g8032 status command output Field Description R-APS Level Level that is used in R-APS messages. Profile Profile that is mapped for the instance. If the profile is not configured, the command output displays Not Configured. Also displays the default values for timers and revertive mode. Example console#show ethernet ring g8032 status ring1 instance 1 Ethernet ring………………………..ring1 Instance……………………………1 Node Type …………………… ….
Remote R-APS…………………….NodeId 00:0a:f7:94:e4:0a, BPR: 0 R-APS Level………………………6 Profile………………………………profile1 WTR interval…………………….. 1 minutes Guard interval……………………..2000 milliseconds HoldOffTimer…………………….0 seconds Revertive mode…………………..Enabled Command History Command introduced in firmware release 6.6.1. show ethernet ring g8032 port status Use the show ethernet ring g8032 port status command to show the status of Ethernet ring protection for the selected interface.
Table 3-6. show ethernet ring g8032 port status command output Field Description Protected VLAN list A list of the protected VLANs. State State of the ring node (Init, Idle, Protection, Pending, ForcedSwitch, and ManualSwitch). Example console#show ethernet ring g8032 port status interface gigabitethernet 1/0/10 Port0.......................................... Ethernet Ring.................................. Instance....................................... Protected VLAN list..........................
Table 3-7. show ethernet ring g8032 profile command output Field Description Profile name The name of the profile. WTR interval When all faults are cleared, the period to wait before restoring the original traffic channel. Guard interval The period to wait before invoking a protection switch. Holdoff interval The period to wait before reporting a defect to protection switching. Revertive mode If enabled, revert to the original traffic channel when all faults are cleared.
console#show ethernet ring g8032 profile p1 Ethernet ring profile name..................... WTR interval................................. Guard interval............................... Holdoff interval............................. Revertive mode............................... p1 8 minutes 30 milliseconds 0 milliseconds Disabled Command History Command introduced in firmware release 6.6.1.
• FS—force switch • MS—manual switch • SF—R-APS signal fail Example console#show ethernet ring g8032 statistics Statistics for Ethernet ring r1 instance 1 FOP PM detected: 0 FOP TO detected: 1 R-APS Message Type Port0(Tx/Rx) Port1(Tx/Rx) ---------------------- --------------- --------------NR 566/770 546/766 NR,RB 0/0 0/0 FS 0/0 0/0 MS 0/0 0/0 SF 29/28 9/9 console# console#show ethernet ring g8032 statistics r1 instance 1 Statistics for Ethernet ring r1 instance 1 FOP PM detected: 0 FOP TO detected: 1
Syntax show ethernet ring g8032 summary Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode, and all Configuration submodes User Guidelines The following fields are displayed: Table 3-8. show ethernet ring g8032 summary command output Field Description NodeID The MAC address of the RPL owner node. Init The number of times the node entered the Init state. Idle The number of times the node entered the Idle state.
Manual Switch Forced Switch Pending 0 0 1 Command History Command introduced in firmware release 6.6.1.
Green Ethernet Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Dell EMC Networking switches support various Green Ethernet modes, i.e., power saving modes, namely: • Energy-Detect Mode • Energy Efficient Ethernet These modes can enable significant operational cost reductions through direct power savings and reducing cooling costs. Green mode commands are only valid for copper Ethernet interfaces.
green-mode energy-detect This command enables a Dell EMC proprietary mode of power reduction on ports that are not connected to another interface. Use the no form of the command to disable energy-detect mode on the interface(s). Syntax green-mode energy-detect no green-mode energy-detect Default Configuration On N1100-ON, N1500, N2000, N2100-ON, N3000-ON, and N3100-ON switches, energy-detect is enabled by default on the 1G copper interfaces.
green-mode eee Use the green-mode eee command mode to enable EEE low power idle mode on an interface. Use the no form of the command to disable the feature. Syntax green-mode eee no green-mode eee Default Configuration EEE is enabled by default on capable interfaces. Command Mode Interface Configuration User Guidelines The command enables both send and receive sides of a link to disable some functionality for power savings when lightly loaded.
Use the no form of the command to return the configuration to the default. Syntax green-mode eee tx-idle-time <600-4294967295> green-mode eee tx-wake-time <0-65535> no green-mode eee {tx-idle-time|tx-wake-time} Default Configuration By default, the transmit idle time is 600 micro-seconds and the transmit wake time is 8 micro-seconds.
• The EEE LPI history table entries • The Cumulative Power savings estimates for a specified interface or for all the interfaces based upon the argument. Syntax clear green-mode statistics {interface-id | all} • interface-id—An Ethernet interface identifier. See Interface Naming Conventions for interface representation. • all—All Ethernet interfaces. Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines This command has no user guidelines.
Command Mode Global Configuration User Guidelines This value is applied globally on all interfaces on the stack. LPI history is only collected on combo ports when the copper port is enabled. Use the no form of the command to set the sampling interval or max-samples values to the default. Examples Use the command below to set the EEE LPI History sampling interval to the default.
User Guidelines This command is also used to display the per port configuration and operational status of the green-mode. The status is shown only for the modes supported on the corresponding hardware platform whether enabled or disabled. This command output provides the following information. Term Description Energy Detect Energy-detect admin mode Energy-detect mode is enabled or disabled. Energy-detect operational status Energy detect mode is currently active or inactive.
Term Description Rx Low Power Idle Duration (μSec) This field indicates duration of Tx LPI state in 10us increments. Shows the total duration of Tx LPI since the EEE counters are last cleared. Tw_sys_tx (μSec) Integer that indicates the value of Tw_sys that the local system can support. This value is updated by the EEE DLL Transmitter state diagram. This variable maps into the aLldpXdot3LocTxTwSys attribute.
Term Description Remote Fallback Tw_sys (μSec) Integer that indicates the value of fallback Tw_sys that the remote system is advertising.This attribute maps to the variable RemFbSystemValue as defined in 78.4.2.3. Tx_dll_enabled Initialization status of the EEE transmit Data Link Layer management function on the local system. Tx_dll_ready Data Link Layer ready: This variable indicates that the tx system initialization is complete and is ready to update/receive LLDPDU containing EEE TLV.
Remote Tw_sys_tx Echo(usec).......21 Remote Tw_sys_rx (usec)...........21 Remote Tw_sys_tx Echo(usec).......21 Remote fallback Tw_sys (usec).....21 Tx DLL enabled....................Yes Tx DLL ready......................Yes Rx DLL enabled....................Yes Rx DLL ready......................Yes Cumulative Energy Saving (W * H)..2.37 Time Since Counters Last Cleared..1 day 20 hr 47 min 34 sec show green-mode Use the show green-mode command to display the green-mode configuration for the whole system.
Term Description EEE EEE Config EEE Admin Mode is enabled or disabled. Example console#show green-mode Current Power Consumption (mW)................. 11545 Power Saving /Stack (%)........................ 3 Cumulative Energy Saving /Stack (W * H)........
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines On combo ports, samples are only collected on the copper ports when enabled. The following fields are displayed by this command. Term Description Sampling Interval Interval at which EEE LPI statistics is collected. Total No. of Samples to Keep Maximum number of samples to keep.
------ -------------------3 00:00:00:09 2 00:00:00:40 1 00:00:01:11 -------------3 4 3 -------------3 7 10 Layer 2 Switching Commands 503
GMRP Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches The GARP Multicast Registration Protocol (GMRP) provides a mechanism that allows networking devices to dynamically register (and deregister) Group membership information with the MAC networking devices attached to the same segment, and for that information to be disseminated across all networking devices in the bridged LAN that support Extended Filtering Services.
This ensures that the networking device receives multicast frames from all ports but forwards them through only those ports for which GMRP has created Group registration entry (for that multicast address). Registration entries created by GMRP ensures that frames are not transmitted on LAN segments which neither have registered GMRP participants nor are in the path through the active topology between the sources of the frames and the registered group members.
console(config)#gmrp enable clear gmrp statistics Use the clear gmrp statistics command to clear all the GMRO statistics information. Syntax clear gmrp statistics [{gigabitethernet unit/slot/port | port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
GVRP Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches GARP VLAN Registration Protocol (GVRP) is used to propagate VLAN membership information throughout the network. GVRP is based on the Generic Attribute Registration Protocol (GARP), which defines a method of propagating a defined attribute (that is, VLAN membership) throughout the network.
• interface-id—An Ethernet interface identifier or a port channel identifier Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example clears all the GVRP statistics information on interface Gi1/0/8.
Default Configuration The default timer values are as follows: • Join timer — 20 centiseconds • Leave timer — 60 centiseconds • Leaveall timer — 1000 centiseconds Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command is available in Ethernet interface configuration mode and port channel interface configuration mode.
no gvrp enable Default Configuration GVRP is globally disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example globally enables GVRP on the device. console(config)#gvrp enable gvrp enable (Interface Configuration) Use the gvrp enable command in Interface Configuration mode to enable GVRP on an interface. To disable GVRP on an interface, use the no form of this command.
User Guidelines This command is available in Ethernet interface configuration mode and port channel interface configuration mode. An Access port cannot join dynamically to a VLAN because it is always a member of only one VLAN. Membership in untagged VLAN would be propagated in a same way as a tagged VLAN. In such cases it is the administrator’s responsibility to set the PVID to be the untagged VLAN VID. Example The following example enables GVRP on Gigabit Ethernet 1/0/8.
Example The following example shows how default dynamic registering and deregistering is forbidden for each VLAN on port 1/0/8. console(config)#interface gigabitethernet 1/0/8 console(config-if-Gi1/0/8)#gvrp registration-forbid gvrp vlan-creation-forbid Use the gvrp vlan-creation-forbid command in Interface Configuration mode to disable dynamic VLAN creation. To enable dynamic VLAN creation, use the no form of this command.
show gvrp configuration Use the show gvrp configuration command to display GVRP configuration information. Timer values are displayed. Other data shows whether GVRP is enabled and which ports are running GVRP. Syntax show gvrp configuration [ interface-id ] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command is valid for Ethernet and port-channel interfaces.
Gi1/0/11 Gi1/0/12 Gi1/0/13 Gi1/0/14 20 20 20 20 60 60 60 60 1000 1000 1000 1000 Disabled Disabled Disabled Disabled show gvrp error-statistics Use the show gvrp error-statistics command in User Exec mode to display GVRP error statistics. Syntax show gvrp error-statistics [interface-id] • interface-id—An Ethernet interface identifier or a port channel interface identifier. Default Configuration This command has no default configuration.
Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 show gvrp statistics Use the show gvrp statistics command in User Exec mode to display GVRP statistics. Syntax show gvrp statistics [interface-id] • interface-id —An Ethernet interface identifier or a port channel interface identifier. Default Configuration This command has no default configuration.
Port rJE -----Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 rJIn rEmp ---- ---0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 rLIn rLE rLA sJE sJIn ---- ----- --- --0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 sEmp --0 0 0 0 0 0 0 0 sLIn ---0 0 0 0 0 0 0 0 sLE sLA ---- --0 0 0 0 0 0 0 0 Layer 2 Switching Commands 0 0 0 0 0 0 0 0 517
IGMP Snooping Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Snooping of Internet Group Management Protocol (IGMP) messages is a feature that allows Dell EMC Networking switches to forward multicast traffic intelligently on the switch. Multicast traffic is traffic that is destined to a host group. Host groups are identified by the destination MAC address, i.e.
and thus not detectable by the switch. If a query is not received on an interface within a specified length of time (multicast router present expiration time), that interface is removed from the list of interfaces with multicast routers attached. The multicast router present expiration time is configurable using management. The default value for the multicast router expiration time is zero, which indicates an infinite time-out (that is, no expiration).
Default Configuration IGMP snooping is enabled globally and on all VLANs by default. Command Mode Global Configuration mode User Guidelines Use this command without parameters to globally enable IGMP snooping. Use the no form of the command to disable IGMP snooping. Use the vlan parameter to enable IGMP snooping on a specific VLAN. GMRP is incompatible with IGMP snooping and should be disabled on any VLANs on which IGMP snooping is enabled.
show ip igmp snooping Use the show ip igmp snooping command to display the IGMP snooping configuration and SSM statistics. Syntax show ip igmp snooping [vlan vlan-id] • vlan-id—Specifies a VLAN ID value. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console(config)#show ip igmp snooping Admin Mode..............................
show ip igmp snooping groups Use the show ip igmp snooping groups command in User Exec mode to display the multicast groups learned by IGMP snooping and IGMP SSM entries. Syntax show ip igmp snooping groups [vlan vlan-id] [address ip-multicast-address] • vlan-id — Specifies a VLAN ID value. • ip-multicast-address — Specifies an IP multicast address. Default Configuration This command has no default configuration.
1 224.3.3.3 192.168.10.2 include Te1/0/1 4.4.4.4 VLAN Group Reporter Filter IIF Source Address ---- --------------------- ----------------- ------- ---------- ----------1 224.2.2.2 192.168.10.2 include Te1/0/1 1.1.1.2 console(config)#show ip igmp snooping Admin Mode..................................... IGMP Router-Alert check........................ Multicast Control Frame Count.................. SSM FDB Capacity............................... SSM FDB High Water Mark........................
User Guidelines This command has no user guidelines. Example The following example shows IGMP snooping mrouter information. console#show ip igmp snooping mrouter VLAN ID Port ----------------10 Gi2/0/1 ip igmp snooping vlan immediate-leave This command enables or disables IGMP Snooping immediate-leave mode on a selected VLAN. Syntax ip igmp snooping vlan vlan-id immediate-leave no ip igmp snooping vlan vlan-id immediate-leave • vlan id — A VLAN identifier (range 1-4093).
port, but were still interested in receiving multicast traffic directed to that group. Also, immediate-leave processing is supported only with IGMP version 2 hosts. Example The following example enables IGMP snooping immediate-leave mode on VLAN 2. console(config)#ip igmp snooping vlan 2 immediate-leave ip igmp snooping vlan groupmembership-interval This command sets the IGMP Group Membership Interval time on a VLAN.
Example The following example configures an IGMP snooping group membership interval of 1500 seconds on VLAN 2. console(config)#ip igmp snooping vlan 2 groupmembership-interval 1500 ip igmp snooping vlan last-member-queryinterval This command sets the last-member-query interval on a particular VLAN. Syntax ip igmp snooping vlan vlan-id last-member-query-interval time no ip igmp snooping vlan vlan-id last-member-query-interval • vlan-id — A VLAN identifier (Range 1-4093).
ip igmp snooping vlan mcrtrexpiretime This command sets the multicast router present expiration time. The time is set on a particular VLAN. This is the amount of time in seconds that a switch waits for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached. The range is 1– 2147483647 seconds. A value of 0 indicates an infinite time-out (no expiration).
ip igmp snooping report-suppression This command enables IGMP report suppression on a specific VLAN. The no form of this command disables report suppression. Syntax ip igmp snooping vlan vlan-id report-suppression no ip igmp snooping vlan vlan-id report-suppression • vlan-id — A VLAN identifier (Range 1-4093). Default Configuration Report suppression is enabled by default.
Default Configuration Unregistered multicast traffic is only flooded to router ports by default. If no mrouter ports are configured, or IGMP snooping cannot identify a multicast router, then unregistered multicast is flooded to all ports in the VLAN. Command Mode Global Configuration mode. User Guidelines There is no equivalent MLD command since this setting applies to both protocols.
User Guidelines It is preferable to configure mrouter ports for IGMP snooping as opposed to configuring a static MAC address entry for the router. A static MAC address entry is tied to a specific port whereas an mrouter configuration will dynamically learn the MAC address of the router. Multiple mrouter ports may be configured for a VLAN. IGMP snooping will consider that an mrouter is active if an mrouter port is defined in the VLAN, regardless of whether the mrouter port is up or not.
IGMP Snooping Querier Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches The IGMP Snooping Querier is an extension to the IGMP Snooping feature. IGMP Snooping Querier allows the switch to simulate an IGMP router in a Layer 2-only network, thus removing the need to have an IGMP Router to collect and refresh the multicast group membership information. The querier function simulates a small subset of the IGMP router functionality.
Syntax ip igmp snooping querier [vlan vlan-id] [address ip-address] no ip igmp snooping querier [vlan vlan-id][address] • vlan-id — A valid VLAN number. • ip-address — An IPv4 address used for the source address. Default Configuration The IGMP Snooping Querier feature is globally disabled on the switch. When enabled, the IGMP Snooping Querier stops sending queries if it detects IGMP queries from a multicast-enabled router.
The VLAN IP address takes precedence over the global IP address when both are configured. IGMP Querier does not detect when the local switch is configured as a multicast router. It is not recommended to configure both L3 multicast routing and IGMP Querier on the same switch. IGMP snooping (and IGMP querier) validates IGMP packets. As part of the validation, IGMP checks for the router alert option.
User Guidelines When election mode is enabled, if the Snooping Querier finds that the other Querier source address is numerically higher than the Snooping Querier address, it stops sending periodic queries. The Snooping Querier with the numerically lower IP address wins the election, and continues sending periodic queries.
User Guidelines The value of this parameter should be larger than the IGMP Max Response Time value inserted into general query messages by the querier. The default IGMP Max Response Time is defined in RFC 3376 as 10 seconds. Dell EMC Networking queriers use this value when sending general query messages. Use the show ip igmp snooping querier vlan command to display the operational max response time value.
Example The following example sets the querier timer expiry time to 100 seconds. console(config)#ip igmp snooping querier timer expiry 100 ip igmp snooping querier version This command sets the IGMP version of the query that the snooping switch is going to send periodically. The no form of this command sets the IGMP Querier Version to its default value. Syntax ip igmp snooping querier version version no ip igmp snooping querier version • version — IGMP version.
Syntax show ip igmp snooping querier [detail | vlan vlan-id] • vlan-id —Specifies a VLAN ID value. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all submodes User Guidelines When the optional argument vlan-id is not used, the command shows the following information. Parameter Description IGMP Snooping Querier Indicates whether or not IGMP Snooping Querier is active on the switch.
Parameter Description Operational State Indicates whether IGMP Snooping Querier is in the Querier or Non-Querier state. When the switch is in Querier state it sends out periodic general queries. When in Non-Querier state it waits for moving to Querier state and does not send out any queries. VLAN Operational Indicates the time to wait before removing a Leave from a host Max Response Time upon receiving a Leave request. This value is calculated dynamically from the Queries received from the network.
Operational State.............................. Querier Operational version............................
Interface Error Disable and Auto Recovery Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Interface error disable automatically disables an interface when an error is detected; no traffic is allowed until the interface is either manually re-enabled or, if auto recovery is configured, the configured auto recovery time interval has passed.
• All — Recovery for all possible causes is enabled. • authmgr— Authentication Manager auto-recovery. • bpduguard — BPDU Guard auto-recovery. • bcast-storm — Broadcast storm auto-recovery. • bpdustorm — BPDU Storm auto-recovery. • denial-of-service — Denial of Service auto-recovery. • link-flap — Link flap recovery. • loop-protect — Loop Protection auto-recovery. • port-security — Port security MAC locking auto-recovery. • mcast-storm — Multicast Storm auto-recovery.
the interface continues to encounter errors (from any listed cause), it may be placed back in the diag-disable state and the interface will be disabled (link down). Interfaces in the disabled state due to a listed cause may be manually recovered by entering the no shutdown command for the interface. Interfaces in the disabled state may be manually shut down. These interfaces will not be recovered. Auto-recovery applies to Ethernet interfaces and link aggregation groups.
User Guidelines Error disabled interfaces indicate that a problem that must be resolved by the administrator. This could be a configuration problem or a physical problem and does not necessarily indicate a problem with the switch. When the interval expires, the system examines the error disabled interfaces and recovers them if recovery for the indicated cause is enabled. Only a single timer is used and recovery occurs when the timer expires, not when the interface time expires.
User Guidelines Error disabled interfaces indicate that a problem that must be resolved by the administrator. This could be a configuration problem or a physical problem and does not necessarily indicate a problem with the switch. When the interval expires, the system examines the error disabled interfaces and recovers them if recovery for the indicated cause is enabled. Only a single timer is used and recovery occurs when the timer expires, not when the interface time expires.
Term Parameter Description UDLD udld UDLD auto-recovery. Unicast Storm ucast-storm Unicast storm auto-recovery. Denial of Service denial-ofservice Denial of Service auto-recovery. Time Interval time interval Time interval for auto-recovery in seconds. Command History Implemented in version 6.3.0.1 firmware. Modified in version 6.5 firmware.
Default Configuration No recovery causes are enabled by default. Command Mode EXEC mode, Privileged Exec mode, and all submodes. User Guidelines Error disabled interfaces indicate that a problem that must be resolved by the administrator. This could be a configuration problem or a physical problem and does not necessarily indicate a problem with the switch. When the interval expires, the system examines the error disabled interfaces and recovers them if recovery for the indicated cause is enabled.
Term Parameter Description Port MAC Locking port-security Port security MAC locking auto-recovery. Multicast Storm mcast-storm Multicast storm auto-recovery. SFP Mismatch sfp-mismatch SFP mismatch auto-recovery. SFP Plus Mismatch sfpplusmismatch SFP Plus mismatch auto-recovery. Spanning Tree spanning-tree Spanning-tree auto-recovery. UDLD udld UDLD auto-recovery. Unicast Storm ucast-storm Unicast storm auto-recovery. Command History Implemented in version 6.3.0.1 firmware.
IP Device Tracking Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches ip device tracking Use the ip device tracking command to enable device tracking for IPv4 hosts. Syntax ip device tracking no ip device tracking Default Configuration IP device tracking is disabled by default. Command Mode Global Configuration mode User Guidelines IP device tracking (IPDT) maintains a table of attached IPv4 host addresses.
IPDT does not send ARP probes for entries already present in the ARP table until they age out and ARP packets are exchanged. When IPDT is enabled for the first time, it may take up to 20 minutes (or the configured ARP timeout) for the IPDT table to populate. IPDT is supported for physical (Ethernet) interfaces and for port-channels. IPDT configuration for Ethernet interfaces is ignored for interfaces which are part of a port-channel. Configure IPDT on the port-channel instead.
• DHCP snooping issued a new address binding. • Device entries detected by DHCP snooping are added into the IPDT table even though the interface is in INACTIVE state. This can happen when the interface is in the process of authorization. Entries in the table are deleted on the following operations/events: • ARP snooping detected a new device. • DHCP snooping issued a new address binding.
The Authentication Manager utilizes the IP/MAC device entries in the IPDT table to populate the source IP address in Dynamic Access Control Lists while authenticating clients. In this case, DHCP snooping must be enabled and properly configured by the administrator. DHCP snooping is able to snoop DHCP packets on 802.1X unauthenticated ports configured in 802.1X auto mode. The administrator can configure the maximum number of host entries that can be added to the tracking table per interface.
Command Mode Global Configuration mode User Guidelines Invoking the no form of the command (no ip device tracking probe) causes all the ACTIVE state entries in the IPDT table to remain in the ACTIVE state until the port moves to non-forwarding state or lease of those entries are removed. Command History Command introduced in version 6.6.0 firmware. Example This example globally disables sending of ARP probes. IPDT will use DHCP snooping information if DHCP snooping is enabled.
User Guidelines Systems with a large number of ports should consider the use of a larger probe interval. Command History Command introduced in version 6.6.0 firmware. Example This example globally enables IPDT and sets the probe interval to 1 minute.
Command History Command introduced in version 6.6.0 firmware. Example This example globally enables IPDT and sets the missed probe count to 6. console(config)#ip device tracking console(config)#ip device tracking probe count 6 ip device tracking probe delay Use the ip device tracking probe delay command to configure the time to wait after a link up event before sending an ARP probe. Use the no form of the command to set the missed count to the default.
Command History Command introduced in version 6.6.0 firmware. Example This example globally enables IPDT and sets the transition delay to 10 seconds. console(config)#ip device tracking console(config)#ip device tracking probe delay 10 ip device tracking probe auto-source fallback Use the ip device tracking probe auto-source fallback command to configure the source IP address sent in ARP probes. Use the no form of the command to use the default IP address in ARP probes.
Command History Command introduced in version 6.6.0 firmware. Example This example globally enables IPDT and sets the source IP address in the ARP packet destined to 10.5.5.20 to 10.5.5.1. console(config)#ip device tracking console(config)#ip device tracking probe auto-source fallback 0.0.0.1 255.255.255.0 override ip device tracking maximum Use the ip device tracking maximum command to configure the maximum number of IPDT table entries per interface.
Administrators should set the maximum entries to 0 on ports which do not need to be tracked (inter-switch links, uplinks, …) to reduce CPU load and avoid overflowing the IPDT table. Command History Command introduced in version 6.6.0 firmware. Example This example globally enables IPDT and disables IPDT on an uplink interface.
Command History Command introduced in version 6.6.0 firmware. Example This example clears the IPDT entries on interface Gi1/0/1. console#clear ip device tracking interface gi1/0/1 show ip device tracking Use the show ip device tracking command to display entries in the IP device tracking table. Syntax show ip device tracking {all [active | inactive | count ] | interface if-name | ip ipv4-address | mac mac-address} • all—Displays the entire IPDT table.
IP Address Learned IPv4 address of the device. MAC Address MAC address associated with the learned IPv4 address. VLAN VLAN identifier associated with an interface on which device is learned. Interface Interface name on which device is learned. Time left to inactive The number of seconds before the reachable device transitions to INACTIVE. Time since inactive The number of seconds since the INACTIVE device was last reachable. State The table entry state (ACTIVE or INACTIVE).
IP Device Tracking ARP Entries Count .......... 40 IP Device Tracking DHCP Entries Count ......... 0 IP Device Tracking ACTIVE Entries Count ....... 30 IP Device Tracking INACTIVE Entries Count ..... 10 IP Device Tracking Total Entries Count ........ 40 console#show ip device tracking ip 10.21.1.1 IP Device Tracking for clients......................... Enable IP Device Tracking Probe Generation.................... Enable IP Device Tracking Probe Count.........................
IPv6 Access List Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria.
deny | permit (IPv6 ACL) This command creates a new rule for the current IPv6 access list. Each rule is appended to the list of configured rules for the list.
– • • Specifying “host X::X” implies a prefix length as “/128” and a mask of 0::/128. [{range {portkey | startport} {portkey | endport} | {eq | neq | lt | gt} {portkey | 0-65535}]—Specifies the layer 4 destination or source port match condition for the IP/TCP/UDP ACL rule.
– For IPv6 ACLs, “any” implies 0::/128 prefix and a mask of all ones. – Specifying host implies prefix length as “/128” and a mask of 0::/128. • [dscp dscp]—Specifies a match of DSCP values. • flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack] [+urg | -urg] [established]—Specifies that the IP/TCP/UDP ACL rule matches on the TCP flags. • – When “+” is specified, a match occurs if specified flag is set in the TCP header.
– ICMPv6 message types: destination-unreachable echo-reply echorequest header hop-limit mld-query mld-reduction mld-report nd-na nd-ns next-header no-admin no-route packet-too-big portunreachable router-solicitation router-advertisement routerrenumbering time-exceeded unreachable – The icmpv6 message types are available only if the protocol is icmpv6. • flow-label—Specifies a match on the identified flow label. Range 0– 1048575.
– Burst-size – the committed burst size in Kilobytes. Default Configuration An implicit deny all condition is added by the system after the last MAC or IP/IPv6 access group if no route-map is configured on the interface. Command Mode IPv6-Access-List Configuration mode User Guidelines A rule may either deny or permit traffic according to the specified classification fields. At a minimum, either the every keyword or the protocol, source address, and destination address values must be specified.
Host - indicates /128 prefix length for IPv6. Port ranges are not supported for egress (out) IPv6 traffic-filters. This means that only the eq operator is supported for egress (out) ACLs. The protocol type must be SCTP, TCP or UDP to specify a port range. The protocol type must be IPv6, SCTP, TCP, ICMPv6, or UDP to specify a flow label. The IPv6 “fragment” and “routing” keywords are not supported on egress (out) access groups. The log action is supported for both permit and deny rules.
Command History Updated in 6.3.0.1 firmware. Example and description updated in the 6.4 release.
Example The following example creates an IPv6 ACL named “DELL_IP6” and enters the IPv6-Access-List Configuration mode: console(config)#ipv6 access-list DELL_IP6 console(Config-ipv6-acl)# ipv6 access-list rename The ipv6 access-list rename command changes the name of an IPv6 Access Control List (ACL). This command fails if an IPv6 ACL with the new name already exists. Syntax ipv6 access-list rename name newname • name — the name of an existing IPv6 ACL.
Use the no form of the command to remove an IPv6 traffic-filter from the interface(s) in a given direction. Syntax ipv6 traffic-filter name [in | out | control-plane][seq-num] no ipv6 traffic-filter name [in | out | control-plane] • name — Alphanumeric string of 1 to 31 characters uniquely identifying the IPv6 access list. • in — The access list is applied to ingress packets. • out—The access list is applied to egress packets.
This command specified in Interface Configuration mode only affects a single interface, whereas the Global Configuration mode setting is applied to all interfaces. The optional control-plane keyword allows application of an ACL on the CPU port ingress queue. Control plane packets (e.g., BPDUs) are dropped because of the implicit deny all rule added at the end of every access control list.
User Guidelines There are no user guidelines for this command. Example console#show ipv6 access-lists Current number of ACLs: 4 Maximum number of ACLs: 100 ACL Name Count ------------------------------------IPv6-ACL 43981900 asdasd 3981901 Rules Interface(s) Direction ----- ------------------------- --------- -1 Gi1/0/8 Inbound 2 Gi1/0/7 Inbound console#show ipv6 access-lists IPv6-ACL IPV6 ACL Name: IPv6-ACL Inbound Interface(s): Gi1/0/8 Rule Number: 1 Action...................................
IPv6 MLD Snooping Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches In IPv6, Multicast Listener Discover (MLD) snooping performs functions similar to IGMP snooping in IPv4. With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data, instead of being flooded to all ports in a VLAN. This list is constructed by snooping IPv6 multicast control packets.
ipv6 mld snooping vlan groupmembershipinterval The ipv6 mld snooping vlan groupmembership-interval command sets the MLD Group Membership Interval time on a VLAN or interface. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a particular interface before deleting the interface from the entry. This value must be greater than the MLDv2 Maximum Response time value. The range is 2 to 3600 seconds.
Syntax ipv6 mld snooping vlan vlan-id immediate-leave • vlan-id— A VLAN identifier (Range 1-4093). Default Configuration Immediate leave is disabled on all VLANs by default. Command Mode Global Configuration mode. User Guidelines Enabling immediate-leave allows the switch to immediately remove the Layer 2 LAN interface from its forwarding table entry upon receiving an MLD done message for that multicast group without first sending out MAC-based general queries to the interface.
Default Configuration Listener message suppression is enabled by default. Command Mode Global Configuration mode. User Guidelines MLD listener message suppression is equivalent to IGMP report suppression. When MLD listener message suppression is enabled, the switch only sends the first report received for a group in response to a query. Listener message suppression is only applicable to MLDv1.
User Guidelines This value must be less than the MLD Query Interval time value. The range is 1 to 25 seconds. Example console(config)#ipv6 mld snooping vlan 2 last-listener-query-interval 7 ipv6 mld snooping vlan mcrtrexpiretime The ipv6 mld snooping mcrtrexpiretime command sets the multicast router present expiration time. Syntax ipv6 mld snooping vlan vlan-id mcrtrexpiretime time no ipv6 mld snooping vlan vlan-id mcrtrexpiretime • vlan-id — A VLAN identifier (Range 1-4093).
ipv6 mld snooping vlan mrouter This command statically configures a port as connected to a multicast router for a specified VLAN. The no form of this command removes the static binding. Syntax ipv6 mld snooping vlan vlan-id mrouter interface interface no ipv6 mld snooping vlan vlan-id mrouter interface interface • vlan-id — A VLAN identifier (Range 1-4093). • interface-id— The next-hop interface to the multicast router. Default Configuration There are no multicast router ports configured by default.
• vlan-id — A VLAN identifier (Range 1-4093). Default Configuration MLD Snooping is enabled globally and on all VLANs by default. Command Mode Global Configuration mode. User Guidelines Use this command without parameters to globally enable MLD Snooping. Use the no form of the command to disable MLD Snooping. Use the vlan parameter to enable MLD Snooping on a specific VLAN.
• vlan-id—A VLAN identifier. Default Configuration This command has no default configuration Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines With no optional arguments, the command displays the following information: • Admin Mode — Indicates whether or not MLD Snooping is active on the switch. • Multicast Control Frame Count— Displays the total number of IGMP or PIM packets which have been received (same as IPv4).
• Last Listener Query Interval—Displays the amount of time the switch waits after it sends a query on an interface, participating in the VLAN, because it did not receive a report for a particular group on that interface. This value may be configured. • Multicast Router Present Expiration Time — Displays the amount of time to wait before removing an interface that is participating in the VLAN from the list of interfaces with multicast routers attached. The interface is removed if a query is not received.
Default configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This user guideline applies to all switch models.To see the full multicast address table (including static addresses) use the show mac address-table multicast command. Example This example shows MLDv2 snooping entries console#show ipv6 mld snooping groups Vlan ---1 Group ----------------------3333.0000.
Default configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines MLD snooping forwards IPv6 multicast data plane packets to mrouter ports, including statically configured mrouter ports. If a static mrouter port is configured in a VLAN, MLD snooping will forward multicast data plane packets received on the VLAN even if the interface is down.
IPv6 MLD Snooping Querier Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches The MLD Snooping Querier is an extension of the MLD snooping feature. MLD Snooping Querier allows the switch to simulate an MLD router in a Layer 2-only network, thus removing the need to have an MLD router to collect the multicast group membership information. The querier function simulates a small subset of the MLD router functionality.
Syntax ipv6 mld snooping querier no ipv6 mld snooping querier Default Configuration MLD Snooping Querier is disabled by default. Command Mode Global Configuration mode User Guidelines It is not recommended the MLD Snooping Querier be enabled on a switch enabled for IPv6 multicast routing. Example console(config)#ipv6 mld snooping querier ipv6 mld snooping querier (VLAN mode) Use the ipv6 mld snooping querier command in VLAN mode to enable MLD Snooping Querier on a VLAN.
User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 mld snooping querier vlan 10 ipv6 mld snooping querier address Use the ipv6 mld snooping querier address command to set the global MLD Snooping Querier address. Use the no form of this command to reset the global MLD Snooping Querier address to the default. Syntax ipv6 mld snooping querier address prefix[/prefix-length] no ipv6 mld snooping querier address • prefix — An IPv6 address prefix.
ipv6 mld snooping querier election participate Use the ipv6 mld snooping querier election participate command to enable the Snooping Querier to participate in the Querier Election process when it discovers the presence of another Querier in the VLAN. Use the no form of this command to disable election participation on a VLAN.
• interval — Amount of time that the switch waits before sending another general query. (Range: 1–1800 seconds) Default Configuration The default query interval is 60 seconds. Command Mode Global Configuration mode User Guidelines The query interval is the amount of time in seconds that the switch waits before sending another general query.
User Guidelines The timer expiry is the time period that the switch remains in non-querier mode once it has discovered that there is another multicast querier in the network. Example console(config)#ipv6 mld snooping querier timer expiry 222 show ipv6 mld snooping querier Use the show ipv6 mld snooping querier command to display MLD Snooping Querier information. Configured information is displayed whether or not MLD Snooping Querier is enabled.
MLD Version Indicates the version of MLD that will be used while sending out the queries. This is defaulted to MLD v1 and it can not be changed. Querier Query Interval Shows the amount of time that a Snooping Querier waits before sending out a periodic general query. Querier Expiry Interval Displays the amount of time to wait in the Non-Querier operational state before moving to a Querier state.
MLD Version Indicates the version of MLD.
IP Source Guard Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches IP Source Guard (IPSG) is a security feature that filters IP packets based on source ID. The source ID may either be source IP address or a {source IP address, source MAC address} pair. The network administrator configures whether enforcement includes the source MAC address. The network administrator can configure static authorized source IDs.
Syntax ip verify source {port-security} no ip verify source • port-security—Enables filtering based on IP address, VLAN, and MAC address. When not specified, filtering is based upon IP address. Default Configuration By default, no sources are blocked. Command Mode Interface Configuration mode (Ethernet and port channel) User Guidelines DHCP snooping should be enabled on any ports for which ip verify source is configured.
ip verify binding Use the ip verify binding command in Global Configuration mode to configure static bindings. Use the no form of the command to remove the IPSG entry. Syntax ip verify binding macaddr vlan ipaddr interface Default Configuration By default, there are no static bindings configured. Command Mode Global Configuration mode User Guidelines The configured IP address and MAC address are used to match the source IP address and source MAC address for packets received on the interface.
Default Configuration There is no default configuration for this command.
Syntax show ip verify source [interface interface-id] • interface-id: A valid Ethernet interface identifier or port-channel identifier Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
User Guidelines This command has no user guidelines. Example console#show ip source binding MAC Address IP Address Type VLAN Interface --------------------- ----- ----- ------------0011.2233.4455 1.2.3.
iSCSI Optimization Commands Dell EMC Networking N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON Series Switches iSCSI Optimization provides a means of performing configuration specific to storage traffic and optionally giving traffic between iSCSI initiator and target systems special Quality of Service (QoS) treatment. iSCSI Optimization is best applied to mixed-traffic networks where iSCSI packets constitutes a portion of overall traffic.
iSCSI Optimization borrows ACL lists from the global system pool. ACL lists allocated by iSCSI Optimization reduce the total number of ACLs available for use by the network operator. Enabling iSCSI Optimization uses one ACL list to monitor for iSCSI sessions for the application of any CoS treatment.
Command Mode Global Configuration mode. User Guidelines The remark option only applies to DSCP values. Remarking is not available for vpt values. In general, the use of iSCSI CoS is not required. By default, iSCSI flows are assigned to the highest VPT/DSCP value that is mapped to the highest queue not used for stack management or the voice VLAN. Make sure you configure the relevant Class of Service parameters for the queue in order to complete the setting.
iscsi enable The iscsi enable command globally enables iSCSI optimization. To disable iSCSI optimization, use the no form of this command. Syntax iscsi enable no iscsi enable Default Configuration iSCSI is enabled by default. Command Mode Global Configuration mode User Guidelines This command modifies the running config to enable flow control on all interfaces. Monitoring for EqualLogic Storage arrays via LLDP is enabled by this command.
Syntax show iscsi Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example The following example displays the iSCSI configuration.
Link Dependency Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Link dependency allows the link status of a group of interfaces to be made dependent on the link status of other interfaces. The effect is that the link status of a group that depends on another interface either mirrors or inverts the link status of the depended-on interface. Circular dependencies are not allowed. For example, if port-channel 1 in group 1 depends on port-channel 2.
Command Mode Link Dependency mode User Guidelines The action up command will cause the group members to be up when no depended-on interfaces are up. Example console(config-depend-1)#action up link-dependency group Use the link-dependency group command to enter the link-dependency mode and configure a link-dependency group. Syntax link-dependency group GroupId no link-dependency group GroupId • GroupId — Link dependency group identifier.
add Use this command to add member ten Gigabit or Gigabit Ethernet port(s) or port channels to the dependency list. Syntax add intf-list • intf-list — List of Ethernet interface identifiers or port channel identifiers or ranges. Separate nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports. Default Configuration This command has no default configuration.
no depends-on intf-list • intf-list — List of Ethernet interface identifiers or port channel interface identifiers or ranges.Separate nonconsecutive items with a comma and no spaces. Use a hyphen to designate the range of ports or port-channel numbers. Default Configuration This command has no default configuration. Command Mode Link Dependency mode User Guidelines Circular dependencies are not allowed, i.e.
Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines Configure a link dependency group prior to using this command. Example The following command shows link dependencies for all groups.
LLDP Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches The IEEE 802.1AB standard defines the Link Layer Discovery Protocol (LLDP). This protocol allows stations residing on an IEEE802 LAN to advertise major capabilities, physical descriptions, and management information to physically adjacent devices, allowing a network management system (NMS) to access and display this information.
The receive function accepts incoming LLDPDU frames and stores information about the remote stations. Both local and remote data may be displayed by the user interface and retrieved using SNMP as defined in the LLDP MIB definitions. The component maintains one remote entry per physical network connection. The LLDP component manages a number of statistical parameters representing the operation of each transmit and receive function on a per-port basis.
Default Configuration By default, data is removed only on system reset. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example displays how to clear the LLDP remote data. console#clear lldp remote-data clear lldp statistics Use the clear lldp statistics command to reset all LLDP statistics. Syntax clear lldp statistics Default Configuration By default, the statistics are only cleared on a system reset.
debug lldp Use the debug lldp command to display LLDP debug information. Use the no form of the command to halt the display of LLDP debug information. Syntax debug lldp packet [transmit | receive] no debug lldp packet [transmit | receive] • Transmit–Display LLDP packets transmitted by the switch. • Receive–Display LLDP packets received by the switch. Default Configuration If neither transmit nor receive is specified, packets for both directions are displayed.
no lldp med Command Mode Interface Configuration (Ethernet) mode Default Value Transmission and reception of LLDP-MED TLVs is enabled on all supported interfaces. User Guidelines No specific guidelines. Example console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#lldp med lldp med confignotification This command is used to enable sending topology change notifications.
lldp med faststartrepeatcount This command is used to set the value of the fast start repeat count. Syntax lldp med faststartrepeatcount count no lldp med faststartrepeatcount • count — Number of LLDPPDUs that are transmitted when the protocol is enabled. (Range 1–10) Command Mode Global Configuration Default Value 3 User Guidelines No specific guidelines.
Command Mode Interface Configuration (Ethernet) User Guidelines The optional ex-pse (extended PSE) and ex-pd (extended PD) parameters are only available on PoE capable switches. Default Value By default, the capabilities and network policy TLVs are included in LLDP packets sent on interfaces enabled for MED. On PoE capable switches, the extended PD TLV and extended PSE TLV are transmitted. Command History Command updated in version 6.6 firmware.
User Guidelines This command has no user guidelines. Example The following example displays how to enable remote data change notifications. console(config-if-Gi1/0/3)#lldp notification lldp notification-interval Use the lldp notification-interval command in Global Configuration mode to limit how frequently remote data change notifications are sent. To return the notification interval to the factory default, use the no form of this command.
lldp receive Use the lldp receive command in Interface Configuration mode to enable the LLDP receive capability. To disable reception of LLDPDUs, use the no form of this command. Syntax lldp receive no lldp receive Default Configuration The default lldp receive mode is enabled. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example displays how to enable the LLDP receive capability.
• transmit-interval — The interval in seconds at which to transmit local data LLDPDUs. (Range: 5–32768 seconds) • hold-multiplier — Multiplier on the transmit interval used to set the TTL in local data LLDPDUs. (Range: 2–10) • reinit-delay — The delay in seconds before reinitialization. (Range: 1–10 seconds) Default Configuration The default transmit interval is 30 seconds. The default hold-multiplier is 4. The default delay before reinitialization is 2 seconds.
no lldp transmit Default Configuration LLDP is enabled on all supported interfaces. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example displays how enable the transmission of local data. console(config-if-Gi1/0/3)#lldp transmit lldp tlv-select Use the lldp tlv-select command to specify which optional type-length-value settings (TLVs) in the 802.3 AB basic management set will be transmitted in the LLDPDUs.
• system-capabilities — Transmits the system capabilities (TLV type 7). Default Configuration By default, the chassis ID (1), port ID (2), time-to-live (3), port-description (4), port-vlan (127/1), and system-name (5) TLVs are transmitted. Command Mode Interface Configuration (Ethernet) mode User Guidelines LLDP must be enabled globally, or if disabled globally, enabled on the interface for this command to have an effect.
console(config-if-Gi1/0/3)#lldp transmit-tlv system-description show lldp Use the show lldp command to display the current LLDP configuration summary. Syntax show lldp Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the current LLDP configuration summary.
Syntax show lldp interface {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port| all} Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples This example show how the information is displayed when you use the command with the all parameter.
Gi1/0/18 Gi1/0/19 Gi1/0/20 Gi1/0/21 Gi1/0/22 Gi1/0/23 Gi1/0/24 Te1/0/1 Te1/0/2 Down Up Down Down Down Down Down Down Down Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled 0,1,4 0,1,4 0,1,4 0,1,4 0,1,4 0,1,4 0,1,4 0,1,4 0,1,4 TLV Codes: 0- Port Description, 1- System Name, 2- System Description 3- System Capabilities, 4- Port VLA
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples These examples show advertised LLDP local data in two levels of detail.
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes Default Value Not applicable User Guidelines No specific guidelines. Example console(config)#show lldp med LLDP MED Global Configuration Fast Start Repeat Count: 3 Device Class: Network Connectivity show lldp med interface This command displays a summary of the current LLDP MED configuration for a specific interface.
Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 Detach Detach Detach Detach Detach Enabled Disabled Disabled Disabled Disabled Enabled Disabled Disabled Disabled Disabled Enabled0,1 Disabled Disabled Disabled Disabled 0,1 0,1 0,1 0,1 console #show lldp med interface gi1/0/1 LLDP MED Interface Configuration Interface --------Gi1/0/1 Link -----Up configMED operMED ConfigNotify -------- -------- -------Enabled Enabled Disabled TLVsTx ------0,1 TLV Codes: 0- Capabilities, 1- Network Policy 2-Location, 3- Exte
DSCP: 1 Unknown: False Tagged: True Media Policy Application Type : streamingvideo Vlan ID: 20 Priority: 1 DSCP: 2 Unknown: False Tagged: True Inventory Hardware Rev: xxx xxx xxx Firmware Rev: xxx xxx xxx Software Rev: xxx xxx xxx Serial Num: xxx xxx xxx Mfg Name: xxx xxx xxx Model Name: xxx xxx xxx Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE Available: 0.3 watts Source: primary Priority: critical Extended POE PD Required: 0.
Syntax show lldp med remote-device {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | all} show lldp med remote-device detail {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port} • all — Indicates all valid LLDP interfaces. • detail — Includes a detailed version of remote data for the indicated interface.
DSCP: 1 Unknown: False Tagged: True Media Policy Application Type : streamingvideo Vlan ID: 20 Priority: 1 DSCP: 2 Unknown: False Tagged: True Inventory Hardware Rev: xxx xxx xxx Firmware Rev: xxx xxx xxx Software Rev: xxx xxx xxx Serial Num: xxx xxx xxx Mfg Name: xxx xxx xxx Model Name: xxx xxx xxx Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE Available: 0.3 Watts Source: primary Priority: critical Extended POE PD Required: 0.
Syntax show lldp remote-device {detail interface | interface | all} • detail — Includes detailed version of remote data. • interface — Specifies a valid Ethernet interface on the device. Substitute gigabitethernet unit/slot/port or tengigabitethernet unit/slot/port or fortygigabitethernet unit/slot/port} Default Configuration This command has no default configuration.
Remote Identifier: 2 Chassis ID Subtype: MAC Address Chassis ID: E4:F0:04:38:00:D7 Port ID Subtype: Interface Name Port ID: Gi2/0/19 Port VLAN: 10 System Name: System Description: Port Description: Gi2/0/19 System Capabilities Supported: System Capabilities Enabled: Time to Live: 99 seconds show lldp statistics Use the show lldp statistics command to display the current LLDP traffic statistics.
Total Inserts................................ 1 Total Deletes................................ 0 Total Drops.................................. 0 Total Ageouts................................ 1 Tx Interface Total --------- ----Gi1/0/1 29395 Gi1/0/2 0 Gi1/0/3 0 Gi1/0/4 0 Rx Total ----82562 0 0 0 Discards -------0 0 0 0 Errors -----0 0 0 0 Ageout -----1 0 0 0 TLV Discards -------0 0 0 0 TLV Unknowns -------0 0 0 0 TLV MED ---0 0 0 0 TLV 802.
Fields Description Total Drops Number of times a complete set of information advertised by a remote device could not be inserted due to insufficient resources. Total Ageouts Number of times any remote data entry has been deleted due to time-to-live (TTL) expiration. Transmit Total Total number of LLDP frames transmitted on the indicated port. Receive Total Total number of valid LLDP frames received on the indicated port.
Loop Protection Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Loop protection detects physical and logical loops between Ethernet ports on a device. Loop protection must be enabled globally before it can be enabled at the interface level.
User Guidelines Loop protection operates by unicasting a Configuration Test Protocol (CTP) reply packet with the following field settings: • Source MAC Address:switch L3 MAC address • Destination MAC Address: Switch L3 MAC address • Ether Type: 0x0900 (LOOP) • Skip Count: 0 • Functions: Reply • Receipt Number: 0 • Data: 0 Since all switch ports share the same MAC address, if any interface receives CTP packets transmitted by the switch in excess of the configured limit, that interface is error
console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#no keepalive keepalive (Global Config) Use the keepalive command in Global Configuration mode to enable keepalive or to configure the loop protection timer and packet count. Use the no form of the command to return the configuration to the defaults. Syntax keepalive [ period [ count ] ] no keepalive • period – Configures the interval for the transmission of keepalive packets.
Command History Implemented in version 6.3.0.1 firmware. Example The following example configures the CTP transmit interval to transmit CTP packets every 5 seconds. console(config)#keepalive 5 This example configures the CTP transmit interval to 5 seconds. If an interface receives two CTP packets, it error disables the interface.
Command Mode Interface Configuration mode User Guidelines Error disabled interfaces can be configured to auto-recover using the errdisable recovery cause loop-protect command. Keepalive should only be configured on interfaces that do not participate in spanning-tree. Keepalive may disable interfaces in the spanning-tree designated (blocked) role. Command History Implemented in version 6.3.0.1 firmware. Syntax corrected in 6.4 release.
Field Description Keepalive Service The Keepalive service configuration (Enabled, Disabled). Transmit Interval The transmission interval in seconds. Retry Count The number of times a keepalive packet must be seen before a looped state is declared. Command History Implemented in version 6.3.0.1 firmware. Example updated in 6.4 version. Example console#show keepalive Keepalive Service.............................. Enabled Transmit Interval.............................. 10 Retry Count.................
User Guidelines The following information is displayed. Field Description Port The interface identifier. Keep Alive Are keepalives transmitted on this interface (Yes, No)? Loop Detected Has a loop been detected (Yes, No)? Loop Count The number of CTP packets detected. Time Since Last Loop The last time a loop was detected. Rx Action Action when a loop is detected (Error disable, Log). Port Status Current port status (Enable, Disable). Command History Implemented in version 6.3.0.1 firmware.
MLAG Commands Dell EMC Networking N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON Series Switches MLAG enables a LAG to be created across two independent switches, so that some member ports of a MLAG can reside on one switch and the other members of a MLAG can reside on another switch. The partner switch on the remote side can be a MLAG-unaware unit. To the MLAG unaware switch, the MLAG appears to be a single LAG connected to a single switch.
Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode User Guidelines There are no user guidelines for this command. Example console#clear vpc statistics feature vpc The feature vpc command globally enables MLAG. Use the no form of the command to globally disable MLAG. Syntax feature vpc no feature vpc Default Configuration By default, the MLAG feature is not globally enabled.
peer detection enable Use the peer detection enable command to enable the Dual Control Plane Detection Protocol. This enables the detection of peer MLAG switches and suppresses state transitions out of the secondary state in the presence of peer link failures. Use the no form of the command to disable the dual control plane detection protocol. Syntax peer detection enable no peer detection enable Default Configuration Dual Control Plane Detection Protocol is disabled by default.
Syntax peer detection interval interval-msecs timeout timeout-msecs no peer detection interval • interval-msecs—The peer keepalive timeout in seconds. The range is 200– 4000 milliseconds. • timeout-msecs—The peer timeout value in milliseconds. The range is 700–14000 milliseconds. Default Configuration The default transmission interval is 1000 milliseconds. The default reception timeout is 3500 milliseconds.
Syntax peer-keepalive destination ipaddress source srcaddr [udp-port port] no peer-keepalive destination • ipaddress—The ip address of the MLAG peer. • port—The UDP port number to use to listen for peer Dual Control Plane Detection Protocol packets. • srcaddr—The local source address to use. Default Configuration There are no Dual Control Plane Detection Protocol peers configured by default.
Example console(config)#vpc domain 1 console(config-vpc 1)#peer-keepalive enable console(config-vpc 1)#peer-keepalive destination 192.168.0.2 source 192.168.0.1 console(config-vpc 1)#peer detection enable console(config-vpc 1)#exit peer-keepalive enable Use the peer-keepalive enable command to enable the peer keepalive protocol on the peer link.
• • Secondary device fails: All MLAG members’ port information regarding the secondary device that the primary switch maintains are removed from the primary switch. Forwarding and control processing continues on the local MLAG ports on the primary switch. Once the secondary comes back up again, it starts the keepalive protocol and, if successful in contacting the primary device, moves to the secondary state. It then initiates an FDB sync and becomes operational again.
no peer-keepalive timeout • value—The peer keepalive timeout value in seconds. The range is 2 to 15 seconds. Default Configuration By default, the keepalive timeout value is 5 seconds. Command Modes VPC Domain User Guidelines This command configures the peer keepalive timeout value (in seconds). If an MLAG switch does not receive keepalive messages from the peer for this timeout value, it takes the decision to transition its role (if required).
• Value—The local switch priority value. (The range is 1-255.) Default Configuration The default priority value is 100. Command Modes MLAG Domain Configuration mode User Guidelines This value is used for the MLAG role election and is sent to the MLAG peer in the MLAG keepalive messages. The MLAG switch with the numerically lower priority value becomes the Primary and the switch with higher priority becomes the Secondary.
Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode and above User Guidelines There are no user guidelines for this command. Example (console)# show vpc 10 VPC Id 10 ----------------Configuration mode......................Enabled Operational mode........................Enabled Port channel................................
User Guidelines A VPC domain ID must be configured for this command to display the VPC status. Only the Primary switch maintains the member status of the Secondary switch. The Secondary switch does not maintain or show the status of the Primary switch peer members. A VPC instance may show as enabled even if all of the port-channels that are members of the VPC are disabled or all of the links in the port channels are disabled. A VPC will show as disabled if peer-link (or DCPDP) connectivity is lost.
Number of VPCs configured...................... 2 Number of VPCs operational..................... 2 VPC id# 1 ----------Interface...................................... Po2 Configured Vlans............................... 1,10,11,12,13,14,15,16,17 VPC Interface State............................ Active Local MemberPorts Status ----------------- -----Gi1/0/23 UP Gi1/0/24 UP Peer MemberPorts Status ---------------- -----Gi1/0/23 UP Gi1/0/24 UP VPC id# 2 ----------Interface......................................
User Guidelines There are no user guidelines for this command. Command History Introduced in 6.2.0.1 firmware. Updated in 6.3.0.1 firmware.
Parameter Name ---------------Port Channel Mode STP Mode BPDU Filter Mode BPDU Flood Mode Auto-edge TCN Guard Port Cost Edge Port Root Guard Loop Guard Hash Mode Minimum Links Channel Type Configured VLANs MTU Active Port -----------Gi1/0/1 Gi1/0/2 Value --------------------------Enabled Enabled Enabled Enabled FALSE True 2 True True True 3 1 Static 4,5,7,8 1518 Speed --------100 100 Duplex -------Full Full MST VLAN Configuration Instance ------------1 2 Associated VLANS ------------------------------
Syntax show vpc consistency-features { global | interface port-channel-number } • port-channel-number—A valid port-channel identifier. Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode and above User Guidelines There are no user guidelines for this command. show vpc peer-keepalive Use the show vpc peer-keepalive command to display the peer MLAG switch’s IP address used by the Dual Control Plane Detection Protocol.
Peer IP address............................10.130.14.55 Source IP address..........................10.130.14.54 UDP port...................................50000 Peer detection admin status................Enabled Peer detection operational status..........Up Peer is detected...........................True Configured Tx interval.....................500 milliseconds Configured Rx timeout......................2000 milliseconds Operational Tx interval....................500 milliseconds Operational Rx timeout...
Configured VPC system priority..................32767 Operational VPC system priority.................32767 Local System MAC..................................... 00:10:18:82:18:63 Timeout........................................ 5 VPC State...................................... Primary VPC Role....................................... Primary Peer ---VPC Domain ID.................................. 1 Role Priority.................................. 100 Configured VPC MAC..............................
Total received..........................................115 Rx successful...........................................108 Rx Errors...............................................7 Timeout counter.........................................6 (console)# show vpc statistics peer-link Peer link control messages transmitted..................123 Peer link control messages Tx errors................... 5 Peer link control messages Tx timeout.................. 4 Peer link control messages ACK transmitted.............
system-mac Use this command to manually configures the MAC address for the VPC domain. Use the no form of the command to revert the domain MAC address to the default value. Syntax system-mac mac-address no system-mac • mac-address—The system MAC address for the VPC domain. Default Configuration By default, the domain uses a pre-configured MAC address. Command Modes VPC domain mode User Guidelines The VPC domain MAC address must be the same on both MLAG peer devices.
system-priority Use this command to manually configure the priority for the VPC domain. Use the no form of the command to revert the priority to the default value. Syntax system-priority priority no system-priority • priority—The priority for the VPC domain. Range is 1-65535. Default Configuration By default, the system priority is 32767. Command Modes VPC domain mode User Guidelines The system priority must be configured identically on all VPC peers.
vpc Use the vpc command to configure a port-channel (LAG) as part of an MLAG instance. Upon issuing this command, the port-channel is down until the port-channel member information is exchanged and agreed between the MLAG peer switches. Use the no form of the command to remove the LAG from the MLAG domain. Syntax vpc vpc-id no vpc vpc-id • vpc-id—The MLAG identifier. Default Configuration LAGs are not members of an MLAG domain by default.
console(config-if-Po3)#switchport trunk allowed vlan 1-99,101-4093 console(config-if-Po3)#vpc 2 console(config-if-Po3)#exitconsole(config)#interface po3 console(config-if-Po3)#switchport mode trunk console(config-if-Po3)#switchport trunk allowed vlan 1-99,101-4093 console(config-if-Po3)#vpc 2 console(config-if-Po3)#exit vpc domain Use the vpc domain command to enter into MLAG configuration mode. This command creates an MLAG domain and enters into MLAG configuration mode.
BPDUs sent out on VPC interfaces. If two VPC domains have the identical domain-ids, the resulting actor IDs may lead to LACP or STP convergence issues. Example console(config)#vpc domain 1 console(config-vpc 1)#peer-keepalive enable console(config-vpc 1)#peer-keepalive destination 192.168.0.2 source 192.168.0.
console(config-if-Po1)#spanning-tree disable console(config-if-Po1)#switchport mode trunk console(config-if-Po1)#switchport trunk allowed vlan 1-99,101-4093 console(config-if-Po1)#vpc peer-link console(config-if-Po1)#exit Layer 2 Switching Commands 663
Multicast VLAN Registration Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Series Switches Multicast VLAN registration (MVR) is a method for consolidating multicast traffic from multiple VLANs onto a single VLAN. A typical usage scenario would be the distribution of a multicast group to a switch using a single VLAN where the switch has users in different VLANs subscribing to the multicast group.
mvr mvr type mvr group mvr vlan group mvr mode show mvr mvr querytime show mvr members mvr vlan show mvr interface mvr immediate show mvr traffic mvr Use the mvr command in Global Configuration and Interface Configuration modes to enable MVR. Use the no form of this command to disable MVR. Syntax mvr no mvr Default Configuration The default value is Disabled. Command Mode Global Configuration, Interface Configuration User Guidelines MVR can only be configured on Ethernet interfaces.
no mvr group A.B.C.D [count] • A.B.C.D—Specify a multicast group. • count—Specifies the number of multicast groups to configure. Groups are configured contiguously by incrementing the first group specified. Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The following table lists the completion messages.
• dynamic—Send IGMP joins to the multicast source when IGMP joins are received on receiver ports. Default Configuration The default mode is compatible. Command Mode Global Configuration User Guidelines This command has no user guidelines. mvr querytime Use the mvr querytime command in Global Configuration mode to set the MVR query response time.
Message Type Message Description Successful Completion Message Defaulting MVR query response time. Error Completion Message None Example console(config)#interface Gi1/0/1 console(config-if-Gi1/0/1)#switchport access vlan 2 console(config-if-Gi1/0/1)#mvr console(config-if-Gi1/0/1)#mvr type receiver console(config-if-Gi1/0/1)#exit console(config)#mvr mode dynamic console(config)#mvr querytime 10 mvr vlan Use the mvr vlan command in Global Configuration mode to set the MVR multicast VLAN.
Message Type Message Description Successful Completion Message MVR multicast VLAN ID is set to the default value which is equal to 1. Error Completion Message Receiver port in mVLAN, operation failed. mvr immediate Use the mvr immediate command in Interface Configuration mode to enable MVR Immediate Leave mode. Use the no form of this command to set the MVR multicast VLAN to the default value. Syntax mvr immediate no mvr immediate Default Configuration The default value is Disabled.
mvr type Use the mvr type command in Interface Configuration mode to set the MVR port type. Use the no form of this command to set the MVR port type to None. Syntax mvr type {receiver | source} no mvr type • receiver—Configure the port as a receiver port. Receiver ports are ports over which multicast data will be sent but not received. • source—Configure the port as a source port. Source ports are ports over which multicast data is received or sent. Default Configuration The default value is None.
console(config-if-Gi1/0/1)#mvr type receiver console(config-if-Gi1/0/1)#interface Gi1/0/24 console(config-if-Gi1/0/24)#switchport mode trunk console(config-if-Gi1/0/24)#switchport trunk native vlan 99 console(config-if-Gi1/0/24)#switchport trunk allowed vlan add 99 console(config-if-Gi1/0/24)#mvr console(config-if-Gi1/0/24)#mvr type source console(config-if-Gi1/0/24)#exit mvr vlan group Use the mvr vlan group command in Interface Configuration mode to participate in the specific MVR group.
console(config-vlan2000)#exit console(config)#mvr vlan 2000 console(config)#interface gi1/0/24 console(config-if-Gi1/0/24)#switchport mode trunk console(config-if-Gi1/0/24)#switchport trunk native vlan 2000 console(config-if-Gi1/0/24)#switchport trunk allowed vlan add 2000 console(config-if-Gi1/0/24)#mvr console(config-if-Gi1/0/24)#mvr type source console(config-if-Gi1/0/24)#mvr vlan 2000 group 239.1.1.1 show mvr Use the show mvr command to display global MVR settings.
Parameter Description MVR Max Multicast Groups The maximum number of multicast groups that is supported by MVR. MVR Current Multicast groups The current number of MVR groups allocated. MVR Query Response Time The current MVR query response time. MVR Mode The current MVR mode. It can be compatible or dynamic. Example console #show mvr MVR Running.............................. MVR multicast VLAN....................... MVR Max Multicast Groups................. MVR Current multicast groups............
Message Type Message Description Successful Completion Message None Error Completion Message MVR disabled The following table explains the output parameters. Parameter Description MVR Group IP MVR group multicast IP address. Status The status of the specific MVR group. It can be active or inactive. Members The list of ports which participates in the specific MVR group. Examples console#show mvr members MVR Group IP Status -------------------------------224.1.1.
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message None Error Completion Message MVR disabled The following table explains the output parameters. Parameter Description Port Interface number Type The MVR port type. It can be None, Receiver, or Source type. Status The interface status.
console#show mvr interface gi1/0/23 members vlan 12 235.0.0.1 STATIC ACTIVE 235.1.1.1 STATIC ACTIVE show mvr traffic Use the show mvr traffic command to display global MVR statistics. Syntax show mvr traffic Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The following table lists the completion messages.
Parameter Description IGMP Report V2 Transmitted Number of transmitted IGMP Reports V2. IGMP Leave Transmitted Number of transmitted IGMP Leaves. IGMP Packet Receive Failures Number of failures on receiving the IGMP packets. IGMP Packet Transmit Failures Number of failures on transmitting the IGMP packets. console#show mvr traffic IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP Query Received............................ Report V1 Received........................ Report V2 Received..............
Port Channel Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches A port channel is a set of one or more links that can be aggregated together to form a bonded channel (Link Aggregation Group or LAG or port channel). Individual conversations in a particular direction always travel over a single link in the port channel, however, in aggregate, the bandwidth usage of all of the links is fairly evenly distributed.
unable to buffer the requisite number of frames will show excessive frame discard. Configuring copper and fiber ports together in an aggregation group is not recommended. If a dynamic LAG member sees an LACPDU that contains information different from the currently configured default partner values, that particular member drops out of the LAG. This configured member does not aggregate with the LAG until all the other active members see the new information.
VLANs and LAGs When Ethernet interfaces are added to a LAG, they are removed from all existing VLAN membership and take on the VLAN membership of the LAG. When members are removed from a LAG, the members regain the Ethernet interface VLAN membership as per the configuration. LAG Thresholds In many implementations, a LAG is declared as up if any one of its member ports is active. This enhancement provides configurability for the minimum number of member links to be active to declare a LAG up.
• Source/Destination IP and source/destination TCP/UDP Port fields of the packet. Enhanced LAG Hashing Dell EMC Networking devices based on Broadcom XGS-IV silicon support configuration of hashing algorithms for each LAG interface. The hashing algorithm is used to distribute traffic load among the physical ports of the LAG while preserving the per-flow packet order. NOTE: Enhanced hashing mode is not supported on the N1100ON/N1500 Series switches.
Flexible Assignment of Ports to LAGs Assignment of interfaces to dynamic LAGs is based upon a maximum of 144 interfaces assigned to dynamic LAGs, a maximum of 128 dynamic LAGs and a maximum of 8 interfaces per dynamic LAG. For example, 128 LAGs may be assigned 2 interfaces each or 18 LAGs may be assigned 8 interfaces each. NOTE: The N1100-ON/N1500 Series switches support 64 port channels.
Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example shows how port gi1/0/5 is configured in port-channel 1 without LACP (static LAG). console(config)# interface gigabitethernet 1/0/5 console(config-if-Gi1/0/5)# channel-group 1 mode on The following example shows how port gi1/0/6 is configured to port-channel 2 with LACP (dynamic LAG).
User Guidelines Port channel numbers range from 1 to 128 for all switches except the N1500 which supports 64 port channels. Example The following example enters the context of port-channel 1. console(config)# interface port-channel 1 console(config-if-po1)# interface range port-channel Use the interface range port-channel command in Global Configuration mode to execute a command on multiple port channels at the same time.
console(config)# interface range port-channel 1-2,8 console(config-if)# hashing-mode Use the hashing-mode command to set the hashing algorithm on trunk ports. Use the no hashing-mode command to set the hashing algorithm on trunk ports to the default. Syntax hashing-mode mode • mode — Mode value in the range of 1 to 7.
User Guidelines Enhanced hashing mode is recommended, however, depending on the specific traffic patterns present in the network, a different hashing mode may give better bandwidth distribution across the LAG member links. Use the show interfaces utilization command to view link utilization.
The port priority of each port is a four octet binary number, formed by using the configured port priority as the two most significant octets and the port number as the two least significant octets. For any given set of ports, the port with the numerically lower value of port priority has the higher priority.
User Guidelines Per IEEE 802.1AX-2008 Section 5.6, ports are selected for aggregation by each switch based upon the port priority assigned by the switch with the higher system priority, starting with the highest priority port of the switch with the higher switch priority, and working downward through the ordered list of port priority values for the ports.
Command Mode Interface Configuration (Ethernet) mode Interface Range mode User Guidelines The LACP time-out setting indicates a local preference for the rate of LACPDU transmission and the period of time before invalidating received LACPDU information. This setting is negotiated with the link partner. Long time-outs are 90 seconds with a transmission rate of once every 30 seconds. Short time-outs are 3 seconds with a transmission rate of once every second.
User Guidelines For a LAG that contains links distributed across stacking units, the default behavior is to distribute locally received ingress traffic across all LAG links in the stack per the selected hashing algorithm. When enabled, this command disables forwarding of ingress unicast traffic across stacking links for a LAG that is comprised of links on multiple stack units. It does this by restricting LAG hashing to only select egress links on the stack unit where the traffic ingresses.
Default Configuration The default minimum links is 1. Command Mode Interface Configuration (port-channel) mode User Guidelines This command has no user guidelines. Example console(config)#interface port-channel 1 console(config-if-Po1)#port-channel min-links 3 console(config-if-Po1)#no port-channel min-links show interfaces port-channel Use the show interfaces port-channel command to show port-channel information.
Parameter Description Channel Number of the port channel to show. This parameter is optional. If the port channel number is not given, all the channel groups are displayed. (Range: Valid port-channel number, 1 to 48). • Ports—The ports that are members of the port-channel. • Ch-Type—The aggregation scheme. Dynamic indicates that the LACP protocol is run. • Hash Algorithm Type—The hashing used to assign a conversation to a particular aggregation link.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows how to display LACP Ethernet interface information.
LACP PDUs send: LACP PDUs received: 0 0 show statistics port-channel Use the show statistics port-channel command to display statistics about a specific port-channel. Syntax show statistics port-channel port-channel-number Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows statistics about port-channel 1.
Packets RX and TX 2048-4095 Octets............. 0 Packets RX and TX 4096-9216 Octets............. 0 Total Packets Received Without Errors.......... Unicast Packets Received....................... Multicast Packets Received..................... Broadcast Packets Received..................... Receive Packets Discarded...................... 0 0 0 0 0 Total Packets Received with MAC Errors......... Jabbers Received............................... Fragments/Undersize Received...................
GVRP PDUs Transmitted.......................... GVRP Failed Registrations...................... GMRP PDUs Received............................. GMRP PDUs Transmitted.......................... GMRP Failed Registrations...................... BPDUs: Sent: 0, Received: 0 0 0 0 0 0 Time since counters last cleared...............
Port Monitor Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Dell EMC Networking switches allow the user to monitor traffic with an external network analyzer. The external network analyzer can use any of the Ethernet ports as a probe port. The probe port transmits a mirror copy of the traffic being probed. Network traffic transmission is always disrupted whenever a configuration change is made for port monitoring.
• Once configured, there is no network connectivity on the probe (destination) port. The probe port does not forward any traffic and does not receive any traffic. The probe tool attached to the probe port is unable to ping the networking device or ping through the networking device, and no device is able to ping the probe tool.
The in memory buffer is 128 packets. The file system buffer is 524288 bytes and is named cpuPktCapture.pcap. The remote monitor capture port is 2002. Command Modes Global Configuration mode User Guidelines Packets that are transmitted or received by the switch CPU may be captured to the switch file system, to local memory, or sent to a WireShark client.
monitor capture (Privileged Exec) Use the monitor capture command to capture packets transmitted or received from the CPU. This facility captures switch control plane traffic and is useful in monitoring network control traffic and analyzing network security. Remote packet capture is not supported when the packets are received via Service Port. Syntax monitor capture {start [transmit | receive | all] | stop} • Transmit—Capture packets transmitted by the switch CPU.
Syntax monitor capture mode {line | remote | file} no monitor capture mode • line—Captured packets are sent to the console. • remote—Captured packets are sent to a remote WireShark network analyzer. • file—Captured packets are sent to the file system. Default Configuration By default, remote capture is configured. Command Modes Global Configuration mode User Guidelines Only one file, remote, or line may be specified. Setting the mode takes effect immediately.
• The time when packet passed through CPU. • The first 128 bytes of packet. • The length of full packet (if greater than 128 bytes). The in-memory capture buffer can be configured to stop when full. This mode is configured with the command no monitor capture line wrap. Capturing packets is started by the monitor capture start command. Capturing packets is stopped automatically when 128 packets are captured and saved into the RAM.
If capturing is in progress and more than 128 packets are captured and the user configures no monitor capture line wrap mode, capturing is stopped automatically. No packets are lost when capturing is in progress. All captured packets can be displayed. No captured and not yet displayed packets are lost. Captured packets can be displayed when capturing is in progress or after the moment when capturing is stopped. Only packets saved in RAM (up to 128) can be displayed when capturing is stopped.
Remote capture can be enabled or disabled using the CLI. The network operator should obtain a computer with the Wireshark tool to display the captured traffic. When using remote capture mode, the switch doesn’t store any captured data locally. The local TCP port number can be configured for connecting Wireshark to the switch. The default port number is 2002. If a firewall is installed between the Wireshark PC and the switch, these ports must be allowed to pass through the firewall.
Example This example sends capture output to the console. console(config)#monitor capture line console(config)#exit console#monitor capture start all monitor session Use the monitor session command in Global Configuration mode to configure the source and destination for mirroring. Packets are copied from the source to the destination. Use the no form of the command to disable the monitoring session.
• tx — Mirrors transmitted packets only. If no option is specified, monitors both rx and tx. • both—Mirrors both ingress and egress. This is the default. • mode—Enable session mirroring. Use the no form of the command to disable monitoring. • remove-rspan-tag—Remove the RSPAN tag from packets transmitted on the probe port. Default Configuration The default is to mirror both transmit and receive directions. If neither tx or rx is configured, both directions are monitored.
• Up to 4 sessions in ingress (RX) traffic mirroring may be active. • Up to 4 sessions with egress (TX) traffic mirroring may be active. • Up to 2 sessions with both (RX and TX) traffic mirroring may be active. • Any other combination of up to 4 total ingress or egress mirroring may be active. Destination (probe) interfaces do not perform MAC learning and drop ingress traffic (forwarding is disabled and incoming packets are dropped).
(source/transit/destination) should be configured as trunk or general mode ports, and be members of the RSPAN VLAN. Do not assign other ports to the RSPAN VLANs (for example, trunk ports that are not reflector ports). Additionally, reflector ports may not be port channels. Monitored traffic is encapsulated in the RSPAN VLAN on the reflector port on the source switch.
the implicit deny all). If configuring an egress ACL on the destination port, care must be taken with the ACL numbering to ensure the mirrored traffic is properly processed. Bidirectional mirroring of multiple ports in a network may result in duplicate packets transmitted on the probe port (one copy for the receive side and another copy for the transmit side). Configuring the mirroring as rx only may help to reduce this issue.
console(config)#monitor session 1 destination remote vlan 723 reflector-port Te1/0/1 console(config)#monitor session 1 mode console(config)#show monitor session 1 Session Admin mode Type Source ports Both Destination port Destination RSPAN VLAN : : : : : : : 1 Enabled Remote source session Gi1/0/48 Te1/0/1 723 This example shows how to configure a destination switch using VLAN 723 as the source RSPAN VLAN interface Te1/0/1 and Gi1/0/10 as the destination interface.
Syntax remote-span no remote-span Default Configuration There is no default configuration for this command. Command Modes VLAN Configuration mode. User Guidelines Remote-span VLANs must be configured as a tagged VLAN on trunk or general mode ports on RSPAN transit switches. Traffic in an RSPAN VLAN is always flooded as MAC address learning and link local protocols are disabled on RSPAN VLANs.
Command Modes Privileged Exec mode (all SHOW modes) User Guidelines This command has no user guidelines. Example console#show monitor capture Operational Status............................. Current Capturing Type......................... Capturing Traffic Mode......................... Line Wrap Mode................................. RPCAP Listening Port........................... RPCAP dump file size (KB)......................
0010 86 dd 60 00 00 0020 00 00 00 00 88 0030 00 00 00 00 00 0040 01 00 82 00 43 0050 00 00 00 00 00 =================== 00 ff 00 62 00 00 fe 00 27 00 24 2f 00 10 00 00 8e 00 00 00 01 82 01 00 00 fe ff 3a 00 ff 80 02 00 00 ff 00 00 05 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 Gi1/0/1 Length = 94 [RECEIVE] =================== 02:29:26.
console(config)#show monitor session 1 Session Admin mode Type Source ports Both Destination ports IP access-group : : : : : : : 1 Disabled Local session Te1/0/10 Te2/0/20 a1 The following example shows the detailed status of the port based mirroring session that is constrained to a local switch.
The following example shows the detailed status of a VLAN session on destination switch, where session is span across multiple switches. console# show monitor session 1 detail Session : 1 Type : Remote Destination Session Source Ports : RX Only : None TX Only : None Both : None Source VLANs : RX Only : None Source RSPAN VLAN : 999 Destination Ports : Gi1/0/15 Dest RSPAN VLAN : None show vlan remote-span Use this command to display the RSPAN VLAN IDs.
----------------------------------------------------10 Layer 2 Switching Commands 716
QoS Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Quality of Service (QoS) technologies are intended to provide guaranteed timely delivery of specific application data to a particular destination. In contrast, standard IP-based networks are designed to provide best effort data delivery service. Best effort service implies that the network delivers the data in a timely fashion, although there is no guarantee.
ACLs can be configured to apply to a VLAN instead of an interface. Traffic tagged with a VLAN ID (either receive-tagged or tagged by ingress process such as PVID) is evaluated for a match regardless of the interface on which it is received. Layer 2 ACLs The Layer 2 ACL feature provides access list capability by allowing classification on the Layer 2 header of an Ethernet frame, including the 802.1Q VLAN tag(s).
CoS mapping tables, port default priority, and hardware queue parameters may be configured on LAG interfaces as well as Ethernet port interfaces. Queue Mapping The priority of a packet arriving at an interface is used to steer the packet to the appropriate outbound CoS queue through a mapping table. Network packets arriving at an ingress port are directed to one of n queues in an egress port(s) based on the translation of packet priority to CoS queue.
DiffServ Standard IP-based networks are designed to provide “best effort” data delivery service. Best effort service implies that the network delivers the data in a timely fashion, although there is no guarantee that it will meet the latency or bandwidth requirements. During times of congestion, packets may be delayed, sent sporadically, or dropped. For typical Internet applications, such as email and file transfer, a slight degradation in service is acceptable and in many cases unnoticeable.
conform-color match dstl4port policy-map show policy-map cos-queue minbandwidth match ethertype random-detect queue-parms show policy-map interface cos-queue random- match ip6flowlbl detect random-detect show service-policy exponentialweighting-constant cos-queue strict match ip dscp redirect traffic-shape diffserv match ip precedence service-policy vlan priority drop match ip tos show class-map – mark cos match protocol show classofservice – dot1p-mapping mark ip-dscp match source
User Guidelines The queue id is the internal queue number (traffic class), not the CoS value. Use the show classofservice command to display the assignment of CoS and DSCP values to internal queue numbers. Example The following example displays how to change the queue ID to 4 for the associated traffic stream.
Example The following example shows how to specify the DiffServ class name of “DELL.” console(config)#class-map match-all DELL console(config-classmap)#exit console(config)#policy-map DELL1 in console(config-policy-map)#class DELL class-map Use the class-map command in Global Configuration mode to define a new DiffServ class of type match-all. To delete an existing class, use the no form of this command.
Enter the class-map command with the match-all/match-any parameter and a nonexistent class-map-name to create a new class map. The class-mapname must not be the same as any other class map or access group name. Use the no class-map form of the command without a match-all/match-any parameter to delete an existing class map. The match-all parameter indicates that all of the match criteria configured in the class map must be met for the packet to be processed by the class map.
console(config-classmap)#match access-group name voice-pass console(config-classmap)#match access-group name voice-all console(config- classmap)#exit console(config)#class-map match-all port-default console(config-classmap)#match access-group name default console(config- classmap)#exit console(config)#policy-map inbound in console(config-policy-map)#class voice-all console(config-policy-classmap)#mark ip dscp af41 console(config-policy-classmap)#exit console(config-policy-map)#class port-default console(con
Example The following example displays how to change the name of a DiffServ class from “DELL” to “DELL1.” console(config)#class-map rename DELL DELL1 console(config)# classofservice dot1p-mapping Use the classofservice dot1p-mapping command in Global Configuration mode to map an IEEE 802.1p user priority to an internal traffic class. In Interface Configuration mode, the mapping is applied only to packets received on that interface. Use the no form of the command to remove mapping between an 802.
Command Mode Global Configuration or Interface Configuration (Ethernet, Port-channel) mode User Guidelines None Example The following example globally configures a mapping for user priority 1 and traffic class 2. If trust mode is enabled for 802.1p (classofservice trust dot1p), packets received on any interface marked with IEEE 802.1p priority 1 will be assigned to internal CoS queue 2.
IP DSCP Traffic Class (queue-id) 0(be/cs0) 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8(cs1) 0 9 0 10(af11) 0 11 0 12(af12) 0 13 0 14(af13) 0 15 0 16(cs2) 0 17 0 18(af21) 0 19 0 20(af22) 0 21 0 22(af23) 0 23 0 24(cs3) 1 25 1 26(af31) 1 Layer 2 Switching Commands 728
IP DSCP Traffic Class (queue-id) 27 1 28(af32) 1 29 1 30(af33) 1 31 1 32(cs4) 2 33 2 34(af41) 2 35 2 36(af42) 2 37 2 38(af43) 2 39 2 40(cs5) 2 41 2 42 2 43 2 44 2 45 2 46(ef) 2 47 2 48(cs6) 3 49 3 50 3 51 3 52 3 53 3 54 3 Layer 2 Switching Commands 729
IP DSCP Traffic Class (queue-id) 55 3 56(cs7) 3 57 3 58 3 59 3 60 3 61 3 62 3 63 3 Command Mode Global Configuration mode User Guidelines The switch may be configured to trust either DSCP or CoS values, but not both. Setting the trust mode does not affect ACL packet matching, e.g. it is still possible to use an ACL that matches on a received CoS value and assigns the packet to a queue even when DSCP is trusted.
Syntax classofservice trust {dot1p | untrusted | ip-dscp} no classofservice trust • dot1p — Specifies that the mode be set to trust IEEE 802.1p packet markings. • untrusted — Sets the Class of Service Trust Mode to Untrusted. • ip-dscp — Specifies that the mode be set to trust IP DSCP packet markings. Default Configuration By default, the switch trusts IEEE 802.1p markings.
Syntax conform-color {class-map-name} [exceed-color { class-map-name } ] Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines This command must be preceded by a police command. If the conform-color command is not entered, the police algorithm uses the color-blind version, meaning in the incoming color is ignored. The conform-color command can be used with any of the three police algorithms.
Example The following example uses a simple policer to color TCP packets that exceed an average rate of 1000 Kbps or a burst size of 16 Kbytes as red. Conforming packets (those in CoS queue 1) are pre-colored green prior to metering. After metering, non-conforming packets are colored red. Both green and red packets are transmitted, but may be subject to further color-based action on egress.
Command Mode Global Configuration mode or Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command changes the scheduling policy for packet transmission of the selected CoS queues. It does not change the packet buffering policy nor does it reserve packet buffers to a CoS queue. The maximum number of queues supported per interface is seven.
Syntax cos-queue {random-detect queue-id1 [queue-id2..queue-idn]} no cos-queue {random-detect queue-id1 [queue-id2..queue-idn]} • queue-id—An integer indicating the internal CoS queue-id which is to be enabled for WRED. Range 0-6. Up to 7 queues may be simultaneously specified. Default Configuration WRED queue management policy is disabled by default. Tail-drop queue management policy is enabled by default.
N1500 Series Switches N1500 Series switches support a simple RED capability. The N1500 Series switch does not support configuration of the maximum threshold nor can the threshold or drop probability be configured for non-TCP traffic. Only the minimum threshold (min-thresh) and drop probability (drop-prob-scale) may be configured for the TCP colors green/yellow/red. The maximum threshold may not be configured nor can the threshold or drop probability be configured for non-TCP traffic.
This example configures simple RED on an N1500 series switch. CoS queue 1 is globally configured for simple RED with a congestion threshold of 50% and a drop probability of 0.781% for green colored traffic.
Strict priority scheduling is most useful when it is desirable that low-bit-rate time-sensitive traffic be queued ahead of other traffic. The administrator must be careful to limit the bandwidth assigned to the strict priority queue to avoid potential denial of service attacks. See the “Enterprise Voice VLAN Configuration With QoS” section in the Users Configuration Guide for a rate limiting example.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to set the DiffServ operational mode to active. console(Config)#diffserv drop Use the drop command in Policy-Class-Map Configuration mode to specify that all packets for the associated traffic stream are to be dropped at ingress. NOTE: This command is not available on the N1500 Series switches. Syntax drop Default Configuration This command has no default configuration.
mark cos Use the mark cos command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified class of service value in the user priority field of the 802.1p header. If the packet does not already contain this header, one is inserted. NOTE: This command is not available on the N1500 Series switches. Syntax mark cos cos-value • cos-value — Specifies the CoS value as an integer.
mark ip-dscp Use the mark ip-dscp command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified IP DSCP value. NOTE: This command is not available on the N1500 Series switches.
mark ip-precedence Use the mark ip-precedence command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified IP precedence value. NOTE: This command is not available on the N1500 Series switches. Syntax mark ip-precedence prec-value • prec-value — Specifies the IP precedence value as an integer. (Range: 0–7) Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines.
match access-group Use the match access-group command to add ACL match criteria to a class map. Use the no form of the command to remove the ACL match criteria. Syntax match access-group name name no match access-group name name • name—The name of an access-list. Only MAC, IPv4, and IPv6 access-lists are allowed. Default Configuration No access-lists are configured for a class-map.
If a packet matches a deny ACL class specified in a class-map, the packet does not match, no further matching is performed, and the class-map clause is not matched. No counters are instantiated for ACLs referenced in a class map. Command History Command introduced in version 6.5 firmware. Example The following example configures an access list arp-list with a policy that implements a simple policer for ARP packets coming from any of the hosts listed in the access list.
match class-map Use the match class-map command to add to the specified class definition the set of match conditions defined for another class. Use the no form of this command to remove from the specified class definition the set of match conditions defined for another class. NOTE: This command is not available on the N1500 Series switches.
• The total number of class rules formed by the complete reference class chain (including both predecessor and successor classes) must not exceed a platform-specific maximum. In some cases, each removal of a refclass rule reduces the maximum number of available rules in the class definition by one. Example The following example adds match conditions defined for the Dell class to the class currently being configured.
Example The following example displays adding a match condition to the specified class. console(config-classmap)#match cos 1 match destination-address mac Use the match destination-address mac command in Class-Map Configuration mode to add a match condition based on the destination MAC address of a packet. NOTE: This command is not available on the N1500 Series switches.
match any Use the match any command in Class-Map Configuration mode to allow matching on any of the specified match conditions. Use the no form of the command to remove the ACL match criteria and revert to match-all behavior. Syntax match any no match any Default Configuration The default matching for a class map is to match on all specified match conditions.
Example The following example configures a MAC access list arp-list with a policy that implements a simple policer for ARP packets coming from any of the hosts listed in the access list. Apply the policy to an interface using the servicepolicy in command in Interface Configuration mode. console(config)#mac access-list extended arp-list console(config-mac-access-list)#permit 00:01:02:03:04:05 0000.0000.0000 0x0806 console(config-mac-access-list)#permit 00:03:04:05:06:07 0000.0000.
Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays adding a match condition using the specified IP address and bit mask. console(config-classmap)#match dstip 10.240.1.1 255.255.255.1 match dstip6 The match dstip6 command adds a match condition based on the destination IPv6 address of a packet. NOTE: This command is not available on the N1500 Series switches.
Example console(config-classmap)#match dstip6 2001:DB8::0/32 match dstl4port Use the match dstl4port command in Class-Map Configuration mode to add a match condition based on the destination layer 4 port of a packet using a single keyword or a numeric notation. NOTE: This command is not available on the N1500 Series switches. Syntax match dstl4port {portkey | port-number} • portkey — Specifies one of the supported port name keywords. A match condition is specified by one layer 4 port number.
NOTE: This command is not available on the N1500 Series switches. Syntax match ethertype {keyword | 0x0600-0xffff} • keyword — Specifies either a valid keyword or a valid hexadecimal number. The supported keywords are appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp. (Range: 0x0600– 0xFFFF) Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines.
Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command. Example The following example adds a rule to match packets whose IPv6 Flow Label equals 32312.
User Guidelines This DSCP field is defined as the high-order six bits of the Service type octet in the IP header. The low-order two bits are not checked. The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation. To specify a match on all DSCP values, use the match ip tos tosbits tosmask command with tosbits set to “0” (zero) and tosmask set to hex “03.
User Guidelines The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation. To specify a match on all precedence values, use the match ip tos tosbits tosmask command with tosbits set to “0” (zero) and tosmask set to hex “1F.” Example The following example displays adding a match condition based on the value of the IP precedence field.
User Guidelines The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation. This specification is the free form version of the IP DSCP/Precedence/TOS match specification in that you have complete control of specifying which bits of the IP Service Type field are checked.
• igmp—Match IGMP protocol packets (Ethertype 0x0800 and IPv4 protocol 2).
Example The following example displays adding a match condition based on the “ip” protocol name keyword. console(config-classmap)#match protocol ip match source-address mac Use the match source-address mac command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source MAC address of the packet. NOTE: This command is not available on the N1500 Series switches.
match srcip Use the match srcip command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source IP address of a packet. NOTE: This command is not available on the N1500 Series switches. Syntax match srcip ipaddr ipmask • ipaddr — Specifies a valid IP address. • ipmask — Specifies a valid IP address bit mask. Note that although this IP address bit mask is similar to a subnet mask, it does not need to be contiguous.
Syntax match srcip6 source-ipv6-prefix/prefix-length • source-ipv6-prefix — IPv6 prefix in IPv6 global address format. • prefix-length — IPv6 prefix length value. Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command.
Command Mode Class-Map Configuration mode User Guidelines Only one srcl4port matching criteria can be specified. To remove the matching criteria, delete the class map. Example The following example displays how to add a match condition using the “snmp” port name keyword. console(config-classmap)#match srcl4port snmp match vlan Use the match vlan command in Class-Map Configuration mode to add to the specified class definition a match condition based on the value of the layer 2 VLAN Identifier field.
Example The following example displays adding a match condition for the VLAN ID “2.” console(config-classmap)#match vlan 2 mirror Use the mirror command in Policy-Class-Map Configuration mode to mirror all the data that matches the class defined to the destination port specified. NOTE: This command is not available on the N1500 Series switches. Syntax mirror interface • interface — Specifies the Ethernet port to which data needs to be copied.
Syntax police-simple {datarate burstsize conform-action {drop | set-prec-transmit cos | set-dscp-transmit dscpval | transmit} [violate-action {drop | set-cos transmit cos | set-prec-transmit cos | set-dscp-transmit dscpval | transmit}]} • datarate — Data rate in kilobits per second (Kbps). (Range: 1– 4294967295) • burstsize — Burst size in Kbytes (Range: 1–128) • conform action — Configures the action taken for packets that do not exceed the data rate or the burst size: – drop: Drop the packet.
User Guidelines The simple form of the police command uses a single data rate and burst size, resulting in two outcomes: conform and violate. Conforming packets are colored green and non-conforming packets are colored red for use by the WRED mechanism. Only one style of police command (simple, single-rate or two-rate) is allowed for a given class instance in a particular policy. The conform-color command can be used to pre-color packets prior to policing.
– set-dscp-transmit dscp-val: Remark the DSCP in the packet to dscpval and transmit. (Range 0-63) – set-cos-transmit 802.1p-priority: Remark the 802.1p priority in the packet to 802.1p-priority and transmit. (Range 0-7) – transmit: Transmit the packet unmodified. Default Configuration There no default configuration for this command.
Syntax police-two-rate datarate burstsize peak-data-rate excess-burstsize conformaction action exceed-action action violate-action action • datarate — Data rate in kilobits per second (Kbps). (Range: 1– 4294967295) • burstsize — Burst size in Kbytes (Range: 1–128) • peak-data-rate— Peak data rate in kilobits per second (Kbps). (Range 14294967295) • excess-burstsize — Excess burst size in kilobits per seconds (Kbps). (Range 1-128) • action— The action to take according to the color.
Peak Burst Size (PBS) A packet is colored red if it exceeds the PIR, yellow if it exceeds the CIR, but not the PIR, and green if it does not exceed either. A trTCM is useful when a peak rate needs to be enforced separately from a committed rate. The CIR and PIR are measured in Kbps (not pps as indicated in the RFC), the CBS in Kbytes, and the PBS in Kbytes. It is recommended that the CBS and PBS be configured to be larger than the largest expected IP packet.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The CLI mode is changed to Policy-Class-Map Configuration when this command is successfully executed. The policy type dictates which of the individual policy attribute commands are valid within the policy definition. Example The following example shows how to establish a new ingress DiffServ policy named “DELL.
• queue-id—The internal class of service queue (range 0-6). The queue-id is not the same as the CoS value received in incoming packets. Use the show classofservice dot1p-mapping command to display the CoS value to internal CoS queue mapping. • min-thresh—The minimum threshold at which to begin dropping, based on the configured maximum drop probability for each color and for nonTCP packets. Range 0 to 250. At or below the minimum threshold, no packets are dropped.
Queue ID WRED Minimum Threshold WRED Maximum Threshold WRED Drop Probability Scale ECN Enabled 4 40/30/20/100 100/ 90/ 80/100 10/ 10/ 10/ 10 No 5 40/30/20/100 100/ 90/ 80/100 10/ 10/ 10/ 10 No 6 40/30/20/100 100/ 90/ 80/100 10/ 10/ 10/ 10 No Command Mode Global Configuration mode, Interface Configuration mode (Ethernet and port-channel), Interface Range mode User Guidelines Interface configuration overrides the global configuration.
For a given network, the minimum and maximum WRED thresholds should be calculated to give a reasonable amount of buffering to TCP flows given the switch buffer capacity. WRED thresholds are applied individually to each physical interface. For the Dell EMC NetworkingN2000/N3000-ON Series switches, a threshold of 100% corresponds to a buffer occupancy of 295428 bytes queued for transmission on an interface.
Explicit Congestion Notification (ECN): ECN capability is an end-to-end feedback mechanism. Both ends of the TCP connection must participate. When ECN is enabled, packets marked as ECN capable and selected for discard by WRED are marked CE and are not dropped. In cases of extreme congestion, ECN capable packets may be dropped. Use the show interfaces traffic command to see color aware drops and congestion levels.
100%: 100 Examples This example configures simple RED on an N1500 series switch. CoS queue 1 is globally configured for simple RED with a congestion threshold of 50% and a drop probability of 0.781% for green colored traffic.
size to ½ the difference between the previous size and the current instantaneous queue size, set the weighting constant to 1. To update the current queue size to 1/4 the difference between the previous size and the current instantaneous queue size, set the weighting constant to 2, .... The average queue size is calculated for each physical interface independently.
service-policy Use the service-policy command in either Global Configuration mode (for all system interfaces) or Interface Configuration mode (for a specific interface) to attach a policy to an interface. To return to the system default, use the no form of this command. NOTE: This command is not available on the N1500 Series switches.
fail. Applying a policy globally applies the policy to all physical interfaces. The policy appears in the running-config as part of the individual interface configuration. Example The following example shows how to attach a service policy named “DELL” to all interfaces for packets ingressing the switch. console(config)#service-policy in DELL show class-map Use the show class-map command to display all configuration information for the specified class.
Class Name ------------------------------cee ipv4 stop_http_class Type ACL Identifier or Reference Class Name ----- -------------------------------------All acl (IP ) All Any console#show class-map ipv4 Class Name..................................... ipv4 Class Type..................................... All Match Rule Count............................... 1 Match Criteria Values ---------------------------- -------------------------------------------Source IP Address 2.2.2.2 (255.255.255.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If the interface is specified, the IEEE 802.1p mapping table of the interface is displayed. If omitted, the global configuration settings are displayed. The following table lists the parameters in the example and gives a description of each. Parameter Description User Priority The 802.1p user priority value.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
28(af32) 29 30(af33) 31 32(cs4) 33 34(af41) 35 36(af42) 37 38(af43) 39 40(cs5) 41 42 43 44 45 46(ef) 47 48(cs6) 49 50 51 52 53 54 55 56(cs7) 57 58 59 60 61 62 63 1 1 1 1 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 show classofservice trust Use the show classofservice trust command to display the current trust mode setting for a specific interface.
Syntax show classofservice trust [{gigabitethernet unit/slot/port| port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If the interface is specified, the port trust mode of the interface is displayed. If omitted, the port trust mode for global configuration is shown.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the DiffServ information. console#show diffserv DiffServ Admin mode.......................... Class Table Size Current/Max................. Class Rule Table Size Current/Max............ Policy Table Size Current/Max................ Policy Instance Table Size Current/Max....... Policy Attribute Table Size Current/Max......
User Guidelines This command has no user guidelines. Example console#show diffserv service interface gigabitethernet 1/0/1 in DiffServ Admin Mode........................... Enable Interface..................................... Gi1/0/1 Direction..................................... In No policy is attached to this interface in this direction. show diffserv service brief Use the show diffserv service brief command to display all interfaces in the system to which a DiffServ policy has been attached.
Po47 Gi1/0/1 Po48 Gi1/0/2 In In In In Down Down Down Down DELL DELL DELL DELL show interfaces cos-queue Use the show interfaces cos-queue command to display the class-of-service queue configuration for the specified interface. Syntax show interfaces cos-queue [{gigabitethernet unit/slot/port | port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
2 3 4 5 6 0 0 0 0 0 Weighted Weighted Weighted Weighted Weighted Tail Tail Tail Tail Tail Drop Drop Drop Drop Drop This example displays the COS configuration for the specified interface Gi1/0/1. console#show interfaces cos-queue gigabitethernet 1/0/1 Interface...................................... Gi1/0/1 Interface Shaping Rate......................... 0 Queue Id -------0 1 2 3 4 5 6 Min.
Parameter Description Minimum Bandwidth The minimum transmission bandwidth guarantee for the queue, expressed as a percentage. A value of 0 means bandwidth is not guaranteed and the queue operates using best-effort scheduling. This value is a configured value. Scheduler Type Indicates whether this queue is scheduled for transmission using a strict priority or a weighted scheme. This value is a configured value.
rate commands), all packets are colored green. Use the show interfaces cosqueue command to show the global or per interface scheduler type and queue management types. The N1500 Series switch does not support configuration of the maximum threshold nor can the threshold or drop probability be configured for nonTCP traffic. Example Example 1 This example shows ECN enabled for green color packets on CoS queues 0 and 1.
show interfaces traffic Use the show interfaces traffic command to display traffic information. Syntax show interfaces traffic [interface-id] interface-id—A valid Ethernet interface specifier. Port-channels are not allowed with this command as the queuing and drops occur on the individual interfaces and not on the port channel. Default Configuration The default is to show the global traffic class group configuration.
Field Description WRED TX Queue The instantaneous number of packets queued for transmission on the interface as smoothed by the exponential weighting function. The above counters are cleared by the clear counters command. The queue sizes cannot be cleared as they are instantaneous Example This example shows Gi1/0/1 is suffering from congestion (Tx Queue high) and is dropping packets, either due to WRED drops or due to exceeding the internal buffer limits.
User Guidelines This command displays interface transmit and receive utilization in bits/sec and packets/sec. The transmit utilization and transmit packet counts include packets generated by the CPU. Buffer utilization is the count of cells queued for transmission on a port. A buffer utilization value of less than 10 generally indicates that the port is not experiencing congestion and packets are transmitted as soon as they are queued for output.
Field Description Rx Util The receive utilization which is the link utilization in the receive direction as a percentage of operational speed (range 0-100). The utilization is derived by dividing the link speed by the number of bytes received averaged over the last sampling interval. Tx Util The transmit utilization. The link utilization in the transmit direction as a percentage of operational speed (range 0-100).
thresholds for buffering on the port are reached. A conscientious network operator might want to examine why the devices attached to Gi1/0/5 and Gi1/0/6 are sending so much traffic to Gi1/0/2 attached devices and either redistribute the devices, rate-limit traffic egressing the devices attached to Gi1/0/5 and Gi1/0/6, or increase the number of links available for the device attached to Gi1/0/2.
User Guidelines This command has no user guidelines. Example The following example displays the DiffServ information. console#show Policy Name ----------POLY1 DELL policy-map Policy Type ----------xxx xxx Class Members ------------DellClass DellClass show policy-map interface Use the show policy-map interface command to display policy-oriented statistics information for the specified interface. NOTE: This command is not available on the N1500 Series switches.
Example The following example displays the statistics information for port te1/0/1. console#show policy-map interface te1/0/1 in Interface..................................... Operational Status............................ Policy Name................................... Interface Summary: Class Name.................................... In Offered Packets............................ In Discarded Packets..........................
Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Gi1/0/9 Gi1/0/10 Down Down Down Down Down Down Down Down DELL DELL DELL DELL DELL DELL DELL DELL traffic-shape Use the traffic-shape command in Global Configuration mode and Interface Configuration mode to specify the maximum transmission bandwidth limit for the interface as a whole. To restore the default interface shaping rate value, use the no form of this command.
Traffic shaping may cause congestion and packet loss if the aggregate ingress rate for an interface persistently exceeds the egress traffic shape rate. Example The following example rate limits interface gi1/0/1 to a maximum bandwidth of 1024 Kbps. console(config-if-Gi1/0/1)#traffic-shape 1024 Kbps vlan priority Use the vlan priority command to assign a default VLAN priority tag for untagged frames ingressing an interface. Syntax vlan priority cos-value • cos-value – A value ranging from 0-7.
Spanning Tree Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches The Multiple Spanning Tree Protocol (MSTP) component complies with IEEE 802.1 by efficiently segregating VLAN traffic over separate interfaces for multiple instances of Spanning Tree. IEEE 802.1D, Spanning Tree and IEEE w, Rapid Spanning Tree are supported through the IEEE 802.1s implementation. The difference between the RSTP and STP (IEEE 802.
port. In this way, the root guard enforces the position of the root bridge. In MSTP scenario the port may be designated in one of the instances while being alternate in the CIST, and so on. Root guard is a per port (not a per port per instance command) configuration so all the MSTP instances this port participates in should not be in root role. STP BPDU Filtering - STP BPDU filtering applies to all operational edge ports.
show spanning-tree spanning-tree forward-time spanning-tree portfast spanning-tree vlan forward-time show spanning-tree spanning-tree guard spanning-tree summary portfast bpdufilter default spanning-tree vlan hello-time show spanning-tree spanning-tree vlan loopguard spanning-tree vlan max-age spanning-tree spanning-tree portfast default spanning-tree max- spanning-tree port- spanning-tree vlan root age priority (Interface Configuration) spanning-tree auto- spanning-tree max- – portfast hops span
console#clear spanning-tree detected-protocols gigabitethernet 1/0/1 exit (mst) Use the exit command in MST mode to exit the MST configuration mode and apply all configuration changes. Syntax exit Default Configuration MST configuration. Command Mode MST mode User Guidelines This command has no user guidelines. Example The following example shows how to exit the MST configuration mode and save changes.
Default Configuration VLANs are mapped to the common and internal spanning tree (CIST) instance (instance 0). Command Mode MST mode User Guidelines Before mapping VLANs to an instance use the spanning-tree mst enable command to enable the instance. All VLANs that are not explicitly mapped to an MST instance are mapped to the common and internal spanning tree (CIST) instance (instance 0) and cannot be unmapped from the CIST.
console(config-mst)#instance 1 add vlan 3000-4093 console(config-mst)#instance 2 add vlan 200-349 console(config-mst)#instance 2 add vlan 351-399 console(config-mst)#instance 2 add vlan 450-499 console(config-mst)#instance 2 add vlan 2000-2199 console(config-mst)#instance 2 add vlan 2500-2599 console(config-mst)#instance 2 add vlan 2800-2999 console(config-mst)#exit console(config)#interface te1/1/1 console(config-if-Te1/1/1)#switchport mode trunk console(config-if-Te1/1/1)#switchport trunk allowed vlan add
Example The following example sets the configuration name to “region1”. console(config)#spanning-tree mst configuration console(config-mst)#name region1 revision (mst) Use the revision command in MST mode to identify the configuration revision number. To return to the default setting, use the no form of this command. Syntax revision version no revision • version — Configuration revision number. (Range: 0-65535) Default Configuration Revision number is 0.
show spanning-tree Use the show spanning-tree command to display the spanning-tree configuration. Syntax show spanning-tree [{gigabitethernet unit/slot/port | port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] [instance instance-id] show spanning-tree [detail] [active | blockedports] | [instance instance-id] show spanning-tree mst-configuration show spanning-tree {uplinkfast | backbonefast} • detail—Displays detailed information.
Examples The following examples display spanning-tree information. MST information is shown in this form of the command regardless of the spanning tree mode. console#show spanning-tree Spanning Tree: Enabled Mode: rstp BPDU Flooding: Disabled Portfast BPDU Filtering: Enabled Portfast BPDU Guard: Disabled CST Regional Root: 80:00:00:1E:C9:AA:AD:1B Regional Root Path Cost: 0 ROOT ID Priority 32768 Address 0010.1882.
BPDUs: Sent: 74, Received: 0 console#show spanning-tree detail Spanning Tree: Enabled (BPDU Flooding: Disabled) Mode: rstp Portfast BPDU Filtering: Disabled CST Regional Root: 80:00:00:1E:C9:DE:D4:47 Regional Root Path Cost: 0 Address 80:00:00:1E:C9:DE:D4:47 This Switch is the Root.
Address 80:00:00:1E:C9:DE:D4:47 This Switch is the Root. Hello Time: 2s Max Age: 20s Forward Delay: 15s Transmit Hold Count: 6s Bridge Max Hops: 20 Number of topology changes: 1 Last Change Occurred: 0d0h4m13s ago Times: Hold: 6, Hello: 2, Max Age: 20, Forward Delay: 15 Port: Gi1/0/1 Enabled State: Forwarding Role: Designated Port ID: 128.1 Port Cost: 20000 Root Protection: No Designated Bridge Priority: 32768 Address: 001E.C9DE.D447 Designated Port ID: 128.
console(config)#show spanning-tree uplinkfast Directlink rapid convergence is enabled BPDU update rate : 150 packets/sec Directlink rapid convergence Statistics --------------------Directlink rapid convergence transitions (all VLANs).. 0 Proxy multicast addresses transmitted (all VLANs).....
###### MST 0 Vlan Mapped: 1 ROOT ID Priority 32768 Address 001E.C9DE.D447 This Switch is the Root. Hello Time: 2s Max Age: 20s Forward Delay: 15s Interfaces Name --------Gi1/0/1 Gi1/0/2 Te1/0/1 Te1/0/2 State -------Enabled Enabled Enabled Enabled Prio.Nbr --------128.1 128.2 128.49 128.50 Cost --------0 0 0 0 Sts ---FWD FWD FWD DSC Role ----Desg Desg Desg Bkup RestrictedPort -------------No No No No ###### MST 1 Vlan Mapped: 2 ROOT ID Priority 32768 Address 001E.C9DE.D447 This Switch is the Root.
Interfaces Name --------Gi1/0/1 Gi1/0/2 State -------Enabled Enabled Prio.Nbr --------128.1 128.2 Cost --------20000 20000 Sts ---FWD FWD Role ----Desg Desg RestrictedPort -------------No No console(config)#show spanning-tree instance 2 Spanning Tree: Enabled BPDU Flooding: Disabled Mode: mstp Portfast BPDU Filtering: Disabled CST Regional Root: 80:00:00:1E:C9:DE:D4:47 Regional Root Path Cost: 0 ###### MST 2 Vlan Mapped: 3-5 ROOT ID Priority 4096 Address 001E.C9DE.
ROOT ID Priority 32768 Address 001E.C9DE.D447 This Switch is the Root. Hello Time: 2s Max Age: 20s Forward Delay: 15s Interfaces Name State --------- -------Gi1/0/1 Enabled Gi1/0/2 Enabled Te1/0/1 Enabled Te1/0/2 Enabled Prio.Nbr --------128.1 128.2 128.49 128.50 Cost --------20000 20000 2000 2000 Sts ---FWD FWD FWD DSC Role ----Desg Desg Desg Bkup RestrictedPort -------------No No No No This example shows spanning-tree configured in rapid-pvst mode.
Gi1/0/1 Gi1/0/2 Enabled Enabled 128.1 128.2 20000 20000 Forwarding Forwarding Designated Designated show spanning-tree summary Use the show spanning-tree summary command to display spanning tree settings and parameters for the switch. Syntax show spanning-tree summary Default Configuration There is no default configuration for this command.
Configuration Name Identifier used to identify the configuration currently being used. Configuration Revision Level Identifier used to identify the configuration currently being used. Configuration Digest Key A generated Key used in the exchange of the BPDUs. Configuration Format Selector Specifies the version of the configuration format being used in the exchange of BPDUs. The default value is zero. MST Instances List of all multiple spanning tree instances configured on the switch.
• all—Show all VLANs. Default Configuration There is no default configuration for this command. Command Modes Privileged Exec and above User Guidelines There are no user guidelines for this command. Example console(config)#show spanning-tree vlan 2 VLAN 2 Spanning Tree: Enabled Mode: rapid-pvst RootID Priority 32770 Address 001E.C9DE.D447 Cost 0 Port This switch is the root Hello Time: 2s Max Age: 20s Forward Delay: 15s BridgeID Priority 32770 (priority 32768 sys-id-ext 2) Address 001E.C9DE.
Default Configuration Spanning-tree is enabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables spanning-tree functionality. console(config)#spanning-tree spanning-tree auto-portfast Use the spanning-tree auto-portfast command to set the port to auto portfast mode. This enables the port to become a portfast port if it does not see any BPDUs for 3 seconds after a link up event.
Example The following example enables spanning-tree functionality on Gigabit ethernet interface 4/0/1. console#config console(config)#interface gigabitethernet 4/0/1 console(config-if-4/0/1)#spanning-tree auto-portfast spanning-tree backbonefast Use the spanning-tree backbonefast command to enable the detection of indirect link failures and accelerate spanning tree convergence on STP-PV/RSTP-PV configured switches using Indirect Link Rapid Convergence (IRC).
Example console(config)#spanning-tree backbonefast spanning-tree bpdu flooding The spanning-tree bpdu flooding command allows flooding of BPDUs received on non-spanning-tree ports to all other non-spanning-tree ports. Use the “no” form of the command to disable flooding. Syntax spanning-tree bpdu flooding no spanning-tree bpdu flooding Default Configuration This feature is disabled by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Default Configuration BPDU guard is not enabled. Command Mode Global Configuration mode User Guidelines The administrator should ensure that interfaces on which BDPU guard is enabled are configured as edge ports. To configure an interface as an edge port, use the spanning-tree portfast command. An edge port is generally connected to a user terminal (such as a desktop computer) or file server directly and is configured as an edge port to implement a fast transition to the forwarding state.
Syntax spanning-tree [vlan vlan-list] cost cost no spanning-tree cost • cost — The port path cost. Default Configuration The default cost value (0) causes the switch to select the path cost based on the link speed. • 40G Port path cost — 1400 • 10G Port path cost — 2000 • 1000 Mbps (giga) — 20,000 • 100 Mbps — 200,000 • 10 Mbps — 2,000,000 • Port Channel—200,000,000 divided by the sum of the unidirectional link speed (in Mbps) of each active member multiplied by 10 per section 13.6.
If an interface is configured with both the spanning-tree vlan vlan-id cost cost command and the spanning-tree cost cost command, the spanning-tree vlan vlan-id cost cost value is used in the spanning tree calculation for RSTP, STP, and MST. Use the spanning-tree vlan cost command to change the cost for RSTP-PV and STP-PV. Example The following example configures the external path cost to be 8192 for VLANs 12, 13, 24, 25, and 26.
spanning-tree forward-time Use the spanning-tree forward-time command in Global Configuration mode to configure the spanning-tree bridge forward time, which is the amount of time a port remains in the listening and learning states before entering the forwarding state. To reset the default forward time, use the no form of this command. Syntax spanning-tree forward-time seconds no spanning-tree forward-time • seconds — Time in seconds.
spanning-tree guard The spanning-tree guard command selects whether loop guard or root guard is enabled on an interface. If neither is enabled, the port operates in accordance with the multiple spanning tree protocol. Use the “no” form of this command to disable loop guard or root guard on the interface. Syntax spanning-tree guard {root | loop | none} • root — Enables root guard. • loop — Enables loop guard • none — Disables root and loop guard.
no spanning-tree loopguard default Default Configuration Loop guard is disabled by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables spanning-tree loopguard functionality on all ports. console(config)#spanning-tree loopguard default spanning-tree max-age Use the spanning-tree max-age command in Global Configuration mode to configure the spanning-tree bridge maximum age.
User Guidelines When configuring the Max-Age the following relationships should be satisfied: 2*(Forward-Time - 1) >= Max-Age Max-Age >= 2*(Hello-Time + 1) Example The following example configures the spanning-tree bridge maximum-age to 10 seconds. console(config)#spanning-tree max-age 10 spanning-tree max-hops Use the spanning-tree max-hops command to set the MSTP Max Hops parameter to a new value for the common and internal spanning tree.
spanning-tree mode Use the spanning-tree mode command in Global Configuration mode to configure the spanning-tree protocol. To return to the default configuration, use the no spanning-tree form of this command. Syntax spanning-tree mode {stp | rstp | mst | pvst | rapid-pvst} • stp — Spanning Tree Protocol (STP) is enabled. • rstp — Rapid Spanning Tree Protocol (RSTP) is enabled. • mst — Multiple Spanning Tree Protocol (MSTP) is enabled. • pvst— Spanning-tree operates in STP-PV mode.
RSTP-PV maintains independent spanning tree information about each configured VLAN. RSTP-PV uses IEEE 802.1Q trunking and allows a trunked VLAN to maintain blocked or forwarding state per port on a per VLAN basis. This allows a trunk port to be forwarding for some VLANs and blocked on other VLANs. RSTP-PV extends the IEEE 802.1w standard. It supports faster convergence than IEEE 802.1D. RSTP-PV is compatible with IEEE 802.1D spanning tree.
User Guidelines For two or more switches to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number and the same name. Example The following example configures an MST region.
Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines Use the spanning-tree cost command to configure MST instance 0 (the common spanning tree instance). Use the show spanning-tree active command to display the spanning tree costs. Example The following example configures the MSTP instance 1 path cost for Gigabit Ethernet interface 1/0/9 to 4.
User Guidelines The priority will be set to the nearest multiple of 4096 if not an exact multiple of 4096. Example The following example configures the port priority of Gigabit Ethernet interface 1/0/5 to 144. console(config)#interface gigabitethernet 1/0/5 console(config-if)#spanning-tree mst 1 port-priority 144 spanning-tree mst priority Use the spanning-tree mst priority command in Global Configuration mode to set the switch priority for the specified spanning-tree instance.
Bridge priority configuration is given preference over the root primary/secondary configuration. Root primary/secondary configuration is given preference over the DRC configuration. The switch with the lowest priority is selected as the root of the spanning tree. Example The following example configures the spanning tree priority of instance 1 to 4096.
Example The following example enables portfast on Gi1/0/5. console(config)#interface gigabitethernet 1/0/5 console(config-if-Gi1/0/5)#spanning-tree portfast spanning-tree portfast bpdufilter default The spanning-tree portfast bpdufilter default command disables the transmission and reception of BPDUs on portfast enabled ports. Use the “no” form of the command to enable the transmission and receipt of BPDUs.
The administrator must ensure that interfaces enabled for BPDU filtering are configured as edge ports. Use the spanning-tree portfast command to configure the interface as an edge port. Example The following example discards BPDUs received on spanning-tree ports in portfast mode. console(config)#spanning-tree portfast bpdufilter default spanning-tree portfast default Use the spanning-tree portfast default command to enable portfast mode on access ports.
Example The following example enables portfast mode on all access ports. console(config)#spanning-tree portfast default spanning-tree port-priority (Interface Configuration) Use the spanning-tree port-priority command in Interface Configuration mode to configure the priority value of an edge-port or point-to-point interface to allow the operator to select the relative importance of the interface in the selection process for forwarding.
If an interface is configured with both the spanning-tree vlan vlan-id portpriority priority command and the spanning-tree port-priority priority command, the spanning-tree vlan vlan-id port-priority priority value is used as the port priority. If a VLAN parameter is provided, the VLAN must have been previously configured or an error is thrown. An edge port is a port with spanning-tree port-fast enabled. A point-to-point link is a link configured as full-duplex.
Syntax spanning-tree priority priority no spanning-tree priority • priority — Priority of the bridge. (Range: 0–61440) Default Configuration The default bridge priority for IEEE STP is 32768. Command Mode Global Configuration mode User Guidelines The priority value must be a multiple of 4096. The switch with the lowest priority is the root of the spanning tree. Bridge priority configuration is given preference over root primary/secondary configuration.
Command Mode Interface Configuration (Ethernet, Port Channel) mode User Guidelines There are no user guidelines for this command. Example The following example configures spanning-tree tcnguard on 4/0/1. console(config-if-4/0/1)#spanning-tree tcnguard spanning-tree transmit hold-count Use the spanning-tree transmit hold-count command to set the maximum number of BPDUs that a bridge is allowed to send within a hello time window (2 seconds).
spanning-tree uplinkfast Use the spanning-tree uplinkfast command to configure the rate at which gratuitous frames are sent (in packets per second) after a switchover to an alternate port on STP-PV and RSTP-PV configured switches and enable Direct Link Rapid Convergence on STP-PV switches. This command assists in accelerating spanning-tree convergence after switchover to an alternate port.
that the rest of the network knows to use the secondary link to reach that machine. DRC is disabled when the administrator modifies the spanning-tree priority of a VLAN and is re-enabled only when the default priority is restored. Configuration of the bridge priority is given preference over configuration of the root primary or root secondary configuration, which is given preference over the configuration of DirectLink Rapid Convergence. RSTP-PV embeds support for IRC and DRC.
To change the allocation of spanning-tree instances to VLANs, use the no spanning-tree vlan command to disassociate a VLAN from a per VLAN spanning-tree instance and use the spanning-tree vlan command to associate the spanning-tree instance with the desired VLAN. Command Modes Global Configuration mode User Guidelines This command can be configured even if the switch is configured for MST(RSTP) mode. It is only used when the switch is configured for STP-PV or RSTP-PV modes.
Command Modes Global Configuration Mode User Guidelines Set this value to a lower number to accelerate the transition to forwarding. The network operator should take into account the end to end BPDU propagation delay, the maximum frame lifetime, the maximum transmission halt delay and the message age overestimate values specific to their network when configuring this parameter. Forward delay is only application to STP modes.
User Guidelines This command can be configured even if the switch is configured for MST(RSTP) mode. It is only used when the switch is configured for STP-PV or RSTP-PV modes. Set this value to a lower number to accelerate discovery of topology changes. Use the no form of the command to return the hello time to its default value.
The default setting of 20 seconds is suitable for a network of diameter 7, lost message value of 3, transit delay of 1, hello interval of 2 seconds, overestimate per bridge of 1 second, and a BPDU delay of 1 second. For a network of diameter 4, a setting of 16 seconds is appropriate if all other timers remain at their default values. IEEE 802.1Q notes that RSTP and MSTP treat the common spanning tree message age field as a hop count. Section 13.
User Guidelines This command can be configured even if the switch is configured for MST (RSTP) mode. It is only used when the switch is configured for STP-PV or RSTP-PV modes. The logic sets the bridge priority to a value lower (primary) or next lower (secondary) than the lowest bridge priority for the specified VLAN or a range of VLANs. This command only applies when STP-PV or RSTP-PV is enabled.
If the value configured is not among the specified values, it will be rounded off to the nearest valid value. Command Modes Global Configuration mode User Guidelines This command can be configured even if the switch is configured for MST(RSTP) mode. It is only used when the switch is configured for STP-PV or RSTP-PV modes. The root bridge for a VLAN should be carefully selected to provide optimal paths for traffic through the network.
UDLD Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches The UDLD feature detects unidirectional links on physical ports. A unidirectional link is a forwarding anomaly in a Layer 2 communication channel in which a bi-directional link stops passing traffic in one direction. UDLD must be enabled on the both sides of the link in order to detect a unidirectional link.
recognize only the sending failures on unidirectional links. If all devices in the network support UDLD, this functionality is enough to detect all unidirectional links. Processing UDLD Traffic from Neighbors Every UDLD-capable device collects information about all other UDLDcapable devices. Each device populates UDLD echo packets with collected neighbor information to help neighbors identify unidirectional links.
UDLD will put the port into the diagnostically disabled state in the following cases: a When there is a loopback, the device ID and port ID sent out on a port is received back. b UDLD PDU is received from a partner does not have its own details (echo). c Bidirectional connection is established and no UDLD packets are received from the partner device within three times the message interval. d In aggressive mode, when the partner does not respond to an ECHO within 7 seconds.
Command Mode Global Configuration mode User Guidelines This command globally enables UDLD. Interfaces must also be individually enabled for UDLD. Example This command globally enables UDLD. console(config)#udld enable udld reset Use the udld reset command to reset (enable) all interfaces disabled by UDLD. Syntax udld reset Default Configuration This command has no default configuration.
Example This example resets all UDLD disabled interfaces. console#udld reset udld message time Use the udld message time command in Global Configuration mode to configure the interval between the transmission of UDLD probe messages on ports that are in the advertisement phase. Use the no form of the command to return the message transmission interval to the default value. Syntax udld message time message-interval no udld message time • message-interval—UDLD message transmit interval in seconds.
udld timeout interval Use the udld timeout interval command in Global Configuration mode to configure the interval for the receipt of ECHO replies. Use the no form of the command to return the value to the default setting. Syntax udld timeout interval timeout-interval no udld timeout interval • timeout-interval—UDLD timeout interval. Range is 5 to 60 seconds. Default Configuration The default timeout interval is 5 seconds.
no udld enable Default Configuration UDLD is disabled by default on an interface. UDLD must be enabled globally and on an interface in order to operate. Command Mode Interface (physical) Configuration mode User Guidelines UDLD cannot be enabled on a port channel. Instead, enable UDLD on the physical interfaces of a port channel. Example This example enables UDLD on an interface. UDLD must also be enabled globally.
Command Mode Interface (Ethernet) Configuration mode User Guidelines In aggressive mode, UDLD will attempt to detect a peer by sending an ECHO packet every seven seconds until a peer is detected. Example This example configure an interface to operate in UDLD aggressive mode. console(config-if-Te1/0/1)#udld port aggressive show udld Use the show udld command in User Exec or Privileged Exec mode to display the global settings for UDLD.
Field Description Timeout Interval The time period (in seconds) before making decision that link is unidirectional. When an interface ID is specified, the following fields are shown: Field Description Interface Id The interface identifier in short form, e.g. te1/0/1. Admin Mode The administrative mode of UDLD configured on this interface. This is either Enabled or Disabled. UDLD Mode The UDLD mode configured on this interface. This is either Normal or Aggressive.
Interface --------Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 Admin Mode UDLD Mode UDLD Status ---------- ----------- ---------------Enabled Aggressive Err-disabled (Link Down) Enabled Aggressive UDLD Err-disabled Enabled Aggressive Shutdown (Link Down) Disabled Normal Not Applicable Disabled Normal Not Applicable Layer 2 Switching Commands 854
VLAN Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Dell EMC Networking 802.1Q VLANs are an implementation of the Virtual Local Area Network, specification 802.1Q. Operating at Layer 2 of the OSI model, the VLAN is a means of parsing a single network into logical user groups or organizations as if they physically resided on a dedicated LAN segment of their own.
Double VLAN Mode An incoming frame is identified as tagged or untagged based on Tag Protocol Identifier (TPID) value it contains. The IEEE 802.1Q standard specifies a TPID value (0x8100) to recognize an incoming frame as tagged or untagged. Any valid Ethernet frame with a value of 0x8100 in the 12th and 13th bytes is recognized as a tagged frame. Dell EMC Networking N-Series switches can be configured to enable the port in double-VLAN (QinQ) mode.
Protocol Based VLANs The main purpose of Protocol-based VLANs (PBVLANs) is to selectively process packets based on their upper-layer protocol by setting up protocolbased filters. Packets are bridged through user-specified ports based on their protocol. In PBVLANs, the VLAN classification of a packet is based on its protocol (IP, IPX, NetBIOS, and so on). PBVLANs help optimize network traffic because protocol-specific broadcast messages are sent only to end stations using that protocol.
Private VLAN Commands The Dell EMC Networking Private VLAN feature separates a regular VLAN domain into two or more subdomains. Each subdomain is defined (represented) by a primary VLAN and a secondary VLAN. The primary VLAN ID is the same for all subdomains that belong to a private VLAN. The secondary VLAN ID differentiates subdomains from each another and provides Layer 2 isolation between ports of the same private VLAN.
traffic of multiple primary VLANs towards the upstream router as well as the traffic for regular VLANs. • Isolated trunk port Isolated trunk ports carry tagged traffic of multiple secondary (isolated) VLANs and regular VLANs to and from downstream devices that are private VLAN unaware. Downstream devices connected to isolated trunk ports communicate with the private VLAN aware switches using isolated VLANs and normal VLANs. Isolated trunk ports may be part of multiple private VLANs.
Figure 3-1. Private VLANs Isolated VLAN An endpoint connected over an isolated VLAN is allowed to communicate with endpoints connected to promiscuous ports only. Endpoints connected to adjacent endpoints over an isolated VLAN cannot communicate with each other. Community VLAN An endpoint connected over a community VLAN is allowed to communicate with the endpoints within the community and can also communicate with any configured promiscuous port.
In order to enable Private VLAN operation across multiple switches which are not stacked, the inter-switch links should carry VLANs which belong to a private VLAN. The trunk ports which connect neighbor switches have to be assigned to the primary, isolated, and community VLANs of a private VLAN. In regular VLANs, ports in the same VLAN switch traffic at L2. However for private VLAN, the promiscuous port is in the primary VLAN whereas the isolated or community ports are in the secondary VLAN.
show dot1q-tunnel switchport dot1q ethertype (Global Configuration) switchport private- vlan protocol group vlan name show interfaces switchport switchport trunk switchport general forbidden vlan vlan protocol group remove interface vlan Use the interface vlan command in Global Configuration mode to enable L3 on a VLAN and enter VLAN Interface Configuration mode. Use the no form of the command to disable routing on the VLAN.
Use the no form of the command to remove empty interface vlan entries from the running config. Dell EMC N1100-ON switches support configuration of a single IP address in interface vlan configuration mode. That IP address is used as the L3 address of the switch. Packets received over the configured VLAN which are addressed to the L3 address are processed by the switch CPU. This includes SNMP/HTTP/Telnet/SNMP and any other configured management protocols.
Command Mode Global Configuration mode User Guidelines The VLANs in the interface range must by configured and enabled for routing prior to use in the vlan range command. Commands used in the interface range context are executed independently on each interface in the range. If the command returns an error on one of the interfaces, an error message is displayed and execution continues on other interfaces.
Command Mode VLAN Configuration mode User Guidelines The VLAN name may include any alphanumeric characters including a space, underscore, or dash. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may truncate entries at the first illegal character or reject the entry entirely. The name of VLAN 1 cannot be changed.
• vlan-list—A list of secondary VLAN ids to be mapped to a primary VLAN. The VLAN list can contain multiple entries separated by commas and containing no spaces. Each entry can be a single VLAN id or a hyphenated range of VLANs. Default Configuration This command has no default setting. Command Mode VLAN Configuration mode User Guidelines A community VLAN carries traffic among community ports and from community ports to the promiscuous ports on the corresponding primary VLAN.
protocol group Use the protocol group command in VLAN Configuration mode to attach a VLAN ID to the protocol-based group identified by groupid. A group may only be associated with one VLAN at a time. However, the VLAN association can be changed. The referenced VLAN should be created prior to the creation of the protocol-based group except when GVRP is expected to create the VLAN. To detach the VLAN from this protocol-based group identified by this groupid, use the no form of this command.
protocol vlan group Use the protocol vlan group command in Interface Configuration mode to add the physical unit/slot/port interface to the protocol-based group identified by groupid. A group may have more than one interface associated with it. Each interface and protocol combination can be associated with one group only. If adding an interface to a group causes any conflicts with protocols currently associated with the group, this command fails and the interface(s) are not added to the group.
console(config-if-Gi1/0/1)#protocol vlan group 2 protocol vlan group all Use the protocol vlan group all command in Global Configuration mode to add all physical interfaces to the protocol-based group identified by groupid. A group may have more than one interface associated with it. Each interface and protocol combination can be associated with one group only.
show dot1q-tunnel Use the show dot1q-tunnel command to display the QinQ status for each interface. Syntax show dot1q-tunnel [ interface interface-id ] Default Configuration If no interfaces are specified, information is shown for all interfaces. Command Mode Privileged Exec mode and all show modes User Guidelines Up to three additional TPIDs can be configured. The 802.1Q tag is predefined in the system and cannot be removed. It is not possible to configure an inner TPID value other than 0x8100.
show interfaces switchport Use the show interfaces switchport command to display the complete switchport VLAN configuration for all possible switch mode configurations: access, dot1q-tunnel, general, trunk, and (private VLAN) host or (private VLAN) promiscuous.
Parameter Description Private-vlan trunk normal VLANs Displays a list of normal VLANs for the promiscuous trunk ports. Private-vlan trunk mappings Displays mappings of all the primary VLANs and their associated secondary VLANs of promiscuous trunk ports. Private-vlan trunk associations Displays associations of all the primary VLANs and their associated isolated VLANs of isolated trunk ports. Operational Private Displays operational private VLANs on this interface.
show port protocol Use the show port protocol command to display the Protocol-Based VLAN information for either the entire system or for the indicated group. Syntax show port protocol {group-id | all} • group-id — The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command. • all — Enter all to show all interfaces. Default Configuration This command has no default configuration.
Syntax show switchport ethertype [ interface interface-id | all ] • interface-id—A physical interface or port channel. • all—All interfaces. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode and all Show modes User Guidelines Up to three additional TPIDs can be configured. The 802.1Q TPID is preconfigured in the system and may not be removed. It is not possible to configure an inner VLAN TPID value other than 0x8100.
console(config)#show switchport ethertype interface gi1/0/1 Interface --------Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 EtherType Secondary TPIDs --------- --------------802.1 802.1 VMAN 802.1 802.1 802.1 show vlan Use the show vlan command to display detailed information, including interface information and dynamic VLAN type, for a specific VLAN or RSPAN VLAN. The ID is a valid VLAN identification number.
Example This shows all VLANs and RSPAN VLANs. console#show vlan VLAN ----1 Name --------------default Ports ------------Po1-128, Gi1/0/1-48 10 Type -------------Default Static RSPAN Vlan -----------------------------------------------------------------10 This example shows information for a specific VLAN ID.
Syntax show vlan association mac [mac-address] • mac-address — Specifies the MAC address to be entered in the list. (Range: Any valid MAC address) Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines • MAC Address—The configured MAC address • VLAN —The associated VLAN identifier Example The following example shows no entry in MAC address to VLAN crossreference.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines • IP Address—The configured IP address • IP Mask—The configured IP subnet mask • VLAN ID—The associated VLAN identifier Example The following example shows the case if no IP Subnet to VLAN association exists.
User Guidelines Do not configure private VLANs on ports configured with any of these features: • Link Aggregation Control Protocol (LACP) • Multicast VLAN Registration (MVR) • Voice VLAN It is recommended that the private VLAN host ports be configured as spanning-tree portfast. The command displays the following information. Parameter Description Primary Primary VLAN ID. Secondary Secondary VLAN ID. Type Secondary VLAN type. Use the type parameter to display only private VLAN ID and its type.
Command Mode Interface Configuration (Ethernet and port channel) mode User Guidelines This command configures the interface access mode VLAN membership. The no form of the command sets the access mode VLAN membership to VLAN 1. It is possible to configure the access mode VLAN identifier when the port is in general or trunk mode. Doing so does not change the VLAN membership of the interface until the interface is configured into access mode.
• vman—Define the Ethertype as 0x88A8. • custom—Define the Ethertype as a 16 bit user defined value (in decimal). Default Configuration 802.1Q is the default Ethertype for both inner and outer VLAN TPIDs. The 802.1Q TPID cannot be removed from the configuration. By default QinQ processing of frames is disabled. Command Mode Global Configuration User Guidelines This command globally defines additional TPIDs for use by the system for matching of ingress packets in the outer tag.
Example This example defines the VMAN (0x88A8) TPID for use on a service provider (SP) port and configures a service provider port (Te1/0/1) in general mode after creating the common SP/CE VLAN. The port is configured in general mode and to only allow tagged packets on ingress using the outer VLAN ID 10. Then, the port is configured to accept the VMAN TPID in the outer VLAN on ingress and further configured to tag packets with the VMAN TPID and VLAN ID 10 in the outer VLAN tag on egress.
no switchport dot1q ethertype { 802.1Q |vman | custom 0-65535 } [primary-tpid] • 802.1Q—Allow ingress frames with Ethertype 0x8100. • vman—Define the Ethertype as 0x88A8. • custom—Define the Ethertype as a 16 bit user defined value (in decimal). • primary-tpid—Set the outer VLAN tag TPID to be inserted in frames transmitted on an SP port. Also processes ingress frames with the configured Ethertype as double tagged. Default Configuration 802.
If the TPID value was not configured as a primary TPID and the no form the command includes the optional primary-tpid argument, the command will fail. If the TPID value was configured as the primary TPID, and the no form of the command does not include the optional primary-tpid argument, the command will fail.
• add vlan-list — List of valid VLAN IDs to add to the forbidden list. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs. • remove vlan-list — List of valid VLAN IDs to remove from the forbidden list. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs. Default Configuration All VLANs allowed.
Default Configuration All frame types are accepted at ingress. Command Mode Interface Configuration (Ethernet and port channel) mode User Guidelines It is possible to configure the general mode acceptable frame types of a port while the port is in access or trunk mode. Doing so does not change the configuration of the port until it is configured to be in general mode. Example The following example configures 1/0/8 to discard untagged frames at ingress.
Default Configuration Untagged. Command Mode Interface Configuration (Ethernet and port channel) mode User Guidelines Use this command to change the egress rule (for example, from tagged to untagged) without first removing the VLAN from the list. It is possible to configure the general mode VLAN membership of a port while the port is in access or trunk mode. Doing so does not change the VLAN membership of the port until it is configured to be in general mode.
User Guidelines Ingress filtering, when enabled, discards received frames that are not tagged with a VLAN for which the port is a member. If ingress filtering is disabled, tagged frames from all VLANs are processed by the switch. Example The following example shows how to enables port ingress filtering on Gigabit Ethernet interface 1/0/8.
Example The following example shows how to configure the PVID for 1/0/8, when the interface is in general mode. console(config)#interface gigabitethernet 1/0/8 console(config-if-Gi1/0/8)#switchport general pvid 234 switchport mode Use the switchport mode command in Interface Configuration mode to configure the VLAN membership mode of a port. To reset the mode to the appropriate default for the switch, use the no form of this command.
User Guidelines This command has no user guidelines. Example The following example configures Gi1/0/5 to access mode. console(config)#interface gigabitethernet 1/0/5 console(config-if-Gi1/0/5)#switchport mode access switchport mode dot1q-tunnel Use the switchport mode dot1q-tunnel command to enable QinQ tunneling on customer edge (CE) interfaces. Use the no form of the command to return the interface to the default switchport mode (access).
frames received on the CE interface will be transmitted out the service provider (SP) interface with an outer tag containing the native VLAN ID and the inner tag as received on the CE interface. CE interfaces must be configured in dot1q-tunnel mode with the PVID configured with the outer tag (native) VLAN ID for the associated service provider (SP) interface. Configure the outer VLAN ID using the switchport access vlan command. All MAC address learning and forwarding occurs on the outer VLAN tag.
console(config-if)#switchport mode dot1q-tunnel console(config-if)#exit switchport mode private-vlan Use the switchport mode private-vlan command in Interface Configuration mode to define a private VLAN association for an isolated or community interface or a mapping for a promiscuous interface. Use the no form of the command to remove the private VLAN association or mapping from the interface.
User Guidelines Do not configure private VLANs on ports configured with any of these features: • Link Aggregation Control Protocol (LACP) • Multicast VLAN Registration (MVR) • Voice VLAN It is recommended that the private VLAN host ports be configured as spanning-tree portfast. Command History Syntax updated in version 6.6 firmware.
no switchport private-vlan trunk native vlan vlan-id no switchport private-vlan association trunk [ primary-vlan-id ] no switchport private-vlan {host-association|mapping} • host-association—Defines VLAN associations for community or host ports. • mapping—Defines the private VLAN mapping for promiscuous ports. • primary-vlan-id—Primary VLAN ID of a private VLAN. • secondary-vlan-id—Secondary (isolated or community) VLAN ID of a private VLAN. • add—Associates the secondary VLAN with the primary one.
User Guidelines The no switchport private-vlan mapping trunk primary-vlan-id syntax removes the mapping of the trunk port to the primary VLAN (and all the secondary VLANs) specified. The no switchport private-vlan mapping trunk syntax removes the mapping of the trunk port to all the previously configured primary VLANs (and all the corresponding secondary VLANs). The no switchport private-vlan trunk allowed vlan vlan-list syntax removes all the allowed normal VLANs on a promiscuous trunk port.
• vlan–list—Set the list of allowed VLANs that can receive and send traffic on this interface in tagged format when in trunking mode. The default is all. The vlan–list format is as follows: The vlan-list format is all | [add | remove | except] vlan–atom [, vlan– atom...] where: • – all specifies all VLANs from 1 to 4093. This keyword is not allowed on commands that do not permit all VLANs in the list to be set at the same time.
User Guidelines Untagged traffic received on a trunk port is forwarded on the native VLAN, if configured. To drop untagged traffic on a trunk port, remove the native VLAN from the trunk port. (Ex. switchport trunk allowed vlan remove 1.) Management traffic is still allowed on the trunk port in this configuration. The no form of the command sets the allowed or native VLAN membership back to the defaults. It is possible to exclude VLANs that have not yet been created from trunk port membership.
Command History Introduced in version 6.2.0.1 firmware. Example This example demonstrates compatibility. console(config-if-Gi1/0/1)#switchport trunk encapsulation dot1q vlan Use the vlan command in Global Configuration mode to configure a VLAN. To delete a VLAN, use the no form of this command. Syntax vlan {vlan–list} no vlan {vlan–list} • vlan–list—A list of one or more valid VLAN IDs. List separate, nonconsecutive VLAN IDs separated by commas (without spaces). Use a hyphen to designate a range of IDs.
Example The following example shows how to create (add) VLAN IDs 22, 23, and 56. console(config)#vlan 22,23,56 console(config-vlan)# vlan association mac Use the vlan association mac command in VLAN Configuration mode to associate a MAC address to a VLAN. The maximum number of MAC-based VLANs is 256. Only packets with a matching source MAC address are placed in the VLAN. Syntax vlan association mac mac-address no vlan association mac mac-address • mac-address — MAC address to associate to the VLAN.
vlan association subnet Use the vlan association subnet command in VLAN Configuration mode to associate a VLAN to a specific IP-subnet. Only packets with a matching source IP address are placed into the VLAN. Syntax vlan association subnet ip-address subnet-mask no vlan association subnet ip-address subnet-mask • ip-address — Source IP address. (Range: Any valid IP address) • subnet-mask — Subnet mask. (Range: Any valid subnet mask) Default Configuration No assigned ip-subnet.
Syntax vlan makestatic vlan-id • vlan-id — Valid VLAN ID. Range is 2–4093. Default Configuration This command has no default configuration. Command Mode Global Configuration Mode User Guidelines The dynamic VLAN (created via GRVP) should exist prior to executing this command. See the Type column in output from the show vlan command to determine that the VLAN is dynamic. Example The following changes vlan 3 to a static VLAN.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console(config)# vlan protocol group 1 vlan protocol group add protocol Use the vlan protocol group add protocol command in Global Configuration mode to add a protocol to the protocol-based VLAN groups identified by groupid. A group may have more than one protocol associated with it.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to add the “ip” protocol to the protocol based VLAN group identified as “2.” console(config)#vlan protocol group add protocol 2 ethertype 0xXXXX vlan protocol group name This is a new command for assigning a group name to vlan protocol group id.
User Guidelines This command has no user guidelines. Example console(config)# vlan protocol group name 1 usergroup vlan protocol group remove Use the vlan protocol group remove command in Global Configuration mode to remove the protocol-based VLAN group identified by groupid. Syntax vlan protocol group remove group-id • group-id — The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command.
Switchport Voice VLAN Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Series Switches The Voice VLAN feature enables switch ports to carry voice traffic with an administrator-defined priority so as to enable prioritization of voice traffic over data traffic. Using Voice VLAN helps to ensure that the sound quality of an IP phone is protected from deterioration when the data traffic utilization on the port is high.
traffic. See the User Configuration Guide for more information. Voice VLAN is recommended for enterprise-wide deployment of voice services on the IP network. Commands in this Section This section explains the following commands: switchport voice vlan – switchport voice vlan (Interface) authentication event server dead action authorize voice switchport voice vlan priority show voice vlan switchport voice vlan This command is used to enable the voice VLAN capability on the switch.
Example console(config)#switchport voice vlan console(config)#no switchport voice vlan switchport voice vlan (Interface) This command is used to assign the voice VLAN ID on the interface. Syntax switchport voice vlan {vlan-id | dot1p priority | none | untagged | priority extend trust|override-authentication| dscp value} no switchport voice vlan [priority extend][override-authentication] • vlan-id—Configure an existing VLAN as the voice VLAN.
Default Configuration The default DSCP value is 46. The default CoS is 5 for untrusted ports. The default is tagged voice VLAN traffic. The default data priority is to trust the received CoS value. The default override-authentication value is to require authentication. No voice VLAN ID is configured by default. The default 802.1p value is none. Command Mode Interface Configuration (Ethernet) mode. User Guidelines Enable voice VLAN using the following steps: • Create the voice VLAN on the switch.
Voice VLAN information is transmitted to the phone via LLDP-MED in the Network Policy TLV (Application Type Voice, Tagged Yes, …). Voice VLAN information is transmitted to the phone via CDP in the Appliance VLAN TLV. The voice VLAN must be configured on the switch and must be different than the data VLAN. The configured or default priority is sent to the phone Class of Service (CoS) TLV. The trust status is sent to the phone via CDP in the Extended trust TLV.
The voice VLAN may not be configured as a PVID. The switch enforces this restriction by not configuring the voice VLAN, if the VLAN is the PVID of any port, or by failing the PVID assignment if the VLAN is a voice VLAN. The voice VLAN may not be configured as the unauthenticated VLAN and vice-versa. The voice VLAN may not be configured as the guest VLAN and vice-versa. The voice VLAN may not be configured as a private VLAN host port. Command History Description updated in 6.3.0.5 release.
3 Configure port 10 to be in access mode. The data VLAN ID is 1 and uses untagged packets. console(config)#interface gi1/0/10 console(config-if-Gi1/0/10)#switchport mode access 4 Enable port-based 802.1X authentication on the port for the data traffic. console(config-if-Gi1/0/10)#authentication port-control auto console(config-if-G11/0/10)#authentication host-mode multi-auth 5 Enable the voice VLAN feature on the interface. Voice packets are tagged using VLAN 25.
• trust —Trust the IEEE 802.1p user priority contained in packets arriving on the voice VLAN port. • untrust —Do not trust the IEEE 802.1p user priority contained in packets arriving on the voice VLAN port. This overrides the received value with the configured 801.2p value. If a distinguished service for voice traffic is required, an ACL or diffserv policy must be configured.
User Guidelines During authentication, the switch identifies a device as a voice device when an Access-Accept is received from the AAA service with Cisco proprietary VSA device-traffic-class=voice. Phones/devices using the voice VLAN are periodically reauthenticated. If no AAA server is available during reauthentication, access to the voice VLAN is removed when authentication fails. Critical voice VLAN supports voice VLAN access on an interface connected to an 802.
Command History Command introduced in version 6.5 firmware. show voice vlan This command displays information about the voice VLAN. Syntax show voice vlan [interface {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}|all] Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines • When the interface parameter is not specified, only the global mode of the voice VLAN is displayed.
Example (console)#show voice vlan interface gi1/0/1 Interface...................................... Voice VLAN Interface Mode...................... Voice VLAN Priority............................ Voice VLAN COS Override........................ Voice VLAN DSCP Value.......................... Voice VLAN Port Status......................... Voice VLAN Authentication......................
Layer 2 Switching Commands 916
4 Security Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Security commands enable network operators to administer security for administrator access to the switch management console or web interface as well as to configure restrictions of network access for network attached devices.
AAA Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Dell EMC Networking switches support authentication of network users and switch administrators via a number of methods. Management access to the switch is via telnet, HTTP, SSH, or the serial console (SNMP access is discussed in the SNMP Commands section).
To authenticate a switch administrator, the authentication methods in the APL for the access line are attempted in order until an authentication attempt returns a success or failure return code. If a method times out, the next method in the list is attempted. The component requesting authentication is unaware of the ultimate authentication source. If a method in the preference list does not support the concept of time-out, subsequent entries in the list are never attempted.
Accounting notification is sent when the administrator exits exec mode. The duration of the exec session is logged in the accounting notice. Accounting notifications are sent at the end of each administrator executed command. In the case of commands like reload, and clear config, an exception is made and the stop accounting notice is sent at the beginning of the command.
Command Authorization Dell EMC Networking switches support per command or enable authorization using a TACACS server. See the authorization command in this section for further information. Additionally, the RADIUS or TACACS server can be configured to assign an administrative profile to a switch administrator. The administrative profile identifies groups of commands which may be executed by the administrator. See the Administrative Profiles Commands section for further information on this capability.
The Internal Authentication Server feature provides support for the creation of users for IEEE 802.1x access only, i.e. without switch management access. This feature maintains a separate database of users allowed for 802.1x access. The authentication method ias is available in the list of methods supported by authentication to support user database lookup. The ias method cannot be added in the same authentication list that has other methods like local, radius and reject.
MAC Authentication Bypass (MAB) provides 802.1x unaware clients controlled access to the network using the devices’ MAC address as an identifier. This requires that the known and allowable MAC address and corresponding access rights be prepopulated in the authentication server. Port access by MAB clients is allowed via local authentication if the user database has corresponding entries added for the MAB clients with user name and password attributes set to the MAC address of MAB clients.
When a client network device that supports 802.1x is connected to an unauthorized port that is 802.1x enabled with no unauthenticated VLAN configured and the client attempts and fails to authenticate, the port remains in the unauthorized state and the client is not granted access to the network. If an unauthenticated VLAN is configured for the port and the 802.
aaa accounting Use this command to configure an accounting method list for User Exec sessions, user-executed commands or 802.1X or to enable accounting. The no version of the command deletes the accounting method list. Use the no form of the command to delete an accounting method list or disable accounting. Use either the aaa accounting dot1x default none or no aaa accounting command to disable dot1x accounting.
User Guidelines An accounting list is identified by the default keyword or a user-specified list_name. Accounting records, when enabled for a line-mode, can be sent at both the beginning and at the end of the session (start-stop) or only at the end (stop-only). If none is specified, accounting is disabled for the specified list. If tacacs is specified as the accounting method, accounting records are transmitted to a TACACS+ server.
(console-config)#aaa accounting exec default start-stop radius (console-config)#aaa accounting dot1x default start-stop radius (console-config)#aaa accounting dot1x default none (console-config)#exit For the same set of accounting type and list name, the administrator can change the record type, or the methods list, without having to first delete the previous configuration.
Default Configuration By default, the switch will wait up to the maximum of maximum number of retries (radius server retransmit) multiplied by the timeout (radius server timeout). Command Mode Global Configuration mode User Guidelines Dell EMC recommends that a fixed time be configured for the delay in order to ensure timely delivery of Acct-Start packets to the RADIUS accounting server.
• newinfo—Send the Interim-Update packet to the RADIUS accounting server whenever new information is available. Default Configuration By default, the sending of Interim-Update packets is disabled. There is no default time period. Command Mode Global Configuration mode User Guidelines User of the newinfo keyword can cause congestion if many accounted sessions are present on the switch.
• ias—Use the internal authentication server user database for authentication. This method cannot be used in conjunction with any other method. • none—Do not use any authentication. • radius—Use the configured RADIUS server(s) for authentication. Default Configuration No default authentication method is defined, however, switch administrators are allowed access to the switch console via 802.1X.
console(config)# aaa authentication dot1x default none The following example configures 802.1x authentication to use a RADIUS server. A RADIUS server must be configured previously using the radius server host auth command for the radius method to succeed.
Command Mode Global Configuration mode User Guidelines The default and optional list names created with the aaa authentication enable command are used with the enable authentication command. Create a list by entering the aaa authentication enable list-name method command where list-name is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries in the given sequence.
Syntax aaa authentication login {default | list-name} {method1 [method2...]} no aaa authentication login {default | list-name} • default — Uses the listed authentication methods that follow this argument as the default list of methods when an administrator logs in. • list-name — Character string used to name the list of authentication methods activated when an administrator logs in to the switch. (Range: 115 characters) • method1 [method2...
The additional methods of authentication are attempted only if the previous method returns an error, not if there is an authentication failure. Only the RADIUS, TACACS+, local and enable methods can return an error. To ensure that authentication succeeds even if all methods return an error, specify none as the final method in the command line. For example, if none is specified as an authentication method after radius, no authentication is used if the RADIUS server is down.
• default—The default list of methods for authorization services. The list dfltCmdAuthList is the default list for command authorization and the list dfltExecAuthList is the default list for Exec authorization. • list-name—Character string used to name the list of authorization methods. The list name can consist of any alphanumeric character up to 20 characters in length. Use quotes around the list name if embedded blanks are contained in the list name.
When command authorization is configured for a line mode, the switch sends information about the entered command to the AAA server. The AAA server validates the received command and responds with a PASS or FAIL. If a PASS response is received, the command is executed. If a FAIL response is received, the command is not executed and a message is displayed to the user.
TACACS Selects TACACS for command or exec authorization. None Selecting the none method authorizes all commands. This option is valid for both command and Exec authorization. RADIUS The radius method is valid for Exec authorization and Network authorization. Network and Exec authorization with RADIUS will work only if the applied authentication method is radius. Example Per command authorization example for telnet access using TACACS: Configure the Authorization Method list.
Network Authorization Methods ---------------------- ------Dot1x none aaa authorization network default radius Use the aaa authorization network default radius command in Global Configuration mode to enable the switch to authorize VLAN assignment by the RADIUS server. Syntax aaa authorization network default radius no aaa authorization network default radius Default Configuration By default, the switch does not accept VLAN assignments by the RADIUS server.
RADIUS-assigned VLANs may be dynamically created. Use the authentication dynamic-vlan enable command to enable dynamic VLAN creation. Example The following example enables RADIUS-assigned VLANs. console(config)#aaa authorization network default radius aaa ias-user username Use the aaa ias-user username command in Global Configuration mode to configure IAS users and their attributes. Username and password attributes are supported. The ias-user name is composed of up to 64 alphanumeric characters.
aaa new-model The aaa new-model command in Global Configuration mode is a no-op command. It is present only for compatibility purposes. Dell EMC Networking switches only support the new model command set. Syntax aaa new-model Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures the switch to use the new model command set.
User Guidelines Configuring a dynamic RADIUS server causes the system to begin listening on the default port 3799 for RADIUS CoA requests. The switch ensures that a unique session key is sent to the RADIUS server in all Access-Request packets. The Acct-Session-Id, User-Name, and Calling-Station-Id, FramedIP-Address, NAS-IP-Address (if configured in switch), NAS-Port identifiers are maintained in the switch for 802.1X session identification.
If a valid and authenticated session termination request is received from a configured CoA client and the session cannot be found, the switch returns a CoA-NAK message with the 503 Session Context Not Found response code. • Disable Host Port: The disable host port request may be useful when a port is causing issues on the network. It administratively disables the port by bringing the link down. The administrator may re-enable the port using the no shutdown command.
Example The following example configures RADIUS servers at 1.1.1.1, 2.2.2.2, and 3.3.3.3 and CoA clients at 4.4.4.4 and 5.5.5.5. It sets the front panel ports to use multi-auth authentication. CoA is configured for two dynamic RADIUS servers located at 1.1.1.1 and 2.2.2.2 using a global shared secret and a third server using a server specific shared secret. CoA and disconnect requests are accepted from the CoA clients at 4.4.4.4 and 5.5.5.5.
authentication command Use the authentication command {bounce-port|disable-port} ignore to disable processing of RADIUS CoA requests to bounce the host port. The no form of this command honors RADIUS CoA bounce host port requests. Syntax authentication command { bounce-port | disable-port } ignore no authentication command { bounce-port | disable-port } ignore • bounce-port—Ignore CoA requests to disable the port for 10 seconds and then re-enable it.
A RADIUS CoA disable host port command administratively disables the port. A RADIUS CoA disabled port requires administrative intervention to reenable the port using the no shutdown command. The authentication command disable-port ignore disables processing of the CoA disable port request. If a valid and authenticated disable host port request is received from a configured CoA client and the session cannot be found, the switch returns a CoA-NAK message with the 503 Session Context Not Found response code.
Default Configuration By default, the maximum number of clients that are processed for reauthentication is 10 per second. Command Mode Global Configuration mode User Guidelines This command configures the number of supplicants that are reauthenticated per second. This configuration is for the entire system across all the supplicants on all ports. This is used to control the system and network load when the number of supplicants to be re-authenticated is large.
Command Mode Global Configuration User Guidelines Dynamic VLANs are not created for multi-auth and multi-host mode configured interfaces. Command History Syntax updated in version 6.6 firmware. Example The following example enables dynamic VLAN creation using the value provided in the Access-Accept message. console(config)# authentication dynamic-vlan enable authentication enable Use this command to globally enable the Authentication Manager.
User Guidelines The administrator must ensure that any methods configured by the Authentication Manager are enabled (e.g. enable IEEE 802.1x using the dot1x system-auth-control command). Enable MAB using the mab command. Example console(config)# authentication enable authentication event server dead action This command configures the actions to take when no authentication server is reachable. Use the no form of the command to set the interface configuration to the default.
The critical data VLAN capability allows hosts to authenticate when no RADIUS server is reachable. This allows potentially limited access to the network via VLAN configuration. The dead-server (all RADIUS servers marked dead) actions are configured per interface using this command. When the dead-server action is configured to reinitialize, the switch triggers 802.1X re-authentication of all authenticated hosts on the port.
Default Configuration By default, hosts moved to the critical data VLAN are not moved back to the port PVID when a RADIUS server becomes reachable. Command Mode Interface (Ethernet) Configuration mode User Guidelines When the alive action is configured to reinitialize, the switch triggers 802.1X reauthentication of all authenticated hosts on the port. Hosts on the voice VLAN, unauthenticated VLAN (authentication failed hosts) or guest VLAN are not disturbed.
Default Configuration By default, unauthenticated devices on 802.1X enabled interfaces may only send and receive DHCP/BOOTP packets. Command Modes Interface (Ethernet) Configuration mode User Guidelines This command allows devices on 802.1X enabled interfaces to access network resources. An administrator-configured ACL enabled on the interface may be used to restrict network access until the device is authorized. Command History Syntax added in version 6.6 firmware.
Default Configuration There is no default configuration for this command. Command Modes Interface Configuration (Ethernet) mode User Guidelines Each method can only be entered once. Ordering is only possible between 802.1x and MAB. Captive portal can be configured either as a stand-alone method or as the last method in the order.
User Guidelines Each method can only be entered once. There are no restrictions on the priority ordering of methods. Example console(config-if-Gi1/0/1)# authentication priority mab dot1x captive-portal console(config-if-Gi1/0/1)# no authentication priority authentication timer restart Use this command to set the interval after which reauthentication starts. This timer starts only if all the authentication methods fail.
console(config-if-Gi1/0/1)# no authentication timer restart authentication violation This command configures the actions to take when more than the AAAconfigured number of hosts attempts to authenticate on an interface. Use the no form of the command to set the interface configuration to the default. Syntax authentication violation { protect | restrict | shutdown } no authentication violation • protect—Drop incoming packets from the offending host. • restrict—Generate a log when a violation occurs.
clear (IAS) Use the clear aaa ias-users command to delete all IAS users. Syntax clear aaa ias-users Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command. Example console#clear aaa ias-users clear authentication statistics Use this command to clear the authentication statistics.
Example console(config)# clear authentication statistics Gi1/0/1 Are you sure you want to clear authentication manager port stats? (y/n) clear authentication authentication-history Use this command to clear all 802.1X and authentication history. Syntax clear authentication authentication-history {all|interface-id} • all—Clear all authentication history. • interface-id—A physical (Ethernet) interface identifier. Default Configuration This command has no default configuration.
Syntax enable password password [encrypted] no enable password • password — Password for this level (Range: 8- 64 characters). The special characters allowed in the password include ! # $ % & ‘ " ( ) * + , - . / : ; < = > @ [ \ ] ^ _ ` { | } ~. User names can contain blanks if the name is surrounded by double quotes. To use the ! character as part of the username or password string, it should be enclosed within quotation marks. For example, username “test!xyz” password “test!xyz”.
ip http authentication Use the ip http authentication command in Global Configuration mode to specify authentication methods for http server users. To return to the default, use the no form of this command. Syntax ip http authentication {method1 [method2...]} no ip http authentication • method1 [method2...] — Specify at least one from the following table: Keyword Source or destination local Uses the local username database for authentication. none Uses no authentication.
ip https authentication Use the ip https authentication command in Global Configuration mode to specify authentication methods for users authenticating over HTTPS. To return to the default configuration, use the no form of this command. Syntax ip https authentication {method1 [method2...]} no ip https authentication • method1 [method2...] — Specify at least one from the following table: Keyword Source or destination local Uses the local username database for authentication.
Example The following example configures HTTPS authentication. console(config)# ip https authentication radius local mab Use the mab command to configure the switch to enable MAC Authentication Bypass (MAB) authentication for devices connected to the interface. Use the no form of this command to disable MAB on an interface.
Authentication of a user via MAB will not occur until the dot1x time-out guest-vlan-period timer expires. When using MAB, configure the format of the RADIUS UserName attribute sent in the RADIUS Access-Request using the mab request format command. Command History Updated syntax in version 6.5 Updated syntax in version 6.6 firmware.
User Guidelines IAS user accounts are distinct from user (administrator) accounts. IAS accounts give access to network resources (via 802.1X or MAB), whereas user accounts give administrative access to the switch. Example console#configure console(config)#aaa ias-user username client-1 console(config-ias-user)#password client123 console(config-ias-user)#no password The following is an example of adding a MAB Client to the IAS user database with MAC address f81f.3ccc.b157.
Command Mode User Exec mode User Guidelines This command configures the password for a switch administrative user. Example The following example shows the prompt sequence for executing the password command. console>password Enter old password:******** Enter new password:******** Confirm new password:******** show aaa ias-users Use the show aaa ias-users command to display configured IAS users and their attributes. Passwords configured are not shown in the show command output.
------------------Client-1 Client-2 show aaa statistics Use the show aaa statistics command to display accounting statistics. Syntax show aaa statistics Default Configuration This command has no default setting. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Default Configuration This command has no default setting. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Command Modes Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show accounting update aaa accounting aaa accounting update newinfo : Disabled update periodic : 5 minutes Command History Introduced in the 6.5.2 release. show authentication Use this command to display the authentication status for a specific interface or all interfaces.
User Guidelines The command displays the following information: Output Parameter Description Authentication Manager Status The administrative status of Authentication on the switch. This is a global configuration value. Interface The interface for which authentication configuration information is being displayed. Port Control Mode The configured control mode for this port. Possible values are force-unauthorized | auto | unauthorized.
Output Parameter Description Critical VLAN ID The VLAN ID to be used to authorize clients that time out due to unreachable RADIUS servers. Authentication Violation Mode The action to be taken when a security violation occurs on a port. Authentication The action to be undertaken for data clients when all RADIUS Server Dead Action servers are found dead. Authentication The action to be undertaken for voice clients when all RADIUS Server Dead Action servers are found dead.
Authentication Server Dead action for Voice.... None Authentication Server Alive action............. None show authentication authentication-history Use this command to display the historical authentication events for a specific interface. Syntax show authentication authentication-history {all | interface-id [ detail ] | failed-auth-only } • interface-id—Display information for a single Ethernet (physical) interface identifier. Default Configuration There is no default configuration for this command.
Example The following example shows two failed authentications on interface Gi1/0/2 from a single 802.1X client. console#show authentication authentication-history gi1/0/12 Timestamp -------------------May 07 2018 13:02:41 May 07 2018 13:01:33 Interface --------Gi1/0/2 Gi1/0/2 MAC-Address ----------------58:05:94:1C:00:00 58:05:94:1C:00:00 Auth Status -----------Unauthorized Unauthorized Method -----802.1X 802.
Enable Authentication Method Lists ---------------------------------enableList : enable none enableNetList : enable Line ------Console Telnet SSH Login Method List ----------------defaultList networkList networkList HTTPS HTTP DOT1X Enable Method List -----------------enableList enableNetList enableNetList :local :local : show authentication statistics Use this command to display the Authentication Manager statistics on one or more interfaces.
Mab attempts................................... Mab failed attempts............................ Captive-portal attempts........................ Captive-Portal failed attempts................. 0 0 0 0 show authorization methods Use the show authorization methods command to display the configured authorization method lists. Syntax show authorization methods Default Configuration This command has no default setting.
Network Authorization Methods ---------------------- ------Dot1x radius show mab Use the show mab command to display the authenticated MAB clients. Syntax show mab [interface ] • interface-id—An interface (Ethernet) identifier. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command displays the configuration and status of MAB authenticated hosts.
Gi1/0/2 Gi1/0/3 Disabled Disabled N/A N/A console#show mab interface gi1/0/10 Interface Admin Mode Auth-type --------------------------Gi1/0/10 Enabled eap-md5 show users accounts Use the show users accounts command to display the local user status with respect to user account lockout and password aging. Syntax show users accounts Default Configuration This command has no default configuration.
Parameter Description Password Expiry Date Current password expiration date in date format. Lockout Displays the user’s lockout status (True or False). Example The following example displays information about the local user database.
Example The following example shows user login history outputs. console#show users login-history Login Time Username Protocol -------------------- --------- --------Jan 19 2005 08:23:48 Bob Serial Jan 19 2005 08:29:29 Robert HTTP Jan 19 2005 08:42:31 John SSH Jan 19 2005 08:49:52 Betty Telnet Location ----------172.16.0.8 172.16.0.1 172.16.1.7 Command History Syntax updated in 6.4 release.
• level—The user’s privilege level. Level 0 can be assigned by a level 15 user to another user to restrict that user’s access to the switch. Supported access levels are 0, 1, or 15. Enter access level 0 to disallow login, 1 for Read Access, or 15 for Read/Write Access. • nopassword—Configure a switch administrator with no password. Note that the SSH is configured to require a password to access the switch. Use of a password for administrative access is highly recommended.
Up to 8 users may be created. If the password strength feature is enabled, it checks for password strength and returns an appropriate error if it fails to meet the password strength criteria. If the encrypted keyword is entered, no password strength checking is performed as the password is encrypted and the system does not have the capability of decrypting the password. Privilege level 0 cannot log into the switch. There is effectively no difference between Privilege level 1 and 15.
Enter the password. The special characters allowed in the password include ~ ` ! @ # $ % ^ & * ( ) _ - + = [ ] { } \ | : ; ' < > . , /. console(config)# username bob password xxxyyymmm privilege 15 username unlock Use the username unlock command in Global Configuration mode to unlock a locked user account. Only a user with read/write access can reactivate a locked user account. Syntax username username unlock Default Configuration This command has no default configuration.
Administrative Profiles Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches The administrative profiles capability provides the network administrator control over which commands a user (switch administrator) is allowed to execute. The administrator is able to group commands into a “profile” and assign a profile to a user upon authentication. This provides more granularity than simply allowing read-only and read-write users.
passes enable authentication, the user is permitted access to all commands. This is also true if none of the Administrative Profiles provided are configured on the switch. RADIUS and TACACS+ The network administrator may configure a custom attribute to be provided by the server during authentication. The RADIUS and TACACS+ applications process this custom attribute and provide this data to the User Manager for configuring the user profile.
Default Configuration The administrative profiles are defined by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console(config)#admin-profile qos console(admin-profile)# description (Administrative Profile Configuration) Use the description command in Administrative Profile Configuration mode to add a description to an administrative profile. Use the no form of this command to delete the description.
Example console(admin-profile)#description “This profile allows access to QoS commands.” rule Use the rule command to add a rule to an administrative profile. Use the no form of this command to delete a rule. Syntax rule number {deny|permit} {command command-string|mode modename} no rule number • number—The sequence number of the rule. Rules are applied from the highest sequence number to the lowest. Range: 1 to 256. • command-string—Specifies which commands to permit or deny.
Example console(admin-profile)#rule 1 permit command “access-list *” console(admin-profile)# show admin-profiles Use the show admin-profiles command to show the administrative profiles. If the optional profile name parameter is used, only that profile will be shown. Syntax show admin-profiles [name profile-name] • profile-name—The name of the administrative profile to display. Default Configuration This command has no default configuration.
Description: This profile allows access to QoS commands. Rule Perm Type Entity ---- ------ ------- ---------------------------------------1 permit command access-list * 2 permit command access-group * 3 permit mode class-map show admin-profiles brief Use the show admin-profiles brief command to list the names of the administrative profiles defined on the switch. Syntax show admin-profiles brief Default Configuration This command has no default configuration.
show cli modes Use the show cli modes command to list the names of all the CLI modes. Syntax show cli modes Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines These are the generic mode names to be used in the rule command above. These are not the same as the prompt which is displayed in a particular mode.
E-mail Alerting Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches E-mail Alerting is an extension of the logging system. The Dell EMC Networking logging system allows the user to configure a variety of destinations for log messages. This feature adds e-mail configuration capabilities, by which the log messages are sent to a configured SMTP server such that an operator may receive the log in an e-mail account of their choice.
logging email show logging email statistics logging email urgent clear logging email statistics logging email message-type to-addr security logging email from-addr mail-server ip-address | hostname logging email message-type subject port (Mail Server Configuration Mode) logging email logtime username (Mail Server Configuration Mode) logging email test message-type password (Mail Server Configuration Mode) – show mail-server logging email Use the logging email command in Global Configuration
Default Configuration E-mail alerting is disabled by default. When e-mail alerting is enabled, log messages at or above severity Warning are e-mailed. Command Mode Global Configuration mode User Guidelines The logging email command with no arguments enables e-mail alerting. Specify a severity to set the severity level of log messages that are e-mailed in a non-urgent manner.
• – error (3) – warning (4) – notice (5) – info (6) – debug (7) none—If you specify this keyword, no log messages are e-mailed urgently. All log messages at or above the non-urgent level (configured with the logging email command) are e-mailed in batch. Default Configuration The default severity level is alert. Command Mode Global Configuration mode User Guidelines Log messages at or above this severity level are considered urgent.
no logging email message-type {urgent | non-urgent | both} to-addr toemail-addr Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The to-email-addr is the address to which the email is sent. Urgent | non-urgent | both—The priority with which the email is queued. Urgent email is sent immediately. Non-urgent email is queued and sent periodically. Example console(config)#logging email message-type urgent to-addr admin123@dell.
Command Mode Global Configuration User Guidelines The from-addr in this command is the email address of the email sender. Many mail servers will validate the from address of an email to ensure that abuse of the email server does not occur. Example console(config)#logging email from-addr dell@gmail.com Command History Example added in the 6.4 release. logging email message-type subject Use the logging email message-type subject command in Global Configuration mode to configures subject of the e-mail.
Example console(config)#logging email message-type urgent subject UrgentLog Command History Example added in the 6.4 release. logging email logtime Use the logging email logtime command in Global Configuration mode to configure the value of how frequently the queued messages are sent. Syntax logging email logtime time duration no logging email logtime • time duration—Time in minutes. Range: 30 – 1440. Default Configuration The default value is 30 minutes.
logging email test message-type Use the logging email test message-type command in Global Configuration mode to test whether or not an e-mail is being sent to an SMTP server. Syntax logging email test message-type message-type message-body message-body • message-type—Urgent, non-urgent, or both • message-body—The message to log. Enclose the message in double quotes if it contains any spaces. Default Configuration This command has no default configuration.
Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines This command has no user guidelines. Example console#show logging email statistics No of email Failures so far.................... 0 No of email sent so far......................... 0 Time since last email Sent.................... 00 days 00 hours 00 mins 00 secs clear logging email statistics Use the clear logging email statistics command to clear the e-mail alerting statistics.
Command History Example added in the 6.4 release. security Use the security command in Mail Server Configuration mode to set the email alerting security protocol. This enables and disables the switch to use TLS authentication with the SMTP Server. If the administrator sets the TLS mode and, if the SMTP sever does not support TLS mode, then no e-mail goes to the SMTP server. Syntax security {tlsv1 | none} Default Configuration The default value is disabled.
Syntax mail-server {ip-address | hostname} no mail-server {ip-address | hostname} • ip-address—An IPv4 or IPv6 address. • hostname—The DNS name of an SMTP server. Default Configuration The default configuration for a mail server is shown in the table below.
Default Configuration The default value is 25 (SMTP). Command Mode Mail Server Configuration User Guidelines Port 25 is the standard SMTP port for cleartext messages. Port 465 is the standard port for messages sent using TLSv1. Example console(config)#mail-server 10.131.1.11 console(mail-server)#port 1024 Command History Example added in the 6.4 release. Description updated in the 6.4 release.
User Guidelines This command has no user guidelines. Example console(config)#mail-server 10.131.1.11 console(mail-server)#username admin Command History Example added in the 6.4 release. password (Mail Server Configuration Mode) Use the password command in Mail Server Configuration mode to configure the password required to authenticate to the e-mail server. Use the no form of the command to revert the password to the default value.
show mail-server Use the show mail-server command to display the configuration of all the mail servers or a particular mail server. Syntax show mail-server {ip-address | hostname | all} Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show mail-server all Mail Servers Configuration: No of mail servers configured......................
Email Email Email Email Email Alert Alert Alert Alert Alert Mail Server Address................ Mail Server Port................... SecurityProtocol................... Username........................... Password........................... 10.131.1.11 465 tlsv1 admin password Command History Example added in the 6.4 release.
RADIUS Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Authentication of users in a large network can be significantly simplified by making use of a single database of accessible information supplied by an Authentication Server. These servers commonly use the Remote Authentication Dial In User Service (RADIUS) protocol as defined by RFC 2865.
assigned VLAN does not exist on the supplicant connected interface, the assigned VLAN is dynamically created. See the aaa authorization network default radius command for further information. This implies that the client can connect from any port and be assigned to the appropriate VLAN, which may be already configured on an uplink interface. This gives flexibility for clients to move around the network with out requiring the operator to perform additional provisioning for each network interface.
denied network access. Dell EMC Networking switches also support the proprietary VSA subscriber commands bounce-host-port, disable-host-port, and reauthenticate. If the session cannot be located, the device returns a Disconnect-NAK message with the “Session Context Not Found” error-code attribute. If the session is located, the device terminates the session. After the session has been completely removed, the device returns a Disconnect-ACK message.
acct-port primary radius server source-ip attribute 6 priority radius server sourceinterface attribute 8 radius server attribute 4 radius server timeout attribute 25 radius server attribute 6 radius server vsa send authentication attribute 31 radius server attribute 8 retransmit attribute 168 radius server attribute 25 show aaa servers authentication event fail retry radius server attribute mac format show radius statistics auth-port radius server attribute 168 source-ip automate-tes
Command Mode RADIUS Server Accounting mode User Guidelines There are no user guidelines for this command. Example The following example sets port number 56 for accounting requests. console(config)#radius server acct 3.2.3.2 console(Config-acct-radius)#acct-port 56 attribute 6 Use the attribute 6 command to configure processing of the RADIUS Service-Type attribute.
message returned from the RADIUS server. If the mandatory parameter is not configured, the Service-Type TLV received in an Access-Accept packet is ignored. Command History Introduced in version 6.3.0.1 firmware. Updated in 6.3.5.0 firmware. Example This example configures the switch to send the Service-Type attribute to the RADIUS server in the Access-Request message. console#conf console(config)#radius server auth 4.3.2.
User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.3.0.1 firmware. Example console#conf console(config)#radius server auth 4.3.2.1 console(config-auth-radius)#attribute 8 include-in-access-req attribute 25 Use the attribute 25 command to enable the switch to send the RADIUS Class attribute as supplied by the RADIUS server in accounting messages sent to the specific accounting server.
Command History Introduced in version 6.3.0.1 firmware. Example console#conf console(config)#radius server auth 4.3.2.1 console(config-auth-radius)#attribute 25 include-in-access-req attribute 31 Use the attribute 31 command to alter the format of the MAC address sent to the RADIUS server in the Calling-Station-Id attribute when authenticating using either authentication host mode single-host, multi-auth, multi-domain or MAB authentication for an interface.
Command Mode RADIUS Server Configuration User Guidelines Use this command to override the format of the Calling-Station-ID MAC address sent in authentication Access-Request for ports configured for authentication host mode single-host, multi-auth, multi-domain or MAB authentication for a specific RADIUS server. This command is only supported for 802.1X authentication. This command overrides the global configuration for attribute 31 (CallingStation-ID).
%i : NAS IP address %h : NAS host name %d : NAS domain name Default Configuration By default, the format specifier is %m. Command Mode RADIUS Server Configuration mode User Guidelines The format parameter is a text string. Use quotes to include embedded spaces. Command History Command introduced in version 6.6.0.1 firmware. attribute 44 Use the attribute 44 command to enable sending the Acct-Session-ID in Access-Request messages.
User Guidelines The Acct-Session-ID is the same as the session identifier used in accounting messages. Command History Command introduced in version 6.6.0.1 firmware. attribute 168 Use the attribute 168 include-in-access-req command to enable the switch to send the RADIUS Framed-IPv6-Address attribute in Access-Request messages sent to the RADIUS authentication server.
After an Access-Accept has been received by the switch and the switch grants the host access to the network, it may take a few seconds before the DHCPv6 transaction completes. Use the aaa accounting delay-start command to delay the sending of the Acct-Start packet to the accounting server. Use the show authentication clients command to display the RADIUS server supplied IPv6 address, if any. RADIUS attribute 168 Framed-IPv6-Address is defined in RFC 6911.
This parameter is independent of, and does not control, the number of times the authenticator will attempt to contact the RADIUS servers. For example, if the max-retries for a single configured RADIUS server is set to 3 and the maxattempts is set to 2, on a supplicant login attempt, the authenticator will send up to three access requests to the RADIUS server before returning failure.
Syntax auth-port auth-port-number • auth-port-number — Port number for authentication requests. (Range: 1 65535) Default Configuration The default value of the port number is 1812. Command Mode RADIUS Server Configuration mode User Guidelines User must enter the mode corresponding to a specific RADIUS Server Configuration before executing this command. Example The following example sets the port number 2412 for authentication requests. console(config)#radius server auth 192.143.120.
Default Configuration There is no default user name. The default idle time is 60 minutes. Command Mode RADIUS Authentication Server Configuration mode RADIUS Accounting Server Configuration mode User Guidelines RADIUS servers configured with a test username and a non-zero deadtime are tested periodically for liveness. Liveness of a server is determined by sending an Access-Request to the server using a configurable dummy login.
Login—DummyLogin Idle Time—30 minutes deadtime Use the deadtime command in RADIUS Server Configuration mode to configure the minimum amount of time to wait before attempting to recontact an unresponsive RADIUS server after it has been declared dead. Syntax deadtime deadtime • deadtime — The amount of time that the unavailable server is skipped over. (Range: 0-2000 minutes) Default Configuration The default deadtime interval is 0 minutes, that is, the server will never be marked dead.
key Use the key command to specify the encryption key which is shared with the RADIUS server. Use the no form of this command to remove the key. Syntax key [ 0|7] key-string no key • 0—The key string that follows is the unencrypted shared secret. The length is 1–128 characters. • 7—The key string that follows is the encrypted shared secret. The length is exactly 256 characters. • key-string — The key string in encrypted or unencrypted form. In encrypted form, it must be 256 characters in length.
Command History Updated in version 6.3.0.1 firmware. Example The following two examples globally configure the RADIUS server key for all configured servers. The two examples are identical in effect. console(config)#radius server auth 1.2.3.4 console(config-auth-radius)#key "This is a key string" console(config-auth-radius)#key 0 "This is a key string" msgauth Use the msgauth command to enable the message authenticator attribute to be used for the RADIUS Authenticating server being configured.
name (RADIUS Server) Use the name command to assign a RADIUS server to a group. Use the no form of the command to return the name to the default (Default-RADIUSServer). The no form of the command does not require the user to enter the configured name. Syntax name groupname no name • groupname—The name of the group for a RADIUS server (Range: 1 to 32 characters). Default Configuration The default RADIUS server group name is Default-RADIUS-Server.
A server group may consist of multiple primary server and multiple secondary servers. Within a server group, communication the primary servers is attempted first in priority order. From the multiple secondary servers, the server with the lowest priority value is tried after the primary fails. For a server group where all priorities are equal, communication is attempted based on the server name lexicographic order.
User Guidelines Multiple primary servers can be configured for each server group. When the RADIUS client has to perform transactions with an authenticating RADIUS server of the specified group, it uses the primary server(s) first. If it fails to communicate with the primary server(s) for any reason, it uses the secondary servers configured within the group.
radius server attribute 4 Use the radius server attribute 4 command to set the network access server (NAS) IPv4 address for the RADIUS server. The NAS-IP-Address is RADIUS attribute number 4. Use the no version of the command to set the value to the default. Syntax radius server attribute 4 ip-address no radius server attribute 4 • ip-address — Specifies the IPv4 address to be used as the RADIUS attribute 4, the NAS-IP-Address.
console(config)#radius server attribute 4 192.168.10.22 radius server attribute 6 Use the radius server attribute 6 command to configure the use of the RADIUS Service-Type attribute. Syntax radius server attribute 6 {on-for-login-auth|mandatory} no radius server attribute 6 {on-for-login-auth|mandatory} Default Configuration By default, the switch does not send the Service-Type attribute to the RADIUS server in the Access-Request packets.
Example This command configures the switch to send the Service-Type attribute in the Access-Request message sent to the RADIUS server. console#conf console(config)#radius server attribute 6 on-for-login-auth radius server attribute 8 Use the radius server attribute 8 include-in-access-req command to enable the switch to send the RADIUS Framed-IP-Address attribute in AccessRequest messages sent to the authentication server.
Use the show authentication clients command to display the RADIUS discovered IPv4 address, if any. Command History Introduced in version 6.3.0.1 firmware. Command updated in firmware release 6.5.2. Example console#conf console(config)#radius server attribute 8 include-in-access-req radius server attribute 25 Use the radius server attribute 25 command to globally enable the switch to send the RADIUS Class attribute as supplied by the RADIUS server in accounting messages sent to the accounting server.
Example console#conf console(config)#radius server attribute 25 include-in-access-req radius server attribute 32 Use the radius server attribute 32 command to configure the format of the NAS-Identifier sent to the RADIUS server in Access-Request and AcctRequest messages. Use the no form of the command to return the MAC address format to the default.
Example This example globally configures the format of the NAS-Identifier to be the IP address and host name. console(config)#radius server attribute 32 include-in-access-request “%i %h” radius server attribute 44 Use the radius server attribute 44 command to enable sending the AcctSession-ID in Access-Request messages. Use the no form of the command to cease sending the Acct-Session-ID in Access-Request messages.
radius server attribute mac format Use the radius server attribute mac format command to globally configure the format of the Original-Called-Number (30), Calling-Station-ID (31), NAS-Identifier (32) attributes sent to the RADIUS server in Access-Request and Acct-Request messages. Use the no form of the command to return the MAC address format to the default.
This command is only supported for 802.1X authentication. Local authentication formats remain unchanged. This command does not override the per RADIUS server configuration for attribute 31. Use the mab request format command to configure formatting the User-Name attribute. Command History Introduced in version 6.3.0.1 firmware. Updated in release 6.5.0 to remove formatting of the User-Name attribute. Updated in release 6.6.0 to add formatting of attributes 30 and 31.
Command Mode Global Configuration mode. User Guidelines The switch sends the IPv6 address of the host attempting to access the network in the Framed-IPv6-Address attribute if it is available to the switch. If accounting is enabled and the address is available to the switch, the switch will send the IPv6 address in the Access-Request, Acct-Start/AcctInterim/Acct-Stop messages sent to the accounting server.
• tries—The number of attempts to make before marking the RADIUS server unavailable. Range is 1 to 100 tries. Default Configuration By default, a RADIUS server must fail to respond to four tests requests with a twenty second timeout each before being marked as dead. Command Mode Global Configuration mode User Guidelines Use this command in conjunction with the automate-tester command to enable testing of RADIUS servers. When all RADIUS servers have been declared dead, 802.
• deadtime — Length of time in minutes, for which a RADIUS server is skipped over by transaction requests. (Range: 0–2000 minutes). Deadtime is used to mark an unavailable RADIUS server as dead until this userconfigured time expires. Deadtime is configurable on a RADIUS server basis. Default Configuration The default dead time is 0 minutes. Command Mode Global Configuration mode User Guidelines If only one RADIUS server is configured, it is recommended that the deadtime interval be left at 0.
• ip–address—The RADIUS server IP address. • hostname —Host name of the RADIUS server host. (Range: 1–255 characters). Default Configuration The default server type is authentication. The default server name is DefaultRADIUS-Server. The default port number is 1812 for an authentication server and 1813 for an accounting server. Command Mode Global Configuration mode User Guidelines RADIUS servers are keyed by the host name/IP address, therefore it is advisable to use unique server host names.
one with the lowest priority value is tried first. In a server with multiple hostnames/IP addresses with the same priority, the order of attempts is based on lexicographic order. For example, if hostnames name9, name1, name6 are configured as secondary hosts, the hostnames are attempted in the order name1, name6, name9 when the primary host fails to respond. Command History Updated syntax in version 6.5 firmware.
Syntax radius server key [ 0 | 7 ]key-string no radius server key • 0—The key string that follows is the unencrypted shared secret. The length is 1–128 characters. • 7—The key string that follows is the encrypted shared secret. The length is exactly 256 characters. • key-string — The key string in encrypted or unencrypted form. In encrypted form, it must be 256 characters in length. In unencrypted form, it may be up to 128 characters in length. Default Configuration The default is an empty string.
console(config)#radius server key 0 “This is a key string” radius server load-balance Use this command to enable load balancing within RADIUS server lists. Use the no form of the command to disable load balancing. Syntax radius server load-balance [ auth | acct ] {radius |name } method least-outstanding [ batch-size ] } no radius server load-balance [ auth | acct ] {radius | name } • auth—Configure load balancing for authentication servers.
The load balancing algorithm is based upon the number of pending requests. If the number of pending requests to a group (or to a server in the default group) exceeds the batch size, the switch will send new requests to the group (server) with the least number of pending requests. The batch size is the number of requests sent to a server before sending requests to another server in the server list. Command History Command introduced in version 6.6.0.1 firmware.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the number of times the RADIUS client attempts to retransmit requests to the RADIUS server to five attempts. console(config)#radius server retransmit 5 radius server source-ip Use the radius server source-ip command to specify the source IPv4 address used in the IP header for communication with RADIUS servers. To return to the default, use the no form of this command. 0.0.
Example The following example configures the source IP address used for communication with RADIUS servers to 10.1.1.1. console(config)#radius server source-ip 10.1.1.1 radius server source-interface Use the radius server source-interface command to select the interface from which to use the IP address in the source IP address field of transmitted RADIUS packets. Use the no form of the command to revert to the default IP address.
Command History Introduced in version 6.3.0.1 firmware. Example console#conf console(config)#interface vlan 1 console(config-if-vlan1)#ip address dhcp console(config-if-vlan1)#exit console(config)#radius server source-interface vlan 1 radius server timeout Use the radius server timeout command in Global Configuration mode to set the interval for which a switch waits for a server to reply. To restore the default, use the no form of this command.
radius server vsa send authentication Use the radius server vsa send authentication command to enable the switch to process vendor-specific attributes during authentication. Syntax radius server vsa send authentication no radius server vsa send authentication Default Configuration By default, VSA Attribute 26, Vendor ID 9, and Sub-type 1 are not processed by the switch.
Different authentication sessions, as in the case of the data and voice VLAN authenticating independently, may both have Dynamic ACLs. It is recommended that the DACLs be carefully designed so that they work in harmony, such as, at a minimum, no ACL numbers are duplicated across the DACLs. DACLs are applied at the port level and are capable of affecting any traffic ingressing the port.
traffic ingressing the port. If there are syntax errors in the received ACLs (other than duplicate rules), the ACL rules are not applied, the RADIUS Access-Accept is treated as an Access-Reject, and a WARN log message or "Interface X/X/X not authorized. Application of downloaded ACL did not complete due to invalid syntax XXXXX" is issued indicating that a received RADIUS rule is misconfigured with invalid syntax or configured with both ip:traffic-class and inacl rules and identifying the affected interface.
console(config)#radius server 192.143.120.123 console(config-auth-radius)#retransmit 5 show aaa servers Use the show aaa servers command to display the list of configured RADIUS servers and the values configured for the global parameters of the RADIUS servers. Syntax show aaa servers [accounting | authentication] [name [servername]] • accounting—This optional parameter will cause accounting servers to be displayed.
Field Description Configured Accounting Servers The number of RADIUS accounting servers that have been configured. Named Authentication Server Groups The number of configured named authentication RADIUS server groups. Named Accounting Server Groups The number of configured named accounting RADIUS server groups. Timeout The configured timeout value, in seconds, for request retransmissions. Retransmit The configured value of the maximum number of times a request packet is retransmitted.
Command History Introduced in version 6.2.0.1 firmware. Command updated in version 6.5.2 firmware. Output updated in version 6.6 firmware. Example console#show aaa servers IP address Usage ------------------10.130.50.107 10.130.50.107 Type Port TimeOut Retran. DeadTime Source IP Prio. ----- ----- ------- ------- -------- ------------- ----- -Auth Acct 1812 1813 Global N/A Global N/A Global N/A Global values -------------------------------------------Number of Configured Authentication Servers....
Source IP...................................... 10.27.9.99 RADIUS Accounting Mode......................... Disabled Secret Configured.............................. Yes Message Authenticator.......................... Enable Number of CoA Requests Received....................... 203 Number of CoA ACK Responses Sent...................... 111 Number of CoA NAK Responses Sent...................... 37 Number of Coa Requests Ignored........................ 55 Number of CoA Missing/Unsupported Attribute Requests.
User Guidelines The following fields are displayed for accounting servers: Field Description RADIUS Name of the accounting server. Accounting Server Name Server Host Address IP address of the host. Round Trip Time The time interval, in hundredths of a second, between the most recent Accounting Response and the Accounting Request that matched it from this RADIUS accounting server. Requests The number of RADIUS Accounting Request packets sent to this server not including the retransmissions.
Field Description RADIUS Server Name Name of the authenticating server. Server Host Address IP address of the host. Access Requests The number of RADIUS Access Request packets sent to this server. This number does not include retransmissions. Access Retransmissions The number of RADIUS Access Request packets retransmitted to this RADIUS authentication server. Access Accepts The number of RADIUS Access Accept packets, including both valid and invalid packets, that were received from this server.
RADIUS Accounting Server Name................. Host Address.................................. Round Trip Time............................... Requests...................................... Retransmissions............................... Responses..................................... Malformed Responses........................... Bad Authenticators............................ Pending Requests.............................. Timeouts...................................... Unknown Types.............................
Command Mode RADIUS Server Configuration mode User Guidelines The administrator must enter the mode corresponding to a specific RADIUS server before executing this command. This command overrides the global configuration for the selected server. Example The following example specifies 10.240.1.23 as the source IP address. console(config)#radius server host 192.143.120.123 console(config-auth-radius)#source-ip 10.240.1.
Example The following example specifies the timeout setting for the designated RADIUS Server. console(config)#radius server host 192.143.120.123 console(config-radius)#timeout 20 usage authmgr Use the usage authmgr command in RADIUS mode to specify the usage type of the server. Syntax usage authmgr type • type — The type can be one of the following values: login, authmgr, or all. Default Configuration The default variable setting is all.
Example The following example specifies usage type login, i.e. switch administrator login authentications. console(config)#radius server host 192.143.120.
TACACS+ Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches TACACS+ provides access control for networked devices via one or more centralized servers, similar to RADIUS this protocol simplifies authentication by making use of a single database that can be shared by many clients on a large network. TACACS+ is based on the TACACS protocol (described in RFC1492) but additionally provides for separate authentication, authorization and accounting services.
show tacacs tacacs-server timeout – timeout key Use the key command in TACACS Configuration mode to specify the authentication and encryption key for all TACACS communications between the device and the TACACS server. This key must match the key used on the TACACS daemon. Syntax key [0|7] key-string no key • 0—The key string that follows is the unencrypted shared secret. The length is 1–128 characters. • 7—The key string that follows is the encrypted shared secret. The length is 256 characters.
Keys are always displayed in their encrypted form in the running configuration. In an Access-Request, encrypted passwords are sent using the RSA Message Digest algorithm (MD5). The encryption algorithm is the same across switches. Encrypted passwords may be copied from one switch and pasted into another switch configuration. Command History Updated in version 6.3.0.1 firmware. Example The following example sets the authentication encryption key.
Example The following example displays how to specify TACACS server port number 1200. console(config-tacacs)#port 1200 priority Use the priority command in TACACS Configuration mode to specify the order in which servers are used, where 0 (zero) is the highest priority. Syntax priority [priority] • priority — Specifies the priority for servers. 0 (zero) is the highest priority. (Range: 0–65535). Default Configuration If left unspecified, this parameter defaults to 0 (zero).
• ip-address — The name or IP address of the host. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following example displays TACACS+ server settings. console#show tacacs Global Timeout: 5 Server Address --------------10.254.24.
Default Configuration No TACACS+ host is specified. Command Mode Global Configuration mode User Guidelines To specify multiple hosts, multiple tacacs-server host commands can be used. TACACS servers are keyed by the host name, therefore it is advisable to use unique host names. Example The following example specifies a TACACS+ host. console(config)#tacacs-server host 172.16.1.
Default Configuration The default is an empty string. Command Mode Global Configuration mode User Guidelines The tacacs-server key command accepts any printable characters for the key except a question mark. Enclose the string in double quotes to include spaces within the key. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may accept entries up to the first illegal character or reject the entry entirely.
Syntax tacacs-server source-interface { loopback loopback-id | vlan vlan-id } no tacacs-server source-interface • loopback-id — Identifies the loopback interface. • vlan-id — Identifies the VLAN. Default Configuration By default, the switch uses the assigned switch IP address as the source IP address for TACACS packets. This is either the IP address assigned to the VLAN from which the TACACS packet originates or a loopback interface IP address.
Syntax tacacs-server timeout [timeout] no tacacs-server timeout • timeout — The timeout value in seconds. (Range: 1–30) Default Configuration The default value is 5 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the timeout value as 30. console(config)#tacacs-server timeout 30 timeout Use the timeout command in TACACS Configuration mode to specify the timeout value in seconds.
User Guidelines This command has no user guidelines. Example This example shows how to specify the timeout value.
802.1x NAS Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Local Area Networks (LANs) are often deployed in environments that permit the attachment of unauthorized devices. The networks also permit unauthorized users to attempt to access the LAN through existing equipment. In such environments, the administrator may desire to restrict access to the services offered by the LAN.
to be able to identify the short-comings in the configuration of a 802.1x authentication on the switch without affecting the network access to the users of the switch. There are three important aspects to this feature after activation: 1 To allow successful authentications using the returned information from authentication server.
dot1x max-reauth-req – show dot1x users dot1x max-req auth-type clear authentication authentication–history authentication max-users client authentication event noresponse authentication port-control ignore authentication event fail – port show dot1x advanced authentication periodic – – 802.
User Guidelines Local processing of IEEE 802.1x frames must be disabled (no dot1x systemauth-control) for this capability to be enabled. This capability is useful in situations where the authenticator device is placed one or more hops away from the authenticating host. The intervening switch will flood all received IEEE 802.1x frames in the VLAN. Flooding of IEEE 802.
Command History Syntax updated in version 6.6 firmware. default mab Use the default mab command to configure the switch to transmit EAP or CHAP or PAP credentials to the RADIUS server for MAB-authenticated devices connected to the interface. Use the no form of the command to set the protocol to the default. Syntax default mab [eap|chap|pap] no default mab • eap—Use EAP Message Digest 5 authentication. • chap—Use Challenge Handshake Authentication Protocol. • pap—Use Password Authentication Protocol.
6–Service-Type is set to 10 (Call-Check). 12–Framed-MTU—Port/switch MTU—header length (for example, 1500). 30–Called Station ID—MAC address of device (in xx:xx:xx:xx:xx:xx format). 31–Calling-Station ID—Switch MAC address. 60–CHAP-Challenge (if auth type is CHAP). 61–NAS-Port-Type (Ethernet 15). 87–NAS-Port-Id (e.g., Gigabitethernet 1/0/15) The switch sends the following information to the RADIUS server for CHAP Access-Requests: 1–User-Name—MAC address of MAB device.
The User-Name attribute is formatted per the attribute 1 command. The Access-Request attribute is formatted for PAP authentication. Command History Command introduced in version 6.5 firmware. mab request format Use the mab request format command to configure the format of the MAC address sent in the User-Name attribute. Use the no form of the command to return the configuration to the default. Syntax mab request format attribute 1 groupsize {1 | 2 | 4 | 12} separator {- | : | .
18DBF225B2D4 1 . Lower 1.8.d.b.f.2.2.5.b.2.d.4 18DBF225B2D4 2 : Lower 18:db:f2:25:b2:d4 18DBF225B2D4 4 - Upper 18DB-F225-B2D4 Command History Command introduced in version 6.5 firmware. dot1x max-reauth-req Use the dot1x max-reauth-req command in Interface Configuration mode to set the maximum number of times that the switch sends Extensible Authentication Protocol EAP-Request/Identity frames to which no response is received before restarting the authentication process.
Command History Command introduced in version 6.5 firmware. dot1x max-req Use the dot1x max-req command to set the maximum number of times that the switch sends an Extensible Authentication Protocol EAP-Request frame to which no response is received, before restarting the authentication process. To return to the default setting, use the no form of this command.
console(config-if-Gi1/0/16)# dot1x max-req 6 dot1x pae Use this command to enable 802.1X on an interface and set the interface role. Syntax dot1x pae authenticator • authenticator—Set the port role as an 802.1X authenticator. Default Configuration The default role is authenticator. Command Mode Interface (Ethernet) Configuration mode User Guidelines This command has no user guidelines. Command History Command introduced in version 6.6 firmware. Example This command sets the 802.
no dot1x port-control • auto — Enables 802.1x authentication on the interface and causes the port to transition to the authorized or unauthorized state based on the 802.1x authentication exchange between the switch and the client. Once the first data client is authenticated, any other clients on the interface have access to the data VLAN. This is equivalent to IEEE 802.1X portbased mode. VLAN assignment is allowed on the port if it is not configured in trunk mode.
User Guidelines It is recommended that you disable spanning tree or enable spanning-tree portfast mode on 802.1x edge ports (ports in auto state that are connected to end stations) in order to go immediately to the forwarding state after successful authentication. When configuring a port to use MAC-based authentication, the port must be in switchport general mode.
Default Configuration By default, the interface port-control mode is multi-domain-multi-host. Command Mode Interface (Ethernet) Configuration mode User Guidelines Changing the host mode on an interface causes any currently authenticated client sessions on the interface to be terminated. The host modes are implemented as follows: • multi-auth—Allow multiple hosts to authenticate individually on the interface. Hosts may authenticate to the data VLAN or the voice VLAN.
The typical use case for multi-host mode is a wireless access point (AP) connected to an access controlled port of a NAS. Once the access point is authenticated by the NAS, the port is authorized for traffic from the access point and all the wireless clients connected to the access point. Essentially, the AP is a trusted device. If it is desired that the AP connected hosts be authenticated in this mode, the AP must implement a NAS capability and authenticate the clients to a RADIUS server.
console(config)# authentication host-mode single-host authentication max-users Use the authentication max-users command in Interface Configuration mode to set the maximum number of clients supported on the port when multi-auth host mode is enabled on the port. Use the no version of the command to reset the maximum number of clients supported on the port to the default.
Example The following example configures an interface for a data and voice device. The voice device is a typical IP phone that utilizes the data VLAN to obtain configuration via HTTP prior to authenticating onto the voice VLAN. console(config)#authentication max-users 3 authentication port-control Use the authentication port-control command in Interface Configuration mode to configure the 802.1x mode of authentication on the port. Use the no form of the command to return the mode to the default.
Command Mode Interface Configuration (Ethernet) mode User Guidelines Interface configuration takes precedence over the global port-control setting. It is recommended that you disable spanning tree or enable spanning-tree portfast mode on 802.1x edge ports (ports in auto state that are connected to end stations) in order to go immediately to the forwarding state after successful authentication.
Default Configuration Periodic reauthentication is disabled. Command Mode Interface Configuration (Ethernet) mode User Guidelines It is possible to configure the periodic re-authentication timer by sending the IETF Session-Timeout attribute in the RADIUS Access-Accept. If periodic re-authentication is not enabled, the session will be terminated and the 802.1X client will need to authenticate again to access the network.
Command Mode Privileged Exec mode User Guidelines This command clears all 802.1X statistics for an interface or for all interfaces on the switch. Command History Command introduced in version 6.6 firmware. dot1x system-auth-control Use the dot1x system-auth-control command in Global Configuration mode to enable 802.1x globally. To disable 802.1x globally, use the no form of this command.
If 802.1x is used in combination with the authentication manager, be sure to enable the authentication manager with the authentication enable command. Example The following example enables 802.1x globally. console(config)# dot1x system-auth-control authentication monitor Use the authentication monitor command in Global Configuration mode to enable 801.1x monitor mode globally. To disable 802.1x monitor mode globally, use the no form of this command.
Example The following command enables 802.1x monitor mode globally. Clients are always authenticated in monitor mode. Use of monitor mode in a production network should be restricted to test user accounts. Never use monitor mode for real user accounts. console(config)# authentication monitor dot1x timeout Use the dot1x timeout command in Interface Configuration mode to set the values of the various 802.1x state machine timers. To return to the default setting, use the no form of this command.
• supp-timeout: 30 seconds • server-timeout: 30 seconds Command Mode Interface Configuration (Ethernet) mode User Guidelines Change the default value of the 802.1X/AAA timers only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients or authentication servers. Changing these values may result in RADIUS server timeouts, failed authentications or switch behavior that is not responsive to 802.
The actual timeout value used by the switch is this parameter or the product of the RADIUS transmission times the RADIUS timeout, whichever is smaller. Command History Syntax updated in version 6.6 firmware. Example The following command sets the number of seconds that the switch waits for a response to an EAP-request/identity frame to 60 seconds. A side effect of this setting is that a MAB device might take several minutes to be authenticated.
Default Configuration The default re-authentication period is 3600 seconds. By default, the switch will utilize the value sent by the authentication server, if any. Command Mode Interface Configuration (Ethernet) mode User Guidelines The re-authentication process sends an authentication message (EAPRequest/Identity)to authenticated supplicants asking them to reauthenticate themselves. If a supplicant fails re-authentication, it is denied access to switch resources.
no auth-type • all—Selects all CoA client authentication types. All session identification attributes must match for the authentication to succeed. • any—Selects any CoA client authentication type. Any session identification attribute may match for the authentication to succeed. • session-key—Indicates that the session-key (Acct-Session-ID) must match for authentication to succeed. Default Configuration The default is to authenticate with all received session identification parameters.
Syntax client {ip-address | hostname } [ server-key [0 | 7] key-string ] no client {ip-address | hostname } • ip-address—The IPv4 address of a CoA client. The IPv4 address is entered in dotted-quad notation. • hostname—The fully qualified domain name (FQDN) of a CoA client. Maximum length of a host FQDN is 255 characters. • server-key —Sets the shared secret to verify client COA requests for this server. • 0—An unencrypted key is to be entered. • 7—An encrypted key is to be entered.
Example The following example configures RADIUS servers at 1.1.1.1, 2.2.2.2, and 3.3.3.3 and CoA clients at 3.3.3.3, 4.4.4.4, and 5.5.5.5. It sets the front panel ports to use multi-auth authentication. CoA is configured for two RADIUS servers located at 1.1.1.1 and 2.2.2.2 using a global shared secret and a third server using a server specific shared secret. CoA disconnect requests are accepted from these servers. Any session identification attribute is allowed for CoA disconnect requests.
Syntax ignore {session-key | server-key} no ignore {session-key | server-key} • Session-key—Do not attempt to authenticate with the session key. • Server-key—Do not attempt to authenticate with the server key. Default Configuration The default is to authenticate using all parameters present in the received message as specified by the configured auth-type.
Syntax port port–number no port • port-number—An integer in the range of 1025–65535 Default Configuration The default is port 3799. Command Modes Dynamic RADIUS Configuration User Guidelines Only one port may be defined and it is used by all RADIUS CoA clients. Do not use a port number reserved for use by the switch. UDP, TCP and RAW Ports reserved by the switch and unavailable for use or configuration are: Ports 1, 17, 58, 255, 546, 547, 2222, 4567, 6343, 49160 Command History Introduced in version 6.
• 7—An encrypted key is to be entered. • key-string—The key string in encrypted or unencrypted form. In encrypted form, it must be 256 characters in length. In unencrypted form, it may be up to 128 characters in length. Enclose the key string in quotes to use special characters or embedded blanks. Default Configuration By default, no global server key is configured. Command Modes Dynamic RADIUS Configuration User Guidelines Only one global server key may be defined.
console(config-auth-radius)#exit console(config)# radius server auth 3.3.3.3 console(config-auth-radius)#key “That’s your secret.” console(config-auth-radius)#exit console(config)# radius server key “Keep it. Keep it.” console(config)# aaa server radius dynamic-author console(config-radius-da)# client 3.3.3.3 server-key 0 “That’s your secret.” console(config-radius-da)# client 1.1.1.1 console(config-radius-da)# client 2.2.2.2 console(config-radius-da)# server-key 0 “Keep it. Keep it.
User Guidelines Use this command to restrict authentication to a subset of interfaces. The list is maintained per interface. Use the command once for each interface on which the user is allowed to authenticate. Command History Command introduced in version 6.6 firmware. Example This command creates IAS user Philip and allows authentication for Philip on Gi1/0/1 and Gi1/0/2 when using the IAS database for authentication.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Use this command with no parameters to display the global 802.1X configuration. Use the supplicant summary parameter to display the configuration for one or all ports. Use the statistics parameter to display statistics information for a port. The following information is displayed for the supplicant summary parameter: Field Description Port The interface whose configuration is displayed.
Field Description Supplicant Timeout The timer used by the authenticator state machine on this port to timeout the supplicant. The value is expressed in seconds and will be in the range of 1 and 65535. Server Timeout The timer used by the authenticator on this port to timeout the authentication server. The value is expressed in seconds and will be in the range of 1 and 65535.
PAE Capabilities............................... Quiet Period (secs)............................ Transmit Period (secs)......................... Supplicant Timeout (secs)...................... Server Timeout (secs).......................... Maximum Request-Identities..................... Maximum Requests............................... Key Transmission Enabled....................... Authenticator 60 30 30 30 2 2 False The following shows example CLI display output for the statistics.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following table explains the output parameters. Parameter Description Time Stamp Exact time at which the event occurs. Interface Ethernet interface on which the event occurs. MAC-Address Supplicant/Client MAC Address VLAN assigned VLAN assigned to the client/port on authentication.
...... ......
User Guidelines The following information is displayed. Field Description Interface The interface for which authentication configuration information is being displayed. MAC Address The MAC address of the client. Username The username associated with the client. VLAN Assigned Reason This can take one of the following values: • Default VLAN—The client has been authenticated on the port default VLAN and the authentication server is not RADIUS. • RADIUS—RADIUS is used for authenticating the client.
Field Description Session Timeout This value indicates the time for which the given session is valid. The time period in seconds is returned by the RADIUS server on authentication of the port. Session Termination Action This value indicates the action to be taken once the session timeout expires. Possible values are Default and Radius-Request. If the value is Default, the session is terminated and client details are cleared.
Host Mode ..................................... Method......................................... Control Mode................................... Session time ... .............................. Session timeout ............................... Session Termination Action..................... Filter-Id ..................................... DACL........................................... Session Termination Action..................... Acct SessionId:................................ multi-auth 802.
• Maximum Request-Identities —The maximum number of EAP RequestId retransmissions to a Supplicant 1 – 20 sec 2 • Quiet Period —The time the authenticator waits after timing out a supplicant before restarting authentication 60 sec • Max Users —The maximum number of authenticated supplicants on the port 1-64 64 Example console#show dot1x interface gigabitethernet 1/0/10 Administrative Mode............... Disabled Dynamic VLAN Creation Mode........ Disabled Monitor Mode......................
Syntax show dot1x interface {gigabitethernet unit/slot/port| tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port} statistics Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following table describes the significant fields shown in the display. Field Description Port The interface for which counters are displayed.
Field Description Invalid EAPOL Frames Received The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recognized. EAPOL Length Error Frames Received The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid. Last EAPOL Frame Version The protocol version number carried in the most recently received EAPOL frame.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays 802.1x users.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command clears all 802.1x and authentication manager history on the switch. Command History The clear dot1x authentication–history syntax was deprecated in favor of the clear authentication authentication-history in version 6.6 firmware. Example This examples clears all entries from the authentication log. console#clear authentication authentication-history 802.
Default Configuration The guest VLAN is disabled on the interface by default. Command Mode Interface Configuration (Ethernet) mode User Guidelines If configured, the guest VLAN is the VLAN to which 802.1X unaware clients are assigned. Configure the guest VLAN before using this command. By default, the switch retries authentication one time before assigning a supplicant to the guest VLAN. Command History Syntax updated in version 6.6 firmware.
Default Configuration The switch remains in the quiet state for 90 seconds. Command Mode Interface Configuration (Ethernet) mode User Guidelines It is recommended that the user set the dot1x timeout guest-vlan-period to at least three times the dot1x timeout tx-period timer so that at least three EAP Requests are sent, before assuming that the client is an 802.1X unaware client. An 802.
Command Mode Interface Configuration (Ethernet) mode User Guidelines The unauthenticated VLAN is the VLAN to which supplicants that fail 802.1x authentication are assigned. By default, the switch will retry authentication one time before assigning a user to the unauthenticated VLAN. Configure the unauthenticated VLAN before using this command. Command History Syntax updated in version 6.6 firmware. Example The following example sets the unauthenticated VLAN on Gi1/0/21/0/2 to VLAN 20.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays 802.1x advanced features for the switch.
Captive Portal Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches The Captive Portal feature is a software implementation that blocks both wired and wireless clients from accessing the network until user verification has been established. Verification can be configured to allow access for both guest and authenticated users. Authenticated users must be validated against a database of authorized Captive Portal users before access is granted.
interface session-timeout locale verification Captive Portal Client Connection Commands captive-portal client deauthenticate show captive-portal interface client status show captive-portal client status show captive-portal interface configuration status show captive-portal configuration client status – Captive Portal Local User Commands clear captive-portal users user-logout no user user name show captive-portal user user password user group user session-timeout Captive Portal Status Comma
Captive Portal Global Commands authentication timeout Use the authentication timeout command to configure the authentication timeout. If the user does not enter valid credentials within this time limit, the authentication page needs to be served again in order for the client to gain access to the network. Use the “no” form of this command to reset the authentication timeout to the default.
Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#captive-portal console(config-cp)# enable Use the enable command to globally enable captive portal. Use the “no” form of this command to globally disable captive portal. Syntax enable no enable Default Configuration Captive Portal is disabled by default. Command Mode Captive Portal Configuration mode.
http port Use the http port command to configure an additional HTTP port for captive portal to listen for connections. Use the “no” form of this command to remove the additional HTTP port from monitoring. Syntax http port port-num no http port • port-num — The port number on which the HTTP server listens for connections (Range: 1025–65535). Default Configuration Captive portal only monitors port 80 by default.
• port-num — The port number on which the HTTPS server listens for connections (Range: 1025–65535). Default Configuration Captive portal listens on port 443 by default. Command Mode Captive Portal Configuration mode. User Guidelines The port number should not be set to a value that might conflict with other wellknown protocol port numbers used on this switch.
Example console#show captive-portal Administrative Mode....................... Operational Status........................ Disable Reason............................ CP IP Address............................. Disabled Disabled Administrator Disabled 1.2.3.4 show captive-portal status Use the show captive-portal status command to report the status of all captive portal instances in the system. Syntax show captive-portal status Default Configuration There is no default configuration for this command.
Captive Portal Configuration Commands The commands in this section are related to captive portal configurations. block Use the block command to block all traffic for a captive portal configuration. Use the “no” form of this command to unblock traffic. Syntax block no block Default Configuration Traffic is not blocked by default. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command.
• cp-id — Captive Portal ID (Range: 1–10). Default Configuration Configuration 1 is enabled by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-cp)#configuration 2 console(config-cp 2)# enable Use the enable command to enable a captive portal configuration. Use the no form of this command to disable a configuration.
group Use the group command to configure the group number for a captive portal configuration. If a group number is configured, the user entry (Local or RADIUS) must be configured with the same name and the group to authenticate to this captive portal instance. Use the no form of this command to reset the group number to the default. Syntax group group-number no group • group-number — The number of the group to associate with this configuration (Range: 1–10).
Default Configuration No interfaces are associated with a configuration by default. Command Mode Captive Portal Instance Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-cp 2)#interface gi1/0/2 locale The locale command is not intended to be a user command. The administrator must use the Web UI to create and customize captive portal web content.
name (Captive Portal) Use the name command to configure the name for a captive portal configuration. Use the no form of this command to remove a configuration name. Syntax name cp-name no name • cp-name — CP configuration name (Range: 1–32 characters). Default Configuration Configuration 1 has the name “Default” by default. All other configurations have no name by default. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command.
Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-cp 2)#protocol http redirect Use the redirect command to enable the redirect mode for a captive portal configuration. Use the “no” form of this command to disable redirect mode. Syntax redirect no redirect Default Configuration Redirect mode is disabled by default. Command Mode Captive Portal Instance mode.
Syntax redirect-url url • url — The URL for redirection (Range: 1–512 characters). Default Configuration There is no redirect URL configured by default. Command Mode Captive Portal Instance mode. User Guidelines The administrator must enable redirect mode before executing this command. Example console(config-cp 2)#redirect-url www.dell.com session-timeout Use the session-timeout command to configure the session timeout for a captive portal configuration.
User Guidelines There are no user guidelines for this command. Example console(config-cp 2)#session-timeout 86400 console(config-cp 2)#no session-timeout verification Use the verification command to configure the verification mode for a captive portal configuration. Syntax verification { guest | local | radius } • guest — Allows access for unauthenticated users (users that do not have assigned user names and passwords). • local — Authenticates users against a local user database.
Captive Portal Client Connection Commands captive-portal client deauthenticate Use the captive-portal client deauthenticate command to deauthenticate a specific captive portal client. Syntax captive-portal client deauthenticate macaddr • macaddr — Client MAC address. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode. User Guidelines There are no user guidelines for this command. Example console#captive-portal client deauthenticate 0002.BC00.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal client status Client MAC Address Client IP Address Protocol ------------------ ----------------- -------0002.BC00.1290 10.254.96.47 https 0002.BC00.1291 10.254.96.48 https 0002.BC00.1292 10.254.96.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal configuration client status CP ID CP Name Client MAC Address Client IP Address ----- --------------- ------------------ ----------------1 cp1 0002.BC00.1290 10.254.96.47 0002.BC00.1291 10.254.96.48 2 cp2 0002.BC00.1292 10.254.96.49 3 cp3 0002.BC00.1293 10.254.96.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal interface client status Client Client Intf Intf Description MAC Address IP Address ------ ----------------------------------- ----------------- --------------Gi1/0/1 Unit: 1 Slot: 0 Port: 1 Gigabit 0002.BC00.1290 10.254.96.47 0002.BC00.1291 10.254.96.48 Gi1/0/2 Unit: 1 Slot: 0 Port: 2 Gigabit 0002.BC00.1292 10.254.96.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal interface configuration status CP ID CP Name Interface Interface Description ----- -------- --------- -----------------------------------1 Default Gi1/0/1 Unit:1 Slot: 0 Port: 1 Gigabit .
Command Mode Privileged Exec mode. User Guidelines There are no user guidelines for this command. Example console#clear captive-portal users no user Use the no user command to delete a user from the local user database. If the user has an existing session, it is disconnected. Syntax no user user-id • user-id — User ID (Range: 1–128). Default Configuration There is no default configuration for this command. Command Mode Captive Portal Configuration mode.
Syntax show captive-portal user [user-id] • user-id — User ID (Range: 1–128). Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
Syntax user user-id group group-id • user-id — User ID (Range: 1–128). • group-id — Group ID (Range: 1–10). Default Configuration A user is associated with group 1 by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-cp)#user 1 group 3 user-logout Use the user-logout command in Captive Portal Instance mode to enable captive portal users to log out of the portal (versus having the session time out).
User Guidelines There are no user guidelines for this command. Example In this example, all classes of entries in the mac address-table are displayed. console(config)#captive-portal console(config-cp)#user 1 name asd console(config-cp)#configuration 1 console(config-cp 1)#user-logout console(config-cp 1)#no user-logout user name Use the user name command to modify the user name for a local captive portal user. Syntax user user-id name name • user-id — User ID (Range: 1–128).
user password Use the user password command to create a local user or change the password for an existing user. Syntax user user-id password {password | encrypted enc-password} • user-id — User ID (Range: 1–128). • password — User password (Range: 8–64 characters). • enc-password — User password in encrypted form. Default Configuration There are no users configured by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command.
• timeout — Session timeout. 0 indicates use global configuration (Range: 0–86400 seconds). Default Configuration The global session timeout is used by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command.
User Guidelines There are no user guidelines for this command. Example console#show captive-portal configuration 1 CP ID..................................... 1 CP Name................................... cp1 Operational Status........................ Disabled Disable Reason............................ Administrator Disabled Blocked Status............................ Not Blocked Configured Locales........................ 1 Authenticated Users.......................
CP Name................................... cp1 Operational Block Interface Interface Description Status Status --------- ---------------------------------------- ------------ --------Gi1/0/1 Unit: 1 Slot: 0 Port: 1 Gigabit - Level Disabled Blocked console#show captive-portal configuration 1 interface gi1/0/1 CP ID..................................... 1 CP Name................................... cp1 Interface................................. Gi1/0/1 Interface Description.....................
en show captive-portal configuration status Use the show captive-portal configuration status command to display information about all configured captive portal configurations or about a specific captive portal configuration. Syntax show captive-portal configuration [ cp-id ] status • cp-id — Captive Portal ID. Default Configuration There is no default configuration for this command.
Captive Portal User Group Commands user group Use the user group command to create a user group. Use the no form of this command to delete a user group. The default user group (1) cannot be deleted. Syntax user group group-id no user group group-id group-id — Group ID (Range: 1–10). Default Configuration User group 1 is created by default and cannot be deleted. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command.
Default Configuration There is no default configuration for this command. Command Mode Captive Portal Configuration mode User Guidelines The new group-id must already exist. Example console(config-cp)#user group 2 console(config-cp)#user 1 group 2 console(config-cp)#user group 2 moveusers 3 user group name Use the user group name command to configure a group name. Syntax user group group-id name name • group-id — Group ID (Range: 1–10). • name — Group name (Range: 1–32 alphanumeric characters).
Denial of Service Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches The Dell EMC Networking DoS capability supports a package of filters intended to provide network administrators the ability to reduce network exposure to common attack vectors. The following list shows the DoS attack detection Dell EMC Networking supports.
• – TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and – TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and – TCP Sequence Number = 0 or TCP Flags SYN and FIN set. TCP Offset: – • TCP SYN: – • TCP Flags FIN and URG and PSH set and TCP Sequence Number = 0. ICMP V6: – • TCP Flags SYN and FIN set. TCP FIN & URG & PSH: – • TCP Flag SYN set. TCP SYN & FIN: – • Checks for TCP header offset =1. Limiting the size of ICMPv6 Ping packets.
dos-control firstfrag Use the dos-control firstfrag command in Global Configuration mode to enable Minimum TCP Header Size Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having a TCP Header Size smaller than the configured value, the packets are dropped. Syntax dos-control firstfrag [size] no dos-control firstfrag • size —TCP header size. (Range: 0-255). The default TCP header size is 20. ICMP packet size is 512.
Syntax dos-control icmp [size ] no dos-control icmp • size — Maximum ICMP packet size. (Range: 0-16376). If size is unspecified, the value is 512. Default Configuration Denial of Service is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example activates the Maximum ICMP Packet Denial of Service protection with a maximum packet size of 1023.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example activates L4 Port Denial of Service protection. console(config)#dos-control l4port dos-control sipdip Use the dos-control sipdip command in Global Configuration mode to enable Source IP Address = Destination IP Address (SIP=DIP) Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack.
dos-control tcpflag Use the dos-control tcpflag command in Global Configuration mode to enable TCP Flag Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having TCP Flag SYN set and a source port less than 1024, having TCP Control Flags set to 0 and TCP Sequence Number set to 0, having TCP Flags FIN, URG, and PSH set and TCP Sequence Number set to 0, or having TCP Flags SYN and FIN both set, the packets are dropped.
no dos-control tcpfrag Default Configuration Denial of Service is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example activates TCP Fragment Denial of Service protection. console(config)#dos-control tcpfrag rate-limit cpu Use the rate-limit cpu command to reduce the amount of unknown unicast/multicast packets forwarded to the CPU on CoS queues 0 and 1.
Command Modes Global Configuration mode User Guidelines Unknown multicast and IPv4/IPv6 data packets destined to hosts in the connected networks on the router for which the MAC address is not resolved are trapped to CPU to trigger the ARP/neighbor discovery resolution of those hosts. When the ARP or neighbor table is filled, the switch cannot accommodate new entries. In this case, there is no value in receiving the unresolved IPv4/IPv6 packets.
status bytes ------ ---------free 1055653888 alloc 672153600 CPU Utilization: PID Name 5 Secs 60 Secs 300 Secs ---------- ------------------- -------- -------- -------1129 osapiTimer 0.09% 0.02% 0.01% 1137 bcmCNTR.0 0.19% 0.28% 0.30% 1142 bcmRX 18.00% 12.04% 11.10% 1155 bcmLINK.0 0.39% 0.37% 0.36% 1156 cpuUtilMonitorTask 0.09% 0.04% 0.04% 1170 nim_t 0.09% 0.07% 0.07% 1222 snoopTask 0.09% 0.02% 0.02% 1243 ipMapForwardingTask 27.30% 24.19% 29.06% 1257 tRtrDiscProcessingT 0.09% 0.01% 0.00% 1291 RMONTask 0.
Example The following example displays Denial of Service configuration information. console#show dos-control SIPDIP Mode...............................Disable First Fragment Mode.......................Disable Min TCP Hdr Size..........................20 TCP Fragment Mode........................ Disable TCP Flag Mode.............................Disable L4 Port Mode..............................Disable ICMP Mode.................................Disable Max ICMP Pkt Size.........................
storm-control broadcast Use the storm-control broadcast command to enable broadcast storm recovery mode for a specific interface. Use the no form of the command to disable storm control or to return the configuration to the default. Syntax storm-control broadcast [{level level| rate rate | action {shutdown | trap}] no storm-control broadcast [level| rate | action] • level— The configured rate as a percentage of link bandwidth (Range: 0100) • rate — The configured rate in packets per second.
Either the trap action or the shutdown action may be specified, but not both. The trap action issues a log message and a trap when the configured threshold is exceeded. Traffic exceeding the threshold is dropped. The shutdown action shuts down the interface, puts the interface into the Ddisable state, issues a log message (WARNING) and a trap. The operator may bring the port back into service using the no shutdown command.
Default Configuration By default, multicast storm control is not enabled on any interfaces. The default threshold for multicast traffic is 5% of link bandwidth. The default behavior is to rate limit (drop) traffic exceeding the configured threshold. The default action is no action. Command Mode Interface Configuration (Ethernet) mode, Interface Range mode User Guidelines Multicast storm control applies to unknown multicast (i.e.
console(config)#interface range gi1/0/1-24 console(config-if)#storm-control multicast level 20 console(config-if)#storm-control multicast action shutdown console(config-if)#exit storm-control unicast Use the storm-control unicast command in Interface Configuration mode to enable storm control for an interface. Unicast storm control limits the number of unicast destination lookup failures (DLFs). Use the no form of the command to disable unicast storm control or to return the configuration to the default.
Unicast storm control can issue a trap and drop packets in excess of the configured rate (level) or shut down the port when the rate is exceeded. Setting the level, rate or action enables storm control. The shutdown action disables the interface when a packet storm is detected. The trap action issues an SNMP trap to configured SNMP agents. Unicast storm control can only be enabled on Ethernet interfaces. It cannot be configured on port channels.
Management ACL Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches In order to ensure the security of the switch management features, the administrator may elect to configure a management access control list. The Management Access Control and Administration List (ACAL) component is used to ensure that only known and trusted devices are allowed to remotely manage the switch via TCP/IP.
deny (management) permit (management) management access-class show management access-class management access-list show management access-list no priority (management) – deny (management) Use the deny command in Management Access-List Configuration mode to set conditions for disallowing packets to flow to the switch management function.
• service service — Indicates service type. Can be one of the following: telnet, ssh, http, https, tftp, snmp, sntp, or any. The any keyword indicates that the service match for the ACL is effectively “don’t care”. • priority priority — Priority for the rule. (Range: 1–64) Default Configuration This command has no default configuration.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The active management access-list processes IPv4 TCP/UDP packets only. Packets for certain management protocols are allowed to pass to the CPU without processing by the management ACL list.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines A management access list is only supported on the switched interfaces. It is not supported on the out-of-band interface. This command enters the access-list configuration mode, where access conditions may be defined with deny and permit commands. If no match criteria are defined the default is to deny the packet (i.e., the packet is dropped).
console(config-macal)# exit console(config) # management access-class mlist no priority (management) Use the no priority command to remove a permit or deny condition from a Management Access list. Syntax no priority priority priority-value—The priority of the permit or deny rule to be removed. The range is 1 to 64. Default Configuration This command has no default configuration.
permit {gigabitethernet unit/slot/port | vlan vlan-id | port-channel portchannel-number | tengigabitethernet unit/slot/port |fortygigabitethernet unit/slot/port} [service service] [priority priority-value] permit service service [priority priority-value] permit priority priority-value • gigabitethernet unit/slot/port — A valid Gigabit Ethernet routed port number. • vlan vlan-id — A valid VLAN number. • port-channel port-channel-number — A valid port channel number.
If the priority-value is not specified when inputing a rule, the system assigns the lowest numbered unused priority-value in the range 1–64. If a rule is input with an existing priority-value, the original rule is overwritten. Examples The following example shows how to allow global access for two management interfaces, Gigabit Ethernet 1/0/1 and Gigabit Ethernet 1/0/9.
User Guidelines This command has no user guidelines. Example The following example displays the management access-list information. console# show management access-class Management access-class is enabled, using access list mlist show management access-list Use the show management access-list command to display management access-lists. Syntax show management access-list [name] • name — A valid access list name. (Range: 1–32 characters) Default Configuration This command has no default configuration.
Password Management Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches The Password Management component supports configuration of strength checks intended to ensure that network operators utilize passwords that are difficult to crack. In addition, the administrator can age passwords, ensure that operators do not reuse passwords, and lock out operator accounts when multiple attempts to enter incorrect passwords are detected.
logging in must enter the correct password within that count. Otherwise, that user is locked out form further remote switch access. Only an administrator with read/write access can reactivate that user. The user lockout feature is disabled by default. The user lockout feature applies to all users on all ports. The administrator can access the serial port even if he/she is locked out and reset the password or clear the config to regain control of the switch.
• Maximum number of consecutive numbers (such as 1234). • Maximum number of repetition of characters or numbers (such as 1111 or aaaa). • Minimum password length. Configuring a minimum or maximum limit of 0 (as applicable) means the restriction is disabled. If enabled, the password strength feature applies to all login passwords (user, line, and enable).
passwords aging Use the passwords aging command in Global Configuration mode to implement aging on passwords for local users. When a user’s password expires, the user is prompted to change it before logging in again. Use the no form of this command to set the password aging to the default value. Syntax passwords aging 1-365 no passwords aging Default Configuration The default value is 0. Command Mode Global Configuration mode User Guidelines A value of 0 days disables password aging.
Syntax passwords history 0-10 no passwords history Default Configuration The default value is 0. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the number of previous passwords remembered by the system at 10.
Command Mode Global Configuration mode. User Guidelines Password lockout only applies to users with authentication configured to local. RADIUS or TACACS authenticated users will use policies configured on the respective RADIUS/TACACS servers. Example The following example sets the number of user attempts before lockout at 2.
Example The following example configures user bob with password xxxyymmmm and user level 15. (config)# username bob password xxxyyymmm privilege 15 passwords strength-check Use the passwords strength-check command in Global Configuration mode to enable the Password Strength feature. The command is used to enable the checking of password strength during user configuration. Use the no form of the command to disable the Password Strength feature.
minimum strength check character classes if password strength checking is desired. Use the minimum character class check to require the user to enter a password that passes the minimum strength check for more than one minimum strength check character class. Minimum character class checking validates passwords that contain a character matching a configured character class.
User Guidelines This limit is not enforced unless the passwords strength minimum uppercase-letters command is configured with a value greater than 0. In other words, with a configuration of 0, a password consisting entirely of upper case letters will pass the minimum strength check criteria. Example console(config)#passwords strength minimum uppercase-letters 6 passwords strength minimum lowercase-letters Use this command to enforce a minimum number of lowercase letters that a password must contain.
passwords strength minimum numericcharacters Use this command to enforce a minimum number of numeric numbers that a password should contain. The valid range is 0–16. The default is 1. A minimum of 0 means no restriction on that set of characters. Use the no form of this command to reset the minimum numeric characters to the default value. Syntax passwords strength minimum numeric–characters 0–16 no passwords strength minimum numeric–characters Default Configuration The default value is 1.
Syntax passwords strength minimum special–characters 0–16 no passwords strength minimum special–characters Default Configuration The default value is 1. Command Mode Global Configuration User Guidelines This limit is not enforced unless the passwords strength minimum specialcharacters command is configured with a value greater than 0. In other words, a configuration of 0 allows a password consisting entirely of special characters to pass strength check validation.
Default Configuration The default value is 0. Command Mode Global Configuration User Guidelines This command has no user guidelines. Example console(config)#passwords strength max-limit consecutive-characters 3 passwords strength max-limit repeatedcharacters Use this command to enforce a maximum repeated characters that a password should contain. If password has repetition of characters more than the configured max-limit, it fails to configure. The valid range is 0-15. The default is 0.
Example console(config)# passwords strength max-limit repeated-characters 3 passwords strength minimum character-classes Use this command to enforce a minimum number of character classes that a password must contain. Character classes are uppercase letters, lowercase letters, numeric characters and special characters. The valid range is 0-4. The default is 0. If a value of 0 is configured then no character class checking is performed, i.e.
A value greater than 0 specifies the minimum number of character class tests a password must contain. A value of 0 disables checking that the password contains characters from the requisite number of character classes. Minimum character class checking validates passwords that contain at lease one character matching a character class. If minimum character class checking is enabled, a password must contain at least one character from a minimum number of character classes to be valid.
User Guidelines This command has no user guidelines. Example console(config)#passwords strength exclude-keyword dell enable password encrypted This command is used by an Administrator to transfer the enable password between devices without having to know the password. Syntax enable password password encrypted Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines The password parameter must be exactly 128 hexadecimal characters.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed by this command. Parameter Description Minimum Password Length Minimum number of characters required when changing passwords. Password History Number of passwords to store for reuse prevention. Password Aging Length in days that a password is valid. Lockout Attempts Number of failed password login attempts before lockout.
Parameter Description Minimum Password Character Classes Minimum number of character classes (uppercase, lowercase, numeric and special) required when configuring passwords. Password Exclude-Keywords Minimum number of character classes (uppercase, lowercase, numeric and special) required when configuring passwords. Example The following example displays the command output. console#show passwords configuration Passwords Configuration ----------------------Minimum Password Length........................
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the command output. console#show passwords result Last User whose password is set....................... dell Password strength check............................ Enable Last Password Set Result: Reason for failure: Could not set user password! Password should contain at least 4 uppercase letters.
SSH Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Management access to the switch is supported via telnet, SSH, or the serial console. The Dell EMC Networking supports secure shell (SSH) and secure sockets layer (SSL) to help ensure the security of network transactions. Keys and certificates can be generated externally (that is, offline) and downloaded to the target or generated directly by the Dell EMC Networking switch.
Default Configuration DSA key pairs do not exist. Command Mode Global Configuration mode User Guidelines DSA keys are generated in pairs: one public DSA key and one private DSA key. These keys are used the encrypt communication with the switch when using SSH or HTTPS. If your switch already has DSA keys when you issue this command, you are warned and prompted to replace the existing keys. Existing certificates generated from the previous keys will be invalidated.
Default Configuration RSA key pairs do not exist. Command Mode Global Configuration mode User Guidelines RSA keys are generated in pairs: one public RSA key and one private RSA key. These keys are used to encrypt communication with the switch when using SSH. If your switch already has RSA keys when you issue this command, you are warned and prompted to replace the existing keys.
Default Configuration By default, this command has no public keys configured. Command Mode Global Configuration mode User Guidelines This public key is used to authenticate an administrator to the switch when using SSH. This avoids the need for the administrator to enter a password on every login. Enclose the key string is quotes. The Key String is the contents of the public key in uu-encoded format.
Syntax crypto key zeroize pubkey-chain ssh [user-key username] Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode. User Guidelines The SSH server requires the public and private keys RSA/DSA keys to operate.
ssh_host_key.pub ssh_host_rsa_key.pub The crypto key zeroize dsa command removes the following files: ssh_host_dsa_key ssh_host_dsa_key.pub Removing the keys does not terminate existing SSH sessions. Example console(config)#crypto key zeroize rsa ip scp server enable Use the ip scp server enable command to enable SCP server functionality for SCP push operations on the switch, which allows files to be transferred from the host device to the switch using the SCP protocol.
The SCP server shares the key and certificate configuration with the SSH server. To enable the SCP server, follow the same steps as for enabling the SSH server. The maximum number of simultaneous SSH/SCP sessions is 5. During SCP file transfer operations, switch management operations are blocked. Command History Command introduced in version 6.6 firmware. Example These are examples of commands that may be used on a Linux host to send files to the switch. scp switch-config.txt user@10.27.6.
User Guidelines The SSH TCP port should not be set to a value that might conflict with other well-known protocol port numbers used on this switch. The following nonexhaustive list of ports are reserved to the system and may not be able to be configured for another purpose: 23 (telnet), 80 (HTTP), 161,162 (SNMP), 514, (SYSLOG), 546,547 (DHCPv6), 2222 (SSH). Example The following example specifies the port to be used by the SSH server as 8080.
Example The following example enables public key authentication for incoming SSH sessions. console(config)#ip ssh pubkey-auth ip ssh server Use the ip ssh server command in Global Configuration mode to enable the switch to be configured using SSH. To disable this function, use the no form of this command. Syntax ip ssh server no ip ssh server Default Configuration The SSH server is disabled by default.
console(config)#crypto key generate dsa Do you want to overwrite the existing DSA keys? (y/n):y DSA key generation started, this may take a few minutes... DSA key generation complete. console(config)#ip ssh server key-string Use the key-string SSH Public Key Configuration mode to specify an SSH public key manually. Syntax key-string key-string key-string row key-string • row — To specify the SSH public key row by row.
The switch accepts keys up to 2048 bits in length. Command History Modified in version 6.5 firmware. Examples The following example shows how to enter a single public key string for a user called “bob.
User Guidelines The SSH capability only supports user name and password authentication to the target device. Example console#ssh mysshserver.dell.net username john Command History Command introduced in firmware release 6.6.1. show crypto key mypubkey Use the show crypto key mypubkey command to display the SSH public keys of the switch. Syntax show crypto key mypubkey [rsa | dsa] • rsa — RSA key. • dsa — DSA key. Default Configuration This command has no default configuration.
R2VaSN/WC0IK53j9re4B11AE+O3qAxwJs0KD7cTkvF9I+YdiXeOM8VE4skkw AiyLDNVWXgNQ6iat8+8Mjth+PIo5t3HykYUCkD8B1v93nzi/sr4hHHJCdx7w wRW3QtgXaGwYt2rdlr3x8ViAF6B7AKYd8xGVVjyJTD6TjrCRRwQHgB/BHsFr z/Rl1SYa0vFjel/7/0qaIDSHfHqWhajYkMa4xPOtIye7oqzAOm1b76l28uTB luBEoLQ+PKOKMiK8sQ== Fingerprint(hex): 58:7f:5c:af:ba:d3:60:88:42:00:b0:2f:f1:5a:a8:fc Fingerprint(bubbleBabble): xodob-liboh-heret-tiver-dyrib-godac-pynah-muzytmofim-bihog-cuxyx show crypto key pubkey-chain ssh Use the show crypto key pubkey-chain ssh command to dis
-------- ------------------------------------------------bob 9A:CC:01:C5:78:39:27:86:79:CC:23:C5:98:59:F1:86 john 98:F7:6E:28:F2:79:87:C8:18:F8:88:CC:F8:89:87:C8 The following example displays the SSH public called “dana.
Active incoming sessions: IP Address User Name ------------- -------------------10.240.1.
Security Commands 1202
5 Data Center Technology Commands Dell EMC Networking N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON Series Switches The data center technology commands allow network operators to deploy centralized controllers capable of controlling network flows on an individualized basis. This section of the document contains the following data center technology commands: OpenFlow Commands.
OpenFlow Commands Dell EMC Networking N2000/N2100-ON/N3000-ON/N3100 Series Switches The OpenFlow feature configures the switch to be managed by a centralized OpenFlow Controller using the OpenFlow protocol. Openflow is not supported in a stacking environment. The OpenFlow agent has been validated with the Helium release of OpenDaylight (ODL).
Default Configuration No controllers are configured by default. Command Mode OpenFlow Configuration User Guidelines If connection to the controller over an interface other than the OOB interface is desired, use the OpenFlow mode command prior to issuing this command. Issuing the mode command after a connection has been established drops the connection. The connections are then re-attempted over the new interface as specified by the mode command.
console(config-of-switch)#controller ipv4 1.2.3.4 port 3435 security ssl hardware profile openflow Use the hardware profile openflow command to select the forwarding mode for the OpenFlow hybrid capability. Use the no form of the command to select the default forwarding capability. Syntax hardware profile openflow { full-match | layer2-match } no hardware profile openflow • full-match—Perform full matching when configured in OpenFlow 1.0 mode.
Command History Introduced in version 6.3.0.1 firmware. Example The following example configures OpenFlow 1.0 full matching, configures a connection to the controller at IPv4 address 1.2.3.4 TCP port 3435 using SSL security, and enables OpenFlow 1.0 on the switch. console(config)#hardware profile openflow full-match console(config)#openflow WARNING! OpenFlow does not operate on stack members. Enable OpenFlow on stand-alone switches only. console(config-of-switch)#controller ipv4 1.2.3.
User Guidelines This command configures the switch with a static IPv4 address. The switch must be configured in static mode in order to use the configured static address. Only IPv4 addresses are supported for OpenFlow controllers. OpenFlow operates on the stack master only. Flows may not be configured on stack members. Failover to the stack standby unit is not supported. OpenFlow should only be enabled on stand-alone switches and should not be enabled on stacks of switches. This restriction is not enforced.
mode Use the mode command to configure the selection of interfaces used to assign the IP address utilized for controller connections. Use the no form of the command to return the setting to the default. Syntax mode { auto | static | oob } no mode • auto—Automatically select the switch IP address • static—Use the configured static IP address • oob—Use the OOB interface IP address Default Configuration By default, the switch selects an IP address automatically (auto mode).
Once the IP address is selected, it is used until the interface goes down or the OpenFlow feature is disabled or, in case of automatic address selection, a more preferred interface becomes available. Only IPv4 addresses are supported for OpenFlow controllers. Changing the mode causes the connections to controllers to be dropped, and if properly configured, re-established.
WARNING! OpenFlow does not operate on stack members. Enable OpenFlow on stand-alone switches only. console(config-of-switch)#controller ipv4 1.2.3.4 port 3435 security ssl console(config-of-switch)#mode auto console(config-of-switch)#exit openflow Use the openflow command to enable OpenFlow on the switch (if disabled) and enter into OpenFlow configuration mode. Use the exit command to return to Global Configuration mode.
OpenFlow operates on the stack master only. Flows may not be configured on stack members. Failover to the stack standby unit is not supported. OpenFlow should only be enabled on stand-alone switches and should not be enabled on stacks of switches. This restriction is not enforced. Command History Introduced in version 6.3.0.1 firmware. Example This example enables OpenFlow 1.3 on a switch and configures a connection the controller at IPv4 address 1.2.3.4 TCP port 3435 using SSL security.
User Guidelines This command configures the switch to accept a connection request from a controller. When passive mode is enabled, the switch accepts TCP connections to ports 6632 and 6633 respectively using any switch IP address. In this mode, the switch continues to attempt to initiate connections to configured controllers. The OpenFlow component always initiates the SSL connections and does not accept SSL connections. OpenFlow operates on the stack master only.
Syntax protocol-version { 1.0 | 1.3 } no protocol-version • 1.0—Operate in OpenFlow 1.0 mode • 1.3—Operate in OpenFlow 1.3 mode Default Configuration By default, the switch operates in OpenFlow 1.3 mode. Command Mode OpenFlow Configuration User Guidelines If the administrator changes the OpenFlow variant while the OpenFlow feature is enabled, the switch automatically disables and re-enables the OpenFlow feature causing all flows to be deleted and connections to the controllers to be dropped.
console(config-of-switch)#controller ipv4 1.2.3.4 port 3435 security ssl show openflow Use the show openflow command to display OpenFlow configuration and status.
Parameter Description Disable Reason If the OpenFlow feature is operationally disabled then this status shows the reason for the feature to be disabled. IP Address IPv4 Address assigned to the feature. If the IP address is not assigned then the status is ‘None’. IP Mode IP mode assigned by the ‘openflow ip-mode’ command. The IP Mode can be “Auto”, “Static” or “ServicePort IP” Static IP Address Static IP address assigned by the ‘openflow static-ipaddress’ command.
Parameter Description Waiting for Space Entries Number of entries that are not currently in the hardware because the attempt to insert the entry failed. Flow Insertion Count. Total number of flows that were added to this table since the switch powered up. Flow Deletion Count. Total number of flows that were deleted from this table since the switch powered up. Insertion Failure Count. Total number of hardware insertion attempts that were rejected due to lack of space since the switch powered up.
Parameter Description Action The action specified by the flow. Duration The time since the flow was created Idle The time since the flow was hit. Installed in hardware Shows 0 if for some reason the flow could not be added in the hardware. Command History Introduced in version 6.3.0.1 firmware. Example This output shows an operationally disabled switch: console#show openflow Administrative Mode............................ Administrative Status.......................... Disable Reason.............
This example shows the output for OpenFlow 1.0 using the switch tables parameter: console#show openflow switch tables Flow Table...............................1 Flow Table Name..........................Forwarding Database Maximum Size.............................64 Number of Entries........................8 Hardware Entries.........................7 Software-Only Entries....................1 Waiting for Space Entries................0 Flow Insertion Count.....................1 Flow Deletion Count............
The following example shows the output when the switch groups parameter is given: console#show openflow switch groups Max Indirect Group Entries......................................... Current Indirect Group Entries in database......................... 1234 123 Max All Group Entries.............................................. Current All Group Entries in database.............................. 1234 123 Max Select Group Entries...........................................
Bucket Index Src MAC VLAN 28 : Output Port NA : Dst MAC NA : Reference Group Id NA NA 12345678 Bucket Index Src MAC VLAN 29 : Output Port NA : Dst MAC NA : Reference Group Id NA NA 12345678 Bucket Index Src MAC VLAN 30 : Output Port NA : Dst MAC NA : Reference Group Id NA NA 12345678 This examples shows the output for OpenFlow 1.
Duration (secs): Packet Count: 5 3 Idle (secs): 2 HW Priority: 65464 In HW: Yes Flow 000001F9 type “1DOT3” Match Criteria: Flow Table: 60 Ingress port: Gi1/0/1 VLAN ID: 1 Src MAC: 00:00:02:37:38:01 Dst MAC: 00:00:18:37:22:01 IP Protocol: 17 Action: Duration (secs): 2 Packet Count: 9879 Priority: 10 Egress Port: Gi1/0/1 VLAN PCP: 1 Src IP: 100.0.1.249 Dst IP: 192.0.1.
Layer 3 Routing Commands 6 The sections that follow describe commands that conform to the OSI model’s Network Layer (Layer 3). Layer 3 Routing commands enable routing protocols to perform a series of exchanges over various data links to route data between any two nodes in a network. These commands define the addressing and routing structure of the Internet. The Dell EMC N1100-ON Series switches do not support routing.
ARP Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000EON/N3100-ON Series Switches When a host has an IP packet to send on an Ethernet network, it must encapsulate the IP packet in an Ethernet frame. The Ethernet header requires a destination MAC address. If the destination IP address is on the same network as the sender, the sender uses the Address Resolution Protocol (ARP) to determine the MAC address associated with destination IP address.
ARP Aging Dynamic entries in the ARP cache are aged. When an entry for a neighbor router reaches its maximum age, the system sends an ARP request to the neighbor router to renew the entry. Entries for neighbor routers should remain in the ARP cache as long as the neighbor continues to respond to ARP requests. ARP cache entries for neighbor hosts are renewed more selectively.
Syntax arp [vrf vrf-name]ip-address hardware-address [ interface interface-id] no arp ip-address • vrf-name—The name of the VRF with which the ARP entry is to be associated. If no VRF is specified, the ARP entry is associated with the global ARP table. • ip-address — IP address of a device on a subnet attached to an existing routing interface. • hardware-address — A unicast MAC address for that device. • interface-id—An optional IP numbered or unnumbered (VLAN) interface identifier.
Example The following example creates an ARP entry consisting of an IP address and a MAC address. console(config)#arp 192.168.1.2 00A2.64B3.A245 arp cachesize Use the arp cachesize command in Global Configuration mode to configure the maximum number of entries in the ARP cache. To return the maximum number of ARP cache entries to the default value, use the no form of this command. Syntax arp cachesize integer no arp cachesize • integer — Maximum number of ARP entries in the cache.
arp dynamicrenew Use the arp dynamicrenew command in Global Configuration mode to enable the ARP component to automatically renew dynamic ARP entries when they age out. To disable the automatic renewal of dynamic ARP entries when they age out, use the no form of the command. Syntax arp dynamicrenew no arp dynamicrenew Default Configuration The default state is enabled.
cache capacity, enabling dynamic renew could prevent some neighbors from communicating because the ARP cache is full. Dynamic renewal should be disabled in these networks. Example console#configure console(config)#arp dynamicrenew console(config)#no arp dynamicrenew arp purge Use the arp purge command to cause the specified IP address to be removed from the ARP cache. Only entries of type dynamic or gateway are affected by this command.
The interface identifier is the identifier of the unnumbered interface, not the loopback interface from which the IP address is borrowed. When the IP address does not uniquely identify an ARP entry, the interface must be given to uniquely identify the ARP entry. The interface may be numbered or unnumbered. Example The following example removes the specified IP address from arp cache. console#arp purge 192.168.1.
arp retries Use the arp retries command in Global Configuration mode to configure the ARP count of maximum requests for retries. To return to the default value, use the no form of this command. Syntax arp retries integer no arp retries • integer — The maximum number of requests for retries. (Range: 0-10) Default Configuration The default value is 4 retries. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
Default Configuration The default value is 1200 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines 900 seconds as the timeout. console(config)#arp timeout 900 clear arp-cache Use the clear arp-cache command to remove all ARP entries of type dynamic from the ARP cache. Syntax clear arp-cache [vrf vrf-name] [gateway] • vrf-name—The name of the VRF instance on which the command operates.
Example The following example clears all entries ARP of type dynamic, including gateway, from ARP cache. console#clear arp-cache gateway clear arp-cache management Use the clear arp-cache management command to clear all entries that show as management arp entries in the show arp command. Syntax clear arp-cache management Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines.
ip local-proxy-arp Use the ip local proxy-arp command in Interface Configuration mode to enable proxying of ARP requests. This allows the switch to respond to ARP requests within a subnet where routing is not enabled. Syntax ip local-proxy-arp no ip local-proxy-arp Default Configuration Proxy arp is disabled by default. Command Mode Interface (VLAN) Configuration User Guidelines This command has no user guidelines. Example This example enables proxying of ARP requests on VLAN 10.
Syntax ip proxy-arp no ip proxy-arp Default Configuration Enabled is the default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The ip proxy-arp command is not available in interface range mode. Example The following example enables proxy arp for VLAN 15. (config)#interface vlan 15 console(config-if-vlan15)#ip proxy-arp show arp Use the show arp command to display all entries in the Address Resolution Protocol (ARP) cache.
Command Mode User Exec and Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The show arp command will display static (user-configured) ARP entries regardless of whether they are reachable over an interface or not. The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100 series switches. Example The following example shows show arp command output.
Bidirectional Forwarding Detection Commands Dell EMC Networking N3000E-ON/N3100-ON Series Switches Bidirectional Forwarding Detection (BFD) verifies bidirectional connectivity between forwarding engines, which can be a single hop or multiple hops away. The protocol works over any underlying transmission mechanism and protocol layer with a wide range of detection times, especially in scenarios where fast failure detection is required in data plane level for multiple concurrent sessions.
Command Mode Global Configuration User Guidelines BFD supports fast detection of forwarding failures on a routing interface. BFD provides an advantage for forwarding plane failure detection over that provided by the individual protocols, each having different hello protocol timers and detection periods. The BFD feature provides notification to BGP or OSPF when an interface is detected to not be in a forwarding state. No other routing protocols are supported. BFD is supported in the default VRF only.
Syntax bfd echo no bfd echo Default Configuration BFD echo mode is not enabled by default. Command Mode Interface (VLAN) Configuration and Interface (VLAN) range mode. User Guidelines BFD echo mode enables fast sending and turnaround of BFD echo packets. Use the bfd slow-timer command to adjust the sending of BFD control plane packets when BFD echo mode is enabled. Command History Introduced in version 6.2.0.1 firmware.
• transmit-interval—Refers to the desired minimum transmit interval, which is the minimum interval the user wants to use while transmitting BFD control packets. It is represented in milliseconds. Its range is 100 ms to 1000 ms with a change granularity of 100 ms and with a default value of 100 ms. • minimum-receive-interval—Refers to the required minimum receive interval, which is the minimum interval at which the system can receive BFD control packets. It is represented in milliseconds.
console(config-if-vlan100)#bfd interval 100 min_rx 100 multiplier 5 console(config-if-vlan100)#exit console(config)#interface te1/0/1 console(config-if-Te1/0/1)#switchport mode trunk bfd slow-timer This command configures the BFD periodic slow transmission interval for BFD Control packets. Use the no form of the command to return the slow transmission interval value to the default. Syntax bfd slow-timer receive-interval no bfd slow-timer • receive-interval—The slow transmission interval.
ip ospf bfd Use the ip ospf bfd command to enable sending of BFD events to OSPF on a VLAN routing interface. Use the no form of the command to disable sending of BFD events. Syntax ip ospf bfd no ip ospf bfd Default Configuration BFD is not enabled by default. Command Mode Interface (VLAN) Configuration mode User Guidelines BFD processing notifies OSPF of L3 connectivity issues with the peer. The interface must be a VLAN interface enabled for routing.
ipv6 ospf bfd Use the ipv6 ospf bfd command to enable sending of BFD events to OSPF on a VLAN routing interface. Use the no form of the command to disable sending of BFD events. Syntax ipv6 ospf bfd no ipv6 ospf bfd Default Configuration BFD is not enabled by default. Command Mode Interface (VLAN) Configuration mode User Guidelines BFD processing notifies OSPFv3 of level 3 connectivity issues with the peer. The interface must be a VLAN interfaced enabled for routing.
neighbor fall-over bfd This command enables BFD support for a BGP neighbor. Use the no form of the command to disable BFD for the specified BGP neighbor. Syntax neighbor{ ipv4-address | ipv6-address [interface vlan vlan-id ] fall-over bfd no neighbor { ipv4-address | ipv6-address [interface vlan vlan-id ] fall-over bfd interval • ipv4-address—The IPv4 address of a configured neighbor reachable over a VLAN routing interface expressed in dotted quad notation.
Syntax show bfd neighbor [details] [ip-address] • details—Display additional information regarding each BFD neighbor, including sent and received message counts. • ip-address—The IPv4 or IPv6 address of a BFD neighbor. Limits the output to the specific neighbor. Default Configuration There is no default configuration for this command.
Parameters Description Registered Protocol The protocol from which the BFD session was initiated and that is registered to receive events from BFD. (for example, BGP). Local Diag The diagnostic state specifying the reason for the most recent change in the local session state. Demand mode Indicates if the system wishes to use Demand mode. Note: Demand mode is not supported in Dell 6.6.1 8.0, Minimum transmit interval The minimum interval to use when transmitting BFD control packets.
Local IP address............................... Neighbor IP address............................ State.......................................... Interface...................................... Uptime......................................... Registered Protocol............................ Local Diag..................................... Demand mode.................................... Minimum transmit interval...................... Minimum receive interval....................... Operational transmit interval...
Border Gateway Protocol Commands Dell EMC Networking N3000E-ON/N3100-ON Series Switches This section describes the commands you use to view and configure Border Gateway Protocol (BGP), which is an exterior gateway routing protocol that you use to route traffic between autonomous systems. The BGP CLI commands are available in the N3000-ON/N3100 Series switches. On the N3000-ON Series switches, the BGP specific firmware must be loaded (e.g., N3000-ON_BGPvA.B.C.D.stk.
aggregate-address neighbor advertisementinterval (IPv6 Address Family Configuration) show bgp ipv6 bgp aggregate-differentmeds (BGP Router Configuration) neighbor allowas-in show bgp ipv6 aggregateaddress bgp aggregate-differentneighbor connect-retrymeds (IPv6 Address Family interval Configuration) show bgp ipv6 community bgp always-compare-med neighbor default-originate (BGP Router Configuration) show bgp ipv6 communitylist bgp client-to-client reflection (BGP Router Configuration) neighbor def
clear ip bgp neighbor next-hop-self (IPv6 Address Family Configuration) show ip bgp aggregateaddress clear ip bgp counters neighbor password show ip bgp community default-information originate (BGP Router Configuration) neighbor prefix-list (BGP Router Configuration) show ip bgp community-list default-information originate (IPv6 Address Family Configuration) neighbor prefix-list (IPv6 Address Family Configuration) show ip bgp extcommunitylist default metric (BGP Router neighbor remote-as Configu
ip bgp-community newformat neighbor timers show ip bgp update-group ip bgp fast-external-fallover neighbor update-source show ip bgp vpn4 ip community-list network (BGP Router Configuration) template peer ip extcommunity-list network (IPv6 Address Family Configuration) timers bgp match extcommunity redistribute (BGP) timers policy-apply delay maximum-paths (BGP Router Configuration) rd graceful-restart – – graceful-restart-helper router bgp Use the router bgp command to enable BGP and id
User Guidelines The no router bgp command disables BGP and all BGP configurations revert to default values. Alternatively, the administrator can use the no enable command in BGP router configuration mode to disable BGP globally without clearing the BGP configuration. ASNs 0, 56320–64511, and 65535 are reserved and cannot be used. Command History Introduced in version 6.2.0.1 firmware. Command updated in version 6.6 firmware.
User Guidelines This command enters address family configuration mode within the peer template. Policy commands configured within this mode apply to the address family.
console(config-rtr-tmplt)# address-family ipv4 console(config-rtr-tmplt-af)# send-community console(config-rtr-tmplt-af)# route-map RM4-IN in console(config-rtr-tmplt-af)# route-map RM4-OUT out console(config-rtr-tmplt-af)# exit console(config-rtr-tmplt)# address-family ipv6 console(config-rtr-tmplt-af)# send-community console(config-rtr-tmplt-af)# route-map RM6-IN in console(config-rtr-tmplt-af)# route-map RM6-OUT out console(config-rtr-tmplt-af)# exit console(config-rtr-tmplt)# exit console(config-router)
Command History Introduced in version 6.3.0.1 firmware. Example console(config-router)# address-family ipv4 vrf Red address-family ipv6 Use the address-family ipv6 command to enter IPv6 family configuration mode to specify IPv6 configuration parameters. Use the no form of the command to delete all IPv6 configuration. Syntax address-family ipv6 no address-family ipv6 Default Configuration By default, the exchange of IPv6 routes is disabled.
address-family vpnv4 unicast Use the address-family vpnv4 unicast command to configure a BGP routing session to advertise VPN IPv4 prefixes. Use the no form of this command to delete the VPN IPv4 configuration. Syntax address-family vpn4 unicast no address-family vpn4 unicast Default Configuration VPN-IPv4 address family mode is not configured by default.
Example The following example shows how to enter the VPN-IPv4 address family mode and to distribute VPN4-IPv4 addresses to a neighbor with the extended community attribute: console(config)# router bgp 10 console(config-router)# neighbor 1.1.1.1 remote-as 5000 console(config-router)# address-family vpnv4 unicast console(config-router-af)# neighbor 1.1.1.1 activate console(config-router-af)# neighbor 1.1.1.
AS_PATH of all contained routes is the same, the AS_PATH of the aggregate is the AS_PATH of the contained routes. Otherwise, if the contained routes have different AS_PATHs, the AS_PATH attribute includes an AS_SET with each of the AS numbers listed in the AS PATHs of the aggregated routes. If the as-set option is not configured, the aggregate is advertised with an empty AS_PATH. • summary-only – When specified, the more-specific routes within the aggregate address are not advertised to neighbors.
bgp aggregate-different-meds (BGP Router Configuration) Use the bgp aggregate-different-meds command to control the aggregation of routes with different multi-exit discriminator (MED) attributes. By default, BGP only aggregates routes that have the same MED value. Syntax bgp aggregate-different-meds no bgp aggregate-different-meds Default Configuration By default, all the routes aggregated by a given aggregate address must have the same MED value.
bgp aggregate-different-meds (IPv6 Address Family Configuration) Use the bgp aggregate-different-meds command to allow IPv6 routes with different MEDs to be aggregated. Syntax bgp aggregate-different-meds no bgp aggregate-different-meds Default Configuration By default, all the routes aggregated by a given aggregate address must have the same MED value.
bgp always-compare-med Use this command to compare MED values during the decision process in paths received from different autonomous systems. To revert to the default behavior, only comparing MED values from paths received from neighbors in the same AS, use the no form of this command. Syntax bgp always-compare-med no bgp aways-compare-med Default Configuration By default, all routes aggregated by a given aggregate address must have the same MED value.
bgp client-to-client reflection (BGP Router Configuration) Use the bgp client-to-client reflection command to enable client-to-client reflection. By default, a route reflector reflects routes received from its clients to its other clients. However, if a route reflector’s clients have a full iBGP mesh, the route reflector does not reflect to the clients.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#bgp client-to-client reflection bgp client-to-client reflection (IPv6 Address Family Configuration) Use the bgp client-to-client reflection command to enable client-to-client reflection. By default, a route reflector reflects routes received from its clients to its other clients. However, if a route reflector’s clients have a full iBGP mesh, the route reflector does not reflect to the clients.
routes to other clients within the cluster. When client-to-client reflection is disabled, a route reflector continues to reflect routes from non-clients to clients and from clients to non-clients. The same command is available in BGP Router Configuration mode for IPv4 routes. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#bgp client-to-client reflection bgp cluster-id Use the bgp cluster-id command to specify the cluster ID of a route reflector.
cluster ID. Route reflectors with the same cluster ID must have the same set of clients; otherwise, some routes may not be reflected to some clients. The same cluster ID is used for both IPv4 and IPv6 route reflection. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#bgp cluster-id 1 bgp default local-preference Use the bgp default local-preference command to enable the network operator to specify the default local preference.
preference on paths previously received is not changed; it is only applied to paths received after the change. To apply the new local preference to paths previously received, use clear ip bgp to force a soft inbound reset. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#bgp default local-preference 1 bgp fast-external-fallover Use this command to configure BGP to immediately reset the adjacency with an external peer if the routing interface to the peer goes down.
bgp fast-internal-fallover Use the bgp fast-internal-fallover command to configure BGP to immediately reset the adjacency with an internal peer when there is a loss of reachability to an internal peer. Syntax bgp fast-internal-fallover no bgp fast-internal-fallover Default Configuration By default, fast internal fallover is enabled. Command Mode BGP Router Configuration mode User Guidelines BGP tracks the reachability of each internal peer’s IP address.
Syntax bgp listen { limit max-number | range network/length [ inherit peer peertemplate-name ] } no bgp listen { limit | range network/length [ inherit peer peer-templatename ] } • limit max-number — Sets a maximum limit number of IPv4 BGP dynamic subnet range neighbors. The number is from 1 to 100. Default is 20. • range network/length — Specifies a listen subnet range that is to be created. The IP prefix representing a subnet is specified by network, and length is the subnet mask in bits.
neighbor for an IP address in the subnet range, a new BGP neighbor is dynamically configured on the local switch. Dynamically created neighbors are not displayed in the running-config. It is acceptable that the template peer name is not specified. In this case, all dynamic neighbors are created with the default parameters. The template peer name can be assigned/changed for a listen range at any time. The limit on the total number of both IPv4 and IPv6 listen range groups is 10.
User Guidelines Both backward and forward adjacency state changes are logged. Forward state changes, except for transitions to the Established state, are logged at the Informational severity level. Backward state changes and forward changes to Established are logged at the Notice severity level Command History Introduced in version 6.2.0.1 firmware.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#bgp maxas-limit 1 bgp router-id Use the bgp router-id command to set the BGP router ID. Syntax bgp router-id router-id no bgp router-id • router-id—An IPv4 address in dotted quad notation. This is the address for BGP to use as it’s router ID. Default Configuration There is no default BGP router ID. The system does not select a router ID automatically. One must be configured manually.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#bgp router-id 10.27.21.142 clear ip bgp Use the clear ip bgp command to reset peering sessions with all of a subnet of BGP peers. The command arguments specify which peering sessions are reset and the type of reset performed.
• in | out—If the in keyword is given, updates from the neighbor are reprocessed. If the out keyword is given, updates are resent to the neighbor. If neither keyword is given, updates are reprocessed in both directions. Default Configuration There is no default configuration. Command Mode Privileged Exec mode User Guidelines Soft inbound reset causes BGP to send a Route Refresh request to each neighbor being reset.
• vrf-name—This optional parameter identifies the VRF for which to clear counters. If not given, the default VRF counters are cleared. Default Configuration There is no default configuration. Command Mode Privileged Exec mode User Guidelines There are no user guidelines. Command History Introduced in version 6.3.0.1 firmware.
Command Mode BGP Router Configuration mode User Guidelines Origination of the default route is not subject to a prefix filter configured with the distribute-list out command. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#default-information originate default-information originate (IPv6 Address Family Configuration) Use this command in IPv6 Address Family Config mode to allow BGP to originate an IPv6 default route.
User Guidelines Origination of the default route is not subject to a prefix filter configured with the distribute-list out command. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#default-information originate default metric (BGP Router Configuration) This command sets the value of the Multi Exit Discriminator (MED) attribute on routes redistributed into BGP when no metric has been specified in the redistribute command.
Example console(config-router)#default-metric 1 default metric (IPv6 Address Family Configuration) This command sets the metric of redistributed IPv6 routes when a metric is not configured in the redistribute command. Syntax default-metric value no default-metric • value—The value to as the MED. The range is 1 to 4,294,967,295. Default Configuration By default, no default metric is set and no MED is included in redistributed routes.
Syntax distance distance [ prefix wildcard-mask [prefix-list] ] no distance distance [ prefix wildcard-mask [prefix-list] ] • distance—The preference value for matching routes. The range is 1 to 255. • prefix wildcard-mask— Routes learned from BGP peers whose address falls within this prefix are assigned the configured distance value. The wildcardmask is an inverted network mask whose 1 bits indicate the don’t care portion of the prefix.
Command History Introduced in version 6.2.0.1 firmware. Example To set the preference value of the BGP route to 100.0.0.0/8 from neighbor 10.1.1.1, use the following distance command: (R1) (Config)# ip prefix-list pfx-list1 permit 100.0.0.0/8 (R1) (Config)# router bgp 1 (R1) (Config-router)# distance 25 10.1.1.1 0.0.0.0 pfx-list1 To set the preference value to 12 for all BGP routes from neighbor 10.1.1.1, use the following distance command: (R1) (Config-router)# distance 12 10.1.1.1 0.0.0.
• local-distance—200 Command Mode BGP Router Configuration mode User Guidelines Different distance values can be configured for routes learned from external peers, routes learned from internal peers, and BGP routes locally originated. A route with a lower preference value is preferred to a route with a higher preference value to the same destination. Routes with a preference of 255 may not be selected as best routes and used for forwarding.
Default Configuration • external-distance—20 • internal-distance—200 • local-distance—200 Command Mode IPv6 Address Family Configuration mode User Guidelines Different distance values can be configured for routes learned from external peers, routes learned from internal peers, and BGP routes locally originated. A route with a lower preference value is preferred to a route with a higher preference value to the same destination.
Default Configuration No distribute lists are defined by default. Command Mode • BGP Router Configuration mode • IPv6 Address Family Configuration mode User Guidelines The distribute list is applied to all routes received from all neighbors. Only routes permitted by the prefix list are accepted. If the command refers to a prefix list that does not exist, the command is accepted and all routes are permitted. Command History Introduced in version 6.2.0.1 firmware.
Default Configuration No distribute lists are defined by default. Command Mode BGP Router Configuration mode User Guidelines Only one instance of this command may be defined for each route source (RIP, OSPF, static, connected). One instance of this command may also be configured as a global filter for outbound prefixes. If the command refers to a prefix list that does not exist, the command is accepted and all routes are permitted.
Default Configuration No distribute lists are defined by default. Command Mode IPv6 Address Family Configuration mode User Guidelines Only one instance of this command may be defined for each route source (RIP, OSPF, static, connected). One instance of this command may also be configured as a global filter for outbound prefixes. If the command refers to a prefix list that does not exist, the command is accepted and all routes are permitted.
Command Mode BGP Router Configuration mode User Guidelines When disabling BGP using no enable, BGP retains its configuration. The no router bgp command resets all BGP configuration to default values. When BGP is administratively disabled, BGP sends a NOTIFICATION message to each peer with a Cease error code. The no enable command persists in the running-config (and startup-config) only when a router-id has assigned using the bgp router-id command.
• regexp—A regular expression used to match the AS path attribute of a BGP path where the AS path is treated as an ASCII string. Default Configuration No AS path lists are configured by default. There are no default values for any of the parameters of this command. Command Mode Global Configuration mode User Guidelines An AS path access list filters BGP routes on the AS path attribute of a BGP route. The AS path attribute is a list of the autonomous system numbers along the path to the destination.
brackets [] Designates a range of single-character patterns. caret ^ Matches the beginning of the input string. dollar sign $ Matches the end of the input string. hyphen - Separates the end points of a range. period . Matches any single character, including white space. plus sign + Matches 1 or more sequences of the pattern. question mark ? Matches 0 or 1 occurrences of the pattern.
Syntax ip bgp-community new-format no ip bgp-community new-format Default Configuration Standard communities are displayed in AA:NN format. Command Mode Global Configuration mode User Guidelines RFC 1997 specifies that the first two bytes of a community number are considered to be an autonomous system number. The new format displays a community number as the ASN followed by a 16-bit AS-specific number. Command History Introduced in version 6.2.0.1 firmware.
Default Configuration Fast external fallover is enabled globally by default. There is no default interface configuration. Command Mode Interface (VLAN) Configuration mode User Guidelines This command overrides for a specific routing interface the fast external fallover behavior configured globally. If permit is specified, the feature is enabled on the interface, regardless of the global configuration. If deny is specify, the feature is disabled on the interface, regardless of the global configuration.
• no-advertise—The well-known standard community: NO_ADVERTISE (0xFFFFFF02), which indicates the community is not to be advertised. • no-export—The well-known standard community: NO_EXPORT, (0xFFFFFF01), which indicates the routes are not to be advertised outside the community. • no-export-subconfed—The well-known standard community: NO_EXPORT_SUBCONFED (0xFFFFFF03), which indicates the routes are not to be advertised to external BGP peers.
Example console(config)# ip community-list standard test permit ip extcommunity-list Use the ip extcommunity-list command to create an extended community list to configure VRF route filtering. Use the no form of the command to configure VRF route filtering. Syntax ip extcommunity-list standard-list [permit | deny][rt value] [soo value] no ip extcommunity-list standard-list • standard-list — A standard list number from 1 to 99 that identifies one or more permit or deny groups of extended communities.
Command Mode Global Config mode User Guidelines This command is used to configure numbered extended community lists. Extended community attributes are used to filter routes for VRFs. All the standard rules of access lists apply to the configuration of extended community lists. The route target (RT) and site of origin (SOO) extended community attributes are supported by the standard range of extended community lists.
Example The following example shows the creation of an extended community list that permits routes from route target 1:1 and site of origin 2:2 and denies routes from route target 3:3 and 4:4. (R1)(Config)# ip extcommunity-list 10 permit rt 1:1 (R1)(Config)# ip extcommunity-list 10 permit rt 2:2 (R1)(Config)# ip extcommunity-list 20 deny rt 3:3 rt 4:4 List 10 shows a logical OR condition which means the first match is processed.
no match extcommunity standard-list • standard-list—A standard list identifier that identifies one or more permit or deny groups of extended communities. The range if from 0–100. Default Configuration BGP extended community list attributes are not matched. Command Mode Route Map Configuration mode User Guidelines The match extcommunity command is used to configure match clauses that use extended community attributes in route maps.
no maximum-paths • number-of-paths—The maximum number of next hops in a BGP route. The range is from 1 to 32 unless the platform or currently selected SDM template further restricts the range. Default Configuration BGP advertises a single next hop by default. Command Mode BGP Router Config User Guidelines Paths are considered for ECMP when their attributes are the same (local preference, AS path, origin, MED, peer type and IGP distance).
Syntax maximum-paths number-of-paths no maximum-paths • number-of-paths—The maximum number of next hops in a BGP route. The range is from 1 to 32 unless the platform or SDM template further restricts the range. Default Configuration BGP advertises a single next hop by default. Command Mode IPv6 Address Family Configuration User Guidelines Paths are considered for ECMP when their attributes are the same (local preference, AS path, origin, MED, peer type and IGP distance).
Syntax maximum-paths ibgp number-of-paths no maximum-paths ibgp • number-of-paths—The maximum number of next hops in a BGP router. The range is from 1 to 32 unless the platform or SDM template further restricts the range. Default Configuration BGP uses a single next hop by default.
maximum-paths ibgp (IPv6 Address Family Configuration) Use this command to limit the number of ECMP next hops in IPv6 routes from internal peers. Syntax maximum-paths ibgp number-of-paths no maximum-paths ibgp • number-of-paths—The maximum number of next hops in a BGP router. The range is from 1 to 32 unless the platform or SDM template further restricts the range. Default Configuration BGP uses a single next hop by default.
Example console(config-router-af)#maximum-paths ibgp 5 neighbor activate Use this command to enable the exchange of IPv6 routes with a neighbor. To disable the exchange of IPv6 addresses, use the no form of this command. Syntax neighbor { ip-address | ipv6-address [ interface interface-id ]| autodetect interface interface-id }} activate no neighbor { ip-address | ipv6-address [ interface interface-id ]| autodetect interface interface-id }} activate • ip-address—The IP address of a peer.
Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example The following example enables the exchange of IPv6 routes with the external peer at 172.20.1.2 and sets the next hop for IPv6 routes sent to that peer. console console console console console console console console console (config)# router bgp 1 (config-router)# neighbor 172.20.1.2 remote-as 2 (config-router)# address-family ipv6 (Config-router-af)# neighbor 172.20.1.
Command Mode BGP Router Configuration mode User Guidelines RFC 4271 recommends the interval for internal peers be shorter than the interval for external peers to enable fast convergence within an autonomous system. This value does not limit the rate of route selection, only the rate of route advertisement. If BGP changes the route to a destination multiple times while waiting for the advertisement interval to expire, only the final result is advertised to the neighbor.
Default Configuration The default value is 30 seconds for external peers and 5 seconds for internal peers. Command Mode IPv6 Address Family Configuration mode User Guidelines RFC 4271 recommends the interval for internal peers be shorter than the interval for external peers to enable fast convergence within an autonomous system. This value does not limit the rate of route selection, only the rate of route advertisement.
no neighbor { ip-address | ipv6-address [ interface interface-id ] | autodetect interface interface-id } allowas-in • interface-id — A routing interface identifier beginning with the VLAN keyword. • ip-address — The neighbor’s IPv4 address. • ipv6-address [ interface interface-id ] — The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified.
neighbor connect-retry-interval Use this command in to configure the initial connection retry time for a specific neighbor. Syntax neighbor { ip-address | ipv6-address [ interface interface-id ] | autodetect interface interface-id} connect-retry-interval retry-time no neighbor { ip-address | ipv6-address [ interface interface-id ] | autodetect interface interface-id} connect-retry-interval • ip-address—The neighbor’s IPv4 address. • ipv6-address—The neighbor’s IPv6 address.
transitions to IDLE state if TCP returns an error, such as destination unreachable, on a connection attempt. The VLAN interface must also be specified if a link-local address is specified. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware.
User Guidelines By default, a neighbor-specific default has no MED and the Origin is IGP. Attributes may be set using an optional route map. A neighbor-specific default is only advertised if the Adj-RIB-Out does not include a default learned by other means, either from the default-information originate (BGP Router Configuration) command or a default learned from a peer. This type of default origination is not conditioned on the presence of a default route in the routing table.
Syntax neighbor { ip-address | ipv6-address [interface interface-id]} defaultoriginate [route-map map-name] • interface-id—A routing interface identifier (VLAN interface). • ip-address—The neighbor’s IPv4 address. • ipv6-address —The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. • map-name—(Optional) A route map may be configured to set attributes on the default route advertised to the neighbor.
terms, the default route is not advertised. If there is no route map with the route map name given, the default route is not advertised. The VLAN interface must also be specified if a link-local address is specified. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#neighbor FE80::0202:B3FF:FE1E:8329 interface vlan 10 default-originate neighbor description Use this command to record a text description of a neighbor.
Command Mode BGP Router Configuration mode IPv4 Address Family Configuration mode User Guidelines The VLAN interface must also be specified if a link-local address is specified. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware.
• autodetect interface interface-id — The VLAN routing interface on which the neighbor’s link local IPv6 address is auto detected. Use the vlan keyword and a VLAN ID. Range 1-4093. • hop-count — The maximum hop-count allowed to reach the neighbor. The allowed range is 1–255. Default Configuration The default hop count is 64. Command Mode BGP Router Configuration mode, IPv6 Address Family Configuration mode User Guidelines The ebgp-multihop parameter is relevant only for external BGP neighbors.
administrator can use a special keyword “autodetect” to refer to the link local IPv6 address of the neighbor. For example: “neighbor autodetect interface 0/21 remote-as 10000” There are several restrictions to this feature: 1 The “interface” can only refer to non-multiple access VLAN routing interfaces. It does not work on tunnels. 2 Only one “autodetect” neighbor can be configured per interface.
no neighbor { ip-address | ipv6-address [ interface interface-id ]} filter-list as-path-list-number {in | out} • interface-id—A routing interface identifier (VLAN interface). • ip-address—The neighbor’s IPv4 address. • ipv6-address —The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. • as-path-list-number —Identifies an AS path list. • in—The AS Path list is applied to advertisements received from the neighbor.
neighbor filter-list (IPv6 Address Family Configuration) This command filters BGP to apply an AS path access list to UPDATE messages received from or sent to a specific neighbor. Filtering for IPv6 is independent of filtering configured for IPv4. If an UPDATE message includes both IPv4 and IPv6 NLRI, it could be filtered for IPv4 but accepted for IPv6 or vice versa.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#neighbor FE80::0202:B3FF:FE1E:8329 interface vlan 10 filter-list 1 in neighbor inherit peer To configure a BGP peer to inherit peer configuration parameters from a peer template, use the neighbor inherit peer command. To remove the inheritance, use the no form of this command.
User Guidelines Neighbor session and policy parameters can be configured once in a peer template and inherited by multiple neighbors, eliminating the need to configure the same parameters for each neighbor. Parameters are inherited from the peer template specified and from any templates it inherits from. A neighbor can inherit directly from only one peer template. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware.
• ipv6-address [ interface interface-id] — The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. • autodetect interface interface-id — The VLAN routing interface on which the neighbor’s link local IPv6 address is auto detected. • local-as as-number — The AS number to advertise as the local AS in the AS PATH sent to the neighbor. The as-number is the router’s autonomous system number in asplain format.
• As well the local-as is not prepended to the routes received from the neighbor on which this command is configured. This command is allowed only on external BGP neighbors. A neighbor can inherit this configuration from a peer template. When the local-as is configured for a peer, the BGP peer adjacency gets reset. Command History Introduced in version 6.3.0.1 firmware. Command updated in version 6.6 firmware.
• maximum—The maximum number of prefixes BGP will accept from this neighbor. Range 0-4294967295. Values greater than the free space in the route table are not enforced. • threshold—The percentage of the maximum number of prefixes BGP configured for this neighbor. When the number of prefixes received from the neighbor exceeds this percentage of the maximum, BGP writes a log message. The range is 1 to 100 percent. The default is 75%.
Example console(config-router)#neighbor FE80::0202:B3FF:FE1E:8329 interface vlan 10 maximum-prefix unlimited neighbor maximum-prefix (IPv6 Address Family Configuration) In IPv6 address family configuration mode, the neighbor maximum-prefix command specifies the maximum number of IPv6 prefixes that BGP will accept from a given neighbor.
• warning-only—(Optional) If BGP receives more than the maximum number of prefixes, BGP writes a log message rather than shutting down the adjacency. Default Configuration There is no prefix limit by default. The default warning threshold is 75%. A neighbor that exceeds the limit is shut down by removing the adjacency unless the warning-only option is configured.
no neighbor { ip-address | ipv6-address [ interface interface-id ]} next-hopself • ip-address – The neighbor’s IPv4 address. • ipv6-address [ interface interface-id ] – The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. Default Configuration This is not enabled by default.
Syntax neighbor { ip-address | ipv6-address [ interface interface-id ]} next-hop-self no neighbor { ip-address | ipv6-address [ interface interface-id ]} next-hopself • ip-address – The neighbor’s IPv4 address. • ipv6-address [ interface interface-id ] – The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. Default Configuration This is not enabled by default.
neighbor password Use the neighbor password command to enable MD5 authentication of TCP segments sent to and received from a neighbor, and to configure an authentication key. Syntax neighbor { ip-address | ipv6-address [ interface interface-id ] | autodetect interface interface-id } password string no neighbor { ip-address | ipv6-address [ interface interface-id ]| autodetect interface interface-id} password • ip-address—The neighbor’s IPv4 address.
hold times, both passwords must be changed within 120 seconds to guarantee the connection is not dropped. The VLAN interface must also be specified if a link-local address is specified. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware.
Command Mode BGP Router Configuration mode User Guidelines Only one prefix list may be defined for each neighbor in each direction. If a prefix list that does not exist is assigned, all prefixes are permitted. The VLAN interface must also be specified if a link-local address is specified. Command History Introduced in version 6.2.0.1 firmware.
• out—Apply the prefix list to advertisements to be sent to this neighbor. Default Configuration No prefix list is configured. Command Mode IPv6 Address Family Configuration mode User Guidelines Only one prefix list may be defined for each neighbor in each direction. If a prefix list that does not exist is assigned, all prefixes are permitted. In IPv6 address family mode, the command accepts either an IPv4 or an IPv6 address. Command History Introduced in version 6.2.0.1 firmware.
• ipv6-address—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. This command is available in IPv6 address family mode. • interface vlan vlan-id—The local routing interface/VLAN ID over which the IPv6 neighbor can be reached. Range: 1-4093. • autodetect interface interface-id—(Optional) The routing interface on which the neighbor’s link local IPv6 address is auto detected. The interface-id must be a VLAN routing interface.
Syntax neighbor { ip-address | ipv6-address [interface vlan vlan-id]} removeprivate-as [ all replace-as ] no neighbor { ip-address | ipv6-address [interface vlan vlan-id]} removeprivate-as • ip-address – The neighbor’s IPv4 address. • ipv6-address– The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. • interface vlan vlan-id – The local interface/VLAN ID over which the IPv6 neighbor can be reached. Range 1-4093.
Example console(config-router)#neighbor 10.130.14.55 remove-private-as neighbor rfc5549-support Use the neighbor rfc5549-support command to enable advertisement of IPv4 routes over IPv6 next hops selectively to an external BGP IPv6 peer. To disable advertisement of these routes, use the no form of this command.
Example The following example results in the connected IPv4 networks 1.1.1.0/24 and 2.2.2.0/24 advertised with next hop set to 2001::1 only to eBGP IPv6 peer 2001::2 and not to eBGP peer 2002::2.
Default Configuration No route maps are applied by default. Command Mode A route map can be used to change the local preference, MED, or AS Path of a route. Routes can be selected for filtering or modification using an AS path access list or a prefix list. If a neighbor route-map statement refers to a nonexistent route map, all routes are denied. Neighbor route maps configured with this command in router configuration mode are only applied to IPv4 routes.
• ipv6-address—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. Valid in IPv6 address family mode. • interface vlan vlan-id—The local interface/VLAN ID over which the IPv6 neighbor can be reached. Range 1-4093. • route-map map-name—The name of the route map to be used to filter route updates on the specified interface. • in | out—Whether the route map is applied to incoming or outgoing routes.
neighbor route-reflector-client (BGP Router Configuration) To configure an internal peer as an IPv4 route reflector client, use the neighbor route-reflector-client command. Syntax neighbor ip-address route-reflector-client no neighbor ip-address route-reflector-client • ip-address—The neighbor’s IPv4 address. Default Configuration Peers are not route reflector clients by default.
Example console(config-router)#neighbor 10.130.14.55 route-reflector-client neighbor route-reflector-client (IPv6 Address Family Configuration) To configure an internal peer as an IPv4 route reflector client, use the neighbor route-reflector-client command. Syntax neighbor { ip-address | ipv6-address [ interface vlan vlan-id ] } routereflector-client no neighbor { ip-address | ipv6-address [ interface vlan vlan-id ]} routereflector-client • ip-address—The neighbor’s IPv4 address.
An external peer may not be configured as a route reflector client. When reflecting a route, BGP ignores the set statements in an outbound route map to avoid causing the receiver to compute routes that are inconsistent with other routers in the AS. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#neighbor 10.130.14.
Example console(config-router)#neighbor 10.130.14.55 send-community neighbor send-community (IPv6 Address Family Configuration) In IPv6 address family configuration mode, the neighbor send-community command tells BGP to send the COMMUNITIES attribute with routes advertised to the peer. Syntax neighbor { ip-address | ipv6-address [ interface interface-id ]} sendcommunity no neighbor { ip-address | ipv6-address [ interface interface-id ]} sendcommunity • ip-address – The neighbor’s IPv4 address.
neighbor shutdown Use the neighbor shutdown command to administratively disable communications with a specific BGP neighbor. The effect is to gracefully bring down the adjacency with the neighbor. If the adjacency is up when the command is given, the peering session is dropped and all route information learned from the neighbor is purged.
User Guidelines When a neighbor is shut down, BGP first sends a NOTIFICATION message with a Cease error code. When an adjacency is administratively shut down, the adjacency stays down until administratively re-enabled (using no neighbor shutdown). Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console(config-router)#neighbor 10.130.14.
• keepalive—The time, in seconds, between BGP KEEPALIVE packets sent to a neighbor. The range is 0 to 65,535 seconds. A small internal jitter is applied to the keepalive interval timer in order to reduce the CPU load that may occur when multiple timers expire simultaneously. • holdtime—The time, in seconds, that BGP continues to consider a neighbor to be alive without receiving a BGP KEEPALIVE or UPDATE packet from the neighbor.
Syntax neighbor { ip-address | ipv6-address [ interface vlan vlan-id ] | autodetect interface interface-id }} update-source interface no neighbor { ip-address | ipv6-address [ interface vlan vlan-id ] | autodetect interface interface-id }} update-source • ip-address—The neighbor’s IPv4 address. This is the IP address of the neighbor on the connected link. • ipv6-address—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified.
It is common to use an IP address on a loopback interface as an update source because a loopback interface is always reachable as long as any routing interface is up. The peering session will stay up as long as the loopback interface remains reachable. If you use an IP address on a routing interface, then the peering session will go down if that interface goes down. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console(config-router)#neighbor 10.130.
• prefix-length—The length of the IPv6 prefix given as part of the ipv6prefix. Required if a prefix is specified. A decimal value in the range 1 to 128 that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address) in /length format. A slash mark must precede the decimal value in /length format. • rm-name—The name of a route map used to filter prefixes or set attributes of prefixes advertised by this network.
network (IPv6 Address Family Configuration) In IPv6 address family configuration mode, the network command identifies network IPv6 prefixes that BGP originates in route advertisements to its neighbors. Syntax network prefix mask network-mask [ route-map rm-name ] no network prefix mask network-mask [ route-map rm-name ] network ipv6-prefix/prefix-length [ route-map rm-name ] no network ipv6-prefix/prefix-length • prefix—An IPv4 address prefix in dotted decimal notation.
User Guidelines BGP supports up to 64 networks. The network command may also be used specify a default route (network 0.0.0.0 mask 0.0.0.0). If a route map is configured to set attributes on the advertised routes, match as-path and match community terms in the route map are ignored. A match ip-address prefix-list term is honored in this context. If the route map includes such a match term, the network is only advertised if the prefix list permits the network prefix.
Example console(config-router)#redistribute rip rd Use the rd command to configure a BGP routing session to advertise VPNIPv4 prefixes. Use the no form of this command to delete the VPN-IPv4 configuration. Syntax rd route-distinguisher no rd route-distinguisher— A 2-byte or an 8-byte value to be prepended to an IPv4 prefix to create a VPN IPv4 prefix.
Once an RD has been configured, it may not be reconfigured. Use the no form of the command to remove the RD before configuring a new RD value. This command is effective only if BGP is running on the router. Command History Introduced in version 6.3.0.1 firmware.
is configured for BGP (default metric command), the MED is set to the default metric. If both a default metric and a metric value are not configured, the prefix is advertised without an MED attribute. • match—(Optional) By default, if BGP is configured to redistribute OSPF routes, BGP only redistributes internal routes (OSPF intra-area and interarea routes). Use of the match option configures BGP to also redistribute specific types of external routes, or to disable redistribution of internal OSPF routes.
The RIP metric is a hop count. The metric for a redistributed route limits the distance the route can be redistributed in the RIP network. Since the maximum valid metric in a RIP network is 15, redistributing routes into RIP with a metric of 12 implies that the route can only be redistributed across 3 hops in the RIP network. In conformance with RFC 1475, information learned via BGP from peers within the same AS is not redistributed to OSPF.
• match—(Optional) By default, if BGP is configured to redistribute OSPF routes (redistribute ospf command), BGP only redistributes internal routes (OSPF intra-area and inter-area routes). Use of the match option configures BGP to also redistribute specific types of external or internal routes, or to disable redistribution of OSPF routes. The match option is only valid for OSPF originated routes. Successive redistribute commands are additive.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#redistribute rip route-target Use the route-target command to create a list of export, import, or both route target (RT) extended communities for the specified VRF instance. Use the no form of the command to remove the route target from a VRF instance.
Command Mode Privileged Exec mode User Guidelines Configure the route-target command once for each target extended community. Routes that are learned and carry a specific route-target extended community are imported into all VRFs configured with that particular extended community as an import route target. The configured export RT is advertised as an extended community in the MPBGP format to the eBGP peer. An RT is either: • ASN related – Composed of an autonomous system number and an arbitrary number.
Syntax set extcommunity rt value [additive] no set extcommunity rt • • value — Specifies the route target extended community value. This value can be entered in one of the following formats: – 16-bit AS number: a 32-bit value (Ex: 64496:11) – 32-bit IPv4 address: a 16-bit value (Ex: 10.1.1.1:22) – 32-bit AS number: a 32-bit value (Ex: 65537:60110) additive–Adds a route target to the existing route target list without replacing any existing route targets.
Example The following example shows how to set the extended community attribute for route target with route-maps. (R1)(Config)# ip extcommunity-list 10 permit rt 1:1 (R1)(config)# route-map SEND_OUT permit 10 (R1)(config-route-map)# match extcommunity 13 (R1)(config-route-map)# set extcommunity rt 10:10 additive (R1)(config-route-map)# exit set extcommunity soo Use the set extcommunity soo command to set BGP extended community attributes for the site of origin.
User Guidelines The site of origin (SOO) extended communities attribute is configured with the soo keyword. This attribute uniquely identifies the site from which the Provider Edge (PE) router learned the route. All routes learned from a particular site must be assigned the same SOO extended community attribute, whether a site is connected to a single PE router or multiple PE routers. Configuring this attribute prevents routing loops from occurring when a site is multi-homed.
• ipv6-prefix—An IPv6 network prefix. This argument must be in the form where the address is specified in hexadecimal using 16-bit values between 0x00 and 0xff and separated by colons. Limits the output to a specific prefix. • prefix-length—The length of the IPv6 prefix given as part of the ipv6prefix. This is required if a prefix is specified.
Status codes • s—The route is aggregated into an aggregate address configured with the summary-only option • *—Dell EMC Networking BGP never displays invalid routes; so this code is always displayed (to maintain consistency with the industry standard) • >—Indicates that BGP has selected this path as the best path to the destination • i—If the route is learned from an internal peer Network IPv6 Destination prefix Next Hop The route’s BGP next hop Metric Multi-Exit Discriminator LocPrf The local pref
Syntax show bgp ipv6 aggregate address-group Default Configuration There is no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed. Field Description Prefix/Len Destination prefix and prefix length. AS Set Indicates if an empty AS path is advertised with the aggregate address (N) or an AS SET is advertised with the set of AS numbers for the paths contributing to the aggregate (Y).
show bgp ipv6 community Use this command to display IPv6 routes that belong to the specified set of communities. This command replaces and deprecates the show ipv6 bgp community command Syntax show bgp ipv6 community communities [ exact-match ] • communities—A string of zero or more community values, which may be in either format and may contain the well-known community keywords noadvertise and no-export. The output displays routes that belong to every community specified in the command.
Status codes • s—The route is aggregated into an aggregate address configured with the summary-only option • *—Dell EMC Networking BGP never displays invalid routes; so this code is always displayed (to maintain consistency with the industry standard) • >—Indicates that BGP has selected this path as the best path to the destination • i—If the route is learned from an internal peer Network IPv6 Destination prefix Next Hop The route’s BGP next hop Metric Multi-Exit Discriminator LocPrf The local pref
• exact-match—Displays only routes that are an exact match for the set of communities in the matching community list statement. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed. Field Description BGP table version Each time phase 2 of the BGP decision process runs to select new BGP routes, this number is incremented.
Example BGP table version is 0, local router ID is 65.1.1.1 Status Codes: s suppressed, * valid, > best, i - internal Origin Codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPref Path ------------------ --------------- --------- ---------- ---------- show bgp ipv6 listen range Use the show bgp ipv6 listen range command to display information about IPv6 BGP listen ranges.
2001::20 0 ACTIVE Listen Range.................................. 2002::1/64 Inherited Template............................ template_2002 Member ASN State --------------------------------------- ----- ----------- show bgp ipv6 neighbors Use this command to display neighbors with IPv4 or IPv6 peer addresses that are enabled for the exchange of IPv6 prefixes. This command deprecates and replaces the show ipv6 bgp neighbors command.
• If the peer is configured as “autodetect”, the “Remote Address” shows detected IPv6 address or “Unresolved” in case if the peer is not detected by the autodetect feature. • “Autodetect status” is displayed only if the peer is configured as “autodetect”. The field shows one of the following statuses: • Peer is detected • Peer is not detected • Multiple peers are detected The following fields are displayed. Field Description Remote Address The neighbor’s IPv6 address.
IPv4 Unicast Support Indicates whether IPv4 unicast routes can be exchanged with this peer. Both indicates that IPv4 is active locally and the neighbor indicated support for IPv4 unicast in its OPEN message. Sent indicates that IPv4 unicast is active locally, but the neighbor did not include this AFI/SAFI pair in its OPEN message. IPv4 unicast is always enabled locally and cannot be disabled. IPv6 Unicast Support Indicates whether IPv6 unicast routes can be exchanged with this peer.
Prefix Limit The maximum number of prefixes this router is willing to accept from this neighbor. Prefix Warning Threshold Percentage of the prefix limit that causes a warning message to be logged. Warning Only on Prefix Limit Whether to shutdown a neighbor that exceeds the prefix limit. TRUE if the event is logged without shutting down the neighbor. Minimum Advertisement Interval The minimum time between UPDATE messages sent to this neighbor.
Prefixes Withdrawn A running count of the number of prefixes included in the Withdrawn Routes portion of UPDATE messages, to and from this neighbor. Prefixes Current The number of prefixes currently advertised to or received from this neighbor. For inbound prefixes, this count only includes prefixes that passed inbound policy. Prefixes Accepted The number of prefixes from this neighbor that are eligible to become active in the local RIB.
Configured Hold Time.......................... Configured Keep Alive Time.................... Negotiated Hold Time.......................... Keep Alive Time............................... MD5 Password.................................. 90 sec 30 sec 30 sec 10 sec password Last Error (Sent).............................. Last SubError.................................. Time Since Last Error.......................... Established Transitions........................ Established Time..............................
• ipv6-address [interface interface-id]—The IPv6 address of a BGP peer. If the peer address is an IPv6 link local address, the interface that defines the scope of the link local address must be given. • autodetect interface interface-id—(Optional) The routing interface on which the neighbor’s link local IPv6 address is auto detected. The interface ID must be a VLAN routing interface. Default Configuration There is no default configuration for this command.
Origin The value of the origin attribute. • i—IGP • e—EGP • ?—Incomplete Command History Introduced in version 6.2.0.1 firmware. Modified in version 6.3.0.1 firmware. Example console#show bgp ipv6 neighbors fe80::211:12ff:fe06:4 interface vl10 advertised-routes BGP table version is 10, local router ID is 0.0.0.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed. Field Description Neighbor The peer address of a neighbor. Policy A neighbor-specific BGP policy. Template If the policy is inherited from a peer template, this field lists the template name. Command History Introduced in version 6.2.0.1 firmware. Modified in version 6.3.0.
policy. The output and format as the same as for show IP bgp neighbors received-routes, except that they list IPv6 routes. Also, the command displays a list of IPv4 routes received from a specific neighbor with RFC5549. This command deprecates and replaces the show ipv6 bgp neighbors received-routes command.
Origin The value of the Origin attribute as received from the peer. Command History Introduced in version 6.2.0.1 firmware. Modified in version 6.3.0.1 firmware. Example console#show bgp ipv6 neighbors 1010:10::103 routes Local router ID is 0.0.0.
Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes. User Guidelines The following fields are displayed. Field Description Delta T How long since the decision process was run. hours:minutes:seconds if the elapsed time is less than 24 hours. Otherwise, days:hours. Phase The phase of the decision process that was run. Upd Grp Outbound update group ID. Only applies when phase 3 is run.
Modified in version 6.3.0.1 firmware.
Traps Whether BGP traps are enabled. Maximum Paths The maximum number of next hops in an external BGP route. Maximum Paths iBGP The maximum number of next hops in an internal BGP route. Default Keep Alive Time The configured keepalive time used by all peers that have not been configured with a peer-specific keepalive time. Default Hold Time The configured hold time used by all peers that have not been configured with a peer-specific hold time.
MsgSent The number of BGP messages sent to this neighbor State The adjacency state. One of IDLE, CONNECT, ACTIVE, OPEN SENT, OPEN CNFRM, EST Up/Down Time How long the adjacency has been in the ESTABLISHED state, or, if the adjacency is down, how long it has been down. In days:hours:minutes:seconds Pfx Rcvd The number of IPv6 prefixes received from the neighbor Command History Introduced in version 6.2.0.1 firmware. Modified in version 6.3.0.1 firmware.
show bgp ipv6 update-group Use this command to report the status of IPv6 outbound groups and their members. Output and format are the same as for show ip bgp update-group. This command deprecates and replaces the show ipv6 bgp update-group command. Syntax show bgp ipv6 update-group [ group-index | ipv4-address | ipv6-address [ interface interface-id ] | autodetect interface interface-id ] • group-index—If specified, this option restricts the output to a single update group.
Fields Description Version The update version. Delta T The amount of time elapsed since the update send process executed. hours::minutes::seconds. Duration How long the update send process took, in milliseconds UPD Built The number of UPDATE messages built. UPD Sent The number of UPDATE messages successfully transmitted to group members. Normally a copy of each UPDATE message built is sent to each group member. Paths Sent The number of paths advertised.
Update Version The number of times phase 3 of the BGP decision process has run for this group to determine which routes should be advertised to the group. Number of UPDATEs Sent The number of UPDATE messages that have been sent to this group. Incremented once for each UPDATE regardless of the number of group members. Time Since Last UPDATE Time since an UPDATE message was last sent to the group. If no UPDATE has been sent to the group, the status is “Never.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If a route reflector client is configured with an outbound route map, the output warns that set statements in the route map are ignored when reflecting routes to this client. The following information is displayed. Field Description Cluster ID The cluster ID used by this router.
Clients: Non-client Internal Peers: show ip bgp To view routes in the BGP routing table, use the show ip bgp command. The output lists both the best and non-best paths to each destination.
Field Description BGP table version Each time phase 2 of the BGP decision process runs to select new BGP routes, this number is incremented.
show ip bgp aggregate-address Use the show ip bgp aggregate-address command to list the aggregate addresses that have been configured and indicates whether each is currently active. Syntax show ip bgp [vrf vrf-name] aggregate-address • vrf vrf-name — Displays the aggregate address information associated with the named VRF. Default Configuration By default, information about the global VRF is shown. Command Mode Privileged Exec mode, Global Configuration mode, and all sub-modes.
Example console#show ip bgp aggregate-address Prefix/Len ------------------1.2.3.0/24 10.10.10.0/24 AS Set -----N N Summary Only -----------N N Active -----N N show ip bgp community The show ip bgp community displays route information for the communities listed in the specified community. Syntax show ip bgp [vrf vrf-name] community communities [exact-match] • vrf vrf-name—Displays the aggregate address information associated with the named VRF.
Example console#show ip bgp community BGP table version is 0, local router ID is 65.1.1.1 Status Codes: s suppressed, * valid, > best, i - internal Origin Codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPref Path Origin ------------------ --------------- ---------- ---------- ------------- --- show ip bgp community-list The show ip bgp community-list command lists the routes that are allowed by the specified community list.
Example console(config)#show ip bgp community-list test BGP table version is 0, local router ID is 65.1.1.1 Status Codes: s suppressed, * valid, > best, i - internal Origin Codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPref Path Origin ------------------ --------------- ---------- --------- ------------- ------ show ip bgp extcommunity-list Use the show ip bgp extcommunity-list command to display all the permit and deny attributes of the given extended community list.
RT The route target extended community attribute. deny Denies access for a matching condition. Command History Introduced in version 6.3.0.1 firmware. Example console#show ip bgp extcommunity-list 1 Standard extended community-list list1 permit RT:1:100 RT:2:100 deny RT:6:600 permit RT:5:200 permit SOO:9:900 show ip bgp listen range Use the show ip bgp listen range command to display information about IPv4 BGP listen ranges.
Example console(config-router)#show ip bgp listen range Listen Range .................................. 10.27.0.0/16 Inherited Template ............................ template_10_27 Member ASN State ---------------- ----- ----------10.27.8.189 65001 OPENCONFIRM 10.27.128.235 0 ACTIVE Listen Range .................................. 15.15.0.0/24 Inherited Template ............................
User Guidelines Since IPv4 prefixes can only be exchanged over IPv4 peering, the neighboraddress parameter must be an IPv4 peer address. This option limits the output to show a single neighbor. If no neighbor address is specified, the command shows all neighbors enabled for IPv4 prefix exchange. If the vrf-name argument is specified, information pertaining to that VRF is displayed. The following fields are displayed.
Local Interface Address The IPv4 address used as the source IP address in packets sent to this neighbor. Configured Hold Time The time, in seconds, that this router proposes to this neighbor as the hold time Configured Keep Alive Time The configured KEEPALIVE interval for this neighbor. Negotiated Hold Time The minimum configured hold time and the hold time in the OPEN message received from this neighbor.
Time Elapsed Since Last Update How long since an UPDATE message has been received from this neighbor.
Path attribute length error A received path attribute has a length value that exceeds the remaining length of the path attributes field. Invalid ORIGIN code A received UPDATE message included an invalid ORIGIN code. Unexpected first ASN in AS path The AS Path attribute from an external peer did not include the peer’s AS number as the first AS. Invalid AS path segment type The AS Path includes a segment with an invalid segment type. Invalid BGP NEXT HOP The BGP NEXT HOP is not a valid unicast address.
Connection Retry Interval ..................... Neighbor Capabilities ......................... Next Hop Self ................................. IPv4 Unicast Support .......................... IPv6 Unicast Support .......................... Template Name ................................. Update Source ................................. Configured Hold Time .......................... Configured Keep Alive Time .................... Prefix Limit .................................. Prefix Warning Threshold .......
Neighbor Capabilities ......................... Next Hop Self ................................. Update Source.................................. Local Interface Address ....................... Configured Hold Time .......................... Configured Keep Alive Time..................... Negotiated Hold Time .......................... Keep Alive Time ............................... Prefix Limit................................... Prefix Warning Threshold....................... Warning Only On Prefix Limit....
Established Time .............................. secs 0 days 00 hrs 00 mins 10 show ip bgp neighbors advertised-routes The show ip bgp neighbors advertised-routes command displays the list of routes advertised to a specific neighbor. These are the routes in the adjacent RIB out for the neighbor’s outbound update group Syntax show ip bgp [vrf vrf-name] neighbors ip-address advertised-routes • ip-address—The IPv4 address of a neighbor.
Status codes p—The route has been updated in Adj-RIB-Out since the last UPDATE message was sent. Transmission of an UPDATE message is pending. Network Destination prefix Next Hop The BGP NEXT HOP as advertised to the peer. Local Pref The local preference. Local preference is never advertised to external peers. Metric The value of the Multi Exit Discriminator, if the MED is advertised to the peer. Path The AS path.
Syntax show ip bgp [vrf vrf-name]neighbors ip-address {receivedroutes|routes|rejected-routes} • vrf vrf-name — Displays the aggregate address information associated with the named VRF. • ip-address—The IPv4 address of a BGP neighbor. • Received-routes—Display the routes received by a particular neighbor prior to filtering. • Routes—Display both the received and advertised routes. • Rejected-routes—Display the routes rejected from the specified neighbor.
Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console #show ip bgp neighbors 172.20.101.100 received-routes local router ID is 20.1.1.1 Origin codes: i - IGP, e - EGP, ? - incomplete Network 172.20.1.0/24 20.1.1.0/24 Next Hop 172.20.101.1 172.20.101.1 Metric 10 Local Pref Path 100 20 10 100 20 Origin i ? console#show ip bgp neighbors 10.10.10.3 routes Local router ID is 0.0.0.
Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes User Guidelines If the vrf-name argument is specified, information pertaining to that VRF is displayed. The following fields are displayed. Fields Description Neighbor The peer address of a neighbor. Policy A neighbor-specific BGP policy. Template If the policy is inherited from a peer template, this field lists the template name. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.
show ip bgp route-reflection This command displays all global configuration related to IPv4 route reflection, including the cluster ID and whether client-to-client route reflection is enabled, and lists all the neighbors that are configured as route reflector clients. Syntax show ip bgp [vrf vrf-name] route-reflection • vrf vrf-name — Displays the aggregate address information associated with the named VRF. Default Configuration By default, information about the global VRF is shown.
Clients A list of this router’s internal peers which have been configured as route reflector clients. Non-client Internal Peers A list of this router’s internal peers that are not configured as route reflector clients. Routes from nonclient peers are reflected to clients and vice-versa. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console # show ip bgp route-reflection Cluster ID........................ 1.1.1.
Default Configuration By default, information about the global VRF is shown. Command Mode User Exec mode, Privileged Exec mode, Global Config mode and all submodes. User Guidelines If the vrf-name argument is specified, information pertaining to that VRF is displayed. The following information is displayed. Fields Description Delta T How long since the decision process was run. hours:minutes:seconds if the elapsed time is less than 24 hours. Otherwise, days:hours.
Mods The number of routes modified. Always 0 for phase 1. Dels The number of routes deleted. Always 0 for phase 1. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware.
The following information is displayed. Fields Description Admin Mode Whether BGP is globally enabled. BGP Router ID The configured router ID Local AS Number The router’s AS number Traps Whether BGP traps are enabled. Maximum Paths The maximum number of next hops in an external BGP route. Maximum Paths iBGP The maximum number of next hops in an internal BGP route.
Route Map The name of the route map used to filter redistributed routes. Neighbor The IP address of a neighbor. ASN The neighbor’s ASN. MsgRcvd The number of BGP messages received from this neighbor. MsgSent The number of BGP messages sent to this neighbor. State The adjacency state. One of IDLE, CONNECT, ACTIVE, OPEN SENT, OPEN CNFRM, EST. Up/Down Time How long the adjacency has been in the ESTABLISHED state, or, if the adjacency is down, how long it has been down.
ospf match: int Neighbor ASN MsgRcvd MsgSent State Up/Down Time Pfx Rcvd ---------------- ----- -------- -------- ------------- -------------- -----10.10.10.10 65000 2269 4666 ESTABLISHED 0:00:17:15 0 show ip bgp template The show ip bgp template command lists the routes that are allowed by the specified community list. Syntax show ip bgp template [ template-name ] • template-name—(Optional) Limits the output to a single template Default Configuration There is no default configuration for this command.
Example console#show ip bgp template Template Name ------------peer-grp1 AF ---- IPv4 Configuration ----------------------------timers 5 15 password rivendell advertisement-interval 15 peer-grp2 IPv4 IPv4 IPv6 IPv6 prefix-list strider in maximum-prefix 100 prefix-list gandolf in maximum-prefix 200 peer-grp3 IPv6 send-community IPv4 update-source loopback 0 next-hop-self peer-grp4 show ip bgp traffic The show ip bgp traffic command list the routes that are allowed by the specified community list
The output shows when BGP counters were last cleared (using clear ip bgp counters). Clearing counters resets all values in this output to 0 except for the high water mark for the work queues. The first table lists the number of BGP messages of each type that this router has sent and received. Following the table is a maximum send and receive UPDATE message rate. These rates report the busiest one-second interval. The queue statistics table reports information for BGP work queues.
MIB Queries 0 0 0 5 show ip bgp update-group This command reports the status of IPv4 outbound update groups and their members. Syntax show ip bgp [vrf vrf-name] update-group [group-index | peer-address ] • vrf vrf-name — Displays the aggregate address information associated with the named VRF. • group-index—(Optional) If specified, this option restricts the output to a single update group.
UPD Built The number of UPDATE messages built. UPD Sent The number of UPDATE messages successfully transmitted to group members. Normally a copy of each UPDATE message built is sent to each group member. Paths Sent The number of paths advertised. Pfxs Adv The number of prefixes advertised. Pfxs Wd The number of prefixes withdrawn. The following information is displayed. Fields Description Update Group ID Unique identifier for outbound update group.
Time Since Last UPDATE Time since an UPDATE message was last sent to the group. If no UPDATE has been sent to the group, the status is “Never.” Current Prefixes The number of prefixes currently advertised to the group. Current Paths The number of paths currently advertised to the group. Prefixes Advertised The total number of prefixes advertised to the group since the group was formed.
Version 10 11 12 13 14 15 16 17 18 19 Delta T Duration UPD Built UPD Sent Paths Sent Pfxs Adv 00:33:49 100 6 288 5 1250 00:33:49 0 4 192 3 750 00:33:49 0 2 96 1 250 00:33:49 0 2 96 1 250 00:33:49 0 1 48 0 0 00:33:49 100 8 384 7 1750 00:33:49 0 3 144 2 500 00:31:49 0 4 192 3 750 00:23:49 100 4 192 3 750 00:03:49 100 6 288 5 1250 Update Group ID............................ Peer Type.................................. Minimum Advertisement Interval............. Send Community.............................
• rd route-distinguisher—Displays the NLRI prefixes that match the named route distinguisher. • vrf vrf-name—Displays the NLRI prefixes associated with the named VRF instance. • ip-prefix/length — IP address of a network in the routing table and the length of the mask (0 to 32). The slash mark must be included. • statistics — Displays BGP VPNv4 statistics Default Configuration There is no default configuration.
The command output provides the following information. Term Description BGP table version Each time phase 2 of the BGP decision process runs to select new BGP routes, this number is incremented Status codes One of the following: • s: The route is aggregated into an aggregate address configured with the summary-only option. • *: BGP never displays invalid routes; so this code is always displayed (to maintain consistency with the industry standard).
Term Description Type Whether the path is received from an internal or external peer. IGP Cost The interior gateway cost (e.g., OSPF cost) to the BGP NEXT HOP. Peer (Peer ID) The IP address of the peer that sent this route, and its router ID. BGP Next Hop The BGP NEXT HOP attribute. Atomic Aggregate If the ATOMIC AGGEGATE attribute is attached to the path. Aggregator The AS number and router ID of the speaker that aggregated the route. Communities The BGP communities attached to the path.
*> 25.95.16.0/24 *> 25.14.8.0/24 120.10.1.1 120.10.1.1 10 10 Route Distinguisher *> 174.20.1.0/24 *> 26.95.16.0/24 *> 26.14.8.0/24 : 3:30 (for VRF yellow) 130.10.1.1 10 130.10.1.1 10 130.10.1.1 10 100 100 20 10 i 20 10 i 100 100 100 20 10 i 20 10 i 20 10 i The following example shows VPNv4 routing entries for VRF named red: (R1) # show ip bgp vpnv4 vrf red BGP table version is 5, local router ID is 20.1.1.
AS Path.................................... Origin..................................... Type....................................... IGP Cost................................... Peer (Peer ID)............................. BGP Next Hop............................... Extended Community......................... 18 50 27 Incomplete External 10 200.1.1.1 (18.24.1.3) 200.1.1.
• address-family • allowas-in • connect-retry-interval • description • ebgp-multihop • fall-over • local-as • password • remote-as • rfc5549-support • shutdown • timers • update-source See the associated neighbor commands for a description of parameters and keywords. Note that Dell EMC Networking does not support a remote-as asnumber command in this mode. The neighbor’s AS number must be specified when the neighbor is created. Command History Introduced in version 6.2.0.
console(config-rtr-tmplt)# exit console(config-router)# neighbor 172.20.1.2 console(config-router)# neighbor 172.20.2.2 console(config-router)# address-family ipv6 console(config-router)# neighbor 172.20.1.2 console(config-router)# neighbor 172.20.2.2 inherit peer AGGR inherit peer AGGR activate activate timers bgp The timers bgp command configures the default keepalive and hold timers that BGP uses for all neighbors unless specifically overridden by the neighbor timers command.
The new values are not applied to adjacencies already in the ESTABLISHED state. A new keepalive or hold time is applied the next time an adjacency is formed. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#timers bgp 1000 500 timers policy-apply delay This command configures the delay after which any change to the global or per BGP neighbor inbound/outbound policies are applied.
For any change in the outbound policies applicable to a neighbor, the WITHDRAW packets are sent followed by the UPDATE packets when they are applied after the delay timeout. In case of changes to other neighbor attributes like send-community, remove-private-asn, etc. the WITHDRAW packets are not sent instead, the new UPDATEs are sent after the delay timeout. Command History Command introduced in version 6.6 firmware.
Command History Command introduced in version 6.6 firmware. graceful-restart-helper This command enables the graceful restart helper capability. Syntax graceful-restart-helper no graceful-restart-helper Default Configuration Graceful restart capability is disabled by default. Graceful restart helper capability is enabled by default.
BGP Routing Policy Dell EMC Networking N3000E-ON/N3100-ON Series Switches Exterior routing protocols like BGP use industry-standard routing policy to filter and modify routing information exchanged with peers.
show ip community-list – ip as-path access-list To create an AS path access list, use the ip as-path access-list. An AS path access list filters BGP routes on the AS path attribute of a BGP route. To delete an AS path access list, use the no form of this command Syntax ip as-path access-list as-path-list-number { permit | deny } regexp no ip as-path access-list as-path-list-number • as-path-list-number—A number from 1 to 500 uniquely identifying the list.
statement’s action is taken. An AS path list has an implicit deny statement at the end. If a path does not match any of the statements in an AS path list, the action is considered to be deny. Once you have created an AS path list, you cannot delete an individual statement. If you want to remove an individual statement, you must delete the AS path list and recreate it without the statement to be deleted. Statements are applied in the order in which they are created.
Example In the following example, the router is configured to reject routes received from neighbor 172.20.1.1 with an AS path that indicates the route originates in or passes through AS 100. console(config)# ip as-path access-list 1 deny _100_ console(config)# ip as-path access-list 1 deny ^100$ console(config)# router bgp 1 console(config-router)# neighbor 172.20.1.1 remote-as 200 console(config-router)# neighbor 172.20.1.
ip community-list To create or configure a BGP community list, use the ip community-list command in global configuration mode. To delete a community list, use the no form of this command. Syntax ip community-list standard list-name {permit | deny} [community-number] [no-advertise] [no-export] [no-export-subconfed] [no-peer] no ip community-list standard list-name • standard list-name—Identifies a named standard community list. The name may contain up to 32 characters.
User Guidelines A community list statement with no community values is considered a match for all routes, regardless of their community membership. So the statement ip community-list bullseye permit is a permit all statement. A community number may be entered in either format, as a 32-bit integer or a pair of 16-bit integers separated by a colon, regardless of whether the ip bgpcommunity new-format command is active.
• network mask—Specifies the match criteria for routes being compared to the prefix list statement. The network can be any valid IP prefix. The mask is any IPv4 prefix in dotted-quad notation. • ge length—(Optional) If this option is configured, a prefix is only considered a match if its network mask length is greater than or equal to this value. This value must be longer than the network length and less than or equal to 32.
The command no ip prefix-list list-name deletes the entire prefix list. To remove an individual statement from a prefix list, you must specify the statement exactly, with all its options. Up to 128 prefix lists may be configured. The maximum number of statements allowed in prefix list is 64. Command History Introduced in version 6.2.0.1 firmware. Example The following example configures a prefix list that allows routes with one of two specific destination prefixes, 172.20.0.0 /16 and 192.168.1.
Command Mode Global Configuration User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.2.0.1 firmware. Example console(config)#ip prefix-list test description test prefix lists ipv6 prefix-list To create an IPv6 prefix list or add an IPv6 prefix list entry, use the ipv6 prefix-list command in global configuration mode. To delete a prefix list or a statement in a prefix list, use the no form of this command.
• ipv6-prefix—The IPv6 network assigned to the specified prefix list. This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons. • prefix-length—The length of the IPv6 prefix given as part of the ipv6prefix. Required if a prefix is specified. A decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address) in /length format.
User Guidelines The ipv6 prefix-list command is used to create IPv6 prefix lists. These are similar to ip prefix lists except that the lists are IPv6 specific. An IPv6 prefix list can contain only IPv6 addresses. Prefix lists allow matching of route prefixes against those specified in the prefix list. Each prefix list includes of a sequence of prefix list entries ordered by sequence numbers.
Example The following example configures a prefix list that allows routes with one of two specific destination prefixes, 2001::/64 and 5F00::/48: console(config)# ipv6 prefix-list apple seq 10 permit 2001:: /64 console(config)# ipv6 prefix-list apple seq 20 permit 5F00:: FFFF:FFFF:FFFF:: The following example renumbers the apple prefix list beginning at sequence number 10.
Command History Introduced in version 6.2.0.1 firmware. Example console(route-map)#match as-path 250 match community To configure a route map to match based on a BGP community list, use the match community command. To delete a match term from a route map, use the no form of this command. Syntax match community community-list [ community-list...] [exact-match] no match community [ community-list [ community-list...] [exact-match] ] • community-list—The name of a standard community list.
The command no match community removes the match term and all its community lists. Command History Introduced in version 6.2.0.1 firmware. Example console(route-map)#match community test match ip address prefix-list Use this command to configure a route map to match based on a destination prefix. To delete a match statement from a route map, use the no form of this command. Syntax match ip address prefix-list prefix-list-name [prefix-list-name...
Command History Introduced in version 6.2.0.1 firmware. Example console(route-map)#match ip address prefix-list test match ipv6 address prefix-list Use this command to configure a route map to match based on an IPv6 destination prefix. To delete a match statement from a route map, use the no form of this command. Syntax match ip address prefix-list prefix-list-name [prefix-list-name...] no match ip address prefix-list [ prefix-list-name [prefix-list-name...
Command History Introduced in version 6.2.0.1 firmware. Example In the example below, IPv6 addresses specified by the prefix list apple are matched through the route map abc. Router(config)# route-map abc Router(config-route-map)# match ipv6 address prefix-list apple show ip as-path-access-list This command displays the contents of AS path access lists.
AS path access list 2 deny _200_ deny ^200$ show ip community-list This command displays the contents of AS path access lists. Syntax show ip community-list [community-list-name | detail [community-listname]] • community-list-name—(Optional) A standard community list name. This option limits the output to a single community. • detail—Display detailed community list information Default Configuration No match criteria are configured by default.
show ip prefix-list This command displays the contents of IPv4 prefix lists. Syntax show ip prefix-list [detail [prefix-list-name] | summary [prefix-list-name] | prefix-list-name [network mask [longer] [first-match] | seq sequencenumber ]] [detail | summary] prefix-list-name [network network-mask ] [seq sequence-number] [longer] [first-match] • detail | summary—(Optional) Displays detailed or summarized information about all prefix lists. • prefix-list-name—(Optional) The name of a specific prefix list.
show ip prefix-list prefix-list-name seq sequence-number show ip prefix-list prefix-list-name show ip prefix-list summary show ip prefix-list summary prefix-list-name show ip prefix-list detail show ip prefix-list detail prefix-list-name show ip prefix-list The following information is displayed. Fields Description count Number of entries in the prefix list. range entries Number of entries that match the input range. ref count Number of entries referencing the given prefix list.
ip prefix-list fred: count: 3, range entries: 3, sequences: 5 - 15, refcount: 0 seq 5 permit 10.10.1.1/20 ge 22 (hitcount: 0) seq 10 permit 10.10.1.2/20 le 30 (hitcount: 0) seq 15 permit 10.10.1.2/20 ge 29 le 30 (hitcount: 0) show ipv6 prefix-list This command displays the contents of IPv6 prefix lists.
Default Configuration No prefix lists are configured by default. Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes. User Guidelines The following information is displayed. Fields Description count Number of entries in the prefix list. range entries Number of entries that match the input range. ref count Number of entries referencing the given prefix list. seq Sequence number of the entry in the list. permit/deny Actions.
ipv6 prefix-list apple: count: 6, range entries: 3, sequences: 5 - 30, refcount: 31 seq 5 deny 5F00::/8 le 128 (hit count: 0, refcount: 1) seq 10 deny ::/0 (hit count: 0, refcount: 1) seq 15 deny ::/1 (hit count: 0, refcount: 1) seq 20 deny ::/2 (hit count: 0, refcount: 1) seq 25 deny ::/3 ge 4 (hit count: 0, refcount: 1) seq 30 permit ::/0 le 128 (hit count: 240664, refcount: 0) clear ip prefix-list To reset the IPv4 prefix-list counters, use the clear ip prefix-list command.
Example console# clear ip prefix-list orange 20.0.0.0 /8 clear ipv6 prefix-list To reset the IPv6 prefix-list counters, use the clear ipv6 prefix-list command. Syntax clear ipv6 prefix-list [list-name | list-name ipv6-prefix/prefix-length] • list-name – (Optional) Name of the IPv6 prefix list from which the hit count is to be cleared. • ipv6-prefix - An IPv6 network assigned to the specified prefix list.
Example The command below clears the counters only for the matching statement in the IPv6 prefix list apple. Router# clear ipv6 prefix-list apple FF05::/35 clear ip community-list To reset the IPv6 prefix-list counters, use the clear ipv6 prefix-list command. Syntax clear ip community-list [list-name] • list-name—(Optional) Name of the community list for which the hit count is to be cleared. Default Configuration No community lists are configured by default.
set as-path To prepend one or more AS numbers to the AS path in a BGP route, use the set as-path command. To remove a set command from a route map, use the no form of this command. Syntax set as-path prepend as-path-string no set as-path prepend as-path-string • prepend as-path-string—A list of AS path numbers to insert at the beginning of the AS_PATH attribute of matching BGP routes. To prepend more than one AS number, separate the ASNs with a space and enclose the string in quotes.
Example console# config console(config)#route-map ppAsPath console(route-map)#set as-path prepend “2 2 2” console(route-map)#exit console(config)#router bgp 1 console(config-rtr)#neighbor 172.20.1.2 remote-as 2 console(config-rtr)#neighbor 172.20.1.2 route-map ppAsPath in set comm-list delete To remove BGP communities from an inbound or outbound UPDATE message, use the set comm-list delete command. To delete the set command from a route map, use the no form of this command.
When a route map statement includes both set community and set commlist delete terms, the set comm-list delete term is processed first, and then the set community term (that is, communities are first removed, and then communities are added). Command History Introduced in version 6.2.0.1 firmware. Example console(route-map)#set comm-list test delete set community To modify the communities attribute of matching routes, use the set community command in route-map configuration mode.
Command Mode Route Map Configuration User Guidelines The set community command can be used to assign communities to routes originated through BGP’s network and redistribute commands and to set communities on routes received from a specific neighbor or advertised to a specific neighbor. It can also be used to remove all communities from a route. To remove a subset of the communities on a route, use the set comm-list delete command. Command History Introduced in version 6.2.0.1 firmware.
User Guidelines When used in a route map applied to UPDATE messages received from a neighbor, the command sets the next hop address for matching IPv6 routes received from the neighbor. When used in a route map applied to UPDATE messages sent to a neighbor, the command sets the next hop address for matching IPv6 routes sent to the neighbor. If the address is a link local address, the address is assumed to be on the interface where the UPDATE is sent or received.
User Guidelines The local preference is the first attribute used to compare BGP routes. Setting the local preference can influence which route BGP selects as the best route. When used in conjunction with a match as-path or match ip-address command, this command can be used to prefer routes that transit certain ASs or to make the local router a more preferred exit point to certain destinations. Command History Introduced in version 6.2.0.1 firmware.
Command History Introduced in version 6.2.0.1 firmware.
DVMRP Commands Dell EMC Networking N3000E-ON/N3100-ON Series Switches Distance Vector Multicast Routing Protocol (DVMRP) is a dense mode multicast protocol and is most appropriate for use in networks where bandwidth is relatively plentiful and there is at least one multicast group member in each subnet. DVMRP assumes that all hosts are part of a multicast group until it is informed of multicast group changes.
Default Configuration Disabled is the default configuration. Command Mode Global Configuration Interface Configuration (VLAN) mode User Guidelines PIM must be disabled before DVMRP can be enabled. This command enables IGMP/MLD. Disabling IGMP/MLD may operationally disable multicast routing. Dell EMC Networking switches support IP/IPv6 unnumbered interfaces. DVMRP is capable of operating over unnumbered interfaces. Example The following example sets VLAN 15’s administrative mode of DVMRP to active.
Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example configures a metric of 5 for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip dvmrp metric 5 show ip dvmrp Use the show ip dvmrp command to display the system-wide information for DVMRP. Syntax show ip dvmrp Default Configuration This command has no default condition.
Interface --------- Interface Mode -------------- Operational-Status ------------------ show ip dvmrp interface Use the show ip dvmrp interface command to display the interface information for DVMRP on the specified interface. Syntax show ip dvmrp interface vlan vlan-id • vlan-id — Valid VLAN ID. Default Configuration This command has no default condition. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Syntax show ip dvmrp neighbor Default Configuration This command has no default condition. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the neighbor information for DVMRP. console(config)#show ip dvmrp neighbor No neighbors available.
Example The following example displays the next hop information on outgoing interfaces for routing multicast datagrams. console(config)#show ip dvmrp nexthop Next Hop Source IP Source Mask Interface -------------- -------------- --------- Type ------ show ip dvmrp prune Use the show ip dvmrp prune command to display the table that lists the router’s upstream prune information. Syntax show ip dvmrp prune Default Configuration This command has no default condition.
show ip dvmrp route Use the show ip dvmrp route command to display the multicast routing information for DVMRP. Syntax show ip dvmrp route Default Configuration This command has no default. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the multicast routing information for DVMRP.
IGMP Commands Dell EMC Networking N3000E-ON/N3100-ON Series Switches The Dell Network N1500/N2000/N2100-ON/N2200-ON Series switches support limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. Internet Group Management Protocol (IGMP) is the multicast group membership discovery protocol used for IPv4 multicast groups. Three versions of IGMP exist. Versions one and two are widely deployed.
IGMPv2 introduced a Leave Group message, which is sent by a host when it leaves a multicast group for which it was the last host to send an IGMP Report message. Receipt of this message causes the Querier possibly to reduce the remaining lifetime of its state for the group, and to send a groupspecific IGMP Query message to the multicast group.The Leave Group message is not used with IGMPv3, since the source address filtering mechanism provides the same functionality.
Syntax ip igmp last-member-query-count Imqc no ip igmp last-member-query-count • Imqc — Query count. (Range: 1-20) Default Configuration The default last member query count is 2. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets 10 as the number of VLAN 2 Group-Specific Queries.
Default Configuration The default Maximum Response Time value is ten (in tenths of a second). Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example configures 2 seconds as the Maximum Response Time inserted in VLAN 15’s Group-Specific Queries.
Default Configuration Disabled is the default state. Command Mode Interface VLAN Configuration mode User Guidelines IGMP is enabled when ip pim sparse-mode, ip pim dense-mode, ip dvmrp, or ip igmp-proxy are enabled. A multicast routing protocol (e.g. PIM) should be enabled whenever IGMP is enabled. L3 IP multicast must be enabled for IGMP to operate. Example The following example globally enables IGMP the IGMP proxy service on VLAN 1.
Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example configures a 10-second query interval for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp query-interval 10 ip igmp query-max-response-time Use the ip igmp query-max-response-time command in Internet Configuration mode to configure the maximum response time interval for the specified interface.
console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp query-max-response-time 10 ip igmp robustness Use the ip igmp robustness command in Interface VLAN Configuration mode to configure the robustness that allows tuning of the interface, that is, tuning for the expected packet loss on a subnet. If a subnet is expected to have significant loss, the robustness variable may be increased for the interface.
Syntax ip igmp startup-query-count count no ip igmp startup-query-count • count — The number of startup queries. (Range: 1-20) Default Configuration The default count value is 2. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets for VLAN 15 the number of queries sent out on startup at 10.
Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets at 10 seconds the interval between general queries sent at startup for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp startup-query-interval 10 ip igmp version Use the ip igmp version command in Interface Configuration mode to configure the version of IGMP for an interface. Syntax ip igmp version version • version — IGMP version.
show ip igmp Use the show ip igmp command to display system-wide IGMP information. Syntax show ip igmp Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays system-wide IGMP information. console#show ip igmp IGMP Admin Mode............................. Enabled IGMP Router-Alert check.....................
• interface-type interface-number—Interface type of VLAN and a valid VLAN ID Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the registered multicast groups for VLAN 3. console#show ip igmp groups vlan 3 detail Multicast IP Address --------------225.0.0.
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays IGMP information for VLAN 11. console#show ip igmp interface vlan 11 Interface..................................... 11 IGMP Admin Mode............................... Enable Interface Mode................................ Enable IGMP Version.................................. 3 Query Interval (secs)..................
User Guidelines This command has no user guidelines. Examples The following examples display the list of interfaces that have registered in the multicast group at IP address 224.5.5.5, the latter in detail mode. console#show ip igmp interface membership 224.5.5.5 console(config)#show ip igmp membership 224.5.5.5 detail show ip igmp interface stats Use the show ip igmp interface stats command in User Exec mode to display the IGMP statistical information for the interface.
Number of Joins.............................. 7 Number of Groups.............................
IGMP Proxy Commands Dell EMC Networking N3000E-ON/N3100-ON Series Switches IGMP Proxy is used by the router on IPv4 systems to enable the system to issue IGMP host messages on behalf of hosts that the system discovered through standard IGMP router interfaces, thus acting as proxy to all its hosts residing on its router interfaces. Dell EMC Networking supports IGMP Version 3, Version 2 and Version 1. Version 3 adds support for source filtering [SSM] is interoperable with Versions 1 and 2.
no ip igmp proxy-service Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines This command enables IGMP proxy on the VLAN interface. Use this command to enable sending of IGMP messages received on interfaces configured with the ip igmp mroute-proxy command to an attached multicast router. PIM and DVMRP are not compatible with IGMP proxy. Disable PIM/DVMRP before enabling IGMP proxy.
Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example resets the host interface status parameters of the IGMP Proxy router. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp proxy-service reset-status ip igmp proxy-service unsolicit-rprt-interval Use the ip igmp proxy-service unsolicit-rprt-interval command in Interface Configuration mode to set the unsolicited report interval for the IGMP Proxy router.
console(config-if-vlan15)#ip igmp proxy-service unsolicit-rpt-interval 10 show ip igmp proxy-service Use the show ip igmp proxy-service command to display a summary of the host interface status parameters. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp proxy-service Default Configuration This command has no default configuration.
show ip igmp proxy-service interface Use the show ip igmp proxy-service interface command to display a detailed list of the host interface status parameters. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp proxy-service interface Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example attempts to display a table of information about multicast groups that IGMP Proxy reported. console#show ip igmp proxy-service groups Interface Index................................
User Guidelines This command has no user guidelines. Example The following example displays complete information about multicast groups that IGMP Proxy has reported. console#show ip igmp proxy-service groups detail Interface Index................................ vlan13 Group Address Last Reporter Up Time Member State ------------- --------------- -----------------225.0.1.1 13.13.13.1 26 DELAY-MEMBER 225.0.1.2 13.13.13.
IP Helper/DHCP Relay Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000EON/N3100-ON Series Switches The IP Helper feature provides the ability for a router to forward configured UDP broadcast packets to a particular IP address over a routed interface. This allows applications to reach servers on non-local subnets.
Table 6-1. UDP Destination Ports Protocol UDP Port Number IEN-116 Name Service 42 DNS 53 NetBIOS Name Server 137 NetBIOS Datagram Server 138 TACACS Server 49 Time Service 37 DHCP 67 Trivial File Transfer Protocol 69 ISAKAMP 500 Mobile IP 434 NTP 123 PIM Auto RP 496 RIP 520 Certain pre-existing DHCP relay options do not apply to relay of other protocols. The administrator may optionally set a DHCP maximum hop count or minimum wait time.
configuration for the destination UDP port. If so, the relay agent unicasts the packet to the configured server IP addresses. Otherwise the packet is not relayed. The relay agent only relays packets that meet the following conditions: • The destination MAC address must be the all-ones broadcast address (FF:FF:FF:FF:FF:FF). • The destination IP address must be the IPv4 broadcast address (255.255.255.255) or a directed broadcast address for the receiving interface.
ip dhcp relay maxhopcount Use the ip dhcp relay maxhopcount command in Global Configuration mode to configure the maximum allowable relay agent hops for BootP/DHCP Relay on the system. Use the no form of the command to set the maximum hop count to the default value. Syntax ip dhcp relay maxhopcount integer no ip dhcp relay maxhopcount • integer — Maximum allowable relay agent hops for BootP/DHCP Relay on the system. (Range: 1-16) Default Configuration The default integer configuration is 4.
ip dhcp relay minwaittime Use the ip dhcp relay minwaittime command in Global Configuration mode to configure the minimum wait time in seconds for BootP/DHCP Relay on the system. Use the no form of the command to set the minimum wait time to the default value. Syntax ip dhcp relay minwaittime integer no ip dhcp relay minwaittime • integer — Minimum wait time for BootP/DHCP Relay on the system. (Range: 0-100 seconds) Default Configuration 0 is the default integer configuration.
clear ip helper statistics Use the clear ip helper statistics command to reset to 0 the statistics displayed in show ip helper statistics. Syntax clear ip helper statistics [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, counters for the default (global) router instance is cleared. Default Configuration There is no default configuration for this command.
Default Configuration This is enabled by default for a DHCP relay agent. Command Mode Global Configuration mode, Virtual Router Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. Interface configuration takes precedence over global configuration. However if there is no interface configuration then global configuration is followed. This check is enabled by default.
Default Configuration This check is enabled by default. Command Mode Interface Configuration (VLAN) mode User Guidelines Enable DHCP Relay using the ip helper enable command. Use the global configuration command ip dhcp relay information option command to enable processing of DHCP circuit ID and remote agent ID options. DHCP replies are checked by default. The network administrator should ensure that only one switch in the path between the DHCP client and server processes DHCP information options.
User Guidelines This command globally enables inclusion of DHCP option 82 in DHCP requests forwarded to the DHCP server. This information may also be relayed on a per interface basis using the ip dhcp relay information option-insert command. Enable DHCP Relay using the ip helper enable command. When in Virtual Router Configuration mode, this command operates within the context of the virtual router instance. When in Global Configuration mode, the command operates on the global router instance.
User Guidelines Enable DHCP Relay using the ip helper enable command. The interface configuration always takes precedence over global configuration. However, if there is no interface configuration, then global configuration is followed. Use the ip dhcp relay information option command to globally enable inclusion of Option 82 information in DHCP requests forwarded to a DHCP server. Example The following example enables the circuit ID and remote agent ID options on VLAN 10.
netbios-dgm (port 138), netbios-ns (port 137), ntp (port 123), pim-autorp (port 496), rip (port 520), tacacs (port 49), tftp (port 69), and time (port 37). Other ports must be specified by number. Default Configuration No helper addresses are configured.
Command History Description revised in 6.3.5 release. ip helper-address (interface configuration) Use the ip helper-address (interface configuration) command to configure the relay of certain UDP broadcast packets received on a specific interface. To delete a relay entry on an interface, use the no form of this command.
User Guidelines This command can be invoked multiple times on routing interface, either to specify multiple server addresses for a given port number or to specify multiple port numbers handled by a specific server. Broadcast packets other than DHCP require configuration of a destination UDP port number for IP helper if not listed in Table 6-1.
Command History Description revised in 6.3.5 release. ip helper enable Use the ip helper enable command to enable relay of UDP packets. To disable relay of all UDP packets, use the “no” form of this command. Syntax ip helper enable no ip helper enable Default Configuration IP helper is enabled by default. Command Mode Global Configuration mode User Guidelines This command can be used to temporarily disable IP helper without deleting all IP helper addresses.
show ip helper-address Use the show ip helper-address command to display the IP helper address configuration. Syntax show ip helper-address [vrf vrf-name] [interface] • interface — Optionally specify an interface to limit the output to the configuration of a single interface. The interface is identified as vlan vlanid. • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown.
Discard If “Yes”, packets arriving on the given interface with the given destination UDP port are discarded rather than relayed. Discard entries are used to override global IP helper address entries which otherwise might apply to a packet. Hit Count The number of times the IP helper entry has been used to relay or discard a packet. Server Address The IPv4 address of the server to which packets are relayed.
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100 series switches. Example The following example defines the Boot/DHCP Relay information. console#show ip dhcp relay Maximum Minimum Circuit Circuit Hop Count.............................. 4 Wait Time (Seconds).................... 0 Id Option Mode....................... Disable Id Option Check Mode.................
The VRF parameter is only available on the N3000-ON/N3100 series switches. The following information is displayed. Field Description DHCP client The number of valid messages received from a DHCP client. messages received The count is only incremented if IP helper is enabled globally, the ingress routing interface is up, and the packet passes a number of validity checks, such as having a TTL > 1 and having valid source and destination IP addresses.
DHCP message with giaddr set to local address The number of DHCP client messages received whose gateway address, giaddr, is already set to an IP address configured on one of the relay agent's own IP addresses. In this case, another device is attempting to spoof the relay agent's address. The relay agent does not relay such packets. A log message gives details for each occurrence. Packets with expired TTL The number of packets received with TTL of 0 or 1 that might otherwise have been relayed.
IP Routing Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000EON/N3100-ON Series Switches The Dell Network N1500/N2000/N2100-ON/N2200-ON series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. Dell EMC Networking routing provides the base Layer 3 support for Local Area Network (LAN) and Wide Area Network (WAN) environments.
The addition of a preference option has a side benefit. The preference option allows the operator to control the preference of individual static routes relative to routes learned from other sources (such as OSPF). When routes from different sources have the same preference, Dell EMC Networking routing prefers a static route over a dynamic route.
ip route distance set ip next-hop show ip vlan ip routing set ip precedence show route-map – – show routing heap summary encapsulation Use the encapsulation command in Interface Configuration (VLAN) mode to configure the Link Layer encapsulation type for the packet. Routed frames are always Ethernet-encapsulated when a frame is routed to a VLAN. Syntax encapsulation {ethernet | snap} • ethernet — Specifies Ethernet encapsulation. • snap — Specifies SNAP encapsulation.
Syntax ip icmp echo-reply no ip icmp echo-reply Default Configuration ICMP Echo Reply messages are enabled by default. Command Mode Global Configuration mode, Virtual Router Configuration mode User Guidelines When in Virtual Router Configuration mode, this command operates within the context of the virtual router instance. When in Global Configuration mode, the command operates on the global router instance. Virtual Router Configuration mode is only available on the N3000-ON/N3100 switches.
Default Configuration Rate limiting is enabled by default. The default burst-interval is 1000 milliseconds. The default burst-size is 100 messages. Command Mode Global Configuration mode, Virtual Router Configuration mode User Guidelines There are no user guidelines for this command. When in Virtual Router Configuration mode, this command operates within the context of the virtual router instance. When in Global Configuration mode, the command operates on the global router instance.
5 Destination IP address and destination TCP/UDP port number. 6 Source and destination IP address and source and destination TCP/UDP port number. • Inner—Use the inner IP header for tunneled packets. • Outer—Use the outer IP header for tunneled packets. Default Configuration The default load-sharing mode is 6 using the outer IP header. Command Mode Global Configuration mode User Guidelines The choice of hashing mode should be based on the particular traffic type.
Syntax ip netdirbcast no ip netdirbcast Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example defines the IP address and subnet mask for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip netdirbcast ip policy route-map Use this command to apply a route map on an interface.
User Guidelines Policy-based routing must be configured on the VLAN interface that receives the packets, not on the VLAN interface from which the packets are sent. Packets matching a deny route map are routed using the routing table. Policy maps with no set clause are ignored. When a route-map applied on an interface is changed, i.e.
Example Considering equal-access as a route-map configured earlier, the following sequence is an example of how a route map is applied to a VLAN. console(config)#interface vlan 10 console(config-if-vlan10)#ip policy route-map equal-access ip redirects Use the ip redirects command to enable the generation of ICMP Redirect messages. Use the no form of this command to prevent the sending of ICMP Redirect Messages. In global configuration mode, this command affects all interfaces.
ip route Use the ip route command in Global Configuration mode to configure a static route. Use the no form of the command to delete the static route. Syntax ip route [vrf vrf-name] networkaddr {subnetmask | prefix-length} {Null0 | nexthopip | vlan vlan-id [nexthopip]} [preference] [name text][track objectnumber] no ip route [vrf vrf-name] networkaddr {subnetmask | prefix-length} {Null0 | nexthopip | vlan vlan-id [nexthopip]} • vrf-name—The name of the VRF if which the route is to be installed.
• track object-number—The IP SLA tracking object identifier Default Configuration Default value of preference is 1. The router will prefer a route with a smaller administrative distance that a route with a higher administrative distance. Command Mode Global Configuration mode User Guidelines The IP route command sets a value for the route preference. Among routes to the same destination, the route with the lowest preference value is the route entered into the forwarding database.
Only IPv4 routes are supported with the vrf parameter. Adding a static route with a Null 0 next hop specified configures a routing black hole (a static reject route). Packets destined to that prefix are dropped. If an interface for the next hop is specified, it may be a numbered or unnumbered interface. A static route entry is only installed if the next hop IP address matches one of the local subnets (i.e., the next hop is reachable).
interface vlan 1 ip address 172.16.0.1 255.240.0.0 exit interface vlan 10 ip vrf forwarding red-1 ip address 192.168.0.1 255.255.255.0 ip ospf area 0 exit router ospf vrf “red-1” router-id 1.1.1.1 network 192.168.0.0 0.0.0.255 area 0 exit ! interface Gi1/0/1 switchport mode trunk switchport access vlan 10 exit ! interface loopback 0 ip vrf forwarding red-1 ip address 1.1.1.1 255.255.255.255 exit Route Leaking Example 2 Subnetwork 9.0.0.
ip routing exit ip routing interface vlan 10 ip address 9.0.0.1 255.255.255.0 exit interface vlan 30 ip vrf forwarding Red ip address 8.0.0.1 255.255.255.0 exit ip route 66.6.6.0 255.255.255.0 Vl30 ip route 0.0.0.0 0.0.0.0 9.0.0.2 253 ip route vrf Red 9.0.0.0 255.255.255.0 Vl10 ip route vrf Red 66.6.6.0 255.255.255.0 8.0.0.
S *66.6.6.0/24 [1/0] via 8.0.0.2, Vl30 ip route default Use the ip route default command in Global Configuration mode to configure the next hop address of the default route. Use the no form of the command to delete the default route. Use of the optional VRF parameter executes the command within the context of the VRF specific routing table.
Using this command, the administrator may manually configure a single, global default gateway. The switch installs a default route for a configured default gateway with a preference of 253, making it more preferred than the default gateways learned via DHCP, but less preferred than a static default route. The preference of these routes is not configurable. The switch installs a default route for the default gateway whether or not routing is globally enabled. When the user displays the routing table (e.g.
no ip route distance integer • vrf-name—The name of the VRF associated with the routing table context used by the command. If no vrf is specified, the global routing table context is used. • integer — Specifies the distance (preference) of an individual static route. (Range 1-255) Default Configuration Default value of distance is 1. Command Mode Global Configuration mode User Guidelines Lower route distance values are preferred when determining the best route.
Default Configuration Disabled is the default configuration. Command Mode Global Configuration mode, Virtual Router Configuration mode User Guidelines Use the show ip brief command to determine if routing is enabled or disabled. When in virtual router configuration mode, this command operates within the context of the virtual router instance. When in global config mode, the command operates on the global router instance.
• loopback-id—The loopback identifier (Range 0–7) Default Configuration The are no ip unnumbered interfaces by default. Command Mode Interface (VLAN) Configuration User Guidelines IP unnumbered interfaces are supported in the default VRF only. The interface should be configured as able to borrow an IP address, i.e. a routing interface with no IP address. The loopback interface is the numbered interface providing the borrowed address. The providing loopback interface cannot be unnumbered.
Example console(config-if-vlan1)#ip unnumbered 10.130.14.55 ip unnumbered gratuitous-arp accept This command enables installation of a static interface route to the unnumbered peer upon receiving a gratuitous ARP. Syntax ip unnumbered gratuitous-arp accept no ip unnumbered gratuitous-arp accept Default Configuration The default mode is accept. Command Mode Interface (VLAN) Configuration User Guidelines IP unnumbered interfaces are supported in the default VRF only.
ip unreachables Use the ip unreachables command to enable the generation of ICMP Destination Unreachable messages. Use the no form of this command to prevent the generation of ICMP Destination Unreachable messages. Syntax ip unreachables no ip unreachables Default Configuration ICMP Destination Unreachable messages are enabled. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command.
Command Mode Route Map Configuration mode User Guidelines The IP ACL must be configured before it can be linked to a route-map. Specifying an unconfigured IP ACL causes an error. Actions present in an IP ACL configuration are applied along with other actions present in route-map. When an IP ACL referenced by a route-map is removed or rules are added or deleted from that ACL, the configuration is rejected. Actions in the IP ACL configuration are applied with other actions present in the route-map.
Route map sequence 20 in route map equal-access is used to match all packets sourced from any host in subnet 10.2.0.0. If there is a match, and if the router has no explicit route for the packet’s destination, it is sent to nexthop address 172.16.7.7. All other packets are forwarded as per normal L3 destination-based routing. console(config-if-vlan3)#ip policy route-map equal-access console(config)#ip access-list R1 console(config-ip-acl)#permit ip 10.1.0.0 0.0.255.
3 4 5 madan 1 1 1 1 console#show mac access-lists Current number of all ACLs: 9 MAC ACL Name ------------------------------madan mohan goud Maximum number of all ACLs: 100 Rules ----1 1 1 Interface(s) Direction Count ------------ --------- ---------- console#configure console(config)#route-map madan console(route-map)#match ip address 1 2 3 4 5 madan console(route-map)#match mac-list madan mohan goud console(route-map)#exit console(config)#exit console #show route-map route-map madan permit 10 Match cl
Syntax match length min max no match length • min—Specifies the minimum Layer 3 length for the packet, inclusive, allowing for a match. • max—Specifies the maximum Layer 3 length for the packet, inclusive, allowing for a match. Default Configuration There is no default configuration for this command.
Default Configuration There is no default configuration for this command. Command Mode Route Map mode User Guidelines The MAC ACL must be configured before it is linked to a route map. Trying to link to an unconfigured MAC ACL causes an error. Actions in the MAC ACL configuration are applied with other actions configured in the route map. When a MAC ACL referenced by a route map is removed, the route map rule is also removed.
• sequence-number—(Optional) An integer used to order the set of route maps. Route maps are ordered from lowest to greatest sequence number, with lower sequence numbers being considered first. If no sequence number is specified, the system assigns a value ten greater than the last statement in the route map. The range is 0 to 65,535. Default Configuration No route maps are configured by default. If no permit or deny tag is specified, permit is the default.
Examples The following example creates (or edits) the route map equal-access as the first route map in the system for allowing matching packets into the system. Route-map mode is also entered. console(config)#route-map equal-access permit 0 In the following example, BGP is configured to redistribute all prefixes within 172.20.0.0 and reject all others. console(config)# ip prefix-list redist-pl permit 172.20.0.
statement is marked as permit and the packet meets all the match criteria, the set clauses in the route-map statement are applied. If no match is found in the route-map, the packet is forwarded using the routing decision resulting from traditional destination-based routing.
User Guidelines A packet is routed to the next hop specified by this command only if there is no active explicit route for the packet’s destination address in the routing table. A default route in the routing table is not considered an explicit route for an unknown destination address. Only one of set ip next-hop, set ip default next-hop, or set interface null0 may be specified in a route map. Example console(config-route-map)#set ip default next-hop 192.0.2.
active interface is present in the route table, the packet is routed using the default routing table. If more than one IP address is specified, the first IP address associated with a link up interface is used to route the packets. Only one of set ip next-hop, set ip default next-hop, or set interface null0 may be specified in a route map. Example console(config-route-map)#set ip next-hop 192.0.2.1 set ip precedence Use this command to set the three IP precedence bits in the IP packet header on ingress.
User Guidelines The set ip precedence clause may be combined with set ip next-hop or set ip default next-hop clause in a route map. Example console(config-route-map)#set ip precedence 5 show ip brief Use the show ip brief command to display all the summary information of the IP. Syntax show ip brief [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown.
ICMP Rate Limit Interval....................... ICMP Rate Limit Burst Size..................... ICMP Echo Replies.............................. ICMP Redirect Mode............................. Maximum Next Hops.............................. 1000 msec 100 messages Enabled Enabled 16 show ip interface Use the show ip interface command to display information about one or more IP interfaces. The output shows how each IP address was assigned.
Field Description Manual The address is manually configured. Command History Command output updated in version 6.6 firmware. Example console#show ip interface Default Gateway................................ 0.0.0.0 L3 MAC Address................................. 001E.C9DE.B546 Routing Interfaces: Interface ---------Vl1 Vl2 State IP Address IP Mask Method --------------------------------------Down 0.0.0.0 0.0.0.
show ip policy Use the show ip policy command to display the route maps used for policy based routing on the router interfaces. Syntax show ip policy map-name • map-name—The name of a specific route map. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100 series switches. The command displays the following information. Parameter Description BGP Section: Routing Protocol BGP. Router ID The router ID configured for BGP.
Parameter Description Prefix List Out The global prefix list used to filter outbound routes to all neighbors. Neighbors A list of configured neighbors and the inbound and outbound policies configured for each. OSPFv2 Section Routing Protocol OSPFv2. Router ID The router ID configured for OSPFv2. OSPF Admin Mode Whether OSPF is enabled or disabled globally. Maximum Paths The maximum number of next hops in an OSPF route.
Parameter Description ABR Status The number of OSPF areas with at least one interface running on this router. Also broken down by area type. ASBR Status Whether the router is an autonomous system boundary router. The router is an ASBR if it is redistributing any routes or originating a default route. RIP Section RIP Admin Mode Whether RIP is globally enabled. Split Horizon Mode Whether RIP advertises routes on the interface where they were received.
Prefix List Out....................... Route Map In.......................... Route Map Out......................... 172.20.5.1 Prefix List Out....................... PfxList3 rmapUp rmapDown PfxList12 Routing Protocol.......................... Router ID................................. OSPF Admin Mode........................... Maximum Paths............................. Routing for Networks...................... OSPFv2 6.6.6.6 Enable 32 172.24.0.0 0.0.255.255 area 0 10.0.0.0 0.255.255.255 area 1 192.
Syntax show ip route [[ip-address [mask | prefix-length] [longer-prefixes] [vrf vrfname] [static] | [ecmp-groups] | [hw-failure] | [[vrf vrfname] track-table] | [net-prototype] • ip-address—Specifies the network for which the route is to be displayed and displays the best matching route for the address. • mask—Subnet mask of the IPv4 address in dotted quad notation. • prefix-length—Length of prefix, in bits. Must be preceded with a forward slash (/). (Range: 0-32 bits.
The VRF parameter is only available on the N3000-ON/N3100 series switches. If the subnet mask is specified, then only routes with an exact match are displayed. For example: show ip route 192.168.2.0 /24 If only an IP address is specified, the best route for the IP address is displayed. For example: show ip route 192.168.2.0 If the longer-prefixes option is specified, then the subnets within an aggregate are displayed. For example: show ip route 192.168.2.
Unnumbered Peer Routes......................... RIP Routes..................................... BGP Routes..................................... External..................................... Internal..................................... Local........................................ OSPF Routes.................................... Intra Area Routes............................ Inter Area Routes............................ External Type-1 Routes....................... External Type-2 Routes......................
ipv6 route 0.0.0.0 0.0.0.0 10.130.167.129 track 10 state is [up] show ip route preferences Use the show ip route preferences command to display the default route preference value for each origin. Syntax show ip route preferences Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Route preferences are used in determining the best route.
show ip route summary Use the show ip route summary command to display the routing table summary, including best and non-best routes. Syntax show ip route summary [best] • best—Shows the number of best routes. To include the count of all routes, do not use this optional parameter. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Best Routes (High)............................. Alternate Routes............................... Leaked Routes.................................. RFC5549 Routes - IPv4 with IPv6 nexthop........ Route Adds..................................... Route Modifies................................. Route Deletes.................................. Unresolved Route Adds.......................... Invalid Route Adds............................. Failed Route Adds.............................. Failed Kernel Route Adds........
User Guidelines This command displays statistics for the software IP stack, not the hardware routing information. The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100 series switches. Example The following example displays IP route preferences. console>show ip traffic IpInReceives................................... IpInHdrErrors.................................. IpInAddrErrors................................
IcmpOutParmProbs............................... IcmpOutSrcQuenchs.............................. IcmpOutRedirects............................... IcmpOutEchos................................... IcmpOutEchoReps................................ IcmpOutTimestamps.............................. IcmpOutTimestampReps........................... IcmpOutAddrMasks...............................
Syntax show route-map map-name Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example For each route map, the match count is shown in terms of number of packets and number of bytes. This counter displays the match count in packets and bytes when a route map is applied.
Set clauses: ip default next-hop ip precedence 4 Policy routing matches: 0 route-map simplest permit Match clauses: Set clauses: interface null0 Policy routing matches: 0 console console console console 4.4.4.4 packets, 0 bytes 30 packets, 0 bytes #configure (Config)#interface Te1/0/2 (config-if-Te1/0/2)#ip policy simplest (config-if-Te1/0/2)#show route-map simplest route-map simplest permit 10 Match clauses: ip address (access-lists) : 1 Set clauses: ip next-hop 3.3.3.
Policy routing matches: 0 packets, 0 bytes console #show ip policy Interface Route-Map ------------ ----------------------------------------console # console(route-map)#show route-map route-map “d3” permit 10 Match clauses: ip address prefix-list a1 as-path 1 community s1 exact-match Set clauses: metric 23 local-preference 34 as-path prepend 2 3 4 5 6 comm-list d1 delete community no-export ipv6 next-hop aa::bb Policy routed: 0 packets, 0 bytes The following example shows a route map test1 that is configur
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The command displays the following information. Parameter Description Heap Size The amount of memory, in bytes, allocated at startup for the routing heap. Memory In Use The number of bytes currently allocated. Memory on Free List The number of bytes currently on the free list. When a chunk of memory from the routing heap is freed, it is placed on a free list for future reuse.
IPv6 Routing Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON Series Switches The Dell Network N1500/N2000/N2100-ON/N2200-ON series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. The IPv6 version of the routing table manager provides a repository for IPv6 routes learned by dynamic routing protocols or static configuration.
ipv6 host ipv6 nd nud maxunicast-solicits ipv6 unreachables show ipv6 neighbors ipv6 icmp errorinterval ipv6 nd nud retry ipv6 mld lastmember-querycount ipv6 nd otherconfig-flag show ipv6 brief ipv6 mld lastmember-queryinterval ipv6 nd prefix show ipv6 interface show ipv6 route preferences show ipv6 protocols show ipv6 route ipv6 mld host-proxy ipv6 nd raguard attach-policy – show ipv6 route summary ipv6 mld host-proxy ipv6 nd ra-interval reset-status show ipv6 mld groups show ipv6 snoopin
Command Mode Privileged Exec mode. User Guidelines This command has no user guidelines. Example The following example clears all entries in the IPv6 neighbor table. console(config)#clear ipv6 neighbors clear ipv6 statistics Use the clear ipv6 statistics command to clear IPv6 statistics for all interfaces or for a specific interface, including loopback and tunnel interfaces. IPv6 statistics display in the output of the show ipv6 traffic command.
ipv6 address Use the ipv6 address command in Interface Configuration mode to configure an IPv6 address on an interface (including VLAN, tunnel and loopback interfaces) and to enable IPv6 processing on this interface. Multiple globally reachable addresses can be assigned to an interface by using this command. There is no need to assign a link-local address by using this command since one is automatically created. IPv6 addresses can be expressed in eight blocks.
Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines Configuring a static link local address replaces any previously configured address, including the automatically generated address. Command History Command updated in version 6.6 firmware. Example The following example configures an IPv6 address and enables IPv6 processing.
User Guidelines This command has no user guidelines. Example The following example enables IPv6 routing, which has not been configured with an explicit IPv6 address. console(config)#vlan 15 console(config-vlan)#interface vlan 15 console(config-if-vlan15)#ipv6 enable ipv6 hop-limit Use the ipv6 hop-limit command to configure the hop limit used in IPv6 PDUs originated by the router. Use the no form of the command to return the hop limit to the default setting.
Syntax ipv6 host name ipv6-address no ipv6 host name • name — Host name. • ipv6-address — IPv6 address of the host. Default Configuration No IPv6 hosts are defined. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example console(config)#ipv6 host Dell 2001::DB8:0 ipv6 icmp error-interval Use the icmp error-interval command to limit the rate at which ICMP error messages are sent.
Default Configuration Rate limiting is enabled by default. The default burst-interval is 1000 milliseconds. The default burst-size is 100 messages. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Example console(config-if-vlan3)#ipv6 mld last-member-query-count 5 ipv6 mld last-member-query-interval The ipv6 mld last-member-query-interval command sets the last member query interval for the MLD interface, which is the value of the maximum response time parameter in the group-specific queries sent out of this interface. Use the “no” form of this command to set the last member query interval to the default.
Also, ensure that there are no other multicast routing protocols enabled on the router and that IP multicast routing is globally enabled. Use the “no” form of this command to disable MLD Proxy globally. Syntax ipv6 mld host-proxy [interface vlan-id] no ipv6 mld host-proxy [interface vlan-id] Default Configuration MLD Proxy is disabled by default. Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command.
User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld host-proxy reset-status ipv6 mld host-proxy unsolicit-rprt-interval Use the ipv6 mld host-proxy unsolicit-rprt-interval command to set the unsolicited report interval for the MLD Proxy router. This command is only valid when MLD Proxy is enabled on the interface. Use the “no” form of this command to reset the MLD Proxy router's unsolicited report interval to the default value.
ipv6 mld query-interval The ipv6 mld query-interval command sets the MLD router's query interval for the interface. The query-interval is the amount of time between the general queries sent when the router is querying on that interface. Use the “no” form of this command to set the query interval to the default. Syntax ipv6 mld query-interval query-interval no ipv6 mld query-interval • query-interval — Query interval (Range: 1–3600). Default Configuration The default query interval is 125 seconds.
• query-max-response-time — Maximum query response time (Range: 1– 65535 milliseconds). Default Configuration The default query maximum response time is 10 seconds. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command.
Example The following example sets at 10 the number of duplicate address detection probes transmitted while doing neighbor discovery. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd dad attempts 10 ipv6 nd ra hop-limit unspecified Use the ipv6 nd ra hop-limit unspecified command to configure the hop limit sent in router alert messages. Use the no form of the command to send the default hop limit of 64.
ipv6 nd managed-config-flag Use the ipv6 nd managed-config-flag command in Interface Configuration mode to set the “managed address configuration” flag in router advertisements. When the value is true, end nodes use DHCPv6. When the value is false, end nodes automatically configure addresses. Syntax ipv6 nd managed-config-flag no ipv6 nd managed-config-flag Default Configuration False is the default configuration.
• milliseconds — Interval duration. (Range: 0, 1000–4294967295) Default Configuration 0 is the default value for milliseconds. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example sets the interval between router advertisements for advertised neighbor solicitations at 5000 ms.
User Guidelines Increase this value when neighbors are not being discovered or large numbers of neighbors are present. Command History Introduced in version 6.2.0.1 firmware. Example console (config)#ipv6 nd nud max-multicast-solicits 5 ipv6 nd nud max-unicast-solicits Configures the maximum number of unicast neighbor solicitations sent during neighbor resolution or during NUD (neighbor unreachability detection). Use the no form of the command to reset the value to the default.
Example console (config)#ipv6 nd nud max-unicast-solicits 5 ipv6 nd nud retry This command configures the exponential backoff multiple to be used in the calculation of the next timeout value for Neighbor Solicitation transmission during NUD (neighbor unreachability detection) following the exponential backoff algorithm. Use the no form of the command to return the backoff multiple to the default.
(not just our router but more routers in the network) is congested, the NUD process for the existing STALE entries takes enough time before ultimately removing the cache entry through garbage collection. Without the exponential backoff timing for retransmissions, there is a higher probability that the cache entry is removed resulting in the disruption of the existing traffic.
Default Configuration False is the default configuration. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines.
Default Configuration 604800 seconds is the default value for valid-lifetime, 2592000 seconds for preferred lifetime. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines The router advertises its global IPv6 prefixes in its router advertisements (RAs). An RA only includes the prefixes of the IPv6 addresses configured on the interface where the RA is transmitted. Addresses are configured using the ipv6 address interface configuration command.
Default Configuration By default, no RA guard policies are applied to any interface. Command Mode Interface Configuration (Ethernet, port-channel) User Guidelines RA Guard drops all incoming IPv6 router advertisement and router redirect messages. RA Guard may be configured on L2 or L3 interfaces. Command History Introduced in version 6.2.0.1 firmware.
• maximum — The maximum interval duration (Range: 4–1800 seconds). • minimum — The minimum interval duration (Range: 3 – (0.75 * maximum) seconds). Default Configuration 600 is the default value for seconds. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines The minimum interval cannot be larger than 75% of the maximum interval. Example The following example sets the transmission interval between router advertisements at 1000 seconds.
Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example sets at 1000 seconds the value that is placed in the Router Lifetime field of the router advertisements.
Example The following example sets the router advertisement time at 5000 milliseconds to consider a neighbor reachable after neighbor discovery confirmation. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd reachable-time 5000 ipv6 nd suppress-ra Use the ipv6 nd suppress-ra command in Interface Configuration mode to suppress router advertisement transmission on an interface. Syntax ipv6 nd suppress-ra no ipv6 nd suppress-ra Default Configuration Disabled is the default configuration.
Syntax ipv6 redirect no ipv6 redirect Default Configuration IPv6 ICMP redirects are enabled by default. Command Mode Interface VLAN Configuration mode User Guidelines In general, an IPv6 ICMP redirect is sent if: • The packet is not addressed to the router. • The packet will be forwarded over the interface on which it was received. • The router determines that a better first-hop resides on the same VLAN as the source of the packet.
Syntax ipv6 route distance ipv6 route ipv6-prefix/prefix-length {next-hop-address | Null0 | vlan vlan-id | tunnel tunnel-id} [preference] [track ] no ipv6 route ipv6-prefix/prefix-length {next-hop-address | Null0 | vlan vlan-id | tunnel tunnel-id} [track ] no ipv6 route ipv6-prefix/prefix-length ipv6-address preference no ipv6 route ipv6-prefix/prefix-length interface-type ipv6-address no ipv6 route ipv6-prefix/prefix-length interface • distance—The default administrative dist
There is no default IPv6 SLA tracking object. Command Mode Global Configuration mode User Guidelines Enter a track track-number in the ipv6 route command to specify that the static route is installed in the routing table only if the configured SLA tracking object is up. When the track object is down, the route is removed from the Route Table. Only one tracking object can be associated with a static route at a time. Configuring a different tracking object replaces the previously configured tracking object.
no ipv6 route distance integer • integer — Specifies the distance (preference) of an individual static route. (Range 1-255) Default Configuration Default value of integer is 1. Command Mode Global Configuration mode User Guidelines Lower route distance values are preferred when determining the best route. Example The following example sets the default distance to 80.
Example The following example globally enables Ipv6 unicast datagram forwarding. console(config)#ipv6 unicast-routing console(config)#no ipv6 unicast-routing ipv6 unreachables Use the ipv6 unreachables command to enable the generation of ICMPv6 Destination Unreachable messages. Use the no form of this command to prevent the generation of ICMPv6 Destination Unreachable messages.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the IPv6 status of forwarding mode and IPv6 unicast routing mode. console#show ipv6 brief IPv6 Unicast Routing Mode.................... IPv6 Hop Limit............................... ICMPv6 Rate Limit Error Interval............. ICMPv6 Rate Limit Burst Size....
Default Configuration Displays all IPv6 interfaces. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The Method field contains one of the following values. Field Description Auto The IPv6 address is automatically generated using IPv6 auto address configuration (RFC 2462). Config The IPv6 address is manually configured. DHCP The IPv6 address is leased from a DHCP server. TENT Tentative address.
• Auto – The IPv6 address was automatically generated using IPv6 auto address configuration (RFC 2462) • Config – The IPv6 address was manually configured. • DHCP – The IPv6 address was leased from a DHCP server. • TENT – Tentative address. The following example displays the long form of the command, and indicates whether address autoconfiguration or DHCP client are enabled on the interface.
• group-address — The group address to display. • vlan-id — A valid VLAN id. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed as a table when vlan vlan-id is specified: Field Description Number of (*, G) entries Displays the number of groups present in the MLD Table.
Expiry Time Time left in seconds before the entry is removed from the MLD membership table of this interface. Last Reporter The IP Address of the source of the last membership report received for this multicast group address on that interface. Filter Mode The filter mode of the multicast group on this interface. The values it can take are INCLUDE and EXCLUDE. Compatibility Mode The compatibility mode of the multicast group on this interface. The values it can take are MLDv1 and MLDv2.
Expiry Time (hh:mm:ss)........................ -----Group Address................................ FF1E::2 Interface..................................... vlan 6 Up Time (hh:mm:ss).......................... 00:04:23 Expiry Time (hh:mm:ss)........................ -----Group Address................................ FF1E::3 Interface..................................... vlan 6 Up Time (hh:mm:ss).......................... 00:04:23 Expiry Time (hh:mm:ss)........................ -----Group Address...................
MLD Interface Admin Mode This field displays the configured interface administrative status of MLD. MLD Operational The operational status of MLD on the interface. Mode MLD Version This field indicates the version of MLD configured on the interface. Query Interval This field indicates the configured query interval for the interface. Query Max Response Time This field indicates the configured maximum query response time (in seconds) advertised in MLD queries on this interface.
Wrong Version Queries Indicates the number of queries received whose MLD version does not match the MLD version of the interface. Number of Joins The number of times a group membership has been added on this interface. Number of Leaves The number of times a group membership has been removed on this interface. Number of Groups The current number of membership entries for this interface. Example console#show ipv6 mld interface vlan 2 Interface...................................
User Guidelines The command displays the following parameters only when you enable MLD Proxy: Field Description Interface Index The interface number of the MLD Proxy interface. Admin Mode Indicates whether MLD Proxy is enabled or disabled. This is a configured value. Operational Mode Indicates whether MLD Proxy is operationally enabled or disabled. This is a status parameter. Version The present MLD host version that is operational on the proxy interface.
show ipv6 mld host-proxy groups Use the show ipv6 mld host-proxy groups command to display information about multicast groups that the MLD Proxy reported. Syntax show ipv6 mld host-proxy groups Default Configuration There is no default configuration for this command. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The following parameters are displayed by this command: Field Description Interface The MLD Proxy interface.
Example console#show ipv6 mld host-proxy groups Interface................................ vlan 10 Group Address Last Reporter Up Time Member State Filter Mode Sources ------------- -------------- ---------- ----------------- ------------ -----FF1E::1 FE80::100:2.3 00:01:40 DELAY_MEMBER Exclude 2 FF1E::2 FE80::100:2.3 00:02:40 DELAY_MEMBER Include 1 FF1E::3 FE80::100:2.3 00:01:40 DELAY_MEMBER Exclude 0 FF1E::4 FE80::100:2.
Member State Possible values are: • Idle_Member — The interface has responded to the latest group membership query for this group. • Delay_Member — The interface is going to send a group membership report to respond to a group membership query for this group. Filter Mode Possible values are Include or Exclude. Sources The number of sources attached to the multicast group. Group Source List The list of IP addresses of the sources attached to the multicast group.
show ipv6 mld host-proxy interface Use the show ipv6 mld-proxy interface command to display a detailed list of the host interface status parameters. Syntax show ipv6 mld host-proxy interface Default Configuration There is no default configuration for this command. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The following parameters are displayed only when MLD Proxy is enabled: Parameter Description Interface The MLD Proxy interface.
Ver Query Rcvd Report Rcvd Report Sent Leave Rcvd Leave Sent ----------------------------------------------------------1 2 0 0 0 2 2 3 0 4 --------- show ipv6 mld traffic The show ipv6 mld traffic command is used to display MLD statistical information for the router. Syntax show ipv6 mld traffic Default Configuration There is no default configuration for this command.
Leaves Sent The number of valid MLD leaves sent by the router. Bad Checksum MLD Packets The number of bad checksum MLD packets received by the router. Malformed MLD Packets The number of malformed MLD packets received by the router. Example console#show ipv6 mld traffic Valid MLD Packets Received..................... Valid MLD Packets Sent......................... Queries Received............................... Queries Sent................................... Reports Received...........................
Example The following example configures an unnamed RA Guard policy to drop all RA advertisements and router redirect messages on interface Gi1/0/1 (VLAN 10). The configured interfaces are shown.
Example The following example displays information about the IPv6 neighbors. console(config)#show ipv6 neighbors Neighbor Last IPv6 Address MAC Address isRtr -------------------- ----------------- ----- State Updated Interface ------- --------- show ipv6 protocols Use the show ipv6 protocols command to display information about the configured IPv6 routing protocols Syntax show ipv6 protocols Default Configuration There is no default configuration for this command.
Prefix List In ................................ none Prefix List Out ............................... none Redistributing: Source Metric Dist List Route Map --------- ---------- -------------------------------- ------------------------------connected Networks Originated: Neighbors: 2001::1 Filter List In ............................ 1 Filter List Out ........................... 1 Routing Protocol .............................. Router ID ..................................... OSPF Admin Mode ..................
• ipv6-prefix/ prefix-length—Specifies an IPv6 network for which the matching route would be displayed. • best—Specifies that only the best routes are displayed. If the connected keyword is selected for protocol, the best option is not available because there are no best or non-best connected routes. • all—Display all routes. • track-table—Display the tracked IPv6 static routes for the selected VRF or the global routing instance. • preferences—Display the routing preferences.
console(config)#show ipv6 route IPv6 Routing Table - 0 entries Route Codes: C - connected, S - static O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF Ext 1, OE2 - OSPF Ext 2 ON1 - OSPF NSSA Ext Type 1, ON2 - OSPF NSSA Ext Type 2 Default gateway is 10.1.20.1 S C C 0.0.0.0/0 [254/0] via 10.1.20.1 10.1.20.0/24 [0/1] directly connected, 20.1.20.
Static......................................... OSPF Intra-area routes......................... OSPF Inter-area routes......................... OSPF External routes........................... BGP External................................... BGP Internal................................... BGP Local......................................
External..................................... Internal..................................... Local........................................ OSPF Routes.................................... Intra Area Routes............................ Inter Area Routes............................ External Type-1 Routes....................... External Type-2 Routes....................... Reject Routes.................................. Total routes...................................
Gi1/0/2 431 6599 show ipv6 traffic Use the show ipv6 traffic command in User Exec mode to show traffic and statistics for IPv6 and ICMPv6. Syntax show ipv6 traffic [vlan vlan-id | tunnel tunnel-id | loopback loopback-id] • vlan-id — Valid VLAN ID, shows information about traffic on a specific interface or, without the optional parameter, shows information about traffic on all interfaces. • tunnel-id — Tunnel identifier. (Range: 0-7) • loopback-id — Loopback identifier.
Received Datagrams Discarded Due To Truncated Data. Received Datagrams Discarded Other................. Received Datagrams Reassembly Required............. Datagrams Successfully Reassembled................. Datagrams Failed To Reassemble..................... Datagrams Forwarded................................ Datagrams Locally Transmitted...................... Datagrams Transmit Failed.......................... Datagrams Successfully Fragmented.................. Datagrams Failed To Fragment................
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays IPv6 VLAN routing interface addresses.
• interval—The time (in seconds) between successive echo requests. Default 3. • init-ttl—The initial TTL sent in the ICMP echo request packets (Range 1255. Default 1). • max-ttl—The maximum ttl sent in the ICMP echo request packet (Range 1-255, default 30). Must be equal to or larger than init-ttl. • port—The destination UDP port of the probe. (Range 1-65535). • size—The packet size padding in bytes. (Range 0-39936, default 0).
Loopback Interface Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000EON/N3100-ON Series Switches Dell EMC Networking provides for the creation, deletion, and management of loopback interfaces. They are dynamic interfaces that are created and deleted by user configuration. A loopback interface is always expected to be up. As such, it provides a means to configure a stable IP address on the device which may be referred to by other switches in the network.
User Guidelines This command has no user guidelines. Example The following example enters the Interface Loopback 1 configuration mode. console(config)#interface loopback 1 console(config-if-loopback0)#ip address 192.168.22.1 255.255.255.255 console(config-if-loopback0)#exit console(config)#ex console#ping 192.168.22.1 Pinging 192.168.22.1 with 0 bytes of data: Reply Reply Reply Reply From From From From 192.168.22.1: 192.168.22.1: 192.168.22.1: 192.168.22.
Examples The following examples display information about configured loopback interfaces. console# show interfaces loopback Loopback Id Interface IP Address ----------- --------- ---------1 loopback 1 0.0.0.0 Received Packets ---------------0 Sent Packets -----------0 console# show interfaces loopback 1 Interface Link Status.......................... Up IP Address..................................... 0.0.0.0 0.0.0.0 MTU size.......................................
IP Multicast Commands Dell EMC Networking N3000E-ON/N3100 Series Switches The Dell Network N1500/N2000/N2100-ON/N2200-ON Series switches support limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. The Dell EMC Networking multicast component is best suited for video and audio traffic requiring multicast packet control for optimal operation.
mandatory. Discovering the local domain-name server is the intended use of multicast messages on remote networks when there is less than one server per network. • Applications used for datacasting: Since multimedia transmission has become increasingly popular, multicast transmission use has increased. Multicast transmission may be used to efficiently accommodate this type of communication. For instance, the audio and video signals are captured, compressed and transmitted to a group of receiving stations.
Syntax clear ip mroute { * | group-address [ source-address ] } • * —Deletes all IPv4 entries from the IP multicast routing table. • group-address— IP address of the multicast group. • source-address—IP address of a multicast source that is sending multicast traffic to the group. Default configuration There is no default configuration for this command.
ip multicast boundary Use the ip multicast boundary command in Interface Configuration mode to add an administrative scope multicast boundary specified by groupipaddr and mask for which this multicast administrative boundary is applicable. groupipaddr is a group IP address and mask is a group IP mask. Syntax ip multicast boundary groupipaddr mask no ip multicast boundary groupipaddr • groupipaddr — IP address of multicast group. Valid range is 239.0.0.0 to 239.255.255.255.
no ip mroute source-address mask • source-address — The IP address of the multicast data source. • mask — The IP subnet mask of the multicast data source. • rpf-address — The IP address of the next hop towards the source. • preference — The cost of the route (Range: 1 - 255). Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode User Guidelines The source IP address must contain 0's for the address bits corresponding to 0's in the netmask.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Use of a multicast routing protocol is recommended (e.g., PIM) when IP multicast is enabled. IGMP/MLD snooping may be enabled when IP multicast is enabled. If a multicast source is connected to a VLAN on which both L3 multicast and IGMP/MLD snooping are enabled, the multicast source is forwarded to the mrouter ports that have been discovered when the multicast source is first seen.
ip multicast ttl-threshold Use the ip multicast ttl-threshold command in Interface VLAN Configuration mode to apply a ttlvalue to a routing interface. ttlvalue is the TTL threshold which is applied to the multicast Data packets forwarded through the interface. Syntax ip multicast ttl-threshold ttlvalue no ip multicast ttl-threshold • ttlvalue — Specifies TTL threshold. (Range: 0-255) Default Configuration This command has no default configuration.
no ip pim Default Configuration PIM is not enabled on interfaces by default. Command Mode Interface (VLAN) Configuration mode User Guidelines PIM requires that routing and multicast routing be enabled. Enabling PIM enables IGMP/MLD. Disabling PIM may operationally disable multicast routing. Example console(config)#ip routing console(config)#ip multicast console(config)#interface vlan 10 console(if-vlan-10)#ip pim Command History User Guidelines updated in release 6.3.5.
Command Mode Interface (VLAN) Configuration mode User Guidelines This command only has an effect if sparse mode is enabled. Example console(if-vlan-10)#ip pim bsr-border ip pim bsr-candidate The ip pim bsr-candidate command is used to configure the router to advertise itself as a bootstrap router (BSR). Use the no form of this command to return to the default configuration. This command replaces the ip pimsm bsr-candidate, ip pimsm cbsrhaskmasklength and ip pimsm cbsrpreference commands.
User Guidelines All multicast groups with the same hash value correspond to the same RP. Lower priority values are preferred. Example console(config)#ip pim bsr-candidate vlan 10 16 0 interval 30 ip pim dense-mode Use the ip pim dense-mode command in Global Configuration mode to administratively configure PIM dense mode for IP multicast routing. Use the no form of this command to disable PIM. Syntax ip pim dense-mode no ip pim Default Configuration PIM is not enabled by default.
ip pim dr-priority The ip pim dr-priority command in Interface (VLAN) Configuration mode to administratively configure the advertised designated router (DR) priority value. Use the no form of this command to return the configuration to the default. Syntax ip pim dr-priority priority no ip pim dr-priority • priority — The administratively configured priority (Range: 0– 2147483647). Default Configuration The default election priority is 1.
• interval — The number of seconds between successive hello transmissions. Range: 0–18000 seconds. Default is 30. Default Configuration The default hello interval is 30 seconds. Command Mode Interface (VLAN) Configuration mode User Guidelines There are no user guidelines for this command.
User Guidelines This command only has an effect if sparse mode is enabled. Example console(if-vlan10)#ip pim join-prune-interval 30 ip pim rp-address Use the ip pim rp-address command in Global Configuration mode to define the address of a PIM Rendezvous point (RP) for a specific multicast group range. Use the no form of this command to remove a configured RP. This command replaces the ip pimsm rp-address command.
Command History Updated guidelines in version 6.5 firmware. Example console(config)#ip pim rp-address 192.168.21.1 239.1.0.0 255.255.0.0 override ip pim rp-candidate Use the ip pim rp-candidate command in Global Configuration mode to configure the router to advertise itself to the bootstrap router (BSR) router as a PIM candidate rendezvous point (RP) for a specific multicast group range. Use the no form of this command to return to the default configuration.
Example console(config)#ip pim rp-candidate vlan 10 239.1.0.0 255.255.0.0 interval 30 ip pim sparse-mode Use the ip pim sparse-mode command in Global Configuration mode to administratively configure PIM sparse mode for IP multicast routing. Use the no form of this command to disable PIM. Syntax ip pim sparse-mode no ip pim Default Configuration PIM not enabled by default. Command Mode Global Configuration mode User Guidelines Only one of sparse or dense mode can be configured on a router.
ip pim ssm Use the ip pim ssm command in Global Configuration mode to administratively configure PIM source specific multicast range of addresses for IP multicast routing. Use the no form of this command to remove configured ranges of addresses from the router. Syntax ip pim ssm {default | group-address group-mask} no ip pim ssm {default | group-address group-mask} • default—Defines the SSM range access list to 232/8. • group-address—An IP multicast group address. • group-mask—An IPv4 mask in a.b.c.
Default Configuration This command does not have a default configuration. Command Mode Privileged Exec mode, Global Config mode, all sub-modes. User Guidelines This command display both the IPv4 and IPv6 MFC entries. The following information is displayed. Field Description MFC IPv4 Mode Enabled when IPv4 multicast routing is operational. MFC IPv6 Mode Enabled when IPv6 multicast routing is operational. MFC Entry Count The number of entries present in MFC.
show ip multicast Use the show ip multicast command to display the system-wide multicast information. Syntax show ip multicast Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays system-wide multicast information. console#show ip multicast Admin Mode........................... Protocol State......
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays all the configured administrative scoped multicast boundaries.
User Guidelines This command has no user guidelines. Example The following example displays the multicast information for VLAN 15. console#show ip mcast interface vlan 15 Interface TTL --------- ----Vl15 1 show ip mroute Use the show ip mroute command to display a summary or details of the multicast table. Syntax show ip mroute Default Configuration This command has no default configuration.
show ip mroute group Use the show ip mroute group command to display the multicast configuration settings such as flags, timer settings, incoming and outgoing interfaces, RPF neighboring routers, and expiration times of all the entries in the multicast mroute table containing the groupipaddr value. Syntax show ip mroute group groupipaddr [summary] • groupipaddr — IP address of the multicast group. Default Configuration This command has no default configuration.
Syntax show ip mroute source sourceipaddr {summary} • sourceipaddr — IP address of source. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Use the summary option to summarize the information displayed. Example The following example displays multicast configuration settings. console#show ip mroute source 10.1.1.1 summary console#show ip mroute source 10.1.1.1 239.5.5.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the static routes configured in the static mcast table. console#show ip mroute static MULTICAST STATIC ROUTES Source IP Source Mask RPF Address Preference --------------- --------------- --------------- ---------1.1.1.1 255.255.255.0 2.2.2.
PIM Mode The routers that are enabled for PIM. Example console#show ip pim PIM Mode............................. None If no routers are enabled for PIM, the following message is displayed. None of the routing interfaces are enabled for PIM. show ip pim bsr-router The show ip pim bsr-router command displays information about a bootstrap router (BSR). Syntax show ip pim bsr-router {candidate|elected} • candidate – Shows the candidate routers capable of acting as the bootstrap router.
Next Bootstrap Message Time remaining (in hours, minutes, and seconds) until a in BSR message is sent. Next Candidate RP Advertisement Time remaining (in hours, minutes, and seconds) until the next RP advertisement is sent. Example console#show ip pim bsr-router BSR Address............................. 192.168.10.1 BSR Priority............................ 0 BSR Hash Mask Length.................... 30 C-BSR Advertisement Interval (secs)........60 Next Bootstrap message(hh:mm:ss)..........
Field Description Neighbor Count Number of PIM Neighbors learned on this interface Designated-Router IP address of the elected DR on the interface Default Configuration There is no default configuration for this command. Command Mode User Exec and Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
show ip pim neighbor Use the show ip pim neighbor command in User Exec or Privileged Exec modes to display PIM neighbors discovered by PIMv2 Hello messages. If the interface number is not specified, this command displays the neighbors discovered on all the PIM-enabled interfaces. Syntax show ip pim neighbor [vlan vlan-id] • vlan-id — A valid VLAN ID for which multicast routing has been enabled. Default Configuration This command has no default configuration.
--------------- --------192.168.10.2 VLAN0001 192.168.20.2 VLAN0010 ----------- ----------00:02:55 00:01:15 00:03:50 00:02:10 If no neighbors are learned on any of the interfaces, the following message is displayed. No neighbors are learned on any interface. show ip pim rp-hash The show ip pim rp-hash command displays the rendezvous point (RP) selected for the specified group address. Syntax show ip pim rp-hash group-address • group-address — A valid multicast address supported by RP.
show ip pim rp mapping The show ip pim rp mapping command is used in User Exec and Privileged Exec modes to display the mappings for the PIM group to the active rendezvous points. Syntax show ip pim rp mapping [rp-address |candidate|static] rp-address — An RP address. Default configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed.
No RP-Group mappings exist on this router. If no static RP Group mapping exists on the router, the following message is displayed: No Static RP-Group mappings exist on this router. show ip pim statistics Use the show ip pim statistics command to display the count of PIM sparse mode received control packets per VLAN. Syntax show ip pim statistics [vlan vlan-id] vlan-id — The VLAN for which PIM sparse mode statistics are displayed. Default configuration There is no default configuration for this command.
Field Description Assert Number of PIM Assert messages CRP Number of PIM Candidate RP Advertisement messages.
IPv6 Multicast Commands Dell EMC Networking N3000E-ON/N3100 Series Switches The Dell Network N1500/N2000/N2100-ON/N2200-ON Series switches support limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command does not clear static multicast route entries. When a * entry is deleted through this command, it cannot be formed again until it is expired in MLD and started again via the host. The default mcache time-out is 210 seconds.
no ipv6 pim Default Configuration PIM is disabled by default. Command Mode Interface Configuration (VLAN) mode User Guidelines Either PIM-SM or PIM-DM are enabled by this command depending on the globally configured mode. Refer to the ipv6 pim sparse-mode and ipv6 pim dense-mode commands for further information. Example console(config-if-vlan3)#ipv6 pim ipv6 pim bsr-border Use the ipv6 pim bsr-border command to prevent bootstrap router (BSR) messages from being sent or received through an interface.
Example console(config-if-vlan3)#ipv6 pim bsr-border ipv6 pim bsr-candidate Use the ipv6 pim bsr-candidate command to configure the router to announce its candidacy as a bootstrap router (BSR). Use the no form of this command to stop the router from announcing its candidacy as a bootstrap router. Syntax ipv6 pim bsr-candidate vlan vlan-id hash-mask-len [priority][interval] no ipv6 pim bsr-candidate vlan vlan-id • vlan-id — A valid VLAN ID value.
User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 pim bsr-candidate vlan 9 10 34 ipv6 pim dense-mode Use the ipv6 pim dense-mode command in Global configuration mode to administratively configure PIM dense mode for IPv6 multicast routing. This command also enables MLD. Use the no form of this command to disable PIM and MLD. This command does not affect ip multicast-routing.
Syntax ipv6 pim dr-priority priority no ipv6 pim dr-priority • priority — The election priority (Range: 0–2147483647). Default Configuration The default election priority is 1. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 pim dr-priority 10 ipv6 pim hello-interval Use the ipv6 pim hello-interval command to configure the PIM-SM Hello Interval for the specified interface.
User Guidelines Setting the hello interval to 0 disables sending on PIM Hellos. Example console(config-if-vlan3)#ipv6 pim hello-interval 45 ipv6 pim join-prune-interval Use the ipv6 pim join-prune-interval command to configure the interface join/prune interval for the PIM-SM router. Use the no form of this command to set the join/prune interval to the default. Syntax ipv6 pim join-prune-interval interval no ipv6 pim join-prune-interval • interval — The join/prune interval (Range: 0–18000 seconds).
Syntax ipv6 pim register-threshold threshold no ipv6 pim register-threshold • threshold — The threshold rate (Range: 0–2000 Kbps). Default Configuration The default threshold rate is 0. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 pim register-threshold 250 ipv6 pim rp-address Use the ipv6 pim rp-address command to statically configure the RP address for one or more multicast groups.
Default Configuration There are no static RP addresses configured by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 pim rp-address 2001::1 ff1e::/64 ipv6 pim rp-candidate Use the ipv6 pim rp-candidate command to configure the router to advertise itself as a PIM candidate rendezvous point (RP) to the bootstrap router (BSR).
Command Mode Global Configuration mode User Guidelines The default interval for a Candidate Rendezvous Point (C-RP) to send C-RP Advertisement messages to the Bootstrap Router (BSR) is 60 seconds. Example console(config)#ipv6 pim rp-candidate vlan 6 ff1e::/64 ipv6 pim sparse-mode Use the ipv6 pim sparse-mode command to administratively configure PIM sparse mode for multicast routing. This command also enables MLD. Use the no form of this command to disable PIM and MLD.
ipv6 pim ssm Use the ipv6 pim ssm command to define the Source Specific Multicast (SSM) range of multicast addresses. Syntax ipv6 pim ssm {default | group-address/prefixlength} • default — Defines the SSM range access list to FF3x::/32. • group-address — Group IP address supported by RP. • prefixlength — This parameter specifies the prefix length of the IP address for the media gateway. (Range: 1–128) Default Configuration The default range is FF3x::/32.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console(config)#show ipv6 pim PIM Mode....................................... Sparse Interface --------Vl1 Interface-Mode -------------Enabled Operational-Status -----------------Operational show ipv6 pim bsr-router Use the show ipv6 pim bsr-router command to display the bootstrap router (BSR) information.
Field Description BSR Address Address of the BSR BSR Priority Configured BSR priority BSR Hash Mask Length Configured hash mask length Next Bootstrap Message Remaining time until a BSR message is sent Next Candidate RP Time remaining until the next RP advertisement is sent. Advertisement Example console(config)#show ipv6 pim bsr-router candidate BSR Address.................................... 2001:0db8:0:badc::1 BSR Priority................................. 0 BSR Hash Mask Length.................
show ipv6 mroute Use the show ipv6 mroute command to display a summary or all the details of the multicast table. Syntax show ipv6 mroute [group groupip [summary] | source sourceip [summary] | static summary] • group—Show the multicast route information for the specified multicast group. • source—Show the multicast route information for the specified multicast source. • static—Show the multicast route information for the specified static multicast group. • summary—Summarize the information.
Multicast Route Table Summary Source IP Group IP Protocol IIF OIF Expiry --------------- --------------- -------- --------- --------- ------* FF43::5 PIMSM Vl11 Vl13 2001::5 FF43::5 PIMSM Vl12 Vl11 Vl13 console#show ipv6 mroute source 2001::5 ? | summary Press enter to execute the command. Output filter options. Display the IPV6 multicast routing table summary.
Source IP Group IP Protocol IIF OIF Expiry --------------- --------------- -------- --------- --------- ------* FF43::5 PIMSM Vl11 Vl13 2001::5 FF43::5 PIMSM Vl12 Vl11 Vl13 show ipv6 mroute group Use the show ipv6 mroute group command to display the multicast configuration settings such as flags, timer settings, incoming and outgoing interfaces, RPF neighboring routers, and expiration times of all the entries in the multicast mroute table containing the groupipaddr value.
* 2001::5 FF43::5 FF43::5 00:00 02:54 00:01:00 00:00:35 :: 2001::5 RPT SPT console#show ipv6 mroute group FF43::5 summary Multicast Route Table Summary Source IP Group IP Protocol IIF OIF Expiry --------------- --------------- -------- --------- --------- -----* FF43::5 PIMSM Vl11 Vl13 2001::5 FF43::5 PIMSM Vl12 Vl11 Vl13 show ipv6 mroute source Use the show ipv6 mroute source command to display the multicast configuration settings such as flags, timer settings, incoming and outgoing interfaces, RPF
| summary Press enter to execute the command. Output filter options. Display the IPV6 multicast routing table summary.
Example console#show ipv6 pim interface vlan 6 Slot/Port...................................... IP Address..................................... Hello Interval (secs).......................... Join Prune Interval (secs)..................... Neighbor Count................................. Designated Router.............................. DR Priority.................................... BSR Border.....................................
show ipv6 pim rp-hash Use the show ipv6 pim rp-hash command to display which rendezvous point (RP) is being selected for a specified group. Syntax show ipv6 pim rp-hash group-address group-address — Group IP address supported by RP. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
• static—Show static rendezvous point mappings. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show ipv6 pim rp mapping Group Address.................................. RP Address..................................... origin......................................... Group Address................................
User Guidelines This command only displays output if pim sparse-mode is enabled. The following counters are displayed in the output. Field Description Stat Rx: Packets received. Tx: Packets transmitted. Interface The PIM enabled routing interface. Hello Number of PIM Hello messages. Register Number of PIM Register messages. Reg-Stop Number of PIM Register-Stop messages. Join/Pru Number of PIM Join/Prune messages. BSR Number of PIM Boot Strap messages. Assert Number of PIM Assert messages.
===================================================================== Vl10 Rx 0 0 0 0 0 0 0 Tx 2 0 0 0 0 0 0 Invalid Packets Received - 0 --------------------------------------------------------------------- Layer 3 Routing Commands 1664
IP Service Level Agreement Commands Dell EMC Networking N2000E/N2100E-ON/N2200-ON/N3000-ON Series Switches The IP service-level agreement (SLA) feature allows users to monitor network performance between routers or from a router to a remote IP device. N2000/N2100-ON/N2200-ON/N3000E-ON Series supports the following measurement capabilities: • Remote IP reachability tracking. • Round-trip-time threshold monitoring These metrics are collected by measuring ICMP response time and connectivity.
User Guidelines Start configuring an IP SLA operation by using the ip sla command. This command specifies an identification number for the operation. Once this command is entered, the router enters IP SLA configuration mode. At a minimum, an SLA consists of an operation, a tracking object and one or more routes. Routes are associated with a tracking object which is mapped to an operation. Operations may be scheduled.
ip sla schedule Use the ip sla schedule command to start an IP SLA. Use the no form of the command to stop an IP SLA operation. Syntax ip sla schedule operation-number no ip sla schedule operation-number • operation-number—The number used to identify an IP SLA operation. The range is 1 to 128. Default Configuration By default, there are no operations configured.
After an IP SLA has been scheduled, the configuration may not be modified. To modify the configuration of the operation, first stop the operation by using the no ip schedule command and then modify the configuration. Alternatively, delete the IP SLAs operation (using the no ip sla command) and then reconfigure the operation with the new operation parameters. Command History Command introduced in version 6.6 firmware.
Default Configuration By default, there are no tracking objects configured. The default tracking type is reachability. Command Mode Global Configuration mode User Guidelines An operation return-code value is maintained by every IP SLA operation. This return code is interpreted by the associated tracking object. The return code may return OK, OverThreshold, or Timeout. Two facets of an IP SLAs operation can be tracked: reachability and state.
console(config)# track 2 ip sla 5 state In the following example, the tracking process is configured to track the reachability of IP SLAs operation 6: console(config)# track 3 ip sla 6 reachability delay Use the delay command to configure a delay for acting upon tracking object reachability state changes. Use the no form of the command to return the delay time to the default.
Example In the following example, SLA 55 is created with an ICMP echo to 172.16.1.175 and then scheduled. Tracking object 10 is created using the default reachability test and is associated with IP SLAs operation 55 and then an up delay of 5 seconds and a down delay of 3 seconds is configured: console(config)#ip sla 55 console(config-ip-sla)#icmp-echo 172.16.1.
The type of IP operation (ICMP echo) must be configured before any other operational parameter. To change the operation values (destination-ipaddress or source-interface-name) of an existing scheduled IP SLAs ICMP echo operation, stop the IP SLA operation using the no ip sla schedule operation-number or delete the IP SLA operation (using the no ip sla global configuration command) and then reconfigure the operation with the desired values.
no frequency • seconds —Number of seconds between the IP SLAs operations. The range is 1 to 3600. Default Configuration The default is 60 seconds. Command Mode IP SLA ICMP Echo Configuration mode (config-ip-sla-echo). User Guidelines The IP SLA operation will repeat at a given frequency for the lifetime of the operation. For example, the ICMP Echo operation with a frequency of 60 sends an ICMP Echo Request packet once every 60 seconds for the lifetime of the operation.
Example The following example shows how to configure an IP SLAs ICMP echo operation (operation 11) to repeat every 80 seconds. This example shows the frequency (IP SLA) command being used in an IPv4 network in ICMP echo configuration mode within IP SLA configuration mode. console(config)#ip sla 11 console(config-ip-sla)#icmp-echo 152.15.10.
The recommended guidelines for configuring the frequency, timeout and threshold commands of the IP SLAs ICMP Echo operation are: (frequency seconds) > (timeout milliseconds) > (threshold milliseconds) This command is supported in IPv4 networks and also for IPv6 networks where IPv6 addresses are supported. Command History Command introduced in version 6.6 firmware.
User Guidelines The value specified for this command must not be greater than the value specified for the timeout command. The threshold value configured by this command is used only to calculate network monitoring statistics created by an IP SLA’s operation. For the IP SLA’s ICMP Echo operation, the threshold (IP SLA) command sets the upper threshold value for the round-trip time (RTT) measurement.
Default Configuration By default, IP SLA operations occur in the Default VRF. Command Mode IP SLA ICMP Echo Configuration mode (config-ip-sla-echo). User Guidelines This command identifies the VPN for the operation being configured. The vrf (IP SLA) command is supported only for IPv4 networks. This command is not supported in IPv6 networks to configure an IP SLAs operation that supports IPv6 addresses. Command History Command introduced in version 6.6 firmware.
clear ip sla statistics Use the clear ip sla statistics command to clear IP SLA statistical information for a given IP SLA operation or for all IP SLAs. Syntax clear ip sla statistics [operation-number] • operation-number—(Optional) IP SLA number of a specific operation whose statistics need to be cleared. Default Configuration By default, IP SLA operation statistics are cleared. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines.
• operation-number—(Optional) IP SLA number of a specific operation associated with the statistics to display. Default Configuration By default, IP SLA operation configurations are shown. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all submodes User Guidelines This command has no user guidelines. Command History Command introduced in version 6.6 firmware. Example IP SLAs Internet Control Message Protocol (ICMP) echo operations support both IPv4 and IPv6 addresses.
Entry number: 3 Type of operation: echo Target address/Source address: 2001:DB8:100::1/2001:0DB8:200::FFFE Operation timeout (milliseconds): 5000 Vrf Name: Schedule: Next Scheduled Start Time: Pending Trigger Operation frequency (seconds): 60 Life: Forever Threshold (milliseconds): 5000 show ip sla statistics Use the show ip sla statistics command to see the statistics and the current operational status of a specified IP SLA operation or of all operations.
Example console# show ip sla statistics details Round Trip Time (RTT) for Index 1 Type of operation: icmp-echo Latest RTT: 1 ms Latest operation start time: 47 milliseconds Latest operation return code: OK Over thresholds occurred: FALSE Number of successes: 14 Number of failures: 0 Operation time to live: Forever Operational state of entry: Active show track Use the show track to display detailed information for all tracking objects or for a specific track-object.
User Guidelines The show track brief command shows limited information in a tabular format. The other invocations of the command display more detailed information. Command History Command introduced in version 6.6 firmware. Example The example below shows detailed information for all track objects.
Latest RTT (millisecs) 1500 The example below shows brief information for all track objects associated with IP SLA operation 1. console#show track ip sla 1 Track 10 13 Object ip sla ip sla 1 1 Parameter reachability state Value Last Change Up 01:12:36 Up 00:34:08 The example below shows brief information for all track objects.
OSPF Commands Dell EMC Networking N2000/N2100-ON/N2200-ON/N3000EON/N3100 Series Switches The Dell Network N1500/N2000/N2100-ON/N2200-ON series support limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. OSPF is a link-state protocol. Dell EMC Networking OSPF supports variablelength subnet masks. Dell EMC Networking OSPF only operates over VLAN interfaces. OSPF operates within a hierarchy.
The Dell EMC Networking routing OSPF NSSA feature supports RFC 3101, The OSPF Not-So-Stubby Area (NSSA) Option.
• Configured Statically: If an operator configures multiple static routes to the exact same destination but with different next hops, those routes are treated as a single route with two next hops. • Learned Dynamically: Routing protocols can learn ECMP routes. For example, if OSPF is configured on both links connecting Router A to Router B with interface addresses 10.1.1.2 and 10.1.2.2 respectively, and Router B advertises its connection to 20.0.0.0/ 8, then Router A computes an OSPF route to 20.0.0.
Passive Interfaces The passive interface feature is used to disable sending OSPF routing updates on an interface. An OSPF adjacency will not be formed on such an interface. On a passive interface, subnet prefixes for IP addresses configured on the interface will continue to be advertised as stub networks. Graceful Restart The Dell EMC Networking implementation of OSPFv2 supports graceful restart as specified in RFC 3623.
area nssa noredistribute compatible rfc1583 ip ospf transmitdelay show ip ospf database database-summary area nssa nosummary default-information log adjacencychanges originate (Router OSPF Configuration) show ip ospf interface area nssa translator- default-metric role max-metric router- show ip ospf interface lsa brief area nssa translator- distance ospf stab-intv maximum-paths show ip ospf interface stats area range (Router OSPF) distribute-list out network area show ip ospf lsa-group area s
area default-cost (Router OSPF) Use the area default-cost command in Router OSPF Configuration mode to configure the advertised default cost for the stub area. Use the no form of the command to return the cost to the default value. Syntax area area-id default-cost integer no area area-id default-cost • area-id — Identifies the OSPF stub area to configure. (Range: IP address or decimal from 0-4294967295) • integer — The default cost for the stub area.
Syntax area area-id nssa [no-redistribution] [default-information-originate [metric metric-value] [metric-type metric-type-value]] [no-summary] [translatorrole role] [translator-stab-intv interval] no area area-id nssa [no-redistribution] [default-information-originate] [nosummary] [translator-role] [translator-stab-intv] • area-id—Identifies the OSPF stub area to configure. (Range: IP address or decimal from 0–4294967295) • metric-value—Specifies the metric of the default route advertised to the NSSA.
Example The following example configures not-so-stubby-area 10 as an NSSA. console(config)#router ospf console(config-router)#area 10 nssa The following example configures the metric value and type for the default route advertised into the NSSA and configures the NSSA so that summary LSAs are not advertised into the NSSA.
User Guidelines This command has no user guidelines. Example The following example configures the metric value and type for the default route advertised into the NSSA. console(config-router)#area 20 nssa default-info-originate 250 noncomparable area nssa no-redistribute Use the area nssa no-redistribute command in Router OSPF Configuration mode to configure the NSSA Area Border router (ABR) so that learned external routes are not redistributed to the NSSA.
area nssa no-summary Use the area nssa no-summary command in Router OSPF Configuration mode to configure the NSSA so that summary LSAs are not advertised into the NSSA. Syntax area area-id nssa no-summary no area area-id nssa no-summary • area-id — Identifies the OSPF NSSA to configure. (Range: 0–4294967295) Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines.
• always — The router assumes the role of the translator when it becomes a border router. • candidate — The router to participate in the translator election process when it attains border router status. Default Configuration The default role is candidate. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the translator role of the NSSA.
Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the translator stability interval of the area 20 NSSA. console(config-router)#area 20 nssa translator-stab-intv 2000 area range (Router OSPF) Use the area range command in Router OSPF Configuration mode to configure a summary prefix that an area border router advertises for a specific area. There are two types of area ranges.
• advertise—[Optional] When this keyword is given, the summary prefix is advertised when the area range is active. This is the default. • not-advertise—[Optional] When this keyword is given, neither the summary prefix nor the contained prefixes are advertised when the area range is active. Then the not-advertise option is given, any static cost previously configured is removed from the system configuration.
console (config-router)#area 1 range 10.0.0.0 255.0.0.0 summarylink notadvertise !! Advertise summary. console (config-router)#no area 1 range 10.0.0.0 255.0.0.0 summarylink notadvertise The no form may be use to remove a static area range cost, so that OSPF sets the cost to the largest cost among the contained routes. For example: !! Create area range with static cost. console (config-router)#area 1 range 10.0.0.0 255.0.0.0 summarylink cost 1000 !! Remove static cost.
Example The following example defines an area range for the area 20. console(config-router)#area 20 range 192.168.6.0 255.255.255.0 summarylink advertise area stub Use the area stub command in Router OSPF Configuration mode to create a stub area for the specified area ID. A stub area is characterized by the fact that AS External LSAs are not propagated into the area. Removing AS External LSAs and Summary LSAs can significantly reduce the link state database of routers within the stub area.
area stub no-summary Use the area stub no-summary command in Router OSPF Configuration mode to prevent Summary LSAs from being advertised into the NSSA. Use the no form of the command to return the Summary LSA mode to the default value. Syntax area area-id stub no-summary no area area-id stub no-summary • area-id — Identifies the OSPF area to configure. (Range: IP address or decimal from 0–4294967295) Default Configuration Disabled is the default configuration.
retransmit-interval and transmit-delay. If the area has not been previously created, it is created by this command. If the area already exists, the virtuallink information is added or modified.
• key-id—Authentication key identifier for the authentication type encrypt. (Range: 0–255) Default Configuration Parameter Default area-id No area ID is predefined. router-id No router ID is predefined. hello-interval seconds 10 seconds retransmit-interval seconds 5 seconds transmit-delay seconds 1 second dead-interval seconds 40 seconds authentication-key key No key is predefined. message-digest-key key-id md5 key No key is predefined. Command Mode Router OSPF Configuration mode.
The following example establishes a virtual link with MD5 authentication: router ospf network 10.50.50.0 0.0.0.255 area 10 area 10.0.0.0 virtual-link 10.3.4.5 message-digest-key 100 md5 test123 area virtual-link authentication Use the area virtual-link authentication command in Router OSPF Configuration mode to configure the authentication type and key for the OSPF virtual interface identified by the area ID and neighbor ID.
User Guidelines Unauthenticated interfaces cannot be configured with an authentication key. If no parameters are specified after the authentication keyword, then plaintext password authentication is used. Example The following example configures the authentication type and key for the area 10 OSPF virtual interface and neighbor ID. console(config-router)#area 10 virtual-link 192.168.2.7 authentication console(config-router)#area 10 virtual-link 192.168.2.
User Guidelines This command has no user guidelines. Example The following example configures the dead interval for the area 10 OSPF virtual interface on the virtual interface and neighbor router. console(config-router)#area 10 virtual-link 192.168.2.
Example The following example configures a 50-second wait interval. console(config-router)#area 10 virtual-link 192.168.2.2 hello-interval 50 area virtual-link retransmit-interval Use the area virtual-link retransmit-interval command in Router OSPF Configuration mode to configure the retransmit interval for the OSPF virtual interface on the virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the retransmit interval to the default value.
area virtual-link transmit-delay Use the area virtual-link transmit-delay command in Router OSPF Configuration mode to configure the transmit delay for the OSPF virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the transmit delay to the default value. Syntax area area-id virtual-link neighbor-id transmit-delay seconds no area area-id virtual-link neighbor-id transmit-delay • area-id — Identifies the OSPF area to configure.
bandwidth is defined by the “bandwidth” command. Because the default reference bandwidth is 100 Mbps, OSPF uses the same default link cost for all interfaces whose bandwidth is 100 Mbps or greater. To change the reference bandwidth, use the auto-cost command, specifying the reference bandwidth in megabits per second. The different reference bandwidth can be independently configured for OSPFv2 and OSPFv3.
Syntax bandwidth bw • bw — Interface bandwidth in Kbps (Range: 1–10000000). Default Configuration The default reference bandwidth is 10 Mbps Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example The following example configures the interface bandwidth to 500000 Kbps. console(config-if-vlan1)#bandwidth 500000 bfd Use the bfd command to enable processing of BFD events by OSPF on all interfaces enabled for BFD.
User Guidelines BFD processing notifies OSPF of layer 3 connectivity issues with the peer. The interface must be a VLAN interface enabled for routing. BFD event notification must also be enabled in VLAN interface mode in order for processing of BFD events to occur. Command History Introduced in version 6.3.0.1 firmware. Example The following example console#configure console(config)#ip routing console(config)#interface vlan 3 console(config-if-vlan3)#ip address 192.168.0.
User Guidelines There are no user guidelines for this command. Example console(config-router)#capability opaque clear ip ospf Use the clear ip ospf command to reset specific OSPF states. If no parameters are specified, OSPF is disabled and then re-enabled. Syntax clear ip ospf [{configuration | redistribution | counters | neighbor [interface vlan vlan id [neighbor id]]}] [vrf vrf-name] • configuration — Reset the OSPF configuration to factory defaults.
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. Example The following example shows the options for the clear ip ospf command. console#clear ip ospf ? Press enter to execute the command.
compatible rfc1583 Use the compatible rfc1583 command in Router OSPF Configuration mode to enable OSPF 1583 compatibility. Use the no form of the command to disable it. Syntax compatible rfc1583 no compatible rfc1583 Syntax Description This command has no arguments or keywords. Default Configuration Compatible with RFC 1583. Command Mode Router OSPF Configuration mode.
Syntax default-information originate [always] [metric metric-value] [metric-type type-value] no default-information originate [metric] [metric-type] • always—Always advertise default routes. • metric-value—The metric (or preference) value of the default route. (Range: 1–16777214) • type-value—One of the following: 1 External type-1 route. 2 External type-2 route. Default Configuration The default configuration is no default-information originate. The default metric is none and the default type is 2.
default-metric Use the default-metric command in Router OSPF Configuration mode to set a default for the metric of distributed routes. Use the no form of the command to remove the metric from the distributed routes. If the area has not been previously created, it is created by this command. If the area already exists, the default-metric information is added or modified. Syntax default-metric metric-value no default-metric • metric-value — The metric (or preference) value of the default route.
Syntax distance ospf {[intra-area dist1] [inter-area dist2] [external dist3]} no distance ospf {intra-area | inter-area | external} • intra-area dist1—Used to select the best path within an area when there are two or more routes to the same destination from two different routing protocols (Range: 1–255). • inter-area dist2—Used to select the best path from one area to another area when there are two or more routes to the same destination from two different routing protocols (Range: 1–255).
Syntax distribute-list name out {bgp | rip | static | connected} no distribute-list name out {bgp | rip | static | connected} • name—The name used to identify an existing ACL. The range is 1–31 characters. • bgp—Apply the specified access list when BGP is the source protocol. • rip—Apply the specified access list when RIP is the source protocol. • static—Apply the specified access list when packets come through the static route.
Syntax enable no enable Default Configuration Enabled is the default configuration. Command Mode Router OSPF Configuration mode. User Guidelines The no form of the enable command removes the OSPF router configuration from the running config. It does not, however, reset the OSPF configuration. For example, following no enable with the enable command restores the OSPF configuration to the running config. OSPF must be disabled in order to assign or change the router ID.
Default Configuration 0 seconds is the default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets the exit overflow interval for OSPF at 10 seconds. console(config-router)#exit-overflow-interval 10 external-lsdb-limit Use the external-lsdb-limit command in Router OSPF Configuration mode to configure the external LSDB limit for OSPF. If the value is -1, then there is no limit.
User Guidelines The external LSDB limit MUST be set identically in all routers attached to the OSPF backbone and/or any regular OSPF area. Example The following example configures the external LSDB limit for OSPF with the number of non-default AS-external-LSAs set at 20. console(config-router)#external-lsdb-limit 20 ip ospf area The ip ospf area command enables OSPFv2 and sets the area ID of an interface. This command supersedes the effects of network area command.
ip ospf authentication Use the ip ospf authentication command in the Interface Configuration mode to set the OSPF Authentication Type and Key for the specified interface. Use the no form of the command to return the authentication type to the default value. Syntax ip ospf authentication {none | {simple key} | {encrypt key key-id}} no ip ospf authentication • encrypt — MD5 encrypted authentication key. • key — Authentication key for the specified interface.
ip ospf cost Use the ip ospf cost command in Interface Configuration mode to configure the cost on an OSPF interface. Use the no form of the command to return the cost to the default value. Syntax ip ospf cost interface-cost no ip ospf cost • interface-cost — Specifies the cost (link-state metric) of the OSPF interface. (Range: 1–65535) Default Configuration 10 is the default link-state metric configuration. Command Mode Interface Configuration (VLAN) mode.
Default Configuration By default, LSAs are flooded on all interfaces in a routed VLAN. Command Mode Interface Configuration mode User Guidelines This command is only applicable to OSPFv2 routing configurations. ip ospf dead-interval Use the ip ospf dead-interval command in Interface Configuration to set the OSPF dead interval for the specified interface. Use the no form of the command to return the interval to the default value.
console(config-if-vlan1)#ip ospf dead-interval 30 ip ospf hello-interval Use the ip ospf hello-interval command in Interface Configuration mode to set the OSPF hello interval for the specified interface. Use the no form of the command to return the interval to the default value. Syntax ip ospf hello-interval seconds no ip ospf hello-interval • seconds — Number of seconds to wait before sending Hello packets from the interface. (Range: 1–65535) Default Configuration 10 is the default number of seconds.
Database Description packet is rejected and the OSPF adjacency is not established. Use the no form of the command to enable OSPF maximum transmission unit (MTU) mismatch detection. Syntax ip ospf mtu-ignore no ip ospf mtu-ignore Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example disables OSPF MTU mismatch detection on VLAN interface 15.
Default Configuration Interfaces operate in broadcast mode by default. Command Mode Interface Configuration (VLAN) mode. User Guidelines OSPF treats interfaces as broadcast interfaces by default. Loopback interfaces have a special loopback network type, which cannot be changed. When there are only two routers on the network, OSPF can operate more efficiently by treating the network as a point-to-point network.
Command Mode Interface Configuration (VLAN) mode. User Guidelines A value of 1 is the highest router priority. A value of 0 indicates that the interface is not eligible to become the designated router on this network. Example The following example sets the OSPF priority for the VLAN 15 router at 100.
Example The following example sets the OSPF retransmit Interval for VLAN 15 at 50 seconds. console(config-if-vlan1)#ip ospf retransmit-interval 50 ip ospf transmit-delay Use the ip ospf transmit-delay command in Interface Configuration mode to set the OSPF Transit Delay for the specified interface. Use the no form of the command to return the delay to the default value.
Use the no form of the command to disable state change logging. Syntax log-adjacency-changes [detail] no log-adjacency-changes [detail] • detail—(Optional) When this keyword is specified, all adjacency state changes are logged. Otherwise, OSPF only logs transitions to FULL state and when a backwards transition occurs. Default Configuration Adjacency changes are not logged by default. Command Mode OSPFv2 Router Configuration mode User Guidelines State changes are logged with INFORMATIONAL severity.
• metric—(Optional) Metric to send in summary LSAs when in stub router mode. Range is 1 to 16,777,215. Default is 16,711,680 (0xFF0000). Default Configuration By default, OSPF is not in stub router mode. Command Mode OSPFv2 Global Configuration mode User Guidelines When OSPF is in stub router mode, as defined by RFC 3137, OSPF sets the metric in the non-stub links in its router LSA to LsInfinity. Other routers therefore compute very long paths through the stub router, and prefer any alternate path.
may issue the command no max-metric router-lsa on-startup. The command no max-metric router-lsa summary-lsa causes OSPF to send summary LSAs with metrics computed using normal procedures defined in RFC 2328. maximum-paths Use the maximum-paths command in Router OSPF Configuration mode to set the number of paths that OSPF can report for a given destination. Use the no form of the command to reset the number to the default value.
Example The following example sets the number of paths at 2 that OSPF can report for a given destination. console(config-router)#maximum-paths 2 network area The network area command enables OSPFv2 on an interface and sets its area ID if the ip-address of an interface is covered by this network command. Use the “no” form of this command to disable OSPFv2 on an interface.
OSPF only advertises IP subnets for secondary IP addresses if the secondary address is within the range of a network area command for the same area as the primary address on the same interface. When a network area command is deleted, matching interfaces are reevaluated against all remaining network area commands. Ones in the wildcard mask indicate “don't care” bits in the network address. Example console(config-router)#network 10.50.50.0 0.0.0.
executes a graceful restart, it informs its neighbors that the OSPF control plane is restarting, but that it will be back shortly. Helpful neighbors continue to advertise to the rest of the network that they have full adjacencies with the restarting router, avoiding announcement of a topology change and everything that goes with that (i.e., flooding of LSAs, SPF runs). Helpful neighbors continue to forward packets through the restarting router.
nsf helper strict-lsa-checking Use the nsf-helper strict-lsa-checking command to require that an OSPF helpful neighbor exit helper mode whenever a topology change occurs. Use the “no” form of this command to allow OSPF to continue as a helpful neighbor in spite of topology changes. Syntax nsf [ietf] helper strict-lsa-checking no nsf [ietf] helper strict-lsa-checking • ietf —This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations.
Syntax nsf [ietf] restart-interval seconds no nsf [ietf] restart-interval • ietf — This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations. Since the IETF implementation is the only one supported, this keyword is optional. • seconds — The number of seconds that the restarting router asks its neighbors to wait before exiting helper mode. The restarting router includes the restart interval in its grace LSAs (range 1–1800 seconds).
Default Configuration Global passive mode is disabled by default. Command Mode Router OSPF Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-router)#passive-interface passive-interface Use the passive-interface command to set the interface as passive. It overrides the global passive mode that is currently effective on the interface. Use the “no” form of this command to set the interface as non-passive.
redistribute (OSPF) Use the redistribute command in Router OSPF Configuration mode to configure OSPF protocol to allow redistribution of routes from the specified source protocol/routers. Use the no version of the command to disable redistribution from the selected source or to reset options to their default values.
User Guidelines When redistributing a route metric, the receiving protocol must understand the metric. The OSPF metric is a cost value equal to 108/ link bandwidth in bits/sec. For example, the OSPF cost of GigabitEthernet is 108/108 = 1. The RIP metric is a hop count with a maximum value of 15 (infinity). If no metric value is specified, the metric redistributed for a type 1 route is the sum of the external cost and the internal cost used to reach that route.
User Guidelines The router-id must be set in order for OSPF to become operationally enabled. It is recommended that the router ID be set to the IP address of a loopback interface to ensure that the router remains up internally. Example The following example defines the router ID as 5.5.5.5. console(config)#router ospf console(config-router)#router-id 5.5.5.5 router ospf Use the router ospf command in Global Configuration mode to enter Router OSPF mode and globally enable OSPF.
The no form of the command removes all OSPF configuration (including interface configuration) for the specified VRF Example The following example enters into router OSPF mode. console(config)#router ospf console(config-router)# show ip ospf Use the show ip ospf command to display information relevant to the OSPF router. This command has been modified to show additional fields. Syntax show ip ospf [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates.
Some of the information below displays only if you enable OSPF and configure certain features. The following fields may be displayed: Field Description Router ID A 32-bit integer in dotted decimal format identifying the router about which information is displayed. This is a configured value. OSPF Admin Mode Shows whether OSPF is administratively enabled or disabled.
Default Passive Setting When enabled, OSPF interfaces are passive by default. Maximum Paths Shows the maximum number of paths that OSPF can report for a given destination. Default Metric Default metric for redistributed routes. Stub Router Configuration One of Always, Startup, or None. Stub Router Startup Time Configured value in seconds. This row is only listed if OSPF is configured to be a stub router at startup.
Stub Router Time The remaining time until OSPF exits stub router mode. This Remaining row is only listed if OSPF is in startup stub router mode. External LSDB Overflow OSPF enters this state when the number of external LSAs exceeds a configured limit, as described in RFC 1765. External LSA Count Shows the number of external (LS type 5) link-state advertisements in the link-state database.
NSF Restart Interval The number of seconds a helpful neighbor allows a restarting router to complete its graceful restart. NSF Restart Status Whether the router is currently performing a graceful restart. NSF Restart Age The number of seconds until a graceful restart expires. Only non-zero when the router is in graceful restart. NSF Restart Exit Reason The reason the previous graceful restart ended. Possible values are Not attempted, In progress, Completed, Timed out, Topology change, and Manual clear.
Maximum Paths............................ Default Metric........................... Default Metric........................... Stub Router Configuration................ Summary LSA Metric Override.............. 4 Not configured Not configured None Disabled BFD Enabled.............................. NO Default Route Advertise.................. Always................................... Metric................................... Metric Type..............................
Exit Overflow Interval......................... 0 Spf Delay Time................................. 5 Spf Hold Time.................................. 10 Flood Pacing Interval.......................... 33 ms LSA Refresh Group Pacing Time.................. 60 sec Opaque Capability.............................. Enable AutoCost Ref BW................................ 100 Mbps Default Passive Setting........................ Disabled Maximum Paths.................................. 4 Default Metric...................
Syntax show ip ospf abr [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
• vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100 series switches.
Translator Role................................ Candidate Translator Stability Interval.................. 2000 Translator State............................... Disabled Example #3 The following example shows the length of the area’s flood queue for LSAs waiting to be flooded within the area. console #show ip ospf area 1 AreaID......................................... External Routing............................... Spf Runs....................................... Area Border Router Count......................
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100 series switches. Example console#show ip ospf asbr Type Router Id Cost Area ID ----INTRA INTRA ---------1.1.1.1 4.4.4.4 ---1 10 -------0.0.0.1 0.0.0.1 Next Hop Next Hop Intf ----------- ----------10.1.12.1 vlan10 10.1.24.
• summary — Display the LSA database summary information. • ls-id — Specifies the link state ID (LSID). (Range: IP address or an integer in the range of 0–4294967295) • adv-router — Display the LSAs that are restricted by the advertising router. To specify a router, enter the IP address of the router. • self-originate — Display the LSAs in that are self-originated. • opaque-area— Display the area opaque LSAs. • opaque-as— Display AS opaque LSAs. • opaque-link— Display link opaque LSAs.
Network Link States (Area 0.0.0.0) Link Id Adv Router Age Sequence Chksm Options Rtr Opt --------------- --------------- ----- -------- ------ ------- ----2.2.2.2 20.20.20.20 1165 80000005 f86d -E--O- Network Summary States (Area 0.0.0.0) Link Id Adv Router Age Sequence Chksm Options Rtr Opt --------------- --------------- ----- -------- ------ ------- ----5.2.0.0 0.0.0.0 1360 80000007 242e ------ Summary ASBR States (Area 0.0.0.
show ip ospf database database-summary Use the show ip ospf database database-summary command to display the number of each type of LSA in the database for each area and for the router. The command also displays the total number of LSAs in the database. This command has been modified. Syntax show ip ospf database database-summary [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown.
Summary ASBR Shows Number of summary ASBR LSAs in the database. Type-7 Ext Shows Total number of Type-7 external LSAs in the database. SelfOriginated Type-7 Shows Total number of self originated AS external LSAs in the OSPFv3 link state database. Opaque Link Shows Number of opaque link LSAs in the database. Opaque Area Shows Number of opaque area LSAs in the database. Subtotal Shows Number of entries for the identified area. Opaque AS Shows Number of opaque AS LSAs in the database.
Type-7 Ext..................................... Opaque Link.................................... Opaque Area.................................... Type-5 Ext..................................... Self-Originated Type-5 Ext..................... Opaque AS...................................... Total.......................................... 0 0 0 0 0 0 0 show ip ospf interface Use the show ip ospf interface command to display the information for the VLAN or loopback interface.
Subnet Mask.................................... Secondary IP Address(es)....................... OSPF Admin Mode................................ OSPF Area ID................................... OSPF Network Type.............................. Router Priority................................ Retransmit Interval............................ Hello Interval................................. Dead Interval.................................. LSA Ack Interval............................... Iftransit Delay Interval........
show ip ospf interface brief Use the show ip ospf interface brief command to display brief information for the IFO object or virtual interface tables. Syntax show ip ospf interface brief [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration.
show ip ospf interface stats Use the show ip ospf interface stats command to display the statistics for a specific interface. The information is only displayed if OSPF is enabled. Syntax show ip ospf interface stats vlan vlan-id • vlan-id — Valid VLAN ID. Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Syntax show ip ospf lsa-group [vrf vrf-name] • vrf-name—The name of the VRF instance from which to display the selforiginated LSA groups. Default Configuration There are no self-originated LSA groups by default. Command Mode Privileged Exec mode, Global Configuration mode, and all sub-modes User Guidelines The following fields are displayed: Field Description Total selforiginated LSAs The number of LSAs the router is currently originating.
Pacing group limit: 400 Number of self-originated LSAs within each LSA group... Group Start Age 0 60 120 180 240 300 360 420 480 540 600 660 720 780 840 900 960 1020 1080 1140 1200 1260 Group End Age 59 119 179 239 299 359 419 479 539 599 659 719 779 839 899 959 1019 1079 1139 1199 1259 1319 Count 96 88 102 95 95 92 48 58 103 99 119 110 106 122 110 99 135 101 94 115 110 111 show ip ospf neighbor Use the show ip ospf neighbor command to display locally derived information about OSPF neighbors.
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100 series switches. The following information is output. Field Description Interface The name of the interface on which the adjacency is formed.
Field Description Retransmission Queue Length The number of LSAs sent to the neighbor's retransmit queue waiting for the neighbor to acknowledge. Restart Helper Status One of two values: • Helping — This router is acting as a helpful neighbor to this neighbor. A helpful neighbor does not report an adjacency change during graceful restart, but continues to advertise the restarting router as a FULL adjacency.
Field Description Restart Helper Exit Reason One of the following values: • Restart Reason — When the router is in helpful neighbor mode, the output includes the restart reason the restarting router sent in its grace LSA. The Restart Reason is the value in the Graceful Restart Reason TLV in the grace LSA sent by the restarting router.
console#show ip ospf neighbor 3.3.3.3 Interface...................................... 0/25 Neighbor IP Address............................ 172.20.25.3 Interface Index................................ 25 Area Id........................................ 0.0.0.0 Options........................................ 0x2 Router Priority................................ 1 Dead timer due in (secs)....................... 10 Up Time........................................ 4 days 3 hrs 33 mins 36 secs State...................
The VRF parameter is only available on the N3000-ON/N3100 series switches. The following information is displayed. Field Description Prefix The summary prefix. Subnet Mask The subnetwork mask of the summary prefix. Type S (Summary Link) or E (External Link) Action Advertise or Suppress Cost Metric to be advertised when the range is active. If a static cost is not configured, the field displays Auto. If the action is Suppress, the field displays N/A.
Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100 series switches. This command outputs the following.
Example console# show ip ospf statistics Area 0.0.0.
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100 series switches. Example The following example displays the OSPF stub table. console(config)#show ip ospf stub table AreaId TypeofService Metric Val Import SummaryLSA ------------- ------------0.0.0.
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100 series switches. The clear ip ospf counters command does not clear the message queue high water marks. The following is output. Parameter Description OSPFv2 Packet Statistics The number of packets of each type sent and received since OSPF counters were last cleared.
LSAs Retransmitted................0 LS Update Max Receive Rate........20 pps LS Update Max Send Rate...........10 pps Number of LSAs Received T1 (Router).......................10 T2 (Network)......................0 T3 (Net Summary)..................300 T4 (ASBR Summary).................15 T5 (External).....................20 T7 (NSSA External)................0 T9 (Link Opaque)..................0 T10 (Area Opaque).................0 T11 (AS Opaque)...................0 Total.............................
Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100 series switches. OSPF must be enabled for this command to display the virtual interfaces. Example The following example displays the OSPF Virtual Interface information for area 10 and its neighbor.
Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines OSPF must be enabled for this command to display the virtual interface information. Example The following example displays the OSPF Virtual Interface information in the system. console#show ipv6 ospf virtual-link brief Hello Dead Retransmit Area ID Neighbor Interval Interval Interval ------- --------------- -------- ---------0.0.0.2 5.5.5.
User Guidelines OSPF distributes routing information in Link State Advertisements (LSAs), which are bundled into Link State Update (LS Update) packets. To reduce the likelihood of sending a neighbor more packets than it can buffer, OSPF rate limits the transmission of LS Update packets. By default, OSPF sends up to 30 updates per second on each interface (1/the pacing interval). Use this command to adjust the LS Update transmission rate.
Command History Command introduced in version 6.5 firmware. Example console(config-router6)#timers pacing lsa-group 90 timers spf Use the timers spf command to configure the SPF delay and hold time. Use the no form of the command to reset the numbers to the default value. Syntax timers spf delay-time hold-time no timers spf • delay-time — SPF delay time. (Range: 0–65535 seconds) • hold-time — SPF hold time. (Range: 0–65535 seconds) Default Configuration The default value for delay-time is 5.
OSPFv3 Commands Dell EMC Networking N3000E-ON/N3100 Series Switches The Dell Network N1500/N2000/N2100-ON/N2200-ON series support limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities.
area virtual-link dead-interval ipv6 ospf hellointerval redistribute (OSPFv3) show ipv6 ospf stub table area virtual-link hello-interval ipv6 ospf mtuignore router-id show ipv6 ospf virtuallinks area virtual-link ipv6 ospf network retransmit-interval show ipv6 ospf show ipv6 ospf virtuallink brief – show ipv6 ospf abr timers throttle spf area default-cost (Router OSPFv3) Use the area default-cost command in Router OSPFv3 Configuration mode to configure the monetary default cost for the stub ar
Example The following example configures the monetary default cost at 100 for stub area 1. console(config)#ipv6 router ospf console(config-rtr)#area 1 default-cost 100 area nssa (Router OSPFv3) Use the area nssa command in Router OSPF Configuration mode to configure the specified area ID to function as an NSSA. If the area has not been previously created, this command creates the area and then applies the NSSA distinction. If the area already exists, the NSSA distinction is added or modified.
• interval—The period of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router. (Range: 0–3600) Default Configuration If no metric is defined, 10 is the default configuration. The default role is candidate. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures not-so-stubby-area 10 as an NSSA.
Syntax area areaid nssa default-info-originate [metric [comparable | noncomparable]] no area areaid nssa default-info-originate • areaid — Valid OSPFv3 area identifier. • metric — Metric value for default route. (Range: 1-16777214) • comparable — Metric Type (nssa-external 1). • non-comparable — Metric Type (nssa-external 2). Default Configuration If no metric is defined, 10 is the default configuration. Command Mode Router OSPFv3 Configuration mode.
• areaid — Valid OSPF area identifier. Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the area 1 NSSA ABR so that learned external routes will not be redistributed to the NSSA.
User Guidelines This command has no user guidelines. Example The following example configures the area 1 NSSA so that summary LSAs are not advertised into the NSSA. console(config)#ipv6 router ospf console(config-rtr)#area 1 nssa no-summary area nssa translator-role Use the area nssa translator-role command in Router OSPFv3 Configuration mode to configure the translator role of the NSSA. Use the no form of the command to remove the configuration.
Example The following example configures the always translator role of the area 1 NSSA. console(config)#ipv6 router ospf console(config-rtr)#area 1 nssa translator-role always area nssa translator-stab-intv Use the area nssa translator-stab-intv command in Router OSPFv3 Configuration mode to configure the translator stability interval of the NSSA.
area range (Router OSPFv3) Use the area range command in Router OSPF Configuration mode to configure a summary prefix for routes learned in a given area. If the area has not been previously created, this command creates the area and then applies the range parameters. There are two types of area ranges. An area range can be configured to summarize intra-area routes. An ABR advertises the range rather than the specific intra-area route as a type 3 summary LSA.
Example The following example creates an area range for the area 1 NSSA. console(config)#ipv6 router ospf console(config-rtr)#area 1 range 2020:1::1/64 summarylink area stub Use the area stub command in Router OSPFv3 Configuration mode to create a stub area for the specified area ID. If the area has not been previously created, this command creates the area and then applies the stub distinction. A stub area is characterized by the fact that AS External LSAs are not propagated into the area.
area stub no-summary Use the area stub no-summary command in Router OSPFv3 Configuration mode disable the import of Summary LSAs for the stub area identified by area-id. Syntax area area-id stub no-summary no area area-id stub no-summary • area-id — Valid OSPFv3 area identifier. • so-summary — Disable the import of Summary LSAs for the stub area identified by area-id. Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode.
Syntax area area-id virtual-link router-id [hello-interval seconds] [retransmitinterval seconds] [transmit-delay seconds] [dead-interval seconds] no area area-id virtual-link router-id id [hello-interval] [retransmit-interval] [transmit-delay] [dead-interval] • area-id—Valid OSPFv3 area identifier (or decimal value in the range of 04294967295). • router-id—Identifies the Router ID or valid IP address of the neighbor.
Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example creates the OSPF virtual interface for area 1 and its neighbor router.
Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures a 20-second dead interval for the OSPF virtual interface on the virtual interface identified by area 1 and its neighbor.
Example The following example configures a hello interval of 20 seconds for the OSPF virtual interface on the virtual interface identified by area 1 and its neighbor.
area virtual-link transmit-delay Use the area virtual-link transmit-delay command in Router OSPFv3 Configuration mode to configure the transmit delay for the OSPF virtual interface on the virtual interface identified by areaid and neighbor. Syntax area areaid virtual-link neighbor transmit-delay seconds no area areaid virtual-link neighbor transmit-delay • areaid — Valid OSPFv3 area identifier. • neighbor — Router ID of neighbor. • seconds — Transmit delay interval.
Syntax default-information originate [always] [metric metric-value] [metric-type type-value] no default-information originate [metric] [metric-type] • always—Always advertise default routes. • metric-value— • type-value—The metric (or preference) value of the default route. (Range: 1–16777214) • One of the following: 1 External type-1 route. 2 External type-2 route. Default Configuration The default metric is none and the default type is 2. Command Mode Router OSPFv3 Configuration mode.
Syntax default-metric metric-value no default-metric • metric-value — The metric (or preference) value of the default route. (Range: 1–16777214) Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets a default of 100 for the metric of distributed routes.
Default Configuration The default preference value is 110. Command Mode Router OSPF Configuration mode. Router OSPFv3 Configuration mode. User Guidelines There are no user guidelines for this command. Example The following example sets a route preference value of 100 for intra OSPF in the router. console(config)#ipv6 router ospf console(config-rtr)#distance ospf intra 100 enable Use the enable command in Router OSPFv3 Configuration mode to enable administrative mode of OSPF in the router (active).
Example The following example enables administrative mode of OSPF in the router (active). console(config)#ipv6 router ospf console(config-rtr)#enable exit-overflow-interval Use the exit-overflow-interval command in Router OSPFv3 Configuration mode to configure the exit overflow interval for OSPF. It describes the number of seconds after entering Overflow state that a router will wait before attempting to leave the Overflow State. This allows the router to originate non-default AS-external-LSAs again.
external-lsdb-limit Use the external-lsdb-limit command in Router OSPFv3 Configuration mode to configure the external LSDB limit for OSPF. If the value is -1, then there is no limit. When the number of non-default AS-external-LSAs in a router's link-state database reaches the external LSDB limit, the router enters overflow state. The router never holds more than the external LSDB limit non-default AS-external- LSAs in it database.
Syntax ipv6 ospf no ipv6 ospf Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example enables OSPF on VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf ipv6 ospf area Use the ipv6 ospf area areaid command in Interface Configuration mode to set the OSPF area to which the specified router interface belongs.
Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines This command has no user guidelines. Example The following example defines the OSPF area to which VLAN 15 belongs. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf area 100 ipv6 ospf cost Use the ipv6 ospf cost command in Interface Configuration mode to configure the cost on an OSPF interface. Use the no form of the command to return the cost to the default value.
console(config-if-vlan15)#ipv6 ospf cost 100 ipv6 ospf dead-interval Use the ipv6 ospf dead-interval command in Interface Configuration mode to set the OSPF dead interval for the specified interface. Syntax ipv6 ospf dead-interval seconds no ipv6 ospf dead-interval • seconds — A valid positive integer, which represents the length of time in seconds that a router's Hello packets have not been seen before its neighbor routers declare that the router is down.
Syntax ipv6 ospf hello-interval seconds no ipv6 ospf hello-interval • seconds — A valid positive integer which represents the length of time of the OSPF hello interval. The value must be the same for all routers attached to a network. (Range: 1-65535 seconds) Default Configuration 10 seconds is the default value of seconds. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines This command has no user guidelines.
Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines OSPF Database Description packets specify the size of the largest IP packet that can be sent without fragmentation on the interface. When a router receives a Database Description packet, it examines the MTU advertised by the neighbor. By default, if the MTU is larger than the router can accept, the Database Description packet is rejected and the OSPF adjacency is not established.
User Guidelines Normally, the network type is determined from the physical IP network type. By default all Ethernet networks are OSPF-type broadcast. Similarly, tunnel interfaces default to point-to-point. When an Ethernet port is used as a single large bandwidth IP network between two routers, the network type can be point-to-point since there are only two routers. Using point-to-point as the network type eliminates the overhead of the OSPF designated router election.
User Guidelines This command has no user guidelines. Example The following example sets the OSPF priority at 50 for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf priority 50 ipv6 ospf retransmit-interval Use the ipv6 ospf retransmit-interval command in Interface Configuration mode to set the OSPF retransmit interval for the specified interface.
ipv6 ospf transmit-delay Use the ipv6 ospf transmit-delay command in Interface Configuration mode to set the OSPF Transmit Delay for the specified interface. Syntax ipv6 ospf transmit-delay seconds no ipv6 ospf transmit-delay • seconds — OSPF transmit delay for the specified interface. In addition, it sets the estimated number of seconds it takes to transmit a link state update packet over this interface. (Range: 1 to 3600 seconds) Default Configuration No default value.
no ipv6 router ospf Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example Use the following command to enable OSPFv3. console(config)#ipv6 router ospf maximum-paths Use the maximum-paths command in Router OSPFv3 Configuration mode to set the number of paths that OSPF can report for a given destination.
Example The following example sets the number of paths that OSPF can report for a destination to 1. console(config)#ipv6 router ospf console(config-rtr)#maximum-paths 1 nsf Use this command to enable OSPF graceful restart. Use the no form of this command to disable graceful restart. Syntax nsf [ietf] [planned-only] no nsf [ietf] • ietf — This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations.
everything that goes with that (i.e., flooding of LSAs, SPF runs). Helpful neighbors continue to forward packets through the restarting router. The restarting router relearns the network topology from its helpful neighbors. This implementation of graceful restart restarting router behavior is only useful with a router stack. Graceful restart does not work on a standalone, single-unit router. nsf helper Use the nsf-helper to allow OSPF to act as a helpful neighbor for a restarting router.
nsf helper strict-lsa-checking Use the nsf-helper strict-lsa-checking command to require that an OSPF helpful neighbor exit helper mode whenever a topology change occurs. Use the “no” form of this command to allow OSPF to continue as a helpful neighbor in spite of topology changes. Syntax nsf [ietf] helper strict-lsa-checking no nsf [ietf] helper strict-lsa-checking • ietf —This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations.
Syntax nsf [ietf] restart-interval seconds no nsf [ietf] restart-interval • ietf — This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations. Since the IETF implementation is the only one supported, this keyword is optional. • seconds — The number of seconds that the restarting router asks its neighbors to wait before exiting helper mode. The restarting router includes the restart interval in its grace LSAs (range 1–1800 seconds).
Default Configuration Passive interface mode is disabled by default. Command Mode Router OSPFv3 Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-router)#passive-interface vlan 1 passive-interface default The passive-interface default command enables the global passive mode by default for all interfaces. It overrides any interface level passive mode. Use the “no” form of this command to disable the global passive mode by default for all interfaces.
redistribute (OSPFv3) Use the redistribute command in Router OSPFv3 Configuration mode to configure the OSPFv3 protocol to allow redistribution of routes from the specified sources. Syntax redistribute protocol [metric metric-value] [tag tag-value] [route-map routetag] no redistribute protocol • protocol —One of the following: – static—Specifies that static routes are to be redistributed. – connected—Specifies that connected routes are to be redistributed.
Example The following example configures the OSPFv3 protocol to allow redistribution of routes to connected devices. console(config)#ipv6 router ospf console(config-rtr)#redistribute connected router-id Use the router-id command in Router OSPFv3 Configuration mode to set a 4-digit dotted-decimal number uniquely identifying the Router OSPF ID. Syntax router-id router-id • router-id — Router OSPF identifier. (Range: 0-4294967295) Default Configuration This command has no default configuration.
Syntax show ipv6 ospf [area-id] area-id — Identifier for the OSPF area being displayed. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Some of the information below displays only if you enable OSPF and configure certain features.
Default Route Advertise When enabled, OSPF originates a type 5 LSA advertising a default route. Always When this option is configured, OSPF only originates a default route when the router has learned a default route from another source. Metric Shows the metric for the advertised default routes. If the metric is not configured, this field is not configured. Metric Type Shows whether the metric for the default route is advertised as External Type 1 or External Type 2.
LSAs Received Shows the number of link-state advertisements received determined to be new instantiations. LSA Count The number of LSAs in the link state database. Maximum Number The limit on the number of LSAs that the router can store in its of LSAs link state database. LSA High Water Mark The maximum number of LSAs that have been in the link state database since OSPF began operation. Retransmit List Entries The current number of entries on all neighbors’ retransmit lists.
Source Shows source protocol/routes that are being redistributed. Possible values are static, connected, or BGP. Tag Shows the decimal value attached to each external route. Subnets When this option is not configured, OSPF will only redistribute classful prefixes. Distribute-List Shows the access list used to filter redistributed routes. Example The following example enables OSPF traps. console#show ipv6 ospf Router ID...................................... OSPF Admin Mode............................
Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show ipv6 ospf abr Type Router Id Cost Area ID ---INTRA INTRA Next Hop Next Hop Intf -------- ---- -------- ----------------------- ----3.3.3.3 10 0.0.0.1 FE80::211:88FF:FE2A:3CB3 vlan11 4.4.4.4 10 0.0.0.1 FE80::210:18FF:FE82:8E1 vlan12 show ipv6 ospf area Use the show ipv6 ospf area command to display information about the area.
AreaID........................................ External Routing.............................. Spf Runs...................................... Area Border Router Count...................... Area LSA Count................................ Area LSA Checksum............................. Stub Mode..................................... Import Summary LSAs........................... 0.0.0.
Syntax show ipv6 ospf border-routers Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes show ipv6 ospf database Use the show ipv6 ospf database command to display information about the link state database when OSPFv3 is enabled.
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If no parameters are entered, the command displays the LSA headers. Optional parameters specify the type of link state advertisements to display. The information below is only displayed if OSPF is enabled. Example The following example displays information about the link state database when OSPFv3 is enabled.
Adv Router Link Id Age Sequence Csum Options Rtr Opt -------------- --------------- ----- -------- ---- ------- ------1.1.1.1 0 1 8000003C 9F31 2.2.2.2 0 2 8000004D 9126 Router Link States (Area 0.0.0.1) Adv Router Link Id Age Sequence Csum Options Rtr Opt -------------- --------------- ----- -------- ---- ------- ------1.1.1.1 0 1 8000002E 35AD V6E--R- --V-B 2.2.2.2 0 0 8000004A D2F3 V6E--R- ----B Network Link States (Area 0.0.0.
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the number of each type of LSA in the database and the total number of LSAs in the database. console#show ipv6 ospf database database-summary OSPF Router with ID (0.0.0.2) Router database summary Router......................................... 0 Network........................................ 0 Inter-area Prefix..
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the information in VLAN 11’s virtual interface tables. console#show ipv6 ospf interface vlan 11 IP Address..................................... ifIndex........................................ OSPF Admin Mode................................ OSPF Area ID................................... Router Priority............
User Guidelines This command has no user guidelines. Example The following example displays brief ospf interface information. console#show ipv6 ospf interface brief Admin Interface Mode Area ID --------- -------- -------- Hello Dead Retrax LSA Router Int. Int. Int. Retrax Ack Prior. Cost Val. Val. Val. Delay Intval ------ ----- ----- ----- ------ ------ ----- show ipv6 ospf interface stats Use the show ipv6 ospf interface stats command to display the statistics for a specific interface.
Area Border Router Count....................... 1 AS Border Router Count......................... 0 Area LSA Count................................. 6 IPv6 Address................................... FE80::202:BCFF:FE00:3146/1283FFE::2/64 OSPF Interface Events.......................... 53 Virtual Events................................. 13 Neighbor Events................................ 6 External LSA Count............................. 0 LSAs Received.................................. 660 Originate New LSAs...
User Guidelines This command has no user guidelines. Example The following example displays OSPF interface VLAN information. console#show ipv6 ospf interface vlan 10 IPv6 Address............................. ifIndex.................................. OSPF Admin Mode.......................... OSPF Area ID............................. Router Priority.......................... Retransmit Interval...................... Hello Interval........................... Dead Interval............................
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following examples display information about OSPF neighbors, in the first case in a summary table, and in the second in a table specific to tunnel 1.
• areaid — Identifies the OSPF area whose ranges are being displayed. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays information about the area ranges for area 1.
Example The following example displays the OSPF stub table. console#show ipv6 ospf stub table AreaId TypeofService Metric Val ------------ ---------------------0.0.0.10 Normal 1 Import SummaryLSA ----------------Enable show ipv6 ospf virtual-links Use the show ipv6 ospf virtual-links command to display the OSPF Virtual Interface information for a specific area and neighbor or for all areas in the system.
Iftransit Delay Interval....................... Retransmit Interval............................ State.......................................... Metric......................................... Neighbor State................................. 1 5 point-to-point 10 Full show ipv6 ospf virtual-link brief Use the show ipv6 ospf virtual-link brief command to display the OSPFV3 Virtual Interface information for all areas in the system.
Syntax timers throttle spf spf-start spf-hold spf-maximum no timers throttle spf • spf-start—Configures the delay used when no SPF calculation has been scheduled during the current wait interval. (Range: 1–60000 milliseconds) • spf-hold—Configures the initial wait interval. (Range: 1–60000 milliseconds) • spf-maximum—Configures the maximum wait interval. (Range: 1–60000 milliseconds) Default Configuration The default value for spf-start is 2000 milliseconds.
Example console(config-router6)#timers throttle spf 3000 6000 18000 Layer 3 Routing Commands 1831
IPv6 Policy-Based Routing Commands Dell EMC Networking N3000E/N3100E-ON Series Switches Use IPv6 Policy-Based Routing commands to configure and view policy-based routing for IPv6. ipv6 policy route-map Use this command to identify a route map to use for policy-based IPv6 routing on an interface. Syntax ipv6 policy route-map route-map-name no ipv6 policy route-map route-map-name • route-map-name—The name of the route map to use for policy-based routing.
the entire sequence of route-maps needs to be removed from the interface and added back again in order to have the changed route-map configuration be effective. If the administrator removes match or set terms in a route-map intermittently, the counters corresponding to the removed match term are reset to zero. A route-map statement must contain eligible match/set conditions for policy based routing in order to be applied to hardware.
match ipv6 address Use this command to specify IPv6 address match criteria for a route map. Use the no form of this command to delete a match statement from a route map. Syntax match ip address access-list-name [access-list-name] no match ip address access-list-name [access-list-name] • access-list-name—The access-list name that identifies the named IPv6 ACL. The name can be up to 31 characters in length. Default Configuration This command has no default configuration.
• Route maps do not have a implicit deny all at the end of the list. Instead, non-matching packets for a permit route map use the routing table. Command History Command introduced in version 6.6 firmware. Example The following sequence shows how to create a route-mao with a match clause using an IPv6 ACL and applies the route map to an interface. This example presumes VLAN 10 is already created and ipv6 routing is globally enabled.
• vlan-id—The VLAN over which the IPv6 link-local address may be reached. • link-local-address—The IPv6 link-local address of the adjacent router. Default Configuration This command has no default configuration. Command Mode Route Map mode. User Guidelines The set ipv6 next-hop command affects all incoming packet types and is always used if configured and the next hop is resolved. A check is made periodically to see if the next-hop is resolved.
• ipv6-address—The IPv6 address of the next hop to which packets are routed. It must be the address of an adjacent router (for example, the next hop must be in a subnet configured on the local router). A maximum of 16 next-hop IPv6 addresses can be specified. • vlan-id—The VLAN over which the IPv6 link-local address may be reached. • link-local-address—The IPv6 link-local address of the adjacent router. Default Configuration This command has no default configuration. Command Mode Route Map mode.
no set ipv6 precedence 0-7 Parameter Description 0 Sets the routine precedence. 1 Sets the priority precedence. 2 Sets the immediate precedence. 3 Sets the Flash precedence. 4 Sets the Flash override precedence. 5 Sets the critical precedence. 6 Sets the internetwork control precedence. 7 Sets the network control precedence. Default Configuration This command has no default configuration. Command Mode Route Map mode.
Syntax show ipv6 policy Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes. User Guidelines This command has no user guidelines. Command History Command introduced in version 6.6 firmware.
Router Discovery Protocol Commands Dell EMC Networking N3000E-ON/N3100 Series Switches Routers can be configured to periodically send router discovery messages to announce their presence to locally attached hosts. The router discovery message advertises one or more IP addresses on the router that hosts can use as their default gateway.
• multicast—Configure the address that the interface uses to send the router discovery advertisements to be 224.0.0.1, the all-hosts IP multicast address. Use the no form of the command to use 255.255.255.255, the limited broadcast address. • holdtime seconds—Integer value in seconds of the holdtime field of the router advertisement sent from this interface. (Range: 4-9000 seconds) • maxadvertinterval seconds—Maximum time in seconds allowed between sending router advertisements from the interface.
Example The following example enables router discovery on the selected interface. console(config)#interface vlan 15 console(config-if-vlan15)#ip irdp ip irdp holdtime Use the ip irdp holdtime command in Interface Configuration mode to configure the value, in seconds, of the holdtime field of the router advertisement sent from this interface. Use the no form of the command to set the time to the default value.
ip irdp maxadvertinterval Use the ip irdp maxadvertinterval command in Interface Configuration mode to configure the maximum time, in seconds, allowed between sending router advertisements from the interface. Use the no form of the command to set the time to the default value. Syntax ip irdp maxadvertinterval integer no ip irdp maxadvertinterval • integer — Maximum time in seconds allowed between sending router advertisements from the interface.
console(config-if-vlan15)#ip irdp maxadvertinterval 600 ip irdp minadvertinterval Use the ip irdp minadvertinterval command in Interface Configuration mode to configure the minimum time, in seconds, allowed between sending router advertisements from the interface. Use the no form of the command to set the time to the default value. Syntax ip irdp minadvertinterval integer no ip irdp minadvertinterval • integer — Minimum time in seconds allowed between sending router advertisements from the interface.
ip irdp multicast To send router advertisements as IP multicast packets, use the ip irdp multicast command in Interface Configuration mode. To send router advertisements to the limited broadcast address (255.255.255.255), use the no form of this command. Syntax ip irdp multicast no ip irdp multicast Default Configuration Router discovery packets are sent to the all hosts IP multicast address (224.0.0.1) by default.
Syntax ip irdp preference integer no ip irdp preference • integer — Preference of the address as a default router address, relative to other router addresses on the same subnet. (Range: -2147483648 to 2147483647) Default Configuration 0 is the default value. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example sets the ip irdp preference to 1000 for VLAN 15.
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows router discovery information for VLAN 15. console#show ip irdp vlan 15 Interface Ad Mode Advertise Address Max Int Min Int Hold Time Preference --------- ------- ----------------- ------- ------- -------- ---------vlan15 Enable 224.0.0.
Routing Information Protocol Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000EON/N3100-ON Series Switches The Routing Information Protocol (RIP) has been a long-standing protocol used by routers for exchanging route information. RIP is a distance vector protocol whereby each route is characterized by the number of gateways, or hops, a packet must traverse to reach its intended destination. Categorized as an interior gateway protocol, RIP operates within the scope of an autonomous system.
Syntax auto-summary no auto-summary Default Configuration Disabled is the default configuration. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example console(config-router)#auto-summary default-information originate (Router RIP Configuration) Use the default-information originate command in Router RIP Configuration mode to control the advertisement of default routes.
User Guidelines Only routers that actually have Internet connectivity should advertise a default route. All other routers in the network should learn the default route from routers that have connections out to the Internet. Example console(config-router)#default-information originate default-metric Use the default-metric command in Router RIP Configuration mode to set a default for the metric of distributed routes. Use the no form of the command to return the metric to the default value.
distance rip Use the distance rip command in Router RIP Configuration mode to set the route preference value of RIP in the router. Lower route preference values are preferred when determining the best route. Use the no form of the command to return the preference to the default value. Syntax distance rip integer no distance rip • integer — RIP route preference. (Range: 1-255) Default Configuration 15 is the default configuration. Command Mode Router RIP Configuration mode.
no distribute-list accesslistname out {bgp | ospf | static | connected} • accesslistname — The name used to identify the existing ACL. The range is 1-31 characters. • bgp — Apply the specified access list when BGP is the source protocol. • ospf — Apply the specified access list when OSPF is the source protocol. • static — Apply the specified access list when packets come through a static route. • connected — Apply the specified access list when packets come from a directly connected route.
no enable Default Configuration Enabled is the default configuration. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example console(config-router)#enable hostroutesaccept Use the hostroutesaccept command in Router RIP Configuration mode to enable the RIP hostroutesaccept mode. Use the no form of the command to disable the RIP hostroutesaccept mode. Syntax hostroutesaccept no hostroutesaccept Default Configuration Enabled is the default configuration.
ip rip Use the ip rip command in Interface Configuration mode to enable RIP on a router interface. Use the no form of the command to disable RIP on the interface. Syntax ip rip no ip rip Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines.
• encrypt — Use MD5 encryption for the RIP interface. • key-id — Authentication key identifier for authentication type encrypt. (Range: 0-255) Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example sets the RIP Version 2 Authentication Type and Key for VLAN 11.
Default Configuration Both is the default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example allows no RIP control packets to be received by VLAN 11. console(config-if-vlan11)#ip rip receive version none ip rip send version Use the ip rip sent version command in Interface Configuration mode to configure the interface to allow RIP control packets of the specified version to be sent.
Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example allows no RIP control packets to be sent by VLAN 11. console(config-if-vlan11)#ip rip send version none redistribute (RIP) The redistribute command configures RIP protocol to redistribute routes from the specified sources. If the source protocol is OSPF, there are five possible match options.
• bgp — Redistributes BGP originated routes. • connected — Redistributes directly-connected routes. Default Configuration metric integer — not configured match — internal Command Mode Router RIP Configuration mode. User Guidelines When redistributing a route metric, the receiving protocol must understand the metric. The OSPF metric is a cost value equal to 108/ link bandwidth in bits/sec. For example, the OSPF cost of GigabitEthernet is 1 = 108/108 = 1.
Command Mode Global Configuration mode. User Guidelines Use the enable and no enable commands in router RIP mode to enable and disable RIP globally. Example The following example enters Router RIP mode. console(config)#router rip console(config-router)# show ip rip Use the show ip rip command to display information relevant to the RIP router. Syntax show ip rip Default Configuration The command has no default configuration.
Host Routes Accept Mode........................ Global route changes........................... Global queries................................. Default Metric................................. Default Route Advertise........................ Redistributing................................. Source......................................... Metric......................................... Distribute List................................ Redistributing................................. Source..........................
Send version................................... Receive version................................ RIP Admin Mode................................. Link State..................................... Authentication Type............................ Authentication Key............................. Authentication Key ID.......................... Bad Packets Received........................... Bad Routes Received............................ Updates Sent...................................
split-horizon Use the split-horizon command in Router RIP Configuration mode to set the RIP split horizon mode. Use the no form of the command to return the mode to the default value. Syntax split-horizon {none | simple | poison} no split-horizon • none — RIP does not use split horizon to avoid routing loops. • simple — RIP uses split horizon to avoid routing loops. • poison — RIP uses split horizon with poison reverse (increases routing packet update size).
Tunnel Interface Commands Dell EMC Networking N3000E-ON/N3100 Series Switches Dell EMC Networking provides for the creation, deletion, and management of tunnel interfaces. They are dynamic interfaces that are created and deleted by user configuration. Tunnel interfaces are used for the following purposes. • IPv4 tunnels • IPv6 tunnels Each router interface (port or VLAN interface) may have associated tunnel interfaces. Each interface can have multiple tunnel interfaces.
Syntax interface tunnel tunnel-id no interface tunnel tunnel-id • tunnel-id — Tunnel identifier. (Range: 0–7) Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example The following example enables the interface configuration mode for tunnel 1.
User Guidelines This command has no user guidelines. Examples The following examples show the parameters related to an individual tunnel and to all tunnel interfaces. console#show interfaces tunnel 1 Interface Link Status.......................... down MTU size....................................... 1480 bytes console#show interfaces tunnel TunnelId Interface TunnelMode ------------------------1 tunnel 1 IPv6OVER4 2 tunnel 2 IPv6OVER4 SourceAddress ------------10.254.25.
console(config)#interface tunnel 1 console(config-if-tunnel1)#tunnel destination 10.1.1.1 tunnel mode ipv6ip Use the tunnel mode ipv6ip command in Interface Configuration mode to specify the mode of the tunnel. Syntax tunnel mode ipv6ip [6to4] no tunnel mode • 6to4 — Sets the tunnel mode to automatic. Default Configuration This command has no default configuration. Command Mode Interface Configuration (Tunnel) mode. User Guidelines This command has no user guidelines.
no tunnel source • ip-address—Valid IPv4 address. • interface-type—Valid interface type. VLAN is the only type supported. • interface-number—Valid interface number. Default Configuration This command has no default configuration. Command Mode Interface Configuration (Tunnel) mode. User Guidelines This command has no user guidelines. Example The following example specifies VLAN 11 as the source transport address of the tunnel.
Unicast Reverse Path Forwarding Commands Dell EMC Networking N3000E-ON/N3100 Series Switches Unicast Reverse Path Forwarding (uRPF) is a powerful security tool that helps limit the problems that are caused by malformed or spoofed IP source addresses by discarding IP packets that lack a verifiable IP source address. For example, DoS attacks like Smurf and Tribe Flood Network (TFN) forge or rapidly change source IP addresses to cause a flood of useless packets that choke the network.
Command Mode Global Configuration mode User Guidelines This command enables the uRPF feature in hardware. When the uRPF check is enabled, the route table is checked for source and destination IP match in parallel. For this reason, the route table capacity is reduced once this feature is enabled. A message to this effect is displayed to the user. This command enables the mode for both v4 and v6.
Unicast RPF strict mode may be used on interfaces for which all packets received on an interface are guaranteed to originate from the subnet assigned to the interface. For example, a subnet composed only of end stations fulfills this requirement. Likewise, an access layer network or a branch office where there is only one path into and out of the network meets the requirement. In general, uRPF should be deployed on the downstream interfaces, preferably at the edge of the network.
When allow-default is set in loose mode (any), if the source IP address is not found but a default route is present in the table, the uRPF check will pass. When allow-default is set in strict mode (rx), it will prevent the incoming packet's source IP address to have a route out of a different interface than received. The strict mode option with the default route is used typically on the upstream interface. Default Configuration By default uRPF checking is disabled on interfaces.
console(config-Gi10/7)#no ip verify unicast source reachable-via Layer 3 Routing Commands 1872
Virtual Router Commands Dell EMC Networking N3000E-ON/N3100 Series Switches Dell EMC Networking VRF is an implementation of Virtual Routing and Forwarding (VRF). Virtual Routing and Forwarding allows multiple independent instances for the forwarding plane to exist simultaneously. This allows the administrator to segment the network without incurring the costs of multiple routers. Each VRF operates as an independent VPN. The IP addresses assigned to each VPN may overlap.
console#configure terminal console(config)#vlan 100-109 console(config-vlan100-109)#exit 3 Assign the VLAN to an interface. console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#switchport access vlan 100 console(config-if-Gi1/0/1)#exit 4 Create the VRF and enable routing. console(config)#ip vrf red console(config-vrf-red)#ip routing console(config-vrf-red)#exit 5 Assign IP addresses to the interfaces. console(config)#interface vlan 100 console(config-if-vlan100)#ip address 192.168.0.
ip dhcp relay maxhopcount ip dhcp snooping limit ip dhcp relay minwaittime ip dhcp snooping log-invalid – ip dhcp snooping trust – ip dhcp snooping verify mac-address ip dhcp relay information check ip helper-address (global configuration) ip dhcp relay information check-reply ip helper-address (interface configuration) ip dhcp relay information option ip icmp echo-reply ip dhcp relay information option-insert ip icmp error-interval ip dhcp snooping ip redirects ip dhcp snooping binding i
Example The following example shows the assignment of descriptive text to a VRF. console(config)#ip vrf Red console(config-vrf-Red)#description “Backbone to Gateway” console(config-vrf-Red)#exit ip vrf This command creates a virtual router with a specified name and enters Virtual Router Configuration mode. If the virtual router instance already exists, it simply enter virtual router configuration mode.
The ARP table, among others, is a shared resource and is not allocated or partitioned on a VRF basis. Global commands such as arp cachesize still limit the physical router’s shared resources. Example The following example creates two virtual router instances. The routing in the virtual router instance is enabled only when the ip routing command is issued at the virtual router level.
L3 configuration on an interface, including the IP address, is retained when the interface migrated to a new VRF instance. A interface may be migrated from the global routing instance to a VRF or from any non-global VRF instances as well. Example The following example shows the configuration of two VRFs (Red and Blue) for IPv4 routing. Both VRFs will operate over two trunk ports (te1/0/1-2) on their respective VLANs (100 and 200).
Default Configuration A VRF is limited by the number of unreserved routes available. Command Mode Virtual Router Configuration mode User Guidelines Use the no maximum routes command to reset the limit to the default (unlimited). Use the no maximum routes warn command to reset the threshold limit to the default. A VRF instance cannot exceed the configured number of routes, nor may other VRFs utilize the resources allocated to a VRF if a limit is specified for the VRF.
• vrf-name—The name of the VRF for which information is displayed. If no vrf is specified, all VRFs are shown. The VRF name must match the configured VRF name exactly, including capitalization. • detail—Displays detailed information regarding the VRF. Default Configuration This command has no default configuration. Command Mode Exec mode, Privileged Exec mode, and all show modes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
Export VPN route-target communities None Import VPN route-target communities None console(Config)#show ip vrf Red VRF Identifier.......... 2 Description............. “India office bangalore” Route Distinguisher..... 2:200 Maximum Routes.......... 512 Warning-only............
Virtual Router Redundancy Protocol Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON Series Switches An end station running IP needs to know the address of its first hop router. While some network administrators choose to install dynamic router discovery protocols such as DHCP, others prefer to statically allocate router addresses. If the router identified by such a statically allocated address goes down, the end station loses connectivity.
RFC defines a new configuration option that allows the router to accept any packet sent to a VRRP address, regardless of whether the VRRP Master is the address owner. The Pingable VRRP Interface feature, when enabled, allows the VRRP master to respond to both fragmented and unfragmented ICMP echo requests packets destined to a VRRP address (or addresses). A virtual router in backup state discards these.
Interface Tracking For interface tracking, VRRP is a routing event client. When a routing interface goes up or down (or routing is disabled globally, implying all routing interfaces are down), VRRP checks if the interface is tracked. If so, it adjusts the priority. Interface tracking is useful for tracking interfaces that are not configured for VRRP. Only IP interfaces are tracked. Route Tracking The network operator may perform this task to track the reachability of an IP route.
Virtual Router Redundancy Protocol Commands ip vrrp Use the ip vrrp command in Global Configuration mode to enable the administrative mode of VRRP for the router. Use the no form of the command to disable the administrative mode of VRRP for the router. Syntax ip vrrp no ip vrrp Default Configuration VRRP is disabled by default. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example The following example enables VRRP protocol on the router.
• vrid — Virtual router identification. (Range: 1-255) Default Configuration The default configuration is disabled. Command Mode Interface Configuration (VLAN) mode. User Guidelines The VRRP IP address is not pingable from within the switch. vrrp authentication Use the vrrp authentication command in Interface Configuration mode to set the authentication details value for the virtual router configured on a specified interface.
Example The following example sets the authorization details value for VRRP router group 5 on VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#vrrp 2 authentication simple test123 vrrp description Use the vrrp description command in Interface Configuration mode to assign a description to the Virtual Router Redundancy Protocol (VRRP) group. To remove the description, use the no form of the command.
vrrp ip Use the vrrp ip command in Interface Configuration mode to enable VRRP and set the virtual router IP address value for an interface. Use the no form of the command remove the secondary IP address. It is not possible to remove the primary IP address once assigned. Remove the VRRP group instead. Syntax vrrp group ip ip-address [secondary] no vrrp group ip ip-address vlan secondary • group—The virtual router identifier. (Range: 1-255) • ip-address—The IP address of the virtual router.
Example The following example configures VRRP on VLAN 15. console#configure console(config)#vlan 15 console(config-vlan)#interface vlan 15 console(config-if-vlan15)#ip address 192.168.5.1 255.255.255.0 console(config-if-vlan15)#vrrp 20 console(config-if-vlan15)#vrrp 20 ip 192.168.5.1 console(config-if-vlan15)#vrrp 20 mode console(config)#ip routing console(config)#ip vrrp vrrp mode Use the vrrp mode command in Interface Configuration mode to enable the virtual router configured on an interface.
vrrp preempt Use the vrrp preempt command in Interface Configuration mode to set the preemption mode value for the virtual router configured on a specified interface. Use the no form of the command to disable preemption mode. Syntax vrrp group preempt [delay seconds] no vrrp group preempt • group—The virtual router identifier. (Range: 1-255) • seconds—The number of seconds the VRRP router will wait before issuing an advertisement claiming master ownership.
vrrp priority Use the vrrp priority command in Interface Configuration mode to set the priority value for the virtual router configured on a specified interface. Use the no form of the command to return the priority to the default value. Syntax vrrp group priority level no vrrp group priority level • group — The virtual router identifier. (Range: 1-255) • level — Priority value for the interface. (Range: 1-254) Default Configuration Priority has a default value of 100.
Syntax vrrp group timers advertise interval no vrrp group timers advertise interval • group — The virtual router identifier. (Range: 1-255) • interval — The frequency at which an interface on the specified virtual router sends a virtual router advertisement. (Range: 1-255 seconds) Default Configuration Interval has a default value of 1. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines.
Default Configuration Timer learning is disabled by default and the router uses the configured advertisement. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following configures VLAN 15 virtual router to learn the advertisement interval used by the master virtual router.
Use the no form of this command to remove the interface from the tracked list or to restore the priority decrement to its default. When removing an interface from the tracked list, the priority is incremented by the decrement value if that interface is down. Syntax vrrp group track interface vlan vlan-id [decrement priority] no vrrp group track interface vlan vlan-id • group—The virtual router identifier. (Range: 1-255) • vlan vlan-id—Valid VLAN ID.
route. By default no routes are tracked. If we specify just the route to be tracked without specifying the optional parameter, then the default priority will be set. Use the no form of this command to remove the route from the tracked list or to restore the priority decrement to its default. When removing a tracked IP route from the tracked list, priority should be incremented by the decrement value if the route is not reachable.
Syntax show vrrp [brief | group] • group—The virtual router group identifier. Range 1-255. • brief—Provide a summary view of the VRRP group information. Default Configuration Show information on all VRRP groups. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays detailed VRRP status. console# show vrrp Admin Mode.....................................
Track Route Reachable ......................... False Track Route DecrementPriority ................. 20 Vlan 7 – Group 2 Primary IP Address............................. VMAC Address................................... Authentication Type............................ Priority....................................... Configured Priority............................ Advertisement Interval (secs).................. Accept Mode ................................... Pre-empt Mode..................................
Default Configuration Show information for each group in the specified interface. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays all configuration information about the VLAN 15 virtual router. console#show vrrp interface vlan 15 Vlan 7 – Group 1 Primary IP Address........................... 192.168.5.55 VMAC Address................................ 0000.5E00.
State Transitioned to Master................... Advertisement Received......................... Advertisement Interval Errors.................. Authentication Failure......................... IP TTL Errors.................................. Zero Priority Packets Received................. Zero Priority Packets Sent..................... Invalid Type Packets Received.................. Address List Errors............................ Invalid Authentication Type.................... Authentication Type Mismatch....
Virtual Router Redundancy Protocol v3 Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON Series Switches VRRPv3 provides address redundancy for both IPv4 and IPv6 router addresses. VRRPv3 support is similar to VRRP support. Table 6-3 provides a summary of the differences. Table 6-3. VRRPv2 and VRRPv3 Differences VRRPv2 VRRPv3 Supports redundancy to IPv4 addresses. Supports redundancy to IPv4 and IPv6 addresses. Supports authentication. Does not support authentication.
fhrp version vrrp v3 Use the fhrp version vrrp v3 command to enable Virtual Router Redundancy Protocol version 3 (VRRPv3) configuration on the switch. To disable the VRRPv3 and possibly enable VRRPv2, use the no form of this command. Syntax fhrp version vrrp v3 no fhrp version vrrp v3 Default Configuration VRRPv3 is not enabled by default.
Syntax vrrp group-id address-family {ipv4 | ipv6} no vrrp group-id address-family {ipv4 | ipv6} • group-id—Virtual router group number. The range is from 1 to 255. • address-family—Specifies the address-family for this VRRP group. • ipv4—(Optional) Specifies IPv4 address. • ipv6—(Optional) Specifies IPv6 address. Default Configuration This command has no default configuration.
• ipv6—(Optional) Indicates the Virtual router group belongs to the IPv6 address family. • vlan vlan-id—(Optional) Indicates the VLAN number to which the Virtual router belongs. • vr-id—(Optional) VRRPv3 Virtual router group number. The range is from 1 to 255. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
V3 Down 222 Track Route(pfx/len) --------------------14.14.14.0/24 Reachable --------True Decrement-Priority -----------------14 accept-mode Use this command to control whether a virtual router in master state will accept packets addressed to the address owner’s Virtual IP address as its own if it is not the Virtual IP address owner. By default this mode is disabled. To disable this function, use the no form of this command.
preempt Use this command to configure the virtual router to preemptively take over as master virtual router for a Virtual Router Redundancy Protocol version 3 (VRRPv3) group if it has higher priority than the current master virtual router. To disable preemption, use the no form of the command. Syntax preempt [delay minimum centiseconds] no preempt • delay minimum centiseconds—(Optional) Number of seconds that the device will delay before issuing an advertisement claiming master ownership.
priority Use this command to set the priority level of the device within a Virtual Router Redundancy Protocol version 3 (VRRPv3) group. The priority level controls which device becomes the master virtual router. To set the priority to the default, use the no form of this command. Syntax priority level no priority • level—Priority of the device within the VRRP group. The range is from 1 to 254. Default Configuration The default priority is 100.
timers advertise Use this command to configure the interval between successive advertisements by the master virtual router in a Virtual Router Redundancy Protocol version 3 (VRRPv3) group. To restore the default value, use the no form of this command. Syntax timers advertise centiseconds no timers advertise • centiseconds—Time interval between successive advertisements by the master virtual router. The unit of the interval is in centiseconds. The valid range is 1 to 4095 centiseconds.
console(config-if-vrrp)#timers advertise 50 shutdown Use the shutdown command to disable a Virtual Router Redundancy Protocol version 3 (VRRPv3) group configuration. Syntax shutdown no shutdown Default Configuration VRRPv3 Groups are disabled by default. Command Mode VRRPv3 Group Configuration mode User Guidelines Use the no shutdown command to update the virtual router state after completing configuration. Command History Command introduced in version 6.6 firmware.
no address ip-address secondary • ip-address—IPv4 or IPv6 address, it can be specified in one of the following formats: ipv4-address, ipv6-link-local-address, ipv6address/prefix-len. • primary—(Optional) Set primary IP address of the VRRPv3 group. • secondary—(Optional) Set additional IP address of the VRRPv3 group. Default Configuration No address is configured by default. If the primary or secondary option is not specified, the primary IP address is set.
console(config)#fhrp version vrrp v3 console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#vrrp group 1 address-family ipv4 console(config-if-vrrp)# address 101.1.0.10 primary console(config-if-vrrp)#no shutdown track interface Use this command to configure tracking of an IP interface for the device within a Virtual Router Redundancy Protocol version 3 (VRRPv3) group. To disable interface tracking, use the no form of the command.
console(config-if-vrrp)#track interface vlan 10 track ip route Use the track ip route command to configure tracking of the IP route for the device within a Virtual Router Redundancy Protocol (VRRPv3) group. To disable object tracking, use the no form of this command. Syntax track ip route ip-address/prefix-len [decrement number] no track ip route ip-address/prefix-len [decrement number] • ip-address/prefix-len—Prefix and prefix length of the route to be tracked.
clear vrrp statistics Use this command to clear VRRP statistical information for given interface of the device within a Virtual Router Redundancy Protocol version 3 (VRRPv3) group and IP address family. Syntax clear vrrp statistics [{ipv4| ipv6} vlan vlan-id vr-id] • ipv4—(Optional) Indicates the Virtual router group belongs to an IPv4 address family. • ipv6—(Optional) Indicates the Virtual router group belongs to an IPv6 address family.
console#clear vrrp statistics show vrrp statistics This command displays statistics for a selected Virtual Router Redundancy Protocol version 3 (VRRPv3) group or displays the global statistics. Syntax show vrrp statistics [{ipv4| ipv6} vlan vlan-id vr-id] • ipv4—(Optional) Indicates the Virtual router group belongs to an IPv4 address family. • ipv6—(Optional) Indicates the Virtual router group belongs to an IPv6 address family.
Example console#show vrrp statistics ipv6 vlan 11 2 Master Transitions............................. New Master Reason.............................. Advertisements Received........................ Advertisements Sent............................ Advertisement Interval Errors.................. IP TTL Errors.................................. Last Protocol Error Reason..................... Zero Priority Packets Received................. Zero Priority Packets Sent.....................
Switch Management Commands 7 Switch management commands are applicable to all Dell EMC Networking.
Application Deployment This section contains commands to manage Dell-supplied or end-user generated applications. Commands in this Section This section explains the following commands: application install application stop application start show application application install Use the application install command to install or remove an application.
• max-megabytes — Set the maximum memory resource that the application process(es) are allowed to consume. Expressed as megabytes between 0 and 200. If 0 is specified, the application process(es) are not limited. If this keyword is not specified, the default value is used. The default is 0. Default Configuration By default, no applications are installed. Command Mode Global Configuration User Guidelines Application names may be up to 16 characters in length.
Default Configuration By default, no applications are installed. Command Mode Privileged Exec mode User Guidelines Applications must be downloaded and installed prior to scheduling execution with the application start command. Application names may be up to 16 characters in length. The name specified in the application-name parameter must match the filename output of the show application command exactly. Application names are case sensitive.
User Guidelines Applications must be downloaded and installed prior to scheduling execution. Application names may be up to 16 characters in length. The name specified in the application-name parameter must match the filename output of the show application command exactly. Application names are case sensitive. Command History Introduced in version 6.3.0.1 firmware. Example console#application stop support-assist This action will terminate the support-assist agent.
Parameter Definition filename Name of the application start-on-boot Yes or No stating if the application is configured to start on boot auto-restart Yes or No stating if the application is configured to restart when the application process ends Max-CPU-Util Configured application CPU utilization limit expressed as a percentage. “None” if unlimited. Max-memory Configured application memory limit in megabytes. “None” if unlimited.
Auto-Install Commands Auto-Install provides automatic update of the image and configuration of Dell EMC Networking devices on boot up from a TFTP server as controlled by received DHCP options. It plays a critical role in the Dell EMC Networking offering of touchless or low-touch provisioning, in which configuration and imaging of a device is greatly simplified. This is highly desirable as device can be setup with minimum interaction from a skilled technician.
Commands in this Section This section explains the following commands: boot auto-copy-sw boot host retry-count boot auto-copy-sw allow-downgrade boot auto-copy-sw boot host auto-reboot show auto-copy-sw boot host auto-save show boot boot host dhcp – boot auto-copy-sw Use the boot auto-copy-sw command to enable or disable Stack Firmware Synchronization. Use the no form of the command to disable Stack Firmware Synchronization.
boot auto-copy-sw allow-downgrade Use the boot auto-copy-sw allow-downgrade command to enable automatic downgrade of the firmware version on a stack member if the firmware version on the manager is older than the identified firmware version. Use the no form of the command to disable downgrading the image. Syntax boot auto-copy-sw allow-downgrade no boot auto-copy-sw allow-downgrade Default Configuration The default value is enabled.
boot host auto-reboot Use the boot host auto-reboot command in Global Configuration mode to enable rebooting the device with no administrative intervention when a new firmware version is successfully downloaded using the Auto-Install process. Use the no form of this command to disable rebooting the device. Autoinstall successfully downloads a new firmware version. Syntax boot host auto-reboot no boot host auto-reboot Default Configuration The default value is enabled.
Syntax boot host auto-save no boot host auto-save Default Configuration The default value is disabled. Command Mode Global Configuration mode User Guidelines A configuration file (CLI commands) may be downloaded during the AutoInstall process via DHCP configuration or via UCSB configuration. Refer to the DHCP and USB Auto-Configuration topic in the User’s Configuration Guide for more information.
Default Configuration The default value is Enabled. Command Mode Global Configuration. User Guidelines This command has no user guidelines Example console# console#configure console(config)#boot host dhcp console(config)#no boot host dhcp boot host retry-count The boot host retry-count command sets the number of attempts to download a configuration. Use the no form of this command to reset the number of attempts to download a configuration to the default.
Example console# console#configure console(config)#boot host retry-count 5 console(config)#no boot host retry-count show auto-copy-sw Use the show auto-copy-sw command to display Stack Firmware Synchronization configuration status. Syntax show auto-copy-sw Default Configuration This command has no default configuration.
Syntax show boot Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show boot Auto-Install Mode.............................. Enabled AutoInstall Operational Mode................... Disabled Auto-Install State............................. AutoInstall is completed.
CLI Macro Commands CLI Macros provides a convenient way to save and distribute common configurations. A CLI macro is a set of the CLI commands having a unique name. When a CLI macro is applied, the CLI commands contained within the macro are executed and added to the Running Configuration File. When the macro is applied to an interface, the existing configuration is not lost; the new commands are added configuration.
• profile-compellent-nas, the interface configuration, used when connecting the switch to a Dell Compellent NAS. Commands in this Section This section explains the following commands: macro name macro apply macro global apply macro trace macro global trace macro description macro global description show parser macro macro name Use the macro name command in Global Configuration mode to create a user-defined macro. Use the no form of the command to delete a macro.
Macro Context Name Service interface profile-desktop Configure port security and spanning-tree portfast for a desktop user. interface profile-phone Enable an interface for the Voice VLAN service. interface profile-switch Configure a trunk mode port for a switch. interface profile-router Configure a trunk mode port for a router. interface profile-wireless Configure a port for connection to a wireless AP. global profile-compellent-nas Configure a port for connection to a Compellent NAS.
macro global apply Use the macro global apply command in Global Configuration mode to apply a macro. Syntax macro global apply macro-name [parameter value] [parameter value][parameter value] • • • macro-name—The name of the macro. parameter—The name of the parameter recognized by the macro. The parameter must begin with a dollar sign ($). value—The string to be substituted within the macro for the specified parameter name.
• • parameter—The name of the parameter recognized by the macro. The parameter must begin with a dollar sign ($). value—The string to be substituted within the macro for the specified parameter name. Default Configuration No parameters are substituted unless supplied on the command line. Command Mode Global Configuration mode User Guidelines The line number of the first error encountered is printed. The script is aborted after the first error. Commands applied are additive in nature.
User Guidelines This command is intended to give the administrator an easy way to remember which macros have been applied globally. All text up to the new line is included in the description. The line is appended to the global description. macro apply Use the macro apply command in Interface Configuration mode to apply a macro. Syntax macro apply macro-name [parameter value] [parameter value][parameter value] • • • macro-name—The name of the macro.
Syntax macro trace macro-name [parameter value] [parameter value][parameter value] no macro name name • • • macro-name—The name of the macro. parameter—The name of the parameter recognized by the macro. The parameter must begin with a dollar sign ($). value—The string to be substituted within the macro for the specified parameter name. Default Configuration No parameters are substituted unless supplied on the command line.
Default Configuration There is no description by default. Command Mode Interface Configuration mode User Guidelines This command is intended to give the administrator an easy way to remember which macros have been applied to an interface. All text up to the new line is included in the description. The line is appended to the interface description. show parser macro Use the show parser macro command to display information about defined macros.
Clock Commands Real-time Clock The Dell EMC Networking supports a real-time clock that maintains the system time across reboots. The system time is used to timestamp messages in the logging subsystem as well as for the application of time based ACLs. The administrator has the ability to configure and view the current time, time zone, and summer time settings. The earliest date that can be configured is Jan 1, 2010.
Commands in this Section This section explains the following commands: show sntp configuration sntp trusted-key show sntp server sntp unicast client enable show sntp status clock set sntp authenticate clock timezone hours-offset sntp authentication-key no clock timezone sntp broadcast client enable clock summer-time recurring sntp client poll timer clock summer-time date sntp server no clock summer-time sntp source-interface show clock show sntp configuration Use the show sntp configuratio
Example The following example displays the current SNTP configuration of the device. console#show sntp configuration Polling interval: 64 seconds MD5 Authentication keys: Authentication is not required for synchronization. Trusted keys: No trusted keys No trusted keys. Unicast clients: Disable Unicast servers: Server Key -------------- ----------10.27.128.
Server Server Server Server Server Stratum: Reference Id: Mode: Maximum Entries: Current Entries: 2 NTP Srv: 158.108.96.32 Server 3 2 SNTP Servers -----------Host Address: 2001::01 Address Type: IPv6 Priority: 1 Version: 4 Port: 123 Last Update Time: Dec 22 11:10:00 2009 Last Attempt Time: Dec 22 11:10:00 2009 Last Update Status: Success Total Unicast Requests: 955 Failed Unicast Requests: 1 Host Address: 3.north-america.pool.ntp.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following example shows the status of the SNTP. console#show sntp status Client Mode: Unicast Last Update Time: Mar 8 18:43:56 2017 Unicast servers: Server Status Last response --------------- ---------------------- -------------------------pool.ntp.org Success 18:43:56 Mar 8 2017 23.101.187.
Example The following example, after defining the authentication key for SNTP, grants authentication. console(config)# sntp authentication-key 8 md5 ClkKey console(config)# sntp trusted-key 8 console(config)# sntp authenticate sntp authentication-key Use the sntp authentication-key command in Global Configuration mode to define an authentication key for Simple Network Time Protocol (SNTP). To remove the authentication key for SNTP, use the no form of this command.
sntp broadcast client enable Use the sntp broadcast client enable command in Global Configuration mode to enable a Simple Network Time Protocol (SNTP) Broadcast client. To disable an SNTP Broadcast client, use the no form of this command. Syntax sntp broadcast client enable no sntp broadcast client enable Default Configuration The SNTP Broadcast client is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
Default Configuration The default polling interval is 64 seconds. Command Mode Global Configuration mode User Guidelines If a user enters a value which is not an exact power of two, the nearest powerof-two value is applied. Example The following example sets the polling time for the Simple Network Time Protocol (SNTP) client to 1024 seconds.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The SNTP authentication parameter is an MD5 checksum sent to the NTP server. The key index identified in the sntp server command should be configured with the sntp authentication-key command. Example The following example configures the device to accept Simple Network Time Protocol (SNTP) traffic from the server at IP address 192.1.1.1. console(config)# sntp server 192.1.1.
Command Mode Global Configuration User Guidelines The source interface must have an assigned IP address (either manually or via another method such as DHCP). This command is not supported on Dell EMC N1100-ON switches. Dell EMC N1100-ON switches support configuration of a single IP address in interface vlan configuration mode. That IP address is used as the source interface address for this function. Command History Introduced in version 6.3.0.1 firmware.
Command Mode Global Configuration mode User Guidelines This command is relevant for both received Unicast and Broadcast. Example The following defines SNTP trusted-key. console(config)# sntp authentication-key 8 md5 ClkKey console(config)# sntp trusted-key 8 console(config)# sntp authenticate sntp unicast client enable Use the sntp unicast client enable command in Global Configuration mode to enable a client to use Simple Network Time Protocol (SNTP) predefined Unicast clients.
console(config)# sntp unicast client enable clock set Use the clock set command to manually set the system time. Syntax clock set { | } Default Configuration The system time is local. Command Mode Global Configuration User Guidelines It is advisable to set both the time and date.
Command Mode Global Configuration Default Value No default setting User Guidelines No specific guidelines Example console(config)#clock timezone -5 minutes 30 zone IST no clock timezone Use the no clock timezone command to reset the time zone settings. Syntax no clock timezone Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines This command has no specific user guidelines.
clock summer-time recurring Use the clock summer-time recurring {usa | eu | {week day month hh:mm week day month hh:mm}} [offset offset] [zone acronym] command to set the summertime offset to UTC recursively every year. If the optional parameters are not specified, they are read as either '0' or '\0', as appropriate. Syntax clock summer-time recurring {usa | eu | {week day month hh:mm week day month hh:mm}} [offset offset] [zone acronym] • • • • • • week — Week of the month.
clock summer-time date Use the clock summer-time date {{date|month}|{month|date}} year hh:mm {{date|month}|{month|date}} year hh:mm [offset offset] [zone acronym] command to set the summertime offset to UTC. If the optional parameters are not specified, they are read as either '0' or '\0', as appropriate. Syntax clock summer-time date {date | month} {month | date} year hh:mm {date | month} {month | date} year hh:mm [offset offset] [zone acronym] • • • • • • date — Day of the month.
console(config)# clock summer-time date Apr 1 2014 02:00 Oct 28 2014 02:00 offset 60 zone EST no clock summer-time Use the no clock summer-time command to reset the summertime configuration. Syntax no clock summer-time Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines No specific guidelines Example console(config)#no clock summer-time show clock Use the show clock command to display the time and date from the system clock.
Command Mode User Exec, Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows the time and date only. console# show clock 15:29:03 PDT(UTC-7) Jun 17 2014 Time source is SNTP The following example shows the time, date, timezone, and summertime configuration.
Command Line Configuration Scripting Commands The Configuration Scripting feature allows the user to generate textformatted files representing the current system configuration. These configuration script files can be uploaded to a computer and edited, then downloaded to the system and applied to the system. This feature allows the flexibility of creating command configuration scripts that can be applied to several switches with minor or no modifications.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example applies the config.scr script to the switch. console#script apply config.scr script delete Use the script delete command to delete a specified script. Syntax script delete {scriptname | all} • scriptname — Script name of the file being deleted.
script list Use the script list command to list all scripts present on the switch as well as the remaining available space. Syntax script list Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example displays all scripts present on the switch. console#script list Configuration Script Name Size(Bytes) -------------------------------- ----------0 configuration script(s) found.
Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example displays the contents of the script file config.scr. console#script show config.scr interface gigabitethernet 1/0/1 ip address 176.242.100.100 255.255.255.0 exit script validate Use the script validate command to validate a script file by parsing each line in the script file.The validate option is intended for use as a tool in script development.
Example The following example validates the contents of the script file config.scr. console#script validate config.
CLI Output Filtering Commands show xxx|include “string” The command xxx is executed and the output is filtered to only show lines containing the "string" match. All other non-matching lines in the output are suppressed. Syntax show xxx|include “string” Default Configuration This command has no default configuration. User Guidelines This command has no user guidelines. Command History Command introduced in version 6.6.0 firmware. Example The following shows an example of the CLI command.
Syntax show xxx|include “string” exclude “string2” Default Configuration This command has no default configuration. User Guidelines This command has no user guidelines. Command History Command introduced in version 6.6.0 firmware. Example The following shows example of the CLI command.
Command History Command introduced in version 6.6.0 firmware. Example The following shows an example of the CLI command. (Routing) #show interface 0/1 Packets Received Without Error................. Packets Received With Error.................... Broadcast Packets Received..................... Receive Packets Discarded...................... Packets Transmitted Without Errors............. Transmit Packets Discarded..................... Transmit Packet Errors......................... Collision Frames........
Command History Command introduced in version 6.6.0 firmware. Example The following shows an example of the CLI command.
(Routing) #show running-config | section “interface 0/1” interface 0/1 no spanning-tree port mode exit show xxx|section “string” “string2” The command xxx is executed and the output is filtered to only show lines included within the section(s) identified by lines containing the “string” match and ending with the first line containing the “string2” match. If multiple sessions matching the specified string match criteria are part of the base output, then all instances are displayed.
Default Configuration This command has no default configuration. User Guidelines This command has no user guidelines. Command History Command introduced in version 6.6.0 firmware.
Configuration and Image File Commands File System Commands CLI commands allow the user to show the contents of the current directory in the flash file system (dir command). These files may also be deleted from the flash using the delete command or renamed with the rename command. Also, the syntax of the copy command has been changed slightly to add additional flash targets and sources for the above commands.
filedescr boot system Use the boot system command to specify the system image that the device loads at startup. Syntax boot system [unit-id][active|backup] • • • unit-id—Unit to be used for this operation. If absent, command executes on this node. active—Boot from the currently active image. backup—Boot from the backup image. Default Configuration This command has no default configuration.
Serial Number..................... Manufacturer...................... Burned In MAC Address............. System Object ID.................. CPU Version....................... SOC Version....................... HW Version........................ CPLD Version...................... X00-32C-10 0xbc00 001E.C9F0.0039 1.3.6.1.4.1.674.10895.3042 XLP308L BCM56842_A1 1 17 unit active backup current-active next-active ---- ----------- ----------- -------------- -------------6.0.0.1 6.0.0.0 6.0.0.1 6.0.0.
Syntax copy source-url destination-url Parameter Description source-url The location URL or or reserved keyword of the source file being copied. (Range: 1-160 characters.) List of valid source parameters for uploading from the switch: backup-config Uploads Backup Config file. active|backup Uploads code file. log-files Uploads the system logs. operational-log Uploads Operational Log file. running-config Uploads system config file. script Uploads Configuration Script file.
Parameter Description destination-url The URL or reserved keyword of the destination file. (Range: 1-160 characters. List of valid destination parameters for downloading to the switch: application [filename] Download a PYTHON application. backup-config Downloads a backup config file using FTP, SFTP, or TFTP. ca-root [index] A Certificate Authority (CA) root or intermediate X.509 PEM-encoded certificate file. The contents of the source URL are copied into the CAindex.pem file on the switch.
Parameter Description destination-url openflow-ssl-cert (cont.) An OpenFlow client certificate file. The contents of the source URL are copied into the of-cert.pem file on the switch. script Downloads a configuration script by FTP, SFTP, or TFTP. startup-config Downloads a startup configuration file using FTP or TFTP. ias-users Downloads the ias-users database file.
• • • • • filename is extracted from the source url. If the filename has a .tar or .tgz extension, the archive is unpacked in the user-apps directory and deleted after unpacking. If there is an error during unpacking, the file is deleted anyway. If the file name does not include a .tar or .tgz extension, it is simply copied into the user-apps directory as is. username — The user name for logging into the remote server via SSH.
Reserved Keyword Description tftp: Source or destination URL for a TFTP network server. The syntax for this alias is tftp:[[//location]/directory]/filename. An out-ofband IP address can be specified as described in the User Guidelines. usb: Source or destination URL for a file on a mounted USB file system. flash: Source or destination URL for the switch flash-based file system. backup-config Represents the backup configuration file.
Script download performs syntax checking of downloaded scripts. If a syntax error is detected, the user is prompted to save the file. If no error is detected, the file is saved using the target file name. Downloaded scripts are executed from privileged exec mode and should contain a configure command as the first line of the script in order to enter global configuration mode.
Configuration saved! Example – Downloading new code to the switch console#copy tftp://10.27.9.99/jmclendo/N3000-ONv6.0.1.3.stk backup Transfer Mode.................................. Server IP Address.............................. Source File Path............................... Source Filename................................ Data Type...................................... Destination Filename........................... TFTP 10.27.9.99 jmclendo/ N3000-ONv6.0.1.3.
Example – Downloading and applying ias users file console#copy tftp://10.131.17.104/aaa_users.txt ias-users Transfer Mode.................................. TFTP Server IP Address.............................. 10.131.17.104 File Path...................................... ./ File Name...................................... aaa_users.txt Data Type......................................
linux>tar czf ha.tgz hiveagent_pr hiveagent_pr_s On the switch, issue the following command: console#copy tftp://172.25.122.22/ha.tgz application See what files are installed: console#show application files OpEN application process directory contents: 62 53926 53926 74062 1143002 1143002 10517 2544 3461 4465 12464 3729 8707 16358 SupportAssist ah_ha.conf ah_ha.conf_s hiveagent hiveagent_pr hiveagent_pr_s sa-main.pyc saCommitUpl.pyc saGetConfig.pyc saGlobal.pyc saSendChunk.pyc saStartUpl.pyc saSubmitTop.
-rwx -rw -rwx -rwx 62 3461 53926 1143002 Jul Jul May May 19 19 05 05 2016 2016 2016 2016 13:44:02 13:44:01 12:17:12 12:17:12 SupportAssist saGetConfig.pyc ah_ha.conf_s hiveagent_pr Total Size: 215265280 Bytes Used: 2535481 Bytes Free: 212729799 Command History Description and options revised in 6.3.5 release. delete Use the delete command to delete files from flash. Files cannot be deleted from the USB device.
User Guidelines The file name may optionally include the path to the file, e.g., delete crashlogs/crash.0. Example console#delete file1.scr Delete file1.scr (Y/N)?y dir Use the dir command to print the contents of the flash file system or of a subdirectory. Syntax dir [subdir] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines.
-rw-rw- 0 2497 Jan 28 2022 23:05:12 Jan 21 2022 22:37:38 olog0.txt fastpath.cfg Total Size: 1001914368 Bytes Used: 128319488 Bytes Free: 873594880 erase Use the erase command to erase the startup configuration, the backup configuration, or the backup image, or a Dell-supplied application. Syntax erase {filename | startup-config | backup | backup-config | application filename} • • • • • filename—The name of a file on the flash drive.
Syntax filedescr {active | backup} description no filedescr {active | backup} • • active | backup—Image file. description—Block of descriptive text. (Range: 0-128 characters) Default Configuration No description is attached to the active or backup image. Use the show bootvar command to display the image description. Command Mode Privileged Exec mode User Guidelines The description accepts any printable characters except a question mark.
• dest — Destination file name Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines Renaming the image1 or image2 files may cause the switch to not boot. Example console#rename file1.scr file2.scr show backup-config Use the show backup-config command to display the contents of the backup configuration file. Syntax show backup-config Default Configuration This command has no default configuration.
!Current Configuration: !System Description “Dell Networking N4032, 6.0.0.0, Linux 2.6.32.9" !System Software Version 6.0.0.0 !Cut-through mode is configured as disabled ! configure slot 1/0 1 ! Dell Networking N4032 stack member 1 1 ! N4032 exit interface vlan 1 exit snmp-server engineid local 800002a203001122334455 exit show bootvar Use the show bootvar command in User Exec mode to display the active system image file that the device loads at startup. Syntax show bootvar [unit] • unit —Unit number.
Image Descriptions active : backup : Images currently available on Flash unit active backup current-active next-active ----- ------------ ------------ ----------------- ----------------1 6.0.0.0 9.25.16.57 6.0.0.0 6.0.0.0 show running-config Use the show running-config command to display the contents of the currently running configuration file, including banner configuration.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example This example shows the truncated output for the configuration of interface Gi1/0/1. Since the all parameter is given, both the non-default and the default values are shown.
show startup-config Use the show startup-config command to display the startup configuration file contents. Syntax show startup-config Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the contents of the startup-config file.
write Use the write command to copy the running configuration image to the startup configuration. Syntax write Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command is equivalent to the copy running-config startup-config command functionally.
DHCP Client Commands Dell EMC Networking switches support an embedded DHCP client. Any IP interface can use DHCP to obtain an IP address. The DHCP client can run on multiple interfaces simultaneously. For IPv4, an IP interface can either use manually configured addresses or be enabled for DHCP. The options are mutually exclusive. When the operator enables DHCPv4 on an IP interface, all manually configured IP addresses on that interface are removed from the running configuration.
release dhcp Use the release dhcp command to force the DHCPv4 client to release a leased address. Syntax release dhcp interface-id • interface-id—Any valid VLAN interface. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration.
Syntax renew dhcp {interface-id | out-of-band} • • interface-id—Any valid IP interface. See Interface Naming Conventions for interface representation. out-of-band—Keyword to identify the out-of-band interface. The DHCP client renews the leased address on this interface. Default Configuration This command has no default configuration.
show dhcp lease Use the show dhcp lease command to display IPv4 addresses leased from a DHCP server. Syntax show dhcp lease [interface {out-of-band | vlan vlan-id}] • • out-of-band—The out-of-band interface. vlan-id—The VLAN identifier. Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command lists all IPv4 addresses currently leased from a DHCP server on an IP interface.
Term Description Retry count Number of times the DHCPv4 client sent a DHCP REQUEST message to which the server did not respond. Examples The following example shows the output from this command when the device has leased two IPv4 addresses from the DHCP server. console#show dhcp lease IP address: 10.27.22.186 on interface Vl1 Subnet mask: 255.255.252.0 DHCP lease server: 10.27.192.
DHCP Server Commands Dell EMC Networking N2000/N2100/N3000-ON/N3100 Series Switches DHCP is based on the Bootstrap Protocol (BOOTP). It also captures the behavior of BOOTP relay agents and DHCP participants can inter operate with BOOTP participants. The host RFC’s standardize the configuration parameters which can be supplied by the DHCP server to the client. After obtaining parameters via DHCP, a DHCP client should be able to exchange packets with any other host in the Internet.
• Using DHCP a centralized management policy can be implemented as the DHCP server keeps information about all the subnets. This allows a system operator to update a single server when configuration changes take place.
no ip dhcp pool [pool-name] • pool-name—The name of an existing or new DHCP address pool. The pool name can be up to 31 characters in length and can contain the following characters: a-z, A-Z, 0-9, ’-’, ’_’, ’ ’. Enclose the entire pool name in quotes if an embedded blank is to appear in the pool name. Default Configuration The command has no default configuration. Command Mode Global Configuration mode User Guidelines This capability requires the DHCP service to be enabled.
• Client address lease time – lease Administrators may also configure manual bindings for clients using the host command in DHCP Pool Configuration mode. This is the most often used for DHCP clients for which the administrator wishes to reserve an ip address, for example a computer server or a printer. A DHCP pool can contain automatic or dynamic address assignments or a single static address assignment.
bootfile Use the bootfile command in DHCP Pool Configuration mode to set the name of the image for the DHCP client to load. Use the no form of the command to remove the bootfile configuration. Use the show ip dhcp pool command to display pool configuration parameters. Syntax bootfile filename no bootfile • filename—The name of the file for the DHCP client to load. Default Configuration There is no default bootfile filename.
Default Configuration The command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example console#clear ip dhcp binding 1.2.3.4 clear ip dhcp conflict Use the clear ip dhcp conflict command to remove DHCP server address conflicts. Use the show ip dhcp conflict command to display address conflicts detected by the DHCP server. Syntax clear ip dhcp conflict {ip-address | *} • *—Clear all automatic dhcp bindings.
client-identifier Use the client-identifier command in DHCP Pool Configuration mode to identify a Microsoft DHCP client to be manually assigned an address. Use the no form of the command to remove the client identifier configuration. Syntax client-identifier unique-identifier no client-identifier • unique-identifier—The identifier of the Microsoft DHCP client. The client identifier is specified as 7 bytes of the form XX:XX:XX:XX:XX:XX:XX where X is a hexadecimal digit.
Syntax client-name name no client-name • name—The name of the DHCP client. The client name is specified as up to 31 printable characters. Default Configuration There is no default client name. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. The client name should not include the domain name as it is specified separately by the domain-name (IP DHCP Pool Config) command.
• ip-address1—The IPv4 address of the first default router for the DHCP client. • ip-address2—The IPv4 address of the second default router for the DHCP client. Default Configuration No default router is configured. Command Mode DHCP Pool Configuration mode User Guidelines This command has no user guidelines. Example console(config-dhcp-pool)#default-router 192.168.22.1 192.168.23.
User Guidelines This command has no user guidelines. domain-name (IP DHCP Pool Config) Use the domain-name command in IP DHCP Pool Configuration mode to set the DNS domain name which is provided to a DHCP client by the DHCP server. The DNS name is an alphanumeric string up to 255 characters in length. Use the no form of the command to remove the domain name. Syntax domain-name domain no domain-name domain • domain — DHCP domain name.
Default Configuration There are no default MAC address manual bindings. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. It may be necessary to use the no host command prior to executing the no hardware-address command. Example console(config-dhcp-pool)#hardware-address 00:23:12:43:23:54 console(config-dhcp-pool)#host 192.168.21.
User Guidelines Use the client-identifier or hardware-address command prior to using this command for an address pool. Use the show ip dhcp pool command to display pool configuration parameters. Example console(config-dhcp-pool)#client-identifier 00:23:12:43:23:54 console(config-dhcp-pool)#host 192.168.21.131 32 ip dhcp bootp automatic Use the ip dhcp bootp automatic command in Global Configuration mode to enable automatic BOOTP address assignment.
ip dhcp conflict logging Use the ip dhcp conflict logging command in Global Configuration mode to enable DHCP address conflict detection. Use the no form of the command to disable DHCP conflict logging. Syntax ip dhcp conflict logging no ip dhcp conflict logging Default Configuration Conflict logging is enabled by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
• high-address—An IPv4 address indicating the ending range for exclusion from automatic DHCP address assignment. The high-address must be numerically greater than the low-address. Default Configuration By default, no IP addresses are excluded from the lists configured by the IP DHCP pool configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console#ip dhcp excluded-address 192.168.20.1 192.168.20.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console#ip dhcp ping packets 5 lease Use the lease command in DHCP Pool Configuration mode to set the period for which a dynamically assigned DHCP address is valid. Use the infinite parameter to indicate that addresses are to be automatically assigned. Use the no form of the command to return the lease configuration to the default. Use the show ip dhcp pool command to display pool configuration parameters.
User Guidelines The Dell EMC Networking DHCP server does not offer infinite duration DHCP leases. The maximum lease offered is 60 days, which corresponds to an “infinite” setting in the UI. Example The following examples sets a lease period of 1 day, 12 minutes and 59 seconds. console(config)#ip dhcp pool asd console(config-dhcp-pool)#network 10.0.0.0 255.0.0.0 console(config-dhcp-pool)#lease 1 12 59 console(config-dhcp-pool)#exit console(config)#show ip dhcp pool asd Pool: asd Pool Type...................
User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. Up to eight name server addresses may be specified. The NetBIOS WINS information is conveyed in the Option 44 TLV of the DHCP OFFER, DCHP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages. Example console(config-dhcp-pool)#netbios-name-server 192.168.21.1 192.168.22.1 netbios-node-type Use the netbios-node-type command in DHCP Pool Configuration mode to set the NetBIOS node type for a Microsoft DHCP client.
• hybrid (h-node) Example console(config-dhcp-pool)#netbios-node-type h-node network Use the network command in IP DHCP Pool Configuration mode to define a pool of IPv4 addresses for distributing to clients. Syntax network network-number [mask | prefix-length] • network-number—A valid IPv4 address • mask—A valid IPv4 network mask with contiguous left-aligned bits. • prefix-length—An integer indicating the number of leftmost bits in the network-number to use as a prefix for allocating cells.
Default Configuration There is no default IPv4 next server configured. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. The IPv4 address is conveyed in the SIADDR field of the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages. Example console(config-dhcp-pool)#next-server 192.168.21.
Default Configuration There is no default option configured. Command Mode DHCP Pool Configuration mode User Guidelines The option information must match the selected option type and length. Options cannot be longer than 255 characters in length. The option information is conveyed in the TLV specified by the code parameter in the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages.
Table 7-1 lists the other options that can be configured and their fixed length, minimum length, and length multiple requirements. Refer to the relevant documentation for the DHCP client to identify what information, if any, is accepted by the client for the options listed below. Table 7-1.
Table 7-1.
Table 7-1.
service dhcp Use the service dhcp command in Global Configuration mode to enable the local IPv4 DHCP server on the switch. Use the no form of the command to disable the DHCPv4 service. Syntax service dhcp no service dhcp Default Configuration The service is disabled by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. The IPv4 address of the NTP server is conveyed in the Option 42 TLV of the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages. Example console(config-dhcp-pool)#sntp 192.168.21.2 show ip dhcp binding Use the show ip dhcp binding command to display the configured DHCP bindings.
show ip dhcp conflict Use the show ip dhcp conflict command in User Exec mode to display DHCP address conflicts for all relevant interfaces or a specified interface. If an interface is specified, the optional statistics parameter is available to view statistics for the specified interface. Syntax show ip dhcp conflict [address] • address—A valid IPv4 address for which the conflict information is desired. Default Configuration The command has no default configuration.
User Guidelines This command has no user guidelines. Example console#show ip dhcp server statistics show ip dhcp pool Use the show ip dhcp pool command in User Exec or Privileged Exec mode to display the configured DHCP pool or pools. If no pool name is specified, information about all pools is displayed. Syntax show ip dhcp pool [all | poolname] • poolname—Name of the pool. (Range: 1-32 characters) Default Configuration This command has no default configuration.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show ip dhcp server statistics Automatic Bindings............................. 100 Expired Bindings............................... 32 Malformed Bindings............................. 0 Messages Received ------------------DHCP DISCOVER.................................. 132 DHCP REQUEST................................... 132 DHCP DECLINE.............
DHCPv6 Server Commands Dell EMC Networking N2000/N2100/N3000-ON/N3100 Series Switches This section explains the following commands: clear ipv6 dhcp service dhcp dns-server (IPv6 DHCP Pool Config) show ipv6 dhcp domain-name (IPv6 DHCP Pool Config) show ipv6 dhcp binding ipv6 dhcp pool show ipv6 dhcp interface ipv6 dhcp relay show ipv6 dhcp pool ipv6 dhcp server show ipv6 dhcp pool prefix-delegation show ipv6 dhcp statistics clear ipv6 dhcp Use the clear ipv6 dhcp command to clear DHCPv6 statist
Examples The following examples clears DHCPv6 statistics for VLAN 11. console#clear ipv6 dhcp interface vlan 11 statistics\ dns-server (IPv6 DHCP Pool Config) Use the dns-server command in IPv6 DHCP Pool Configuration mode to set the IPv6 DNS server address which is provided to a DHCPv6 client by the DHCPv6 server. DNS server address is configured for stateless server support. Syntax dns-server ipv6-address no dns-server ipv6-address • ipv6-address —Valid IPv6 address.
Default Configuration This command has no default configuration. Command Mode IPv6 DHCP Pool Configuration mode User Guidelines DHCPv6 pool can have multiple number of domain names with maximum of 8. Example The following example sets the DNS domain name “test”, which is provided to a DHCPv6 client by the DHCPv6 server.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enters IPv6 DHCP Pool Configuration mode. console(config)#service dhcpv6 console(config)#ipv6 dhcp pool addrpool console(config-dhcp6s-pool)# ipv6 dhcp relay Use the ipv6 dhcp relay command in Interface Configuration mode to configure an interface for DHCPv6 relay functionality.
Command Mode Interface Configuration (VLAN, Tunnel) mode User Guidelines The IPv6 DHCP service must be enabled to use this feature. Enable the IPv6 DHCP service using the service dhcpv6 command. An IP interface (VLAN) may be configured in DHCP relay mode or server mode. Configuring an interface in DHCP relay mode overwrites DHCP server mode and vice-versa. An IP interface configured in relay mode cannot be configured as a DHCP client (ip address dhcp).
Syntax ipv6 dhcp server pool-name [rapid-commit] [preference pref-value] • pool-name — The name of the DHCPv6 pool containing stateless and/or prefix delegation parameters • rapid-commit — An option that allows for an abbreviated exchange between the client and server. • pref-value — Preference value —used by clients to determine preference between multiple DHCPv6 servers. (Range: 0-4294967295) Default Configuration The default preference value is 20. Rapid commit is not enabled by default.
The DHCP for IPv6 client, server, and relay functions are mutually exclusive on an interface. When one of these functions is already enabled and a user tries to configure a different function on the same interface, a message is displayed.
Default Configuration 604800 seconds (30 days) is the default value for preferred-lifetime. 2592000 seconds (7 days) is the default value for valid-lifetime. Command Mode IPv6 DHCP Pool Configuration mode User Guidelines This command has no user guidelines. Example The following example defines a Multiple IPv6 prefix and client DUID within a pool for distributing to specific DHCPv6 Prefix delegation clients.
Command Mode Global Configuration mode User Guidelines IPv6 DHCP relay and IPv6 DHCPv6 pool assignments require the DHCPv6 service to be enabled. Example The following example enables DHCPv6 globally. console#configure console(config)#service dhcpv6 console(config)#no service dhcpv6 show ipv6 dhcp Use the show ipv6 dhcp command to display the DHCPv6 server name and status. Syntax show ipv6 dhcp Default Configuration This command has no default configuration.
Server DUID: show ipv6 dhcp binding Use the show ipv6 dhcp binding command to display the configured DHCP pool. Syntax show ipv6 dhcp binding [ipv6-address] • ipv6-address — Valid IPv6 address. Default Configuration This command has no default configuration. Command Mode Privileged Exec and User Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
• interface-id—A tunnel or VLAN interface identifier. See Interface Naming Conventions for interface representation. • statistics—Enables statistics display if interface is specified. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command shows the DHCP status. Statistics are shown depending on the interface mode (relay, server, or client).
Term Description Leased Address The IPv6 address leased by the DHCPv6 Server for this interface. Preferred Lifetime The preferred life time (in seconds) of the IPv6 Address leased by the DHCPv6 Server. Valid Lifetime The valid life time (in seconds) of the IPv6 Address leased by the DHCPv6 Server. Renew Time The time remaining (in seconds) to send a DHCPv6 Renew request to DHCPv6 Server for the leased address. Expiry Time The time (in seconds) when the DHCPv6 leased address expires.
DHCPv6 Relay-forward Packets Received.......... DHCPv6 Relay-reply Packets Received............ DHCPv6 Malformed Packets Received.............. Received DHCPv6 Packets Discarded.............. Total DHCPv6 Packets Received.................. DHCPv6 Advertisement Packets Transmitted....... DHCPv6 Reply Packets Transmitted............... DHCPv6 Reconfig Packets Transmitted............ DHCPv6 Relay-reply Packets Transmitted......... DHCPv6 Relay-forward Packets Transmitted.......
console#show ipv6 dhcp interface vlan 10 statistics DHCPv6 Server Interface Vl10 Statistics DHCPv6 Solicit Packets Received................ DHCPv6 Request Packets Received................ DHCPv6 Confirm Packets Received................ DHCPv6 Renew Packets Received.................. DHCPv6 Rebind Packets Received................. DHCPv6 Release Packets Received................ DHCPv6 Decline Packets Received................ DHCPv6 Inform Packets Received.................
• poolname — Name of the pool. (Range: 1-32 characters) Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the configured DHCP pool.
Example The following example displays the DHCPv6 server name and status. console> show ipv6 dhcp statistics DHCPv6 Interface Global Statistics -----------------------------------DHCPv6 Solicit Packets Received................ DHCPv6 Request Packets Received................ DHCPv6 Confirm Packets Received................ DHCPv6 Renew Packets Received.................. DHCPv6 Rebind Packets Received................. DHCPv6 Release Packets Received................ DHCPv6 Decline Packets Received..............
HiveAgent Commands The commands in this section enable configuration of the Dell HiveAgent. Commands in this Section This section explains the following commands: eula-consent source-interface vlan-id hiveagent url server show hiveagent debug debug show hiveagent source-interface enable show hiveagent status proxy-ip-address show eula-consent hiveagent eula-consent Use the eula-consent command to accept or decline the end-user license agreement (EULA) for the hive agent.
User Guidelines Messages are shown for both the accept and reject use cases with information directing the user to URLs for further information. If the user rejects or has not yet accepted the EULA, the configuration mode for the specified service is not usable. If there is existing configuration for that feature, the configuration is not removed, but the feature is disabled. This command can be executed multiple times. It overwrites the previous information each time.
no hiveagent Default Configuration By default, no HiveManager NG is configured by default. Command Mode Global Configuration User Guidelines This command enters HiveAgent Configuration mode. It allows the administrator to configure HiveAgent information. The configured information is stored in the running config. Use the write command to save the information into the startup-config. Command History Introduced in version 6.3.0.1 firmware. Example In this example, the HiveAgent EULA has been accepted.
Syntax server server-name no server server-name server-name — The name of the server. The server name has a maximum length of 20 characters. Any printable character other than a question mark may be used in the server name. Enclose the server name in quotes if an embedded blank is desired in the server name. Default Configuration The default server HiveManagerNG is configured.
Default Configuration By default, HiveAgent debug is disabled. Command Mode HiveAgent Configuration mode User Guidelines This command enables HiveAgent debug. Command History Command introduced in version 6.5 firmware. Example console(config)#hiveagent console(conf-hiveagent)#debug enable Use the enable command to enable a HiveAgent server. Use the no form of the command to disable a HiveAgent server. Syntax enable no enable Default Configuration By default, the default server is enabled.
Command History Introduced in version 6.3.0.1 firmware. Example console(config)# hiveagent console(conf-hiveagent)#server HiveManagerNG console(conf-hiveagent-HiveManagerNG)#enable proxy-ip-address Use the proxy-ip-address command to configure a proxy server to be used to contact the HiveManager NG. Use the no form of the command to remove the proxy server information.
Command Mode HiveAgent Server Configuration User Guidelines Passwords are always stored and displayed as encrypted, even if entered in unencrypted format. Example console(config)#support-assist console(conf-support-assist)#server 10.0.0.1 console(conf-support-assist-10.0.0.1)#proxy-ip-address 10.0.0.2 port 1025 username admin password 0 password Command History Introduced in version 6.3.0.1 firmware.
User Guidelines The source VLAN must have an IP address assigned for it to be used by HiveAgent. Command History Command introduced in version 6.5 firmware. Example console(config)#interface vlan 1 console(conf-vlan1)#ip address 172.16.32.11 /24 console(conf-vlan1)#exit console(config)#hiveagent console(conf-hiveagent)#source interface vlan-id 1 url Use the url command to configure the URL to reach on HiveManager NG. Use the no form of the command to remove the URL information.
Command History Introduced in version 6.3.0.1 firmware. Example console(config)#hiveagent console(conf-hiveagent)" server HiveManagerNG console(conf-hiveagent-HiveManagerNG)#url cloud-rd.aerohive.com show hiveagent debug Use the show hiveagent debug command to view information on HiveAgent debug configuration. Status may also be obtained from the HiveManager NG web page. Syntax show hiveagent debug Default Configuration This command has no defaults.
Syntax show hiveagent source-interface Default Configuration This command has no defaults. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The source VLAN must have an IP address assigned for it to be used by HiveAgent. Command History Command introduced in version 6.5 firmware.
User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.3.0.1 firmware. Example console# show hiveagent status HiveAgent: Enabled EULA: Accepted HiveManager Server Name: HiveManagerNG HiveManager NG (enabled): HiveAgent Version.............................. HiveAgent Status............................... HiveAgent AssociationUrl....................... HiveAgent AssociationMethod.................... HiveAgent PollUrl..............................
User Guidelines Acceptance of the HiveAgent EULA is enabled by default. Command History Introduced in version 6.3.0.1 firmware. Example console#show eula-consent hiveagent HiveAgent EULA has been: Accepted This switch includes a feature that enables it to work with HiveManager (an optional management suite), by sending the switch’s service tag number to HiveManager to authenticate your entitlement to use HiveManager.
IP Addressing Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON Series Switches Interfaces on the Dell EMC Networking switches support a variety of capabilities to support management of the switch. In addition to performing switching and routing of network traffic, Dell EMC Networking switches act as a host for management of the switch.
ip domain-lookup show ip helper-address ip domain-name show ipv6 dhcp interface out-of-band statistics ip host show ipv6 interface out-of-band clear host Use the clear host command to delete entries from the host name-to-address cache. Syntax clear host {name | *} • name — Host name to be deleted from the host name-to-address cache. (Range: 1-255 characters) • * — Deletes all entries in the host name-to-address cache. Default Configuration This command has no default configuration.
Syntax clear ip address-conflict-detect [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, counters for the default (global) router instance is cleared. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
User Guidelines This command is not available on the N1100-ON/N1500/N2000/N2100ON/N2200-ON Series switches. Example console(config)#interface out-of-band console(config-if)# ip address Use the ip address command to configure an IP address on an in-band VLAN or loopback interface. Also use this command to configure one or more secondary IP addresses on the interface.
Command Mode Interface Configuration (VLAN, Loopback) mode User Guidelines This command also implicitly enables the VLAN or loopback interface for routing (i.e. as if the user had issued the ‘routing’ interface command). By default, configuring an IP address on a VLAN enables in-band management for interfaces configured with that VLAN. Setting up an IP address on VLAN 1 enables switch management on all in-band interfaces except for those where VLAN 1 is specifically excluded.
ip address (Out-of-Band) Use the ip address command in Interface Configuration mode to set an IP address for the out-of-band interface. Use the no form of this command to return the ip address configuration to its default value. Syntax ip address {ip-address {mask | prefix-length} | dhcp|none} no ip address • ip-address—Specifies a valid IPv4 address in dotted-quad notation. • mask—Specifies a valid subnet (network) mask IPv4 address in dotted quad notation.
A out-of-band interface configured for DHCP address assignment will send the following text string in DHCP Option 60 of the DHCPDISCOVER message to assist the DHCP server in identification of the switch: "DellEMC;;;". The left and right angle brackets and quotation marks are not sent. An example option 60 string might be: DellEMC;N2128PXON;6.5.2.
User Guidelines When in virtual router configuration mode, this command operates within the context of the virtual router instance. When in global config mode, the command operates on the global router instance. Virtual Router Configuration mode is only available on the Dell EMC Networking N3000-ON/N3100-ON switches.
In addition to leasing an IP address and subnet mask, the DHCP client may learn the following parameters from a DHCP server: • The IPv4 address of a default gateway. If the device learns different default gateways on different interfaces, the system uses the first default gateway learned. The system installs a default route in the routing table, with the default gateway’s address as the next hop address. This default route has a preference of 254. • The IPv4 address of a DNS server.
Command Mode Global Configuration mode, Virtual Router Configuration mode User Guidelines When the system does not have a more specific route to a packet’s destination, it sends the packet to the default gateway. The system installs a default IPv4 route with the gateway address as the next hop address. The route preference is 253. A default gateway configured with this command is more preferred than a default gateway learned from a DHCP server, which has a route preference of 254.
Syntax ip domain-lookup no ip domain-lookup Default Configuration DNS name resolution is enabled by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables the IP Domain Naming System (DNS)-based host name-to-address translation. console(config)#ip domain-lookup ip domain-name Use the ip domain-name command in Global Configuration mode to define a default domain name used to complete unqualified host names.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines a default domain name of dell.com. console(config)#ip domain-name dell.com ip host Use the ip host command in Global Configuration mode to define static host name-to-address mapping in the host cache. To delete the name-to-address mapping, use the no form of this command. Syntax ip host name address no ip host name • name — Host name. • address — IP address of the host.
console(config)#ip host accounting.dell.com 176.10.23.1 ip name-server Use the ip name-server command in Global Configuration mode to define available IPv4 or IPv6 name servers. To delete a name server, use the no form of this command. Syntax ip name-server server-address1 [server-address2 … server-address8] no ip name-server [server-address1 … server-address8] • server-address — Valid IPv4 or IPv6 addresses of the name server.
Syntax ip name-server source-interface {loopback loopback-id | tunnel tunnel-id | vlan vlan-id } no ip name-server source-interface • loopback-id— A loopback interface identifier. • tunnel-id— A tunnel identifier. • vlan-id— A VLAN identifier. Default Configuration By default, the switch uses the assigned switch IP address as the source IP address for DNS packets. This address is either the IP address assigned to the VLAN from which the DNS packet originates or the out-of-band interface IP address.
Example The following example configures a source interface for a VLAN interface that obtains its address via DHCP: console#configure console(config)#interface vlan 1 console(config-if-vlan1)#ip address dhcp console(config-if-vlan1)#exit console(config)#ip name-server source-interface vlan 1 This example configures a source interface for a loopback interface. Using a loopback address is the recommended method for assigning a source interface.
Default Configuration There is no IPv6 address configured by default. Command Mode Interface Configuration mode (VLAN, tunnel, loopback) User Guidelines When setting the prefix length on an IPv6 address, no space can be present between the address and the mask. Multiple globally reachable addresses may be assigned to an interface. Creation of a link local address is automatically performed by this command. IPv6 addresses may be expressed in up to eight blocks.
ipv6 address (OOB Port) Use the ipv6 address command in Interface (out-of-band) Configuration mode to set the IPv6 prefix on the out-of-band port. If a prefix is specified, the address will be configured using the prefix and length A link local address in EUI-64 format may also be assigned. The autoconfig parameter specifies that a link local address in the EUI-64 format is assigned to the interface. The DHCP parameter indicates that the port should obtain its address via DHCP.
IPv6 auto configuration mode can be enabled in the Out-of-Band interface only when IPv6 auto configuration or DHCPv6 is not enabled on any of the in-band management interfaces. The optional eui64 parameter indicates that the IPv6 address is configured to use the EUI-64 interface ID in the low order 64 bits of the address. In this parameter is specified, the prefix-length must be 64. This command is only valid for switches equipped with an out-of-band interface.
console#config console(config)#interface vlan 2 console(config-if-vlan2)#ipv6 address dhcp ipv6 enable (Interface Configuration) Use the ipv6 enable command in Interface Configuration mode to enable IPv6 on a routing interface. Use the no form of this command to reset the IPv6 configuration to the defaults. Syntax ipv6 enable no ipv6 enable Default Configuration IPv6 is not enabled by default.
Default Configuration By default, IPv6 is not enabled on the out-of-band port. Command Mode Interface (out-of-band) Configuration mode User Guidelines This command is not necessary if an IPv6 address has been assigned to the interface. This command is only valid for switches equipped with an out-ofband interface. ipv6 gateway (OOB Configuration) Use the ipv6 gateway command in Interface (out-of-band) Configuration mode to configure the address of the IPv6 gateway.
show hosts Use the show hosts command in User Exec mode to display the default domain name, a list of name server hosts, and the static and cached list of host names and addresses. Syntax shows hosts [hostname]. • hostname—(Range: 1–255 characters). The command allows spaces in the host name when specified in double quotes. For example, console(config)#show hosts “host name” Default Configuration This command has no default configuration.
show ip address-conflict Use the show ip address-conflict command in User Exec or Privileged Exec mode to display the status information corresponding to the last detected address conflict. Syntax show ip address-conflict [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration.
Term Description Time Since Conflict The time in days, hours, minutes, and seconds since the last Detected address conflict was detected. Example console#show ip address-conflict Address Conflict Detection Status...Conflict Detected Last Conflicting IP Address.........10.131.12.56 Last Conflicting MAC Address........00:01:02:04:5A:BC Time Since Conflict Detected........5 days 2 hrs 6 mins 46 secs console#show ip address-conflict Address Conflict Detection Status..............
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100-ON series switches. This command is not available on the N1100-ON Series switches. Example console#show ip helper-address IP helper is enabled Interface UDP Port Discard Hit Count Server Address -------------------- ----------- ---------- ---------- ---------------vlan 25 domain No 0 192.168.40.2 vlan 25 dhcp No 0 192.168.40.
Example console#show ipv6 dhcp interface out-of-band statistics DHCPv6 Client Statistics ------------------------DHCPv6 Advertisement Packets Received.......... DHCPv6 Reply Packets Received.................. Received DHCPv6 Advertisement Packets Discard.. Received DHCPv6 Reply Packets Discarded........ DHCPv6 Malformed Packets Received.............. Total DHCPv6 Packets Received.................. DHCPv6 Solicit Packets Transmitted............. DHCPv6 Request Packets Transmitted.............
IPv6 Prefix is..................FE80::21E:C9FF:FEAA:AD79/64 ::/128 IPv6 Default Router.............FE80::A912:FEC2:A145:FEAD Configured IPv6 Protocol........None IPv6 AutoConfiguration mode............Enabled Burned In MAC Address...........001E.C9AA.
Line Commands This section explains the following commands: accounting line authorization login authentication enable authentication login-banner exec-banner motd-banner exec-timeout password (Line Configuration) history show line history size speed terminal length Authentication commands related to line configuration mode are in DHCP Client Commands. accounting Use the accounting command in Line Configuration mode to apply an accounting method to a line config.
Default Configuration Accounting is not enabled by default. Command Mode Line Configuration User Guidelines When enabling accounting for exec mode for the current line-configuration type, users logged in with that mode will be logged out. Examples Use the following command to enable exec type accounting for telnet. console(config)#line telnet console(config-telnet)# accounting exec default authorization Use the authorization command to apply a command authorization method to a line config.
Default Configuration Authorization is not enabled on any line method by default. Command Mode Line console, line telnet, line SSH User Guidelines When command authorization is configured for a line-mode, the switch sends information about the entered command to the method specified in the command list. The authorization method validates the received command and responds with either a PASS or FAIL response. If approved, the command is executed.
Default Configuration Uses the default set with the command aaa authentication enable. Command Mode Line Configuration mode User Guidelines Use of the no form of the command does not disable authentication. Instead, it sets the authentication list to the default list (same as enable authentication default). Example The following example specifies the default authentication method when accessing a higher privilege level console.
User Guidelines The exec banner can consist of multiple lines. Enter a quote to complete the message and return to configuration mode. Example console(config-telnet)# no exec-banner exec-timeout Use the exec-timeout command in Line Configuration mode to set the interval that the system waits for user input before timeout. To restore the default setting, use the no form of this command. Syntax exec-timeout minutes [seconds] no exec-timeout • • minutes — Integer that specifies the number of minutes.
history Use the history command in Line Configuration mode to enable the command history function. To disable the command history function, use the no form of this command. Syntax history no history Default Configuration The default value for this command is enabled. Command Mode Line Interface mode User Guidelines This command has no user guidelines. Example The following example disables the command history function for the current terminal session.
Default Configuration The default command history buffer size is 10. Command Mode Line Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the command history buffer size to 20 commands for the current terminal session. console(config-line)#history size 20 line Use the line command in Global Configuration mode to identify a specific line for configuration and enter the line configuration command mode.
User Guidelines The default authentication list for telnet and SSH is enableNetList. The enableNetList uses a single method: enable. This implies that users accessing the switch via telnet or SSH must have an enable password defined in order to access privileged mode. Alternatively, the administrator can set the telnet and ssh lists to enableList, which has the enable and none methods defined.
Default Configuration Uses the default set with the command aaa authentication login. Command Mode Line Configuration mode User Guidelines This command has no user guidelines. Example The following example specifies the default authentication method for a console. console(config)# line console console(config-line)# login authentication default login-banner Use the login-banner command to enable login banner on the console, telnet or SSH connection. To disable, use the no form of the command.
Example console(config-telnet)# no login-banner motd-banner Use the motd-banner command to enable motd on the console, telnet or SSH connection. To disable, use the no form of the command. Syntax motd-banner no motd-banner • MESSAGE — Quoted text Default Configuration This command has no default configuration. Command Mode Line Configuration User Guidelines This command has no user guidelines.
• • password — Password for this level. (Range: 8- 64 characters) The special characters allowed in the password include ! # $ % & ‘ ( ) * + , - . / : ; < = > @ [ \ ] ^ _ ` { | } ~. User names can contain blanks if the name is surrounded by double quotes. encrypted — Encrypted password to be entered, copied from another switch configuration. Default Configuration No password is specified. Command Mode Line Configuration mode User Guidelines This command has no user guidelines.
Command Mode User Exec and Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console(config-telnet)#show line Console configuration: Serial Port Login Timeout (mins) (secs)........ Baud Rate (bps)................................ Character Size (bits).......................... Flow Control................................... Stop Bits...................................... Parity.........................................
Default Configuration This default speed is 9600 for all platforms other than the N1100ON/N2100/N3100 Series switches. The N1100-ON/N2100/N3100 Series switches default to 115200 BAUD. Command Mode Line Interface (console) mode User Guidelines This configuration applies only to the current session. Example The following example configures the console BAUD rate to 9600. console(config-line)#speed 9600 terminal length Use the terminal length command to set the terminal length.
User Guidelines Setting the terminal length to 0 disables paging altogether. It is recommended that the terminal length either be set to 0 or a value larger than 4 as terminal lengths in the range of 1 to 4 may give odd output due to prompting. The terminal length command is specific to the current session. Logging out, rebooting or otherwise ending the current session will require that the command be reentered.
PHY Diagnostics Commands This section explains the following commands: show copper-ports tdr test copper-port tdr show fiber-ports optical-transceiver – show copper-ports tdr Use the show copper-ports tdr command to display the stored information regarding cable lengths. Syntax show copper-ports tdr [interface] • interface — A valid Ethernet interface identifier. Default Configuration This command has no default configuration.
Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 OK Short 50 13:32:00 23 July 2004 Test has not been performed Open 128 13:32:08 23 July 2004 Fiber - show fiber-ports optical-transceiver Use the show fiber-ports optical-transceiver command to display the optical transceiver diagnostics. Syntax show fiber-ports optical-transceiver [interface] • interface — A valid SFP, XFP or SFP+ port. Default Configuration This command has no default configuration.
test copper-port tdr Use the test copper-port tdr command to diagnose with Time Domain Reflectometry (TDR) technology the quality and characteristics of a copper cable attached to a 1GBaseT or 10GBaseT port. Syntax test copper-port tdr interface • interface — A valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines. This command prompts the user to shut down the port for the duration of the test.
console#test copper-port tdr te2/0/3 This command takes the port offline to measure the cable length. Use the show copper-port tdr command to view the results..
Power Over Ethernet Commands Dell EMC Networking PoE N1100P-ON, N1108EP-ON, N1524P, N1548P, N2024P, N2048P, N2124PX-ON, N2148PX-ON, N300EP-ON, N3132PX-ON switches implement the PoE, PoE+, or PoE 60W for power sourcing equipment (PSE), depending on the switch model. IEEE 802.3at allows power to be supplied to Class 4 powered devices (PD) that require power up to 30 Watts or PoE 60W (UPoE) to Class 4 devices on certain ports. This allows deployment of powered devices that require more power than the IEEE 802.
In the Dynamic Power management feature, power is not reserved for a given port at any point of time. The power available with the PoE switch is calculated by subtracting the instantaneous power drawn by all the ports from the maximum available power. Thus, more ports can be powered at the same time. This feature is useful to efficiently power up more devices when the available power with the PoE switch is limited.
Command Mode Interface Configuration (Ethernet). User Guidelines Auto enables the switch to deliver power to the powered device. The power inline management parameter should be set to class-based mode to enable power negotiation via LLDP-MED. Dell EMC Networking PoE-enabled ports should not be connected to other Power Sourcing Equipment (PSE) with PoE enabled. If the switch detects PSE equipment supplying power to a port, PoE power is disabled on the port.
• • dot3bt—Enable strictly compliant IEEE 802.3bt detection on the switch. This is only available on the N2200PX-ON switches. dot3bt+legacy —Enable 802.3bt, 802.3at, 802.3af and pre-9802.3af device detection. This is only available on the N2200PX-ON switches. Default Configuration The default value is dot3at+legacy. IEEE 802.3bt+legacy detection is enabled by default for the N2200PX-ON switches.
power inline four-pair forced Use this command to force 4-pair power feed on an interface. Use the no form of the command to use the default 2-pair power feed. Syntax power inline four-pair forced no power inline four-pair forced Default Configuration The default detection and power feed is four-pair power for ports that are capable of 60W power delivery. The default detection and power feed is Alt-A two-pair power for ports that are not capable of feeding four-pair power.
Example This example configures forced 60W 4-pair power mode on interface Gi1/0/1 console#configure console(config)#interface gi/10/1 console(config-if-Gi1/0/1)#power inline four-pair forced power inline limit Use the power inline limit command to configure a specific power limit for a port. Use the no form of this command to set the power limit to the default. Syntax power inline limit user-defined limit no power inline limit • user-defined limit—Allows the port to draw up to user-defined value.
The maximum configurable power limit is 30000 milliwatts for two-pair power. The maximum configurable power limit is 60000 milliwatts for fourpair power. The actual power delivered in two-pair or four-pair mode may exceed the user-defined limit. Refer to the Class Power Limits and Margin table in the Dell EMC Networking User’s Configuration Guide for more information. Example This example configures interface Gi1/0/1 to deliver 60W four-pair power.
Command History Description revised in 6.3.5 release. Command updated in firmware release 6.6.1. power inline management Use the power inline management command in Global Configuration mode to set the power management type. Use the no form of this command to set the management mode to the default.
Example In the following example, no port is specified so the command displays global configuration and status of all the ports. Configure the global power management scheme as dynamic with dot3at+legacy detection and enable PoE capability on ports Gi1/0/1-10.
no power inline poe-ha [unit unit-id] Default Configuration Perpetual PoE is disabled by default. Fast PoE is enabled by default and cannot be disabled. Command Mode Global Configuration mode User Guidelines Perpetual PoE Perpetual PoE allows the switch to supply power to PDs during reboot. The switch stores the power parameters for ports supplying PoE power when the running configuration is saved.
Example This example enables Perpetual PoE. console(config)#power inline poe-ha power inline powered-device The power inline powered-device command adds a comment or description of the powered device type to enable the user to remember what is attached to the interface. To remove the description, use the no form of this command. Syntax power inline powered-device pd-type no power inline powered-device • pd-type — Specifies the type of powered device attached to the interface.
For a system delivering peak power to a certain number of devices, if a new device is attached to a high-priority port, power to a low-priority port is shut down and the new device is powered up. Syntax power inline priority {critical | high | low} no power inline priority Command Mode Interface Configuration (Ethernet). User Guidelines Priority is always enabled for all ports. If all ports have equal priority in an overload condition, the switch will shut down the highest numbered ports first.
User Guidelines This command is useful if the port is stuck in an Error state. Power to the powered devices may be interrupted as the port is reset. power inline usage-threshold The power inline usage-threshold command configures the system power usage threshold level at which lower priority ports are disconnected. The threshold is configured as a percentage of the total available power. Use the no form of the command to set the threshold to the default value.
Examples console(config)# power inline usage-threshold 90 Command History Syntax updated in 6.4 release. clear power inline statistics Use this command to clear the PoE statistics. Syntax clear power inline statistics [interface-id] • interface-id—An Ethernet interface capable of supplying PoE power. Default Configuration This command has no default configuration. Command Modes Privileged Exec User Guidelines If no interface is specified, the statistics are cleared for all PoE-capable interfaces.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Ports configured in static mode will always show as Class 0 regardless of the actual PD type. The power status column shows Off for ports that are administratively or error disabled. The Power column shows the actual power drawn, not the configured value. If a port supplying power detects PSE equipment, the power to the port is shut off.
Overload Counter............................... Short Counter.................................. Denied Counter................................. Absent Counter................................. Invalid Signature Counter...................... Output Volts................................... Output Current................................. Temperature.................................... 0 0 0 0 0 53 0 39 In the next example, the port is specified and the command displays the details for the single port.
Syntax show power inline firmware-version Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command displays the PoE firmware version for each stack member individually.
RMON Commands The Dell EMC Networking SNMP component includes an RMON (remote monitoring) agent. RMON is a base technology used by network management applications to manage a network. Troubleshooting and network planning can be accomplished through the network management applications. The network monitor monitors traffic on a network and records selected portions of the network traffic and statistics. The collected traffic and statistics are retrieved using SNMP.
no rmon alarm number • • • • • • • • • • number—The alarm index. (Range: 1–65535) variable—A fully qualified SNMP object identifier that resolves to a particular instance of a MIB object. interval—The interval in seconds over which the data is sampled and compared with the rising and falling thresholds. (Range: 1– 2147483647) rising-threshold value—Rising Threshold value. (Range: -2147483648 – 2147483647) falling-threshold value—Falling Threshold value.
User Guidelines This command has no user guidelines. Example The following example configures the following alarm conditions: • • • • • • • Alarm index — 1 Variable identifier — 1.3.6.1.2.1.2.2.1.10.5 Sample interval — 10 seconds Rising threshold — 500000 Falling threshold — 10 Rising threshold event index — 1 Falling threshold event index — 1 console(config)#rmon alarm 1 1.3.6.1.2.1.2.2.1.1.10.
Default Configuration The buckets configuration is 50. The interval configuration is 1800 seconds. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode. User Guidelines This command cannot be executed on multiple ports using the interface range command. Example The following example enables a Remote Monitoring (RMON) MIB history statistics group on port 1/0/8 with the index number “1” and a polling interval period of 2400 seconds.
• owner—Enter a name that specifies who configured this event. If unspecified, the name is an empty string. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures an event with the trap index of 10. console(config)#rmon event 10 log rmon hcalarm Use the rmon hcalarm to configure high capacity alarms.Use the no form of the command to remove the alarm.
• • • • • • • • absolute—Specifies to use a fixed value for the threshold (Default value). delta—Specifies to use the difference between the current value and the previous value. rising-threshold value-64—Rising threshold value (−(263) to 263 − 1) rising-event-index—Event to trigger when the rising threshold is crossed (1–65535). falling-threshold-high value-64—Falling threshold value (−(263) to 263 − 1) falling-event-index—Event to trigger when the rising threshold is crossed (1–65535).
show rmon alarm Use the show rmon alarm command in User Exec mode to display alarm configuration. Also see the rmon alarm command. Syntax show rmon alarm number • number — Alarm index. (Range: 1–65535) Default Configuration This command has no default configuration. Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays RMON 1 alarms.
Field Description Alarm Alarm index. OID Monitored variable OID. Last Sample Value The statistic value during the last sampling period. For example, if the sample type is delta, this value is the difference between the samples at the beginning and end of the period. If the sample type is absolute, this value is the sampled value at the end of the period. Interval The interval in seconds over which the data is sampled and compared with the rising and falling thresholds.
show rmon alarms Use the show rmon alarms command in User Exec mode to display the alarms summary table. Syntax show rmon alarms Default Configuration This command has no arguments or keywords. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the alarms summary table: console> show rmon alarms Index OID -------------------------1 1.3.6.1.2.1.2.2.1.10.1 2 1.
show rmon collection history Use the show rmon collection history command in User Exec mode to display the requested group of statistics. Also see the rmon collection history command. Syntax show rmon collection history [{gigabitethernet unit/slot/port | port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
1 2 Gi1/0/1 Gi1/0/1 30 1800 50 50 50 50 CLI Manager show rmon events Use the show rmon events command in User Exec mode to display the RMON event table. Also see the rmon event command. Syntax show rmon events Default Configuration This command has no default configuration.
Example The following example displays the RMON event table. console> show rmon events Index Description Type Community ----- ---------------------1 Errors Log CLI 2 High Broadcast Log-Trap switch Owner ------ Last time sent ------------------Jan 18 2005 23:58:17 Manager Jan 18 2005 23:59:48 show rmon hcalarm Use the show rmon hcalarm command to display high capacity (64-bit) alarms configured with the rmon hcalarm command.
Rising Threshold Status: Positive Falling Threshold High: 20 Falling Threshold Low: 10 Falling Threshold Status: Positive Rising Event: 1 Falling Event: 2 Startup Alarm: Rising Owner: dell-owner console#show rmon hcalarms Index OID Owner ---------------------------------------------2 ifInOctets.1 dell-owner show rmon history Use the show rmon history command in User Exec mode to display RMON Ethernet Statistics history. Also see the rmon collection history command.
Field Description Time Date and Time the entry is recorded. Octets The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). Packets The number of packets (including bad packets) received during this sampling interval. Broadcast The number of good packets received during this sampling interval that were directed to the Broadcast address.
Field Description Jabbers The number of packets received during this sampling interval that were longer than 1518 octets (excluding framing bits but including FCS octets), and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error). Dropped The total number of events in which packets were dropped by the probe due to lack of resources during this sampling interval.
console> show rmon history 1 other Sample Set: 1 Owner: Me Interface: Gi1/0/1 Interval: 1800 Requested samples: 50 Granted samples: 50 Maximum table size: 270 Time Dropped Collisions ----------------------------- ----------10-Mar-2005 22:06:00 3 0 10-Mar-2005 22:06:20 3 0 show rmon log Use the show rmon log command in User Exec mode to display the RMON logging table. Syntax show rmon log [event] • event — Event index. (Range: 1–65535) Default Configuration This command has no default configuration.
console> show rmon log Maximum table size: 100 Event Description Time ----- -----------------------------1 Errors Jan 18 2005 23:48:19 1 Errors Jan 18 2005 23:58:17 2 High Broadcast Jan 18 2005 23:59:48 console> show rmon log Maximum table size: 100 (100 after reset) Event Description Time ----- -----------------------------1 Errors Jan 18 2005 23:48:19 1 Errors Jan 18 2005 23:58:17 2 High Broadcast Jan 18 2005 23:59:48 show rmon statistics Use the show rmon statistics command in User Exec mode to display
Field Description Dropped The total number of events in which packets are dropped by the probe due to lack of resources. This number is not always the number of packets dropped; it is the number of times this condition has been detected. Octets The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). Packets The total number of packets (including bad packets, broadcast packets, and multicast packets) received.
Field Description Collisions The best estimate of the total number of collisions on this Ethernet segment. 64 Octets The total number of packets (including bad packets) received that are 64 octets in length (excluding framing bits but including FCS octets). 65 to 127 Octets The total number of packets (including bad packets) received that are between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets).
HC HC HC HC HC Overflow Overflow Overflow Overflow Overflow Pkts Pkts Pkts Pkts Pkts 65 - 127 Octets: 0 HC Pkts 65 - 127 Octets: 0 128 - 255 Octets: 0 HC Pkts 128 - 255 Octets: 0 256 - 511 Octets: 0 HC Pkts 256 - 511 Octets: 0 512 - 1023 Octets: 0 HC Pkts 512 - 1023 Octets: 0 1024 - 1518 Octets: 0 HC Pkts 1024 - 1518 Octets: 0 Switch Management Commands 2128
Serviceability Commands Debug commands cause the output of the enabled trace to display on a serial port or telnet console. Note that the output resulting from enabling a debug trace always displays on the serial port. The output resulting from enabling a debug trace displays on all login sessions for which any debug trace has been enabled. The configuration of a debug command remains in effect the whole login session.
debug authentication interface debug ip bgp debug ipv6 pimdm debug udld debug auto-voip debug ip device tracking debug ospf debug vpc debug bfd debug ip dvmrp debug lacp debug vrrp debug cfm debug ip igmp debug mldsnooping ip http timeout-policy debug clear debug ip mcache debug ospfv3 packet exception protocol debug console debug ip pimdm packet debug ping exception switch-chipregister debug crashlog debug ip pimsm packet debug rip show debugging debug dhcp packet debug ip vrrp d
Default Configuration No debug tracing is enabled by default. Command Mode Global Configuration mode User Guidelines Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. Use of debug level logging when performing operations such as switch failover is not recommended. Debug messages are sent to the system log at the DEBUG severity level.
• vrf-name—The name of the VRF associated with the routing table context used by the command. If no vrf is specified, the global routing table context is used. Default Configuration ARP packet tracing is disabled by default. Command Mode Privileged Exec mode. User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. Only IPv4 addresses are supported with the vrf parameter. This vrf parameter is only available on the N3000-ON/N3100 switches.
Default Configuration Default value is disabled. Command Modes Privileged Exec mode User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console# debug authentication event Gi1/0/1 console# debug authentication all Gi1/0/1 debug auto-voip Use the debug auto-voip command to enable Auto VOIP debug messages. See the optional parameters to trace H323, SCCP, or SIP packets respectively.
Example console#debug auto-voip debug bfd Use this command to enable the display of BFD events or packets. Syntax debug bfd {packet | event} no debug bfd {packet | event} • • packet—Display BFD control packets. event—Display BFD state transition events. Default Configuration Debug is disabled by default. Command Mode Privileged Exec User Guidelines Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output.
Syntax debug cfm {event | {pdu {all | ccm | ltm | lbm |} {tx | rx}}} • • • • • • • • event—CFM events pdu—CFM PDUs ccm—Continuity check messages ltm—Link trace messages lbm—Loopback messages tx—Transmit only rx—Receive only all—Everything Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode. User Guidelines There are no user guidelines for this command. Example console#debug clear debug console Use the debug console to enable the display of “debug” trace output on the login session in which it is executed. Debug console display must be enabled in order to view any trace output. The output of debug trace commands appears on all login sessions for which debug console has been enabled.
Example console#debug console debug crashlog Use this command to display the crash log contents on the console. Syntax debug crashlog {crashlog-index | proc | kernel crashlog-index | data crashlog-index [comp-id] [item-number] [add-param] [add-param] | deleteall} [unit unit-index] • • • • • • • • • crashlog-index—Indicates which crash log to display. The range is 0-4. 0 indicates the most recent log and 4 specifies the oldest log. proc—Display the process crash log. kernel—Display the kernel crash data.
Example This example displays the most recent crash log for the stack master. console#debug crashlog 0 Displaying Crash Dump 0 For kernel Crash Dump - osapiDebugCrashDumpDisplay(x,1) *************************************************** * Start Stack Information * *************************************************** pid: 32195 TID: -1215952016 Task Name: emWeb si_signo: 11 si_errno: 0 si_code: 1 si_addr: 0x0 Date/Time: 8/13/2011 16:37:31 SW ver: 0.0.0.
*************************************************** ------------ CALL STACK INFO (VERBOSE) -----------Stack pointer before signal: 0x00000000 Offending instruction at address 0x00000000 tried to access address 0x00000000 CPU's exception-cause code: 0x00000000 Registers (hex) at time of fault: r01: 00000000 r02: 00000000 r03: 00000000 r05: 00000000 r06: 00000000 r07: 00000000 r08: 00000000 r10: 00000000 r11: 00000000 r12: 00000000 r13: 00000000 r15: 00000000 r16: 00000000 r17: 00000000 r18: 00000000 r20: 000
Syntax debug dhcp packet [transmit | receive] no debug dhcp packet [transmit | receive] Default Configuration By default, DHCP client packet tracing is disabled. Command Mode Privileged Exec User Guidelines The DHCP client has an internal packet tracing capability. This command turns the packet tracing on. Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output.
Default Configuration DHCP server packet tracing is disabled by default. Command Mode Privileged Exec User Guidelines The DHCP server support an internal packet tracing facility. This command turns the packet tracing on. Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. Example This example enables DHCP server packet tracing.
User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug dot1x packet debug igmpsnooping Use the debug igmpsnooping to enable tracing of IGMP Snooping packets transmitted and/or received by the switch. IGMP Snooping should be enabled on the device and the interface in order to monitor packets for a particular interface.
debug ip acl Use the debug ip acl command to enable debug of IP Protocol packets matching the ACL criteria. Use the “no” form of this command to disable IP ACL debugging. Syntax debug ip acl acl no debug ip acl acl • acl — The number of the IP ACL to debug. Default Configuration Display of IP ACL traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution.
• • • • • • • • • • • vrf vrf-name—Displays aggregate address information associated with the named VRF. ipv4-address—(Optional) The IPv4 address of a BGP peer. Debug traces are enabled for a specific peer when this option is specified. The command can be issued multiple times to enable simultaneous tracing for multiple peers. ipv6-address [interface interface-id]—The IPv6 address of a BGP peer. Debug traces are enabled for a specific peer when this option is specified.
Enabling one of the packet type options enables packet tracing in both the inbound and outbound directions. Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. If the vrf-name is specified, information pertaining to that VRF is displayed. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console#debug ip bgp 10.27.21.
debug ip dvmrp Use the debug ip dvmrp to trace DVMRP packet reception and transmission. The receive option traces only received DVMRP packets and the transmit option traces only transmitted DVMRP packets. When neither keyword is used in the command, all DVMRP packet traces are dumped. Vital information such as source address, destination address, control packet type, packet length, and the interface on which the packet is received or transmitted is displayed on the console.
type, packet length, and the interface on which the packet is received or transmitted is displayed on the console. Use the “no” form of this command to disable IGMP traces. Syntax debug ip igmp packet [receive | transmit] no debug ip igmp packet [receive | transmit] Default Configuration Display of IGMP traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution.
Default Configuration Display of MDATA traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug ip mcache packet debug ip pimdm packet Use the debug ip pimdm packet command to trace PIMDM packet reception and transmission.
User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug ip pimdm packet debug ip pimsm packet Use the debug ip pimsm command to trace PIMSM packet reception and transmission. The receive option traces only received PIMSM packets and the transmit option traces only transmitted PIMSM packets. When neither keyword is used in the command, then all PIMSM packet traces are dumped.
debug ip vrrp To enable debug tracing of VRRP events, use the debug ip vrrp command in Privileged Exec mode. To disable debug tracing, use the no form of the command. Syntax debug ip vrrp no debug ip vrrp Default Configuration No debug tracing is enabled by default. Command Mode Privileged Exec mode User Guidelines Debug messages are sent to the system log at the DEBUG severity level. To print them on the console, enable console logging at the DEBUG level (logging console debug).
Syntax debug ipv6 dhcp no debug ipv6 dhcp Default Configuration Debugging for the DHCP for IPv6 is disabled by default. Command Mode Privileged Exec User Guidelines This command enabled DHCPv6 packet tracing. Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Examples console#debug ipv6 dhcp debug ipv6 mcache Use the debug ipv6 mcache command to trace MDATAv6 packet reception and transmission.
Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug ipv6 mcache packet debug ipv6 mld Use the debug ipv6 mld command to trace MLD packet reception and transmission. The receive option traces only received MLD packets and the transmit option traces only transmitted MLD packets.
Example console#debug ipv6 mld packet debug ipv6 ospfv3 packet Use the debug ipv6 ospfv3 packet command to enable debug tracing of IPv6 OSPFv3 packets. Syntax debug ipv6 ospfv3 packet no debug ipv6 ospfv3 packet Default Configuration This command has no default configuration. Command Mode Privileged Exec mode. User Guidelines Debug output should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug output.
control packet type, packet length, and the interface on which the packet is received or transmitted is displayed on the console. Use the “no” form of this command to disable PIMDMv6 tracing. Syntax debug ipv6 pimdm packet [receive | transmit] no debug ipv6 pimdm packet [receive | transmit] Default Configuration Display of PIMDMv6 traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution.
Default Configuration Display of PIMSMv6 traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug ipv6 pimsm packet debug isdp Use the debug isdp command to trace ISDP packet reception and transmission.
User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug isdp packet debug lacp Use the debug lacp command to enable tracing of LACP packets received and transmitted by the switch. Use the “no” form of this command to disable tracing of LACP packets. Syntax debug lacp packet no debug lacp packet Default Configuration Display of LACP traces is disabled by default.
snooping packets. When neither keyword is used in the command, then all MLD snooping packet traces are dumped. Vital information such as source address, destination address, control packet type, packet length, and the interface on which the packet is received or transmitted is displayed on the console. Use the “no” form of this command to disable tracing of MLD Snooping packets.
• vrf-name—The name of the VRF associated with the routing table context used by the command. If no vrf is specified, the global routing table context is used. Default Configuration Display of OSPF traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. Only IPv4 addresses are supported with the vrf parameter. This command is only available on the N3000-ON/N3100 switches.
Command Mode Privileged Exec mode. User Guidelines Debug output should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug output. Use of debug level logging when performing operations such as switch failover is not recommended. Debug messages are sent to the system log at the DEBUG severity level. To print them on the console, enable console logging at the DEBUG level (logging console debug).
Default Configuration Display of ICMP echo traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. Only IPv4 addresses are supported with the vrf parameter. This command is only available on the N3000-ON/N3100 switches. Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug.
User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug rip packet debug sflow Use the debug sflow command to enable sFlow debug packet trace. Use the no form of this command to disable sFlow packet tracing. Syntax debug sflow packet no debug sflow packet Default Configuration Display of sFlow traces is disabled by default. Command Mode Privileged Exec mode.
dumped. Vital information such as source address, destination address, control packet type, packet length, and the interface on which the packet is received or transmitted is displayed on the console. Use the no form of this command to disable tracing of spanning tree BPDUs. Syntax debug spanning-tree bpdu [receive | transmit] no debug spanning-tree bpdu [receive | transmit] Default Configuration Display of spanning tree BPDU traces is disabled by default. Command Mode Privileged Exec mode.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. Use of debug level logging when performing operations such as switch failover is not recommended. Debug messages are sent to the system log at the DEBUG severity level.
User Guidelines Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. Use of debug level logging when performing operations such as switch failover is not recommended. Debug messages are sent to the system log at the DEBUG severity level. To print them on the console, enable console logging at the DEBUG level (logging console debug). Command History Command introduced in firmware release 6.6.1.
User Guidelines Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. debug vpc Use the debug vpc command to enable debug traces for the specified protocols. Use the no form of the command to disable all or some of the debug trace display.
User Guidelines Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. Example console#debug vpc peer-link data-message VPC peer link data message tracing enabled. debug vrrp Use the debug vrrp command to enable VRRP debug protocol messages. Use the no form of this command to disable VRRP debug protocol messages.
Syntax exception core-file file-name [hostname [time-stamp] | time-stamp [hostname]] no exception core-file • • • file-name — The file name. The maximum length is 15 characters. Embedded blanks may not be allowed by the host file system (for example, TFTP server) and are not recommended. hostname — Includes the switch host name in the core file name. If not configured, uses the switch MAC address in the core file name. time-stamp—Includes the switch TOD in the core file name.
console(config)#exception dump tftp-server 10.27.9.1 file-path dumps console(config)#exception core-file hostname time-stamp console(config)#exception protocol tftp exception dump Use this command to configure the core dump location. Use the no form of the command to reset the location and parameters to the default values.
Command Modes Global Configuration mode User Guidelines This option should only be used under the direction of Dell support personnel. The file-path parameter is used by both the USB and TFTP core dumps. The TFTP or FTP server must be reachable over the out-of-band interface. Front panel ports cannot be used during exception processing. Configuration parameters are not validated when the command is entered.
exception protocol Use the exception protocol command as directed by Dell EMC Networking support to enable full core dumps. Use the no form of the command to disable full core dumps. Syntax exception protocol {local |tftp | ftp | usb | none} no exception protocol • • • • • • • • • • local—Save the core file on the local file system. tftp — Store the core dump on a TFTP server reachable on the out-ofband port. ftp—Enable core transfer to an FTP server reachable on the out-of-band port.
Default Configuration Debug core dumps are disabled by default. The out-of-band port attempts to retrieve an IP address via DHCP by default. No TFTP or FTP server is defined. No stack IP addresses are assigned Compression is enabled by default Command Modes Global Configuration mode User Guidelines Crash dump retrieval via FTP or TFTP occurs after the system has crashed. During this time, the switch is not available for normal operation.
console(config)#exception protocol usb console(config)#do dir usb Attr Size(bytes) Creation Time drwx 16384 Jan 01 1970 00:00:00 drwx 0 Dec 16 2014 18:25:43 -rwx 943 Jan 01 1980 00:00:00 -rwx 21642899 Jan 01 1980 00:00:00 -rwx 373 Jan 01 1980 00:00:00 -rwx 8685003 Apr 05 2011 16:27:28 -rwx 37549 Aug 21 2013 07:55:22 -rwx 33903 Aug 22 2013 10:49:38 -rwx 139874 Oct 09 2013 14:00:18 -rwx 5899 Sep 20 2013 14:23:26 -rwx 21262857 Oct 24 2013 12:12:30 Total Size: 1002160128 Bytes Used: 51904512 Bytes Free: 9502556
ip http timeout-policy Use the ip http timeout-policy command to configure the timeout policy for closing HTTP and HTTPS sessions to the local HTTP server. Syntax ip http timeout-policy idle seconds life seconds no ip http timeout-policy • seconds—For the idle parameter, the approximate number of seconds after which an idle connection is closed. For the life parameter, the approximate number of seconds since login after which a session is closed.
Command History Introduced in version 6.3.0.1 firmware. Example console(config)#ip http timeout-policy idle 3600 life 86400 show debugging Use the show debugging command to display packet tracing configurations. Syntax show debugging no show debugging Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Enabled packet tracing configurations are displayed.
Syntax show exception [log [previous] | core-dump-file] • • • log—Display the current exception log. log previous—Display the previous exception log. core-dump-file—Display the core-dump file listing. Default Configuration This command has no default configuration. Command Modes Privileged Exec mode (all show modes) User Guidelines An exception log or core dump file is generated in the rare event that the switch firmware fails.
Parameter Description Stack IP Address Protocol Obtain switch IP address (DHCP or Static) Example The following example shows the default core transfer values. console(config)#show exception Coredump file name............................. Coredump filename uses hostname................ Coredump filename uses time-stamp.............. TFTP server IP................................. FTP server IP.................................. FTP user name.................................. FTP password.................
User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.3.0.1 firmware.
IANA-ADDRESS-FAMILY-NUMBERS-MIB DELL-DHCPSERVER-PRIVATE-MIB DELL-DHCPCLIENT-PRIVATE-MIB DELL-DNS-RESOLVER-CONTROL-MIB DELL-DENIALOFSERVICE-PRIVATE-MIB DELL-GREENETHERNET-PRIVATE-MIB Ethernet DELL-DEVICE-FILESYSTEM-MIB DELL-KEYING-PRIVATE-MIB Utility LLDP-MIB LLDP-EXT-DOT3-MIB LLDP-EXT-MED-MIB DELL-LLPF-PRIVATE-MIB DISMAN-PING-MIB DNS-SERVER-MIB DNS-RESOLVER-MIB SMON-MIB DELL-OUTBOUNDTELNET-PRIVATE-MIB Telnet DELL-TIMERANGE-MIB DELL-TIMEZONE-PRIVATE-MIB module should be used whenever a Differentiate
DISMAN-TRACEROUTE-MIB LAG-MIB RFC 1213 - RFC1213-MIB RFC 1493 - BRIDGE-MIB RFC 2674 - P-BRIDGE-MIB RFC 2674 - Q-BRIDGE-MIB RFC 2737 - ENTITY-MIB RFC 2863 - IF-MIB RFC 3635 - Etherlike-MIB DELL-SWITCHING-MIB DELL-INVENTORY-MIB DELL-PORTSECURITY-PRIVATE-MIB INET-ADDRESS-MIB IANAifType-MIB DELL-LOGGING-MIB MAU-MIB DELL-MVR-PRIVATE-MIB DELL-SNTP-CLIENT-MIB DELL-VPC-MIB IEEE8021-PAE-MIB DELL-DOT1X-ADVANCED-FEATURES-MIB Advanced DELL-DOT1X-AUTHENTICATION-SERVERMIB DELL-RADIUS-AUTH-CLIENT-MIB RADIUS-ACC-CLIEN
TACACS-CLIENT-MIB DELL-CAPTIVE-PORTAL-MIB DELL-AUTHENTICATION-MANAGER-MIB DELL-MGMT-SECURITY-MIB RFC 1724 - RIPv2-MIB RFC 1850 - OSPF-MIB RFC 1850 - OSPF-TRAP-MIB RFC 2787 - VRRP-MIB DELL-ROUTING-MIB IP-FORWARD-MIB IP-MIB DELL-LOOPBACK-MIB RFC 1657 - BGP4-MIB DELL-BGP-MIB DELL-QOS-MIB DELL-QOS-ACL-MIB DELL-QOS-COS-MIB DELL-QOS-AUTOVOIP-MIB DELL-QOS-DIFFSERV-PRIVATE-MIB DELL-QOS-ISCSI-MIB RFC 2932 - IPMROUTE-MIB draft-ietf-magma-mgmd-mib-03 RFC 5060 - PIM-STD-MIB RFC 5240 - PIM-BSR-MIB DVMRP-STD-MIB IANA-
MGMD-STD-MIB DELL-NSF-MIB configure RFC 2465 - IPV6-MIB RFC 2466 - IPV6-ICMP-MIB RFC 3419 - TRANSPORT-ADDRESS-MIB DELL-ROUTING6-MIB DELL-DHCP6SERVER-PRIVATE-MIB DELL-IPV6-LOOPBACK-MIB DELL-IPV6-TUNNEL-MIB Dell-LAN-SYSMNG-MIB Dell-LAN-TRAP-MIB Dell-Vendor-MIB specific multicast routing protocol in use. The MIB module for MGMD Management. The MIB module defines objects to Non Stop Forwarding.
User Guidelines This command has no user guidelines. Command History Introduced in version 6.2.0.1 firmware. write core Use the write core command to generate a core file on demand and either reboot the switch or test the core file configuration. Syntax write core [test [dest-file-name]] • dest-file-name — The file name used if a tftp-server is configured with the exception dump tftp-server command.
The system has unsaved changes. Would you like to save them now? (y/n) n Configuration Not Saved! This operation will reboot the device. Are you sure you want to create coredump? (y/n).y ---------------------------------------------------Thu Jan 1 00:17:35 1970 [pgid:577] [pid:577] [name:(syncdb)] [signal:11] Call Trace (depth = 3): 0xb6faf7dc 0xb6fafc60 0xb6ef742c <188> Jan 1 00:17:36 10.27.22.174-1 General[80499188]: procmgr.
Sflow Commands sFlow® is the standard for monitoring high-speed switched and routed networks. sFlow technology is built into network equipment and gives complete visibility into network activity, enabling effective management and control of network resources. The sFlow monitoring system consists of an sFlow Agent (embedded in a switch or router or in a stand-alone probe) and a central sFlow Collector. The sFlow Agent uses sampling technology to capture traffic statistics from the device it is monitoring.
Syntax sflow rcvr_index destination {ip-address [port] | maxdatagram size | owner “owner_string” {notimeout|timeout rcvr_timeout}} no sflow rcvr_index destination [ip-address | maxdatagram | owner] • • • • • • rcvr_index — The index of this sFlow Receiver (Range: 1–8). ip-address — The sFlow receiver IP address. If set to 0.0.0.0, no sFlow datagrams will be sent. size — The maximum number of data bytes that can be sent in a single sample datagram.
User Guidelines An sflow destination entry must have an owner assigned in order for polling or sampling to be operational. The last set of command parameters are optional in the no form of the command. Sflow commands with a timeout value supplied do not show in the running config. Because the timer is actively running, the command is ephemeral and is therefore not shown in the running config.
Command Mode Global Configuration mode. User Guidelines The sflow instance must be configured using the sflow destination owner command before this command can successfully execute. Example console(config)#sflow 1 polling gigabitethernet 1/0/1-10 200 sflow polling (Interface Mode) Use the sflow polling command in Interface Mode to enable a new sflow poller instance for this interface if rcvr_idx is valid. An sflow poller sends counter samples to the receiver.
Example console(config-if-Gi1/0/2)#sflow 1 polling 6055 sflow sampling Use the sflow sampling command to enable a new sflow sampler instance for this data source if rcvr_idx is valid. An sflow sampler collects flow samples to send to the receiver. Use the “no” form of this command to reset sampler parameters to the default.
User Guidelines Lower sampling numbers cause more samples to be collected and increase the load on the CPU. Setting a sampling rate of 1024 on a large number of ports may tax the CPU beyond it's ability to deliver the packets to the receiver. Lowering the sampling rate (higher numerical value) will help to ensure that all collected samples can be sent to the receiver. The sflow instance must be configured using the sflow destination owner command before this command can successfully execute.
Command Mode Interface Configuration (Ethernet) mode User Guidelines Lower sampling numbers cause more samples to be collected and increase the load on the CPU. Setting a sampling rate of 1024 on a large number of ports may tax the CPU beyond it's ability to deliver the packets to the receiver. Lowering the sampling rate (higher numerical value) will help to ensure that all collected samples can be sent to the receiver.
Command Mode Global Configuration mode User Guidelines The source interface must have an assigned IP address (either manually or via another method such as DHCP). Use the show sflow source-interface command to display the assigned source interface. This command is not supported on Dell EMC N1100-ON switches. Dell EMC N1100-ON switches support configuration of a single IP address in interface vlan configuration mode. That IP address is used as the source interface address for this function.
sFlow Version Uniquely identifies the version and implementation of this MIB. The version string must have the following structure: MIB Version; Organization; Software Revision where: MIB Version: 1.3, the version of this MIB. Organization: Dell Corp. Revision: 1.0 IP Address The IP address associated with this agent. Example console#show sflow agent sFlow Version.......................... 1.3;Dell Inc.;10.23.18.28 IP Address............................. 10.27.21.
Owner String The identity string for receiver, the entity making use of this sFlowRcvrTable entry. Time Out The time (in seconds) remaining before the receiver is released and stops sending samples to sFlow receiver. IP Address The destination IP address (the sFlow receiver host). Address Type 1 for IPv4 and 2 for IPv6. Port The destination Layer4 UDP port for sFlow datagrams. Datagram Version The sFlow record format version. For example, 5 indicates sFlow version 5.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed: Poller Data Source The sFlowDataSource (unit/slot/port) for this sFlow sampler. This agent will support Ethernet ports only. Receiver Index The sFlowReceiver associated with this sFlow counter poller.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed: Sampler Data Source The sFlowDataSource (unit/slot/port) for this sFlow sampler. This agent will support Ethernet ports only. Receiver Index The sFlowReceiver configured for this sFlow sampler. Packet Sampling Rate The statistical sampling rate for packet sampling from this source.
Command Mode Privileged Exec, Global Configuration, and all sub-modes User Guidelines Use the sflow source-interface command to assign an IP address other than the default for transmitted sFlow packets. This command is not supported on Dell EMC N1100-ON switches. Dell EMC N1100-ON switches support configuration of a single IP address in interface vlan configuration mode. That IP address is used as the source interface address for this function.
SNMP Commands The SNMP component provides a machine-to-machine interface for the Dell EMC Networking product family. This includes the ability to configure the network device, view settings and statistics, and upload or download code or configuration images. The agent includes a get-bulk command to reduce network management traffic when retrieving a sequence of Management Information Base (MIB) variables and an elaborate set of error codes for improved reporting to the network control station.
show snmp Use the show snmp command to display the SNMP communications status. Syntax show snmp Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the SNMP communications status.
Port name Sec ---------------- ------- -------------------- ------- ------ -------- --- ----- Version 3 notifications Target Address Type Retries Username Security UDP Filter TO Level Port name Sec ---------------- ------- ------------------ -------- ------ -------- --- ------ System Contact: System Location: Source Interface: SNMP trap Client Source Interface..............
console# show snmp engineID Local SNMP engineID: 08009009020C0B099C075878 show snmp filters Use the show snmp filters command to display the configuration of filters. Syntax show snmp filters filtername • filtername — Specifies the name of the filter. (Range: 1-30) Default Configuration This command has no default configuration.
show snmp group Use the show snmp group command to display the configuration of groups. Syntax show snmp group [groupname] • groupname — Specifies the name of the group. (Range: 1-30) Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The group name accepts any printable characters except a question mark. Enclose the string in double quotes to include spaces within the name.
Field Description Views • Read–A string that is the name of the view that enables you only to view the contents of the agent. If unspecified, all the objects except the community-table and SNMPv3 user and access tables are available. • Write–A string that is the name of the view that enables you to enter data and manage the contents of the agent. • Notify–A string that is the name of the view that enables you to specify an inform or a trap.
Syntax show snmp user [username] • username — Specifies the name of the user. (Range: 1-30) Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The user name accepts any printable characters except a question mark. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name.
Syntax show snmp views [viewname] • viewname — Specifies the name of the view. (Range: 1-30) Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following examples display the configuration of views with and without a view name specified.
• • • ospf—Display OSPFv2 specific trap settings. ospfv3—Display OSPFv3 specific trap settings. captive-portal—Display captive-portal specific trap settings. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example #1 console#show trapflags Authentication Flag............................ Auto-copy-sw Flag..............................
lsa: all....................................... overflow: all....................................... retransmit: all....................................... state-change: all....................................... Disabled Disabled Disabled Disabled snmp-server community Use the snmp-server community command in Global Configuration mode to set the community string to allow access to the switch SNMP MIBs. To remove the specified community string, use the no form of this command.
Default Configuration No community is defined. Defaults to read–only access if not specified. Command Mode Global Configuration mode User Guidelines The @ character is reserved for future use. It is not accepted in a community string. The question mark is the CLI help trigger. It may not be used in a community name. The backslash is a programmatic escape character. It may not be used in a community name. You cannot specify a view-name for su, which has access to the whole MIB.
snmp-server community-group Use the snmp-server community-group command in Global Configuration mode to map the internal security name for SNMP v1 and SNMP v2 security models to the group name. To remove the specified community string, use the no snmp-server community command. Syntax snmp-server community-group community-string group-name [ipaddress ipaddress] no snmp-server community-group community-string • • • community-string — The SNMP community identifier.
• Maps the internal security-name for SNMPv1 and SNMPv2 security models to the group-name. The community name may include any printable characters except a question mark, a backslash, or an at sign. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may accept entries up to the first illegal character, or reject the entry entirely.
Example The following example displays setting up the system contact point as “Dell_Technical_Support”. console(config)# snmp-server contact Dell_Technical_Support snmp-server enable traps Use the snmp-server enable traps command in Global Configuration mode to enable sending SNMP traps globally or to enable sending individual SNMP traps. Use the no form of this command to disable sending SNMP traps individually or globally.
• • • • • • • • • • • • • • • • • • • • • ospfv3type—{all | errors {all | bad packet | config error | virt bad packet | virt config error} | lsa {all | lsa-maxage | lsa-originate} | overflow {all | lsdb-overflow | lsdb-approaching-overflow} | retransmit {all | packets | virt-packets} | state-change {all | if state change | neighbor state change | virtif state change | virtneighbor state change}} acl—Enable traps on ACL match events. all—Enable all traps (not recommended).
• • • • • pim—Enable PIM traps (pim-sm and pim-dm). poe —Enable PoE traps. This parameter is only available on PoE capable switches. snmp authentication —Enable SNMP authentication traps. spanning-tree—Enable traps on topology changes. vrrp —Enable VRRP traps. Default Configuration SNMP authentication, link, multiple-user, spanning-tree, dot1q, and ACL traps are enabled by default. Port-security traps are enabled by default. Command Mode Global Configuration mode.
console(config)#snmp-server enable traps ? acl all auto-copy-sw bgp buffers captive-portal cpu dot1q dvmrp link multiple-users ospf ospfv3 pim port-security snmp spanning-tree vrf vrrp Press enter to execute the command. Enable/Disable traps for access control lists. Enable/Disable all Traps. Enable/Disable auto copy of code if there is a version mismatch. Enable BGP traps. Configure Mbuf threshold traps. Enable/Disable SNMP traps for CP system events. Configure CPU threshold traps.
• default — The engineID is created automatically, based on the device MAC address. Default Configuration The engineID is generated using the switch MAC address. Command Mode Global Configuration mode User Guidelines If you want to use SNMPv3, an engine ID is required for the switch. You can specify your own ID or use the default string that is generated using the MAC address of the device.
snmp-server filter Use the snmp-server filter command in Global Configuration mode to create or update a Simple Network Management Protocol (SNMP) server filter entry. To remove the specified SNMP server filter entry, use the no form of this command. Syntax snmp-server filter filter-name oid-tree {included | excluded} no snmp-server filter filter-name [oid-tree] • • • • filter-name — Specifies the label for the filter record that is being updated or created. The name is used to reference the record.
The filter name may include any printable characters except a question mark. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may accept entries up to the first illegal character or reject the entry entirely. Per RFC 2573, configuring a filter adds an implicit exclude-all as the first entry in a filter record.
• • • • • • auth — Indicates authentication of a packet without encrypting it. Applicable only to the SNMP Version 3 security model. priv — Indicates authentication of a packet with encryption. Applicable only to the SNMP Version 3 security model. contextname — Provides different views of the system and provides the user a way of specifying that context. notifyview — Defines a string that is the name of the view that enables specifying an inform or a trap.
snmp-server host Use the snmp-server host command in Global Configuration mode to specify the recipient of Simple Network Management Protocol notifications. To remove the specified host, use the no form of this command. This command enters the user into SNMP-host configuration mode.
Default Configuration The default configuration is 3 retries, and 15 seconds timeout. No hosts are configured by default. No notifications are sent by default. If you enter this command with no keywords, the default is to send all trap types to the host in SNMPv1 format. No informs are sent to the host. If no version keyword is present, the default is Version 1.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The location string may contain embedded blanks if enclosed in quotes. Any printable character is allowed in the string. Example The following example sets the device location as “New_York”. console(config)# snmp-server location New_York snmp-server user Use the snmp-server user command in Global Configuration mode to configure a new SNMP Version 3 user.
• • • • • • • • • auth-md5 — HMAC-MD5-96 authentication mode. auth-sha — HMAC-SHA-96 authentication mode. password — A password. (Range: 1 to 32 characters.) auth-md5-key — HMAC-MD5-96 authentication message digest key. Enter a pre-generated MD5 key. auth-sha-key — HMAC-SHA-96 authentication message digest key. Enter a pre-generated SHA key. md5-key — Character string —length 32 hex characters. sha-key — Character string —length 40 hex characters. priv-des-key — CBC-DES Symmetric Encryption privacy mode.
Command History Syntax updated in version 6.6 firmware to remove insecure ciphers. Example The following example configures an SNMPv3 user “John” in group “usergroup”. console(config)# snmp-server user John user-group snmp-server view Use the snmp-server view command in Global Configuration mode to create or update a Simple Network Management Protocol (SNMP) server view entry. To delete a specified SNMP server view entry, use the no form of this command.
User Guidelines A view is a set of ASN.1 objects the SNMP server is allowed to access. Multiple view statements may be entered for a particular view. This command can be entered multiple times for the same view record. The view name accepts any printable characters except a question mark. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name.
• • • • • • • • • • • hostname — Specifies the name of the host. (Range: 1-158 characters.) The command allows spaces in the host name when specified in double quotes. For example, #snmp-server v3-host “host name”. Note that the switch will not resolve host names that are not in conformance with RFC 1035. username — Specifies user name used to generate the notification. (Range: 1-30 characters.) traps — Indicates that SNMP traps are sent to this host.
User Guidelines The username can include any printable characters except a question mark. Enclose the string in double quotes to include spaces within the key. The surrounding quotes are not used as part of the key. The CLI does not filter illegal characters but may accept entries up to the first illegal character or reject the entry entirely. Example The following example configures an SNMPv3 host, and sets it to send SNMP INFORMS with user name John using authentication without encryption.
Default Configuration By default, the switch uses the assigned switch IP address as the source IP address for SNMP packets. This is either the IP address assigned to the VLAN from which the SNMP packet originates or the out-of-band interface IP address. Command Mode Global Configuration User Guidelines The source interface must have an assigned IP address (either manually or via another method such as DHCP). This command is not supported on Dell EMC N1100-ON switches.
SupportAssist Commands The commands in this section enable configuration of SupportAssist. Commands in this Section This section explains the following commands: eula-consent proxy-ip-address contact-company server contact-person show eula-consent support-assist enable show support-assist status proxy-ip-address support-assist – url eula-consent Use the eula-consent command to accept or reject the end-user license agreement (EULA) for the SupportAssist service.
User Guidelines Messages are shown for both the accept and reject use cases with information directing the user to URLs for further information. If the user rejects or has not yet accepted the EULA, the configuration mode for the specified service will not be usable. If there is existing configuration for that feature, the configuration will not be removed but the feature will be disabled. This command can be executed multiple times. It overwrites the previous information each time.
downloading SupportAssist on behalf of a company or other legal entity, you are further certifying to Dell that you have appropriate authority to provide this consent on behalf of that entity. If you do not consent to the collection, transmission and/or use of the Collected Data, you may not download, install or otherwise use SupportAssist. Example 2 console(config)# eula-consent support-assist reject I do not accept the terms of the license agreement.
Command Mode Support Assist Configuration User Guidelines This information is transmitted to Dell if the SupportAssist service is enabled. This command can be executed multiple times. It overwrites the previous information each time. The collected information is stored in the runningconfig. The administrator must write the configuration in order to persist it across reboots. Command History Introduced in version 6.3.0.1 firmware.
• • phone—The complete phone number. Maximum of 23 printable characters. preferred-method—The preferred method of contact. May be either email or phone. Default Configuration No contact person information is populated by default. Command Mode Support Assist Configuration User Guidelines The email address must conform to RFC 5322 sections 3.2.3 and 3.4.1 and RFC 5321. Additionally, the character set is further restricted to ASCII characters.
Syntax enable no enable Default Configuration By default, the default server is enabled. It may be disabled using the no enable form of the command. Command Mode Support Assist Configuration User Guidelines Only one SupportAssist server may be enabled. If contact with the server fails, the switch sleeps for the quiet period (default 1 hour) before attempting contact again. Command History Introduced in version 6.3.0.1 firmware.
• • • • • ipv6-address — The IPv6 address of the proxy server in IPv6 notation. port-number — The TCP port number of the proxy server. Range 165535. Default 443. userid— The user name used to log into the proxy server. encryption-type— 0 indicates an unencrypted password. 7 indicates an encrypted password. password— An unencrypted or encrypted password. Maximum length is 64 characters for an unencrypted password. Encrypted passwords must be 128 characters in length.
• server-name — The server name has a maximum length of 20 characters. Any printable character may be used in the server name other than a question mark. Enclose the server name in quotes if an embedded blank is desired in the server name. Default Configuration A default server named “default” exists at URL stor.g3.ph.dell.com. This server is pre-configured and may not be removed or modified other than to disable it.
Default Configuration The SupportAssist EULA is Accepted by default. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Acceptance of the SupportAssist EULA is enabled by default. Command History Introduced in version 6.3.0.1 firmware.
this consent on behalf of that entity. If you do not consent to the collection, transmission and/or use of the Collected Data, you may not download, install or otherwise use SupportAssist. show support-assist status Use the show support-assist status command to display information on SupportAssist feature status including any activities, status of communication, last time communication sent, etc. Syntax show support-assist status Default Configuration This command has no defaults.
support-assist Use the support-assist command to enable support-assist configuration mode if the EULA has been accepted. Use the no form of the command to remove the configured SupportAssist information. Syntax support-assist no support-assist Default Configuration By default, a server named “default” is configured. It may be disabled by the administrator. Command Mode Global Configuration User Guidelines This command enters support-assist-conf mode.
SupportAssist EULA has not been accepted. SupportAssist cannot be configured until the SupportAssist EULA is accepted. console(config)# url Use the url command to configure the URL to reach on the SupportAssist remote server. Use the no form of the command to remove the URL information.
console(config)support-assist console(conf-support-assist)#server new console(conf-support-assist-new)#url https://stor.g3.ph.dell.
SYSLOG Commands The Dell EMC Networking supports a centralized logging service with support for local in-memory logs, crash dump logs, and forwarding messages to SYSLOG servers. All switch components use the logging service.
<189> Oct 24 02:10:26 10.27.23.197-1 CMDLOGGER[emWeb]: cmd_logger_api.c(83) 438 %% NOTE CLI:EIA-232::logging buffered info If enabled, the CLI command logger subsystem begins to log commands immediately after the user is authenticated. After authentication, the CLI generates an explicit message and invokes the command logger. The format of the message at login is: <189> Jan 10 18:58:56 10.27.21.22-2 CMDLOGGER[209809328]: cmd_logger_api.c(83) 361 %% NOTE CLI:10.27.21.
clear logging Use the clear logging command to clear messages from the internal logging buffer. Syntax clear logging Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example clears messages from the internal SYSLOG message logging buffer.
User Guidelines This command has no user guidelines. Example The following example shows the clear logging file command and confirmation response. console#clear logging file Clear logging file [y/n] description (Logging) Use the description command in Logging mode to describe the SYSLOG server. Syntax description description • description — Sets the description of the SYSLOG server. (Range: 1-64 characters.) Default Configuration This command has no default value.
level Use the level command in Logging mode to specify the severity level of SYSLOG messages. To reset to the default value, use the no form of the command. Syntax level no level • level—The severity level for SYSLOG messages. (emergencies, alerts, critical, errors, warnings, notifications, informational, debugging) Default Configuration The default value for level is info.
Syntax logging cli-command no logging cli-command Default Configuration Disabled Command Mode Global Configuration User Guidelines See the CLI commands by using the show logging command. Example console(config)#logging cli-command console(config)#do show logging console#show logging Logging is enabled Logging protocol version: 0 Source Interface............................... Default Console Logging: Level warnings.
<189> Jan 10 18:59:27 10.27.21.22-2 TRAPMGR[209809328]: traputil.c(614) 372 %% Multiple Users: Unit: 0 Slot: 5 Port: 1 <189> Jan 10 18:59:27 10.27.21.22-2 CMDLOGGER[209809328]: cmd_logger_api.c(83) 373 %% NOTE CLI:10.27.21.22:admin:User admin logged in <190> Jan 10 18:59:27 10.27.21.22-2 CLI_WEB[209809328]: cmd_logger_api.c(260) 374 %% INFO [CLI:admin:10.27.21.22] User has successfully logged in <190> Jan 10 18:59:28 10.27.21.22-2 CLI_WEB[209809328]: cmd_logger_api.c(260) 375 %% INFO [CLI:admin:10.27.21.
Command Mode Global Configuration mode User Guidelines A signed X509 certificate must be present on the switch in order for DTLS (logging protocol 1) to operate. See the crypto commands for further information on certificates. Up to eight SYSLOG servers can be configured. The Dell EMC Networking uses the local7(23) facility in the SYSLOG message by default. SYSLOG messages will not exceed 96 bytes in length. SYSLOG protocol version 0 messages use the following format: <190> Jan 01 00:00:06 0.0.0.
Stack ID The assigned stack ID. 1 is used for systems without stacking capability. The top of stack is used to collect messages for the entire stack. Component Name Component name for the logging component. Components must use the new APIs in order to enable identification of the logging component. Component UNKN is substituted for components that do not use the new logging APIs. Thread ID The thread ID of the logging component. File Name The name of the file containing the invoking macro.
Command Mode Global Configuration Example console(config)#logging audit logging buffered Use the logging buffered command in Global Configuration mode to limit SYSLOG messages displayed from an internal buffer based on severity. To cancel the buffer use, use the no form of this command. Syntax logging buffered [severity–level] no logging buffered • severity–level—(Optional) The number or name of the desired severity level.
User Guidelines All the SYSLOG messages are logged to the internal buffer. This command limits the commands displayed to the user. Debug level messages are intended for use by support personnel. The output is voluminous, cryptic, and because of the large number of messages generated, can adversely affect switch operations. Only set the logging level to debug under the direction of support personnel.
Default Configuration The default console logging severity is warnings. Command Mode Global Configuration mode User Guidelines Messages at the selected level and above (numerically lower) are displayed on the console. Debug level messages (logging console 7) are intended for use by support personnel. The output is voluminous, cryptic, and because of the large number of messages generated, can adversely affect switch operations. Only set the logging level to debug under the direction of support personnel.
User Guidelines This command has no user guidelines. Example The following example sets the logging facility as local3. console(config)#logging facility local3 logging file Use the logging file command in Global Configuration mode to limit SYSLOG messages sent to the logging file based on severity. To set the default logging level, use the no form of this command.
User Guidelines The logging file command controls the minimum severity for which system messages are logged to the flash file system. Messages are flushed to the file system on every write. It is not recommended to use any setting other than the default unless debugging a specific issue. Using a severity other than the default may shorten the lifespan of the switch as the flash supports a limited number of write cycles and a limited number of spare blocks.
– [6 | informational] – [7 | debugging] Default Configuration The default logging monitor severity level is not configured. By default, logging messages are not displayed on SSH or telnet sessions (no logging monitor). Logging messages are displayed by default on console sessions (serial and out-of-band ports). Command Mode Global Configuration mode User Guidelines Use the terminal monitor command to enable the asynchronous display of system messages within an individual telnet or SSH session.
Command Mode Global Configuration mode User Guidelines The logging process controls the distribution of logging messages to the console, logging buffer, logging file, and SYSLOG servers. Logging on and off for these destinations can be individually configured using the logging buffered, logging file, and logging server commands. However, if the logging on command is disabled, no messages are sent to these destinations. Command logging is not affected by this command.
User Guidelines During system startup, messages are logged in RFC3164 format (e.g., in the startup persistent log). Messages are logged in the selected format upon the system processing the startup configuration. The time zone must be configured for the system to generate RFC5424 log messages with the time zone included. Example This example set the logging message format to RFC5424. DTLS is used for X509 configured SYSLOG servers if a certificate is available.
console(config)#clock timezone +5 minutes 30 zone IST console(config)#show clock 02:17:44 IST(UTC+5:30) Dec 21 2014 Time source is Local console(config)# <189>1 2013-06-13T23:24:15.652+5:30Z 10.130.185.84 TRAPMGR trapTask traputil.c(721) 11698 [stk@674 unit:1][sev@674 NOTE] %% Link Down: Gi1/0/11 logging snmp Use the logging snmp command in Global Configuration mode to enable SNMP Set command logging. To disable, use the no form of this command.
Syntax logging source-interface {loopback loopback-id} | {tunnel tunnel-id} | {vlan vlan-id} | {out-of-band } no logging source-interface • • • • loopback-id — The name of a loopback interface. tunnel-id — The name of a tunnel-id. vlan-id —A VLAN identifier. out-of-band —The out-of-band interface identifier. Default Configuration By default, the switch uses the assigned switch IP address. This is either the IP address assigned to VLAN or the out-of-band interface IP address.
logging traps Use the logging traps command in Global Configuration mode to set the lowest severity level at which SNMP traps are logged. To revert the urgent severity level to its default value, use the no form of this command. Syntax logging traps severity no logging traps • severity—If you specify a severity level, log messages at or above the severity level are e-mailed. The severity level may either be specified by keyword or as an integer from 0 to 7.
logged, and thus control whether traps appear in the buffered log or are emailed and, if they are e-mailed, whether traps are considered urgent or nonurgent. logging web-session Use the logging web-session command in Global Configuration mode to enable web session logging. To disable, use the no form of this command. Syntax logging web-session no logging web-session Default Configuration Disabled.
no port • port—The port number to which SYSLOG messages are sent. (Range: 1-65535) Default Configuration The default port number for UDP messages is 514. When DTLS is configured (logging protocol 1), the default port number is 6514. Command Mode SYSLOG server configuration mode User Guidelines After entering the view corresponding to a specific SYSLOG server, the command can be executed to set the port number for the server.
User Guidelines This command has no user guidelines. Command History Updated output in version 6.5. Example The following example displays the state of logging and the SYSLOG messages stored in the internal buffer. console#show logging Logging is enabled Logging protocol version: 1 Source Interface............................... out-of-band Console Logging: Level debugging. Messages : 1221 logged, 8500 ignored Monitor Logging: disabled Buffer Logging: Level informational.
<189> Oct 18 07:09:06 0.0.0.0-1 General[fp_main_task]: sdm_template_mgr.c(488) 3 %% NOTE Booting with default SDM template Data Center - IPv4 and IPv6. <190> Oct 18 07:09:05 0.0.0.0-1 General[procLOG]: procmgr.c(3685) 2 %% INFO Application Terminated (user.start, ID = 7, PID = 1349 <185> Oct 18 07:09:05 0.0.0.0-0 General[fp_main_task]: unitmgr.c(6612) 1 %% ALRT Reboot 1 (0x1) A protocol version 1 message will appear as follows: <189>1 2017-10-18T07:09:22.
Example The following example displays the state of logging messages sorted in the logging file. console(config)#show logging file Persistent Logging : enabled Persistent Log Count : 0 -------------------------------------------------------------------------Persistent Log File Empty show syslog-servers Use the show syslog-servers command to display the SYSLOG servers settings.
192.180.2.275 192.180.2.285 Transport Type -------------UDP TLS TLS 14 Info 7 14 Warning 7 Authentication Certificate Index ----------------- ------------------X509 Anonymous 5 terminal monitor Use the terminal monitor command to enable the display of system messages on the terminal for telnet and SSH sessions. Syntax terminal monitor no terminal monitor Default Configuration The default setting is that system messages are not displayed on telnet or SSH sessions.
Example This example enables the display of system messages and logging messages on the current telnet session.
System and Stack Management Commands This section explains the following commands: asset-tag member show interfaces show system advanced firmware banner exec memory free lowwatermark show memory cpu show system fan banner login nsf show memory cpu show system id banner motd ping show msg-queue show system power banner motd acknowledge process cpu threshold show nsf show system temperature buffers quit show power-usage- show tech-support history clear checkpoint statistics reload show
show interfaces logout show hardware profile portmode show switch update bootcode asset-tag Use the asset-tag command in Global Configuration mode to specify the switch asset tag. To remove the existing asset tag, use the no form of the command. Syntax asset-tag [unit] tag no asset-tag [unit] • • unit — Switch number. (Range: 1–12) tag — The switch asset tag. Default Configuration No asset tag is defined by default.
banner exec Use the banner exec command to set the message that is displayed after a successful login. Use the no form of the command to remove the set message. Syntax banner exec MESSAGE no banner exec • MESSAGE — Quoted text Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The exec message may consist of multiple lines. Enter a quote to complete the message and return to configuration mode.
Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The login banner can consist of multiple lines. Enter a quote to end the banner text and return to the configuration prompt. Up to 2000 characters may be entered into a banner. Each line entered will consume an extra two characters to account for the carriage return and line feed. Different terminal emulators will exhibit different behaviors when logging in over SSH.
User Guidelines The motd banner can consist of multiple lines. Enter a quote to end the banner text and return to the configuration prompt. Up to 2000 characters may be entered into a banner. Each line entered will consume an extra two characters to account for the carriage return and line feed. The motd banner is usually displayed prior to logging into the switch, although some protocols, for example SSH, may enforce different behavior. See the user guidelines for banner motd acknowledge for some examples.
User Guidelines Various terminal emulators exhibit different behaviors with regards to the MOTD and the acknowledge prompt, for example, TeraTerm and putty. There are also different behaviors based upon the protocol used (SSH versus telnet). See below for some examples where the MOTD prompt occurs either before or after the acknowledge prompt. The banner motd in this example is “If you need to utilize this device or otherwise make changes to the configuration, you may contact Kevin at x911.
[root@kevin ~]# ssh 192.168.12.84 -l dellradius If you need to utilize this device or otherwise make changes to the configuration, you may contact Kevin at x911. Please, be advised this unit is under test by Kevin. dellradius@192.168.12.84's password: Press 'y' to continue (within 30 seconds) (y/n) Welcome to the N3024 in the Bottom Chassis - 192.168.12.190. This unit is located in A2 and is currently under test.
Syntax buffers {rising-threshold rising-threshold-val | falling-threshold fallingthreshold-val | severity severity-level} no buffers {rising-threshold | falling-threshold | severity } • • • rising-threshold-val—The rising message buffer threshold over which a trap will be issued. This is a percentage of messages buffers utilized and ranges from 0 to 100. falling-threshold-val—The falling threshold value.
The falling-threshold-val should be configured to be less than or equal to the rising-threshold-val. Command History Introduced in version 6.2.0.1 firmware. Example console(config)#buffers rising-threshold 90 clear checkpoint statistics Use the clear checkpoint statistics command to clear the statistics for the checkpointing process. Syntax clear checkpoint statistics Default Configuration This command has no default configuration.
Syntax clear counters stack-ports Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command resets all statistics shown by the show switch stack-ports counters and the show switch stack-ports diag commands. Example console#clear counters stack-ports connect Use this command to connect the serial console of a different stack member to the local unit.
User Guidelines This command is available from the Unit prompt on a member unit serial port. The user need not be currently connected over the serial port to connect to another unit. The stack member being connected to must be up and running and connected as part of the stack. This command connects the the serial console from the target stack member to the local unit. There is only one console session allowed per stack.
Command Mode Privileged Exec mode. User Guidelines This command forcibly logs out and disconnects a Telnet, SSH, HTTP or HTTPs session. Use the show sessions command to display the session identifier. The session identifier ranges from 0-42. The all parameter disconnects all telnet, SSH, HTTP or HTTPs sessions. It is not possible to disconnect the EIA-232 (serial console) session. exit Use this command to disconnect the serial connection to a remote unit.
To disconnect a remote session to a stack member established from the stack manager. Stack-Master#connect 2 Remote session started. Type “exit” to exit the session. (Unit 2 - CLI unavailable - please connect to master on Unit 1)>exit Stack-Master# Example 2: To disconnect a remote session to the stack master established from a stack member.
Default Configuration No host name is configured. Command Mode Global Configuration mode User Guidelines The hostname, if configured, is advertised in the LLDP system-name TLV. The hostname may include any printable characters except a question mark. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may truncate entries at the first illegal character or reject the entry entirely.
User Guidelines This command forces a warm restart of the stack. The backup unit takes over as the new management unit without clearing the hardware state on any of the stack members. The original management unit reboots. If the system is not ready for a warm restart, for example because no backup unit has been elected or one or more members of the stack do not support nonstop forwarding, the command fails with a warning message. Use the standby command to select a specific unit to act as the backup unit.
load-interval Use this command to load the interface utilization measurement interval. Use the no form of this command to reset the duration to the factory default value. Syntax load-interval time no load-interval • time—The number of seconds after which interface utilization is measured periodically. The time has to be a multiple of 30. (Range 30600 seconds) Default Configuration The default interval is 300 seconds.
Default Configuration Default value is 20 seconds. Command Mode Privileged Exec User Guidelines When this command is executed on N1100-ON/N1500/N2000/N2100ON/N2200-ON/N3000-ON/N3100-ON switches, the front panel power supply 1 LED blinks. The LED blinks until it times out. The user may select a new time value while the LED is blinking. The last value selected takes effect immediately. The locate command does not persist across reboots.
The stack member being connected to must be up and running and connected as part of the stack. This command is an alias for the exit command. Example (Example 1: To disconnect a remote session to stack master established from a stack member. Unit 2 - CLI unavailable - please connect to master on Unit 1)>connect 1 Stack-Master# Stack-Master#logout (Unit 2 - CLI unavailable - please connect to master on Unit 1)> Example 2: To disconnect a remote session to stack master established from a stack member.
Default configuration This command has no defaults. Command Mode Stack Configuration User Guidelines The switch index (SID) can be obtained by executing the show supported switchtype command in User Exec mode. When removing a unit from a stack, use the no member command to remove the stack member configuration after physically removing the unit. Example The following example displays how to add to stack switch number 2 with index 1.
Command Mode Global Configuration User Guidelines Use the show memory cpu command to display the allocated and free memory. Setting the threshold to 0 disables low memory notifications. The traps and SYSLOG messages are suppressed if they occur more frequently than once a minute. Command History Introduced in version 6.2.0.1 firmware. Example This example sets the notification for low memory at 1 megabyte.
User Guidelines Nonstop forwarding allows the forwarding plane of stack units to continue to forward packets while the control and management planes restart as a result of a power failure, hardware failure, or software fault on the stack management unit. Example console(config)#nsf ping Use the ping command to check the accessibility of the specified station on the network. Use of the optional VRF parameter executes the command within the context of the VRF specific routing table.
• • • • • • • • repeat—The number of ping packets to send. (Range: 1–100 packets). interval—The time between Echo Requests, in seconds (Range: 1–60 seconds). size—Number of data bytes in a packet (Range: 0–13000 bytes). source ip-address—The ping packets are transmitted using the specified source IP address. source loopback loopback-id—The ping packets are transmitted with the source address of the loopback interface.
The ipv6 parameter must be specified if an IPv6 address is entered. Otherwise, the command will interpret the IPv6 address as a hostname parameter. The switch can be pinged from a remote IPv4/IPv6 host with which the switch is connected through the default VLAN (VLAN 1) or another VLAN, if configured, as long as there is a physical path between the switch and the host.
Reply From fe80::21e:c9ff:fede:b137: icmp_seq = 1. time <10 msec. Reply From fe80::21e:c9ff:fede:b137: icmp_seq = 2. time <10 msec. Reply From fe80::21e:c9ff:fede:b137: icmp_seq = 3. time <10 msec. The following example determines whether another computer is reachable over the network at the IPv6 address specified.
• • The default interval is 0 seconds. The default severity level is NOTICE. Command Modes Global Configuration User Guidelines CPU utilization is calculated using Exponential Moving Weighted Average (EMWA) over the total time period. The EMWA is calculated using the following formula: EMWA(current_period) = EMA(prev_period) + (currentUtilization – EMA(prev_period)) * weight where weight = 2 / ((TotalTimePeriod/samplePeriod) + 1). The sample period is 5 seconds.
Example console(config)#process cpu threshold type total rising 90 interval 100 quit Use this command to disconnect the serial connection to the remote unit on the stack member. Syntax quit Default Configuration There is no default configuration for this command. Command Modes User Exec mode on the stack master. Unit prompt on the stack member. User Guidelines This command is available in User Exec mode on the master unit serial port and from the Unit prompt on member unit serial ports.
(Unit 2 - CLI unavailable - please connect to master on Unit 1)>connect 1 Stack-Master#exit Stack-Master>quit (Unit 2 - CLI unavailable - please connect to master on Unit 1)> reload Use the reload command to reload stack members. The reload command checks for stack port errors prior to reloading stack members and after the check for unsaved configuration changes. If stack port errors are found, a message is displayed.
Example-Stack Port Errors The following example shows stack port errors detected by the command. console#reload Management switch has unsaved changes. Are you sure you want to continue? (y/n) Warning! Stack port errors detected on the following interfaces: Interface Error Count ---------------- ---------------Gi1/0/1 12 Gi1/0/3 22 Stack port errors may indicate a non-redundant stack topology exists.
User Guidelines The switch logs a message and generates a trap on inserting or removing an optics not qualified by Dell. This command suppresses the above mentioned behavior. Example The following example bypasses logging of a message and trap generation on inserting or removing an optics not qualified by Dell. console(config)# service unsupported-transceiver set description Use the set description command in Stack Configuration mode to associate a text description with a switch in the stack.
slot Use the slot command to configure a slot in the system. The unit/slot is the slot identifier of the slot located in the specified unit. The cardindex is the index to the database of the supported card types (see the command show supported cardtype) indicating the type of card being preconfigured in the specified slot. The card index is a 32-bit integer.
• cardindex — The index into the database of the supported card types (see show supported cardtype) indicating the type of card being preconfigured in the specified slot. The card index is a 32-bit integer. Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The card index (CID) can be obtained by executing the show supported cardtype command.
Example console#show banner Banner:Exec Line Console...................... Enable Line SSH.......................... Disable Line Telnet....................... Enable ===exec===== Banner:Login Line Console...................... Enable Line SSH.......................... Enable Line Telnet....................... Disable ===login===== Banner:MOTD Line Console...................... Enable Line SSH.......................... Enable Line Telnet.......................
to the Normal group. Small numbers of buffer failures in the low priority groups (Norm, Mid2, Mid1) may occur without affecting system operation, (for example, loss of an LLDP packet is not likely to cause any noticeable system disruption). Command History Introduced in version 6.2.0.1 firmware.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines When nonstop forwarding is enabled on a stack, the stack's management unit checkpoints operational data to the backup unit. If the backup unit takes over as the management unit, the control plane on the new management unit uses the checkpointed data when initializing its state.
Default Configuration This command has no default configuration. User Guidelines This command is not available on N1100-ON/N1500/N2000/N2100ON/N2200-ON/N3000-ON/N3100-ON switches. Example Console#show cut-through mode Current mode : Enable Configured mode : Disable (This mode is effective on next reload) show hardware profile portmode Use the show hardware profile portmode command to display the hardware profile information for the 40G ports.
Examples console#show hardware profile portmode Configured 40G Interface 10G Interfaces Mode ------------- -------------- ---------Fo1/0/1 Te1/0/25-28 1x40G Fo1/0/2 Te1/0/29-32 1x40G Running Mode ------4x10G 1x40G console#show hardware profile portmode fo1/0/1 Configured Running 40G Interface 10G Interfaces Mode Mode ------------- -------------- ---------- ------Fo1/0/1 Te1/0/25-28 1x40G 4x10G show idprom interface Use this command to display the optics EEPROM contents in user-readable format.
Serial Number..................... ANF0L5J Dell EMC Qualified................ Yes The following example shows the optic parameters, but not the IDPROM content as the entered activation code in incorrect. console#show idprom interface tengigabitethernet 1/0/9 debug abc Type.............................. Media............................. Serial Number..................... Dell EMC Qualified................
Command History Updated examples and guidelines in version 6.5 firmware. Example The following example shows the output for a 1G interface: console#show interfaces gi1/0/1 Interface Name : .............................. Gi1/0/1 SOC Hardware Info :............................ BCM56342_A0 Link Status : ................................. Up Keepalive Enabled.............................. True Err-disable Cause.............................. None VLAN Membership Mode: .........................
Transmit Packets Discarded..................... Total Transmit Errors.......................... Total Transmit Packets Discarded............... Single Collision Frames........................ Multiple Collision Frames...................... Excessive Collision Frames.....................
User Guidelines This command is only applicable to firmware upgradable interfaces. 1G interfaces are never shown in the command output. Some 10G interfaces may show as not firmware upgradable.
show msg-queue Use the show msg-queue command to display the internal message queue allocations. Syntax show msg-queue Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode, and all sub-modes User Guidelines The following information is displayed. Parameter Description Queue ID The queue identifier. Queue Name The queue name Messages in Queue The number of messages currently queued.
show nsf Use the show nsf command to show the status of non-stop forwarding. Syntax show nsf Default Configuration This command has no default configuration.
Parameter Description Range Default Last Startup Reason The type of activation that caused the software to start the last time. There are four options. “Power-On” means that the switch rebooted. This could have been caused by a power cycle or an administrative “Reload” command. “Administrative Move” means that the administrator issued a command for the stand-by manager to take over.
Parameter Description Range Time Since Last Copy When the running configuration was last copied from the management unit to the backup unit. Time Stamp Time Until Next Copy 0 - 120 seconds The number of seconds until the running configuration will be copied to the backup unit. This line only appears when the running configuration on the backup unit is Stale. Default Example The show nsf command is used to display which unit is the management unit and which is the backup unit.
Syntax show power-usage-history • unit-id—Stack unit for which to display the power history. Range 1-12. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Power draw is measured at the power supplies. Power draw is not measured at the interfaces. This command is not available on the Dell EMC Networking N1100-ON Series switches.
Syntax show process app-list Default Configuration This command does not have a default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed. Fields Description ID Application ID assigned by the Process Manager. Name Application Name PID Application Linux Process ID. Admin-Status Flag indicating if the application is administratively enabled.
2 syncdb-test 0 Disabled Disabled Stopped show process app-resource-list This command lists the configured and in-use resources for each application known to the Process Manager. Syntax show process app-resource-list Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed.
Command History Introduced in version 6.2.0.1 firmware. Example console#show process app-resource-list Memory CPU Memory Max Mem ID Name PID Limit Share Usage Usage ---------------------------------------------------------------------1 switchdrvr 280 Unlimited Unlimited 256MB 280MB 2 syncdb-test 0 10MB 20% 0MB 0MB show process cpu Use the show process cpu command to check the CPU utilization for each process currently running on the switch.
CPU Utilization: PID Name 5 Sec 1 Min 5 Min --------------------------------------------------------328bb20 tTffsPTask 0.00% 0.00% 0.02% 3291820 tNetTask 0.00% 0.00% 0.01% 3295410 tXbdService 0.00% 0.00% 0.03% 347dcd0 ipnetd 0.00% 0.00% 0.01% 348a440 osapiTimer 1.20% 1.43% 1.21% 358ee70 bcmL2X.0 0.40% 0.30% 0.12% 359d2e0 bcmCNTR.0 0.80% 0.42% 0.50% 3b5b750 bcmRX 0.00% 0.13% 0.12% 3d3f6d0 MAC Send Task 0.00% 0.07% 0.10% 3d48bd0 MAC Age Task 0.00% 0.00% 0.03% 40fdbf0 bcmLINK.0 0.00% 0.14% 0.
Syntax show process proc-list Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed. Fields Description PID Application Linux Process ID Process-Name Linux process name Application ID-VRID-Name Name of the application that started the process and the application ID assigned by the Process Manager.
Command History Introduced in version 6.2.0.1 firmware. Example console##show process proc-list Process Application VM Size VM Peak PID Name ID-VRID-Name Child (KB) (KB) FD Count ----------------------------------------------------------------280 switchdrvr 1-0-switchdrvr No 220992 230724 36 281 syncdb 2-0-syncdb No 2656 2656 8 281 proctest 3-55-proctest No 2656 2656 8 show router-capability Use this command to display the router capabilities of the loaded firmware image.
This example displays the capabilities of an N3000-ONBGPv6.3.x.x firmware mixed stacking build. console#show router-capability This firmware supports a stack of up to eight switches. MVRP/MMRP capabilities are not available. show sessions Use the show sessions command to display a list of the open sessions from remote hosts. Syntax show sessions Default Configuration This command has no default configuration.
Field Description Session ID The session identifier. Use with the disconnect command. User Name The login ID associated with the session. Connection from The origin of the connection. Idle Time The elapsed time since session activity was last detected. Session Time The elapsed time since the session was connected. Session Type The type of connection (Serial, Telnet, SSH, HTTP, HTTPS).
The following table explains the output parameters. Parameter Description Slot The slot identifier in a slot/port format. Slot Status The slot is empty, full, or has encountered an error. Admin State The slot administrative mode is enabled or disabled. Power State The slot power mode is enabled or disabled. Configured Card Model Identifier The model identifier of the card preconfigured in the slot. Model identifier is a 32-character field used to identify a card.
1/0 1/1 Full Empty Enable Enable Dell Networking N4032 Disable Disable No Yes Command History Description updated in the 6.4 release. show supported cardtype Use the show supported cardtype command to display information about all card types supported in the system. Syntax show supported cardtype [cardindex] • cardindex — Displays the index into the database of the supported card types. This index is used when preconfiguring a slot. Default Configuration This command has no default configuration.
Parameter Description Card Index (CID) The index into the database of the supported card types. This index is used when preconfiguring a slot. Card Model Identifier The model identifier for the supported card type. If you supply a value for cardindex, the following additional information appears as shown in the table below. Parameter Description Card Type The 32-bit numeric card type for the supported card. Model Identifier The model identifier for the supported card type.
Command History Description updated in the 6.4 release. show supported switchtype Use the show supported switchtype command to display information about all supported switch types. Syntax show supported switchtype [switchindex] • switchindex — Specifies the index into the database of the supported switch types, indicating the type of the switch being preconfigured. The switch index is a 32-bit integer. (Range: 0–65535) Default Configuration This command has no default configuration.
Field Description Code Version This field displays the code load target identifier of the switch type. The following table describes the fields in the second example. Field Description Switch Type This field displays the 32-bit numeric switch type for the supported switch. Model Identifier This field displays the model identifier for the supported switch type. Switch Description This field displays the description for the supported switch type.
Slot........................... 1 Card Index (CID)............... 6 Model Identifier............... Dell SFP+ Card Slot........................... 1 Card Index (CID)............... 7 Model Identifier............... Dell 10GBase-T Card show switch Use the show switch command to display information about units in the stack.
Command Mode User Exec, Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The show switch command shows the configuration and status of the stacking units, including the active and standby stack management units, the pre-configured model identifier, the plugged in model identifier, the switch status and the current code version.
Unit Description Switch This field displays the unit identifier assigned to the switch. Management Status This field indicates whether the switch is the Management Switch, a stack member, or the status is unassigned. Switch Type This field displays the 32-bit numeric switch type. Preconfigured Model Identifier This field displays the model identifier for this switch. Model Identifier is a 32-character field assigned by Dell to identify the switch.
Unit Description Up Time This field displays the system up time. The additional fields in the all units example are as follows: Unit Description Switch This field displays the unit identifier assigned to the switch. Management Status This field indicates whether the switch is the Management Switch, a stack member, or the status is unassigned. Standby Status This field indicates whether the switch is the Standby Switch.
Examples Example – Stack Status for the Switch console#show switch 1 Switch............................ Management Status................. Switch Type....................... Preconfigured Model Identifier.... Plugged-in Model Identifier....... Switch Status..................... Switch Description................ Detected Code Version............. Detected Code in Flash............ SFS Last Attempt Status........... Serial Number..................... Up Time...........................
Example-Stacking Links Path This command tracks the path a packet may take when traversing stacking links. The command shows active paths only, not those that may be taken after a stack failover or stack reconvergence. console#show switch stack-ports stack-path 3 1 Packet-path from unit 3 to unit 1: 1 2 unit-3 port gi3/0/49 to unit-2 unit-2 port gi2/0/49 to unit-1 Example – Switch Firmware Stack Status The following example displays the Switch Firmware stack status information for the switch.
--- ---------- --------- ------------- ------------- ------------- --------1 Mgmt Sw N4032F N4032F SDM Mismatch 10.7.14.21 Example – show switch stack–ports diag { verbose } console#show switch stack-ports diag 1 verbose ----------------------------------------HPC RPC statistics/counters from unit 1 ----------------------------------------Registered functions........................... Client requests................................ Server requests................................
Transmit pending count......................... Current number of TX waits..................... Rx transactions created........................ Rx transactions freed.......................... Rx transactions freed(raw)..................... Tx transactions created........................ BET Rx dropped pkts count...................... ATP Rx dropped pkts count...................... Failed to add key pkt count.................... Source lookup failure count....................
Tx failed pkt count............................ 0 --------------------------------------RLink statistics/counters from unit 1 --------------------------------------State initialization........................... L2 notify in pkts.............................. L2 notify in pkts discarded.................... L2 notify out pkts ............................ L2 notify out pkts discarded................... Linkscan in pkts............................... Linkscan in pkts discarded.....................
RFCS RJBR size RUND TFCS : : 2 : : Received Frame Check Sequence Errors RFRG : Received Fragment Errors Received Jabber Errors RUNT : Received Packets with to 63 bytes Received Undersize Packets ROVR : Received Oversize Packets Transmit Frame Check Sequence Errors TERR : Transmit Errors 1 - Tw1/0/1: RBYT:4132621 RPKT:6525 TBYT:3108325 TPKT:6395 RFCS:0 RFRG:0 RJBR:0 RUND:0 RUNT:0 TFCS:0 TERR:0 1 - Tw1/0/2: RBYT:0 RPKT:0 TBYT:0 TPKT:0 RFCS:0 RFRG:0 RJBR:0 RUND:0 RUNT:0 TFCS:0 TERR:0 Command History Synta
Example console#show system System Description: Dell Networking Switch System Up Time: 0 days, 03h:02m:30s System Contact: System Name: System Location: Burned In MAC Address: 001E.C9DE.B41B System Object ID: 1.3.6.1.4.1.674.10895.
---------------------Device Not Present show system fan Use the show system fan command to explicitly display the fan status. Syntax show system fan Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The tag information is on a switch by switch basis. Example The following example displays the system service tag information.
User Guidelines This command is only available on switches with a power monitoring circuit. It is not available on the Dell EMC Networking N1100-ON Series switches. Examples console#show system power Power Supplies: Unit Description ---1 1 1 ----------System PS-1 PS-2 Status Average Power (Watts) ----------- ---------Non-critical 39.8 Failure No Power N/A Current Power (Watts) -------39.
a range, the fans run at a reduced speed for the lower temperature part of the range and an increased speed for the higher temperature part of the range. Each range runs the fans at increasingly higher speeds for increasingly higher temperatures. Above the Critical status upper limit, the system is shut down. Typically, the shutoff temperature for the switch is 90-105° C.
• • • • • • • • • • • • • show switch stack-port counters show nsf show slot show interfaces advertise show interfaces advanced firmware show lldp remote-device all show interfaces counters errors show fiber-ports optical-transceiver show process cpu show ethernet cfm errors (N3000-ON/N3100 series only) show power inline firmware-version show version show interfaces transceiver properties Syntax show tech-support [ bgp | bgp-ipv6 | ospf | ospfv3 | bfd ] [file | usb] • • • • • • • bgp — Show detailed info
• • • • • • • • • • • • • • • show interfaces transceiver show power inline show switch stack-port counters show nsf show slot show interfaces advertise show interfaces advanced firmware show lldp remote-device all show interfaces counters errors show fiber-ports optical-transceiver show process cpu show ethernet cfm errors (N3000-ON/N3100 series only) show power inline firmware-version show version show interfaces transceiver properties Tech support files are named tech-supportXXX.
2.6.32.9 Machine Description............... System Model ID................... Machine Type...................... Serial Number..................... Manufacturer...................... Operating System.................. Burned In MAC Address............. System Object ID.................. CPU Version....................... SOC Version....................... HW Version........................ CPLD Version...................... Dell Networking Switch N4032 Dell Networking N4032 0000 0xbc00 Linux 2.6.32.
Command History Description updated in the 6.4 release. show users Use the show users command to display information about the active users. Syntax show users [long] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The command also shows which administrative profiles have been assigned to local user accounts and to show which profiles are active for logged-in users.
show version Use the show version command in User Exec mode to displays the system version information. Syntax show version [unit ] • unit — The unit number. Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command shows the version information for the stack master if no arguments are given. Example console#show version Machine Description...............
1 6.0.0.1 5.1.0.1 6.0.0.1 5.1.0.1 console#show version 2 SOC Version....................... HW Version........................ CPLD Version...................... Boot Version...................... BCM56842_B1 1 14 v1.0.21 Unit Image 1 Image 2 Current Active Next Active ----- ------------ ------------ ----------------- ----------------2 6.0.0.1 5.1.0.1 6.0.0.1 6.0.0.1 stack Use the stack command in Global Configuration mode to enter Stack Configuration mode.
stack-port Use the stack-port command in Stack Configuration mode to configure ports as either Stacking ports or as Ethernet ports. NOTE: This command is only valid on the N1100-ON, N1500, N2100-ON, N2200-ON, and N3100-ON switches. It issues an error response if used on the N2200-ON switches. Syntax stack-port {twentygigabitethernet|tengigabitethernet} unit/slot/port {ethernet|stack [speed {40g|21g}]} • speed {40g|21g}—Set the stack port speed.
The stack-port configuration mode does not appear in the running config. Use the show switch stack-port command to display configuration and status of stacking ports. Ethernet ports that are configured to operate as stacking ports will show as detached in the show interfaces status command output. Use the show switch command to display information regarding the switches in a stack. Redundant stacking links between any two units must operate at the same speed.
stack-port shutdown Use this command to enable or disable the stack port administratively. This command is usually used to diagnose the stack in case any one of the stack ports is exhibiting errors. Syntax stack-port interface-id shutdown no stack-port interface-id shutdown • interface-id—The stacking interface identifier. Default Configuration There no default configuration for this command.
standby Use the standby command to configure the standby unit in the stack. This unit comes up as the master when the stack failover occurs. Use the no form of this command to reset to default, in which case, a standby is automatically selected from the existing stack units if there no preconfiguration. Syntax standby unit no standby • unit — Valid unit number in the stack. (Range: 1–12 maximum (less on stacks with a restricted stack size, for example, AdvLite).
switch renumber Use the switch renumber command in Global Configuration mode to change the identifier for a switch in the stack. Syntax switch oldunit renumber newunit • • oldunit — The current switch identifier. (Range: Dependent on Series/Model) newunit — The updated value of the switch identifier. (Range: Dependent on Series/Model) Command Mode Global Configuration mode User Guidelines Upon execution, the switch is configured with the configuration information for the new switch if any is available.
Example The following example displays how to reconfigure switch number “1” to an identifier of “2.” console(config)#switch 1 renumber 2 telnet Use the telnet command to log into a host that supports Telnet. Syntax telnet {ip-address | hostname} [port] [keyword1......] • • • • ip-address—Valid IP address of the destination host. hostname—Hostname of the destination host. (Range: 1–158 characters). port—A decimal TCP port number.
User Guidelines This command has no user guidelines. Example Following is an example of using the telnet command to connect to 176.213.10.50. console#telnet 176.213.10.50 Trying 176.213.10.50... Connected to 176.213.10.50 Entering character mode... Escape character is'^^'. traceroute Use the traceroute command to discover the routers that packets traverse when traveling to their destination.
• • • • • • • interval—The timeout period. If a response is not received within this period of time, then traceroute considers that probe a failure (printing *) and sends the next probe. If traceroute does receive a response to a probe, then it sends the next probe immediately. (Range: 1–60 seconds). count—The number of probes to be sent at each TTL level (Range:1– 10). port—The destination UDP port of the probe. This should be an unused port on the remote destination system (Range: 1–65535).
toward the destination address. Routers decrement a packet’s TTL value and discard packets whose TTL equals 0. On discarding a packet, the router returns an ICMP time exceeded message to the source. The VRF identified in the parameter must have been previously created or an error is returned. Only IPv4 addresses are supported with the vrf parameter. The vrf parameter is only available on the N3000-ON/N3100 switches. Loopback interfaces are not supported on the N1100-ON Series switches.
• • • • • • • • • • initTtl—The initial time-to-live (TTL); the maximum number of router hops between the local and remote system (Range: 1–255). the default is 1. maxTtl—The largest TTL value that can be used (Range:1–255). The default is 30. This must be larger or equal to the value specified in initTtl. maxFail—Terminate the traceroute after failing to receive a response for this number of consecutive probes (Range: 1–255). interval—The timeout period.
Command Mode Privileged Exec mode User Guidelines Traceroute operates by sending a sequence of Internet Control Message Protocol (ICMP) echo request packets. The time-to-live (TTL) value, is used in determining the intermediate routers through which the packet flows toward the destination address. Routers decrement a packet’s TTL value and discard packets whose TTL equals 0. On discarding a packet, the router returns an ICMP time exceeded message to the source.
Default Configuration By default, all units in the stack are updated. Command Mode Privileged Exec mode User Guidelines This command applies to the N1100/N1500/N2000/N2100/N3000/N3100 Series switches only. It is not required to update the boot code unless directed to do so in the release notes. Dell EMC Networking switches utilize a universal boot loader and do not contain version specific dependencies in the boot loader. If unit is not specified, all units in the stack are updated.
Telnet Server Commands The Telnet protocol (outlined in RFC 854) allows users (clients) to connect to multiuser computers (servers) on the network. Telnet is often employed when a user communicates with a remote login service. Telnet is the terminal emulation protocol in the TCP/IP suite. Telnet uses TCP as the transport protocol to initiate a connection between server and client.
dellradius@192.168.12.84's password: Press 'y' to continue (within 30 seconds) (y/n) Welcome to the N3024 in the Bottom Chassis - 192.168.12.190. This unit is located in A2 and is currently under test. console 2 SSH (Linux Terminal): [root ~]# ssh 192.168.12.84 -l dellradius If you need to utilize this device or otherwise make changes to the configuration, you may contact the owner at x38525. Please, be advised this unit is under test. dellradius@192.168.12.
Command History Examples updated in 6.4 release. Commands in this Section This section explains the following commands: ip telnet server disable show ip telnet ip telnet port – ip telnet server disable The ip telnet server disable command is used to enable/disable the Telnet service on the switch. Syntax ip telnet server disable no ip telnet server disable Command Mode Global Configuration User Guidelines No specific guidelines. Default Value This feature is enabled by default.
ip telnet port The ip telnet port command is used to configure the Telnet TCP port number on which the switch listens for Telnet connections. Syntax ip telnet port port number • port number — Telnet TCP port number (Range: 1025–65535) Default Configuration The default value for the Telnet TCP port is 23. Command Mode Global Configuration User Guidelines The Telnet server TCP port should not be set to a value that might conflict with other well-known protocol port numbers used on this switch.
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes Example console#show ip telnet Telnet Server is Enabled.
Time Ranges Commands Time ranges are used with time-based ACLs to restrict their application due to specific time slots. This section explains the following commands: time-range [name] periodic absolute show time-range time-range [name] Use the time-range command to globally enable or disable the event notification service of the time range component. If disabled, ACLs using time ranges are not started.
Command Mode Global Configuration User Guidelines The CLI mode changes to Time-Range Configuration mode when you successfully execute this command. Example console(config)#time-range timeRange_1 absolute Use the absolute command in Time Range Configuration mode to add an absolute time entry to a time range. Use the no form of this command to delete the absolute time entry in the time range.
Command Mode Time Range Configuration User Guidelines Only one absolute time entry is allowed per time-range. The time parameter is referenced to the currently configured time zone. Example console#time-range timeRange_1 console(config-time-range)#absolute end 12:00 16 Dec 2010 periodic Use the periodic command to add a periodic time entry to a time range. The time parameter is based off of the currently configured time zone.
• time—The first occurrence of this argument is the starting hours:minutes which the configuration that referenced the time range starts going into effect. The second occurrence is the ending hours:minutes at which the configuration that referenced the time range is no longer in effect. The hours:minutes are expressed in a 24-hour clock. For example, 8:00 is 8:00 am and 20:00 is 8:00 pm. Default Configuration This command has no default configuration.
console(config-time-range)#periodic tuesday 13:00 to wednesday 12:00 console(config-time-range)#periodic wednesday 12:30 to thursday 20:00 console(config-time-range)#periodic weekend 18:00 to 20:00 show time-range Use the show time-range command to display a time range and all the absolute/periodic time entries that are defined for the time range. The [name] parameter is used to identify a specific time range to display.
Parameter Description Periodic start Start time and day for periodic entry. Periodic end End time and day for periodic entry.
USB Flash Drive Commands When available, a USB flash drive can be used to configure, upgrade and provide consistency to a switching network. A USB flash drive can be plugged in sequentially to a set of routers/switches to upgrade to newer software versions without depending on the network to upgrade the switches with new firmware. New switches can be preloaded with configuration prior to deployment. The USB Configuration Port provides access to an optional secondary storage capability to the switch.
Files downloaded from USB flash drive are not copied to RAM to perform validations. Instead, the file is directly read from the USB flash device and copied to buffers to perform the necessary validations. Downloading and Uploading of Files After the file validations are successful, the switch proceeds with downloading of files from the USB flash device to the switch or uploading of files from the switch to the USB flash drive. The status of file download / upload is shown on the console.
Example console#unmount usb Command History Description updated in 6.4 release. show usb Use the show usb command to display the USB flash device details. Syntax show usb device Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines The following table explains the output parameters. Parameter Description Device Status This field specifies the current status of device. • Active if device is plugged-in and the device is recognized by the switch.
Parameter Description Protocol Device Protocol. Vendor ID Vendor specific details of device- Vendor ID. Product ID Vendor specific details of device- Product ID. Example The following example is the output if the device is plugged into the USB slot. console#show usb device Device Status.................................. Manufacturer................................... Product Name................................... Device Serial Number........................... Class Code............................
Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines Only the first 32 characters of the file name are displayed, even if the file name is longer. Examples console#dir usb Attr Size(bytes) drwx 2640 drwx 0 -rw96 -rw14363703 drwx 1024 Total Size: Bytes Used: Bytes Free: console#dir Creation Time Feb 02 2022 00:26:43 Feb 19 2014 15:22:53 Jan 28 2022 23:05:45 Jan 22 2022 03:36:08 Jan 22 2022 03:36:08 Name . .. snmpOprData.cfg image1.
drwx 1024 Jan 22 2022 03:36:08 examples/../examples Total Size: 1001914368 Bytes Used: 128319488 Bytes Free: 873594880 recover The recover command is implemented as a u-boot environment variable. It mounts the USB stick, copies the image from the USB root level directory into RAM, and executes the image. Syntax recover • image-name—The name of a valid firmware stack file located in the root of the mounted USB stick. Default Configuration This command has no default configuration.
User Interface Commands This section explains the following commands: configure terminal end do exit enable quit configure terminal Use the configure terminal command to enter Global Configuration mode. This command is equivalent to the configure command with no terminal argument. Syntax configure [terminal] Default Configuration This command has no default configuration.
Syntax do line do ? • line — Command to be executed. It must be an unambiguous command from the Privileged Exec mode. Commands such as configure are forbidden. Command line completion for the line parameter is supported. Users may only execute commands for which they have the appropriate privileges. Default Configuration This command has no default configuration. Command Mode All modes except Privileged Exec and User Exec modes.
dir disconnect dot1x enable erase exit filedescr help locate logout monitor ping quit release reload rename renew script show telnet terminal test traceroute udld unmount write Display directory information. Close remote console session(s). Initialize dot1x or reauthenticate clients. Enter into user privilege mode. Delete a file. Exit privileged exec mode. Set a text description for an image file. Display help for various special keys. Blink the locator LED. Exit this session. Any unsaved changes are lost.
Command Mode User Exec and Privileged Exec modes User Guidelines If there is no authentication method defined for enable, then a privilege level 1 user is not allowed to execute this command. Example The following example shows how to enter privileged mode. console>enable console# end Use the end command to return the CLI command mode back to the privileged execution mode or user execution mode. Syntax end Default Configuration This command has no default configuration.
exit Use the exit command to go to the next lower command mode or, in User Exec mode, to close an active terminal session by logging off the switch. Syntax exit Default Configuration This command has no default configuration. Command Mode All command modes. In User Exec mode, this command behaves identically to the quit command. User Guidelines There are no user guidelines for this command.
Default Configuration This command has no default configuration. Command Mode User Exec command mode User Guidelines There are no user guidelines for this command. Example The following example closes an active terminal session.
Web Server Commands If enabled, the Dell EMC Networking is manageable via industry standard web browsers. User privilege levels are the same as for the CLI. Over 95% of the management functions are available via the web interface, including configuration and firmware upgrades. Web Sessions The HTTP protocol does not provide support for persistent connections. Connections are constantly made and broken so there is no way to know who is accessing the web interface or for how long they are doing so.
Commands in this Section This section explains the following commands: common-name ip http secure-server crypto certificate generate key-generate crypto certificate import location crypto certificate request no crypto certificate duration organization-name email organization-unit ip http port show crypto certificate mycertificate ip http server show ip http server status ip http secure-certificate show ip http server secure status ip http secure-port state common-name Use the common-name
User Guidelines This common name mode is entered using the crypto certificate request or crypto certificate generate command. Most browsers will compare the common name in a certificate against the FQDN of the switch obtained from DNS when connecting over HTTPS. A mismatch may result in denied access. Example The following example displays how to specify the name of “router.gm.com.” console(config-crypto-cert)#common-name router.gm.
crypto certificate generate Use the crypto certificate generate command to generate a self-signed HTTPS certificate. Syntax crypto certificate number generate • • number—Specifies the certificate number. (Range: 1–2) generate—Regenerates the SSL RSA key. Default Configuration This command has no default configuration.
where N is the certificate number. To use a signed certificate on the switch, perform the following steps: • • • • • Generate the RSA and DSA keys using the crypto key generate command for RSA followed by DSA. or the key-generate command in crypto certificate generate mode. Generate a self signed certificate using the crypto key generate command, or optionally… Generate a certificate request using the crypto certificate request command. This command uses the DSA keys and the self signed certificate.
Example The following example generates a certificate signing request. console(config)#crypto certificate 1 request console(config-crypto-cert)#common-name DELL-Switch102 console(config-crypto-cert)#country US console(config-crypto-cert)#email no-replay@dell.com console(config-crypto-cert)#location “Round Rock” console(config-crypto-cert)#organization-unit “Dell Networking” console(config-crypto-cert)#organization-name “Dell EMC, Inc.
User Guidelines Use this command to enter an external certificate (signed by a Certification Authority) to the switch. To end the session, add a period (.) on a separate line after the input, and press ENTER. The imported certificate must be based on a certificate request created by the crypto certificate request command. If the public key found in the certificate does not match the switch's SSL RSA key, the command fails. Regenerating the RSA key will render existing certificates invalid.
MIIDBDCCAewCCQCP5mFCRmauaDANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMC VVMxCzAJBgNVBAgMAk5DMRAwDgYDVQQHDAdSYWxlaWdoMRIwEAYDVQQKDAlEZWxs LEluYy4xEzARBgNVBAsMCk5ldHdvcmtpbmcxGDAWBgNVBAMMD0RlbGwgTmV0d29y a2luZzEgMB4GCSqGSIb3DQEJARYRbm9yZXBsYXlAZGVsbC5jb20wHhcNMTYwNjA5 MTc0NjAyWhcNMTcxMDIyMTc0NjAyWjB6MQ0wCwYDVQQDDARERUxMMRgwFgYDVQQL DA9EZWxsIE5ldHdvcmtpbmcxEzARBgNVBAcMClJvdW5kIFJvY2sxCzAJBgNVBAgM AlRYMQswCQYDVQQGEwJVUzEgMB4GCSqGSIb3DQEJARYRbm8tcmVwbHlAZGVsbC5j b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJvuBYqkIuwbfZ9Jf
Fingerprint: FA06E0DD138FA22A4D696A80171FF3D8 crypto certificate request Use the crypto certificate request command to generate and display a certificate request for HTTPS. This command takes you to Crypto Certificate Request mode. Syntax crypto certificate number request • number — Specifies the certificate number. (Range: 1–2) Default Configuration This command has no default configuration.
console(config-crypto-cert)#country US console(config-crypto-cert)#email no-reply@dell.
User Guidelines This command mode is entered using the crypto certificate generate command. Example The following example displays how specify that a certification is valid for a duration of 50 days. console(config-crypto-cert)#duration 50 email Use the email command to identify the email address used to contact your organization. The maximum length is 64 characters. Syntax email address • address—A valid email address conforming to the addr-spec in RFC 5322.
Syntax ip http port port-number no ip http port • port-number — Port number on which the switch HTTP server listens for connections. (Range: 1025–65535) Default Configuration This default port number is 80. Command Mode Global Configuration mode User Guidelines The HTTP TCP port should not be set to a value that might conflict with other well-known protocol port numbers used on this switch. Example The following example shows how the http port number is configured to 10013.
Command Mode Global Configuration mode User Guidelines This command enables HTTP access to the switch. Use the ip http secureserver command to enable HTTPS access. It is recommended that administrators enable HTTPS access in preference to HTTP access in order to ensure that management activity is not snooped. Example The following example enables the switch to be configured from a browser.
Example The following example configures the active certificate for HTTPS. console(config)#ip http secure-certificate 1 ip http secure-port Use the ip http secure-port command to configure a TCP port on which the switch listens for HTTPS connections. To use the default port, use the no form of this command. Syntax ip http secure-port port-number no ip http secure-port • port-number— Port number for use by the secure HTTP server. (Range: 1025–65535) Default Configuration This default port number is 443.
ip http secure-server Use the ip http secure-server command to enable the switch to be accessed via HTTPS clients. To disable HTTPS access, use the no form of this command. Syntax ip http secure-server no ip http secure-server Default Configuration The default for the switch is disabled. Command Mode Global Configuration mode User Guidelines The switch must be configured with RSA and DSA keys (crypto key generate) prior to enabling the HTTP server.
Default Configuration The SCP server is enabled by default. Command Mode Global Configuration mode User Guidelines The SCP server command enables SCP push operations, which allows clients to copy files to the switch using the SCP protocol. During the the file transfer operation, management operations on the switch are blocked. After completion of the file transfer, the switch performs file validations similar to operations performed using the copy command.
Default Configuration By default, the certificate generation process will utilize existing RSA keys. Command Mode Crypto Certificate Generation mode User Guidelines This command mode is entered using the crypto certificate request command. If no RSA key has been previously generated, you must use the key-generate command prior to exiting the crypto certificate request mode to properly generate a certificate request.
Example The following example displays how to specify the city location of “austin.” console(config-crypto-cert)#location austin no crypto certificate Use the no crypto certificate command to delete a certificate. Syntax no crypto certificate { openflow | number } • • number— The number of the SSH certificate to remove(between 1 to 2). openflow—Remove the openflow certificate and associated information. Default Configuration This command has no default configuration.
organization-name Use the organization-name command to identify the legal name of the organization requesting the certificate. Syntax organization-name name • name— The legal name of the organization requesting the certificate. Maximum length is 64 characters. Default Configuration By default, no organization name is configured. Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines The name should not be abbreviated and should contain suffixes, such as Inc.
Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command. Example The following example displays how to specify the Dell EMC Networking organization-unit.
Command History Command introduced in firmware release 6.6.1. show crypto certificate mycertificate Use the show crypto certificate mycertificate command to view the SSL certificates of your switch. Syntax show crypto certificate mycertificate [number] • number — Specifies the certificate number. (Range: 1–2 digits) Default configuration This command has no default configuration.
6rFhVznvamGap8Aw0rUnEvU5kM9MM0hsVU95H+QzWJwychy9Fhh1zhYzNTpr+VQs c4psyXEd8GE= -----END CERTIFICATE----Issued by: Dell Networking Valid from to Oct 22 17:46:02 2017 GMT Subject: /CN=DELL/OU=Dell Networking/L=Round Rock/ST=TX/C=US/emailAddress= no-reply@dell.com Fingerprint: FA06E0DD138FA22A4D696A80171FF3D8 show ip http server status Use the show ip http server command to display the HTTP server status information.
Syntax show ip http server secure status Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays an HTTPS server configuration with DH Key exchange enabled. console#show ip http server secure status HTTPS server enabled. Port: 443 DH Key exchange enabled. Certificate 1 is active Issued by: www.
state Use the state command in Crypto Certificate Generation or Crypto Certificate Request mode to specify the state or province name. Syntax state state • state — Specifies the state or province name. (Range: 1–64 characters) Default Configuration This command has no default configuration. Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command.
Appendix A: List of Commands A aaa accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 925 aaa accounting delay-start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 927 aaa accounting update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 928 aaa authentication dot1x default . . . . . . . . . . . . . . . . . . . . . . . . . . . . 929 aaa authentication enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
area nssa no-summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1693, 1780 area nssa translator-role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1693, 1781 area nssa translator-stab-intv . . . . . . . . . . . . . . . . . . . . . . . . . . 1694, 1782 area range (Router OSPF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1695 area range (Router OSPFv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1783 area stub . . . . . . . . . . . . . .
authentication event server dead action . . . . . . . . . . . . . . . . . . . . . . . 948 authentication event server dead action authorize voice . . . . . . . . . 912 authentication host-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1076 authentication max-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1079 authentication monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1084 authentication open . . . . . . . . . . . . . . . . .
bgp listen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . bgp log-neighbor-changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . bgp maxas-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . bgp router-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . block . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
clear dot1x statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1082 clear gmrp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506 clear green-mode statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494 clear gvrp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508 clear host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1089 client-identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1998 client-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1998 clock set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1948 clock summer-time date . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
debug clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2135 debug console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2136 debug crashlog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2137 debug dhcp packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2139 debug dhcp server packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
default metric (IPv6 Address Family Configuration) . . . . . . . . . . . 1277 default-information originate (BGP Router Configuration) . . . . . . 1274 default-information originate (IPv6 Address Family Configuration) 1275 default-information originate (Router OSPF Configuration) . . . . 1712 default-information originate (Router OSPFv3 Configuration) . . . 1790 default-information originate (Router RIP Configuration) . . . . . . 1849 default-metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
dns-server (IPv6 DHCP Pool Config) . . . . . . . . . . . . . . . . . . . . . . . . 2021 do . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2375 domain-name (IP DHCP Pool Config) . . . . . . . . . . . . . . . . . . . . . . 2001 domain-name (IPv6 DHCP Pool Config) . . . . . . . . . . . . . . . . . . . . 2021 dos-control firstfrag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1147 dos-control icmp . . . . . . . . . . . . . .
ethernet cfm mep level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446 ethernet cfm mip level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449 ethernet ring g8032 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462 ethernet ring g8032 profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459 ethernet tcn-propagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
H hardware profile openflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1206 hardware-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2001 hashing-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685 history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2079 history size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ip as-path access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1285, 1424 ip bgp fast-external-fallover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1288 ip bgp-community new-format . . . . . . . . . . . . . . . . . . . . . . . . 1287, 1426 ip community-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1289, 1427 ip default-gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2056 ip device tracking . . . .
ip host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2059 ip http authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 958 ip http port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2391 ip http secure-certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2393 ip http secure-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ip irdp maxadvertinterval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ip irdp minadvertinterval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ip irdp multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ip irdp preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ip load-sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ip local-proxy-arp . . . .
ip proxy-arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1234 ip redirects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1509 ip rip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1854 ip rip authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1854 ip rip receive version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ipv6 enable (Interface Config) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2066 ipv6 enable (OOB Config) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2066 ipv6 gateway (OOB Config) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2067 ipv6 hop-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1557 ipv6 host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ipv6 nd reachable-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1575 ipv6 nd suppress-ra . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1576 ipv6 ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1795 ipv6 ospf area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1796 ipv6 ospf bfd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
iscsi target port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . isdp advertise-v2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . isdp enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . isdp holdtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . isdp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
logging buffered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2249 logging cli-command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2244 logging console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2250 logging email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 988 logging email from-addr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
mail-server ip-address | hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . 996 management access-class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1162 management access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1163 mark cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 740 mark ip-dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2284 mirror . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 762 mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1209 monitor capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 698 monitor capture (Privileged Exec) . . . . . . . . . . . . . . . . . . . . . . . .
neighbor next-hop-self (BGP Router Configuration) . . . . . . . . . . . 1320 neighbor next-hop-self (IPv6 Address Family Configuration) . . . . 1321 neighbor password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1323 neighbor prefix-list (BGP Router Configuration) . . . . . . . . . . . . . . 1324 neighbor prefix-list (IPv6 Address Family Configuration) . . . . . . . 1325 neighbor remote-as . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
organization-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2399 organization-unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2399 P passive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1212 passive-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1736, 1808 passive-interface default . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
port (Mail Server Configuration Mode) . . . . . . . . . . . . . . . . . . . . . . . 997 port0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463 port1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464 port-channel local-preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 689 port-channel min-links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
radius server attribute 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1024 radius server attribute 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1025 radius server attribute mac format . . . . . . . . . . . . . . . . . . . . . . . . . . 1029 radius server dead-criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1031 radius server deadtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1032 radius server key .
router bgp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1251 router ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1739 router rip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1858 router-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1738, 1811 route-target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
sflow destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2184 sflow polling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2186 sflow polling (Interface Mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2187 sflow sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2188 sflow sampling (Interface Mode) . . . . . . . . . . . . . . . . . . . . . . . . . . .
show bgp ipv6 update-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1377 show boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1927 show bootvar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1982 show captive-portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1119 show captive-portal client status . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1096 show dot1x advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1112 show dot1x interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1104 show dot1x interface statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1105 show dot1x users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show interfaces cos-queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 784 show interfaces counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415 show interfaces debounce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420 show interfaces description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421 show interfaces detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show ip dhcp global configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 2017 show ip dhcp pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2018 show ip dhcp relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1497 show ip dhcp server statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2018 show ip dhcp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show ip multicast interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1629 show ip ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1740 show ip ospf abr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1746 show ip ospf area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1747 show ip ospf asbr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show ip telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2361 show ip traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1545 show ip verify source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 595 show ip vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1547 show ip vrf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show ipv6 ospf asbr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1817 show ipv6 ospf border-routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1817 show ipv6 ospf database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1818 show ipv6 ospf database database-summary . . . . . . . . . . . . . . . . . . 1820 show ipv6 ospf interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1821 show ipv6 ospf interface brief . . . .
show keepalive statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 638 show lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 692 show line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2084 show link-dependency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606 show lldp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show passwords configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1183 show passwords result . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1185 show policy-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 792 show policy-map interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793 show port protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show sntp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1938 show sntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1939 show sntp status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1940 show spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 804 show spanning-tree summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show vlan association subnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 877 show vlan private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 878 show vlan remote-span . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 715 show voice vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 914 show vpc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
sntp authenticate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1941 sntp authentication-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1942 sntp broadcast client enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1943 sntp client poll timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1943 sntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
spanning-tree vlan max-age . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 841 spanning-tree vlan priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 843 spanning-tree vlan root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 842 speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435, 2085 split-horizon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
system urpf enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1868 system-mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 658 system-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 659 T tacacs-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1059 tacacs-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
udld reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 848 udld timeout interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 850 unmount usb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2370 update bootcode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2356 url . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
vrrp priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vrrp timers advertise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vrrp timers learn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vrrp track interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vrrp track ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Printed in the U.S.A. www.dell.com | support.dell.